SOURIS BALLADEUSE

Résolu
claude54 Messages postés 15 Statut Membre -  
benurrr Messages postés 9766 Statut Contributeur sécurité -
Bonjour,


J'ai régulièrment ma souris qui se ballade sur l'écran. Après avoir scanné le disque avec un anti-virus et spybot, le problème semblait résolu. Mais cela revient !
Je me permets de déposer ci-dessous le log hijack.
Merci pour votre aide.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:14, on 29/09/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
F:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Microsoft Services] lsrv.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [AS00_Gear511] C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Services] lsrv.exe
O4 - HKCU\..\Run: [Microsoft Windows Update] wupdate.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Windows Update] wupdate.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://E:\content\include\XPPatchInstaller.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/26eeda77f90bf4f22105/netzip/RdxIE601_fr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {71DA2A4E-ACB3-4065-9E41-8BC42EABE427} - http://scripts.dlv4.com/binaries/IA/svcia32_FR_XP.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://E:\Content\include\msSecUcd.cab
O16 - DPF: {8B3B8135-9DAA-40E7-8941-962795F9C1CB} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://support.norton.com/sp/en/us/home/current/info
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Service Google Update (gupdate1ca4a47648693a0) (gupdate1ca4a47648693a0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 6957 bytes

22 réponses

  • 1
  • 2
  1. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    salut

    télécharge

    http://www.malwarebytes.org/mbam/program/mbam-setup.exe

    a l'installation vérifie que mise a jour et lancer programme et scan complet sont bien cocher

    Une fois a jour, le programme va se lancer; clic sur l'onglet paramètre, et coche la case : "Arrêter internet explorer pendant la suppression".

    A la fin du scan clique sur Afficher les résultats

    Vérifier si tout est coché et clic Supprimer la sélection

    S'il t'es demandé de redémarrer >>> clique sur "Yes"

    Et tu poste le rapport générer
    0
  2. claude54 Messages postés 15 Statut Membre
     
    Bonjour,

    ci-dessous le rapport.
    MERCI
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Version de la base de données: 4052

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 6.0.2900.2180

    01/10/2010 08:34:37
    mbam-log-2010-10-01 (08-34-37).txt

    Type d'examen: Examen complet (C:\|D:\|)
    Elément(s) analysé(s): 615864
    Temps écoulé: 6 heure(s), 34 minute(s), 46 seconde(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 1
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 2

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7d5dd829-6c90-42c5-b54c-2afa82f988ba} (Rogue.Installer) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\WINDOWS\Downloaded Program Files\syswbsvc32.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\WINDOWS\tmlpcert2007 (Adware.EGDAccess) -> Quarantined and deleted successfully.

    Ci-dessous un nouveau log hijack.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 08:47:18, on 01/10/2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\pctspk.exe
    C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\wuauclt.exe
    F:\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [Microsoft Services] lsrv.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [AS00_Gear511] C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe -hide
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Microsoft Services] lsrv.exe
    O4 - HKCU\..\Run: [Microsoft Windows Update] wupdate.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Microsoft Windows Update] wupdate.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://support.norton.com/sp/en/us/home/current/info
    O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://E:\content\include\XPPatchInstaller.CAB
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/26eeda77f90bf4f22105/netzip/RdxIE601_fr.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {71DA2A4E-ACB3-4065-9E41-8BC42EABE427} - http://scripts.dlv4.com/binaries/IA/svcia32_FR_XP.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://E:\Content\include\msSecUcd.cab
    O16 - DPF: {8B3B8135-9DAA-40E7-8941-962795F9C1CB} - https://www.afternic.com/domains/downloadv3.com
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://support.norton.com/sp/en/us/home/current/info
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Service Google Update (gupdate1ca4a47648693a0) (gupdate1ca4a47648693a0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    0
  3. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    Bonjourrr

    voyant s'il reste des residue de Adware.EGDAccess

    Télécharge maintenant Navilog1 depuis-ce lien :

    http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

    Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
    Ensuite ( clic droit "exécuter en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation
    Une fois l'installation terminée, fais un Clic-droit sur le raccourci Navilog1 présent sur ton bureau et choisis "Exécuter en tant qu'administrateur".

    Au menu principal, fais le choix 1
    Laisse toi guider et patiente.
    Patiente jusqu'au message :

    * "Analyse Termine le ..... "

    Appuie sur une touche le bloc note va s'ouvrir.
    Copie-colle l'intégralité du rapport dans une réponse.
    Referme le bloc note
    Le rapport fixnavi.txt est en outre sauvegardé dans %systemdrive%.
    0
  4. claude54 Messages postés 15 Statut Membre
     
    Fix Navipromo version 4.0.9 commencé le 01/10/2010 9:34:29,01

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!

    Outil exécuté depuis C:\navilog1

    Mise à jour le 17.09.2010 à 16h00 par IL-MAFIOSO

    Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Uniprocessor Free : Mobile Intel(R) Pentium(R) 4 - M CPU 2.20GHz )
    BIOS : Phoenix ROM BIOS PLUS Version 1.10 A06
    USER : claude ( Administrator )
    BOOT : Normal boot

    Antivirus : avast! Antivirus 5.0.83886757 (Activated)

    A:\ (USB)
    C:\ (Local Disk) - NTFS - Total:24 Go (Free:1 Go)
    D:\ (Local Disk) - NTFS - Total:31 Go (Free:10 Go)
    E:\ (CD or DVD)
    F:\ (USB) - FAT32 - Total:3819 Mo (Free:2 Go)

    Recherche executée en mode normal

    Nettoyage exécuté au redémarrage de l'ordinateur

    Nettoyage contenu C:\WINDOWS\Temp effectué !
    Nettoyage contenu C:\Documents and Settings\claude\locals~1\Temp effectué !

    *** Sauvegarde du Registre vers dossier Safebackup ***

    sauvegarde du Registre réalisée avec succès !

    *** Nettoyage Registre ***

    Nettoyage Registre Ok

    Certificat Egroup supprimé !

    *** Scan terminé 01/10/2010 9:39:08,85 ***
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est détecte a tort comme infection)

    Télécharge ici :List_Kill'em de gen-hackman

    http://sd-4.archive-host.com/membres/up/829108531491024/Mes_Tools/List_Killem_Install.exe

    et enregistre le sur ton bureau

    si tu as XP => double clique
    si tu as Vista ou windows 7 => clic droit "exécuter en tant que...."

    sur le raccourci sur ton bureau pour lancer l'installation

    Laisse coché :

    Exécuter List_Kill'em

    une fois terminée , clic sur "terminer" et le programme se lancera seul

    Il commencera par télécharger et installer ses mises à jour , puis te donnera son menu

    choisis l'option Search

    laisse travailler l'outil

    il se peut qu'une boite de dialogue s'ouvre , dans ce cas clique sur "OK" ou "Agrée"

    à l'apparition de la fenêtre blanche , c'est un peu long , c'est normal ,c'est une recherche supplémentaire de fichiers cachés , le programme n'est pas bloqué.

    Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'écran "COMPLETED"
    0
    1. Mstr Messages postés 12018 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 900
       
      Salut !

      Le MBAM n'était pas à jour, me trompes-je ? :D
      0
    2. benurrr Messages postés 9766 Statut Contributeur sécurité 107
       
      salut Mstr

      tout a fait bien vue
      0
  7. claude54 Messages postés 15 Statut Membre
     
    CI-dessous le résultat.
    Pour info, je n'ai pas de connexion internet sur le poste infecté. J'ai emmené le pc au bureau, car quand le malwayre est actif, je ne maitrise plus la souris.
    J'ai transité avec une clef USB.
    C'est pour cela que l'une ou l'autre maj n'est pas faite.

    ¤¤¤¤¤¤¤¤¤¤ List'em by g3n-h@ckm@n 2.1.0.8 ¤¤¤¤¤¤¤¤¤¤

    User : claude (Administrateurs)
    Update on 29/09/2010 by g3n-h@ckm@n ::::: 15.00
    Start at: 10:12:46 | 01/10/2010

    Mobile Intel(R) Pentium(R) 4 - M CPU 2.20GHz
    Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
    Internet Explorer 6.0.2900.2180
    Windows Firewall Status : Disabled
    AV : avast! Antivirus 5.0.83886757 [ (!) Disabled | Updated ]

    A:\ -> Lecteur de disquettes 3 ½ pouces
    C:\ -> Disque fixe local | 24,41 Go (1,41 Go free) [XP] | NTFS
    D:\ -> Disque fixe local | 31,48 Go (10,47 Go free) | NTFS
    E:\ -> Disque CD-ROM
    F:\ -> Disque amovible | 3,73 Go (2,82 Go free) [KINGSTON] | FAT32

    Boot: Normal

    ¤¤¤¤¤¤ Processes ------- Memory(Ko) ------- Priority ------ Command ------- Signer

    C:\WINDOWS\System32\smss.exe ---- 400 Ko ---- Normal ---- \SystemRoot\System32\smss.exe ----
    C:\WINDOWS\system32\csrss.exe ---- 4112 Ko ---- Normal ---- C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ----
    C:\WINDOWS\system32\winlogon.exe ---- 4268 Ko ---- High ---- winlogon.exe ----
    C:\WINDOWS\system32\services.exe ---- 4152 Ko ---- Normal ---- C:\WINDOWS\system32\services.exe ----
    C:\WINDOWS\system32\lsass.exe ---- 1716 Ko ---- Normal ---- C:\WINDOWS\system32\lsass.exe ----
    C:\WINDOWS\system32\svchost.exe ---- 4904 Ko ---- Normal ---- C:\WINDOWS\system32\svchost -k DcomLaunch ----
    C:\WINDOWS\system32\svchost.exe ---- 4052 Ko ---- Normal ---- C:\WINDOWS\system32\svchost -k rpcss ----
    C:\WINDOWS\System32\svchost.exe ---- 21528 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k netsvcs ----
    C:\WINDOWS\System32\svchost.exe ---- 6256 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k NetworkService ----
    C:\WINDOWS\System32\svchost.exe ---- 3740 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k LocalService ----
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe ---- 5456 Ko ---- Normal ---- "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" ---- ALWIL Software
    C:\WINDOWS\Explorer.EXE ---- 25752 Ko ---- Normal ---- C:\WINDOWS\Explorer.EXE ----
    C:\WINDOWS\system32\spoolsv.exe ---- 4856 Ko ---- Normal ---- C:\WINDOWS\system32\spoolsv.exe ----
    C:\WINDOWS\System32\svchost.exe ---- 3296 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k LocalService ----
    C:\Program Files\Java\jre6\bin\jqs.exe ---- 1392 Ko ---- Idle ---- "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" ---- Sun Microsystems, Inc.
    C:\WINDOWS\System32\nvsvc32.exe ---- 1992 Ko ---- Normal ---- C:\WINDOWS\System32\nvsvc32.exe ----
    C:\WINDOWS\System32\wdfmgr.exe ---- 1692 Ko ---- Normal ---- C:\WINDOWS\System32\wdfmgr.exe ----
    C:\WINDOWS\System32\alg.exe ---- 3448 Ko ---- Normal ---- C:\WINDOWS\System32\alg.exe ----
    C:\WINDOWS\System32\wbem\wmiapsrv.exe ---- 4456 Ko ---- Normal ---- C:\WINDOWS\System32\wbem\wmiapsrv.exe ----
    C:\WINDOWS\system32\pctspk.exe ---- 3388 Ko ---- Normal ---- "C:\WINDOWS\system32\pctspk.exe" ----
    C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe ---- 4176 Ko ---- Normal ---- "C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe" -hide ----
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe ---- 200 Ko ---- Normal ---- "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot ---- RealNetworks, Inc.
    C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe ---- 2196 Ko ---- Normal ---- "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" ---- Sun Microsystems, Inc.
    C:\Program Files\QuickTime\qttask.exe ---- 2376 Ko ---- Normal ---- "C:\Program Files\QuickTime\qttask.exe" -atboottime ----
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe ---- 5484 Ko ---- Normal ---- "C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe" /nogui ---- ALWIL Software
    C:\WINDOWS\system32\ctfmon.exe ---- 3224 Ko ---- Normal ---- "C:\WINDOWS\system32\ctfmon.exe" ----
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe ---- 87748 Ko ---- Idle ---- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" ----
    C:\WINDOWS\system32\wuauclt.exe ---- 4036 Ko ---- Normal ---- "C:\WINDOWS\system32\wuauclt.exe" ---- Microsoft Windows Component Publisher
    C:\WINDOWS\system32\wscntfy.exe ---- 2320 Ko ---- Normal ---- C:\WINDOWS\system32\wscntfy.exe ----
    C:\WINDOWS\system32\cmd.exe ---- 2684 Ko ---- Normal ---- C:\WINDOWS\system32\cmd.exe /K List'em.bat ----
    C:\WINDOWS\system32\wbem\wmiprvse.exe ---- 6604 Ko ---- Normal ---- C:\WINDOWS\system32\wbem\wmiprvse.exe ----
    C:\Program Files\List_Kill'em\pv.exe ---- 2640 Ko ---- Normal ---- pv -o"%f ---- %m Ko ---- %p ---- %l ---- %s" ----

    ¤¤¤¤¤¤¤¤¤¤ Keys "Run" ¤¤¤¤¤¤¤¤¤¤

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe
    Microsoft Services = lsrv.exe
    Microsoft Windows Update = wupdate.exe
    SpybotSD TeaTimer = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    PCTVOICE = pctspk.exe
    Microsoft Services = lsrv.exe
    nwiz = nwiz.exe /installquiet
    AS00_Gear511 = C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe -hide
    TkBellExe = "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    SunJavaUpdateSched = "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
    QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
    avast5 = C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
    Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    Adobe ARM = "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

    ¤¤¤¤¤¤¤¤¤¤ Other System Keys ¤¤¤¤¤¤¤¤¤¤

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    NoDriveTypeAutoRun = 145 (0x91)
    NoLogoff = 0 (0x0)
    NoClose = 0 (0x0)

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    HonorAutoRunSetting = 1 (0x1)

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    AppInit_DLLS =

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    Shell = Explorer.exe
    Userinit = C:\WINDOWS\system32\userinit.exe,

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    {AEB6717E-7E19-11d0-97EE-00C04FD91972} =

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    C:\Program Files\MSN Messenger\msnmsgr.exe = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0
    C:\Program Files\Messenger\msmsgs.exe = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
    C:\WINDOWS\system32\sessmgr.exe = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019
    %windir%\system32\sessmgr.exe = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
    C:\Program Files\Motorola\Software Update\msu.exe = C:\Program Files\Motorola\Software Update\msu.exe:*:Enabled:msu

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    %windir%\system32\sessmgr.exe = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
    C:\Program Files\MSN Messenger\msnmsgr.exe = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0

    ¤¤¤¤¤¤¤¤¤¤ ActivX | COM ¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\Microsoft XML Parser for Java]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{1F2F4C9E-6F09-47BC-970D-3C54734667FE}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{33564D57-0000-0010-8000-00AA00389B71}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{33564D57-9980-0010-8000-00AA00389B71}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{56336BCB-3D8A-11D6-A00B-0050DA18DE71}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6414512B-B978-451D-A0D8-FCFDF33E833C}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{71DA2A4E-ACB3-4065-9E41-8BC42EABE427}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8B1BC605-C593-4865-8F5B-05517F0CD0BB}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8B3B8135-9DAA-40E7-8941-962795F9C1CB}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{B38870E4-7ECB-40DA-8C6A-595F0A5519FF}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{B79A53C0-1DAC-4636-BACE-FD086A7A79BF}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\WriteRegStr]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{03F998B2-0E00-11D3-A498-00104B6EB52E}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{04d6265d-6b5d-41c3-9e7c-48be15919643}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A3320D6-C805-4280-B423-B665BDE33D8F}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2D5974C5-5185-4f5b-80B6-28015ACDD74C}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2eac6a2d-57a8-44d4-96f7-e32bab40ca5f}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5f3c70b3-ac2f-432c-8f9c-1624df61f54f}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]

    ¤¤¤¤¤¤¤¤¤¤ BHO ¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{53707962-6F74-2D53-2644-206D7942484F}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

    ¤¤¤¤¤¤¤¤¤¤ DNS ¤¤¤¤¤¤¤¤¤¤

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{578F2172-1576-406C-8820-907B2C5CD4C6}: DhcpNameServer=192.168.10.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{619BE9A0-ECE3-49A1-8801-65308E2C383A}: DhcpNameServer=192.168.10.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{578F2172-1576-406C-8820-907B2C5CD4C6}: DhcpNameServer=192.168.10.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.10.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.10.1
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222

    ¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    Local Page = C:\windows\system32\blank.htm
    Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    Start Page = https://www.orange.fr/portail
    Local Page = C:\windows\system32\blank.htm
    Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

    ¤¤¤¤¤ Proxy Internet Explorer

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    ProxyHttp1.1 = 0 (0x0)
    ProxyEnable = 0 (0x0)

    ¤¤¤¤¤¤¤¤¤¤ Proxy Firefox ¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤ TaskCache ¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤ IFEO ¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\apitrap.dll]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ASSTE.dll]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVSTE.dll]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Cleanup.dll]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cqw32.exe]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\divx.dll]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\divxdec.ax]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DJSMAR00.dll]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DRMINST.dll]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\enc98.EXE]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EncodeDivXExt.dll]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EncryptPatchVer.dll]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\front.exe]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fullsoft.dll]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GBROWSER.DLL]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\htmlmarq.ocx]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\htmlmm.ocx]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\install.exe]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ishscan.dll]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ISSTE.dll]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\javai.dll]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\jvm.dll]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\jvm_g.dll]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\main123w.dll]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mngreg32.exe]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msci_uno.dll]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mscoree.dll]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mscorsvr.dll]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mscorwks.dll]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msjava.dll]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mso.dll]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVOPTRF.dll]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NeVideoFX.dll]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NPMLIC.dll]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NSWSTE.dll]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\photohse.EXE]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PMSTE.dll]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ppw32hlp.dll]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\printhse.EXE]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\prwin8.EXE]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ps80.EXE]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\psdmt.exe]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\qfinder.EXE]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\qpw.EXE]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Salwrap.dll]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\setup.exe]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\setup32.dll]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sevinst.exe]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\symlcnet.dll]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tcore_ebook.dll]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TFDTCTT8.dll]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ua80.EXE]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\udtapi.dll]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ums.dll]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vb40032.dll]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbe6.dll]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wpwin8.EXE]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\xlmlEN.dll]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\xwsetup.EXE]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Your Image File Name Here without a path]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\_INSTPGM.EXE]

    ¤¤¤¤¤¤¤¤¤¤ File Protection ¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Windows File Protection]

    ¤¤¤¤¤¤¤¤¤¤ Safemode ¤¤¤¤¤¤¤¤¤¤

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!

    ¤¤¤¤¤¤¤¤¤¤ Atapi.sys ¤¤¤¤¤¤¤¤¤¤

    [MD5.cdfe4411a69c224bd1d11b2da92dac51] - C:\WINDOWS\ServicePackFiles\i386\atapi.sys
    [MD5.9f3a2f5aa6875c72bf062c712cfa2674] - C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\atapi.sys
    [MD5.cdfe4411a69c224bd1d11b2da92dac51] - C:\WINDOWS\system32\drivers\atapi.sys

    ¤¤¤¤¤ Reference

    Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
    Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
    Win XP_32b : a64013e98426e1877cb653685c5c0009
    Win XP_SP1_32b : 95b858761a00e1d4f81f79a0da019aca
    Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
    Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
    Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
    Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
    Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
    Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
    Windows 7_32b : 338c86357871c167a96ab976519bf59e
    Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C

    ¤¤¤¤¤¤¤¤¤¤ Explorer ¤¤¤¤¤¤¤¤¤¤

    [MD5.d0288319660edcfed07c7e74c4ea38a5] - C:\WINDOWS\explorer.exe
    [MD5.2a7bd330924252a2fd80344fc949bb72] - C:\WINDOWS\ServicePackFiles\i386\explorer.exe
    [MD5.f2317622d29f9ff0f88aeecd5f60f0dd] - C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\explorer.exe
    [MD5.d0288319660edcfed07c7e74c4ea38a5] - C:\WINDOWS\system32\dllcache\explorer.exe

    ¤¤¤¤¤¤¤¤¤¤ Winlogon ¤¤¤¤¤¤¤¤¤¤

    [MD5.123eea158f74d0f67a51dcdf065d1091] - C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
    [MD5.dd73d6b9f6b4cb630cf35b438b540174] - C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\winlogon.exe
    [MD5.123eea158f74d0f67a51dcdf065d1091] - C:\WINDOWS\system32\winlogon.exe

    ¤¤¤¤¤¤¤¤¤¤ Drive ¤¤¤¤¤¤¤¤¤¤

    D'fragmenteur de disque Windows
    Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

    Rapport d'analyse
    24,41 Go total, 1,41 Go libre (5%), 22% fragment' (fragmentation du fichier 37%)

    Vous devriez d'fragmenter ce volume.

    ¤¤¤¤¤¤¤¤¤¤ Mountpoints2 ¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤ Rogues Infections ¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤

    [HKEY_CURRENT_USER\software\Adobe]
    [HKEY_CURRENT_USER\software\ALWIL Software]
    [HKEY_CURRENT_USER\software\America Online]
    [HKEY_CURRENT_USER\software\Apple Computer, Inc.]
    [HKEY_CURRENT_USER\software\Bspo]
    [HKEY_CURRENT_USER\software\Ccuu]
    [HKEY_CURRENT_USER\software\CDDB]
    [HKEY_CURRENT_USER\software\Clients]
    [HKEY_CURRENT_USER\software\Dell Computer Corporation]
    [HKEY_CURRENT_USER\software\DivXNetworks]
    [HKEY_CURRENT_USER\software\FRANCE TELECOM]
    [HKEY_CURRENT_USER\software\Funk Software, Inc.]
    [HKEY_CURRENT_USER\software\FusionSoft]
    [HKEY_CURRENT_USER\software\Google]
    [HKEY_CURRENT_USER\software\Intel]
    [HKEY_CURRENT_USER\software\IZSoftware]
    [HKEY_CURRENT_USER\software\JavaSoft]
    [HKEY_CURRENT_USER\software\Lavalys]
    [HKEY_CURRENT_USER\software\Linksys Group Inc.]
    [HKEY_CURRENT_USER\software\Macromedia]
    [HKEY_CURRENT_USER\software\Malwarebytes' Anti-Malware]
    [HKEY_CURRENT_USER\software\Microsoft]
    [HKEY_CURRENT_USER\software\Motorola]
    [HKEY_CURRENT_USER\software\Mozilla]
    [HKEY_CURRENT_USER\software\mozilla.org]
    [HKEY_CURRENT_USER\software\MozillaPlugins]
    [HKEY_CURRENT_USER\software\Netscape]
    [HKEY_CURRENT_USER\software\Nico Mak Computing]
    [HKEY_CURRENT_USER\software\Nmap]
    [HKEY_CURRENT_USER\software\Novell]
    [HKEY_CURRENT_USER\software\NVIDIA Corporation]
    [HKEY_CURRENT_USER\software\ODBC]
    [HKEY_CURRENT_USER\software\Policies]
    [HKEY_CURRENT_USER\software\RealNetworks]
    [HKEY_CURRENT_USER\software\Safer Networking Limited]
    [HKEY_CURRENT_USER\software\SFX TEAM]
    [HKEY_CURRENT_USER\software\Skyline]
    [HKEY_CURRENT_USER\software\Skype]
    [HKEY_CURRENT_USER\software\sponsoradulto]
    [HKEY_CURRENT_USER\software\Sun Microsystems]
    [HKEY_CURRENT_USER\software\TomTom]
    [HKEY_CURRENT_USER\software\VB and VBA Program Settings]
    [HKEY_CURRENT_USER\software\Visio RAS Script]
    [HKEY_CURRENT_USER\software\WildTangent]
    [HKEY_CURRENT_USER\software\Winamp]
    [HKEY_CURRENT_USER\software\WinRAR SFX]
    [HKEY_CURRENT_USER\software\WinZip Computing]
    [HKEY_CURRENT_USER\software\WlanLib]
    [HKEY_CURRENT_USER\software\Yahoo]
    [HKEY_CURRENT_USER\software\YahooPartnerToolbar]
    [HKEY_CURRENT_USER\software\Zone Labs]
    [HKEY_CURRENT_USER\software\Classes]

    [HKEY_LOCAL_MACHINE\software\Adobe]
    [HKEY_LOCAL_MACHINE\software\Ahead]
    [HKEY_LOCAL_MACHINE\software\ALWIL Software]
    [HKEY_LOCAL_MACHINE\software\America Online]
    [HKEY_LOCAL_MACHINE\software\Apple Computer, Inc.]
    [HKEY_LOCAL_MACHINE\software\Bogosoft]
    [HKEY_LOCAL_MACHINE\software\Bromax]
    [HKEY_LOCAL_MACHINE\software\C07ft5Y]
    [HKEY_LOCAL_MACHINE\software\CCleaner]
    [HKEY_LOCAL_MACHINE\software\Classes]
    [HKEY_LOCAL_MACHINE\software\Clients]
    [HKEY_LOCAL_MACHINE\software\Dell Computer Corporation]
    [HKEY_LOCAL_MACHINE\software\DivXNetworks]
    [HKEY_LOCAL_MACHINE\software\FRANCE TELECOM]
    [HKEY_LOCAL_MACHINE\software\FullCircle]
    [HKEY_LOCAL_MACHINE\software\Funk Software, Inc.]
    [HKEY_LOCAL_MACHINE\software\FusionSoft]
    [HKEY_LOCAL_MACHINE\software\Futuremark]
    [HKEY_LOCAL_MACHINE\software\Gemplus]
    [HKEY_LOCAL_MACHINE\software\Google]
    [HKEY_LOCAL_MACHINE\software\InstalledOptions]
    [HKEY_LOCAL_MACHINE\software\InstallShield]
    [HKEY_LOCAL_MACHINE\software\Intel]
    [HKEY_LOCAL_MACHINE\software\JavaSoft]
    [HKEY_LOCAL_MACHINE\software\JreMetrics]
    [HKEY_LOCAL_MACHINE\software\lameme]
    [HKEY_LOCAL_MACHINE\software\Lexmark]
    [HKEY_LOCAL_MACHINE\software\Macromedia]
    [HKEY_LOCAL_MACHINE\software\MadOnion.com]
    [HKEY_LOCAL_MACHINE\software\Malwarebytes' Anti-Malware]
    [HKEY_LOCAL_MACHINE\software\MetaStream]
    [HKEY_LOCAL_MACHINE\software\Microsoft]
    [HKEY_LOCAL_MACHINE\software\MINOLTA]
    [HKEY_LOCAL_MACHINE\software\Motorola]
    [HKEY_LOCAL_MACHINE\software\Mozilla]
    [HKEY_LOCAL_MACHINE\software\Mozilla Thunderbird]
    [HKEY_LOCAL_MACHINE\software\mozilla.org]
    [HKEY_LOCAL_MACHINE\software\MozillaPlugins]
    [HKEY_LOCAL_MACHINE\software\Novell]
    [HKEY_LOCAL_MACHINE\software\NVIDIA Corporation]
    [HKEY_LOCAL_MACHINE\software\ODBC]
    [HKEY_LOCAL_MACHINE\software\PCTEL]
    [HKEY_LOCAL_MACHINE\software\PhotoFiltre]
    [HKEY_LOCAL_MACHINE\software\Policies]
    [HKEY_LOCAL_MACHINE\software\Program Groups]
    [HKEY_LOCAL_MACHINE\software\RealNetworks]
    [HKEY_LOCAL_MACHINE\software\RegisteredApplications]
    [HKEY_LOCAL_MACHINE\software\RichFX]
    [HKEY_LOCAL_MACHINE\software\Safer Networking Limited]
    [HKEY_LOCAL_MACHINE\software\SAGEM]
    [HKEY_LOCAL_MACHINE\software\Schlumberger]
    [HKEY_LOCAL_MACHINE\software\Skyline]
    [HKEY_LOCAL_MACHINE\software\Skype]
    [HKEY_LOCAL_MACHINE\software\Symantec]
    [HKEY_LOCAL_MACHINE\software\The Silicon Realms Toolworks]
    [HKEY_LOCAL_MACHINE\software\TomTom]
    [HKEY_LOCAL_MACHINE\software\TrendMicro]
    [HKEY_LOCAL_MACHINE\software\VideoLAN]
    [HKEY_LOCAL_MACHINE\software\Viewpoint]
    [HKEY_LOCAL_MACHINE\software\WildTangent]
    [HKEY_LOCAL_MACHINE\software\Windows]
    [HKEY_LOCAL_MACHINE\software\Windows 3.1 Migration Status]
    [HKEY_LOCAL_MACHINE\software\Xing Technology Corp.]
    [HKEY_LOCAL_MACHINE\software\Yahoo]
    [HKEY_LOCAL_MACHINE\software\Zone Labs]

    ¤¤¤¤¤¤¤¤¤¤ Files/folders ¤¤¤¤¤¤¤¤¤¤

    Present !! : C:\Program Files\Fichiers communs\IRAABOUT.DLL
    Present !! : C:\Program Files\Fichiers communs\IRALPTTR.DLL
    Present !! : C:\Program Files\Fichiers communs\IRAMDMTR.DLL
    Present !! : C:\Program Files\Fichiers communs\IRAREG.DLL
    Present !! : C:\Program Files\Fichiers communs\IRASRIAL.DLL
    Present !! : C:\Program Files\Fichiers communs\IRAWEBTR.DLL
    Present !! : C:\Program Files\Internet Explorer\SET509.tmp
    Present !! : C:\Program Files\Internet Explorer\SET5F5.tmp
    Present !! : C:\WINDOWS\000001_.tmp
    Present !! : C:\WINDOWS\002747_.tmp
    Present !! : C:\WINDOWS\003391_.tmp
    Present !! : C:\WINDOWS\003399_.tmp
    Present !! : C:\WINDOWS\SET1B.tmp
    Present !! : C:\WINDOWS\SET3.tmp
    Present !! : C:\WINDOWS\SET433.tmp
    Present !! : C:\WINDOWS\SET51F.tmp
    Present !! : C:\WINDOWS\SET7.tmp
    Present !! : C:\WINDOWS\SETD.tmp
    Present !! : C:\WINDOWS\aucfg.ini
    Present !! : C:\WINDOWS\patch.exe
    Present !! : C:\WINDOWS\System32\_000103_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003829_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003830_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003831_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003832_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003838_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003839_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003840_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003841_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003842_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003843_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003844_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003845_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003846_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003847_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003848_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003849_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003851_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003852_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003853_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003855_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003858_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003859_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003862_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003863_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003864_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003865_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003866_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003867_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003869_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003870_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003871_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003872_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003873_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003874_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003875_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003876_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003878_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003879_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003880_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003881_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003882_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003884_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003885_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003887_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003888_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003889_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003890_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003892_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003895_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003896_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003900_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003901_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003903_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003906_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003908_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003909_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003910_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003911_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003914_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003915_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003916_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003917_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003918_.tmp.dll
    Present !! : C:\WINDOWS\System32\_003923_.tmp.dll
    Present !! : C:\WINDOWS\System32\drivers\_003801_.tmp.dll
    Present !! : C:\WINDOWS\System32\drivers\_003810_.tmp.dll
    Present !! : C:\WINDOWS\System32\SET100C.tmp
    Present !! : C:\WINDOWS\System32\SET11B.tmp
    Present !! : C:\WINDOWS\System32\SET11C.tmp
    Present !! : C:\WINDOWS\System32\SET11E.tmp
    Present !! : C:\WINDOWS\System32\SET120.tmp
    Present !! : C:\WINDOWS\System32\SET122.tmp
    Present !! : C:\WINDOWS\System32\SET124.tmp
    Present !! : C:\WINDOWS\System32\SET125.tmp
    Present !! : C:\WINDOWS\System32\SET126.tmp
    Present !! : C:\WINDOWS\System32\SET127.tmp
    Present !! : C:\WINDOWS\System32\SET129.tmp
    Present !! : C:\WINDOWS\System32\SET12A.tmp
    Present !! : C:\WINDOWS\System32\SET12B.tmp
    Present !! : C:\WINDOWS\System32\SET12D.tmp
    Present !! : C:\WINDOWS\System32\SET12E.tmp
    Present !! : C:\WINDOWS\System32\SET132.tmp
    Present !! : C:\WINDOWS\System32\SET133.tmp
    Present !! : C:\WINDOWS\System32\SET134.tmp
    Present !! : C:\WINDOWS\System32\SET136.tmp
    Present !! : C:\WINDOWS\System32\SET137.tmp
    Present !! : C:\WINDOWS\System32\SET138.tmp
    Present !! : C:\WINDOWS\System32\SET139.tmp
    Present !! : C:\WINDOWS\System32\SET13A.tmp
    Present !! : C:\WINDOWS\System32\SET13C.tmp
    Present !! : C:\WINDOWS\System32\SET13D.tmp
    Present !! : C:\WINDOWS\System32\SET13E.tmp
    Present !! : C:\WINDOWS\System32\SET13F.tmp
    Present !! : C:\WINDOWS\System32\SET141.tmp
    Present !! : C:\WINDOWS\System32\SET142.tmp
    Present !! : C:\WINDOWS\System32\SET145.tmp
    Present !! : C:\WINDOWS\System32\SET149.tmp
    Present !! : C:\WINDOWS\System32\SET14A.tmp
    Present !! : C:\WINDOWS\System32\SET14B.tmp
    Present !! : C:\WINDOWS\System32\SET14C.tmp
    Present !! : C:\WINDOWS\System32\SET14E.tmp
    Present !! : C:\WINDOWS\System32\SET14F.tmp
    Present !! : C:\WINDOWS\System32\SET150.tmp
    Present !! : C:\WINDOWS\System32\SET151.tmp
    Present !! : C:\WINDOWS\System32\SET152.tmp
    Present !! : C:\WINDOWS\System32\SET153.tmp
    Present !! : C:\WINDOWS\System32\SET155.tmp
    Present !! : C:\WINDOWS\System32\SET156.tmp
    Present !! : C:\WINDOWS\System32\SET157.tmp
    Present !! : C:\WINDOWS\System32\SET158.tmp
    Present !! : C:\WINDOWS\System32\SET159.tmp
    Present !! : C:\WINDOWS\System32\SET15A.tmp
    Present !! : C:\WINDOWS\System32\SET15B.tmp
    Present !! : C:\WINDOWS\System32\SET15C.tmp
    Present !! : C:\WINDOWS\System32\SET15D.tmp
    Present !! : C:\WINDOWS\System32\SET15F.tmp
    Present !! : C:\WINDOWS\System32\SET160.tmp
    Present !! : C:\WINDOWS\System32\SET161.tmp
    Present !! : C:\WINDOWS\System32\SET162.tmp
    Present !! : C:\WINDOWS\System32\SET163.tmp
    Present !! : C:\WINDOWS\System32\SET164.tmp
    Present !! : C:\WINDOWS\System32\SET165.tmp
    Present !! : C:\WINDOWS\System32\SET166.tmp
    Present !! : C:\WINDOWS\System32\SET167.tmp
    Present !! : C:\WINDOWS\System32\SET168.tmp
    Present !! : C:\WINDOWS\System32\SET169.tmp
    Present !! : C:\WINDOWS\System32\SET16A.tmp
    Present !! : C:\WINDOWS\System32\SET170.tmp
    Present !! : C:\WINDOWS\System32\SET175.tmp
    Present !! : C:\WINDOWS\System32\SET176.tmp
    Present !! : C:\WINDOWS\System32\SET177.tmp
    Present !! : C:\WINDOWS\System32\SET178.tmp
    Present !! : C:\WINDOWS\System32\SET179.tmp
    Present !! : C:\WINDOWS\System32\SET17A.tmp
    Present !! : C:\WINDOWS\System32\SET17B.tmp
    Present !! : C:\WINDOWS\System32\SET17D.tmp
    Present !! : C:\WINDOWS\System32\SET17E.tmp
    Present !! : C:\WINDOWS\System32\SET180.tmp
    Present !! : C:\WINDOWS\System32\SET182.tmp
    Present !! : C:\WINDOWS\System32\SET183.tmp
    Present !! : C:\WINDOWS\System32\SET185.tmp
    Present !! : C:\WINDOWS\System32\SET186.tmp
    Present !! : C:\WINDOWS\System32\SET189.tmp
    Present !! : C:\WINDOWS\System32\SET18A.tmp
    Present !! : C:\WINDOWS\System32\SET18D.tmp
    Present !! : C:\WINDOWS\System32\SET18E.tmp
    Present !! : C:\WINDOWS\System32\SET191.tmp
    Present !! : C:\WINDOWS\System32\SET192.tmp
    Present !! : C:\WINDOWS\System32\SET194.tmp
    Present !! : C:\WINDOWS\System32\SET195.tmp
    Present !! : C:\WINDOWS\System32\SET196.tmp
    Present !! : C:\WINDOWS\System32\SET197.tmp
    Present !! : C:\WINDOWS\System32\SET198.tmp
    Present !! : C:\WINDOWS\System32\SET19A.tmp
    Present !! : C:\WINDOWS\System32\SET19D.tmp
    Present !! : C:\WINDOWS\System32\SET19E.tmp
    Present !! : C:\WINDOWS\System32\SET19F.tmp
    Present !! : C:\WINDOWS\System32\SET1A0.tmp
    Present !! : C:\WINDOWS\System32\SET1A2.tmp
    Present !! : C:\WINDOWS\System32\SET1A3.tmp
    Present !! : C:\WINDOWS\System32\SET1A4.tmp
    Present !! : C:\WINDOWS\System32\SET1A5.tmp
    Present !! : C:\WINDOWS\System32\SET1A6.tmp
    Present !! : C:\WINDOWS\System32\SET1AC.tmp
    Present !! : C:\WINDOWS\System32\SET1B0.tmp
    Present !! : C:\WINDOWS\System32\SET1B2.tmp
    Present !! : C:\WINDOWS\System32\SET1B3.tmp
    Present !! : C:\WINDOWS\System32\SET1B5.tmp
    Present !! : C:\WINDOWS\System32\SET1B7.tmp
    Present !! : C:\WINDOWS\System32\SET1B8.tmp
    Present !! : C:\WINDOWS\System32\SET1BA.tmp
    Present !! : C:\WINDOWS\System32\SET1BB.tmp
    Present !! : C:\WINDOWS\System32\SET1BC.tmp
    Present !! : C:\WINDOWS\System32\SET1BD.tmp
    Present !! : C:\WINDOWS\System32\SET1BE.tmp
    Present !! : C:\WINDOWS\System32\SET1BF.tmp
    Present !! : C:\WINDOWS\System32\SET1C2.tmp
    Present !! : C:\WINDOWS\System32\SET1C3.tmp
    Present !! : C:\WINDOWS\System32\SET1C4.tmp
    Present !! : C:\WINDOWS\System32\SET1C5.tmp
    Present !! : C:\WINDOWS\System32\SET1C7.tmp
    Present !! : C:\WINDOWS\System32\SET1C8.tmp
    Present !! : C:\WINDOWS\System32\SET1C9.tmp
    Present !! : C:\WINDOWS\System32\SET1CF.tmp
    Present !! : C:\WINDOWS\System32\SET1D0.tmp
    Present !! : C:\WINDOWS\System32\SET1D1.tmp
    Present !! : C:\WINDOWS\System32\SET1D2.tmp
    Present !! : C:\WINDOWS\System32\SET1D3.tmp
    Present !! : C:\WINDOWS\System32\SET1D6.tmp
    Present !! : C:\WINDOWS\System32\SET1D9.tmp
    Present !! : C:\WINDOWS\System32\SET1DB.tmp
    Present !! : C:\WINDOWS\System32\SET1DF.tmp
    Present !! : C:\WINDOWS\System32\SET1E0.tmp
    Present !! : C:\WINDOWS\System32\SET1E1.tmp
    Present !! : C:\WINDOWS\System32\SET1E2.tmp
    Present !! : C:\WINDOWS\System32\SET1E4.tmp
    Present !! : C:\WINDOWS\System32\SET1E9.tmp
    Present !! : C:\WINDOWS\System32\SET1EA.tmp
    Present !! : C:\WINDOWS\System32\SET1EB.tmp
    Present !! : C:\WINDOWS\System32\SET1EC.tmp
    Present !! : C:\WINDOWS\System32\SET1EF.tmp
    Present !! : C:\WINDOWS\System32\SET1F2.tmp
    Present !! : C:\WINDOWS\System32\SET1F3.tmp
    Present !! : C:\WINDOWS\System32\SET1F4.tmp
    Present !! : C:\WINDOWS\System32\SET1F5.tmp
    Present !! : C:\WINDOWS\System32\SET1F6.tmp
    Present !! : C:\WINDOWS\System32\SET1F8.tmp
    Present !! : C:\WINDOWS\System32\SET1FA.tmp
    Present !! : C:\WINDOWS\System32\SET1FB.tmp
    Present !! : C:\WINDOWS\System32\SET1FC.tmp
    Present !! : C:\WINDOWS\System32\SET207.tmp
    Present !! : C:\WINDOWS\System32\SET20B.tmp
    Present !! : C:\WINDOWS\System32\SET20C.tmp
    Present !! : C:\WINDOWS\System32\SET20D.tmp
    Present !! : C:\WINDOWS\System32\SET20F.tmp
    Present !! : C:\WINDOWS\System32\SET211.tmp
    Present !! : C:\WINDOWS\System32\SET214.tmp
    Present !! : C:\WINDOWS\System32\SET215.tmp
    Present !! : C:\WINDOWS\System32\SET216.tmp
    Present !! : C:\WINDOWS\System32\SET218.tmp
    Present !! : C:\WINDOWS\System32\SET219.tmp
    Present !! : C:\WINDOWS\System32\SET21A.tmp
    Present !! : C:\WINDOWS\System32\SET21C.tmp
    Present !! : C:\WINDOWS\System32\SET21D.tmp
    Present !! : C:\WINDOWS\System32\SET21E.tmp
    Present !! : C:\WINDOWS\System32\SET220.tmp
    Present !! : C:\WINDOWS\System32\SET221.tmp
    Present !! : C:\WINDOWS\System32\SET224.tmp
    Present !! : C:\WINDOWS\System32\SET226.tmp
    Present !! : C:\WINDOWS\System32\SET227.tmp
    Present !! : C:\WINDOWS\System32\SET228.tmp
    Present !! : C:\WINDOWS\System32\SET229.tmp
    Present !! : C:\WINDOWS\System32\SET22C.tmp
    Present !! : C:\WINDOWS\System32\SET22D.tmp
    Present !! : C:\WINDOWS\System32\SET22E.tmp
    Present !! : C:\WINDOWS\System32\SET22F.tmp
    Present !! : C:\WINDOWS\System32\SET230.tmp
    Present !! : C:\WINDOWS\System32\SET233.tmp
    Present !! : C:\WINDOWS\System32\SET234.tmp
    Present !! : C:\WINDOWS\System32\SET235.tmp
    Present !! : C:\WINDOWS\System32\SET236.tmp
    Present !! : C:\WINDOWS\System32\SET237.tmp
    Present !! : C:\WINDOWS\System32\SET239.tmp
    Present !! : C:\WINDOWS\System32\SET23A.tmp
    Present !! : C:\WINDOWS\System32\SET23B.tmp
    Present !! : C:\WINDOWS\System32\SET23D.tmp
    Present !! : C:\WINDOWS\System32\SET23E.tmp
    Present !! : C:\WINDOWS\System32\SET23F.tmp
    Present !! : C:\WINDOWS\System32\SET241.tmp
    Present !! : C:\WINDOWS\System32\SET242.tmp
    Present !! : C:\WINDOWS\System32\SET243.tmp
    Present !! : C:\WINDOWS\System32\SET244.tmp
    Present !! : C:\WINDOWS\System32\SET245.tmp
    Present !! : C:\WINDOWS\System32\SET24A.tmp
    Present !! : C:\WINDOWS\System32\SET24B.tmp
    Present !! : C:\WINDOWS\System32\SET24C.tmp
    Present !! : C:\WINDOWS\System32\SET250.tmp
    Present !! : C:\WINDOWS\System32\SET251.tmp
    Present !! : C:\WINDOWS\System32\SET252.tmp
    Present !! : C:\WINDOWS\System32\SET253.tmp
    Present !! : C:\WINDOWS\System32\SET255.tmp
    Present !! : C:\WINDOWS\System32\SET258.tmp
    Present !! : C:\WINDOWS\System32\SET25A.tmp
    Present !! : C:\WINDOWS\System32\SET25B.tmp
    Present !! : C:\WINDOWS\System32\SET25D.tmp
    Present !! : C:\WINDOWS\System32\SET25E.tmp
    Present !! : C:\WINDOWS\System32\SET25F.tmp
    Present !! : C:\WINDOWS\System32\SET260.tmp
    Present !! : C:\WINDOWS\System32\SET261.tmp
    Present !! : C:\WINDOWS\System32\SET262.tmp
    Present !! : C:\WINDOWS\System32\SET263.tmp
    Present !! : C:\WINDOWS\System32\SET265.tmp
    Present !! : C:\WINDOWS\System32\SET266.tmp
    Present !! : C:\WINDOWS\System32\SET267.tmp
    Present !! : C:\WINDOWS\System32\SET26C.tmp
    Present !! : C:\WINDOWS\System32\SET26D.tmp
    Present !! : C:\WINDOWS\System32\SET26E.tmp
    Present !! : C:\WINDOWS\System32\SET26F.tmp
    Present !! : C:\WINDOWS\System32\SET272.tmp
    Present !! : C:\WINDOWS\System32\SET278.tmp
    Present !! : C:\WINDOWS\System32\SET279.tmp
    Present !! : C:\WINDOWS\System32\SET27C.tmp
    Present !! : C:\WINDOWS\System32\SET27D.tmp
    Present !! : C:\WINDOWS\System32\SET280.tmp
    Present !! : C:\WINDOWS\System32\SET282.tmp
    Present !! : C:\WINDOWS\System32\SET284.tmp
    Present !! : C:\WINDOWS\System32\SET285.tmp
    Present !! : C:\WINDOWS\System32\SET286.tmp
    Present !! : C:\WINDOWS\System32\SET287.tmp
    Present !! : C:\WINDOWS\System32\SET288.tmp
    Present !! : C:\WINDOWS\System32\SET289.tmp
    Present !! : C:\WINDOWS\System32\SET28A.tmp
    Present !! : C:\WINDOWS\System32\SET28E.tmp
    Present !! : C:\WINDOWS\System32\SET28F.tmp
    Present !! : C:\WINDOWS\System32\SET290.tmp
    Present !! : C:\WINDOWS\System32\SET291.tmp
    Present !! : C:\WINDOWS\System32\SET292.tmp
    Present !! : C:\WINDOWS\System32\SET293.tmp
    Present !! : C:\WINDOWS\System32\SET295.tmp
    Present !! : C:\WINDOWS\System32\SET297.tmp
    Present !! : C:\WINDOWS\System32\SET299.tmp
    Present !! : C:\WINDOWS\System32\SET29A.tmp
    Present !! : C:\WINDOWS\System32\SET29B.tmp
    Present !! : C:\WINDOWS\System32\SET29F.tmp
    Present !! : C:\WINDOWS\System32\SET2A1.tmp
    Present !! : C:\WINDOWS\System32\SET2A5.tmp
    Present !! : C:\WINDOWS\System32\SET2A6.tmp
    Present !! : C:\WINDOWS\System32\SET2A9.tmp
    Present !! : C:\WINDOWS\System32\SET2AA.tmp
    Present !! : C:\WINDOWS\System32\SET2AC.tmp
    Present !! : C:\WINDOWS\System32\SET2AD.tmp
    Present !! : C:\WINDOWS\System32\SET2AE.tmp
    Present !! : C:\WINDOWS\System32\SET2AF.tmp
    Present !! : C:\WINDOWS\System32\SET2B2.tmp
    Present !! : C:\WINDOWS\System32\SET2B3.tmp
    Present !! : C:\WINDOWS\System32\SET2B4.tmp
    Present !! : C:\WINDOWS\System32\SET2B7.tmp
    Present !! : C:\WINDOWS\System32\SET2B9.tmp
    Present !! : C:\WINDOWS\System32\SET2BA.tmp
    Present !! : C:\WINDOWS\System32\SET2BC.tmp
    Present !! : C:\WINDOWS\System32\SET2C1.tmp
    Present !! : C:\WINDOWS\System32\SET2C7.tmp
    Present !! : C:\WINDOWS\System32\SET2CA.tmp
    Present !! : C:\WINDOWS\System32\SET2CB.tmp
    Present !! : C:\WINDOWS\System32\SET2CC.tmp
    Present !! : C:\WINDOWS\System32\SET2CF.tmp
    Present !! : C:\WINDOWS\System32\SET2D1.tmp
    Present !! : C:\WINDOWS\System32\SET2D4.tmp
    Present !! : C:\WINDOWS\System32\SET2D6.tmp
    Present !! : C:\WINDOWS\System32\SET2D7.tmp
    Present !! : C:\WINDOWS\System32\SET2DA.tmp
    Present !! : C:\WINDOWS\System32\SET2DB.tmp
    Present !! : C:\WINDOWS\System32\SET2DC.tmp
    Present !! : C:\WINDOWS\System32\SET2DD.tmp
    Present !! : C:\WINDOWS\System32\SET2DE.tmp
    Present !! : C:\WINDOWS\System32\SET2DF.tmp
    Present !! : C:\WINDOWS\System32\SET2E1.tmp
    Present !! : C:\WINDOWS\System32\SET2E2.tmp
    Present !! : C:\WINDOWS\System32\SET2E3.tmp
    Present !! : C:\WINDOWS\System32\SET2E4.tmp
    Present !! : C:\WINDOWS\System32\SET2E5.tmp
    Present !! : C:\WINDOWS\System32\SET2E7.tmp
    Present !! : C:\WINDOWS\System32\SET2E8.tmp
    Present !! : C:\WINDOWS\System32\SET2E9.tmp
    Present !! : C:\WINDOWS\System32\SET2EC.tmp
    Present !! : C:\WINDOWS\System32\SET2EF.tmp
    Present !! : C:\WINDOWS\System32\SET2F0.tmp
    Present !! : C:\WINDOWS\System32\SET2F1.tmp
    Present !! : C:\WINDOWS\System32\SET2F5.tmp
    Present !! : C:\WINDOWS\System32\SET2F7.tmp
    Present !! : C:\WINDOWS\System32\SET2F8.tmp
    Present !! : C:\WINDOWS\System32\SET2F9.tmp
    Present !! : C:\WINDOWS\System32\SET2FE.tmp
    Present !! : C:\WINDOWS\System32\SET2FF.tmp
    Present !! : C:\WINDOWS\System32\SET300.tmp
    Present !! : C:\WINDOWS\System32\SET302.tmp
    Present !! : C:\WINDOWS\System32\SET305.tmp
    Present !! : C:\WINDOWS\System32\SET306.tmp
    Present !! : C:\WINDOWS\System32\SET308.tmp
    Present !! : C:\WINDOWS\System32\SET309.tmp
    Present !! : C:\WINDOWS\System32\SET30A.tmp
    Present !! : C:\WINDOWS\System32\SET30B.tmp
    Present !! : C:\WINDOWS\System32\SET30D.tmp
    Present !! : C:\WINDOWS\System32\SET30F.tmp
    Present !! : C:\WINDOWS\System32\SET310.tmp
    Present !! : C:\WINDOWS\System32\SET313.tmp
    Present !! : C:\WINDOWS\System32\SET314.tmp
    Present !! : C:\WINDOWS\System32\SET317.tmp
    Present !! : C:\WINDOWS\System32\SET318.tmp
    Present !! : C:\WINDOWS\System32\SET319.tmp
    Present !! : C:\WINDOWS\System32\SET31A.tmp
    Present !! : C:\WINDOWS\System32\SET321.tmp
    Present !! : C:\WINDOWS\System32\SET323.tmp
    Present !! : C:\WINDOWS\System32\SET324.tmp
    Present !! : C:\WINDOWS\System32\SET327.tmp
    Present !! : C:\WINDOWS\System32\SET32D.tmp
    Present !! : C:\WINDOWS\System32\SET32E.tmp
    Present !! : C:\WINDOWS\System32\SET32F.tmp
    Present !! : C:\WINDOWS\System32\SET332.tmp
    Present !! : C:\WINDOWS\System32\SET333.tmp
    Present !! : C:\WINDOWS\System32\SET335.tmp
    Present !! : C:\WINDOWS\System32\SET337.tmp
    Present !! : C:\WINDOWS\System32\SET338.tmp
    Present !! : C:\WINDOWS\System32\SET33A.tmp
    Present !! : C:\WINDOWS\System32\SET33E.tmp
    Present !! : C:\WINDOWS\System32\SET340.tmp
    Present !! : C:\WINDOWS\System32\SET341.tmp
    Present !! : C:\WINDOWS\System32\SET342.tmp
    Present !! : C:\WINDOWS\System32\SET344.tmp
    Present !! : C:\WINDOWS\System32\SET345.tmp
    Present !! : C:\WINDOWS\System32\SET34A.tmp
    Present !! : C:\WINDOWS\System32\SET34B.tmp
    Present !! : C:\WINDOWS\System32\SET34C.tmp
    Present !! : C:\WINDOWS\System32\SET34D.tmp
    Present !! : C:\WINDOWS\System32\SET34E.tmp
    Present !! : C:\WINDOWS\System32\SET34F.tmp
    Present !! : C:\WINDOWS\System32\SET350.tmp
    Present !! : C:\WINDOWS\System32\SET351.tmp
    Present !! : C:\WINDOWS\System32\SET352.tmp
    Present !! : C:\WINDOWS\System32\SET353.tmp
    Present !! : C:\WINDOWS\System32\SET354.tmp
    Present !! : C:\WINDOWS\System32\SET356.tmp
    Present !! : C:\WINDOWS\System32\SET357.tmp
    Present !! : C:\WINDOWS\System32\SET358.tmp
    Present !! : C:\WINDOWS\System32\SET35A.tmp
    Present !! : C:\WINDOWS\System32\SET35C.tmp
    Present !! : C:\WINDOWS\System32\SET35D.tmp
    Present !! : C:\WINDOWS\System32\SET35E.tmp
    Present !! : C:\WINDOWS\System32\SET362.tmp
    Present !! : C:\WINDOWS\System32\SET363.tmp
    Present !! : C:\WINDOWS\System32\SET36D.tmp
    Present !! : C:\WINDOWS\System32\SET36F.tmp
    Present !! : C:\WINDOWS\System32\SET371.tmp
    Present !! : C:\WINDOWS\System32\SET372.tmp
    Present !! : C:\WINDOWS\System32\SET373.tmp
    Present !! : C:\WINDOWS\System32\SET377.tmp
    Present !! : C:\WINDOWS\System32\SET37C.tmp
    Present !! : C:\WINDOWS\System32\SET37D.tmp
    Present !! : C:\WINDOWS\System32\SET37E.tmp
    Present !! : C:\WINDOWS\System32\SET380.tmp
    Present !! : C:\WINDOWS\System32\SET381.tmp
    Present !! : C:\WINDOWS\System32\SET388.tmp
    Present !! : C:\WINDOWS\System32\SET393.tmp
    Present !! : C:\WINDOWS\System32\SET396.tmp
    Present !! : C:\WINDOWS\System32\SET398.tmp
    Present !! : C:\WINDOWS\System32\SET39B.tmp
    Present !! : C:\WINDOWS\System32\SET39F.tmp
    Present !! : C:\WINDOWS\System32\SET3A0.tmp
    Present !! : C:\WINDOWS\System32\SET3A3.tmp
    Present !! : C:\WINDOWS\System32\SET3A6.tmp
    Present !! : C:\WINDOWS\System32\SET3A8.tmp
    Present !! : C:\WINDOWS\System32\SET3AA.tmp
    Present !! : C:\WINDOWS\System32\SET3AF.tmp
    Present !! : C:\WINDOWS\System32\SET3B1.tmp
    Present !! : C:\WINDOWS\System32\SET3B2.tmp
    Present !! : C:\WINDOWS\System32\SET3B3.tmp
    Present !! : C:\WINDOWS\System32\SET3B4.tmp
    Present !! : C:\WINDOWS\System32\SET3B5.tmp
    Present !! : C:\WINDOWS\System32\SET3B6.tmp
    Present !! : C:\WINDOWS\System32\SET3B7.tmp
    Present !! : C:\WINDOWS\System32\SET3BA.tmp
    Present !! : C:\WINDOWS\System32\SET3BC.tmp
    Present !! : C:\WINDOWS\System32\SET3BD.tmp
    Present !! : C:\WINDOWS\System32\SET3BF.tmp
    Present !! : C:\WINDOWS\System32\SET3C2.tmp
    Present !! : C:\WINDOWS\System32\SET3C4.tmp
    Present !! : C:\WINDOWS\System32\SET3C7.tmp
    Present !! : C:\WINDOWS\System32\SET3C9.tmp
    Present !! : C:\WINDOWS\System32\SET3CA.tmp
    Present !! : C:\WINDOWS\System32\SET3CB.tmp
    Present !! : C:\WINDOWS\System32\SET3CF.tmp
    Present !! : C:\WINDOWS\System32\SET3D2.tmp
    Present !! : C:\WINDOWS\System32\SET3D8.tmp
    Present !! : C:\WINDOWS\System32\SET3E0.tmp
    Present !! : C:\WINDOWS\System32\SET3E2.tmp
    Present !! : C:\WINDOWS\System32\SET3E6.tmp
    Present !! : C:\WINDOWS\System32\SET3E8.tmp
    Present !! : C:\WINDOWS\System32\SET3E9.tmp
    Present !! : C:\WINDOWS\System32\SET3EB.tmp
    Present !! : C:\WINDOWS\System32\SET3EC.tmp
    Present !! : C:\WINDOWS\System32\SET3ED.tmp
    Present !! : C:\WINDOWS\System32\SET3EE.tmp
    Present !! : C:\WINDOWS\System32\SET3F1.tmp
    Pres
    0
  8. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    ton rapport n'est pas complet mais tu peut passer l'option clean y'a du monde a virer

    Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
    mais cette fois-ci :

    choisis l'option CLEAN

    laisse travailler l'outil.

    en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,

    colle le contenu dans ta réponse

    Par Manque De Curiosité On Risque De Mourir Ignorant;Tu es libre de penser que tu es C..,
    Mais C.. de penser que ­tu es libre...Merci a australe13
    0
  9. claude54 Messages postés 15 Statut Membre
     
    C-dessous le rapport

    ¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.1.0.8 ¤¤¤¤¤¤¤¤¤¤

    User : claude (Administrateurs)
    Update on 29/09/2010 by g3n-h@ckm@n ::::: 15.00
    Start at: 11:29:17 | 01/10/2010

    Mobile Intel(R) Pentium(R) 4 - M CPU 2.20GHz
    Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
    Internet Explorer 6.0.2900.2180
    Windows Firewall Status : Disabled
    AV : avast! Antivirus 5.0.83886757 [ (!) Disabled | Updated ]

    A:\ -> Lecteur de disquettes 3 ½ pouces
    C:\ -> Disque fixe local | 24,41 Go (6,99 Go free) [XP] | NTFS
    D:\ -> Disque fixe local | 31,48 Go (10,47 Go free) | NTFS
    E:\ -> Disque CD-ROM

    ¤¤¤¤¤¤¤¤¤¤ Files/folders :

    Quarantined & Deleted !! : C:\Program Files\Fichiers communs\IRAABOUT.DLL
    Quarantined & Deleted !! : C:\Program Files\Fichiers communs\IRALPTTR.DLL
    Quarantined & Deleted !! : C:\Program Files\Fichiers communs\IRAMDMTR.DLL
    Quarantined & Deleted !! : C:\Program Files\Fichiers communs\IRAREG.DLL
    Quarantined & Deleted !! : C:\Program Files\Fichiers communs\IRASRIAL.DLL
    Quarantined & Deleted !! : C:\Program Files\Fichiers communs\IRAWEBTR.DLL
    Quarantined & Deleted !! : C:\Program Files\Internet Explorer\SET509.tmp
    Quarantined & Deleted !! : C:\Program Files\Internet Explorer\SET5F5.tmp
    Quarantined & Deleted !! : C:\WINDOWS\000001_.tmp
    Quarantined & Deleted !! : C:\WINDOWS\002747_.tmp
    Quarantined & Deleted !! : C:\WINDOWS\003391_.tmp
    Quarantined & Deleted !! : C:\WINDOWS\003399_.tmp
    Quarantined & Deleted !! : C:\WINDOWS\SET1B.tmp
    Quarantined & Deleted !! : C:\WINDOWS\SET3.tmp
    Quarantined & Deleted !! : C:\WINDOWS\SET433.tmp
    Quarantined & Deleted !! : C:\WINDOWS\SET51F.tmp
    Quarantined & Deleted !! : C:\WINDOWS\SET7.tmp
    Quarantined & Deleted !! : C:\WINDOWS\SETD.tmp
    Quarantined & Deleted !! : C:\WINDOWS\aucfg.ini
    Quarantined & Deleted !! : C:\WINDOWS\patch.exe

    Quarantined & Deleted !! : C:\WINDOWS\System32\_000103_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003829_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003830_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003831_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003832_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003838_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003839_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003840_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003841_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003842_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003843_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003844_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003845_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003846_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003847_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003848_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003849_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003851_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003852_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003853_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003855_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003858_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003859_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003862_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003863_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003864_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003865_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003866_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003867_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003869_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003870_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003871_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003872_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003873_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003874_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003875_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003876_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003878_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003879_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003880_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003881_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003882_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003884_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003885_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003887_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003888_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003889_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003890_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003892_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003895_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003896_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003900_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003901_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003903_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003906_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003908_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003909_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003910_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003911_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003914_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003915_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003916_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003917_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003918_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\_003923_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\_003801_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\_003810_.tmp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET176.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\tmp.reg
    Quarantined & Deleted !! : C:\Documents and Settings\claude\err.log

    ¤¤¤¤¤¤¤¤¤¤ Hosts ¤¤¤¤¤¤¤¤¤¤

    127.0.0.1 localhost

    ¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤

    Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run : Microsoft Services
    Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run : Microsoft Windows Update
    Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Run : Microsoft Services
    Deleted : HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run : Microsoft Services
    Deleted : HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run : Microsoft Update
    Deleted : HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run : Microsoft Windows Update
    Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {0E5CBF21-D15F-11D0-8301-00AA005B4383}
    Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoClose
    Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoLogoff
    Deleted : "HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{71DA2A4E-ACB3-4065-9E41-8BC42EABE427}"
    Deleted : "HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8B3B8135-9DAA-40E7-8941-962795F9C1CB}"
    Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NPF
    Deleted : HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_NPF
    Deleted : HKLM\SYSTEM\ControlSet001\Services\NPF

    ¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    Local Page = C:\WINDOWS\system32\blank.htm
    Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    Start Page = https://www.google.com/?gws_rd=ssl
    Local Page = C:\WINDOWS\system32\blank.htm
    Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

    ¤¤¤¤¤¤¤¤¤¤ Security Center ¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    FirewallOverride = 0 (0x0)
    FirewallDisableNotify = 0 (0x0)
    AntiVirusDisableNotify = 0 (0x0)
    UpdatesDisableNotify = 0 (0x0)
    AntiVirusOverride = 0 (0x0)
    FirstRunDisabled = 1 ()

    ¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤

    Ndisuio : Start = 3
    Ip6Fw : Start = 2
    SharedAccess : Start = 2
    wuauserv : Start = 2
    wscsvc : Start = 2

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    Disk Cleaned
    anti-ver blaster : OK
    Prefetch cleaned
    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    FEATURE_BROWSER_EMULATION | svchost :
    ====================================

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys
    kernel: MBR read successfully
    user & kernel MBR OK

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    0
  10. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    poste un nouveau HijackThis
    0
  11. claude54 Messages postés 15 Statut Membre
     
    voilà !

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:43:21, on 01/10/2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\mmc.exe
    C:\WINDOWS\system32\DfrgNtfs.exe
    F:\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [AS00_Gear511] C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe -hide
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://E:\content\include\XPPatchInstaller.CAB
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/26eeda77f90bf4f22105/netzip/RdxIE601_fr.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/...
    O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://E:\Content\include\msSecUcd.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Service Google Update (gupdate1ca4a47648693a0) (gupdate1ca4a47648693a0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    0
  12. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    en va vacciner tes lecteur

    Télécharge UsbFix de C_XX & Chiquitine29

    http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe

    (!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

    * Double clic sur "UsbFix.exe" présent sur ton bureau ( clic droit "exécuter en tant qu'administrateur" pour Vista & 7 )

    * Choisis l'option F pour français et tape sur [entrée] .

    * Choisis l'option 1 ( Recherche ) et tape sur [entrée] .

    * Laisse travailler l'outil.

    * Ensuite poste le rapport UsbFix.txt qui apparaitra.

    * Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

    ( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

    * Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
    0
  13. claude54 Messages postés 15 Statut Membre
     
    RAPPORT CLE1
    ############################## | UsbFix 7.027 | [Recherche]

    Utilisateur: claude (Administrateur) # C840 [ ]
    Mis à jour le 28/09/10 par El Desaparecido / C_XX
    Lancé à 14:10:42 | 01/10/2010
    Site Web: http://www.teamxscript.org
    Contact: FindyKill.Contact@gmail.com

    CPU: Mobile Intel(R) Pentium(R) 4 - M CPU 2.20GHz
    Microsoft Windows XP Professionnel (5.1.2600 32-Bit) # Service Pack 2
    Internet Explorer 6.0.2900.2180

    Pare-feu Windows: Désactivé /!\
    Antivirus: avast! Antivirus 5.0.83886757 [(!) Disabled | Updated]
    RAM -> 767 Mo
    C:\ (%systemdrive%) -> Disque fixe # 24 Go (7 Go libre(s) - 28%) [XP] # NTFS
    D:\ -> Disque fixe # 31 Go (10 Go libre(s) - 33%) [] # NTFS
    E:\ -> CD-ROM
    F:\ -> Disque amovible # 4 Go (3 Go libre(s) - 76%) [KINGSTON] # FAT32

    ################## | Éléments infectieux |

    Présent! C:\HiJackThis.exe
    Présent! F:\HiJackThis.exe
    Présent! F:\HJTInstall.exe

    ################## | Registre |

    ################## | Mountpoints2 |

    ################## | Vaccin |

    (!) Cet ordinateur n'est pas vacciné!

    ################## | E.O.F |

    RAPPORT CLEF2

    ############################## | UsbFix 7.027 | [Recherche]

    Utilisateur: claude (Administrateur) # C840 [ ]
    Mis à jour le 28/09/10 par El Desaparecido / C_XX
    Lancé à 14:37:12 | 01/10/2010
    Site Web: http://www.teamxscript.org
    Contact: FindyKill.Contact@gmail.com

    CPU: Mobile Intel(R) Pentium(R) 4 - M CPU 2.20GHz
    Microsoft Windows XP Professionnel (5.1.2600 32-Bit) # Service Pack 2
    Internet Explorer 6.0.2900.2180

    Pare-feu Windows: Désactivé /!\
    Antivirus: avast! Antivirus 5.0.83886757 [(!) Disabled | Updated]
    RAM -> 767 Mo
    C:\ (%systemdrive%) -> Disque fixe # 24 Go (7 Go libre(s) - 28%) [XP] # NTFS
    D:\ -> Disque fixe # 31 Go (10 Go libre(s) - 33%) [] # NTFS
    E:\ -> CD-ROM
    F:\ -> Disque amovible # 250 Mo (0 Mo libre(s) - 0%) [CLE USB] # FAT

    ################## | Éléments infectieux |

    Présent! C:\HiJackThis.exe

    ################## | Registre |

    ################## | Mountpoints2 |

    ################## | Vaccin |

    (!) Cet ordinateur n'est pas vacciné!

    ################## | E.O.F |
    0
  14. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    pas d'infection on va juste vaccine

    Branche tes sources de données externes à ton PC, (clé USB, disque dur externe......) susceptibles d'avoir été infectés sans les ouvrir

    (1) Double clic sur le raccourci UsbFix présent sur ton bureau

    (2) Choisi l option 2 ( Suppression )

    Ton bureau disparaitra et le pc redémarrera .

    Au redémarrage , UsbFix scannera ton pc , laisse travailler l outil.

    Ensuite poste le rapport UsbFix.txt qui apparaitra avec le bureau .

    Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

    ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
    0
  15. claude54 Messages postés 15 Statut Membre
     
    ############################## | UsbFix 7.027 | [Suppression]

    Utilisateur: claude (Administrateur) # C840 [ ]
    Mis à jour le 28/09/10 par El Desaparecido / C_XX
    Lancé à 18:59:19 | 01/10/2010
    Site Web: http://www.teamxscript.org
    Contact: FindyKill.Contact@gmail.com

    CPU: Mobile Intel(R) Pentium(R) 4 - M CPU 2.20GHz
    Microsoft Windows XP Professionnel (5.1.2600 32-Bit) # Service Pack 2
    Internet Explorer 6.0.2900.2180

    Pare-feu Windows: Activé
    Antivirus: avast! Antivirus 5.0.83886757 [Enabled | Updated]
    RAM -> 767 Mo
    C:\ (%systemdrive%) -> Disque fixe # 24 Go (7 Go libre(s) - 28%) [XP] # NTFS
    D:\ -> Disque fixe # 31 Go (10 Go libre(s) - 33%) [] # NTFS
    E:\ -> CD-ROM
    F:\ -> Disque amovible # 4 Go (3 Go libre(s) - 76%) [KINGSTON] # FAT32
    G:\ -> Disque amovible # 250 Mo (0 Mo libre(s) - 0%) [CLE USB] # FAT

    ################## | Éléments infectieux |

    Supprimé! C:\HiJackThis.exe
    Supprimé! F:\HiJackThis.exe
    Supprimé! F:\HJTInstall.exe

    ################## | Registre |

    ################## | Mountpoints2 |

    ################## | Listing |

    [01/10/2010 - 12:10:15 | A | 4] C:\AUTOEXEC.BAT
    [01/10/2010 - 17:10:23 | RASHD ] C:\Autorun.inf
    [12/02/2007 - 21:06:30 | RASH | 212] C:\boot.ini
    [28/06/2002 - 21:34:11 | RASH | 4952] C:\Bootfont.bin
    [01/10/2010 - 09:39:08 | A | 1258] C:\cleannavi.txt
    [29/08/2010 - 12:26:23 | SHD ] C:\Config.Msi
    [11/06/2004 - 16:40:43 | A | 0] C:\CONFIG.SYS
    [28/08/2004 - 14:59:16 | D ] C:\DirectX
    [02/12/2006 - 17:36:51 | D ] C:\Documents and Settings
    [29/09/2010 - 10:11:14 | A | 6958] C:\hijackthis.log
    [24/09/2010 - 20:56:43 | A | 17001840] C:\IE8-WindowsXP-x86-FRA.exe
    [11/06/2004 - 16:40:43 | RASH | 0] C:\IO.SYS
    [25/10/2005 - 19:17:26 | D ] C:\IRS
    [01/10/2010 - 11:29:21 | D ] C:\Kill'em
    [01/10/2010 - 11:29:20 | A | 65118] C:\List'em.txt
    [21/08/2007 - 20:38:02 | D ] C:\LXKZ600
    [11/06/2004 - 16:40:43 | RASH | 0] C:\MSDOS.SYS
    [08/04/2010 - 20:12:47 | D ] C:\My Music
    [01/10/2010 - 09:39:11 | AD ] C:\Navilog1
    [08/07/2004 - 22:43:29 | D ] C:\network_tools
    [12/02/2007 - 20:46:11 | RASH | 47564] C:\NTDETECT.COM
    [10/09/2008 - 18:56:07 | RASH | 251712] C:\ntldr
    [27/06/2010 - 08:24:00 | A | 0] C:\nvlog.txt
    [01/10/2010 - 18:24:13 | ASH | 805306368] C:\pagefile.sys
    [01/10/2010 - 10:12:18 | AD ] C:\Program Files
    [24/09/2010 - 16:41:31 | A | 938] C:\rapport.txt
    [14/05/2005 - 11:49:53 | SHD ] C:\RECYCLER
    [07/07/2004 - 17:30:02 | A | 798215] C:\stinger.exe
    [24/09/2010 - 10:45:42 | A | 17] C:\stinger.opt
    [08/10/2007 - 19:28:45 | SHD ] C:\System Volume Information
    [11/04/2005 - 18:27:41 | D ] C:\teleir
    [08/07/2004 - 22:02:42 | D ] C:\thunderbird
    [26/06/2010 - 10:51:09 | D ] C:\titi
    [01/10/2010 - 20:48:07 | D ] C:\UsbFix
    [01/10/2010 - 20:48:08 | A | 1006] C:\UsbFix.txt
    [01/10/2010 - 11:30:06 | D ] C:\WINDOWS
    [11/05/2008 - 22:23:41 | D ] D:\206
    [03/06/2005 - 21:55:39 | D ] D:\ALLEMAND JULIEN
    [24/09/2010 - 10:41:39 | D ] D:\ANAH
    [24/09/2010 - 11:15:59 | D ] D:\ANDRE
    [01/10/2010 - 17:10:28 | RASHD ] D:\Autorun.inf
    [29/09/2008 - 22:19:29 | A | 167817] D:\bVieVerstLibre.pdf
    [07/09/2007 - 09:26:35 | A | 42496] D:\carte_etudaint.doc
    [30/12/2008 - 09:42:55 | A | 78336] D:\carte_etudaint_no-foto.doc
    [03/10/2008 - 14:17:17 | A | 1707827] D:\CIMG2748.JPG
    [03/10/2008 - 14:16:14 | A | 2002531] D:\CIMG2749.JPG
    [03/10/2008 - 14:15:24 | A | 1930029] D:\CIMG2750.JPG
    [03/10/2008 - 14:14:37 | A | 1949244] D:\CIMG2751.JPG
    [27/09/2010 - 23:01:08 | D ] D:\claude
    [24/09/2010 - 10:42:57 | D ] D:\claude2
    [24/09/2010 - 10:42:01 | D ] D:\DELL
    [03/06/2005 - 21:56:01 | D ] D:\DEVIS CHAUFFAGE
    [03/06/2005 - 21:56:05 | D ] D:\divers
    [16/07/2006 - 20:53:18 | A | 179712] D:\Doc2.doc
    [16/07/2006 - 20:54:16 | A | 178688] D:\Doc_FIN.doc
    [03/06/2005 - 21:56:47 | D ] D:\ERASMUS
    [17/06/2010 - 17:06:20 | A | 23552] D:\gilbert weltzer.doc
    [26/06/2010 - 10:53:41 | D ] D:\IMPOTS
    [24/09/2010 - 11:58:42 | D ] D:\Julien
    [24/09/2010 - 11:28:56 | D ] D:\JulienC
    [27/08/2010 - 13:33:05 | A | 565760] D:\KOS.doc
    [29/12/2006 - 14:59:54 | D ] D:\Marine
    [12/08/2006 - 10:41:35 | RHD ] D:\MSOCache
    [02/10/2006 - 18:00:32 | A | 113094] D:\PICT0021.JPG
    [08/10/2006 - 20:33:42 | A | 98272] D:\PICT0022.JPG
    [16/05/2005 - 11:23:34 | SHD ] D:\RECYCLER
    [08/07/2005 - 20:04:34 | A | 4343296] D:\Recycling_fin5.doc
    [24/09/2010 - 11:12:35 | D ] D:\RENEE
    [11/05/2008 - 21:14:42 | D ] D:\seltz
    [29/09/2008 - 20:46:01 | A | 24560] D:\src.pdf
    [08/10/2007 - 19:28:45 | SHD ] D:\System Volume Information
    [08/10/2006 - 21:05:51 | A | 16672] D:\tampon1.PNG
    [24/09/2010 - 10:44:57 | D ] D:\titi
    [01/10/2010 - 17:03:16 | A | 3714] D:\VolumeC.txt
    [31/08/2010 - 19:07:42 | D ] F:\corse
    [31/08/2010 - 19:18:56 | D ] F:\grand_mere_80ans
    [29/09/2010 - 10:07:52 | D ] F:\backups
    [01/10/2010 - 13:45:32 | A | 6899] F:\hijackthis.log
    [29/09/2010 - 11:09:42 | A | 22148280] F:\antivir_workstation_winu_fr_h.exe
    [29/09/2010 - 15:46:36 | A | 6153352] F:\mbam-setup.exe
    [01/10/2010 - 08:46:14 | A | 1369] F:\mbam-log-2010-10-01 (08-34-37).txt
    [01/10/2010 - 08:48:04 | A | 6958] F:\hijackthis2.log
    [01/10/2010 - 09:31:02 | A | 231563] F:\Navilog1.exe
    [01/10/2010 - 09:39:50 | A | 1258] F:\cleannavi.txt
    [01/10/2010 - 10:09:18 | A | 3288193] F:\List_Killem_Install.exe
    [01/10/2010 - 11:03:34 | A | 65103] F:\List'em.txt
    [01/10/2010 - 12:10:18 | A | 9545] F:\Kill'em.txt
    [01/10/2010 - 13:55:32 | A | 1206657] F:\UsbFix.exe
    [01/10/2010 - 14:32:06 | A | 1090] F:\UsbFix.txt
    [01/10/2010 - 14:40:56 | A | 1032] F:\UsbFix2.txt
    [07/07/2010 - 16:46:58 | A | 296448] G:\Les effets de l'alcool.shs
    [07/07/2010 - 16:47:30 | A | 358400] G:\Les effets du LSD.shs
    [17/12/2004 - 16:23:22 | A | 624] G:\lmhosts
    [22/12/2004 - 10:34:24 | A | 6382179] G:\ultrabackup_ultrabackup_4.2_francais_11206.exe
    [20/06/2004 - 22:12:30 | A | 1433902] G:\UltraVNC-100-RC18-Setup.exe
    [06/11/2002 - 15:24:36 | A | 9755648] G:\AcroReader51_FRA.exe
    [01/06/2005 - 15:21:54 | A | 26105] G:\corinne.ldif
    [07/06/2005 - 12:59:40 | D ] G:\IE6
    [09/06/2005 - 07:50:38 | A | 1450045] G:\vaconsmr.exe
    [12/01/2000 - 14:44:08 | A | 34304] G:\SHUTDOWN.EXE
    [18/08/2004 - 11:21:48 | A | 73] G:\save disk E sdrdaf2.cmd
    [27/08/2004 - 15:25:12 | A | 38] G:\Shutdown.cmd
    [30/03/1999 - 19:38:22 | RA | 54544] G:\robocopy.exe
    [26/03/2004 - 14:46:12 | A | 1153414] G:\windrvghost.exe
    [13/06/2005 - 10:13:50 | A | 2978313] G:\everesthome201.exe
    [02/03/2001 - 11:00:20 | A | 2246067] G:\powarc60f.exe
    [01/10/2001 - 09:46:42 | A | 86016] G:\Dtset.exe
    [07/01/2004 - 13:02:02 | A | 860] G:\Install.txt
    [21/10/2002 - 10:16:00 | A | 12781464] G:\O2kSp3.exe
    [10/08/2005 - 09:35:18 | A | 2539520] G:\wz90fr.exe
    [09/09/2003 - 16:08:58 | A | 3015948] G:\seatools_enterprise_install.exe
    [24/08/2005 - 18:22:52 | RA | 211] G:\Install.bat
    [01/09/2005 - 14:35:42 | A | 141] G:\LDAP.txt
    [04/10/2005 - 14:01:28 | A | 153088] G:\CV_BAMBERGER_JULIEN.doc
    [04/10/2005 - 15:56:40 | A | 2502092] G:\egr0914 (M10517).crb
    [08/11/2005 - 21:44:00 | D ] G:\jpeg
    [15/11/2005 - 14:24:34 | A | 7921445] G:\srsc_53328_w2k.exe
    [17/11/2005 - 14:57:42 | A | 2800] G:\corinne.birgaentzle.p12
    [25/10/2005 - 07:08:42 | A | 7256768] G:\SkypeSetup.exe
    [22/11/2005 - 12:14:36 | N | 7317922] G:\pm7_demo.exe
    [02/12/2005 - 10:49:44 | A | 22016] G:\protection temps réel ou moniteur de base de registre.doc
    [03/01/2006 - 15:26:22 | A | 3593218] G:\Support TCPIP.doc
    [17/01/2006 - 08:34:28 | A | 19968] G:\PRUDENCE_VIE.doc
    [10/01/2006 - 09:41:48 | A | 162] G:\~$de rectorati21.doc
    [04/01/2006 - 08:18:46 | A | 20992] G:\procureur68-oct2005.doc
    [02/01/2006 - 07:35:24 | A | 55808] G:\BA0500108 note aux préfets transparence.doc
    [05/01/2006 - 15:33:46 | A | 104448] G:\ChrisGROUSSONfentretien-evaluation2005.doc
    [04/01/2006 - 08:09:04 | A | 54272] G:\CR draf-direngreppal 280405.doc
    [02/01/2006 - 07:46:20 | A | 35328] G:\constitution d'un ccc vitivinicoles Lorraine.doc
    [02/01/2006 - 07:45:56 | A | 35328] G:\constitution d'un ccc vitivinicoles Alsace.doc
    [02/01/2006 - 07:45:24 | A | 21504] G:\3C.V correspondants vitivinicoles.doc
    [02/01/2006 - 07:44:38 | A | 43008] G:\CR réunion coordination des ctl-1.doc
    [03/02/2006 - 12:15:52 | A | 19456] G:\Situation de Claude BAMBERGER.doc
    [03/02/2006 - 15:31:30 | A | 20480] G:\technicien julien.doc
    [15/02/2006 - 14:11:52 | D ] G:\util
    [04/07/2005 - 10:01:54 | A | 31157248] G:\mozinstall-1.7.8fr-map-v6.exe
    [20/12/2000 - 18:53:34 | A | 96420] G:\Win2PDF_1_10_by_DSI.zip
    [16/02/2006 - 10:55:32 | D ] G:\sp3 for office 2000
    [17/02/2006 - 10:24:06 | A | 11083] G:\bookmarks.html
    [17/02/2006 - 11:49:10 | RD ] G:\Favoris
    [08/06/2006 - 13:40:26 | D ] G:\perso1
    [18/08/2006 - 10:27:36 | A | 343320] G:\a30844.exe
    [06/09/2006 - 10:27:16 | SH | 9216] G:\Thumbs.db
    [31/10/2006 - 14:35:16 | D ] G:\perso
    [13/03/2007 - 14:44:14 | D ] G:\POLLUTION MODER
    [29/03/2007 - 17:52:08 | A | 19456] G:\EXPORT2.xls
    [02/04/2007 - 15:41:22 | A | 19456] G:\EXPORT.xls
    [05/06/2009 - 09:14:10 | A | 31324] G:\HISTORY.TXT
    [16/12/2009 - 15:06:06 | A | 880233] G:\TrueCrypt User Guide.pdf
    [16/12/2009 - 15:06:06 | A | 26012] G:\License.txt
    [16/12/2009 - 15:06:06 | A | 1369792] G:\TrueCrypt.exe
    [16/12/2009 - 15:06:06 | A | 1525952] G:\TrueCrypt Format.exe
    [16/12/2009 - 15:06:08 | A | 217664] G:\truecrypt.sys
    [16/12/2009 - 15:06:08 | A | 221376] G:\truecrypt-x64.sys
    [16/12/2009 - 14:56:44 | A | 3189144] G:\TrueCrypt Setup.exe
    [16/12/2009 - 15:16:52 | A | 409600] G:\PART_CHIF
    [18/12/2009 - 10:02:28 | D ] G:\TrueCrypt
    [18/12/2009 - 11:36:16 | AH | 0] G:\SFS68.tmp
    [15/06/2009 - 16:01:50 | A | 242443] G:\Language.fr.xml
    [11/03/2007 - 18:35:44 | A | 1256] G:\Readme.txt
    [07/07/2010 - 16:47:30 | AH | 79520] G:\SFS18.tmp

    ################## | Vaccin |

    C:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)
    D:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)
    F:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)
    G:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)

    ################## | Upload |

    Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_C840.zip
    https://www.ionos.fr/?affiliate_id=77097
    Merci de votre contribution.

    ################## | E.O.F |
    0
  16. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    > Télécharge Dr.Web CureIt sur ton Bureau :

    ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

    - Double clique <drweb-cureit.exe> et ensuite clique sur <Analyse>;
    - Clique <Ok> à l'invite de l'analyse rapide. S'il trouve des processus infectés alors clique le bouton <Oui>.
    - Lorsque le scan rapide est terminé, clique sur le menu <Options> puis <Changer la configuration> ; Choisis l'onglet <Scanner>, et décoche <Analyse heuristique>. Clique ensuite sur <Ok>.
    - De retour à la fenêtre principale : clique pour activer <Analyse complète>
    - Clique le bouton avec flèche verte sur la droite, et le scan débutera.
    - Clique <Oui> pour tout à l'invite "Désinfecter ?" lorsqu'un fichier est détecté, et ensuite clique "Désinfecter".
    - Lorsque le scan sera complété, regarde si tu peux cliquer sur l' icône, adjacente aux fichiers détectés (plusieurs feuilles l'une sur l'autres). Si oui, alors clique dessus et ensuite clique sur l'icône <Suivant>, au dessous, et choisis <Déplacer en quarantaine l'objet indésirable>.
    - Du menu principal de l'outil, au haut à gauche, clique sur le menu <Fichier> et choisis <Enregistrer le rapport>. Sauvegarde le rapport sur ton Bureau. Ce dernier se nommera DrWeb.csv
    - Ferme Dr.Web Cureit
    - Redémarre ton ordi (important car certains fichiers peuvent être déplacés/réparés au redémarrage).
    - Suite au redémarrage, poste (Copie/Colle) le contenu du rapport de Dr.Web dans ta prochaine réponse.

    içi un tuto

    https://forums.cnetfrance.fr/tutoriels-securite-informatique/179557-dr-web-cureit-le-tutoriel
    0
  17. claude54 Messages postés 15 Statut Membre
     
    RegUBP2b-claude.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Supprimé.;
    Process.exe;C:\Documents and Settings\claude\Bureau\SmitfraudFix;Tool.Killproc.3;Irréparable.Quarantaine.;
    restart.exe;C:\Documents and Settings\claude\Bureau\SmitfraudFix;Tool.ShutDown.14;Irréparable.Quarantaine.;
    Proc_end.exe;C:\Program Files\List_Kill'em;Tool.Killproc.3;Irréparable.Quarantaine.;
    Prt.exe;C:\Program Files\List_Kill'em;Program.FPort.20;Irréparable.Quarantaine.;
    Process.exe;C:\titi\SmitfraudFix;Tool.Killproc.3;Irréparable.Quarantaine.;
    restart.exe;C:\titi\SmitfraudFix;Tool.ShutDown.14;Irréparable.Quarantaine.;
    Process.exe;D:\titi\SmitfraudFix;Tool.Killproc.3;Irréparable.Quarantaine.;
    restart.exe;D:\titi\SmitfraudFix;Tool.ShutDown.14;Irréparable.Quarantaine.;
    0
  18. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    salut

    ok faux positive sa commence a allez mieux

    fait une mise a jour malwarbyte et lance un scan complet
    0
  19. claude54 Messages postés 15 Statut Membre
     
    pour info :
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Version de la base de données: 4733

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 6.0.2900.2180

    02/10/2010 12:52:05
    mbam-log-2010-10-02 (12-52-05).txt

    Type d'examen: Examen complet (C:\|D:\|F:\|)
    Elément(s) analysé(s): 292213
    Temps écoulé: 2 heure(s), 31 minute(s), 23 seconde(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    0
  20. claude54 Messages postés 15 Statut Membre
     
    Merci beaucoup pour votre disponibilité et votre diligence, même le week-end.
    Espérant que ce post puisse profiter à d'autres internautes.
    Très enrichissant, à défaut de formater le disque, solution de facilité.

    salutations.
    0
  21. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    Télécharge DelFix sur ton bureau.

    http://sd-1.archive-host.com/membres/up/17959594961240255/DelFix.exe

    Lance le, tape 2 puis valide en appuyant sur [Entrée]

    Patiente pendant le scan jusqu'à l'ouverture du rapport.

    Copie/Colle le contenu du rapport dans ta prochaine réponse.

    Note : Le rapport se trouve également sous C:\DelFixSearch
    Par Manque De Curiosité On Risque De Mourir Ignorant;Tu es libre de penser que tu es C..,
    Mais C.. de penser que ­tu es libre...Merci a australe13
    0
  • 1
  • 2