Besoin d'aide virus VBS/Generic, WIN 32 Heur Fermé

Question

Bonjour, j'ai un gros problème.  J'ai scané plusieurs fois avec AVG, avec Maleware Byte's, avec Cleaner, avec Ad-aware et avec Spybot search and destroy et j'ai toujours le virus.  Mon ordi fonctionne sans arrêt.  J'ai des fenêtres qui apparaissent à tout moment (C:windows system32  et quelque chose.exe)  et quand je vais sur internet, j'ai rarement la bonne adresse, je suis relocalisé.  J'ai déjà eu ce problème et je me souviens qu'il à fallut que je demande de l'aide sur ce site pour le corrigé.  Voici mon rapport hijack this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37:58, on 2010-10-31
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\windows\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\windows\system32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\windows\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\DELL\Bureau\HiJackThis.exe
C:\WINDOWS\system32\MsiExec.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.live.com/login.srf?id=64855&wlcxt=msnca1&lc=1033$msnca1$msnca1$msnca1&mkt=fr-ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file)
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\windows\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

Utilisateur anonyme · Answer

Bonjour

 # Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. 
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. 
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus. 


Télécharge et install UsbFix de El Desaparecido , C_XX & Chimay8
Ici :  http://www.teamxscript.org/usbfixTelechargement.html

Tutorial de Malekal_Morte si besoin, merci à lui : https://www.malekal.com/usbfix-supprimer-virus-usb/ 

 Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir 


# Double clic sur le raccourci UsbFix présent sur ton bureau. 

# Choisi   Suppression  

# Laisse travailler l outil. 

# Ensuite post le rapport UsbFix.txt qui apparaîtra. 

# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. (C:\UsbFix.txt) 

(CTRL+A Pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

@+

Aspirine · Answer

Bonjour Guillaume5188, le programme usbfix ne fonctionne pas, que faire?

Utilisateur anonyme · Answer

Re

Bizarre...
Passons à la taille supérieure;
Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe 
Ou ici : https://forospyware.com 
>Renomme le pour l'enregistrer sur ton bureau en  asdehi (tout simplement pour que l'infection ne le contre pas)
-> Double clique combofix.exe.(ou clic droit sous vista «  exécuter en tant que... » )
-> Tape sur la touche 1 (Yes) pour démarrer le scan. 
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 

NOTE : Le rapport se trouve également ici : C:\Combofix.txt 

 Avant d'utiliser ComboFix :  

->  Déconnecte toi d'Internet et referme les fenêtres de tous les programmes en cours.  

->  Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil. 

Une fois fait, sur ton bureau double-clic sur Combofix.exe ; (ou clic droit sous vista « exécuter en tant que... »)

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc. 


- Installe le console de récupération comme demandé ;utile en cas de plantage

- Attention Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programme. Risque de figer l'ordinateur 

- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire. 

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt) 

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet. 

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message. 

/!\  Ne touche à rien tant que le scan n'est pas terminé.  /!\ : risque de figer l'ordinateur (plantage complet) 


::Si combofix détecte quelque chose et de demande a redémarrer tu acceptes

@+

Aspirines · Answer

Salut!  Pour ce qui est de combofix, il ne s'exécute pas non plus.  Je suis capable de les faire marcher tout les 2 en mode sans échec. j'ai redémarré mon ordi sans avg à partir de msconfig, je l'ai décoché.  Il parait que ad-aware et avg fonctionne tout les 2 quand même et ce malgré que j'ai arrêter les processus à partir du gestionnaire des tâches. Donc je n'ai pas fait le combofix car il me dit que ca peut être dangereux , dois-je le faire quand-même?  Voici le usbfix (en mode sans échec:
############################## | UsbFix 7.034 | [Suppression]

Utilisateur: DELL (Administrateur) # ORDI-F1D106D0BE [ ]
Mis à jour le 25/10/10 par El Desaparecido / C_XX
Lancé à 12:05:10 | 31/10/2010
Site Web: http://www.teamxscript.org
Contact: eldesaparecido@teamxscript.org

CPU:  Intel(R) Pentium(R) 4 CPU 3.20GHz
Microsoft Windows XP Professionnel (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 8.0.6001.18702

Pare-feu Windows: Désactivé /!\
Antivirus: AVG Internet Security 9.0 [Enabled | Updated]
Antivirus: Lavasoft Ad-Watch Live! AntiVirus  [Enabled | Updated]
Firewall: AVG Firewall 9.0 [Enabled]
RAM -> 3070 Mo 
C:\ (%systemdrive%) -> Disque fixe # 37 Go (6 Go libre(s) - 16%) [] # NTFS
D:\ -> Disque fixe # 37 Go (6 Go libre(s) - 15%) [] # NTFS
E:\ -> CD-ROM
F:\ -> Disque amovible # 2 Go (2 Go libre(s) - 92%) [] # FAT

################## | Éléments infectieux |


Supprimé! C:\Recycler\S-1-5-21-1993962763-507921405-1801674531-1003
Supprimé! C:\Recycler\S-1-5-21-1993962763-507921405-1801674531-500
Supprimé! D:\Recycler\S-1-5-21-1993962763-507921405-1801674531-1003
Supprimé! D:\Recycler\S-1-5-21-1993962763-507921405-1801674531-500

################## | Registre |


################## | Mountpoints2 |


################## | Listing |

[04/05/2010 - 19:20:25 | D ] 	C:\$AVG
[31/10/2010 - 23:34:11 | D ] 	C:\32788R22FWJFW
[31/10/2010 - 12:03:48 | N | 7388] 	C:\aaw7boot.log
[30/10/2010 - 15:00:07 | D ] 	C:\bak11B.tmp
[30/10/2010 - 15:00:08 | D ] 	C:\bak11C.tmp
[30/10/2010 - 15:00:08 | D ] 	C:\bak11D.tmp
[30/10/2010 - 15:00:09 | D ] 	C:\bak11E.tmp
[30/10/2010 - 15:00:10 | D ] 	C:\bak11F.tmp
[30/10/2010 - 15:00:10 | D ] 	C:\bak120.tmp
[30/10/2010 - 15:00:11 | D ] 	C:\bak121.tmp
[30/10/2010 - 15:00:12 | D ] 	C:\bak122.tmp
[30/10/2010 - 15:00:17 | D ] 	C:\bak123.tmp
[30/10/2010 - 15:00:18 | D ] 	C:\bak124.tmp
[30/10/2010 - 15:00:19 | D ] 	C:\bak125.tmp
[30/10/2010 - 15:00:19 | D ] 	C:\bak126.tmp
[30/10/2010 - 15:00:23 | D ] 	C:\bak127.tmp
[30/10/2010 - 15:00:23 | D ] 	C:\bak128.tmp
[30/10/2010 - 15:00:26 | D ] 	C:\bak129.tmp
[30/10/2010 - 15:00:27 | D ] 	C:\bak12A.tmp
[30/10/2010 - 15:00:27 | D ] 	C:\bak12B.tmp
[30/10/2010 - 15:00:28 | D ] 	C:\bak12C.tmp
[30/10/2010 - 15:00:29 | D ] 	C:\bak12D.tmp
[30/10/2010 - 15:00:30 | D ] 	C:\bak12E.tmp
[30/10/2010 - 15:00:30 | D ] 	C:\bak12F.tmp
[30/10/2010 - 15:00:31 | D ] 	C:\bak130.tmp
[30/10/2010 - 15:00:32 | D ] 	C:\bak131.tmp
[30/10/2010 - 15:00:32 | D ] 	C:\bak132.tmp
[30/10/2010 - 15:00:33 | D ] 	C:\bak133.tmp
[30/10/2010 - 15:00:34 | D ] 	C:\bak134.tmp
[30/10/2010 - 15:00:35 | D ] 	C:\bak135.tmp
[30/10/2010 - 15:00:35 | D ] 	C:\bak136.tmp
[30/10/2010 - 15:00:36 | D ] 	C:\bak137.tmp
[30/10/2010 - 15:00:37 | D ] 	C:\bak138.tmp
[30/10/2010 - 15:00:37 | D ] 	C:\bak139.tmp
[30/10/2010 - 15:00:38 | D ] 	C:\bak13A.tmp
[30/10/2010 - 15:00:39 | D ] 	C:\bak13B.tmp
[30/10/2010 - 15:00:40 | D ] 	C:\bak13C.tmp
[30/10/2010 - 15:01:02 | D ] 	C:\bak14F.tmp
[30/10/2010 - 15:01:03 | D ] 	C:\bak150.tmp
[30/10/2010 - 15:01:07 | D ] 	C:\bak155.tmp
[30/10/2010 - 02:02:40 | D ] 	C:\bak175.tmp
[30/10/2010 - 02:02:41 | D ] 	C:\bak176.tmp
[30/10/2010 - 02:02:42 | D ] 	C:\bak177.tmp
[30/10/2010 - 02:02:42 | D ] 	C:\bak178.tmp
[30/10/2010 - 02:02:43 | D ] 	C:\bak179.tmp
[30/10/2010 - 02:02:44 | D ] 	C:\bak17A.tmp
[30/10/2010 - 02:02:44 | D ] 	C:\bak17B.tmp
[30/10/2010 - 02:02:45 | D ] 	C:\bak17C.tmp
[30/10/2010 - 02:02:51 | D ] 	C:\bak17D.tmp
[30/10/2010 - 02:02:51 | D ] 	C:\bak17E.tmp
[30/10/2010 - 02:02:52 | D ] 	C:\bak17F.tmp
[30/10/2010 - 02:02:53 | D ] 	C:\bak180.tmp
[30/10/2010 - 02:02:56 | D ] 	C:\bak181.tmp
[30/10/2010 - 02:02:56 | D ] 	C:\bak182.tmp
[30/10/2010 - 02:02:59 | D ] 	C:\bak183.tmp
[30/10/2010 - 02:03:00 | D ] 	C:\bak184.tmp
[30/10/2010 - 02:03:00 | D ] 	C:\bak185.tmp
[30/10/2010 - 02:03:01 | D ] 	C:\bak186.tmp
[30/10/2010 - 02:03:02 | D ] 	C:\bak187.tmp
[30/10/2010 - 02:03:02 | D ] 	C:\bak188.tmp
[30/10/2010 - 02:03:03 | D ] 	C:\bak189.tmp
[30/10/2010 - 02:03:03 | D ] 	C:\bak18A.tmp
[30/10/2010 - 02:03:04 | D ] 	C:\bak18B.tmp
[30/10/2010 - 02:03:05 | D ] 	C:\bak18C.tmp
[30/10/2010 - 02:03:06 | D ] 	C:\bak18D.tmp
[30/10/2010 - 02:03:07 | D ] 	C:\bak18E.tmp
[30/10/2010 - 02:03:07 | D ] 	C:\bak18F.tmp
[30/10/2010 - 02:03:08 | D ] 	C:\bak190.tmp
[30/10/2010 - 02:03:09 | D ] 	C:\bak191.tmp
[30/10/2010 - 02:03:09 | D ] 	C:\bak192.tmp
[30/10/2010 - 02:03:10 | D ] 	C:\bak193.tmp
[30/10/2010 - 02:03:11 | D ] 	C:\bak194.tmp
[30/10/2010 - 02:03:11 | D ] 	C:\bak195.tmp
[30/10/2010 - 02:03:13 | D ] 	C:\bak196.tmp
[30/10/2010 - 02:03:32 | D ] 	C:\bak1A9.tmp
[30/10/2010 - 02:03:32 | D ] 	C:\bak1AA.tmp
[30/10/2010 - 02:03:36 | D ] 	C:\bak1AF.tmp
[30/10/2010 - 02:03:42 | D ] 	C:\bak1B6.tmp
[30/10/2010 - 02:03:44 | D ] 	C:\bak1B7.tmp
[30/10/2010 - 02:03:51 | D ] 	C:\bak1B9.tmp
[29/10/2010 - 18:48:56 | D ] 	C:\bak3B.tmp
[29/10/2010 - 18:48:57 | D ] 	C:\bak3C.tmp
[29/10/2010 - 18:48:57 | D ] 	C:\bak3D.tmp
[29/10/2010 - 18:48:58 | D ] 	C:\bak3E.tmp
[29/10/2010 - 18:48:59 | D ] 	C:\bak3F.tmp
[29/10/2010 - 18:48:59 | D ] 	C:\bak40.tmp
[29/10/2010 - 18:49:00 | D ] 	C:\bak41.tmp
[29/10/2010 - 18:49:01 | D ] 	C:\bak42.tmp
[29/10/2010 - 18:49:06 | D ] 	C:\bak43.tmp
[29/10/2010 - 18:49:07 | D ] 	C:\bak44.tmp
[29/10/2010 - 18:49:07 | D ] 	C:\bak45.tmp
[29/10/2010 - 18:49:08 | D ] 	C:\bak46.tmp
[29/10/2010 - 18:49:11 | D ] 	C:\bak47.tmp
[29/10/2010 - 18:49:12 | D ] 	C:\bak48.tmp
[29/10/2010 - 18:49:26 | D ] 	C:\bak49.tmp
[29/10/2010 - 18:49:26 | D ] 	C:\bak4C.tmp
[29/10/2010 - 18:49:27 | D ] 	C:\bak4D.tmp
[29/10/2010 - 18:49:28 | D ] 	C:\bak4E.tmp
[29/10/2010 - 18:49:28 | D ] 	C:\bak4F.tmp
[29/10/2010 - 18:49:29 | D ] 	C:\bak50.tmp
[29/10/2010 - 18:49:30 | D ] 	C:\bak51.tmp
[29/10/2010 - 18:49:30 | D ] 	C:\bak52.tmp
[29/10/2010 - 18:49:31 | D ] 	C:\bak53.tmp
[29/10/2010 - 18:49:32 | D ] 	C:\bak54.tmp
[29/10/2010 - 18:49:33 | D ] 	C:\bak55.tmp
[29/10/2010 - 18:49:33 | D ] 	C:\bak56.tmp
[29/10/2010 - 18:49:34 | D ] 	C:\bak57.tmp
[29/10/2010 - 18:49:35 | D ] 	C:\bak58.tmp
[29/10/2010 - 18:49:36 | D ] 	C:\bak59.tmp
[29/10/2010 - 18:49:36 | D ] 	C:\bak5A.tmp
[29/10/2010 - 18:49:37 | D ] 	C:\bak5B.tmp
[29/10/2010 - 18:49:38 | D ] 	C:\bak5C.tmp
[29/10/2010 - 18:49:38 | D ] 	C:\bak5D.tmp
[29/10/2010 - 18:49:39 | D ] 	C:\bak5E.tmp
[29/10/2010 - 18:49:58 | D ] 	C:\bak71.tmp
[29/10/2010 - 18:49:58 | D ] 	C:\bak72.tmp
[29/10/2010 - 18:50:02 | D ] 	C:\bak77.tmp
[29/10/2010 - 18:50:08 | D ] 	C:\bak7E.tmp
[29/10/2010 - 18:50:09 | D ] 	C:\bak7F.tmp
[29/10/2010 - 18:50:17 | D ] 	C:\bak81.tmp
[29/10/2010 - 18:50:32 | D ] 	C:\bak82.tmp
[29/10/2010 - 18:50:33 | D ] 	C:\bak83.tmp
[31/10/2010 - 12:02:29 | N | 23922103] 	C:\BESR2010PatchLog.txt
[30/10/2010 - 08:38:45 | N | 34644] 	C:\bootex.log
[29/10/2010 - 15:51:38 | N | 910] 	C:\cleannavi.txt
[28/10/2010 - 14:01:47 | D ] 	C:\Config.Msi
[07/04/2009 - 13:40:47 | D ] 	C:\dell
[25/10/2010 - 18:54:59 | D ] 	C:\Documents and Settings
[30/10/2010 - 15:46:27 | D ] 	C:\found.000
[21/08/2010 - 20:36:15 | D ] 	C:\Galleries
[07/04/2009 - 12:40:39 | N | 0] 	C:\IO.SYS
[06/01/2010 - 15:21:23 | N | 5381] 	C:\LGSInst.Log
[01/10/2009 - 18:50:26 | N | 34522346] 	C:\log_fs.log
[15/05/2010 - 07:33:53 | N | 127] 	C:\mbam-error.txt
[26/08/2010 - 07:04:30 | N | 24188] 	C:\MP4debug.log
[07/04/2009 - 12:40:39 | N | 0] 	C:\MSDOS.SYS
[29/10/2010 - 15:51:38 | D ] 	C:\Navilog1
[13/04/2008 - 09:43:04 | N | 47564] 	C:\NTDETECT.COM
[13/04/2008 - 11:31:52 | N | 252240] 	C:
tldr
[31/10/2010 - 12:03:50 | ASH | 1598029824] 	C:\pagefile.sys
[27/10/2010 - 21:15:19 | D ] 	C:\Program Files
[30/10/2010 - 15:19:45 | D ] 	C:\Qoobox
[27/10/2010 - 21:20:37 | N | 4820] 	C:apport.txt
[31/10/2010 - 12:07:54 | SHD ] 	C:\RECYCLER
[29/10/2010 - 06:47:49 | SHD ] 	C:\System Volume Information
[19/09/2010 - 11:01:55 | N | 218] 	C:	8101.le
[31/10/2010 - 12:07:54 | D ] 	C:\UsbFix
[31/10/2010 - 12:07:54 | A | 1221] 	C:\UsbFix.txt
[25/10/2010 - 14:53:45 | N | 4096] 	C:\VSNAP.IDX
[30/10/2010 - 10:08:56 | D ] 	C:\WINDOWS
[04/05/2010 - 19:20:26 | D ] 	D:\$AVG
[30/10/2010 - 17:54:55 | D ] 	D:\Lara Croft and the Guardian of Light
[22/10/2010 - 18:30:41 | D ] 	D:\Nouveau dossier
[31/10/2010 - 12:07:54 | SHD ] 	D:\RECYCLER
[29/10/2010 - 06:47:49 | SHD ] 	D:\System Volume Information
[31/10/2010 - 09:23:20 | D ] 	D:	orrent
[25/10/2010 - 14:28:25 | D ] 	D:\VLC
[21/10/2010 - 21:26:33 | D ] 	D:\VProRecovery

################## | Vaccin |

C:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)
D:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)

################## | Upload |

Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_ORDI-F1D106D0BE.zip
http://www.teamxscript.org/Sample/Upload.php
Merci de votre contribution.

################## | E.O.F |


Merci!

Utilisateur anonyme · Answer

Merci de répondre à la suite. 
Donc ,ce qui veut dire les deux rapports si disponibles.


@+ 
---------Contributeur Sécurité--------- 
On a tous été un jour débutant dans quelque chose. 
Mais le savoir est la récompense de l'assiduité.

Aspirine · Answer

J'ai du le redémarré après 2h d'attente, voici le combofix:

ComboFix 10-10-30.09 - DELL 2010-10-31  14:51:46.2.1 - x86 NETWORK
Microsoft Windows XP Professionnel  5.1.2600.3.1252.2.1036.18.3070.2649 [GMT -4:00]
Lancé depuis: c:\documents and settings\DELL\Bureau\hgf.exe
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! AntiVirus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Exécution préalable -------
.
c:\documents and settings\DELL\Application Data\inst.exe
c:\documents and settings\DELL\Local Settings\Application Data\{8CA12152-3AF1-47D5-B83A-DA04D68E9A7C}\chrome.manifest
c:\documents and settings\DELL\Local Settings\Application Data\{8CA12152-3AF1-47D5-B83A-DA04D68E9A7C}\chrome\content\_cfg.js
c:\documents and settings\DELL\Local Settings\Application Data\{8CA12152-3AF1-47D5-B83A-DA04D68E9A7C}\chrome\content\overlay.xul
c:\documents and settings\DELL\Local Settings\Application Data\{8CA12152-3AF1-47D5-B83A-DA04D68E9A7C}\install.rdf
c:\program files\HTV\akv.cfg
c:\program files\HTV\HTV.001
c:\program files\HTV\HTV.002
c:\program files\HTV\HTV.005
c:\program files\HTV\HTV.009
c:\windows\system32\configure.exe
c:\windows\system32\dmlconf.dat
c:\windows\system32\dumphive.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\system
c:\windows\system32	mp.reg
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\winhelp.ini

-- Exécution préalable --

c:\windows\explorer.exe . . . est infecté!!

c:\windows\explorer.exe . . . est infecté!!

c:\windows\system32\winlogon.exe . . . est infecté!!

--------

c:\windows\explorer.exe . . . est infecté!!

c:\windows\system32\winlogon.exe . . . est infecté!!

.
(((((((((((((((((((((((((((((((((((((((   Pilotes/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


(((((((((((((((((((((((((((((   Fichiers créés du 2010-09-28 au 2010-10-31  ))))))))))))))))))))))))))))))))))))
.

2010-10-31 15:01 . 2010-10-31 16:08	--------	d-----w-	C:\UsbFix
2010-10-31 14:52 . 2010-10-31 15:51	--------	d-----w-	c:\documents and settings\All Users\Application Data\open-config
2010-10-30 19:46 . 2010-10-30 19:46	--------	d-----w-	C:\found.000
2010-10-30 19:01 . 2010-10-30 19:01	--------	d-----w-	C:\bak155.tmp
2010-10-30 19:01 . 2010-10-30 19:01	--------	d-----w-	C:\bak150.tmp
2010-10-30 19:01 . 2010-10-30 19:01	--------	d-----w-	C:\bak14F.tmp
2010-10-30 06:03 . 2010-10-30 06:03	--------	d-----w-	C:\bak1B9.tmp
2010-10-30 06:02 . 2010-10-30 06:02	--------	d-----w-	C:\bak183.tmp
2010-10-29 22:50 . 2010-10-29 22:50	--------	d-----w-	C:\bak83.tmp
2010-10-29 22:50 . 2010-10-29 22:50	--------	d-----w-	C:\bak82.tmp
2010-10-29 22:50 . 2010-10-29 22:50	--------	d-----w-	C:\bak81.tmp
2010-10-29 22:50 . 2010-10-29 22:50	--------	d-----w-	C:\bak7F.tmp
2010-10-29 22:50 . 2010-10-29 22:50	--------	d-----w-	C:\bak7E.tmp
2010-10-29 22:50 . 2010-10-29 22:50	--------	d-----w-	C:\bak77.tmp
2010-10-29 22:48 . 2010-10-29 22:48	--------	d-----w-	C:\bak40.tmp
2010-10-29 22:48 . 2010-10-29 22:48	--------	d-----w-	C:\bak3F.tmp
2010-10-29 22:48 . 2010-10-29 22:48	--------	d-----w-	C:\bak3E.tmp
2010-10-29 22:48 . 2010-10-29 22:48	--------	d-----w-	C:\bak3D.tmp
2010-10-29 22:48 . 2010-10-29 22:48	--------	d-----w-	C:\bak3C.tmp
2010-10-29 22:48 . 2010-10-29 22:48	--------	d-----w-	C:\bak3B.tmp
2010-10-29 22:48 . 2010-10-29 22:48	56832	----a-w-	c:\program files\Outlook Express\msimnSrv.exe
2010-10-28 01:15 . 2010-10-29 19:50	--------	d-----w-	c:\program files\Navilog1
2010-10-26 14:22 . 2010-10-29 19:51	--------	d-----w-	C:\Navilog1
2010-10-26 04:06 . 2010-10-26 03:37	15688	----a-w-	c:\windows\system32\lsdelete.exe
2010-10-26 03:37 . 2010-10-26 03:36	64160	----a-w-	c:\windows\system32\drivers\Lbd.sys
2010-10-26 03:34 . 2010-10-26 03:34	--------	dc-h--w-	c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2010-10-26 03:33 . 2010-10-26 03:37	--------	d-----w-	c:\documents and settings\All Users\Application Data\Lavasoft
2010-10-26 03:33 . 2010-10-26 03:33	--------	d-----w-	c:\program files\Lavasoft
2010-10-26 03:08 . 2010-10-26 03:45	--------	d-----w-	c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-10-26 03:08 . 2010-10-26 03:12	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2010-10-25 23:50 . 2010-10-30 03:52	--------	d-----w-	c:\program files	mp
2010-10-25 22:54 . 2010-10-25 22:55	--------	d-----w-	c:\documents and settings\Administrateur
2010-10-25 18:33 . 2010-10-27 17:10	--------	d-----w-	c:\documents and settings\DELL\Application Data\vlc
2010-10-10 15:11 . 2010-10-10 15:11	--------	d-----w-	c:\program files\Fichiers communs\Adobe
2010-10-02 12:54 . 2010-10-02 12:54	--------	d-----w-	c:\documents and settings\DELL\Local Settings\Application Data\SKIDROW

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-31 16:08 . 2010-10-31 16:08	55210811	----a-w-	C:\UsbFix_Upload_Me_ORDI-F1D106D0BE.zip
2010-09-18 16:23 . 2007-04-03 00:14	974848	----a-w-	c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-04-13 23:33	974848	----a-w-	c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-04-13 23:33	953856	----a-w-	c:\windows\system32\mfc40u.dll
2010-09-18 06:53 . 2006-03-02 12:00	954368	----a-w-	c:\windows\system32\mfc40.dll
2010-09-10 05:50 . 2008-04-13 23:33	916480	----a-w-	c:\windows\system32\wininet.dll
2010-09-10 05:50 . 2008-04-13 23:34	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2010-09-10 05:50 . 2008-04-13 23:33	43520	----a-w-	c:\windows\system32\licmgr10.dll
2010-09-01 11:51 . 2008-04-13 23:31	285824	----a-w-	c:\windows\system32\atmfd.dll
2010-09-01 07:55 . 2008-04-13 22:58	1852928	----a-w-	c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2008-04-13 23:33	119808	----a-w-	c:\windows\system32	2embed.dll
2010-08-27 05:58 . 2008-04-13 23:33	99840	----a-w-	c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 11:25	5632	----a-w-	c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2008-04-13 16:15	357248	----a-w-	c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2008-04-13 23:33	617472	----a-w-	c:\windows\system32\comctl32.dll
2010-08-20 02:57 . 2010-08-20 02:32	137	---ha-w-	c:\documents and settings\DELL\Application Data\lakerda1967.sys
2010-08-20 02:32 . 2010-08-20 02:32	360580	----a-w-	c:\windows\eSellerateEngine.dll
2010-08-17 13:17 . 2008-04-13 23:34	58880	----a-w-	c:\windows\system32\spoolsv.exe
2010-08-16 08:44 . 2008-04-13 23:33	590848	----a-w-	c:\windows\system32pcrt4.dll
2010-08-15 16:35 . 2010-08-15 16:35	26	----a-w-	c:\windows\winstart.bat
2010-08-15 16:35 . 2010-08-15 16:35	123	----a-w-	c:\windows	mpcpyis.bat
2010-08-15 16:35 . 2010-08-15 16:35	122	----a-w-	c:\windows	mpdelis.bat
.

------- Sigcheck -------

[-] 2008-04-13 . 11B7E8227C3EC35096B44C943C3EDBC3 . 512000 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2008-04-13 . 11B7E8227C3EC35096B44C943C3EDBC3 . 512000 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\explorer.exe
[-] 2008-04-13 . CF2ABC4B499C47764B23CCC34EA418DA . 1037824 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\avgrsstarter]
2010-06-22 20:36	12536	----a-w-	c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2010-10-26 03:35	524632	----a-w-	c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 08:47	35760	----a-w-	c:\program files\Adobe\Reader 9.0\Readereader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2010-09-29 21:05	2067808	----a-w-	c:\progra~1\AVG\AVG9\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherEye]
2009-10-27 01:42	718232	----a-w-	c:\documents and settings\DELL\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RichVideo"=2 (0x2)
"ASKUpgrade"=2 (0x2)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"%windir%\system32\sessmgr.exe"=
"c:\WINDOWS\system32\dpvsetup.exe"=
"c:\Program Files\Messenger\msmsgs.exe"=
"c:\Program Files\Mozilla Firefox\firefox.exe"=
"c:\Program Files\Fichiers communs\Ahead\Nero Web\SetupX.exe"=
"c:\Program Files\Java\jre6\bin\java.exe"=
"c:\Program Files\uTorrent\uTorrent.exe"=
"c:\Program Files\Windows Live\Messenger\wlcsdk.exe"=
"c:\Program Files\Windows Live\Messenger\msnmsgr.exe"=
"d:\VLC\vlc.exe"=
"c:\Program Files\AVG\AVG9\avgam.exe"=
"c:\Program Files\AVG\AVG9\avgdiagex.exe"=
"c:\Program Files\AVG\AVG9\avgupd.exe"=
"c:\Program Files\AVG\AVG9\avgnsx.exe"=
"c:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"=
"c:\Program Files\iTunes\iTunes.exe"=

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2010-05-04 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-05-04 52872]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-10-25 64160]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-04-07 243024]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 1029456]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-05-04 30104]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-04-07 216400]
S1 MpKsl0c6325d8;MpKsl0c6325d8;\??\c:\windows\system32\MpEngineStore\MpKsl0c6325d8.sys --> c:\windows\system32\MpEngineStore\MpKsl0c6325d8.sys [?]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-06-22 308136]
S2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [2010-06-22 2331544]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-06-22 5897808]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2009-07-27 16512]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-05-04 30104]
S3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [2010-05-04 122448]
S3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [2010-05-04 30288]
S3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [2010-05-04 26192]
S3 Belkin700F;Belkin Wireless G Desktop Card Service v7;c:\windows\system32\drivers\BLKWGDv7.sys [2009-05-12 303616]
S3 ES1370;Creative AudioPCI (ES1370), SB PCI 64/128 (WDM);c:\windows\system32\drivers\es1370mp.sys [2009-06-19 37120]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys --> c:\windows\system32\DRIVERS\GenericMount.sys [?]
S3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2008-04-13 5120]
.
Contenu du dossier 'Tâches planifiées'

2010-10-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 03:35]

2010-10-31 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]
.
.
------- Examen supplémentaire -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\DELL\Application Data\Mozilla\Firefox\Profiles\giugaa3j.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://co117w.col117.mail.live.com/default.aspx?wa=wsignin1.0
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13917&gct=&gc=1&q=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player
pdivx32.dll
FF - plugin: d:\vlc
pvlc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true);  // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true);  // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHELINS SUPPRIMES - - - -

Toolbar-Locked - (no file)
AddRemove-Magic ISO Maker v5.5 (build 0274) - c:\progra~1\MagicISO\UNWISE.EXE
AddRemove-WinRAR archiver - c:\program files\WinRAR\uninstall.exe
AddRemove-{AAFD160A-2333-40D8-AA25-42D1989CA0F2} - c:\program files\InstallShield Installation Information\{AAFD160A-2333-40D8-AA25-42D1989CA0F2}\setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-31 14:56
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ... 

Recherche d'éléments en démarrage automatique cachés ... 

Recherche de fichiers cachés ... 

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1993962763-507921405-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:cf,0c,80,30,7b,56,59,3a,4f,6f,8f,ef,f3,ae,75,ef,41,46,fb,2f,54,
   4b,bb,69,77,03,a2,25,cd,6c,b6,a1,c9,cd,25,07,87,d4,0b,15,6e,c4,66,aa,43,fb,\
"rkeysecu"=hex:1a,ab,72,9c,cc,a2,a1,10,ad,85,a1,51,65,2f,74,ad

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€-€|ÿÿÿÿÀ*€|ù*9~*]
"C040110900063D11C8EF10054038389C"="C?\windows\system32\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(868)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2010-10-31  14:58:40
ComboFix-quarantined-files.txt  2010-10-31 18:58

Avant-CF: 6 372 397 056 octets libres
Après-CF: 6 399 029 248 octets libres

- - End Of File - - DE843320218FC2E269DCE290E1B4D7D3

Utilisateur anonyme · Answer

Re

Ok; Même pas peur,mais quel effort pour se ramasser ces merdes.

Cherchons des fichier légitimes;sinon formatage:

Télécharge SEAF.exe de C_XX a cette adresse :
https://www.androidworld.fr/

*Double clique sur SEAF.exe ("exécuter en tant qu'administrateur pour vista ou seven) .

*Une fenêtre  va s'ouvrir.

Dans les options, règle "Calculer le checksum" sur "MD5" puis coche "Informations supplémentaires" et "Chercher également dans le Registre".

*Tape :   explorer.exe;winlogon.exe

Il y a un point virgule entre chaque terme.
 et ensuite du clique sur le bouton "Lancer la recherche" .

*Patiente pendant la recherche.

*Une fenêtre avec un log .txt va s'afficher.

*Copie/colle ce rapport dans ta prochaine réponse.


@+

Aspirine · Answer

Tout un virus hein!  voici le rapport:

1. ========================= SEAF 1.0.1.0 - C_XX
2. 
3. Commencé à: 15:40:10 le 31/10/2010
4. 
5. Valeur(s) recherchée(s):
6. explorer.exe
7. winlogon.exe
8. 
9. Légende: TC => Date de création, TM => Date de modification, DA => Dernier accès
10. 
11. (!) --- Calcul du Hash "MD5"
12. (!) --- Informations supplémentaires
13. (!) --- Recherche registre
14. 
15. ====== Fichier(s) ======
16. 
17. 
18. "C:\Documents and Settings\All Users\Application Data\avg9\IDS\profile\C__WINDOWS_EXPLORER.EXE.ndb" [ ARCHIVE | 238 o ]
19. TC: 20/08/2010,18:41:59 | TM: 21/08/2010,21:14:40 | DA: 18/09/2010,17:58:59
20. 
21. Hash MD5: 7542BC22B6BC41C900C2256CECE6140F
22. 
23. 
24. =========================
25. 
26. 
27. "C:\Documents and Settings\All Users\Application Data\avg9\IDS\profile\C__WINDOWS_EXPLORER.EXE.ndb_ndb.bak" [ ARCHIVE | 130 o ]
28. TC: 20/08/2010,18:41:59 | TM: 20/08/2010,18:41:59 | DA: 18/09/2010,17:58:59
29. 
30. Hash MD5: 4215BAD7221161C4C8AF35429E042E1C
31. 
32. 
33. =========================
34. 
35. 
36. "C:\WINDOWS\explorer.exe" [ ARCHIVE | 1038 Ko ]
37. TC: 13/04/2008,19:34:04 | TM: 13/04/2008,19:34:04 | DA: 23/09/2010,18:07:45
38. 
39. Hash MD5: CF2ABC4B499C47764B23CCC34EA418DA
40. 
41. CompanyName: Microsoft Corporation
42. ProductName: Système d'exploitation Microsoft® Windows®
43. InternalName: explorer
44. OriginalFileName: EXPLORER.EXE
45. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
46. ProductVersion: 6.00.2900.5512
47. FileVersion: 6.00.2900.5512 (xpsp.080413-2105)
48. 
49. =========================
50. 
51. 
52. "C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf" [ NOT_CONTENT_INDEXED|ARCHIVE | 91 Ko ]
53. TC: 28/10/2010,11:57:53 | TM: 31/10/2010,11:53:35 | DA: 28/10/2010,11:57:53
54. 
55. Hash MD5: D3696C9D86A03D9C107BA9AA8CFDFD2E
56. 
57. 
58. =========================
59. 
60. 
61. "C:\WINDOWS\system32\dllcache\explorer.exe" [ ARCHIVE | 512 Ko ]
62. TC: 13/04/2008,19:34:30 | TM: 13/04/2008,19:34:30 | DA: 19/09/2010,12:40:38
63. 
64. Hash MD5: 11B7E8227C3EC35096B44C943C3EDBC3
65. 
66. CompanyName: Microsoft Corporation
67. ProductName: Système d'exploitation Microsoft® Windows®
68. InternalName: winlogon
69. OriginalFileName: WINLOGON.EXE
70. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
71. ProductVersion: 5.1.2600.5512
72. FileVersion: 5.1.2600.5512 (xpsp.080413-2113)
73. 
74. =========================
75. 
76. 
77. "C:\WINDOWS\system32\winlogon.exe" [ ARCHIVE | 512 Ko ]
78. TC: 13/04/2008,19:34:30 | TM: 13/04/2008,19:34:30 | DA: 23/09/2010,18:06:42
79. 
80. Hash MD5: 11B7E8227C3EC35096B44C943C3EDBC3
81. 
82. CompanyName: Microsoft Corporation
83. ProductName: Système d'exploitation Microsoft® Windows®
84. InternalName: winlogon
85. OriginalFileName: WINLOGON.EXE
86. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
87. ProductVersion: 5.1.2600.5512
88. FileVersion: 5.1.2600.5512 (xpsp.080413-2113)
89. 
90. =========================
91. 
92. 
93. 
94. ====== Entrée(s) du registre ======
95. 
96. 
97. [HKLM\Software\Classes\Applications\explorer.exe]
98. DA: 31/10/2010 14:57:11
99. 
100. [HKLM\Software\Classes\Briefcase\shell\open\command]
101. ""="explorer.exe %1" (REG_SZ)
102. 
103. [HKLM\Software\Classes\CLSID\{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}\shell\explore\command]
104. ""="%SystemRoot%\Explorer.exe /e,/idlist,%I,%L" (REG_EXPAND_SZ)
105. 
106. [HKLM\Software\Classes\CLSID\{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}\shell\find\command]
107. ""="%SystemRoot%\Explorer.exe" (REG_EXPAND_SZ)
108. 
109. [HKLM\Software\Classes\CLSID\{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}\shell\open\command]
110. ""="%SystemRoot%\Explorer.exe /idlist,%I,%L" (REG_EXPAND_SZ)
111. 
112. [HKLM\Software\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\shell\find\command]
113. ""="%SystemRoot%\Explorer.exe" (REG_EXPAND_SZ)
114. 
115. [HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\DefaultIcon]
116. ""="%SystemRoot%\Explorer.exe,0" (REG_EXPAND_SZ)
117. 
118. [HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\find\command]
119. ""="%SystemRoot%\Explorer.exe" (REG_EXPAND_SZ)
120. 
121. [HKLM\Software\Classes\CLSID\{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}]
122. "LocalizedString"="@explorer.exe,-7020" (REG_SZ)
123. 
124. [HKLM\Software\Classes\CLSID\{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}]
125. "InfoTip"="@explorer.exe,-7000" (REG_SZ)
126. 
127. [HKLM\Software\Classes\CLSID\{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}]
128. "LocalizedString"="@explorer.exe,-7021" (REG_SZ)
129. 
130. [HKLM\Software\Classes\CLSID\{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}]
131. "InfoTip"="@explorer.exe,-7001" (REG_SZ)
132. 
133. [HKLM\Software\Classes\CLSID\{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}]
134. "LocalizedString"="@explorer.exe,-7022" (REG_SZ)
135. 
136. [HKLM\Software\Classes\CLSID\{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}]
137. "LocalizedString"="@explorer.exe,-7023" (REG_SZ)
138. 
139. [HKLM\Software\Classes\CLSID\{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}]
140. "InfoTip"="@explorer.exe,-7003" (REG_SZ)
141. 
142. [HKLM\Software\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}]
143. "LocalizedString"="@explorer.exe,-7024" (REG_SZ)
144. 
145. [HKLM\Software\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}]
146. "InfoTip"="@explorer.exe,-7004" (REG_SZ)
147. 
148. [HKLM\Software\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\DefaultIcon]
149. ""="%SystemRoot%\explorer.exe,-253" (REG_EXPAND_SZ)
150. 
151. [HKLM\Software\Classes\CLSID\{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}]
152. "LocalizedString"="@explorer.exe,-7025" (REG_SZ)
153. 
154. [HKLM\Software\Classes\CLSID\{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}]
155. "InfoTip"="@explorer.exe,-7005" (REG_SZ)
156. 
157. [HKLM\Software\Classes\CLSID\{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}\DefaultIcon]
158. ""="%SystemRoot%\explorer.exe,-254" (REG_EXPAND_SZ)
159. 
160. [HKLM\Software\Classes\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\shell\find\command]
161. ""="%SystemRoot%\Explorer.exe" (REG_EXPAND_SZ)
162. 
163. [HKLM\Software\Classes\CLSID\{48e7caab-b918-4e58-a94d-505519c795dc}\shell\open\command]
164. ""="%SystemRoot%\Explorer.exe /idlist,%I,%L" (REG_EXPAND_SZ)
165. 
166. [HKLM\Software\Classes\CLSID\{7be9d83c-a729-4d97-b5a7-1b7313c39e0a}\shell\open\command]
167. ""="%SystemRoot%\Explorer.exe /idlist,%I,%L" (REG_EXPAND_SZ)
168. 
169. [HKLM\Software\Classes\CLSID\{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}\DefaultIcon]
170. ""="C:\WINDOWS\explorer.exe,-103" (REG_SZ)
171. 
172. [HKLM\Software\Classes\CLSID\{E211B736-43FD-11D1-9EFB-0000F8757FCD}\AllDevices\shell\explore\command]
173. ""="Explorer.exe /e,/idlist,%I,/L" (REG_SZ)
174. 
175. [HKLM\Software\Classes\CLSID\{E211B736-43FD-11D1-9EFB-0000F8757FCD}\AllDevices\shell\open\command]
176. ""="Explorer.Exe /idlist,%I,/L" (REG_SZ)
177. 
178. [HKLM\Software\Classes\CLSID\{E211B736-43FD-11D1-9EFB-0000F8757FCD}\Camera\shell\explore\command]
179. ""="Explorer.exe /e,/idlist,%I,/L" (REG_SZ)
180. 
181. [HKLM\Software\Classes\CLSID\{E211B736-43FD-11D1-9EFB-0000F8757FCD}\Camera\shell\open\command]
182. ""="Explorer.Exe /idlist,%I,/L" (REG_SZ)
183. 
184. [HKLM\Software\Classes\CLSID\{E211B736-43FD-11D1-9EFB-0000F8757FCD}\CameraContainerItems\shell\explore\command]
185. ""="Explorer.exe /e,/idlist,%I,/L" (REG_SZ)
186. 
187. [HKLM\Software\Classes\CLSID\{E211B736-43FD-11D1-9EFB-0000F8757FCD}\CameraContainerItems\shell\open\command]
188. ""="Explorer.Exe /idlist,%I,/L" (REG_SZ)
189. 
190. [HKLM\Software\Classes\CLSID\{E211B736-43FD-11D1-9EFB-0000F8757FCD}\Scanner\shell\explore\command]
191. ""="Explorer.exe /e,/idlist,%I,/L" (REG_SZ)
192. 
193. [HKLM\Software\Classes\CLSID\{E211B736-43FD-11D1-9EFB-0000F8757FCD}\Scanner\shell\open\command]
194. ""="Explorer.Exe /idlist,%I,/L" (REG_SZ)
195. 
196. [HKLM\Software\Classes\CLSID\{E773F1AF-3A65-4866-857D-846FC9C4598A}\shell\explore\command]
197. ""="%SystemRoot%\Explorer.exe /e,/idlist,%I,%L" (REG_EXPAND_SZ)
198. 
199. [HKLM\Software\Classes\CLSID\{E773F1AF-3A65-4866-857D-846FC9C4598A}\shell\open\command]
200. ""="%SystemRoot%\Explorer.exe /idlist,%I,%L" (REG_EXPAND_SZ)
201. 
202. [HKLM\Software\Classes\CompressedFolder\Shell\find\command]
203. ""="C:\WINDOWS\Explorer.exe" (REG_EXPAND_SZ)
204. 
205. [HKLM\Software\Classes\Directory\shell\find\command]
206. ""="%SystemRoot%\Explorer.exe" (REG_EXPAND_SZ)
207. 
208. [HKLM\Software\Classes\Drive\shell\find\command]
209. ""="%SystemRoot%\Explorer.exe" (REG_EXPAND_SZ)
210. 
211. [HKLM\Software\Classes\fndfile\shell\open\command]
212. ""="%SystemRoot%\Explorer.exe" (REG_EXPAND_SZ)
213. 
214. [HKLM\Software\Classes\Folder\shell\explore\command]
215. ""="%SystemRoot%\Explorer.exe /e,/idlist,%I,%L" (REG_EXPAND_SZ)
216. 
217. [HKLM\Software\Classes\Folder\shell\open\command]
218. ""="%SystemRoot%\Explorer.exe /idlist,%I,%L" (REG_EXPAND_SZ)
219. 
220. [HKLM\Software\Classes\Publishing Folder\shell\explore\command]
221. ""="explorer.exe /e,/idlist,%I,%L" (REG_SZ)
222. 
223. [HKLM\Software\Classes\Publishing Folder\shell\open\command]
224. ""="explorer.exe /idlist,%I,%L" (REG_SZ)
225. 
226. [HKLM\Software\Classes\SHCmdFile\shell\open\command]
227. ""="explorer.exe" (REG_SZ)
228. 
229. [HKLM\Software\Classes\Shell\shell\explore\command]
230. ""="%SystemRoot%\Explorer.exe /e,/idlist,%I,%L" (REG_EXPAND_SZ)
231. 
232. [HKLM\Software\Classes\Shell\shell\open\command]
233. ""="%SystemRoot%\Explorer.exe /idlist,%I,%L" (REG_EXPAND_SZ)
234. 
235. [HKLM\Software\Microsoft\Internet Explorer\International]
236. "explorer.exe"="6.0.2600.0-6.0.9999.9999" (REG_SZ)
237. 
238. [HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS]
239. "explorer.exe"="1" (REG_DWORD)
240. 
241. [HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL]
242. "explorer.exe"="1" (REG_DWORD)
243. 
244. [HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
245. "explorer.exe"="1" (REG_DWORD)
246. 
247. [HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER]
248. "explorer.exe"="4" (REG_DWORD)
249. 
250. [HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER]
251. "explorer.exe"="2" (REG_DWORD)
252. 
253. [HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING]
254. "explorer.exe"="1" (REG_DWORD)
255. 
256. [HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING]
257. "explorer.exe"="1" (REG_DWORD)
258. 
259. [HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING]
260. "explorer.exe"="1" (REG_DWORD)
261. 
262. [HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN]
263. "explorer.exe"="0" (REG_DWORD)
264. 
265. [HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT]
266. "explorer.exe"="1" (REG_DWORD)
267. 
268. [HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT]
269. "explorer.exe"="1" (REG_DWORD)
270. 
271. [HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS]
272. "explorer.exe"="1" (REG_DWORD)
273. 
274. [HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION]
275. "explorer.exe"="1" (REG_DWORD)
276. 
277. [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\FileAssociation]
278. "KillList"="%1;explorer.exe;dvdplay.exe;mplay32.exe;msohtmed.exe;quikview.exe;rundll.exe;rundll32.exe;taskman.exe;bck32api.dll;" (REG_SZ)
279. 
280. [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\MyComp]
281. "Bitmap"="%SystemRoot%\explorer.exe,100" (REG_SZ)
282. 
283. [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\LockDown_zones\0]
284. "Icon"="explorer.exe#0100" (REG_SZ)
285. 
286. [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
287. "Icon"="explorer.exe#0100" (REG_SZ)
288. 
289. [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
290. "Shell"="Explorer.exe" (REG_SZ)
291. 
292. [HKLM\System\ControlSet001\Control\Terminal Server\SysProcs]
293. "winlogon.exe"="0" (REG_DWORD)
294. 
295. [HKLM\System\ControlSet001\Services\Eventlog\Application\Autochk]
296. "EventMessageFile"="%SystemRoot%\System32\winlogon.exe" (REG_EXPAND_SZ)
297. 
298. [HKLM\System\ControlSet001\Services\Eventlog\Application\Winlogon]
299. "EventMessageFile"="%SystemRoot%\System32\winlogon.exe" (REG_EXPAND_SZ)
300. 
301. [HKLM\System\ControlSet002\Control\Terminal Server\SysProcs]
302. "winlogon.exe"="0" (REG_DWORD)
303. 
304. [HKLM\System\ControlSet002\Services\Eventlog\Application\Autochk]
305. "EventMessageFile"="%SystemRoot%\System32\winlogon.exe" (REG_EXPAND_SZ)
306. 
307. [HKLM\System\ControlSet002\Services\Eventlog\Application\Winlogon]
308. "EventMessageFile"="%SystemRoot%\System32\winlogon.exe" (REG_EXPAND_SZ)
309. 
310. [HKLM\System\ControlSet003\Control\Terminal Server\SysProcs]
311. "winlogon.exe"="0" (REG_DWORD)
312. 
313. [HKLM\System\ControlSet003\Services\Eventlog\Application\Autochk]
314. "EventMessageFile"="%SystemRoot%\System32\winlogon.exe" (REG_EXPAND_SZ)
315. 
316. [HKLM\System\ControlSet003\Services\Eventlog\Application\Winlogon]
317. "EventMessageFile"="%SystemRoot%\System32\winlogon.exe" (REG_EXPAND_SZ)
318. 
319. [HKLM\System\CurrentControlSet\Control\Terminal Server\SysProcs]
320. "winlogon.exe"="0" (REG_DWORD)
321. 
322. [HKLM\System\CurrentControlSet\Services\Eventlog\Application\Autochk]
323. "EventMessageFile"="%SystemRoot%\System32\winlogon.exe" (REG_EXPAND_SZ)
324. 
325. [HKLM\System\CurrentControlSet\Services\Eventlog\Application\Winlogon]
326. "EventMessageFile"="%SystemRoot%\System32\winlogon.exe" (REG_EXPAND_SZ)
327. 
328. [HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0]
329. "Icon"="explorer.exe#0100" (REG_SZ)
330. 
331. [HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
332. "Icon"="explorer.exe#0100" (REG_SZ)
333. 
334. [HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0]
335. "Icon"="explorer.exe#0100" (REG_SZ)
336. 
337. [HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
338. "Icon"="explorer.exe#0100" (REG_SZ)
339. 
340. [HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0]
341. "Icon"="explorer.exe#0100" (REG_SZ)
342. 
343. [HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
344. "Icon"="explorer.exe#0100" (REG_SZ)
345. 
346. [HKU\S-1-5-21-1993962763-507921405-1801674531-1003\Software\MainConcept (Muvee)\MainConcept (Muvee) MP4 Demultiplexer\Explorer.EXE]
347. DA: 07/07/2010 17:18:21
348. 
349. [HKU\S-1-5-21-1993962763-507921405-1801674531-1003\Software\MainConcept (Muvee)\MainConcept (Muvee) MPEG Demultiplexer\Explorer.EXE]
350. DA: 07/07/2010 17:18:21
351. 
352. [HKU\S-1-5-21-1993962763-507921405-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0]
353. "Icon"="explorer.exe#0100" (REG_SZ)
354. 
355. [HKU\S-1-5-21-1993962763-507921405-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
356. "Icon"="explorer.exe#0100" (REG_SZ)
357. 
358. [HKU\S-1-5-21-1993962763-507921405-1801674531-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
359. "C:\windows\Explorer.EXE"="Explorateur Windows" (REG_SZ)
360. 
361. [HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0]
362. "Icon"="explorer.exe#0100" (REG_SZ)
363. 
364. [HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
365. "Icon"="explorer.exe#0100" (REG_SZ)
366. 
367. =========================
368. 
369. Fin à: 15:42:42 le 31/10/2010
370. 214831 Éléments analysés
371. 
372. =========================
373. E.O.F

Aspirine · Answer

Non, je suis la, je te renvoie le rapport:
1. ========================= SEAF 1.0.1.0 - C_XX
2. 
3. Commencé à: 15:40:10 le 31/10/2010
4. 
5. Valeur(s) recherchée(s):
6. explorer.exe
7. winlogon.exe
8. 
9. Légende: TC => Date de création, TM => Date de modification, DA => Dernier accès
10. 
11. (!) --- Calcul du Hash "MD5"
12. (!) --- Informations supplémentaires
13. (!) --- Recherche registre
14. 
15. ====== Fichier(s) ======
16. 
17. 
18. "C:\Documents and Settings\All Users\Application Data\avg9\IDS\profile\C__WINDOWS_EXPLORER.EXE.ndb" [ ARCHIVE | 238 o ]
19. TC: 20/08/2010,18:41:59 | TM: 21/08/2010,21:14:40 | DA: 18/09/2010,17:58:59
20. 
21. Hash MD5: 7542BC22B6BC41C900C2256CECE6140F
22. 
23. 
24. =========================
25. 
26. 
27. "C:\Documents and Settings\All Users\Application Data\avg9\IDS\profile\C__WINDOWS_EXPLORER.EXE.ndb_ndb.bak" [ ARCHIVE | 130 o ]
28. TC: 20/08/2010,18:41:59 | TM: 20/08/2010,18:41:59 | DA: 18/09/2010,17:58:59
29. 
30. Hash MD5: 4215BAD7221161C4C8AF35429E042E1C
31. 
32. 
33. =========================
34. 
35. 
36. "C:\WINDOWS\explorer.exe" [ ARCHIVE | 1038 Ko ]
37. TC: 13/04/2008,19:34:04 | TM: 13/04/2008,19:34:04 | DA: 23/09/2010,18:07:45
38. 
39. Hash MD5: CF2ABC4B499C47764B23CCC34EA418DA
40. 
41. CompanyName: Microsoft Corporation
42. ProductName: Système d'exploitation Microsoft® Windows®
43. InternalName: explorer
44. OriginalFileName: EXPLORER.EXE
45. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
46. ProductVersion: 6.00.2900.5512
47. FileVersion: 6.00.2900.5512 (xpsp.080413-2105)
48. 
49. =========================
50. 
51. 
52. "C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf" [ NOT_CONTENT_INDEXED|ARCHIVE | 91 Ko ]
53. TC: 28/10/2010,11:57:53 | TM: 31/10/2010,11:53:35 | DA: 28/10/2010,11:57:53
54. 
55. Hash MD5: D3696C9D86A03D9C107BA9AA8CFDFD2E
56. 
57. 
58. =========================
59. 
60. 
61. "C:\WINDOWS\system32\dllcache\explorer.exe" [ ARCHIVE | 512 Ko ]
62. TC: 13/04/2008,19:34:30 | TM: 13/04/2008,19:34:30 | DA: 19/09/2010,12:40:38
63. 
64. Hash MD5: 11B7E8227C3EC35096B44C943C3EDBC3
65. 
66. CompanyName: Microsoft Corporation
67. ProductName: Système d'exploitation Microsoft® Windows®
68. InternalName: winlogon
69. OriginalFileName: WINLOGON.EXE
70. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
71. ProductVersion: 5.1.2600.5512
72. FileVersion: 5.1.2600.5512 (xpsp.080413-2113)
73. 
74. =========================
75. 
76. 
77. "C:\WINDOWS\system32\winlogon.exe" [ ARCHIVE | 512 Ko ]
78. TC: 13/04/2008,19:34:30 | TM: 13/04/2008,19:34:30 | DA: 23/09/2010,18:06:42
79. 
80. Hash MD5: 11B7E8227C3EC35096B44C943C3EDBC3
81. 
82. CompanyName: Microsoft Corporation
83. ProductName: Système d'exploitation Microsoft® Windows®
84. InternalName: winlogon
85. OriginalFileName: WINLOGON.EXE
86. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
87. ProductVersion: 5.1.2600.5512
88. FileVersion: 5.1.2600.5512 (xpsp.080413-2113)
89. 
90. =========================
91. 
92. 
93. 
94. ====== Entrée(s) du registre ======
95. 
96. 
97. [HKLM\Software\Classes\Applications\explorer.exe]
98. DA: 31/10/2010 14:57:11
99. 
100. [HKLM\Software\Classes\Briefcase\shell\open\command]
101. ""="explorer.exe %1" (REG_SZ)
102. 
103. [HKLM\Software\Classes\CLSID\{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}\shell\explore\command]
104. ""="%SystemRoot%\Explorer.exe /e,/idlist,%I,%L" (REG_EXPAND_SZ)
105. 
106. [HKLM\Software\Classes\CLSID\{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}\shell\find\command]
107. ""="%SystemRoot%\Explorer.exe" (REG_EXPAND_SZ)
108. 
109. [HKLM\Software\Classes\CLSID\{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}\shell\open\command]
110. ""="%SystemRoot%\Explorer.exe /idlist,%I,%L" (REG_EXPAND_SZ)
111. 
112. [HKLM\Software\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\shell\find\command]
113. ""="%SystemRoot%\Explorer.exe" (REG_EXPAND_SZ)
114. 
115. [HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\DefaultIcon]
116. ""="%SystemRoot%\Explorer.exe,0" (REG_EXPAND_SZ)
117. 
118. [HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\find\command]
119. ""="%SystemRoot%\Explorer.exe" (REG_EXPAND_SZ)
120. 
121. [HKLM\Software\Classes\CLSID\{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}]
122. "LocalizedString"="@explorer.exe,-7020" (REG_SZ)
123. 
124. [HKLM\Software\Classes\CLSID\{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}]
125. "InfoTip"="@explorer.exe,-7000" (REG_SZ)
126. 
127. [HKLM\Software\Classes\CLSID\{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}]
128. "LocalizedString"="@explorer.exe,-7021" (REG_SZ)
129. 
130. [HKLM\Software\Classes\CLSID\{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}]
131. "InfoTip"="@explorer.exe,-7001" (REG_SZ)
132. 
133. [HKLM\Software\Classes\CLSID\{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}]
134. "LocalizedString"="@explorer.exe,-7022" (REG_SZ)
135. 
136. [HKLM\Software\Classes\CLSID\{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}]
137. "LocalizedString"="@explorer.exe,-7023" (REG_SZ)
138. 
139. [HKLM\Software\Classes\CLSID\{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}]
140. "InfoTip"="@explorer.exe,-7003" (REG_SZ)
141. 
142. [HKLM\Software\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}]
143. "LocalizedString"="@explorer.exe,-7024" (REG_SZ)
144. 
145. [HKLM\Software\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}]
146. "InfoTip"="@explorer.exe,-7004" (REG_SZ)
147. 
148. [HKLM\Software\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\DefaultIcon]
149. ""="%SystemRoot%\explorer.exe,-253" (REG_EXPAND_SZ)
150. 
151. [HKLM\Software\Classes\CLSID\{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}]
152. "LocalizedString"="@explorer.exe,-7025" (REG_SZ)
153. 
154. [HKLM\Software\Classes\CLSID\{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}]
155. "InfoTip"="@explorer.exe,-7005" (REG_SZ)
156. 
157. [HKLM\Software\Classes\CLSID\{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}\DefaultIcon]
158. ""="%SystemRoot%\explorer.exe,-254" (REG_EXPAND_SZ)
159. 
160. [HKLM\Software\Classes\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\shell\find\command]
161. ""="%SystemRoot%\Explorer.exe" (REG_EXPAND_SZ)
162. 
163. [HKLM\Software\Classes\CLSID\{48e7caab-b918-4e58-a94d-505519c795dc}\shell\open\command]
164. ""="%SystemRoot%\Explorer.exe /idlist,%I,%L" (REG_EXPAND_SZ)
165. 
166. [HKLM\Software\Classes\CLSID\{7be9d83c-a729-4d97-b5a7-1b7313c39e0a}\shell\open\command]
167. ""="%SystemRoot%\Explorer.exe /idlist,%I,%L" (REG_EXPAND_SZ)
168. 
169. [HKLM\Software\Classes\CLSID\{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}\DefaultIcon]
170. ""="C:\WINDOWS\explorer.exe,-103" (REG_SZ)
171. 
172. [HKLM\Software\Classes\CLSID\{E211B736-43FD-11D1-9EFB-0000F8757FCD}\AllDevices\shell\explore\command]
173. ""="Explorer.exe /e,/idlist,%I,/L" (REG_SZ)
174. 
175. [HKLM\Software\Classes\CLSID\{E211B736-43FD-11D1-9EFB-0000F8757FCD}\AllDevices\shell\open\command]
176. ""="Explorer.Exe /idlist,%I,/L" (REG_SZ)
177. 
178. [HKLM\Software\Classes\CLSID\{E211B736-43FD-11D1-9EFB-0000F8757FCD}\Camera\shell\explore\command]
179. ""="Explorer.exe /e,/idlist,%I,/L" (REG_SZ)
180. 
181. [HKLM\Software\Classes\CLSID\{E211B736-43FD-11D1-9EFB-0000F8757FCD}\Camera\shell\open\command]
182. ""="Explorer.Exe /idlist,%I,/L" (REG_SZ)
183. 
184. [HKLM\Software\Classes\CLSID\{E211B736-43FD-11D1-9EFB-0000F8757FCD}\CameraContainerItems\shell\explore\command]
185. ""="Explorer.exe /e,/idlist,%I,/L" (REG_SZ)
186. 
187. [HKLM\Software\Classes\CLSID\{E211B736-43FD-11D1-9EFB-0000F8757FCD}\CameraContainerItems\shell\open\command]
188. ""="Explorer.Exe /idlist,%I,/L" (REG_SZ)
189. 
190. [HKLM\Software\Classes\CLSID\{E211B736-43FD-11D1-9EFB-0000F8757FCD}\Scanner\shell\explore\command]
191. ""="Explorer.exe /e,/idlist,%I,/L" (REG_SZ)
192. 
193. [HKLM\Software\Classes\CLSID\{E211B736-43FD-11D1-9EFB-0000F8757FCD}\Scanner\shell\open\command]
194. ""="Explorer.Exe /idlist,%I,/L" (REG_SZ)
195. 
196. [HKLM\Software\Classes\CLSID\{E773F1AF-3A65-4866-857D-846FC9C4598A}\shell\explore\command]
197. ""="%SystemRoot%\Explorer.exe /e,/idlist,%I,%L" (REG_EXPAND_SZ)
198. 
199. [HKLM\Software\Classes\CLSID\{E773F1AF-3A65-4866-857D-846FC9C4598A}\shell\open\command]
200. ""="%SystemRoot%\Explorer.exe /idlist,%I,%L" (REG_EXPAND_SZ)
201. 
202. [HKLM\Software\Classes\CompressedFolder\Shell\find\command]
203. ""="C:\WINDOWS\Explorer.exe" (REG_EXPAND_SZ)
204. 
205. [HKLM\Software\Classes\Directory\shell\find\command]
206. ""="%SystemRoot%\Explorer.exe" (REG_EXPAND_SZ)
207. 
208. [HKLM\Software\Classes\Drive\shell\find\command]
209. ""="%SystemRoot%\Explorer.exe" (REG_EXPAND_SZ)
210. 
211. [HKLM\Software\Classes\fndfile\shell\open\command]
212. ""="%SystemRoot%\Explorer.exe" (REG_EXPAND_SZ)
213. 
214. [HKLM\Software\Classes\Folder\shell\explore\command]
215. ""="%SystemRoot%\Explorer.exe /e,/idlist,%I,%L" (REG_EXPAND_SZ)
216. 
217. [HKLM\Software\Classes\Folder\shell\open\command]
218. ""="%SystemRoot%\Explorer.exe /idlist,%I,%L" (REG_EXPAND_SZ)
219. 
220. [HKLM\Software\Classes\Publishing Folder\shell\explore\command]
221. ""="explorer.exe /e,/idlist,%I,%L" (REG_SZ)
222. 
223. [HKLM\Software\Classes\Publishing Folder\shell\open\command]
224. ""="explorer.exe /idlist,%I,%L" (REG_SZ)
225. 
226. [HKLM\Software\Classes\SHCmdFile\shell\open\command]
227. ""="explorer.exe" (REG_SZ)
228. 
229. [HKLM\Software\Classes\Shell\shell\explore\command]
230. ""="%SystemRoot%\Explorer.exe /e,/idlist,%I,%L" (REG_EXPAND_SZ)
231. 
232. [HKLM\Software\Classes\Shell\shell\open\command]
233. ""="%SystemRoot%\Explorer.exe /idlist,%I,%L" (REG_EXPAND_SZ)
234. 
235. [HKLM\Software\Microsoft\Internet Explorer\International]
236. "explorer.exe"="6.0.2600.0-6.0.9999.9999" (REG_SZ)
237. 
238. [HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS]
239. "explorer.exe"="1" (REG_DWORD)
240. 
241. [HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL]
242. "explorer.exe"="1" (REG_DWORD)
243. 
244. [HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
245. "explorer.exe"="1" (REG_DWORD)
246. 
247. [HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER]
248. "explorer.exe"="4" (REG_DWORD)
249. 
250. [HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER]
251. "explorer.exe"="2" (REG_DWORD)
252. 
253. [HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING]
254. "explorer.exe"="1" (REG_DWORD)
255. 
256. [HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING]
257. "explorer.exe"="1" (REG_DWORD)
258. 
259. [HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING]
260. "explorer.exe"="1" (REG_DWORD)
261. 
262. [HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN]
263. "explorer.exe"="0" (REG_DWORD)
264. 
265. [HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT]
266. "explorer.exe"="1" (REG_DWORD)
267. 
268. [HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT]
269. "explorer.exe"="1" (REG_DWORD)
270. 
271. [HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS]
272. "explorer.exe"="1" (REG_DWORD)
273. 
274. [HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION]
275. "explorer.exe"="1" (REG_DWORD)
276. 
277. [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\FileAssociation]
278. "KillList"="%1;explorer.exe;dvdplay.exe;mplay32.exe;msohtmed.exe;quikview.exe;rundll.exe;rundll32.exe;taskman.exe;bck32api.dll;" (REG_SZ)
279. 
280. [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\MyComp]
281. "Bitmap"="%SystemRoot%\explorer.exe,100" (REG_SZ)
282. 
283. [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\LockDown_zones\0]
284. "Icon"="explorer.exe#0100" (REG_SZ)
285. 
286. [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
287. "Icon"="explorer.exe#0100" (REG_SZ)
288. 
289. [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
290. "Shell"="Explorer.exe" (REG_SZ)
291. 
292. [HKLM\System\ControlSet001\Control\Terminal Server\SysProcs]
293. "winlogon.exe"="0" (REG_DWORD)
294. 
295. [HKLM\System\ControlSet001\Services\Eventlog\Application\Autochk]
296. "EventMessageFile"="%SystemRoot%\System32\winlogon.exe" (REG_EXPAND_SZ)
297. 
298. [HKLM\System\ControlSet001\Services\Eventlog\Application\Winlogon]
299. "EventMessageFile"="%SystemRoot%\System32\winlogon.exe" (REG_EXPAND_SZ)
300. 
301. [HKLM\System\ControlSet002\Control\Terminal Server\SysProcs]
302. "winlogon.exe"="0" (REG_DWORD)
303. 
304. [HKLM\System\ControlSet002\Services\Eventlog\Application\Autochk]
305. "EventMessageFile"="%SystemRoot%\System32\winlogon.exe" (REG_EXPAND_SZ)
306. 
307. [HKLM\System\ControlSet002\Services\Eventlog\Application\Winlogon]
308. "EventMessageFile"="%SystemRoot%\System32\winlogon.exe" (REG_EXPAND_SZ)
309. 
310. [HKLM\System\ControlSet003\Control\Terminal Server\SysProcs]
311. "winlogon.exe"="0" (REG_DWORD)
312. 
313. [HKLM\System\ControlSet003\Services\Eventlog\Application\Autochk]
314. "EventMessageFile"="%SystemRoot%\System32\winlogon.exe" (REG_EXPAND_SZ)
315. 
316. [HKLM\System\ControlSet003\Services\Eventlog\Application\Winlogon]
317. "EventMessageFile"="%SystemRoot%\System32\winlogon.exe" (REG_EXPAND_SZ)
318. 
319. [HKLM\System\CurrentControlSet\Control\Terminal Server\SysProcs]
320. "winlogon.exe"="0" (REG_DWORD)
321. 
322. [HKLM\System\CurrentControlSet\Services\Eventlog\Application\Autochk]
323. "EventMessageFile"="%SystemRoot%\System32\winlogon.exe" (REG_EXPAND_SZ)
324. 
325. [HKLM\System\CurrentControlSet\Services\Eventlog\Application\Winlogon]
326. "EventMessageFile"="%SystemRoot%\System32\winlogon.exe" (REG_EXPAND_SZ)
327. 
328. [HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0]
329. "Icon"="explorer.exe#0100" (REG_SZ)
330. 
331. [HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
332. "Icon"="explorer.exe#0100" (REG_SZ)
333. 
334. [HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0]
335. "Icon"="explorer.exe#0100" (REG_SZ)
336. 
337. [HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
338. "Icon"="explorer.exe#0100" (REG_SZ)
339. 
340. [HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0]
341. "Icon"="explorer.exe#0100" (REG_SZ)
342. 
343. [HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
344. "Icon"="explorer.exe#0100" (REG_SZ)
345. 
346. [HKU\S-1-5-21-1993962763-507921405-1801674531-1003\Software\MainConcept (Muvee)\MainConcept (Muvee) MP4 Demultiplexer\Explorer.EXE]
347. DA: 07/07/2010 17:18:21
348. 
349. [HKU\S-1-5-21-1993962763-507921405-1801674531-1003\Software\MainConcept (Muvee)\MainConcept (Muvee) MPEG Demultiplexer\Explorer.EXE]
350. DA: 07/07/2010 17:18:21
351. 
352. [HKU\S-1-5-21-1993962763-507921405-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0]
353. "Icon"="explorer.exe#0100" (REG_SZ)
354. 
355. [HKU\S-1-5-21-1993962763-507921405-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
356. "Icon"="explorer.exe#0100" (REG_SZ)
357. 
358. [HKU\S-1-5-21-1993962763-507921405-1801674531-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
359. "C:\windows\Explorer.EXE"="Explorateur Windows" (REG_SZ)
360. 
361. [HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0]
362. "Icon"="explorer.exe#0100" (REG_SZ)
363. 
364. [HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
365. "Icon"="explorer.exe#0100" (REG_SZ)
366. 
367. =========================
368. 
369. Fin à: 15:42:42 le 31/10/2010
370. 214831 Éléments analysés
371. 
372. =========================
373. E.O.F

Aspirine · Answer

Je ne comprend pas Guillaume5188  Je dois répondre aux mauvais endroits.  Je ne joue à rien, désolé si tu ne recoie rien, je te rérenvoi le rapport et dit moi si tu as bien recue ce message,  si tu veux je peux te donner mon mail.



1. ========================= SEAF 1.0.1.0 - C_XX
2. 
3. Commencé à: 15:40:10 le 31/10/2010
4. 
5. Valeur(s) recherchée(s):
6. explorer.exe
7. winlogon.exe
8. 
9. Légende: TC => Date de création, TM => Date de modification, DA => Dernier accès
10. 
11. (!) --- Calcul du Hash "MD5"
12. (!) --- Informations supplémentaires
13. (!) --- Recherche registre
14. 
15. ====== Fichier(s) ======
16. 
17. 
18. "C:\Documents and Settings\All Users\Application Data\avg9\IDS\profile\C__WINDOWS_EXPLORER.EXE.ndb" [ ARCHIVE | 238 o ]
19. TC: 20/08/2010,18:41:59 | TM: 21/08/2010,21:14:40 | DA: 18/09/2010,17:58:59
20. 
21. Hash MD5: 7542BC22B6BC41C900C2256CECE6140F
22. 
23. 
24. =========================
25. 
26. 
27. "C:\Documents and Settings\All Users\Application Data\avg9\IDS\profile\C__WINDOWS_EXPLORER.EXE.ndb_ndb.bak" [ ARCHIVE | 130 o ]
28. TC: 20/08/2010,18:41:59 | TM: 20/08/2010,18:41:59 | DA: 18/09/2010,17:58:59
29. 
30. Hash MD5: 4215BAD7221161C4C8AF35429E042E1C
31. 
32. 
33. =========================
34. 
35. 
36. "C:\WINDOWS\explorer.exe" [ ARCHIVE | 1038 Ko ]
37. TC: 13/04/2008,19:34:04 | TM: 13/04/2008,19:34:04 | DA: 23/09/2010,18:07:45
38. 
39. Hash MD5: CF2ABC4B499C47764B23CCC34EA418DA
40. 
41. CompanyName: Microsoft Corporation
42. ProductName: Système d'exploitation Microsoft® Windows®
43. InternalName: explorer
44. OriginalFileName: EXPLORER.EXE
45. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
46. ProductVersion: 6.00.2900.5512
47. FileVersion: 6.00.2900.5512 (xpsp.080413-2105)
48. 
49. =========================
50. 
51. 
52. "C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf" [ NOT_CONTENT_INDEXED|ARCHIVE | 91 Ko ]
53. TC: 28/10/2010,11:57:53 | TM: 31/10/2010,11:53:35 | DA: 28/10/2010,11:57:53
54. 
55. Hash MD5: D3696C9D86A03D9C107BA9AA8CFDFD2E
56. 
57. 
58. =========================
59. 
60. 
61. "C:\WINDOWS\system32\dllcache\explorer.exe" [ ARCHIVE | 512 Ko ]
62. TC: 13/04/2008,19:34:30 | TM: 13/04/2008,19:34:30 | DA: 19/09/2010,12:40:38
63. 
64. Hash MD5: 11B7E8227C3EC35096B44C943C3EDBC3
65. 
66. CompanyName: Microsoft Corporation
67. ProductName: Système d'exploitation Microsoft® Windows®
68. InternalName: winlogon
69. OriginalFileName: WINLOGON.EXE
70. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
71. ProductVersion: 5.1.2600.5512
72. FileVersion: 5.1.2600.5512 (xpsp.080413-2113)
73. 
74. =========================
75. 
76. 
77. "C:\WINDOWS\system32\winlogon.exe" [ ARCHIVE | 512 Ko ]
78. TC: 13/04/2008,19:34:30 | TM: 13/04/2008,19:34:30 | DA: 23/09/2010,18:06:42
79. 
80. Hash MD5: 11B7E8227C3EC35096B44C943C3EDBC3
81. 
82. CompanyName: Microsoft Corporation
83. ProductName: Système d'exploitation Microsoft® Windows®
84. InternalName: winlogon
85. OriginalFileName: WINLOGON.EXE
86. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
87. ProductVersion: 5.1.2600.5512
88. FileVersion: 5.1.2600.5512 (xpsp.080413-2113)
89. 
90. =========================
91. 
92. 
93. 
94. ====== Entrée(s) du registre ======
95. 
96. 
97. [HKLM\Software\Classes\Applications\explorer.exe]
98. DA: 31/10/2010 14:57:11
99. 
100. [HKLM\Software\Classes\Briefcase\shell\open\command]
101. ""="explorer.exe %1" (REG_SZ)
102. 
103. [HKLM\Software\Classes\CLSID\{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}\shell\explore\command]
104. ""="%SystemRoot%\Explorer.exe /e,/idlist,%I,%L" (REG_EXPAND_SZ)
105. 
106. [HKLM\Software\Classes\CLSID\{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}\shell\find\command]
107. ""="%SystemRoot%\Explorer.exe" (REG_EXPAND_SZ)
108. 
109. [HKLM\Software\Classes\CLSID\{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}\shell\open\command]
110. ""="%SystemRoot%\Explorer.exe /idlist,%I,%L" (REG_EXPAND_SZ)
111. 
112. [HKLM\Software\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\shell\find\command]
113. ""="%SystemRoot%\Explorer.exe" (REG_EXPAND_SZ)
114. 
115. [HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\DefaultIcon]
116. ""="%SystemRoot%\Explorer.exe,0" (REG_EXPAND_SZ)
117. 
118. [HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\find\command]
119. ""="%SystemRoot%\Explorer.exe" (REG_EXPAND_SZ)
120. 
121. [HKLM\Software\Classes\CLSID\{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}]
122. "LocalizedString"="@explorer.exe,-7020" (REG_SZ)
123. 
124. [HKLM\Software\Classes\CLSID\{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}]
125. "InfoTip"="@explorer.exe,-7000" (REG_SZ)
126. 
127. [HKLM\Software\Classes\CLSID\{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}]
128. "LocalizedString"="@explorer.exe,-7021" (REG_SZ)
129. 
130. [HKLM\Software\Classes\CLSID\{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}]
131. "InfoTip"="@explorer.exe,-7001" (REG_SZ)
132. 
133. [HKLM\Software\Classes\CLSID\{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}]
134. "LocalizedString"="@explorer.exe,-7022" (REG_SZ)
135. 
136. [HKLM\Software\Classes\CLSID\{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}]
137. "LocalizedString"="@explorer.exe,-7023" (REG_SZ)
138. 
139. [HKLM\Software\Classes\CLSID\{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}]
140. "InfoTip"="@explorer.exe,-7003" (REG_SZ)
141. 
142. [HKLM\Software\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}]
143. "LocalizedString"="@explorer.exe,-7024" (REG_SZ)
144. 
145. [HKLM\Software\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}]
146. "InfoTip"="@explorer.exe,-7004" (REG_SZ)
147. 
148. [HKLM\Software\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\DefaultIcon]
149. ""="%SystemRoot%\explorer.exe,-253" (REG_EXPAND_SZ)
150. 
151. [HKLM\Software\Classes\CLSID\{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}]
152. "LocalizedString"="@explorer.exe,-7025" (REG_SZ)
153. 
154. [HKLM\Software\Classes\CLSID\{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}]
155. "InfoTip"="@explorer.exe,-7005" (REG_SZ)
156. 
157. [HKLM\Software\Classes\CLSID\{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}\DefaultIcon]
158. ""="%SystemRoot%\explorer.exe,-254" (REG_EXPAND_SZ)
159. 
160. [HKLM\Software\Classes\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\shell\find\command]
161. ""="%SystemRoot%\Explorer.exe" (REG_EXPAND_SZ)
162. 
163. [HKLM\Software\Classes\CLSID\{48e7caab-b918-4e58-a94d-505519c795dc}\shell\open\command]
164. ""="%SystemRoot%\Explorer.exe /idlist,%I,%L" (REG_EXPAND_SZ)
165. 
166. [HKLM\Software\Classes\CLSID\{7be9d83c-a729-4d97-b5a7-1b7313c39e0a}\shell\open\command]
167. ""="%SystemRoot%\Explorer.exe /idlist,%I,%L" (REG_EXPAND_SZ)
168. 
169. [HKLM\Software\Classes\CLSID\{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}\DefaultIcon]
170. ""="C:\WINDOWS\explorer.exe,-103" (REG_SZ)
171. 
172. [HKLM\Software\Classes\CLSID\{E211B736-43FD-11D1-9EFB-0000F8757FCD}\AllDevices\shell\explore\command]
173. ""="Explorer.exe /e,/idlist,%I,/L" (REG_SZ)
174. 
175. [HKLM\Software\Classes\CLSID\{E211B736-43FD-11D1-9EFB-0000F8757FCD}\AllDevices\shell\open\command]
176. ""="Explorer.Exe /idlist,%I,/L" (REG_SZ)
177. 
178. [HKLM\Software\Classes\CLSID\{E211B736-43FD-11D1-9EFB-0000F8757FCD}\Camera\shell\explore\command]
179. ""="Explorer.exe /e,/idlist,%I,/L" (REG_SZ)
180. 
181. [HKLM\Software\Classes\CLSID\{E211B736-43FD-11D1-9EFB-0000F8757FCD}\Camera\shell\open\command]
182. ""="Explorer.Exe /idlist,%I,/L" (REG_SZ)
183. 
184. [HKLM\Software\Classes\CLSID\{E211B736-43FD-11D1-9EFB-0000F8757FCD}\CameraContainerItems\shell\explore\command]
185. ""="Explorer.exe /e,/idlist,%I,/L" (REG_SZ)
186. 
187. [HKLM\Software\Classes\CLSID\{E211B736-43FD-11D1-9EFB-0000F8757FCD}\CameraContainerItems\shell\open\command]
188. ""="Explorer.Exe /idlist,%I,/L" (REG_SZ)
189. 
190. [HKLM\Software\Classes\CLSID\{E211B736-43FD-11D1-9EFB-0000F8757FCD}\Scanner\shell\explore\command]
191. ""="Explorer.exe /e,/idlist,%I,/L" (REG_SZ)
192. 
193. [HKLM\Software\Classes\CLSID\{E211B736-43FD-11D1-9EFB-0000F8757FCD}\Scanner\shell\open\command]
194. ""="Explorer.Exe /idlist,%I,/L" (REG_SZ)
195. 
196. [HKLM\Software\Classes\CLSID\{E773F1AF-3A65-4866-857D-846FC9C4598A}\shell\explore\command]
197. ""="%SystemRoot%\Explorer.exe /e,/idlist,%I,%L" (REG_EXPAND_SZ)
198. 
199. [HKLM\Software\Classes\CLSID\{E773F1AF-3A65-4866-857D-846FC9C4598A}\shell\open\command]
200. ""="%SystemRoot%\Explorer.exe /idlist,%I,%L" (REG_EXPAND_SZ)
201. 
202. [HKLM\Software\Classes\CompressedFolder\Shell\find\command]
203. ""="C:\WINDOWS\Explorer.exe" (REG_EXPAND_SZ)
204. 
205. [HKLM\Software\Classes\Directory\shell\find\command]
206. ""="%SystemRoot%\Explorer.exe" (REG_EXPAND_SZ)
207. 
208. [HKLM\Software\Classes\Drive\shell\find\command]
209. ""="%SystemRoot%\Explorer.exe" (REG_EXPAND_SZ)
210. 
211. [HKLM\Software\Classes\fndfile\shell\open\command]
212. ""="%SystemRoot%\Explorer.exe" (REG_EXPAND_SZ)
213. 
214. [HKLM\Software\Classes\Folder\shell\explore\command]
215. ""="%SystemRoot%\Explorer.exe /e,/idlist,%I,%L" (REG_EXPAND_SZ)
216. 
217. [HKLM\Software\Classes\Folder\shell\open\command]
218. ""="%SystemRoot%\Explorer.exe /idlist,%I,%L" (REG_EXPAND_SZ)
219. 
220. [HKLM\Software\Classes\Publishing Folder\shell\explore\command]
221. ""="explorer.exe /e,/idlist,%I,%L" (REG_SZ)
222. 
223. [HKLM\Software\Classes\Publishing Folder\shell\open\command]
224. ""="explorer.exe /idlist,%I,%L" (REG_SZ)
225. 
226. [HKLM\Software\Classes\SHCmdFile\shell\open\command]
227. ""="explorer.exe" (REG_SZ)
228. 
229. [HKLM\Software\Classes\Shell\shell\explore\command]
230. ""="%SystemRoot%\Explorer.exe /e,/idlist,%I,%L" (REG_EXPAND_SZ)
231. 
232. [HKLM\Software\Classes\Shell\shell\open\command]
233. ""="%SystemRoot%\Explorer.exe /idlist,%I,%L" (REG_EXPAND_SZ)
234. 
235. [HKLM\Software\Microsoft\Internet Explorer\International]
236. "explorer.exe"="6.0.2600.0-6.0.9999.9999" (REG_SZ)
237. 
238. [HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS]
239. "explorer.exe"="1" (REG_DWORD)
240. 
241. [HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL]
242. "explorer.exe"="1" (REG_DWORD)
243. 
244. [HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
245. "explorer.exe"="1" (REG_DWORD)
246. 
247. [HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER]
248. "explorer.exe"="4" (REG_DWORD)
249. 
250. [HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER]
251. "explorer.exe"="2" (REG_DWORD)
252. 
253. [HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING]
254. "explorer.exe"="1" (REG_DWORD)
255. 
256. [HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING]
257. "explorer.exe"="1" (REG_DWORD)
258. 
259. [HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING]
260. "explorer.exe"="1" (REG_DWORD)
261. 
262. [HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN]
263. "explorer.exe"="0" (REG_DWORD)
264. 
265. [HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT]
266. "explorer.exe"="1" (REG_DWORD)
267. 
268. [HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT]
269. "explorer.exe"="1" (REG_DWORD)
270. 
271. [HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS]
272. "explorer.exe"="1" (REG_DWORD)
273. 
274. [HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION]
275. "explorer.exe"="1" (REG_DWORD)
276. 
277. [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\FileAssociation]
278. "KillList"="%1;explorer.exe;dvdplay.exe;mplay32.exe;msohtmed.exe;quikview.exe;rundll.exe;rundll32.exe;taskman.exe;bck32api.dll;" (REG_SZ)
279. 
280. [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\MyComp]
281. "Bitmap"="%SystemRoot%\explorer.exe,100" (REG_SZ)
282. 
283. [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\LockDown_zones\0]
284. "Icon"="explorer.exe#0100" (REG_SZ)
285. 
286. [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
287. "Icon"="explorer.exe#0100" (REG_SZ)
288. 
289. [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
290. "Shell"="Explorer.exe" (REG_SZ)
291. 
292. [HKLM\System\ControlSet001\Control\Terminal Server\SysProcs]
293. "winlogon.exe"="0" (REG_DWORD)
294. 
295. [HKLM\System\ControlSet001\Services\Eventlog\Application\Autochk]
296. "EventMessageFile"="%SystemRoot%\System32\winlogon.exe" (REG_EXPAND_SZ)
297. 
298. [HKLM\System\ControlSet001\Services\Eventlog\Application\Winlogon]
299. "EventMessageFile"="%SystemRoot%\System32\winlogon.exe" (REG_EXPAND_SZ)
300. 
301. [HKLM\System\ControlSet002\Control\Terminal Server\SysProcs]
302. "winlogon.exe"="0" (REG_DWORD)
303. 
304. [HKLM\System\ControlSet002\Services\Eventlog\Application\Autochk]
305. "EventMessageFile"="%SystemRoot%\System32\winlogon.exe" (REG_EXPAND_SZ)
306. 
307. [HKLM\System\ControlSet002\Services\Eventlog\Application\Winlogon]
308. "EventMessageFile"="%SystemRoot%\System32\winlogon.exe" (REG_EXPAND_SZ)
309. 
310. [HKLM\System\ControlSet003\Control\Terminal Server\SysProcs]
311. "winlogon.exe"="0" (REG_DWORD)
312. 
313. [HKLM\System\ControlSet003\Services\Eventlog\Application\Autochk]
314. "EventMessageFile"="%SystemRoot%\System32\winlogon.exe" (REG_EXPAND_SZ)
315. 
316. [HKLM\System\ControlSet003\Services\Eventlog\Application\Winlogon]
317. "EventMessageFile"="%SystemRoot%\System32\winlogon.exe" (REG_EXPAND_SZ)
318. 
319. [HKLM\System\CurrentControlSet\Control\Terminal Server\SysProcs]
320. "winlogon.exe"="0" (REG_DWORD)
321. 
322. [HKLM\System\CurrentControlSet\Services\Eventlog\Application\Autochk]
323. "EventMessageFile"="%SystemRoot%\System32\winlogon.exe" (REG_EXPAND_SZ)
324. 
325. [HKLM\System\CurrentControlSet\Services\Eventlog\Application\Winlogon]
326. "EventMessageFile"="%SystemRoot%\System32\winlogon.exe" (REG_EXPAND_SZ)
327. 
328. [HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0]
329. "Icon"="explorer.exe#0100" (REG_SZ)
330. 
331. [HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
332. "Icon"="explorer.exe#0100" (REG_SZ)
333. 
334. [HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0]
335. "Icon"="explorer.exe#0100" (REG_SZ)
336. 
337. [HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
338. "Icon"="explorer.exe#0100" (REG_SZ)
339. 
340. [HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0]
341. "Icon"="explorer.exe#0100" (REG_SZ)
342. 
343. [HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
344. "Icon"="explorer.exe#0100" (REG_SZ)
345. 
346. [HKU\S-1-5-21-1993962763-507921405-1801674531-1003\Software\MainConcept (Muvee)\MainConcept (Muvee) MP4 Demultiplexer\Explorer.EXE]
347. DA: 07/07/2010 17:18:21
348. 
349. [HKU\S-1-5-21-1993962763-507921405-1801674531-1003\Software\MainConcept (Muvee)\MainConcept (Muvee) MPEG Demultiplexer\Explorer.EXE]
350. DA: 07/07/2010 17:18:21
351. 
352. [HKU\S-1-5-21-1993962763-507921405-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0]
353. "Icon"="explorer.exe#0100" (REG_SZ)
354. 
355. [HKU\S-1-5-21-1993962763-507921405-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
356. "Icon"="explorer.exe#0100" (REG_SZ)
357. 
358. [HKU\S-1-5-21-1993962763-507921405-1801674531-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
359. "C:\windows\Explorer.EXE"="Explorateur Windows" (REG_SZ)
360. 
361. [HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0]
362. "Icon"="explorer.exe#0100" (REG_SZ)
363. 
364. [HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
365. "Icon"="explorer.exe#0100" (REG_SZ)
366. 
367. =========================
368. 
369. Fin à: 15:42:42 le 31/10/2010
370. 214831 Éléments analysés
371. 
372. =========================
373. E.O.F

Besoin d'aide virus VBS/Generic, WIN 32 Heur

10 réponses

Discussions similaires