rapport ad remover suite pages de pubs Fermé

Question

Bonjour, Configuration: Windows XP / Firefox 3.6.12 j'ai besoin d'aide. J'ai des page de pub sous internet explorer qui s'ouvrent toutes seules. voici le rapport ad remover et ZHPDiag merci Rapport de ZHPDiag v1.21 par Nicolas Coolman Enregistré le 22/11/2010 18:10:54 Platform : Microsoft Windows XP (5.1.2600) Service Pack 3 MSIE: Internet Explorer v7.0.5730.13 MFIE: Mozilla Firefox (3.6.12) ---\ C:\Program Files\Unlocker\UnlockerAssistant.exe Rundll32.exe SOUNDMAN.EXE C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Brother\ControlCenter3\brctrcen.exe C:\Program Files\SweetIM\Messenger\SweetIM.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Creative\Shared Files\CamTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\uTorrent\uTorrent.exe C:\Documents and Settings\Vincent Boisnel\Application Data\Microsoft-Driver-5858-2574\winsvcrn.exe C:\DOCUME~1\VINCEN~1\LOCALS~1\Temp\Qs1.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\FsUsbExService.Exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\WINDOWS\system32\mfevtps.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\spoolsv.exe ---\ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://froui.com/ ---\ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local ---\ O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (not file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O2 - BHO: jeuxob.fr Toolbar - {f78e6501-b9de-48b9-b86c-6da8542ccc4e} - C:\Program Files\jeuxob.fr bjeu2.dll O2 - BHO: OfferBox - {FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C} - C:\Program Files\OfferBox\OfferBoxBHO.dll ---\ O3 - Toolbar: 1 - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: jeuxob.fr Toolbar - {f78e6501-b9de-48b9-b86c-6da8542ccc4e} - C:\Program Files\jeuxob.fr bjeu2.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll ---\ O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [eorezo] O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray O4 - HKCU\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe O4 - HKCU\..\Run: [EPSON Stylus SX200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\DOCUME~1\VINCEN~1\LOCALS~1\Temp\E_S2B.tmp" /EF "HKCU" O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [MicrosoftMSDUpdateService] C:\Documents and Settings\Vincent Boisnel\Application Data\Microsoft-Driver-5858-2574\winsvcrn.exe O4 - HKCU\..\Run: [HJRUDZ5DT2] C:\DOCUME~1\VINCEN~1\LOCALS~1\Temp\Qs1.exe O4 - HKCU\..\Run: [6BTOP2GA8A] C:\WINDOWS\Qturic.exe O4 - HKLM\..\policies\Explorer: [HonorAutoRunSetting] Data="1" O4 - Global Startup: McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe O4 - Global Startup: Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe ---\ O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html ---\ O9 - Extra button: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll,201 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFBARH.ICO O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe,302 ---\ O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://copainsdavant.linternaute.com/... O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab ---\ O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL ---\ O20 - Winlogon Notify: WlDimsStartup - C:\WINDOWS\System32\%SystemRoot%\System32\dimsntfy.dll O20 - Winlogon Notify: WLEventStartup - C:\WINDOWS\System32\WgaLogon.dll ---\ O23 - Service: Apple Mobile Device (Apple Mobile Device) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FsUsbExService (FsUsbExService) - C:\WINDOWS\system32\FsUsbExService.Exe O23 - Service: Service Google Update (gupdate1ca75ba3517b656) (gupdate1ca75ba3517b656) - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc O23 - Service: Java Quick Starter (JavaQuickStarterService) - C:\Program Files\Java\jre6\bin\jqs.exe -service -config C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf O23 - Service: McAfee Engine Service (McAfeeEngineService) - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe O23 - Service: Service McAfee Framework (McAfeeFramework) - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart O23 - Service: McAfee McShield (McShield) - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - C:\WINDOWS\system32\mfevtps.exe O23 - Service: SeaPort (SeaPort) - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe O23 - Service: Spouleur d'impression (Spooler) - C:\WINDOWS\system32\spoolsv.exe End of the scan: 142 lines ===== RAPPORT D'AD-REMOVER 2.0.0.1,B | UNIQUEMENT XP/VISTA/7 ======= Mis à jour par C_XX le 13/06/10 à 20:40 Contact: AdRemover.contact@gmail.com Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 18:50:10 le 22/11/2010, Mode normal Microsoft Windows XP Professionnel Service Pack 3 (X86) sousou, BOISNEL-4EE5F96 ( ) ============== RECHERCHE ============== 0,Dossier trouvé: C:\Documents and Settings\Vincent Boisnel\Application Data\Mozilla\FireFox\Profiles\xv7856va.default\alot-toolbar 0,Dossier trouvé: C:\Documents and Settings\Vincent Boisnel\Application Data\Mozilla\FireFox\Profiles\xv7856va.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} 0,Dossier trouvé: C:\Documents and Settings\Vincent Boisnel\Application Data\Mozilla\FireFox\Profiles\xv7856va.default\extensions oolbar@alot.com 0,Fichier trouvé: C:\Documents and Settings\Vincent Boisnel\Application Data\Mozilla\FireFox\Profiles\xv7856va.default\searchplugins\alot-search.xml 0,Fichier trouvé: C:\Documents and Settings\Vincent Boisnel\Application Data\Mozilla\FireFox\Profiles\xv7856va.default\searchplugins\sweetim.xml 0,Dossier trouvé: C:\Documents and Settings\Vincent Boisnel\Application Data\Mozilla\FireFox\Profiles\xv7856va.default\SweetIMToolbarData 0,Dossier trouvé: C:\Documents and Settings\Vincent Boisnel\Local Settings\Application Data\Conduit 0,Dossier trouvé: C:\Program Files\Conduit 0,Dossier trouvé: C:\Documents and Settings\Vincent Boisnel\Application Data\DesktopIcon 0,Dossier trouvé: C:\Documents and Settings\Vincent Boisnel\Application Data\EoRezo 0,Dossier trouvé: C:\Documents and Settings\Vincent Boisnel\Application Data\iWin 0,Dossier trouvé: C:\Documents and Settings\All Users\Application Data\SweetIM 0,Dossier trouvé: C:\Program Files\SweetIM 3,Fichier trouvé: C:\WINDOWS\Installer\14eca3.msi 3,Fichier trouvé: C:\WINDOWS\Installer\14eca9.msi 3,Fichier trouvé: C:\WINDOWS\Installer\2b07ded.msi -- Fichier ouvert: C:\Documents and Settings\Vincent Boisnel\Application Data\Mozilla\FireFox\Profiles\xv7856va.default\Prefs.js -- Ligne trouvée: user_pref("browser.search.order.1", "Web Search"); Ligne trouvée: user_pref("browser.startup.homepage", "hxxp://y.lo.st"); Ligne trouvée: user_pref("extensions.alottb.errorUrl", "hxxp://search.alot.com/error?q=[QRY]&pr=errs&src_id=11498&c... Ligne trouvée: user_pref("extensions.alottb.histData", "CCleaner site grandin manuelle grandin cdiscount.fr ai... Ligne trouvée: user_pref("extensions.alottb.instance..index", ""); Ligne trouvée: user_pref("extensions.alottb.instance.3.index", "0"); Ligne trouvée: user_pref("extensions.alottb.lastCoreUpdate", "Mon, 22 Nov 2010 14:07:55 GMT"); Ligne trouvée: user_pref("extensions.alottb.lastHeartbeat", "Mon, 22 Nov 2010 14:07:54 GMT"); Ligne trouvée: user_pref("extensions.alottb.lastSearch", "Mon, 22 Nov 2010 14:30:34 GMT"); Ligne trouvée: user_pref("extensions.alottb.lastVersion", "2.4.6000"); Ligne trouvée: user_pref("extensions.alottb.maxInstance", 8); Ligne trouvée: user_pref("extensions.alottb.oldKeyword", "hxxp://search.sweetim.com/search.asp?src=2&q="); Ligne trouvée: user_pref("extensions.alottb.param.camp_id_stop", true); Ligne trouvée: user_pref("extensions.alottb.param.client_id", "98eef608d472d46c7c847fe9"); Ligne trouvée: user_pref("extensions.alottb.param.it", 1288455940); Ligne trouvée: user_pref("extensions.alottb.param.src_id", 11498); Ligne trouvée: user_pref("extensions.alottb.param.version", "2.4.6000"); Ligne trouvée: user_pref("extensions.alottb.pref.changedSearchProvider", true); Ligne trouvée: user_pref("extensions.alottb.pref.defaultSearch", true); Ligne trouvée: user_pref("extensions.alottb.visible", true); Ligne trouvée: user_pref("keyword.URL", "hxxp://search.alot.com/web?&src_id=11498&client_id=98eef608d472d46c7c847fe... Ligne trouvée: user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0"); Ligne trouvée: user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7"); Ligne trouvée: user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log"); Ligne trouvée: user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000"); Ligne trouvée: user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7"); Ligne trouvée: user_pref("sweetim.toolbar.mode.debug", "false"); Ligne trouvée: user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.alot.com/web?&src_id=11498&client_i... Ligne trouvée: user_pref("sweetim.toolbar.search.external", "

Utilisateur anonyme · Answer

salut,

1/ passe a l'option nettoyer avec AD-remover

2/ poste ton zhpdiag sur ce site: http://www.cijoint.fr/

+++

Utilisateur anonyme · Answer

re, oulala, ton rapport est plus que incomplet...

suis cette procédure: 

----->ZHPDIAG<-----

/!\ utilisateur de vista et seven, désactiver l'UAC./!\

/!\ utilisateur de vista et seven faite clique droit et "éxécuter en temps qu'administrateur/!\

>  Télécharge zhpdiag (de Nicolas Coolman)

> Laisse toi guider lors de l'installation, il se lancera automatiquement à la fin.

>  /!\Utilisateur de Vista et Seven : Clique droit sur le logo de ZHPdiag, « exécuter en tant qu'Administrateur »/!\

> Clique sur la petite loupe en haut à gauche pour débuter l'analyse :

>attention, le scan peut durer un certain temps, ne touche a rien d'autre tant que le scan est en cour

> Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette

>  Héberge le rapport ZHPDiag.txt sur cijoint, puis copie/colle le lien fourni                                          dans ta prochaine réponse sur le forum.


retélécharge le, tu n'as pas la dernière version...
++

Utilisateur anonyme · Answer

re,  

bon, ya du travail un peu, pas mal d'infection.  

avant de commencer la désinfection,  

 Rends toi sur ce site :   

https://www.virustotal.com/gui/   

> Copie ce qui suit et colle le dans l'espace pour la recherche :   


C:\Documents and Settings\Vincent Boisnel\Application Data\Microsoft-Driver-5858-2574\winsvcrn.exe     


> Clique sur Send File ( = " Envoyer le fichier " ).   

>Un rapport va s'élaborer ligne à ligne.   

>donne moi le lien internet avec les résultats.  

( Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton Ré-analyse le fichier maintenant )  



niveau supérieur sur HELPER FORMATION.

nana · Answer

Tu crois que le nettoyage prendra du temps?
Car je dois bientôt me déconnecter.
T'inquiète pas je ne te presse pas ni remet en cause ton aide
Merci déja beaucoup de m'aider.

Utilisateur anonyme · Answer

re,

je comprends pas trop
j'ai mis lefichier et cela fait un moment qu'il affiche:

Performing URL submission

Please wait while submitting the URL provided

c'est que le fichier ce charge, laisse le charger. 

en tout cas, passe a ceci: 

                 MBAM : 

> Télécharge MBAM 


> Tu auras un tutoriel à ta disposition pour l'installer et l'utiliser correctement. 


> Fais la mise à jour du logiciel /!\(elle se fait normalement à l'installation)/!\  


> A l'apparition de la fenêtre de MBAM, clique sur «exécuter un examen complet» 


> Sélectionne les disques que tu veux analyser et clique sur "Lancer l'examen" 


> L'analyse peut durer un plusieurs heures... 


> Une fois l'analyse terminée, clique sur "OK" puis sur "Afficher les résultats" 


> Vérifie que tout est bien coché et clique sur "Supprimer la sélection" => et ensuite sur "OK" 


> Un rapport va s'ouvrir dans le bloc note... Fais un copié/collé du rapport dans ta prochaine réponse sur le forum 


> Si le logiciel te demande de redémarrer, fais le en cliquant sur « OUI »

nana · Answer

j'ai déja mbam sur le pc.
j'essaye de le redémarrer mais impossible,il ne veut pas s'ouvrir.

nana · Answer

non, je clique plusieurs fois dessus pour l'ouvrir dans demarrer et sinon directement dans c:// mais rien n'y fait

Utilisateur anonyme · Answer

bien, si MBAM ne veut pas marcher:

               LIST_KILL'EM

* Télécharge  List_Kill'em de gen-hackman

* list&Kill'em est un scanner généraliste qui repère et supprime de nombreuses infections , il se peut qu'il soit détecter a tord par ton antivirus, dans ce cas la, désactive ton antivirus, on le réactivera a la fin.


 ICI  >> List&Kill'em de gen-hackman 
* enregistre le sur ton bureau
* si tu as XP => double clique
* si tu as Vista ou windows 7 => clic droit >> executer en tant qu'administrateur
*sur le raccourci sur ton bureau pour lancer l'installation
>> Laisse coché :

* Executer Shortcut
* Executer List_Kill'em

*une fois terminée , clic sur "terminer" et le programme se lancera seul
*choisis l'option >>  SEARCH 
*laisse travailler l'outil
* il se peut qu'une boite de dialogue s'ouvre , dans ce cas clique sur ok
* A l'apparition de la fenetre blanche , c'est un peu long , c'est normal ,c'est une recherche supplementaire de fichiers cachés , le programme n'est pas bloqué.

* Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
* Héberge le rapport sur ce site, 
>> Cijoint.fr 
* puis copie/colle le lien fourni dans ta prochaine réponse sur le forum. 

* Réactive ton antivirus

nana · Answer

¤¤¤¤¤¤¤¤¤¤ List'em by g3n-h@ckm@n 2.1.2.0 ¤¤¤¤¤¤¤¤¤¤

User : sousou (Administrateurs)
Update on 22/11/2010 by g3n-h@ckm@n ::::: 21.00
Start at: 21:26:02 | 22/11/2010

Intel(R) Celeron(R) D CPU 3.20GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Enabled
AV : McAfee VirusScan Enterprise 8.7.0.570 [ Enabled | Updated ]

C:\ -> Disque fixe local | 90,47 Go (38,21 Go free) | NTFS
D:\ -> Disque amovible
E:\ -> Disque amovible
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque fixe local | 90,94 Go (90,7 Go free) [ACERDATA] | FAT32
I:\ -> Disque CD-ROM
J:\ -> Disque fixe local | 931,51 Go (732,55 Go free) [Expansion Drive] | NTFS

¤¤¤¤¤ Sessions ¤¤¤¤¤

Boot: Normal

¤¤¤¤¤¤ Processes ------- Memory(Ko) ------- Priority ------ Command ------- Signer

C:\WINDOWS\System32\smss.exe ---- 404 Ko ---- Normal ---- \SystemRoot\System32\smss.exe ----
C:\WINDOWS\system32\csrss.exe ---- 4692 Ko ---- Normal ---- C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ----
C:\WINDOWS\system32\winlogon.exe ---- 3832 Ko ---- High ---- winlogon.exe ----
C:\WINDOWS\system32\services.exe ---- 12112 Ko ---- Normal ---- C:\WINDOWS\system32\services.exe ----
C:\WINDOWS\system32\lsass.exe ---- 32704 Ko ---- Normal ---- C:\WINDOWS\system32\lsass.exe ----
C:\WINDOWS\system32\svchost.exe ---- 29564 Ko ---- Normal ---- C:\WINDOWS\system32\svchost -k DcomLaunch ----
C:\WINDOWS\system32\svchost.exe ---- 29344 Ko ---- Normal ---- C:\WINDOWS\system32\svchost -k rpcss ----
C:\WINDOWS\System32\svchost.exe ---- 74064 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k netsvcs ----
C:\WINDOWS\system32\svchost.exe ---- 26032 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup ----
C:\WINDOWS\system32\svchost.exe ---- 24028 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k NetworkService ----
C:\WINDOWS\system32\svchost.exe ---- 29196 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k LocalService ----
C:\WINDOWS\system32\spoolsv.exe ---- 34328 Ko ---- Normal ---- C:\WINDOWS\system32\spoolsv.exe ----
C:\WINDOWS\system32\svchost.exe ---- 27296 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k LocalService ----
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe ---- 3224 Ko ---- Normal ---- "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" ---- Apple Inc.
C:\Program Files\Bonjour\mDNSResponder.exe ---- 3636 Ko ---- Normal ---- "C:\Program Files\Bonjour\mDNSResponder.exe" ---- Apple Inc.
C:\WINDOWS\system32\FsUsbExService.Exe ---- 2668 Ko ---- Normal ---- C:\WINDOWS\system32\FsUsbExService.Exe ----
C:\Program Files\Java\jre6\bin\jqs.exe ---- 1384 Ko ---- Idle ---- "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" ---- Sun Microsystems, Inc.
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe ---- 1720 Ko ---- Normal ---- "C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe" ---- McAfee, Inc.
C:\Program Files\McAfee\Common Framework\FrameworkService.exe ---- 6344 Ko ---- Normal ---- "C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart ---- McAfee, Inc.
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe ---- 1784 Ko ---- Normal ---- "C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe" ---- McAfee, Inc.
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe ---- 696 Ko ---- Normal ---- "C:\Program Files\McAfee\Common Framework\naPrdMgr.exe" -Embedding ---- McAfee, Inc.
C:\WINDOWS\system32\mfevtps.exe ---- 12632 Ko ---- Normal ---- C:\WINDOWS\system32\mfevtps.exe ---- McAfee, Inc.
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe ---- 7528 Ko ---- Normal ---- "C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" ---- Microsoft Corporation
C:\WINDOWS\system32\svchost.exe ---- 31412 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k imgsvc ----
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe ---- 59680 Ko ---- High ---- "C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe" ---- McAfee, Inc.
C:\WINDOWS\system32\wuauclt.exe ---- 8096 Ko ---- Normal ---- "C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[340]SUSDS783de0159fa7c34e8a7eb18de1cfe616 ---- Microsoft Windows Component Publisher
C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe ---- 4200 Ko ---- Normal ---- "C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe" 2004 ---- McAfee, Inc.
C:\WINDOWS\system32\wbem\wmiapsrv.exe ---- 4548 Ko ---- Normal ---- C:\WINDOWS\system32\wbem\wmiapsrv.exe ----
C:\WINDOWS\system32\wbem\wmiprvse.exe ---- 5172 Ko ---- Normal ---- C:\WINDOWS\system32\wbem\wmiprvse.exe ----
C:\WINDOWS\System32\alg.exe ---- 3552 Ko ---- Normal ---- C:\WINDOWS\System32\alg.exe ----
C:\WINDOWS\Explorer.EXE ---- 21972 Ko ---- Normal ---- C:\WINDOWS\Explorer.EXE ----
C:\WINDOWS\Qturic.exe ---- 36864 Ko ---- High ---- "C:\WINDOWS\Qturic.exe" ----
C:\WINDOWS\SOUNDMAN.EXE ---- 3012 Ko ---- Normal ---- "C:\WINDOWS\SOUNDMAN.EXE" ----
C:\Program Files\McAfee\Common Framework\udaterui.exe ---- 1808 Ko ---- Normal ---- "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey ---- McAfee, Inc.
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE ---- 872 Ko ---- Normal ---- "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE ---- McAfee, Inc.
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe ---- 2836 Ko ---- Normal ---- "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" ---- Nuance Communications, Inc.
C:\Program Files\McAfee\Common Framework\McTray.exe ---- 2588 Ko ---- Normal ---- /load ---- McAfee, Inc.
C:\Program Files\Java\jre6\bin\jusched.exe ---- 2404 Ko ---- Normal ---- "C:\Program Files\Java\jre6\bin\jusched.exe" ---- Sun Microsystems, Inc.
C:\Program Files\Messenger\msmsgs.exe ---- 5464 Ko ---- Normal ---- "C:\Program Files\Messenger\msmsgs.exe" /background ----
C:\Program Files\Creative\Shared Files\CamTray.exe ---- 4780 Ko ---- Normal ---- "C:\Program Files\Creative\Shared Files\CamTray.exe" ----
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe ---- 19280 Ko ---- Normal ---- "C:\Program Files\Brother\ControlCenter3\brccMCtl.exe" /autorun ----
C:\Program Files\Windows Live\Messenger\msnmsgr.exe ---- 2584 Ko ---- Normal ---- "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background ---- Microsoft Corporation
C:\WINDOWS\system32\ctfmon.exe ---- 3360 Ko ---- Normal ---- "C:\WINDOWS\system32\ctfmon.exe" ----
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ---- 1452 Ko ---- Normal ---- "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ---- Google Inc
C:\WINDOWS\System32\svchost.exe ---- 3404 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k HTTPFilter ----
C:\Program Files\uTorrent\uTorrent.exe ---- 13048 Ko ---- Normal ---- "C:\Program Files\uTorrent\uTorrent.exe" ---- BitTorrent Inc
C:\Documents and Settings\Vincent Boisnel\crssnrs.exe ---- 2884 Ko ---- Normal ---- "C:\Documents and Settings\Vincent Boisnel\crssnrs.exe" ----
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe ---- 2088 Ko ---- Normal ---- "C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe" ---- McAfee, Inc.
C:\WINDOWS\system32\sistray.exe ---- 3484 Ko ---- Normal ---- "C:\WINDOWS\system32\sistray.exe" ----
C:\Documents and Settings\Vincent Boisnel\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe ---- 2800 Ko ---- Normal ---- "C:\Documents and Settings\Vincent Boisnel\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe" ----
C:\Program Files\Mozilla Firefox\firefox.exe ---- 76680 Ko ---- Normal ---- "C:\Program Files\Mozilla Firefox\firefox.exe" ---- Mozilla Corporation
C:\Documents and Settings\Vincent Boisnel\Application Data\Microsoft-Driver-Service-5836-2574-8888\winmsnmngr.exe ---- 2856 Ko ---- Normal ---- "C:\Documents and Settings\Vincent Boisnel\Application Data\Microsoft-Driver-Service-5836-2574-8888\winmsnmngr.exe" ----
C:\Program Files\OfferBox\OfferBox.exe ---- 46912 Ko ---- Normal ---- "C:\Program Files\OfferBox\OfferBox.exe" -Embedding ---- Secure Digital Services Limited
C:\Program Files\Mozilla Firefox\plugin-container.exe ---- 26140 Ko ---- Normal ---- "C:\Program Files\Mozilla Firefox\plugin-container.exe" --channel=2524.6248e40.502811749 "C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll" 2524 plugin \\.\pipe\gecko-crash-server-pipe.2524 ---- Mozilla Corporation
C:\WINDOWS\system32\cmd.exe ---- 2804 Ko ---- Normal ---- C:\WINDOWS\system32\cmd.exe /K List'em.bat ----
C:\WINDOWS\system32\wbem\wmiprvse.exe ---- 6820 Ko ---- Normal ---- C:\WINDOWS\system32\wbem\wmiprvse.exe ----
C:\Program Files\List_Kill'em\pv.exe ---- 2760 Ko ---- Normal ---- pv -o"%f ---- %m Ko ---- %p ---- %l ---- %s" ----

¤¤¤¤¤¤¤¤¤¤ Keys "Run" ¤¤¤¤¤¤¤¤¤¤

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSMSGS REG_SZ "C:\Program Files\Messenger\msmsgs.exe" /background
BitComet REG_SZ "C:\Program Files\BitComet\BitComet.exe" /tray
Creative WebCam Tray REG_SZ C:\Program Files\Creative\Shared Files\CamTray.exe
EPSON Stylus SX200 Series REG_SZ C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\DOCUME~1\VINCEN~1\LOCALS~1\Temp\E_S2B.tmp" /EF "HKCU"
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uTorrent REG_SZ "C:\Program Files\uTorrent\uTorrent.exe"
MicrosoftMSDUpdateService REG_SZ C:\Documents and Settings\Vincent Boisnel\Application Data\Microsoft-Driver-5858-2574\winsvcrn.exe
HJRUDZ5DT2 REG_SZ C:\DOCUME~1\VINCEN~1\LOCALS~1\Temp\Qs1.exe
6BTOP2GA8A REG_SZ C:\WINDOWS\Qturic.exe
MSNServices2011 REG_SZ C:\Documents and Settings\Vincent Boisnel\crssnrs.exe
NIBIOM REG_SZ C:\Documents and Settings\Vincent Boisnel\Application Data\Microsoft-Driver-Service-5836-2574-8888\winmsnmngr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
UnlockerAssistant REG_SZ "C:\Program Files\Unlocker\UnlockerAssistant.exe"
SiSPower REG_SZ Rundll32.exe SiSPower.dll,ModeAgent
SoundMan REG_SZ SOUNDMAN.EXE
McAfeeUpdaterUI REG_SZ "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
ShStatEXE REG_SZ "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
FaxCenterServer REG_SZ "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
SSBkgdUpdate REG_SZ "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
PaperPort PTD REG_SZ "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
IndexSearch REG_SZ "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
PPort11reminder REG_SZ "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
BrMfcWnd REG_SZ C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
ControlCenter3 REG_SZ C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Adobe ARM REG_SZ "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

¤¤¤¤¤¤¤¤¤¤ Other System Keys ¤¤¤¤¤¤¤¤¤¤

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 323 (0x143)
NoSMConfigurePrograms REG_DWORD 1 (0x1)
NoRecentDocsMenu REG_DWORD 1 (0x1)
NoRecentDocsHistory REG_DWORD 1 (0x1)
NoStartMenuPinnedList REG_DWORD 1 (0x1)
ClearRecentDocsOnExit REG_DWORD 1 (0x1)
NoSMHelp REG_DWORD 0 (0x0)
NoDriveAutoRun REG_DWORD 67108863 (0x3ffffff)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 1 (0x1)
NoDriveAutoRun REG_DWORD 67108863 (0x3ffffff)
NoDriveTypeAutoRun REG_DWORD 323 (0x143)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
Shell REG_SZ Explorer.exe
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\McAfee\Common Framework\FrameworkService.exe REG_SZ C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service
C:\Program Files\BitComet\BitComet.exe REG_SZ C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client
C:\Program Files\Free Download Manager\fdm.exe REG_SZ C:\Program Files\Free Download Manager\fdm.exe:*:Enabled:Free Download Manager
C:\Program Files\Bonjour\mDNSResponder.exe REG_SZ C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
C:\Program Files\BitTornado\btdownloadgui.exe REG_SZ C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui
C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\Documents and Settings\Vincent Boisnel\Bureau\jeux psp\PSP\BitTornado\btdownloadgui.exe REG_SZ C:\Documents and Settings\Vincent Boisnel\Bureau\jeux psp\PSP\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui
C:\Program Files\VideoLAN\VLC\vlc.exe REG_SZ C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player
C:\Program Files\uTorrent\uTorrent.exe REG_SZ C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
C:\Documents and Settings\Vincent Boisnel\Application Data\Microsoft-Driver-5858-2574\winsvcrn.exe REG_SZ C:\Documents and Settings\Vincent Boisnel\Application Data\Microsoft-Driver-5858-2574\winsvcrn.exe:*:Enabled:MicrosoftMSDUpdateService
C:\Documents and Settings\Vincent Boisnel\Application Data\Microsoft-Driver-Service-5836-2574-8888\winmsnmngr.exe REG_SZ C:\Documents and Settings\Vincent Boisnel\Application Data\Microsoft-Driver-Service-5836-2574-8888\winmsnmngr.exe:*:Enabled:NIBIOM

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare

¤¤¤¤¤¤¤¤¤¤ ActivX | COM ¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{17492023-C23A-453E-A040-C7C580BBF700}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{233C1507-6A77-46A4-9443-F871F945D258}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A3320D6-C805-4280-B423-B665BDE33D8F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2F6EFCE6-10DF-49F9-9E64-9AE3775B2588}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4b218e3e-bc98-4770-93d3-2731b9329278}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B508B3F1-A24A-32C0-B310-85786919EF28}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]

¤¤¤¤¤¤¤¤¤¤ BHO ¤¤¤¤¤¤¤¤¤¤

[<NO NAME> REG_SZ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{f78e6501-b9de-48b9-b86c-6da8542ccc4e}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}]

¤¤¤¤¤¤¤¤¤¤ DNS ¤¤¤¤¤¤¤¤¤¤

HKLM\SYSTEM\CCS\Services\Tcpip\..\{733CD1BB-85A3-4CA8-A933-C3E1FA3B4934}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F5E90DB9-215F-40ED-ABDB-0CA1A235F3CC}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\..\{733CD1BB-85A3-4CA8-A933-C3E1FA3B4934}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F5E90DB9-215F-40ED-ABDB-0CA1A235F3CC}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS2\Services\Tcpip\..\{733CD1BB-85A3-4CA8-A933-C3E1FA3B4934}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS2\Services\Tcpip\..\{F5E90DB9-215F-40ED-ABDB-0CA1A235F3CC}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240

¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr
Local Page REG_EXPAND_SZ %SystemRoot%\system32\blank.htm
Default_Search_URL REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_Page_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr
Local Page REG_SZ C:\WINDOWS\system32\blank.htm

¤¤¤¤¤ Proxy Internet Explorer

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
ProxyHttp1.1 REG_DWORD 1 (0x1)
ProxyEnable REG_DWORD 0 (0x0)

¤¤¤¤¤¤¤¤¤¤ Safemode ¤¤¤¤¤¤¤¤¤¤

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!

¤¤¤¤¤¤¤¤¤¤ Atapi.sys ¤¤¤¤¤¤¤¤¤¤

[MD5.9f3a2f5aa6875c72bf062c712cfa2674] - C:\WINDOWS\system32\drivers\atapi.sys

¤¤¤¤¤ Reference

Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP3 : 7A62A6C8303C9D026DD926F397B2FB57
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP1_32b : 95b858761a00e1d4f81f79a0da019aca
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Win XP_64 : 72C77044943340964FA513B92D6D6874
Win XP_64_SP2 : 7A1814D0D112F50F828E25557A1ED29F
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 338c86357871c167a96ab976519bf59e
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C

¤¤¤¤¤¤¤¤¤¤ Explorer ¤¤¤¤¤¤¤¤¤¤

[MD5.f2317622d29f9ff0f88aeecd5f60f0dd] - C:\WINDOWS\explorer.exe
[MD5.f2317622d29f9ff0f88aeecd5f60f0dd] - C:\WINDOWS\system32\dllcache\explorer.exe

¤¤¤¤¤¤¤¤¤¤ Winlogon ¤¤¤¤¤¤¤¤¤¤

[MD5.dd73d6b9f6b4cb630cf35b438b540174] - C:\WINDOWS\system32\winlogon.exe
[MD5.dd73d6b9f6b4cb630cf35b438b540174] - C:\WINDOWS\system32\dllcache\winlogon.exe

¤¤¤¤¤¤¤¤¤¤ Wininit ¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤ SVC | svchost ¤¤¤¤¤¤¤¤¤¤

svchost.exe 712 DcomLaunch, TermService
svchost.exe 768 RpcSs
svchost.exe 832 AudioSrv, BITS, Browser, CryptSvc, Dhcp,
dmserver, ERSvc, EventSystem,
FastUserSwitchingCompatibility, helpsvc,
HidServ, LanmanServer, lanmanworkstation,
Netman, Nla, RasMan, Schedule, seclogon,
SENS, SharedAccess, ShellHWDetection,
srservice, TapiSrv, Themes, TrkWks, W32Time,
winmgmt, wscsvc, wuauserv, WZCSVC
svchost.exe 872 WudfSvc
svchost.exe 1000 Dnscache
svchost.exe 1076 LmHosts, RemoteRegistry, SSDPSRV
svchost.exe 1300 WebClient
svchost.exe 1948 stisvc
svchost.exe 3788 HTTPFilter

¤¤¤¤¤¤¤¤¤¤ Mountpoints2 ¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤ First Scan ¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤

[HKEY_CURRENT_USER\software\3rd Eye Solutions]
[HKEY_CURRENT_USER\software\6BTOP2GA8A]
[HKEY_CURRENT_USER\software\ABBYY]
[HKEY_CURRENT_USER\software\AC3filter]
[HKEY_CURRENT_USER\software\Ad-Remover]
[HKEY_CURRENT_USER\software\Adobe]
[HKEY_CURRENT_USER\software\AppDataLow]
[HKEY_CURRENT_USER\software\Apple Computer, Inc.]
[HKEY_CURRENT_USER\software\Aurigma]
[HKEY_CURRENT_USER\software\Big Fish Games]
[HKEY_CURRENT_USER\software\BitComet]
[HKEY_CURRENT_USER\software\BitTorrent]
[HKEY_CURRENT_USER\software\Brother]
[HKEY_CURRENT_USER\software\Classes.crx]
[HKEY_CURRENT_USER\software\Clients]
[HKEY_CURRENT_USER\software\Codeminion]
[HKEY_CURRENT_USER\software\CoreVorbis]
[HKEY_CURRENT_USER\software\Creative Tech]
[HKEY_CURRENT_USER\software\DSP-worx]
[HKEY_CURRENT_USER\software\Enterbrain]
[HKEY_CURRENT_USER\software\EPSON]
[HKEY_CURRENT_USER\software\Gabest]
[HKEY_CURRENT_USER\software\GameHouse]
[HKEY_CURRENT_USER\software\GNU]
[HKEY_CURRENT_USER\software\GOG]
[HKEY_CURRENT_USER\software\Google]
[HKEY_CURRENT_USER\software\Haali]
[HKEY_CURRENT_USER\software\HJRUDZ5DT2]
[HKEY_CURRENT_USER\software\HookNetwork]
[HKEY_CURRENT_USER\software\IEPro]
[HKEY_CURRENT_USER\software\IM Providers]
[HKEY_CURRENT_USER\software\ImageViewer]
[HKEY_CURRENT_USER\software\Index Education]
[HKEY_CURRENT_USER\software\innoPlus]
[HKEY_CURRENT_USER\software\Intel]
[HKEY_CURRENT_USER\software\JavaSoft]
[HKEY_CURRENT_USER\software\JEDI-VCL]
[HKEY_CURRENT_USER\software\jeuxob.fr]
[HKEY_CURRENT_USER\software\JollyBear]
[HKEY_CURRENT_USER\software\Leadertech]
[HKEY_CURRENT_USER\software\Lexmark]
[HKEY_CURRENT_USER\software\Local AppWizard-Generated Applications]
[HKEY_CURRENT_USER\software\Macromedia]
[HKEY_CURRENT_USER\software\MagiciansHandbook2ReleaseV1.2]
[HKEY_CURRENT_USER\software\MagiciansHandbookCursedValley]
[HKEY_CURRENT_USER\software\Malwarebytes' Anti-Malware]
[HKEY_CURRENT_USER\software\Margrave 2]
[HKEY_CURRENT_USER\software\McAfee]
[HKEY_CURRENT_USER\software\Microsoft]
[HKEY_CURRENT_USER\software\Monitored]
[HKEY_CURRENT_USER\software\MOVDLTool]
[HKEY_CURRENT_USER\software\Mozilla]
[HKEY_CURRENT_USER\software\MozillaPlugins]
[HKEY_CURRENT_USER\software\Netscape]
[HKEY_CURRENT_USER\software\Nico Mak Computing]
[HKEY_CURRENT_USER\software\Notepad2]
[HKEY_CURRENT_USER\software\NtWqIVLZEWZU]
[HKEY_CURRENT_USER\software\Nuance]
[HKEY_CURRENT_USER\software\Oberon Media]
[HKEY_CURRENT_USER\software\ODBC]
[HKEY_CURRENT_USER\software\OfferBox]
[HKEY_CURRENT_USER\software\Piriform]
[HKEY_CURRENT_USER\software\PlanetPlayMore]
[HKEY_CURRENT_USER\software\Policies]
[HKEY_CURRENT_USER\software\RealNetworks]
[HKEY_CURRENT_USER\software\Samsung]
[HKEY_CURRENT_USER\software\ScanSoft]
[HKEY_CURRENT_USER\software\settings]
[HKEY_CURRENT_USER\software\Sysinternals]
[HKEY_CURRENT_USER\software\Test3D]
[HKEY_CURRENT_USER\software\toolbar]
[HKEY_CURRENT_USER\software\Trolltech]
[HKEY_CURRENT_USER\software\ValuSoft]
[HKEY_CURRENT_USER\software\VB and VBA Program Settings]
[HKEY_CURRENT_USER\software\Visioneer]
[HKEY_CURRENT_USER\software\WinRAR]
[HKEY_CURRENT_USER\software\WinRAR SFX]
[HKEY_CURRENT_USER\software\WinZip Computing]
[HKEY_CURRENT_USER\software\XML]
[HKEY_CURRENT_USER\software\Yahoo]
[HKEY_CURRENT_USER\software\YahooPartnerToolbar]
[HKEY_CURRENT_USER\software\Yamago]
[HKEY_CURRENT_USER\software\Zylom]
[HKEY_CURRENT_USER\software\Classes]

[<NO NAME> REG_SZ ]
[HKEY_LOCAL_MACHINE\software\A-Patch]
[HKEY_LOCAL_MACHINE\software\ABBYY]
[HKEY_LOCAL_MACHINE\software\Adobe]
[HKEY_LOCAL_MACHINE\software\AppDataLow]
[HKEY_LOCAL_MACHINE\software\Apple Computer, Inc.]
[HKEY_LOCAL_MACHINE\software\Apple Inc.]
[HKEY_LOCAL_MACHINE\software\Brother]
[HKEY_LOCAL_MACHINE\software\Brother Industries, Ltd.]
[HKEY_LOCAL_MACHINE\software\C07ft5Y]
[HKEY_LOCAL_MACHINE\software\CCleaner]
[HKEY_LOCAL_MACHINE\software\Classes]
[HKEY_LOCAL_MACHINE\software\Clients]
[HKEY_LOCAL_MACHINE\software\CometNetwork]
[HKEY_LOCAL_MACHINE\software\Creative Tech]
[HKEY_LOCAL_MACHINE\software\EPSON]
[HKEY_LOCAL_MACHINE\software\FaxManPorts]
[HKEY_LOCAL_MACHINE\software\FileZilla 3]
[HKEY_LOCAL_MACHINE\software\FileZilla Client]
[HKEY_LOCAL_MACHINE\software\Gabest]
[HKEY_LOCAL_MACHINE\software\GEAR Software]
[HKEY_LOCAL_MACHINE\software\Gemplus]
[HKEY_LOCAL_MACHINE\software\GNU]
[HKEY_LOCAL_MACHINE\software\Google]
[HKEY_LOCAL_MACHINE\software\HaaliMkx]
[HKEY_LOCAL_MACHINE\software\Hewlett-Packard]
[HKEY_LOCAL_MACHINE\software\HipSoft]
[HKEY_LOCAL_MACHINE\software\Index Education]
[HKEY_LOCAL_MACHINE\software\InstallShield]
[HKEY_LOCAL_MACHINE\software\Intel]
[HKEY_LOCAL_MACHINE\software\InterVideo]
[HKEY_LOCAL_MACHINE\software\JavaSoft]
[HKEY_LOCAL_MACHINE\software\jeuxob.fr]
[HKEY_LOCAL_MACHINE\software\Lexmark]
[HKEY_LOCAL_MACHINE\software\Licenses]
[HKEY_LOCAL_MACHINE\software\Macromedia]
[HKEY_LOCAL_MACHINE\software\Malwarebytes' Anti-Malware]
[HKEY_LOCAL_MACHINE\software\McAfee]
[HKEY_LOCAL_MACHINE\software\McAfee.com]
[HKEY_LOCAL_MACHINE\software\mcafeeupdater]
[HKEY_LOCAL_MACHINE\software\MCCI]
[HKEY_LOCAL_MACHINE\software\Microsoft]
[HKEY_LOCAL_MACHINE\software\Mozilla]
[HKEY_LOCAL_MACHINE\software\mozilla.org]
[HKEY_LOCAL_MACHINE\software\MozillaPlugins]
[HKEY_LOCAL_MACHINE\software\Network Associates]
[HKEY_LOCAL_MACHINE\software\NewSoft]
[HKEY_LOCAL_MACHINE\software\Nico Mak Computing]
[HKEY_LOCAL_MACHINE\software\NOS]
[HKEY_LOCAL_MACHINE\software\Nuance]
[HKEY_LOCAL_MACHINE\software\Oberon Media]
[HKEY_LOCAL_MACHINE\software\ODBC]
[HKEY_LOCAL_MACHINE\software\OfferBox]
[HKEY_LOCAL_MACHINE\software\Playtonium]
[HKEY_LOCAL_MACHINE\software\Policies]
[HKEY_LOCAL_MACHINE\software\Program Groups]
[HKEY_LOCAL_MACHINE\software\QTLite]
[HKEY_LOCAL_MACHINE\software\RealNetworks]
[HKEY_LOCAL_MACHINE\software\Realtek]
[HKEY_LOCAL_MACHINE\software\Realtek Semiconductor Corp.]
[HKEY_LOCAL_MACHINE\software\ReflexiveArcade]
[HKEY_LOCAL_MACHINE\software\RegisteredApplications]
[HKEY_LOCAL_MACHINE\software\RTLSetup]
[HKEY_LOCAL_MACHINE\software\ScanSoft]
[HKEY_LOCAL_MACHINE\software\Schlumberger]
[HKEY_LOCAL_MACHINE\software\Secure]
[HKEY_LOCAL_MACHINE\software\Silicon Integrated Systems Corp.]
[HKEY_LOCAL_MACHINE\software\SiS]
[HKEY_LOCAL_MACHINE\software\Stargaze Interactive]
[HKEY_LOCAL_MACHINE\software\Swearware]
[HKEY_LOCAL_MACHINE\software\Symantec]
[HKEY_LOCAL_MACHINE\software\The Silicon Realms Toolworks]
[HKEY_LOCAL_MACHINE\software\VideoLAN]
[HKEY_LOCAL_MACHINE\software\Visioneer]
[HKEY_LOCAL_MACHINE\software\Windows]
[HKEY_LOCAL_MACHINE\software\Windows 3.1 Migration Status]
[HKEY_LOCAL_MACHINE\software\Yahoo]
[HKEY_LOCAL_MACHINE\software\Zeon]

¤¤¤¤¤¤¤¤¤¤ Files/folders ¤¤¤¤¤¤¤¤¤¤

Present !! : C:\Documents and Settings\Vincent Boisnel\GMJGMJPMSP.exe
Present !! : \AUTOEXEC.BAT
Present !! : C:\Documents and Settings\All Users\Application Data\hpzinstall.log
Present !! : C:\Documents and Settings\All Users\Application Data\hpzinstall.log
Present !! : C:\Documents and Settings\All Users\Application Data\hpzinstall.log
Present !! : C:\Documents and Settings\All Users\Application Data\hpzinstall.log
Present !! : C:\WINDOWS\SET3.tmp
Present !! : C:\WINDOWS\SET4.tmp
Present !! : C:\WINDOWS\SET8.tmp
Present !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Present !! : C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
Present !! : C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
Present !! : C:\WINDOWS\Temp\WFV3.tmp

¤¤¤¤¤¤¤¤¤¤ Keys :

Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System : DisableRegistryTools
Present !! : HKCR\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
Present !! : HKCR\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Present !! : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCU\SOFTWARE\NtWqIVLZEWZU
Present !! : HKCU\SOFTWARE\XML
Present !! : HKLM\Software\Classes\Interface\{039b7df6-3103-48f0-bd6f-24291bc7e637}
Present !! : HKLM\Software\Classes\Interface\{1bd69f2f-96b4-41b3-accf-c46ed55e3a58}
Present !! : HKLM\Software\Classes\Interface\{2194682f-acb0-45ce-b900-3fcd2d13bfb5}
Present !! : HKLM\Software\Classes\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKLM\Software\Classes\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKLM\Software\Classes\Interface\{24d4e9fc-5097-483b-b0fe-6e3ef28bff4a}
Present !! : HKLM\Software\Classes\Interface\{382be372-d636-451d-8fa8-54c51569ad88}
Present !! : HKLM\Software\Classes\Interface\{3a60359d-0eb2-4437-ad15-a08bee794c14}
Present !! : HKLM\Software\Classes\Interface\{46902815-1008-40c8-ba07-4f3d2276e6d2}
Present !! : HKLM\Software\Classes\Interface\{777421f7-878b-426e-b7f7-593cbe6b543d}
Present !! : HKLM\Software\Classes\Interface\{777421f7-878b-426e-b7f7-593cbe6b543f}
Present !! : HKLM\Software\Classes\Interface\{7876dc2b-dd2e-48d3-b182-6e261698aadb}
Present !! : HKLM\Software\Classes\Interface\{9b7984e0-1b06-434d-a233-5323ab08f05f}
Present !! : HKLM\Software\Classes\Interface\{a0f36689-35ea-4b9b-8b16-2236b0581557}
Present !! : HKLM\Software\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Present !! : HKLM\Software\Classes\Interface\{b1ce34ce-dfa2-4a5e-a99a-5fdef5021994}
Present !! : HKLM\Software\Classes\Interface\{ce9cc21b-4f0c-4da5-9a2b-cb4d6a631228}
Present !! : HKLM\Software\Classes\Interface\{e0778c77-10e3-4ab3-9077-fe845de401b4}
Present !! : HKLM\Software\Classes\Interface\{e5b630a9-c1e3-42f3-b58b-9afa3662c010}
Present !! : HKLM\Software\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Present !! : HKLM\Software\Classes\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Present !! : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Present !! : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS
Present !! : HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHNAS
Present !! : HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHNAS

Utilisateur anonyme · Answer

Suppression

* Relance List_Kill'em( clic droit "executer en tant qu'administrateur" pour vista/7),avec le raccourci sur ton bureau.
* cette fois-ci :
* choisis l'option >>  CLEAN
* ton PC va redemarrer,
* laisse travailler l'outil.
* en fin de scan la fenêtre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
* colle le contenu dans ta reponse

diabless · Answer

slt j'ai le mm probleme,
vas dans l'option de recherche de seven
 ( demarer et tu ecris ds la recherche : msconfig
ensuite tu cliques sur l'onglet demarage
et tu décoches : hdrudz etc ...
tu valides et tu reboote et hop plus de fenetre de pub ;)
tcho

nana · Answer

Salut,
voici le rapport.

¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.1.2.0 ¤¤¤¤¤¤¤¤¤¤ 
 
User : sousou (Administrateurs) 
Update on 22/11/2010 by g3n-h@ckm@n ::::: 21.00
Start at: 14:29:21 | 23/11/2010

              Intel(R) Celeron(R) D CPU 3.20GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Enabled
AV : McAfee VirusScan Enterprise 8.7.0.570 [ Enabled | Updated ]

C:\ -> Disque fixe local | 90,47 Go (38,2 Go free) | NTFS
D:\ -> Disque amovible
E:\ -> Disque amovible
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque fixe local | 90,94 Go (90,7 Go free) [ACERDATA] | FAT32
I:\ -> Disque CD-ROM
J:\ -> Disque fixe local | 931,51 Go (732,55 Go free) [Expansion Drive] | NTFS
 

¤¤¤¤¤¤¤¤¤¤ Files/folders : 

Quarantined & Deleted !! : C:\Documents and Settings\Vincent Boisnel\GMJGMJPMSP.exe   
Quarantined & Deleted !! : \AUTOEXEC.BAT   
Quarantined & Deleted !! : C:\Documents and Settings\All Users\Application Data\hpzinstall.log  
Quarantined & Deleted !! : C:\WINDOWS\SET3.tmp   
Quarantined & Deleted !! : C:\WINDOWS\SET4.tmp   
Quarantined & Deleted !! : C:\WINDOWS\SET8.tmp   
Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\etc\hosts.msn   
Quarantined & Deleted !! : C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job   
Quarantined & Deleted !! : C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job   
 
¤¤¤¤¤¤¤¤¤¤ Hosts ¤¤¤¤¤¤¤¤¤¤

127.0.0.1       localhost   

¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤

Deleted : HKCR\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0    
Deleted : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}    
Deleted : HKCU\SOFTWARE\NtWqIVLZEWZU    
Deleted : HKCU\SOFTWARE\XML    
Deleted : HKLM\Software\Classes\Interface\{039b7df6-3103-48f0-bd6f-24291bc7e637}    
Deleted : HKLM\Software\Classes\Interface\{1bd69f2f-96b4-41b3-accf-c46ed55e3a58}    
Deleted : HKLM\Software\Classes\Interface\{2194682f-acb0-45ce-b900-3fcd2d13bfb5}    
Deleted : HKLM\Software\Classes\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}    
Deleted : HKLM\Software\Classes\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}    
Deleted : HKLM\Software\Classes\Interface\{24d4e9fc-5097-483b-b0fe-6e3ef28bff4a}    
Deleted : HKLM\Software\Classes\Interface\{382be372-d636-451d-8fa8-54c51569ad88}    
Deleted : HKLM\Software\Classes\Interface\{3a60359d-0eb2-4437-ad15-a08bee794c14}    
Deleted : HKLM\Software\Classes\Interface\{46902815-1008-40c8-ba07-4f3d2276e6d2}    
Deleted : HKLM\Software\Classes\Interface\{777421f7-878b-426e-b7f7-593cbe6b543d}    
Deleted : HKLM\Software\Classes\Interface\{777421f7-878b-426e-b7f7-593cbe6b543f}    
Deleted : HKLM\Software\Classes\Interface\{7876dc2b-dd2e-48d3-b182-6e261698aadb}    
Deleted : HKLM\Software\Classes\Interface\{9b7984e0-1b06-434d-a233-5323ab08f05f}    
Deleted : HKLM\Software\Classes\Interface\{a0f36689-35ea-4b9b-8b16-2236b0581557}    
Deleted : HKLM\Software\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}    
Deleted : HKLM\Software\Classes\Interface\{b1ce34ce-dfa2-4a5e-a99a-5fdef5021994}    
Deleted : HKLM\Software\Classes\Interface\{ce9cc21b-4f0c-4da5-9a2b-cb4d6a631228}    
Deleted : HKLM\Software\Classes\Interface\{e0778c77-10e3-4ab3-9077-fe845de401b4}    
Deleted : HKLM\Software\Classes\Interface\{e5b630a9-c1e3-42f3-b58b-9afa3662c010}    
Deleted : HKLM\Software\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}    
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0    
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632    
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501    
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636    
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F    
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8    
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43    
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\351716A953E21214898904032EAE2E81    
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED    
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4318DF19719275242801CBE292063A4C    
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0    
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1    
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7    
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB    
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA    
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E    
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC    
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0    
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF    
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC    
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5    
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74    
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3    
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E    
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E    
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058    
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15    
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A189D17A469616C4688D23E192996267    
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB    
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0    
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F    
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9    
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A    
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7    
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6    
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D    
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC    
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5    
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839    
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420    
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0    
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0    
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9    
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS    
Deleted : HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHNAS    

¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page	=         	https://www.msn.com/fr-fr/?ocid=iehp
Local Page	=         	C:\WINDOWS\system32\blank.htm
Default_Search_URL	=         	https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL	=         	https://www.msn.com/fr-fr/?ocid=iehp
Search Page	=         	https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page	=         	https://www.google.com/?gws_rd=ssl
Local Page	=         	C:\WINDOWS\system32\blank.htm
Search Page	=         	http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

¤¤¤¤¤¤¤¤¤¤ Security Center ¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] 
FirstRunDisabled	=      	1 (0x1) 
AntiVirusDisableNotify	=      	0 (0x0) 
FirewallDisableNotify	=      	0 (0x0) 
UpdatesDisableNotify	=      	0 (0x0) 
AntiVirusOverride	=      	0 (0x0) 
FirewallOverride	=      	0 (0x0) 
 
¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤

 Ndisuio : Start = 3   
 EapHost : Start = 2   
 Ip6Fw : Start = 2   
 SharedAccess : Start = 2   
 wuauserv : Start = 2   
 wscsvc : Start = 2   
 
 ¤¤¤¤¤¤¤¤¤¤ Winlogon
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 
 Shell	=         	explorer.exe 
 Userinit	=         	C:\WINDOWS\System32\userinit.exe, 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Disk Cleaned
anti-ver blaster : OK  
Prefetch cleaned 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

FEATURE_BROWSER_EMULATION | svchost : 
====================================
 

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3200827AS rev.3.AAE -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS 
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x85771AB8]
3 CLASSPNP[0xF75BBFD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\Ide\IdeDeviceP2T0L0-5[0x85780B00]
kernel: MBR read successfully
user & kernel MBR OK 
 


End of Scan : 14:34:51,71

 
 
 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

nana · Answer

rapport mbam
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 5176

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

23/11/2010 17:05:49
mbam-log-2010-11-23 (17-05-49).txt

Type d'examen: Examen complet (C:\|H:\|)
Elément(s) analysé(s): 193131
Temps écoulé: 48 minute(s), 21 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 10

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{fc0d62c2-9640-4aeb-a5d5-cf25df11fa8c} (PUP.OfferBox) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{fc0d62c2-9640-4aeb-a5d5-cf25df11fa8c} (PUP.OfferBox) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{fc0d62c2-9640-4aeb-a5d5-cf25df11fa8c} (PUP.OfferBox) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fc0d62c2-9640-4aeb-a5d5-cf25df11fa8c} (PUP.OfferBox) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\6BTOP2GA8A (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\HJRUDZ5DT2 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Documents and Settings\ines  bilel\Application Data\OfferBox (PUP.OfferBox) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\Vincent Boisnel\Application Data\Microsoft-Driver-5858-2574\winsvcrn.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
C:\Kill'em\Quarantine\GMJGMJPMSP.exe.Kill'em (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{433D4593-DD68-4E92-8713-094A308D9E58}\RP515\A0070823.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Qturia.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.
C:\WINDOWS\Qturib.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.
C:\WINDOWS\Qturic.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.
C:\Documents and Settings\ines  bilel\Application Data\OfferBox\config.dat (PUP.OfferBox) -> Quarantined and deleted successfully.
C:\Documents and Settings\ines  bilel\Application Data\OfferBox\config.xml (PUP.OfferBox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vincent Boisnel\Application Data\winsavesrc.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

Utilisateur anonyme · Answer

salut, 

tout ceci étant fais, peux tu me refaire un zhpdiag ??

merci ;-)

youn · Answer

salut,

http://www.cijoint.fr/cjlink.php?file=cj201011/cijA1rhD5q.txt
merci

Utilisateur anonyme · Answer

ok,  

normalement, MBAM a virer ce qu'il avait a virer mais, dans le doute, fais ceci:  

Télécharge Smitfraudfix : (merci a S!RI pour ce petit programme).   
http://siri.urz.free.fr/Fix/SmitfraudFix.exe  (dsl, avec un lien qui marche, c'est mieux... *rire*

/!\Utilisateur de Vista : Clique droit sur le logo de smithfarudfix, « exécuter en tant qu'Administrateur »   

Exécute le, Double click sur Smitfraudfix.exe choisit l'option 1,   
voila a quoi cela ressemble : http://siri.urz.free.fr/Fix/SmitfraudFix.php   
il va générer un rapport : copie/colle le sur le poste stp.   

Tuto:http://pagesperso-orange.fr/rginformatique/section%20virus/smitfraudfix.htm   

Note :   
process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus   
   

niveau supérieur sur HELPER FORMATION.

nana · Answer

Salut,
désolé du retard de ma réponse, je sais pas si tu peux toujours m'aider.
voici le raport.
Les pages de pubs avaient disparu maintenant ils reviennent.
merci

SmitFraudFix v2.424

Rapport fait à 16:03:58,27, 06/12/2010
Executé à partir de C:\Documents and Settings\Vincent Boisnel\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\DOCUME~1\VINCEN~1\LOCALS~1\Temp\Qti.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Vincent Boisnel\crssnrs.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Vincent Boisnel\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Vincent Boisnel


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\VINCEN~1\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Vincent Boisnel\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\VINCEN~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
 

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!



»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\WINDOWS\System32\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""




»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8169/8110 Family Gigabit Ethernet NIC
DNS Server Search Order: 212.27.40.241
DNS Server Search Order: 212.27.40.240

HKLM\SYSTEM\CCS\Services\Tcpip\..\{733CD1BB-85A3-4CA8-A933-C3E1FA3B4934}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F5E90DB9-215F-40ED-ABDB-0CA1A235F3CC}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\..\{733CD1BB-85A3-4CA8-A933-C3E1FA3B4934}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F5E90DB9-215F-40ED-ABDB-0CA1A235F3CC}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS2\Services\Tcpip\..\{733CD1BB-85A3-4CA8-A933-C3E1FA3B4934}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS2\Services\Tcpip\..\{F5E90DB9-215F-40ED-ABDB-0CA1A235F3CC}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Rapport ad remover suite pages de pubs

17 réponses

Discussions similaires