Infection PUP.Dealio

Résolu
nonoy54 Messages postés 448 Date d'inscription   Statut Membre Dernière intervention   -  
benurrr Messages postés 9643 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour,
Malwarebyte a détecté PUP.déalio dans une clé de registre. Je l'ai supprimé mais il revient sans cesse.
Que faire?

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> No action taken.

Merci de votre aide




37 réponses

  • 1
  • 2
Réponse 1 / 37
moment de grace Messages postés 29042 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
 
hello

dommage

la réponse était là https://forums.commentcamarche.net/forum/affich-20818565-infection-pup-dealio#1 et là https://forums.commentcamarche.net/forum/affich-20818565-infection-pup-dealio#3
1
Réponse 2 / 37
benurrr Messages postés 9643 Date d'inscription   Statut Contributeur sécurité Dernière intervention   107
 
salut

je voit No action taken. tu n'a pas supprimer se qu'il a trouver
0
Réponse 3 / 37
nonoy54
 
merci mais je l ai suprimé plusieurs foîs. la seule possibilité c'est la quarantaine et ça revient
0
Réponse 4 / 37
benurrr Messages postés 9643 Date d'inscription   Statut Contributeur sécurité Dernière intervention   107
 
Télécharge Ad-Remover sur ton bureau:
http://www.teamxscript.org/adremoverTelechargement.html

Double clique sur le fichier que tu viens de télécharger, à l'écran qui apparait, clique sur "Scanner".
Laisse travailler l'outil.
Poste le rapport qui s'affiche à l'écran quand l'analyse est terminée.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 37
nonoy54 Messages postés 448 Date d'inscription   Statut Membre Dernière intervention   7
 
Ok, je fais à l'instant.
mERCI
0
Réponse 6 / 37
nonoy54 Messages postés 448 Date d'inscription   Statut Membre Dernière intervention   7
 
Le problème, c'est que comodo me signale que Ad Remover est porteur d'un trojan (Ware.Win32 Trojan.Agent.Gen@01
0
Réponse 7 / 37
nonoy54 Messages postés 448 Date d'inscription   Statut Membre Dernière intervention   7
 
Voila. Le nettoyage st fait.
0
moment de grace Messages postés 29042 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
 
tu parles de quel outil ?
0
Réponse 8 / 37
nonoy54 Messages postés 448 Date d'inscription   Statut Membre Dernière intervention   7
 
Voila le rapport Ad-Remover

======= RAPPORT D'AD-REMOVER 2.0.0.2,E | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 08/02/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 07:41:32 le 11/02/2011, Mode normal

Microsoft Windows 7 Édition Familiale Premium (X86)
Claude@ORDI (ACER Aspire M1641)

============== RECHERCHE ==============


Fichier trouvé: C:\Users\Claude\AppData\Roaming\Mozilla\FireFox\Profiles\zosmxv96.default\searchplugins\conduit.xml
Dossier trouvé: C:\Users\Claude\AppData\LocalLow\Conduit
Dossier trouvé: C:\Users\Claude\AppData\LocalLow\pdfforge
Dossier trouvé: C:\Users\Claude\AppData\LocalLow\Search Settings
Dossier trouvé: C:\ProgramData\AGI

-- Fichier ouvert: C:\Users\Claude\AppData\Roaming\Mozilla\FireFox\Profiles\zosmxv96.default\Prefs.js --
Ligne trouvée: user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2088315&Sea...
-- Fichier Fermé --


Clé trouvée: HKLM\Software\Classes\Conduit.Engine
Clé trouvée: HKLM\Software\Classes\Toolbar.CT2088315
Clé trouvée: HKLM\Software\pdfforge
Clé trouvée: HKLM\Software\Search Settings
Clé trouvée: HKCU\Software\Search Settings
Clé trouvée: HKCU\Software\AppDataLow\Software\pdfforge
Clé trouvée: HKLM\Software\Classes\Installer\Products\A6EB8FE4C9986914497E92C7F5A702E3
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A6EB8FE4C9986914497E92C7F5A702E3
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4EF8BE6A-899C-4196-94E7-297C5F7A203E}


============== SCAN ADDITIONNEL ==============

**** Mozilla Firefox Version [3.6.13 (fr)] ****

Plugins\NPMyrMus.dll (Myriad Software.)
Extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} (Skype extension )

-- C:\Users\Claude\AppData\Roaming\Mozilla\FireFox\Profiles\zosmxv96.default --
Extensions\DeviceDetection@logitech.com (???????????? ?? ?????????? Logitech)
Extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB} (?)
Searchplugins\conduit.xml (hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2088315&SearchSource=3&q={searchTerms} /)
Searchplugins\MyStart Search.xml (?)
Prefs.js - browser.download.dir, C:\\Users\\Claude
Prefs.js - browser.download.lastDir, C:\\Users\\Claude\\Desktop
Prefs.js - browser.search.defaultenginename, MyStart Search
Prefs.js - browser.search.defaulturl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2088315&SearchSource=3&q={searchTerms}
Prefs.js - browser.search.selectedEngine, ecouter-la-radio Customized Web Search
Prefs.js - browser.startup.homepage, hxxp://portail.free.fr
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.13
Prefs.js - keyword.URL, hxxp://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search=
Prefs.js - privacy.popups.showBrowserMessage, false

-- C:\Users\Lucas\AppData\Roaming\Mozilla\FireFox\Profiles\2q0bmgcq.default --
Prefs.js - browser.download.dir, C:\\Users\\Lucas\\Downloads
Prefs.js - browser.startup.homepage, hxxp://portail.free.fr/
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.13

-- C:\Users\Michèle\AppData\Roaming\Mozilla\FireFox\Profiles\kmx501t3.default --
Prefs.js - browser.startup.homepage, hxxp://portail.free.fr
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.13

========================================

**** Internet Explorer Version [8.0.7600.16385] ****

Plugins\NPMyrMus.dll (Myriad Software.)
HKCU_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Start Page - hxxp://portail.free.fr/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKCU_SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} - "?" (?)
HKCU_Toolbar\ShellBrowser|{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} (C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll)
HKCU_Toolbar\WebBrowser|{6E454792-2F36-46D3-BB20-4BE949B6FB8A} (x)
HKLM_Toolbar|{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} (C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll)
HKCU_ElevationPolicy\{B4256A73-837C-4195-BD10-0ADEE51BEFF6} - C:\Program Files\NOS\bin\getPlusPlus_Adobe.exe (x)
HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\system32\wpcer.exe (x)
HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\system32\winfxdocobj.exe (x)
HKLM_ElevationPolicy\{28A36D69-07EA-44CE-B298-1A8B3E8B6FE1} - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
HKLM_ElevationPolicy\{442E3CEB-D71B-11DA-8750-001185653D78} - c:\program files\google\googletoolbar1user.exe (x)
HKLM_ElevationPolicy\{58F04068-17A5-41a3-B5B7-111004DDF5DC} - C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.)
HKLM_ElevationPolicy\{5A2777DF-310A-49ca-A9E8-6C9D608D257E} - C:\Program Files\Real\RealUpgrade\realupgrade.exe (RealNetworks, Inc.)
HKLM_ElevationPolicy\{5F17E524-3447-4c7d-8E5F-4EFF31CDE3B7} - C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe (x)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{88B89B96-F7B2-469D-8F22-5F3BE33DEDDE} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe (Skype Technologies S.A.)
HKLM_ElevationPolicy\{A2D14993-7315-4f91-AD76-20605495ED6C} - C:\Program Files\ESTsoft\ALUpdate\ALUpExt.exe (x)
HKLM_ElevationPolicy\{B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiHelper.exe (x)
HKLM_ElevationPolicy\{E56200D6-445E-45ce-89D8-E0EF39ECF849} - C:\Program Files\Real\RealPlayer\RecordingManager.exe (RealNetworks, Inc.)
HKLM_ElevationPolicy\{F2632B95-A2AD-4283-B49A-34D4802BA647} - C:\Program Files\ESTsoft\ALUpdate\ALUpdate.exe (x)
HKLM_Extensions\{0000036B-C524-4050-81A0-243669A86B9F} - "@C:\Program Files\Windows Live\Companion\companionlang.dll,-600" (C:\Program Files\Windows Live\Companion\companionres.dll,200)
HKLM_Extensions\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - "@C:\Windows\WindowsMobile\INetRepl.dll,-222" (C:\Windows\WindowsMobile\INetRepl.dll,210)
HKLM_Extensions\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - "?" (?)
HKLM_Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - "Skype Plug-In" (C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico)
HKLM_Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - "?" (?)
BHO\{3049C3E9-B461-4BC5-8870-4C09146192CA} - "RealPlayer Download and Record Plugin for Internet Explorer" (C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll)
BHO\{53707962-6F74-2D53-2644-206D7942484F} - "Spybot-S&D IE Protection" (C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
BHO\{9FDDE16B-836F-4806-AB1F-1455CBEFF289} - "Windows Live Messenger Companion Helper" (C:\Program Files\Windows Live\Companion\companioncore.dll)
BHO\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - "Skype Plug-In" (C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll)

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 1 Fichier(s)

C:\Ad-Report-SCAN[1].txt - 11/02/2011 (7529 Octet(s))

Fin à: 07:42:57, 11/02/2011

============== E.O.F ==============
0
Réponse 9 / 37
benurrr Messages postés 9643 Date d'inscription   Statut Contributeur sécurité Dernière intervention   107
 
Nettoyage:

/!\ Ferme toutes tes applications ouvertes. /!\

Double clique sur le fichier que tu viens de télécharger, à l'écran qui apparait, clique sur "Nettoyer".
Laisse travailler l'outil.
Poste le rapport qui s'affiche à l'écran quand l'analyse est terminée.
0
Réponse 10 / 37
nonoy54 Messages postés 448 Date d'inscription   Statut Membre Dernière intervention   7
 
Voila

======= RAPPORT D'AD-REMOVER 2.0.0.2,E | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 08/02/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (SCAN [2]) -> Lancé à 08:13:15 le 11/02/2011, Mode normal

Microsoft Windows 7 Édition Familiale Premium (X86)
Claude@ORDI (ACER Aspire M1641)

============== RECHERCHE ==============


Fichier trouvé: C:\Users\Claude\AppData\Roaming\Mozilla\FireFox\Profiles\zosmxv96.default\searchplugins\conduit.xml
Dossier trouvé: C:\Users\Claude\AppData\LocalLow\Conduit
Dossier trouvé: C:\Users\Claude\AppData\LocalLow\pdfforge
Dossier trouvé: C:\Users\Claude\AppData\LocalLow\Search Settings
Dossier trouvé: C:\ProgramData\AGI

-- Fichier ouvert: C:\Users\Claude\AppData\Roaming\Mozilla\FireFox\Profiles\zosmxv96.default\Prefs.js --
Ligne trouvée: user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2088315&Sea...
-- Fichier Fermé --


Clé trouvée: HKLM\Software\Classes\Conduit.Engine
Clé trouvée: HKLM\Software\Classes\Toolbar.CT2088315
Clé trouvée: HKLM\Software\pdfforge
Clé trouvée: HKLM\Software\Search Settings
Clé trouvée: HKCU\Software\Search Settings
Clé trouvée: HKCU\Software\AppDataLow\Software\pdfforge
Clé trouvée: HKLM\Software\Classes\Installer\Products\A6EB8FE4C9986914497E92C7F5A702E3
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A6EB8FE4C9986914497E92C7F5A702E3
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4EF8BE6A-899C-4196-94E7-297C5F7A203E}


============== SCAN ADDITIONNEL ==============

**** Mozilla Firefox Version [3.6.13 (fr)] ****

Plugins\NPMyrMus.dll (Myriad Software.)
Extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} (Skype extension )

-- C:\Users\Claude\AppData\Roaming\Mozilla\FireFox\Profiles\zosmxv96.default --
Extensions\DeviceDetection@logitech.com (???????????? ?? ?????????? Logitech)
Extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB} (?)
Searchplugins\conduit.xml (hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2088315&SearchSource=3&q={searchTerms} /)
Searchplugins\MyStart Search.xml (?)
Prefs.js - browser.download.dir, C:\\Users\\Claude
Prefs.js - browser.download.lastDir, C:\\Users\\Claude\\Desktop
Prefs.js - browser.search.defaultenginename, MyStart Search
Prefs.js - browser.search.defaulturl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2088315&SearchSource=3&q={searchTerms}
Prefs.js - browser.search.selectedEngine, ecouter-la-radio Customized Web Search
Prefs.js - browser.startup.homepage, hxxp://portail.free.fr
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.13
Prefs.js - keyword.URL, hxxp://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search=
Prefs.js - privacy.popups.showBrowserMessage, false

-- C:\Users\Lucas\AppData\Roaming\Mozilla\FireFox\Profiles\2q0bmgcq.default --
Prefs.js - browser.download.dir, C:\\Users\\Lucas\\Downloads
Prefs.js - browser.startup.homepage, hxxp://portail.free.fr/
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.13

-- C:\Users\Michèle\AppData\Roaming\Mozilla\FireFox\Profiles\kmx501t3.default --
Prefs.js - browser.startup.homepage, hxxp://portail.free.fr
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.13

========================================

**** Internet Explorer Version [8.0.7600.16385] ****

Plugins\NPMyrMus.dll (Myriad Software.)
HKCU_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Start Page - hxxp://portail.free.fr/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKCU_SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} - "?" (?)
HKCU_Toolbar\ShellBrowser|{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} (C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll)
HKCU_Toolbar\WebBrowser|{6E454792-2F36-46D3-BB20-4BE949B6FB8A} (x)
HKLM_Toolbar|{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} (C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll)
HKCU_ElevationPolicy\{B4256A73-837C-4195-BD10-0ADEE51BEFF6} - C:\Program Files\NOS\bin\getPlusPlus_Adobe.exe (x)
HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\system32\wpcer.exe (x)
HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\system32\winfxdocobj.exe (x)
HKLM_ElevationPolicy\{28A36D69-07EA-44CE-B298-1A8B3E8B6FE1} - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
HKLM_ElevationPolicy\{442E3CEB-D71B-11DA-8750-001185653D78} - c:\program files\google\googletoolbar1user.exe (x)
HKLM_ElevationPolicy\{58F04068-17A5-41a3-B5B7-111004DDF5DC} - C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.)
HKLM_ElevationPolicy\{5A2777DF-310A-49ca-A9E8-6C9D608D257E} - C:\Program Files\Real\RealUpgrade\realupgrade.exe (RealNetworks, Inc.)
HKLM_ElevationPolicy\{5F17E524-3447-4c7d-8E5F-4EFF31CDE3B7} - C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe (x)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{88B89B96-F7B2-469D-8F22-5F3BE33DEDDE} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe (Skype Technologies S.A.)
HKLM_ElevationPolicy\{A2D14993-7315-4f91-AD76-20605495ED6C} - C:\Program Files\ESTsoft\ALUpdate\ALUpExt.exe (x)
HKLM_ElevationPolicy\{B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiHelper.exe (x)
HKLM_ElevationPolicy\{E56200D6-445E-45ce-89D8-E0EF39ECF849} - C:\Program Files\Real\RealPlayer\RecordingManager.exe (RealNetworks, Inc.)
HKLM_ElevationPolicy\{F2632B95-A2AD-4283-B49A-34D4802BA647} - C:\Program Files\ESTsoft\ALUpdate\ALUpdate.exe (x)
HKLM_Extensions\{0000036B-C524-4050-81A0-243669A86B9F} - "@C:\Program Files\Windows Live\Companion\companionlang.dll,-600" (C:\Program Files\Windows Live\Companion\companionres.dll,200)
HKLM_Extensions\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - "@C:\Windows\WindowsMobile\INetRepl.dll,-222" (C:\Windows\WindowsMobile\INetRepl.dll,210)
HKLM_Extensions\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - "?" (?)
HKLM_Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - "Skype Plug-In" (C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico)
HKLM_Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - "?" (?)
BHO\{3049C3E9-B461-4BC5-8870-4C09146192CA} - "RealPlayer Download and Record Plugin for Internet Explorer" (C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll)
BHO\{53707962-6F74-2D53-2644-206D7942484F} - "Spybot-S&D IE Protection" (C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
BHO\{9FDDE16B-836F-4806-AB1F-1455CBEFF289} - "Windows Live Messenger Companion Helper" (C:\Program Files\Windows Live\Companion\companioncore.dll)
BHO\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - "Skype Plug-In" (C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll)

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 2 Fichier(s)

C:\Ad-Report-SCAN[1].txt - 11/02/2011 (7658 Octet(s))
C:\Ad-Report-SCAN[2].txt - 11/02/2011 (7585 Octet(s))

Fin à: 08:16:38, 11/02/2011

============== E.O.F ==============
0
Réponse 11 / 37
benurrr Messages postés 9643 Date d'inscription   Statut Contributeur sécurité Dernière intervention   107
 
sa c'est l'option recherche je t'ai demander l'option nettoyage ( suppression)
0
Réponse 12 / 37
nonoy54
 
Excuses moi, je n'étais pas bien réveillé.

======= RAPPORT D'AD-REMOVER 2.0.0.2,E | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 08/02/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 08:17:35 le 11/02/2011, Mode normal

Microsoft Windows 7 Édition Familiale Premium (X86)
Claude@ORDI (ACER Aspire M1641)

============== ACTION(S) ==============


Fichier supprimé: C:\Users\Claude\AppData\Roaming\Mozilla\FireFox\Profiles\zosmxv96.default\searchplugins\conduit.xml
Dossier supprimé: C:\Users\Claude\AppData\LocalLow\Conduit
Dossier supprimé: C:\Users\Claude\AppData\LocalLow\pdfforge
Dossier supprimé: C:\Users\Claude\AppData\LocalLow\Search Settings
Dossier supprimé: C:\ProgramData\AGI

(!) -- Fichiers temporaires supprimés.


-- Fichier ouvert: C:\Users\Claude\AppData\Roaming\Mozilla\FireFox\Profiles\zosmxv96.default\Prefs.js --
Ligne supprimée: user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2088315&Sea...
-- Fichier Fermé --


Clé supprimée: HKLM\Software\Classes\Conduit.Engine
Clé supprimée: HKLM\Software\Classes\Toolbar.CT2088315
Clé supprimée: HKLM\Software\pdfforge
Clé supprimée: HKLM\Software\Search Settings
Clé supprimée: HKCU\Software\Search Settings
Clé supprimée: HKCU\Software\AppDataLow\Software\pdfforge
Clé supprimée: HKLM\Software\Classes\Installer\Products\A6EB8FE4C9986914497E92C7F5A702E3
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A6EB8FE4C9986914497E92C7F5A702E3
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4EF8BE6A-899C-4196-94E7-297C5F7A203E}


============== SCAN ADDITIONNEL ==============

**** Mozilla Firefox Version [3.6.13 (fr)] ****

Plugins\NPMyrMus.dll (Myriad Software.)
Extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} (Skype extension )

-- C:\Users\Claude\AppData\Roaming\Mozilla\FireFox\Profiles\zosmxv96.default --
Extensions\DeviceDetection@logitech.com (???????????? ?? ?????????? Logitech)
Extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB} (?)
Searchplugins\MyStart Search.xml (?)
Prefs.js - browser.download.dir, C:\\Users\\Claude
Prefs.js - browser.download.lastDir, C:\\Users\\Claude\\Desktop
Prefs.js - browser.search.defaultenginename, MyStart Search
Prefs.js - browser.search.selectedEngine, ecouter-la-radio Customized Web Search
Prefs.js - browser.startup.homepage, hxxp://portail.free.fr
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.13
Prefs.js - keyword.URL, hxxp://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search=
Prefs.js - privacy.popups.showBrowserMessage, false

-- C:\Users\Lucas\AppData\Roaming\Mozilla\FireFox\Profiles\2q0bmgcq.default --
Prefs.js - browser.download.dir, C:\\Users\\Lucas\\Downloads
Prefs.js - browser.startup.homepage, hxxp://portail.free.fr/
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.13

-- C:\Users\Michèle\AppData\Roaming\Mozilla\FireFox\Profiles\kmx501t3.default --
Prefs.js - browser.startup.homepage, hxxp://portail.free.fr
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.13

========================================

**** Internet Explorer Version [8.0.7600.16385] ****

Plugins\NPMyrMus.dll (Myriad Software.)
HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} - "?" (?)
HKCU_Toolbar\ShellBrowser|{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} (C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll)
HKCU_Toolbar\WebBrowser|{6E454792-2F36-46D3-BB20-4BE949B6FB8A} (x)
HKLM_Toolbar|{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} (C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll)
HKCU_ElevationPolicy\{B4256A73-837C-4195-BD10-0ADEE51BEFF6} - C:\Program Files\NOS\bin\getPlusPlus_Adobe.exe (x)
HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\system32\wpcer.exe (x)
HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\system32\winfxdocobj.exe (x)
HKLM_ElevationPolicy\{28A36D69-07EA-44CE-B298-1A8B3E8B6FE1} - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
HKLM_ElevationPolicy\{442E3CEB-D71B-11DA-8750-001185653D78} - c:\program files\google\googletoolbar1user.exe (x)
HKLM_ElevationPolicy\{58F04068-17A5-41a3-B5B7-111004DDF5DC} - C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.)
HKLM_ElevationPolicy\{5A2777DF-310A-49ca-A9E8-6C9D608D257E} - C:\Program Files\Real\RealUpgrade\realupgrade.exe (RealNetworks, Inc.)
HKLM_ElevationPolicy\{5F17E524-3447-4c7d-8E5F-4EFF31CDE3B7} - C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe (x)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{88B89B96-F7B2-469D-8F22-5F3BE33DEDDE} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe (Skype Technologies S.A.)
HKLM_ElevationPolicy\{A2D14993-7315-4f91-AD76-20605495ED6C} - C:\Program Files\ESTsoft\ALUpdate\ALUpExt.exe (x)
HKLM_ElevationPolicy\{E56200D6-445E-45ce-89D8-E0EF39ECF849} - C:\Program Files\Real\RealPlayer\RecordingManager.exe (RealNetworks, Inc.)
HKLM_ElevationPolicy\{F2632B95-A2AD-4283-B49A-34D4802BA647} - C:\Program Files\ESTsoft\ALUpdate\ALUpdate.exe (x)
HKLM_Extensions\{0000036B-C524-4050-81A0-243669A86B9F} - "@C:\Program Files\Windows Live\Companion\companionlang.dll,-600" (C:\Program Files\Windows Live\Companion\companionres.dll,200)
HKLM_Extensions\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - "@C:\Windows\WindowsMobile\INetRepl.dll,-222" (C:\Windows\WindowsMobile\INetRepl.dll,210)
HKLM_Extensions\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - "?" (?)
HKLM_Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - "Skype Plug-In" (C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico)
HKLM_Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - "?" (?)
BHO\{3049C3E9-B461-4BC5-8870-4C09146192CA} - "RealPlayer Download and Record Plugin for Internet Explorer" (C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll)
BHO\{53707962-6F74-2D53-2644-206D7942484F} - "Spybot-S&D IE Protection" (C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
BHO\{9FDDE16B-836F-4806-AB1F-1455CBEFF289} - "Windows Live Messenger Companion Helper" (C:\Program Files\Windows Live\Companion\companioncore.dll)
BHO\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - "Skype Plug-In" (C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll)

========================================

C:\Program Files\Ad-Remover\Quarantine: 8 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 17 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 11/02/2011 (7435 Octet(s))
C:\Ad-Report-SCAN[1].txt - 11/02/2011 (7658 Octet(s))
C:\Ad-Report-SCAN[2].txt - 11/02/2011 (7714 Octet(s))

Fin à: 08:18:33, 11/02/2011

============== E.O.F ==============
0
Réponse 13 / 37
benurrr Messages postés 9643 Date d'inscription   Statut Contributeur sécurité Dernière intervention   107
 
Désactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est détecte a tort comme infection)

Télécharge et installe List&Kill'em et enregistre le sur ton bureau

LA List&Kill'em

double clique ( clic droit "exécuter en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

une fois terminée , clic sur "terminer" et le programme se lancera seul

choisis l'option Search

un icone blanc et noir va s'afficher sur le bureau , il te servira à relancer le programme par la suite.

? laisse travailler l'outil

à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , , il s'auto supprimera a la fin du scan

? Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"

Par Manque De Curiosité On Risque De Mourir Ignorant;Tu es libre de penser que tu es C..,
Mais C.. de penser que ­tu es libre...Merci a australe13
0
Réponse 14 / 37
nonoy54 Messages postés 448 Date d'inscription   Statut Membre Dernière intervention   7
 
J'ai fait ce que tu as demandé mais mon ordi s'est craché. J'ai pu le redemarrer
et j'ai trouvé ce rapport. Est ce cela que tu voulais?

¤¤¤¤¤¤¤¤¤¤ List'em by g3n-h@ckm@n 2.1.3.5 ¤¤¤¤¤¤¤¤¤¤

User : Claude (Administrateurs)
Update on 10/02/2011 by g3n-h@ckm@n ::::: 13.00
Start at: 13:35:33 | 11/02/2011

Intel(R) Pentium(R) Dual CPU E2220 @ 2.40GHz
Microsoft Windows 7 Édition Familiale Premium (6.1.7600 32-bit) #
Internet Explorer 8.0.7600.16385
Windows Firewall Status : Enabled

C:\ -> Disque fixe local | 292,33 Go (158,36 Go free) [ACER ] | NTFS
D:\ -> Disque fixe local | 292,12 Go (290,94 Go free) [DATA] | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible

¤¤¤¤¤ Sessions ¤¤¤¤¤

C:\Users\Claude
C:\Users\Public
C:\Users\Default

Boot: Normal

¤¤¤¤¤¤ Processes ------- Memory(Ko) ------- Priority ------ Command ------- Signer

C:\Windows\System32\smss.exe ---- 820 Ko ---- Normal ---- \SystemRoot\System32\smss.exe ----
C:\Windows\system32\csrss.exe ---- 6220 Ko ---- Normal ---- %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ----
C:\Windows\system32\wininit.exe ---- 4176 Ko ---- High ---- wininit.exe ----
C:\Windows\system32\csrss.exe ---- 13672 Ko ---- Normal ---- %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ----
C:\Windows\system32\services.exe ---- 8792 Ko ---- Normal ---- C:\Windows\system32\services.exe ----
C:\Windows\system32\lsass.exe ---- 10668 Ko ---- Normal ---- C:\Windows\system32\lsass.exe ----
C:\Windows\system32\lsm.exe ---- 5456 Ko ---- Normal ---- C:\Windows\system32\lsm.exe ----
C:\Windows\system32\svchost.exe ---- 8164 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k DcomLaunch ----
C:\Windows\system32\winlogon.exe ---- 4992 Ko ---- High ---- winlogon.exe ----
C:\Windows\system32\svchost.exe ---- 8256 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k RPCSS ----
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe ---- 6904 Ko ---- Normal ---- "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" ---- Comodo Security Solutions, Inc.
C:\Windows\system32\atiesrxx.exe ---- 4016 Ko ---- Normal ---- C:\Windows\system32\atiesrxx.exe ----
C:\Windows\System32\svchost.exe ---- 17460 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted ----
C:\Windows\System32\svchost.exe ---- 100360 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted ----
C:\Windows\system32\svchost.exe ---- 36492 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k netsvcs ----
C:\Windows\system32\svchost.exe ---- 13120 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k LocalService ----
C:\Windows\system32\atieclxx.exe ---- 5996 Ko ---- Normal ---- atieclxx ----
C:\Windows\system32\svchost.exe ---- 20184 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k NetworkService ----
C:\Windows\System32\spoolsv.exe ---- 12140 Ko ---- Normal ---- C:\Windows\System32\spoolsv.exe ----
C:\Program Files\Avira\AntiVir Desktop\sched.exe ---- 1684 Ko ---- Normal ---- "C:\Program Files\Avira\AntiVir Desktop\sched.exe" ---- Avira GmbH
C:\Windows\system32\svchost.exe ---- 15204 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork ----
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ---- 5628 Ko ---- Normal ---- "C:\Acer\Empowering Technology\ePerformance\MemCheck.exe" ----
C:\Program Files\Avira\AntiVir Desktop\avguard.exe ---- 13948 Ko ---- Normal ---- "C:\Program Files\Avira\AntiVir Desktop\avguard.exe" ---- Avira GmbH
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe ---- 4736 Ko ---- Normal ---- "C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe" ---- EGIS TECHNOLOGY INC.
C:\Windows\system32\svchost.exe ---- 13760 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation ----
C:\Windows\system32\FsUsbExService.Exe ---- 4176 Ko ---- Normal ---- C:\Windows\system32\FsUsbExService.Exe ----
C:\Program Files\Common Files\LightScribe\LSSrvc.exe ---- 4060 Ko ---- Normal ---- "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" ----
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe ---- 4620 Ko ---- Normal ---- "C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe" ---- Logitech Inc
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ---- 3292 Ko ---- Normal ---- "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe" ----
C:\Windows\system32\IoctlSvc.exe ---- 3628 Ko ---- Normal ---- C:\Windows\system32\IoctlSvc.exe ----
C:\Program Files\CyberLink\Shared Files\RichVideo.exe ---- 4232 Ko ---- Normal ---- "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" ---- CyberLink
C:\Program Files\Secunia\PSI\PSIA.exe ---- 24856 Ko ---- Normal ---- "C:\Program Files\Secunia\PSI\PSIA.exe" --start-service ---- Secunia
C:\Windows\system32\svchost.exe ---- 5008 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k imgsvc ----
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE ---- 11880 Ko ---- Normal ---- "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" ---- Microsoft Corporation
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe ---- 16796 Ko ---- Normal ---- "C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe" ----
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe ---- 3300 Ko ---- Normal ---- WLIDSvcM.exe 2156 ---- Microsoft Corporation
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ---- 16340 Ko ---- Normal ---- "C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe" ----
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe ---- 9840 Ko ---- Normal ---- "C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe" ---- Safer Networking Ltd.
C:\Windows\system32\Dwm.exe ---- 46956 Ko ---- High ---- "C:\Windows\system32\Dwm.exe" ----
C:\Windows\Explorer.EXE ---- 77164 Ko ---- Normal ---- C:\Windows\Explorer.EXE ----
C:\Windows\system32\wbem\wmiprvse.exe ---- 10932 Ko ---- Normal ---- C:\Windows\system32\wbem\wmiprvse.exe ----
C:\Windows\system32\taskhost.exe ---- 12128 Ko ---- Normal ---- "taskhost.exe" ----
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe ---- 4360 Ko ---- Normal ---- "C:\Program Files\Avira\AntiVir Desktop\avshadow.exe" avshadowcontrol0_000007a4 ---- Avira GmbH
C:\Windows\system32\conhost.exe ---- 3120 Ko ---- Normal ---- \??\C:\Windows\system32\conhost.exe ----
C:\Program Files\Common Files\Java\Java Update\jusched.exe ---- 12012 Ko ---- Normal ---- "C:\Program Files\Common Files\Java\Java Update\jusched.exe" ---- Sun Microsystems, Inc.
C:\Windows\RtHDVCpl.exe ---- 8568 Ko ---- Normal ---- "C:\Windows\RtHDVCpl.exe" ----
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe ---- 5452 Ko ---- Normal ---- "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" ---- CyberLink
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe ---- 4756 Ko ---- Normal ---- "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM" ----
C:\Windows\System32\nvraidservice.exe ---- 7016 Ko ---- Normal ---- "C:\Windows\System32\nvraidservice.exe" ---- NVIDIA Corporation
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe ---- 21964 Ko ---- Normal ---- "C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe" ---- EGIS TECHNOLOGY INC.
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe ---- 3652 Ko ---- Normal ---- "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min ---- Avira GmbH
C:\Acer\Empowering Technology\SysMonitor.exe ---- 6436 Ko ---- Normal ---- "C:\Acer\Empowering Technology\SysMonitor.exe" ---- Acer Incorporated
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe ---- 8328 Ko ---- Normal ---- "C:\Program Files\Samsung\Kies\KiesTrayAgent.exe" ---- SAMSUNG ELECTRONICS CO.,LTD.
C:\Program Files\Logitech\SetPoint\SetPoint.exe ---- 19180 Ko ---- Normal ---- "C:\Program Files\Logitech\SetPoint\SetPoint.exe" ---- Logitech
C:\Program Files\Secunia\PSI\psi_tray.exe ---- 4564 Ko ---- Normal ---- "C:\Program Files\Secunia\PSI\psi_tray.exe" ---- Secunia
C:\Windows\system32\wbem\wmiprvse.exe ---- 6544 Ko ---- Normal ---- C:\Windows\system32\wbem\wmiprvse.exe ----
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe ---- 8956 Ko ---- Normal ---- "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0 ----
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE ---- 8868 Ko ---- Normal ---- KHALMNPR.EXE /API ---- Logitech
C:\Windows\system32\wbem\unsecapp.exe ---- 5580 Ko ---- Normal ---- C:\Windows\system32\wbem\unsecapp.exe -Embedding ----
C:\Windows\system32\SearchIndexer.exe ---- 23720 Ko ---- Normal ---- C:\Windows\system32\SearchIndexer.exe /Embedding ----
C:\Windows\system32\svchost.exe ---- 5512 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted ----
C:\Windows\system32\WUDFHost.exe ---- 6152 Ko ---- Normal ---- "C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-3aa8c3bf-39fe-4bbe-960b-9cb502425fcf -SystemEventPortName:HostProcess-ff151952-2b3b-432c-aa21-73d5f3a41674 -IoCancelEventPortName:HostProcess-5b8206f3-7eec-41e1-af47-cc4f53df53c4 -NonStateChangingEventPortName:HostProcess-728d3df8-dbae-4b96-a0ba-240048cbf811 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:84317d12-a283-4edd-a473-d91787786070 ----
C:\Windows\system32\svchost.exe ---- 7304 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k WindowsMobile ----
C:\Program Files\Windows Media Player\wmpnetwk.exe ---- 51284 Ko ---- Normal ---- "C:\Program Files\Windows Media Player\wmpnetwk.exe" ----
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe ---- 18048 Ko ---- Normal ---- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe ---- Microsoft Corporation
C:\Windows\System32\svchost.exe ---- 13312 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k LocalServicePeerNet ----
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe ---- 6140 Ko ---- Normal ---- "C:\Program Files\PC Connectivity Solution\ServiceLayer.exe" ----
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe ---- 3924 Ko ---- High ---- {7102D1DE-A24C-4176-BABF-59C389BEBE87} ----
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe ---- 3380 Ko ---- High ---- {38B396D6-DA20-4C2F-979A-1FF30FBCC00F} ----
C:\Windows\system32\DllHost.exe ---- 6664 Ko ---- Normal ---- C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7} ----
C:\Program Files\Secunia\PSI\sua.exe ---- 3940 Ko ---- Normal ---- "C:\Program Files\Secunia\PSI\sua.exe" --start-service ---- Secunia
C:\Windows\System32\svchost.exe ---- 30400 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k secsvcs ----
C:\Windows\system32\wuauclt.exe ---- 6484 Ko ---- Normal ---- "C:\Windows\system32\wuauclt.exe" ----
C:\Windows\system32\svchost.exe ---- 4156 Ko ---- Below Normal ---- C:\Windows\system32\svchost.exe -k SDRSVC ----
C:\Program Files\Mozilla Firefox\firefox.exe ---- 112456 Ko ---- Normal ---- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "https://forums.commentcamarche.net/forum/affich-20818565-infection-pup-dealio" ---- Mozilla Corporation
C:\Windows\system32\SearchProtocolHost.exe ---- 8012 Ko ---- Idle ---- "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe11_ Global\UsGthrCtrlFltPipeMssGthrPipe11 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" ----
c:\program files\windows defender\MpCmdRun.exe ---- 5192 Ko ---- Normal ---- "c:\program files\windows defender\MpCmdRun.exe" SpyNetService -RestrictPrivileges -AccessKey 0BB14D5C-AEF3-7211-6B7C-FE9F77D50BDF -Reinvoke ----
C:\Windows\system32\cmd.exe ---- 3964 Ko ---- Normal ---- cmd /c ""C:\Program Files\List_Kill'em\List'em.bat" /High" ----
C:\Windows\system32\conhost.exe ---- 5400 Ko ---- Normal ---- \??\C:\Windows\system32\conhost.exe ----
C:\Windows\system32\SearchFilterHost.exe ---- 5492 Ko ---- Idle ---- "C:\Windows\system32\SearchFilterHost.exe" 0 524 528 536 65536 532 ----
C:\Program Files\List_Kill'em\pv.exe ---- 5864 Ko ---- Normal ---- pv.exe -o"%f ---- %m Ko ---- %p ---- %l ---- %s" ----

Killed : PID 4020 'TeaTimer.exe'
Killed : PID 4020 'TeaTimer.exe'

¤¤¤¤¤¤¤¤¤¤ Keys "Run" ¤¤¤¤¤¤¤¤¤¤

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
Google Update REG_SZ "C:\Users\Claude\AppData\Local\Google\Update\GoogleUpdate.exe" /c
KiesHelper REG_SZ C:\Program Files\Samsung\Kies\KiesHelper.exe /s
KiesTrayAgent REG_SZ C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
WarReg_PopUp REG_SZ C:\Acer\WR_PopUp\WarReg_PopUp.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
StartCCC REG_SZ "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
RtHDVCpl REG_SZ RtHDVCpl.exe
RemoteControl REG_SZ "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
NvSvc REG_SZ RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
NVRaidService REG_SZ C:\Windows\system32\nvraidservice.exe
NvMediaCenter REG_SZ RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
NvCplDaemon REG_SZ RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
Malwarebytes Anti-Malware (reboot) REG_SZ "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
LanguageShortcut REG_SZ "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
eDataSecurity Loader REG_SZ C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
COMODO Internet Security REG_SZ "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
ATICustomerCare REG_SZ "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
Acer Empowering Technology Monitor REG_SZ C:\Acer\Empowering Technology\SysMonitor.exe
Kernel and Hardware Abstraction Layer REG_SZ KHALMNPR.EXE

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Policies\explorer

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 0 (0x0)
NoDriveAutoRun REG_DWORD 3 (0x3)

¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 0 (0x0)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ AppInit_DLLS

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Winlogon

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 0 (0x0)
Shell REG_SZ Explorer.exe
Userinit REG_SZ C:\Windows\system32\Userinit.exe,
System REG_SZ

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Winlogon\Notify

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Explorer\ShellExecuteHooks

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ

¤¤¤¤¤¤¤¤¤¤ ActivX

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{C68CB9DD-61D8-4CAD-9BB4-EB06B14F9E41}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3C3901C5-3455-3E0A-A214-0B093A5070A6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]


¤¤¤¤¤¤¤¤¤¤ Open Ports


¤¤¤¤¤¤¤¤¤¤ BHO

[<NO NAME> REG_SZ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{53707962-6F74-2D53-2644-206D7942484F}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

¤¤¤¤¤¤¤¤¤¤ DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{D94FE7F5-3F69-43EB-8E27-9DAB94D0DBF4}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D94FE7F5-3F69-43EB-8E27-9DAB94D0DBF4}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS2\Services\Tcpip\..\{D94FE7F5-3F69-43EB-8E27-9DAB94D0DBF4}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241


¤¤¤¤¤¤¤¤¤¤ Internet Explorer

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr
Local Page REG_SZ C:\Windows\system32\blank.htm
Default_Search_URL REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_Page_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr
Local Page REG_SZ C:\Windows\system32\blank.htm

¤¤¤¤¤ Proxy

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
ProxyHttp1.1 REG_DWORD 1 (0x1)
ProxyEnable REG_DWORD 0 (0x0)

¤¤¤¤¤¤¤¤¤¤ Safemode

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!

¤¤¤¤¤¤¤¤¤¤ SVC | svchost

svchost.exe 736 DcomLaunch, PlugPlay, Power
svchost.exe 880 RpcEptMapper, RpcSs
svchost.exe 1116 Audiosrv, Dhcp, eventlog,
HomeGroupProvider, lmhosts, wscsvc
svchost.exe 1172 AudioEndpointBuilder, hidserv,
HomeGroupListener, IPBusEnum, Netman,
PcaSvc, SysMain, TrkWks, UxSms, WPDBusEnum,
wudfsvc
svchost.exe 1220 AeLookupSvc, Appinfo, BITS, Browser,
CertPropSvc, gpsvc, iphlpsvc, LanmanServer,
MMCSS, ProfSvc, RasMan, Schedule, SENS,
SessionEnv, ShellHWDetection, Themes,
Winmgmt, wuauserv
svchost.exe 1348 EventSystem, fdPHost, netprofm, nsi,
SstpSvc, WdiServiceHost, WinHttpAutoProxySv
svchost.exe 1596 CryptSvc, Dnscache, LanmanWorkstation,
NlaSvc, TapiSrv, TermService
svchost.exe 1752 BFE, DPS, MpsSvc
svchost.exe 2044 FDResPub, FontCache, Mcx2Svc, SSDPSRV,
upnphost
svchost.exe 1284 StiSvc
svchost.exe 4944 PolicyAgent
svchost.exe 5720 RapiMgr, WcesComm
svchost.exe 4880 p2pimsvc, p2psvc, PNRPsvc
svchost.exe 2828 WinDefend
svchost.exe 2656 SDRSVC

¤¤¤¤¤¤¤¤¤¤ IFEO | debugger


¤¤¤¤¤¤¤¤¤¤ Mountpoints2

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b3c335b-be31-11df-ad08-00242108ef2a}\shell
<NO NAME> REG_SZ None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b3c335b-be31-11df-ad08-00242108ef2a}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41e9d4b4-6c9e-11df-a29f-00242108ef2a}\shell
<NO NAME> REG_SZ None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41e9d4b4-6c9e-11df-a29f-00242108ef2a}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{451f36c0-2c2a-11e0-b575-00242108ef2a}\shell
<NO NAME> REG_SZ None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{451f36c0-2c2a-11e0-b575-00242108ef2a}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5281834e-9adb-11de-b732-00242108ef2a}\shell
<NO NAME> REG_SZ None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5281834e-9adb-11de-b732-00242108ef2a}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57387735-345d-11e0-a956-00242108ef2a}\shell
<NO NAME> REG_SZ None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57387735-345d-11e0-a956-00242108ef2a}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57387739-345d-11e0-a956-00242108ef2a}\shell
<NO NAME> REG_SZ None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57387739-345d-11e0-a956-00242108ef2a}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c94d545-925c-11de-abd2-00242108ef2a}\shell
<NO NAME> REG_SZ None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c94d545-925c-11de-abd2-00242108ef2a}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c94d55b-925c-11de-abd2-00242108ef2a}\shell
<NO NAME> REG_SZ None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c94d55b-925c-11de-abd2-00242108ef2a}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9035c77f-0b4f-11e0-a235-00242108ef2a}\shell
<NO NAME> REG_SZ None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9035c77f-0b4f-11e0-a235-00242108ef2a}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96bbd9e7-0a3d-11df-834e-00242108ef2a}\shell
<NO NAME> REG_SZ None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96bbd9e7-0a3d-11df-834e-00242108ef2a}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9acfb11a-cebc-11df-9eff-00242108ef2a}\shell
<NO NAME> REG_SZ None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9acfb11a-cebc-11df-9eff-00242108ef2a}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9dc629a1-979b-11de-9ac7-00242108ef2a}\shell
<NO NAME> REG_SZ None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9dc629a1-979b-11de-9ac7-00242108ef2a}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab37715e-ac1b-11df-b629-00242108ef2a}\shell
<NO NAME> REG_SZ None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab37715e-ac1b-11df-b629-00242108ef2a}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae5489e6-bad7-11de-8dd0-00242108ef2a}\shell
<NO NAME> REG_SZ None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae5489e6-bad7-11de-8dd0-00242108ef2a}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5b402e9-6492-11df-a3d8-00242108ef2a}\shell
<NO NAME> REG_SZ None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5b402e9-6492-11df-a3d8-00242108ef2a}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4e1df60-9f81-11de-8b10-00242108ef2a}\shell
<NO NAME> REG_SZ None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4e1df60-9f81-11de-8b10-00242108ef2a}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d663b892-6169-11df-85d9-00242108ef2a}\shell
<NO NAME> REG_SZ None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d663b892-6169-11df-85d9-00242108ef2a}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da9ddb4d-abe5-11de-8975-00242108ef2a}\shell
<NO NAME> REG_SZ None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da9ddb4d-abe5-11de-8975-00242108ef2a}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{efd0409a-a022-11de-8f24-00242108ef2a}\shell
<NO NAME> REG_SZ None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{efd0409a-a022-11de-8f24-00242108ef2a}\shell\Autoplay


¤¤¤¤¤¤¤¤¤¤ Services

¤ Ndisuio -> Start : 3 ( OK = 3 )
¤ EapHost -> Start : 3 ( OK = 2 )
¤ Wlansvc -> Start : 3 ( OK = 2 )
¤ SharedAccess -> Start : 2 ( OK = 2 )
¤ windefend -> Start : 2 ( OK = 2 )
¤ wuauserv -> Start : 2 ( OK = 2 )
¤ wscsvc -> Start : 2 ( OK = 2 )

¤¤¤¤¤¤¤¤¤¤ First Scan



¤¤¤¤¤¤¤¤¤¤ HKCU | HKLM

[HKEY_CURRENT_USER\software\AC3filter]
[HKEY_CURRENT_USER\software\Acer]
[HKEY_CURRENT_USER\software\Ad-Remover]
[HKEY_CURRENT_USER\software\Adobe]
[HKEY_CURRENT_USER\software\Ahead]
[HKEY_CURRENT_USER\software\AMD]
[HKEY_CURRENT_USER\software\AppDataLow]
[HKEY_CURRENT_USER\software\Apple Computer, Inc.]
[HKEY_CURRENT_USER\software\ATI]
[HKEY_CURRENT_USER\software\ATI Technologies Inc.]
[HKEY_CURRENT_USER\software\Audacity]
[HKEY_CURRENT_USER\software\Avira]
[HKEY_CURRENT_USER\software\Axantum]
[HKEY_CURRENT_USER\software\BitTorrent]
[HKEY_CURRENT_USER\software\Camfrog]
[HKEY_CURRENT_USER\software\Canon]
[HKEY_CURRENT_USER\software\Clients]
[HKEY_CURRENT_USER\software\Comodo]
[HKEY_CURRENT_USER\software\ComodoGroup]
[HKEY_CURRENT_USER\software\CoreVorbis]
[HKEY_CURRENT_USER\software\CPUID]
[HKEY_CURRENT_USER\software\cybelsoft]
[HKEY_CURRENT_USER\software\CyberLink]
[HKEY_CURRENT_USER\software\DivXNetworks]
[HKEY_CURRENT_USER\software\DSP-worx]
[HKEY_CURRENT_USER\software\eMule]
[HKEY_CURRENT_USER\software\eSobi]
[HKEY_CURRENT_USER\software\ESTsoft]
[HKEY_CURRENT_USER\software\FinalWire]
[HKEY_CURRENT_USER\software\Gabest]
[HKEY_CURRENT_USER\software\GNU]
[HKEY_CURRENT_USER\software\Google]
[HKEY_CURRENT_USER\software\GSpot Appliance Corp]
[HKEY_CURRENT_USER\software\Haali]
[HKEY_CURRENT_USER\software\Hewlett-Packard]
[HKEY_CURRENT_USER\software\HookNetwork]
[HKEY_CURRENT_USER\software\Illustrate]
[HKEY_CURRENT_USER\software\IM Providers]
[HKEY_CURRENT_USER\software\IncrediMail]
[HKEY_CURRENT_USER\software\JavaSoft]
[HKEY_CURRENT_USER\software\keyhole.com]
[HKEY_CURRENT_USER\software\Lake]
[HKEY_CURRENT_USER\software\Leadertech]
[HKEY_CURRENT_USER\software\Local AppWizard-Generated Applications]
[HKEY_CURRENT_USER\software\LogiShrd]
[HKEY_CURRENT_USER\software\Logitech]
[HKEY_CURRENT_USER\software\Macromedia]
[HKEY_CURRENT_USER\software\Magnet]
[HKEY_CURRENT_USER\software\Malwarebytes' Anti-Malware]
[HKEY_CURRENT_USER\software\MediaInfo]
[HKEY_CURRENT_USER\software\Microsoft]
[HKEY_CURRENT_USER\software\Mozilla]
[HKEY_CURRENT_USER\software\MozillaPlugins]
[HKEY_CURRENT_USER\software\MultiStageTrayAgent]
[HKEY_CURRENT_USER\software\Myfree Codec]
[HKEY_CURRENT_USER\software\Nero]
[HKEY_CURRENT_USER\software\Netscape]
[HKEY_CURRENT_USER\software\NewTech Infosystems]
[HKEY_CURRENT_USER\software\Northcode Inc]
[HKEY_CURRENT_USER\software\NVIDIA Corporation]
[HKEY_CURRENT_USER\software\ODBC]
[HKEY_CURRENT_USER\software\Opera Software]
[HKEY_CURRENT_USER\software\Piriform]
[HKEY_CURRENT_USER\software\Policies]
[HKEY_CURRENT_USER\software\RealNetworks]
[HKEY_CURRENT_USER\software\Realtek]
[HKEY_CURRENT_USER\software\Safer Networking Limited]
[HKEY_CURRENT_USER\software\SampleView]
[HKEY_CURRENT_USER\software\Samsung]
[HKEY_CURRENT_USER\software\Secunia]
[HKEY_CURRENT_USER\software\Skype]
[HKEY_CURRENT_USER\software\Softonic]
[HKEY_CURRENT_USER\software\Sony Ericsson]
[HKEY_CURRENT_USER\software\SpoonInstall]
[HKEY_CURRENT_USER\software\Sysinternals]
[HKEY_CURRENT_USER\software\Trolltech]
[HKEY_CURRENT_USER\software\Usbfix]
[HKEY_CURRENT_USER\software\VB and VBA Program Settings]
[HKEY_CURRENT_USER\software\VirginMega]
[HKEY_CURRENT_USER\software\WinRAR]
[HKEY_CURRENT_USER\software\WinRAR SFX]
[HKEY_CURRENT_USER\software\Yahoo]
[HKEY_CURRENT_USER\software\YahooPartnerToolbar]
[HKEY_CURRENT_USER\software\Zyrax Software]
[HKEY_CURRENT_USER\software\?? ?? ???? ????? ??? ?? ????]
[HKEY_CURRENT_USER\software\Classes]

[<NO NAME> REG_SZ ]
[HKEY_LOCAL_MACHINE\software\<company>]
[HKEY_LOCAL_MACHINE\software\ACE Compression Software]
[HKEY_LOCAL_MACHINE\software\Acer]
[HKEY_LOCAL_MACHINE\software\Acer Inc.]
[HKEY_LOCAL_MACHINE\software\Acer Incorporated]
[HKEY_LOCAL_MACHINE\software\Adobe]
[HKEY_LOCAL_MACHINE\software\ahead]
[HKEY_LOCAL_MACHINE\software\AMD]
[HKEY_LOCAL_MACHINE\software\America Online]
[HKEY_LOCAL_MACHINE\software\Apple Computer, Inc.]
[HKEY_LOCAL_MACHINE\software\Apple Inc.]
[HKEY_LOCAL_MACHINE\software\ArcSoft]
[HKEY_LOCAL_MACHINE\software\Arobas Music]
[HKEY_LOCAL_MACHINE\software\ATI]
[HKEY_LOCAL_MACHINE\software\ATI Technologies]
[HKEY_LOCAL_MACHINE\software\Audible]
[HKEY_LOCAL_MACHINE\software\Avira]
[HKEY_LOCAL_MACHINE\software\Axantum]
[HKEY_LOCAL_MACHINE\software\Canon]
[HKEY_LOCAL_MACHINE\software\CDDB]
[HKEY_LOCAL_MACHINE\software\Classes]
[HKEY_LOCAL_MACHINE\software\Clients]
[HKEY_LOCAL_MACHINE\software\Codec Tweak Tool]
[HKEY_LOCAL_MACHINE\software\ComodoGroup]
[HKEY_LOCAL_MACHINE\software\cybelsoft]
[HKEY_LOCAL_MACHINE\software\CyberLink]
[HKEY_LOCAL_MACHINE\software\DEVGURU]
[HKEY_LOCAL_MACHINE\software\DivX]
[HKEY_LOCAL_MACHINE\software\DivXNetworks]
[HKEY_LOCAL_MACHINE\software\ESTsoft]
[HKEY_LOCAL_MACHINE\software\FLAC]
[HKEY_LOCAL_MACHINE\software\Free.fr]
[HKEY_LOCAL_MACHINE\software\Gabest]
[HKEY_LOCAL_MACHINE\software\GNU]
[HKEY_LOCAL_MACHINE\software\Google]
[HKEY_LOCAL_MACHINE\software\HaaliMkx]
[HKEY_LOCAL_MACHINE\software\Hewlett-Packard]
[HKEY_LOCAL_MACHINE\software\Hitman Pro]
[HKEY_LOCAL_MACHINE\software\InstallShield]
[HKEY_LOCAL_MACHINE\software\Intel]
[HKEY_LOCAL_MACHINE\software\InterVideo]
[HKEY_LOCAL_MACHINE\software\IZSoftware]
[HKEY_LOCAL_MACHINE\software\JavaSoft]
[HKEY_LOCAL_MACHINE\software\JreMetrics]
[HKEY_LOCAL_MACHINE\software\Khronos]
[HKEY_LOCAL_MACHINE\software\KLCodecPack]
[HKEY_LOCAL_MACHINE\software\Lake]
[HKEY_LOCAL_MACHINE\software\LightScribe]
[HKEY_LOCAL_MACHINE\software\LogiShrd]
[HKEY_LOCAL_MACHINE\software\Logitech]
[HKEY_LOCAL_MACHINE\software\Macromedia]
[HKEY_LOCAL_MACHINE\software\Malwarebytes' Anti-Malware]
[HKEY_LOCAL_MACHINE\software\MarkAny]
[HKEY_LOCAL_MACHINE\software\McAfee]
[HKEY_LOCAL_MACHINE\software\MCCI]
[HKEY_LOCAL_MACHINE\software\Microsoft]
[HKEY_LOCAL_MACHINE\software\MimarSinan]
[HKEY_LOCAL_MACHINE\software\Mozilla]
[HKEY_LOCAL_MACHINE\software\mozilla.org]
[HKEY_LOCAL_MACHINE\software\MozillaPlugins]
[HKEY_LOCAL_MACHINE\software\muvee Technologies]
[HKEY_LOCAL_MACHINE\software\Myfree Codec]
[HKEY_LOCAL_MACHINE\software\Myriad Software]
[HKEY_LOCAL_MACHINE\software\Nero]
[HKEY_LOCAL_MACHINE\software\NewTech Infosystems]
[HKEY_LOCAL_MACHINE\software\NVIDIA Corporation]
[HKEY_LOCAL_MACHINE\software\Oak Technology]
[HKEY_LOCAL_MACHINE\software\ODBC]
[HKEY_LOCAL_MACHINE\software\OemSetup]
[HKEY_LOCAL_MACHINE\software\PC Connectivity Solution]
[HKEY_LOCAL_MACHINE\software\PCSuite]
[HKEY_LOCAL_MACHINE\software\PhotoFiltre]
[HKEY_LOCAL_MACHINE\software\Piriform]
[HKEY_LOCAL_MACHINE\software\Policies]
[HKEY_LOCAL_MACHINE\software\RealNetworks]
[HKEY_LOCAL_MACHINE\software\Realtek]
[HKEY_LOCAL_MACHINE\software\Realtek Semiconductor Corp.]
[HKEY_LOCAL_MACHINE\software\RegisteredApplications]
[HKEY_LOCAL_MACHINE\software\S3R521]
[HKEY_LOCAL_MACHINE\software\Safer Networking Limited]
[HKEY_LOCAL_MACHINE\software\Samsung]
[HKEY_LOCAL_MACHINE\software\Secunia]
[HKEY_LOCAL_MACHINE\software\Skype]
[HKEY_LOCAL_MACHINE\software\Sonic]
[HKEY_LOCAL_MACHINE\software\Sony Ericsson]
[HKEY_LOCAL_MACHINE\software\SRS Labs]
[HKEY_LOCAL_MACHINE\software\swearware]
[HKEY_LOCAL_MACHINE\software\Symantec]
[HKEY_LOCAL_MACHINE\software\TENCENT]
[HKEY_LOCAL_MACHINE\software\The Silicon Realms Toolworks]
[HKEY_LOCAL_MACHINE\software\TrendMicro]
[HKEY_LOCAL_MACHINE\software\Volatile]
[HKEY_LOCAL_MACHINE\software\Waves Audio]
[HKEY_LOCAL_MACHINE\software\Windows]
[HKEY_LOCAL_MACHINE\software\WinRAR]
[HKEY_LOCAL_MACHINE\software\Wise Solutions]
[HKEY_LOCAL_MACHINE\software\WOW6432Node]
[HKEY_LOCAL_MACHINE\software\X-AVCSD]
[HKEY_LOCAL_MACHINE\software\Xing Technology Corp.]
[HKEY_LOCAL_MACHINE\software\Yahoo]

¤¤¤¤¤¤¤¤¤¤ Files/folders ¤¤¤¤¤¤¤¤¤¤

Present !! : C:\Users\Claude\AppData\Local\GDIPFONTCACHEV1.DAT
Present !! : C:\Windows\wacam.TMP
Present !! : C:\Windows\System32\~.inf
Present !! : C:\Windows\System32\System32

¤¤¤¤¤¤¤¤¤¤ Keys :

Present !! : HKCR\AppID\{99806add-c5ef-4632-a3d0-3e778b051f94}
Present !! : HKCR\CLSID\{02aab237-8e24-46ce-bd71-ab4f4df52e3c}
Present !! : HKCR\CLSID\{99806add-c5ef-4632-a3d0-3e778b051f94}
Present !! : HKCR\CLSID\{b792a203-fb64-4909-aefe-a9efb2697e55}
Present !! : HKCR\CLSID\{f1aa2cad-0e89-4239-85e5-a91b69c5862d}
Present !! : HKCR\CLSID\{f251bed0-0544-42c7-abbc-93556e513238}
Present !! : HKCR\CLSID\{f4a40134-ed3b-4069-bc86-ed9733bd3217}
Present !! : HKCR\CLSID\{f817f096-9e9d-45fc-be44-11cef283faea}
Present !! : HKCR\CLSID\{f92ace0c-4692-4793-bc37-eabc55da988a}
Present !! : HKCR\CLSID\{f9458b32-119c-4301-b86d-53a845894d5b}
Present !! : HKCR\CLSID\{f9a9f058-a535-45d3-8414-e80cafd6d31f}
Present !! : HKCR\CLSID\{ff7bcf7c-1d4b-4717-a39a-0db1a107b62b}
Present !! : HKCR\interface\{039b7df6-3103-48f0-bd6f-24291bc7e637}
Present !! : HKCR\interface\{1bd69f2f-96b4-41b3-accf-c46ed55e3a58}
Present !! : HKCR\interface\{2194682f-acb0-45ce-b900-3fcd2d13bfb5}
Present !! : HKCR\interface\{24d4e9fc-5097-483b-b0fe-6e3ef28bff4a}
Present !! : HKCR\interface\{382be372-d636-451d-8fa8-54c51569ad88}
Present !! : HKCR\interface\{3a60359d-0eb2-4437-ad15-a08bee794c14}
Present !! : HKCR\interface\{46902815-1008-40c8-ba07-4f3d2276e6d2}
Present !! : HKCR\interface\{616ee024-f676-45e5-8933-5be48fa9a60e}
Present !! : HKCR\interface\{777421f7-878b-426e-b7f7-593cbe6b543d}
Present !! : HKCR\interface\{777421f7-878b-426e-b7f7-593cbe6b543f}
Present !! : HKCR\interface\{7876dc2b-dd2e-48d3-b182-6e261698aadb}
Present !! : HKCR\interface\{9b7984e0-1b06-434d-a233-5323ab08f05f}
Present !! : HKCR\interface\{a0f36689-35ea-4b9b-8b16-2236b0581557}
Present !! : HKCR\interface\{b1ce34ce-dfa2-4a5e-a99a-5fdef5021994}
Present !! : HKCR\interface\{b373722b-f571-43a6-b51d-15766456ca91}
Present !! : HKCR\interface\{ba79865a-c1ef-402f-9706-609eb2fb2360}
Present !! : HKCR\interface\{bae10fb0-a2ac-4c36-92ce-14bd30be0bb6}
Present !! : HKCR\interface\{ce9cc21b-4f0c-4da5-9a2b-cb4d6a631228}
Present !! : HKCR\interface\{e0778c77-10e3-4ab3-9077-fe845de401b4}
Present !! : HKCR\interface\{e5b630a9-c1e3-42f3-b58b-9afa3662c010}
Present !! : HKCR\Typelib\{067b5d39-578c-4d25-a119-a475e24d5f95}
Present !! : HKCR\Typelib\{a043783e-4380-4270-b770-3b457c7d4cdf}
Present !! : HKCR\Typelib\{b3774019-f8c2-4a55-b075-ff0529b79c31}
Present !! : HKCR\Typelib\{e7c28ebf-91a9-411a-9293-ce9deb0fd816}

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Réponse 15 / 37
benurrr Messages postés 9643 Date d'inscription   Statut Contributeur sécurité Dernière intervention   107
 
ok le crash je pense que sa vien de cette ligne j'ai jamais pu savoir a quoi elle correspondait et sur mon pc j'ai pas réussie a la virer j'avais était obliger de réinstaller par précaution s'il le faut en demandera de l'aide aux anciens

[HKEY_CURRENT_USER\software\?? ?? ???? ????? ??? ?? ????]

Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :

choisis l'Option Clean

ton PC va redémarrer,

laisse travailler l'outil.

en fin de scan la fenêtre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,

colle le contenu dans ta réponse
0
Réponse 16 / 37
nonoy54 Messages postés 448 Date d'inscription   Statut Membre Dernière intervention   7
 
Encore bizarre¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.1.3.5 ¤¤¤¤¤¤¤¤¤¤

User : Claude (Administrateurs)
Update on 10/02/2011 by g3n-h@ckm@n ::::: 13.00
Start at: 13:35:33 | 11/02/2011

Intel(R) Pentium(R) Dual CPU E2220 @ 2.40GHz
Microsoft Windows 7 Édition Familiale Premium (6.1.7600 32-bit) #
Internet Explorer 8.0.7600.16385
Windows Firewall Status : Enabled

C:\ -> Disque fixe local | 292,33 Go (158,36 Go free) [ACER ] | NTFS
D:\ -> Disque fixe local | 292,12 Go (290,94 Go free) [DATA] | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible



¤¤¤¤¤¤¤¤¤¤ Files/folders :


¤¤¤¤¤¤¤¤¤¤ Hosts ¤¤¤¤¤¤¤¤¤¤


¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤


¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

¤¤¤¤¤¤¤¤¤¤ Security Center ¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤


¤¤¤¤¤¤¤¤¤¤ Winlogon

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Disk Cleaned
Prefetch cleaned
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

FEATURE_BROWSER_EMULATION | svchost :
====================================




End of Scan : 14:38:29




¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

, 9a m'a carrément figé mon pC sans rien sur le bureau!!
0
Réponse 17 / 37
benurrr Messages postés 9643 Date d'inscription   Statut Contributeur sécurité Dernière intervention   107
 
fait l'"option clean en mode sans échec pour le lancer clic droit et exécuter en tant qu'administrateur
0
Réponse 18 / 37
nonoy54 Messages postés 448 Date d'inscription   Statut Membre Dernière intervention   7
 
J'ai un soucis depuis quelques mois avec le mode sans echec, et les autres modes d'ailleurs

Je tapote F8 ou F5 au démarrage, mais je n'accède jamais aux différents menus de démarrage
0
Réponse 19 / 37
benurrr Messages postés 9643 Date d'inscription   Statut Contributeur sécurité Dernière intervention   107
 
Télécharge UsbFix de C_XX & Chiquitine29

http://www.teamxscript.org/usbfixTelechargement.html


(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

* Double clic sur "UsbFix.exe" présent sur ton bureau ( clic droit "exécuter en tant qu'administrateur" pour Vista & 7 )

* Choisis l'option 1 ( Recherche )

* Laisse travailler l'outil.

* Ensuite poste le rapport UsbFix.txt qui apparaitra.

* Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

* Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Par Manque De Curiosité On Risque De Mourir Ignorant;Tu es libre de penser que tu es C..,
Mais C.. de penser que ­tu es libre...Merci a australe13
0
Réponse 20 / 37
nonoy54 Messages postés 448 Date d'inscription   Statut Membre Dernière intervention   7
 
J'ai réussi quand même en mode sans echec en passant par msconfig option démarrage sécurisé et j'ai fais le nettoyage
Voivi le rapport, après je fais aussi USBfix

¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.1.3.5 ¤¤¤¤¤¤¤¤¤¤

User : Claude ()
Update on 10/02/2011 by g3n-h@ckm@n ::::: 13.00
Start at: 16:22:06 | 11/02/2011

Intel(R) Pentium(R) Dual CPU E2220 @ 2.40GHz
Microsoft Windows 7 Édition Familiale Premium (6.1.7600 32-bit) #
Internet Explorer 8.0.7600.16385
Windows Firewall Status : Enabled

C:\ -> Disque fixe local | 292,33 Go (161,29 Go free) [ACER ] | NTFS
D:\ -> Disque fixe local | 292,12 Go (290,94 Go free) [DATA] | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible

Boot: Safeboot
Killed : PID 1064 'explorer.exe'


¤¤¤¤¤¤¤¤¤¤ Files/folders :

Quarantined & Deleted !! : C:\Users\Claude\AppData\Local\GDIPFONTCACHEV1.DAT
Quarantined & Deleted !! : C:\Windows\wacam.TMP
Quarantined & Deleted !! : C:\Windows\System32\~.inf
Quarantined & Deleted !! : C:\Windows\System32\System32

¤¤¤¤¤¤¤¤¤¤ Hosts ¤¤¤¤¤¤¤¤¤¤

127.0.0.1 localhost

¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤

Deleted : HKCR\AppID\{99806add-c5ef-4632-a3d0-3e778b051f94}
Deleted : HKCR\CLSID\{02aab237-8e24-46ce-bd71-ab4f4df52e3c}
Deleted : HKCR\CLSID\{99806add-c5ef-4632-a3d0-3e778b051f94}
Deleted : HKCR\CLSID\{b792a203-fb64-4909-aefe-a9efb2697e55}
Deleted : HKCR\CLSID\{f1aa2cad-0e89-4239-85e5-a91b69c5862d}
Deleted : HKCR\CLSID\{f251bed0-0544-42c7-abbc-93556e513238}
Deleted : HKCR\CLSID\{f4a40134-ed3b-4069-bc86-ed9733bd3217}
Deleted : HKCR\CLSID\{f817f096-9e9d-45fc-be44-11cef283faea}
Deleted : HKCR\CLSID\{f92ace0c-4692-4793-bc37-eabc55da988a}
Deleted : HKCR\CLSID\{f9458b32-119c-4301-b86d-53a845894d5b}
Deleted : HKCR\CLSID\{f9a9f058-a535-45d3-8414-e80cafd6d31f}
Deleted : HKCR\CLSID\{ff7bcf7c-1d4b-4717-a39a-0db1a107b62b}
Deleted : HKCR\interface\{039b7df6-3103-48f0-bd6f-24291bc7e637}
Deleted : HKCR\interface\{1bd69f2f-96b4-41b3-accf-c46ed55e3a58}
Deleted : HKCR\interface\{2194682f-acb0-45ce-b900-3fcd2d13bfb5}
Deleted : HKCR\interface\{24d4e9fc-5097-483b-b0fe-6e3ef28bff4a}
Deleted : HKCR\interface\{382be372-d636-451d-8fa8-54c51569ad88}
Deleted : HKCR\interface\{3a60359d-0eb2-4437-ad15-a08bee794c14}
Deleted : HKCR\interface\{46902815-1008-40c8-ba07-4f3d2276e6d2}
Deleted : HKCR\interface\{616ee024-f676-45e5-8933-5be48fa9a60e}
Deleted : HKCR\interface\{777421f7-878b-426e-b7f7-593cbe6b543d}
Deleted : HKCR\interface\{777421f7-878b-426e-b7f7-593cbe6b543f}
Deleted : HKCR\interface\{7876dc2b-dd2e-48d3-b182-6e261698aadb}
Deleted : HKCR\interface\{9b7984e0-1b06-434d-a233-5323ab08f05f}
Deleted : HKCR\interface\{a0f36689-35ea-4b9b-8b16-2236b0581557}
Deleted : HKCR\interface\{b1ce34ce-dfa2-4a5e-a99a-5fdef5021994}
Deleted : HKCR\interface\{b373722b-f571-43a6-b51d-15766456ca91}
Deleted : HKCR\interface\{ba79865a-c1ef-402f-9706-609eb2fb2360}
Deleted : HKCR\interface\{bae10fb0-a2ac-4c36-92ce-14bd30be0bb6}
Deleted : HKCR\interface\{ce9cc21b-4f0c-4da5-9a2b-cb4d6a631228}
Deleted : HKCR\interface\{e0778c77-10e3-4ab3-9077-fe845de401b4}
Deleted : HKCR\interface\{e5b630a9-c1e3-42f3-b58b-9afa3662c010}
Deleted : HKCR\Typelib\{067b5d39-578c-4d25-a119-a475e24d5f95}
Deleted : HKCR\Typelib\{a043783e-4380-4270-b770-3b457c7d4cdf}
Deleted : HKCR\Typelib\{b3774019-f8c2-4a55-b075-ff0529b79c31}
Deleted : HKCR\Typelib\{e7c28ebf-91a9-411a-9293-ce9deb0fd816}

¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr/?ocid=iehp
Local Page = C:\WINDOWS\system32\blank.htm
Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.google.com/?gws_rd=ssl
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

¤¤¤¤¤¤¤¤¤¤ Security Center ¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval = 0 (0x0)
AntiVirusDisableNotify = 0 (0x0)
FirewallDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
FirstRunDisabled = 1 (0x1)
AntiVirusOverride = 0 (0x0)
FirewallOverride = 0 (0x0)
InternetSettingsDisableNotify = 0 (0x0)
AutoUpdateDisableNotify = 0 (0x0)
UacDisableNotify = 0 (0x0)
AntispywareOverride = 0 (0x0)

¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤

Ndisuio -> Start = 3
EapHost -> Start = 2
Wlansvc -> Start = 2
SharedAccess -> Start = 2
windefend -> Start = 2
wuauserv -> Start = 2
wscsvc -> Start = 2

¤¤¤¤¤¤¤¤¤¤ Winlogon

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell = 1 (0x1)
Shell = explorer.exe
Userinit = C:\Windows\System32\userinit.exe,
System =

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Disk Cleaned
Prefetch cleaned
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

FEATURE_BROWSER_EMULATION | svchost :
====================================


Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: WDC_WD64 rev.01.0 -> Harddisk0\DR0 -> \Device\0000006b

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor32.sys
C:\Windows\system32\DRIVERS\nvstor32.sys NVIDIA Corporation NVIDIA nForce(TM) SATA Driver
1 ntkrnlpa!IofCallDriver[0x82081448] -> \Device\Harddisk0\DR0[0x85898970]
3 CLASSPNP[0x8ADD459E] -> ntkrnlpa!IofCallDriver[0x82081448] -> [0x849B4940]
5 ACPI[0x8ACAB3B2] -> ntkrnlpa!IofCallDriver[0x82081448] -> \Device\0000006b[0x852D0030]
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 1 !


End of Scan : 16:23:11




¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
benurrr Messages postés 9643 Date d'inscription   Statut Contributeur sécurité Dernière intervention   107
 
cool il a bien travailler passe a usbfix
0

Discussions similaires

infection
gladiator1952 -
gladiator1952 -

6 réponses
infection ou pas?
jpn1000 -
mcvivien2 -

5 réponses
Infection ou pas ???
karissia -
helpcenter -

1 réponse
Infection pc
Nanie24 -
Nanie24 -

22 réponses
[pnkbstra]infection
swazolie -
billou631 -

9 réponses