Sujet Précédent Sujet Suivant

Virus detecte mais pas supprimer

karlo1988 Messages postés 29 Statut Membre -  
 Utilisateur anonyme -
Bonjour,

Voila hier j'ai acheter un anti virus GDATA 2011 et apres l'analyse mon anti virus avait detecter 78 fichier contaminer !!!!!! virus non mis en quarantaine type de virus GEN.Heur.MSIL.Krypt.6(Engine A) que faire pour suprimer ses element ..... ou alors comment remettre mon pc a zero je suis avec un FUJITSU SIEMENS ...... merci de vouloir m'aider ..

A voir également:

39 réponses

  • 1
  • 2
Réponse 1 / 39
Utilisateur anonyme
 
Salut
* Petite intrusion !!

Le script OTM de Marmar66 n 'est pas bon

essayes

* Double clic "OTMoveIt3.exe"
* Utilisateurs Windows Vista / 7 Clic droit sur "OTMoveIt3.exe" choisis "exécuter en tant qu'administrateur" afin de le lancer.

- Copie (Ctrl+C) le texte suivant en gras ci-dessous :

:Reg

[-HKEY_CLASSES_ROOT\CLSID\{286e500c-ef0a-4aa3-a94d-e495f653ef4b}]
[-HKEY_CLASSES_ROOT\CLSID\{319260ab-be0c-4025-8569-7a27ed2faab9}]
[-HKEY_CLASSES_ROOT\CLSID\{9809a6b4-70b1-4bb2-b3b5-b415763a534e}]
[-HKEY_CLASSES_ROOT\Interface\{32c97a37-e2b8-4097-9330-5f3e1125e181}]
[-HKEY_CLASSES_ROOT\Interface\{b0c3de1b-e3ff-4dd0-9229-f452cf9c678e}]
[-HKEY_CLASSES_ROOT\TypeLib\{bce2e826-d0f5-41c8-97be-28a6f540ceeb}]
[-HKEY_CLASSES_ROOT\Interface\{d2d94732-a74d-433c-98f7-9ed740e82ae9}]
[-HKEY_CLASSES_ROOT\CLSID\{d5178f77-c5e6-4e8f-9787-48b5d7eccce8}]

:commands
[emptytemp]
[Reboot]


- Colle (Ctrl+V) le texte précédemment copié dans le cadre: Paste Instructions for Items to be Moved.
- Clique maintenant sur le bouton MoveIt!
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
- Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

bonne continuation >> Marmar66

Contributeur sécurité CCM
1
Réponse 2 / 39
Utilisateur anonyme
 
Salut,

Nous allons effectuer un diagnostic de ton PC:
*Télécharge ZHPDiag sur ton bureau :

https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
ou :
http://www.premiumorange.com/zeb-help-process/zhpdiag.html

* Laisse toi guider lors de l'installation,coche "Ajouter une icône sur le bureau" et décoche la case "Exécuter ZHPDiag"

/!\Utilisateur de Vista et Seven : Clique droit sur le logo de ZHPdiag, « exécuter en tant qu'Administrateur »

* Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)
* Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
* Héberge le rapport ZHPDiag.txt sur un des sites ci dessous, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum :
http://pjjoint.malekal.com/

Si indisponible:
http://www.cijoint.fr/

* Tuto zhpdiag :
http://www.premiumorange.com/zeb-help-process/zhpdiag.html

Hébergement de rapport sur pjjoint.malekal.com

* Rends toi sur http://pjjoint.malekal.com/
* Clique sur le bouton Parcourir
* Sélectionne le fichier que tu veux heberger et clique sur Ouvrir
*Clique sur le bouton Envoyer
* Un message de confirmation s'affiche, copie le lien dans ta prochaine réponse.

@+
0
Réponse 3 / 39
karlo1988 Messages postés 29 Statut Membre
 
https://pjjoint.malekal.com/files.php?id=h7j12l15m12v15j6h14r6y8 voici le lien qui ma ete donner . Merci de m'accorder votre attention ..
0
Réponse 4 / 39
Utilisateur anonyme
 
Re,

Ton PC est très infecté !

1/ * Télécharge de AD-Remover sur ton Bureau.
http://www.teamxscript.org/adremoverTelechargement.html

/!\ Ferme toutes applications en cours /!\

- Double-clique sur l'icône Ad-remover située sur ton Bureau.
- Sur la page, clique sur le bouton « Nettoyer »
- Confirme lancement du scan
- Laisse travailler l'outil.
- Poste le rapport qui apparaît à la fin.

(Le rapport est sauvegardé aussi sous C:\Ad-report(Scan/clean).Txt)

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour c

Ensuite

2/

*Télécharges Malwarebytes' (mbam)

ICI >> Malwarebytes' (mbam)

* installes + mise a jour
* Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) sans les ouvrir
* Lances--> Malwarebytes (MBAM)
* Puis vas dans l'onglet "Recherche", coche >>Exécuter un examen complet
* puis "Rechercher"
* Sélectionnes tes disques durs" puis clique sur "Lancer l'examen"
* A la fin du scan, clique sur Afficher les résultats puis sur Enregistrer le rapport
*Si MalwareBytes' détecte des infections, clique sur ==>Afficher les résultats, puis sur ==>Supprimer la sélection
* S'il t' es demandé de redémarrer, clique sur "oui "
* aprés la suppression(s) de ou des infections trouvées --> poste le rapport ici
!!! Ne pas vider la quarantaine de MBAM sans avis !!!

J'attend les deux rapports

@+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 39
karlo1988 Messages postés 29 Statut Membre
 
======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (SCAN [2]) -> Lancé à 18:31:20 le 20/04/2011, Mode normal

Microsoft Windows XP Édition familiale Service Pack 3 (X86)
Antares@DAMAT-3A7C003D9 ( )

============== RECHERCHE ==============

Service: "Application Updater" Présent

Fichier trouvé: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navigateur OfferBox.lnk
Dossier trouvé: C:\Documents and Settings\Antares\Local Settings\Application Data\Conduit
Dossier trouvé: C:\Program Files\Conduit
Dossier trouvé: C:\Documents and Settings\Antares\Local Settings\Application Data\ConduitEngine
Dossier trouvé: C:\Program Files\ConduitEngine
Dossier trouvé: C:\Program Files\Application Updater
Dossier trouvé: C:\Documents and Settings\Antares\Menu Démarrer\Programmes\CrazyLoader
Dossier trouvé: C:\Program Files\CrazyLoader
Dossier trouvé: C:\Documents and Settings\Antares\Application Data\pdfforge
Dossier trouvé: C:\Program Files\pdfforge Toolbar
Dossier trouvé: C:\Documents and Settings\Antares\Application Data\PriceGong
Dossier trouvé: C:\Documents and Settings\perso\Application Data\PriceGong
Dossier trouvé: C:\Documents and Settings\All Users\Application Data\ResultBar
Dossier trouvé: C:\Program Files\ResultBar
Dossier trouvé: C:\Documents and Settings\Antares\Application Data\Search Settings
Dossier trouvé: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ShopperReports
Dossier trouvé: C:\Documents and Settings\Antares\Application Data\ShopperReports3
Dossier trouvé: C:\Documents and Settings\perso\Application Data\ShopperReports3
Dossier trouvé: C:\Program Files\ShopperReports3
Dossier trouvé: C:\Program Files\Fichiers communs\Spigot
Dossier trouvé: C:\Documents and Settings\Antares\Application Data\OfferBox
Dossier trouvé: C:\Documents and Settings\perso\Application Data\OfferBox
Dossier trouvé: C:\Program Files\OfferBox
Dossier trouvé: C:\Program Files\Widestream6

Clé trouvée: HKLM\Software\Classes\CLSID\{02F9D041-EECA-46B1-8A21-BAFD9146ACC1}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02F9D041-EECA-46B1-8A21-BAFD9146ACC1}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02F9D041-EECA-46B1-8A21-BAFD9146ACC1}
Clé trouvée: HKLM\Software\Classes\CLSID\{0B25FF79-796A-4C2E-B09B-7921065D8EF8}
Clé trouvée: HKLM\Software\Classes\Interface\{0B25FF79-796A-4C2E-B09B-7921065D8EF8}
Clé trouvée: HKLM\Software\Classes\CLSID\{100EB1FD-D03E-47fd-81F3-EE91287F9465}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100EB1FD-D03E-47fd-81F3-EE91287F9465}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47fd-81F3-EE91287F9465}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47fd-81F3-EE91287F9465}
Clé trouvée: HKLM\Software\Classes\CLSID\{1a6dc111-b030-4c3e-be65-299284128b91}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1a6dc111-b030-4c3e-be65-299284128b91}
Clé trouvée: HKLM\Software\Classes\CLSID\{1EB45B75-E889-42BE-B0C9-C8E0EE687052}
Clé trouvée: HKLM\Software\Classes\Interface\{1EB45B75-E889-42BE-B0C9-C8E0EE687052}
Clé trouvée: HKLM\Software\Classes\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}
Clé trouvée: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé trouvée: HKLM\Software\Classes\CLSID\{606d89e9-c72a-4e4d-8d3a-142b2a74ff1b}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{606d89e9-c72a-4e4d-8d3a-142b2a74ff1b}
Clé trouvée: HKLM\Software\Classes\CLSID\{60d7e8fc-8849-46e8-b352-5abbae0c48b4}
Clé trouvée: HKLM\Software\Classes\CLSID\{9b218861-1cad-41e9-8105-1291a91ca488}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9b218861-1cad-41e9-8105-1291a91ca488}
Clé trouvée: HKLM\Software\Classes\CLSID\{A16AD1E9-F69A-45af-9462-B1C286708842}
Clé trouvée: HKLM\Software\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}
Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}
Clé trouvée: HKLM\Software\Classes\CLSID\{A7E8C343-7860-4A95-9AA8-AAF30D0F6D1E}
Clé trouvée: HKLM\Software\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Clé trouvée: HKLM\Software\Classes\CLSID\{C9CCBB35-D123-4a31-AFFC-9B2933132116}
Clé trouvée: HKLM\Software\Classes\CLSID\{CC7BD6F1-565C-47ce-A5BB-9C935E77B59D}
Clé trouvée: HKLM\Software\Classes\CLSID\{CFC16189-8A92-4a29-A940-60248385F426}
Clé trouvée: HKLM\Software\Classes\CLSID\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
Clé trouvée: HKLM\Software\Classes\Interface\{17BF1E05-C0E8-413C-BD1F-A481EEA3B8E9}
Clé trouvée: HKLM\Software\Classes\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226}
Clé trouvée: HKLM\Software\Classes\Interface\{453DB0C5-F41C-4D97-8DD6-CC72ECD5F699}
Clé trouvée: HKLM\Software\Classes\Interface\{4AFC07D0-59BB-46B8-B097-1A46E88EEF71}
Clé trouvée: HKLM\Software\Classes\Interface\{54ADB4A4-6C88-4710-A227-820961B9981E}
Clé trouvée: HKLM\Software\Classes\Interface\{6511CE4C-4722-40D0-AD3D-4AFA2F50978A}
Clé trouvée: HKLM\Software\Classes\Interface\{6612AFDD-34AD-4B89-A236-7E6D07C3FDCD}
Clé trouvée: HKLM\Software\Classes\Interface\{83B2FE06-BA20-4F7D-96C6-6FC3A4E877D3}
Clé trouvée: HKLM\Software\Classes\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}
Clé trouvée: HKLM\Software\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Clé trouvée: HKLM\Software\Classes\Interface\{9BEC9B38-BF39-4899-806E-A1C5DFEB60A2}
Clé trouvée: HKLM\Software\Classes\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}
Clé trouvée: HKLM\Software\Classes\Interface\{B32966A2-F7C2-4362-A6CF-399EC8B44110}
Clé trouvée: HKLM\Software\Classes\Interface\{B690A281-F7D4-4E0F-BA02-A12ADD86277B}
Clé trouvée: HKLM\Software\Classes\Interface\{B86D82BF-D39F-439A-A07C-43EDDC6F6EA6}
Clé trouvée: HKLM\Software\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Clé trouvée: HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Clé trouvée: HKLM\Software\Classes\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}
Clé trouvée: HKLM\Software\Classes\Interface\{DA6305B9-0869-4235-8C1D-533A65E639E5}
Clé trouvée: HKLM\Software\Classes\Interface\{E6961C59-CFCE-4CCD-B794-BC78DB98413A}
Clé trouvée: HKLM\Software\Classes\Interface\{F42A2432-287D-4161-8C94-99C06BEE7A81}
Clé trouvée: HKLM\Software\Classes\Interface\{F44202AE-BE61-41C8-AFEA-5E494EC7595B}
Clé trouvée: HKLM\Software\Classes\Interface\{F8B4EC8A-2407-4BE0-AEE2-0F430D65A90D}
Clé trouvée: HKLM\Software\Classes\TypeLib\{02AED140-2B62-4B49-8B3B-179020CC39B9}
Clé trouvée: HKLM\Software\Classes\TypeLib\{25B7FAD8-85B3-40A4-BBB8-22DBB95831E1}
Clé trouvée: HKLM\Software\Classes\TypeLib\{4FD0EE11-D5B1-41B1-A3BD-F537539804EE}
Clé trouvée: HKLM\Software\Classes\TypeLib\{5D82D8DD-B839-47C1-B8E0-AD754F949BB6}
Clé trouvée: HKLM\Software\Classes\TypeLib\{ACC62306-9A63-4864-BD2F-C8825D2D7EA6}
Clé trouvée: HKLM\Software\Classes\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}
Clé trouvée: HKLM\Software\Classes\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}
Clé trouvée: HKLM\Software\Classes\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}
Clé trouvée: HKLM\Software\Classes\TypeLib\{ED85AEBE-F834-4088-B5D3-97EB2478A6CD}
Clé trouvée: HKLM\Software\Classes\ASAPCom.ASAPClass
Clé trouvée: HKLM\Software\Classes\ASAPCom.ASAPClass.1
Clé trouvée: HKLM\Software\Classes\ASAPCom.ASAPEnvelope
Clé trouvée: HKLM\Software\Classes\ASAPCom.ASAPEnvelope.1
Clé trouvée: HKLM\Software\Classes\ASAPCom.ASAPMain
Clé trouvée: HKLM\Software\Classes\ASAPCom.ASAPMain.1
Clé trouvée: HKLM\Software\Classes\ASAPCom.ASAPMessage
Clé trouvée: HKLM\Software\Classes\ASAPCom.ASAPMessage.1
Clé trouvée: HKLM\Software\Classes\ASAPCom.ASAPRecipients
Clé trouvée: HKLM\Software\Classes\ASAPCom.ASAPRecipients.1
Clé trouvée: HKLM\Software\Classes\BHO.IFlashGetNetscapeEx
Clé trouvée: HKLM\Software\Classes\BHO.IFlashGetNetscapeEx.1
Clé trouvée: HKLM\Software\Classes\Conduit.Engine
Clé trouvée: HKLM\Software\Classes\MenuButtonIE.ButtonIE
Clé trouvée: HKLM\Software\Classes\MenuButtonIE.ButtonIE.1
Clé trouvée: HKLM\Software\Classes\OfferBox.OfferBoxServer
Clé trouvée: HKLM\Software\Classes\OfferBox.OfferBoxServer.1
Clé trouvée: HKLM\Software\Classes\ShopperReports.AsyncReporter
Clé trouvée: HKLM\Software\Classes\ShopperReports.AsyncReporter.1
Clé trouvée: HKLM\Software\Classes\ShopperReports.CntntDic
Clé trouvée: HKLM\Software\Classes\ShopperReports.CntntDic.1
Clé trouvée: HKLM\Software\Classes\ShopperReports.CntntDisp
Clé trouvée: HKLM\Software\Classes\ShopperReports.CntntDisp.1
Clé trouvée: HKLM\Software\Classes\ShopperReports.Dwnldr
Clé trouvée: HKLM\Software\Classes\ShopperReports.Dwnldr.1
Clé trouvée: HKLM\Software\Classes\ShopperReports.HbAx
Clé trouvée: HKLM\Software\Classes\ShopperReports.HbAx.1
Clé trouvée: HKLM\Software\Classes\ShopperReports.HbGuru
Clé trouvée: HKLM\Software\Classes\ShopperReports.HbGuru.1
Clé trouvée: HKLM\Software\Classes\ShopperReports.HbInfoBand
Clé trouvée: HKLM\Software\Classes\ShopperReports.HbInfoBand.1
Clé trouvée: HKLM\Software\Classes\ShopperReports.IEButton
Clé trouvée: HKLM\Software\Classes\ShopperReports.IEButton.1
Clé trouvée: HKLM\Software\Classes\ShopperReports.IEButtonA
Clé trouvée: HKLM\Software\Classes\ShopperReports.IEButtonA.1
Clé trouvée: HKLM\Software\Classes\ShopperReports.KOPFF
Clé trouvée: HKLM\Software\Classes\ShopperReports.KOPFF.1
Clé trouvée: HKLM\Software\Classes\ShopperReports.MozillaNvgtnTrpr
Clé trouvée: HKLM\Software\Classes\ShopperReports.MozillaNvgtnTrpr.1
Clé trouvée: HKLM\Software\Classes\ShopperReports.MozillaPSExecuter
Clé trouvée: HKLM\Software\Classes\ShopperReports.MozillaPSExecuter.1
Clé trouvée: HKLM\Software\Classes\ShopperReports.ReportData
Clé trouvée: HKLM\Software\Classes\ShopperReports.ReportData.1
Clé trouvée: HKLM\Software\Classes\ShopperReports.Reporter
Clé trouvée: HKLM\Software\Classes\ShopperReports.Reporter.1
Clé trouvée: HKLM\Software\Classes\ShopperReports.RprtCtrl
Clé trouvée: HKLM\Software\Classes\ShopperReports.RprtCtrl.1
Clé trouvée: HKLM\Software\Classes\ShopperReports.Scopes
Clé trouvée: HKLM\Software\Classes\ShopperReports.Scopes.1
Clé trouvée: HKLM\Software\Classes\ShopperReports.Stock
Clé trouvée: HKLM\Software\Classes\ShopperReports.Stock.1
Clé trouvée: HKLM\Software\Classes\ShopperReports.TriggerImmidiate
Clé trouvée: HKLM\Software\Classes\ShopperReports.TriggerImmidiate.1
Clé trouvée: HKLM\Software\Classes\ShopperReports.TriggerImmidiateOrRandomTS
Clé trouvée: HKLM\Software\Classes\ShopperReports.TriggerImmidiateOrRandomTS.1
Clé trouvée: HKLM\Software\Classes\ShopperReports.TriggerOnceInDay
Clé trouvée: HKLM\Software\Classes\ShopperReports.TriggerOnceInDay.1
Clé trouvée: HKLM\Software\Classes\Toolbar.CT2542115
Clé trouvée: HKLM\Software\Classes\Toolbar.CT2899468
Clé trouvée: HKLM\Software\Classes\AppID\BRNstIE.DLL
Clé trouvée: HKLM\Software\Classes\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D}
Clé trouvée: HKLM\Software\Classes\AppID\CmndFF.DLL
Clé trouvée: HKLM\Software\Classes\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306}
Clé trouvée: HKLM\Software\Classes\AppID\MenuButtonIE.DLL
Clé trouvée: HKLM\Software\Classes\AppID\{11C27351-716B-4052-9361-E3B0A3F8221C}
Clé trouvée: HKLM\Software\Classes\AppID\mozillaps.dll
Clé trouvée: HKLM\Software\Classes\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE}
Clé trouvée: HKLM\Software\Classes\AppID\Pltfrm.DLL
Clé trouvée: HKLM\Software\Classes\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227}
Clé trouvée: HKLM\Software\Application Updater
Clé trouvée: HKLM\Software\Conduit
Clé trouvée: HKLM\Software\conduitEngine
Clé trouvée: HKLM\Software\OfferBox
Clé trouvée: HKLM\Software\pdfforge
Clé trouvée: HKLM\Software\ResultBar
Clé trouvée: HKLM\Software\Search Settings
Clé trouvée: HKLM\Software\ShopperReports3
Clé trouvée: HKCU\Software\Conduit
Clé trouvée: HKCU\Software\conduitEngine
Clé trouvée: HKCU\Software\OfferBox
Clé trouvée: HKCU\Software\PriceGong
Clé trouvée: HKCU\Software\ShopperReports3
Clé trouvée: HKCU\Software\AppDataLow\Software\Search Settings
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ClickPotato
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\CrazyLoader
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ShopperReports
Clé trouvée: HKLM\Software\Classes\Installer\Products\7A931B0A5D8E8E947AFB2124E1562280
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\7A931B0A5D8E8E947AFB2124E1562280
Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{37F4A335-D085-423e-A425-0370799166FB}
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a61376ff-292a-4591-a6b5-d90771424583}
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4D18F23-40FB-4A8C-B236-3D89DCC0BE6B}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\OfferBox
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\OfferBox Browser
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ResultBar
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ShopperReportsSA
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3}
Clé trouvée: HKLM\Software\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2}
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4D03-A0CF-8203604C3DA6}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483C-A137-731E8F113DD5}

Valeur trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|ShopperReports 3.0.517.0
Valeur trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|SRS_IT_E879057EB676555037A093
Valeur trouvée: HKLM\Software\Mozilla\Firefox\Extensions|offerboxffx@offerbox.com
Valeur trouvée: HKLM\Software\Mozilla\Firefox\Extensions|ShopperReports@ShopperReports.com
Valeur trouvée: HKLM\Software\Mozilla\Firefox\Extensions|widestream6@spointer.com
Valeur trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SearchSettings
Valeur trouvée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{B922D405-6D13-4A2B-AE89-08A030DA4402}
Valeur trouvée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}
Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{30F9B915-B755-4826-820B-08FBA6BD249D}

============== SCAN ADDITIONNEL ==============

**** Mozilla Firefox Version [3.6.16 (fr)] ****

HKLM_MozillaPlugins\@pages.tvunetworks.com/WebPlayer (x)
HKLM_MozillaPlugins\@pandonetworks.com/PandoWebPlugin (x)
HKCU_MozillaPlugins\pandonetworks.com/PandoWebPlugin (x)
Searchplugins\fcmdSrchppcb.xml (hxxp://start.facemoods.com/?a=ppcb&f=4&q={searchTerms}/)
Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} (G Data Filtre Internet)
HKLM_Extensions|offerboxffx@offerbox.com - C:\Program Files\OfferBox\offerboxffx@offerbox.com
HKLM_Extensions|ShopperReports@ShopperReports.com - C:\Program Files\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions
HKLM_Extensions|widestream6@spointer.com - C:\Program Files\Widestream6\spointer\extensions\widestream6@spointer.com

-- C:\Documents and Settings\Antares\Application Data\Mozilla\FireFox\Profiles\i4ka76pl.default --
Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\Antares\\Mes documents\\Téléchargements
Prefs.js - browser.search.defaultenginename, Yahoo
Prefs.js - browser.search.selectedEngine, Yahoo
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.16
Prefs.js - keyword.URL, hxxp://fr.search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=302398&p=

========================================

**** Internet Explorer Version [8.0.6001.18702] ****

HKCU_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKCU_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Start Page - hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Start Page - hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://home.sweetim.com
AboutUrls|Tabs - hxxp://start.facemoods.com/?a=ppcb&f=2
HKCU_URLSearchHooks|{B922D405-6D13-4A2B-AE89-08A030DA4402} - "pdfforge Toolbar" (C:\Program Files\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll)
HKCU_URLSearchHooks|{4daac69c-cba7-45e2-9bc8-1044483d3352} - "Softonic_France Toolbar" (C:\Program Files\Softonic_France\tbSoft.dll)
HKCU_URLSearchHooks|{EEE6C35D-6118-11DC-9C72-001320C79847} - "SweetIM ToolbarURLSearchHook Class" (C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll)
HKCU_URLSearchHooks|{a3d9f146-03da-4695-878c-81ef970f2f96} - "SearchingBar Toolbar" (C:\Program Files\SearchingBar\prxtbSear.dll)
HKCU_SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A} - "Search" (hxxp://start.facemoods.com/?a=ppcb&s={searchTerms}&f=4)
HKCU_SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - "Search the web (Babylon)" (hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15627)
HKCU_SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} - "SearchingBar Customized Web Search" (hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT...)
HKCU_SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} - "SweetIM Search" (hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms})
HKLM_SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A} - "?" (hxxp://start.facemoods.com/?a=ppcb&s={searchTerms}&f=4&hl={language}&src=chrm)
HKLM_SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} - "SweetIM Search" (hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms})
HKCU_Toolbar\WebBrowser|{4DAAC69C-CBA7-45E2-9BC8-1044483D3352} (C:\Program Files\Softonic_France\tbSoft.dll)
HKCU_Toolbar\WebBrowser|{EEE6C35B-6118-11DC-9C72-001320C79847} (C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)
HKCU_Toolbar\WebBrowser|{A3D9F146-03DA-4695-878C-81EF970F2F96} (C:\Program Files\SearchingBar\prxtbSear.dll)
HKCU_Toolbar\WebBrowser|{30F9B915-B755-4826-820B-08FBA6BD249D} (C:\Program Files\ConduitEngine\ConduitEngine.dll)
HKLM_Toolbar|{4daac69c-cba7-45e2-9bc8-1044483d3352} (C:\Program Files\Softonic_France\tbSoft.dll)
HKLM_Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D} (C:\Program Files\ConduitEngine\ConduitEngine.dll)
HKLM_Toolbar|{98889811-442D-49dd-99D7-DC866BE87DBC} (C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarTlbr.dll)
HKLM_Toolbar|{EEE6C35B-6118-11DC-9C72-001320C79847} (C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)
HKLM_Toolbar|{a3d9f146-03da-4695-878c-81ef970f2f96} (C:\Program Files\SearchingBar\prxtbSear.dll)
HKLM_Toolbar|{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} (C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll)
HKLM_Toolbar|{B922D405-6D13-4A2B-AE89-08A030DA4402} (C:\Program Files\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll)
HKLM_Toolbar|{0124123D-61B4-456f-AF86-78C53A0790C5} (C:\Program Files\G Data\AntiVirus\WebFilter\AvkWebIE.dll)
HKLM_ElevationPolicy\${ELV_GUID} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarsrv.exe (Babylon Ltd.)
HKLM_ElevationPolicy\{37F4A335-D085-423e-A425-0370799166FB} - C:\Program Files\OfferBox\OfferBox.exe (Secure Digital Services Limited)
HKLM_ElevationPolicy\{7CA58D56-0AB4-43E1-AF96-467F5ED4F7A8} - C:\Program Files\SearchingBar\SearchingBarToolbarHelper.exe (?)
HKLM_ElevationPolicy\{980AC032-D573-46BF-BF07-60979B7786DD} - C:\Documents and Settings\Antares\Local Settings\Application Data\Conduit\CT2899468\SearchingBarAutoUpdateHelper.exe (?)
HKLM_ElevationPolicy\{a61376ff-292a-4591-a6b5-d90771424583} - C:\Program Files\Widestream6\spointer\widestream6_air.exe (Widestream6)
HKLM_ElevationPolicy\{C4D18F23-40FB-4A8C-B236-3D89DCC0BE6B} - C:\Program Files\ConduitEngine\ConduitEngineHelper.exe (?)
HKLM_ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe (SweetIM Technologies Ltd.)
HKLM_ElevationPolicy\{FFDF9EF3-3C3A-4f05-9A6E-5D3B778EC567} - C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe (facemoods.com)
HKLM_Extensions\{90EAE591-7E7E-434a-8E28-ECFD00071806} - "PokerStars.fr" (C:\Program Files\PokerStars.FR\main.ico)
HKLM_Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2} - "ShopperReports - Compare product prices" (C:\Program Files\ShopperReports3\bin\3.0.517.0\ShopperReports.dll,203)
HKLM_Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3} - "ShopperReports - Compare travel rates" (C:\Program Files\ShopperReports3\bin\3.0.517.0\ShopperReports.dll,201)
HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
BHO\{100EB1FD-D03E-47fd-81F3-EE91287F9465} - "ShopperReports" (C:\Program Files\ShopperReports3\bin\3.0.517.0\ShopperReports.dll) (x)
BHO\{1a6dc111-b030-4c3e-be65-299284128b91} - "Interest recogniser for Widestream6 (powered by Spointer)" (C:\Program Files\Widestream6\spointer\extensions\widestream6_air_ie.dll)
BHO\{2EECD738-5844-4a99-B4B6-146BF802613B} - "CescrtHlpr Object" (C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.10\bh\BabylonToolbar.dll)
BHO\{30F9B915-B755-4826-820B-08FBA6BD249D} - "Conduit Engine" (C:\Program Files\ConduitEngine\ConduitEngine.dll)
BHO\{4daac69c-cba7-45e2-9bc8-1044483d3352} - "Softonic_France Toolbar" (C:\Program Files\Softonic_France\tbSoft.dll)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
BHO\{64182481-4F71-486b-A045-B233BD0DA8FC} - "CescrtHlpr Object" (C:\Program Files\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll)
BHO\{a3d9f146-03da-4695-878c-81ef970f2f96} - "SearchingBar Toolbar" (C:\Program Files\SearchingBar\prxtbSear.dll)
BHO\{b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - "FlashGetBHO" (C:\Documents and Settings\Antares\Application Data\FlashGetBHO\FlashGetBHO3.dll)
BHO\{B922D405-6D13-4A2B-AE89-08A030DA4402} - "pdfforge Toolbar" (C:\Program Files\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll)
BHO\{EEE6C35C-6118-11DC-9C72-001320C79847} - "SweetIM Toolbar Helper" (C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)
BHO\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C} - "OfferBox" (C:\Program Files\OfferBox\OfferBoxBHO.dll)

========================================
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Version de la base de données: 6407

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

20/04/2011 20:12:53
mbam-log-2011-04-20 (20-12-53).txt

Type d'examen: Examen complet (C:\|J:\|)
Elément(s) analysé(s): 197875
Temps écoulé: 1 heure(s), 32 minute(s), 45 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 85
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 25
Fichier(s) infecté(s): 30

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{11C27351-716B-4052-9361-E3B0A3F8221C} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{100EB1FD-D03E-47fd-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{E343EDFC-1E6C-4cb5-AA29-E9C922641C80} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.RprtCtrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.RprtCtrl (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbAx.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbAx (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A16AD1E9-F69A-45af-9462-B1C286708842} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.IEButtonA.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.IEButtonA (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbInfoBand.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbInfoBand (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{C9CCBB35-D123-4a31-AFFC-9B2933132116} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.IEButton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.IEButton (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{CC7BD6F1-565C-47ce-A5BB-9C935E77B59D} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{02AED140-2B62-4B49-8B3B-179020CC39B9} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17BF1E05-C0E8-413C-BD1F-A481EEA3B8E9} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.CntntDic.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.CntntDic (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{CFC16189-8A92-4a29-A940-60248385F426} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.CntntDisp.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.CntntDisp (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{ACC62306-9A63-4864-BD2F-C8825D2D7EA6} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4d03-A0CF-8203604C3DA6} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483c-A137-731E8F113DD5} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.AsyncReporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.AsyncReporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Dwnldr (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Dwnldr.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbGuru (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbGuru.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.KOPFF (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.KOPFF.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.MozillaNvgtnTrpr (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.MozillaNvgtnTrpr.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.MozillaPSExecuter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.MozillaPSExecuter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.ReportData (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.ReportData.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Reporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Reporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Scopes (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Scopes.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Stock (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Stock.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiate (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiate.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiateOrRandomTS (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiateOrRandomTS.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerOnceInDay (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerOnceInDay.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BRNstIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\CmndFF.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\mozillaps.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Pltfrm.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ResultBar (Adware.ResultBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ResultBar (Adware.ResultBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperReportsSA (Adware.ShopperReports) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Defender (Trojan.Agent.Gen) -> Value: Windows Defender -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\ShopperReports 3.0.517.0 (Adware.HotBar) -> Value: ShopperReports 3.0.517.0 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E879057EB676555037A093 (Malware.Trace) -> Value: SRS_IT_E879057EB676555037A093 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Windows Defender (Worm.AutoRun) -> Value: Windows Defender -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Defender (Trojan.Agent.Gen) -> Value: Windows Defender -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ShopperReports@ShopperReports.com (ShopperReports) -> Value: ShopperReports@ShopperReports.com -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
c:\documents and settings\all users\application data\resultbar (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\documents and settings\Antares\application data\shopperreports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\Antares\application data\shopperreports3\IE (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\Antares\application data\shopperreports3\IE\cs (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\Antares\application data\shopperreports3\IE\cs\db (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\Antares\application data\shopperreports3\IE\cs\dwld (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\Antares\application data\shopperreports3\IE\cs\report (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\Antares\application data\shopperreports3\IE\cs\res1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\perso\application data\shopperreports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\perso\application data\shopperreports3\IE (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\perso\application data\shopperreports3\IE\cs (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\perso\application data\shopperreports3\IE\cs\db (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\perso\application data\shopperreports3\IE\cs\dwld (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\perso\application data\shopperreports3\IE\cs\report (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\perso\application data\shopperreports3\IE\cs\res1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\resultbar (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\shopperreports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0 (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\all users\menu démarrer\programmes\shopperreports (Adware.ShopperReports) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
c:\program files\shopperreports3\bin\3.0.517.0\cntntcntr.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\Antares\Bureau\multimedia\logiciel\uusee_setup_2007.exe (PUP.Uusee) -> Not selected for removal.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\Antares\application data\data.dat (Stolen.Data) -> Quarantined and deleted successfully.
c:\documents and settings\perso\application data\data.dat (Stolen.Data) -> Quarantined and deleted successfully.
c:\documents and settings\perso\application data\windefender.exe (Trojan.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\secushr.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\Antares\application data\shopperreports3\IE\cs\Config.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\Antares\application data\shopperreports3\IE\cs\db\Aliases.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\Antares\application data\shopperreports3\IE\cs\db\Sites.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\Antares\application data\shopperreports3\IE\cs\dwld\whitelist.xip (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\Antares\application data\shopperreports3\IE\cs\report\aggr_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\Antares\application data\shopperreports3\IE\cs\report\send_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\Antares\application data\shopperreports3\IE\cs\res1\whitelist.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\perso\application data\shopperreports3\IE\cs\Config.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\perso\application data\shopperreports3\IE\cs\db\Aliases.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\perso\application data\shopperreports3\IE\cs\db\Sites.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\perso\application data\shopperreports3\IE\cs\dwld\whitelist.xip (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\perso\application data\shopperreports3\IE\cs\report\aggr_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\perso\application data\shopperreports3\IE\cs\report\send_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\perso\application data\shopperreports3\IE\cs\res1\whitelist.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\link.ico (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\shopperreportsuninstaller.exe (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome.manifest (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\install.rdf (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome\firefoxtoolbar.jar (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\all users\menu démarrer\programmes\shopperreports\About Us.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\all users\menu démarrer\programmes\shopperreports\customer support.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\all users\menu démarrer\programmes\shopperreports\shopperreports uninstall instructions.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.

voila merci encore de m'aider pour un probleme qui n est pas le tient ........
C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 2 Fichier(s)

C:\Ad-Report-SCAN[1].txt - 20/04/2011 18:27:20 (25360 Octet(s))
C:\Ad-Report-SCAN[2].txt - 20/04/2011 18:31:23 (22020 Octet(s))

Fin à: 18:32:00, 20/04/2011

============== E.O.F ==============
0
Réponse 6 / 39
Utilisateur anonyme
 
Re,

Tu relances Ad-Remover et tu choisis l'option "Nettoyer" et non chercher c'est à dire exactement :

/!\ Ferme toutes applications en cours /!\

- Double-clique sur l'icône Ad-remover située sur ton Bureau.
- Sur la page, clique sur le bouton « Nettoyer »
- Confirme lancement du scan
- Laisse travailler l'outil.
- Poste le rapport qui apparaît à la fin.

(Le rapport est sauvegardé aussi sous C:\Ad-report(Scan/clean).Txt)

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour c
0
Réponse 7 / 39
karlo1988 Messages postés 29 Statut Membre
 
======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [3]) -> Lancé à 22:23:06 le 20/04/2011, Mode normal

Microsoft Windows XP Édition familiale Service Pack 3 (X86)
Antares@DAMAT-3A7C003D9 ( )

============== ACTION(S) ==============

(!) -- Fichiers temporaires supprimés.

============== SCAN ADDITIONNEL ==============

**** Mozilla Firefox Version [3.6.16 (fr)] ****

HKLM_MozillaPlugins\@pages.tvunetworks.com/WebPlayer (x)
HKLM_MozillaPlugins\@pandonetworks.com/PandoWebPlugin (x)
HKCU_MozillaPlugins\pandonetworks.com/PandoWebPlugin (x)
Searchplugins\fcmdSrchppcb.xml (hxxp://start.facemoods.com/?a=ppcb&f=4&q={searchTerms}/)
Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} (G Data Filtre Internet)

-- C:\Documents and Settings\Antares\Application Data\Mozilla\FireFox\Profiles\i4ka76pl.default --
Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\Antares\\Mes documents\\Téléchargements
Prefs.js - browser.search.defaultenginename, Yahoo
Prefs.js - browser.search.selectedEngine, Yahoo
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.16
Prefs.js - keyword.URL, hxxp://fr.search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=302398&p=

========================================

**** Internet Explorer Version [8.0.6001.18702] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_URLSearchHooks|{B922D405-6D13-4A2B-AE89-08A030DA4402} (x)
HKCU_URLSearchHooks|{4daac69c-cba7-45e2-9bc8-1044483d3352} - "Softonic_France Toolbar" (C:\Program Files\Softonic_France\tbSoft.dll)
HKCU_URLSearchHooks|{EEE6C35D-6118-11DC-9C72-001320C79847} - "SweetIM ToolbarURLSearchHook Class" (C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll)
HKCU_URLSearchHooks|{a3d9f146-03da-4695-878c-81ef970f2f96} - "SearchingBar Toolbar" (C:\Program Files\SearchingBar\prxtbSear.dll)
HKCU_SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A} - "Search" (hxxp://start.facemoods.com/?a=ppcb&s={searchTerms}&f=4)
HKCU_SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} - "SweetIM Search" (hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms})
HKLM_SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A} - "?" (hxxp://start.facemoods.com/?a=ppcb&s={searchTerms}&f=4&hl={language}&src=chrm)
HKLM_SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} - "SweetIM Search" (hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms})
HKCU_Toolbar\WebBrowser|{4DAAC69C-CBA7-45E2-9BC8-1044483D3352} (C:\Program Files\Softonic_France\tbSoft.dll)
HKCU_Toolbar\WebBrowser|{EEE6C35B-6118-11DC-9C72-001320C79847} (C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)
HKCU_Toolbar\WebBrowser|{A3D9F146-03DA-4695-878C-81EF970F2F96} (C:\Program Files\SearchingBar\prxtbSear.dll)
HKLM_Toolbar|{4daac69c-cba7-45e2-9bc8-1044483d3352} (C:\Program Files\Softonic_France\tbSoft.dll)
HKLM_Toolbar|{98889811-442D-49dd-99D7-DC866BE87DBC} (C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarTlbr.dll)
HKLM_Toolbar|{EEE6C35B-6118-11DC-9C72-001320C79847} (C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)
HKLM_Toolbar|{a3d9f146-03da-4695-878c-81ef970f2f96} (C:\Program Files\SearchingBar\prxtbSear.dll)
HKLM_Toolbar|{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} (C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll)
HKLM_Toolbar|{0124123D-61B4-456f-AF86-78C53A0790C5} (C:\Program Files\G Data\AntiVirus\WebFilter\AvkWebIE.dll)
HKLM_ElevationPolicy\${ELV_GUID} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarsrv.exe (Babylon Ltd.)
HKLM_ElevationPolicy\{7CA58D56-0AB4-43E1-AF96-467F5ED4F7A8} - C:\Program Files\SearchingBar\SearchingBarToolbarHelper.exe (?)
HKLM_ElevationPolicy\{980AC032-D573-46BF-BF07-60979B7786DD} - C:\Documents and Settings\Antares\Local Settings\Application Data\Conduit\CT2899468\SearchingBarAutoUpdateHelper.exe (x)
HKLM_ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe (SweetIM Technologies Ltd.)
HKLM_ElevationPolicy\{FFDF9EF3-3C3A-4f05-9A6E-5D3B778EC567} - C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe (facemoods.com)
HKLM_Extensions\{90EAE591-7E7E-434a-8E28-ECFD00071806} - "PokerStars.fr" (C:\Program Files\PokerStars.FR\main.ico)
HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
BHO\{2EECD738-5844-4a99-B4B6-146BF802613B} - "CescrtHlpr Object" (C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.10\bh\BabylonToolbar.dll)
BHO\{4daac69c-cba7-45e2-9bc8-1044483d3352} - "Softonic_France Toolbar" (C:\Program Files\Softonic_France\tbSoft.dll)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
BHO\{64182481-4F71-486b-A045-B233BD0DA8FC} - "CescrtHlpr Object" (C:\Program Files\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll)
BHO\{a3d9f146-03da-4695-878c-81ef970f2f96} - "SearchingBar Toolbar" (C:\Program Files\SearchingBar\prxtbSear.dll)
BHO\{b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - "FlashGetBHO" (C:\Documents and Settings\Antares\Application Data\FlashGetBHO\FlashGetBHO3.dll)
BHO\{EEE6C35C-6118-11DC-9C72-001320C79847} - "SweetIM Toolbar Helper" (C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)

========================================

C:\Program Files\Ad-Remover\Quarantine: 1 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 15 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 20/04/2011 22:02:37 (6470 Octet(s))
C:\Ad-Report-CLEAN[2].txt - 20/04/2011 22:13:28 (6923 Octet(s))
C:\Ad-Report-CLEAN[3].txt - 20/04/2011 22:23:17 (6224 Octet(s))

Fin à: 22:38:18, 20/04/2011

============== E.O.F ==============
0
Réponse 8 / 39
karlo1988 Messages postés 29 Statut Membre
 
MERCI a vous deux je vais devoir m'absenter plusieurs jours merci de vouloir continuer a resoudre ce soucis a moin que vous ne repondier la nuit ^
0
Utilisateur anonyme
 
En attendant ton retour :)
0
karlo1988
 
merci marmar ... !! je suis de reour
0
Réponse 9 / 39
Utilisateur anonyme
 
Salut,

Maintenant, stp Lance ZHPDiag depuis ton bureau, clique sur l'onglet vert Flèche

en bas pour faire la mise à jour, ensuite tu fais ceci :

* Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)
* Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
* Héberge le rapport ZHPDiag.txt sur un des sites ci dessous, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum :
http://pjjoint.malekal.com/

Si indisponible:
http://www.cijoint.fr/

* Tuto zhpdiag :
http://www.premiumorange.com/zeb-help-process/zhpdiag.html

Hébergement de rapport sur pjjoint.malekal.com

* Rends toi sur http://pjjoint.malekal.com/
* Clique sur le bouton Parcourir
* Sélectionne le fichier que tu veux heberger et clique sur Ouvrir
*Clique sur le bouton Envoyer
* Un message de confirmation s'affiche, copie le lien dans ta prochaine réponse.
0
karlo1988
 
http://pjjoint.malekal.com/files.php?id=14c12x14h6j8m8r9f15p14 voici le lien .. marmar
0
Réponse 10 / 39
Utilisateur anonyme
 
Copie tout le texte présent en gras ci-dessous ( tu le selectionnes avec ta souris / Clique droit dessus et choisis "copier" ou fait Ctrl+C )

[MD5.A64DA4EF938434F19142F964296347BF] - (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe [111928]
R3 - URLSearchHook: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} Clé orpheline
O4 - HKLM\..\Run: [SweetIM] . (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [UUSeeMediaCenter] C:\Program Files\Fichiers communs\uusee\UUSeeMediaCenter.exe (.not file.)
O4 - Global Startup: C:\Documents And Settings\Antares\Menu Démarrer\Programmes\Navigateur OfferBox.lnk . (...) -- C:\Program Files\OfferBox\OfferBoxLauncher.exe (.not file.)
O42 - Logiciel: Widestream6 - (.Secure Digital Services.) [HKLM] -- {835525BE-63BD-4EC4-9425-00CEAD4849C2}
O42 - Logiciel: pdfforge Toolbar v4.3 - (.Spigot, Inc..) [HKLM] -- {A0B139A7-E8D5-49E8-A7BF-12421E652208}
O47 - AAKE:Key Export SP - "C:\Documents and Settings\perso\Application Data\WinDefender.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) -- C:\Documents and Settings\perso\Application Data\WinDefender.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Documents and Settings\Antares\Application Data\WinDefender.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) -- C:\Documents and Settings\Antares\Application Data\WinDefender.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\uusee\UUSeePlayer.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) -- C:\Program Files\uusee\UUSeePlayer.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\Fichiers communs\uusee\UUSeeMediaCenter.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) -- C:\Program Files\Fichiers communs\uusee\UUSeeMediaCenter.exe (.not file.)
[HKCR\Interface\{21447c90-6ec1-4fc1-9379-bd515008aedb}]
[HKCR\CLSID\{286e500c-ef0a-4aa3-a94d-e495f653ef4b}]
[HKCR\CLSID\{319260ab-be0c-4025-8569-7a27ed2faab9}]
[HKCR\Interface\{32c97a37-e2b8-4097-9330-5f3e1125e181}]
[HKCR\CLSID\{9809a6b4-70b1-4bb2-b3b5-b415763a534e}]
[HKCR\Interface\{b0c3de1b-e3ff-4dd0-9229-f452cf9c678e}]
[HKCR\TypeLib\{bce2e826-d0f5-41c8-97be-28a6f540ceeb}]
[HKCR\Interface\{d2d94732-a74d-433c-98f7-9ed740e82ae9}]
[HKCR\CLSID\{d5178f77-c5e6-4e8f-9787-48b5d7eccce8}]
[HKCR\Interface\{dfd5d79b-ef2f-4a51-9821-5b469f05262e}]
FirewallRAZ
EmptyTemp
EmptyFlash


Puis Lance ZHPFix depuis le raccourci du bureau .

* Une fois l'outil ZHPFix ouvert , clique sur le bouton [ H ] ( "coller les lignes Helper" ) .

* Dans l'encadré principal tu verras donc les lignes que tu as copié précédemment apparaitrent .

Vérifie que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre.

Clique sur le bouton GO

Copie/Colle le rapport à l'écran dans ton prochain message.
0
Réponse 11 / 39
karlo1988
 
========== Clé(s) du Registre ==========
O42 - Logiciel: Widestream6 - (.Secure Digital Services.) [HKLM] -- {835525BE-63BD-4EC4-9425-00CEAD4849C2} => Clé supprimée avec succès
O42 - Logiciel: pdfforge Toolbar v4.3 - (.Spigot, Inc..) [HKLM] -- {A0B139A7-E8D5-49E8-A7BF-12421E652208} => Clé supprimée avec succès
HKCR\Interface\{21447c90-6ec1-4fc1-9379-bd515008aedb} => Clé non supprimée
HKCR\CLSID\{286e500c-ef0a-4aa3-a94d-e495f653ef4b} => Clé non supprimée
HKCR\CLSID\{319260ab-be0c-4025-8569-7a27ed2faab9} => Clé non supprimée
HKCR\Interface\{32c97a37-e2b8-4097-9330-5f3e1125e181} => Clé non supprimée
HKCR\CLSID\{9809a6b4-70b1-4bb2-b3b5-b415763a534e} => Clé non supprimée
HKCR\Interface\{b0c3de1b-e3ff-4dd0-9229-f452cf9c678e} => Clé non supprimée
HKCR\TypeLib\{bce2e826-d0f5-41c8-97be-28a6f540ceeb} => Clé non supprimée
HKCR\Interface\{d2d94732-a74d-433c-98f7-9ed740e82ae9} => Clé non supprimée
HKCR\CLSID\{d5178f77-c5e6-4e8f-9787-48b5d7eccce8} => Clé non supprimée
HKCR\Interface\{dfd5d79b-ef2f-4a51-9821-5b469f05262e} => Clé non supprimée

========== Valeur(s) du Registre ==========
R3 - URLSearchHook: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} Clé orpheline => Valeur supprimée avec succès
O4 - HKLM\..\Run: [SweetIM] . (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe => Valeur supprimée avec succès
O4 - HKLM\..\Run: [UUSeeMediaCenter] C:\Program Files\Fichiers communs\uusee\UUSeeMediaCenter.exe (.not file.) => Valeur supprimée avec succès
O47 - AAKE:Key Export SP - "C:\Documents and Settings\perso\Application Data\WinDefender.exe" [Enabled] .(.) -- C:\Documents and Settings\perso\Application Data\WinDefender.exe (.not file.) => Valeur supprimée avec succès
O47 - AAKE:Key Export SP - "C:\Documents and Settings\Antares\Application Data\WinDefender.exe" [Enabled] .(.) -- C:\Documents and Settings\Antares\Application Data\WinDefender.exe (.not file.) => Valeur supprimée avec succès
O47 - AAKE:Key Export SP - "C:\Program Files\uusee\UUSeePlayer.exe" [Enabled] .(.) -- C:\Program Files\uusee\UUSeePlayer.exe (.not file.) => Valeur supprimée avec succès
O47 - AAKE:Key Export SP - "C:\Program Files\Fichiers communs\uusee\UUSeeMediaCenter.exe" [Enabled] .(.) -- C:\Program Files\Fichiers communs\uusee\UUSeeMediaCenter.exe (.not file.) => Valeur supprimée avec succès
FirewallRaz (SP) : C:\Program Files\ma-config.com\maconfservice.exe => Valeur supprimée avec succès
FirewallRaz (SP) : C:\Program Files\eMule\emule.exe => Valeur supprimée avec succès
FirewallRaz (SP) : C:\Documents and Settings\Antares\Bureau\eMule\emule.exe => Valeur supprimée avec succès
FirewallRaz (SP) : C:\Program Files\Messenger\msmsgs.exe => Valeur supprimée avec succès
FirewallRaz (SP) : C:\Program Files\World of Warcraft\Launcher.exe => Valeur supprimée avec succès
FirewallRaz (SP) : C:\Program Files\World of Warcraft\Launcher.patch.exe => Valeur supprimée avec succès
FirewallRaz (SP) : C:\Program Files\World of Warcraft\Blizzard Downloader.exe => Valeur supprimée avec succès
FirewallRaz (SP) : C:\Documents and Settings\Antares\Application Data\bot.exe => Valeur supprimée avec succès
FirewallRaz (SP) : C:\Documents and Settings\Antares\Local Settings\Application Data\Opera\Opera\temporary_downloads\FreeLiveCam.exe => Valeur supprimée avec succès
FirewallRaz (SP) : C:\Documents and Settings\perso\Application Data\bot.exe => Valeur supprimée avec succès
FirewallRaz (SP) : C:\DOCUME~1\Antares\LOCALS~1\Temp\12976.exe => Valeur supprimée avec succès
FirewallRaz (SP) : C:\Documents and Settings\Antares\Application Data\FreeLiveCam.exe => Valeur supprimée avec succès
FirewallRaz (SP) : C:\DOCUME~1\perso\LOCALS~1\Temp\50073.exe => Valeur supprimée avec succès
FirewallRaz (SP) : C:\Documents and Settings\perso\Application Data\FreeLiveCam.exe => Valeur supprimée avec succès
FirewallRaz (SP) : C:\DOCUME~1\Antares\LOCALS~1\Temp\91712.exe => Valeur supprimée avec succès
FirewallRaz (SP) : C:\DOCUME~1\Antares\LOCALS~1\Temp\3288.exe => Valeur supprimée avec succès
FirewallRaz (SP) : C:\Program Files\adslTV\adsltv.exe => Valeur supprimée avec succès
FirewallRaz (SP) : C:\Program Files\adslTV\VLC\vlc.exe => Valeur supprimée avec succès
FirewallRaz : Aucune valeur présente dans la clé d'exception du registre

========== Dossier(s) ==========
Dossiers Flash Cookies supprimés : 29

========== Fichier(s) ==========
Fichiers Flash Cookies supprimés : 15

========== Récapitulatif ==========
12 : Clé(s) du Registre
26 : Valeur(s) du Registre
1 : Dossier(s)
1 : Fichier(s)

End of the scan
0
Réponse 12 / 39
Utilisateur anonyme
 
1/
? Télécharge OTM (OldTimer) sur ton Bureau :
http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/
? Double-clique sur OTM.exe afin de le lancer.
? Copie (Ctrl+C) le texte suivant ci-dessous :

:Reg
HKCR\Interface\{21447c90-6ec1-4fc1-9379-bd515008aedb}
HKCR\CLSID\{286e500c-ef0a-4aa3-a94d-e495f653ef4b}
HKCR\CLSID\{319260ab-be0c-4025-8569-7a27ed2faab9}
HKCR\Interface\{32c97a37-e2b8-4097-9330-5f3e1125e181}
HKCR\CLSID\{9809a6b4-70b1-4bb2-b3b5-b415763a534e}
HKCR\Interface\{b0c3de1b-e3ff-4dd0-9229-f452cf9c678e}
HKCR\TypeLib\{bce2e826-d0f5-41c8-97be-28a6f540ceeb}
HKCR\Interface\{d2d94732-a74d-433c-98f7-9ed740e82ae9}
HKCR\CLSID\{d5178f77-c5e6-4e8f-9787-48b5d7eccce8}
HKCR\Interface\{dfd5d79b-ef2f-4a51-9821-5b469f05262e}
:commands
[emptytemp]
[start explorer]
[reboot]

? Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
? Clique maintenant sur le bouton MoveIt! puis ferme OTM

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

? Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles\

*Le nom du rapport correspond au moment de sa création : date_heure.log

2/

Attention, avant de commencer, lit attentivement la procédure

/!\ Ne pas utiliser ce logiciel en dehors du cadre de cette désinfection : DANGEUREUX /!\

? Fais un clic droit sur ce lien, enregistre le dans ton bureau

Voici Aide combofix

? /!\ Déconnecte-toi du net et ARRÊTE TES LOGICIELS DE PROTECTION /!\


? Double-clique sur ComboFix.exe (ou exécuter en tant qu'administrateur pour vista et seven)

Un "pop-up" va apparaître qui dit que ComboFix est utilisé à vos risques et avec aucune garantie... Clique sur oui pour accepter

? ? SURTOUT INSTALLES LA CONSOLE DE RECUPERATION
(si il te propose de l'installer remets internet)

? Mets-le en langue française F

? Tape sur la touche 1 (Yes) pour démarrer le scan.

? Ne touche à rien(souris, clavier) tant que le scan n'est pas terminé, car tu risques de planter ton PC

?En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

? Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

? ? /!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

? Note : Le rapport se trouve également là : C:\ComboFix.txt

Membre, Contributeur

H.F. : Fish66
0
Réponse 13 / 39
karlo1988 Messages postés 29 Statut Membre
 
ComboFix 11-04-26.05 - Antares 27/04/2011 16:47:29.1.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.383.189 [GMT 2:00]
Lancé depuis: c:\documents and settings\Antares\Bureau\ComboFix.exe
AV: G Data AntiVirus 2011 *Disabled/Updated* {71310606-6F3B-49F2-9A81-8315AA75FBB3}
FW: ActiveArmor Firewall *Disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Antares\Application Data\facemoods.com
c:\program files\facemoods.com
c:\windows\struct~.ini
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-03-27 au 2011-04-27 ))))))))))))))))))))))))))))))))))))
.
.
2011-04-27 11:27 . 2011-04-27 11:27 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-27 11:25 . 2011-04-27 11:25 -------- d-----w- c:\program files\TVAnts
2011-04-27 11:25 . 2011-04-27 11:25 -------- d-----w- c:\program files\JRE
2011-04-27 11:24 . 2011-04-27 11:24 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-04-27 11:24 . 2011-04-27 11:24 -------- d-----w- c:\program files\Microsoft Sync Framework
2011-04-27 11:24 . 2011-04-27 11:24 -------- d-----w- c:\program files\Microsoft
2011-04-27 11:24 . 2011-04-27 11:24 -------- d-----w- c:\program files\Freemake
2011-04-27 11:24 . 2011-04-27 11:25 -------- d-----w- c:\program files\Analog Devices
2011-04-27 00:46 . 2011-04-27 00:46 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverBoost
2011-04-27 00:45 . 2011-04-27 00:45 -------- d-----w- c:\program files\DriverBoost
2011-04-27 00:26 . 2011-04-27 11:21 -------- d-----w- c:\program files\ma-config.com
2011-04-27 00:26 . 2011-04-27 11:21 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com
2011-04-26 23:23 . 2011-04-27 11:23 -------- d-----w- c:\program files\Windows Media Connect 2
2011-04-26 23:19 . 2011-04-27 11:23 -------- d-----w- c:\windows\system32\drivers\UMDF
2011-04-26 21:30 . 2010-04-16 21:12 48464 ----a-w- c:\windows\system32\sirenacm.dll
2011-04-26 20:47 . 2011-04-27 11:26 -------- d-----w- C:\RECYCLER(2)
2011-04-20 16:34 . 2011-04-20 16:34 -------- d-----w- c:\documents and settings\Antares\Application Data\Malwarebytes
2011-04-20 16:34 . 2010-11-29 15:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-20 16:34 . 2011-04-20 16:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-20 16:34 . 2010-11-29 15:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-20 16:34 . 2011-04-27 11:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-20 16:26 . 2011-04-27 11:26 -------- d-----w- c:\program files\Ad-Remover
2011-04-20 14:07 . 2011-04-20 14:07 512 ----a-w- C:\PhysicalDisk0_MBR.bin
2011-04-20 14:02 . 2011-04-27 11:26 -------- d-----w- c:\program files\ZHPDiag
2011-04-19 15:39 . 2011-04-19 15:39 -------- d-----w- c:\documents and settings\Antares\Local Settings\Application Data\G DATA
2011-04-19 14:12 . 2011-04-19 14:12 68976 ----a-w- c:\windows\system32\drivers\GRD.sys
2011-04-19 12:40 . 2011-04-19 12:40 51784 ----a-w- c:\windows\system32\drivers\GDTdiIcpt.sys
2011-04-19 12:40 . 2011-04-19 12:40 38600 ----a-w- c:\windows\system32\drivers\HookCentre.sys
2011-04-19 12:40 . 2010-03-25 14:37 137288 ----a-w- c:\program files\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}\Components\avkwebfilterff.dll
2011-04-19 12:40 . 2011-04-19 12:40 61512 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2011-04-19 12:40 . 2011-04-19 12:40 33480 ----a-w- c:\windows\system32\drivers\GDBehave.sys
2011-04-19 12:39 . 2011-04-27 12:45 -------- d-----w- c:\documents and settings\All Users\Application Data\G DATA
2011-04-19 12:39 . 2011-04-19 12:39 -------- d-----w- c:\program files\Fichiers communs\G Data
2011-04-19 12:39 . 2011-04-19 12:39 -------- d-----w- c:\program files\G Data
2011-04-19 12:37 . 2011-04-19 12:37 -------- d-----w- c:\documents and settings\Antares\Local Settings\Application Data\Downloaded Installations
2011-04-18 17:15 . 2011-04-18 17:16 -------- d-----w- c:\program files\Fichiers communs\Adobe
2011-04-18 15:00 . 2011-04-18 15:00 -------- d-----w- c:\documents and settings\Antares\Application Data\widestream
2011-04-18 14:58 . 2011-04-19 13:32 -------- d-----w- c:\documents and settings\Antares\Local Settings\Application Data\widestream6 Air
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-28 14:31 . 2010-12-22 14:49 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-02-22 11:42 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
.
.
------- Sigcheck -------
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\f96addb4e216f2399cbadef9606eabb2\sp3qfe\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\f96addb4e216f2399cbadef9606eabb2\sp3gdr\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{4daac69c-cba7-45e2-9bc8-1044483d3352}"= "c:\program files\Softonic_France\tbSoft.dll" [2010-10-18 3908192]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2010-06-13 138552]
"{a3d9f146-03da-4695-878c-81ef970f2f96}"= "c:\program files\SearchingBar\prxtbSear.dll" [2011-01-03 175400]
.
[HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_CLASSES_ROOT\clsid\{a3d9f146-03da-4695-878c-81ef970f2f96}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4daac69c-cba7-45e2-9bc8-1044483d3352}]
2010-10-18 11:26 3908192 ----a-w- c:\program files\Softonic_France\tbSoft.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}]
c:\program files\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll [BU]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a3d9f146-03da-4695-878c-81ef970f2f96}]
2011-01-03 09:16 175400 ----a-w- c:\program files\SearchingBar\prxtbSear.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2010-06-13 16:25 1438520 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4daac69c-cba7-45e2-9bc8-1044483d3352}"= "c:\program files\Softonic_France\tbSoft.dll" [2010-10-18 3908192]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-06-13 1438520]
"{a3d9f146-03da-4695-878c-81ef970f2f96}"= "c:\program files\SearchingBar\prxtbSear.dll" [2011-01-03 175400]
"{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}"= "c:\program files\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{a3d9f146-03da-4695-878c-81ef970f2f96}]
.
[HKEY_CLASSES_ROOT\clsid\{db4e9724-f518-4dfd-9c7c-78b52103cab9}]
[HKEY_CLASSES_ROOT\facemoods.dskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\facemoods.dskBnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4DAAC69C-CBA7-45E2-9BC8-1044483D3352}"= "c:\program files\Softonic_France\tbSoft.dll" [2010-10-18 3908192]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-06-13 1438520]
"{A3D9F146-03DA-4695-878C-81EF970F2F96}"= "c:\program files\SearchingBar\prxtbSear.dll" [2011-01-03 175400]
.
[HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{a3d9f146-03da-4695-878c-81ef970f2f96}]
.
c:\documents and settings\Antares\Menu D'marrer\Programmes\D'marrage\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Documents and Settings\\Antares\\Bureau\\eMule\\emule.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.patch.exe"=
"c:\\Program Files\\World of Warcraft\\Blizzard Downloader.exe"=
"c:\\Documents and Settings\\Antares\\Bureau\\multimedia\\logiciel\\flv_player_setup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\Antares\\Bureau\\multimedia\\eMule\\emule.exe"=
"c:\\Documents and Settings\\Antares\\Application Data\\bot.exe"=
"c:\\Documents and Settings\\Antares\\Local Settings\\Application Data\\Opera\\Opera\\temporary_downloads\\FreeLiveCam.exe"=
"c:\\Documents and Settings\\perso\\Application Data\\bot.exe"=
"c:\\DOCUME~1\\Antares\\LOCALS~1\\Temp\\12976.exe"=
"c:\\Documents and Settings\\Antares\\Application Data\\FreeLiveCam.exe"=
"c:\\DOCUME~1\\perso\\LOCALS~1\\Temp\\50073.exe"=
"c:\\Documents and Settings\\perso\\Application Data\\FreeLiveCam.exe"=
"c:\\Documents and Settings\\perso\\Application Data\\WinDefender.exe"=
"c:\\DOCUME~1\\perso\\LOCALS~1\\Temp\\91712.exe"=
"c:\\Documents and Settings\\Antares\\Application Data\\WinDefender.exe"=
"c:\\DOCUME~1\\Antares\\LOCALS~1\\Temp\\91712.exe"=
"c:\\DOCUME~1\\perso\\LOCALS~1\\Temp\\3288.exe"=
"c:\\DOCUME~1\\Antares\\LOCALS~1\\Temp\\3288.exe"=
"c:\\Program Files\\FlashGet Network\\FlashGet 3\\FlashGet3.exe"=
"c:\\Program Files\\uusee\\UUSeePlayer.exe"=
"c:\\Program Files\\Fichiers communs\\uusee\\UUSeeMediaCenter.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\adslTV\\adsltv.exe"=
"c:\\Program Files\\adslTV\\VLC\\vlc.exe"=
"c:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
"c:\\Documents and Settings\\Antares\\Mes documents\\Downloads\\ibario_fmds.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"15751:TCP"= 15751:TCP:NortonAV
"18263:TCP"= 18263:TCP:NortonAV
"17865:TCP"= 17865:TCP:NortonAV
.
R0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [19/04/2011 14:40 33480]
R1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [19/04/2011 14:40 61512]
R1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [19/04/2011 16:12 68976]
R2 AVKProxy;G Data AntiVirus Proxy;c:\program files\Fichiers communs\G Data\AVKProxy\AVKProxy.exe [16/04/2010 13:10 1070664]
R2 AVKService;Planificateur G Data;c:\program files\G Data\AntiVirus\AVK\AVKService.exe [16/04/2010 13:10 410696]
R2 AVKWCtl;G Data Gardien;c:\program files\G Data\AntiVirus\AVK\AVKWCtl.exe [15/03/2010 11:24 1279816]
R2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [19/04/2011 14:40 51784]
R3 GDScan;G Data Scanner;c:\program files\Fichiers communs\G Data\GDScan\GDScan.exe [22/04/2010 13:59 339016]
R3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [19/04/2011 14:40 38600]
S2 Application Updater;Application Updater;"c:\program files\Application Updater\ApplicationUpdater.exe" --> c:\program files\Application Updater\ApplicationUpdater.exe [?]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
.
.
------- Examen supplémentaire -------
.
mSearchAssistant = hxxp://start.facemoods.com/?a=ppcb&s={searchTerms}&f=4
IE: ????3?? - c:\documents and settings\Antares\Application Data\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\documents and settings\Antares\Application Data\FlashGetBHO\GetAllUrl.htm
IE: {{90EAE591-7E7E-434a-8E28-ECFD00071806} - c:\program files\PokerStars.FR\PokerStarsUpdate.exe
FF - ProfilePath - c:\documents and settings\Antares\Application Data\Mozilla\Firefox\Profiles\i4ka76pl.default\
.
- - - - ORPHELINS SUPPRIMES - - - -
.
BHO-{1a6dc111-b030-4c3e-be65-299284128b91} - c:\program files\Widestream6\spointer\extensions\widestream6_air_ie.dll
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\ConduitEngine.dll
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\ConduitEngine.dll
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\ConduitEngine.dll
HKLM_ActiveSetup-{4CCE6F49-FEA2-ABA5-AEDC-EE5FAAB5C9DA} - c:\documents and settings\Antares\Application Data\bot.exe
HKLM_ActiveSetup-{BECCDDFE-C5FE-1CE5-DD3C-B705CDCD8B2B} - c:\documents and settings\perso\Application Data\FreeLiveCam.exe
HKLM_ActiveSetup-{F1C3BADA-F502-FCF4-DC21-AFF87DD7AB6D} - c:\documents and settings\Antares\Application Data\WinDefender.exe
HKLM_ActiveSetup-{FAC9BFFD-E3B1-ABBB-DD0B-BC3BC2F617E8} - c:\documents and settings\Antares\Application Data\WinDefender.exe
HKCU_ActiveSetup-{4CCE6F49-FEA2-ABA5-AEDC-EE5FAAB5C9DA} - c:\documents and settings\Antares\Application Data\bot.exe
HKCU_ActiveSetup-{BECCDDFE-C5FE-1CE5-DD3C-B705CDCD8B2B} - c:\documents and settings\Antares\Application Data\FreeLiveCam.exe
HKCU_ActiveSetup-{F1C3BADA-F502-FCF4-DC21-AFF87DD7AB6D} - c:\documents and settings\Antares\Application Data\WinDefender.exe
HKCU_ActiveSetup-{FAC9BFFD-E3B1-ABBB-DD0B-BC3BC2F617E8} - c:\documents and settings\Antares\Application Data\WinDefender.exe
AddRemove-conduitEngine - c:\progra~1\CONDUI~1\ConduitEngineUninstall.exe
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.3\uninstall.exe
AddRemove-OfferBox - c:\program files\OfferBox\uninst.exe
AddRemove-OfferBox Browser - c:\program files\OfferBox\uninst.exe
AddRemove-Radio_Fr - c:\program files\Radio Fr Solo\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-27 17:01
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
msnmsgr = ~"c:\program files\Windows Live\Messenger\msnmsgr.exe" /background?
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Data]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Networking]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET Data Provider for Oracle]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET Data Provider for SqlServer]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NETFramework]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Abiosdsk]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\abp480n5]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPI]
"ImagePath"="system32\DRIVERS\ACPI.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPIEC]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ADIHdAudAddService]
"ImagePath"="system32\drivers\ADIHdAud.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\adpu160m]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AEAudioService]
"ImagePath"="system32\drivers\AEAudio.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aec]
"ImagePath"="system32\drivers\aec.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AFD]
"ImagePath"="\SystemRoot\System32\drivers\afd.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Aha154x]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78u2]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78xx]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Alerter]
"ServiceDll"="%SystemRoot%\system32\alrsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALG]
"ImagePath"="%SystemRoot%\System32\alg.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AliIde]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\amsint]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Application Updater]
"ImagePath"="\"c:\program files\Application Updater\ApplicationUpdater.exe\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3350p]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3550]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET_2.0.50727]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aspnet_state]
"ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AsyncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\atapi]
"ImagePath"="system32\DRIVERS\atapi.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atdisk]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atmarpc]
"ImagePath"="system32\DRIVERS\atmarpc.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AudioSrv]
"ServiceDll"="%SystemRoot%\System32\audiosrv.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\audstub]
"ImagePath"="system32\DRIVERS\audstub.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AVKProxy]
"ImagePath"="\"c:\program files\Fichiers communs\G Data\AVKProxy\AVKProxy.exe\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AVKService]
"ImagePath"="c:\program files\G Data\AntiVirus\AVK\AVKService.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AVKWCtl]
"ImagePath"="c:\program files\G Data\AntiVirus\AVK\AVKWCtl.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BattC]
"MofImagePath"="System32\Drivers\battc.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Beep]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BITS]
"ServiceDll"="%systemroot%\system32\qmgr.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme]
"ImagePath"="\??\c:\docume~1\Antares\LOCALS~1\Temp\catchme.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cbidf2k]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cd20xrnt]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdaudio]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdfs]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdrom]
"ImagePath"="system32\DRIVERS\cdrom.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Changer]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CiSvc]
"ImagePath"="%SystemRoot%\system32\cisvc.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ClipSrv]
"ImagePath"="%SystemRoot%\system32\clipsrv.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\clr_optimization_v2.0.50727_32]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CmdIde]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\COMSysApp]
"ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentFilter]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentIndex]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cpqarray]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CryptSvc]
"ServiceDll"="%SystemRoot%\System32\cryptsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac2w2k]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac960nt]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dhcp]
"ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Disk]
"ImagePath"="system32\DRIVERS\disk.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmadmin]
"ImagePath"="%SystemRoot%\System32\dmadmin.exe /com"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmboot]
"ImagePath"="System32\drivers\dmboot.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmio]
"ImagePath"="System32\drivers\dmio.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmload]
"ImagePath"="System32\drivers\dmload.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmserver]
"ServiceDll"="%SystemRoot%\System32\dmserver.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DMusic]
"ImagePath"="system32\drivers\DMusic.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dot3svc]
"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dpti2o]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EapHost]
"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ERSvc]
"ServiceDll"="%SystemRoot%\System32\ersvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\esgiguard]
"ImagePath"="\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Eventlog]
"ImagePath"="%SystemRoot%\system32\services.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem]
"ServiceDll"="c:\windows\system32\es.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]
"ImagePath"="system32\DRIVERS\fdc.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]
"ImagePath"="system32\DRIVERS\flpydisk.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr]
"ImagePath"="system32\DRIVERS\fltMgr.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FontCache3.0.0.0]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ForcewareWebInterface]
"ImagePath"="\"c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe\" -k runservice"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk]
"ImagePath"="system32\DRIVERS\ftdisk.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GDBehave]
"ImagePath"="system32\drivers\GDBehave.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GDMnIcpt]
"ImagePath"="\??\c:\windows\system32\drivers\MiniIcpt.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GDScan]
"ImagePath"="\"c:\program files\Fichiers communs\G Data\GDScan\GDScan.exe\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GDTdiInterceptor]
"ImagePath"="\??\c:\windows\system32\drivers\GDTdiIcpt.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc]
"ImagePath"="system32\DRIVERS\msgpc.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GRD]
"ImagePath"="\??\c:\windows\system32\drivers\GRD.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HDAudBus]
"ImagePath"="system32\DRIVERS\HDAudBus.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc]
"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hidusb]
"ImagePath"="system32\DRIVERS\hidusb.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hkmsvc]
"ServiceDll"="%SystemRoot%\System32\kmsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HookCentre]
"ImagePath"="\??\c:\windows\system32\drivers\HookCentre.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP]
"ImagePath"="System32\Drivers\HTTP.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\idsvc]
"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi]
"ImagePath"="system32\DRIVERS\imapi.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService]
"ImagePath"="%systemroot%\system32\imapi.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ip6Fw]
"ImagePath"="system32\DRIVERS\Ip6Fw.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat]
"ImagePath"="system32\DRIVERS\ipnat.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec]
"ImagePath"="system32\DRIVERS\ipsec.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM]
"ImagePath"="system32\DRIVERS\irenum.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp]
"ImagePath"="system32\DRIVERS\isapnp.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\JavaQuickStarterService]
"ImagePath"="\"c:\program files\Java\jre6\bin\jqs.exe\" -service -config \"c:\program files\Java\jre6\lib\deploy\jqs\jqs.conf\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kbdhid]
"ImagePath"="system32\DRIVERS\kbdhid.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer]
"ImagePath"="system32\drivers\kmixer.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LanmanServer]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc]
"ImagePath"="c:\windows\system32\mnmsrvc.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV]
"ImagePath"="system32\DRIVERS\mrxdav.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC]
"ImagePath"="c:\windows\system32\msdtc.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC Bridge 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\napagent]
"ServiceDll"="%SystemRoot%\System32\qagentrt.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT]
"ImagePath"="system32\DRIVERS\netbt.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE]
"ImagePath"="%SystemRoot%\system32\netdde.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm]
"ImagePath"="%SystemRoot%\system32\netdde.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetTcpPortSharing]
"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla]
"ServiceDll"="%SystemRoot%\System32\mswsock.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nSvcIp]
"ImagePath"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nSvcLog]
"ImagePath"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc]
"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nv]
"ImagePath"="system32\DRIVERS\nv4_mini.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NVENETFD]
"ImagePath"="system32\DRIVERS\NVENETFD.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nvnetbus]
"ImagePath"="system32\DRIVERS\nvnetbus.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NVSvc]
"ImagePath"="%SystemRoot%\system32\nvsvc32.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport]
"ImagePath"="system32\DRIVERS\parport.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI]
"ImagePath"="system32\DRIVERS\pci.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde]
"ImagePath"="system32\DRIVERS\pciide.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Processor]
"ImagePath"="system32\DRIVERS\processr.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched]
"ImagePath"="system32\DRIVERS\psched.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink]
"ImagePath"="system32\DRIVERS\ptilink.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd]
"ImagePath"="system32\DRIVERS\rasacd.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti]
"ImagePath"="system32\DRIVERS\raspti.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr]
"ImagePath"="c:\windows\system32\sessmgr.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook]
"ImagePath"="system32\DRIVERS\redbook.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs]
"ServiceDll"="%SystemRoot%\System32\rpcss.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP]
"ImagePath"="%SystemRoot%\system32\rsvp.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rtl8139]
"ImagePath"="system32\DRIVERS\RTL8139.SYS"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SeaPort]
"ImagePath"="\"c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv]
"ImagePath"="system32\DRIVERS\secdrv.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SenFiltService]
"ImagePath"="system32\drivers\Senfilt.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\serenum]
"ImagePath"="system32\DRIVERS\serenum.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial]
"ImagePath"="system32\DRIVERS\serial.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelOperation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelService 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMSvcHost 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter]
"ImagePath"="system32\drivers\splitter.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr]
"ImagePath"="system32\DRIVERS\sr.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice]
"ServiceDll"="%SystemRoot%\system32\srsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv]
"ImagePath"="system32\DRIVERS\srv.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc]
"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi]
"ImagePath"="system32\drivers\swmidi.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{37A0B2F2-1D58-49D6-B08C-292565465A6E}"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio]
"ImagePath"="system32\drivers\sysaudio.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog]
"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip]
"ImagePath"="system32\DRIVERS\tcpip.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TlntSvr]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks]
"ServiceDll"="%SystemRoot%\system32\trkwks.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update]
"ImagePath"="system32\DRIVERS\update.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbohci]
"ImagePath"="system32\DRIVERS\usbohci.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbstor]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ViaIde]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VolSnap]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSS]
"ImagePath"="%SystemRoot%\System32\vssvc.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W3SVC]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WDICA]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wdmaud]
"ImagePath"="system32\drivers\wdmaud.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinTrust]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSN]
"ServiceDll"="c:\windows\system32\mspmsnsv.dll"
0
Réponse 14 / 39
Utilisateur anonyme
 
Salut,

Il manque Rapport OTM : 1/ clique ici

Membre, Contributeur

H.F. : Fish66
0
Réponse 15 / 39
karlo1988 Messages postés 29 Statut Membre
 
salut marmars le rapport otm fait planter mon pc jai esssayer 2 fois de suite et sa plante ........... une autre solutioin ??
0
Réponse 16 / 39
karlo1988 Messages postés 29 Statut Membre
 
All processes killed
========== REGISTRY ==========
Registry key HKEY_CLASSES_ROOT\CLSID\{286e500c-ef0a-4aa3-a94d-e495f653ef4b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{286e500c-ef0a-4aa3-a94d-e495f653ef4b}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{319260ab-be0c-4025-8569-7a27ed2faab9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{319260ab-be0c-4025-8569-7a27ed2faab9}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{9809a6b4-70b1-4bb2-b3b5-b415763a534e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9809a6b4-70b1-4bb2-b3b5-b415763a534e}\ not found.
Registry key HKEY_CLASSES_ROOT\Interface\{32c97a37-e2b8-4097-9330-5f3e1125e181}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32c97a37-e2b8-4097-9330-5f3e1125e181}\ not found.
Registry key HKEY_CLASSES_ROOT\Interface\{b0c3de1b-e3ff-4dd0-9229-f452cf9c678e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0c3de1b-e3ff-4dd0-9229-f452cf9c678e}\ not found.
Registry key HKEY_CLASSES_ROOT\TypeLib\{bce2e826-d0f5-41c8-97be-28a6f540ceeb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bce2e826-d0f5-41c8-97be-28a6f540ceeb}\ not found.
Registry key HKEY_CLASSES_ROOT\Interface\{d2d94732-a74d-433c-98f7-9ed740e82ae9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2d94732-a74d-433c-98f7-9ed740e82ae9}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{d5178f77-c5e6-4e8f-9787-48b5d7eccce8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d5178f77-c5e6-4e8f-9787-48b5d7eccce8}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Antares
->Temp folder emptied: 3663 bytes
->Temporary Internet Files folder emptied: 33264 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 3682704 bytes
->Opera cache emptied: 16936932 bytes
->Flash cache emptied: 62166 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes

User: Documents and Settings

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: perso
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->Opera cache emptied: 14493769 bytes
->Flash cache emptied: 1085 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3442202 bytes
%systemroot%\System32 .tmp files removed: 2833408 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 40,00 mb

OTM by OldTimer - Version 3.1.17.2 log created on 04272011_190441

Files moved on Reboot...

Registry entries deleted on Reboot...
0
Réponse 17 / 39
Utilisateur anonyme
 
Merci beaucoup VIRUS-CC

Désolé pour le script !

Comment va ton PC ?
Membre, Contributeur

H.F. : Fish66
0
Réponse 18 / 39
karlo1988 Messages postés 29 Statut Membre
 
deja beaucoup mieux il ne rame plus .. juste un peu au demarrage
0
Réponse 19 / 39
Utilisateur anonyme
 
Re

Pas de souçis

juste repassant à nouveau sur le sujet >> ceci j'avais zappé 2 lignes

*Relances OTM

* Double clic "OTMoveIt3.exe"
* Utilisateurs Windows Vista / 7 Clic droit sur "OTMoveIt3.exe" choisis "exécuter en tant qu'administrateur" afin de le lancer.

- Copie (Ctrl+C) le texte suivant en gras ci-dessous :

:Reg

[-HKEY_CLASSES_ROOT\Interface\{21447c90-6ec1-4fc1-9379-bd515008aedb}]
[-HKEY_CLASSES_ROOT\Interface\{dfd5d79b-ef2f-4a51-9821-5b469f05262e}]

:commands
[emptytemp]
[Reboot]


- Colle (Ctrl+V) le texte précédemment copié dans le cadre: Paste Instructions for Items to be Moved.
- Clique maintenant sur le bouton MoveIt!
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
- Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

Bonne continuation à vous


Contributeur sécurité CCM
0
karlo1988 Messages postés 29 Statut Membre
 
All processes killed
========== REGISTRY ==========
Registry key HKEY_CLASSES_ROOT\Interface\{21447c90-6ec1-4fc1-9379-bd515008aedb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21447c90-6ec1-4fc1-9379-bd515008aedb}\ not found.
Registry key HKEY_CLASSES_ROOT\Interface\{dfd5d79b-ef2f-4a51-9821-5b469f05262e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dfd5d79b-ef2f-4a51-9821-5b469f05262e}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Antares
->Temp folder emptied: 1217 bytes
->Temporary Internet Files folder emptied: 33264 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Opera cache emptied: 2591751 bytes
->Flash cache emptied: 456 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Documents and Settings

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: perso
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 3,00 mb


OTM by OldTimer - Version 3.1.17.2 log created on 04272011_213905

Files moved on Reboot...

Registry entries deleted on Reboot...
0
Réponse 20 / 39
Utilisateur anonyme
 
Re,

stp prépare un nouveau rapport, pour cela:

*Lance ZHPDiag depuis ton bureau, clique sur l'onglet vert juste en haut à droite (Flèche) pour faire la mise à jour.
* Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)
* Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
* Héberge le rapport ZHPDiag.txt sur un des sites ci dessous, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum :
http://pjjoint.malekal.com/

Si indisponible:
http://www.cijoint.fr/

0

Discussions similaires

Livebox 4 Réseau Orange non détecté
Azfun -
brupala -

10 réponses
Supprimer compte Tendermeets.com
anonyme -
anonyme -

1 réponse