Analyse d'un rapport sur Gomeo

Gascf Messages postés 8 Date d'inscription   Statut Membre Dernière intervention   -  
 g3n-h@ckm@n -
Bonjour,
pourriez-vous analyser ce rapport Ad-remover ? Je pense être touché par Gomeo !
Je le poste en plusieurs parties il est trop long :
======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (SCAN [3]) -> Lancé à 14:36:32 le 07/07/2011, Mode sans echec

Microsoft Windows XP Professionnel Service Pack 3 (X86)
USER@USER-04304373 ( )

============== RECHERCHE ==============

Fichier trouvé: C:\Program Files\Mozilla FireFox\Components\AskHPRFF.js
Fichier trouvé: C:\WINDOWS\system32\ConduitEngine.tmp
Fichier trouvé: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Dossier trouvé: C:\Documents and Settings\USER\Application Data\Mozilla\FireFox\Profiles\utcbgeu0.default\extensions\toolbar@ask.com
Fichier trouvé: C:\Documents and Settings\USER\Application Data\Mozilla\FireFox\Profiles\utcbgeu0.default\searchplugins\askcom.xml
Dossier trouvé: C:\Program Files\Ask.com
Dossier trouvé: C:\Documents and Settings\USER\Local Settings\Application Data\AskToolbar
Dossier trouvé: C:\Documents and Settings\USER\Local Settings\Application Data\Conduit
Dossier trouvé: C:\Program Files\Conduit
Dossier trouvé: C:\Documents and Settings\USER\Local Settings\Application Data\ConduitEngine
Dossier trouvé: C:\Program Files\ConduitEngine
Dossier trouvé: C:\Documents and Settings\USER\Application Data\OpenCandy
Dossier trouvé: C:\Documents and Settings\USER\Local Settings\Application Data\OpenCandy
Dossier trouvé: C:\Documents and Settings\USER\Application Data\PriceGong

-- Fichier ouvert: C:\Documents and Settings\USER\Application Data\Mozilla\FireFox\Profiles\utcbgeu0.default\Prefs.js --
Ligne trouvée: user_pref("browser.search.defaultengine", "Ask.com");
Ligne trouvée: user_pref("browser.search.defaultenginename", "Ask.com");
Ligne trouvée: user_pref("browser.search.order.1", "Ask.com");
Ligne trouvée: user_pref("browser.search.selectedEngine", "Ask.com");
Ligne trouvée: user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
Ligne trouvée: user_pref("extensions.asktb.abar-war-timeout", "4000");
Ligne trouvée: user_pref("extensions.asktb.cbid", "NL");
Ligne trouvée: user_pref("extensions.asktb.config-updated", false);
Ligne trouvée: user_pref("extensions.asktb.default-channel-url-mask", "hxxp://fr.ask.com/web?q={query}&qsrc={qsrc}&...
Ligne trouvée: user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", true);
Ligne trouvée: user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://redirecterror.sfr.fr/?q=");
Ligne trouvée: user_pref("extensions.asktb.first-restart-after-config-update", true);
Ligne trouvée: user_pref("extensions.asktb.fresh-install", false);
Ligne trouvée: user_pref("extensions.asktb.guid", "2F05BFE1-903F-49B5-86EE-BE62BED06718");
Ligne trouvée: user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com...
Ligne trouvée: user_pref("extensions.asktb.if", "su");
Ligne trouvée: user_pref("extensions.asktb.l", "dis");
Ligne trouvée: user_pref("extensions.asktb.last-config-req", "1306336978816");
Ligne trouvée: user_pref("extensions.asktb.last-v", "3.11.3.100005");
Ligne trouvée: user_pref("extensions.asktb.locale", "en_FR");
Ligne trouvée: user_pref("extensions.asktb.o", "14300");
Ligne trouvée: user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Ligne trouvée: user_pref("extensions.asktb.qsrc", "2871");
Ligne trouvée: user_pref("extensions.asktb.r", "6");
Ligne trouvée: user_pref("extensions.asktb.sa", "YES");
Ligne trouvée: user_pref("extensions.asktb.saguid", "AEF3DA6C-5F6B-477A-9AB2-49B8EE5EB649");
Ligne trouvée: user_pref("extensions.asktb.search-suggestions-enabled", false);
Ligne trouvée: user_pref("extensions.asktb.silent-upgrade", true);
Ligne trouvée: user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", true);
Ligne trouvée: user_pref("extensions.asktb.socialmini-first", true);
Ligne trouvée: user_pref("extensions.asktb.socialmini-interval", "1200000");
Ligne trouvée: user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Ligne trouvée: user_pref("extensions.asktb.socialmini-max-items", "30");
Ligne trouvée: user_pref("extensions.asktb.socialmini-native-on", true);
Ligne trouvée: user_pref("extensions.asktb.socialmini-speed", "5000");
Ligne trouvée: user_pref("extensions.asktb.socialmini-transition-first-open", false);
Ligne trouvée: user_pref("extensions.asktb.themeid", "");
Ligne trouvée: user_pref("extensions.asktb.v", "3.11.3.100005");
Ligne trouvée: user_pref("extensions.asktb.version", "5.11.3.15590");
Ligne trouvée: user_pref("extensions.enabledItems", "toolbar@ask.com:3.11.3.100005,autofillForms@blueimp.net:0.9.5....
Ligne trouvée: user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=MYC&o=14300&locale=e...
-- Fichier Fermé --

Clé trouvée: HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Clé trouvée: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé trouvée: HKLM\Software\Classes\CLSID\{38EBA750-E1BE-420B-B13B-A7584E87CA9D}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{38EBA750-E1BE-420B-B13B-A7584E87CA9D}
Clé trouvée: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé trouvée: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Clé trouvée: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Clé trouvée: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Clé trouvée: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Clé trouvée: HKLM\Software\Classes\Conduit.Engine
Clé trouvée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd
Clé trouvée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1
Clé trouvée: HKLM\Software\Classes\Toolbar.CT2552113
Clé trouvée: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL
Clé trouvée: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Clé trouvée: HKLM\Software\AskToolbar
Clé trouvée: HKLM\Software\Conduit
Clé trouvée: HKLM\Software\conduitEngine
Clé trouvée: HKCU\Software\Ask.com
Clé trouvée: HKCU\Software\AskToolbar
Clé trouvée: HKCU\Software\Conduit
Clé trouvée: HKCU\Software\conduitEngine
Clé trouvée: HKCU\Software\PriceGong

26 réponses

  • 1
  • 2
Résumé de la discussion

Le fil porte sur l’analyse d’un rapport Ad-Remover 2.0.2 concernant une infection potentielle sous Windows XP/Vista/7 et la présence de composants indésirables tels que Ask Toolbar, Conduit, OpenCandy et PriceGong. Plusieurs réponses préconisent d’extraire les éléments en gras du rapport, puis d’utiliser un pré-script avant de lancer un pré_scan et d’enregistrer le résultat afin de démarrer le processus de nettoyage. Des conseils mentionnent aussi un nettoyage via Revo Uninstaller et une réinstallation, tandis que des logs indiquent l’exécution d’un outil TDSS rootkit removing tool notamment. En complément, le rapport liste des chemins et clés de registre liés à des outils publicitaires et extensions de navigateur qui pourraient rester actives après une suppression partielle.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. g3n-h@ckm@n
     
    salut

    Je pense être touché par Gomeo !

    <qu'est-ce qui te fait dire ca ?

    tu as des symptomes de Gomeo ?
    0
    1. Gascf Messages postés 8 Date d'inscription   Statut Membre Dernière intervention  
       
      Avant-hier j'étais tranquillement sur Mozilla quand il a planté et une fausse analyse anti-virus est apparue ! J'ai lancé en mode sans échec j'ai passé un coup de Malwarebytes' Anti-Malware et spybot jusqu'à ce qu'il n'y ait plus de trace de logiciels espions, la fausse analyse anti-virus a disparue mais depuis mon pc est hyper lent, il met des plombes à ouvrir des programmes ou documents (hier j'ai lancé un film il a mis 30mn à s'ouvrir !!!!) et une page goméo s'ouvre parfois avec des sites pornographiques.
      0
    2. Gascf Messages postés 8 Date d'inscription   Statut Membre Dernière intervention  
       
      j'ai oublié de préciser que c'est seulement au démarrage que les programmes s'ouvrent me laissant le temps d'ouvrir mozilla firefox, après ça rame et mon pc freeze m'obligeant à l'éteindre manuellement !
      0
    3. g3n-h@ckm@n
       
      j'ai repondu plus bas
      0
  2. Gascf Messages postés 8 Date d'inscription   Statut Membre Dernière intervention  
     
    Clé trouvée: HKCU\Software\AppDataLow\AskBarDis
    Clé trouvée: HKCU\Software\AppDataLow\AskToolbarInfo
    Clé trouvée: HKLM\Software\Canneverbe Limited\OpenCandy
    Clé trouvée: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
    Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
    Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
    Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{397EB64D-7EC7-4302-AD3B-D2FF92EA27FE}
    Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ConnectBar

    Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{00000000-6E41-4FD3-8538-502F5495E5FC}
    Valeur trouvée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}
    Valeur trouvée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}
    Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}
    0
    1. Gascf Messages postés 8 Date d'inscription   Statut Membre Dernière intervention  
       
      ============== SCAN ADDITIONNEL ==============

      **** Mozilla Firefox Version [3.6.18 (fr)] ****

      Plugins\np32asw.dll (Macromedia, Inc.)
      Components\AskHPRFF.js
      HKCU_Extensions|mozilla_cc@internetdownloadmanager.com - C:\Documents and Settings\USER\Application Data\IDM\idmmzcc3

      -- C:\Documents and Settings\USER\Application Data\Mozilla\FireFox\Profiles\utcbgeu0.default --
      Extensions\autofillForms@blueimp.net (Autofill Forms)
      Extensions\DeviceDetection@logitech.com (???????????? ?? ?????????? Logitech)
      Extensions\firebug@software.joehewitt.com (Firebug)
      Extensions\illimitux@illimitux.net (Illimitux)
      Extensions\real@debrid (Real-Debrid - Plugin)
      Extensions\toolbar@ask.com (Ask Toolbar)
      Searchplugins\askcom.xml (?)
      User.js - keyword.URL, hxxp://redirecterror.sfr.fr/?q=
      Prefs.js - browser.download.dir, C:
      Prefs.js - browser.download.lastDir, C:\\Program Files\\PhotoFiltre\\Masks
      Prefs.js - browser.search.defaultenginename, Ask.com
      Prefs.js - browser.search.selectedEngine, Ask.com
      Prefs.js - browser.startup.homepage, hxxp://www.mad-movies.com/forums/index.php
      Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.18
      Prefs.js - keyword.URL, hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=MYC&o=14300&locale=en_FR&apn_uid=2F05BFE1-903F-49B5-8...
      0
    2. Gascf Messages postés 8 Date d'inscription   Statut Membre Dernière intervention  
       
      ========================================

      **** Internet Explorer Version [8.0.6001.18241] ****

      HKCU_Main|Search bar - hxxp://g.msn.fr/0SEFRFR/SAOS02
      HKCU_Main|Search Page - hxxp://home.microsoft.com/access/allinone.asp
      HKCU_Main|Start Page - hxxp://www.club-internet.fr
      HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157
      HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
      HKLM_Main|Start Page - hxxp://go.microsoft.com/fwlink/?LinkId=69157
      HKCU_URLSearchHooks|{00000000-6E41-4FD3-8538-502F5495E5FC} - "UrlSearchHook Class" (C:\Program Files\Ask.com\GenericAskToolbar.dll)
      HKCU_URLSearchHooks|{f4ef4468-9bbb-45a1-a2ce-f0c430a9a7e5} - "setuprog Toolbar" (C:\Program Files\Setuprog\prxtbSet2.dll)
      HKCU_SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - "Ask Search" (hxxp://websearch.ask.com/redirect?client=ie&tb=MYC&o=14300&src=crm&q={searchTerm...)
      HKCU_SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} - "Setuprog Customized Web Search" (hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT...)
      HKCU_Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} (C:\Program Files\Ask.com\GenericAskToolbar.dll)
      HKCU_Toolbar\WebBrowser|{F4EF4468-9BBB-45A1-A2CE-F0C430A9A7E5} (C:\Program Files\Setuprog\prxtbSet2.dll)
      HKLM_Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440} (C:\Program Files\Ask.com\GenericAskToolbar.dll)
      HKLM_Toolbar|{f4ef4468-9bbb-45a1-a2ce-f0c430a9a7e5} (C:\Program Files\Setuprog\prxtbSet2.dll)
      HKLM_Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D} (C:\Program Files\ConduitEngine\prxConduitEngine.dll)
      HKCU_ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} - C:\Program Files\Internet Download Manager\IEMonitor.exe (Tonec Inc.)
      HKCU_ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} - C:\Program Files\Ask.com\SaUpdate.exe (?)
      HKCU_ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} - C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
      HKLM_ElevationPolicy\43a1a2d6-4638-4966-a2f6-d82ec77cdeae - C:\Program Files\Setuprog\SetuprogToolbarHelper.exe (?)
      HKLM_ElevationPolicy\43c3da07-f7d8-4534-8168-0d4f55c91b8c - C:\Program Files\Setuprog\SetuprogToolbarHelper.exe (?)
      HKLM_ElevationPolicy\9faf1b00-f5a3-49e3-bd41-00624dc7272a - C:\Program Files\Setuprog\SetuprogToolbarHelper.exe (?)
      HKLM_ElevationPolicy\{0D85C1D7-8FAA-4BFB-8370-839372BB7CFC} - C:\Program Files\Setuprog\SetuprogToolbarHelper.exe (?)
      HKLM_ElevationPolicy\{397EB64D-7EC7-4302-AD3B-D2FF92EA27FE} - C:\Program Files\ConduitEngine\ConduitEngineHelper.exe (?)
      HKLM_ElevationPolicy\{65F49CC0-4999-46ED-B796-6449E21BCAFB} - C:\Documents and Settings\USER\Local Settings\Application Data\Conduit\CT2552113\SetuprogAutoUpdaterHelper.exe (?)
      HKLM_ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} - C:\Program Files\Ask.com\SaUpdate.exe (?)
      HKLM_ElevationPolicy\{B2321D2F-1154-4d97-AD3E-2FE0BAE2897B} - C:\Program Files\SFR\Kit\9launch.exe (SFR)
      HKLM_ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} - C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
      HKCU_Extensions\{97ED3A9F-CD6F-473A-8FE1-7505C1B844C3} - "Billeo" (billeo.dll,219)
      HKLM_Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - "?" (?)
      HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
      BHO\{0055C089-8582-441B-A0BF-17B458C2A3A8} - "IDMIEHlprObj Class" (C:\Program Files\Internet Download Manager\IDMIECC.dll)
      BHO\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - "Objet d'aide à la navigation SFR" (C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll)
      BHO\{30F9B915-B755-4826-820B-08FBA6BD249D} - "Conduit Engine " (C:\Program Files\ConduitEngine\prxConduitEngine.dll)
      BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
      BHO\{D4027C7F-154A-4066-A1AD-4243D8127440} - "Ask Toolbar" (C:\Program Files\Ask.com\GenericAskToolbar.dll)
      BHO\{f4ef4468-9bbb-45a1-a2ce-f0c430a9a7e5} - "setuprog Toolbar" (C:\Program Files\Setuprog\prxtbSet2.dll)

      ========================================

      C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
      C:\Program Files\Ad-Remover\Backup: 3 Fichier(s)

      C:\Ad-Report-SCAN[1].txt - 06/07/2011 23:46:20 (14442 Octet(s))
      C:\Ad-Report-SCAN[2].txt - 07/07/2011 14:24:18 (8840 Octet(s))
      C:\Ad-Report-SCAN[3].txt - 07/07/2011 14:36:36 (4957 Octet(s))

      Fin à: 14:37:20, 07/07/2011

      ============== E.O.F ==============
      0
  3. g3n-h@ckm@n
     
    ok déjà on en sait plus

    fournis le rapport de malwarebytes relatant ces suppressions stp
    0
    1. Gascf Messages postés 8 Date d'inscription   Statut Membre Dernière intervention  
       
      Malwarebytes' Anti-Malware 1.51.0.1200
      www.malwarebytes.org

      Version de la base de données: 7026

      Windows 5.1.2600 Service Pack 3 (Safe Mode)
      Internet Explorer 8.0.6001.18241

      05/07/2011 13:58:56
      mbam-log-2011-07-05 (13-58-56).txt

      Type d'examen: Examen rapide
      Elément(s) analysé(s): 176967
      Temps écoulé: 4 minute(s), 31 seconde(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 31
      Valeur(s) du Registre infectée(s): 5
      Elément(s) de données du Registre infecté(s): 3
      Dossier(s) infecté(s): 2
      Fichier(s) infecté(s): 43

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      HKEY_CLASSES_ROOT\CLSID\{482828E9-CA1F-4B44-933C-CBAFC9C717A6} (Adware.Agent) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\chkabqruhst.chkabqruhst.1.0 (Adware.Agent) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\chkabqruhst.chkabqruhst (Adware.Agent) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{B68FB058-0F43-4968-AE5C-9535CF093A1E} (Adware.Agent) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\adfabqrupr.adfabqrupr.1.0 (Adware.Agent) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\adfabqrupr.adfabqrupr (Adware.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B68FB058-0F43-4968-AE5C-9535CF093A1E} (Adware.Agent) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B68FB058-0F43-4968-AE5C-9535CF093A1E} (Adware.Agent) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B68FB058-0F43-4968-AE5C-9535CF093A1E} (Adware.Agent) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{EDED98F6-E873-4E89-9C3F-0211FD6EE281} (Adware.Agent) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\brumabqrugrm.brumabqrugrm.1.0 (Adware.Agent) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\brumabqrugrm.brumabqrugrm (Adware.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EDED98F6-E873-4E89-9C3F-0211FD6EE281} (Adware.Agent) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EDED98F6-E873-4E89-9C3F-0211FD6EE281} (Adware.Agent) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EDED98F6-E873-4E89-9C3F-0211FD6EE281} (Adware.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Context\Context-Ads (Adware.AdRotator) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Context\Context-Ads (Adware.AdRotator) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$XNTUninstall643$ (Adware.Agent) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{27DAE335-5892-4D9E-9210-9AE2717AFAAB} (Adware.AdRotator) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\adfamkcwpr.adfamkcwpr.1.0 (Adware.AdRotator) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\adfamkcwpr.adfamkcwpr (Adware.AdRotator) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{27DAE335-5892-4D9E-9210-9AE2717AFAAB} (Adware.AdRotator) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{20F08D1D-10F1-4EEB-BF27-ABC45E7E761D} (Adware.AdRotator) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\brumamkcwgrm.brumamkcwgrm.1.0 (Adware.AdRotator) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\brumamkcwgrm.brumamkcwgrm (Adware.AdRotator) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{20F08D1D-10F1-4EEB-BF27-ABC45E7E761D} (Adware.AdRotator) -> Quarantined and deleted successfully.

      Valeur(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bipro (Adware.Agent) -> Value: bipro -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\FXWD6M2DFK (Trojan.FraudPack.Gen) -> Value: FXWD6M2DFK -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3982179394 (Trojan.FakeAlert.VGen) -> Value: 3982179394 -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SQ4DY0FH7F (Trojan.FraudPack.Gen) -> Value: SQ4DY0FH7F -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tplsub700jk.exe (Trojan.FakeAlert) -> Value: tplsub700jk.exe -> Quarantined and deleted successfully.

      Elément(s) de données du Registre infecté(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\USER\Local Settings\Application Data\xqs.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\USER\Local Settings\Application Data\xqs.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\USER\Local Settings\Application Data\xqs.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

      Dossier(s) infecté(s):
      c:\documents and settings\USER\menu démarrer\programmes\antimalware doctor (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
      c:\WINDOWS\$xntuninstall643$ (Adware.AdRotator) -> Quarantined and deleted successfully.

      Fichier(s) infecté(s):
      c:\WINDOWS\$xntuninstall643$\cmsve.dll (Adware.Agent) -> Quarantined and deleted successfully.
      c:\WINDOWS\system32\sshnas21.dll (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
      c:\documents and settings\USER\local settings\application data\xqs.exe (Trojan.FakeAlert.VGen) -> Quarantined and deleted successfully.
      c:\documents and settings\USER\local settings\Temp\Qc5.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
      c:\documents and settings\USER\application data\b825a590cf70de94729417e07be7de6a\tplsub700jk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      c:\WINDOWS\$xntuninstall643$\teavv.dll (Adware.Agent) -> Quarantined and deleted successfully.
      c:\documents and settings\USER\local settings\Temp\Qc0.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
      c:\documents and settings\USER\local settings\Temp\Qc1.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
      c:\documents and settings\USER\local settings\Temp\Qc2.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
      c:\documents and settings\USER\local settings\Temp\Qc3.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
      c:\documents and settings\USER\local settings\Temp\Qc4.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
      c:\documents and settings\USER\local settings\Temp\Qc6.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
      c:\documents and settings\USER\local settings\Temp\Qc7.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
      c:\documents and settings\USER\local settings\Temp\Qc8.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
      c:\documents and settings\USER\local settings\Temp\Qc9.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
      c:\documents and settings\USER\local settings\Temp\Qcz.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
      c:\documents and settings\USER\local settings\Temp\Qda.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
      c:\documents and settings\USER\local settings\Temp\Qdb.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
      c:\documents and settings\USER\local settings\Temp\Qdc.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
      c:\documents and settings\USER\local settings\Temp\Qdd.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
      c:\documents and settings\USER\local settings\Temp\Qde.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
      c:\documents and settings\USER\local settings\Temp\seomnarxcw.tmp (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
      c:\documents and settings\USER\local settings\Temp\sshnas21.dll (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
      c:\documents and settings\USER\local settings\Temp\xcnsormeaw.tmp (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
      c:\WINDOWS\Temp\ybywow\setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
      c:\documents and settings\USER\local settings\temporary internet files\Content.IE5\RFOXO71N\utrsid70[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      c:\WINDOWS\Qdulya.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
      c:\WINDOWS\Qdulyb.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
      c:\documents and settings\USER\application data\Adobe\plugs\kb5485328.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      c:\documents and settings\USER\application data\Adobe\plugs\kb5500187.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      c:\documents and settings\USER\application data\Adobe\plugs\kb5516609.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      c:\documents and settings\USER\Bureau\antimalware doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
      c:\documents and settings\USER\application data\microsoft\internet explorer\quick launch\antimalware doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
      c:\documents and settings\USER\menu démarrer\antimalware doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
      c:\documents and settings\USER\menu démarrer\programmes\démarrage\antimalware doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
      c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
      c:\WINDOWS\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.
      c:\documents and settings\USER\menu démarrer\programmes\antimalware doctor\antimalware doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
      c:\documents and settings\USER\menu démarrer\programmes\antimalware doctor\uninstall.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
      c:\WINDOWS\$xntuninstall643$\apuninstall.exe (Adware.AdRotator) -> Quarantined and deleted successfully.
      c:\WINDOWS\$xntuninstall643$\ppjxq.dll (Adware.AdRotator) -> Quarantined and deleted successfully.
      c:\WINDOWS\$xntuninstall643$\rhlqh.dll (Adware.AdRotator) -> Quarantined and deleted successfully.
      c:\WINDOWS\$xntuninstall643$\zrpt.xml (Adware.AdRotator) -> Quarantined and deleted successfully.
      0
    2. Gascf Messages postés 8 Date d'inscription   Statut Membre Dernière intervention  
       
      Et l'examen complet :
      Malwarebytes' Anti-Malware 1.50.1.1100
      www.malwarebytes.org

      Version de la base de données: 6221

      Windows 5.1.2600 Service Pack 3 (Safe Mode)
      Internet Explorer 8.0.6001.18241

      05/07/2011 13:35:29
      mbam-log-2011-07-05 (13-35-29).txt

      Type d'examen: Examen complet (C:\|)
      Elément(s) analysé(s): 244251
      Temps écoulé: 1 heure(s), 2 minute(s), 19 seconde(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 3
      Valeur(s) du Registre infectée(s): 1
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 2

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      HKEY_CLASSES_ROOT\CLSID\{41030BA5-B367-477E-A0FA-1A428E629481} (IPH.GenericBHO) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41030BA5-B367-477E-A0FA-1A428E629481} (IPH.GenericBHO) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{41030BA5-B367-477E-A0FA-1A428E629481} (IPH.GenericBHO) -> Quarantined and deleted successfully.

      Valeur(s) du Registre infectée(s):
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Dxicohiyi (IPH.Trojan.Hiloti.S) -> Value: Dxicohiyi -> Quarantined and deleted successfully.

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      c:\WINDOWS\system32\d3dcompiler_3.dll (IPH.GenericBHO) -> Quarantined and deleted successfully.
      c:\WINDOWS\scutapi.dll (IPH.Trojan.Hiloti.S) -> Quarantined and deleted successfully.
      0
  4. g3n-h@ckm@n
     
    ▶ Télécharge Reload_TDSSKiller

    ▶ Lance le

    choisis : lancer le nettoyage

    l'outil va automatiquement télécharger la derniere version puis

    TDSSKiller va s'ouvrir , clique sur "Start Scan"

    une fois qu'il a terminé , redemarre s'il te le demande pour finir de nettoyer

    sinon , ferme tdssKiller et le rapport s'affichera sur le bureau

    ▶ Copie/Colle son contenu dans ta prochaine réponse.
    0
    1. Gascf Messages postés 8 Date d'inscription   Statut Membre Dernière intervention  
       
      J'ai nettoyé et deux choses ont été détectés et nettoyés, par contre y'a aucun rapport qui s'est ouvert j'ai trouvé que ça !
      2011/07/07 15:08:37.0750 1024 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21
      2011/07/07 15:08:37.0984 1024 ================================================================================
      2011/07/07 15:08:37.0984 1024 SystemInfo:
      2011/07/07 15:08:37.0984 1024
      2011/07/07 15:08:37.0984 1024 OS Version: 5.1.2600 ServicePack: 3.0
      2011/07/07 15:08:37.0984 1024 Product type: Workstation
      2011/07/07 15:08:37.0984 1024 ComputerName: USER-04304373
      2011/07/07 15:08:37.0984 1024 UserName: USER
      2011/07/07 15:08:38.0000 1024 Windows directory: C:\WINDOWS
      2011/07/07 15:08:38.0000 1024 System windows directory: C:\WINDOWS
      2011/07/07 15:08:38.0000 1024 Processor architecture: Intel x86
      2011/07/07 15:08:38.0000 1024 Number of processors: 1
      2011/07/07 15:08:38.0000 1024 Page size: 0x1000
      2011/07/07 15:08:38.0000 1024 Boot type: Safe boot with network
      2011/07/07 15:08:38.0000 1024 ================================================================================
      2011/07/07 15:08:40.0203 1024 Initialize success
      2011/07/07 15:09:06.0609 1512 ================================================================================
      2011/07/07 15:09:06.0609 1512 Scan started
      2011/07/07 15:09:06.0609 1512 Mode: Manual;
      2011/07/07 15:09:06.0609 1512 ================================================================================
      2011/07/07 15:09:08.0515 1512 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
      2011/07/07 15:09:08.0578 1512 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys
      2011/07/07 15:09:08.0703 1512 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
      2011/07/07 15:09:08.0765 1512 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
      2011/07/07 15:09:09.0125 1512 ALCXWDM (dd8520280304b6145a6be31008748c7c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
      2011/07/07 15:09:09.0609 1512 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
      2011/07/07 15:09:09.0796 1512 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
      2011/07/07 15:09:09.0843 1512 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
      2011/07/07 15:09:09.0906 1512 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
      2011/07/07 15:09:09.0968 1512 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
      2011/07/07 15:09:10.0046 1512 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
      2011/07/07 15:09:10.0187 1512 BRGSp50 (ee0f41fa0466189a2c8b9caf7d1cddd5) C:\WINDOWS\system32\Drivers\BRGSp50.sys
      2011/07/07 15:09:10.0218 1512 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
      2011/07/07 15:09:10.0281 1512 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
      2011/07/07 15:09:10.0343 1512 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
      2011/07/07 15:09:10.0375 1512 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
      2011/07/07 15:09:10.0578 1512 CrystalSysInfo (f054744f67576a01139885173392502b) C:\Program Files\MediaCoder\SysInfo.sys
      2011/07/07 15:09:10.0718 1512 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
      2011/07/07 15:09:10.0796 1512 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
      2011/07/07 15:09:10.0843 1512 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
      2011/07/07 15:09:10.0890 1512 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
      2011/07/07 15:09:10.0968 1512 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
      2011/07/07 15:09:11.0093 1512 driverhardwarev2 (a694d8db6d360a3bbb0bd1517f1c1aee) C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
      2011/07/07 15:09:11.0156 1512 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
      2011/07/07 15:09:11.0281 1512 dtscsi (12aca694b50ea53563c1e7c99e7bb27d) C:\WINDOWS\System32\Drivers\dtscsi.sys
      2011/07/07 15:09:11.0406 1512 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
      2011/07/07 15:09:11.0437 1512 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
      2011/07/07 15:09:11.0468 1512 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
      2011/07/07 15:09:11.0484 1512 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
      2011/07/07 15:09:11.0546 1512 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
      2011/07/07 15:09:11.0640 1512 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
      2011/07/07 15:09:11.0656 1512 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
      2011/07/07 15:09:11.0718 1512 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
      2011/07/07 15:09:11.0796 1512 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
      2011/07/07 15:09:11.0875 1512 GVCplDrv (f22bf7f345df95c09942951246aaa28d) C:\WINDOWS\system32\drivers\GVCplDrv.sys
      2011/07/07 15:09:11.0937 1512 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
      2011/07/07 15:09:12.0031 1512 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
      2011/07/07 15:09:12.0140 1512 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
      2011/07/07 15:09:12.0218 1512 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
      2011/07/07 15:09:12.0312 1512 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
      2011/07/07 15:09:12.0359 1512 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
      2011/07/07 15:09:12.0390 1512 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
      2011/07/07 15:09:12.0437 1512 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
      2011/07/07 15:09:12.0468 1512 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
      2011/07/07 15:09:12.0515 1512 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
      2011/07/07 15:09:12.0578 1512 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys
      2011/07/07 15:09:12.0640 1512 ISODrive (2f03ceb28307983f3b36216d35ffa5aa) C:\Program Files\UltraISO\drivers\ISODrive.sys
      2011/07/07 15:09:12.0812 1512 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
      2011/07/07 15:09:12.0859 1512 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
      2011/07/07 15:09:12.0937 1512 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
      2011/07/07 15:09:13.0015 1512 L8042Kbd (151d8c22a57025d0619d9ed452a4f1ff) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
      2011/07/07 15:09:13.0078 1512 L8042mou (732afc2d2643916cfa135130d2adbc20) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
      2011/07/07 15:09:13.0218 1512 LBeepKE (ca63fe81705ad660e482bef210bf2c73) C:\WINDOWS\system32\Drivers\LBeepKE.sys
      2011/07/07 15:09:13.0312 1512 LMouKE (46f0396649101c27968089d127395980) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
      2011/07/07 15:09:13.0375 1512 ManyCam (c6d085c7045200143528136a43a65fde) C:\WINDOWS\system32\DRIVERS\ManyCam.sys
      2011/07/07 15:09:13.0421 1512 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
      2011/07/07 15:09:13.0453 1512 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
      2011/07/07 15:09:13.0515 1512 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
      2011/07/07 15:09:13.0546 1512 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
      2011/07/07 15:09:13.0671 1512 MRENDIS5 (594b9d8194e3f4ecbf0325bd10bbeb05) C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
      2011/07/07 15:09:13.0796 1512 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
      2011/07/07 15:09:13.0875 1512 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
      2011/07/07 15:09:13.0921 1512 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
      2011/07/07 15:09:14.0000 1512 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
      2011/07/07 15:09:14.0031 1512 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
      2011/07/07 15:09:14.0046 1512 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
      2011/07/07 15:09:14.0078 1512 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
      2011/07/07 15:09:14.0140 1512 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
      2011/07/07 15:09:14.0171 1512 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
      2011/07/07 15:09:14.0203 1512 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
      2011/07/07 15:09:14.0234 1512 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
      2011/07/07 15:09:14.0265 1512 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
      2011/07/07 15:09:14.0312 1512 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
      2011/07/07 15:09:14.0343 1512 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
      2011/07/07 15:09:14.0375 1512 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
      2011/07/07 15:09:14.0453 1512 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
      2011/07/07 15:09:14.0515 1512 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
      2011/07/07 15:09:14.0765 1512 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
      2011/07/07 15:09:15.0093 1512 nv (4c3696c1ed1a36629ebb348bf745a328) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
      2011/07/07 15:09:15.0421 1512 nvatabus (c03e15101f6d9e82cd9b0e7d715f5de3) C:\WINDOWS\system32\DRIVERS\nvatabus.sys
      2011/07/07 15:09:15.0500 1512 NVENETFD (a12ec731bb00adad2d016d41c1f18fa4) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
      2011/07/07 15:09:15.0531 1512 nvgts (619d8943725402d1179941fd58574cc8) C:\WINDOWS\system32\DRIVERS\nvgts.sys
      2011/07/07 15:09:15.0562 1512 nvnetbus (5dc6a149897820de315916b6ec984ec9) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
      2011/07/07 15:09:15.0656 1512 NVR0Dev (61d6b1c71ad94f8485e966bebc36d092) C:\WINDOWS\nvoclock.sys
      2011/07/07 15:09:16.0828 1512 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
      2011/07/07 15:09:16.0859 1512 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
      2011/07/07 15:09:16.0937 1512 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\DRIVERS\parport.sys
      2011/07/07 15:09:16.0968 1512 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
      2011/07/07 15:09:17.0000 1512 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
      2011/07/07 15:09:17.0078 1512 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
      2011/07/07 15:09:17.0125 1512 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys
      2011/07/07 15:09:17.0187 1512 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
      2011/07/07 15:09:17.0234 1512 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys
      2011/07/07 15:09:17.0515 1512 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
      2011/07/07 15:09:17.0562 1512 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
      2011/07/07 15:09:17.0640 1512 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
      2011/07/07 15:09:17.0843 1512 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
      2011/07/07 15:09:17.0906 1512 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
      2011/07/07 15:09:17.0953 1512 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
      2011/07/07 15:09:17.0984 1512 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
      2011/07/07 15:09:18.0031 1512 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
      2011/07/07 15:09:18.0062 1512 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
      2011/07/07 15:09:18.0125 1512 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
      2011/07/07 15:09:18.0187 1512 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
      2011/07/07 15:09:18.0250 1512 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys
      2011/07/07 15:09:18.0343 1512 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
      2011/07/07 15:09:18.0390 1512 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
      2011/07/07 15:09:18.0421 1512 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\DRIVERS\serial.sys
      2011/07/07 15:09:18.0484 1512 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
      2011/07/07 15:09:18.0609 1512 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
      2011/07/07 15:09:18.0718 1512 sptd (c4bb8a12843d9cbb65f5ff617f389bbd) C:\WINDOWS\system32\Drivers\sptd.sys
      2011/07/07 15:09:18.0781 1512 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
      2011/07/07 15:09:18.0843 1512 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
      2011/07/07 15:09:18.0953 1512 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
      2011/07/07 15:09:19.0000 1512 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
      2011/07/07 15:09:19.0078 1512 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
      2011/07/07 15:09:19.0218 1512 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
      2011/07/07 15:09:19.0296 1512 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
      2011/07/07 15:09:19.0406 1512 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
      2011/07/07 15:09:19.0437 1512 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
      2011/07/07 15:09:19.0500 1512 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
      2011/07/07 15:09:19.0593 1512 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
      2011/07/07 15:09:19.0703 1512 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
      2011/07/07 15:09:19.0781 1512 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
      2011/07/07 15:09:19.0812 1512 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
      2011/07/07 15:09:19.0843 1512 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
      2011/07/07 15:09:19.0921 1512 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
      2011/07/07 15:09:20.0015 1512 vcdrom (bfa4ae30b3ac10e9223830bf103f5a3f) C:\Program Files\System\CPL Bonus\Vcdrom.sys
      2011/07/07 15:09:20.0062 1512 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
      2011/07/07 15:09:20.0109 1512 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
      2011/07/07 15:09:20.0171 1512 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
      2011/07/07 15:09:20.0265 1512 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
      2011/07/07 15:09:20.0390 1512 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
      2011/07/07 15:09:20.0406 1512 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
      2011/07/07 15:09:20.0671 1512 ZD1211BU(ZyDAS) (154fe6a5a608cd725266877901e883c2) C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys
      2011/07/07 15:09:20.0765 1512 ZDPSp50 (00ae175b903d45ed4a62384d3315dc2a) C:\WINDOWS\system32\Drivers\ZDPSp50.sys
      2011/07/07 15:09:20.0843 1512 MBR (0x1B8) (c99c3199cfaa4cbdcd91493f6d113a50) \Device\Harddisk0\DR0
      2011/07/07 15:09:20.0953 1512 Boot (0x1200) (9291dbc1fb7e971ce7fa60e39aa73a22) \Device\Harddisk0\DR0\Partition0
      2011/07/07 15:09:20.0953 1512 ================================================================================
      2011/07/07 15:09:20.0953 1512 Scan finished
      2011/07/07 15:09:20.0953 1512 ================================================================================
      2011/07/07 15:09:20.0968 1504 Detected object count: 0
      2011/07/07 15:09:20.0968 1504 Actual detected object count: 0
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. g3n-h@ckm@n
     
    tu dois en avoir un autre sur ton bureau de rapport avec un peu le meme nom
    0
    1. Gascf Messages postés 8 Date d'inscription   Statut Membre Dernière intervention  
       
      2011/07/07 15:02:32.0234 1448 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21
      2011/07/07 15:02:32.0500 1448 ================================================================================
      2011/07/07 15:02:32.0500 1448 SystemInfo:
      2011/07/07 15:02:32.0500 1448
      2011/07/07 15:02:32.0500 1448 OS Version: 5.1.2600 ServicePack: 3.0
      2011/07/07 15:02:32.0500 1448 Product type: Workstation
      2011/07/07 15:02:32.0500 1448 ComputerName: USER-04304373
      2011/07/07 15:02:32.0500 1448 UserName: USER
      2011/07/07 15:02:32.0500 1448 Windows directory: C:\WINDOWS
      2011/07/07 15:02:32.0500 1448 System windows directory: C:\WINDOWS
      2011/07/07 15:02:32.0500 1448 Processor architecture: Intel x86
      2011/07/07 15:02:32.0500 1448 Number of processors: 1
      2011/07/07 15:02:32.0500 1448 Page size: 0x1000
      2011/07/07 15:02:32.0500 1448 Boot type: Safe boot with network
      2011/07/07 15:02:32.0500 1448 ================================================================================
      2011/07/07 15:02:35.0125 1448 Initialize success
      2011/07/07 15:02:38.0171 0976 ================================================================================
      2011/07/07 15:02:38.0171 0976 Scan started
      2011/07/07 15:02:38.0171 0976 Mode: Manual;
      2011/07/07 15:02:38.0171 0976 ================================================================================
      2011/07/07 15:02:40.0515 0976 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
      2011/07/07 15:02:40.0578 0976 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys
      2011/07/07 15:02:40.0671 0976 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
      2011/07/07 15:02:40.0750 0976 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
      2011/07/07 15:02:41.0109 0976 ALCXWDM (dd8520280304b6145a6be31008748c7c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
      2011/07/07 15:02:41.0593 0976 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
      2011/07/07 15:02:41.0859 0976 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
      2011/07/07 15:02:41.0921 0976 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
      2011/07/07 15:02:42.0000 0976 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
      2011/07/07 15:02:42.0062 0976 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
      2011/07/07 15:02:42.0187 0976 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
      2011/07/07 15:02:42.0312 0976 BRGSp50 (ee0f41fa0466189a2c8b9caf7d1cddd5) C:\WINDOWS\system32\Drivers\BRGSp50.sys
      2011/07/07 15:02:42.0359 0976 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
      2011/07/07 15:02:42.0453 0976 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
      2011/07/07 15:02:42.0531 0976 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
      2011/07/07 15:02:42.0562 0976 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
      2011/07/07 15:02:42.0875 0976 CrystalSysInfo (f054744f67576a01139885173392502b) C:\Program Files\MediaCoder\SysInfo.sys
      2011/07/07 15:02:43.0171 0976 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
      2011/07/07 15:02:43.0296 0976 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
      2011/07/07 15:02:43.0343 0976 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
      2011/07/07 15:02:43.0390 0976 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
      2011/07/07 15:02:43.0453 0976 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
      2011/07/07 15:02:43.0656 0976 driverhardwarev2 (a694d8db6d360a3bbb0bd1517f1c1aee) C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
      2011/07/07 15:02:43.0703 0976 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
      2011/07/07 15:02:43.0812 0976 dtscsi (12aca694b50ea53563c1e7c99e7bb27d) C:\WINDOWS\System32\Drivers\dtscsi.sys
      2011/07/07 15:02:43.0906 0976 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
      2011/07/07 15:02:43.0953 0976 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
      2011/07/07 15:02:43.0984 0976 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
      2011/07/07 15:02:44.0031 0976 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
      2011/07/07 15:02:44.0109 0976 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
      2011/07/07 15:02:44.0187 0976 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
      2011/07/07 15:02:44.0218 0976 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
      2011/07/07 15:02:44.0296 0976 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
      2011/07/07 15:02:44.0375 0976 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
      2011/07/07 15:02:44.0484 0976 GVCplDrv (f22bf7f345df95c09942951246aaa28d) C:\WINDOWS\system32\drivers\GVCplDrv.sys
      2011/07/07 15:02:44.0546 0976 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
      2011/07/07 15:02:44.0671 0976 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
      2011/07/07 15:02:44.0812 0976 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
      2011/07/07 15:02:44.0890 0976 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
      2011/07/07 15:02:45.0031 0976 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
      2011/07/07 15:02:45.0093 0976 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
      2011/07/07 15:02:45.0125 0976 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
      2011/07/07 15:02:45.0187 0976 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
      2011/07/07 15:02:45.0234 0976 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
      2011/07/07 15:02:45.0312 0976 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
      2011/07/07 15:02:45.0359 0976 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys
      2011/07/07 15:02:45.0453 0976 ISODrive (2f03ceb28307983f3b36216d35ffa5aa) C:\Program Files\UltraISO\drivers\ISODrive.sys
      2011/07/07 15:02:45.0625 0976 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
      2011/07/07 15:02:45.0718 0976 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
      2011/07/07 15:02:45.0796 0976 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
      2011/07/07 15:02:45.0890 0976 L8042Kbd (151d8c22a57025d0619d9ed452a4f1ff) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
      2011/07/07 15:02:45.0984 0976 L8042mou (732afc2d2643916cfa135130d2adbc20) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
      2011/07/07 15:02:46.0125 0976 LBeepKE (ca63fe81705ad660e482bef210bf2c73) C:\WINDOWS\system32\Drivers\LBeepKE.sys
      2011/07/07 15:02:46.0359 0976 LMouKE (46f0396649101c27968089d127395980) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
      2011/07/07 15:02:46.0546 0976 ManyCam (c6d085c7045200143528136a43a65fde) C:\WINDOWS\system32\DRIVERS\ManyCam.sys
      2011/07/07 15:02:46.0640 0976 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
      2011/07/07 15:02:46.0703 0976 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
      2011/07/07 15:02:46.0750 0976 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
      2011/07/07 15:02:46.0812 0976 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
      2011/07/07 15:02:46.0953 0976 MRENDIS5 (594b9d8194e3f4ecbf0325bd10bbeb05) C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
      2011/07/07 15:02:47.0031 0976 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
      2011/07/07 15:02:47.0109 0976 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
      2011/07/07 15:02:47.0187 0976 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
      2011/07/07 15:02:47.0281 0976 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
      2011/07/07 15:02:47.0328 0976 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
      2011/07/07 15:02:47.0359 0976 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
      2011/07/07 15:02:47.0406 0976 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
      2011/07/07 15:02:47.0468 0976 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
      2011/07/07 15:02:47.0531 0976 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
      2011/07/07 15:02:47.0562 0976 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
      2011/07/07 15:02:47.0609 0976 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
      2011/07/07 15:02:47.0656 0976 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
      2011/07/07 15:02:47.0703 0976 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
      2011/07/07 15:02:47.0750 0976 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
      2011/07/07 15:02:47.0796 0976 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
      2011/07/07 15:02:48.0078 0976 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
      2011/07/07 15:02:48.0187 0976 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
      2011/07/07 15:02:48.0359 0976 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
      2011/07/07 15:02:48.0734 0976 nv (4c3696c1ed1a36629ebb348bf745a328) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
      2011/07/07 15:02:49.0078 0976 nvatabus (c03e15101f6d9e82cd9b0e7d715f5de3) C:\WINDOWS\system32\DRIVERS\nvatabus.sys
      2011/07/07 15:02:49.0156 0976 NVENETFD (a12ec731bb00adad2d016d41c1f18fa4) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
      2011/07/07 15:02:49.0203 0976 nvgts (619d8943725402d1179941fd58574cc8) C:\WINDOWS\system32\DRIVERS\nvgts.sys
      2011/07/07 15:02:49.0281 0976 nvnetbus (5dc6a149897820de315916b6ec984ec9) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
      2011/07/07 15:02:49.0375 0976 NVR0Dev (61d6b1c71ad94f8485e966bebc36d092) C:\WINDOWS\nvoclock.sys
      2011/07/07 15:02:49.0578 0976 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
      2011/07/07 15:02:49.0609 0976 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
      2011/07/07 15:02:49.0671 0976 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\DRIVERS\parport.sys
      2011/07/07 15:02:49.0718 0976 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
      2011/07/07 15:02:49.0765 0976 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
      2011/07/07 15:02:49.0859 0976 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
      2011/07/07 15:02:49.0937 0976 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys
      2011/07/07 15:02:50.0000 0976 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
      2011/07/07 15:02:50.0031 0976 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys
      2011/07/07 15:02:50.0328 0976 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
      2011/07/07 15:02:50.0375 0976 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
      2011/07/07 15:02:50.0437 0976 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
      2011/07/07 15:02:50.0609 0976 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
      2011/07/07 15:02:50.0671 0976 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
      2011/07/07 15:02:50.0718 0976 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
      2011/07/07 15:02:50.0765 0976 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
      2011/07/07 15:02:50.0812 0976 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
      2011/07/07 15:02:50.0859 0976 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
      2011/07/07 15:02:50.0953 0976 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
      2011/07/07 15:02:51.0046 0976 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
      2011/07/07 15:02:51.0156 0976 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys
      2011/07/07 15:02:51.0328 0976 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
      2011/07/07 15:02:51.0390 0976 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
      2011/07/07 15:02:51.0421 0976 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\DRIVERS\serial.sys
      2011/07/07 15:02:51.0500 0976 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
      2011/07/07 15:02:51.0640 0976 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
      2011/07/07 15:02:51.0781 0976 sptd (c4bb8a12843d9cbb65f5ff617f389bbd) C:\WINDOWS\system32\Drivers\sptd.sys
      2011/07/07 15:02:51.0781 0976 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: c4bb8a12843d9cbb65f5ff617f389bbd
      2011/07/07 15:02:51.0796 0976 sptd - detected LockedFile.Multi.Generic (1)
      2011/07/07 15:02:51.0843 0976 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
      2011/07/07 15:02:51.0937 0976 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
      2011/07/07 15:02:52.0062 0976 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
      2011/07/07 15:02:52.0125 0976 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
      2011/07/07 15:02:52.0187 0976 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
      2011/07/07 15:02:52.0421 0976 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
      2011/07/07 15:02:52.0515 0976 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
      2011/07/07 15:02:52.0609 0976 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
      2011/07/07 15:02:52.0640 0976 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
      2011/07/07 15:02:52.0703 0976 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
      2011/07/07 15:02:52.0843 0976 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
      2011/07/07 15:02:52.0937 0976 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
      2011/07/07 15:02:53.0015 0976 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
      2011/07/07 15:02:53.0062 0976 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
      2011/07/07 15:02:53.0093 0976 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
      2011/07/07 15:02:53.0187 0976 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
      2011/07/07 15:02:53.0296 0976 vcdrom (bfa4ae30b3ac10e9223830bf103f5a3f) C:\Program Files\System\CPL Bonus\Vcdrom.sys
      2011/07/07 15:02:53.0359 0976 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
      2011/07/07 15:02:53.0437 0976 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
      2011/07/07 15:02:53.0500 0976 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
      2011/07/07 15:02:53.0625 0976 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
      2011/07/07 15:02:53.0781 0976 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
      2011/07/07 15:02:53.0812 0976 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
      2011/07/07 15:02:54.0109 0976 ZD1211BU(ZyDAS) (154fe6a5a608cd725266877901e883c2) C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys
      2011/07/07 15:02:54.0218 0976 ZDPSp50 (00ae175b903d45ed4a62384d3315dc2a) C:\WINDOWS\system32\Drivers\ZDPSp50.sys
      2011/07/07 15:02:54.0296 0976 MBR (0x1B8) (dad11e2a62df7f44f938c5059e874339) \Device\Harddisk0\DR0
      2011/07/07 15:02:54.0312 0976 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
      2011/07/07 15:02:54.0328 0976 Boot (0x1200) (9291dbc1fb7e971ce7fa60e39aa73a22) \Device\Harddisk0\DR0\Partition0
      2011/07/07 15:02:54.0343 0976 ================================================================================
      2011/07/07 15:02:54.0343 0976 Scan finished
      2011/07/07 15:02:54.0343 0976 ================================================================================
      2011/07/07 15:02:54.0375 1704 Detected object count: 2
      2011/07/07 15:02:54.0375 1704 Actual detected object count: 2
      2011/07/07 15:03:23.0062 1704 LockedFile.Multi.Generic(sptd) - User select action: Skip
      2011/07/07 15:03:23.0093 1704 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
      2011/07/07 15:03:23.0093 1704 \Device\Harddisk0\DR0 - ok
      2011/07/07 15:03:23.0093 1704 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
      2011/07/07 15:03:43.0546 0536 Deinitialize success
      0
  7. g3n-h@ckm@n
     
    desactive ton antivirus
    desactive Windows defender si présent
    desactive ton pare-feu

    Ferme toutes tes appilications en cours

    telecharge et enregistre ceci sur ton bureau :

    Pre_Scan

    mirroir :

    http://www.archive-host.com

    s'il n'est pas sur ton bureau coupe-le de ton dossier telechargements et colle-le sur ton bureau

    Avertissement: Il y aura une extinction du bureau pendant le scan --> pas de panique.

    une fois telechargé lance-le , laisse faire le scan jusqu'à l'apparition de "Pre_scan.txt" sur le bureau.

    si 'outil est bloqué par l'infection utilise cette version : Version .pif

    si l'outil detecte un proxy et que tu n'en as pas installé clique sur "supprimer le proxy"

    si l'outil semble ne pas avoir fonctionné renomme-le winlogon , ou change son extension en .com ou .scr

    Il se peut qu'une multitude de fenêtres noires clignotent , laisse-le travailler

    Poste Pre_Scan.txt qui apparaitra sur le bureau en fin de scan

    ▶▶▶ NE LE POSTE PAS SUR LE FORUM (il est trop long)

    clique sur ce lien : http://www.cijoint.fr/

    ▶ Clique sur Parcourir et cherche le fichier ci-dessus.

    ▶ Clique sur Ouvrir.

    ▶ Clique sur "Cliquez ici pour déposer le fichier".

    Un lien de cette forme :

    http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

    est ajouté dans la page.

    ▶ Copie ce lien dans ta réponse.
    0
    1. Gascf Messages postés 8 Date d'inscription   Statut Membre Dernière intervention  
       
      http://www.cijoint.fr/cjlink.php?file=cj201107/cijpt9VNpf.txt
      0
  8. g3n-h@ckm@n
     
    desinstalle setupprog toolbar
    desinstalle conduit engine
    desinstale Ask.com et askToolbar
    desinstalle spybot il est devenu obsolète
    desinstalle ToolbarInstaller

    ===============================================
    fais glisser une icone n'importe quel fichier sur Pre_scan , pre_script va apparaitre

    ouvre Pre_script et colle ce qui suit en gras, à l'interieur du texte qui s'ouvre ,
    sans les lignes , en une seule fois en le mettant en surbrillance :
    ___________________________________________________
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IDMan"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Motive SmartBridge"=-
    "SunJavaUpdateSched"=-
    "QuickTime Task"=-
    "SoundMan"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    ""=-
    [-HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\settings\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\stats\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
    [-HKEY_CLASSES_ROOT\CLSID\{f4ef4468-9bbb-45a1-a2ce-f0c430a9a7e5}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f4ef4468-9bbb-45a1-a2ce-f0c430a9a7e5}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\settings\{f4ef4468-9bbb-45a1-a2ce-f0c430a9a7e5}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\stats\{f4ef4468-9bbb-45a1-a2ce-f0c430a9a7e5}]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{f4ef4468-9bbb-45a1-a2ce-f0c430a9a7e5}"=-
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{f4ef4468-9bbb-45a1-a2ce-f0c430a9a7e5}"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{f4ef4468-9bbb-45a1-a2ce-f0c430a9a7e5}"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{f4ef4468-9bbb-45a1-a2ce-f0c430a9a7e5}"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{f4ef4468-9bbb-45a1-a2ce-f0c430a9a7e5}"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{f4ef4468-9bbb-45a1-a2ce-f0c430a9a7e5}"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    "{f4ef4468-9bbb-45a1-a2ce-f0c430a9a7e5}"=-
    [-HKEY_CLASSES_ROOT\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\settings\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\stats\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
    [-HKEY_CURRENT_USER\Software\Ask.com]
    [-HKEY_CURRENT_USER\Software\AskToolbar]
    [-HKEY_CURRENT_USER\Software\Conduit]
    [-HKEY_CURRENT_USER\Software\Conduit Engine]
    [-HKEY_CURRENT_USER\Software\PriceGong]
    [-HKEY_CURRENT_USER\Software\Setuprog]
    [-HKEY_LOCAL_MACHINE\Software\AskToolbar]
    [-HKEY_LOCAL_MACHINE\Software\Conduit]
    [-HKEY_LOCAL_MACHINE\Software\conduitEngine]
    [-HKEY_LOCAL_MACHINE\Software\Setuprog]
    [-HKEY_LOCAL_MACHINE\Software\Uniblue]
    [-HKEY_CLASSES_ROOT\CLSID\{72B3882F-453A-4633-AAC9-8C3DCED62AFF}]
    [HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1900:UDP"=-
    "2869:TCP"=-

    file::
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
    C:\Documents and Settings\All Users\Application Data\mj6g7f66ks8l50d3
    C:\Documents and Settings\USER\Local Settings\Application Data\mj6g7f66ks8l50d3
    C:\WINDOWS\Tasks\RegistryConvoy.job

    folder::
    C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\utcbgeu0.default\extensions\toolbar@ask.com
    C:\WINDOWS\Temp\bxtqsv
    C:\WINDOWS\Temp\hwgjvr
    C:\WINDOWS\Temp\nhknll
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Spybot - Search & Destroy
    C:\Documents and Settings\USER\Application Data\B825A590CF70DE94729417E07BE7DE6A
    C:\Documents and Settings\USER\Application Data\OpenCandy
    C:\Documents and Settings\USER\Application Data\PriceGong
    C:\Documents and Settings\All Users\Application Data\aOa28604pMhDf28604
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    C:\Documents and Settings\USER\Local Settings\Application Data\AskToolbar
    C:\Documents and Settings\USER\Local Settings\Application Data\Conduit
    C:\Documents and Settings\USER\Local Settings\Application Data\ConduitEngine
    C:\Documents and Settings\USER\Local Settings\Application Data\OpenCandy
    C:\Documents and Settings\USER\Local Settings\Application Data\Setuprog
    C:\Program Files\Ask.com
    C:\Program Files\Conduit
    C:\Program Files\ConduitEngine
    C:\Program Files\Setuprog
    C:\Program Files\Spybot - Search & Destroy
    C:\Program Files\System
    C:\Program Files\Whitesmoke

    attrib::

    ___________________________________________________

    copie-le (ctrl+c ou clique droit sur la selection puis => copier)

    puis onglet fichier => enregistrer (pas enregistrer sous...) , puis ferme le texte

    des fenetres noires risquent de clignoter , c'est normal , c'est le programme qui travaille

    poste Pre_Script.txt qui apparaitra sur le bureau en fin de travail
    ¤¤¤¤¤¤¤¤¤¤_g3n-h@ckm@n_developpement_¤¤¤¤¤¤¤¤¤¤
    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤_Pre_scan_¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    0
    1. Gascf Messages postés 8 Date d'inscription   Statut Membre Dernière intervention  
       
      J'ai eu du mal avec cette démarche je pense avoir mal fait ! J'ai pas compris si je devais lancer lancer pre_scan.exe à un moment mais maintenant celui-ci se bloque et m'affiche une erreur !
      ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Script ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

      ¤¤¤¤¤ XP | Vista | Seven - 32/64 bits ¤¤¤¤¤

      Utilisateur : USER (Administrateurs)
      Ordinateur : USER-04304373
      Système d'exploitation : Microsoft Windows XP (32 bits)
      Internet Explorer : 8.0.6001.18241
      Mozilla Firefox : 3.6.18 (fr)

      Switchs possibles :

      processes:: | file:: | folder::
      Registry:: | Driver:: | replace::
      txt:: | Host:: | DNS:: | NsLook::
      Command:: | list:: | attrib::

      Script : 17:38:38

      ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
      ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤


      explorer.exe -> Processus redémarré

      Fin : 17:38:38

      ¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤
      0
  9. g3n-h@ckm@n
     
    non c'est fini pour l instant pre_scan

    il ne s'agit que de pre_script

    tu le lances , tu colles le texte qui est en gras dedans , tu enregistres et tu ferme
    0
    1. Gascf Messages postés 8 Date d'inscription   Statut Membre Dernière intervention  
       
      Il y a seulement ce que j'ai copié plus haut dans pre_script.txt. Je pense avoir loupé une étape, mettre en surbrillance peut-être ? C'est bien le fait de tout séléctionner avec sa souris ? (je suis nul en informatique)
      0
    2. Gascf Messages postés 8 Date d'inscription   Statut Membre Dernière intervention  
       
      Vous pourriez rééexpliquer en détail si ça ne vous gêne pas ? Je retente la manipulation depuis plusieurs heures ><
      0
  10. g3n-h@ckm@n
     
    tu selectionnes tout ce qui est en gras , et tu fais clic droit/copier

    tu lances pre_script , et tu colles tout dans le texte qui s'ouvre clic droit/coller

    ensuite onglet fichier => enregistrer (tout court) puis tu fermes , et tu laisses bosser
    0
    1. Gascf Messages postés 8 Date d'inscription   Statut Membre Dernière intervention  
       
      C'est exactement ce que je fais mais il ne se passe rien ! =/
      Pas de solutions alternatives ?
      0
  11. g3n-h@ckm@n
     
    il ne se passe rien du tout ?

    ton bureau ne disparait pas ?
    tu as pas un Pre_script.txt sur ton bureau ou dans C:\ ?
    0
  12. Gascf Messages postés 8 Date d'inscription   Statut Membre Dernière intervention  
     
    La barre des tâches disparait puis revient instantanément et les programmes se ferment. Tout ce qu'il y a dans pre_script c'est :

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Script ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤ XP | Vista | Seven - 32/64 bits ¤¤¤¤¤

    Utilisateur : USER (Administrateurs)
    Ordinateur : USER-04304373
    Système d'exploitation : Microsoft Windows XP (32 bits)
    Internet Explorer : 8.0.6001.18241
    Mozilla Firefox : 3.6.18 (fr)

    Switchs possibles :

    processes:: | file:: | folder::
    Registry:: | Driver:: | replace::
    txt:: | Host:: | DNS:: | NsLook::
    Command:: | list:: | attrib::

    Script : 17:38:38

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    explorer.exe -> Processus redémarré

    Fin : 17:38:38

    ¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤
    0
  13. g3n-h@ckm@n
     
    non ben tu rates un truc alors je sais pas...
    0
  14. Gascf Messages postés 8 Date d'inscription   Statut Membre Dernière intervention  
     
    Que fait-on ? Je pense que le problème vient de mon pc car je fais exactement les démarches
    Mon pc ne rame plus d'ailleurs et ne freeze pas non plus, les programmes s'ouvrent instantanément. Par contre je n'ai plus la barre recherche dans mes documents et quand je tente de la faire apparaître via "outils" j'ai une erreur !
    0
  15. g3n-h@ckm@n
     
    bon on va pas y aller par 36 chemins je voulais eviter mais on y est obligé


    /!\ ATTENTION SUIVRE A LA LETTRE CES INDICATIONS/!\

    __________________________________________________________
    >Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.<
    >>>>>>>Ne pas utiliser en dehors de ce cas de figure : dangereux!<<<<<<<<
    =====================================================


    ▶ Surtout , pense à l'enregistrement à renommer Combofix en "ton prenom.exe" avant qu'il soit enregistré sur ton disque dur

    Telecharge ici : Combofix

    Avant d'utiliser ComboFix :

    Si tu utilises AVG, IL FAUT IMPERATIVEMENT LE DESINSTALLER avant d'utiliser Combofix car il peut causer des dégâts en interaction avec l'outil pouvant mener à la réinstallation totale du système.
    La simple désactivation du résident n'est pas suffisante.
    Télécharge le désinstalleur d'AVG sur ce lien : https://www.avg.com/fr-fr/avg-remover
    Choisis la version adéquate (32 ou 64 bits)/!\

    Les logiciels d'émulation de CD comme Daemon Tools peuvent gêner les outils de désinfection. Utilise Defogger pour les désactiver temporairement :

    ▶ Télécharge Defogger (de jpshortstuff) sur ton Bureau

    ▶ Lance le

    Une fenêtre apparait : clique sur "Disable"

    ▶ Fais redémarrer l'ordinateur si l'outil te le demande

    Note : Quand nous aurons terminé la désinfection, tu pourras réactiver ces logiciels en relançant Defogger et en cliquant sur "Re-enable"

    _________________________________________________________
    >> referme les fenêtres de tous les programmes en cours.
    >> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
    >>la protection en temps réel de ton Antivirus et de tes Antispywares,
    >>qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

    °°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°


    si tu as XP => double clique
    si tu as Vista ou windows 7 => clic droit "executer en tant que...."


    sur combofix renommé

    ¤¤¤¤¤¤¤¤¤¤ LAISSE-LE INSTALLER LA CONSOLE DE RECUPERATION S'IL TE LE DEMANDE ¤¤¤¤¤¤¤¤¤¤

    ▶ !!!!!NE TOUCHE A RIEN PENDANT LE TRAVAIL DE COMBOFIX (SOURIS/CLAVIER.....)!!!!!

    ▶ n'oublie pas de reactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    ▶▶ Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

    0
  16. Gascf Messages postés 8 Date d'inscription   Statut Membre Dernière intervention  
     
    Très bien je m'y prends demain car je suis un peu fatigué et la manoeuvre semble complexe. Je te tiens au courant.
    0
  17. g3n-h@ckm@n
     
    ok repose toi bien ^^
    0
    1. Gascf Messages postés 8 Date d'inscription   Statut Membre Dernière intervention  
       
      Re ! Je suis en mode sans échec je me lance dans la manipulation j'espère ne pas faire de connerie...
      0
  18. g3n-h@ckm@n
     
    lance-le et laisse -le bosser tranquille :)
    0
    1. Gascf Messages postés 8 Date d'inscription   Statut Membre Dernière intervention  
       
      ComboFix 11-07-07.06 - Comb 08/07/2011 18:42:42.1.1 - x86 NETWORK
      Lancé depuis: c:\documents and settings\USER\Bureau\ComboFix.exe
      * Un nouveau point de restauration a été créé
      .
      .
      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      C:\CFLog
      c:\documents and settings\All Users\Application Data\01CYF2K6.exe
      c:\documents and settings\USER\Application Data\B825A590CF70DE94729417E07BE7DE6A
      c:\documents and settings\USER\Application Data\B825A590CF70DE94729417E07BE7DE6A\enemies-names.txt
      c:\documents and settings\USER\Application Data\PriceGong
      c:\documents and settings\USER\Application Data\PriceGong\Data\1.xml
      c:\documents and settings\USER\Application Data\PriceGong\Data\a.xml
      c:\documents and settings\USER\Application Data\PriceGong\Data\b.xml
      c:\documents and settings\USER\Application Data\PriceGong\Data\c.xml
      c:\documents and settings\USER\Application Data\PriceGong\Data\d.xml
      c:\documents and settings\USER\Application Data\PriceGong\Data\e.xml
      c:\documents and settings\USER\Application Data\PriceGong\Data\f.xml
      c:\documents and settings\USER\Application Data\PriceGong\Data\g.xml
      c:\documents and settings\USER\Application Data\PriceGong\Data\h.xml
      c:\documents and settings\USER\Application Data\PriceGong\Data\i.xml
      c:\documents and settings\USER\Application Data\PriceGong\Data\J.xml
      c:\documents and settings\USER\Application Data\PriceGong\Data\k.xml
      c:\documents and settings\USER\Application Data\PriceGong\Data\l.xml
      c:\documents and settings\USER\Application Data\PriceGong\Data\m.xml
      c:\documents and settings\USER\Application Data\PriceGong\Data\mru.xml
      c:\documents and settings\USER\Application Data\PriceGong\Data\n.xml
      c:\documents and settings\USER\Application Data\PriceGong\Data\o.xml
      c:\documents and settings\USER\Application Data\PriceGong\Data\p.xml
      c:\documents and settings\USER\Application Data\PriceGong\Data\q.xml
      c:\documents and settings\USER\Application Data\PriceGong\Data\r.xml
      c:\documents and settings\USER\Application Data\PriceGong\Data\s.xml
      c:\documents and settings\USER\Application Data\PriceGong\Data\t.xml
      c:\documents and settings\USER\Application Data\PriceGong\Data\u.xml
      c:\documents and settings\USER\Application Data\PriceGong\Data\v.xml
      c:\documents and settings\USER\Application Data\PriceGong\Data\w.xml
      c:\documents and settings\USER\Application Data\PriceGong\Data\x.xml
      c:\documents and settings\USER\Application Data\PriceGong\Data\y.xml
      c:\documents and settings\USER\Application Data\PriceGong\Data\z.xml
      c:\documents and settings\USER\WINDOWS
      c:\progra~1\CLUB-I~1\LECOMP~1\SMARTB~3\MotiveSB.exe
      c:\program files\BroadJump\Client Foundation\CFD.exe
      c:\program files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe
      c:\program files\Java\jre6\bin\jusched.exe
      c:\program files\QuickTime\QTTask.exe
      c:\windows\Fonts\5NC3QI76.com
      c:\windows\system32\msconfig.exe
      c:\windows\Tasks\At1.job
      c:\windows\Tasks\At10.job
      c:\windows\Tasks\At12.job
      c:\windows\Tasks\At14.job
      c:\windows\wpe pro.INI
      .
      .
      ((((((((((((((((((((((((((((( Fichiers créés du 2011-06-08 au 2011-07-08 ))))))))))))))))))))))))))))))))))))
      .
      .
      2011-07-08 12:17 . 2011-07-08 12:17 -------- d-----w- c:\documents and settings\USER\Local Settings\Application Data\PCHealth
      2011-07-07 15:29 . 2011-07-07 18:40 -------- d-----w- C:\Kill'em
      2011-07-06 21:46 . 2011-07-06 21:46 -------- d-----w- c:\program files\Ad-Remover
      2011-07-06 19:56 . 2006-08-01 13:02 49152 ----a-w- c:\windows\system32\ChCfg.exe
      2011-07-06 19:55 . 2008-09-24 08:40 4122368 ----a-r- c:\windows\system32\drivers\alcxwdm.sys
      2011-07-06 19:55 . 2011-07-06 19:55 -------- d-----w- c:\program files\Realtek AC97
      2011-07-06 19:55 . 2006-12-08 13:20 10528768 ----a-w- c:\windows\system32\RTLCPL.exe
      2011-07-06 19:55 . 2007-04-16 13:28 577536 ----a-w- c:\windows\soundman.exe
      2011-07-06 19:55 . 2006-11-17 03:40 18804736 ----a-w- c:\windows\system32\alsndmgr.cpl
      2011-07-06 19:55 . 2006-10-18 00:53 147456 ----a-w- c:\windows\system32\RtlCPAPI.dll
      2011-07-06 19:55 . 2006-07-31 09:27 217088 ----a-w- c:\windows\Alcrmv.exe
      2011-07-06 19:55 . 2006-07-31 09:19 315392 ----a-w- c:\windows\alcupd.exe
      2011-07-06 19:54 . 2006-02-07 13:40 204800 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
      2011-07-06 19:54 . 2006-02-07 13:40 69715 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
      2011-07-06 19:54 . 2006-02-07 13:40 274432 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
      2011-07-06 19:54 . 2005-11-13 21:19 5632 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
      2011-07-06 19:54 . 2006-02-07 13:45 757760 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
      2011-07-06 19:54 . 2011-07-06 19:54 331908 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
      2011-07-06 19:54 . 2011-07-06 19:54 200836 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
      2011-07-06 17:38 . 2011-07-06 17:38 -------- d-----w- C:\INTRPLAY
      2011-07-06 17:38 . 2011-07-06 17:38 -------- d-----w- c:\program files\Dofus 2
      2011-07-06 17:38 . 2011-07-06 17:38 -------- d-----w- c:\program files\Babylon
      2011-07-06 15:42 . 2011-07-06 18:50 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
      2011-07-06 15:42 . 2011-07-06 15:42 -------- d-----w- c:\program files\AVAST Software
      2011-07-06 00:10 . 2011-07-06 00:10 -------- d-----w- c:\windows\system32\wbem\Repository
      2011-07-05 20:50 . 2011-07-07 14:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
      2011-07-05 10:18 . 2011-07-05 12:56 -------- d-----w- C:\sh4ldr
      2011-07-05 10:06 . 2011-07-05 10:06 -------- d-----r- c:\documents and settings\NetworkService\Favoris
      2011-06-23 10:13 . 2011-06-23 10:13 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
      2011-06-23 10:12 . 2011-06-23 10:12 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
      2011-06-17 01:03 . 2011-06-17 11:33 -------- d-----w- c:\windows\SxsCaPendDel
      2011-06-16 19:23 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
      .
      .
      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2011-06-12 10:20 . 2009-12-02 17:05 60416 ----a-w- c:\windows\ALCFDRTM.VER
      2011-05-02 15:31 . 2009-11-14 17:35 692736 ----a-w- c:\windows\system32\inetcomm.dll
      2011-04-29 17:25 . 2008-04-13 18:33 151552 ----a-w- c:\windows\system32\schannel.dll
      2011-04-29 16:19 . 2008-04-13 11:17 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
      2011-04-21 13:37 . 2008-04-13 11:17 105472 ----a-w- c:\windows\system32\drivers\mup.sys
      .
      [code]<pre>
      c:\program files\BroadJump\Client Foundation\CFD .exe
      c:\program files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp .exe
      c:\program files\Club-Internet\Le Compagnon Club\SmartBridge\MotiveSB .exe
      c:\program files\Java\jre6\bin\jusched .exe
      c:\program files\QuickTime\QTTask .exe
      </pre>/code
      .
      ------- Sigcheck -------
      Note: Unsigned files aren't necessarily malware.
      .
      [-] 2009-01-17 16:18 . 699D22B70D6CD1B9759A14D10256A715 . 1587712 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
      .
      [-] 2009-01-17 . DE669722494CF41F6E39A62B3B08525C . 561152 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
      .
      [-] 2009-01-17 . DE4A4AC7328FC80156034E7EB283676D . 579584 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
      .
      [-] 2009-01-17 . 3C127370AA63C7D9FD756BB4BE173427 . 1573888 . . [6.00.2900.5512] . . c:\windows\explorer.exe
      .
      [-] 2008-04-13 . AAF8E9C2CF1DB93C3EE5C12BC6A7ACEA . 282624 . . [5.1.2600.5512] . . c:\windows\regedit.exe
      .
      .
      [-] 2009-01-17 . 58DB2EE838D5B7BAD0F7F10A6C920390 . 40960 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
      .
      c:\windows\System32\wscntfy.exe ... manque !!
      .
      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4
      .
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
      "{f4ef4468-9bbb-45a1-a2ce-f0c430a9a7e5}"= "c:\program files\Setuprog\prxtbSet2.dll" [2011-01-17 175912]
      .
      [HKEY_CLASSES_ROOT\clsid\{f4ef4468-9bbb-45a1-a2ce-f0c430a9a7e5}]
      .
      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
      2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
      .
      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f4ef4468-9bbb-45a1-a2ce-f0c430a9a7e5}]
      2011-01-17 14:54 175912 ----a-w- c:\program files\Setuprog\prxtbSet2.dll
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      "{f4ef4468-9bbb-45a1-a2ce-f0c430a9a7e5}"= "c:\program files\Setuprog\prxtbSet2.dll" [2011-01-17 175912]
      "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
      .
      [HKEY_CLASSES_ROOT\clsid\{f4ef4468-9bbb-45a1-a2ce-f0c430a9a7e5}]
      .
      [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
      .
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
      "{F4EF4468-9BBB-45A1-A2CE-F0C430A9A7E5}"= "c:\program files\Setuprog\prxtbSet2.dll" [2011-01-17 175912]
      .
      [HKEY_CLASSES_ROOT\clsid\{f4ef4468-9bbb-45a1-a2ce-f0c430a9a7e5}]
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
      "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-05-26 3220912]
      "Connexion SFR 9props.exe"="c:\program files\SFR\Kit\9props.exe" [2009-10-15 959808]
      "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "QuickTime Task"="c:\program files\QuickTime\QTTask .exe -atboottime" [X]
      "BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [N/A]
      "Club-Internet_McciTrayApp"="c:\program files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe" [N/A]
      "Motive SmartBridge"="c:\progra~1\CLUB-I~1\LECOMP~1\SMARTB~3\MotiveSB.exe" [N/A]
      "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [N/A]
      "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
      "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
      "SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
      .
      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-01-17 40960]
      .
      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
      "_nltide_3"="advpack.dll" [2008-08-22 128512]
      .
      c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
      Adobe Gamma Loader.lnk - [N/A]
      Effet Aero de fen^tres.lnk - [N/A]
      LE COMPAGNON CLUB.lnk - [N/A]
      Menu Vista.lnk - [N/A]
      sidebar.lnk - [N/A]
      Visual Task Tips.lnk - [N/A]
      ZDWLan Utility.lnk - [N/A]
      .
      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "NoSMConfigurePrograms"= 1 (0x1)
      .
      [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
      "NoSMHelp"= 1 (0x1)
      "ForceClassicControlPanel"= 1 (0x1)
      "NoSMConfigurePrograms"= 1 (0x1)
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
      @="Service"
      .
      [HKLM\~\startupfolder\C:^Documents and Settings^USER^Menu Démarrer^Programmes^Démarrage^Club Internet.lnk]
      path=c:\documents and settings\USER\Menu Démarrer\Programmes\Démarrage\Club Internet.lnk
      backup=c:\windows\pss\Club Internet.lnkStartup
      .
      [HKLM\~\startupfolder\C:^Documents and Settings^USER^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.2.lnk]
      path=c:\documents and settings\USER\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.2.lnk
      backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
      2011-05-25 15:29 1951112 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ManyCam]
      2010-10-15 05:25 1721640 ----a-w- c:\program files\ManyCam\Bin\ManyCam.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
      2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
      2010-11-16 23:12 1242448 ----a-w- c:\program files\Steam\steam.exe
      .
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\Program Files\\Steam\\Steam.exe"=
      "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
      "c:\\Program Files\\Steam\\steamapps\\arius1993\\half-life 2 deathmatch\\hl2.exe"=
      "c:\\Program Files\\Steam\\steamapps\\common\\aliens vs predator demo\\AvP.exe"=
      "c:\\Program Files\\Steam\\steamapps\\arius1993\\source sdk base\\hl2.exe"=
      "c:\\Program Files\\Steam\\steamapps\\arius1993\\source sdk base 2007\\hl2.exe"=
      "c:\\Program Files\\Steam\\steamapps\\common\\football manager 2010\\fm.exe"=
      "c:\\Program Files\\Steam\\steamapps\\common\\stalker clear sky\\bin\\xrEngine.exe"=
      "c:\\Program Files\\Internet Download Manager\\IDMan.exe"=
      "c:\\Program Files\\Steam\\steamapps\\common\\amnesia the dark descent demo\\Launcher.exe"=
      "c:\\Program Files\\Steam\\steamapps\\common\\the void\\bin\\win32\\Game.exe"=
      "c:\\Program Files\\Steam\\steamapps\\common\\the void\\bin\\win32\\Config.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "c:\\Program Files\\LogMeIn Hamachi\\hamachi-2-ui.exe"=
      "c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
      "c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
      "c:\\Program Files\\Steam\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"=
      "c:\\Program Files\\Steam\\steamapps\\common\\killingfloor\\System\\KFEd.exe"=
      "c:\\Program Files\\Steam\\steamapps\\arius1993\\zombie panic! source\\hl2.exe"=
      "c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
      .
      R1 vcdrom;Virtual CD-ROM Device Driver;c:\program files\System\CPL Bonus\Vcdrom.sys [2001-12-19 8576]
      R2 AMService;AMService;c:\windows\TEMP\bxtqsv\setup.exe run [x]
      R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 1336712]
      R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\Drivers\LBeepKE.sys [2010-03-18 10448]
      R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-08-13 259440]
      R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
      R3 XDva341;XDva341;c:\windows\system32\XDva341.sys [x]
      R3 XDva345;XDva345;c:\windows\system32\XDva345.sys [x]
      R3 XDva346;XDva346;c:\windows\system32\XDva346.sys [x]
      R3 XDva349;XDva349;c:\windows\system32\XDva349.sys [x]
      R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-26 697328]
      .
      .
      --- Autres Services/Pilotes en mémoire ---
      .
      *NewlyCreated* - VCDROM
      .
      Contenu du dossier 'Tâches planifiées'
      .
      2011-07-07 c:\windows\Tasks\AppleSoftwareUpdate.job
      - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
      .
      .
      ------- Examen supplémentaire -------
      .
      uStart Page = hxxp://www.google.com/
      uInternet Settings,ProxyOverride = *.local
      IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
      IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm
      IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm
      LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
      DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
      FF - ProfilePath - c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\utcbgeu0.default\
      FF - prefs.js: browser.search.selectedEngine - Ask.com
      FF - prefs.js: browser.startup.homepage - hxxp://www.mad-movies.com/forums/index.php
      FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=MYC&o=14300&locale=en_FR&apn_uid=2F05BFE1-903F-49B5-86EE-BE62BED06718&apn_ptnrs=NL&apn_sauid=AEF3DA6C-5F6B-477A-9AB2-49B8EE5EB649&apn_dtid=&q=
      FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
      FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
      FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
      FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
      FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
      FF - Ext: Autofill Forms: autofillForms@blueimp.net - %profile%\extensions\autofillForms@blueimp.net
      FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
      FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
      FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
      FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
      FF - Ext: Real-Debrid - Plugin: real@debrid - %profile%\extensions\real@debrid
      FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\documents and settings\USER\Application Data\IDM\idmmzcc3
      FF - user.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=
      user_pref(extensions.kwiclick.channel.campaign,'AddonFoxInt');
      user_pref(extensions.kwiclick.channel.content,'AddonFoxInt');
      user_pref(extensions.kwiclick.channel.id,'AddonFoxInt');
      user_pref(extensions.kwiclick.channel.cse,'009607407620987551725:3hfwsbgoj80');
      user_pref(extensions.kwiclick.channel.medium,'cpa');
      user_pref(extensions.kwiclick.channel.source,'AddonFoxInt');
      user_pref(extensions.kwiclick.channel.set,true);
      user_pref(extensions.kwiclick.channel.campaign,'AddonFoxInt');
      user_pref(extensions.kwiclick.channel.content,'AddonFoxInt');
      user_pref(extensions.kwiclick.channel.id,'AddonFoxInt');
      user_pref(extensions.kwiclick.channel.cse,'009607407620987551725:3hfwsbgoj80');
      user_pref(extensions.kwiclick.channel.medium,'cpa');
      user_pref(extensions.kwiclick.channel.source,'AddonFoxInt');
      user_pref(extensions.kwiclick.channel.set,true);
      user_pref(extensions.kwiclick.channel.campaign,'AddonFoxInt');
      user_pref(extensions.kwiclick.channel.content,'AddonFoxInt');
      user_pref(extensions.kwiclick.channel.id,'AddonFoxInt');
      user_pref(extensions.kwiclick.channel.cse,'009607407620987551725:3hfwsbgoj80');
      user_pref(extensions.kwiclick.channel.medium,'cpa');
      user_pref(extensions.kwiclick.channel.source,'AddonFoxInt');
      user_pref(extensions.kwiclick.channel.set,true);
      .
      - - - - ORPHELINS SUPPRIMES - - - -
      .
      URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
      BHO-{0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - (no file)
      BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
      Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
      WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
      .
      .
      .
      **************************************************************************
      .
      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2011-07-08 18:49
      Windows 5.1.2600 Service Pack 3 NTFS
      .
      Recherche de processus cachés ...
      .
      Recherche d'éléments en démarrage automatique cachés ...
      .
      Recherche de fichiers cachés ...
      .
      Scan terminé avec succès
      Fichiers cachés: 0
      .
      **************************************************************************
      .
      --------------------- CLES DE REGISTRE BLOQUEES ---------------------
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
      @Denied: (Full) (Everyone)
      "scansk"=hex(0):fd,d8,6c,ea,0d,c1,b2,b4,b0,43,46,42,25,b0,d9,60,f1,29,22,5c,c5,
      11,d6,f8,b5,1b,31,a9,ad,31,02,21,62,35,c6,5e,ad,ab,af,44,00,00,00,00,00,00,\
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{66923e64-fb61-4c39-8c69-67a4646fa93c}]
      @Denied: (Full) (Everyone)
      "Model"=dword:00000144
      "Therad"=dword:0000001e
      "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
      38,95,44,e1,24,76,17,62,9f,c7,01,f1,35,55,03,c5,e2,53,05,83,e0,8b,c5,07,bb,\
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
      @Denied: (Full) (Everyone)
      "scansk"=hex(0):bd,0c,d5,27,b5,44,15,af,4a,88,81,5d,a7,17,e5,c3,bb,fc,f4,4a,f0,
      8e,23,4e,3e,07,94,64,37,ba,c2,c7,bb,ea,e0,56,28,29,f8,1c,00,00,00,00,00,00,\
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{e881b135-39bf-4040-9f25-1bde92a1d8a2}]
      @Denied: (Full) (Everyone)
      "Model"=dword:00000047
      "Therad"=dword:0000001b
      "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
      1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
      .
      --------------------- DLLs chargées dans les processus actifs ---------------------
      .
      - - - - - - - > 'winlogon.exe'(808)
      c:\windows\system32\SETUPAPI.dll
      c:\windows\system32\cscui.dll
      .
      - - - - - - - > 'lsass.exe'(864)
      c:\windows\system32\SETUPAPI.dll
      .
      Heure de fin: 2011-07-08 18:51:51
      ComboFix-quarantined-files.txt 2011-07-08 16:51
      .
      Avant-CF: 35 264 897 024 octets libres
      Après-CF: 35 440 009 216 octets libres
      .
      WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
      [boot loader]
      timeout=2
      default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
      [operating systems]
      c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
      UnsupportedDebug="do not select this" /debug
      multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
      .
      - - End Of File - - F7AC4B7F2E099FA16D060BB76F324818
      0
  19. g3n-h@ckm@n
     

    __________________________________________________
    =>/!\Le script qui suit a été écrit spécialement cet ordinateur/!\ <=
    =>il est fort déconseillé de le transposer sur un autre ordinateur !<=
    ----------------------------------------------------------------------------


    Toujours avec toutes les protections désactivées, fais ceci :

    ▶ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
    ▶ Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

    ----------------------------------------------------------
    KillAll::

    Folder::
    c:\program files\Babylon
    c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    C:\sh4ldr

    RenV::
    c:\program files\BroadJump\Client Foundation\CFD .exe
    c:\program files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp .exe
    c:\program files\Club-Internet\Le Compagnon Club\SmartBridge\MotiveSB .exe
    c:\program files\Java\jre6\bin\jusched .exe
    c:\program files\QuickTime\QTTask .exe

    Registry::
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"=-
    "SunJavaUpdateSched"=-
    "SoundMan"=-
    [-HKEY_CLASSES_ROOT\CLSID\{f4ef4468-9bbb-45a1-a2ce-f0c430a9a7e5}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f4ef4468-9bbb-45a1-a2ce-f0c430a9a7e5}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\settings\{f4ef4468-9bbb-45a1-a2ce-f0c430a9a7e5}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\stats\{f4ef4468-9bbb-45a1-a2ce-f0c430a9a7e5}]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{f4ef4468-9bbb-45a1-a2ce-f0c430a9a7e5}"=-
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{f4ef4468-9bbb-45a1-a2ce-f0c430a9a7e5}"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{f4ef4468-9bbb-45a1-a2ce-f0c430a9a7e5}"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{f4ef4468-9bbb-45a1-a2ce-f0c430a9a7e5}"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{f4ef4468-9bbb-45a1-a2ce-f0c430a9a7e5}"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{f4ef4468-9bbb-45a1-a2ce-f0c430a9a7e5}"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    "{f4ef4468-9bbb-45a1-a2ce-f0c430a9a7e5}"=-
    [-HKEY_CLASSES_ROOT\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\settings\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\stats\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"=-

    Driver::
    AMService
    XDva341
    XDva345
    XDva346
    XDva349

    Firefox::
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com

    RegLock::
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{66923e64-fb61-4c39-8c69-67a4646fa93c}]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{e881b135-39bf-4040-9f25-1bde92a1d8a2}]


    ------------------------------------------------------------------

    ▶ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
    ▶ Quitte le Bloc Notes

    ▶ Fais un glisser/déposer de ce fichier CFScript sur le fichier combofix

    ▶ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
    ▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
    ▶ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt

    ¤¤¤¤¤¤¤¤¤¤_g3n-h@ckm@n_developpement_¤¤¤¤¤¤¤¤¤¤
    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤_Pre_scan_¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    0
    1. Gascf Messages postés 8 Date d'inscription   Statut Membre Dernière intervention  
       
      ComboFix 11-07-07.06 - Comb 08/07/2011 19:36:28.2.1 - x86 NETWORK
      Lancé depuis: c:\documents and settings\USER\Bureau\ComboFix.exe
      Commutateurs utilisés :: c:\documents and settings\USER\Bureau\CFScript.txt
      * Un nouveau point de restauration a été créé
      .
      .
      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
      c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.110705-2256.log
      c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.110705-2333.txt
      c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.110706-1703.log
      c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.110706-1703.txt
      c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.110706-1731.txt
      c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.110705-2334.txt
      c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.110705-2339.txt
      c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Resident.log
      c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Update downloads.log
      c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\ProcCache.sbc
      c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ToolbarFacemood.zip
      c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ToolbarFacemood1.zip
      c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ToolbarFacemood2.zip
      c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ToolbarFacemood3.zip
      c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ToolbarFacemood4.zip
      c:\program files\Babylon
      C:\sh4ldr
      c:\sh4ldr\shldr.mbr
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      -------\Legacy_AMSERVICE
      -------\Legacy_XDVA341
      -------\Legacy_XDVA345
      -------\Legacy_XDVA346
      -------\Legacy_XDVA349
      -------\Service_AMService
      -------\Service_XDva341
      -------\Service_XDva345
      -------\Service_XDva346
      -------\Service_XDva349
      .
      .
      ((((((((((((((((((((((((((((( Fichiers créés du 2011-06-08 au 2011-07-08 ))))))))))))))))))))))))))))))))))))
      .
      .
      2011-07-08 12:17 . 2011-07-08 12:17 -------- d-----w- c:\documents and settings\USER\Local Settings\Application Data\PCHealth
      2011-07-07 15:29 . 2011-07-07 18:40 -------- d-----w- C:\Kill'em
      2011-07-06 21:46 . 2011-07-06 21:46 -------- d-----w- c:\program files\Ad-Remover
      2011-07-06 19:56 . 2006-08-01 13:02 49152 ----a-w- c:\windows\system32\ChCfg.exe
      2011-07-06 19:55 . 2008-09-24 08:40 4122368 ----a-r- c:\windows\system32\drivers\alcxwdm.sys
      2011-07-06 19:55 . 2011-07-06 19:55 -------- d-----w- c:\program files\Realtek AC97
      2011-07-06 19:55 . 2006-12-08 13:20 10528768 ----a-w- c:\windows\system32\RTLCPL.exe
      2011-07-06 19:55 . 2007-04-16 13:28 577536 ----a-w- c:\windows\soundman.exe
      2011-07-06 19:55 . 2006-11-17 03:40 18804736 ----a-w- c:\windows\system32\alsndmgr.cpl
      2011-07-06 19:55 . 2006-10-18 00:53 147456 ----a-w- c:\windows\system32\RtlCPAPI.dll
      2011-07-06 19:55 . 2006-07-31 09:27 217088 ----a-w- c:\windows\Alcrmv.exe
      2011-07-06 19:55 . 2006-07-31 09:19 315392 ----a-w- c:\windows\alcupd.exe
      2011-07-06 19:54 . 2006-02-07 13:40 204800 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
      2011-07-06 19:54 . 2006-02-07 13:40 69715 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
      2011-07-06 19:54 . 2006-02-07 13:40 274432 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
      2011-07-06 19:54 . 2005-11-13 21:19 5632 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
      2011-07-06 19:54 . 2006-02-07 13:45 757760 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
      2011-07-06 19:54 . 2011-07-06 19:54 331908 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
      2011-07-06 19:54 . 2011-07-06 19:54 200836 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
      2011-07-06 17:38 . 2011-07-06 17:38 -------- d-----w- C:\INTRPLAY
      2011-07-06 17:38 . 2011-07-06 17:38 -------- d-----w- c:\program files\Dofus 2
      2011-07-06 15:42 . 2011-07-06 18:50 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
      2011-07-06 15:42 . 2011-07-06 15:42 -------- d-----w- c:\program files\AVAST Software
      2011-07-06 00:10 . 2011-07-06 00:10 -------- d-----w- c:\windows\system32\wbem\Repository
      2011-07-05 10:06 . 2011-07-05 10:06 -------- d-----r- c:\documents and settings\NetworkService\Favoris
      2011-06-23 10:13 . 2011-06-23 10:13 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
      2011-06-23 10:12 . 2011-06-23 10:12 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
      2011-06-17 01:03 . 2011-06-17 11:33 -------- d-----w- c:\windows\SxsCaPendDel
      2011-06-16 19:23 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
      .
      .
      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2011-06-12 10:20 . 2009-12-02 17:05 60416 ----a-w- c:\windows\ALCFDRTM.VER
      2011-05-02 15:31 . 2009-11-14 17:35 692736 ----a-w- c:\windows\system32\inetcomm.dll
      2011-04-29 17:25 . 2008-04-13 18:33 151552 ----a-w- c:\windows\system32\schannel.dll
      2011-04-29 16:19 . 2008-04-13 11:17 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
      2011-04-21 13:37 . 2008-04-13 11:17 105472 ----a-w- c:\windows\system32\drivers\mup.sys
      .
      .
      ------- Sigcheck -------
      Note: Unsigned files aren't necessarily malware.
      .
      [-] 2009-01-17 16:18 . 699D22B70D6CD1B9759A14D10256A715 . 1587712 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
      .
      [-] 2009-01-17 . DE669722494CF41F6E39A62B3B08525C . 561152 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
      .
      [-] 2009-01-17 . DE4A4AC7328FC80156034E7EB283676D . 579584 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
      .
      [-] 2009-01-17 . 3C127370AA63C7D9FD756BB4BE173427 . 1573888 . . [6.00.2900.5512] . . c:\windows\explorer.exe
      .
      [-] 2008-04-13 . AAF8E9C2CF1DB93C3EE5C12BC6A7ACEA . 282624 . . [5.1.2600.5512] . . c:\windows\regedit.exe
      .
      .
      [-] 2009-01-17 . 58DB2EE838D5B7BAD0F7F10A6C920390 . 40960 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
      .
      c:\windows\System32\wscntfy.exe ... manque !!
      .
      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
      "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-05-26 3220912]
      "Connexion SFR 9props.exe"="c:\program files\SFR\Kit\9props.exe" [2009-10-15 959808]
      "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912]
      "Club-Internet_McciTrayApp"="c:\program files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe" [2005-11-15 543232]
      "Motive SmartBridge"="c:\progra~1\CLUB-I~1\LECOMP~1\SMARTB~3\MotiveSB.exe" [2005-08-24 438359]
      "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
      "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
      .
      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-01-17 40960]
      .
      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
      "_nltide_3"="advpack.dll" [2008-08-22 128512]
      .
      c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
      Adobe Gamma Loader.lnk - [N/A]
      Effet Aero de fen^tres.lnk - [N/A]
      LE COMPAGNON CLUB.lnk - [N/A]
      Menu Vista.lnk - [N/A]
      sidebar.lnk - [N/A]
      Visual Task Tips.lnk - [N/A]
      ZDWLan Utility.lnk - [N/A]
      .
      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "NoSMConfigurePrograms"= 1 (0x1)
      .
      [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
      "NoSMHelp"= 1 (0x1)
      "ForceClassicControlPanel"= 1 (0x1)
      "NoSMConfigurePrograms"= 1 (0x1)
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
      @="Service"
      .
      [HKLM\~\startupfolder\C:^Documents and Settings^USER^Menu Démarrer^Programmes^Démarrage^Club Internet.lnk]
      path=c:\documents and settings\USER\Menu Démarrer\Programmes\Démarrage\Club Internet.lnk
      backup=c:\windows\pss\Club Internet.lnkStartup
      .
      [HKLM\~\startupfolder\C:^Documents and Settings^USER^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.2.lnk]
      path=c:\documents and settings\USER\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.2.lnk
      backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
      2011-05-25 15:29 1951112 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ManyCam]
      2010-10-15 05:25 1721640 ----a-w- c:\program files\ManyCam\Bin\ManyCam.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
      2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
      2010-11-16 23:12 1242448 ----a-w- c:\program files\Steam\steam.exe
      .
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\Program Files\\Steam\\Steam.exe"=
      "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
      "c:\\Program Files\\Steam\\steamapps\\arius1993\\half-life 2 deathmatch\\hl2.exe"=
      "c:\\Program Files\\Steam\\steamapps\\common\\aliens vs predator demo\\AvP.exe"=
      "c:\\Program Files\\Steam\\steamapps\\arius1993\\source sdk base\\hl2.exe"=
      "c:\\Program Files\\Steam\\steamapps\\arius1993\\source sdk base 2007\\hl2.exe"=
      "c:\\Program Files\\Steam\\steamapps\\common\\football manager 2010\\fm.exe"=
      "c:\\Program Files\\Steam\\steamapps\\common\\stalker clear sky\\bin\\xrEngine.exe"=
      "c:\\Program Files\\Internet Download Manager\\IDMan.exe"=
      "c:\\Program Files\\Steam\\steamapps\\common\\amnesia the dark descent demo\\Launcher.exe"=
      "c:\\Program Files\\Steam\\steamapps\\common\\the void\\bin\\win32\\Game.exe"=
      "c:\\Program Files\\Steam\\steamapps\\common\\the void\\bin\\win32\\Config.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "c:\\Program Files\\LogMeIn Hamachi\\hamachi-2-ui.exe"=
      "c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
      "c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
      "c:\\Program Files\\Steam\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"=
      "c:\\Program Files\\Steam\\steamapps\\common\\killingfloor\\System\\KFEd.exe"=
      "c:\\Program Files\\Steam\\steamapps\\arius1993\\zombie panic! source\\hl2.exe"=
      "c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
      .
      R1 vcdrom;Virtual CD-ROM Device Driver;c:\program files\System\CPL Bonus\Vcdrom.sys [2001-12-19 8576]
      R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\Drivers\LBeepKE.sys [2010-03-18 10448]
      R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-08-13 259440]
      R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
      R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-26 697328]
      S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 1336712]
      .
      .
      --- Autres Services/Pilotes en mémoire ---
      .
      *NewlyCreated* - VCDROM
      .
      Contenu du dossier 'Tâches planifiées'
      .
      2011-07-07 c:\windows\Tasks\AppleSoftwareUpdate.job
      - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
      .
      .
      ------- Examen supplémentaire -------
      .
      uStart Page = hxxp://www.google.com/
      uInternet Settings,ProxyOverride = *.local
      IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
      IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm
      IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm
      LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
      DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
      FF - ProfilePath - c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\utcbgeu0.default\
      FF - prefs.js: browser.search.selectedEngine - Ask.com
      FF - prefs.js: browser.startup.homepage - hxxp://www.mad-movies.com/forums/index.php
      FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=MYC&o=14300&locale=en_FR&apn_uid=2F05BFE1-903F-49B5-86EE-BE62BED06718&apn_ptnrs=NL&apn_sauid=AEF3DA6C-5F6B-477A-9AB2-49B8EE5EB649&apn_dtid=&q=
      FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
      FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
      FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
      FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
      FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
      FF - Ext: Autofill Forms: autofillForms@blueimp.net - %profile%\extensions\autofillForms@blueimp.net
      FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
      FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
      FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
      FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
      FF - Ext: Real-Debrid - Plugin: real@debrid - %profile%\extensions\real@debrid
      FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\documents and settings\USER\Application Data\IDM\idmmzcc3
      FF - user.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=
      user_pref(extensions.kwiclick.channel.campaign,'AddonFoxInt');
      user_pref(extensions.kwiclick.channel.content,'AddonFoxInt');
      user_pref(extensions.kwiclick.channel.id,'AddonFoxInt');
      user_pref(extensions.kwiclick.channel.cse,'009607407620987551725:3hfwsbgoj80');
      user_pref(extensions.kwiclick.channel.medium,'cpa');
      user_pref(extensions.kwiclick.channel.source,'AddonFoxInt');
      user_pref(extensions.kwiclick.channel.set,true);
      user_pref(extensions.kwiclick.channel.campaign,'AddonFoxInt');
      user_pref(extensions.kwiclick.channel.content,'AddonFoxInt');
      user_pref(extensions.kwiclick.channel.id,'AddonFoxInt');
      user_pref(extensions.kwiclick.channel.cse,'009607407620987551725:3hfwsbgoj80');
      user_pref(extensions.kwiclick.channel.medium,'cpa');
      user_pref(extensions.kwiclick.channel.source,'AddonFoxInt');
      user_pref(extensions.kwiclick.channel.set,true);
      user_pref(extensions.kwiclick.channel.campaign,'AddonFoxInt');
      user_pref(extensions.kwiclick.channel.content,'AddonFoxInt');
      user_pref(extensions.kwiclick.channel.id,'AddonFoxInt');
      user_pref(extensions.kwiclick.channel.cse,'009607407620987551725:3hfwsbgoj80');
      user_pref(extensions.kwiclick.channel.medium,'cpa');
      user_pref(extensions.kwiclick.channel.source,'AddonFoxInt');
      user_pref(extensions.kwiclick.channel.set,true);
      .
      .
      **************************************************************************
      .
      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2011-07-08 19:50
      Windows 5.1.2600 Service Pack 3 NTFS
      .
      Recherche de processus cachés ...
      .
      Recherche d'éléments en démarrage automatique cachés ...
      .
      Recherche de fichiers cachés ...
      .
      Scan terminé avec succès
      Fichiers cachés: 0
      .
      **************************************************************************
      .
      --------------------- DLLs chargées dans les processus actifs ---------------------
      .
      - - - - - - - > 'winlogon.exe'(816)
      c:\windows\system32\SETUPAPI.dll
      c:\windows\system32\cscui.dll
      .
      - - - - - - - > 'lsass.exe'(872)
      c:\windows\system32\setupapi.dll
      .
      - - - - - - - > 'explorer.exe'(604)
      c:\windows\system32\SHDOCVW.dll
      c:\windows\system32\COMRes.dll
      c:\windows\System32\cscui.dll
      c:\windows\system32\ieframe.dll
      c:\windows\system32\msi.dll
      c:\windows\system32\SETUPAPI.dll
      c:\windows\system32\NETSHELL.dll
      c:\windows\system32\credui.dll
      c:\windows\system32\MSVCP60.dll
      c:\windows\system32\eappprxy.dll
      .
      Heure de fin: 2011-07-08 19:53:42 - La machine a redémarré
      ComboFix-quarantined-files.txt 2011-07-08 17:53
      ComboFix2.txt 2011-07-08 16:54
      .
      Avant-CF: 35 451 834 368 octets libres
      Après-CF: 35 361 316 864 octets libres
      .
      - - End Of File - - AE232D0EDC371EB9CB091692D1DA3967
      0
  20. g3n-h@ckm@n
     
    Fais analyser le(s) fichier(s) suivants sur Virustotal :

    Virus Total

    clique sur "Parcourir" et trouve puis selectionne ce(s) fichier(s) :

    c:\program files\System\CPL Bonus\Vcdrom.sys

    * Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
    * Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
    * Lorsque l'analyse est terminée colle le lien de(s)( la) page(s) dans ta prochaine réponse.
    0
    1. Gascf Messages postés 8 Date d'inscription   Statut Membre Dernière intervention  
       
      http://www.virustotal.com/file-scan/report.html?id=b576a00ff42574b7247ff9d92ff12b2ae7d525769f964c0e0411799982a2bd11-1310148303
      0
    2. g3n-h@ckm@n
       
      mets malwarebytes à jour et fais un scan complet
      0
    3. Gascf Messages postés 8 Date d'inscription   Statut Membre Dernière intervention  
       
      Râh ça me gave j'ai un nouveau problème, cette fois Malwarebytes veut pas se lancer !! J'ai cette erreur : http://www.noelshack.com/
      J'ai désinstallé et réinstallé plusieurs fois sans succès, et maintenant j'ai plusieurs logiciels qui fonctionnent plus (Ccleaner, msn, paint, blocnote etc) quand je double clique dessus ils deviennent transparent et rien ne se passe ! Et dans le panneau de configuration j'ai ça : http://www.noelshack.com/
      0
  21. g3n-h@ckm@n
     
    desinstalle-le avec revo en avancé , supprime tout ce qu il trouve et reinstalle

    https://www.clubic.com/telecharger-fiche39528-revouninstaller.html
    0
    1. Gascf Messages postés 8 Date d'inscription   Statut Membre Dernière intervention  
       
      Toujours une erreur à la fin de l'installation de malware : Cocreateinstance a échoué
      je commence à croire c'est un problème sans fin ce truc xD
      0
  • 1
  • 2