PC bien mal en point (trojan inside) [Résolu/Fermé]

Signaler
-
Messages postés
2241
Date d'inscription
samedi 21 avril 2007
Statut
Contributeur sécurité
Dernière intervention
27 octobre 2012
-
Bonjour,

Je me suis proposé un peu vite pour aider ma charmante voisine à désinfecté son PC bourré de virus (antivirus avast).
A première vue :
VGV, Tiny-QP, Tibs-DXY, Dialer-407 ?
Apres quelques scan, fix et manip diverses, le fonctionnement du PC est moins bloquant mais les virus sont toujours là.
Voici un rapport Hijack avant mes manips et un autre dernierement (l'actuel donc) :
Est-ce que quelqu'un peut me donner quelques conseils pour nettoyer tout ça ?

Antoine

----------------------- Rapport Hijack 19/05/08 ------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:14:04, on 19/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
R3 - URLSearchHook: scrapmalin Toolbar - {a3a5098d-d249-4508-851b-5cae1b218c10} - C:\Program Files\scrapmalin\tbscra.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: scrapmalin Toolbar - {a3a5098d-d249-4508-851b-5cae1b218c10} - C:\Program Files\scrapmalin\tbscra.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O3 - Toolbar: scrapmalin Toolbar - {a3a5098d-d249-4508-851b-5cae1b218c10} - C:\Program Files\scrapmalin\tbscra.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [dbvhbheb] C:\WINDOWS\system32\wheipprs.exe
O4 - HKLM\..\Run: [uwa6pcw] "C:\Program Files\WinAntiVirus Pro 2006\uwa6pcw.exe" -c
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Sécurité\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Pack Sécurité\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Sécurité\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\wind32.exe
O4 - HKLM\..\Run: [advap32] "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\33.tmp"/r
O4 - HKLM\..\Run: [DriveSystem] C:\WINDOWS\system32\maxpaynowti1.exe
O4 - HKLM\..\Run: [SystemDrive] C:\WINDOWS\system32\maxpaynow1.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [herjek] C:\WINDOWS\herjek.exe
O4 - HKCU\..\Run: [Service Pack 1] C:\WINDOWS\system32\vedxg6ame4.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: TrayMin300.exe.lnk = C:\Program Files\Philips\SPC 200NC PC Camera\TrayMin200.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?343300c2b5ce497b9f67e4d4e239b0ca
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?343300c2b5ce497b9f67e4d4e239b0ca
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Pack Sécurité (BackWeb Plug-in - 361343) - Pack Securite - C:\PROGRA~1\PACKSC~1\backweb\361343\Program\SERVIC~1.EXE
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Pack Sécurité\backweb\361343\program\fsbwsys.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Sécurité\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MioNet Service (MioNet) - Unknown owner - C:\Program Files\MioNet\MioNetManager.exe
O23 - Service: Microsoft TCP/IP Backup Service (tcpbackup) - Unknown owner - C:\WINDOWS\system32\tcpbkup.exe

15 réponses

Messages postés
2241
Date d'inscription
samedi 21 avril 2007
Statut
Contributeur sécurité
Dernière intervention
27 octobre 2012
122
Antivir ne suffira pas là-dessus.

FillPCA
2
Merci

Quelques mots de remerciements seront grandement appréciés. Ajouter un commentaire

CCM 76687 internautes nous ont dit merci ce mois-ci

Messages postés
2241
Date d'inscription
samedi 21 avril 2007
Statut
Contributeur sécurité
Dernière intervention
27 octobre 2012
122
Salut,

# Télécharge SDFix (créé par Andy Manchesta) et sauvegarde le sur ton Bureau : http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
# Imprime ceci.
# Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :

* Redémarre ton ordinateur.
* Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (ou F5).
* A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
* Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
* Choisis ton compte.

# Déroule la liste des instructions ci-dessous :

* En mode sans échec, double-clique sur le fichier SDFix.exe et clique sur install,
* Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
* Appuie sur Y pour commencer le script.
* Il va supprimer les services de certains trojans, effectuera aussi quelques réparations du Registre et il te demandera d'appuyer sur une touche pour redémarrer.
* Appuie sur une touche pour redémarrer le PC.
* Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
* Après le chargement du Bureau, l'outil terminera son travail et affichera Finished
* Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
* Enfin, ouvre le dossier de SDFix sur ton Bureau et copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

FillPCA
Salut FillPCA,

Quelle rapidité ! Merci de ton aide.
Je vais essayer tout cela ce soir (je ne suis pas sur le poste là).

Antoine

PS : J'aime beaucoup ta devise : mais les bonnes pratiques sont difficiles à faire passer à certains !
Salut,

J'ai suivi toute ta procédure FillPCA. Ca a l'air d'aller mieux. En attendant confirmation, voici les logs :

----------------------- Report SDFIX ----------------------------------------


[b]SDFix: Version 1.184 [/b]
Run by Administrateur on 21/05/2008 at 21:03

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default Desktop Wallpaper

Rebooting

Service asc3550p - Deleted

[b]Checking Files [/b]:

Trojan Files Found:

C:\Documents and Settings\Administrateur\Application Data\Install.dat - Deleted
C:\Documents and Settings\Administrateur\Local Settings\Temp\vx1dt1.game - Deleted
C:\Documents and Settings\Administrateur\Local Settings\Temp\vx1dt3.game - Deleted
C:\Documents and Settings\Administrateur\Local Settings\Temp\vx3dt2.game - Deleted
C:\WINDOWS\system32\found.exe.exe - Deleted
C:\Program Files\BraveSentry\BraveSentry.exe - Deleted
C:\Program Files\BraveSentry\BraveSentry.lic - Deleted
C:\Program Files\BraveSentry\BraveSentry0.bs - Deleted
C:\Program Files\BraveSentry\BraveSentry1.bs - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\maxpaynow.game - Deleted
C:\WINDOWS\system32\dllgh8jkd1q8.exe - Deleted
C:\WINDOWS\system32\maxpaynow.exe - Deleted
C:\WINDOWS\system32\vedxg4am1et2.exe - Deleted
C:\WINDOWS\system32\vedxga1me4t1.exe - Deleted
C:\WINDOWS\system32\vedxga5me3.exe - Deleted
C:\WINDOWS\herjek.config - Deleted
C:\WINDOWS\herjek.exe - Deleted
C:\WINDOWS\system32\kr_done1 - Deleted
C:\WINDOWS\system32\svcp.csv - Deleted
C:\WINDOWS\system32\vx.tll - Deleted
C:\WINDOWS\system32\wind32.exe - Deleted
C:\WINDOWS\system32\winsub.xml - Deleted
C:\WINDOWS\system32\drivers\asc3550p.sys - Deleted



Folder C:\Program Files\BraveSentry - Removed


Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-21 21:13:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d346prt\Cfg\0Jf40]
"khjeh"=hex:20,02,00,00,7f,ef,d4,f7,ab,ff,c4,ee,62,bb,94,bd,2d,ec,f4,10,8c,..
"hj34z0"=hex:c6,4a,d2,65,b5,f0,5c,d0,95,bd,cf,2f,5a,02,58,53,3a,c5,83,4d,f3,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{56CA5D3B-3002-4E7B-90FE-071D8FDF3814}]
"DisplayName"="DAEMON Tools"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\AOL 9.0a\\waol.exe"="C:\\Program Files\\AOL 9.0a\\waol.exe:*:Enabled:AOL 9.0a"
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe"="C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe:*:Enabled:Livecom"
"C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\..\\EconfV4\\ftplayer.exe"="C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\..\\EconfV4\\ftplayer.exe:*:Enabled:Livecom Media"
"C:\\Program Files\\Livecom\\Application\\eConfv4\\livecomp.exe"="C:\\Program Files\\Livecom\\Application\\eConfv4\\livecomp.exe:*:Enabled:Livecom Player"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Ex‚cuter une DLL en tant qu'application"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\Program Files\\WinAntiVirus Pro 2006\\Updater.exe"="C:\\Program Files\\WinAntiVirus Pro 2006\\Updater.exe:*:Enabled:updater.exe"
"C:\\Program Files\\Pack S‚curit‚\\backweb\\361343\\Program\\fspex.exe"="C:\\Program Files\\Pack S‚curit‚\\backweb\\361343\\program\\fspex.exe:*:enabled:Pack S‚curit‚"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Magentic\\bin\\Magentic.exe"="C:\\Program Files\\Magentic\\bin\\Magentic.exe:*:Enabled:Magentic"
"C:\\Program Files\\Magentic\\bin\\MgApp.exe"="C:\\Program Files\\Magentic\\bin\\MgApp.exe:*:Enabled:Magentic"
"C:\\Program Files\\IncrediMail\\bin\\ImLc.exe"="C:\\Program Files\\IncrediMail\\bin\\ImLc.exe:*:Enabled:IncrediMail"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\ecedaf.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\ecedaf.exe:*:Enabled:Enabled"
"C:\\WINDOWS\\herjek.exe"="C:\\WINDOWS\\herjek.exe:*:Enabled:enable"
"C:\\WINDOWS\\totacon.exe"="C:\\WINDOWS\\totacon.exe:*:Enabled:enable"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\AOL 9.0a\\waol.exe"="C:\\Program Files\\AOL 9.0a\\waol.exe:*:Enabled:AOL 9.0a"
"C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe"="C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe:*:Enabled:Livecom"
"C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\..\\EconfV4\\ftplayer.exe"="C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\..\\EconfV4\\ftplayer.exe:*:Enabled:Livecom Media"
"C:\\Program Files\\Pack S‚curit‚\\backweb\\361343\\Program\\fspex.exe"="C:\\Program Files\\Pack S‚curit‚\\backweb\\361343\\program\\fspex.exe:*:enabled:Pack S‚curit‚"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Sun 18 May 2008 25,120 A..HR --- "C:\$$tonio\SAV\tcpbkup.exe"
Sun 18 May 2008 25,120 A..HR --- "C:\WINDOWS\system32\tcpbkup.exe"
Fri 22 Sep 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 18 May 2008 25,120 ...HR --- "C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Internet Explorer\svchost.exe"
Mon 24 Jul 2006 954,368 A.SH. --- "C:\Documents and Settings\Administrateur\Mes documents\Mes images\cousins cousines\Week-end Taluyers 22 07 06\SIV34.tmp"
Mon 24 Jul 2006 598,016 A.SH. --- "C:\Documents and Settings\Administrateur\Mes documents\Mes images\cousins cousines\Week-end Taluyers 22 07 06\SIV35.tmp"
Mon 24 Jul 2006 512,000 A.SH. --- "C:\Documents and Settings\Administrateur\Mes documents\Mes images\cousins cousines\Week-end Taluyers 22 07 06\SIV36.tmp"

[b]Finished![/b]

----------------------------------------------------------------------------------------------------------
------------ log Hijackthis --------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:21:31, on 21/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\PACKSC~1\backweb\361343\Program\SERVIC~1.EXE
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Pack Sécurité\backweb\361343\program\fsbwsys.exe
C:\Program Files\Pack Sécurité\Common\FSMA32.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Pack Sécurité\Common\FSMB32.EXE
C:\Program Files\MioNet\MioNetManager.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MioNet\jvm\bin\MioNet.exe
C:\WINDOWS\system32\tcpbkup.exe
C:\Program Files\Pack Sécurité\backweb\361343\Program\fspex.exe
C:\Program Files\Pack Sécurité\Common\FCH32.EXE
C:\Program Files\Pack Sécurité\Common\FAMEH32.EXE
C:\Program Files\Pack Sécurité\FSPC\fspc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Pack Sécurité\Common\FSM32.EXE
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Pack Sécurité\FSGUI\fsguidll.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\totacon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [dbvhbheb] C:\WINDOWS\system32\wheipprs.exe
O4 - HKLM\..\Run: [uwa6pcw] "C:\Program Files\WinAntiVirus Pro 2006\uwa6pcw.exe" -c
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Sécurité\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Pack Sécurité\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Sécurité\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [totacon] C:\WINDOWS\totacon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Pack Sécurité.lnk = ?
O4 - Global Startup: TrayMin300.exe.lnk = C:\Program Files\Philips\SPC 200NC PC Camera\TrayMin200.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?343300c2b5ce497b9f67e4d4e239b0ca
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?343300c2b5ce497b9f67e4d4e239b0ca
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Pack Sécurité (BackWeb Plug-in - 361343) - Pack Securite - C:\PROGRA~1\PACKSC~1\backweb\361343\Program\SERVIC~1.EXE
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Pack Sécurité\backweb\361343\program\fsbwsys.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Sécurité\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MioNet Service (MioNet) - Unknown owner - C:\Program Files\MioNet\MioNetManager.exe
O23 - Service: Microsoft TCP/IP Backup Service (tcpbackup) - Unknown owner - C:\WINDOWS\system32\tcpbkup.exe
Raté !
D'apres avast, y'a encore :
Win32:Agent-VGV [Wrm]
Win32:Mutant-AG [Trj]

Antoine
> Tonino
Heu ... non. Un deuxième scan ne trouve plus rien...
J'attends ton avis là-dessus, FillPCA avant de crier victoire !
slt essaye antivir tres bon antivirus gratuit complete avec A-squared free et sa ira mieux
Merci du conseil, j'essayerai antivir dès le pb reglé !
Messages postés
2241
Date d'inscription
samedi 21 avril 2007
Statut
Contributeur sécurité
Dernière intervention
27 octobre 2012
122
Re,

Il en reste pas mal.
* Prière d'imprimer ces instructions, ou de les coller dans un fichier texte pour lecture en mode Sans Échec.

* Télécharge Brute Force Uninstaller (de Merijn) : http://www.merijn.org/files/bfu.zip
* Créé un nouveau dossier directement sur le C:\ et nomme-le BFU. Décompresse le fichier téléchargé dans ce nouveau dossier (C:\BFU).
* Fais un clic droit ici : http://www.alt-shift-return.org/Info/Fichiers/Winsoftware.bfu
et choisis "Enregistrer la cible sous..." afin de télécharger Winsoftware.bfu (de Lazzzy). Sauvegarde dans le dossier créé (C:\BFU). **Note : si tu utlises Internet Explorer; lors de la sauvegarde, assure-toi que le champs "Type :" affiche "Tous les fichiers". Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : Winsoftware.bfu et BFU.exe (très important).
* Redémarre en mode Sans Échec : au redémarrage, tapote immédiatement la touche F8 ou F5 ; tu verras un écran avec choix de démarrages apparaître. Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée". Choisis ton compte usuel, et non Administrateur.
* Démarre le "Brute Force Uninstaller" en double-cliquant BFU.exe (du dossier C:\BFU).
o Clique sur le petit dossier jaune, à la droite de la boîte Scriptline to execute, et double-clique sur : Winsoftware.bfu
o Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\Winsoftware.bfu
o Clique sur Execute et laisse-le faire son travail.
o Attendre que Complete script execution apparaîsse et clique sur OK.
o Clique Exit pour fermer le programme BFU.
* Redémarre normalement.

Edite aussi un nouveau rapport Hijackthis.

FillPCA
Merci FillPCA. Je ne vais sans doute pas pouvoir appliquer ça avant dimanche. Je reposterai dès que j'ai pu faire la manip.
Messages postés
2241
Date d'inscription
samedi 21 avril 2007
Statut
Contributeur sécurité
Dernière intervention
27 octobre 2012
122
Salut,

D'ac. Essaie de ne pas trop tarder tout de même car il y a risque de surinfection.

FillPCA
Salut,

J'ai fait aussi vite que possible en fonction de mes dispos et decelle de ma voisine.
Ai déroulé ta nouvelle procédure (script bfu)
Voici le rapport hijackthis

Antoine

----------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:28:05, on 25/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Pack Sécurité\Common\FSM32.EXE
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\totacon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\PROGRA~1\PACKSC~1\backweb\361343\Program\SERVIC~1.EXE
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Pack Sécurité\backweb\361343\program\fsbwsys.exe
C:\Program Files\Pack Sécurité\backweb\361343\Program\fspex.exe
C:\Program Files\Pack Sécurité\Common\FSMA32.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Pack Sécurité\Common\FSMB32.EXE
C:\Program Files\MioNet\MioNetManager.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pack Sécurité\Common\FCH32.EXE
C:\WINDOWS\system32\tcpbkup.exe
C:\Program Files\MioNet\jvm\bin\MioNet.exe
C:\Program Files\Pack Sécurité\Common\FAMEH32.EXE
C:\Program Files\Pack Sécurité\FSPC\fspc.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Pack Sécurité\FSGUI\fsguidll.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [dbvhbheb] C:\WINDOWS\system32\wheipprs.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Sécurité\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Pack Sécurité\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Sécurité\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [totacon] C:\WINDOWS\totacon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Pack Sécurité.lnk = ?
O4 - Global Startup: TrayMin300.exe.lnk = C:\Program Files\Philips\SPC 200NC PC Camera\TrayMin200.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?343300c2b5ce497b9f67e4d4e239b0ca
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?343300c2b5ce497b9f67e4d4e239b0ca
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O20 - Winlogon Notify: WinCtrl32 - WinCtrl32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Pack Sécurité (BackWeb Plug-in - 361343) - Pack Securite - C:\PROGRA~1\PACKSC~1\backweb\361343\Program\SERVIC~1.EXE
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Pack Sécurité\backweb\361343\program\fsbwsys.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Sécurité\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MioNet Service (MioNet) - Unknown owner - C:\Program Files\MioNet\MioNetManager.exe
O23 - Service: Microsoft TCP/IP Backup Service (tcpbackup) - Unknown owner - C:\WINDOWS\system32\tcpbkup.exe
Messages postés
2241
Date d'inscription
samedi 21 avril 2007
Statut
Contributeur sécurité
Dernière intervention
27 octobre 2012
122
Salut,

* Télécharge OTScanIt de Old_Timer sur ton Bureau : http://download.bleepingcomputer.com/oldtimer/OTScanIt.exe
* Désactive temporairement ton antivirus (pas le pare-feu).
* Fais un double-clic sur l'archive pour dézipper le dossier sur ton Bureau,
* Ceci crée un dossier OTScanIt sur ton Bureau,
* !! Tu dois avoir ouvert un compte disposant de droits administrateurs pour exécuter le programme !!
* Ferme tous les autres programmes à l'exception du navigateur,
* Ouvre le dossier OTScanIt et fais un double-clic sur le fichier OTScanIt.exe (si tu es sous Vista, fais un clic droit sur OTScanIt.exe et choisis d'exécuter en tant qu'administrateur),
* Dans la section Drivers, clique sur Non-Microsoft,
* Dans la section Rootkit Searchs, choisis Yes.
* Sous Additional Scans, coche la case située devant les éléments suivants pour les sélectionner :
o Reg - BotCheck,
o Reg - Context Menu Handlers
o File - Additionnal Folder Scan
* Dans Custom Scans, indique ceci : HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit
* Ne modifie aucun autre paramètre,
* Ensuite, clique sur le bouton Run Scan dans la barre d'outils,
* Laisse le programme tourner sans intervenir,
* Lorsque l'analyse est terminée, le bloc-note va s'ouvrir avec le rapport d'analyse.
* Cliquer sur le menu Format et vérifier que Retour automatique à la ligne n'est pas coché.
* Edite le rapport, en plusieurs parties si nécessaire si un message d'erreur apparait dans ta prochaine réponse quand tu veux le coller sur le forum.
* Vérifie que la 1ère ligne et la dernière ligne du rapport édité est [code]
* Réactive l'antivirus.

Pour être sûr d'avoir l'intégralité du rapport, expédie-le moi aussi ici :
aegqlmco@trashmail.net

FillPCA
Salut,

Ai enfin pu faire cette manip. Voici le rapport (je te l'envoi aussi par mail) :

A+

Antoine

------------------------------------------------------------------------
[code]
OTScanIt logfile created on: 28/05/2008 21:17:41
OTScanIt by OldTimer - Version 1.0.15.2 Folder = C:\Documents and Settings\Administrateur\Bureau\OTScanIt
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

447,48 Mb Total Physical Memory | 106,48 Mb Available Physical Memory | 23,80% Memory free
1,37 Gb Paging File | 1,04 Gb Available in Paging File | 75,82% Paging File free
Paging file location(s): C:\pagefile.sys 1024 1024;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76,68 Gb Total Space | 27,70 Gb Free Space | 36,12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XPSP2-124DB2783
Current User Name: Administrateur
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 17272 bytes | Modified Date = 16/05/2008 01:06:57 | Attr = ]
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 144760 bytes | Modified Date = 16/05/2008 01:19:24 | Attr = ]
servic~1.exe -> %ProgramFiles%\Pack Sécurité\backweb\361343\Program\ServiceWrapper-361343.exe -> Pack Securite [Ver = Version 6.3.2 (Build 123R) | Size = 32807 bytes | Modified Date = 22/01/2007 19:38:29 | Attr = ]
bgsvcgen.exe -> %SystemRoot%\system32\bgsvcgen.exe -> B.H.A Corporation [Ver = 1, 0, 0, 1 | Size = 86016 bytes | Modified Date = 30/04/2005 18:02:26 | Attr = ]
fsbwsys.exe -> %ProgramFiles%\Pack Sécurité\backweb\361343\Program\fsbwsys.exe -> F-Secure Corp. [Ver = 6.90.881 | Size = 278581 bytes | Modified Date = 22/01/2007 19:38:18 | Attr = ]
fsma32.exe -> %ProgramFiles%\Pack Sécurité\Common\FSMA32.EXE -> F-Secure Corporation [Ver = 6.40.8825 | Size = 106546 bytes | Modified Date = 02/04/2006 03:19:54 | Attr = ]
fsmb32.exe -> %ProgramFiles%\Pack Sécurité\Common\FSMB32.EXE -> F-Secure Corporation [Ver = 6.40.8825 | Size = 229426 bytes | Modified Date = 02/04/2006 03:19:54 | Attr = ]
mionetmanager.exe -> %ProgramFiles%\MioNet\MioNetManager.exe -> [Ver = | Size = 139264 bytes | Modified Date = 15/07/2005 22:38:33 | Attr = R ]
fspex.exe -> %ProgramFiles%\Pack Sécurité\backweb\361343\Program\fspex.exe -> Pack Securite [Ver = Version 6.3.2 (Build 123R) | Size = 32807 bytes | Modified Date = 22/01/2007 19:38:29 | Attr = ]
fch32.exe -> %ProgramFiles%\Pack Sécurité\Common\FCH32.EXE -> F-Secure Corporation [Ver = 6.40.8825 | Size = 127025 bytes | Modified Date = 02/04/2006 03:19:54 | Attr = ]
tcpbkup.exe -> %SystemRoot%\system32\tcpbkup.exe -> [Ver = | Size = 25120 bytes | Modified Date = 18/05/2008 10:58:12 | Attr = RH ]
mionet.exe -> %ProgramFiles%\MioNet\jvm\bin\MioNet.exe -> [Ver = | Size = 45161 bytes | Modified Date = 04/06/2004 06:09:14 | Attr = ]
fameh32.exe -> %ProgramFiles%\Pack Sécurité\Common\FAMEH32.EXE -> F-Secure Corporation [Ver = 6.40.8825 | Size = 335923 bytes | Modified Date = 02/04/2006 03:19:54 | Attr = ]
fspc.exe -> %ProgramFiles%\Pack Sécurité\FSPC\fspc.exe -> F-Secure Corporation [Ver = 7.00.12270 | Size = 450560 bytes | Modified Date = 06/07/2006 18:40:56 | Attr = ]
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 79224 bytes | Modified Date = 16/05/2008 01:19:31 | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.5 | Size = 98304 bytes | Modified Date = 21/02/2006 19:59:45 | Attr = ]
vttimer.exe -> %SystemRoot%\system32\VTTimer.exe -> S3 Graphics, Inc. [Ver = 1.04.05-0929 | Size = 53248 bytes | Modified Date = 01/10/2004 10:31:54 | Attr = R ]
pdvdserv.exe -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 6.00.1027 | Size = 32768 bytes | Modified Date = 02/11/2004 21:24:46 | Attr = ]
raid_tool.exe -> %ProgramFiles%\VIA\RAID\raid_tool.exe -> VIA Technologies [Ver = 4, 0, 6, 0 | Size = 589824 bytes | Modified Date = 11/10/2004 08:54:06 | Attr = R ]
daemon.exe -> %ProgramFiles%\D-Tools\daemon.exe -> DAEMON'S HOME [Ver = 3.46.0.0 | Size = 81920 bytes | Modified Date = 12/03/2004 23:43:18 | Attr = ]
adeck.exe -> %ProgramFiles%\VIAudioi\SBADeck\ADeck.exe -> VIA Technologies, Inc. [Ver = 6, 1, 5, 0 | Size = 450560 bytes | Modified Date = 06/09/2005 05:10:34 | Attr = ]
vm_sti.exe -> %SystemRoot%\VM_STI.EXE -> BIGDOG [Ver = 4, 2, 610, 4 | Size = 40960 bytes | Modified Date = 09/06/2004 15:37:02 | Attr = ]
fsm32.exe -> %ProgramFiles%\Pack Sécurité\Common\FSM32.EXE -> F-Secure Corporation [Ver = 6.40.8825 | Size = 184369 bytes | Modified Date = 02/04/2006 03:19:54 | Attr = ]
opware32.exe -> %ProgramFiles%\ScanSoft\OmniPageSE\opware32.exe -> ScanSoft, Inc [Ver = 11.0 | Size = 49152 bytes | Modified Date = 03/06/2002 12:38:12 | Attr = ]
realplay.exe -> %ProgramFiles%\Real\RealPlayer\realplay.exe -> RealNetworks, Inc. [Ver = 6.0.9.584 | Size = 26112 bytes | Modified Date = 21/02/2006 19:59:20 | Attr = ]
monitor.exe -> %ProgramFiles%\OLYMPUS\OLYMPUS Master\Monitor.exe -> OLYMPUS IMAGING CORP. [Ver = 1, 4, 2, 5 | Size = 57344 bytes | Modified Date = 16/05/2006 18:51:00 | Attr = ]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 19/12/2007 21:20:23 | Attr = ]
fsguidll.exe -> %ProgramFiles%\Pack Sécurité\FSGUI\fsguidll.exe -> F-Secure Corporation [Ver = 6, 71, 1710, 0 | Size = 421888 bytes | Modified Date = 01/09/2006 15:11:00 | Attr = ]
mgapp.exe -> %ProgramFiles%\Magentic\bin\MgApp.exe -> [Ver = 1, 3, 1, 0524 | Size = 106537 bytes | Modified Date = 10/07/2007 10:33:54 | Attr = ]
ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 247160 bytes | Modified Date = 16/05/2008 01:19:00 | Attr = ]
ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 349560 bytes | Modified Date = 16/05/2008 01:16:59 | Attr = ]
imapp.exe -> %ProgramFiles%\IncrediMail\bin\IMApp.exe -> IncrediMail, Ltd. [Ver = 5, 6, 8, 3242 | Size = 148912 bytes | Modified Date = 26/11/2007 11:13:16 | Attr = ]
otscanit.exe -> %UserProfile%\Bureau\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.15.2 | Size = 374272 bytes | Modified Date = 28/05/2008 02:37:38 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 17272 bytes | Modified Date = 16/05/2008 01:06:57 | Attr = ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 144760 bytes | Modified Date = 16/05/2008 01:19:24 | Attr = ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 247160 bytes | Modified Date = 16/05/2008 01:19:00 | Attr = ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 349560 bytes | Modified Date = 16/05/2008 01:16:59 | Attr = ]
(BackWeb Plug-in - 361343) Pack Sécurité [Win32_Own | Auto | Running] -> %ProgramFiles%\Pack Sécurité\backweb\361343\Program\ServiceWrapper-361343.exe -> Pack Securite [Ver = Version 6.3.2 (Build 123R) | Size = 32807 bytes | Modified Date = 22/01/2007 19:38:29 | Attr = ]
(bgsvcgen) B's Recorder GOLD Library General Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\bgsvcgen.exe -> B.H.A Corporation [Ver = 1, 0, 0, 1 | Size = 86016 bytes | Modified Date = 30/04/2005 18:02:26 | Attr = ]
(Boonty Games) Boonty Games [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\BOONTY Shared\Service\Boonty.exe -> BOONTY [Ver = 2.60.030 | Size = 69120 bytes | Modified Date = 22/10/2006 09:18:20 | Attr = ]
(dmadmin) Service d'administration du Gestionnaire de disque logique [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 225280 bytes | Modified Date = 19/08/2004 16:09:52 | Attr = ]
(FSBWSYS) FSBWSYS [Win32_Own | Auto | Running] -> %ProgramFiles%\Pack Sécurité\backweb\361343\Program\fsbwsys.exe -> F-Secure Corp. [Ver = 6.90.881 | Size = 278581 bytes | Modified Date = 22/01/2007 19:38:18 | Attr = ]
(FSMA) F-Secure Management Agent [Win32_Own | Auto | Running] -> %ProgramFiles%\Pack Sécurité\Common\FSMA32.EXE -> F-Secure Corporation [Ver = 6.40.8825 | Size = 106546 bytes | Modified Date = 02/04/2006 03:19:54 | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 15/12/2007 19:00:35 | Attr = ]
(MioNet) MioNet Service [Win32_Own | Auto | Running] -> %ProgramFiles%\MioNet\MioNetManager.exe -> [Ver = | Size = 139264 bytes | Modified Date = 15/07/2005 22:38:33 | Attr = R ]
(tcpbackup) Microsoft TCP/IP Backup Service [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\tcpbkup.exe -> [Ver = | Size = 25120 bytes | Modified Date = 18/05/2008 10:58:12 | Attr = RH ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
AOLDialer -> %CommonProgramFiles%\AOL\ACS\AOLDial.exe [C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe] -> File not found
AudioDeck -> %ProgramFiles%\VIAudioi\SBADeck\ADeck.exe [C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1 ] -> VIA Technologies, Inc. [Ver = 6, 1, 5, 0 | Size = 450560 bytes | Modified Date = 06/09/2005 05:10:34 | Attr = ]
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe [C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 79224 bytes | Modified Date = 16/05/2008 01:19:31 | Attr = ]
BigDogPath -> %SystemRoot%\VM_STI.EXE [C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera] -> BIGDOG [Ver = 4, 2, 610, 4 | Size = 40960 bytes | Modified Date = 09/06/2004 15:37:02 | Attr = ]
DAEMON Tools-1033 -> %ProgramFiles%\D-Tools\daemon.exe ["C:\Program Files\D-Tools\daemon.exe" -lang 1033] -> DAEMON'S HOME [Ver = 3.46.0.0 | Size = 81920 bytes | Modified Date = 12/03/2004 23:43:18 | Attr = ]
dbvhbheb -> %SystemRoot%\system32\wheipprs.exe [C:\WINDOWS\system32\wheipprs.exe] -> File not found
F-Secure Manager -> %ProgramFiles%\Pack Sécurité\Common\FSM32.EXE ["C:\Program Files\Pack Sécurité\Common\FSM32.EXE" /splash] -> F-Secure Corporation [Ver = 6.40.8825 | Size = 184369 bytes | Modified Date = 02/04/2006 03:19:54 | Attr = ]
F-Secure Startup Wizard -> %ProgramFiles%\Pack Sécurité\FSGUI\fssw.exe ["C:\Program Files\Pack Sécurité\FSGUI\FSSW.EXE" /reboot] -> F-Secure Corporation [Ver = 6, 71, 1710, 0 | Size = 724992 bytes | Modified Date = 01/09/2006 15:11:00 | Attr = ]
F-Secure TNB -> %ProgramFiles%\Pack Sécurité\FSGUI\tnbutil.exe ["C:\Program Files\Pack Sécurité\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW] -> F-Secure Corporation [Ver = 1.09.5230 | Size = 671744 bytes | Modified Date = 01/09/2006 15:11:00 | Attr = ]
NeroFilterCheck -> %SystemRoot%\system32\NeroCheck.exe [C:\WINDOWS\system32\NeroCheck.exe] -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 09/07/2001 11:50:42 | Attr = ]
OM_Monitor -> %ProgramFiles%\OLYMPUS\OLYMPUS Master\FirstStart.exe [C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe] -> OLYMPUS IMAGING CORP. [Ver = 1, 4, 2, 5 | Size = 40960 bytes | Modified Date = 16/05/2006 18:50:00 | Attr = ]
Omnipage -> %ProgramFiles%\ScanSoft\OmniPageSE\opware32.exe [C:\Program Files\ScanSoft\OmniPageSE\opware32.exe] -> ScanSoft, Inc [Ver = 11.0 | Size = 49152 bytes | Modified Date = 03/06/2002 12:38:12 | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Computer, Inc. [Ver = 6.5 | Size = 98304 bytes | Modified Date = 21/02/2006 19:59:45 | Attr = ]
RaidTool -> %ProgramFiles%\VIA\RAID\raid_tool.exe [C:\Program Files\VIA\RAID\raid_tool.exe] -> VIA Technologies [Ver = 4, 0, 6, 0 | Size = 589824 bytes | Modified Date = 11/10/2004 08:54:06 | Attr = R ]
RealTray -> %ProgramFiles%\Real\RealPlayer\realplay.exe [C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER] -> RealNetworks, Inc. [Ver = 6.0.9.584 | Size = 26112 bytes | Modified Date = 21/02/2006 19:59:20 | Attr = ]
RemoteControl -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe ["C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"] -> Cyberlink Corp. [Ver = 6.00.1027 | Size = 32768 bytes | Modified Date = 02/11/2004 21:24:46 | Attr = ]
VTTimer -> %SystemRoot%\system32\VTTimer.exe [VTTimer.exe] -> S3 Graphics, Inc. [Ver = 1.04.05-0929 | Size = 53248 bytes | Modified Date = 01/10/2004 10:31:54 | Attr = R ]
VTTrayp -> VTtrayp.exe [VTtrayp.exe] -> File not found
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
IncrediMail -> %ProgramFiles%\IncrediMail\bin\IncMail.exe [C:\Program Files\IncrediMail\bin\IncMail.exe /c] -> IncrediMail, Ltd. [Ver = 5, 6, 8, 3242 | Size = 214456 bytes | Modified Date = 26/11/2007 11:13:16 | Attr = ]
Magentic -> %ProgramFiles%\Magentic\bin\Magentic.exe [C:\PROGRA~1\Magentic\bin\Magentic.exe /c] -> [Ver = 1, 3, 1, 0524 | Size = 475180 bytes | Modified Date = 10/07/2007 10:34:34 | Attr = ]
OM_Monitor -> %ProgramFiles%\OLYMPUS\OLYMPUS Master\Monitor.exe [C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe] -> OLYMPUS IMAGING CORP. [Ver = 1, 4, 2, 5 | Size = 57344 bytes | Modified Date = 16/05/2006 18:51:00 | Attr = ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 19/12/2007 21:20:23 | Attr = ]
< Administrateur Startup Folder > -> C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage ->
%AllUsersProfile%\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 110592 bytes | Modified Date = 16/08/2002 09:08:38 | Attr = ]
%AllUsersProfile%\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 29696 bytes | Modified Date = 14/12/2004 05:44:06 | Attr = ]
%AllUsersProfile%\Menu Démarrer\Programmes\Démarrage\Pack Sécurité.lnk -> %ProgramFiles%\Pack Sécurité\backweb\361343\Program\fspex.exe -> Pack Securite [Ver = Version 6.3.2 (Build 123R) | Size = 32807 bytes | Modified Date = 22/01/2007 19:38:29 | Attr = ]
%AllUsersProfile%\Menu Démarrer\Programmes\Démarrage\TrayMin300.exe.lnk -> %ProgramFiles%\Philips\SPC 200NC PC Camera\TrayMin200.exe -> File not found
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
WinCtrl32 -> WinCtrl32.dll -> File not found
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\\LowRiskFileTypes -> [String data over 1000 bytes] ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\SaveZoneInformation -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsMenu -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLowDiskSpaceChecks -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStartBanner -> 01 00 00 00 [binary data] ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMHelp -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\MemCheckBoxInRunDlg -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMBalloonTip -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktopCleanupWizard -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoWelcomeScreen -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoAutoUpdate -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup ->
SCSI miniport -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> Pilote de CD-ROM ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> C:\WINDOWS\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 03/08/2004 22:59:54 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 ->
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable ->
NEC MBR-7 -> -> File not found
NEC MBR-7.4 -> -> File not found
PIONEER CHANGR DRM-1804X -> -> File not found
PIONEER CD-ROM DRM-6324X -> -> File not found
PIONEER CD-ROM DRM-624X -> -> File not found
TORiSAN CD-ROM CDR_C36 -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomPIONEER_DVD-RW__DVR-111D________________1.23____\46_044463050333237315737204c202020202020 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 ->
< Drives - Autoruns > -> ->
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 15/02/2006 23:26:31 | Attr = ]
< HOSTS File > (686 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.google.com/toolbar/ie8/sidebar.html ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/toolbar/ie8/sidebar.html ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/toolbar/ie8/sidebar.html ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/toolbar/ie8/sidebar.html ->
HKEY_CURRENT_USER\: Main\\Search Page -> https://www.google.com/?gws_rd=ssl ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://neufportail.fr/ ->
HKEY_CURRENT_USER\: Search\\CustomizeSearch -> https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com/toolbar/ie8/sidebar.html ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[gogl] ->
HKEY_CURRENT_USER\: URLSearchHooks\\{9CB65206-89C4-402c-BA80-02D8C59F9B1D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL [] -> Ask.com [Ver = 1, 0, 2, 4 | Size = 57344 bytes | Modified Date = 27/08/2007 12:18:18 | Attr = ]
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 14 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 14 domain(s) found. ->
objects_aol.com [*] -> Out of zone range - ( 5 ) ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [AcroIEHlprObj Class] -> [Ver = 1, 0, 0, 1 | Size = 37808 bytes | Modified Date = 16/04/2001 16:39:02 | Attr = ]
{6F282B65-56BF-4BD1-A8B2-A4449A05863D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\GamesBar\oberontb.dll [GamesBar] -> [Ver = 1, 1, 0, 5 | Size = 380928 bytes | Modified Date = 19/06/2007 17:09:16 | Attr = ]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{9CB65201-89C4-402c-BA80-02D8C59F9B1D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL [Ask Search Assistant BHO] -> Ask.com [Ver = 1, 0, 2, 4 | Size = 57344 bytes | Modified Date = 27/08/2007 12:18:18 | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2436160 bytes | Modified Date = 15/12/2007 19:00:34 | Attr = R ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 19/12/2007 21:20:23 | Attr = ]
{FE063DB1-4EC0-403e-8DD8-394C54984B2C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AskTBar\bar\1.bin\ASKTBAR.DLL [Ask Toolbar BHO] -> Ask.com [Ver = 2, 1, 10, 2 | Size = 245760 bytes | Modified Date = 27/08/2007 12:18:17 | Attr = ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2436160 bytes | Modified Date = 15/12/2007 19:00:34 | Attr = R ]
{6F282B65-56BF-4BD1-A8B2-A4449A05863D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\GamesBar\oberontb.dll [GamesBar] -> [Ver = 1, 1, 0, 5 | Size = 380928 bytes | Modified Date = 19/06/2007 17:09:16 | Attr = ]
{FE063DB9-4EC0-403e-8DD8-394C54984B2C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AskTBar\bar\1.bin\ASKTBAR.DLL [Ask Toolbar] -> Ask.com [Ver = 2, 1, 10, 2 | Size = 245760 bytes | Modified Date = 27/08/2007 12:18:17 | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2436160 bytes | Modified Date = 15/12/2007 19:00:34 | Attr = R ]
WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{FE063DB9-4EC0-403E-8DD8-394C54984B2C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AskTBar\bar\1.bin\ASKTBAR.DLL [Ask Toolbar] -> Ask.com [Ver = 2, 1, 10, 2 | Size = 245760 bytes | Modified Date = 27/08/2007 12:18:17 | Attr = ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{1A93C934-025B-4c3a-B38E-9654A7003239}:BandCLSID -> %ProgramFiles%\GamesBar\oberontb.dll [GamesBar] -> [Ver = 1, 1, 0, 5 | Size = 380928 bytes | Modified Date = 19/06/2007 17:09:16 | Attr = ]
{200DB664-75B5-47c0-8B45-A44ACCF73C00}:{D68926FD-18FD-4B0E-A1C7-917D13FAB760} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Pack Sécurité\FSPC\fspcmsie.dll [Parental...] -> F-Secure Corporation [Ver = 7.00.12270 | Size = 106496 bytes | Modified Date = 06/07/2006 18:40:56 | Attr = ]
{200DB664-75B5-47c0-8B45-A44ACCF73F01}:{D68926FD-18FD-4B0E-A1C7-917D13FAB760} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Pack Sécurité\FSPC\fspcmsie.dll [Parental...] -> F-Secure Corporation [Ver = 7.00.12270 | Size = 106496 bytes | Modified Date = 06/07/2006 18:40:56 | Attr = ]
CmdMapping: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{200DB664-75B5-47c0-8B45-A44ACCF73C00} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Pack Sécurité\FSPC\fspcmsie.dll [Parental...] -> F-Secure Corporation [Ver = 7.00.12270 | Size = 106496 bytes | Modified Date = 06/07/2006 18:40:56 | Attr = ]
CmdMapping\\{200DB664-75B5-47c0-8B45-A44ACCF73F01} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Pack Sécurité\FSPC\fspcmsie.dll [Parental...] -> F-Secure Corporation [Ver = 7.00.12270 | Size = 106496 bytes | Modified Date = 06/07/2006 18:40:56 | Attr = ]
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Recherche AOL Toolbar -> -> File not found
Add to Windows &Live Favorites -> -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Bibliothèque de contrôles ActiveX Microsoft ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
Extension\.wav -> %ProgramFiles%\Internet Explorer\PLUGINS\npqtplugin2.dll [QuickTime Plug-in 6.5] -> Apple Computer, Inc. [Ver = 6.5 | Size = 106496 bytes | Modified Date = 21/02/2006 19:59:40 | Attr = ]
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
SV1 -> ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{67B72939-5BF4-4699-A6E2-560BC05AF8B3} -> () ->
{75173EB0-22A3-4196-951C-B79C9D9606AE} -> (Broadcom USB Remote NDIS Device) ->
{B2F413AF-4EFB-40DF-A0D6-A206F4A5E0DB} -> (VIA Rhine II Fast Ethernet Adapter) ->
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
Protocol_Catalog9\Catalog_Entries\000000000001 -> %ProgramFiles%\Pack Sécurité\FSPS\program\fslsp.dll -> F-Secure Corporation [Ver = 2.00.136 | Size = 159744 bytes | Modified Date = 07/06/2006 11:03:10 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000002 -> %ProgramFiles%\Pack Sécurité\FSPS\program\fslsp.dll -> F-Secure Corporation [Ver = 2.00.136 | Size = 159744 bytes | Modified Date = 07/06/2006 11:03:10 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000003 -> %ProgramFiles%\Pack Sécurité\FSPS\program\fslsp.dll -> F-Secure Corporation [Ver = 2.00.136 | Size = 159744 bytes | Modified Date = 07/06/2006 11:03:10 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000004 -> %ProgramFiles%\Pack Sécurité\FSPS\program\fslsp.dll -> F-Secure Corporation [Ver = 2.00.136 | Size = 159744 bytes | Modified Date = 07/06/2006 11:03:10 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000005 -> %ProgramFiles%\Pack Sécurité\FSPS\program\fslsp.dll -> F-Secure Corporation [Ver = 2.00.136 | Size = 159744 bytes | Modified Date = 07/06/2006 11:03:10 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000006 -> %ProgramFiles%\Pack Sécurité\FSPS\program\fslsp.dll -> F-Secure Corporation [Ver = 2.00.136 | Size = 159744 bytes | Modified Date = 07/06/2006 11:03:10 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000007 -> %ProgramFiles%\Pack Sécurité\FSPS\program\fslsp.dll -> F-Secure Corporation [Ver = 2.00.136 | Size = 159744 bytes | Modified Date = 07/06/2006 11:03:10 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000008 -> %ProgramFiles%\Pack Sécurité\FSPS\program\fslsp.dll -> F-Secure Corporation [Ver = 2.00.136 | Size = 159744 bytes | Modified Date = 07/06/2006 11:03:10 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000009 -> %ProgramFiles%\Pack Sécurité\FSPS\program\fslsp.dll -> F-Secure Corporation [Ver = 2.00.136 | Size = 159744 bytes | Modified Date = 07/06/2006 11:03:10 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000010 -> %ProgramFiles%\Pack Sécurité\FSPS\program\fslsp.dll -> F-Secure Corporation [Ver = 2.00.136 | Size = 159744 bytes | Modified Date = 07/06/2006 11:03:10 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000011 -> %ProgramFiles%\Pack Sécurité\FSPS\program\fslsp.dll -> F-Secure Corporation [Ver = 2.00.136 | Size = 159744 bytes | Modified Date = 07/06/2006 11:03:10 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000012 -> %ProgramFiles%\Pack Sécurité\FSPS\program\fslsp.dll -> F-Secure Corporation [Ver = 2.00.136 | Size = 159744 bytes | Modified Date = 07/06/2006 11:03:10 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000013 -> %ProgramFiles%\Pack Sécurité\FSPS\program\fslsp.dll -> F-Secure Corporation [Ver = 2.00.136 | Size = 159744 bytes | Modified Date = 07/06/2006 11:03:10 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000014 -> %ProgramFiles%\Pack Sécurité\FSPS\program\fslsp.dll -> F-Secure Corporation [Ver = 2.00.136 | Size = 159744 bytes | Modified Date = 07/06/2006 11:03:10 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000015 -> %ProgramFiles%\Pack Sécurité\FSPS\program\fslsp.dll -> F-Secure Corporation [Ver = 2.00.136 | Size = 159744 bytes | Modified Date = 07/06/2006 11:03:10 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000016 -> %ProgramFiles%\Pack Sécurité\FSPS\program\fslsp.dll -> F-Secure Corporation [Ver = 2.00.136 | Size = 159744 bytes | Modified Date = 07/06/2006 11:03:10 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000017 -> %ProgramFiles%\Pack Sécurité\FSPS\program\fslsp.dll -> F-Secure Corporation [Ver = 2.00.136 | Size = 159744 bytes | Modified Date = 07/06/2006 11:03:10 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000018 -> %ProgramFiles%\Pack Sécurité\FSPS\program\fslsp.dll -> F-Secure Corporation [Ver = 2.00.136 | Size = 159744 bytes | Modified Date = 07/06/2006 11:03:10 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000019 -> %ProgramFiles%\Pack Sécurité\FSPS\program\fslsp.dll -> F-Secure Corporation [Ver = 2.00.136 | Size = 159744 bytes | Modified Date = 07/06/2006 11:03:10 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000020 -> %ProgramFiles%\Pack Sécurité\FSPS\program\fslsp.dll -> F-Secure Corporation [Ver = 2.00.136 | Size = 159744 bytes | Modified Date = 07/06/2006 11:03:10 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000021 -> %ProgramFiles%\Pack Sécurité\FSPS\program\fslsp.dll -> F-Secure Corporation [Ver = 2.00.136 | Size = 159744 bytes | Modified Date = 07/06/2006 11:03:10 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000022 -> %ProgramFiles%\Pack Sécurité\FSPS\program\fslsp.dll -> F-Secure Corporation [Ver = 2.00.136 | Size = 159744 bytes | Modified Date = 07/06/2006 11:03:10 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000023 -> %ProgramFiles%\Pack Sécurité\FSPS\program\fslsp.dll -> F-Secure Corporation [Ver = 2.00.136 | Size = 159744 bytes | Modified Date = 07/06/2006 11:03:10 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000024 -> %ProgramFiles%\Pack Sécurité\FSPS\program\fslsp.dll -> F-Secure Corporation [Ver = 2.00.136 | Size = 159744 bytes | Modified Date = 07/06/2006 11:03:10 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000025 -> %ProgramFiles%\Pack Sécurité\FSPS\program\fslsp.dll -> F-Secure Corporation [Ver = 2.00.136 | Size = 159744 bytes | Modified Date = 07/06/2006 11:03:10 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000026 -> %ProgramFiles%\Pack Sécurité\FSPS\program\fslsp.dll -> F-Secure Corporation [Ver = 2.00.136 | Size = 159744 bytes | Modified Date = 07/06/2006 11:03:10 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000027 -> %ProgramFiles%\Pack Sécurité\FSPS\program\fslsp.dll -> F-Secure Corporation [Ver = 2.00.136 | Size = 159744 bytes | Modified Date = 07/06/2006 11:03:10 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000028 -> %ProgramFiles%\Pack Sécurité\FSPS\program\fslsp.dll -> F-Secure Corporation [Ver = 2.00.136 | Size = 159744 bytes | Modified Date = 07/06/2006 11:03:10 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000029 -> %ProgramFiles%\Pack Sécurité\FSPS\program\fslsp.dll -> F-Secure Corporation [Ver = 2.00.136 | Size = 159744 bytes | Modified Date = 07/06/2006 11:03:10 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000030 -> %ProgramFiles%\Pack Sécurité\FSPS\program\fslsp.dll -> F-Secure Corporation [Ver = 2.00.136 | Size = 159744 bytes | Modified Date = 07/06/2006 11:03:10 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000031 -> %ProgramFiles%\Pack Sécurité\FSPS\program\fslsp.dll -> F-Secure Corporation [Ver = 2.00.136 | Size = 159744 bytes | Modified Date = 07/06/2006 11:03:10 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000032 -> %ProgramFiles%\Pack Sécurité\FSPS\program\fslsp.dll -> F-Secure Corporation [Ver = 2.00.136 | Size = 159744 bytes | Modified Date = 07/06/2006 11:03:10 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000033 -> %ProgramFiles%\Pack Sécurité\FSPS\program\fslsp.dll -> F-Secure Corporation [Ver = 2.00.136 | Size = 159744 bytes | Modified Date = 07/06/2006 11:03:10 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000034 -> %ProgramFiles%\Pack Sécurité\FSPS\program\fslsp.dll -> F-Secure Corporation [Ver = 2.00.136 | Size = 159744 bytes | Modified Date = 07/06/2006 11:03:10 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000035 -> %ProgramFiles%\Pack Sécurité\FSPS\program\fslsp.dll -> F-Secure Corporation [Ver = 2.00.136 | Size = 159744 bytes | Modified Date = 07/06/2006 11:03:10 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000036 -> %ProgramFiles%\Pack Sécurité\FSPS\program\fslsp.dll -> F-Secure Corporation [Ver = 2.00.136 | Size = 159744 bytes | Modified Date = 07/06/2006 11:03:10 | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000037 -> %ProgramFiles%\Pack Sécurité\FSPS\program\fslsp.dll -> F-Secure Corporation [Ver = 2.00.136 | Size = 159744 bytes | Modified Date = 07/06/2006 11:03:10 | Attr = ]
< Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
about -> 4 = Sites sensibles (Not a Default Protocol) ->
about: -> 4 = Sites sensibles (Not a Default Protocol) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] ->
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcp60.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcp60.dll\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\.Owner -> Unknown Owner ->


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 19/08/2004 16:09:36 | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 15/06/2005 19:50:31 | Attr = ]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 19/08/2004 16:09:36 | Attr = ]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 25/04/2007 16:22:35 | Attr = ]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 19/08/2004 16:09:48 | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 732 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 186368 bytes | Modified Date = 19/08/2004 16:09:40 | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->
Windows NT Access Provider -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 119808 bytes | Modified Date = 19/08/2004 16:09:38 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 14 FB 7C 39 1F D6 3F 79 96 37 E4 F5 5F 0D E5 B4 31 62 36 38 38 35 39 39 00 FD 07 00 62 47 00 00 34 FA 07 00 4E 82 74 75 20 FA 07 00 40 FD 07 00 4C FD 07 00 7A D8 A3 F4 B4 84 68 C9 DD 0D 46 1B [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 47 86 EB 86 FB 3F 9B AB C7 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> C6 32 00 B6 61 DD [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 02/10/2001 18:16:30 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> D8 88 5E D0 DD 2D E7 72 57 43 9F 39 03 70 6B 69 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 94 10 33 51 14 37 C6 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 82 47 21 F6 85 C4 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 63 3D 27 F6 85 C4 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 63 3D 27 F6 85 C4 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Assure la traduction d'adresses de réseau, l'adressage, les services de résolution de noms et/ou les services de prévention d'intrusion pour un réseau de petite entreprise ou un réseau domestique. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Pare-feu Windows / Partage de connexion Internet ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 19/08/2004 16:10:04 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 5051 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2508 (xpsp.040806-1825) | Size = 332288 bytes | Modified Date = 02/09/2004 01:36:07 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\EnableFirewall -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\DoNotAllowExceptions -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\DisableNotifications -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\DisableUnicastResponsesToMulticastBroadcast -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 142336 bytes | Modified Date = 19/08/2004 16:10:04 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\AOL 9.0\waol.exe -> C:\Program Files\AOL 9.0\waol.exe [C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe -> C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe [C:\Program Files\Fichiers communs\AOL
Suite :

---------------------------------------------------------------------

[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 19/08/2004 16:09:36 | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 15/06/2005 19:50:31 | Attr = ]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 19/08/2004 16:09:36 | Attr = ]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 25/04/2007 16:22:35 | Attr = ]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 19/08/2004 16:09:48 | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 732 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 186368 bytes | Modified Date = 19/08/2004 16:09:40 | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->
Windows NT Access Provider -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 119808 bytes | Modified Date = 19/08/2004 16:09:38 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 14 FB 7C 39 1F D6 3F 79 96 37 E4 F5 5F 0D E5 B4 31 62 36 38 38 35 39 39 00 FD 07 00 62 47 00 00 34 FA 07 00 4E 82 74 75 20 FA 07 00 40 FD 07 00 4C FD 07 00 7A D8 A3 F4 B4 84 68 C9 DD 0D 46 1B [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 47 86 EB 86 FB 3F 9B AB C7 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> C6 32 00 B6 61 DD [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 02/10/2001 18:16:30 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> D8 88 5E D0 DD 2D E7 72 57 43 9F 39 03 70 6B 69 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 94 10 33 51 14 37 C6 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 82 47 21 F6 85 C4 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 63 3D 27 F6 85 C4 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 63 3D 27 F6 85 C4 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Assure la traduction d'adresses de réseau, l'adressage, les services de résolution de noms et/ou les services de prévention d'intrusion pour un réseau de petite entreprise ou un réseau domestique. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Pare-feu Windows / Partage de connexion Internet ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 19/08/2004 16:10:04 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 5051 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2508 (xpsp.040806-1825) | Size = 332288 bytes | Modified Date = 02/09/2004 01:36:07 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\EnableFirewall -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\DoNotAllowExceptions -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\DisableNotifications -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\DisableUnicastResponsesToMulticastBroadcast -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 142336 bytes | Modified Date = 19/08/2004 16:10:04 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\AOL 9.0\waol.exe -> C:\Program Files\AOL 9.0\waol.exe [C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe -> C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe [C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe -> C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe [C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\AOL 9.0a\waol.exe -> C:\Program Files\AOL 9.0a\waol.exe [C:\Program Files\AOL 9.0a\waol.exe:*:Enabled:AOL 9.0a] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\PROGRA~1\Livecom\APPLIC~1\Exe\Livecom.exe -> C:\PROGRA~1\Livecom\APPLIC~1\Exe\Livecom.exe [C:\PROGRA~1\Livecom\APPLIC~1\Exe\Livecom.exe:*:Enabled:Livecom] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\PROGRA~1\Livecom\APPLIC~1\Exe\..\EconfV4\ftplayer.exe -> C:\PROGRA~1\Livecom\APPLIC~1\Exe\..\EconfV4\ftplayer.exe [C:\PROGRA~1\Livecom\APPLIC~1\Exe\..\EconfV4\ftplayer.exe:*:Enabled:Livecom Media] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Pack Sécurité\backweb\361343\Program\fspex.exe -> C:\Program Files\Pack Sécurité\backweb\361343\Program\fspex.exe [C:\Program Files\Pack Sécurité\backweb\361343\program\fspex.exe:*:enabled:Pack Sécurité] -> Pack Securite [Ver = Version 6.3.2 (Build 123R) | Size = 32807 bytes | Modified Date = 22/01/2007 19:38:29 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 19/01/2007 13:55:02 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 04/01/2007 17:10:02 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableUnicastResponsesToMulticastBroadcast -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 142336 bytes | Modified Date = 19/08/2004 16:10:04 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AOL 9.0\waol.exe -> C:\Program Files\AOL 9.0\waol.exe [C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe -> C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe [C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe -> C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe [C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AOL 9.0a\waol.exe -> C:\Program Files\AOL 9.0a\waol.exe [C:\Program Files\AOL 9.0a\waol.exe:*:Enabled:AOL 9.0a] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\IncrediMail\bin\IMApp.exe -> C:\Program Files\IncrediMail\bin\IMApp.exe [C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail] -> IncrediMail, Ltd. [Ver = 5, 6, 8, 3242 | Size = 148912 bytes | Modified Date = 26/11/2007 11:13:16 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\IncrediMail\bin\IncMail.exe -> C:\Program Files\IncrediMail\bin\IncMail.exe [C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail] -> IncrediMail, Ltd. [Ver = 5, 6, 8, 3242 | Size = 214456 bytes | Modified Date = 26/11/2007 11:13:16 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\IncrediMail\bin\ImpCnt.exe -> C:\Program Files\IncrediMail\bin\ImpCnt.exe [C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail] -> IncrediMail, Ltd. [Ver = 5, 6, 8, 3242 | Size = 95672 bytes | Modified Date = 26/11/2007 11:13:16 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\PROGRA~1\Livecom\APPLIC~1\Exe\Livecom.exe -> C:\PROGRA~1\Livecom\APPLIC~1\Exe\Livecom.exe [C:\PROGRA~1\Livecom\APPLIC~1\Exe\Livecom.exe:*:Enabled:Livecom] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\PROGRA~1\Livecom\APPLIC~1\Exe\..\EconfV4\ftplayer.exe -> C:\PROGRA~1\Livecom\APPLIC~1\Exe\..\EconfV4\ftplayer.exe [C:\PROGRA~1\Livecom\APPLIC~1\Exe\..\EconfV4\ftplayer.exe:*:Enabled:Livecom Media] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Livecom\Application\eConfv4\livecomp.exe -> C:\Program Files\Livecom\Application\eConfv4\livecomp.exe [C:\Program Files\Livecom\Application\eConfv4\livecomp.exe:*:Enabled:Livecom Player] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\rundll32.exe -> C:\WINDOWS\system32\rundll32.exe [C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33792 bytes | Modified Date = 19/08/2004 16:10:04 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\dpvsetup.exe -> C:\WINDOWS\system32\dpvsetup.exe [C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test] -> Microsoft Corporation [Ver = 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 83456 bytes | Modified Date = 19/08/2004 16:09:52 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\WinAntiVirus Pro 2006\Updater.exe -> C:\Program Files\WinAntiVirus Pro 2006\Updater.exe [C:\Program Files\WinAntiVirus Pro 2006\Updater.exe:*:Enabled:updater.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Pack Sécurité\backweb\361343\Program\fspex.exe -> C:\Program Files\Pack Sécurité\backweb\361343\Program\fspex.exe [C:\Program Files\Pack Sécurité\backweb\361343\program\fspex.exe:*:enabled:Pack Sécurité] -> Pack Securite [Ver = Version 6.3.2 (Build 123R) | Size = 32807 bytes | Modified Date = 22/01/2007 19:38:29 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 19/01/2007 13:55:02 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 04/01/2007 17:10:02 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\eMule\emule.exe -> C:\Program Files\eMule\emule.exe [C:\Program Files\eMule\emule.exe:*:Enabled:eMule] -> https://www.emule-project.net/home/perl/general.cgi?l=1 [Ver = 0.46.2 Unicode | Size = 4771840 bytes | Modified Date = 26/07/2005 15:12:40 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Magentic\bin\Magentic.exe -> C:\Program Files\Magentic\bin\Magentic.exe [C:\Program Files\Magentic\bin\Magentic.exe:*:Enabled:Magentic] -> [Ver = 1, 3, 1, 0524 | Size = 475180 bytes | Modified Date = 10/07/2007 10:34:34 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Magentic\bin\MgApp.exe -> C:\Program Files\Magentic\bin\MgApp.exe [C:\Program Files\Magentic\bin\MgApp.exe:*:Enabled:Magentic] -> [Ver = 1, 3, 1, 0524 | Size = 106537 bytes | Modified Date = 10/07/2007 10:33:54 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\IncrediMail\bin\ImLc.exe -> C:\Program Files\IncrediMail\bin\ImLc.exe [C:\Program Files\IncrediMail\bin\ImLc.exe:*:Enabled:IncrediMail] -> IncrediMail, Ltd. [Ver = 5, 6, 8, 3242 | Size = 275888 bytes | Modified Date = 26/11/2007 11:13:16 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ecedaf.exe -> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ecedaf.exe [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ecedaf.exe:*:Enabled:Enabled] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\herjek.exe -> C:\WINDOWS\herjek.exe [C:\WINDOWS\herjek.exe:*:Enabled:enable] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1700:TCP -> 1700:TCP:*:Enabled:MioNet Remote Drive Access ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1641:TCP -> 1641:TCP:*:Enabled:MioNet Remote Drive Verification ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 19/08/2004 16:10:04 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Mises à jour automatiques ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Active le téléchargement et l'installation des mises à jour Windows. Si ce service est désactivé, cet ordinateur ne pourra pas utiliser la fonctionnalité des mises à jour automatiques ou le site Windows Update. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 19/08/2004 16:09:50 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Permet aux utilisateurs à distance de modifier les paramètres du Registre sur cet ordinateur. Si ce service est arrêté, le Registre ne pourra être modifié que par les utilisateurs de cet ordinateur. Si ce service est désactivé, tout service en dépendant explicitement ne démarrera pas. ->
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService ->
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 26/07/2005 06:40:00 | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Accès à distance au Registre ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 19/08/2004 16:10:04 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 4 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 19/08/2004 16:09:40 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 75264 bytes | Modified Date = 19/08/2004 16:10:04 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet ->
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService ->
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 26/07/2005 06:40:00 | Attr = ]
TCPIP -> -> File not found
NTLMSSP -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Permet à un utilisateur distant de se connecter au système et d'exécuter des programmes, et prend en charge divers clients Telnet TCP/IP dont les ordinateurs sous UNIX et sous Windows. Si ce service est arrêté, l'utilisateur peut ne plus avoir accès à distance aux programmes. Si ce service est désactivé, les services qui en dépendent explicitement ne pourront pas démarrer. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->
< ContextMenuHandlers - * [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\ ->
(avast):{472083B0-C522-11CF-8763-00608CC02F24} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Alwil Software\Avast4\ashShell.dll [avast] -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 75128 bytes | Modified Date = 16/05/2008 01:12:24 | Attr = ]
(WinRAR):{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 120832 bytes | Modified Date = 25/01/2004 01:00:00 | Attr = ]
< ContextMenuHandlers - Directory [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\ ->
(WinRAR):{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 120832 bytes | Modified Date = 25/01/2004 01:00:00 | Attr = ]
< ContextMenuHandlers - Folder [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shell\ ->
AddToPlaylistVLC -> %ProgramFiles%\VideoLAN\VLC\vlc.exe [C:\Program Files\VideoLAN\VLC\vlc.exe --one-instance --playlist-enqueue "%1"] -> [Ver = | Size = 6672384 bytes | Modified Date = 12/12/2005 21:54:30 | Attr = ]
PlayWithVLC -> %ProgramFiles%\VideoLAN\VLC\vlc.exe [C:\Program Files\VideoLAN\VLC\vlc.exe --no-playlist-enqueue "%1"] -> [Ver = | Size = 6672384 bytes | Modified Date = 12/12/2005 21:54:30 | Attr = ]
< ContextMenuHandlers - Folder [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\ ->
(avast):{472083B0-C522-11CF-8763-00608CC02F24} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Alwil Software\Avast4\ashShell.dll [avast] -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 75128 bytes | Modified Date = 16/05/2008 01:12:24 | Attr = ]
(WinRAR):{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 120832 bytes | Modified Date = 25/01/2004 01:00:00 | Attr = ]


[Files/Folders - Created Within 30 days]
$$tonio -> %SystemDrive%\$$tonio -> [Folder | Created Date = 18/05/2008 21:52:08 | Attr = ]
BFU -> %SystemDrive%\BFU -> [Folder | Created Date = 25/05/2008 11:13:09 | Attr = ]
SDFix -> %SystemDrive%\SDFix -> [Folder | Created Date = 21/05/2008 20:59:08 | Attr = ]
MRT.INI -> %SystemRoot%\System32\MRT.INI -> [Ver = | Size = 118 bytes | Created Date = 26/05/2008 07:31:08 | Attr = ]
tcpbkup.exe -> %SystemRoot%\System32\tcpbkup.exe -> [Ver = | Size = 25120 bytes | Created Date = 18/05/2008 10:58:12 | Attr = RH ]
WinCtrl32.dl_ -> %SystemRoot%\System32\WinCtrl32.dl_ -> [Ver = | Size = 14336 bytes | Created Date = 21/05/2008 21:11:15 | Attr = ]
ERUNT -> %SystemRoot%\ERUNT -> [Folder | Created Date = 21/05/2008 20:59:37 | Attr = ]
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
Thumbs.db -> %SystemRoot%\Thumbs.db -> [Ver = | Size = 7168 bytes | Created Date = 21/05/2008 21:28:22 | Attr = HS]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable
totacon.config -> %SystemRoot%\totacon.config -> [Ver = | Size = 39878 bytes | Created Date = 20/05/2008 21:52:54 | Attr = ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Windows Genuine Advantage -> %AllUsersProfile%\Application Data\Windows Genuine Advantage -> [Folder | Created Date = 26/05/2008 17:19:38 | Attr = ]
Conduit -> %UserProfile%\Local Settings\Application Data\Conduit -> [Folder | Created Date = 07/05/2008 21:06:10 | Attr = ]
2008-05-21 -> %UserProfile%\Mes documents\2008-05-21 -> [Folder | Created Date = 21/05/2008 23:30:08 | Attr = ]
2008-05-28 -> %UserProfile%\Mes documents\2008-05-28 -> [Folder | Created Date = 28/05/2008 20:24:42 | Attr = ]
Doc1.doc -> %UserProfile%\Mes documents\Doc1.doc -> [Ver = | Size = 25088 bytes | Created Date = 21/05/2008 10:08:06 | Attr = ]
tarif dragées audouard.xls -> %UserProfile%\Mes documents\tarif dragées audouard.xls -> [Ver = | Size = 25600 bytes | Created Date = 05/05/2008 18:33:22 | Attr = ]
catchme.zip -> %UserProfile%\Bureau\catchme.zip -> [Ver = | Size = 36912 bytes | Created Date = 21/05/2008 21:03:09 | Attr = ]
CCleaner.lnk -> %UserProfile%\Bureau\CCleaner.lnk -> [Ver = | Size = 1548 bytes | Created Date = 18/05/2008 21:53:55 | Attr = ]
HijackThis.lnk -> %UserProfile%\Bureau\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Created Date = 18/05/2008 22:05:29 | Attr = ]
OTScanIt -> %UserProfile%\Bureau\OTScanIt -> [Folder | Created Date = 28/05/2008 21:14:50 | Attr = ]
OTScanIt.exe -> %UserProfile%\Bureau\OTScanIt.exe -> [Ver = | Size = 544843 bytes | Created Date = 28/05/2008 21:12:55 | Attr = ]
Pack Sécurité.lnk -> %AllUsersProfile%\Menu Démarrer\Programmes\Démarrage\Pack Sécurité.lnk -> [Ver = | Size = 941 bytes | Created Date = 28/05/2008 21:10:42 | Attr = ]
CCleaner -> %ProgramFiles%\CCleaner -> [Folder | Created Date = 18/05/2008 21:53:54 | Attr = ]
Conduit -> %ProgramFiles%\Conduit -> [Folder | Created Date = 07/05/2008 21:06:05 | Attr = ]
MSXML 4.0 -> %ProgramFiles%\MSXML 4.0 -> [Folder | Created Date = 26/05/2008 17:22:13 | Attr = ]
scrapmalin -> %ProgramFiles%\scrapmalin -> [Folder | Created Date = 07/05/2008 21:06:03 | Attr = ]
Trend Micro -> %ProgramFiles%\Trend Micro -> [Folder | Created Date = 18/05/2008 22:05:29 | Attr = ]
Suite et fin :

------------------------------------------------------------------------------------

[Files/Folders - Created Within 30 days]
$$tonio -> %SystemDrive%\$$tonio -> [Folder | Created Date = 18/05/2008 21:52:08 | Attr = ]
BFU -> %SystemDrive%\BFU -> [Folder | Created Date = 25/05/2008 11:13:09 | Attr = ]
SDFix -> %SystemDrive%\SDFix -> [Folder | Created Date = 21/05/2008 20:59:08 | Attr = ]
MRT.INI -> %SystemRoot%\System32\MRT.INI -> [Ver = | Size = 118 bytes | Created Date = 26/05/2008 07:31:08 | Attr = ]
tcpbkup.exe -> %SystemRoot%\System32\tcpbkup.exe -> [Ver = | Size = 25120 bytes | Created Date = 18/05/2008 10:58:12 | Attr = RH ]
WinCtrl32.dl_ -> %SystemRoot%\System32\WinCtrl32.dl_ -> [Ver = | Size = 14336 bytes | Created Date = 21/05/2008 21:11:15 | Attr = ]
ERUNT -> %SystemRoot%\ERUNT -> [Folder | Created Date = 21/05/2008 20:59:37 | Attr = ]
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
Thumbs.db -> %SystemRoot%\Thumbs.db -> [Ver = | Size = 7168 bytes | Created Date = 21/05/2008 21:28:22 | Attr = HS]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable
totacon.config -> %SystemRoot%\totacon.config -> [Ver = | Size = 39878 bytes | Created Date = 20/05/2008 21:52:54 | Attr = ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Windows Genuine Advantage -> %AllUsersProfile%\Application Data\Windows Genuine Advantage -> [Folder | Created Date = 26/05/2008 17:19:38 | Attr = ]
Conduit -> %UserProfile%\Local Settings\Application Data\Conduit -> [Folder | Created Date = 07/05/2008 21:06:10 | Attr = ]
2008-05-21 -> %UserProfile%\Mes documents\2008-05-21 -> [Folder | Created Date = 21/05/2008 23:30:08 | Attr = ]
2008-05-28 -> %UserProfile%\Mes documents\2008-05-28 -> [Folder | Created Date = 28/05/2008 20:24:42 | Attr = ]
Doc1.doc -> %UserProfile%\Mes documents\Doc1.doc -> [Ver = | Size = 25088 bytes | Created Date = 21/05/2008 10:08:06 | Attr = ]
tarif dragées audouard.xls -> %UserProfile%\Mes documents\tarif dragées audouard.xls -> [Ver = | Size = 25600 bytes | Created Date = 05/05/2008 18:33:22 | Attr = ]
catchme.zip -> %UserProfile%\Bureau\catchme.zip -> [Ver = | Size = 36912 bytes | Created Date = 21/05/2008 21:03:09 | Attr = ]
CCleaner.lnk -> %UserProfile%\Bureau\CCleaner.lnk -> [Ver = | Size = 1548 bytes | Created Date = 18/05/2008 21:53:55 | Attr = ]
HijackThis.lnk -> %UserProfile%\Bureau\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Created Date = 18/05/2008 22:05:29 | Attr = ]
OTScanIt -> %UserProfile%\Bureau\OTScanIt -> [Folder | Created Date = 28/05/2008 21:14:50 | Attr = ]
OTScanIt.exe -> %UserProfile%\Bureau\OTScanIt.exe -> [Ver = | Size = 544843 bytes | Created Date = 28/05/2008 21:12:55 | Attr = ]
Pack Sécurité.lnk -> %AllUsersProfile%\Menu Démarrer\Programmes\Démarrage\Pack Sécurité.lnk -> [Ver = | Size = 941 bytes | Created Date = 28/05/2008 21:10:42 | Attr = ]
CCleaner -> %ProgramFiles%\CCleaner -> [Folder | Created Date = 18/05/2008 21:53:54 | Attr = ]
Conduit -> %ProgramFiles%\Conduit -> [Folder | Created Date = 07/05/2008 21:06:05 | Attr = ]
MSXML 4.0 -> %ProgramFiles%\MSXML 4.0 -> [Folder | Created Date = 26/05/2008 17:22:13 | Attr = ]
scrapmalin -> %ProgramFiles%\scrapmalin -> [Folder | Created Date = 07/05/2008 21:06:03 | Attr = ]
Trend Micro -> %ProgramFiles%\Trend Micro -> [Folder | Created Date = 18/05/2008 22:05:29 | Attr = ]

[Files/Folders - Modified Within 30 days]
$$tonio -> %SystemDrive%\$$tonio -> [Folder | Modified Date = 25/05/2008 11:28:05 | Attr = ]
BFU -> %SystemDrive%\BFU -> [Folder | Modified Date = 25/05/2008 11:23:03 | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 26/05/2008 17:22:14 | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 26/05/2008 17:22:13 | Attr = R ]
SDFix -> %SystemDrive%\SDFix -> [Folder | Modified Date = 21/05/2008 21:18:03 | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 28/05/2008 21:12:02 | Attr = ]
aavmker4.sys -> %SystemRoot%\System32\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 26944 bytes | Modified Date = 16/05/2008 01:13:26 | Attr = ]
aswFsBlk.sys -> %SystemRoot%\System32\drivers\aswFsBlk.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 20560 bytes | Modified Date = 16/05/2008 01:16:06 | Attr = ]
aswmon2.sys -> %SystemRoot%\System32\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 94416 bytes | Modified Date = 16/05/2008 01:18:33 | Attr = ]
aswRdr.sys -> %SystemRoot%\System32\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 23152 bytes | Modified Date = 16/05/2008 01:15:29 | Attr = ]
aswSP.sys -> %SystemRoot%\System32\drivers\aswSP.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 78416 bytes | Modified Date = 16/05/2008 01:20:32 | Attr = ]
aswTdi.sys -> %SystemRoot%\System32\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 42912 bytes | Modified Date = 16/05/2008 01:14:11 | Attr = ]
etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 21/05/2008 21:03:46 | Attr = ]
HOSTS -> %SystemRoot%\System32\drivers\etc\HOSTS -> [Ver = | Size = 686 bytes | Modified Date = 21/05/2008 21:03:46 | Attr = ]
aswBoot.exe -> %SystemRoot%\System32\aswBoot.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 1152888 bytes | Modified Date = 16/05/2008 01:24:43 | Attr = ]
AVASTSS.scr -> %SystemRoot%\System32\AVASTSS.scr -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 95608 bytes | Modified Date = 16/05/2008 01:12:36 | Attr = ]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 28/05/2008 21:01:23 | Attr = ]
3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
Com -> %SystemRoot%\System32\Com -> [Folder | Modified Date = 26/05/2008 17:26:57 | Attr = ]
config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 21/05/2008 20:58:09 | Attr = ]
CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT -> [Ver = | Size = 3121 bytes | Modified Date = 17/05/2008 12:41:25 | Attr = ]
dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 26/05/2008 17:44:02 | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 26/05/2008 17:39:38 | Attr = ]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 329888 bytes | Modified Date = 26/05/2008 17:44:06 | Attr = ]
ias -> %SystemRoot%\System32\ias -> [Folder | Modified Date = 05/05/2008 18:36:35 | Attr = ]
MRT.INI -> %SystemRoot%\System32\MRT.INI -> [Ver = | Size = 118 bytes | Modified Date = 26/05/2008 07:31:09 | Attr = ]
tcpbkup.exe -> %SystemRoot%\System32\tcpbkup.exe -> [Ver = | Size = 25120 bytes | Modified Date = 18/05/2008 10:58:12 | Attr = RH ]
WinCtrl32.dl_ -> %SystemRoot%\System32\WinCtrl32.dl_ -> [Ver = | Size = 14336 bytes | Modified Date = 21/05/2008 21:11:15 | Attr = ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 28/05/2008 21:13:00 | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 28/05/2008 21:01:06 | Attr = H ]
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 28/05/2008 21:10:31 | Attr = S]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 26/05/2008 07:30:16 | Attr = ]
ERUNT -> %SystemRoot%\ERUNT -> [Folder | Modified Date = 21/05/2008 20:59:45 | Attr = ]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 26/05/2008 06:28:31 | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 26/05/2008 17:40:11 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 28/05/2008 21:01:30 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 26/05/2008 17:22:14 | Attr = HS]
msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 26/05/2008 17:44:02 | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 69 bytes | Modified Date = 19/05/2008 22:37:23 | Attr = ]
SHELLNEW -> %SystemRoot%\SHELLNEW -> [Folder | Modified Date = 05/05/2008 18:36:34 | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 26/05/2008 06:28:31 | Attr = ]
system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 28/05/2008 21:01:23 | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 28/05/2008 21:12:34 | Attr = ]
Thumbs.db -> %SystemRoot%\Thumbs.db -> [Ver = | Size = 7168 bytes | Modified Date = 21/05/2008 21:28:22 | Attr = HS]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable
totacon.config -> %SystemRoot%\totacon.config -> [Ver = | Size = 39878 bytes | Modified Date = 26/05/2008 06:41:52 | Attr = ]
Twain001.Mtx -> %SystemRoot%\Twain001.Mtx -> [Ver = | Size = 5 bytes | Modified Date = 28/05/2008 20:49:50 | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 929 bytes | Modified Date = 20/05/2008 22:36:33 | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 26/05/2008 17:29:41 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 28/05/2008 21:10:35 | Attr = H ]
Vérifier les mises à jour de Windows Live Toolbar.job -> %SystemRoot%\tasks\Vérifier les mises à jour de Windows Live Toolbar.job -> [Ver = | Size = 272 bytes | Modified Date = 28/05/2008 20:50:01 | Attr = ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 26/02/2008 09:52:13 | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4617 bytes | Modified Date = 28/05/2008 20:21:03 | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4232 bytes | Modified Date = 28/05/2008 20:21:03 | Attr = ]
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 18/02/2006 16:54:00 | Attr = ]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8206 bytes | Modified Date = 18/02/2006 16:54:00 | Attr = ]
C:\Documents and Settings\Administrateur\Local Settings\Temp\ -> C:\Documents and Settings\Administrateur\Local Settings\Temp -> [Folder | Modified Date = 28/05/2008 21:12:44 | Attr = ]
Install_WLMessenger.exe -> C:\Documents and Settings\Administrateur\Local Settings\Temp\Install_WLMessenger.exe -> Microsoft Corporation [Ver = 12.0.2000.1009 | Size = 20233232 bytes | Modified Date = 28/10/2007 06:46:44 | Attr = ]
7 C:\Documents and Settings\Administrateur\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Administrateur\Local Settings\Temp\*.tmp ->
C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [Folder | Modified Date = 28/05/2008 21:14:11 | Attr = ]
Perflib_Perfdata_590.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_590.dat -> [Ver = | Size = 16384 bytes | Modified Date = 27/05/2008 16:43:53 | Attr = ]
Perflib_Perfdata_5b8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_5b8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 28/05/2008 19:57:26 | Attr = ]
Perflib_Perfdata_5c0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_5c0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 26/05/2008 17:44:20 | Attr = ]
Perflib_Perfdata_5f4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_5f4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 28/05/2008 21:10:36 | Attr = ]
Perflib_Perfdata_618.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_618.dat -> [Ver = | Size = 16384 bytes | Modified Date = 25/05/2008 11:26:07 | Attr = ]
Perflib_Perfdata_634.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_634.dat -> [Ver = | Size = 16384 bytes | Modified Date = 26/05/2008 06:23:23 | Attr = ]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
GamesBar -> %AllUsersProfile%\Application Data\GamesBar -> [Folder | Modified Date = 27/05/2008 21:34:10 | Attr = ]
Windows Genuine Advantage -> %AllUsersProfile%\Application Data\Windows Genuine Advantage -> [Folder | Modified Date = 26/05/2008 17:19:38 | Attr = ]
Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 19/05/2008 22:36:28 | Attr = S]
Conduit -> %UserProfile%\Local Settings\Application Data\Conduit -> [Folder | Modified Date = 19/05/2008 22:56:56 | Attr = ]
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 4850808 bytes | Modified Date = 28/05/2008 21:00:14 | Attr = H ]
2008-05-21 -> %UserProfile%\Mes documents\2008-05-21 -> [Folder | Modified Date = 28/05/2008 20:22:28 | Attr = ]
2008-05-28 -> %UserProfile%\Mes documents\2008-05-28 -> [Folder | Modified Date = 28/05/2008 20:49:53 | Attr = ]
Doc1.doc -> %UserProfile%\Mes documents\Doc1.doc -> [Ver = | Size = 25088 bytes | Modified Date = 21/05/2008 10:08:07 | Attr = ]
Ma musique -> %UserProfile%\Mes documents\Ma musique -> [Folder | Modified Date = 19/05/2008 22:37:28 | Attr = R ]
mariage -> %UserProfile%\Mes documents\mariage -> [Folder | Modified Date = 26/05/2008 06:56:01 | Attr = ]
mariage florian.xls -> %UserProfile%\Mes documents\mariage florian.xls -> [Ver = | Size = 20992 bytes | Modified Date = 26/05/2008 06:45:22 | Attr = ]
Mes dossiers de partage.lnk -> %UserProfile%\Mes documents\Mes dossiers de partage.lnk -> [Ver = | Size = 568 bytes | Modified Date = 28/05/2008 20:58:48 | Attr = ]
Mes fichiers reçus -> %UserProfile%\Mes documents\Mes fichiers reçus -> [Folder | Modified Date = 28/05/2008 09:00:08 | Attr = ]
Mes images -> %UserProfile%\Mes documents\Mes images -> [Folder | Modified Date = 21/05/2008 23:28:17 | Attr = R ]
My albums -> %UserProfile%\Mes documents\My albums -> [Folder | Modified Date = 20/05/2008 22:31:52 | Attr = ]
tarif dragées audouard.xls -> %UserProfile%\Mes documents\tarif dragées audouard.xls -> [Ver = | Size = 25600 bytes | Modified Date = 05/05/2008 09:52:24 | Attr = ]
catchme.zip -> %UserProfile%\Bureau\catchme.zip -> [Ver = | Size = 36912 bytes | Modified Date = 21/05/2008 21:03:09 | Attr = ]
CCleaner.lnk -> %UserProfile%\Bureau\CCleaner.lnk -> [Ver = | Size = 1548 bytes | Modified Date = 18/05/2008 21:53:55 | Attr = ]
HijackThis.lnk -> %UserProfile%\Bureau\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 18/05/2008 22:05:29 | Attr = ]
OTScanIt -> %UserProfile%\Bureau\OTScanIt -> [Folder | Modified Date = 28/05/2008 21:14:50 | Attr = ]
OTScanIt.exe -> %UserProfile%\Bureau\OTScanIt.exe -> [Ver = | Size = 544843 bytes | Modified Date = 28/05/2008 21:12:58 | Attr = ]
Pack Sécurité.lnk -> %AllUsersProfile%\Menu Démarrer\Programmes\Démarrage\Pack Sécurité.lnk -> [Ver = | Size = 941 bytes | Modified Date = 28/05/2008 21:10:42 | Attr = ]
System -> %CommonProgramFiles%\System -> [Folder | Modified Date = 26/05/2008 17:27:17 | Attr = ]

[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d346prt\Cfg\0Jf40]
"khjeh"=hex:20,02,00,00,7f,ef,d4,f7,ab,ff,c4,ee,62,bb,94,bd,2d,ec,f4,10,8c,..
"hj34z0"=hex:c6,4a,d2,65,b5,f0,5c,d0,95,bd,cf,2f,5a,02,58,53,3a,c5,83,4d,f3,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{56CA5D3B-3002-4E7B-90FE-071D8FDF3814}]
"DisplayName"="DAEMON Tools"
scanning hidden files ...
C:\WINDOWS\Thumbs.db:encryptable 0 bytes
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 3
< Document and Settings folder & sub folders >
scanning hidden files ...
C:\Documents and Settings\Administrateur\Mes documents\100DSCIM\Nouveau dossier (2)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Administrateur\Mes documents\100DSCIM\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Administrateur\Mes documents\2007-10-14\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Administrateur\Mes documents\2008-05-21\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Administrateur\Mes documents\2008-05-28\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Administrateur\Mes documents\Mes fichiers reçus\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Administrateur\Mes documents\Mes images\1an Titouan30 ans Juliette\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Administrateur\Mes documents\Mes images\2008-05-21\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Administrateur\Mes documents\Mes images\20ans sophie\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Administrateur\Mes documents\Mes images\22ans amandine\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Administrateur\Mes documents\Mes images\24 ans Florian mai 2006\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Administrateur\Mes documents\Mes images\60ans raymonde et jo\DCIM\101DSCIM\Nouveau dossier\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Administrateur\Mes documents\Mes images\60ans raymonde et jo\DCIM\101DSCIM\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Administrateur\Mes documents\Mes images\60ans raymonde et jo\DCIM\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Administrateur\Mes documents\Mes images\60ans raymonde et jo\Nouveau dossier\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Administrateur\Mes documents\Mes images\60ans raymonde et jo\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Administrateur\Mes documents\Mes images\80ans odette\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Administrateur\Mes documents\Mes images\olivier\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Administrateur\Mes documents\Mes images\papy\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Administrateur\Mes documents\Mes images\photo ray\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Administrateur\Mes documents\Mes images\guethary\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Administrateur\Mes documents\Mes images\hugo\Nouveau dossier\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Administrateur\Mes documents\Mes images\hugo\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Administrateur\Mes documents\Mes images\jour de l'an\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Administrateur\Mes documents\Mes images\jules leane\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Administrateur\Mes documents\Mes images\Nantes\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Administrateur\Mes documents\Mes images\noel\Bruel\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Administrateur\Mes documents\Mes images\noel\noel2006086\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Administrateur\Mes documents\Mes images\noel\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Administrateur\Mes documents\Mes images\Nouveau dossier\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Administrateur\Mes documents\Mes images\Nouveau dossierla gande motte\flavien07072006\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Administrateur\Mes documents\Mes images\Nouveau dossierla gande motte\lagrande motte\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Administrateur\Mes documents\Mes images\Bapteme\gus+vichy\gael+vichy\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Administrateur\Mes documents\Mes images\Bapteme\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Administrateur\Mes documents\Mes images\bapteme Solene\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Administrateur\Mes documents\Mes images\collonges\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Administrateur\Mes documents\Mes images\DCIM\100DSCIM\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Administrateur\Mes documents\Mes images\fete cheval 16juin2007\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Administrateur\Mes documents\Mes images\marseille\OM aout 2007\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Administrateur\Mes documents\Mes images\marseille\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Administrateur\Mes documents\Mes images\poney jules et leane\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Administrateur\Mes documents\Mes images\scrap\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Administrateur\Mes documents\Mes images\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Administrateur\Mes documents\Ma musique\Mes vidéos\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Administrateur\Mes documents\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Application Data\TEMP:943D6A82 131 bytes
C:\Documents and Settings\All Users\Documents\Ma musique\Échantillons de musique\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\Mes images\7 févr. 2006 (D)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\Mes images\Échantillons d'images\Thumbs.db:encryptable 0 bytes
scan completed successfully
hidden files: 49

[Manual Scans]
< HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\\Userinit >
Reg Error: Key HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\\Userinit\ not found. -> ->
< End of report >
/code
Messages postés
2241
Date d'inscription
samedi 21 avril 2007
Statut
Contributeur sécurité
Dernière intervention
27 octobre 2012
122
Re,

OK. Bien joué.

1/ Commence par faire une sauvegarde avec Erunt :
Regarde ici à la lettre P : https://forum.pcastuces.com/comment_faire_pour__-f25s3902.htm

2/ * Désactive temporairement ton antivirus (mais pas le pare-feu),
* Ouvre OTScanIt.exe dans le dossier OTScanIt sur le Bureau (pour Vista : clic droit et exécuter en tant qu'administrateur),
* Fais un copier/coller des lignes suivantes dans la zone Paste fix here :

[Kill Explorer]
[Unregister Dlls]
[Processes - Non-Microsoft Only]
YY -> tcpbkup.exe -> %SystemRoot%\system32\tcpbkup.exe
[Win32 Services - Non-Microsoft Only]
YY -> (tcpbackup) Microsoft TCP/IP Backup Service [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\tcpbkup.exe
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> dbvhbheb -> %SystemRoot%\system32\wheipprs.exe [C:\WINDOWS\system32\wheipprs.exe]
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> WinCtrl32 -> WinCtrl32.dll
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> 
YN -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> 
YN -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm
YY -> HKEY_CURRENT_USER\: URLSearchHooks\\{9CB65206-89C4-402c-BA80-02D8C59F9B1D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL []
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {6F282B65-56BF-4BD1-A8B2-A4449A05863D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\GamesBar\oberontb.dll [GamesBar]
YY -> {9CB65201-89C4-402c-BA80-02D8C59F9B1D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL [Ask Search Assistant BHO]
YY -> {FE063DB1-4EC0-403e-8DD8-394C54984B2C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AskTBar\bar\1.bin\ASKTBAR.DLL [Ask Toolbar BHO]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YY -> {6F282B65-56BF-4BD1-A8B2-A4449A05863D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\GamesBar\oberontb.dll [GamesBar]
YY -> {FE063DB9-4EC0-403e-8DD8-394C54984B2C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AskTBar\bar\1.bin\ASKTBAR.DLL [Ask Toolbar]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YY -> WebBrowser\\{FE063DB9-4EC0-403E-8DD8-394C54984B2C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AskTBar\bar\1.bin\ASKTBAR.DLL [Ask Toolbar]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YY -> {1A93C934-025B-4c3a-B38E-9654A7003239}:BandCLSID -> %ProgramFiles%\GamesBar\oberontb.dll [GamesBar]
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> 
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\WinAntiVirus Pro 2006\Updater.exe -> C:\Program Files\WinAntiVirus Pro 2006\Updater.exe [C:\Program Files\WinAntiVirus Pro 2006\Updater.exe:*:Enabled:updater.exe]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ecedaf.exe -> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ecedaf.exe [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ecedaf.exe:*:Enabled:Enabled]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\herjek.exe -> C:\WINDOWS\herjek.exe [C:\WINDOWS\herjek.exe:*:Enabled:enable]
[Files/Folders - Created Within 30 days]
NY -> tcpbkup.exe -> %SystemRoot%\System32\tcpbkup.exe
NY -> WinCtrl32.dl_ -> %SystemRoot%\System32\WinCtrl32.dl_
[Files/Folders - Modified Within 30 days]
NY -> tcpbkup.exe -> %SystemRoot%\System32\tcpbkup.exe
NY -> WinCtrl32.dl_ -> %SystemRoot%\System32\WinCtrl32.dl_
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> GamesBar -> %AllUsersProfile%\Application Data\GamesBar
[Empty Temp Folders]
[Start Explorer]
[Reboot]


* Clique sur le bouton Run fix.
* L'exécution devrait être rapide. Lorsque la correction est terminée, un message indiquant que c'est fini (finished) devrait apparaître. Il est possible que l'on te demande de redémarrer le pc pour finaliser la correction si certains éléments n'ont pu être corrigés précédemment. Fais-le afin de finaliser la correction dans ce cas-là, en cliquant sur Yes.
* Le bloc-note s'ouvre. Copie/colle son contenu dans ta prochaine réponse.
* N'oublie pas de préciser tout problème rencontré ou tout problème persistant sur ton pc.
* Réactive l'antivirus.

Edite ce rapport avec un nouveau rapport Hijackthis.

FillPCA
Salut,

Désolé du délai, mais je n'ai pu acceder au PC avant.
Voilà j'ai fait tout comme indiqué.
Suivent les deux rapports (Otscanit et hijackthis)
A noter que depuis la derniere manip, un message au demarrage de windows dit que la version de windows semble louche (sans doute piratée). Windows ayant été acheté monté sur l'ordi je ne pense que ce soit le cas. Ce message n'eapparaissait pas avant.

A te lire,

Antoine

----------------------------------------------------------------------
Voici le rapport de OTScantIt :
Explorer killed successfully
[Processes - Non-Microsoft Only]
Unable to kill process tcpbkup.exe .
C:\WINDOWS\system32\tcpbkup.exe moved successfully.
[Win32 Services - Non-Microsoft Only]
Service tcpbackup stopped successfully.
Service tcpbackup deleted successfully.
File C:\WINDOWS\system32\tcpbkup.exe not found.
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\dbvhbheb deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WinCtrl32\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{9CB65206-89C4-402c-BA80-02D8C59F9B1D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CB65206-89C4-402c-BA80-02D8C59F9B1D}\ deleted successfully.
C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL unregistered successfully.
C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}\ deleted successfully.
C:\Program Files\GamesBar\oberontb.dll unregistered successfully.
C:\Program Files\GamesBar\oberontb.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}\ not found.
File C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}\ deleted successfully.
C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL unregistered successfully.
C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{6F282B65-56BF-4BD1-A8B2-A4449A05863D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}\ not found.
File C:\Program Files\GamesBar\oberontb.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{FE063DB9-4EC0-403e-8DD8-394C54984B2C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}\ not found.
File C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FE063DB9-4EC0-403E-8DD8-394C54984B2C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}\ not found.
File C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1A93C934-025B-4c3a-B38E-9654A7003239}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1A93C934-025B-4c3a-B38E-9654A7003239}\ not found.
File C:\Program Files\GamesBar\oberontb.dll not found.
[Registry - Additional Scans - Non-Microsoft Only]
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolic­y\StandardProfile\AuthorizedApplications\List not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolic­y\StandardProfile\AuthorizedApplications\List not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolic­y\StandardProfile\AuthorizedApplications\List not found.
[Files/Folders - Created Within 30 days]
File C:\WINDOWS\System32\tcpbkup.exe not found!
C:\WINDOWS\System32\WinCtrl32.dl_ moved successfully.
[Files/Folders - Modified Within 30 days]
File C:\WINDOWS\System32\tcpbkup.exe not found!
File C:\WINDOWS\System32\WinCtrl32.dl_ not found!
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
C:\Documents and Settings\All Users\Application Data\GamesBar\08-05-27-21-33-58 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\GamesBar\08-04-03-21-40-13 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\GamesBar\08-04-03-21-40-12 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\GamesBar\08-03-16-21-32-03 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\GamesBar\08-01-24-22-18-41 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\GamesBar folder moved successfully.
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Temp\~DF9FD9.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Temp\~DFE6EA.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\hsperfdata_SYSTEM\636 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5e8.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt by OldTimer - Version 1.0.15.2 fix logfile created on 06012008_185148

Files moved on Reboot...
C:\Documents and Settings\Administrateur\Local Settings\Temp\~DF9FD9.tmp moved successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\~DFE6EA.tmp moved successfully.
File C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
File C:\WINDOWS\temp\hsperfdata_SYSTEM\636 not found!
C:\WINDOWS\temp\Perflib_Perfdata_5e8.dat moved successfully.


--------------------------------------------------------------------
Et celui de HijackIt :
----------------------------------------------------------------------------------------------------

Explorer killed successfully
[Processes - Non-Microsoft Only]
Unable to kill process tcpbkup.exe .
C:\WINDOWS\system32\tcpbkup.exe moved successfully.
[Win32 Services - Non-Microsoft Only]
Service tcpbackup stopped successfully.
Service tcpbackup deleted successfully.
File C:\WINDOWS\system32\tcpbkup.exe not found.
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\dbvhbheb deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WinCtrl32\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{9CB65206-89C4-402c-BA80-02D8C59F9B1D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CB65206-89C4-402c-BA80-02D8C59F9B1D}\ deleted successfully.
C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL unregistered successfully.
C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}\ deleted successfully.
C:\Program Files\GamesBar\oberontb.dll unregistered successfully.
C:\Program Files\GamesBar\oberontb.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}\ not found.
File C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}\ deleted successfully.
C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL unregistered successfully.
C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{6F282B65-56BF-4BD1-A8B2-A4449A05863D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}\ not found.
File C:\Program Files\GamesBar\oberontb.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{FE063DB9-4EC0-403e-8DD8-394C54984B2C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}\ not found.
File C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FE063DB9-4EC0-403E-8DD8-394C54984B2C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}\ not found.
File C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1A93C934-025B-4c3a-B38E-9654A7003239}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1A93C934-025B-4c3a-B38E-9654A7003239}\ not found.
File C:\Program Files\GamesBar\oberontb.dll not found.
[Registry - Additional Scans - Non-Microsoft Only]
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolic­y\StandardProfile\AuthorizedApplications\List not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolic­y\StandardProfile\AuthorizedApplications\List not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolic­y\StandardProfile\AuthorizedApplications\List not found.
[Files/Folders - Created Within 30 days]
File C:\WINDOWS\System32\tcpbkup.exe not found!
C:\WINDOWS\System32\WinCtrl32.dl_ moved successfully.
[Files/Folders - Modified Within 30 days]
File C:\WINDOWS\System32\tcpbkup.exe not found!
File C:\WINDOWS\System32\WinCtrl32.dl_ not found!
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
C:\Documents and Settings\All Users\Application Data\GamesBar\08-05-27-21-33-58 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\GamesBar\08-04-03-21-40-13 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\GamesBar\08-04-03-21-40-12 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\GamesBar\08-03-16-21-32-03 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\GamesBar\08-01-24-22-18-41 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\GamesBar folder moved successfully.
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Temp\~DF9FD9.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Temp\~DFE6EA.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\hsperfdata_SYSTEM\636 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5e8.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt by OldTimer - Version 1.0.15.2 fix logfile created on 06012008_185148

Files moved on Reboot...
C:\Documents and Settings\Administrateur\Local Settings\Temp\~DF9FD9.tmp moved successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\~DFE6EA.tmp moved successfully.
File C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
File C:\WINDOWS\temp\hsperfdata_SYSTEM\636 not found!
C:\WINDOWS\temp\Perflib_Perfdata_5e8.dat moved successfully.
Messages postés
2241
Date d'inscription
samedi 21 avril 2007
Statut
Contributeur sécurité
Dernière intervention
27 octobre 2012
122
Salut,

Bien joué mais tu as édité 2 fois le rapport OTScanIt au lieu d'éditer en 2nd un rapport Hijackthis.

1/ Utilise malwarebyte's en suivant ce tuto : https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm
Enregistre le rapport après suppression des éléments.

2/ Fais un scan en ligne complet avec Kaspersky en utilisant ce tuto : https://forum.pcastuces.com/default.asp

3/ Avec les 2 rapports précédents, édite un rapport Hijackthis après avoir réalisé les 2 étapes précédentes.

Enfin, dis-moi comment se porte le pc.

FillPCA
Hello,

Je me suis effectivement planté dans mes copier-coller présendents. Je vais essayer de ne pas réitérer !
J'ai donc passé malwarebyte's et Kaspersky.

A noter que tout ce qui est infecté sous c:\$Tonio\Sav\ sont des copies de fichiers tendencieux que j'avais fait avant ces manips. Je viens de les supprimer, donc il ne faut pas en tenir compte je pense.
Mais apparemment il subsiste pas mal de saletés ...
Voici les rapports, en espérant que tu ne t'en lasse pas !

A+

Antoine

---------------------------------------------------------------------------
Rapport malwarebyte's :
---------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.14
Version de la base de données: 814

15:45:02 02/06/2008
mbam-log-6-2-2008 (15-45-02).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 93503
Temps écoulé: 56 minute(s), 2 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 80

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowNetPlaces (StartMenu.Hijack) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\MessengerSkinner (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\download (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources (Adware.EGDAccess) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\$$tonio\SAV\tcpbkup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\$$tonio\SAV\vedxg3am1et3.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\$$tonio\SAV\vedxga4m1et4.exe (Trojan.Spambot) -> Quarantined and deleted successfully.
C:\$$tonio\SAV\vedxga5me3.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Bureau\OTScanIt\MovedFiles\06012008_185148\C_WINDOWS\system32\tcpbkup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Internet Explorer\svchost.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191605.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191631.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191646.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191673.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191680.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191702.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191720.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191726.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191740.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191782.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191796.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191799.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191810.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191821.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191858.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191868.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191869.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191880.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191894.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191895.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191905.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191916.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191917.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191928.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0192940.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0192941.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0192942.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0192964.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0192965.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0192966.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0192989.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0192990.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0192991.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0193991.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194012.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194031.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194047.exe (Trojan.Spambot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194052.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194082.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194109.exe (Trojan.Spambot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194141.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194164.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194184.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194197.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194215.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194434.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194471.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194495.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194521.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194525.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0195580.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0195583.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0195604.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0195608.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\Conditions générales.url (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\Confidentialité.url (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\Website.url (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\download\defaultPack.cab (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\appconfig.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btn.rgn (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnBnr.rgn (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnIn.rgn (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnInNormal.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnInOver.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnNormal.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnNormal.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnNormalBnr.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnNormalBnr.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnOver.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnOver.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnOverBnr.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnOverBnr.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\languages_v2.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\totacon.config (Malware.Trace) -> Quarantined and deleted successfully.



---------------------------------------------------------------------------
Rapport kaspersky :
---------------------------------------------------------------------------
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Monday, June 02, 2008 6:49:36 PM
Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 2/06/2008
Enregistrements dans la base antivirus Kaspersky : 731059
-------------------------------------------------------------------------------

Paramètres d'analyse:
Analyser avec la base antivirus suivante: standard
Analyser les archives: vrai
Analyser les bases de messagerie: vrai

Cible de l'analyse - Poste de travail:
C:\
D:\

Statistiques de l'analyse:
Total d'objets analysés: 61096
Nombre de virus trouvés: 13
Nombre d'objets infectés: 162 / 0
Nombre d'objets suspects: 0
Durée de l'analyse: 00:58:12

Nom de l'objet infecté / Nom du virus / Dernière action
C:\$$tonio\SAV\found.exe.exe Infecté : Email-Worm.Win32.Zhelatin.yu ignoré
C:\$$tonio\SAV\jkjkec.exe Infecté : Trojan-Dropper.Win32.Small.bnd ignoré
C:\$$tonio\SAV\maxpaynow1.exe Infecté : Trojan-Downloader.Win32.Tibs.aaf ignoré
C:\$$tonio\SAV\maxpaynowti1.exe Infecté : Trojan-Downloader.Win32.Tibs.aaf ignoré
C:\$$tonio\SAV\vedxg4am1et2.exe Infecté : Trojan-Downloader.Win32.Tibs.aah ignoré
C:\$$tonio\SAV\vedxg6ame4.exe Infecté : Trojan-Downloader.Win32.Tibs.aaf ignoré
C:\$$tonio\SAV\vedxga1me4t1.exe Infecté : Trojan-Downloader.Win32.Tibs.aah ignoré
C:\$$tonio\SAV\WinCtrl32.dll Infecté : Trojan-Downloader.Win32.Mutant.yf ignoré
C:\Documents and Settings\Administrateur\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.50718 Infecté : Backdoor.Win32.Agent.ilg ignoré
C:\Documents and Settings\Administrateur\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.79939 Infecté : Backdoor.Win32.Agent.ilg ignoré
C:\Documents and Settings\Administrateur\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.86864 Infecté : Backdoor.Win32.Agent.ilg ignoré
C:\Documents and Settings\Administrateur\Bureau\catchme.zip/asc3550p.sys Infecté : Trojan-Proxy.Win32.Saturn.cv ignoré
C:\Documents and Settings\Administrateur\Bureau\catchme.zip ZIP: infecté - 1 ignoré
C:\Documents and Settings\Administrateur\Bureau\OTScanIt\MovedFiles\06012008_185148\C_WINDOWS\system32\WinCtrl32.dl_ Infecté : Trojan-Downloader.Win32.Mutant.yf ignoré
C:\Documents and Settings\Administrateur\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Mes documents\Audible\Logs\Explorer_AudibleShellExt.log L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\ntuser.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\selfdef.log L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt L'objet est verrouillé ignoré
C:\Program Files\Pack Sécurité\backweb\361343\Users\Default\Data\chandir.dat L'objet est verrouillé ignoré
C:\Program Files\Pack Sécurité\backweb\361343\Users\Default\Data\chandir.idx L'objet est verrouillé ignoré
C:\Program Files\Pack Sécurité\backweb\361343\Users\Default\Data\chn.dat L'objet est verrouillé ignoré
C:\Program Files\Pack Sécurité\backweb\361343\Users\Default\Data\chn.idx L'objet est verrouillé ignoré
C:\Program Files\Pack Sécurité\backweb\361343\Users\Default\Data\D0000000.FCS L'objet est verrouillé ignoré
C:\Program Files\Pack Sécurité\backweb\361343\Users\Default\Data\fsbwupst.log L'objet est verrouillé ignoré
C:\Program Files\Pack Sécurité\backweb\361343\Users\Default\Data\inuse.txt L'objet est verrouillé ignoré
C:\Program Files\Pack Sécurité\backweb\361343\Users\Default\Data\L0000009.FCS L'objet est verrouillé ignoré
C:\Program Files\Pack Sécurité\backweb\361343\Users\Default\Data\main.log L'objet est verrouillé ignoré
C:\Program Files\Pack Sécurité\backweb\361343\Users\Default\Data\prs.dat L'objet est verrouillé ignoré
C:\Program Files\Pack Sécurité\backweb\361343\Users\Default\Data\prs.idx L'objet est verrouillé ignoré
C:\Program Files\Pack Sécurité\backweb\361343\Users\Default\Data\prs_die.dat L'objet est verrouillé ignoré
C:\Program Files\Pack Sécurité\backweb\361343\Users\Default\Data\prs_die.idx L'objet est verrouillé ignoré
C:\Program Files\Pack Sécurité\backweb\361343\Users\Default\Data\prs_dnd.dat L'objet est verrouillé ignoré
C:\Program Files\Pack Sécurité\backweb\361343\Users\Default\Data\prs_dnd.idx L'objet est verrouillé ignoré
C:\Program Files\Pack Sécurité\backweb\361343\Users\Default\Data\prs_ext.dat L'objet est verrouillé ignoré
C:\Program Files\Pack Sécurité\backweb\361343\Users\Default\Data\prs_ext.idx L'objet est verrouillé ignoré
C:\Program Files\Pack Sécurité\backweb\361343\Users\Default\Data\prs_rcv.dat L'objet est verrouillé ignoré
C:\Program Files\Pack Sécurité\backweb\361343\Users\Default\Data\prs_rcv.idx L'objet est verrouillé ignoré
C:\Program Files\Pack Sécurité\backweb\361343\Users\Default\Data\storydb.dat L'objet est verrouillé ignoré
C:\Program Files\Pack Sécurité\backweb\361343\Users\Default\Data\storydb.idx L'objet est verrouillé ignoré
C:\Program Files\Pack Sécurité\Common\admin.pub L'objet est verrouillé ignoré
C:\Program Files\Pack Sécurité\Common\policy.bpf L'objet est verrouillé ignoré
C:\Program Files\Pack Sécurité\Common\policy.ipf L'objet est verrouillé ignoré
C:\Program Files\Pack Sécurité\FSPC\csdk\Stlst\StatListDb.dat L'objet est verrouillé ignoré
C:\Program Files\Pack Sécurité\FSPC\csdk\Stlst\StatListDb.idx L'objet est verrouillé ignoré
C:\Program Files\Pack Sécurité\FSPC\csdk\urlcache\domainNames.dat L'objet est verrouillé ignoré
C:\Program Files\Pack Sécurité\FSPC\csdk\urlcache\domainNames.idx L'objet est verrouillé ignoré
C:\Program Files\Pack Sécurité\FSPC\csdk\urlcache\urlCacheDb.dat L'objet est verrouillé ignoré
C:\Program Files\Pack Sécurité\FSPC\csdk\urlcache\urlCacheDb.idx L'objet est verrouillé ignoré
C:\Program Files\Pack Sécurité\FSPC\logs\fspcwld.dat L'objet est verrouillé ignoré
C:\Program Files\Pack Sécurité\FSPC\logs\fspcwli.dat L'objet est verrouillé ignoré
C:\SDFix\backups\backups.zip/backups/found.exe.exe Infecté : Trojan-Downloader.Win32.Cntr.bs ignoré
C:\SDFix\backups\backups.zip/backups/herjek.exe Infecté : Email-Worm.Win32.Zhelatin.yu ignoré
C:\SDFix\backups\backups.zip/backups/maxpaynow.exe Infecté : Trojan-Downloader.Win32.Tibs.ww ignoré
C:\SDFix\backups\backups.zip/backups/maxpaynow.game Infecté : Trojan-Downloader.Win32.Tibs.ww ignoré
C:\SDFix\backups\backups.zip/backups/vedxg4am1et2.exe Infecté : Trojan-Downloader.Win32.Tibs.aah ignoré
C:\SDFix\backups\backups.zip/backups/vedxga1me4t1.exe Infecté : Trojan-Downloader.Win32.Tibs.aah ignoré
C:\SDFix\backups\backups.zip/backups/vedxga5me3.exe Infecté : Trojan-Downloader.Win32.Small.vrq ignoré
C:\SDFix\backups\backups.zip/backups/vx1dt1.game Infecté : Trojan-Downloader.Win32.Tibs.aah ignoré
C:\SDFix\backups\backups.zip/backups/vx1dt3.game Infecté : Trojan-Proxy.Win32.Saturn.cu ignoré
C:\SDFix\backups\backups.zip/backups/vx3dt2.game Infecté : Trojan-Downloader.Win32.Tibs.aah ignoré
C:\SDFix\backups\backups.zip/backups/wind32.exe Infecté : Trojan-Dropper.Win32.Small.bnd ignoré
C:\SDFix\backups\backups.zip ZIP: infecté - 11 ignoré
C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191622.exe Infecté : Trojan-Downloader.Win32.Tibs.aaf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191623.exe Infecté : Trojan-Downloader.Win32.Tibs.aaf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191627.exe Infecté : Email-Worm.Win32.Zhelatin.yu ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191644.exe Infecté : Trojan-Downloader.Win32.Tibs.aaf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191645.exe Infecté : Trojan-Downloader.Win32.Tibs.aaf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191647.exe Infecté : Trojan-Downloader.Win32.Tibs.aaf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191651.exe Infecté : Email-Worm.Win32.Zhelatin.yu ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191654.dll Infecté : Trojan-Downloader.Win32.Mutant.yf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191655.exe/data0000 Infecté : Trojan-Proxy.Win32.Saturn.cu ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191655.exe EmbeddedEXE: infecté - 1 ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191667.exe Infecté : Trojan-Downloader.Win32.Tibs.aaf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191668.exe Infecté : Trojan-Downloader.Win32.Tibs.aaf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191672.exe Infecté : Email-Worm.Win32.Zhelatin.yu ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191674.exe Infecté : Trojan-Downloader.Win32.Tibs.aaf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191679.dll Infecté : Trojan-Downloader.Win32.Mutant.yf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191689.exe Infecté : Trojan-Downloader.Win32.Tibs.aaf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191690.exe Infecté : Trojan-Downloader.Win32.Tibs.aaf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191697.exe Infecté : Email-Worm.Win32.Zhelatin.yu ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191701.dll Infecté : Trojan-Downloader.Win32.Mutant.yf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191713.exe Infecté : Trojan-Downloader.Win32.Tibs.aaf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191714.exe Infecté : Trojan-Downloader.Win32.Tibs.aaf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191717.exe Infecté : Email-Worm.Win32.Zhelatin.yu ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191721.exe Infecté : Trojan-Downloader.Win32.Tibs.aaf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191725.dll Infecté : Trojan-Downloader.Win32.Mutant.yf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191741.exe Infecté : Trojan-Downloader.Win32.Tibs.aaf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191742.exe Infecté : Trojan-Downloader.Win32.Tibs.aaf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191759.exe Infecté : Email-Worm.Win32.Zhelatin.yu ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191780.exe Infecté : Trojan-Downloader.Win32.Tibs.aaf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191781.exe Infecté : Trojan-Downloader.Win32.Tibs.aaf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191785.exe Infecté : Email-Worm.Win32.Zhelatin.yu ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191786.exe Infecté : Trojan-Downloader.Win32.Tibs.aaf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191795.dll Infecté : Trojan-Downloader.Win32.Mutant.yf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191811.exe Infecté : Trojan-Downloader.Win32.Tibs.aaf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191812.exe Infecté : Trojan-Downloader.Win32.Tibs.aaf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191818.exe Infecté : Email-Worm.Win32.Zhelatin.yu ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191820.dll Infecté : Trojan-Downloader.Win32.Mutant.yf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191844.exe Infecté : Trojan-Downloader.Win32.Tibs.aaf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191845.exe Infecté : Trojan-Downloader.Win32.Tibs.aaf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191850.exe Infecté : Email-Worm.Win32.Zhelatin.yu ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191857.dll Infecté : Trojan-Downloader.Win32.Mutant.yf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191873.exe Infecté : Email-Worm.Win32.Zhelatin.yu ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191879.dll Infecté : Trojan-Downloader.Win32.Mutant.yf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191900.exe Infecté : Email-Worm.Win32.Zhelatin.yu ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191904.dll Infecté : Trojan-Downloader.Win32.Mutant.yf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191922.exe Infecté : Email-Worm.Win32.Zhelatin.yu ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0191927.dll Infecté : Trojan-Downloader.Win32.Mutant.yf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0192946.dll Infecté : Trojan-Downloader.Win32.Mutant.yf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0192952.dll Infecté : Trojan-Downloader.Win32.Mutant.yf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0192953.sys Infecté : Trojan-Proxy.Win32.Saturn.cv ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0192975.dll Infecté : Trojan-Downloader.Win32.Mutant.yf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0193975.dll Infecté : Trojan-Downloader.Win32.Mutant.yf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0193989.exe Infecté : Trojan-Downloader.Win32.Tibs.aah ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0193990.exe Infecté : Trojan-Downloader.Win32.Tibs.aah ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0193994.dll Infecté : Trojan-Downloader.Win32.Mutant.yf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194009.exe Infecté : Trojan-Downloader.Win32.Tibs.aah ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194010.exe Infecté : Trojan-Downloader.Win32.Tibs.aah ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194029.exe Infecté : Trojan-Downloader.Win32.Tibs.aah ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194030.exe Infecté : Trojan-Downloader.Win32.Tibs.aah ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194048.exe Infecté : Email-Worm.Win32.Zhelatin.yu ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194051.dll Infecté : Trojan-Downloader.Win32.Mutant.yf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194059.sys Infecté : Trojan-Proxy.Win32.Saturn.cv ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194072.exe Infecté : Trojan-Downloader.Win32.Tibs.aaf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194073.exe Infecté : Trojan-Downloader.Win32.Tibs.aah ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194075.exe Infecté : Trojan-Downloader.Win32.Tibs.aah ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194077.exe Infecté : Trojan-Downloader.Win32.Tibs.aaf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194081.dll Infecté : Trojan-Downloader.Win32.Mutant.yf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194089.dll Infecté : Trojan-Downloader.Win32.Mutant.yf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194090.sys Infecté : Trojan-Proxy.Win32.Saturn.cv ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194100.sys Infecté : Trojan-Dropper.Win32.Agent.ror ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194104.exe Infecté : Trojan-Downloader.Win32.Tibs.aaf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194105.exe Infecté : Trojan-Downloader.Win32.Tibs.aah ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194106.exe Infecté : Trojan-Downloader.Win32.Tibs.aah ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194111.dll Infecté : Trojan-Downloader.Win32.Mutant.yf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194116.exe Infecté : Email-Worm.Win32.Zhelatin.yu ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194117.exe Infecté : Trojan-Downloader.Win32.Tibs.aah ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194118.exe Infecté : Trojan-Downloader.Win32.Tibs.aah ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194121.dll Infecté : Trojan-Downloader.Win32.Mutant.yf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194122.sys Infecté : Trojan-Proxy.Win32.Saturn.cv ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194129.sys Infecté : Trojan-Dropper.Win32.Agent.ror ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194140.dll Infecté : Trojan-Downloader.Win32.Mutant.yf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194151.dll Infecté : Trojan-Downloader.Win32.Mutant.yf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194152.sys Infecté : Trojan-Proxy.Win32.Saturn.cv ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194161.sys Infecté : Trojan-Dropper.Win32.Agent.ror ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194165.exe Infecté : Trojan-Downloader.Win32.Tibs.aaf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194166.exe Infecté : Trojan-Downloader.Win32.Tibs.aah ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194167.exe Infecté : Trojan-Downloader.Win32.Tibs.aah ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194169.exe Infecté : Trojan-Downloader.Win32.Tibs.aah ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194173.exe Infecté : Email-Worm.Win32.Zhelatin.yu ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194178.sys Infecté : Trojan-Dropper.Win32.Agent.ror ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194183.dll Infecté : Trojan-Downloader.Win32.Mutant.yf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194198.exe Infecté : Trojan-Downloader.Win32.Tibs.aah ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194199.exe Infecté : Trojan-Downloader.Win32.Tibs.aah ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194204.exe Infecté : Email-Worm.Win32.Zhelatin.yu ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194212.exe Infecté : Trojan-Downloader.Win32.Tibs.aaf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194214.exe Infecté : Trojan-Downloader.Win32.Tibs.aah ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194216.exe Infecté : Trojan-Downloader.Win32.Tibs.aaf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194433.dll Infecté : Trojan-Downloader.Win32.Mutant.yf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194450.exe Infecté : Trojan-Downloader.Win32.Tibs.aah ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194451.exe Infecté : Trojan-Downloader.Win32.Tibs.aah ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194456.exe Infecté : Email-Worm.Win32.Zhelatin.yu ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194470.dll Infecté : Trojan-Downloader.Win32.Mutant.yf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194482.sys Infecté : Trojan-Dropper.Win32.Agent.ror ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194485.exe Infecté : Trojan-Downloader.Win32.Tibs.aah ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194486.exe Infecté : Trojan-Downloader.Win32.Tibs.aah ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194492.exe Infecté : Email-Worm.Win32.Zhelatin.yu ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194494.dll Infecté : Trojan-Downloader.Win32.Mutant.yf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194504.sys Infecté : Trojan-Dropper.Win32.Agent.ror ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194519.exe Infecté : Trojan-Downloader.Win32.Tibs.aaf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194522.exe Infecté : Trojan-Downloader.Win32.Tibs.aah ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194523.exe Infecté : Trojan-Downloader.Win32.Tibs.aaf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194524.exe Infecté : Trojan-Downloader.Win32.Tibs.aaf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194526.exe Infecté : Trojan-Downloader.Win32.Tibs.aaf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194544.dll Infecté : Trojan-Downloader.Win32.Mutant.yf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0194555.sys Infecté : Trojan-Dropper.Win32.Agent.ror ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0195544.dll Infecté : Trojan-Downloader.Win32.Mutant.yf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0195555.sys Infecté : Trojan-Dropper.Win32.Agent.ror ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0195576.exe Infecté : Trojan-Downloader.Win32.Cntr.bs ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0195581.exe Infecté : Trojan-Downloader.Win32.Tibs.aah ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0195582.exe Infecté : Trojan-Downloader.Win32.Tibs.aah ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0195585.exe Infecté : Email-Worm.Win32.Zhelatin.yu ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0195586.exe Infecté : Trojan-Dropper.Win32.Small.bnd ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0195601.exe Infecté : Trojan-Downloader.Win32.Cntr.bs ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0195603.exe Infecté : Email-Worm.Win32.Zhelatin.yu ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0195606.exe Infecté : Trojan-Downloader.Win32.Tibs.aah ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0195607.exe Infecté : Trojan-Downloader.Win32.Tibs.aah ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0195609.exe Infecté : Trojan-Dropper.Win32.Small.bnd ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP619\A0195648.dll Infecté : Trojan-Downloader.Win32.Mutant.yf ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP627\A0198716.exe Infecté : Backdoor.Win32.Agent.ilg ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP627\A0198717.exe Infecté : Trojan-Proxy.Win32.Saturn.cu ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP627\A0198718.exe Infecté : Trojan-Downloader.Win32.Tibs.ym ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP627\A0198719.exe Infecté : Trojan-Downloader.Win32.Small.vrq ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP627\A0198720.exe Infecté : Backdoor.Win32.Agent.ilg ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP627\A0198721.exe Infecté : Backdoor.Win32.Agent.ilg ignoré
C:\System Volume Information\_restore{052FB5B4-BBAB-4CFB-A266-B1019E9F475A}\RP628\change.log L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\40399704.Evt Infecté : Trojan-Proxy.Win32.Saturn.cv ignoré
C:\WINDOWS\system32\config\47074424.Evt Infecté : Trojan-Proxy.Win32.Saturn.cv ignoré
C:\WINDOWS\system32\config\48883842.Evt Infecté : Trojan-Proxy.Win32.Saturn.cv ignoré
C:\WINDOWS\system32\config\Antivirus.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\atapi.sys L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\Temp\hsperfdata_SYSTEM\360 L'objet est verrouillé ignoré
C:\WINDOWS\Temp\Perflib_Perfdata_5ec.dat L'objet est verrouillé ignoré
C:\WINDOWS\Temp\_avast4_\Webshlock.txt L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré

Analyse terminée.




---------------------------------------------------------------------------
Rapport hijackthis :
---------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:58:21, on 02/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\PACKSC~1\backweb\361343\Program\SERVIC~1.EXE
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Pack Sécurité\backweb\361343\program\fsbwsys.exe
C:\Program Files\Pack Sécurité\Common\FSMA32.EXE
C:\Program Files\Pack Sécurité\Common\FSMB32.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MioNet\MioNetManager.exe
C:\Program Files\Pack Sécurité\backweb\361343\Program\fspex.exe
C:\Program Files\Pack Sécurité\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MioNet\jvm\bin\MioNet.exe
C:\Program Files\Pack Sécurité\Common\FAMEH32.EXE
C:\Program Files\Pack Sécurité\FSPC\fspc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Pack Sécurité\Common\FSM32.EXE
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Pack Sécurité\FSGUI\fsguidll.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Sécurité\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Pack Sécurité\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Sécurité\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Pack Sécurité.lnk = ?
O4 - Global Startup: TrayMin300.exe.lnk = C:\Program Files\Philips\SPC 200NC PC Camera\TrayMin200.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?343300c2b5ce497b9f67e4d4e239b0ca
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?343300c2b5ce497b9f67e4d4e239b0ca
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Pack Sécurité (BackWeb Plug-in - 361343) - Pack Securite - C:\PROGRA~1\PACKSC~1\backweb\361343\Program\SERVIC~1.EXE
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Pack Sécurité\backweb\361343\program\fsbwsys.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Sécurité\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MioNet Service (MioNet) - Unknown owner - C:\Program Files\MioNet\MioNetManager.exe
> Tonino
Je crois que le rapport hijackthis a été coupé.
Le revoici :

---------------------------------------------------------------
Rapport HijackThis
---------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:58:21, on 02/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\PACKSC~1\backweb\361343\Program\SERVIC~1.EXE
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Pack Sécurité\backweb\361343\program\fsbwsys.exe
C:\Program Files\Pack Sécurité\Common\FSMA32.EXE
C:\Program Files\Pack Sécurité\Common\FSMB32.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MioNet\MioNetManager.exe
C:\Program Files\Pack Sécurité\backweb\361343\Program\fspex.exe
C:\Program Files\Pack Sécurité\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MioNet\jvm\bin\MioNet.exe
C:\Program Files\Pack Sécurité\Common\FAMEH32.EXE
C:\Program Files\Pack Sécurité\FSPC\fspc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Pack Sécurité\Common\FSM32.EXE
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Pack Sécurité\FSGUI\fsguidll.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Sécurité\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Pack Sécurité\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Sécurité\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Pack Sécurité.lnk = ?
O4 - Global Startup: TrayMin300.exe.lnk = C:\Program Files\Philips\SPC 200NC PC Camera\TrayMin200.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?343300c2b5ce497b9f67e4d4e239b0ca
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?343300c2b5ce497b9f67e4d4e239b0ca
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Pack Sécurité (BackWeb Plug-in - 361343) - Pack Securite - C:\PROGRA~1\PACKSC~1\backweb\361343\Program\SERVIC~1.EXE
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Pack Sécurité\backweb\361343\program\fsbwsys.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Sécurité\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MioNet Service (MioNet) - Unknown owner - C:\Program Files\MioNet\MioNetManager.exe
Messages postés
2241
Date d'inscription
samedi 21 avril 2007
Statut
Contributeur sécurité
Dernière intervention
27 octobre 2012
122
Re,

On a bien avancé.

1/ Ouvre Hijackthis>"Do a scan only" et coche ceci :
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe,

Clique sur fix/réparer.

2/ * Télécharge OTMoveIt2 (de Old_Timer) sur ton bureau : http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
* Double-clique sur OTMoveIt.exe pour lancer le programme,
* Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste List of Files/Folders to Move" :

C:\$$tonio\SAV\found.exe.exe
C:\$$tonio\SAV\jkjkec.exe
C:\$$tonio\SAV\maxpaynow1.exe
C:\$$tonio\SAV\maxpaynowti1.exe
C:\$$tonio\SAV\vedxg4am1et2.exe
C:\$$tonio\SAV\vedxg6ame4.exe
C:\$$tonio\SAV\vedxga1me4t1.exe
C:\$$tonio\SAV\WinCtrl32.dll
C:\WINDOWS\system32\config\40399704.Evt
C:\WINDOWS\system32\config\47074424.Evt
C:\WINDOWS\system32\config\48883842.Evt
EmptyTemp


* Clique sur MoveIt! pour lancer la suppression,
* Le résultat appraraîtra dans le cadre Results.
* Clique sur Exit pour fermer le programme.
* Poste le rapport qui est situé ici : C:\\\_OTMoveIt\MovedFiles
* Il te sera peut-être demandé de redémarrer ton PC. Dans ce cas, clique sur Yes.

3/ * Prière d'imprimer ces instructions, ou de les coller dans un fichier texte pour lecture en mode Sans Échec.

* Télécharge Brute Force Uninstaller (de Merijn) : http://www.merijn.org/files/bfu.zip
* Créé un nouveau dossier directement sur le C:\ et nomme-le BFU. Décompresse le fichier téléchargé dans ce nouveau dossier (C:\BFU).
* Fais un clic droit ici : http://perso.orange.fr/Chercheur-perso/scripts/toolbar.bfu
et choisis "Enregistrer la cible sous..." afin de télécharger toolbar.bfu (de Chercheur). Sauvegarde dans le dossier créé (C:\BFU). **Note : si tu utlises Internet Explorer; lors de la sauvegarde, assure-toi que le champs "Type :" affiche "Tous les fichiers". Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : toolbar.bfu et BFU.exe (très important).
* Redémarre en mode Sans Échec : au redémarrage, tapote immédiatement la touche F8 ou F5 ; tu verras un écran avec choix de démarrages apparaître. Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée". Choisis ton compte usuel, et non Administrateur.
* Démarre le "Brute Force Uninstaller" en double-cliquant BFU.exe (du dossier C:\BFU).
o Clique sur le petit dossier jaune, à la droite de la boîte Scriptline to execute, et double-clique sur : toolbar.bfu
o Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\toolbar.bfu
o Clique sur Execute et laisse-le faire son travail.
o Attendre que Complete script execution apparaîsse et clique sur OK.
o Clique Exit pour fermer le programme BFU.
* Redémarre normalement.

4/ * Télécharge Navilog1 de Il-Mafioso : http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
* Installe-le en cliquant sur le fichier Navilog1.exe,
* Une fois l'installation terminée, le fix s'exécutera automatiquement. Si ce n'est pas le cas, double-cliquer dans ce cas sur le raccourci Navilog1 présent sur le bureau.
* Laisse-toi guider par les indications qui apparaissent.
* Au menu principal, choisis 1 et valide par Entrée. Ne fais pas le choix 2,3 ou 4 sans l'avis de la personne qui t'aide.
* Patiente jusqu'au message : *** Analyse terminée le ..... ***
* Appuie sur une touche comme demandé, le bloc-note va s'ouvrir.
* Copie-colle l'intégralité dans ta prochaine réponse.
* Referme le bloc-note.
* Le rapport sera sauvegardé dans le dossier sous fixnavi.txt.

Edite aussi un nouveau rapport Hijackthis avec le rapport OTMoveIt et le rapport Navilog.

FillPCA
Bonsoir,

Tu es plus rapide pour me donner les instructions que moi pour les exécuter !
OK pour les manips.
Les rapports suivent.

A+

Antoine

--------------------------------------------------------
Rapport OTMoveIt
--------------------------------------------------------
File/Folder C:\$$tonio\SAV\found.exe.exe not found.
File/Folder C:\$$tonio\SAV\jkjkec.exe not found.
File/Folder C:\$$tonio\SAV\maxpaynow1.exe not found.
File/Folder C:\$$tonio\SAV\maxpaynowti1.exe not found.
File/Folder C:\$$tonio\SAV\vedxg4am1et2.exe not found.
File/Folder C:\$$tonio\SAV\vedxg6ame4.exe not found.
File/Folder C:\$$tonio\SAV\vedxga1me4t1.exe not found.
File/Folder C:\$$tonio\SAV\WinCtrl32.dll not found.
C:\WINDOWS\system32\config\40399704.Evt moved successfully.
C:\WINDOWS\system32\config\47074424.Evt moved successfully.
C:\WINDOWS\system32\config\48883842.Evt moved successfully.
< EmptyTemp >
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF5683.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5ec.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\hsperfdata_SYSTEM\360 scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06022008_210841

Files moved on Reboot...
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF5683.tmp moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_5ec.dat not found!
File C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
File move failed. C:\WINDOWS\temp\hsperfdata_SYSTEM\360 scheduled to be moved on reboot.


--------------------------------------------------------
Rapport Navilog
--------------------------------------------------------

Search Navipromo version 3.5.7 commencé le 02/06/2008 à 21:29:06,00

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Administrateur"

Mise à jour le 11.05.2008 à 18h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Administrateur\applic~1" ***

...\MessengerSkinner trouvé !

*** Recherche dossiers dans "C:\Documents and Settings\Administrateur\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Administrateur\menudm~1\progra~1" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé


*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\Administrateur\locals~1\applic~1" *



*** Recherche fichiers ***



*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "C:\Documents and Settings\Administrateur\locals~1\applic~1" :

qlpknxsvru.dat trouvé !
qlpknxsvru_nav.dat trouvé !
qlpknxsvru_navps.dat trouvé !

3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 02/06/2008 à 21:33:52,62 ***

--------------------------------------------------------
Rapport HijackThis
--------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:40:04, on 02/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Pack Sécurité\Common\FSM32.EXE
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\PROGRA~1\PACKSC~1\backweb\361343\Program\SERVIC~1.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Pack Sécurité\backweb\361343\program\fsbwsys.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Pack Sécurité\Common\FSMA32.EXE
C:\Program Files\Pack Sécurité\Common\FSMB32.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MioNet\MioNetManager.exe
C:\Program Files\Pack Sécurité\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pack Sécurité\backweb\361343\Program\fspex.exe
C:\Program Files\Pack Sécurité\Common\FAMEH32.EXE
C:\Program Files\MioNet\jvm\bin\MioNet.exe
C:\Program Files\Pack Sécurité\FSPC\fspc.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\Pack Sécurité\FSGUI\fsguidll.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Sécurité\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Pack Sécurité\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Sécurité\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Pack Sécurité.lnk = ?
O4 - Global Startup: TrayMin300.exe.lnk = C:\Program Files\Philips\SPC 200NC PC Camera\TrayMin200.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?343300c2b5ce497b9f67e4d4e239b0ca
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?343300c2b5ce497b9f67e4d4e239b0ca
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Pack Sécurité (BackWeb Plug-in - 361343) - Pack Securite - C:\PROGRA~1\PACKSC~1\backweb\361343\Program\SERVIC~1.EXE
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Pack Sécurité\backweb\361343\program\fsbwsys.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Sécurité\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MioNet Service (MioNet) - Unknown owner - C:\Program Files\MioNet\MioNetManager.exe
> Tonino
Le rapport HijackThis a encore été tronqué.
Le voici dans son intégralité :

--------------------------------------------------------------
Rapport HijackThis
--------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:40:04, on 02/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Pack Sécurité\Common\FSM32.EXE
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\PROGRA~1\PACKSC~1\backweb\361343\Program\SERVIC~1.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Pack Sécurité\backweb\361343\program\fsbwsys.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Pack Sécurité\Common\FSMA32.EXE
C:\Program Files\Pack Sécurité\Common\FSMB32.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MioNet\MioNetManager.exe
C:\Program Files\Pack Sécurité\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pack Sécurité\backweb\361343\Program\fspex.exe
C:\Program Files\Pack Sécurité\Common\FAMEH32.EXE
C:\Program Files\MioNet\jvm\bin\MioNet.exe
C:\Program Files\Pack Sécurité\FSPC\fspc.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\Pack Sécurité\FSGUI\fsguidll.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Sécurité\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Pack Sécurité\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Sécurité\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Pack Sécurité.lnk = ?
O4 - Global Startup: TrayMin300.exe.lnk = C:\Program Files\Philips\SPC 200NC PC Camera\TrayMin200.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?343300c2b5ce497b9f67e4d4e239b0ca
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?343300c2b5ce497b9f67e4d4e239b0ca
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Pack Sécurité (BackWeb Plug-in - 361343) - Pack Securite - C:\PROGRA~1\PACKSC~1\backweb\361343\Program\SERVIC~1.EXE
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Pack Sécurité\backweb\361343\program\fsbwsys.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Sécurité\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MioNet Service (MioNet) - Unknown owner - C:\Program Files\MioNet\MioNetManager.exe
> Tonino
Ben non en fait il était complet. Je ne sais pourquoi la dernière ligne n'a pas été sélectionnée


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:40:04, on 02/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Pack Sécurité\Common\FSM32.EXE
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\PROGRA~1\PACKSC~1\backweb\361343\Program\SERVIC~1.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Pack Sécurité\backweb\361343\program\fsbwsys.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Pack Sécurité\Common\FSMA32.EXE
C:\Program Files\Pack Sécurité\Common\FSMB32.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MioNet\MioNetManager.exe
C:\Program Files\Pack Sécurité\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pack Sécurité\backweb\361343\Program\fspex.exe
C:\Program Files\Pack Sécurité\Common\FAMEH32.EXE
C:\Program Files\MioNet\jvm\bin\MioNet.exe
C:\Program Files\Pack Sécurité\FSPC\fspc.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\Pack Sécurité\FSGUI\fsguidll.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program

Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program

Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program

Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Sécurité\Common\FSM32.EXE"

/splash
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Pack Sécurité\FSGUI\FSSW.EXE"

/reboot
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Sécurité\FSGUI\TNBUtil.exe"

/CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe

SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y

"%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE

LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User

'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
O4 - Global Startup: Pack Sécurité.lnk = ?
O4 - Global Startup: TrayMin300.exe.lnk = C:\Program Files\Philips\SPC 200NC PC

Camera\TrayMin200.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL

Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live

Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites -

https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program

Files\Windows Live

Toolbar\Components\fr-fr\msntabres.dll.mui/229?343300c2b5ce497b9f67e4d4e239b0ca
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan -

res://C:\Program Files\Windows Live

Toolbar\Components\fr-fr\msntabres.dll.mui/230?343300c2b5ce497b9f67e4d4e239b0ca
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program

Files\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program

Files\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} -

C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\system32\Shdocvw.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -

https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program

Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\ashWebSv.exe
O23 - Service: Pack Sécurité (BackWeb Plug-in - 361343) - Pack Securite -

C:\PROGRA~1\PACKSC~1\backweb\361343\Program\SERVIC~1.EXE
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation -

C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY

Shared\Service\Boonty.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Pack

Sécurité\backweb\361343\program\fsbwsys.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program

Files\Pack Sécurité\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MioNet Service (MioNet) - Unknown owner - C:\Program

Files\MioNet\MioNetManager.exe
Messages postés
2241
Date d'inscription
samedi 21 avril 2007
Statut
Contributeur sécurité
Dernière intervention
27 octobre 2012
122
Re,

* Tu relances Navilog et cette fois tu choisis l'option 2.
* Le programme t'avertit que le PC va redémarrer.
* Ferme alors toutes les fenêtres et enregistre les documents personnels ouverts.
* Appuie sur une touche comme il est demandé. Si le PC ne redémarre pas, fais-le toi-même.
* Au redémarrage de ton PC, choisis ta session habituelle,
* Patiente jusqu'au message : "Nettoyage terminé le ...",
* Le bloc-note va s'ouvrir. Sauvegarde le rapport afin de le retrouver.
* Referme le bloc-note. Ton bureau va ré-apparaître.

NB : S'il ne le fait pas, fais CTRL+ALT+SUP pour faire apparaître le gestionnaire de tâches.
Rends-toi à l'onglet Processus, clique en haut à gauche sur "Fichiers" et choisis "Exécuter". Tape "explorer" et valide. Cela te fera ré-apparaître ton Bureau.

* Poste le rapport Navilog1 et un nouveau rapport Hijackthis.

Dis-moi comment le pc se porte.

Si ça va, je te donne les dernières instructions demain.

FillPCA
Salut,

Voici les rapports navilog et hijackthis.
A+

Antoine


------------------------------------------------------------
Rapport Navilog
------------------------------------------------------------




Clean Navipromo version 3.5.7 commencé le 03/06/2008 à 21:19:24,46

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Administrateur"

Mise à jour le 11.05.2008 à 18h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : NTFS

Mode suppression automatique
avec prise en charge résultats Catchme et GNS


Nettoyage exécuté au redémarrage de l'ordinateur



*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)


*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *


* Suppression dans "C:\Documents and Settings\Administrateur\locals~1\applic~1" *



*** Suppression dossiers dans "C:\WINDOWS" ***


*** Suppression dossiers dans "C:\Program Files" ***


*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Suppression dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\Administrateur\applic~1" ***

...\MessengerSkinner ...suppression...
...\MessengerSkinner supprimé !


*** Suppression dossiers dans "C:\Documents and Settings\Administrateur\locals~1\applic~1"

***


*** Suppression dossiers dans "C:\Documents and Settings\Administrateur\menudm~1\progra~1"

***



*** Suppression fichiers ***


*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Administrateur\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "C:\WINDOWS\system32" *


* Dans "C:\Documents and Settings\Administrateur\locals~1\applic~1" *

qlpknxsvru.dat trouvé !
Copie qlpknxsvru.dat réalisée avec succès !
qlpknxsvru.dat supprimé !

qlpknxsvru_nav.dat trouvé !
Copie qlpknxsvru_nav.dat réalisée avec succès !
qlpknxsvru_nav.dat supprimé !

qlpknxsvru_navps.dat trouvé !
Copie qlpknxsvru_navps.dat réalisée avec succès !
qlpknxsvru_navps.dat supprimé !


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltdt absent !

*** Nettoyage terminé le 03/06/2008 à 21:24:11,

------------------------------------------------------------
Rapport Hijackthis
------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:27:47, on 03/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\PACKSC~1\backweb\361343\Program\SERVIC~1.EXE
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Pack Sécurité\backweb\361343\program\fsbwsys.exe
C:\Program Files\Pack Sécurité\Common\FSMA32.EXE
C:\Program Files\Pack Sécurité\Common\FSMB32.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MioNet\MioNetManager.exe
C:\Program Files\Pack Sécurité\backweb\361343\Program\fspex.exe
C:\Program Files\Pack Sécurité\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MioNet\jvm\bin\MioNet.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Pack Sécurité\Common\FAMEH32.EXE
C:\Program Files\Pack Sécurité\FSPC\fspc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Pack Sécurité\Common\FSM32.EXE
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Pack Sécurité\FSGUI\fsguidll.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Sécurité\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Pack Sécurité\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Sécurité\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Pack Sécurité.lnk = ?
O4 - Global Startup: TrayMin300.exe.lnk = C:\Program Files\Philips\SPC 200NC PC Camera\TrayMin200.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?343300c2b5ce497b9f67e4d4e239b0ca
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?343300c2b5ce497b9f67e4d4e239b0ca
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Pack Sécurité (BackWeb Plug-in - 361343) - Pack Securite - C:\PROGRA~1\PACKSC~1\backweb\361343\Program\SERVIC~1.EXE
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Pack Sécurité\backweb\361343\program\fsbwsys.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Sécurité\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MioNet Service (MioNet) - Unknown owner - C:\Program Files\MioNet\MioNetManager.exe
Messages postés
2241
Date d'inscription
samedi 21 avril 2007
Statut
Contributeur sécurité
Dernière intervention
27 octobre 2012
122
Salut,

* Désinstalle Navilog :
o Soit par ajout/suppression des programmes,
o Soit par le menu Démarrer>Programmes>Navilog1>Désinstaller Navilog1
* Supprime le dossier C:\Program Files\Navilog1 s'il existe encore.

Peux-tu me dire comment le pc se porte ?

FillPCA
Ca a l'air sain.
Avast ne détecte plus rien. Il n'y a plus de messages intempestifs.
Le seul truc c'est ce message sur la licence windows qui n'existait pas avant.
Tu penses qu'il peut y avoir un lien ?

Je pense installer antivir qui parait un meilleur anti-virus, non ?

J'attends ton diagnostique pour crier victoire mais je pense que le pc est sorti d'affaire.

Je te remercie enormément de ma part et de celle de ma voisine pour tout le temps que tu as pris et pour ta patience.

Antoine
Messages postés
2241
Date d'inscription
samedi 21 avril 2007
Statut
Contributeur sécurité
Dernière intervention
27 octobre 2012
122
Salut,

1/ Ouvre ccleaner et clique sur "Lancer le nettoyage".

2/ * Télécharge Toolscleaner de A.Rothstein sur ton Bureau : http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe
* Double-clique sur ToolsCleaner2.exe>Recherche puis Suppression,
* Ton Bureau va peut-être disparaître. Ceci est normal.
* S'il ne réapparait pas, fais ceci : CTRL+ALT+SUP pour faire apparaître le gestionnaire de tâches.
Rends-toi à l'onglet Processus, clique en haut à gauche sur "Fichiers" et choisis "Exécuter". Tape "explorer" et valide. Cela te fera ré-apparaître ton Bureau.

3/ /!\ Maintenant que ton PC n'est plus infecté, désactive puis réactive ta "Restauration du système" afin de créer un point de restauration sain.
Pour désactiver ou activer la Restauration du système, tu dois ouvrir une session Administrateur sous Windows XP.
Désactivation:
Cliquer droit sur le "Poste de travail" > Propriétés > onglet "Restauration du système" > cocher la case "Désactiver la Restauration du système sur tous les lecteurs"
> Appliquer et Ok.
Activation:
Suivre le même chemin ; décocher la case "Désactiver la Restauration du système sur tous les lecteurs"
> Appliquer et Ok. Redémarrer l'ordinateur.
Comment faire pour...(lettre A): https://forum.pcastuces.com/comment_faire_pour__-f25s3902.htm

4/ Pour améliorer la sécurité de ton PC prend quelques instants pour lui faire lire ceci :

Sécuriser son PC +WIFI (versions "hot" & "light") : https://forum.pcastuces.com/default.asp

Prévention et protection - Comment vous prémunir : https://forum.pcastuces.com/sujet.asp?f=25&s=36131
.Le P2P et ses conséquences - Journal d'une infection attendue
https://forum.zebulon.fr/topic/85544-pr%C3%A9vention-le-p2p-et-ses-cons%C3%A9quences/

Pour le message, la licence du pc est-elle valide ou est-ce une version piratée ?

FillPCA
Salut FillPCA,

Désolé de mon long silence mais à la suite de mon précédent message mes voisins sont partis 15 jours en vacances, puis je me suis pété le pied et de fait j'ai un peu laché l'affaire.
Je garde tes derniers conseils sous le coude. Dès que j'en aurai le courage, je repasserai un peu de temps sur ce PC.
Pour la version de windows, je ne sais dire s'il est piraté ou non car bien qu'elle ait acheté la config toute montée à un professionnel, il n'y a pas trace de licence ... Mais avant ce message n'apparaissait pas, ce que je trouve bizarre et un peu suspect.

En tout cas, merci 1000 fois pour ta disponibilité, la rapidité et l'efficacité de tes conseils !

Antoine
Messages postés
2241
Date d'inscription
samedi 21 avril 2007
Statut
Contributeur sécurité
Dernière intervention
27 octobre 2012
122
Salut,

Content d'avoir pu t'aider. Bonne convalescence alors !

FillPCA