Trojan.Win32.Pakes.jwy Résolu

Question

Bonjour,
J'ai donc trojan sur mon pc que je ne parviens pas a faire partir. J'ai fais un scan en ligne kaspersky, fait tourner spybot, mais je pense qu'il est toujours la.
Pourriez vous me filer un coup de main s'il vous plait?

Voici le rapport Hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 21:41:16, on 15/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ASUS\NB Probe\NBProbe.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Progra~1\ASUS\WLAN Card Utilities\Center.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Asus\Asus ChkMail\ChkMail.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\ASWLSVC.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\mdm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\WinZip\winzip32.exe
C:\unzipped\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dartybox.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NB Probe] C:\Program Files\ASUS\NB Probe\NBProbe.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68"
O4 - HKLM\..\Run: [Control Center] C:\Progra~1\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
O4 - HKCU\..\Run: [Assistant DartyBox] C:\Program Files\DartyBox_v3\Bewan\AssistantDB\AssistantDB_Bewan.exe -m
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\Asus\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=https://www.asus.com/fr/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe" Start=service (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\DartyBox_v3\Bewan\NetAgent\jswpsapi.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: GetPDF Printing (Service1) - Unknown owner - C:\Program Files\GetPDF\GetPDFPrinting.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

ric991 · Answer

Bonsoir,

Pour commencer n'oublie pas de mettre acrobat reader a jour 

Ensuite, Télécharge MalwareByte's Anti-Malware 

Et installe le raccourci sur ton bureau

Double clique sur le fichier téléchargé pour lancer le processus d'installation


Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.


Une fois la mise à jour terminée, redémarre en mode sans échec
onglet "Recherche". Et Sélectionne "Exécuter un examen complet"
Clique sur "Rechercher"
- L'analyse démarre, le scan est relativement long, c'est normal.
A la fin de l'analyse, un message s'affiche :
« L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés. »


Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.

Si des malwares ont été détectés, clique sur Afficher les résultats.
Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse.

Copie colle ce rapport et poste-le dans ta prochaine réponse.

Derech · Answer

Bonjour, merci pour ta réponse,

voici le rapport de MBAM

Malwarebytes' Anti-Malware 1.29
Version de la base de données: 1276
Windows 5.1.2600 Service Pack 2

17/10/2008 15:57:13
mbam-log-2008-10-17 (15-57-06).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 117672
Temps écoulé: 2 hour(s), 29 minute(s), 28 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{def85c80-216a-43ab-af70-1665edbe2780} (Spyware.Sinowal) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000162-9980-0010-8000-00aa00389b71} (Rogue.WinAntivirus) -> No action taken.
HKEY_CLASSES_ROOT\AppID\ToolbarInst.DLL (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/uninst.bat (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\uninst.bat (Trojan.Agent) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\Downloaded Program Files\uninst.bat (Trojan.Agent) -> No action taken.

ric991 · Answer

Télécharge Lop S&D (de Angeldark et Eric71) sur le Bureau :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

.Double-cliques sur Lop S&D.exe pour lancer l'installation,
.Puis double-cliques sur le raccourci Lop S&D présent sur le Bureau.
.Séléctionnes la langue souhaitée , puis choisis l'Option 1 (Recherche)
Le scan prend moins d'une minute.
.A l'issue du scan, le bloc-notes va s'ouvrir avec le résultat de la recherche.
.Enregistres le rapport LopR.txt sur le Bureau pour le retrouver facilement, sinon il sauvegardé à la racine de la partition système : C:\LopR.txt

TUTO: http://bibou0007.com/outils-specifiques-f78/tutorial-lop-sd-t956.htm#11431 

Cordialement

Derech · Answer

Test

Derech · Answer

Je ne parviens pas a poster le rapport, à chaque fois j'ai un message de confirmation disant que mon message a bien été posté mais lorsque je reviens à la discussion il n'est pas visible. 
Le rapport est il trop long pour être posté?
Cordialement

^^Marie^^ · Answer

Salut

--------------------\ Lop S&D 4.2.4-5 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Mobile AMD Sempron(tm) Processor 3100+ )
BIOS : Default System BIOS
USER : Vincent ( Administrator )
BOOT : Normal boot
Antivirus : Kaspersky Internet Security 8.0.0.454 (Not Activated)
Firewall : Kaspersky Internet Security 8.0.0.454 (Not Activated)
C:\ (Local Disk) - FAT32 - Total : 32 Go Free : 5 Go
D:\ (Local Disk) - FAT32 - Total : 21 Go Free : 4 Go
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 02-10-2008|23:42 )
Option : [1] ( 17/10/2008|16:42 )

--------------------\ Listing des dossiers dans APPLIC~1

[28/03/2006|18:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[28/03/2006|18:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[28/03/2006|18:20] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[28/03/2006|18:42] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

[30/01/2007|13:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[19/01/2007|15:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
[06/05/2006|02:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[26/09/2006|13:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[05/10/2008|19:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DartyBox
[08/02/2007|14:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
[17/10/2008|16:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
[15/10/2008|23:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab Setup Files
[06/05/2006|18:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
[17/10/2008|13:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[19/09/2006|20:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com
[28/03/2006|18:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[28/03/2006|18:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[15/07/2007|16:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[06/02/2007|10:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SolidDocuments
[02/12/2006|19:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[28/03/2006|18:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[06/02/2007|12:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[28/08/2006|14:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[28/07/2006|11:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!

[28/03/2006|18:20] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[23/09/2006|18:04] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
[28/03/2006|18:20] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[06/01/2007|17:23] C:\DOCUME~1\VINCENT\APPLIC~1\{3C87C896-C2CD-4692-8FB9-C3C8358C2708}
[08/05/2006|13:35] C:\DOCUME~1\VINCENT\APPLIC~1\3M
[05/05/2006|21:19] C:\DOCUME~1\VINCENT\APPLIC~1\Adobe
[05/05/2006|21:49] C:\DOCUME~1\VINCENT\APPLIC~1\AdobeUM
[26/09/2006|14:07] C:\DOCUME~1\VINCENT\APPLIC~1\Apple Computer
[29/09/2006|14:38] C:\DOCUME~1\VINCENT\APPLIC~1\Azureus
[26/10/2007|19:32] C:\DOCUME~1\VINCENT\APPLIC~1\Cimaware
[11/08/2006|16:29] C:\DOCUME~1\VINCENT\APPLIC~1\Creative
[06/05/2006|02:16] C:\DOCUME~1\VINCENT\APPLIC~1\CyberLink
[05/10/2008|20:04] C:\DOCUME~1\VINCENT\APPLIC~1\DartyBox
[31/05/2006|23:46] C:\DOCUME~1\VINCENT\APPLIC~1\dvdcss
[16/10/2008|19:37] C:\DOCUME~1\VINCENT\APPLIC~1\Grisoft
[06/05/2006|16:08] C:\DOCUME~1\VINCENT\APPLIC~1\Help
[28/03/2006|18:28] C:\DOCUME~1\VINCENT\APPLIC~1\Identities
[24/07/2008|17:29] C:\DOCUME~1\VINCENT\APPLIC~1\InstallShield
[28/03/2006|18:49] C:\DOCUME~1\VINCENT\APPLIC~1\Macromedia
[17/10/2008|13:02] C:\DOCUME~1\VINCENT\APPLIC~1\Malwarebytes
[04/02/2007|17:47] C:\DOCUME~1\VINCENT\APPLIC~1\Media Player Classic
[28/03/2006|18:20] C:\DOCUME~1\VINCENT\APPLIC~1\Microsoft
[24/01/2007|01:45] C:\DOCUME~1\VINCENT\APPLIC~1\Mozilla
[22/03/2007|23:49] C:\DOCUME~1\VINCENT\APPLIC~1\Nvu
[09/01/2007|10:31] C:\DOCUME~1\VINCENT\APPLIC~1\Publish Providers
[05/02/2007|01:27] C:\DOCUME~1\VINCENT\APPLIC~1\Real
[03/11/2007|15:24] C:\DOCUME~1\VINCENT\APPLIC~1\SecondLife
[06/01/2007|17:22] C:\DOCUME~1\VINCENT\APPLIC~1\Seven Zip
[10/05/2006|22:56] C:\DOCUME~1\VINCENT\APPLIC~1\Skype
[17/01/2007|14:31] C:\DOCUME~1\VINCENT\APPLIC~1\SolidDocuments
[09/01/2007|10:25] C:\DOCUME~1\VINCENT\APPLIC~1\Sony
[24/08/2006|22:13] C:\DOCUME~1\VINCENT\APPLIC~1\Sowedoo Software
[24/02/2007|18:05] C:\DOCUME~1\VINCENT\APPLIC~1\Sphinx
[27/02/2007|19:03] C:\DOCUME~1\VINCENT\APPLIC~1\Sun
[28/03/2006|18:42] C:\DOCUME~1\VINCENT\APPLIC~1\Symantec
[09/03/2008|17:47] C:\DOCUME~1\VINCENT\APPLIC~1\Talkback
[22/06/2006|19:00] C:\DOCUME~1\VINCENT\APPLIC~1\Template
[02/10/2008|09:25] C:\DOCUME~1\VINCENT\APPLIC~1\U3
[25/01/2007|16:59] C:\DOCUME~1\VINCENT\APPLIC~1\uTorrent
[06/05/2006|18:24] C:\DOCUME~1\VINCENT\APPLIC~1\vlc
[29/04/2007|14:54] C:\DOCUME~1\VINCENT\APPLIC~1\VoipCheapCom

--------------------\ Tâches planifiées dans C:\WINDOWS\tasks

[30/06/2008 16:15][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[17/10/2008 16:14][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\ Listing des dossiers dans C:\Program Files

[08/05/2006|13:35] C:\Program Files\3M
[28/03/2006|18:35] C:\Program Files\Adobe
[11/01/2007|19:26] C:\Program Files\Adolix
[06/05/2006|02:01] C:\Program Files\Ahead
[04/12/2006|20:54] C:\Program Files\Alwil Software
[06/01/2007|17:23] C:\Program Files\AMR Converter Pro
[15/03/2007|18:52] C:\Program Files\Apple Software Update
[28/03/2006|18:38] C:\Program Files\Asus
[06/05/2006|02:10] C:\Program Files\ASUSTeK
[28/03/2006|18:36] C:\Program Files\AvRack
[19/02/2007|15:30] C:\Program Files\Azureus
[03/12/2006|17:19] C:\Program Files\CCleaner
[05/10/2008|19:50] C:\Program Files\CD_DartyBox
[26/10/2007|19:28] C:\Program Files\Cimaware
[05/10/2008|19:52] C:\Program Files\Citrix
[28/03/2006|18:26] C:\Program Files\ComPlus Applications
[05/10/2008|19:53] C:\Program Files\DartyBox_v3
[28/06/2007|01:33] C:\Program Files\DivX
[02/12/2006|20:13] C:\Program Files\Druide
[08/02/2007|14:55] C:\Program Files\DVD Shrink
[27/05/2006|01:04] C:\Program Files\eMule
[17/07/2007|19:45] C:\Program Files\EPSON
[28/03/2006|18:21] C:\Program Files\Fichiers communs
[25/07/2006|23:49] C:\Program Files\Gabest
[16/10/2008|19:37] C:\Program Files\Grisoft
[24/08/2006|19:58] C:\Program Files\Hewlett-Packard
[24/08/2006|20:11] C:\Program Files\HP
[28/03/2006|18:35] C:\Program Files\InstallShield Installation Information
[28/03/2006|18:27] C:\Program Files\Internet Explorer
[15/03/2007|18:59] C:\Program Files\iPod
[15/03/2007|18:59] C:\Program Files\iTunes
[27/05/2006|00:22] C:\Program Files\Java
[17/10/2008|16:11] C:\Program Files\Kaspersky Lab
[06/05/2006|17:30] C:\Program Files\Lavasoft
[19/08/2006|23:24] C:\Program Files\Logitech
[17/10/2008|13:02] C:\Program Files\Malwarebytes' Anti-Malware
[28/03/2006|18:26] C:\Program Files\Messenger
[03/06/2007|02:02] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[28/03/2006|18:28] C:\Program Files\microsoft frontpage
[06/05/2006|17:02] C:\Program Files\Microsoft Office
[10/10/2007|22:18] C:\Program Files\Microsoft Visual Studio
[06/05/2006|16:58] C:\Program Files\Microsoft Works
[15/01/2007|14:03] C:\Program Files\Microsoft.NET
[28/03/2006|18:27] C:\Program Files\Movie Maker
[24/01/2007|01:45] C:\Program Files\Mozilla Firefox
[09/10/2008|16:40] C:\Program Files\MSECache
[28/03/2006|18:26] C:\Program Files\MSN Gaming Zone
[24/02/2007|14:43] C:\Program Files\MSN Messenger
[28/03/2006|18:27] C:\Program Files\NetMeeting
[28/03/2006|18:26] C:\Program Files\Online Services
[28/03/2006|18:27] C:\Program Files\Outlook Express
[14/10/2008|19:08] C:\Program Files\Panda Security
[11/01/2007|19:16] C:\Program Files\PDF2W
[04/02/2007|17:36] C:\Program Files\PeerCast
[05/02/2007|01:41] C:\Program Files\PeerTV
[26/11/2006|20:31] C:\Program Files\PNG divers
[16/01/2007|16:35] C:\Program Files\psconvert
[07/02/2007|15:54] C:\Program Files\QuickTime
[05/02/2007|01:27] C:\Program Files\Real
[28/03/2006|18:36] C:\Program Files\Realtek Sound Manager
[05/10/2007|21:06] C:\Program Files\Securitoo
[28/03/2006|18:27] C:\Program Files\Services en ligne
[28/03/2006|18:40] C:\Program Files\SiS VGA Utilities V3.65g
[28/03/2006|18:40] C:\Program Files\sisagp
[15/07/2007|16:18] C:\Program Files\Skype
[17/01/2007|14:29] C:\Program Files\Soliddocuments
[09/01/2007|10:21] C:\Program Files\Sony
[06/01/2007|17:33] C:\Program Files\Sony Setup
[02/12/2006|20:23] C:\Program Files\Spybot - Search & Destroy
[13/09/2008|14:00] C:\Program Files\Sun
[04/12/2006|22:23] C:\Program Files\Sygate
[28/03/2006|18:41] C:\Program Files\Symantec
[28/03/2006|18:39] C:\Program Files\Synaptics
[05/10/2008|20:07] C:\Program Files\Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter
[30/03/2008|16:04] C:\Program Files\Veoh Networks
[08/05/2006|13:55] C:\Program Files\VideoLAN
[09/01/2007|10:31] C:\Program Files\VSTplugins
[27/05/2006|00:20] C:\Program Files\Wanadoo
[27/05/2006|00:21] C:\Program Files\Wanadoo Messager
[10/10/2007|22:21] C:\Program Files\Web Publish
[28/03/2006|18:26] C:\Program Files\Windows Media Player
[28/03/2006|18:25] C:\Program Files\Windows NT
[28/03/2006|18:27] C:\Program Files\WindowsUpdate
[06/05/2006|17:08] C:\Program Files\WinRAR
[06/05/2006|17:19] C:\Program Files\WinZip
[28/03/2006|18:28] C:\Program Files\xerox
[18/02/2007|20:42] C:\Program Files\Yahoo!
[16/01/2007|16:13] C:\Program Files\Zapu

--------------------\ Listing des dossiers dans C:\Program Files\Fichiers communs

[28/03/2006|18:35] C:\Program Files\Fichiers communs\Adobe
[06/05/2006|18:47] C:\Program Files\Fichiers communs\Adobe Systems Shared
[06/05/2006|02:01] C:\Program Files\Fichiers communs\Ahead
[06/05/2006|17:13] C:\Program Files\Fichiers communs\Designer
[28/03/2006|18:35] C:\Program Files\Fichiers communs\InstallShield
[20/02/2007|15:21] C:\Program Files\Fichiers communs\Java
[06/05/2006|02:07] C:\Program Files\Fichiers communs\LightScribe
[19/08/2006|23:25] C:\Program Files\Fichiers communs\Logitech
[28/03/2006|18:21] C:\Program Files\Fichiers communs\Microsoft Shared
[28/03/2006|18:27] C:\Program Files\Fichiers communs\MSSoap
[06/05/2006|02:04] C:\Program Files\Fichiers communs\Nero
[28/03/2006|18:21] C:\Program Files\Fichiers communs\ODBC
[05/02/2007|01:27] C:\Program Files\Fichiers communs\Real
[28/03/2006|18:27] C:\Program Files\Fichiers communs\Services
[15/07/2007|16:18] C:\Program Files\Fichiers communs\Skype
[28/03/2006|18:21] C:\Program Files\Fichiers communs\SpeechEngines
[28/03/2006|18:27] C:\Program Files\Fichiers communs\System

--------------------\ Process

( 43 Processes )

... OK !

--------------------\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\ Verification du Registre

..... OK !

--------------------\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-17 16:43:37
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\ Recherche d'autres infections

--------------------\ Cracks & Keygens ..

C:\DOCUME~1\VINCENT\Bureau\Musique\Tito & Tarantula\Little Bitch\03 Crack In The World.mp3
C:\DOCUME~1\VINCENT\Application Data\Azureus\torrents\Adobe_Acrobat_7.0_Professional_incl_KeyGen-PARADOX.3279131.TPB[1].torrent
C:\DOCUME~1\VINCENT\Application Data\Azureus\torrents\[isoHunt] Avast.Antivirus.Pro.v4.7.892.FR.Incl-Keygen.rar.torrent
C:\DOCUME~1\VINCENT\Application Data\Azureus\torrents\Antivirus - Avast Profesional + Keygen [mininova].torrent


[F:4][D:1]-> C:\DOCUME~1\Vincent\LOCALS~1\Temp
[F:15][D:0]-> C:\DOCUME~1\Vincent\Cookies
[F:293][D:5]-> C:\DOCUME~1\Vincent\LOCALS~1\TEMPOR~1\content.IE5
[F:2][D:0]-> C:\Recycled

1 - "C:\Lop SD\LopR_1.txt" - 17/10/2008|16:44 - Option : [1]

--------------------\ Fin du rapport a 16:44:45

Derech · Answer

Merci d'avoir posté le rapport

ric991 · Answer

tu relances lop et tu fait l'option 2 , comme expliqué, tu postes le rapport suivi d'un nouveau hijackthis , Merci

Relance Lop S&D
· Choisis cette fois ci l'Option 2 ( Suppression )
· Ne ferme pas la fenêtre lors de la suppression !
· Poste le rapport généré ( C:\lopR.txt )

( Si le Bureau ne réapparît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tapes explorer.exe et valide avec ok )

Derech · Answer

Suivi du rapport Hijackthis,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:12:53, on 18/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ASWLSVC.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ASUS\NB Probe\NBProbe.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE
C:\Progra~1\ASUS\WLAN Card Utilities\Center.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Asus\Asus ChkMail\ChkMail.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Vincent\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dartybox.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NB Probe] C:\Program Files\ASUS\NB Probe\NBProbe.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68"
O4 - HKLM\..\Run: [Control Center] C:\Progra~1\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
O4 - HKCU\..\Run: [Assistant DartyBox] C:\Program Files\DartyBox_v3\Bewan\AssistantDB\AssistantDB_Bewan.exe -m
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\Asus\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=https://www.asus.com/fr/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\DartyBox_v3\Bewan\NetAgent\jswpsapi.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: GetPDF Printing (Service1) - Unknown owner - C:\Program Files\GetPDF\GetPDFPrinting.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Vincent/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

ric991 · Answer

Tu n'as pas poster le rapport:  Lop S&D, dans va  C:\lopR.txt.
Il faudra aussi que tu fasses un tri dans tes toolbars, parce que ça te sert a rien en avoir plusieurs à part pour ralentir ta navigation.


O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

Sacabouffe · Answer

Salut
Un petit souci, voilà le rapport...

bonjour, voici le rapport


--------------------\ Lop S&D 4.2.4-5 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Mobile AMD Sempron(tm) Processor 3100+ )
BIOS : Default System BIOS
USER : Vincent ( Administrator )
BOOT : Normal boot
Antivirus : Kaspersky Internet Security 8.0.0.454 (Not Activated)
Firewall : Kaspersky Internet Security 8.0.0.454 (Not Activated)
C:\ (Local Disk) - FAT32 - Total : 32 Go Free : 5 Go
D:\ (Local Disk) - FAT32 - Total : 21 Go Free : 4 Go
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 02-10-2008|23:42 )
Option : [2] ( 18/10/2008|11:00 )


\\\\\\\\\\\\\\\


--------------------\ Listing des dossiers dans APPLIC~1

[28/03/2006|18:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[28/03/2006|18:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[28/03/2006|18:20] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[28/03/2006|18:42] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

[30/01/2007|13:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[19/01/2007|15:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
[06/05/2006|02:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[26/09/2006|13:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[05/10/2008|19:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DartyBox
[08/02/2007|14:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
[17/10/2008|16:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
[15/10/2008|23:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab Setup Files
[06/05/2006|18:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
[17/10/2008|13:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[19/09/2006|20:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com
[28/03/2006|18:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[28/03/2006|18:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[15/07/2007|16:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[06/02/2007|10:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SolidDocuments
[02/12/2006|19:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[28/03/2006|18:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[06/02/2007|12:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[28/08/2006|14:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[28/07/2006|11:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!

[28/03/2006|18:20] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[23/09/2006|18:04] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
[28/03/2006|18:20] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[06/01/2007|17:23] C:\DOCUME~1\VINCENT\APPLIC~1\{3C87C896-C2CD-4692-8FB9-C3C8358C2708}
[08/05/2006|13:35] C:\DOCUME~1\VINCENT\APPLIC~1\3M
[05/05/2006|21:19] C:\DOCUME~1\VINCENT\APPLIC~1\Adobe
[05/05/2006|21:49] C:\DOCUME~1\VINCENT\APPLIC~1\AdobeUM
[26/09/2006|14:07] C:\DOCUME~1\VINCENT\APPLIC~1\Apple Computer
[29/09/2006|14:38] C:\DOCUME~1\VINCENT\APPLIC~1\Azureus
[26/10/2007|19:32] C:\DOCUME~1\VINCENT\APPLIC~1\Cimaware
[11/08/2006|16:29] C:\DOCUME~1\VINCENT\APPLIC~1\Creative
[06/05/2006|02:16] C:\DOCUME~1\VINCENT\APPLIC~1\CyberLink
[05/10/2008|20:04] C:\DOCUME~1\VINCENT\APPLIC~1\DartyBox
[31/05/2006|23:46] C:\DOCUME~1\VINCENT\APPLIC~1\dvdcss
[16/10/2008|19:37] C:\DOCUME~1\VINCENT\APPLIC~1\Grisoft
[06/05/2006|16:08] C:\DOCUME~1\VINCENT\APPLIC~1\Help
[28/03/2006|18:28] C:\DOCUME~1\VINCENT\APPLIC~1\Identities
[24/07/2008|17:29] C:\DOCUME~1\VINCENT\APPLIC~1\InstallShield
[28/03/2006|18:49] C:\DOCUME~1\VINCENT\APPLIC~1\Macromedia
[17/10/2008|13:02] C:\DOCUME~1\VINCENT\APPLIC~1\Malwarebytes
[04/02/2007|17:47] C:\DOCUME~1\VINCENT\APPLIC~1\Media Player Classic
[28/03/2006|18:20] C:\DOCUME~1\VINCENT\APPLIC~1\Microsoft
[24/01/2007|01:45] C:\DOCUME~1\VINCENT\APPLIC~1\Mozilla
[22/03/2007|23:49] C:\DOCUME~1\VINCENT\APPLIC~1\Nvu
[09/01/2007|10:31] C:\DOCUME~1\VINCENT\APPLIC~1\Publish Providers
[05/02/2007|01:27] C:\DOCUME~1\VINCENT\APPLIC~1\Real
[03/11/2007|15:24] C:\DOCUME~1\VINCENT\APPLIC~1\SecondLife
[06/01/2007|17:22] C:\DOCUME~1\VINCENT\APPLIC~1\Seven Zip
[10/05/2006|22:56] C:\DOCUME~1\VINCENT\APPLIC~1\Skype
[17/01/2007|14:31] C:\DOCUME~1\VINCENT\APPLIC~1\SolidDocuments
[09/01/2007|10:25] C:\DOCUME~1\VINCENT\APPLIC~1\Sony
[24/08/2006|22:13] C:\DOCUME~1\VINCENT\APPLIC~1\Sowedoo Software
[24/02/2007|18:05] C:\DOCUME~1\VINCENT\APPLIC~1\Sphinx
[27/02/2007|19:03] C:\DOCUME~1\VINCENT\APPLIC~1\Sun
[28/03/2006|18:42] C:\DOCUME~1\VINCENT\APPLIC~1\Symantec
[09/03/2008|17:47] C:\DOCUME~1\VINCENT\APPLIC~1\Talkback
[22/06/2006|19:00] C:\DOCUME~1\VINCENT\APPLIC~1\Template
[02/10/2008|09:25] C:\DOCUME~1\VINCENT\APPLIC~1\U3
[25/01/2007|16:59] C:\DOCUME~1\VINCENT\APPLIC~1\uTorrent
[06/05/2006|18:24] C:\DOCUME~1\VINCENT\APPLIC~1\vlc
[29/04/2007|14:54] C:\DOCUME~1\VINCENT\APPLIC~1\VoipCheapCom

--------------------\ Tâches planifiées dans C:\WINDOWS\tasks

[30/06/2008 16:15][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[18/10/2008 10:38][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\ Listing des dossiers dans C:\Program Files

[08/05/2006|13:35] C:\Program Files\3M
[28/03/2006|18:35] C:\Program Files\Adobe
[11/01/2007|19:26] C:\Program Files\Adolix
[06/05/2006|02:01] C:\Program Files\Ahead
[04/12/2006|20:54] C:\Program Files\Alwil Software
[06/01/2007|17:23] C:\Program Files\AMR Converter Pro
[15/03/2007|18:52] C:\Program Files\Apple Software Update
[28/03/2006|18:38] C:\Program Files\Asus
[06/05/2006|02:10] C:\Program Files\ASUSTeK
[28/03/2006|18:36] C:\Program Files\AvRack
[19/02/2007|15:30] C:\Program Files\Azureus
[03/12/2006|17:19] C:\Program Files\CCleaner
[05/10/2008|19:50] C:\Program Files\CD_DartyBox
[26/10/2007|19:28] C:\Program Files\Cimaware
[05/10/2008|19:52] C:\Program Files\Citrix
[28/03/2006|18:26] C:\Program Files\ComPlus Applications
[05/10/2008|19:53] C:\Program Files\DartyBox_v3
[28/06/2007|01:33] C:\Program Files\DivX
[02/12/2006|20:13] C:\Program Files\Druide
[08/02/2007|14:55] C:\Program Files\DVD Shrink
[27/05/2006|01:04] C:\Program Files\eMule
[17/07/2007|19:45] C:\Program Files\EPSON
[28/03/2006|18:21] C:\Program Files\Fichiers communs
[25/07/2006|23:49] C:\Program Files\Gabest
[16/10/2008|19:37] C:\Program Files\Grisoft
[24/08/2006|19:58] C:\Program Files\Hewlett-Packard
[24/08/2006|20:11] C:\Program Files\HP
[28/03/2006|18:35] C:\Program Files\InstallShield Installation Information
[28/03/2006|18:27] C:\Program Files\Internet Explorer
[15/03/2007|18:59] C:\Program Files\iPod
[15/03/2007|18:59] C:\Program Files\iTunes
[27/05/2006|00:22] C:\Program Files\Java
[17/10/2008|16:11] C:\Program Files\Kaspersky Lab
[06/05/2006|17:30] C:\Program Files\Lavasoft
[19/08/2006|23:24] C:\Program Files\Logitech
[17/10/2008|13:02] C:\Program Files\Malwarebytes' Anti-Malware
[28/03/2006|18:26] C:\Program Files\Messenger
[03/06/2007|02:02] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[28/03/2006|18:28] C:\Program Files\microsoft frontpage
[06/05/2006|17:02] C:\Program Files\Microsoft Office
[10/10/2007|22:18] C:\Program Files\Microsoft Visual Studio
[06/05/2006|16:58] C:\Program Files\Microsoft Works
[15/01/2007|14:03] C:\Program Files\Microsoft.NET
[28/03/2006|18:27] C:\Program Files\Movie Maker
[24/01/2007|01:45] C:\Program Files\Mozilla Firefox
[09/10/2008|16:40] C:\Program Files\MSECache
[28/03/2006|18:26] C:\Program Files\MSN Gaming Zone
[24/02/2007|14:43] C:\Program Files\MSN Messenger
[28/03/2006|18:27] C:\Program Files\NetMeeting
[28/03/2006|18:26] C:\Program Files\Online Services
[28/03/2006|18:27] C:\Program Files\Outlook Express
[14/10/2008|19:08] C:\Program Files\Panda Security
[11/01/2007|19:16] C:\Program Files\PDF2W
[04/02/2007|17:36] C:\Program Files\PeerCast
[05/02/2007|01:41] C:\Program Files\PeerTV
[26/11/2006|20:31] C:\Program Files\PNG divers
[16/01/2007|16:35] C:\Program Files\psconvert
[07/02/2007|15:54] C:\Program Files\QuickTime
[05/02/2007|01:27] C:\Program Files\Real
[28/03/2006|18:36] C:\Program Files\Realtek Sound Manager
[05/10/2007|21:06] C:\Program Files\Securitoo
[28/03/2006|18:27] C:\Program Files\Services en ligne
[28/03/2006|18:40] C:\Program Files\SiS VGA Utilities V3.65g
[28/03/2006|18:40] C:\Program Files\sisagp
[15/07/2007|16:18] C:\Program Files\Skype
[17/01/2007|14:29] C:\Program Files\Soliddocuments
[09/01/2007|10:21] C:\Program Files\Sony
[06/01/2007|17:33] C:\Program Files\Sony Setup
[02/12/2006|20:23] C:\Program Files\Spybot - Search & Destroy
[13/09/2008|14:00] C:\Program Files\Sun
[04/12/2006|22:23] C:\Program Files\Sygate
[28/03/2006|18:41] C:\Program Files\Symantec
[28/03/2006|18:39] C:\Program Files\Synaptics
[05/10/2008|20:07] C:\Program Files\Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter
[30/03/2008|16:04] C:\Program Files\Veoh Networks
[08/05/2006|13:55] C:\Program Files\VideoLAN
[09/01/2007|10:31] C:\Program Files\VSTplugins
[27/05/2006|00:20] C:\Program Files\Wanadoo
[27/05/2006|00:21] C:\Program Files\Wanadoo Messager
[10/10/2007|22:21] C:\Program Files\Web Publish
[28/03/2006|18:26] C:\Program Files\Windows Media Player
[28/03/2006|18:25] C:\Program Files\Windows NT
[28/03/2006|18:27] C:\Program Files\WindowsUpdate
[06/05/2006|17:08] C:\Program Files\WinRAR
[06/05/2006|17:19] C:\Program Files\WinZip
[28/03/2006|18:28] C:\Program Files\xerox
[18/02/2007|20:42] C:\Program Files\Yahoo!
[16/01/2007|16:13] C:\Program Files\Zapu

--------------------\ Listing des dossiers dans C:\Program Files\Fichiers communs

[28/03/2006|18:35] C:\Program Files\Fichiers communs\Adobe
[06/05/2006|18:47] C:\Program Files\Fichiers communs\Adobe Systems Shared
[06/05/2006|02:01] C:\Program Files\Fichiers communs\Ahead
[06/05/2006|17:13] C:\Program Files\Fichiers communs\Designer
[28/03/2006|18:35] C:\Program Files\Fichiers communs\InstallShield
[20/02/2007|15:21] C:\Program Files\Fichiers communs\Java
[06/05/2006|02:07] C:\Program Files\Fichiers communs\LightScribe
[19/08/2006|23:25] C:\Program Files\Fichiers communs\Logitech
[28/03/2006|18:21] C:\Program Files\Fichiers communs\Microsoft Shared
[28/03/2006|18:27] C:\Program Files\Fichiers communs\MSSoap
[06/05/2006|02:04] C:\Program Files\Fichiers communs\Nero
[28/03/2006|18:21] C:\Program Files\Fichiers communs\ODBC
[05/02/2007|01:27] C:\Program Files\Fichiers communs\Real
[28/03/2006|18:27] C:\Program Files\Fichiers communs\Services
[15/07/2007|16:18] C:\Program Files\Fichiers communs\Skype
[28/03/2006|18:21] C:\Program Files\Fichiers communs\SpeechEngines
[28/03/2006|18:27] C:\Program Files\Fichiers communs\System

--------------------\ Process

( 41 Processes )

... OK !

--------------------\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\ Verification du Registre

..... OK !

--------------------\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-18 11:02:54
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\ Recherche d'autres infections

--------------------\ Cracks & Keygens ..

C:\DOCUME~1\VINCENT\Bureau\Musique\Tito & Tarantula\Little Bitch\03 Crack In The World.mp3
C:\DOCUME~1\VINCENT\Application Data\Azureus\torrents\Adobe_Acrobat_7.0_Professional_incl_KeyGen-PARADOX.3279131.TPB[1].torrent
C:\DOCUME~1\VINCENT\Application Data\Azureus\torrents\[isoHunt] Avast.Antivirus.Pro.v4.7.892.FR.Incl-Keygen.rar.torrent
C:\DOCUME~1\VINCENT\Application Data\Azureus\torrents\Antivirus - Avast Profesional + Keygen [mininova].torrent


[F:11][D:5]-> C:\DOCUME~1\Vincent\LOCALS~1\Temp
[F:18][D:0]-> C:\DOCUME~1\Vincent\Cookies
[F:305][D:5]-> C:\DOCUME~1\Vincent\LOCALS~1\TEMPOR~1\content.IE5
[F:2][D:0]-> C:\Recycled

1 - "C:\Lop SD\LopR_1.txt" - 17/10/2008|16:44 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 18/10/2008|11:04 - Option : [2]

--------------------\ Fin du rapport a 11:04:01

Bonne continuation ;-)

Derech · Answer

J'ai posté le rapport LOP S&D, mais il me semble que ce post est géré par le modérateur du site (Marie). De la même manière hier je l'ai posté trois fois et il n'est pas apparu desuite. C'est Marie qui l'a posté a posteriori.
J'essaye un nouvelle fois de le poster
Merci pour l'astuce au niveau de la toolbars

Derech · Answer

Merci

ric991 · Answer

Vire tout tes cracks, keygens, etc

ric991 · Answer

Va sur: https://www.virustotal.com/gui/
Et verifie ce fichier: Tu le recherches en faisant parcourir:
C:\WINDOWS\system32\sistray.exe (si tu trouve pas fait une recherche un incluant les fichiers cachés)

Cordialement

^^Marie^^ · Answer

lu




--------------------\ Lop S&D 4.2.4-5 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Mobile AMD Sempron(tm) Processor 3100+ )
BIOS : Default System BIOS
USER : Vincent ( Administrator )
BOOT : Normal boot
Antivirus : Kaspersky Internet Security 8.0.0.454 (Not Activated)
Firewall : Kaspersky Internet Security 8.0.0.454 (Not Activated)
C:\ (Local Disk) - FAT32 - Total : 32 Go Free : 5 Go
D:\ (Local Disk) - FAT32 - Total : 21 Go Free : 4 Go
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 02-10-2008|23:42 )
Option : [2] ( 18/10/2008|11:00 )


\\\\\\\\\\\\\\\


--------------------\ Listing des dossiers dans APPLIC~1

[28/03/2006|18:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[28/03/2006|18:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[28/03/2006|18:20] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[28/03/2006|18:42] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

[30/01/2007|13:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[19/01/2007|15:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
[06/05/2006|02:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[26/09/2006|13:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[05/10/2008|19:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DartyBox
[08/02/2007|14:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
[17/10/2008|16:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
[15/10/2008|23:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab Setup Files
[06/05/2006|18:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
[17/10/2008|13:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[19/09/2006|20:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com
[28/03/2006|18:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[28/03/2006|18:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[15/07/2007|16:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[06/02/2007|10:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SolidDocuments
[02/12/2006|19:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[28/03/2006|18:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[06/02/2007|12:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[28/08/2006|14:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[28/07/2006|11:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!

[28/03/2006|18:20] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[23/09/2006|18:04] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
[28/03/2006|18:20] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[06/01/2007|17:23] C:\DOCUME~1\VINCENT\APPLIC~1\{3C87C896-C2CD-4692-8FB9-C3C8358C2708}
[08/05/2006|13:35] C:\DOCUME~1\VINCENT\APPLIC~1\3M
[05/05/2006|21:19] C:\DOCUME~1\VINCENT\APPLIC~1\Adobe
[05/05/2006|21:49] C:\DOCUME~1\VINCENT\APPLIC~1\AdobeUM
[26/09/2006|14:07] C:\DOCUME~1\VINCENT\APPLIC~1\Apple Computer
[29/09/2006|14:38] C:\DOCUME~1\VINCENT\APPLIC~1\Azureus
[26/10/2007|19:32] C:\DOCUME~1\VINCENT\APPLIC~1\Cimaware
[11/08/2006|16:29] C:\DOCUME~1\VINCENT\APPLIC~1\Creative
[06/05/2006|02:16] C:\DOCUME~1\VINCENT\APPLIC~1\CyberLink
[05/10/2008|20:04] C:\DOCUME~1\VINCENT\APPLIC~1\DartyBox
[31/05/2006|23:46] C:\DOCUME~1\VINCENT\APPLIC~1\dvdcss
[16/10/2008|19:37] C:\DOCUME~1\VINCENT\APPLIC~1\Grisoft
[06/05/2006|16:08] C:\DOCUME~1\VINCENT\APPLIC~1\Help
[28/03/2006|18:28] C:\DOCUME~1\VINCENT\APPLIC~1\Identities
[24/07/2008|17:29] C:\DOCUME~1\VINCENT\APPLIC~1\InstallShield
[28/03/2006|18:49] C:\DOCUME~1\VINCENT\APPLIC~1\Macromedia
[17/10/2008|13:02] C:\DOCUME~1\VINCENT\APPLIC~1\Malwarebytes
[04/02/2007|17:47] C:\DOCUME~1\VINCENT\APPLIC~1\Media Player Classic
[28/03/2006|18:20] C:\DOCUME~1\VINCENT\APPLIC~1\Microsoft
[24/01/2007|01:45] C:\DOCUME~1\VINCENT\APPLIC~1\Mozilla
[22/03/2007|23:49] C:\DOCUME~1\VINCENT\APPLIC~1\Nvu
[09/01/2007|10:31] C:\DOCUME~1\VINCENT\APPLIC~1\Publish Providers
[05/02/2007|01:27] C:\DOCUME~1\VINCENT\APPLIC~1\Real
[03/11/2007|15:24] C:\DOCUME~1\VINCENT\APPLIC~1\SecondLife
[06/01/2007|17:22] C:\DOCUME~1\VINCENT\APPLIC~1\Seven Zip
[10/05/2006|22:56] C:\DOCUME~1\VINCENT\APPLIC~1\Skype
[17/01/2007|14:31] C:\DOCUME~1\VINCENT\APPLIC~1\SolidDocuments
[09/01/2007|10:25] C:\DOCUME~1\VINCENT\APPLIC~1\Sony
[24/08/2006|22:13] C:\DOCUME~1\VINCENT\APPLIC~1\Sowedoo Software
[24/02/2007|18:05] C:\DOCUME~1\VINCENT\APPLIC~1\Sphinx
[27/02/2007|19:03] C:\DOCUME~1\VINCENT\APPLIC~1\Sun
[28/03/2006|18:42] C:\DOCUME~1\VINCENT\APPLIC~1\Symantec
[09/03/2008|17:47] C:\DOCUME~1\VINCENT\APPLIC~1\Talkback
[22/06/2006|19:00] C:\DOCUME~1\VINCENT\APPLIC~1\Template
[02/10/2008|09:25] C:\DOCUME~1\VINCENT\APPLIC~1\U3
[25/01/2007|16:59] C:\DOCUME~1\VINCENT\APPLIC~1\uTorrent
[06/05/2006|18:24] C:\DOCUME~1\VINCENT\APPLIC~1\vlc
[29/04/2007|14:54] C:\DOCUME~1\VINCENT\APPLIC~1\VoipCheapCom

--------------------\ Tâches planifiées dans C:\WINDOWS\tasks

[30/06/2008 16:15][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[18/10/2008 10:38][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\ Listing des dossiers dans C:\Program Files

[08/05/2006|13:35] C:\Program Files\3M
[28/03/2006|18:35] C:\Program Files\Adobe
[11/01/2007|19:26] C:\Program Files\Adolix
[06/05/2006|02:01] C:\Program Files\Ahead
[04/12/2006|20:54] C:\Program Files\Alwil Software
[06/01/2007|17:23] C:\Program Files\AMR Converter Pro
[15/03/2007|18:52] C:\Program Files\Apple Software Update
[28/03/2006|18:38] C:\Program Files\Asus
[06/05/2006|02:10] C:\Program Files\ASUSTeK
[28/03/2006|18:36] C:\Program Files\AvRack
[19/02/2007|15:30] C:\Program Files\Azureus
[03/12/2006|17:19] C:\Program Files\CCleaner
[05/10/2008|19:50] C:\Program Files\CD_DartyBox
[26/10/2007|19:28] C:\Program Files\Cimaware
[05/10/2008|19:52] C:\Program Files\Citrix
[28/03/2006|18:26] C:\Program Files\ComPlus Applications
[05/10/2008|19:53] C:\Program Files\DartyBox_v3
[28/06/2007|01:33] C:\Program Files\DivX
[02/12/2006|20:13] C:\Program Files\Druide
[08/02/2007|14:55] C:\Program Files\DVD Shrink
[27/05/2006|01:04] C:\Program Files\eMule
[17/07/2007|19:45] C:\Program Files\EPSON
[28/03/2006|18:21] C:\Program Files\Fichiers communs
[25/07/2006|23:49] C:\Program Files\Gabest
[16/10/2008|19:37] C:\Program Files\Grisoft
[24/08/2006|19:58] C:\Program Files\Hewlett-Packard
[24/08/2006|20:11] C:\Program Files\HP
[28/03/2006|18:35] C:\Program Files\InstallShield Installation Information
[28/03/2006|18:27] C:\Program Files\Internet Explorer
[15/03/2007|18:59] C:\Program Files\iPod
[15/03/2007|18:59] C:\Program Files\iTunes
[27/05/2006|00:22] C:\Program Files\Java
[17/10/2008|16:11] C:\Program Files\Kaspersky Lab
[06/05/2006|17:30] C:\Program Files\Lavasoft
[19/08/2006|23:24] C:\Program Files\Logitech
[17/10/2008|13:02] C:\Program Files\Malwarebytes' Anti-Malware
[28/03/2006|18:26] C:\Program Files\Messenger
[03/06/2007|02:02] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[28/03/2006|18:28] C:\Program Files\microsoft frontpage
[06/05/2006|17:02] C:\Program Files\Microsoft Office
[10/10/2007|22:18] C:\Program Files\Microsoft Visual Studio
[06/05/2006|16:58] C:\Program Files\Microsoft Works
[15/01/2007|14:03] C:\Program Files\Microsoft.NET
[28/03/2006|18:27] C:\Program Files\Movie Maker
[24/01/2007|01:45] C:\Program Files\Mozilla Firefox
[09/10/2008|16:40] C:\Program Files\MSECache
[28/03/2006|18:26] C:\Program Files\MSN Gaming Zone
[24/02/2007|14:43] C:\Program Files\MSN Messenger
[28/03/2006|18:27] C:\Program Files\NetMeeting
[28/03/2006|18:26] C:\Program Files\Online Services
[28/03/2006|18:27] C:\Program Files\Outlook Express
[14/10/2008|19:08] C:\Program Files\Panda Security
[11/01/2007|19:16] C:\Program Files\PDF2W
[04/02/2007|17:36] C:\Program Files\PeerCast
[05/02/2007|01:41] C:\Program Files\PeerTV
[26/11/2006|20:31] C:\Program Files\PNG divers
[16/01/2007|16:35] C:\Program Files\psconvert
[07/02/2007|15:54] C:\Program Files\QuickTime
[05/02/2007|01:27] C:\Program Files\Real
[28/03/2006|18:36] C:\Program Files\Realtek Sound Manager
[05/10/2007|21:06] C:\Program Files\Securitoo
[28/03/2006|18:27] C:\Program Files\Services en ligne
[28/03/2006|18:40] C:\Program Files\SiS VGA Utilities V3.65g
[28/03/2006|18:40] C:\Program Files\sisagp
[15/07/2007|16:18] C:\Program Files\Skype
[17/01/2007|14:29] C:\Program Files\Soliddocuments
[09/01/2007|10:21] C:\Program Files\Sony
[06/01/2007|17:33] C:\Program Files\Sony Setup
[02/12/2006|20:23] C:\Program Files\Spybot - Search & Destroy
[13/09/2008|14:00] C:\Program Files\Sun
[04/12/2006|22:23] C:\Program Files\Sygate
[28/03/2006|18:41] C:\Program Files\Symantec
[28/03/2006|18:39] C:\Program Files\Synaptics
[05/10/2008|20:07] C:\Program Files\Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter
[30/03/2008|16:04] C:\Program Files\Veoh Networks
[08/05/2006|13:55] C:\Program Files\VideoLAN
[09/01/2007|10:31] C:\Program Files\VSTplugins
[27/05/2006|00:20] C:\Program Files\Wanadoo
[27/05/2006|00:21] C:\Program Files\Wanadoo Messager
[10/10/2007|22:21] C:\Program Files\Web Publish
[28/03/2006|18:26] C:\Program Files\Windows Media Player
[28/03/2006|18:25] C:\Program Files\Windows NT
[28/03/2006|18:27] C:\Program Files\WindowsUpdate
[06/05/2006|17:08] C:\Program Files\WinRAR
[06/05/2006|17:19] C:\Program Files\WinZip
[28/03/2006|18:28] C:\Program Files\xerox
[18/02/2007|20:42] C:\Program Files\Yahoo!
[16/01/2007|16:13] C:\Program Files\Zapu

--------------------\ Listing des dossiers dans C:\Program Files\Fichiers communs

[28/03/2006|18:35] C:\Program Files\Fichiers communs\Adobe
[06/05/2006|18:47] C:\Program Files\Fichiers communs\Adobe Systems Shared
[06/05/2006|02:01] C:\Program Files\Fichiers communs\Ahead
[06/05/2006|17:13] C:\Program Files\Fichiers communs\Designer
[28/03/2006|18:35] C:\Program Files\Fichiers communs\InstallShield
[20/02/2007|15:21] C:\Program Files\Fichiers communs\Java
[06/05/2006|02:07] C:\Program Files\Fichiers communs\LightScribe
[19/08/2006|23:25] C:\Program Files\Fichiers communs\Logitech
[28/03/2006|18:21] C:\Program Files\Fichiers communs\Microsoft Shared
[28/03/2006|18:27] C:\Program Files\Fichiers communs\MSSoap
[06/05/2006|02:04] C:\Program Files\Fichiers communs\Nero
[28/03/2006|18:21] C:\Program Files\Fichiers communs\ODBC
[05/02/2007|01:27] C:\Program Files\Fichiers communs\Real
[28/03/2006|18:27] C:\Program Files\Fichiers communs\Services
[15/07/2007|16:18] C:\Program Files\Fichiers communs\Skype
[28/03/2006|18:21] C:\Program Files\Fichiers communs\SpeechEngines
[28/03/2006|18:27] C:\Program Files\Fichiers communs\System

--------------------\ Process

( 41 Processes )

... OK !

--------------------\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\ Verification du Registre

..... OK !

--------------------\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-18 11:02:54
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\ Recherche d'autres infections

--------------------\ Cracks & Keygens ..

C:\DOCUME~1\VINCENT\Bureau\Musique\Tito & Tarantula\Little Bitch\03 Crack In The World.mp3
C:\DOCUME~1\VINCENT\Application Data\Azureus\torrents\Adobe_Acrobat_7.0_Professional_incl_KeyGen-PARADOX.3279131.TPB[1].torrent
C:\DOCUME~1\VINCENT\Application Data\Azureus\torrents\[isoHunt] Avast.Antivirus.Pro.v4.7.892.FR.Incl-Keygen.rar.torrent
C:\DOCUME~1\VINCENT\Application Data\Azureus\torrents\Antivirus - Avast Profesional + Keygen [mininova].torrent


[F:11][D:5]-> C:\DOCUME~1\Vincent\LOCALS~1\Temp
[F:18][D:0]-> C:\DOCUME~1\Vincent\Cookies
[F:305][D:5]-> C:\DOCUME~1\Vincent\LOCALS~1\TEMPOR~1\content.IE5
[F:2][D:0]-> C:\Recycled

1 - "C:\Lop SD\LopR_1.txt" - 17/10/2008|16:44 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 18/10/2008|11:04 - Option : [2]

--------------------\ Fin du rapport a 11:04:01

ric991 · Answer

Ton antivrus n'est pas activé?
Antivirus : Kaspersky Internet Security 8.0.0.454 (Not Activated)
Firewall : Kaspersky Internet Security 8.0.0.454 (Not Activated)

Comme dit plus haut commence par viré tout tes cracks

Derech · Answer

C'est fait, résultat 0/36 le fichier ne semble pas infecté
cordialement

ric991 · Answer

d'accord

Derech · Answer

Non j'ai viré mon antivirus ainsi que mon firewall sigate, sinon je ne peux plus accéder a Internet.
J'ai supprimé mes cracks

ric991 · Answer

Fais un scan en ligne avec Bitdfender 
Suit le tutoriel: https://forum.pcastuces.com/default.asp et poste le rapport

ric991 · Answer

Après avoir posté le rapport bitdefender:

Télécharge http://www.downloads.subratam.org/l2mfix.exe
- Double clic sur l2mfix.exe pour lancer l'extraction
- Dans le dossier l2mfix, double clic sur l2mfix.bat, appuie sur n'importe quelle touche puis choisis l'option #1 (et pas autre chose) et valide avec la touche entrée.
- Le bloc note va s'ouvrir avec le résultat du scan.
- Fais un copier coller du résultat ici.

Derech · Answer

BitDefender Online Scanner
  
  
 
Rapport d'analyse généré à: Sat, Oct 18, 2008 - 15:16:07
 
 
  
  
 
Voie d'analyse: C:\;D:\;E:\;
  
  
 
 
  
  
 
Statistiques
 
Temps
 00:25:31
 
Fichiers
 70803
 
Directoires
 7950
 
Secteurs de boot
 0
 
Archives
 1492
 
Paquets programmes
 4313
 
  
  
 
Résultats
 
Virus identifiés
 2
 
Fichiers infectés
 4
 
Fichiers suspects
 4
 
Avertissements
 0
 
Désinfectés
 0
 
Fichiers effacés
 8
 
  
  
 
Info sur les moteurs
 
Définition virus
 1900702
 
Version des moteurs
 AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)
 
Analyse des plugins
 16
 
Archive des plugins
 43
 
Unpack des plugins
 7
 
E-mail plugins
 6
 
Système plugins
 4
 
  
  
 
Paramètres d'analyse
 
Première action
 Désinfecté
 
Seconde Action
 Supprimé
 
Heuristique
 Oui
 
Acceptez les avertissements
 Oui
 
Extensions analysées
 exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;
 
Excludez les extensions
  
 
Analyse d'emails
 Oui
 
Analyse des Archives
 Oui
 
Analyser paquets programmes
 Oui
 
Analyse des fichiers
 Oui
 
Analyse de boot
 Oui
 
  
  
 
  Fichier analysé
  Statut
 
C:\WINDOWS\VmluY2VudA\pA5RsZpRxE.vbs
 Détecté avec: Adware.Isearch.D
 
C:\WINDOWS\VmluY2VudA\pA5RsZpRxE.vbs
 Supprimé
 
C:\Documents and Settings\Vincent\Bureau\Société Générale\Macros\Macro SC All Books.xls
 Suspecté de: Macro.VBA
 
C:\Documents and Settings\Vincent\Bureau\Société Générale\Macros\Macro SC All Books.xls
 Echec de la désinfection
 
C:\Documents and Settings\Vincent\Bureau\Société Générale\Macros\Macro SC All Books.xls
 Supprimé
 
C:\Documents and Settings\Vincent\Bureau\Société Générale\Macros\Macro SC Traders.xls
 Suspecté de: Macro.VBA
 
C:\Documents and Settings\Vincent\Bureau\Société Générale\Macros\Macro SC Traders.xls
 Echec de la désinfection
 
C:\Documents and Settings\Vincent\Bureau\Société Générale\Macros\Macro SC Traders.xls
 Supprimé
 
C:\Documents and Settings\Vincent\Bureau\Rapport de Stage\Macro\Macro SC All Books.xls
 Suspecté de: Macro.VBA
 
C:\Documents and Settings\Vincent\Bureau\Rapport de Stage\Macro\Macro SC All Books.xls
 Echec de la désinfection
 
C:\Documents and Settings\Vincent\Bureau\Rapport de Stage\Macro\Macro SC All Books.xls
 Supprimé
 
C:\Documents and Settings\Vincent\Bureau\Rapport de Stage\Macro\Macro SC Traders.xls
 Suspecté de: Macro.VBA
 
C:\Documents and Settings\Vincent\Bureau\Rapport de Stage\Macro\Macro SC Traders.xls
 Echec de la désinfection
 
C:\Documents and Settings\Vincent\Bureau\Rapport de Stage\Macro\Macro SC Traders.xls
 Supprimé
 
C:\System Volume Information\_restore{CA360996-2CA9-4735-8209-413D4E360189}\RP373\A0089964.vbs
 Détecté avec: Adware.Isearch.D
 
C:\System Volume Information\_restore{CA360996-2CA9-4735-8209-413D4E360189}\RP373\A0089964.vbs
 Supprimé
 
C:\System Volume Information\_restore{CA360996-2CA9-4735-8209-413D4E360189}\RP374\A0092396.vbs
 Détecté avec: Adware.Isearch.D
 
C:\System Volume Information\_restore{CA360996-2CA9-4735-8209-413D4E360189}\RP374\A0092396.vbs
 Supprimé
 
C:\Programmes\MDL_1.1.0155.exe=>(Instyler o)=>(Instyler Module 0)
 Détecté avec: Adware.Mdladvert.I
 
C:\Programmes\MDL_1.1.0155.exe=>(Instyler o)=>(Instyler Module 0)
 Supprimé
 
C:\Programmes\MDL_1.1.0155.exe=>(Instyler o)
 Echec de la mise à jour

Derech · Answer

L2MFIX find log 051206 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist] "DLLName"="C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll" "Logoff"="G2ALogoff" "Asynchronous"=dword:00000000 "Logon"="G2ALogon" "Startup"="G2AStartup" "Impersonate"=dword:00000000 "Shutdown"="G2AShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] @="" "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"="C:\WINDOWS\system32\klogon.dll" "Logon"="WLEventStop" "Startup"="WLEventStart" "Lock"="WLEventStart" "Unlock"="WLEventStop" "Logoff"="WLEventStart" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify ermsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] "Logon"="WLEventLogon" "Logoff"="WLEventLogoff" "Startup"="WLEventStartup" "Shutdown"="WLEventShutdown" "StartScreenSaver"="WLEventStartScreenSaver" "StopScreenSaver"="WLEventStopScreenSaver" "Lock"="WLEventLock" "Unlock"="WLEventUnlock" "StartShell"="WLEventStartShell" "PostShell"="WLEventPostShell" "Disconnect"="WLEventDisconnect" "Reconnect"="WLEventReconnect" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000000 "SafeMode"=dword:00000001 "MaxWait"=dword:ffffffff "DllName"=hex(2):57,00,67,00,61,00,4c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Event"=dword:00000000 "EulaAccepted"=dword:00000000 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings] "Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\ 00,00,94,b6,f4,b9,50,a4,cf,44,b9,68,bf,bf,fb,1c,f2,4c,04,00,00,00,04,00,00,\ 00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00,4f,e6,3e,dd,e3,54,83,bc,\ 02,14,c5,ab,15,b0,25,33,00,00,00,00,04,80,00,00,a0,00,00,00,10,00,00,00,e4,\ 51,55,36,4c,1f,e6,04,fc,70,0d,d8,de,ed,ed,51,b0,01,00,00,12,75,bd,91,be,97,\ e7,b6,68,7d,45,3d,ba,8a,90,03,12,a9,6d,04,28,9b,ea,7f,f2,c1,97,12,68,2c,54,\ 4a,72,96,d1,4c,23,c7,b6,06,9c,11,14,ab,12,47,ae,35,88,3b,7b,1d,e3,fe,3c,78,\ c0,0a,14,b1,27,41,6e,ba,4f,ac,ce,91,85,8b,cd,46,ae,59,56,43,7b,4f,3b,c0,01,\ 55,f0,ec,6d,9e,db,04,23,52,e7,61,16,eb,d2,e2,8f,f4,a5,ce,83,d8,44,fe,70,48,\ 8e,1d,5c,e7,a9,ab,46,d2,90,12,40,43,7f,20,4b,a4,03,2b,15,01,19,1f,34,db,26,\ 3d,94,bc,6a,c1,2a,74,f7,35,29,03,74,74,b2,19,51,67,66,b3,84,c1,a4,d2,e8,d2,\ e7,3e,f1,c7,5b,1e,03,d5,da,8a,bd,6e,0d,97,c2,84,7a,29,a2,62,8d,2c,d1,72,d8,\ be,3d,38,b2,c0,29,d2,7a,4b,1b,68,0f,f6,6c,1c,98,c0,52,c0,89,43,25,f6,22,59,\ 1b,04,2a,e6,08,b8,64,47,ba,3e,e0,b4,4c,3a,90,15,be,da,97,b0,7c,7d,8c,d1,bd,\ 44,0d,f7,c8,cb,5e,b1,15,41,fe,77,8d,e0,f8,c8,85,11,85,86,ba,a2,c1,bc,93,94,\ 35,f7,b9,96,d7,0b,cf,ce,18,d8,6c,4d,43,57,c4,88,f7,d8,c6,0f,a5,4f,93,9d,3b,\ 1b,cd,e7,cf,b6,db,98,0d,25,e6,64,b2,a7,a1,17,87,1d,62,f3,f5,ba,db,44,4a,6d,\ 3a,9c,04,f2,8a,03,68,cc,52,e2,11,53,57,2a,eb,07,25,a0,0a,d4,4d,a4,3d,29,df,\ ff,9f,93,e2,99,de,55,f0,62,57,e2,c8,4d,7c,66,c5,d1,68,d2,d7,ae,fe,ac,00,19,\ f8,ba,fa,f1,1c,38,5c,94,ae,70,81,9f,82,06,0a,37,0b,50,f8,99,f9,6c,e6,82,b1,\ a0,6a,5c,d2,0b,c0,04,96,d7,1d,56,05,ef,69,45,de,b1,f9,94,97,84,aa,7e,d4,29,\ b5,ab,6a,2e,e6,a6,3f,c8,24,49,8a,28,fa,e5,04,12,c2,a8,67,e6,37,41,5c,b8,73,\ 36,14,00,00,00,48,99,4d,ba,54,47,5d,30,69,14,2e,bd,32,24,7a,e7,aa,a8,00,b9 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia" "{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo" "{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es" "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration" "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Page de propri‚t‚s des versions pr‚c‚dentes" "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Versions pr‚c‚dentes" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="IE Search Band" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="History" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{2F603045-309F-11CF-9774-0020AFD0CFF6}"="Synaptics Control Panel" "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension" "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Dossiers Web" "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler" "{E0D79300-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79301-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79302-84BE-11CE-9641-444553540000}"="WinZip" "{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band" "{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}"="My Logitech Pictures" "{ABC70703-32AF-11d4-90C4-D483A70F4825}"="CMenuExtender" "{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache" "{07C45BB1-4A8C-4642-A1F5-237E7215FF66}"="IE Microsoft BrowserBand" "{1C1EDB47-CE22-4bbb-B608-77B48F83C823}"="IE Fade Task" "{205D7A97-F16D-4691-86EF-F3075DCCA57D}"="IE Menu Desk Bar" "{3028902F-6374-48b2-8DC6-9725E775B926}"="IE AutoComplete" "{43886CD5-6529-41c4-A707-7B3C92C05E68}"="IE Navigation Bar" "{44C76ECD-F7FA-411c-9929-1B77BA77F524}"="IE Menu Site" "{4B78D326-D922-44f9-AF2A-07805C2A3560}"="IE Menu Band" "{6038EF75-ABFC-4e59-AB6F-12D397F6568D}"="IE Microsoft History AutoComplete List" "{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}"="IE Tracking Shell Menu" "{6CF48EF8-44CD-45d2-8832-A16EA016311B}"="IE IShellFolderBand" "{73CFD649-CD48-4fd8-A272-2070EA56526B}"="IE BandProxy" "{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}"="IE MRU AutoComplete List" "{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E}"="IE RSS Feeder Folder" "{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}"="IE Microsoft Shell Folder AutoComplete List" "{B31C5FAE-961F-415b-BAF0-E697A5178B94}"="IE Microsoft Multiple AutoComplete List Container" "{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}"="Microsoft Browser Architecture" "{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}"="IE Shell Rebar BandSite" "{E6EE9AAC-F76B-4947-8260-A9F136138E11}"="IE Shell Band Site Menu" "{F2CF5485-4E02-4f68-819C-B92DE9277049}"="&Links" "{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}"="IE Registry Tree Options Utility" "{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}"="IE User Assist" "{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}"="IE Custom MRU AutoCompleted List" "{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler" "{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler" "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"="Adobe.Acrobat.ContextMenu" "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player" "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes" "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}"="Messenger Sharing Folders" "{6B19FEC2-A45B-11CF-9045-00A0C9039735}"="Registered ActiveX Controls" "{D545EBD1-BD92-11CF-8772-00A0C9039735}"="Developer Studio Components" "{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}"="Microsoft Office Metadata Handler" "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}"="Microsoft Office Thumbnail Handler" "{85E0B171-04FA-11D1-B7DA-00A0C90348D6}"="Web traffic protection statistics" ********************************************************************************** HKEY ROOT CLASSIDS: ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ klogon.dll Tue 29 Jul 2008 20:21:42 A.... 218 376 213,26 K mshtmled.dll Tue 26 Aug 2008 10:11:52 A.... 477 696 466,50 K mstime.dll Tue 26 Aug 2008 10:11:52 A.... 671 232 655,50 K msrating.dll Tue 26 Aug 2008 10:11:52 A.... 193 024 188,50 K iertutil.dll Tue 26 Aug 2008 10:11:48 A.... 267 776 261,50 K ieframe.dll Fri 3 Oct 2008 19:12:28 A.... 6 066 176 5,79 M icardie.dll Tue 26 Aug 2008 10:11:46 A.... 63 488 62,00 K ieapfltr.dll Tue 26 Aug 2008 10:11:46 A.... 383 488 374,50 K msfeed~1.dll Tue 26 Aug 2008 10:11:50 A.... 52 224 51,00 K ieaksie.dll Tue 26 Aug 2008 10:11:46 A.... 230 400 225,00 K ieakeng.dll Tue 26 Aug 2008 10:11:46 A.... 153 088 149,50 K wininet.dll Tue 26 Aug 2008 10:11:54 A.... 826 368 807,00 K extmgr.dll Tue 26 Aug 2008 10:11:46 A.... 133 120 130,00 K webcheck.dll Tue 26 Aug 2008 10:11:54 A.... 233 472 228,00 K urlmon.dll Tue 26 Aug 2008 10:11:54 A.... 1 159 680 1,11 M url.dll Tue 26 Aug 2008 10:11:52 A.... 105 984 103,50 K pngfilt.dll Tue 26 Aug 2008 10:11:52 A.... 44 544 43,50 K occache.dll Tue 26 Aug 2008 10:11:52 A.... 102 912 100,50 K mshtml.dll Wed 27 Aug 2008 11:11:52 A.... 3 593 216 3,43 M msfeeds.dll Tue 26 Aug 2008 10:11:50 A.... 459 264 448,50 K jsproxy.dll Tue 26 Aug 2008 10:11:50 A.... 27 648 27,00 K iernonce.dll Tue 26 Aug 2008 10:11:48 A.... 44 544 43,50 K iedkcs32.dll Tue 26 Aug 2008 10:11:46 A.... 384 512 375,50 K ieakui.dll Sat 23 Aug 2008 7:54:52 A.... 161 792 158,00 K dxtrans.dll Tue 26 Aug 2008 10:11:46 A.... 214 528 209,50 K dxtmsft.dll Tue 26 Aug 2008 10:11:46 A.... 347 136 339,00 K advpack.dll Tue 26 Aug 2008 10:11:46 A.... 124 928 122,00 K 27 items found: 27 files, 0 directories. Total of file sizes: 16 740 616 bytes 15,96 M Locate .tmp files: No matches found. ********************************************************************************** Directory Listing of system files: Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est E8C3-4C5B R‚pertoire de C:\WINDOWS\System32 28/03/2006 18:33 Microsoft 28/03/2006 18:15 dllcache 0 fichier(s) 0 octets 2 R‚p(s) 11ÿ326ÿ226ÿ432 octets libres

ric991 · Answer

Ensuite relancer l2mfix.bat
et choisir l'option 2
Il va demander d'appuyer sur une touche pour redémarrer.

Derech · Answer

voici le rapport,

L2mfix 051206
Creating Account.
La commande s'est termin‚e correctement.

Adding Administrative privleges. 
Checking for L2MFix account(0=no 1=yes): 
1
 Granting SeDebugPrivilege to L2MFIX   ... successful
 
Running From:
C:\WINDOWS\system32
 
Killing Processes! 
  Killing 'smss.exe'
\SystemRoot\System32\smss.exe (868)
  Killing 'winlogon.exe'
winlogon.exe    (996)
  Killing 'explorer.exe'
C:\WINDOWS\Explorer.EXE (1836)
  Killing 'rundll32.exe'
"C:\WINDOWS\system32\Rundll32.exe" SiSPower.dll,ModeAgent (1244)
Restoring Sedebugprivilege:
 Granting SeDebugPrivilege to Administrateurs   ... successful
 
Scanning First Pass. Please Wait!
 
First Pass Completed 
 
Second Pass Scanning 
 
Second pass Completed!
Desktop.ini sucessfully removed
 
 
 
 
Restoring Windows Update Certificates.:
 
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
  6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
"DLLName"="C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll"
"Logoff"="G2ALogoff"
"Asynchronous"=dword:00000000
"Logon"="G2ALogon"
"Startup"="G2AStartup"
"Impersonate"=dword:00000000
"Shutdown"="G2AShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify	ermsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Startup"="WLEventStartup"
"Shutdown"="WLEventShutdown"
"StartScreenSaver"="WLEventStartScreenSaver"
"StopScreenSaver"="WLEventStopScreenSaver"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
"StartShell"="WLEventStartShell"
"PostShell"="WLEventPostShell"
"Disconnect"="WLEventDisconnect"
"Reconnect"="WLEventReconnect"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000000
"SafeMode"=dword:00000001
"MaxWait"=dword:ffffffff
"DllName"=hex(2):57,00,67,00,61,00,4c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Event"=dword:00000000
"EulaAccepted"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings]
"Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\
  00,00,94,b6,f4,b9,50,a4,cf,44,b9,68,bf,bf,fb,1c,f2,4c,04,00,00,00,04,00,00,\
  00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00,4f,e6,3e,dd,e3,54,83,bc,\
  02,14,c5,ab,15,b0,25,33,00,00,00,00,04,80,00,00,a0,00,00,00,10,00,00,00,e4,\
  51,55,36,4c,1f,e6,04,fc,70,0d,d8,de,ed,ed,51,b0,01,00,00,12,75,bd,91,be,97,\
  e7,b6,68,7d,45,3d,ba,8a,90,03,12,a9,6d,04,28,9b,ea,7f,f2,c1,97,12,68,2c,54,\
  4a,72,96,d1,4c,23,c7,b6,06,9c,11,14,ab,12,47,ae,35,88,3b,7b,1d,e3,fe,3c,78,\
  c0,0a,14,b1,27,41,6e,ba,4f,ac,ce,91,85,8b,cd,46,ae,59,56,43,7b,4f,3b,c0,01,\
  55,f0,ec,6d,9e,db,04,23,52,e7,61,16,eb,d2,e2,8f,f4,a5,ce,83,d8,44,fe,70,48,\
  8e,1d,5c,e7,a9,ab,46,d2,90,12,40,43,7f,20,4b,a4,03,2b,15,01,19,1f,34,db,26,\
  3d,94,bc,6a,c1,2a,74,f7,35,29,03,74,74,b2,19,51,67,66,b3,84,c1,a4,d2,e8,d2,\
  e7,3e,f1,c7,5b,1e,03,d5,da,8a,bd,6e,0d,97,c2,84,7a,29,a2,62,8d,2c,d1,72,d8,\
  be,3d,38,b2,c0,29,d2,7a,4b,1b,68,0f,f6,6c,1c,98,c0,52,c0,89,43,25,f6,22,59,\
  1b,04,2a,e6,08,b8,64,47,ba,3e,e0,b4,4c,3a,90,15,be,da,97,b0,7c,7d,8c,d1,bd,\
  44,0d,f7,c8,cb,5e,b1,15,41,fe,77,8d,e0,f8,c8,85,11,85,86,ba,a2,c1,bc,93,94,\
  35,f7,b9,96,d7,0b,cf,ce,18,d8,6c,4d,43,57,c4,88,f7,d8,c6,0f,a5,4f,93,9d,3b,\
  1b,cd,e7,cf,b6,db,98,0d,25,e6,64,b2,a7,a1,17,87,1d,62,f3,f5,ba,db,44,4a,6d,\
  3a,9c,04,f2,8a,03,68,cc,52,e2,11,53,57,2a,eb,07,25,a0,0a,d4,4d,a4,3d,29,df,\
  ff,9f,93,e2,99,de,55,f0,62,57,e2,c8,4d,7c,66,c5,d1,68,d2,d7,ae,fe,ac,00,19,\
  f8,ba,fa,f1,1c,38,5c,94,ae,70,81,9f,82,06,0a,37,0b,50,f8,99,f9,6c,e6,82,b1,\
  a0,6a,5c,d2,0b,c0,04,96,d7,1d,56,05,ef,69,45,de,b1,f9,94,97,84,aa,7e,d4,29,\
  b5,ab,6a,2e,e6,a6,3f,c8,24,49,8a,28,fa,e5,04,12,c2,a8,67,e6,37,41,5c,b8,73,\
  36,14,00,00,00,48,99,4d,ba,54,47,5d,30,69,14,2e,bd,32,24,7a,e7,aa,a8,00,b9

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

 
The following are the files found: 
****************************************************************************
 
Registry Entries that were Deleted: 
Please verify that the listing looks ok.  
If there was something deleted wrongly there are backups in the backreg folder. 
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents: 
****************************************************************************
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
****************************************************************************
Checking for L2MFix account(0=no 1=yes): 
0
Zipping up files for submission:
	zip warning: name not matched: dlls\*.*

zip error: Nothing to do! (backup.zip)
  adding: backregs/notibac.reg (deflated 83%)
  adding: backregs/shell.reg (deflated 73%)

ric991 · Answer

Relance MalwareByte's Anti-Malware

Et installe le raccourci sur ton bureau

Double clique sur le fichier téléchargé pour lancer le processus d'installation


Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.


Une fois la mise à jour terminée, redémarre en mode sans échec
onglet "Recherche". Et Sélectionne "Exécuter un examen complet"
Clique sur "Rechercher"
- L'analyse démarre, le scan est relativement long, c'est normal.
A la fin de l'analyse, un message s'affiche :
« L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés. »


Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.

Si des malwares ont été détectés, clique sur Afficher les résultats.
Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse.

Copie colle ce rapport et poste-le dans ta prochaine réponse.

Derech · Answer

Voici le rapport,

Malwarebytes' Anti-Malware 1.29
Version de la base de données: 1286
Windows 5.1.2600 Service Pack 2

19/10/2008 03:59:31
mbam-log-2008-10-19 (03-59-31).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 113223
Temps écoulé: 2 hour(s), 26 minute(s), 10 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{def85c80-216a-43ab-af70-1665edbe2780} (Spyware.Sinowal) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000162-9980-0010-8000-00aa00389b71} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\ToolbarInst.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Derech · Answer

J'ai l'impression que je n'ai plus rien qu'en pensez-vous?

Derech · Answer

Bonjour,

au vue du dernier rapport qu'en pensez vous, mon ordinateur est-il toujours infecté?
Quelle manip puis-je faire pour m'en assurer?
Merci

ric991 · Answer

Refais un petit coup de hijackthis ainsi que de  MalwareByte's Anti-Malware 

Et poste les rapports (n'oublie pas de mettre MalwareByte's Anti-Malware à jour dans la partie mise a jour avant de faire l'analyse complète )

Trojan.Win32.Pakes.jwy

31 réponses

Votre réponse

Discussions similaires

Newsletters