Infection Bagle

Mocktar33 -  
 Utilisateur anonyme -
Bonjour,

Je pense que mon PC est infesté par le virus Bagle et je n'arrive pas à le déloger.
PC : Windows XP Pro SP2

Les symptômes :
- démarrage en mode sans échec impossible. Démarrage+F8 => arrive sur écran bleu
comme si il y avait un pb hard sur le disque (ce n'est pas le cas, j'ai fait un CHKDSK)
- l'antivirus Avast s'est arrêté, lorsque j'essaie de le lancer ça me dit que ce n'est pas une application win32 valide,
- j'ai lancé Bitdefender en ligne. Il a corrigé quelques trucs mais le pb est toujours là.
- si je tente de lancer Hijackthis (même en le renommant), l'exécution s'interrompt avant la fin,
- de même si j'essaie d'exécuter elibagla.exe l'exécution est stoppée

Avez-vous une idée pour une autre solution ?
- une solution avec un CD bootable contenant un antivirus serait pas mal

Merci d'avance pour vos suggestions

Salutations
Configuration: Windows XP
Internet Explorer 6.0

15 réponses

Résumé de la discussion

Un PC équipé de Windows XP Pro SP2 est confronté à une infection par le ver Bagle qui empêche le démarrage en mode sans échec et bloque les outils de sécurité. Les symptômes incluent un écran bleu lors du démarrage, des messages d'invalidité Win32 lors du lancement d'antivirus, et des blocages lors du lancement d'HijackThis ou d'elibagla.exe. Plusieurs solutions sont envisagées, notamment l'emploi d'un CD bootable antivirus et l'exécution d'outils de diagnostic comme HijackThis ou AD-Remover, afin d'identifier les composants actifs et les supprimer. En cas d'échec, des utilisateurs préconisent des options complémentaires telles que la réinstallation du système après sauvegarde, ou l'utilisation d'un outil de suppression lors du démarrage.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Utilisateur anonyme
     
    idem,

    car auteur de findykill et besoin de lire les rapports sur la dernieres maj / variantes

    sniff
    1
    1. moe
       
      Salut Cédric

      Pressé de voir la nouvelle déclinaison s'afficher sur les logs, on dirait ? :-)
      Tu es toujours aussi réactif à ce que je vois :-)

      A propos... pense à surveiller celui-là de près : %APPDATA%\drivers\mdelk.exe
      Il ne devrait pas tarder...

      Bonne continuation !

      @++
      0
    2. Utilisateur anonyme > moe
       
      Salut Olivier ,

      j avais pas vu ton message désolé

      ça fais plaisir de te voir -;)

      en effet tout comme toi je surveille de pret cette variante car oui je pense qu elle reserve d autres surprise

      on a celui ci : %appdata%\drivers\winupgro.exe


      apres pour %APPDATA%\drivers\mdelk.exe je ne l ai pas vu mais je viens juste de remmetre le sample sur la becane

      je compte aussi attaquer les 04 (enfin) lol

      ++
      0
    3. Utilisateur anonyme > Utilisateur anonyme
       
      re Olivier,

      si tu passes par là ceci va t interresser -;)





      ----------------- FindyKill V4.708 ------------------

      * Usario : Cedric - PC-DE-CEDRIC
      * Citio : C:\Program Files\FindyKill
      * Maj effectuada el 08/12/08 por Chiquitine29
      * Busqueda effectuada ha 17:57:15 el 10/12/2008
      * Windows Vista - Internet Explorer 7.0.6000.16757

      ((((((((((((((((( *** Busqueda *** ))))))))))))))))))


      --------------- [ Processus ] ----------------


      C:\Windows\System32\smss.exe
      C:\Windows\system32\csrss.exe
      C:\Windows\system32\wininit.exe
      C:\Windows\system32\csrss.exe
      C:\Windows\system32\services.exe
      C:\Windows\system32\lsass.exe
      C:\Windows\system32\lsm.exe
      C:\Windows\system32\winlogon.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\SLsvc.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\System32\spoolsv.exe
      C:\Windows\system32\taskeng.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\System32\rundll32.exe
      C:\Windows\RtHDVCpl.exe
      C:\Program Files\Windows Media Player\wmpnscfg.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\system32\SearchIndexer.exe
      C:\Windows\System32\rundll32.exe
      C:\Windows\system32\taskeng.exe
      C:\Windows\system32\WUDFHost.exe
      C:\Program Files\Windows Media Player\wmpnetwk.exe
      C:\Windows\system32\wbem\wmiprvse.exe
      C:\Windows\system32\conime.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Windows\system32\WerCon.exe
      C:\Windows\system32\SearchProtocolHost.exe
      C:\Windows\system32\SearchFilterHost.exe

      --------------- [ Ficheros / Carpetas infectados ] ----------------


      »»»» Presencia de los ficheros en C:


      »»»» Presencia de los ficheros en C:\Windows


      »»»» Presencia de los ficheros en C:\Windows\Prefetch


      »»»» Presencia de los ficheros en C:\Windows\system32

      Found ! [10/12/2008 15:54] - C:\Windows\system32\mdelk.exe
      Found ! [10/12/2008 15:54] - C:\Windows\system32\wintems.exe
      Found ! [10/12/2008 17:44] - C:\Windows\system32\ban_list.txt

      »»»» Presencia de los ficheros en C:\Windows\system32\config\systemprofile\AppData

      Found ! [08/12/2008 18:23] - "C:\Windows\system32\config\systemprofile\AppData\Roaming\drivers"
      Found ! [17/09/2004 10:04] - "C:\Windows\system32\config\systemprofile\AppData\Roaming\drivers\winupgro.exe"
      Found ! [08/12/2008 18:23] - "C:\Windows\system32\config\systemprofile\AppData\Roaming\drivers\srosa.sys"
      Found ! [08/12/2008 18:23] - "C:\Windows\system32\config\systemprofile\AppData\Roaming\drivers\srosa2.sys"
      Found ! [08/12/2008 18:22] - "C:\Windows\system32\config\systemprofile\AppData\Roaming\drivers\downld"

      »»»» Presencia de los ficheros en C:\Windows\system32\drivers


      »»»» Presencia de los ficheros en C:\Users\Cedric\AppData\Roaming

      Found ! [10/12/2008 17:45] - "C:\Users\Cedric\AppData\Roaming\m\flec006.exe"
      Found ! [10/12/2008 17:45] - "C:\Users\Cedric\AppData\Roaming\m\list.oct"
      Found ! [10/12/2008 17:46] - "C:\Users\Cedric\AppData\Roaming\m\data.oct"
      Found ! [10/12/2008 17:46] - "C:\Users\Cedric\AppData\Roaming\m\srvlist.oct"
      Found ! [10/12/2008 17:49] - "C:\Users\Cedric\AppData\Roaming\m\shared"
      Found ! [10/12/2008 15:03] - "C:\Users\Cedric\AppData\Roaming\m"
      Found ! [10/12/2008 15:01] - "C:\Users\Cedric\AppData\Roaming\drivers"
      Found ! [10/12/2008 17:43] - "C:\Users\Cedric\AppData\Roaming\drivers\srosa.sys"
      Found ! [10/12/2008 17:43] - "C:\Users\Cedric\AppData\Roaming\drivers\srosa2.sys"
      Found ! [18/04/2005 05:09] - "C:\Users\Cedric\AppData\Roaming\drivers\winupgro.exe"
      Found ! [10/12/2008 17:48] - "C:\Users\Cedric\AppData\Roaming\drivers\downld"
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\111041.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\111166.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\111618.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\112835.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\113178.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\132522.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\135050.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\141243.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\141804.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\143146.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\145845.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\146141.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\151960.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\152303.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\157904477.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\157913618.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\157915100.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\157915522.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\157916192.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\157932962.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\157933072.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\157933508.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\157934226.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\157934523.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\157953227.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\157962337.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\157962603.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\166265.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\175563.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\175844.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\178090.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\178683.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\178699.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\189853.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\191085.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\191569.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\192396.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\1927938.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\193191.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\1934069.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\1935535.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\1935941.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\193644.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\1936612.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\197450.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\1978248.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\1987312.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\1987717.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\1988357.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\1988669.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\201490.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\202130.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\203066.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\203097.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\205562.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\2086887.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\2094781.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\2094921.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\2094937.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\2132876.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\2133391.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\2144155.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\2145216.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\2145637.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\2146355.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\2146963.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\2147369.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\2151113.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\2152127.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\2152891.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\216076.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\2161347.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\2161752.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\2162080.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\216295.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\216700.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\217059.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\217184.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\217621.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\218541.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\2190909.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\219228.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\219665.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\2204824.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\2205058.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\2205105.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\222894.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\225359.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\228744.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\232753.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\243891.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\244266.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\244578.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\249398.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\292923.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\295840.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\296214.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\296386.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\300645.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\301986.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\302392.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\308632.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\332781.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\347117.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\347523.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\348100.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\348397.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\350846.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\364777.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\365260.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\365338.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\365650.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\379066.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\379222.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\379238.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\404931.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\405914.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\405930.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\419315.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\420500.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\420906.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\421592.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\422388.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\422809.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\427395.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\428472.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\429267.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\438674.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\439096.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\439392.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\446256.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\473681.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\486395.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\486894.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\486972.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\67876.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\70512.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\78702.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\78811.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\80761.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\81245.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\81682.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\81962.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\83070.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\83522.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\84224.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\89107.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\91603.exe
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Roaming\drivers\downld\92399.exe

      »»»» Presencia de los ficheros en C:\Users\Cedric\AppData\Local\Temp


      »»»» Presencia de los ficheros en C:\Users\Cedric\Local Settings\Temporary Internet Files\Content.IE5

      Found ! [10/12/2008 15:10] - C:\Users\Cedric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OUR7MI8\b64[1].jpg
      Found ! [10/12/2008 15:38] - C:\Users\Cedric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OUR7MI8\b64[2].jpg
      Found ! [10/12/2008 15:11] - C:\Users\Cedric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OUR7MI8\b64_1[1].jpg
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OUR7MI8\b64_1[2].jpg
      Found ! [10/12/2008 15:05] - C:\Users\Cedric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OUR7MI8\b64_3[1].jpg
      Found ! [10/12/2008 15:55] - C:\Users\Cedric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CO20TD71\b64[1].jpg
      Found ! [10/12/2008 15:57] - C:\Users\Cedric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CO20TD71\b64_1[1].jpg
      Found ! [10/12/2008 15:11] - C:\Users\Cedric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CO20TD71\b64_2[1].jpg
      Found ! [10/12/2008 15:02] - C:\Users\Cedric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GLZPJ4ZS\b64[1].jpg
      Found ! [10/12/2008 15:02] - C:\Users\Cedric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GLZPJ4ZS\b64_3[1].jpg
      Found ! [10/12/2008 15:55] - C:\Users\Cedric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PNLTP0RX\b64[1].jpg
      Found ! [10/12/2008 17:45] - C:\Users\Cedric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PNLTP0RX\b64[2].jpg
      Found ! [10/12/2008 17:47] - C:\Users\Cedric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PNLTP0RX\b64_1[1].jpg
      Found ! [10/12/2008 15:40] - C:\Users\Cedric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PNLTP0RX\b64_2[1].jpg
      Found ! [10/12/2008 15:08] - C:\Users\Cedric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PNLTP0RX\b64_3[1].jpg
      Found ! [10/12/2008 15:36] - C:\Users\Cedric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PNLTP0RX\b64_3[2].jpg
      Found ! [10/12/2008 17:48] - C:\Users\Cedric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZBYCIBYF\b64_2[1].jpg
      Found ! [10/12/2008 15:54] - C:\Users\Cedric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZBYCIBYF\b64_3[1].jpg

      --------------- [ Registry / Startup ] ----------------

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
      WMPNSCFG=C:\Program Files\Windows Media Player\WMPNSCFG.exe
      MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
      Windows Defender=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
      NvSvc=RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
      NvCplDaemon=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
      NvMediaCenter=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
      RtHDVCpl=RtHDVCpl.exe

      [HKEY_CURRENT_USER\software\local appwizard-generated applications\msnmsgr]
      [HKEY_CURRENT_USER\software\local appwizard-generated applications\setup]
      [HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]

      --------------- [ Registry / llave infectadas ] ----------------


      Found ! - HKEY_USERS\S-1-5-21-3357113378-2969716768-1591044044-1000\Software\Local AppWizard-Generated Applications\msnmsgr
      Found ! - HKEY_USERS\S-1-5-21-3357113378-2969716768-1591044044-1000\Software\Local AppWizard-Generated Applications\winupgro
      Found ! - HKEY_USERS\S-1-5-21-3357113378-2969716768-1591044044-1000\Software\bisoft
      Found ! - HKEY_USERS\S-1-5-21-3357113378-2969716768-1591044044-1000\Software\DateTime4
      Found ! - HKEY_USERS\S-1-5-21-3357113378-2969716768-1591044044-1000\Software\FFC
      Found ! - HKEY_USERS\S-1-5-21-3357113378-2969716768-1591044044-1000\Software\FirtR
      Found ! - HKEY_USERS\S-1-5-21-3357113378-2969716768-1591044044-1000\Software\MuleAppData
      Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\msnmsgr
      Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
      Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
      Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
      Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
      Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
      Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
      Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA
      Found ! - HKEY_CURRENT_USER\Software\bisoft
      Found ! - HKEY_CURRENT_USER\Software\DateTime4
      Found ! - HKEY_CURRENT_USER\Software\FirtR
      Found ! - HKEY_CURRENT_USER\Software\MuleAppData
      Found ! - HKEY_CURRENT_USER\Software\FFC

      --------------- [ Estado / Servicios ] ----------------



      +- Servicios : [ Auto=2 / Demand=3 / Désactivado=4 ]

      /!\ Ndisuio - Typo de arranque = 4

      EapHost - Typo de arranque = 2

      Wlansvc - Typo de arranque = 2

      /!\ SharedAccess - Typo de arranque = 4

      /!\ wuauserv - Typo de arranque = 4

      /!\ wscsvc - Typo de arranque = 4

      /!\ WinDefend - Typo de arranque = 4



      --------------- [ Otra infectiones ] ----------------


      +- Informaciones :

      C: - Lecteur fixe
      D: - Lecteur fixe
      F: - Lecteur amovible
      G: - Lecteur amovible
      H: - Lecteur fixe

      +- presencia de los ficheros :



      --------------- [ Registry / Mountpoint2 ] ----------------


      -> Not found !


      ------------------- ! EOF ! --------------------

      0
    4. moe > Utilisateur anonyme
       
      Salut Cédric

      Ca me fait plaisir aussi de te relire sur le sujet !

      Lol :-) pour %APPDATA%\drivers\mdelk.exe tu as raison, en fait jusqu'à hier (et aujourd'hui aussi semble t'il :-) ) il ne faisait pas partie de l'infection du moins à cet endroit précis, par contre si tu dumpes winupgro.exe, tu verras que mdelk est aussi mentionné dans les strings à %APPDATA%\drivers.
      Donc à suivre :-), surement que l'infection va encore plus ou moins rebouger bientôt.

      je compte aussi attaquer les 04 (enfin) lol
      Excellente option pour boucler la boucle :-)
      Ce serait réellement dommage de faire sans...

      Merci pour le log et bonne continuation à toi.
      @++
      0
    5. Utilisateur anonyme > moe
       
      RE olivier ,

      oui c est sur ça va rebouger , ça se met en place lol


      @++ n est pas downloadable sniff

      pour mdelk on ne perd rien a anticiper au pire des cas ...

      mais comme tu dis affaire a suivre
      0
  2. neor Messages postés 1119 Statut Membre 30
     
    bonjour,

    Infection par un Bagle :

    1-IMPORTANT :
    je rappelle que bagle est amené par un crack et qu'il se relance dès que tu te sers de celui ci; même si tu ne sers pas, il peut se relancer de lui même au démarrage de ton PC . En claire :
    Essaye surtout de te rappeler si récemment tu n'as pas cliquer sur un "patch" ou un "keygen" pour installer un logiciel, un jeu cracké ou avoir une version complète d'un soft , et qu'il ne se soit rien passé de particulier ... C'est la que les bagles s'infiltrent ! Si tu retrouves ce crack en particulier ,scratch tout ( le crack, le soft ou encore les zip concernés). Si tu ne te rappelles plus trop , je te conseille fortement de supprimer tous les cracks qui sont sur ton PC ... Wink

    2-Télécharge FindyKill de Chiquitine29 :

    http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe

    ->Enregistre le sur ton bureau et pas ailleurs !

    !! Déconnecte toi et ferme toutes applications en cours !!

    ( Si ton anti-virus s'affolle au moment de l'enregistrement ou de l'utilisation de l'outil , ignore l'alerte ...)

    -> Clique sur "FindyKill.exe" pour lancer l'installe de l'outil . Ne touche surtout pas aux paramètres d'installation.

    Notes importantes :
    * si tu as le prg Elibagla sur ton PC , supprime le ( risque de conflit entre les deux outils ) .

    --> Double clique sur le raccourci " FindyKill " qui est sur ton bureau .
    ( sur la 1er fenêtre , tapes f puis [entrèe] pour la version en français ).

    -->choisis l'option 1 ( recherche ) . Puis laisse travailler l'outil sans rien toucher ...

    Une fois terminé, poste le rapport FindyKill.txt qui est généré ...

    ( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )

    PS : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

    Tuto : https://www.malekal.com/tutorial-findykill/
    0
    1. Mocktar33
       
      Bonsoir,

      Merci beaucoup neor, le pb est résolu et mes zenfants (des zaddos) vont pouvoir à nouveau s'en donner à cœur joie.

      Encore merci pour votre disponibilité et votre compétence.

      Salutations
      0
  3. neor Messages postés 1119 Statut Membre 30
     
    le probleme n'est pas resolu

    deja tu ne m'a pas envoye le rapport

    enfin bon tu fais comme tu veux
    0
  4. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Salut,

    Je trouve cela très dommage.
    0
    1. neor Messages postés 1119 Statut Membre 30
       
      90% des désinfection, on les fini jamais du moment que le PC remarche en apparence c'est plus important ;)
      0
      1. mocktar33 > neor Messages postés 1119 Statut Membre
         
        Bonsoir Neor,

        J'avais zappé le postage de la log et j'étais plongé dans le mode d'emploi de FindyKill, c'est ballot.
        Ne pleurez plus la log (après action 2).
        Salutations
        Super Mocktar


        ----------------- FindyKill V4.707 ------------------

        * User : Mocktar - ZORGLUB-54DB2B4
        * executed from : C:\Program Files\FindyKill
        * Update on 06/12/08 par Chiquitine29
        * Start at 21:59:30 the 08/12/2008
        * Windows XP - Internet Explorer 7.0.5730.11


        ((((((((((((((( *** deleting *** ))))))))))))))))))


        --------------- [ Active Processes ] ----------------


        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\csrss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\logonui.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        C:\Program Files\Bonjour\mDNSResponder.exe
        C:\WINDOWS\system32\CTsvcCDA.EXE
        C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
        C:\WINDOWS\system32\nvsvc32.exe
        C:\WINDOWS\system32\PnkBstrA.exe
        C:\WINDOWS\system32\PnkBstrB.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\userinit.exe

        --------------- [ Infected files / folders ] ----------------


        »»»» Supression files in C:


        »»»» Supression files in C:\WINDOWS


        »»»» Supression files in C:\WINDOWS\Prefetch

        Deleted ! - C:\WINDOWS\prefetch\116093.EXE-13EBD0BA.pf
        Deleted ! - C:\WINDOWS\prefetch\166406.EXE-20C7E3CE.pf
        Deleted ! - C:\WINDOWS\prefetch\733515.EXE-0268BF84.pf
        Deleted ! - C:\WINDOWS\prefetch\748203.EXE-03E0E2CE.pf
        Deleted ! - C:\WINDOWS\prefetch\764921.EXE-1DBF6158.pf
        Deleted ! - C:\WINDOWS\prefetch\FLEC006.EXE-0C260047.pf
        Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
        Deleted ! - C:\WINDOWS\prefetch\WINFILSE.EXE-17C2CF68.pf
        Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf

        »»»» Supression files in C:\WINDOWS\system32

        Deleted ! - C:\WINDOWS\system32\mdelk.exe
        Deleted ! - C:\WINDOWS\system32\wintems.exe

        »»»» Supression files in C:\WINDOWS\system32\drivers

        Deleted ! - C:\WINDOWS\system32\drivers\srosa.sys
        Deleted ! - C:\WINDOWS\system32\drivers\srosa2.sys
        Deleted ! - C:\WINDOWS\system32\drivers\winfilse.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\100687.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\100765.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\107203.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\115656.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\116093.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\134656.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\144109.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\148515.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\149031.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\154406.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\163156.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\163328.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\166406.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\169656.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\179437.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\183015.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\184312.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\188687.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\191078.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\193234.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\208562.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\211781.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\219984.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\221781.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\225593.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\237000.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\238203.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\276343.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\279078.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\298921.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\300031.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\316328.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\331265.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\360312.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\398203.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\406218.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\41750.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\43312.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\44375.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\445125.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\466453.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\47140.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\48859.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\50656.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\54484.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\55968.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\62812.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\65265.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\65906.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\65921.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\66406.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\67093.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\67859.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\689515.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\69703.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\71437.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\71578.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\717640.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\719234.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\733515.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\73703.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\73812.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\748203.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\764921.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\771734.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\77468.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\79828.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\81171.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\825984.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\833078.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\85437.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\867843.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\86859.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\894218.exe
        Deleted ! - C:\WINDOWS\system32\drivers\downld\99578.exe
        Deleted ! - "C:\WINDOWS\system32\drivers\downld"

        »»»» Supression files in C:\Documents and Settings\Mocktar\Application Data

        Deleted ! - "C:\Documents and Settings\Mocktar\Application Data\m\flec006.exe"
        Deleted ! - "C:\Documents and Settings\Mocktar\Application Data\m\list.oct"
        Deleted ! - "C:\Documents and Settings\Mocktar\Application Data\m\data.oct"
        Deleted ! - "C:\Documents and Settings\Mocktar\Application Data\m\srvlist.oct"
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\37_kilobyte_Font_1.0.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\642-801 Practice Exam Questions.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Acala_AVI_DivX_MPEG_XviD_VOB_to_PSP_2.7.7_[Crack].zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Amazon_Search_Widget_1.1.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\AMS Enterprise 2.7 (Key).zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Andrew's Vector Plugins Volume 12 'ShapeFX1' 12.1.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Aplus_DVD_to_Divx_Xvid_Ripper_8.28_[Crack].zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\ArchiveAssist_1.00.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Asthma Homeopathy 1.2.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\AutoAffinity 1.0.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\AVI IO C 03.24.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Backup_Password_Recovery_Key_8.0_build_2514.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Band_Minus_One_2.0.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\BibleTrees_1.1.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\BJ_Printer_Driver_Canon_Pixma_iP1500_1.8.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Buttonmania_1.3.14.92.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Capture_Studio_2.6_(Key).zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Chelsea_FC_RSS_Feed_1.0.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Chess_Vision_Trainer_3.0.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Cliplet-iPod 1.0.1.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\ContactSoft_InfoTracer_4.3_[Serial].zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Convert Currency Software 7.0.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Cool EasyCard For Valentine's day 2.55.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Crazy_Bubbles_1.2.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\DaRO_Uninstaller_2006_1.0.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\DBPix 2.0.3.2.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Difftracker 1.0.0.41.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Dina Programming Font 2.89.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Directify 0.0.2 beta.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\dj SWAKKE pro 1.2.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\DocuMax_1.03G_(Serial).zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Drive_Icon_Changer_1.0.5.2.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Duke_Nukem_Manhattan_Project_sample_maps.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Easy_HTML_Autorun_Builder_1.6.0_(KeyGen).zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Eclarsys_PopGrabber_1.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\EngInSite Perl Editor Lite 2.0.2 build 37.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Enigma_1.1.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Family Historian 3.1.2.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Favorites_2_HTML_1.0c.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\FF_Inventory_Pro_5.0.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\File_Renamer_2.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Flash_&_Media_Capture_1.2.43_SR1.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Fresh Software Sentry 3.0 Beta 3.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Functions_1.0.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Garden Organizer Deluxe 2.3.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\GBTimelapse_2.0.20_Crack.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\GEUP_3.05.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Google_Clock_1.0.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Google_Search_2.1.1.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Half-Life_2_Tower_map.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\HFNetChk.exe_3.86.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Highlight Focus 0.2.1.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\IMAP Search 1.0.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Indicator Analysis 1.0.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Infestation_Demo_Screensaver_1.0_(Key).zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\InstallerXpert_1.204_Key.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Island of Dream Screensaver.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\JDebugTool_3.11.2_Pro.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\KaPlaRe_1.1.1.01_[Key+Serial].zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Linear Barcode Console 1.3.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Logtime 2.1d.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\MagicMessage_2.5.157_[Cracked].zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Malware_Sweeper_Free_2.3.0.0.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Markov_Chainer_1.0.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Maukie_1.0.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\McAfee_Firewall_7.1.113.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\MPEG Video Wizard DVD 1.0.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\MyMSN MiniMessenger 1.0.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\NatLabel 1.1.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Net_Send_Messenger_1.1.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\NFOlux 1.1.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Novell_50-658_Exam.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\OfficeCalendar_3.0.1.2.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Online Loan Repayment Calculator 1.0.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\OpenExpert_1.4.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\P-Ping_Tools_2.6_(Key).zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Packetyzer 4.0.3.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Personal Firewall 2.01 [Crack].zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Phanfare_Photo_1.0-2006-01-05.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Pompolic__Call_for_Heroes_Screensaver_1.0.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Ponger2005 5.0.0.43.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Powermarks_3.5.344_(Key).zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\PrintConductor 1.3.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\QFM_Player_3.0.1.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\qTray 1.01.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\QueryEasy_1.0.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Quick_View_Folder_Size_3.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\RAMBoss 1.30.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\RAMDisk 2.0.100 (KeyGen).zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Ranking-Manager Professional Edition 1.0.17.121.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\RFileUpload_5.0.4.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Right-Click-Link_1.1.2.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Rotational Vortex Screensaver.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\RSP_GZip_Compressor_.Net_1.0.0.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Screen Saver
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Senomix Timesheets 2.81.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\SF3 Photoflight Tools 1.006.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\ShrinkWrap_3.5.1.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Slates_1.0.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Spooky_Mansion_1.0.0_[Patch].zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\SSHPro 3.0 Serial.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Super Duper Music Looper XPress 2 build 63.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Superversion Italian PalmOS 2.0.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Take1 1.4.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\TExcelDSNCreator 1.002.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\TGPSoft_Thumbnail_Gallery_Builder_1.1.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\The Core Contact Management System.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\TiffSplitter 1.5.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\TimeCalculator_1.52.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Time_for_Life_Pocket_PC_1.1.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Toaster_for_Foobar2000_0.1.6.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Treasure Manager 1.0.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\True Launcher 2.8.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\vCard_IFilter_1.1.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Vehicle_Assessment_Creator_1.01.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Volleyball_Scoreboard_Deluxe_1.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Volume_Snapshot_Manager_1.01.46_(Patch).zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Voxengo_Elephant_2.5_[Key+Serial].zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Wake_Up_News_2005_5.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Warcraft_III_-_Land_of_Myths_map.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Watcher1 2.00.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\WCup_2006_1.70.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Web Screen Saver Builder 5.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Win32 APIDOS 1.0.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\WinManager_1.11.2903.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Winter in Mountain - Animated Wallpaper 5.07.zip
        Deleted ! - C:\Documents and Settings\Mocktar\Application Data\m\shared\Wire_Pilot_1.02.zip
        Deleted ! - "C:\Documents and Settings\Mocktar\Application Data\m\shared"
        Deleted ! - "C:\Documents and Settings\Mocktar\Application Data\m"

        »»»» Supression files in C:\DOCUME~1\Mocktar\LOCALS~1\Temp


        »»»» Supression files in C:\Documents and Settings\Mocktar\Local Settings\Temporary Internet Files\Content.IE5

        Deleted ! - C:\Documents and Settings\Mocktar\Local Settings\Temporary Internet Files\Content.IE5\1YBH4GS2\50932BDCBF372B64239B9EB1297E8[1].jpg
        Deleted ! - C:\Documents and Settings\Mocktar\Local Settings\Temporary Internet Files\Content.IE5\1YBH4GS2\79AB64A8A77BD3CEE1575F9EB4F3E[1].jpg
        Deleted ! - C:\Documents and Settings\Mocktar\Local Settings\Temporary Internet Files\Content.IE5\1YBH4GS2\B2CF6E6BEBC16D70B64B6D5B378D87[1].jpg
        Deleted ! - C:\Documents and Settings\Mocktar\Local Settings\Temporary Internet Files\Content.IE5\52HBEW92\b64_1[1].jpg
        Deleted ! - C:\Documents and Settings\Mocktar\Local Settings\Temporary Internet Files\Content.IE5\6GGU9ABA\b64[1].jpg
        Deleted ! - C:\Documents and Settings\Mocktar\Local Settings\Temporary Internet Files\Content.IE5\6GGU9ABA\b64_1[1].jpg
        Deleted ! - C:\Documents and Settings\Mocktar\Local Settings\Temporary Internet Files\Content.IE5\6GGU9ABA\b64_3[1].jpg
        Deleted ! - C:\Documents and Settings\Mocktar\Local Settings\Temporary Internet Files\Content.IE5\6GGU9ABA\mxd[1].jpg
        Deleted ! - C:\Documents and Settings\Mocktar\Local Settings\Temporary Internet Files\Content.IE5\6GGU9ABA\mxd[2].jpg
        Deleted ! - C:\Documents and Settings\Mocktar\Local Settings\Temporary Internet Files\Content.IE5\6HQ38ULP\53C5F73672AF3C6CB6423A86E56[1].jpg
        Deleted ! - C:\Documents and Settings\Mocktar\Local Settings\Temporary Internet Files\Content.IE5\6HQ38ULP\b64[1].jpg
        Deleted ! - C:\Documents and Settings\Mocktar\Local Settings\Temporary Internet Files\Content.IE5\6HQ38ULP\b64[2].jpg
        Deleted ! - C:\Documents and Settings\Mocktar\Local Settings\Temporary Internet Files\Content.IE5\6HQ38ULP\b64_2[1].jpg
        Deleted ! - C:\Documents and Settings\Mocktar\Local Settings\Temporary Internet Files\Content.IE5\6HQ38ULP\b64_3[1].jpg
        Deleted ! - C:\Documents and Settings\Mocktar\Local Settings\Temporary Internet Files\Content.IE5\8382RZY6\b64[1].jpg
        Deleted ! - C:\Documents and Settings\Mocktar\Local Settings\Temporary Internet Files\Content.IE5\8382RZY6\mxd[1].jpg
        Deleted ! - C:\Documents and Settings\Mocktar\Local Settings\Temporary Internet Files\Content.IE5\CZIKHHXZ\b64[1].jpg
        Deleted ! - C:\Documents and Settings\Mocktar\Local Settings\Temporary Internet Files\Content.IE5\CZIKHHXZ\mxd[1].jpg
        Deleted ! - C:\Documents and Settings\Mocktar\Local Settings\Temporary Internet Files\Content.IE5\IFP6G6AX\b64[1].jpg
        Deleted ! - C:\Documents and Settings\Mocktar\Local Settings\Temporary Internet Files\Content.IE5\IFP6G6AX\b64_2[1].jpg
        Deleted ! - C:\Documents and Settings\Mocktar\Local Settings\Temporary Internet Files\Content.IE5\IFP6G6AX\b64_3[1].jpg
        Deleted ! - C:\Documents and Settings\Mocktar\Local Settings\Temporary Internet Files\Content.IE5\JLAZ2YAS\b64[1].jpg
        Deleted ! - C:\Documents and Settings\Mocktar\Local Settings\Temporary Internet Files\Content.IE5\JLAZ2YAS\b64[2].jpg
        Deleted ! - C:\Documents and Settings\Mocktar\Local Settings\Temporary Internet Files\Content.IE5\JLAZ2YAS\b64_1[1].jpg
        Deleted ! - C:\Documents and Settings\Mocktar\Local Settings\Temporary Internet Files\Content.IE5\JLAZ2YAS\b64_3[1].jpg
        Deleted ! - C:\Documents and Settings\Mocktar\Local Settings\Temporary Internet Files\Content.IE5\JLAZ2YAS\mxd[1].jpg
        Deleted ! - C:\Documents and Settings\Mocktar\Local Settings\Temporary Internet Files\Content.IE5\JLAZ2YAS\mxd[2].jpg
        Deleted ! - C:\Documents and Settings\Mocktar\Local Settings\Temporary Internet Files\Content.IE5\PXTKTZVQ\b64_2[1].jpg

        --------------- [ Registry / Infected keys ] ----------------

        Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
        Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
        Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
        Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
        Deleted ! - HKEY_USERS\S-1-5-21-1708537768-861567501-725345543-1003\Software\Local AppWizard-Generated Applications\winfilse

        --------------- [ States / Restarting of services ] ----------------

        +- Safe boot mode restored !


        +- Services : [ Auto=2 / Request=3 / Disable=4 ]

        Ndisuio - Type of startup = 3

        Ip6Fw - Type of startup = 2

        SharedAccess - Type of startup = 2

        wuauserv - Type of startup = 2

        wscsvc - Type of startup = 2


        --------------- [ Cleaning removable drives ] ----------------

        +- Informations :

        C: - Lecteur fixe

        D: - Lecteur fixe

        E: - Lecteur de CD-ROM

        L: - Lecteur fixe


        +- deleting files :

        Not deleted !! - E:\autorun.inf

        --------------- [ Registry / Mountpoint2 ] ----------------

        Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69ae2599-300e-11dd-b29e-00012e112301}\Shell\AutoRun\command

        --------------- [ Searching Cracks / Keygen ] ----------------

        C:\Documents and Settings\Mocktar\Mes documents\Downloads\_Fichiers re‡us\AVG Anti-Virus 8 Pro Cracked + key
        C:\Documents and Settings\Mocktar\Mes documents\Downloads\_Fichiers re‡us\pinnacle-studio-11-MAGNiTUDE-PAL-crack
        C:\Documents and Settings\Mocktar\Mes documents\Downloads\_Fichiers re‡us\Tweak-XP Pro v4.0.4 Full Crack & Serial.rar
        C:\Documents and Settings\Mocktar\Mes documents\Downloads\_Fichiers re‡us\AVG Anti-Virus 8 Pro Cracked + key\key.txt
        C:\Documents and Settings\Mocktar\Mes documents\Downloads\_Fichiers re‡us\AVG Anti-Virus 8 Pro Cracked + key\Please read me.txt
        C:\Documents and Settings\Mocktar\Mes documents\Downloads\_Fichiers re‡us\pinnacle-studio-11-MAGNiTUDE-PAL-crack\english-pinnacle studio 11 (PAL-crack).pdf
        C:\Documents and Settings\Mocktar\Mes documents\Downloads\_Fichiers re‡us\pinnacle-studio-11-MAGNiTUDE-PAL-crack\~uTorrentPartFile_250C2.dat


        ---------------- ! End of report ! ------------------
        0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. neor Messages postés 1119 Statut Membre 30
     
    on pleur pas c'est toi qui va venir poster un autre message comme quoi tu a un nouveau probleme ;)

    Télécharge HijackThis (outils de dignostic) ici :

    -> Fais un clic droit sur un des liens et choisi enregistrer la cible sous .... le bureau
    -> http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

    -> Fais un double-clic sur HJTInstall.exe afin de lancer l'installation

    -> Clique sur Install ensuite sur I Accept

    -> Clique sur Do a scan system and save log file

    -> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse
    0
    1. mocktar33
       
      Ouala la log HiJack :
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 22:02:41, on 09/12/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16735)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\system32\CTsvcCDA.EXE
      C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\PnkBstrA.exe
      C:\WINDOWS\system32\PnkBstrB.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
      C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
      C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\Search Settings\SearchSettings.exe
      C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
      C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
      C:\Program Files\D-Tools\daemon.exe
      C:\WINDOWS\system32\CTXFIHLP.EXE
      C:\WINDOWS\CTHELPER.EXE
      C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
      C:\Program Files\Softwin\BitDefender10\bdagent.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Winamp Remote\bin\OrbTray.exe
      C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
      C:\WINDOWS\system32\IcoSauve.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
      c:\program files\softwin\bitdefender10\bdmcon.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\taskmgr.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
      C:\Program Files\Softwin\BitDefender10\vsserv.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=66027
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66027
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66027
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
      O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
      O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
      O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
      O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
      O4 - HKLM\..\Run: [TweakDUN] C:\Program Files\TweakDUN\tweakdun.exe splash
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
      O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
      O4 - HKLM\..\Run: [QuickTime Task] "D:\Programes\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
      O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
      O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
      O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
      O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
      O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
      O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
      O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [TweakMeter] C:\Program Files\TweakDUN\TweakMeter.exe
      O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
      O4 - HKUS\S-1-5-19\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
      O4 - S-1-5-18 Startup: IcoSauve.lnk = C:\WINDOWS\system32\IcoSauve.exe (User 'SYSTEM')
      O4 - .DEFAULT Startup: IcoSauve.lnk = C:\WINDOWS\system32\IcoSauve.exe (User 'Default user')
      O4 - Startup: IcoSauve.lnk = C:\WINDOWS\system32\IcoSauve.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O8 - Extra context menu item: Crawler Search - tbr:iemenu
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
      O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O15 - Trusted Zone: http://a248.e.akmai.net
      O15 - Trusted Zone: http://*.bitdefender.com
      O15 - Trusted Zone: http://ssl-hints.netflame.cc
      O17 - HKLM\System\CCS\Services\Tcpip\..\{0D5D29E4-C3E7-4EF1-B207-BF6A5A2E9D18}: NameServer = 192.168.1.1
      O17 - HKLM\System\CCS\Services\Tcpip\..\{469B971B-8587-45EE-8375-3BFFA8EA1A4A}: NameServer = 192.168.1.1
      O17 - HKLM\System\CS1\Services\Tcpip\..\{0D5D29E4-C3E7-4EF1-B207-BF6A5A2E9D18}: NameServer = 192.168.1.1
      O17 - HKLM\System\CS2\Services\Tcpip\..\{0D5D29E4-C3E7-4EF1-B207-BF6A5A2E9D18}: NameServer = 192.168.1.1
      O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
      O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
      O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
      O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
      O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: OpenLDAP Directory Service (OpenLDAP-slapd) - Unknown owner - D:\DOMI\Trav\ldap\OPEN_LDAP\OpenLDAP\slapd.exe
      O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
      O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
      O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
      O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
      0
  7. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    - Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

    - Double-clique sur RSIT.exe afin de lancer le programme.

    - Clique sur Continue à l'écran Disclaimer.

    - Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

    - Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : Les rapports sont sauvegardés dans le dossier C:\rsit.
    0
    1. mocktar33
       
      Logfile of random's system information tool 1.04 (written by random/random)
      Run by Mocktar at 2008-12-09 22:42:03
      Microsoft Windows XP Professionnel Service Pack 2
      System drive C: has 14 GB (20%) free of 70 GB
      Total RAM: 2046 MB (67% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 22:42:03, on 09/12/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16735)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\system32\CTsvcCDA.EXE
      C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\PnkBstrA.exe
      C:\WINDOWS\system32\PnkBstrB.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
      C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
      C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\Search Settings\SearchSettings.exe
      C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
      C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
      C:\Program Files\D-Tools\daemon.exe
      C:\WINDOWS\system32\CTXFIHLP.EXE
      C:\WINDOWS\CTHELPER.EXE
      C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
      C:\Program Files\Softwin\BitDefender10\bdagent.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Winamp Remote\bin\OrbTray.exe
      C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
      C:\WINDOWS\system32\IcoSauve.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
      c:\program files\softwin\bitdefender10\bdmcon.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\taskmgr.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
      C:\Program Files\Softwin\BitDefender10\vsserv.exe
      C:\Program Files\Windows NT\Accessoires\wordpad.exe
      C:\Program Files\Winamp\winamp.exe
      C:\Documents and Settings\Mocktar\Bureau\RSIT.exe
      C:\Program Files\Trend Micro\HijackThis\Mocktar.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=66027
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66027
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66027
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
      O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
      O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
      O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
      O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
      O4 - HKLM\..\Run: [TweakDUN] C:\Program Files\TweakDUN\tweakdun.exe splash
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
      O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
      O4 - HKLM\..\Run: [QuickTime Task] "D:\Programes\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
      O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
      O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
      O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
      O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
      O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
      O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
      O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [TweakMeter] C:\Program Files\TweakDUN\TweakMeter.exe
      O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
      O4 - HKUS\S-1-5-19\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
      O4 - S-1-5-18 Startup: IcoSauve.lnk = C:\WINDOWS\system32\IcoSauve.exe (User 'SYSTEM')
      O4 - .DEFAULT Startup: IcoSauve.lnk = C:\WINDOWS\system32\IcoSauve.exe (User 'Default user')
      O4 - Startup: IcoSauve.lnk = C:\WINDOWS\system32\IcoSauve.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O8 - Extra context menu item: Crawler Search - tbr:iemenu
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
      O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O15 - Trusted Zone: http://a248.e.akmai.net
      O15 - Trusted Zone: http://*.bitdefender.com
      O15 - Trusted Zone: http://ssl-hints.netflame.cc
      O17 - HKLM\System\CCS\Services\Tcpip\..\{0D5D29E4-C3E7-4EF1-B207-BF6A5A2E9D18}: NameServer = 192.168.1.1
      O17 - HKLM\System\CCS\Services\Tcpip\..\{469B971B-8587-45EE-8375-3BFFA8EA1A4A}: NameServer = 192.168.1.1
      O17 - HKLM\System\CS1\Services\Tcpip\..\{0D5D29E4-C3E7-4EF1-B207-BF6A5A2E9D18}: NameServer = 192.168.1.1
      O17 - HKLM\System\CS2\Services\Tcpip\..\{0D5D29E4-C3E7-4EF1-B207-BF6A5A2E9D18}: NameServer = 192.168.1.1
      O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
      O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
      O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
      O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
      O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: OpenLDAP Directory Service (OpenLDAP-slapd) - Unknown owner - D:\DOMI\Trav\ldap\OPEN_LDAP\OpenLDAP\slapd.exe
      O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
      O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
      O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
      O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
      0
  8. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Peux-tu reposter le rapport info ?
    0
    1. mocktar33
       
      info.txt logfile of random's system information tool 1.04 2008-12-09 22:42:05

      ======Uninstall list======

      -->"C:\Program Files\Creative\Sound Blaster X-Fi\Program\SETUP.EXE" /S /U /W /L:FRN
      -->"C:\Program Files\InstallShield Installation Information\{F37167DD-4436-4641-90B6-329D60632DDA}\Setup.exe" REMOVEALL --u:{F37167DD-4436-4641-90B6-329D60632DDA}
      -->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
      -->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
      -->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
      -->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
      -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
      -->C:\WINDOWS\UNRecode.exe /UNINSTALL
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06E3E953-0570-4DFF-A7B5-46114C390228}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06E3E953-0570-4DFF-A7B5-46114C390228}\setup.exe" -l0x40c /remove
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x40c /remove
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E5AA361-4B16-4282-B639-9E5B2B6A2EC8}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E5AA361-4B16-4282-B639-9E5B2B6A2EC8}\setup.exe" -l0x40c /remove
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x40c /remove
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x40c /remove
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EF644C7-1A0D-4B94-9AF5-AD04702094A4}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EF644C7-1A0D-4B94-9AF5-AD04702094A4}\setup.exe" -l0x40c /remove
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25E6EB3A-F696-41AB-96B6-D76ECE6446BF}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25E6EB3A-F696-41AB-96B6-D76ECE6446BF}\setup.exe" -l0x40c /remove
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x40c /remove
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32903944-19A2-418C-901D-4BBAF4C55ABA}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32903944-19A2-418C-901D-4BBAF4C55ABA}\setup.exe" -l0x40c /remove
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44267176-A318-447F-A62A-0A5FD608C34F}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44267176-A318-447F-A62A-0A5FD608C34F}\setup.exe" -l0x40c /remove
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D8AA0B4-E890-4BF7-A9D1-8E63027E76D3}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D8AA0B4-E890-4BF7-A9D1-8E63027E76D3}\setup.exe" -l0x40c /remove
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x40c /remove
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6349CEE9-19F2-49D9-AC9D-B0350E3CBDB1}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6349CEE9-19F2-49D9-AC9D-B0350E3CBDB1}\setup.exe" -l0x40c /remove
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BF90A01-FA3F-42B9-A071-7D744409967E}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BF90A01-FA3F-42B9-A071-7D744409967E}\setup.exe" -l0x40c /remove
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c /remove
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x40c /remove
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AFFF09F-386B-4F7A-B3E0-EC24C13893AA}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AFFF09F-386B-4F7A-B3E0-EC24C13893AA}\setup.exe" -l0x40c /remove
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x40c /remove
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x40c /remove
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x40c /remove
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B026740-A400-48FF-8F6B-B37C4F61C937}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B026740-A400-48FF-8F6B-B37C4F61C937}\setup.exe" -l0x40c /remove
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B20EB9BE-3795-47BA-BDD6-889593E8FD55}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B20EB9BE-3795-47BA-BDD6-889593E8FD55}\setup.exe" -l0x40c /remove
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B49BCFF0-64CC-4E0E-AD9D-91BFBD344BAE}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B49BCFF0-64CC-4E0E-AD9D-91BFBD344BAE}\setup.exe" -l0x40c /remove
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5AF6143-E738-4768-A5E6-C07C68A464A4}\setup.exe" -l0x9
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5AF6143-E738-4768-A5E6-C07C68A464A4}\setup.exe" -l0x9 /remove
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8DA9EB2-DBEF-4F0A-B90A-45B77D9E65B2}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8DA9EB2-DBEF-4F0A-B90A-45B77D9E65B2}\setup.exe" -l0x40c /remove
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x40c /remove
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C229589D-CC1A-43FF-9507-CDED3AB85325}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C229589D-CC1A-43FF-9507-CDED3AB85325}\setup.exe" -l0x40c /remove
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x40c /remove
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D8A544F4-AC5F-4B67-9C74-F3E976798797}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D8A544F4-AC5F-4B67-9C74-F3E976798797}\setup.exe" -l0x40c /remove
      -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
      Ad-Aware 2007-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
      Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
      Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
      Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
      Adobe Shockwave Player-->MsiExec.exe /X{A7DB362E-16DC-4E29-8A34-E74381E00B5B}
      AeroFly Professional Deluxe-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B3E5A90-1F6E-4FAF-B84F-C306C8A80809}\setup.exe" -l0x40c
      AeroFly Professional-->MsiExec.exe /X{46679384-47C9-11D6-AF34-0050BF37F188}
      AliveBox-->"C:\Program Files\AliveBox\uninstall.exe"
      Apple Mobile Device Support-->MsiExec.exe /I{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}
      Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
      Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
      AVS Audio Converter version 5.1-->"C:\Program Files\AVS4YOU\AVSAudioConverter\unins000.exe"
      AVS Video Converter 6-->"C:\Program Files\AVS4YOU\AVSVideoConverter6\unins000.exe"
      AVS Video Editor 4-->"C:\Program Files\AVS4YOU\AVSVideoEditor4\unins000.exe"
      AVS4YOU Software Navigator 1.3-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
      BitDefender Free Edition v10-->MsiExec.exe /I{CEFC581D-BEAE-4F75-989E-BD931970D8AD}
      Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
      Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch-->C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
      Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x040c
      Client Windows Rights Management avec Service Pack 2-->MsiExec.exe /X{1D13221B-42DE-4B3C-A43F-0F6AF3CF3DA2}
      Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
      Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
      Correctif Windows XP - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
      Crawler Toolbar-->C:\PROGRA~1\Crawler\CToolbar.exe uninst
      Creative MediaSource-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\SETUP.EXE" -l0x40c /remove
      DAEMON Tools-->MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
      easyFly/PiccoFly-->C:\WINDOWS\IsUn040c.exe -fd:\E_Fly\Uninst.isu
      eMule-->"C:\Program Files\eMule\Uninstall.exe"
      FairUse Wizard 2 LE-->"C:\Program Files\FairUse Wizard 2\un_FU-Setup_14333.exe"
      Favorit-->"c:\documents and settings\mocktar\local settings\application data\rcvfcv.exe" -uninstall
      FindyKill-->C:\Program Files\FindyKill\Uninstal.exe
      Flugsimulator für WASP-->C:\WINDOWS\unvise32.exe d:\domi\fms\uninstal.log
      FMS-->D:\DOMI\FMS\FMS_prg\Uninstall.exe
      Free Video Converter V 1.4-->"C:\Program Files\Free Video Converter\unins000.exe"
      Frets On Fire-->"C:\Program Files\Frets on Fire\Uninstall.exe"
      Galerie de photos Windows Live-->MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}
      HijackThis 2.0.2-->"L:\te\HijackThis.exe" /uninstall
      Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
      Install(US)2-->C:\Program Files\InstallShield Installation Information\{8A4D41F3-3EDA-4DAC-9403-839708EA0667}\setup.exe -runfromtemp -l0x0009 -removeonly
      InterVideo WinDVD 8-->C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x040c
      iTunes-->MsiExec.exe /I{EF6C4600-306D-4F6A-A119-C2A877D25B4A}
      Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
      K-Lite Codec Pack 3.8.0 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
      Les Sims 2-->C:\Program Files\EA GAMES\Les Sims 2\EAUninstall.exe
      LimeWire PRO 4.17.1-->"C:\Program Files\LimeWire\uninstall.exe"
      Ma-Config.com-->MsiExec.exe /X{DD987A54-122B-4CFD-A8C5-5577027A6B78}
      MediaCoder 0.6.1-->C:\Program Files\MediaCoder\uninst.exe
      Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
      Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
      Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
      Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
      Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
      Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF040C-6000-11D3-8CFE-0150048383C9}
      Microsoft Office XP Professional-->MsiExec.exe /I{9211040C-6000-11D3-8CFE-0050048383C9}
      Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
      Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
      Microsoft Windows Media Video 9 VCM-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmv9vcm.inf, Uninstall
      Migo-->C:\Documents and Settings\Mocktar\Application Data\Powerhouse\Migo\MigoCleanup.exe
      Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
      Mise à jour pour Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
      Mise à jour pour Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
      Mise à jour pour Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
      Mise à jour pour Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
      Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
      Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
      Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
      MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
      MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
      MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
      MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{97AA1F3C-DD64-4AA6-AEC5-F8F9F4CC21C5}
      Navilog1 3.6.9-->"C:\Program Files\Navilog1\unins000.exe"
      NCH Toolbox-->C:\Program Files\NCH Swift Sound\ToolBox\uninst.exe
      Nero 7 Essentials-->MsiExec.exe /X{81CD6232-10F5-4832-B3DA-1B88B1571036}
      NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
      OpenLDAP-->"D:\DOMI\Trav\ldap\OPEN_LDAP\OpenLDAP\uninst\unins000.exe"
      Parallel Port Joystick-->C:\WINDOWS\unvise32.exe C:\Program Files\Parallel Port Joystick\uninstal.log
      PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
      Prism Video Converter-->C:\Program Files\NCH Software\Prism\uninst.exe
      QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
      RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
      Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
      Search Settings 1.2-->MsiExec.exe /X{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}
      Sound Blaster X-Fi-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}\SETUP.EXE" -l0x40c /remove
      Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
      SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
      Switch Sound File Converter-->C:\Program Files\NCH Swift Sound\Switch\uninst.exe
      TweakDUN v3.0-->C:\PROGRA~1\TweakDUN\UNWISE.EXE C:\PROGRA~1\TweakDUN\INSTALL.LOG
      Tweak-XP Pro 4-->C:\WINDOWS\iun6002.exe "C:\Program Files\Tweak-XP Pro 4\irunin.ini"
      Virtual DJ - Atomix Productions-->C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
      VirtualDubMOD 1.5.10.3 Fr-->"C:\Program Files\VirtualDubMOD\unins000.exe"
      ViVi MP4 Converter 2.1-->"C:\Program Files\ViVi MP4 Converter 2.1\unins000.exe"
      Winamp Remote-->"C:\Program Files\Winamp Remote\uninstall.exe"
      Winamp Toolbar for Firefox-->"C:\Documents and Settings\Mocktar\Application Data\Mozilla\Firefox\Profiles\avd8zkrl.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe"
      Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
      Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
      Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
      Windows Live Mail-->MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}
      Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
      Windows Live Writer-->MsiExec.exe /X{3DFF4274-EBB0-4356-9692-972965018954}
      WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
      Xilisoft MP4 Converter-->C:\Program Files\Xilisoft\MP4 Converter 3\Uninstall.exe

      Securitycenter WMI appears to be broken

      ======Environment variables======

      "ComSpec"=%SystemRoot%\system32\cmd.exe
      "Path"=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\system32\WindowsPowerShell\v1.0;D:\Programes\QuickTime\QTSystem\
      "windir"=%SystemRoot%
      "FP_NO_HOST_CHECK"=NO
      "OS"=Windows_NT
      "PROCESSOR_ARCHITECTURE"=x86
      "PROCESSOR_LEVEL"=15
      "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
      "PROCESSOR_REVISION"=2f02
      "NUMBER_OF_PROCESSORS"=1
      "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1
      "TEMP"=%SystemRoot%\TEMP
      "TMP"=%SystemRoot%\TEMP
      "DEVMGR_SHOW_DETAILS"=1
      "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
      "QTJAVA"=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
      "MIGO_DRIVE"=J

      -----------------EOF-----------------
      0
  9. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    ---> Désinstalle Crawler Toolbar, FindyKill et Search Settings 1.2.

    --> Télécharge UsbFix (de Chiquitine29) sur ton Bureau :
    http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe

    --> Lance l'installation avec les paramètres par défaut.

    --> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.

    --> Double-clique sur le raccourci UsbFix sur ton Bureau.

    --> Choisis l'option 1 (Nettoyage).

    --> Le PC va redémarrer.

    --> Après redémarrage, poste le rapport UsbFix.txt

    Note : le rapport UsbFix.txt est sauvegardé à la racine du disque.

    (Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide)
    0
    1. mocktar33
       
      -------------- UsbFix V2.413.3 ---------------

      * User : Mocktar - ZORGLUB-54DB2B4
      * Outils mis a jours le 06/12/2008 par Chiquitine29 et Chimay8
      * Recherche effectuée à 23:15:20 le 09/12/2008
      * Windows Xp - Internet Explorer 7.0.5730.11


      --------------- [ Processus actifs ] ----------------


      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\system32\CTsvcCDA.EXE
      C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\PnkBstrA.exe
      C:\WINDOWS\system32\userinit.exe
      C:\WINDOWS\system32\PnkBstrB.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
      C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
      C:\DOCUME~1\Mocktar\LOCALS~1\Temp\1.tmp\b2e.exe
      C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
      C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
      C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
      C:\Program Files\D-Tools\daemon.exe
      C:\WINDOWS\system32\CTXFIHLP.EXE
      C:\WINDOWS\CTHELPER.EXE
      C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
      C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
      C:\Program Files\Softwin\BitDefender10\bdmcon.exe
      C:\Program Files\Softwin\BitDefender10\bdagent.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\TweakDUN\TweakMeter.exe
      C:\Program Files\Winamp Remote\bin\OrbTray.exe
      C:\WINDOWS\system32\IcoSauve.exe
      C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
      C:\Program Files\Fichiers communs\InstallShield\UpdateService\agent.exe

      --------------- [ Informations lecteurs ] ----------------

      C: - Lecteur fixe

      D: - Lecteur fixe

      E: - Lecteur de CD-ROM

      L: - Lecteur fixe


      +- Contenu de l'autorun : E:\autorun.inf

      [autorun]
      open=flyrun.exe easyfly BUNDLE
      icon=easyfly.ico


      --------------- [ Lecteur C ] ----------------

      C: - Lecteur fixe


      +- Listing des fichiers présents :

      [03/08/2004 23:38][-rahs----] C:\NTDETECT.COM
      [08/12/2008 00:01][--a------] C:\b.EXE
      [08/12/2008 00:01][--a------] C:\UNWISE.EXE
      [08/12/2008 00:13][--a------] C:\boot.ini
      [07/12/2008 23:56][--a------] C:\bitdefender_scan_online.txt
      [07/12/2008 23:56][--a------] C:\FindyKill.txt
      [07/12/2008 23:56][--a------] C:\fixnavi.txt
      [07/12/2008 23:56][--a------] C:\UsbFix.txt
      [07/12/2008 23:56][--a------] C:\VundoFix.txt
      [07/12/2008 23:56][--a------] C:\XP_Version.txt
      [11/01/2008 22:07][--a------] C:\CONFIG.SYS
      [11/01/2008 22:07][--a------] C:\IO.SYS
      [11/01/2008 22:07][--a------] C:\MSDOS.SYS
      [11/01/2008 22:07][--a------] C:\pagefile.sys

      --------------- [ Lecteur D ] ----------------

      D: - Lecteur fixe


      +- Listing des fichiers présents :


      --------------- [ Lecteur E ] ----------------

      E: - Lecteur de CD-ROM


      +- Listing des fichiers présents :

      [06/11/2000 10:22][-r-------] E:\Setup.exe
      [06/11/2000 10:22][-r-------] E:\_ISDel.exe
      [06/11/2000 10:22][-r-------] E:\flyrun.exe
      [06/11/2000 10:18][-r-------] E:\SETUP.INI
      [06/11/2000 10:22][-r-------] E:\autorun.inf

      --------------- [ Lecteur L ] ----------------

      L: - Lecteur fixe


      +- Listing des fichiers présents :

      [19/11/2003 09:08][--a------] L:\cuteprinter.exe
      [19/11/2003 09:08][--a------] L:\emule_emule_0.47a_francais_10876.exe
      [19/11/2003 09:08][--a------] L:\IP32Fra.exe
      [19/11/2003 09:08][--a------] L:\StubInstaller.exe
      [19/11/2003 09:08][--a------] L:\WDSync.exe
      [06/12/2008 12:04][--a------] L:\WGA_Remove.txt

      --------------- [ Registre / Startup ] ----------------

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
      "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Search Page"="https://www.google.fr/?gws_rd=ssl"
      "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
      ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
      TweakMeter=C:\Program Files\TweakDUN\TweakMeter.exe
      SUPERAntiSpyware=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      SpybotSD TeaTimer=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      Orb="C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
      MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      Creative Detector="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
      AudioDrvEmulator="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
      VolPanel="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
      UpdReg=C:\WINDOWS\UpdReg.EXE
      TweakDUN=C:\Program Files\TweakDUN\tweakdun.exe splash
      TkBellExe="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      RCSystem="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
      QuickTime Task="D:\Programes\QuickTime\QTTask.exe" -atboottime
      nwiz=nwiz.exe /install
      NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      NeroFilterCheck=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
      iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
      ISUSPM="C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
      DAEMON Tools-1033="C:\Program Files\D-Tools\daemon.exe" -lang 1033
      CTxfiHlp=CTXFIHLP.EXE
      CTHelper=CTHELPER.EXE
      CTDVDDET="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
      AppleSyncNotifier=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
      BDMCon="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
      BDAgent="C:\Program Files\Softwin\BitDefender10\bdagent.exe"
      HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
      HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
      Installed=1
      HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
      Installed=1
      NoChange=1
      HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
      Installed=1

      --------------- [ Registre / Mountpoint2 ] ----------------

      Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ef71062-c1fc-11dd-a2cd-00012e112301}\Shell\AutoRun\command
      Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{86b6b762-5ef6-11dd-b2e7-00012e112301}\Shell\AutoRun\command
      Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88c7cf34-6e0d-11dd-b2fd-00012e112301}\Shell\AutoRun\command

      --------------- [ Nettoyage des disques ] ----------------

      Supprimé ! - [08/12/2008 00:01][--a------] C:\b.exe
      Echec de la supression !! - [06/11/2000 10:22] E:\autorun.inf
      Echec de la supression !! - [06/11/2000 10:22] E:\autorun.inf
      Echec de la supression !! - [06/11/2000 10:22] E:\autorun.inf
      Supprimé ! - [29/01/2007 09:30][d--------] L:\AutoRun

      --------------- [ Resumé ] ----------------

      -> /!\ Le resultat doit etre interprété par un spécialiste /!\

      [03/08/2004 23:38][-rahs----] C:\NTDETECT.COM
      [24/05/2001 11:59][--a------] C:\UNWISE.EXE
      [08/12/2008 00:13][--a------] C:\boot.ini
      [06/11/2000 10:22][-r-------] E:\Setup.exe
      [06/11/2000 10:22][-r-------] E:\_ISDel.exe
      [06/11/2000 10:22][-r-------] E:\flyrun.exe
      [06/11/2000 10:18][-r-------] E:\SETUP.INI
      [06/11/2000 10:22][-r-------] E:\autorun.inf
      [19/11/2003 09:08][--a------] L:\cuteprinter.exe
      [19/11/2003 09:08][--a------] L:\emule_emule_0.47a_francais_10876.exe
      [19/11/2003 09:08][--a------] L:\IP32Fra.exe
      [19/11/2003 09:08][--a------] L:\StubInstaller.exe
      [19/11/2003 09:08][--a------] L:\WDSync.exe

      --------------- ! Fin du rapport ! ----------------
      0
  10. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    ---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
    ---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
    ---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
    ---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
    ---> Sélectionne Exécuter un examen rapide.
    ---> Clique sur Rechercher. L'analyse démarre.

    A la fin de l'analyse, un message s'affiche :

    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

    ---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
    ---> Ferme tes navigateurs.
    Si des malwares ont été détectés, clique sur Afficher les résultats.
    ---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
    ---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
    0
    1. mocktar33
       
      Merci pour ta patience Destrio5, ci-dessous la log. Pour moi it's time to go to bed. A+ pour de nouvelles aventures

      Malwarebytes' Anti-Malware 1.31
      Version de la base de données: 1478
      Windows 5.1.2600 Service Pack 2

      09/12/2008 23:38:19
      mbam-log-2008-12-09 (23-38-19).txt

      Type de recherche: Examen rapide
      Eléments examinés: 51938
      Temps écoulé: 2 minute(s), 59 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 6
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 4

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      C:\Documents and Settings\Mocktar\Local Settings\Application Data\rcvfcv_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Mocktar\Local Settings\Application Data\rcvfcv_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Mocktar\Local Settings\Application Data\rcvfcv.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Mocktar\Local Settings\Application Data\rcvfcv.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
      0
  11. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    - Télécharge Navilog1 (de IL-MAFIOSO) et enregistre-le sur le bureau :
    http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

    - Double-clique sur Navilog1.exe afin de lancer l'installation

    - Si le fix ne se lance pas automatiquement après son installation, double-clique sur Navilog1 présent sur le bureau

    - Appuie sur F ou f puis valide par Entrée

    - Appuie sur une touche de ton clavier à chaque fois que cela est demandé, tu arriveras au menu des options

    - Choisis l'option 1 et appuie sur la touche Entrée pour valider ton choix

    - Patiente jusqu'au message : *** Analyse terminée le ..... ***

    - Le scan fini, le bloc-notes contenant le rapport sera affiché, poste le contenu de ce rapport dans ta prochaine réponse

    - Si le résultat du scan ne s'affiche pas, tu le trouveras dans C:\fixnavi.txt

    N'utilise pas l'option 2, 3 et 4 sans notre accord, des fichiers légitimes peuvent être inclus dans ce scan.
    0
    1. mocktar33
       
      Bonsoir Destrio5,
      En avant vers de nouvelles aventures :
      Search Navipromo version 3.6.9 commencé le 10/12/2008 à 21:26:46,60

      !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
      !!! Postez ce rapport sur le forum pour le faire analyser !!!
      !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

      Outil exécuté depuis C:\Program Files\navilog1
      Session actuelle : "Mocktar"

      Mise à jour le 05.11.2008 à 21h00 par IL-MAFIOSO


      Microsoft Windows XP [version 5.1.2600]
      Internet Explorer : 7.0.5730.11
      Système de fichiers : NTFS

      Recherche executé en mode normal

      *** Recherche Programmes installés ***

      Favorit

      *** Recherche dossiers dans "C:\WINDOWS" ***


      *** Recherche dossiers dans "C:\Program Files" ***


      *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


      *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


      *** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


      *** Recherche dossiers dans "C:\Documents and Settings\Mocktar\applic~1" ***


      *** Recherche dossiers dans "C:\Documents and Settings\Mocktar\locals~1\applic~1" ***


      *** Recherche dossiers dans "C:\Documents and Settings\Mocktar\menudm~1\progra~1" ***


      *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
      pour + d'infos : http://www.gmer.net



      *** Recherche avec GenericNaviSearch ***
      !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
      !!! A vérifier impérativement avant toute suppression manuelle !!!

      * Recherche dans "C:\WINDOWS\system32" *

      * Recherche dans "C:\Documents and Settings\Mocktar\locals~1\applic~1" *



      *** Recherche fichiers ***



      *** Recherche clés spécifiques dans le Registre ***

      HKEY_CURRENT_USER\Software\Lanconfig trouvé !

      *** Module de Recherche complémentaire ***
      (Recherche fichiers spécifiques)

      1)Recherche nouveaux fichiers Instant Access :


      2)Recherche Heuristique :

      * Dans "C:\WINDOWS\system32" :


      * Dans "C:\Documents and Settings\Mocktar\locals~1\applic~1" :


      3)Recherche Certificats :

      Certificat Egroup absent !
      Certificat Electronic-Group absent !
      Certificat Montorgueil absent !
      Certificat OOO-Favorit absent !
      Certificat Sunny-Day-Design-Ltd absent !

      4)Recherche fichiers connus :

      C:\WINDOWS\system32\iehvbbfw.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
      C:\WINDOWS\system32\yifmfyef.ini2 trouvé ! infection Vundo possible non traitée par cet outil !


      *** Analyse terminée le 10/12/2008 à 21:29:53,12 ***
      0
  12. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    1/

    ---> Relance Navilog1, fais l'option 2 et poste le rapport.

    2/

    ---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    /!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

    ---> Double-clique sur Combofix.exe
    Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
    Accepte en cliquant sur "Oui"

    ---> Je te conseille vivement d'installer la Console de récupération.

    ---> Mets-le en langue française F
    Tape sur la touche 1 (Yes) pour démarrer le scan.

    /!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

    En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

    Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

    /!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

    Note : Le rapport se trouve également là : C:\ComboFix\Combofix.txt
    0
    1. mocktar33
       
      ComboFix 08-12-09.03 - Mocktar 2008-12-10 21:58:14.1 - NTFSx86
      Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1438 [GMT 1:00]
      Lancé depuis: c:\documents and settings\Mocktar\Bureau\ComboFix.exe
      * Un nouveau point de restauration a été créé
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:\program files\Windows Live\Messenger\msimg32.dll
      c:\windows\system32\cgvlehnm.ini
      c:\windows\system32\epwvlymr.ini
      c:\windows\system32\fowgwbrg.ini
      c:\windows\system32\hybvvgiu.ini
      c:\windows\system32\iehvbbfw.ini
      c:\windows\system32\iehvbbfw.ini2
      c:\windows\system32\iehvbbfw.tmp
      c:\windows\system32\yifmfyef.ini
      c:\windows\system32\yifmfyef.ini2
      c:\windows\system32\yifmfyef.tmp

      .
      ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-10 au 2008-12-10 ))))))))))))))))))))))))))))))))))))
      .

      2008-12-09 23:31 . 2008-12-09 23:31 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
      2008-12-09 23:31 . 2008-12-09 23:31 <REP> d-------- c:\documents and settings\Mocktar\Application Data\Malwarebytes
      2008-12-09 23:31 . 2008-12-09 23:31 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
      2008-12-09 23:31 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
      2008-12-09 23:31 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
      2008-12-09 23:09 . 2008-12-09 23:15 <REP> d-------- c:\program files\UsbFix
      2008-12-09 22:42 . 2008-12-09 22:42 <REP> d-------- C:\rsit
      2008-12-09 22:02 . 2008-12-09 22:02 <REP> d-------- c:\program files\Trend Micro
      2008-12-08 22:39 . 2008-12-10 21:59 81,984 --a------ c:\windows\system32\bdod.bin
      2008-12-08 22:36 . 2008-12-08 22:41 <REP> d-------- c:\windows\system32\CatRoot_bak
      2008-12-08 22:35 . 2008-12-08 22:35 <REP> d-------- c:\documents and settings\Mocktar\Application Data\Bitdefender
      2008-12-08 22:34 . 2008-12-08 22:34 <REP> d-------- c:\program files\Softwin
      2008-12-08 22:34 . 2008-12-08 22:34 <REP> d-------- c:\documents and settings\All Users\Application Data\BitDefender
      2008-12-08 22:33 . 2008-12-08 22:34 <REP> d-------- c:\program files\Fichiers communs\Softwin
      2008-12-08 22:29 . 2008-06-14 18:59 272,768 --------- c:\windows\system32\drivers\bthport.sys
      2008-12-08 22:29 . 2008-06-14 18:59 272,768 -----c--- c:\windows\system32\dllcache\bthport.sys
      2008-12-08 22:26 . 2008-10-24 12:25 455,936 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
      2008-12-08 21:33 . 2008-12-09 23:06 <REP> d-------- c:\program files\FindyKill
      2008-12-08 07:46 . 2008-12-08 07:46 <REP> d-------- c:\windows\system32\NtmsData
      2008-12-07 22:30 . 2008-12-07 23:54 <REP> d-------- c:\windows\BDOSCAN8
      2008-12-07 16:49 . 2008-12-07 16:49 8,188 --a------ C:\kaspersky.lst.html
      2008-12-06 23:54 . 2008-12-07 12:48 <REP> d-------- c:\program files\eMule
      2008-12-03 14:49 . 2008-12-03 14:49 <REP> d-------- c:\program files\Common Files
      2008-12-03 14:49 . 2003-07-19 16:17 5,174 --a------ c:\windows\system32\nppt9x.vxd
      2008-12-03 14:49 . 2005-01-03 07:43 4,682 --a------ c:\windows\system32\npptNT2.sys
      2008-12-02 18:10 . 2008-12-02 18:10 <REP> d-------- C:\AeriaGames
      2008-12-02 18:02 . 2008-12-02 18:02 <REP> d-------- c:\documents and settings\Mocktar\Application Data\InstallShield
      2008-11-29 21:57 . 2008-12-10 21:30 <REP> d-------- c:\program files\Navilog1
      2008-11-26 22:56 . 2008-11-26 22:56 225 --a------ c:\windows\wininit.ini
      2008-11-26 15:19 . 2008-12-06 00:09 <REP> d-------- c:\program files\Free Video Converter
      2008-11-26 14:56 . 2006-03-03 10:02 658,432 --a------ c:\windows\system32\cc3270mt.dll
      2008-11-26 14:17 . 2008-11-26 15:13 <REP> d-------- c:\documents and settings\Mocktar\Application Data\AVS4YOU
      2008-11-26 14:17 . 2008-11-26 14:17 <REP> d-------- c:\documents and settings\All Users\Application Data\AVS4YOU
      2008-11-26 14:15 . 2008-11-26 14:16 <REP> d-------- c:\program files\Fichiers communs\AVSMedia
      2008-11-26 14:15 . 2008-11-26 15:13 <REP> d-------- c:\program files\AVS4YOU
      2008-11-26 14:15 . 2008-07-11 11:52 1,700,352 --a------ c:\windows\system32\GdiPlus.dll
      2008-11-26 14:15 . 2003-05-21 23:50 24,576 --a------ c:\windows\system32\msxml3a.dll
      2008-11-25 23:28 . 2008-11-29 16:09 <REP> d-------- C:\Temp
      2008-11-25 23:27 . 2008-11-25 23:27 <REP> d-------- c:\program files\Xilisoft
      2008-11-24 22:01 . 2004-06-26 15:22 6,016 --a------ c:\windows\system32\drivers\vnccom.SYS
      2008-11-24 22:01 . 2008-11-24 22:01 131 --a------ c:\windows\system32\'
      2008-11-24 21:58 . 2008-12-08 07:31 <REP> d-------- c:\program files\UltraVNC
      2008-11-24 21:58 . 2005-06-11 00:02 12,800 --a------ c:\windows\system32\vncdrv.dll
      2008-11-24 21:58 . 2004-06-26 15:21 5,760 --a------ c:\windows\system32\vnchelp.dll
      2008-11-24 21:58 . 2004-06-26 15:22 4,736 --a------ c:\windows\system32\drivers\vncdrv.sys
      2008-11-21 21:35 . 2008-11-21 21:36 <REP> d-------- c:\program files\AliveBox
      2008-11-15 23:08 . 2008-11-15 23:08 <REP> d-------- c:\documents and settings\Mocktar\.pentaho-meta
      2008-11-12 21:00 . 2008-11-12 21:00 <REP> d-------- c:\documents and settings\Mocktar\.tonbeller
      2008-11-12 21:00 . 2008-11-12 21:00 <REP> d-------- c:\documents and settings\Mocktar\.pentaho
      2008-11-12 21:00 . 2008-11-12 21:00 <REP> d-------- c:\documents and settings\Mocktar\.jfreereport
      2008-11-11 22:25 . 2003-01-23 20:27 90,112 -ra------ c:\windows\system32\SilSupp.cpl
      2008-11-11 22:25 . 2008-08-20 18:27 19,240 --a------ c:\windows\system32\drivers\SiWinAcc.sys
      2008-11-11 14:58 . 2008-11-11 14:58 <REP> d--h----- c:\windows\PIF
      2008-11-11 14:58 . 2008-11-11 14:58 <REP> d-------- c:\program files\ma-config.com
      2008-11-11 14:58 . 2008-11-11 14:58 <REP> d-------- c:\documents and settings\All Users\Application Data\ma-config.com
      2008-11-11 12:49 . 2008-11-15 23:05 <REP> d-------- c:\documents and settings\Mocktar\.kettle

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-12-09 20:07 --------- d-----w c:\documents and settings\Mocktar\Application Data\uTorrent
      2008-12-08 21:38 --------- d-----w c:\program files\Windows Live
      2008-12-08 21:20 --------- d-----w c:\program files\Dealio
      2008-12-08 06:33 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
      2008-12-06 23:14 --------- d-----w c:\documents and settings\Mocktar\Application Data\LimeWire
      2008-12-02 17:10 --------- d--h--w c:\program files\InstallShield Installation Information
      2008-11-30 14:49 --------- d-----w c:\program files\Dofus
      2008-11-26 21:56 --------- d-----w c:\program files\Everest Poker
      2008-11-03 16:54 --------- d-----w c:\program files\Parallel Port Joystick
      2008-11-01 16:08 --------- d-----w c:\documents and settings\Mocktar\Application Data\Apple Computer
      2008-10-24 11:25 455,936 ----a-w c:\windows\system32\drivers\mrxsmb.sys
      2008-10-13 19:35 --------- d-----w c:\program files\Exalead
      2008-01-11 23:23 22,328 ----a-w c:\documents and settings\Mocktar\Application Data\PnkBstrK.sys
      2008-01-11 21:11 16,384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat
      2008-01-11 21:11 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
      2008-01-11 21:11 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008011120080112\index.dat
      2008-01-11 21:11 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
      .

      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
      "TweakMeter"="c:\program files\TweakDUN\TweakMeter.exe" [2001-09-21 790528]
      "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-08 1510640]
      "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-12-08 1833296]
      "Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 495616]
      "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
      "VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880]
      "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
      "TweakDUN"="c:\program files\TweakDUN\tweakdun.exe" [2001-09-19 720896]
      "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-01-20 185896]
      "RCSystem"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
      "QuickTime Task"="d:\programes\QuickTime\QTTask.exe" [2008-05-27 413696]
      "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
      "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
      "NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-02-26 153136]
      "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
      "ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
      "DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
      "CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
      "AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
      "BDMCon"="c:\program files\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 290816]
      "BDAgent"="c:\program files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 69632]
      "nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe]
      "CTxfiHlp"="CTXFIHLP.EXE" [2005-08-07 c:\windows\system32\CTXFIHLP.EXE]
      "CTHelper"="CTHELPER.EXE" [2005-08-07 c:\windows\CTHELPER.EXE]

      c:\documents and settings\Mocktar\Menu D‚marrer\Programmes\D‚marrage\
      IcoSauve.lnk - c:\windows\system32\IcoSauve.exe [2008-01-11 112128]

      c:\documents and settings\Mocktar\Menu D‚marrer\Programmes\D‚marrage\
      IcoSauve.lnk - c:\windows\system32\IcoSauve.exe [2008-01-11 112128]

      c:\documents and settings\Mocktar\Menu D‚marrer\Programmes\D‚marrage\
      IcoSauve.lnk - c:\windows\system32\IcoSauve.exe [2008-01-11 112128]

      c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
      Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "SynchronousMachineGroupPolicy"= 0 (0x0)
      "SynchronousUserGroupPolicy"= 0 (0x0)

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
      "ForceClassicControlPanel"= 1 (0x1)
      "NoSimpleStartMenu"= 0 (0x0)

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "NoStrCmpLogical"= 0 (0x0)
      "NoResolveTrack"= 0 (0x0)
      "NoSMMyPictures"= 0 (0x0)
      "MaxRecentDocs"= 15 (0xf)
      "MemCheckBoxInRunDlg"= 1 (0x1)
      "NoSMBalloonTip"= 0 (0x0)
      "DisallowCpl"= 1 (0x1)

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
      "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
      2007-04-19 12:41 294912 c:\program files\SUPERAntiSpyware\SASWINLO.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "AppInit_DLLs"=sockspy.dll

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)
      "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\Program Files\\uTorrent\\uTorrent.exe"=
      "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
      "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
      "c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
      "c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
      "c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
      "d:\\JEUX\\Call of Duty 4\\iw3mp.exe"=
      "c:\\Program Files\\LimeWire\\LimeWire.exe"=
      "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
      "c:\\Program Files\\iTunes\\iTunes.exe"=

      R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-05-13 8944]
      R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-05-13 55024]
      R2 ramdisk;AR Soft RAM Disk Service;c:\windows\system32\DRIVERS\ramdisk.sys [2008-03-24 10431]
      R2 vnccom;vnccom;c:\windows\system32\Drivers\vnccom.SYS [2008-11-24 6016]
      R3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [2004-01-23 13952]
      R3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\system32\drivers\PPortJoy.sys [2004-01-23 28800]
      S3 maconfservice;Ma-Config Service;"c:\program files\ma-config.com\maconfservice.exe" [2008-11-02 195752]
      S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-05-13 7408]
      .
      Contenu du dossier 'Tâches planifiées'

      2008-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job
      - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
      .
      - - - - ORPHELINS SUPPRIMES - - - -

      HKCU-Run-Creative Detector - c:\program files\Creative\MediaSource\Detector\CTDetect.exe


      .
      ------- Examen supplémentaire -------
      .
      uInternet Settings,ProxyOverride = *.local
      uSearchURL,(Default) = hxxp://www.google.fr/search?q=%s
      IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
      TCP: {0D5D29E4-C3E7-4EF1-B207-BF6A5A2E9D18} = 192.168.1.1
      TCP: {469B971B-8587-45EE-8375-3BFFA8EA1A4A} = 192.168.1.1
      FireFox -: Profile - c:\documents and settings\Mocktar\Application Data\Mozilla\Firefox\Profiles\avd8zkrl.default\
      FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/
      FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
      FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava11.dll
      FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava12.dll
      FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava13.dll
      FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava14.dll
      FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava32.dll
      FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjpi160.dll
      FF -: plugin - c:\program files\Java\jre1.6.0\bin\npoji610.dll
      FF -: plugin - c:\program files\ma-config.com\nphardwaredetection.dll
      FF -: plugin - d:\programes\QuickTime\Plugins\npqtplugin.dll
      FF -: plugin - d:\programes\QuickTime\Plugins\npqtplugin2.dll
      FF -: plugin - d:\programes\QuickTime\Plugins\npqtplugin3.dll
      FF -: plugin - d:\programes\QuickTime\Plugins\npqtplugin4.dll
      FF -: plugin - d:\programes\QuickTime\Plugins\npqtplugin5.dll
      FF -: plugin - d:\programes\QuickTime\Plugins\npqtplugin6.dll
      FF -: plugin - d:\programes\QuickTime\Plugins\npqtplugin7.dll
      .

      **************************************************************************

      catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-12-10 22:02:37
      Windows 5.1.2600 Service Pack 2 NTFS

      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      Recherche de fichiers cachés ...

      Scan terminé avec succès
      Fichiers cachés: 0

      **************************************************************************
      .
      --------------------- DLLs chargées dans les processus actifs ---------------------

      - - - - - - - > 'winlogon.exe'(840)
      c:\program files\SUPERAntiSpyware\SASWINLO.dll
      .
      ------------------------ Autres processus actifs ------------------------
      .
      c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      c:\program files\Bonjour\mDNSResponder.exe
      c:\windows\system32\CTSVCCDA.EXE
      c:\program files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
      c:\windows\system32\nvsvc32.exe
      c:\windows\system32\PnkBstrA.exe
      c:\windows\system32\PnkBstrB.exe
      c:\program files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
      c:\program files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
      c:\program files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
      c:\program files\Softwin\BitDefender10\vsserv.exe
      c:\windows\system32\rundll32.exe
      c:\windows\system32\CTXFISPI.EXE
      c:\program files\Creative\ShareDLL\CADI\NotiMan.exe
      c:\program files\iPod\bin\iPodService.exe
      .
      **************************************************************************
      .
      Heure de fin: 2008-12-10 22:04:23 - La machine a redémarré
      ComboFix-quarantined-files.txt 2008-12-10 21:04:16

      Avant-CF: 17 290 485 760 octets libres
      Après-CF: 17,275,019,264 octets libres

      258 --- E O F --- 2008-12-08 22:30:01
      0
    2. mocktar33
       
      Si vous chercher la source du pb, ne cherchez plus, c'est ENUFF PC sur emule.
      J'ai supprimé ce zip.
      0
  13. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Et le rapport de Navilog1 ?
    0
    1. mocktar33
       
      Navilog
      Clean Navipromo version 3.6.9 commencé le 10/12/2008 à 22:19:36,54

      Outil exécuté depuis C:\Program Files\navilog1
      Session actuelle : "Mocktar"

      Mise à jour le 05.11.2008 à 21h00 par IL-MAFIOSO


      Microsoft Windows XP [version 5.1.2600]
      Internet Explorer : 7.0.5730.11
      Système de fichiers : NTFS

      Mode suppression automatique
      avec prise en charge résultats Catchme et GNS


      Nettoyage exécuté au redémarrage de l'ordinateur


      *** fsbl1.txt non trouvé ***
      (Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)


      *** Suppression avec sauvegardes résultats GenericNaviSearch ***

      * Suppression dans "C:\WINDOWS\System32" *


      * Suppression dans "C:\Documents and Settings\Mocktar\locals~1\applic~1" *



      *** Suppression dossiers dans "C:\WINDOWS" ***


      *** Suppression dossiers dans "C:\Program Files" ***


      *** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


      *** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


      *** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***


      *** Suppression dossiers dans "C:\Documents and Settings\Mocktar\applic~1" ***


      *** Suppression dossiers dans "C:\Documents and Settings\Mocktar\locals~1\applic~1" ***


      *** Suppression dossiers dans "C:\Documents and Settings\Mocktar\menudm~1\progra~1" ***



      *** Suppression fichiers ***


      *** Suppression fichiers temporaires ***

      Nettoyage contenu C:\WINDOWS\Temp effectué !
      Nettoyage contenu C:\Documents and Settings\Mocktar\locals~1\Temp effectué !

      *** Traitement Recherche complémentaire ***
      (Recherche fichiers spécifiques)

      1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

      2)Recherche, création sauvegardes et suppression Heuristique :


      * Dans "C:\WINDOWS\system32" *


      * Dans "C:\Documents and Settings\Mocktar\locals~1\applic~1" *


      *** Sauvegarde du Registre vers dossier Safebackup ***

      sauvegarde du Registre réalisée avec succès !

      *** Nettoyage Registre ***

      Nettoyage Registre Ok


      *** Certificats ***

      Certificat Egroup absent !
      Certificat Electronic-Group absent !
      Certificat Montorgueil absent !
      Certificat OOO-Favorit absent !
      Certificat Sunny-Day-Design-Ltdt absent !

      *** Nettoyage terminé le 10/12/2008 à 22:22:53,28 ***
      0
  14. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    ● Télécharge AD-Remover (de Cyrildu17 / C_XX) sur ton Bureau.

    /!\ Déconnecte-toi et ferme toutes applications en cours /!\

    ● Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program files).
    ● Double-clique sur l'icône Ad-remover située sur ton Bureau.
    ● Au menu principal, choisis l'option "A".
    ● Poste le rapport qui apparaît à la fin.

    (Le rapport est sauvegardé aussi sous C:\Ad-report(date).log)

    (CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

    Note :

    "Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
    0
    1. mocktar33
       
      --------- Logfile of AD-Remover 1.0.7.1 by C_XX ---------

      # START at: 22:52:56 | Mer 10/12/2008 | Microsoft® Windows XP™ (v5.1.2600)
      # BOOT MODE: Normal

      # OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat

      # PC: ZORGLUB-54DB2B4 | USER: Mocktar ( Current user is an administrator)

      # DRIVE(S): C:\
      # Systemdrive: C:\ (NTFS)
      # Internet Explorer v7.0.5730.11

      --------- [ RUNNING PROCESSES: 48 ] ---------

      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\system32\CTsvcCDA.EXE
      C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\PnkBstrA.exe
      C:\WINDOWS\system32\PnkBstrB.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
      C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
      C:\WINDOWS\System32\alg.exe
      C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
      C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
      C:\Program Files\D-Tools\daemon.exe
      C:\WINDOWS\system32\CTXFIHLP.EXE
      C:\WINDOWS\CTHELPER.EXE
      C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
      C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
      C:\Program Files\Softwin\BitDefender10\bdagent.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\TweakDUN\TweakMeter.exe
      C:\Program Files\Winamp Remote\bin\OrbTray.exe
      C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
      C:\WINDOWS\system32\IcoSauve.exe
      C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
      C:\Program Files\Softwin\BitDefender10\vsserv.exe
      C:\WINDOWS\system32\ntvdm.exe

      -----------------------------------


      +-----------------------| Boonty/Boonty Games Elements found :

      .

      +-----------------------| Eorezo Elements found :

      .

      +-----------------------| Everest Poker Elements found :

      .
      [26/11/2008 22:56|d--------] C:\Program Files\Everest Poker

      +-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :

      .
      [19/04/2008 11:14|--a------] C:\Documents and Settings\Mocktar\Cookies\mocktar@myfuncards[2].txt

      +-----------------------| Messenger Skinner Elements found :

      .

      +-----------------------| Sweetim Elements found :

      .

      +-----------------------| ADDED SCAN :



      +---------- Scanning prefs.js ... ( # Mozilla User Preferences )

      ...\avd8zkrl.default\prefs.js :

      ~~~~ Mozilla FireFox version 3.0.4 ~~~~

      Start Page : "https://www.google.fr/?gws_rd=ssl"

      +----------+


      +---------------------------------------------------------------------------+

      +--[HKEY_CURRENT_USER\..\Run]

      ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
      TweakMeter REG_SZ C:\Program Files\TweakDUN\TweakMeter.exe
      SUPERAntiSpyware REG_SZ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      Orb REG_SZ "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
      MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

      +--[HKEY_LOCAL_MACHINE\..\Run]

      AudioDrvEmulator REG_SZ "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
      VolPanel REG_SZ "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
      TweakDUN REG_SZ C:\Program Files\TweakDUN\tweakdun.exe splash
      TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      RCSystem REG_SZ "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
      QuickTime Task REG_SZ "D:\Programes\QuickTime\QTTask.exe" -atboottime
      nwiz REG_SZ nwiz.exe /install
      NvMediaCenter REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      NeroFilterCheck REG_SZ C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
      iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
      ISUSPM REG_SZ "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
      DAEMON Tools-1033 REG_SZ "C:\Program Files\D-Tools\daemon.exe" -lang 1033
      CTxfiHlp REG_SZ CTXFIHLP.EXE
      CTHelper REG_SZ CTHELPER.EXE
      CTDVDDET REG_SZ "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
      AppleSyncNotifier REG_SZ C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
      BDMCon REG_SZ "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
      BDAgent REG_SZ "C:\Program Files\Softwin\BitDefender10\bdagent.exe"

      +--[HKEY_USERS\.DEFAULT\..\Run]


      +--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

      Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

      +--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

      Start Page : hxxp://fr.msn.com/

      +---------------------------------------------------------------------------+

      - "C:\AD-report-10.12.2008.log" (5891 octets)

      [ END at: 22:53:09 | 10/12/2008 ] - [ Time elapsed: 12.4 seconds ]

      +---------------------------------------------------------------------------+
      +------------------------------- [ E.O.F - 112 lines ]
      +---------------------------------------------------------------------------+
      0
  15. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    /!\ Déconnecte-toi et ferme toutes applications en cours /!\

    [*]Double-clique sur [b]AD-Remover[/b] pour le lancer : au menu principal, choisis [b]l'option B[/b].

    [*]Coche à l'écran de sélection :

    [img]http://sd-1.archive-host.com/membres/up/16506160323759868/Capturer-ADR.JPG[/img]

    Suppression Boonty/BoontyGames (Si trouvé)
    Suppression Eorezo (Si trouvé)
    Suppression Everest Poker (Si trouvé)
    Suppression Funwebproduct/MyWay/MyWebsearch (Si trouvé)
    Suppression Messenger Skinner (Si trouvé)
    Suppression Sweetim (Si trouvé)

    [*]Puis choisis [b]S[/b], le programme va travailler.

    [*]Poste le rapport qui apparaît à la fin.

    (Le rapport est sauvegardé aussi sous C:\Ad-report.log)

    /!\ Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide) /!\
    0
    1. mocktar33
       
      Remarque : Pas intuitif l'outil au niveau de l'écran pour choisir les actions.

      --------- Logfile of AD-Remover 1.0.7.1 by C_XX ---------

      # START at: 22:52:56 | Mer 10/12/2008 | Microsoft® Windows XP™ (v5.1.2600)
      # BOOT MODE: Normal

      # OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat

      # PC: ZORGLUB-54DB2B4 | USER: Mocktar ( Current user is an administrator)

      # DRIVE(S): C:\
      # Systemdrive: C:\ (NTFS)
      # Internet Explorer v7.0.5730.11

      --------- [ RUNNING PROCESSES: 48 ] ---------

      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\system32\CTsvcCDA.EXE
      C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\PnkBstrA.exe
      C:\WINDOWS\system32\PnkBstrB.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
      C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
      C:\WINDOWS\System32\alg.exe
      C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
      C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
      C:\Program Files\D-Tools\daemon.exe
      C:\WINDOWS\system32\CTXFIHLP.EXE
      C:\WINDOWS\CTHELPER.EXE
      C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
      C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
      C:\Program Files\Softwin\BitDefender10\bdagent.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\TweakDUN\TweakMeter.exe
      C:\Program Files\Winamp Remote\bin\OrbTray.exe
      C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
      C:\WINDOWS\system32\IcoSauve.exe
      C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
      C:\Program Files\Softwin\BitDefender10\vsserv.exe
      C:\WINDOWS\system32\ntvdm.exe

      -----------------------------------


      +-----------------------| Boonty/Boonty Games Elements found :

      .

      +-----------------------| Eorezo Elements found :

      .

      +-----------------------| Everest Poker Elements found :

      .
      [26/11/2008 22:56|d--------] C:\Program Files\Everest Poker

      +-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :

      .
      [19/04/2008 11:14|--a------] C:\Documents and Settings\Mocktar\Cookies\mocktar@myfuncards[2].txt

      +-----------------------| Messenger Skinner Elements found :

      .

      +-----------------------| Sweetim Elements found :

      .

      +-----------------------| ADDED SCAN :



      +---------- Scanning prefs.js ... ( # Mozilla User Preferences )

      ...\avd8zkrl.default\prefs.js :

      ~~~~ Mozilla FireFox version 3.0.4 ~~~~

      Start Page : "https://www.google.fr/?gws_rd=ssl"

      +----------+


      +---------------------------------------------------------------------------+

      +--[HKEY_CURRENT_USER\..\Run]

      ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
      TweakMeter REG_SZ C:\Program Files\TweakDUN\TweakMeter.exe
      SUPERAntiSpyware REG_SZ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      Orb REG_SZ "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
      MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

      +--[HKEY_LOCAL_MACHINE\..\Run]

      AudioDrvEmulator REG_SZ "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
      VolPanel REG_SZ "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
      TweakDUN REG_SZ C:\Program Files\TweakDUN\tweakdun.exe splash
      TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      RCSystem REG_SZ "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
      QuickTime Task REG_SZ "D:\Programes\QuickTime\QTTask.exe" -atboottime
      nwiz REG_SZ nwiz.exe /install
      NvMediaCenter REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      NeroFilterCheck REG_SZ C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
      iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
      ISUSPM REG_SZ "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
      DAEMON Tools-1033 REG_SZ "C:\Program Files\D-Tools\daemon.exe" -lang 1033
      CTxfiHlp REG_SZ CTXFIHLP.EXE
      CTHelper REG_SZ CTHELPER.EXE
      CTDVDDET REG_SZ "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
      AppleSyncNotifier REG_SZ C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
      BDMCon REG_SZ "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
      BDAgent REG_SZ "C:\Program Files\Softwin\BitDefender10\bdagent.exe"

      +--[HKEY_USERS\.DEFAULT\..\Run]


      +--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

      Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

      +--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

      Start Page : hxxp://fr.msn.com/

      +---------------------------------------------------------------------------+

      - "C:\AD-report-10.12.2008.log" (5891 octets)

      [ END at: 22:53:09 | 10/12/2008 ] - [ Time elapsed: 12.4 seconds ]

      +---------------------------------------------------------------------------+
      +------------------------------- [ E.O.F - 112 lines ]
      +---------------------------------------------------------------------------+
      0
  16. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Ça n'a rien supprimé donc ce n'est pas bon.
    0