Sujet Précédent Sujet Suivant

Connexion internet tres lente

Fermé
hydrom3n - 22 févr. 2010 à 18:05
moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 - 24 févr. 2010 à 09:23
Bonjour,

ma connexion internet est tres lente, je pense etre infecté, euh non pas moi mon pc lol

pourriez vous m'aider

merci d'avance
A voir également:

21 réponses

  • 1
  • 2
Réponse 1 / 21
moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 272
22 févr. 2010 à 18:16
bonjour

on peut toujours regarder

• Télécharge Random's System Information Tool (RSIT) de Random/Random.

(outil de diagnostic)

http://images.malwareremoval.com/random/RSIT.exe

• Enregistre le sur ton Bureau.

• Double clique sur RSIT.exe pour lancer l'outil.

• Clique sur "Continue" à l'écran Disclaimer.

• Si l'outil HijackThis n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu s'il te le demande)

et tu devras accepter la licence.

• Une fois le scan terminé, deux rapports vont apparaître : poste les dans deux messages séparés stp

Les rapports se trouvent à cet endroit:
C:\rsit\info.txt
C:\rsit\log.txt

0
hydrom3n
22 févr. 2010 à 18:41
merci poour ton aide voici le rapport log
Logfile of random's system information tool 1.06 (written by random/random)
Run by sergio at 2010-02-22 18:18:08
Microsoft Windows XP Professionnel Service Pack 2
System drive F: has 52 GB (46%) free of 114 GB
Total RAM: 511 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:18:29, on 22/02/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\LEXBCES.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\LEXPPS.EXE
F:\Program Files\Avira\AntiVir Desktop\sched.exe
F:\Program Files\Avira\AntiVir Desktop\avguard.exe
F:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
F:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Java\jre6\bin\jusched.exe
F:\Program Files\Avira\AntiVir Desktop\avgnt.exe
F:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\internet explorer\iexplore.exe
F:\Program Files\Winamp\winamp.exe
F:\WINDOWS\system32\msiexec.exe
F:\WINDOWS\system32\DllHost.exe
F:\Documents and Settings\sergio\Bureau\RSIT.exe
F:\Program Files\trend micro\sergio.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - F:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {C4D1E7D7-F8F5-4975-8E0E-9238AA67FEDD} - F:\WINDOWS\system32\wvUnmKBt.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - F:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - F:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - F:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [network] c:\windows\networking.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "F:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [DW4] "F:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [Vidalia] "F:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] F:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-21-839522115-706699826-725345543-1008\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'postgres')
O4 - S-1-5-18 Startup: OpenOffice.org 2.4.lnk = F:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OpenOffice.org 2.4.lnk = F:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = F:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - F:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - F:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - F:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - F:\Program Files\Ghost Navigator2_8_2\Ghost (file missing)
O9 - Extra 'Tools' menuitem: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - F:\Program Files\Ghost Navigator2_8_2\Ghost (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.zebulon.fr/outils/antivirus/kavwebscan_unicode.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://www.visiogood.com/...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://ma-config.com/activex/hardwaredetection_3_1_1_0.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - http://bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - F:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - F:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - F:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - F:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - F:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - F:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
0
Réponse 2 / 21
hydrom3n
22 févr. 2010 à 18:47
et voici le rapport info en 2 fois car passe pas sur un seul message

info.txt logfile of random's system information tool 1.06 2010-02-22 18:18:35

======Uninstall list======

-->F:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 F:\WINDOWS\INF\PCHealth.inf
913D Camera-->F:\Program Files\InstallShield Installation Information\{3F927DF0-D056-466F-B4B8-61804D5B6351}\setup.exe -runfromtemp -l0x040c -removeonly
Adobe Acrobat 5.0-->F:\WINDOWS\ISUN040C.EXE -f"F:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"F:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Download Manager-->"F:\WINDOWS\system32\rundll32.exe" "F:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1
Adobe Flash Player 10 Plugin-->F:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70900000002}
Alcatel SpeedTouch USB Software-->RunDll32 F:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\setup.exe" -Control_Panel
Analyseur et SDK XML Microsoft-->MsiExec.exe /I{3E908702-AF35-4611-9518-955DA24B7E07}
Archiveur WinRAR-->F:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Avira AntiVir Personal - Free Antivirus-->F:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Barre d'outils MSN Search-->MsiExec.exe /X{B2CF0FAC-D52C-41D8-81E0-BFD7A3E7C84B}
Belkin 54g USB Network Adapter-->RunDll32 F:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\Belkin\Belkin Wireless Network Utility\setup.exe" -l0x9
Camera RAW Plug-In for EPSON Creativity Suite-->RunDll32 F:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}\SETUP.EXE" -l0x40c UNINST
Camfrog Video Chat 5.1-->"F:\Program Files\Camfrog\Camfrog Video Chat\uninstall.exe"
CamfrogWEB Advanced ActiveX Plugin (remove only)-->"F:\Program Files\CFWebAdvancedU\Uninstall.exe"
CamfrogWEB Advanced ActiveX Plugin (www.bobtv.fr)-->"F:\Program Files\CFWebAdvancedU_BOBTV.FR\Uninstall.exe"
CCleaner-->"F:\Program Files\CCleaner\uninst.exe"
CDBurnerXP Pro 3-->MsiExec.exe /I{896D642C-7125-44F0-AC49-A23ABF82209C}
Clean Virus MSN-->"F:\Program Files\AxBx\Clean Virus MSN\unins000.exe"
Codeur Windows Media Série 9-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Codeur Windows Media Série 9-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Copernic Agent Basic-->"F:\WINDOWS\CopernicAgentUninstall.exe" /ARGSFILE="F:\Program Files\Copernic Agent\unwise.dat"
Correctif pour Lecteur Windows Media 11 (KB939683)-->"F:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB914440)-->"F:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"F:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB970653-v3)-->"F:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB976098-v2)-->"F:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Correctif Windows XP - KB873339-->F:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Correctif Windows XP - KB885835-->F:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Correctif Windows XP - KB885836-->F:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Correctif Windows XP - KB886185-->F:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Correctif Windows XP - KB887472-->F:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Correctif Windows XP - KB888302-->F:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Correctif Windows XP - KB890859-->"F:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Correctif Windows XP - KB891781-->F:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
CX4300_5500_DX4400 Manuel-->F:\Program Files\EPSON\TPMANUAL\CX4300_5500_DX4400\FRA\USE_G\DOCUNINS.EXE
Disc2Phone-->MsiExec.exe /I{6E65247F-58F9-41CA-BE69-0316F7907170}
DivX Player-->F:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->F:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DivX-->F:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
eMule-->"F:\Program Files\eMule\Uninstall.exe"
EPSON Attach To Email-->F:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3-->RunDll32 F:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x40c -UnInstall
EPSON Easy Photo Print-->RunDll32 F:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}\SETUP.EXE" -l0x40c UNINST
EPSON File Manager-->RunDll32 F:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}\Setup.exe" -l0x40c UNINST
EPSON Logiciel imprimante-->F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan Assistant-->RunDll32 F:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x40c -u
EPSON Scan-->F:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Web-To-Page-->RunDll32 F:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x40c -anything
ESET Online Scanner v3-->F:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
FLV Player-->F:\Program Files\FLV Player\uninstall.exe
FpTest 3.2-->F:\Program Files\FpTest\uninst.exe
Freecorder 2.3 (with Skype Call Recording)-->F:\WINDOWS\iun6002.exe "F:\Program Files\Freecorder\irunin.ini"
Freeplayer-->F:\Program Files\Freeplayer\Uninstall.exe
Full Tilt Poker-->"F:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x040c -removeonly
Gadwin PrintScreen-->F:\Program Files\Gadwin Systems\PrintScreen\Uninstall.exe
Google Earth-->RunDll32 F:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
GrabIt 1.7.2 Beta 4 (build 997)-->"F:\Program Files\GrabIt\unins000.exe"
HijackThis 2.0.2-->"F:\GenProc\outil\HijackThis.exe" /uninstall
HomePlayer 1.5.6b-->F:\Program Files\HomePlayer\uninst.exe
Hotfix for Windows Media Format 11 SDK (KB929399)-->"F:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"F:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"F:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
IceOp-->F:\Program Files\IceOp\Uninstall.exe
iF-22v5-->F:\WINDOWS\IsUninst.exe -f"f:\program files\Uninst.isu"
Installation Windows Live-->F:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
InterActual Player-->F:\Program Files\InterActual\InterActual Player\inuninst.exe
J2SE Runtime Environment 5.0 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java 2 Runtime Environment, SE v1.4.2_05-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kaspersky On-line Scanner-->F:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
Learn2 Player (Uninstall Only)-->F:\Program Files\Learn2.com\StRunner\stuninst.exe
Lecteur Windows Media 11-->"F:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
LimeWire 5.1.2-->"F:\Program Files\LimeWire\uninstall.exe"
Logiciel QuickCam de Logitech-->RunDll32 F:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x40c
Logitech Desktop Messenger-->RunDll32 F:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x40c UNINSTALL
Logitech Print Service-->F:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE F:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG
Ma-Config.com-->MsiExec.exe /X{8AFB8FC4-3EBA-4C67-943F-CF43DB2180F1}
ManyCam 2.3 (remove only)-->"F:\Program Files\ManyCam 2.3\uninstall.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"F:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "F:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"F:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->F:\WINDOWS\muninst.exe F:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs-->"F:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"F:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF040C-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"F:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Works 6.0-->MsiExec.exe /I{75DEB69B-4B6C-11D4-B0CE-00AA00BCC218}
mIRC-->"F:\Program Files\CannaScript\CannaScript.exe" -uninstall
Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"F:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour le Codeur Windows Media (KB954156)-->"F:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB911564)-->"F:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"F:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB954155)-->"F:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB968816)-->"F:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB973540)-->"F:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"F:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)-->"F:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"F:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"F:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)-->"F:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB890046)-->"F:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB893756)-->"F:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896358)-->"F:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896423)-->"F:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896428)-->"F:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB899587)-->"F:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB899591)-->"F:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB900725)-->"F:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB901017)-->"F:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB901214)-->"F:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB902400)-->"F:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB904706)-->"F:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB905414)-->"F:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB905749)-->"F:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB908519)-->"F:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB911562)-->"F:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB911927)-->"F:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB913580)-->"F:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
0
Réponse 3 / 21
moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 272
22 févr. 2010 à 18:51
Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection)

▶ Télécharge et installe List&Kill'em et enregistre le sur ton bureau
http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem_Install.exe

double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

coche la case "creer une icone sur le bureau"

une fois terminée , clic sur "terminer" et le programme se lancer seul

choisis la langue puis choisis l'option 1 = Mode Recherche

▶ laisse travailler l'outil

à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.

▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"

tu peux supprimer le rapport catchme.log de ton bureau maintenant.
0
Réponse 4 / 21
hydrom3n
22 févr. 2010 à 19:40
voici le rapport list'em

List'em by g3n-h@ckm@n 1.2.5.3

User : sergio ()
Update on 19/02/2010 by g3n-h@ckm@n ::::: 13.15
Start at: 19:10:33 | 22/02/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7

AMD Athlon(tm) XP 1700+
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Disabled
AV : AntiVir Desktop 9.0.1.32 [ (!) Disabled | Updated ]

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 37,3 Go (33,15 Go free) | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM
F:\ -> Disque fixe local | 111,78 Go (51,23 Go free) [Disque Dur Principal ] | NTFS

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\LEXBCES.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\LEXPPS.EXE
F:\Program Files\Avira\AntiVir Desktop\sched.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Avira\AntiVir Desktop\avguard.exe
F:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
F:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\PostgreSQL\8.3\bin\postgres.exe
F:\Program Files\PostgreSQL\8.3\bin\postgres.exe
F:\Program Files\PostgreSQL\8.3\bin\postgres.exe
F:\Program Files\PostgreSQL\8.3\bin\postgres.exe
F:\Program Files\PostgreSQL\8.3\bin\postgres.exe
F:\Program Files\PostgreSQL\8.3\bin\postgres.exe
F:\WINDOWS\System32\alg.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Java\jre6\bin\jusched.exe
F:\Program Files\Avira\AntiVir Desktop\avgnt.exe
F:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\Winamp\winamp.exe
F:\WINDOWS\system32\NOTEPAD.EXE
F:\WINDOWS\system32\NOTEPAD.EXE
F:\Program Files\internet explorer\iexplore.exe
F:\WINDOWS\system32\wscntfy.exe
F:\Program Files\List_Kill'em\List_Kill'em.scr
F:\WINDOWS\system32\cmd.exe
F:\WINDOWS\system32\wbem\wmiprvse.exe
F:\Documents and Settings\sergio\Local Settings\temp\FA.tmp\pv.exe

======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
DW4 REG_SZ "F:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
Vidalia REG_SZ "F:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
Uniblue RegistryBooster 2 REG_SZ F:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
network REG_SZ c:\windows\networking.exe
QuickTime Task REG_SZ "F:\Program Files\QuickTime\qttask.exe" -atboottime
SunJavaUpdateSched REG_SZ "F:\Program Files\Java\jre6\bin\jusched.exe"
avgnt REG_SZ "F:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
TkBellExe REG_SZ "F:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
POEngine REG_SZ
UserFaultCheck REG_EXPAND_SZ %systemroot%\system32\dumprep 0 -u
KernelFaultCheck REG_EXPAND_SZ %systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
DisableRegistryTools REG_DWORD 0 (0x0)

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveAutoRun REG_DWORD 67108863 (0x3ffffff)
NoDriveTypeAutoRun REG_DWORD 323 (0x143)
NoDrives REG_DWORD 0 (0x0)

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 1 (0x1)
NoDriveAutoRun REG_DWORD 67108863 (0x3ffffff)
NoDriveTypeAutoRun REG_DWORD 323 (0x143)
NoDrives REG_DWORD 0 (0x0)

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultDomainName REG_SZ TOTOCOMP-VMYWX3
DefaultUserName REG_SZ sergio
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ F:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 1 (0x1)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 1 (0x1)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 0 (0x0)
AltDefaultUserName REG_SZ sergio
AltDefaultDomainName REG_SZ TOTOCOMP-VMYWX3
AutoAdminLogon REG_SZ 0

===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
F:\Program Files\Freeplayer\vlc\vlc.exe REG_SZ F:\Program Files\Freeplayer\vlc\vlc.exe:*:Enabled:VLC media player
F:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.321\French\setup.exe REG_SZ F:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.321\French\setup.exe:*:Enabled:Programme d'installation de Kaspersky Internet Security 7.0
F:\Program Files\eMule\emule.exe REG_SZ F:\Program Files\eMule\emule.exe:*:Enabled:eMule
F:\WINDOWS\system32\dpvsetup.exe REG_SZ F:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
F:\Program Files\LimeWire\LimeWire.exe REG_SZ F:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
F:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe REG_SZ F:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe:*:Enabled:Camfrog Client Module
F:\Program Files\HomePlayer\HomePlayer.exe REG_SZ F:\Program Files\HomePlayer\HomePlayer.exe:*:Enabled:HomePlayer
F:\Program Files\ma-config.com\maconfservice.exe REG_SZ F:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice
F:\Program Files\HomePlayer\VLC\vlc.exe REG_SZ F:\Program Files\HomePlayer\VLC\vlc.exe:*:Enabled:VLC media player
F:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ F:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
F:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ F:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
F:\Program Files\PokerOffice\bin\javaw.exe REG_SZ F:\Program Files\PokerOffice\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
F:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ F:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
F:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ F:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

===============
ActivX controls
===============
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{2357B3CF-7F8D-4451-8D81-FD6097610AEE}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{33564D57-0000-0010-8000-00AA00389B71}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{7530BFB8-7293-4D34-9923-61A11451AFC5}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{867E13F2-7F31-44FB-AC97-CD38E0DC46EF}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}

===============
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\WriteRegStr
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2298d453-bcae-4519-bf33-1cbf3faf1524}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2cc9d512-6db6-4f1c-8979-9a41fae88de0}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2eac6a2d-57a8-44d4-96f7-e32bab40ca5f}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3e7bb08a-a7a3-4692-8eac-ac5e7895755b}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5f3c70b3-ac2f-432c-8f9c-1624df61f54f}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{eddbec60-89cb-44ef-8291-0850fd28ff6a}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{f5173cf0-1dfb-4978-8e50-a90169ee7ca9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F5776D81-AE53-4935-8E84-B0B283D8BCEF}

==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{53707962-6F74-2D53-2644-206D7942484F}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{C4D1E7D7-F8F5-4975-8E0E-9238AA67FEDD}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.fr/?gws_rd=ssl

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3 ( OK = 3 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )

=========
Atapi.sys
=========

%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: F:\Documents and Settings\sergio\Local Settings\temp\FA.tmp
## F:\> hashdeep F:\WINDOWS\System32\Drivers\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,F:\WINDOWS\System32\Drivers\atapi.sys


Sources
=======

F:\WINDOWS\ERDNT\cache\atapi.sys
F:\WINDOWS\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\atapi.sys
F:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\atapi.sys
F:\WINDOWS\SoftwareDistribution\Download\dfd63227c75f2f41fff1e2c80885381e\atapi.sys
F:\WINDOWS\system32\drivers\atapi.sys

Référence :
==========

Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C

=======
Drive :
=======

Défragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Present !! : F:\Documents and Settings\All Users\Application Data\ojvzdisj.xda
Present !! : F:\WINDOWS\SET3.tmp
Present !! : F:\WINDOWS\SET7.tmp
Present !! : F:\WINDOWS\SET73.tmp
Present !! : F:\WINDOWS\SET74.tmp
Present !! : F:\WINDOWS\SET80.tmp
Present !! : F:\WINDOWS\System32\*_.tmp
Present !! : F:\WINDOWS\System32\*.Msnfix
Present !! : F:\WINDOWS\System32\_*.tmp
Present !! : F:\WINDOWS\System32\drivers\etc\hosts.msn
Present !! : F:\WINDOWS\System32\SET*.tmp
Present !! : F:\Documents and Settings\sergio\Application Data\internaldb153.dat
Present !! : F:\Documents and Settings\sergio\Application Data\internaldb1942.dat
Present !! : F:\Documents and Settings\sergio\Application Data\internaldb2391.dat
Present !! : F:\Documents and Settings\sergio\Application Data\internaldb3902.dat
Present !! : F:\Documents and Settings\sergio\Application Data\internaldb41.dat
Present !! : F:\Documents and Settings\sergio\Application Data\internaldb4604.dat
Present !! : F:\Documents and Settings\sergio\Application Data\internaldb4827.dat
Present !! : F:\Documents and Settings\sergio\Application Data\internaldb5436.dat
Present !! : F:\Documents and Settings\sergio\Application Data\internaldb6334.dat
Present !! : F:\Documents and Settings\sergio\Application Data\internaldb6500.dat
Present !! : F:\Documents and Settings\sergio\Application Data\internaldb8467.dat
Present !! : F:\Documents and Settings\sergio\Application Data\internaldb153.dat
Present !! : F:\Documents and Settings\sergio\Application Data\internaldb1942.dat
Present !! : F:\Documents and Settings\sergio\Application Data\internaldb2391.dat
Present !! : F:\Documents and Settings\sergio\Application Data\internaldb3902.dat
Present !! : F:\Documents and Settings\sergio\Application Data\internaldb41.dat
Present !! : F:\Documents and Settings\sergio\Application Data\internaldb4604.dat
Present !! : F:\Documents and Settings\sergio\Application Data\internaldb4827.dat
Present !! : F:\Documents and Settings\sergio\Application Data\internaldb5436.dat
Present !! : F:\Documents and Settings\sergio\Application Data\internaldb6334.dat
Present !! : F:\Documents and Settings\sergio\Application Data\internaldb6500.dat
Present !! : F:\Documents and Settings\sergio\Application Data\internaldb8467.dat
Present !! : F:\Documents and Settings\sergio\LOCAL Settings\Temp\FlashPlayerUpdate.exe

¤¤¤¤¤¤¤¤¤¤ Keys :

Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Present !! : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Present !! : HKEY_USERS\S-1-5-21-839522115-706699826-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Present !! : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCU\software\Live-Player
Present !! : HKLM\software\Live-Player
Present !! : "HKLM\software\Poker 770"
Present !! : HKLM\SYSTEM\ControlSet001\Enum\Root\Legacy_NDISRD
Present !! : HKLM\SYSTEM\ControlSet001\Enum\Root\Legacy_OREANS32
Present !! : HKLM\SYSTEM\ControlSet001\Services\oreans32

============

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-22 19:20:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\000d3aa57c27]
"000d3aa4e61c"=hex:71,c6,86,cd,d1,30,ce,44,7e,c4,3b,4e,f9,0d,a0,ab
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msqpdxserv.sys]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\msqpdxpxfeoitu.sys"
"group"="file system"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msqpdxserv.sys\modules]
"msqpdxserv"="\systemroot\system32\drivers\msqpdxpxfeoitu.sys"
"msqpdxl"="\systemroot\system32\msqpdxmtpekrxx.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000d3aa57c27]
"000d3aa4e61c"=hex:71,c6,86,cd,d1,30,ce,44,7e,c4,3b,4e,f9,0d,a0,ab
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000d3aa57c27]
"000d3aa4e61c"=hex:71,c6,86,cd,d1,30,ce,44,7e,c4,3b,4e,f9,0d,a0,ab

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

==========
Programs
==========

913D Camera
ACMonitor_X73.exe
ACMonitor_X73.ini
Adobe
Advanced Serial Port Monitor
Advanced XP Tweak
ArcSoft
Avira
Belkin
Camfrog
CCleaner
CDBurnerXP Pro 3
CFWebAdvancedU
CFWebAdvancedU_BOBTV.FR
copernicagentbasicfr.exe
data
Disc2Phone
DivX
dlltoexe.dll
eMule
english.dll
epson
ESET
F22Runtime.err
f22times.txt
FAQ.txt
Fichiers communs
FLV Player
FpTest
Free
Freecorder
Freeplayer
Full Tilt Poker
Gadwin Systems
german.dll
Google
GrabIt
graphics.dll
gtx73.ini
HomePlayer
IceOp
if22.exe
if22.exp
if22.lib
if22.map
IMDP35.DLL
IMMULTR5.DLL
imwinwr.dll
InstallShield Installation Information
Internet Explorer
Java
jpeg.dll
LimeWire
LimeWire.zip
List_Kill'em
Logitech
lxarscan.dll
ma-config.com
ManyCam 2.3
Messenger
Microsoft
Microsoft CAPICOM 2.1.0.2
microsoft frontpage
Microsoft IntelliPoint
Microsoft IntelliType Pro
Microsoft Office
Microsoft Silverlight
Microsoft Works
Movie Maker
Mozilla Firefox
MSN
MSN Gaming Zone
MSN Messenger
MSN Toolbar Suite
MSXML 4.0
Navilog1
NDSROM Player
NetMeeting
netsetup.dll
Network Associates
NOS
OpenOffice.org 2.4
OSLO3071b2.USB
Outlook Express
Panda Security
plan.htm
Poker Indicator
Poker Tracker V2
PokerOffice
PokerStars
PokerTracker 3
PostgreSQL
QRC.txt
QuickPar
QuickTime
Readme.txt
Real
RVG Software
screen00.dll
screen01.dll
screen02.dll
screen03.dll
screen04.dll
screen05.dll
screen06.dll
screen07.dll
screen08.dll
screen09.dll
screen10.dll
screen11.dll
screen12.dll
screen13.dll
screen14.dll
screen15.dll
screen16.dll
screen17.dll
screen18.dll
screen19.dll
screen20.dll
screen21.dll
screen22.dll
screen23.dll
screen24.dll
screen25.dll
screen26.dll
screen27.dll
screen28.dll
screen29.dll
screen30.dll
Services en ligne
settings.dll
sound.dll
Spybot - Search & Destroy
tagfile.dll
trend micro
uidraw.dll
uimain.dll
uiserv.dll
uiwindow.dll
Ulead Systems
Uninst.isu
Uninstall Information
Userdata
Viewpoint
Web Media Player
Winamp
Windows Live
Windows Live SkyDrive
Windows Media Components
Windows Media Connect 2
Windows Media Player
Windows NT
WindowsUpdate
WinPokerBot v3.0
WinRAR
WinZip
WU(2)
x73_lut.dat
xerox

============
Drive F:
============

11e99a6ebd53e33325c5b2a63364e
32672c79f1fe23d677e95e8990e4692c
access
BJPrinter
Boot.bak
boot.ini
Bootfont.bin
cleannavi.txt
cmdcons
cmldr
ComboFix
Config.Msi
Documents and Settings
domains
found.000
found.001
found.002
found.003
hiberfil.sys
Kill'em
List'em.txt
map.txt
Mes téléchargements
My Music
NTDETECT.COM
ntldr
pagefile.sys
Poker
Program Files
Qoobox
RECYCLER
rsit
sqmnoopt00.sqm
System Volume Information
TCleaner.txt
transfert
UpdaterforApp.ini
Winamax
WINDOWS
WUTemp

¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials





¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

End of scan : 19:37:33,03
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 21
moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 272
22 févr. 2010 à 20:04
Attention, avant de commencer, lit attentivement la procédure, et imprime la

Aide à l’utilisation
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix



Télécharge ComboFix de sUBs sur ton Bureau :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et DESACTIVES TOUTES LES DEFENSES, antivirus et antispyware y compris /!\

---> Double-clique sur ComboFix.exe
Un "pop-up" va apparaître qui dit que ComboFix est utilisé à vos risques et avec aucune garantie... Clique sur oui pour accepter


SURTOUT INSTALLES LA CONSOLE DE RECUPERATION
(si il te propose de l’installer remets provisoirement internet)

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

Ne touche à rien(souris, clavier) tant que le scan n'est pas terminé, car tu risques de planter ton PC

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt
0
Réponse 6 / 21
hydrom3n
22 févr. 2010 à 20:40
voici le rapport combofix

ComboFix 10-02-21.02 - sergio 22/02/2010 20:14:23.4.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.511.252 [GMT 1:00]
Lancé depuis: f:\documents and settings\sergio\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

f:\windows\pokerUI32.dll
.
---- Exécution préalable -------
.
f:\windows\system32\reboot.txt

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSQPDXSERV.SYS
-------\Legacy_NDISRD
-------\Legacy_OREANS32
-------\Service_msqpdxserv.sys
-------\Service_ndisrd
-------\Service_oreans32


((((((((((((((((((((((((((((( Fichiers créés du 2010-01-22 au 2010-02-22 ))))))))))))))))))))))))))))))))))))
.

2100-02-23 12:35 . 2001-02-22 07:54 768 ----a-w- f:\program files\x73_lut.dat
2100-02-08 14:03 . 2001-05-11 09:39 53248 ----a-w- f:\program files\ACMonitor_X73.exe
2010-02-22 18:10 . 2010-02-22 18:10 -------- d-----w- F:\Kill'em
2010-02-22 18:10 . 2010-02-22 18:10 -------- d-----w- f:\program files\List_Kill'em
2010-02-22 17:18 . 2010-02-22 17:18 -------- d-----w- F:\rsit
2010-02-22 17:18 . 2010-02-22 17:18 -------- d-----w- f:\program files\trend micro
2010-02-22 17:12 . 2010-02-22 17:14 -------- d-----w- f:\documents and settings\All Users\Application Data\NOS
2010-02-22 17:12 . 2010-02-22 17:12 -------- d-----w- f:\program files\NOS
2010-02-01 22:53 . 2010-02-01 23:19 -------- d-----w- f:\program files\WinPokerBot v3.0

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-22 16:38 . 2008-10-04 11:58 -------- d-----w- f:\documents and settings\sergio\Application Data\OpenOffice.org2
2010-02-21 12:45 . 2009-03-30 19:14 -------- d-----w- f:\program files\PokerStars
2010-02-10 20:31 . 2010-01-17 16:07 -------- d-----w- f:\program files\Navilog1
2010-02-10 19:40 . 2007-05-29 18:05 -------- d-----w- f:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-01 23:03 . 2010-01-13 20:31 -------- d-----w- f:\documents and settings\sergio\Application Data\Partouche
2010-01-22 21:40 . 2009-09-22 16:49 -------- d-----w- f:\program files\Microsoft Silverlight
2010-01-21 12:50 . 2009-04-14 21:30 -------- d-----w- f:\program files\Web Media Player
2010-01-21 10:04 . 2007-08-27 00:26 -------- d-----w- f:\documents and settings\sergio\Application Data\CamfrogWEB
2010-01-21 10:04 . 2010-01-21 10:04 -------- d-----w- f:\program files\CFWebAdvancedU
2010-01-18 20:47 . 2010-01-18 19:12 -------- d-----w- f:\documents and settings\sergio\Application Data\Winamp
2010-01-18 19:15 . 2010-01-18 19:12 -------- d-----w- f:\program files\Winamp
2010-01-17 16:50 . 2009-07-20 18:28 -------- d-----w- f:\program files\Panda Security
2010-01-17 16:07 . 2008-10-04 12:00 1 ----a-w- f:\documents and settings\sergio\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-01-13 20:31 . 2010-01-13 20:31 401730 ----a-w- f:\documents and settings\sergio\Application Data\Partouche\uninst.exe
2010-01-10 20:26 . 2009-09-05 14:49 -------- d-----w- f:\program files\Full Tilt Poker
2009-12-31 16:14 . 2004-08-03 21:14 352640 ----a-w- f:\windows\system32\drivers\srv.sys
2009-12-30 14:13 . 2009-12-30 14:13 3242496 ----a-w- f:\documents and settings\sergio\Application Data\Partouche\Poker.exe
2009-12-29 14:36 . 2009-12-29 14:36 488448 ----a-w- f:\documents and settings\sergio\Application Data\Partouche\Partouche.exe
2009-12-29 14:36 . 2009-12-29 14:36 327680 ----a-w- f:\documents and settings\sergio\Application Data\Partouche\Updater.exe
2009-12-29 14:36 . 2009-12-29 14:36 258352 ----a-w- f:\documents and settings\sergio\Application Data\Partouche\unicows.dll
2009-12-22 05:41 . 2004-08-19 14:09 666112 ----a-w- f:\windows\system32\wininet.dll
2009-12-22 05:41 . 2004-08-19 14:09 81920 ----a-w- f:\windows\system32\ieencode.dll
2009-12-17 07:59 . 2004-03-09 11:19 347648 ----a-w- f:\windows\system32\mspaint.exe
2009-12-14 07:36 . 2004-08-19 14:09 33280 ----a-w- f:\windows\system32\csrsrv.dll
2009-12-13 18:41 . 2001-08-28 12:00 70498 ----a-w- f:\windows\system32\perfc00C.dat
2009-12-13 18:41 . 2001-08-28 12:00 457902 ----a-w- f:\windows\system32\perfh00C.dat
2009-12-10 19:49 . 2009-10-07 18:01 56816 ----a-w- f:\windows\system32\drivers\avgntflt.sys
2009-12-09 10:26 . 2004-08-19 16:04 2059776 ------w- f:\windows\system32\ntkrnlpa.exe
2009-12-09 10:26 . 2004-08-19 14:04 2182400 ------w- f:\windows\system32\ntoskrnl.exe
2009-12-04 14:41 . 2004-08-03 21:15 453760 ----a-w- f:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:34 . 2004-08-19 16:09 17920 ----a-w- f:\windows\system32\msyuv.dll
2009-11-27 17:34 . 2004-08-19 14:09 1297408 ----a-w- f:\windows\system32\quartz.dll
2009-11-27 16:38 . 2004-08-19 16:09 48128 ----a-w- f:\windows\system32\iyuv_32.dll
2009-11-27 16:38 . 2004-08-19 14:09 11264 ----a-w- f:\windows\system32\msrle32.dll
2009-11-27 16:38 . 2004-08-19 14:09 85504 ----a-w- f:\windows\system32\avifil32.dll
2009-11-27 16:38 . 2002-08-30 12:00 28672 ----a-w- f:\windows\system32\msvidc32.dll
2009-11-27 16:38 . 2001-08-23 17:47 8704 ----a-w- f:\windows\system32\tsbyuv.dll
2008-07-12 10:42 . 2008-07-12 10:42 7427899 ----a-w- f:\program files\LimeWire.zip
2007-05-25 17:27 . 2006-12-06 21:51 0 ----a-w- f:\program files\f22times.txt
2007-05-25 17:26 . 2006-03-05 08:11 0 ----a-w- f:\program files\F22Runtime.err
2006-03-05 08:11 . 2006-03-05 08:09 28639 ----a-w- f:\program files\Uninst.isu
2004-05-25 21:48 . 2004-05-25 21:48 13215 ----a-w- f:\program files\plan.htm
2004-04-08 23:09 . 2004-04-08 23:09 3620448 ----a-w- f:\program files\copernicagentbasicfr.exe
2001-07-26 14:58 . 2000-01-11 10:50 47 ----a-w- f:\program files\ACMonitor_X73.ini
2001-07-05 10:46 . 2001-07-20 08:48 8116 ----a-w- f:\program files\OSLO3071b2.USB
2001-05-08 14:36 . 2000-12-05 13:56 114688 ----a-w- f:\program files\lxarscan.dll
2001-04-23 12:22 . 2100-02-08 13:53 1437 ----a-w- f:\program files\gtx73.ini
1998-03-05 15:24 . 2006-03-05 08:09 22262 ----a-w- f:\program files\Readme.txt
1998-03-05 15:02 . 2006-03-05 08:09 707392 ----a-w- f:\program files\if22.map
1998-03-05 15:02 . 2006-03-05 08:09 1946112 ----a-w- f:\program files\if22.exe
1998-03-05 15:02 . 2006-03-05 08:09 31627 ----a-w- f:\program files\if22.exp
1998-03-05 15:02 . 2006-03-05 08:09 182868 ----a-w- f:\program files\if22.lib
1998-02-27 14:43 . 2006-03-05 08:09 14336 ----a-w- f:\program files\screen20.dll
1998-02-27 14:43 . 2006-03-05 08:09 78848 ----a-w- f:\program files\screen13.dll
1998-02-27 14:43 . 2006-03-05 08:09 37376 ----a-w- f:\program files\screen10.dll
1998-02-27 14:42 . 2006-03-05 08:09 36864 ----a-w- f:\program files\screen01.dll
1998-02-27 14:42 . 2006-03-05 08:09 44544 ----a-w- f:\program files\netsetup.dll
1998-02-27 03:03 . 2006-03-05 08:09 10240 ----a-w- f:\program files\screen30.dll
1998-02-27 03:03 . 2006-03-05 08:09 12800 ----a-w- f:\program files\screen29.dll
1998-02-27 03:02 . 2006-03-05 08:09 11776 ----a-w- f:\program files\screen28.dll
1998-02-27 03:02 . 2006-03-05 08:09 34304 ----a-w- f:\program files\screen27.dll
1998-02-27 03:02 . 2006-03-05 08:09 32768 ----a-w- f:\program files\screen26.dll
1998-02-27 03:01 . 2006-03-05 08:09 12288 ----a-w- f:\program files\screen25.dll
1998-02-27 03:01 . 2006-03-05 08:09 18944 ----a-w- f:\program files\screen24.dll
1998-02-27 03:01 . 2006-03-05 08:09 34304 ----a-w- f:\program files\screen23.dll
1998-02-27 03:00 . 2006-03-05 08:09 9728 ----a-w- f:\program files\screen22.dll
1998-02-27 03:00 . 2006-03-05 08:09 53760 ----a-w- f:\program files\screen21.dll
1998-02-27 02:59 . 2006-03-05 08:09 7168 ----a-w- f:\program files\screen19.dll
1998-02-27 02:59 . 2006-03-05 08:09 31232 ----a-w- f:\program files\screen18.dll
1998-02-27 02:59 . 2006-03-05 08:09 35328 ----a-w- f:\program files\screen17.dll
1998-02-27 02:58 . 2006-03-05 08:09 35328 ----a-w- f:\program files\screen16.dll
1998-02-27 02:58 . 2006-03-05 08:09 6656 ----a-w- f:\program files\screen15.dll
1998-02-27 02:58 . 2006-03-05 08:09 64512 ----a-w- f:\program files\screen14.dll
1998-02-27 02:57 . 2006-03-05 08:09 31232 ----a-w- f:\program files\screen12.dll
1998-02-27 02:56 . 2006-03-05 08:09 37888 ----a-w- f:\program files\screen11.dll
1998-02-27 02:56 . 2006-03-05 08:09 34304 ----a-w- f:\program files\screen09.dll
1998-02-27 02:55 . 2006-03-05 08:09 42496 ----a-w- f:\program files\screen08.dll
1998-02-27 02:55 . 2006-03-05 08:09 15872 ----a-w- f:\program files\screen07.dll
1998-02-27 02:55 . 2006-03-05 08:09 13824 ----a-w- f:\program files\screen06.dll
1998-02-27 02:54 . 2006-03-05 08:09 11264 ----a-w- f:\program files\screen05.dll
1998-02-27 02:54 . 2006-03-05 08:09 40448 ----a-w- f:\program files\screen04.dll
1998-02-27 02:54 . 2006-03-05 08:09 37888 ----a-w- f:\program files\screen03.dll
1998-02-27 02:53 . 2006-03-05 08:09 16384 ----a-w- f:\program files\screen02.dll
1998-02-27 02:53 . 2006-03-05 08:09 7168 ----a-w- f:\program files\screen00.dll
1998-02-27 02:52 . 2006-03-05 08:09 36352 ----a-w- f:\program files\uimain.dll
1998-02-27 02:52 . 2006-03-05 08:09 62464 ----a-w- f:\program files\uiserv.dll
1998-02-27 02:52 . 2006-03-05 08:09 55296 ----a-w- f:\program files\uidraw.dll
1998-02-27 02:51 . 2006-03-05 08:09 45056 ----a-w- f:\program files\uiwindow.dll
1998-02-27 02:50 . 2006-03-05 08:09 160768 ----a-w- f:\program files\settings.dll
1998-02-27 02:50 . 2006-03-05 08:09 8704 ----a-w- f:\program files\dlltoexe.dll
1998-02-27 02:50 . 2006-03-05 08:09 121856 ----a-w- f:\program files\german.dll
1998-02-27 02:49 . 2006-03-05 08:09 110080 ----a-w- f:\program files\english.dll
1998-02-27 02:02 . 2006-03-05 08:09 43008 ----a-w- f:\program files\sound.dll
1998-02-27 02:02 . 2006-03-05 08:09 38912 ----a-w- f:\program files\tagfile.dll
1998-02-27 02:02 . 2006-03-05 08:09 86528 ----a-w- f:\program files\jpeg.dll
1998-02-27 02:02 . 2006-03-05 08:09 43520 ----a-w- f:\program files\IMMULTR5.DLL
1998-02-27 02:02 . 2006-03-05 08:09 13824 ----a-w- f:\program files\IMDP35.DLL
1998-02-27 02:02 . 2006-03-05 08:09 76288 ----a-w- f:\program files\graphics.dll
1998-02-27 02:02 . 2006-03-05 08:09 40960 ----a-w- f:\program files\imwinwr.dll
1998-02-23 07:37 . 2006-03-05 08:09 14262 ----a-w- f:\program files\FAQ.txt
2007-10-07 22:39 . 2007-10-07 22:39 61038 ----a-w- f:\program files\mozilla firefox\components\jar50.dll
2007-10-07 22:39 . 2007-10-07 22:39 49256 ----a-w- f:\program files\mozilla firefox\components\jsd3250.dll
2007-10-07 22:39 . 2007-10-07 22:39 166000 ----a-w- f:\program files\mozilla firefox\components\xpinstal.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- f:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- f:\program files\mozilla firefox\plugins\ssldivx.dll
2005-07-09 10:27 . 2005-07-09 10:27 8192 --sha-w- f:\windows\o2cLicStore.bin
.

((((((((((((((((((((((((((((( SnapShot_2010-01-17_16.43.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-22 16:33 . 2010-02-22 16:33 16384 f:\windows\temp\Perflib_Perfdata_5e0.dat
+ 2006-03-12 15:35 . 2009-04-28 20:20 96752 f:\windows\system32\vxblock.dll
+ 2006-03-12 15:35 . 2009-04-28 20:20 66032 f:\windows\system32\pxinsa64.exe
+ 2006-03-12 15:35 . 2009-04-28 20:20 72176 f:\windows\system32\pxhpinst.exe
+ 2006-03-12 15:35 . 2009-04-28 20:20 66544 f:\windows\system32\pxcpya64.exe
+ 2009-03-19 18:39 . 2009-02-20 21:07 16384 f:\windows\system32\Poker.dll
+ 2004-08-19 14:09 . 2009-12-22 05:41 39424 f:\windows\system32\pngfilt.dll
- 2004-08-19 14:09 . 2009-10-29 05:46 39424 f:\windows\system32\pngfilt.dll
- 2004-08-19 14:09 . 2009-10-29 05:46 16384 f:\windows\system32\jsproxy.dll
+ 2004-08-19 14:09 . 2009-12-22 05:41 16384 f:\windows\system32\jsproxy.dll
+ 2004-08-19 14:09 . 2009-12-22 05:41 96768 f:\windows\system32\inseng.dll
- 2004-08-19 14:09 . 2009-10-29 05:46 96768 f:\windows\system32\inseng.dll
- 2004-08-19 14:09 . 2009-10-29 05:46 55808 f:\windows\system32\extmgr.dll
+ 2004-08-19 14:09 . 2009-12-22 05:41 55808 f:\windows\system32\extmgr.dll
+ 2006-03-12 15:35 . 2009-04-28 20:20 44944 f:\windows\system32\drivers\PxHelp20.sys
+ 2004-08-19 14:09 . 2009-12-22 05:41 39424 f:\windows\system32\dllcache\pngfilt.dll
- 2004-08-19 14:09 . 2009-10-29 05:46 39424 f:\windows\system32\dllcache\pngfilt.dll
+ 2004-08-19 16:09 . 2009-11-27 17:34 17920 f:\windows\system32\dllcache\msyuv.dll
+ 2002-08-30 12:00 . 2009-11-27 16:38 28672 f:\windows\system32\dllcache\msvidc32.dll
- 2004-08-19 14:09 . 2004-08-19 14:09 11264 f:\windows\system32\dllcache\msrle32.dll
+ 2004-08-19 14:09 . 2009-11-27 16:38 11264 f:\windows\system32\dllcache\msrle32.dll
+ 2004-08-19 14:09 . 2009-12-22 05:41 16384 f:\windows\system32\dllcache\jsproxy.dll
- 2004-08-19 14:09 . 2009-10-29 05:46 16384 f:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-19 16:09 . 2009-11-27 16:38 48128 f:\windows\system32\dllcache\iyuv_32.dll
- 2004-08-19 14:09 . 2009-10-29 05:46 96768 f:\windows\system32\dllcache\inseng.dll
+ 2004-08-19 14:09 . 2009-12-22 05:41 96768 f:\windows\system32\dllcache\inseng.dll
+ 2004-08-19 14:09 . 2009-12-22 05:41 81920 f:\windows\system32\dllcache\ieencode.dll
- 2004-08-19 14:09 . 2009-09-25 05:54 81920 f:\windows\system32\dllcache\ieencode.dll
+ 2006-01-10 19:40 . 2009-12-16 12:57 18432 f:\windows\system32\dllcache\iedw.exe
- 2006-01-10 19:40 . 2009-10-27 11:06 18432 f:\windows\system32\dllcache\iedw.exe
- 2004-08-19 14:09 . 2009-10-29 05:46 55808 f:\windows\system32\dllcache\extmgr.dll
+ 2004-08-19 14:09 . 2009-12-22 05:41 55808 f:\windows\system32\dllcache\extmgr.dll
+ 2004-08-19 14:09 . 2009-12-14 07:36 33280 f:\windows\system32\dllcache\csrsrv.dll
- 2004-08-19 14:09 . 2009-06-10 14:23 85504 f:\windows\system32\dllcache\avifil32.dll
+ 2004-08-19 14:09 . 2009-11-27 16:38 85504 f:\windows\system32\dllcache\avifil32.dll
+ 2009-11-27 17:34 . 2009-11-27 17:34 17920 f:\windows\Driver Cache\i386\msyuv.dll
+ 2009-11-27 16:38 . 2009-11-27 16:38 48128 f:\windows\Driver Cache\i386\iyuv_32.dll
+ 2010-01-26 22:51 . 2008-07-08 13:03 26488 f:\windows\$hf_mig$\KB978207\update\spcustom.dll
+ 2010-01-26 22:51 . 2008-07-08 13:03 18296 f:\windows\$hf_mig$\KB978207\spmsg.dll
+ 2009-12-22 05:06 . 2009-12-22 05:06 81920 f:\windows\$hf_mig$\KB978207\SP3QFE\ieencode.dll
+ 2009-12-22 05:08 . 2009-12-22 05:08 81920 f:\windows\$hf_mig$\KB978207\SP3GDR\ieencode.dll
+ 2009-12-22 05:35 . 2009-12-22 05:35 39424 f:\windows\$hf_mig$\KB978207\SP2QFE\pngfilt.dll
+ 2009-12-22 05:35 . 2009-12-22 05:35 16384 f:\windows\$hf_mig$\KB978207\SP2QFE\jsproxy.dll
+ 2009-12-22 05:35 . 2009-12-22 05:35 96768 f:\windows\$hf_mig$\KB978207\SP2QFE\inseng.dll
+ 2009-12-22 05:35 . 2009-12-22 05:35 81920 f:\windows\$hf_mig$\KB978207\SP2QFE\ieencode.dll
+ 2009-12-16 13:35 . 2009-12-16 13:35 18432 f:\windows\$hf_mig$\KB978207\SP2QFE\iedw.exe
+ 2009-12-22 05:35 . 2009-12-22 05:35 55808 f:\windows\$hf_mig$\KB978207\SP2QFE\extmgr.dll
+ 2001-08-23 17:47 . 2009-11-27 16:38 8704 f:\windows\system32\dllcache\tsbyuv.dll
+ 2009-11-27 16:38 . 2009-11-27 16:38 8704 f:\windows\Driver Cache\i386\tsbyuv.dll
- 2006-10-16 10:40 . 2009-10-28 00:43 371200 f:\windows\system32\xpsp3res.dll
+ 2006-10-16 10:40 . 2009-12-16 13:59 371200 f:\windows\system32\xpsp3res.dll
+ 2004-08-19 14:09 . 2009-12-22 05:41 626688 f:\windows\system32\urlmon.dll
- 2004-08-19 14:09 . 2009-10-29 05:46 626688 f:\windows\system32\urlmon.dll
+ 2004-08-19 14:09 . 2009-12-08 09:12 474624 f:\windows\system32\shlwapi.dll
+ 2006-03-12 15:35 . 2009-04-28 20:20 436720 f:\windows\system32\pxwave.dll
+ 2006-03-12 15:35 . 2009-04-28 20:20 219632 f:\windows\system32\pxmas.dll
+ 2006-03-12 15:35 . 2009-04-28 20:20 551408 f:\windows\system32\pxdrv.dll
+ 2008-10-27 20:06 . 2009-04-28 20:20 129520 f:\windows\system32\pxafs.dll
+ 2006-03-12 15:35 . 2009-04-28 20:20 670192 f:\windows\system32\px.dll
- 2004-08-19 14:09 . 2009-10-29 05:46 532480 f:\windows\system32\mstime.dll
+ 2004-08-19 14:09 . 2009-12-22 05:41 532480 f:\windows\system32\mstime.dll
+ 2004-08-19 14:09 . 2009-12-22 05:41 146432 f:\windows\system32\msrating.dll
- 2004-08-19 14:09 . 2009-10-29 05:46 146432 f:\windows\system32\msrating.dll
+ 2004-08-19 14:09 . 2009-12-22 05:41 449024 f:\windows\system32\mshtmled.dll
- 2004-08-19 14:09 . 2009-10-29 05:46 449024 f:\windows\system32\mshtmled.dll
+ 2010-01-27 00:58 . 2010-01-27 00:58 256280 f:\windows\system32\Macromed\Flash\FlashUtil10e.exe
- 2004-08-19 14:09 . 2009-10-29 05:46 251392 f:\windows\system32\iepeers.dll
+ 2004-08-19 14:09 . 2009-12-22 05:41 251392 f:\windows\system32\iepeers.dll
+ 2009-03-19 18:39 . 2009-02-20 06:36 692224 f:\windows\system32\HandEvaluator.dll
+ 2004-08-19 14:09 . 2009-12-22 05:41 205312 f:\windows\system32\dxtrans.dll
- 2004-08-19 14:09 . 2009-10-29 05:46 205312 f:\windows\system32\dxtrans.dll
+ 2004-08-19 14:09 . 2009-12-22 05:41 357888 f:\windows\system32\dxtmsft.dll
- 2004-08-19 14:09 . 2009-10-29 05:46 357888 f:\windows\system32\dxtmsft.dll
- 2004-08-19 14:09 . 2009-10-29 05:46 666112 f:\windows\system32\dllcache\wininet.dll
+ 2004-08-19 14:09 . 2009-12-22 05:41 666112 f:\windows\system32\dllcache\wininet.dll
+ 2004-08-19 14:09 . 2009-12-22 05:41 626688 f:\windows\system32\dllcache\urlmon.dll
- 2004-08-19 14:09 . 2009-10-29 05:46 626688 f:\windows\system32\dllcache\urlmon.dll
+ 2004-08-03 21:14 . 2009-12-31 16:14 352640 f:\windows\system32\dllcache\srv.sys
+ 2004-08-19 14:09 . 2009-12-08 09:12 474624 f:\windows\system32\dllcache\shlwapi.dll
- 2004-08-19 14:09 . 2009-10-29 05:46 532480 f:\windows\system32\dllcache\mstime.dll
+ 2004-08-19 14:09 . 2009-12-22 05:41 532480 f:\windows\system32\dllcache\mstime.dll
+ 2004-08-19 14:09 . 2009-12-22 05:41 146432 f:\windows\system32\dllcache\msrating.dll
- 2004-08-19 14:09 . 2009-10-29 05:46 146432 f:\windows\system32\dllcache\msrating.dll
+ 2004-03-09 11:19 . 2009-12-17 07:59 347648 f:\windows\system32\dllcache\mspaint.exe
- 2004-03-09 11:19 . 2004-08-19 14:10 347648 f:\windows\system32\dllcache\mspaint.exe
+ 2004-08-19 14:09 . 2009-12-22 05:41 449024 f:\windows\system32\dllcache\mshtmled.dll
- 2004-08-19 14:09 . 2009-10-29 05:46 449024 f:\windows\system32\dllcache\mshtmled.dll
+ 2006-05-05 09:41 . 2009-12-04 14:41 453760 f:\windows\system32\dllcache\mrxsmb.sys
+ 2004-08-19 14:09 . 2009-12-22 05:41 251392 f:\windows\system32\dllcache\iepeers.dll
- 2004-08-19 14:09 . 2009-10-29 05:46 251392 f:\windows\system32\dllcache\iepeers.dll
- 2004-08-19 14:09 . 2009-10-29 05:46 205312 f:\windows\system32\dllcache\dxtrans.dll
+ 2004-08-19 14:09 . 2009-12-22 05:41 205312 f:\windows\system32\dllcache\dxtrans.dll
- 2004-08-19 14:09 . 2009-10-29 05:46 357888 f:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-19 14:09 . 2009-12-22 05:41 357888 f:\windows\system32\dllcache\dxtmsft.dll
- 2004-08-19 14:09 . 2009-10-29 05:46 152064 f:\windows\system32\dllcache\cdfview.dll
+ 2004-08-19 14:09 . 2009-12-22 05:41 152064 f:\windows\system32\dllcache\cdfview.dll
+ 2004-08-19 14:09 . 2009-12-22 05:41 152064 f:\windows\system32\cdfview.dll
- 2004-08-19 14:09 . 2009-10-29 05:46 152064 f:\windows\system32\cdfview.dll
+ 2006-05-05 09:41 . 2009-12-04 14:41 453760 f:\windows\Driver Cache\i386\mrxsmb.sys
+ 2010-01-26 22:51 . 2009-05-26 11:40 406392 f:\windows\$hf_mig$\KB978207\update\updspapi.dll
+ 2010-01-26 22:51 . 2009-05-26 11:40 767352 f:\windows\$hf_mig$\KB978207\update\update.exe
+ 2010-01-26 22:51 . 2008-07-08 13:03 234872 f:\windows\$hf_mig$\KB978207\spuninst.exe
+ 2009-12-22 05:06 . 2009-12-22 05:06 672768 f:\windows\$hf_mig$\KB978207\SP3QFE\wininet.dll
+ 2009-12-22 05:06 . 2009-12-22 05:06 629760 f:\windows\$hf_mig$\KB978207\SP3QFE\urlmon.dll
+ 2009-12-22 05:09 . 2009-12-22 05:09 671232 f:\windows\$hf_mig$\KB978207\SP3GDR\wininet.dll
+ 2009-12-22 05:09 . 2009-12-22 05:09 628736 f:\windows\$hf_mig$\KB978207\SP3GDR\urlmon.dll
+ 2009-12-22 05:35 . 2009-12-22 05:35 672768 f:\windows\$hf_mig$\KB978207\SP2QFE\wininet.dll
+ 2009-12-22 05:35 . 2009-12-22 05:35 630272 f:\windows\$hf_mig$\KB978207\SP2QFE\urlmon.dll
+ 2009-12-16 13:59 . 2009-12-16 13:59 371200 f:\windows\$hf_mig$\KB978207\SP2QFE\spru040c.dll
+ 2009-12-08 09:00 . 2009-12-08 09:00 474624 f:\windows\$hf_mig$\KB978207\SP2QFE\shlwapi.dll
+ 2009-12-22 05:35 . 2009-12-22 05:35 532480 f:\windows\$hf_mig$\KB978207\SP2QFE\mstime.dll
+ 2009-12-22 05:35 . 2009-12-22 05:35 146432 f:\windows\$hf_mig$\KB978207\SP2QFE\msrating.dll
+ 2009-12-22 05:35 . 2009-12-22 05:35 449024 f:\windows\$hf_mig$\KB978207\SP2QFE\mshtmled.dll
+ 2009-12-22 05:35 . 2009-12-22 05:35 251904 f:\windows\$hf_mig$\KB978207\SP2QFE\iepeers.dll
+ 2009-12-22 05:35 . 2009-12-22 05:35 205312 f:\windows\$hf_mig$\KB978207\SP2QFE\dxtrans.dll
+ 2009-12-22 05:35 . 2009-12-22 05:35 357888 f:\windows\$hf_mig$\KB978207\SP2QFE\dxtmsft.dll
+ 2009-12-22 05:35 . 2009-12-22 05:35 152064 f:\windows\$hf_mig$\KB978207\SP2QFE\cdfview.dll
+ 2004-08-19 14:09 . 2009-12-22 05:41 1506816 f:\windows\system32\shdocvw.dll
- 2004-08-19 14:09 . 2009-10-29 05:46 1506816 f:\windows\system32\shdocvw.dll
+ 2008-10-27 20:06 . 2009-04-28 20:20 1858032 f:\windows\system32\pxsfs.dll
+ 2004-08-19 14:09 . 2009-12-22 05:41 3084800 f:\windows\system32\mshtml.dll
+ 2004-08-19 14:09 . 2009-12-22 05:41 1506816 f:\windows\system32\dllcache\shdocvw.dll
- 2004-08-19 14:09 . 2009-10-29 05:46 1506816 f:\windows\system32\dllcache\shdocvw.dll
+ 2004-08-19 14:09 . 2009-11-27 17:34 1297408 f:\windows\system32\dllcache\quartz.dll
- 2007-02-28 16:02 . 2009-08-04 17:05 2182400 f:\windows\system32\dllcache\ntoskrnl.exe
+ 2007-02-28 16:02 . 2009-12-09 10:26 2182400 f:\windows\system32\dllcache\ntoskrnl.exe
- 2007-02-28 16:02 . 2009-08-04 17:05 2017792 f:\windows\system32\dllcache\ntkrpamp.exe
+ 2007-02-28 16:02 . 2009-12-09 10:26 2017792 f:\windows\system32\dllcache\ntkrpamp.exe
- 2007-02-28 16:02 . 2009-08-04 17:05 2059776 f:\windows\system32\dllcache\ntkrnlpa.exe
+ 2007-02-28 16:02 . 2009-12-09 10:26 2059776 f:\windows\system32\dllcache\ntkrnlpa.exe
+ 2007-02-28 16:02 . 2009-12-09 10:26 2138112 f:\windows\system32\dllcache\ntkrnlmp.exe
- 2007-02-28 16:02 . 2009-08-04 17:05 2138112 f:\windows\system32\dllcache\ntkrnlmp.exe
+ 2004-08-19 14:09 . 2009-12-22 05:41 3084800 f:\windows\system32\dllcache\mshtml.dll
- 2004-08-19 14:09 . 2009-09-25 05:54 1056768 f:\windows\system32\dllcache\danim.dll
+ 2004-08-19 14:09 . 2009-12-22 05:41 1056768 f:\windows\system32\dllcache\danim.dll
- 2004-08-19 14:09 . 2009-10-29 05:46 1024000 f:\windows\system32\dllcache\browseui.dll
+ 2004-08-19 14:09 . 2009-12-22 05:41 1024000 f:\windows\system32\dllcache\browseui.dll
- 2004-08-19 14:09 . 2009-09-25 05:54 1056768 f:\windows\system32\danim.dll
+ 2004-08-19 14:09 . 2009-12-22 05:41 1056768 f:\windows\system32\danim.dll
+ 2010-01-18 19:13 . 2009-09-04 16:29 1892184 f:\windows\system32\D3DX9_42.dll
+ 2010-01-18 19:13 . 2006-11-29 12:06 3426072 f:\windows\system32\d3dx9_32.dll
+ 2010-01-18 19:13 . 2006-09-28 15:05 2414360 f:\windows\system32\d3dx9_31.dll
- 2004-08-19 14:09 . 2009-10-29 05:46 1024000 f:\windows\system32\browseui.dll
+ 2004-08-19 14:09 . 2009-12-22 05:41 1024000 f:\windows\system32\browseui.dll
- 2005-03-02 18:08 . 2009-08-04 17:05 2182400 f:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2005-03-02 18:08 . 2009-12-09 10:26 2182400 f:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2005-03-02 18:08 . 2009-12-09 10:26 2017792 f:\windows\Driver Cache\i386\ntkrpamp.exe
- 2005-03-02 18:08 . 2009-08-04 17:05 2017792 f:\windows\Driver Cache\i386\ntkrpamp.exe
- 2005-03-02 18:07 . 2009-08-04 17:05 2059776 f:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2005-03-02 18:07 . 2009-12-09 10:26 2059776 f:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2005-03-02 18:07 . 2009-12-09 10:26 2138112 f:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2005-03-02 18:07 . 2009-08-04 17:05 2138112 f:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-12-22 05:06 . 2009-12-22 05:06 1510400 f:\windows\$hf_mig$\KB978207\SP3QFE\shdocvw.dll
+ 2009-12-22 05:06 . 2009-12-22 05:06 3094528 f:\windows\$hf_mig$\KB978207\SP3QFE\mshtml.dll
+ 2009-12-22 05:09 . 2009-12-22 05:09 1510400 f:\windows\$hf_mig$\KB978207\SP3GDR\shdocvw.dll
+ 2009-12-22 05:09 . 2009-12-22 05:09 3092480 f:\windows\$hf_mig$\KB978207\SP3GDR\mshtml.dll
+ 2009-12-22 05:35 . 2009-12-22 05:35 1510400 f:\windows\$hf_mig$\KB978207\SP2QFE\shdocvw.dll
+ 2009-12-22 05:35 . 2009-12-22 05:35 3092480 f:\windows\$hf_mig$\KB978207\SP2QFE\mshtml.dll
+ 2009-12-22 05:35 . 2009-12-22 05:35 1056768 f:\windows\$hf_mig$\KB978207\SP2QFE\danim.dll
+ 2009-12-22 05:35 . 2009-12-22 05:35 1024512 f:\windows\$hf_mig$\KB978207\SP2QFE\browseui.dll
+ 2010-01-21 22:55 . 2010-01-21 22:55 15710720 f:\windows\Installer\785534.msp
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C4D1E7D7-F8F5-4975-8E0E-9238AA67FEDD}]
f:\windows\system32\wvUnmKBt.dll [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DW4"="f:\program files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [BU]
"Vidalia"="f:\program files\Vidalia Bundle\Vidalia\vidalia.exe" [BU]
"Uniblue RegistryBooster 2"="f:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"network"="c:\windows\networking.exe" [BU]
"QuickTime Task"="f:\program files\QuickTime\qttask.exe" [2004-05-22 98304]
"SunJavaUpdateSched"="f:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"avgnt"="f:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"TkBellExe"="f:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-10-07 198160]
"POEngine"="" [BU]

f:\documents and settings\sergio\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.4.lnk - f:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

f:\documents and settings\sergio\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.4.lnk - f:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

f:\documents and settings\sergio\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.4.lnk - f:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

f:\documents and settings\sergio\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.4.lnk - f:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RamBooster]
f:\program files\RamBooster\Rambooster.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-01-25 16:34 171448 ----a-w- f:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ÑÒFMÎN.EXE]
f:\windows\ÑÒFMÎN.EXE [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UleadBurningHelper"=2 (0x2)
"SAVScan"=3 (0x3)
"Planificateur LiveUpdate automatique"=2 (0x2)
"navapsvc"=3 (0x3)
"AOLService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\Program Files\\Freeplayer\\vlc\\vlc.exe"=
"f:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.321\\French\\setup.exe"=
"f:\\Program Files\\eMule\\emule.exe"=
"f:\\WINDOWS\\system32\\dpvsetup.exe"=
"f:\\Program Files\\LimeWire\\LimeWire.exe"=
"f:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"f:\\Program Files\\HomePlayer\\HomePlayer.exe"=
"f:\\Program Files\\HomePlayer\\VLC\\vlc.exe"=
"f:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"f:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"f:\\Program Files\\PokerOffice\\bin\\javaw.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56899:TCP"= 56899:TCP:Pando P2P TCP Listening Port
"56899:UDP"= 56899:UDP:Pando P2P UDP Listening Port
"8080:TCP"= 8080:TCP:freeplayer tcp
"1234:UDP"= 1234:UDP:freeplayer udp

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;f:\program files\Avira\AntiVir Desktop\sched.exe [07/10/2009 19:01 108289]
R2 CamthWDM;WebcamMax, WDM Video Capture;f:\windows\system32\drivers\CamthWDM.sys [11/01/2007 06:39 243584]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;f:\windows\system32\drivers\ManyCam.sys [14/01/2008 11:06 21632]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;f:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [19/09/2008 03:03 65536]
S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);f:\windows\system32\drivers\alcan5ln.sys [09/03/2004 14:59 36048]
S3 archbus;NEC WMC USB_BJ1 Composite Device driver (WDM);f:\windows\system32\drivers\archbus.sys [18/06/2006 19:26 52480]
S3 archmdfl;NEC WMC USB_BJ1 Modem Filter;f:\windows\system32\drivers\archmdfl.sys [18/06/2006 19:27 6032]
S3 archmdm;NEC WMC USB_BJ1 Modem Drivers;f:\windows\system32\drivers\archmdm.sys [18/06/2006 19:26 87360]
S3 archobex;NEC WMC USB_BJ1 OBEX Interface Drivers (WDM);f:\windows\system32\drivers\archobex.sys [18/06/2006 19:27 76976]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;f:\windows\system32\drivers\fbxusb32.sys [22/08/2006 22:49 21344]
S3 maconfservice;Ma-Config Service;f:\program files\ma-config.com\maconfservice.exe [24/01/2009 14:46 216232]
S3 phil2vid;Appareil photo VGA USB Philips PCVC690;f:\windows\system32\drivers\philcam2.sys [09/03/2004 15:00 173696]
S3 PHUSBC;NEC Portable Phone CONTROL Driver;f:\windows\system32\drivers\PHUSBC.SYS [16/06/2006 19:21 43392]
S3 PHUSBE;NEC Portable Phone ENUMERATION Driver;f:\windows\system32\drivers\PHUSBE.SYS [16/06/2006 19:21 12928]
S3 PHUSBM;NEC Portable Phone Modem Driver;f:\windows\system32\drivers\PHUSBM.sys [16/06/2006 19:23 37504]
S3 PHUSBO;NEC Portable Phone OBEX Port Driver;f:\windows\system32\drivers\PHUSBO.sys [16/06/2006 19:22 34048]
S3 SQTECH913D;913D Camera;f:\windows\system32\drivers\Capt913D.sys [01/07/2009 20:14 29824]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - GETPLUSHELPER
*Deregistered* - Ndisprot.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenu du dossier 'Tâches planifiées'

2010-02-22 f:\windows\Tasks\WGASetup.job
- f:\windows\system32\KB905474\wgasetup.exe [2009-05-03 20:18]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{ECC5777A-6E88-BFCE-13CE-81F134789E7B} - f:\program files\Ghost Navigator2_8_2\Ghost
Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} -
Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} -
DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://www.visiogood.com/jalss/cfweb_activex.camfrogweb.com-advanced-2.0.2.20_instmodule.exe
DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - hxxp://bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
FF - ProfilePath - f:\documents and settings\sergio\Application Data\Mozilla\Firefox\Profiles\038chxxy.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://wwwgoogle.com/
FF - component: f:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: f:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll

---- PARAMETRES FIREFOX ----
FF - user.js: network.proxy.type - 0
FF - user.js: keyword.enabled - true
f:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
f:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
f:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
f:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
f:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-22 20:21
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
Heure de fin: 2010-02-22 20:26:18
ComboFix-quarantined-files.txt 2010-02-22 19:26

Avant-CF: 55 141 064 704 octets libres
Après-CF: 55 098 052 608 octets libres

- - End Of File - - 85DA1B0D99B4AAC5EE5CED0AEEBA281F
0
Réponse 7 / 21
moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 272
22 févr. 2010 à 20:45
▶ Relance List&Kill'em avec le raccourci sur ton bureau ,

mais cette fois-ci :

▶ choisis l'option 2 = Mode Suppression

laisse travailler l'outil.

en fin de scan un rapport s'ouvre

▶ colle le contenu dans ta reponse

Tu peux le désinstaller ensuite

0
Réponse 8 / 21
hydrom3n
22 févr. 2010 à 21:07
voici le rappport kill'em


Kill'em by g3n-h@ckm@n 1.2.5.3

User : sergio ()
Update on 19/02/2010 by g3n-h@ckm@n ::::: 13.15
Start at: 20:48:02 | 22/02/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7

AMD Athlon(tm) XP 1700+
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Disabled
AV : AntiVir Desktop 9.0.1.32 [ (!) Disabled | Updated ]

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 37,3 Go (33,15 Go free) | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM
F:\ -> Disque fixe local | 111,78 Go (51,34 Go free) [Disque Dur Principal ] | NTFS


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\LEXBCES.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\LEXPPS.EXE
F:\Program Files\Avira\AntiVir Desktop\sched.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Avira\AntiVir Desktop\avguard.exe
F:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\alg.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Java\jre6\bin\jusched.exe
F:\Program Files\Avira\AntiVir Desktop\avgnt.exe
F:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
F:\WINDOWS\system32\NOTEPAD.EXE
F:\WINDOWS\system32\NOTEPAD.EXE
F:\WINDOWS\system32\notepad.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
F:\WINDOWS\system32\notepad.exe
F:\WINDOWS\explorer.exe
F:\WINDOWS\system32\wscntfy.exe
F:\Program Files\List_Kill'em\List_Kill'em.scr
F:\WINDOWS\system32\cmd.exe
F:\WINDOWS\system32\wbem\wmiprvse.exe
F:\Documents and Settings\sergio\Local Settings\temp\102.tmp\ERUNT.EXE
F:\Documents and Settings\sergio\Local Settings\temp\102.tmp\pv.exe

Detections :
==========


¤¤¤¤¤¤¤¤¤¤ Files/folders :

Quarantined & Deleted !! : F:\Documents and Settings\All Users\Application Data\ojvzdisj.xda
Quarantined & Deleted !! : F:\WINDOWS\SET3.tmp
Quarantined & Deleted !! : F:\WINDOWS\SET7.tmp
Quarantined & Deleted !! : F:\WINDOWS\SET73.tmp
Quarantined & Deleted !! : F:\WINDOWS\SET74.tmp
Quarantined & Deleted !! : F:\WINDOWS\SET80.tmp

Quarantined & Deleted !! : F:\WINDOWS\System32\_000046_.tmp
Quarantined & Deleted !! : F:\WINDOWS\System32\mcrh.MSNFix
Quarantined & Deleted !! : F:\WINDOWS\System32\plugin1.MSNFix
Quarantined & Deleted !! : F:\WINDOWS\System32\drivers\etc\hosts.msn
Quarantined & Deleted !! : F:\WINDOWS\System32\SET6F.tmp
Quarantined & Deleted !! : F:\WINDOWS\System32\SET75.tmp
Quarantined & Deleted !! : F:\WINDOWS\System32\SET8B.tmp
Quarantined & Deleted !! : F:\WINDOWS\System32\SET8C.tmp
Quarantined & Deleted !! : F:\WINDOWS\System32\SET8F.tmp
Quarantined & Deleted !! : F:\WINDOWS\System32\SET9C.tmp
Quarantined & Deleted !! : F:\WINDOWS\System32\setb0.tmp
Quarantined & Deleted !! : F:\WINDOWS\System32\setb1.tmp
Quarantined & Deleted !! : F:\WINDOWS\System32\setb2.tmp
Quarantined & Deleted !! : F:\WINDOWS\System32\setb3.tmp
Quarantined & Deleted !! : F:\Documents and Settings\sergio\Application Data\internaldb153.dat
Quarantined & Deleted !! : F:\Documents and Settings\sergio\Application Data\internaldb1942.dat
Quarantined & Deleted !! : F:\Documents and Settings\sergio\Application Data\internaldb2391.dat
Quarantined & Deleted !! : F:\Documents and Settings\sergio\Application Data\internaldb3902.dat
Quarantined & Deleted !! : F:\Documents and Settings\sergio\Application Data\internaldb41.dat
Quarantined & Deleted !! : F:\Documents and Settings\sergio\Application Data\internaldb4604.dat
Quarantined & Deleted !! : F:\Documents and Settings\sergio\Application Data\internaldb4827.dat
Quarantined & Deleted !! : F:\Documents and Settings\sergio\Application Data\internaldb5436.dat
Quarantined & Deleted !! : F:\Documents and Settings\sergio\Application Data\internaldb6334.dat
Quarantined & Deleted !! : F:\Documents and Settings\sergio\Application Data\internaldb6500.dat
Quarantined & Deleted !! : F:\Documents and Settings\sergio\Application Data\internaldb8467.dat

==============
host file OK !
==============

========
Registry
========

Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Deleted : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Deleted : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCU\software\Live-Player
Deleted : HKLM\software\Live-Player
Deleted : "HKLM\software\Poker 770"
Deleted : HKLM\SYSTEM\ControlSet001\Enum\Root\Legacy_NDISRD
Deleted : HKLM\SYSTEM\ControlSet001\Enum\Root\Legacy_OREANS32
Deleted : HKLM\SYSTEM\ControlSet001\Services\oreans32
========
Services
=========

Ndisuio : Start = 3
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2

============
Disk Cleaned
============

=================
anti-ver blaster : OK !!
=================

================
Prefetch cleaned
================



¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Réponse 9 / 21
moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 272
22 févr. 2010 à 21:10
bien

pour vérifier

Infection Navipromo….Pour info :

Il s'installe via certains programmes, dont ceux-ci qu'il faut éviter à tout prix:
* Funky Emoticons
* go-astro
* Games Attack
* GoRecord
* HotTVPlayer / HotTVPlayer & Paris Hilton
* Live-Player
* MailSkinner
* Messenger Skinner
* Instant Access
* InternetGameBox
* Officiale Emule (Version d'Emule modifiée)
* Original Solitaire
* SuperSexPlayer
* Speed Downloading
* Sudoplanet
* Webmediaplayer

il faudrait télécharge navilog1 sur le bureau :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

Certaines infections bloquent les téléchargements d' outils de désinfection utilisez ce lien alternatif:
http://ww38.toofiles.com/fr/oip/documents/exe/yop3.html


1°Double-clique sur navilog1.exe présent sur ton bureau
2°Sélectionnez la langue désirée dans le menu puis valide le choix par la touche « entrer »
3°Petit message d’avertissement, appuyez sur une touche pour passe à la suite
4°un nouveau avertissement, appuie sur une touche pour suivre
5°Vérification de l’installation de Navilog1 : si tout est bon, appuyez sur une touche pour continuer
6°Choisir option 1 : recherche/désinfection automatique
7°La recherche va se lancer automatiquement et peut durée quelques minutes, patientez
8°Une fois l’analyse terminé, fermez et enregistrez votre travail en cours, puis appuiez sur une touche pour que votre pc puisse démarrer
9°Au redémarrage du pc, Navilog va supprimer ce qu’il a trouvé, patientez quelques instants.

Un rapport est gèneré par l'outil. Il se trouve à cette emplacement :
XP : demarrer/poste de travail/c:/cleannavi.txt


0
Réponse 10 / 21
hydrom3n
22 févr. 2010 à 21:23
j'avais oublié de préciser que j'avais commencé seul par effectuer un genproc suivi (en mode sans echec ) d'un combofix, navilog , ccleaner et spybot sd qui n'avait rien donné

voici le rapport navilog1

Fix Navipromo version 4.0.6 commencé le 22/02/2010 21:16:07,82

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!

Outil exécuté depuis F:\Program Files\navilog1

Mise à jour le 03.01.2010 à 11h00 par IL-MAFIOSO

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 1700+ )
BIOS : Ver 1.65
USER : sergio ( Administrator )
BOOT : Normal boot

Antivirus : AntiVir Desktop 9.0.1.32 (Not Activated)


A:\ (USB)
C:\ (Local Disk) - NTFS - Total:37 Go (Free:33 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (Local Disk) - NTFS - Total:111 Go (Free:51 Go)


Recherche executée en mode normal


[b]Aucune Infection Navipromo/Egdaccess trouvée/b



*** Scan terminé 22/02/2010 21:16:32,71 ***
0
Réponse 11 / 21
moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 272
22 févr. 2010 à 21:27
regardes si tu as l'ancien rapport combofix encore, ce que je doute (C:\ComboFix.txt)
0
Réponse 12 / 21
hydrom3n
22 févr. 2010 à 21:34
celui que j'avais fait seul en mode sans echec?
0
Réponse 13 / 21
moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 272
22 févr. 2010 à 21:35
oui celui que tu as fait de ton initiative
0
hydrom3n
22 févr. 2010 à 21:39
désolé mais j'ai fait ca il y a deja plusieurs jours et j'ai tout viré ensuite
0
Réponse 14 / 21
moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 272
22 févr. 2010 à 21:48
d'accord

constates tu une amélioration d'internet ?

Télécharge ZHPDiag ( de Nicolas coolman ).
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html

Double clique sur le fichier d'installation, puis installe le avec les paramètres par défaut ( N'oublie pas de cocher " Créer une icône sur le bureau " )

Lance ZHPDiag en double cliquant sur l'icône présente sur ton bureau (Clique droit -> Executer en tant qu'admin ( vista )

Clique sur la loupe en haut à gauche, puis laisse l'outil scanner.

Une fois le scan terminé, clique sur l'icône en forme de disquette et enregistre le fichier sur ton bureau.

Rend toi sur Cjoint : http://www.cijoint.fr/

Clique sur "Parcourir " dans la partie " Joindre un fichier[...] "

Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau

Clique ensuite sur "Créer le lien cjoint " et copie/colle le dans ton prochain message
0
Réponse 15 / 21
hydrom3n
22 févr. 2010 à 22:15
voici le lien et encore merci pour ton aide

http://www.cijoint.fr/cjlink.php?file=cj201002/cijXUStO8M.txt
0
Réponse 16 / 21
moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 272
22 févr. 2010 à 22:27
Rends toi sur ce site :

https://www.virustotal.com/gui/

Clique sur parcourir et cherche ce fichier : F:\WINDOWS\ÑÒFMÎN.exe

Clique sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta réponse.

Si tu ne trouves pas le fichier alors

Affiche tous les fichiers et dossiers :

Pour cela :
Clique sur démarrer/panneau de configuration/option des dossiers/affichage

Cocher afficher les dossiers cachés

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

Décocher masquer les extensions dont le type est connu

Puis fais «appliquer» pour valider les changements.

Et OK
0
hydrom3n
22 févr. 2010 à 22:56
désole mais je ne trouve pas le fichier , meme en faisant lamanip dans l'option de dossiers
0
Réponse 17 / 21
moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 272
22 févr. 2010 à 22:58
d'accord

Téléchargez MalwareByte's Anti-Malware

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

. Enregistres le sur le bureau
. Double cliques sur le fichier téléchargé pour lancer le processus d'installation.
. Dans l'onglet "mise à jour", cliques sur le bouton Recherche de mise à jour
. Si le pare-feu demande l'autorisation de se connecter pour malwarebytes, accepte
. Une fois la mise à jour terminé
. Rend-toi dans l'onglet, Recherche
. Sélectionnes Exécuter un examen complet (examen assez long)
. Cliques sur Rechercher
. Le scan démarre.
. A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
. Cliques sur Ok pour poursuivre.
. Si des malwares ont été détectés, clique sur Afficher les résultats
. Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
. Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
. Rends toi dans l'onglet rapport/log
. Tu cliques dessus pour l'afficher, une fois affiché
. Tu cliques sur edition en haut du boc notes, et puis sur sélectionner tous
. Tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
. tu cliques droit dans le cadre de la reponse et coller


Si tu as besoin d'aide regarde ces tutoriels :
Aide: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
http://www.infos-du-net.com/forum/278396-11-tuto-malwarebytes-anti-malware-mbam

0
hydrom3n
23 févr. 2010 à 16:17
bonjour

j'ai du abandoner le scan malwarebyte car apres 16 h de scan, j'avais meme pas 50 % d'anlysé, et tout était bloqué j'ai du rebooté pour pouvoir relancer IE
0
Réponse 18 / 21
hydrom3n
23 févr. 2010 à 16:20
quand j'essaie de relancer mwb a nouveau ca me met erreur d'execution '0' et erreur d'execution
'440'
0
Réponse 19 / 21
moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 272
23 févr. 2010 à 18:14
????????????,

désinstalles et supprimes on y reviendra

Note importante :
Pour les ordinateurs équipés de Windows Vista et Windows 7, la désactivation du Contrôle des comptes utilisateurs est obligatoire
sous peine de ne pas pouvoir faire fonctionner correctement l'outil.
Tuto : https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac

Téléchargez et enregistrez le fichier d installation sur le bureau
http://pagesperso-orange.fr/NosTools/C_XX/AD-R.exe


Double cliquez sur le fichier d'installation de AD-Remover, le programme s'installera automatiquement.
Sous Vista : clic droit sur AD-Remover et sélectionner "Exécuter en tant qu'administrateur"
Au menu principal choisir
Option L Lancer le nettoyage
et tapez sur [entrée] .
Laissez travailler l'outil et ne touchez à rien ...
Postez le rapport qui apparait à la fin.

( le rapport est sauvegardé aussi sous C:\Ad-report.log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note :Process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.


0
hydrom3n
23 févr. 2010 à 21:34
voici le rapport de malwarebytes je l'ai reiinstallé , le scan a bien fonctionné et il a trouvé 51 éléments a supprimer, voici le raport

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3780
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

23/02/2010 19:11:19
mbam-log-2010-02-23 (19-11-19).txt

Type de recherche: Examen complet (F:\|)
Eléments examinés: 234254
Temps écoulé: 1 hour(s), 2 minute(s), 51 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 50

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\SmartShopper (Adware.SmartShopper) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
F:\System Volume Information\_restore{483B095B-5554-4270-8C78-F3A47ACFCA7C}\RP135\A0045299.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{483B095B-5554-4270-8C78-F3A47ACFCA7C}\RP144\A0054578.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
F:\WINDOWS\system32\drivers\oreans32.MSNFix (Rootkit.Agent) -> Quarantined and deleted successfully.
F:\Program Files\dlltoexe.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\Program Files\english.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\Program Files\german.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\Program Files\graphics.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\Program Files\IMDP35.DLL (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\Program Files\IMMULTR5.DLL (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\Program Files\imwinwr.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\Program Files\jpeg.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\Program Files\netsetup.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\Program Files\screen00.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\Program Files\screen01.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\Program Files\screen02.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\Program Files\screen03.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\Program Files\screen04.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\Program Files\screen05.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\Program Files\screen06.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\Program Files\screen07.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\Program Files\screen08.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\Program Files\screen09.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\Program Files\screen10.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\Program Files\screen11.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\Program Files\screen12.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\Program Files\screen13.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\Program Files\screen14.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\Program Files\screen15.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\Program Files\screen16.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\Program Files\screen17.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\Program Files\screen18.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\Program Files\screen19.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\Program Files\screen20.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\Program Files\screen21.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\Program Files\screen22.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\Program Files\screen23.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\Program Files\screen24.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\Program Files\screen25.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\Program Files\screen26.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\Program Files\screen27.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\Program Files\screen28.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\Program Files\screen29.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\Program Files\screen30.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\Program Files\settings.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\Program Files\sound.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\Program Files\tagfile.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\Program Files\uidraw.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\Program Files\uimain.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\Program Files\uiserv.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\Program Files\uiwindow.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
0
Réponse 20 / 21
moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 272
23 févr. 2010 à 23:23
ok

tu peux vider sa quarantaine

et faire le post 26
0
hydrom3n
24 févr. 2010 à 08:40
bonjour

voici le rapport ad remov et encore un grand merci a vous pour votre aide



======= RAPPORT D'AD-REMOVER 1.1.4.6_J | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 05.02.2010 à 17:34
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 21:39:00, 23/02/2010 | Mode Normal | Option: CLEAN
Exécuté de: F:\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 2 v5.1.2600
Nom du PC: TOTOCOMP-VMYWX3 | Utilisateur actuel: sergio
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.

F:\WINDOWS\System32\SearchTool
F:\Poker\Poker 770
F:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Poker 770
F:\Program Files\Viewpoint
F:\DOCUME~1\sergio\APPLIC~1\Viewpoint
F:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
F:\DOCUME~1\ALLUSE~1\Bureau\Poker 770.lnk

(!) -- Fichiers temporaires supprimés.

.
HKCU\software\appdatalow\c611aa91-7711-1a6e-c7b7-c65fbcba10d5
HKCU\Software\AppDataLow\software\{AA739F88-87F9-24C0-8045-DBE910AA3E13}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
HKCU\software\PartyGaming
HKCU\software\Poker 770
HKCU\software\Titan Poker
HKLM\software\classes\AxMetaStream.MetaStreamCtl
HKLM\software\classes\AxMetaStream.MetaStreamCtl.1
HKLM\software\classes\AxMetaStream.MetaStreamCtlSecondary
HKLM\software\classes\AxMetaStream.MetaStreamCtlSecondary.1
HKLM\Software\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
HKLM\Software\Classes\CLSID\{196a8dc6-273e-171d-a4e9-850480b77c96}
HKLM\Software\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
HKLM\Software\Classes\CLSID\{3B70E97D-5329-24FB-7C00-50BC11736764}
HKLM\Software\Classes\CLSID\{601EC5C9-EF38-662E-C9B3-D48ABC6C1B58}
HKLM\Software\Classes\CLSID\{C611AA91-7711-1A6E-C7B7-C65FBCBA10D5}
HKLM\Software\Classes\TypeLib\{4F7D1B07-6203-41F0-947B-A29CC9ECD9B0}
HKLM\Software\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
HKLM\software\MetaStream
HKLM\Software\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
HKLM\Software\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
HKLM\software\microsoft\windows\currentversion\uninstall\{ECCE5118-5317-2C12-A18A-399E363DB9EF}
HKLM\software\microsoft\windows\currentversion\uninstall\Poker 770
HKLM\software\microsoft\windows\currentversion\uninstall\ViewpointMediaPlayer
HKLM\software\Titan Poker
HKLM\software\Viewpoint
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 1.5 [fr] *
.
Nom du profil: 038chxxy.default (sergio)
.
(sergio, prefs.js) Browser.search.selectedEngine, Google
(sergio, prefs.js) Browser.startup.homepage, hxxp://wwwgoogle.com/
.
.
.
* Internet Explorer Version 6.0.2900.2180 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: F:\WINDOWS\system32\blank.htm
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Custom Search URL: 1 (0x1)
Enable Browser Extensions: yes
Use Search Asst: no
Prev Search Page: hxxp://www.google.com
Prev Search Bar: hxxp://www.google.com/ie
Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: %SystemRoot%\system32\blank.htm
Start Page: hxxp://fr.msn.com/
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
4012 Octet(s) - F:\Ad-Report-CLEAN[1].log
.
6 Fichier(s) - F:\DOCUME~1\sergio\LOCALS~1\Temp
2 Fichier(s) - F:\WINDOWS\Temp
10 Fichier(s) - F:\WINDOWS\Prefetch
.
19 Fichier(s) - F:\Ad-Remover\BACKUP
3339 Fichier(s) - F:\Ad-Remover\QUARANTINE
.
Fin à: 21:58:09 | 23/02/2010 - CLEAN[1]
.
============== E.O.F ==============
.
0

Discussions similaires

Formaté mais pas de connexion Internet ?
VissErale -
VissErale -

4 réponses
Connexion impossible sur coco.fr
Folya -
Xileh -

6 réponses
je peux plus me connecter sur coco.fr
Domi -
pasc -

3 réponses
Plus de connexion internet après formatage
***kiwi*** -
iyadh abdelmoumen -

20 réponses
[SUJET GROUPÉ] Problèmes rencontrés sur le site COCO.
Pisceneo -
bazfile -

19 réponses