yannou84

Bonjour, j'ai l'intention d'acheter un ordinateur portable, on m'a dit qu'il était possible de réclamer le logiciel du système d'exploitation en fournissant la facture à microsoft. est-ce vrai? Merci

Désolé de ne pas t'avoir répondu plus tôt, mais je voulais te remercier pour ta patience, ton acharnement et le temps que tu as passé pour moi. En effet, l'ordinateur se porte à présent beaucoup mieux, les logiciels s'ouvrent à nouveau et il démarre nickel. Encore un grand merci à toi et à bientôt.

Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Version de la base de données: 6847 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 13/06/2011 16:26:59 mbam-log-2011-06-13 (16-26-59).txt Type d'examen: Examen complet (C:\|G:\|L:\|) Elément(s) analysé(s): 189378 Temps écoulé: 5 minute(s), 40 seconde(s) Processus mémoire infecté(s): 2 Module(s) mémoire infecté(s): 1 Clé(s) du Registre infectée(s): 18 Valeur(s) du Registre infectée(s): 6 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 17 Processus mémoire infecté(s): c:\documents and settings\THOR\application data\lssas.exe (Backdoor.Bot) -> 796 -> Unloaded process successfully. c:\documents and settings\THOR\application data\manager.exe (Backdoor.Bot) -> 1268 -> Unloaded process successfully. Module(s) mémoire infecté(s): c:\WINDOWS\system32\wfoanwal.dll (IPH.GenericBHO) -> Delete on reboot. Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\CLSID\{3F10F015-A150-F153-0AF6-C855F746072D} (IPH.GenericBHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Qzhqopkl (IPH.GenericBHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3F10F015-A150-F153-0AF6-C855F746072D} (IPH.GenericBHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3F10F015-A150-F153-0AF6-C855F746072D} (IPH.GenericBHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MouseDriver (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Context\Context-Ads (Adware.AdRotator) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\tgs90gv74r (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Context\Context-Ads (Adware.AdRotator) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\INPUT MANAGER (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LOCAL ACCOUNT AUTHORITY SERVICE (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PLUG MANAGER (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CF4A603B-2231-4ABA-AEFF-A1F02D9CBCE4} (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{CF4A603B-2231-4ABA-AEFF-A1F02D9CBCE4} (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adfavwqhpr.adfavwqhpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adfavwqhpr.adfavwqhpr (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CF4A603B-2231-4ABA-AEFF-A1F02D9CBCE4} (Adware.Adrotator) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Local Account Service (Backdoor.Bot) -> Value: Local Account Service -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Plug Manager (Backdoor.Bot) -> Value: Plug Manager -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Input Manager\ImagePath (Trojan.Agent) -> Value: ImagePath -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Local Account Authority Service\ImagePath (Trojan.Agent) -> Value: ImagePath -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MouseDriver\ImagePath (Trojan.Agent) -> Value: ImagePath -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Plug Manager\ImagePath (Trojan.Agent) -> Value: ImagePath -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): c:\documents and settings\THOR\application data\lssas.exe (Backdoor.Bot) -> Quarantined and deleted successfully. c:\documents and settings\THOR\application data\manager.exe (Backdoor.Bot) -> Quarantined and deleted successfully. c:\WINDOWS\system32\wfoanwal.dll (IPH.GenericBHO) -> Delete on reboot. c:\documents and settings\administrateur\menu démarrer\programmes\démarrage\kisufo.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\documents and settings\default user\menu démarrer\programmes\démarrage\daur.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\documents and settings\THOR\application data\0bdf9r1wl.exe (Backdoor.Bot) -> Quarantined and deleted successfully. c:\documents and settings\THOR\application data\h7asaidqo.exe (Backdoor.Bot) -> Quarantined and deleted successfully. c:\documents and settings\THOR\application data\sgg7ygw5.exe (Backdoor.Bot) -> Quarantined and deleted successfully. c:\documents and settings\THOR\application data\Olalu\iscae.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\documents and settings\THOR\Bureau\logiciels contre malwares\rk_quarantine\iscae.exe.vir (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\documents and settings\THOR\Bureau\logiciels contre malwares\rk_quarantine\lssas.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully. c:\documents and settings\THOR\Bureau\logiciels contre malwares\rk_quarantine\manager.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully. c:\documents and settings\THOR\menu démarrer\antimalware doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. c:\documents and settings\THOR\application data\mousedriver.bat (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\THOR\application data\Input.bat (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\THOR\application data\localaccountauthority.bat (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\THOR\application data\Plug.bat (Trojan.Agent) -> Quarantined and deleted successfully.

Dossier supprimé: C:\WINDOWS\$XNTUninstall643$ (!) -- Fichiers temporaires supprimés. Clé supprimée: HKCU\Software\AutocompleteProBHO Clé supprimée: HKU\.DEFAULT\Software\AutocompleteProBHO Clé supprimée: HKLM\Software\VDownloader\OpenCandy ============== SCAN ADDITIONNEL ============== -- C:\Documents and Settings\THOR\Application Data\Mozilla\FireFox\Profiles\k1wlq7t2.default -- Extensions\keyscrambler@qfx.software.corporation (KeyScrambler) Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} (Flagfox) Prefs.js - browser.download.dir, C:\\Documents and Settings\\THOR\\Bureau\\Téléchargements 2 Prefs.js - browser.startup.homepage, hxxp://orange.fr Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.17 ======================================== **** Internet Explorer Version [6.0.2900.2180] **** HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896 HKCU_Main|Start Page - hxxp://fr.msn.com/ HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Start Page - hxxp://fr.msn.com/ HKCU_URLSearchHooks|{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - "SearchHook Class" (C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll) HKCU_Toolbar\WebBrowser|{EEE6C35B-6118-11DC-9C72-001320C79847} (x) HKLM_Extensions\{5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - "?" (?) BHO\{2B9F5787-88A5-4945-90E7-C4B18563BC5E} - "KeyScramblerBHO Class" (C:\Logiciels\KeyScrambler 2.6.0 a\KeyScrambler 2.6.0 apps\KeyScrambler\KeyScramblerIE.dll) BHO\{3F10F015-A150-F153-0AF6-C855F746072D} - "?" (c:\windows\system32\wfoanwal.dll) BHO\{CF4A603B-2231-4ABA-AEFF-A1F02D9CBCE4} - "adfavwqhpr Object" (C:\WINDOWS\$XNTUninstall643$\wktly.dll) (x) BHO\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - "Yontoo Layers" (C:\Program Files\PageRage\YontooIEClient.dll) ======================================== C:\Program Files\Ad-Remover\Quarantine: 3 Fichier(s) C:\Program Files\Ad-Remover\Backup: 14 Fichier(s) C:\Ad-Report-CLEAN[1].txt - 13/06/2011 14:49:19 (527 Octet(s)) C:\Ad-Report-SCAN[1].txt - 13/06/2011 13:59:34 (2992 Octet(s)) Fin à: 14:49:37, 13/06/2011 ============== E.O.F ==============

2011/06/13 13:34:06.0734 4004 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48 2011/06/13 13:34:06.0937 4004 ================================================================================ 2011/06/13 13:34:06.0937 4004 SystemInfo: 2011/06/13 13:34:06.0937 4004 2011/06/13 13:34:06.0937 4004 OS Version: 5.1.2600 ServicePack: 2.0 2011/06/13 13:34:06.0937 4004 Product type: Workstation 2011/06/13 13:34:06.0937 4004 ComputerName: SANS-5D17F16486 2011/06/13 13:34:06.0937 4004 UserName: THOR 2011/06/13 13:34:06.0937 4004 Windows directory: C:\WINDOWS 2011/06/13 13:34:06.0937 4004 System windows directory: C:\WINDOWS 2011/06/13 13:34:06.0937 4004 Processor architecture: Intel x86 2011/06/13 13:34:06.0937 4004 Number of processors: 4 2011/06/13 13:34:06.0937 4004 Page size: 0x1000 2011/06/13 13:34:06.0937 4004 Boot type: Normal boot 2011/06/13 13:34:06.0937 4004 ================================================================================ 2011/06/13 13:34:07.0734 4004 Initialize success 2011/06/13 13:34:16.0640 2188 ================================================================================ 2011/06/13 13:34:16.0640 2188 Scan started 2011/06/13 13:34:16.0640 2188 Mode: Manual; 2011/06/13 13:34:16.0640 2188 ================================================================================ 2011/06/13 13:34:17.0406 2188 ACPI (0bd94fbfc14ea3606cd6ca4c0255baa3) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/06/13 13:34:17.0421 2188 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/06/13 13:34:17.0453 2188 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys 2011/06/13 13:34:17.0453 2188 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys 2011/06/13 13:34:17.0546 2188 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys 2011/06/13 13:34:17.0578 2188 AppleCharger (75a8b998eb259dd512f01ea25bec7f3b) C:\WINDOWS\system32\DRIVERS\AppleCharger.sys 2011/06/13 13:34:17.0671 2188 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/06/13 13:34:17.0703 2188 AsIO (663f2fb92608073824ee3106886120f3) C:\WINDOWS\system32\drivers\AsIO.sys 2011/06/13 13:34:17.0718 2188 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/06/13 13:34:17.0750 2188 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/06/13 13:34:17.0750 2188 AtcL001 (19f277bc4ce5689f20f347a6b8aa8c42) C:\WINDOWS\system32\DRIVERS\atl01_xp.sys 2011/06/13 13:34:17.0781 2188 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/06/13 13:34:17.0812 2188 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/06/13 13:34:17.0812 2188 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/06/13 13:34:17.0828 2188 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/06/13 13:34:17.0859 2188 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/06/13 13:34:17.0859 2188 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/06/13 13:34:17.0875 2188 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/06/13 13:34:17.0968 2188 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/06/13 13:34:18.0000 2188 dmboot (e2d3b7620310fe56685f9b15a6b404b3) C:\WINDOWS\system32\drivers\dmboot.sys 2011/06/13 13:34:18.0078 2188 dmio (c77f5c20aa70197a69aa84baa9de43c8) C:\WINDOWS\system32\drivers\dmio.sys 2011/06/13 13:34:18.0093 2188 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/06/13 13:34:18.0093 2188 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys 2011/06/13 13:34:18.0125 2188 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/06/13 13:34:18.0156 2188 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/06/13 13:34:18.0171 2188 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/06/13 13:34:18.0171 2188 Fips (8b121ff880683607ab2aef0340721718) C:\WINDOWS\system32\drivers\Fips.sys 2011/06/13 13:34:18.0187 2188 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/06/13 13:34:18.0203 2188 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 2011/06/13 13:34:18.0218 2188 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/06/13 13:34:18.0250 2188 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/06/13 13:34:18.0296 2188 gdrv (d556cb79967e92b5cc69686d16c1d846) C:\WINDOWS\gdrv.sys 2011/06/13 13:34:18.0375 2188 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/06/13 13:34:18.0406 2188 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/06/13 13:34:18.0421 2188 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/06/13 13:34:18.0437 2188 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/06/13 13:34:18.0500 2188 i8042prt (d1efcbd693b5ba21314d06368c471070) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/06/13 13:34:18.0515 2188 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/06/13 13:34:18.0656 2188 IntcAzAudAddService (991f90d02ec0ec6a425e1c0b1d822562) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2011/06/13 13:34:18.0781 2188 intelppm (dd5ad1e79ac26d3f8d8828ad4627f160) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/06/13 13:34:18.0796 2188 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 2011/06/13 13:34:18.0812 2188 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/06/13 13:34:18.0812 2188 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/06/13 13:34:18.0828 2188 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/06/13 13:34:18.0843 2188 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/06/13 13:34:18.0859 2188 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/06/13 13:34:18.0875 2188 isapnp (54632f1a7de61dc3615d756f2a90fa72) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/06/13 13:34:18.0953 2188 JRAID (222e263cc06e47bda386fe19b88e8583) C:\WINDOWS\system32\DRIVERS\jraid.sys 2011/06/13 13:34:18.0968 2188 Kbdclass (e798705e8dc7fab596ef6bfdf167e007) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/06/13 13:34:18.0984 2188 kbdhid (62dd5eefcec4ef4163f1168d4262a9e4) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/06/13 13:34:19.0000 2188 KeyScramblerDrv (83a174ac30d12186e5c2e56d362d3604) C:\WINDOWS\system32\drivers\keyscrambler.sys 2011/06/13 13:34:19.0015 2188 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys 2011/06/13 13:34:19.0031 2188 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/06/13 13:34:19.0062 2188 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/06/13 13:34:19.0125 2188 Modem (5ac7e16f5b40a6da14b5f2b3ada4693e) C:\WINDOWS\system32\drivers\Modem.sys 2011/06/13 13:34:19.0171 2188 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys 2011/06/13 13:34:19.0203 2188 Mouclass (7d4f19411bd941e1d432a99e24230386) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/06/13 13:34:19.0218 2188 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/06/13 13:34:19.0296 2188 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/06/13 13:34:19.0312 2188 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/06/13 13:34:19.0343 2188 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/06/13 13:34:19.0359 2188 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys 2011/06/13 13:34:19.0390 2188 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/06/13 13:34:19.0390 2188 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/06/13 13:34:19.0406 2188 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/06/13 13:34:19.0406 2188 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/06/13 13:34:19.0437 2188 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys 2011/06/13 13:34:19.0515 2188 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys 2011/06/13 13:34:19.0531 2188 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys 2011/06/13 13:34:19.0546 2188 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/06/13 13:34:19.0546 2188 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/06/13 13:34:19.0562 2188 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/06/13 13:34:19.0562 2188 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/06/13 13:34:19.0578 2188 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/06/13 13:34:19.0593 2188 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/06/13 13:34:19.0625 2188 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/06/13 13:34:19.0640 2188 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys 2011/06/13 13:34:19.0656 2188 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/06/13 13:34:19.0671 2188 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/06/13 13:34:19.0812 2188 nv (3712d332633b853101ab786380c969ec) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/06/13 13:34:19.0921 2188 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/06/13 13:34:19.0937 2188 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/06/13 13:34:19.0937 2188 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/06/13 13:34:19.0953 2188 Parport (318696359ac7df48d1e51974ec527dd2) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/06/13 13:34:19.0968 2188 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/06/13 13:34:19.0968 2188 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/06/13 13:34:19.0984 2188 PCI (7c5da5c1ed801ad8b0309d5514f0b75e) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/06/13 13:34:20.0015 2188 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/06/13 13:34:20.0031 2188 Pcmcia (641da274e163617ea7a33506bc6da8e3) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/06/13 13:34:20.0156 2188 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/06/13 13:34:20.0171 2188 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/06/13 13:34:20.0171 2188 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/06/13 13:34:20.0234 2188 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/06/13 13:34:20.0250 2188 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/06/13 13:34:20.0250 2188 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/06/13 13:34:20.0265 2188 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/06/13 13:34:20.0265 2188 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/06/13 13:34:20.0281 2188 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/06/13 13:34:20.0312 2188 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/06/13 13:34:20.0375 2188 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/06/13 13:34:20.0390 2188 redbook (2cc30b68dd62b73d444a41322cd7fc4c) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/06/13 13:34:20.0406 2188 RTLE8023xp (a1ad65718870dbf2bcb81e3c1406469e) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 2011/06/13 13:34:20.0421 2188 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/06/13 13:34:20.0453 2188 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/06/13 13:34:20.0453 2188 Serial (653201755ca96ab4aaa4131daf6da356) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/06/13 13:34:20.0468 2188 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/06/13 13:34:20.0500 2188 snapman (9bae383d3116a545758d45d0b994ba32) C:\WINDOWS\system32\DRIVERS\snapman.sys 2011/06/13 13:34:20.0531 2188 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys 2011/06/13 13:34:20.0546 2188 sr (b52181023b827acda36c1b76751ebffd) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/06/13 13:34:20.0562 2188 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/06/13 13:34:20.0578 2188 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/06/13 13:34:20.0593 2188 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys 2011/06/13 13:34:20.0640 2188 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/06/13 13:34:20.0703 2188 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/06/13 13:34:20.0718 2188 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/06/13 13:34:20.0734 2188 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/06/13 13:34:20.0734 2188 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/06/13 13:34:20.0750 2188 tifsfilter (38e6ee805f15f829982dceec07a70b2d) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys 2011/06/13 13:34:20.0765 2188 timounter (727e235ab6dcc4dd4fe023366b7da2d3) C:\WINDOWS\system32\DRIVERS\timntr.sys 2011/06/13 13:34:20.0843 2188 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys 2011/06/13 13:34:20.0921 2188 UnlockerDriver5 (4847639d852763ee39415c929470f672) C:\Logiciels\Unlocker 1.8.7 a\Unlocker 1.8.7 apps\Unlocker\UnlockerDriver5.sys 2011/06/13 13:34:20.0984 2188 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys 2011/06/13 13:34:21.0046 2188 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/06/13 13:34:21.0062 2188 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/06/13 13:34:21.0078 2188 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/06/13 13:34:21.0093 2188 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/06/13 13:34:21.0109 2188 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/06/13 13:34:21.0125 2188 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/06/13 13:34:21.0125 2188 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/06/13 13:34:21.0140 2188 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys 2011/06/13 13:34:21.0171 2188 VolSnap (313b1a0d5db26dfe1c34a6c13b2ce0a7) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/06/13 13:34:21.0250 2188 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/06/13 13:34:21.0265 2188 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/06/13 13:34:21.0328 2188 MBR (0x1B8) (dad11e2a62df7f44f938c5059e874339) \Device\Harddisk0\DR0 2011/06/13 13:34:21.0328 2188 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2011/06/13 13:34:21.0328 2188 ================================================================================ 2011/06/13 13:34:21.0328 2188 Scan finished 2011/06/13 13:34:21.0328 2188 ================================================================================ 2011/06/13 13:34:21.0328 2332 Detected object count: 1 2011/06/13 13:34:21.0328 2332 Actual detected object count: 1 2011/06/13 13:35:20.0000 2332 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot 2011/06/13 13:35:20.0000 2332 \Device\Harddisk0\DR0 - ok 2011/06/13 13:35:20.0000 2332 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure 2011/06/13 13:35:22.0906 4368 Deinitialize success ======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 ======= Mis à jour par TeamXscript le 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com Site web: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 13:59:31 le 13/06/2011, Mode normal Microsoft Windows XP Professionnel Service Pack 2 (X86) THOR@SANS-5D17F16486 ( ) ============== RECHERCHE ============== Dossier trouvé: C:\WINDOWS\$XNTUninstall643$ Clé trouvée: HKCU\Software\AutocompleteProBHO Clé trouvée: HKU\.DEFAULT\Software\AutocompleteProBHO Clé trouvée: HKU\S-1-5-18\Software\AutocompleteProBHO Clé trouvée: HKLM\Software\VDownloader\OpenCandy ============== SCAN ADDITIONNEL ============== -- C:\Documents and Settings\THOR\Application Data\Mozilla\FireFox\Profiles\k1wlq7t2.default -- Extensions\keyscrambler@qfx.software.corporation (KeyScrambler) Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} (Flagfox) Prefs.js - browser.download.dir, C:\\Documents and Settings\\THOR\\Bureau\\Téléchargements 2 Prefs.js - browser.startup.homepage, hxxp://orange.fr Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.17 ======================================== **** Internet Explorer Version [6.0.2900.2180] **** HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKCU_Main|Start Page - hxxp://orange.fr/ HKLM_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Start Page - hxxp://home.sweetim.com HKCU_URLSearchHooks|{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - "SearchHook Class" (C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll) HKCU_Toolbar\WebBrowser|{EEE6C35B-6118-11DC-9C72-001320C79847} (x) HKLM_Extensions\{5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - "?" (?) BHO\{2B9F5787-88A5-4945-90E7-C4B18563BC5E} - "KeyScramblerBHO Class" (C:\Logiciels\KeyScrambler 2.6.0 a\KeyScrambler 2.6.0 apps\KeyScrambler\KeyScramblerIE.dll) BHO\{3F10F015-A150-F153-0AF6-C855F746072D} - "?" (c:\windows\system32\wfoanwal.dll) BHO\{CF4A603B-2231-4ABA-AEFF-A1F02D9CBCE4} - "adfavwqhpr Object" (C:\WINDOWS\$XNTUninstall643$\wktly.dll) BHO\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - "Yontoo Layers" (C:\Program Files\PageRage\YontooIEClient.dll) ======================================== C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s) C:\Program Files\Ad-Remover\Backup: 1 Fichier(s) C:\Ad-Report-SCAN[1].txt - 13/06/2011 13:59:34 (480 Octet(s)) Fin à: 13:59:48, 13/06/2011 ============== E.O.F ============== Désolé, j'espère que tu arriveras à dissocier les 2 rapports, je pensais pas qu'il serait aussi prés.

Il a bien détecté un malware tout à l'heure, et l'option était "cure" 2011/06/13 13:45:32.0609 3784 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48 2011/06/13 13:45:33.0500 3784 ================================================================================ 2011/06/13 13:45:33.0500 3784 SystemInfo: 2011/06/13 13:45:33.0500 3784 2011/06/13 13:45:33.0500 3784 OS Version: 5.1.2600 ServicePack: 2.0 2011/06/13 13:45:33.0500 3784 Product type: Workstation 2011/06/13 13:45:33.0500 3784 ComputerName: SANS-5D17F16486 2011/06/13 13:45:33.0500 3784 UserName: THOR 2011/06/13 13:45:33.0500 3784 Windows directory: C:\WINDOWS 2011/06/13 13:45:33.0500 3784 System windows directory: C:\WINDOWS 2011/06/13 13:45:33.0500 3784 Processor architecture: Intel x86 2011/06/13 13:45:33.0500 3784 Number of processors: 4 2011/06/13 13:45:33.0500 3784 Page size: 0x1000 2011/06/13 13:45:33.0500 3784 Boot type: Normal boot 2011/06/13 13:45:33.0500 3784 ================================================================================ 2011/06/13 13:45:34.0359 3784 Initialize success

RKreport[1].txt: RogueKiller V5.2.2 [05/06/2011] par Tigzy contact sur Forum Sciences / Forum Informatique - Sur la Toile (SLT) mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/24) Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 2) 32 bits version Demarrage : Mode normal Utilisateur: THOR [Droits d'admin] Mode: Recherche -- Date : 13/06/2011 12:51:14 Processus malicieux: 8 [sUSP PATH] lssas.exe -- c:\documents and settings\thor\application data\lssas.exe -> KILLED [sUSP PATH] manager.exe -- c:\documents and settings\thor\application data\manager.exe -> KILLED [sVCHOST] svchost.exe -- c:\docume~1\thor\locals~1\temp\ncdgdnx\svchost.exe -> KILLED [sVCHOST] svchost.exe -- c:\docume~1\thor\locals~1\temp\ncdgdnx\svchost.exe -> KILLED [sVCHOST] svchost.exe -- c:\docume~1\thor\locals~1\temp\ncdgdnx\svchost.exe -> KILLED [sVCHOST] svchost.exe -- c:\docume~1\thor\locals~1\temp\ncdgdnx\svchost.exe -> KILLED [sVCHOST] svchost.exe -- c:\docume~1\thor\locals~1\temp\ncdgdnx\svchost.exe -> KILLED [sVCHOST] svchost.exe -- c:\docume~1\thor\locals~1\temp\ncdgdnx\svchost.exe -> KILLED Entrees de registre: 10 [sUSP PATH] HKCU\[...]\Run : bagn70dol.exe (C:\Documents and Settings\THOR\Application Data\89E1917597F7C5F4BC7AA8CB38AC110E\bagn70dol.exe) -> FOUND [sUSP PATH] HKCU\[...]\Run : {58076653-63AC-EC06-EC36-D5B75F853938} ("C:\Documents and Settings\THOR\Application Data\Olalu\iscae.exe") -> FOUND [sUSP PATH] HKLM\[...]\Run : Local Account Service (C:\Documents and Settings\THOR\Application Data\lssas.exe) -> FOUND [sUSP PATH] HKLM\[...]\Run : mslivemsn (C:\DOCUME~1\THOR\LOCALS~1\Temp\ncdgdnx\svchost.exe) -> FOUND [sUSP PATH] HKLM\[...]\Run : Plug Manager (C:\Documents and Settings\THOR\Application Data\manager.exe) -> FOUND [sUSP PATH] HKLM\[...]\Run : Input Manager (C:\Documents and Settings\THOR\Application Data\conima.exe) -> FOUND [sUSP PATH] HKUS\S-1-5-21-1614895754-602162358-725345543-1003[...]\Run : bagn70dol.exe (C:\Documents and Settings\THOR\Application Data\89E1917597F7C5F4BC7AA8CB38AC110E\bagn70dol.exe) -> FOUND [sUSP PATH] HKUS\S-1-5-21-1614895754-602162358-725345543-1003[...]\Run : {58076653-63AC-EC06-EC36-D5B75F853938} ("C:\Documents and Settings\THOR\Application Data\Olalu\iscae.exe") -> FOUND [sUSP PATH] Antimalware Doctor.lnk : C:\Documents and Settings\THOR\Application Data\89E1917597F7C5F4BC7AA8CB38AC110E\bagn70dol.exe -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND Fichier HOSTS: Termine : << RKreport[1].txt >> RKreport[1].txt RKreport[2].txt: RogueKiller V5.2.2 [05/06/2011] par Tigzy contact sur Forum Sciences / Forum Informatique - Sur la Toile (SLT) mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/24) Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 2) 32 bits version Demarrage : Mode normal Utilisateur: THOR [Droits d'admin] Mode: Suppression -- Date : 13/06/2011 12:51:28 Processus malicieux: 0 Entrees de registre: 8 [sUSP PATH] HKCU\[...]\Run : bagn70dol.exe (C:\Documents and Settings\THOR\Application Data\89E1917597F7C5F4BC7AA8CB38AC110E\bagn70dol.exe) -> DELETED [sUSP PATH] HKCU\[...]\Run : {58076653-63AC-EC06-EC36-D5B75F853938} ("C:\Documents and Settings\THOR\Application Data\Olalu\iscae.exe") -> DELETED [sUSP PATH] HKLM\[...]\Run : Local Account Service (C:\Documents and Settings\THOR\Application Data\lssas.exe) -> DELETED [sUSP PATH] HKLM\[...]\Run : mslivemsn (C:\DOCUME~1\THOR\LOCALS~1\Temp\ncdgdnx\svchost.exe) -> DELETED [sUSP PATH] HKLM\[...]\Run : Plug Manager (C:\Documents and Settings\THOR\Application Data\manager.exe) -> DELETED [sUSP PATH] HKLM\[...]\Run : Input Manager (C:\Documents and Settings\THOR\Application Data\conima.exe) -> DELETED [sUSP PATH] Antimalware Doctor.lnk : C:\Documents and Settings\THOR\Application Data\89E1917597F7C5F4BC7AA8CB38AC110E\bagn70dol.exe -> DELETED [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) Fichier HOSTS: Termine : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt

RogueKiller V5.2.2 [05/06/2011] par Tigzy contact sur Forum Sciences / Forum Informatique - Sur la Toile (SLT) mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/24) Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 2) 32 bits version Demarrage : Mode normal Utilisateur: THOR [Droits d'admin] Mode: Suppression -- Date : 13/06/2011 12:52:14 Processus malicieux: 0 Entrees de registre: 0 Fichier HOSTS: Termine : << RKreport[3].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

Rapport de ZHPDiag v1.27.2291 par Nicolas Coolman, Update du 10/06/2011 Run by THOR at 13/06/2011 12:02:59 Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html ---\\ Web Browser MSIE: Internet Explorer v6.0.2900.2180 MFIE: Mozilla Firefox v3.6.17 (fr) (Defaut) ---\\ System Information Windows XP Professional Service Pack 2 (Build 2600) Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 3326 MB (75% free) System Restore: Activé (Enable) System drive C: has 243 GB (95%) free of 255 GB ---\\ Logged in mode Computer Name: SANS-5D17F16486 User Name: THOR All Users Names: THOR, SUPPORT_388945a0, HelpAssistant, Administrateur, Unselected Option: O45,O61,O62,O65,O66,O82 Logged in as Administrator ---\\ Environnement Variables %AppData%=C:\Documents and Settings\THOR\Application Data %LocalAppData%=C:\Documents and Settings\THOR\Local Settings\Application Data %StartMenu%=C:\Documents and Settings\THOR\Menu Démarrer ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 243 Go of 255 Go) D:\ CD-ROM drive (Not Inserted) E:\ CD-ROM drive (Not Inserted) F:\ Floppy drive, Flash card reader, USB Key (Not Inserted) G:\ Hard drive, Flash drive, Thumb drive (Free 341 Go of 343 Go) H:\ Floppy drive, Flash card reader, USB Key (Not Inserted) I:\ Floppy drive, Flash card reader, USB Key (Not Inserted) J:\ Floppy drive, Flash card reader, USB Key (Not Inserted) K:\ Floppy drive, Flash card reader, USB Key (Not Inserted) L:\ Hard drive, Flash drive, Thumb drive (Free 323 Go of 334 Go) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: OK ---\\ Recherche particulière de fichiers génériques [MD5.2A7BD330924252A2FD80344FC949BB72] - (.Microsoft Corporation - Explorateur Windows.) (.02/03/2006 13:00:00.) -- C:\WINDOWS\Explorer.exe [1036288] [MD5.4E958B97EFC3D801F49283D1820F48B7] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.02/03/2006 13:00:00.) -- C:\WINDOWS\system32\wininet.dll [660480] [MD5.123EEA158F74D0F67A51DCDF065D1091] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.02/03/2006 13:00:00.) -- C:\WINDOWS\system32\Winlogon.exe [506368] [MD5.CDFE4411A69C224BD1D11B2DA92DAC51] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.03/08/2004 21:59:44.) -- C:\WINDOWS\system32\drivers\atapi.sys [95360] [MD5.B78BE402C3F63DD55521F73876951CDD] - (.Microsoft Corporation - NT File System Driver.) (.02/03/2006 13:00:00.) -- C:\WINDOWS\system32\drivers\ntfs.sys [574592] ---\\ Processus lancés [MD5.8866078139C403A28CB4CB460CA6DC90] - (.Microsoft Corporation - Serveur de gestion de ressources des cartes.) -- C:\WINDOWS\System32\SCardSvr.exe [100352] [MD5.3E085118BDDE603452DC165107DC8FA4] - (.Acronis - Acronis Scheduler 2.) -- C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe [122880] [MD5.382B151DAFFE4A9CE9DA9F564B66761E] - (.DeviceVM, Inc. - Browser Configuration Utility Auto-recovery.) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe [223464] [MD5.9B2CE161927038D4CABE0482A14FD052] - (.Microsoft Corporation - COM Surrogate.) -- C:\WINDOWS\system32\dllhost.exe [5120] [MD5.07670C1A220BBE5A134A423295E66ED1] - (...) -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe [68136] [MD5.AD5DF6F4FBBC798636EDC66BFEC7D0DE] - (.Pas de propriétaire - Inkjet Printer/Scanner/Fax Extended Survey.) -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104] [MD5.0F291C05F73900FCFC9FE09B52B0EE8D] - (.iolo technologies, LLC - iolo System component.) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe [724152] [MD5.9AE07549A0D691A103FAF8946554BDB7] - (.Sun Microsystems, Inc. - Java Quick Starter Service.) -- C:\Program Files\Java\jre6\bin\jqs.exe [153376] [MD5.8BED9D1EE78AD1041837A75C4CC39DAA] - (...) -- C:\Documents and Settings\THOR\Application Data\lssas.exe [69632] [MD5.357CDE6C24EB15888E810C6D2787C238] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 169.0.) -- C:\WINDOWS\system32\nvsvc32.exe [155716] [MD5.8A9DF158B344204CB77D391CCC2FBA2C] - (.Acronis - TrueImage.) -- C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe [437675] [MD5.F61B2FB85C33A69B03CEF8622087DAD8] - (.Acronis - Acronis Scheduler Helper.) -- C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe [61440] [MD5.CDD7140C0EAA754C527B983CCC9993CD] - (...) -- C:\WINDOWS\system32\RUNDLL32.EXE [33792] [MD5.FB309A962EACD8D104225CA857614412] - (.DeviceVM, Inc. - Browser Configuration Utility.) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe [375000] [MD5.71A56E43DDCE106416E45A42106DAA19] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.EXE [18791456] [MD5.50F85FE43AF859330CC9515353EF300C] - (.CANON INC. - Canon My Printer.) -- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2516296] [MD5.149F53B6FEA3989CE8D4D8D010882FA6] - (.Nero AG - Nero Home.) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe [94208] [MD5.9806EAFE682766EADEE921DCBDA5231A] - (.Heidi Computers Ltd - Eraser..) -- C:\Logiciels\Eraser 5.8 a\Eraser 5.8 apps\Eraser\eraser.exe [634880] [MD5.EF4C0AD079BC6909BA752763630D746F] - (...) -- C:\Documents and Settings\THOR\Application Data\manager.exe [69632] [MD5.47256FA29C06F81E71C9AECEAABA5BFC] - (...) -- C:\DOCUME~1\THOR\LOCALS~1\Temp\ncdgdnx\svchost.exe [36352] [MD5.F714D4F456A6B91212966B3CA19F720C] - (.AxBx - Service VirusKeeper antivirus/antispyware.) -- C:\Logiciels\Virus Keeper 2011 a\Virus Keeper 2011 apps\VirusKeeper 2011 Pro\vk_service.exe [1121664] [MD5.E6CC7BCDD9C7D6874F7CA24F9F68E10B] - (.AxBx - VirusKeeper 2009.) -- C:\Logiciels\Virus Keeper 2011 a\Virus Keeper 2011 apps\VirusKeeper 2011 Pro\vk_watchop.exe [418664] [MD5.D938FB6915EA338BDFC0DCF8773634C5] - (.Mozilla Corporation - Firefox.) -- C:\Logiciels\Mozilla Firefox 7 a\Mozilla Firefox 7 apps\firefox.exe [912344] [MD5.E68C1EFDA668BFF3E2023C72E9EF7A93] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Logiciels\Mozilla Firefox 7 a\Mozilla Firefox 7 apps\plugin-container.exe [16856] [MD5.F44BB9A608C0577776022E2E9132325D] - (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\WINDOWS\system32\cmd.exe [400896] [MD5.385D1644E676C96EB07848ADA63E37FA] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE [93184] [MD5.84CA41DCCC78870E086CD2BF157367D6] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Logiciels\ZHPDiag a\ZHPDiag.exe [658944] ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Documents and Settings\THOR\Application Data\Mozilla\Firefox\Profiles\k1wlq7t2.default\prefs.js P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll P2 - FPN: [HKLM] [@canon.com/EPPEX] - (.CANON INC. - CANON iMAGE GATEWAY Album Plugin Utility Module.) -- C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.dll P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_22 for Mozilla browsers.) -- C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll P2 - FPN: [HKLM] [@videolan.org/vlc,version=1.0.5] - (.the VideoLAN Team - Version 1.0.5, copyright 1996-2010 The VideoLAN Team<br><a href="http:.) -- C:\Logiciels\VLC media player 0.9.8 a\VLC media player 0.9.8 apps\VLC\npvlc.dll M0 - MFSP: prefs.js [THOR - k1wlq7t2.default] http://orange.fr'>http://orange.fr'>http://orange.fr M2 - MFEP: prefs.js [THOR - k1wlq7t2.default\keyscrambler@qfx.software.corporation] [] KeyScrambler v2.6.0.0 (.QFX Software Corporation.) M2 - MFEP: prefs.js [THOR - k1wlq7t2.default\personas@christopher.beard] [personas] Personas v1.6.2 (.Chris Beard.) M2 - MFEP: prefs.js [THOR - k1wlq7t2.default\{1018e4d6-728f-4b20-ad56-37578a4de76b}] [] Flagfox v4.1.3 (.Dave Garrett.) M2 - MFEP: prefs.js [THOR - k1wlq7t2.default\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}] [adblockplus] Adblock Plus v1.3.8 (.Wladimir Palant.) ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Documents and Settings\THOR\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences G1 - GCS: Preference [user Data\Default] None G0 - GCSP: Preference [user Data\Default][HomePage] http://www.google.com ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://orange.fr R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R0 - HKUS\S-1-5-21-1614895754-602162358-725345543-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://orange.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com'>http://go.microsoft.com'>http://go.microsoft.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com'>http://www.microsoft.com'>http://www.microsoft.com'>http://www.microsoft.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com R1 - HKUS\S-1-5-21-1614895754-602162358-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} . (.DeviceVM, Inc. - Browser Configuration Utility Address Bar S.) (1.1.18.0) -- C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Bibliothèque d'objets et de contrôles de do.) (No version) -- %SystemRoot%\system32\shdocvw.dll ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ---\\ ---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe, F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} . (.QFX Software Corporation - KeyScrambler Program DLL.) -- C:\Logiciels\KeyScrambler 2.6.0 a\KeyScrambler 2.6.0 apps\KeyScrambler\KeyScramblerIE.dll O2 - BHO: (no name) - {3F10F015-A150-F153-0AF6-C855F746072D} . (...) -- c:\windows\system32\wfoanwal.dll O2 - BHO: Z-opti Browser Enhancer - {CF4A603B-2231-4ABA-AEFF-A1F02D9CBCE4} . (...) -- C:\WINDOWS\$XNTUninstall643$\wktly.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} . (.Sun Microsystems, Inc. - Java Quick Starter binary.) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} . (.Yontoo Technology, Inc. - Yontoo Layers Client.) -- C:\Program Files\PageRage\YontooIEClient.dll ---\\ ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [JMB36X IDE Setup] . (...) -- C:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] . (.JMicron Technology Corp. - JMicron JMB36X RAID Configurer.) -- C:\WINDOWS\system32\xRaidSetup.exe O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll O4 - HKLM\..\Run: [nwiz] . (...) -- C:\Windows\System32\nwiz.exe O4 - HKLM\..\Run: [NeroFilterCheck] . (.Nero AG - NeroCheck.) -- C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Cloneur Expert Monitor] . (.Acronis - TrueImage.) -- C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] . (.Acronis - Acronis Scheduler Helper.) -- C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Logiciels\Adobe Acrobat Reader 9.2 a\Adobe Acrobat Reader 9.2 apps\Reader\Reader_sl.exe O4 - HKLM\..\Run: [VirusKeeper] . (.AxBx - VirusKeeper 2011.) -- C:\Logiciels\Virus Keeper 2011 a\Virus Keeper 2011 apps\VirusKeeper 2011 Pro\VirusKeeper.exe O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\WINDOWS\system32\NvMcTray.dll O4 - HKLM\..\Run: [bCU] . (.DeviceVM, Inc. - Browser Configuration Utility.) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe O4 - HKLM\..\Run: [CanonMyPrinter] . (.CANON INC. - Canon My Printer.) -- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe O4 - HKLM\..\Run: [Local Account Service] . (...) -- C:\Documents and Settings\THOR\Application Data\lssas.exe O4 - HKLM\..\Run: [mslivemsn] . (...) -- C:\DOCUME~1\THOR\LOCALS~1\Temp\ncdgdnx\svchost.exe O4 - HKLM\..\Run: [Plug Manager] . (...) -- C:\Documents and Settings\THOR\Application Data\manager.exe O4 - HKLM\..\Run: [input Manager] C:\Documents and Settings\THOR\Application Data\conima.exe (.not file.) O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe O4 - HKCU\..\Run: [Eraser] . (.Heidi Computers Ltd - Eraser..) -- C:\Logiciels\Eraser 5.8 a\Eraser 5.8 apps\Eraser\eraser.exe O4 - HKCU\..\Run: [bagn70dol.exe] C:\Documents and Settings\THOR\Application Data\89E1917597F7C5F4BC7AA8CB38AC110E\bagn70dol.exe (.not file.) O4 - HKCU\..\Run: [{58076653-63AC-EC06-EC36-D5B75F853938}] . (.Asses Mantle - Asses Try Women.) -- C:\Documents and Settings\THOR\Application Data\Olalu\iscae.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-21-1614895754-602162358-725345543-1003\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe O4 - HKUS\S-1-5-21-1614895754-602162358-725345543-1003\..\Run: [Eraser] . (.Heidi Computers Ltd - Eraser..) -- C:\Logiciels\Eraser 5.8 a\Eraser 5.8 apps\Eraser\eraser.exe O4 - HKUS\S-1-5-21-1614895754-602162358-725345543-1003\..\Run: [bagn70dol.exe] C:\Documents and Settings\THOR\Application Data\89E1917597F7C5F4BC7AA8CB38AC110E\bagn70dol.exe (.not file.) O4 - HKUS\S-1-5-21-1614895754-602162358-725345543-1003\..\Run: [{58076653-63AC-EC06-EC36-D5B75F853938}] . (.Asses Mantle - Asses Try Women.) -- C:\Documents and Settings\THOR\Application Data\Olalu\iscae.exe O4 - Global Startup: C:\Documents And Settings\THOR\Menu Démarrer\Programmes\Démarrage\Antimalware Doctor.lnk . (...) -- C:\Documents and Settings\THOR\Application Data\89E1917597F7C5F4BC7AA8CB38AC110E\bagn70dol.exe (.not file.) ---\\ ---\\ Autres liens utilisateurs (O4) O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Adobe Reader X.lnk . (...) -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-AA0000000001}\SC_Reader.ico O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Windows Movie Maker.lnk . (.Microsoft Corporation.) -- C:\Program Files\Movie Maker\moviemk.exe O4 - Global Startup: C:\Documents And Settings\THOR\Menu Démarrer\Programmes\Assistance à distance.lnk . (.Microsoft Corporation.) -- C:\WINDOWS\system32\rcimlby.exe O4 - Global Startup: C:\Documents And Settings\THOR\Menu Démarrer\Programmes\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE O4 - Global Startup: C:\Documents And Settings\THOR\Menu Démarrer\Programmes\Lecteur Windows Media.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe O4 - Global Startup: C:\Documents And Settings\THOR\Menu Démarrer\Programmes\Outlook Express.lnk . (.Microsoft Corporation.) -- C:\Program Files\Outlook Express\msimn.exe O4 - Global Startup: C:\Documents And Settings\THOR\Menu Démarrer\Programmes\Social Games.lnk - Clé orpheline ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} -- Clé orpheline ---\\ Winsock hijacker (Layered Service Provider) (O10) O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{6858F11D-8F9C-4EAC-B4FC-1140A8972CA3}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{E1F1A964-8D6B-449B-9A7D-33DCADA8DAF0}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{6858F11D-8F9C-4EAC-B4FC-1140A8972CA3}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{6858F11D-8F9C-4EAC-B4FC-1140A8972CA3}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{E1F1A964-8D6B-449B-9A7D-33DCADA8DAF0}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\Windows\System32\crypt32.dll O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\Windows\System32\cryptnet.dll O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\Windows\System32\cscdll.dll O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\Windows\System32\sclgntfy.dll O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\WlNotify.dll O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Contrôleur de site Web.) -- C:\WINDOWS\system32\webcheck.dll O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objet du service d'environnement Systray.) -- C:\WINDOWS\system32\stobject.dll ---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22) O22 - SharedTaskScheduler: (no name) - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: (AcrSch2Svc) . (.Acronis - Acronis Scheduler 2.) - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe O23 - Service: (AppleChargerSrv) - Clé orpheline O23 - Service: (BCUService) . (.DeviceVM, Inc. - Browser Configuration Utility Auto-recovery.) - C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe O23 - Service: (dmadmin) . (.Microsoft Corp., Veritas Software - Processus du service Gestionnaire de disque.) - C:\WINDOWS\System32\dmadmin.exe O23 - Service: GEST Service for program management. (GEST Service) . (...) - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe O23 - Service: (IJPLMSVC) . (.Pas de propriétaire - Inkjet Printer/Scanner/Fax Extended Survey.) - C:\Program Files\Canon\IJPLM\IJPLMSVC.exe O23 - Service: (Input Manager) . (...) - C:\Documents and Settings\THOR\Application Data\Input.bat O23 - Service: (ioloFileInfoList) . (.iolo technologies, LLC - iolo System component.) - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe O23 - Service: (ioloSystemService) . (.iolo technologies, LLC - iolo System component.) - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe O23 - Service: (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java Quick Starter Service.) - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: (Local Account Authority Service) . (...) - C:\Documents and Settings\THOR\Application Data\LocalAccountAuthority.bat O23 - Service: (MouseDriver) . (...) - C:\Documents and Settings\THOR\Application Data\MouseDriver.bat O23 - Service: (NVSvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 169.0.) - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: (Plug Manager) . (...) - C:\Documents and Settings\THOR\Application Data\Plug.bat O23 - Service: (vkservice) . (.AxBx - Service VirusKeeper antivirus/antispyware.) - C:\Logiciels\Virus Keeper 2011 a\Virus Keeper 2011 apps\VirusKeeper 2011 Pro\vk_service.exe ---\\ Enumération Active Desktop & MHTML Editor (O24) O24 - Default MHTML Editor: Last - .(...) - (.not file.) ---\\ Pilotes lancés au démarrage (O41) O41 - Driver: (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\WINDOWS\system32\drivers\afd.sys O41 - Driver: (AppleCharger) . (...) - C:\WINDOWS\System32\DRIVERS\AppleCharger.sys O41 - Driver: (AsIO) . (...) - C:\WINDOWS\System32\drivers\AsIO.sys O41 - Driver: (Cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\WINDOWS\System32\DRIVERS\cdrom.sys O41 - Driver: (i8042prt) . (.Microsoft Corporation - Pilote de port i8042.) - C:\WINDOWS\System32\DRIVERS\i8042prt.sys O41 - Driver: (Imapi) . (.Microsoft Corporation - IMAPI Kernel Driver.) - C:\WINDOWS\System32\DRIVERS\imapi.sys O41 - Driver: (intelppm) . (.Microsoft Corporation - Pilote de périphérique processeur.) - C:\WINDOWS\System32\DRIVERS\intelppm.sys O41 - Driver: (IPSec) . (.Microsoft Corporation - IPSec Driver.) - C:\WINDOWS\System32\DRIVERS\ipsec.sys O41 - Driver: (Kbdclass) . (.Microsoft Corporation - Pilote de la classe Clavier.) - C:\WINDOWS\System32\DRIVERS\kbdclass.sys O41 - Driver: (kbdhid) . (.Microsoft Corporation - Pilote de filtre souris HID.) - C:\WINDOWS\System32\DRIVERS\kbdhid.sys O41 - Driver: (Mouclass) . (.Microsoft Corporation - Pilote de la classe Souris.) - C:\WINDOWS\System32\DRIVERS\mouclass.sys O41 - Driver: (MRxSmb) . (.Microsoft Corporation - Windows NT SMB Minirdr.) - C:\WINDOWS\System32\DRIVERS\mrxsmb.sys O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\WINDOWS\System32\DRIVERS\netbios.sys O41 - Driver: (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\WINDOWS\System32\DRIVERS\netbt.sys O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\WINDOWS\System32\DRIVERS\rasacd.sys O41 - Driver: (Rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\WINDOWS\System32\DRIVERS\rdbss.sys O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\WINDOWS\System32\DRIVERS\RDPCDD.sys O41 - Driver: (redbook) . (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) - C:\WINDOWS\System32\DRIVERS\redbook.sys O41 - Driver: (Serial) . (.Microsoft Corporation - Pilote de périphérique série.) - C:\WINDOWS\System32\DRIVERS\serial.sys O41 - Driver: (Tcpip) . (.Microsoft Corporation - TCP/IP Protocol Driver.) - C:\WINDOWS\System32\DRIVERS\tcpip.sys O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\WINDOWS\System32\DRIVERS\termdd.sys O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\WINDOWS\system32\drivers\vga.sys ---\\ Logiciels installés (O42) O42 - Logiciel: ASUSUpdate - (.Pas de propriétaire.) [HKLM] -- {587178E7-B1DF-494E-9838-FA4DD36E873C} O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin O42 - Logiciel: Adobe Flash Player 9 ActiveX - (.Adobe Systems, Inc..) [HKLM] -- {8186E1B9-DDC6-45B6-B9EB-C28947CBC4CF} O42 - Logiciel: Adobe Reader X (10.0.1) - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-AA0000000001} O42 - Logiciel: Archiveur WinRAR - (.Pas de propriétaire.) [HKLM] -- WinRAR archiver O42 - Logiciel: Ashampoo Snap 4.1.0 - (.ashampoo GmbH & Co. KG.) [HKLM] -- Ashampoo Snap 4_is1 O42 - Logiciel: Attansic Ethernet Utility - (.Attansic.) [HKLM] -- {1F698102-5739-441E-96F0-74F4EA540F06} O42 - Logiciel: Attansic L1 Gigabit Ethernet Driver - (.Pas de propriétaire.) [HKLM] -- AtcL1 O42 - Logiciel: Browser Configuration Utility - (.DeviceVM Inc..) [HKLM] -- {A2F991E7-DDCD-42B7-AFEC-47789A099FDC} O42 - Logiciel: CD-LabelPrint - (.Pas de propriétaire.) [HKLM] -- MediaNavigation.CDLabelPrint O42 - Logiciel: Canon Easy-PhotoPrint EX - (.Pas de propriétaire.) [HKLM] -- Easy-PhotoPrint EX O42 - Logiciel: Canon Inkjet Printer/Scanner/Fax Extended Survey Program - (.Pas de propriétaire.) [HKLM] -- CANONIJPLM100 O42 - Logiciel: Canon MG5200 series MP Drivers - (.Pas de propriétaire.) [HKLM] -- {1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series O42 - Logiciel: Canon MP Navigator EX 4.0 - (.Pas de propriétaire.) [HKLM] -- MP Navigator EX 4.0 O42 - Logiciel: Canon My Printer - (.Pas de propriétaire.) [HKLM] -- CanonMyPrinter O42 - Logiciel: Cloneur Expert - (.Micro Application.) [HKLM] -- Cloneur Expert O42 - Logiciel: Enable S3 for USB Device - (.Pas de propriétaire.) [HKLM] -- Enable S3 for USB Device O42 - Logiciel: Energy Saver Advance B9.0904.1 - (.GIGABYTE.) [HKLM] -- {7ED169D4-5053-4166-93DF-53B12AE6C539} O42 - Logiciel: Enregistrement utilisateur de Canon MG5200 series - (.Pas de propriétaire.) [HKLM] -- Enregistrement utilisateur de Canon MG5200 series O42 - Logiciel: Eraser 5.8 - (.Heidi Computers Ltd..) [HKLM] -- {B80CC46C-5839-4A48-B051-3CACF23A2718}_is1 O42 - Logiciel: High Definition Audio Driver Package - KB888111 - (.Microsoft Corporation.) [HKLM] -- KB888111WXPSP2 O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595 O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM] -- KB954550-v5 O42 - Logiciel: JMB36X Raid Configurer - (.JMICRON Technology Corp..) [HKLM] -- {3A1B5D40-41E9-43FA-8C7B-A8667F5586EF} O42 - Logiciel: Java 6 Update 22 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216022FF} O42 - Logiciel: KeyScrambler - (.QFX Software Corporation.) [HKLM] -- KeyScrambler O42 - Logiciel: MSXML 6.0 Parser (KB933579) - (.Microsoft Corporation.) [HKLM] -- {0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} O42 - Logiciel: Micro Application - Etiquettes CD-DVD 2006 - (.Pas de propriétaire.) [HKLM] -- {18626914-38D7-4560-8AFB-B61534802670} O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1 O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {7299052b-02a4-4627-81f2-1818da5d550d} O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989} O42 - Logiciel: Mozilla Firefox (3.6.17) - (.Mozilla.) [HKLM] -- Mozilla Firefox (3.6.17) O42 - Logiciel: NVIDIA Drivers - (.Pas de propriétaire.) [HKLM] -- NVIDIA Drivers O42 - Logiciel: Nero 7 Premium - (.Nero AG.) [HKLM] -- {70AB1576-7883-2313-C650-7A71270B1036} O42 - Logiciel: Nettoyeur de disque - (.Micro Application.) [HKLM] -- Nettoyeur de disque O42 - Logiciel: ON_OFF Charge B10.0427.1 - (.GIGABYTE.) [HKLM] -- {3DECD372-76A1-4483-BF10-B547790A3261} O42 - Logiciel: OpenOffice.org 3.3 - (.OpenOffice.org.) [HKLM] -- {05653DE1-6567-40C6-B930-39D399B64369} O42 - Logiciel: PC Probe II - (.Pas de propriétaire.) [HKLM] -- {F7338FA3-DAB5-49B2-900D-0AFB5760C166} O42 - Logiciel: PageRage 1.10.01 - (.Pas de propriétaire.) [HKLM] -- {889DF117-14D1-44EE-9F31-C5FB5D47F68B} O42 - Logiciel: Partition Suite - (.Micro Application.) [HKLM] -- PartitionSuite O42 - Logiciel: REALTEK GbE & FE Ethernet PCI-E NIC Driver - (.Realtek.) [HKLM] -- {C9BED750-1211-4480-B1A5-718A3BE15525} O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} O42 - Logiciel: Revo Uninstaller 1.92 - (.VS Revo Group.) [HKLM] -- Revo Uninstaller O42 - Logiciel: Speccy - (.Piriform.) [HKLM] -- Speccy O42 - Logiciel: Unlocker 1.8.7 - (.Cedrick Collomb.) [HKLM] -- Unlocker O42 - Logiciel: VLC media player 1.0.5 - (.VideoLAN Team.) [HKLM] -- VLC media player O42 - Logiciel: VirusKeeper 2011 Pro - (.AxBx.) [HKLM] -- VirusKeeper 2011 Pro_is1 O42 - Logiciel: Windows Imaging Component - (.Microsoft Corporation.) [HKLM] -- WIC O42 - Logiciel: Windows Installer 3.1 (KB893803) - (.Microsoft Corporation.) [HKLM] -- KB893803v2 O42 - Logiciel: XnView 1.97.3 - (.Gougelet Pierre-e.) [HKLM] -- XnView_is1 O42 - Logiciel: iolo technologies' System Mechanic - (.iolo technologies, LLC.) [HKLM] -- {55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1 ---\\ HKCU & HKLM Software Keys [HKCU\Software\ASUS] [HKCU\Software\Adobe] [HKCU\Software\Ahead] [HKCU\Software\Antimalware Doctor Inc] [HKCU\Software\Ashampoo] [HKCU\Software\AutocompleteProBHO] [HKCU\Software\CanonBJ] [HKCU\Software\Canon] [HKCU\Software\Classes] [HKCU\Software\Clients] [HKCU\Software\Context] [HKCU\Software\DeviceVM] [HKCU\Software\DownloadCenter] [HKCU\Software\Google] [HKCU\Software\Heidi Computers Ltd] [HKCU\Software\Intel] [HKCU\Software\JavaSoft] [HKCU\Software\Local AppWizard-Generated Applications] [HKCU\Software\Macromedia] [HKCU\Software\MediaNavigation] [HKCU\Software\Micro Application] [HKCU\Software\Mozilla] [HKCU\Software\NVIDIA Corporation] [HKCU\Software\Netscape] [HKCU\Software\OpenOffice.org] [HKCU\Software\Piriform] [HKCU\Software\Policies] [HKCU\Software\QFX Software] [HKCU\Software\Realtek] [HKCU\Software\SweetIM] [HKCU\Software\VB and VBA Program Settings] [HKCU\Software\VSRevoGroup] [HKCU\Software\WinRAR SFX] [HKCU\Software\WinRAR] [HKCU\Software\XnView] [HKCU\Software\Z-opti] [HKCU\Software\iolo] [HKLM\Software\ASUS] [HKLM\Software\Acronis] [HKLM\Software\Adobe] [HKLM\Software\Ashampoo] [HKLM\Software\Attansic] [HKLM\Software\C07ft5Y] [HKLM\Software\Canon] [HKLM\Software\Classes] [HKLM\Software\Clients] [HKLM\Software\Context] [HKLM\Software\Creative Tech] [HKLM\Software\DeviceVM] [HKLM\Software\GIGABYTE] [HKLM\Software\Gemplus] [HKLM\Software\Google] [HKLM\Software\InstallShield] [HKLM\Software\Intel] [HKLM\Software\Iolo] [HKLM\Software\JGsoft] [HKLM\Software\JMICRON Technology Corp.] [HKLM\Software\JavaSoft] [HKLM\Software\JreMetrics] [HKLM\Software\Macromedia] [HKLM\Software\Micro Application] [HKLM\Software\MozillaPlugins] [HKLM\Software\Mozilla] [HKLM\Software\NVIDIA Corporation] [HKLM\Software\Nero] [HKLM\Software\ODBC] [HKLM\Software\OpenOffice.org] [HKLM\Software\Piriform] [HKLM\Software\Policies] [HKLM\Software\Program Groups] [HKLM\Software\QFX Software] [HKLM\Software\RTLSetup] [HKLM\Software\Realtek Semiconductor Corp.] [HKLM\Software\Realtek] [HKLM\Software\RegisteredApplications] [HKLM\Software\Schlumberger] [HKLM\Software\Secure] [HKLM\Software\SweetIM] [HKLM\Software\Tarma Installer] [HKLM\Software\Upncvlyo] [HKLM\Software\VDownloader] [HKLM\Software\VideoLAN] [HKLM\Software\Windows 3.1 Migration Status] [HKLM\Software\Wow6432Node] [HKLM\Software\XnView] [HKLM\Software\Z-opti] [HKLM\Software\a7ksbol43g] [HKLM\Software\ahead] [HKLM\Software\f6h45yhjqa] [HKLM\Software\knight] [HKLM\Software\mozilla.org] [HKLM\Software\skd3uf1wbd] [HKLM\Software\tgs90gv74r] ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 25/04/2011 - 09:34:00 - [3103605] ----D- C:\Program Files\ASUS O43 - CFD: 23/04/2011 - 13:19:12 - [3928106] ----D- C:\Program Files\Attansic O43 - CFD: 02/06/2011 - 08:45:24 - [356815763] ----D- C:\Program Files\Canon O43 - CFD: 02/06/2011 - 08:32:48 - [16916386] --H-D- C:\Program Files\CanonBJ O43 - CFD: 23/04/2011 - 12:47:56 - [0] ----D- C:\Program Files\ComPlus Applications O43 - CFD: 01/06/2011 - 17:58:58 - [2707213] --H-D- C:\Program Files\DeviceVM O43 - CFD: 14/05/2011 - 09:31:24 - [112286298] ----D- C:\Program Files\Fichiers communs O43 - CFD: 01/06/2011 - 18:01:34 - [17796293] ----D- C:\Program Files\GIGABYTE O43 - CFD: 01/06/2011 - 18:01:34 - [24778245] --H-D- C:\Program Files\InstallS

J'ai bien exécuté le logiciel que tu me l'as conseillé, il m'a créé un document texte, cependant les 3 moyens que tu m'as donné pour l'héberger ne fonctionnent pas. Pour sendspace et cijoint.fr, je donne le chemin comme indiquer, mais quand il faut "déposer le fichier" ou "uploader" ça me dirige sur une "page introuvable". Quant à la première méthode, je ne vois pas d'onglet "Ajouter des fichiers joints". En tout cas, merci pour ta réponse

Bonjour, hier, mon antivirus a détecté pleins de malwares et hijack qu'il m'est difficile d'éradiquer. Malgré tout j'ai pu nettoyer ces attaques mais beaucoup de mes logiciels nécessaires à mon travail son devenus instable. On m'a conseillé d'utiliser le logiciel smitfraudfix pour m'indiquer si j'ai toujours des malwares. Mais pour être franc, je ne comprends pas le rapport, aussi je me permet de le poster et j'espère avoir des indications. Merci à tous. Yannou84 SmitFraudFix v2.416 Rapport fait à 10:57:15,96, 13/06/2011 Executé à partir de C:\Documents and Settings\THOR\Bureau\T‚l‚chargements 2\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Documents and Settings\THOR\Application Data\lssas.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe C:\Logiciels\Eraser 5.8 a\Eraser 5.8 apps\Eraser\eraser.exe C:\Documents and Settings\THOR\Application Data\manager.exe C:\WINDOWS\system32\svchost.exe C:\DOCUME~1\THOR\LOCALS~1\Temp\ncdgdnx\svchost.exe C:\Logiciels\Virus Keeper 2011 a\Virus Keeper 2011 apps\VirusKeeper 2011 Pro\vk_service.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\DOCUME~1\THOR\LOCALS~1\Temp\ncdgdnx\svchost.exe C:\Logiciels\Virus Keeper 2011 a\Virus Keeper 2011 apps\VirusKeeper 2011 Pro\vk_watchop.exe C:\Logiciels\Mozilla Firefox 7 a\Mozilla Firefox 7 apps\firefox.exe C:\Logiciels\Mozilla Firefox 7 a\Mozilla Firefox 7 apps\plugin-container.exe C:\DOCUME~1\THOR\LOCALS~1\Temp\ncdgdnx\svchost.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\THOR »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\THOR\LOCALS~1\Temp »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\THOR\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\THOR\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» o4Patch !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! o4Patch Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! Agent.OMZ.Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\WINDOWS\\system32\\Userinit.exe," »»»»»»»»»»»»»»»»»»»»»»»» RK [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Realtek PCIe GBE Family Controller - Miniport d'ordonnancement de paquets DNS Server Search Order: 192.168.1.1 Description: Realtek PCIe GBE Family Controller - Miniport d'ordonnancement de paquets DNS Server Search Order: 192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{6858F11D-8F9C-4EAC-B4FC-1140A8972CA3}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{E1F1A964-8D6B-449B-9A7D-33DCADA8DAF0}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{6858F11D-8F9C-4EAC-B4FC-1140A8972CA3}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{6858F11D-8F9C-4EAC-B4FC-1140A8972CA3}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{E1F1A964-8D6B-449B-9A7D-33DCADA8DAF0}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin