Bonjour, suite a un telechargement de google earth pro (que l'on ma preter) j'ai etais infectere a plusieure reprise (detection par avast) . j'ai donc suprimé se dossier , et lancer malwarebyes j'ai suprimé la liste de la quarentaine . voici le raport . qui peut m'aider Malwarebytes' Anti-Malware 1.33 Version de la base de données: 1725 Windows 5.1.2600 Service Pack 3 04/02/2009 18:06:01 mbam-log-2009-02-04 (18-06-01).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 208605 Temps écoulé: 1 hour(s), 27 minute(s), 17 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 5 Valeur(s) du Registre infectée(s): 2 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 6 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\CLSID\{32c620d6-cc10-4e6a-9715-bacacd5b0e61} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a744f16c-b2d5-4138-81a2-085cdfcde83a} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{32c620d6-cc10-4e6a-9715-bacacd5b0e61} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{a744f16c-b2d5-4138-81a2-085cdfcde83a} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{32c620d6-cc10-4e6a-9715-bacacd5b0e61} (Trojan.BHO) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\webproxy (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SYSTEM.rt32 (Trojan.Agent) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Documents and Settings\HP_Propriétaire\Mes documents\eMule0.49b-Installer1.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Program Files\P2P_Energy\P2P_EnergyToolbarHelper.exe (Adware.NetPumper) -> Quarantined and deleted successfully. C:\Program Files\eMule\Uninstall.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP313\A0089784.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sft.res (Malware.Trace) -> Quarantined and deleted successfully.

Multiple attaque "malwar.trace"

Réponse 1 / 14

Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537

Bonjour,

Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
.

NB : Les rapports sont sauvegardés dans le dossier C:\rsit

titeuf1234 Messages postés 282 Statut Membre 7

voici le raport
Logfile of random's system information tool 1.05 (written by random/random)
Run by HP_Propriétaire at 2009-02-04 18:26:07
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 22 GB (12%) free of 184 GB
Total RAM: 1535 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:26:16, on 04/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Larousse\Encyclopédie Universelle Larousse\Bin\hyperappel.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\HP_Propriétaire\Mes documents\Mes vidéos\Google_Earth_Pro_4.2\Google Earth Pro 4.2.exe
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\IXP000.TMP\bonus_info.exe
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\uimgr9021012141984.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Documents and Settings\HP_Propriétaire\Bureau\RSIT.exe
C:\Program Files\trend micro\HP_Propriétaire.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://store.hp.com/us/en?jumpid=re_r11662_redirect_ETR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\IXP000.TMP\"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Hyperappel de l'Encyclopédie Universelle Larousse.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Rechercher avec Voila - file://C:\Program Files\WANADOO_TOOLBAR\Cache\SelectedContextSearch.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {48DF87EE-F2DE-11D8-BE7F-302050C10815} (FlyLoader Class) - http://www.flygimp.com/loadergimp_fr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {76A2A0AB-38B7-46DB-8E47-F10CDE4D7920} - http://sallevirtuelle.cotesdarmor.fr/ecwplugins/NCS.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://photoservice.photos.orange.fr/telechargement/ImageUploader4.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c986c45dccd7ec) (gupdate1c986c45dccd7ec) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

Réponse 2 / 14

titeuf1234 Messages postés 282 Statut Membre 7

merci de ton aide , je fai de suite ce que tu me dit de fair je poste des que possible

Réponse 3 / 14

Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537

Re,

poste le dernier rapport de combofix.

titeuf1234 Messages postés 282 Statut Membre 7

voici le dernier scan avec combofix il date du 03/02/09

ComboFix 09-02-02.04 - HP_Propriétaire 2009-02-03 9:46:45.15 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1535.1008 [GMT 1:00]
Lancé depuis: c:\documents and settings\HP_Propriétaire\Mes documents\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090202-1] *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-01-03 au 2009-02-03 ))))))))))))))))))))))))))))))))))))
.

2009-02-02 23:08 . 2009-02-02 23:08 <REP> d-------- c:\windows\system32\IOSUBSYS
2009-01-25 11:30 . 2005-08-26 06:00 140,288 --a------ c:\windows\system32\CNMLM79.DLL
2009-01-25 11:30 . 2005-08-26 06:00 8,704 --a------ c:\windows\system32\CNMVS79.DLL
2009-01-23 19:03 . 2009-01-23 19:04 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Nero
2009-01-23 18:36 . 2009-01-23 18:36 4,767 --a------ c:\windows\Irremote.ini
2009-01-23 18:32 . 2009-01-23 18:32 <REP> d-------- c:\program files\Windows Sidebar
2009-01-23 18:12 . 2009-01-23 19:01 <REP> d-------- c:\program files\Fichiers communs\Nero
2009-01-23 18:12 . 2009-01-23 18:24 <REP> d-------- c:\documents and settings\All Users\Application Data\Nero
2009-01-22 23:22 . 2009-02-02 15:14 <REP> d-------- c:\documents and settings\HP_Propriétaire\Shared
2009-01-22 23:22 . 2009-02-02 15:14 <REP> d-------- c:\documents and settings\HP_Propriétaire\Shared
2009-01-22 23:22 . 2009-02-02 15:37 <REP> d-------- c:\documents and settings\HP_Propriétaire\Incomplete
2009-01-22 23:22 . 2009-02-02 15:37 <REP> d-------- c:\documents and settings\HP_Propriétaire\Incomplete
2009-01-22 23:20 . 2009-01-22 23:20 <REP> d-------- c:\program files\P2P_Energy
2009-01-22 23:20 . 2009-01-22 23:21 <REP> d-------- c:\program files\LimeWireTurbo
2009-01-22 23:20 . 2009-01-22 23:20 <REP> d-------- c:\program files\Conduit
2009-01-22 23:20 . 2009-02-02 13:59 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\LimeWireTurbo
2009-01-17 12:58 . 2009-01-17 12:58 0 --a------ c:\windows\nsreg.dat
2009-01-17 12:56 . 2009-01-18 18:20 <REP> d-------- c:\documents and settings\HP_Propriétaire\dwhelper
2009-01-17 12:56 . 2009-01-18 18:20 <REP> d-------- c:\documents and settings\HP_Propriétaire\dwhelper
2009-01-11 19:45 . 2009-01-11 21:25 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Orbit
2009-01-11 19:17 . 2009-01-11 19:18 <REP> d-------- c:\program files\iTunes
2009-01-11 19:17 . 2009-01-11 19:17 <REP> d-------- c:\program files\iPod
2009-01-11 19:17 . 2009-01-11 19:18 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-11 19:16 . 2009-01-11 19:16 <REP> d-------- c:\program files\Bonjour
2009-01-11 01:39 . 2009-01-11 21:21 <REP> d-------- C:\downloads
2009-01-11 01:39 . 2009-01-11 01:41 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\FMZilla
2009-01-11 01:27 . 2009-01-11 21:45 <REP> d-------- c:\program files\Free Music Zilla
2009-01-05 23:33 . 2009-01-05 23:33 3,751,995 --a------ c:\windows\system32\GPhotos.scr
2009-01-05 12:14 . 2009-01-05 12:14 <REP> d-------- C:\Sandbox

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-03 08:07 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\OpenOffice.org2
2009-02-02 22:08 --------- d-----w c:\program files\Google
2009-02-02 11:36 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-01-28 15:00 --------- d-----w c:\program files\eMule
2009-01-26 17:57 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\LimeWire
2009-01-23 17:35 --------- d-----w c:\program files\Nero
2009-01-18 19:21 5,802 ----a-w c:\documents and settings\HP_Propriétaire\Application Data\wklnhst.dat
2009-01-18 13:46 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-18 13:46 --------- d-----w c:\program files\Ubisoft
2009-01-15 20:16 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-14 15:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 15:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-12 06:43 --------- d-----w c:\program files\Apple Software Update
2009-01-11 18:17 --------- d-----w c:\program files\Fichiers communs\Apple
2009-01-11 18:15 --------- d-----w c:\program files\QuickTime
2009-01-11 18:15 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\Apple Computer
2009-01-11 16:46 --------- d-----w c:\program files\ma-config.com
2009-01-11 16:46 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
2008-12-21 11:04 202,040 ----a-w c:\windows\system32\PnkBstrB.exe
2008-12-21 11:04 137,688 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-18 09:35 --------- d-----w c:\program files\Trend Micro
2008-12-17 14:25 --------- d-----w c:\program files\Windows Live Toolbar
2008-12-17 14:25 --------- d-----w c:\program files\Windows Live
2008-12-17 14:24 --------- d-----w c:\program files\Microsoft Sync Framework
2008-12-17 14:22 --------- d-----w c:\program files\Microsoft
2008-12-17 14:21 --------- d-----w c:\program files\Windows Live SkyDrive
2008-12-17 14:12 --------- d-----w c:\program files\Fichiers communs\Windows Live
2008-12-16 14:18 --------- d-----w c:\program files\Java
2008-12-13 06:37 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-12-04 23:11 308,584 ----a-w c:\windows\WLXPGSS.SCR
2008-12-04 20:05 --------- d-----w c:\program files\Fichiers communs\Borland Shared
2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
2008-11-10 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-06-03 17:55 22,328 ----a-w c:\documents and settings\HP_Propriétaire\Application Data\PnkBstrK.sys
2006-08-07 08:25 278,528 ----a-w c:\program files\Fichiers communs\FDEUnInstaller.exe
2004-07-22 09:51 3,432,656 ----a-w c:\program files\ManagedDX.CAB
2004-07-19 21:58 1,156,363 ----a-w c:\program files\BDANT.cab
2004-07-19 21:53 976,020 ----a-w c:\program files\BDAXP.cab
2004-07-09 13:17 13,265,040 ----a-w c:\program files\dxnt.cab
2004-07-09 08:13 703,080 -c--a-w c:\program files\BDA.cab
2004-07-09 08:13 15,493,481 ----a-w c:\program files\DirectX.cab
2004-07-09 03:08 472,576 ----a-w c:\program files\dxsetup.exe
2004-07-09 03:08 2,242,560 ----a-w c:\program files\dsetup32.dll
2004-07-09 02:03 62,976 ----a-w c:\program files\DSETUP.dll
2008-10-12 09:14 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008101220081013\index.dat
.

((((((((((((((((((((((((((((( snapshot_2009-01-23_19.55.01.92 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-26 17:21:30 1,236,208 ----a-w c:\windows\system32\aswBoot.exe
+ 2008-11-26 17:15:10 97,480 ----a-w c:\windows\system32\AvastSS.scr
+ 2008-11-26 17:15:35 26,944 ----a-w c:\windows\system32\drivers\aavmker4.sys
+ 2008-11-26 17:17:25 20,560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys
+ 2008-11-26 17:18:25 93,296 ----a-w c:\windows\system32\drivers\aswmon.sys
+ 2008-11-26 17:18:18 94,032 ----a-w c:\windows\system32\drivers\aswmon2.sys
+ 2008-11-26 17:16:29 23,152 ----a-w c:\windows\system32\drivers\aswRdr.sys
+ 2008-11-26 17:17:36 111,184 ----a-w c:\windows\system32\drivers\aswSP.sys
+ 2008-11-26 17:16:38 50,864 ----a-w c:\windows\system32\drivers\aswTdi.sys
- 2008-02-23 02:38:33 43,872 ----a-w c:\windows\system32\drivers\pxhelp20.sys
+ 2008-07-31 22:17:04 43,872 ----a-w c:\windows\system32\drivers\pxhelp20.sys
+ 2005-08-26 05:00:00 20,992 ----a-w c:\windows\system32\spool\PRTPROCS\W32X86\CNMPD79.DLL
+ 2005-08-26 05:00:00 59,392 ----a-w c:\windows\system32\spool\PRTPROCS\W32X86\CNMPP79.DLL
+ 2009-02-03 08:06:18 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5dc.dat
+ 2009-02-03 08:06:38 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7c8.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P_.dll" [2008-11-23 1784856]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
2008-11-23 23:03 1784856 --a------ c:\program files\P2P_Energy\tbP2P_.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P_.dll" [2008-11-23 1784856]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-26 68856]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"AdobeUpdater"="c:\program files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2008-11-27 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 61440]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-13 339968]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-02-16 185632]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-02 13570048]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-02 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-01-14 399504]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 c:\windows\system32\Hdaudpropshortcut.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
"nwiz"="nwiz.exe" [2008-08-02 c:\windows\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 c:\windows\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 c:\windows\ALCWZRD.EXE]

c:\documents and settings\HP_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 258048]
Hyperappel de l'Encyclop‚die Universelle Larousse.lnk - c:\program files\Larousse\Encyclop‚die Universelle Larousse\Bin\hyperappel.exe [2007-04-01 53248]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.l3codec"= l3codecp.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-23 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-23 20560]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2008-08-10 170640]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-08-10 15504]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-12-19 195752]
S3 ZSMC0305;VIMICRO USB PC Camera V;c:\windows\system32\drivers\usbVM305.sys [2007-10-12 392316]
.
Contenu du dossier 'Tâches planifiées'

2009-01-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe

.
------- Examen supplémentaire -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://orange.fr/
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop
mWindow Title =
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/go/mypcchoice
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Rechercher avec Voila - file://c:\program files\WANADOO_TOOLBAR\Cache\SelectedContextSearch.htm
DPF: {48DF87EE-F2DE-11D8-BE7F-302050C10815} - hxxp://www.flygimp.com/loadergimp_fr.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
DPF: {76A2A0AB-38B7-46DB-8E47-F10CDE4D7920} - hxxp://sallevirtuelle.cotesdarmor.fr/ecwplugins/NCS.cab
DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_1_0_4.cab
FF - ProfilePath - c:\documents and settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\1s3l3iqb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://search.orbitdownloader.com
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-03 09:51:26
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\EN]
@DACL=(02 0000)
"OnLineServicesDirName"="Online Services"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\FR]
@DACL=(02 0000)
"OnLineServicesDirName"="Services en ligne"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\MX]
@DACL=(02 0000)
"OnLineServicesDirName"="Servicios en línea"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\NL]
@DACL=(02 0000)
"OnLineServicesDirName"="Online Services"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\NW]
@DACL=(02 0000)
"OnLineServicesDirName"="Online tjenster"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\SP]
@DACL=(02 0000)
"OnLineServicesDirName"="Servicios en línea"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\SW]
@DACL=(02 0000)
"OnLineServicesDirName"="Online tjänster"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\UK]
@DACL=(02 0000)
"OnLineServicesDirName"="Online services"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\US]
@DACL=(02 0000)
"OnLineServicesDirName"="Online Services"

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Internet Explorer\Toolbar\Explorer]
@DACL=(02 0000)
@SACL=
"ITBarLayout"=hex:11,00,00,00,4c,00,00,00,00,00,00,00,24,00,00,00,19,00,00,00,
3e,00,00,00,01,00,00,00,20,07,00,00,a0,0f,00,00,05,00,00,00,62,05,00,00,26,\

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
@DACL=(02 0000)
@SACL=
"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}"=hex:28,7e,84,b2,7d,5d,eb,4d,8b,67,05,
d2,8b,cf,79,f5
"{0E5CBF21-D15F-11D0-8301-00AA005B4383}"=hex:21,bf,5c,0e,5f,d1,d0,11,83,01,00,
aa,00,5b,43,83,22,00,1c,00,08,00,00,00,06,00,00,00,01,00,00,00,00,00,00,00,\
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}"=hex:81,45,e0,01,ee,4e,d0,11,bf,e9,00,
aa,00,5b,43,83,10,00,00,00,00,00,00,00,01,e0,32,f4,01,00,00,00
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:32,bd,99,ef,fb,c1,d2,11,89,2f,00,
90,27,1d,4f,88
"{4E7BD74F-2B8D-469E-8FB0-B921F5DBF922}"=hex:4f,d7,7b,4e,8d,2b,9e,46,8f,b0,b9,
21,f5,db,f9,22
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"=hex:bf,d1,cd,42,fb,3f,38,42,8a,d1,78,
59,df,00,b1,d6
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"=hex:ad,1d,ad,bd,46,c9,17,4a,ad,c1,64,
b5,b4,ff,55,d0
"{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}"=hex:41,fe,4f,bc,9f,de,fa,46,b4,55,aa,
d4,9b,9f,99,38,7b,41,36,39,45,39,36,31,45,2d,42,37,37,32,2d,34,39,66,36,2d,\
"{71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7}"=hex:f7,ac,b6,71,0f,4f,d8,4f,bb,69,6d,
1a,4d,27,1c,b7
"ITBar7Layout"=hex:13,00,00,00,00,00,00,00,00,00,00,00,30,00,00,00,10,00,04,00,
2b,00,00,00,01,00,00,00,00,07,00,00,5e,01,00,00,08,00,00,00,41,07,00,00,00,\
"ITBarLayout"=hex:11,00,00,00,4c,00,00,00,00,00,00,00,34,00,00,00,1f,00,1e,00,
bd,00,00,00,01,00,00,00,20,07,00,00,a0,0f,00,00,05,00,00,00,62,05,00,00,26,\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:b1,c2,18,23,65,49,d4,11,9b,18,00,
90,27,a5,cd,4f

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\OpenWithProgids]
@DACL=(02 0000)
@SACL=
"Paint.Picture"=hex(0):
"NeroPhotoSnapViewer.Files7.bmp"=hex(0):

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\OpenWithProgids]
@DACL=(02 0000)
@SACL=
"giffile"=hex(0):
"NeroPhotoSnapViewer.Files7.gif"=hex(0):

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\OpenWithProgids]
@DACL=(02 0000)
@SACL=
"icofile"=hex(0):
"NeroPhotoSnapViewer.Files7.ico"=hex(0):

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\OpenWithProgids]
@DACL=(02 0000)
@SACL=
"pjpegfile"=hex(0):
"NeroPhotoSnapViewer.Files7.jfif"=hex(0):

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\OpenWithProgids]
@DACL=(02 0000)
@SACL=
"jpegfile"=hex(0):
"NeroPhotoSnapViewer.Files7.jpeg"=hex(0):

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithProgids]
@DACL=(02 0000)
@SACL=
"jpegfile"=hex(0):
"NeroPhotoSnapViewer.Files7.jpg"=hex(0):

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\OpenWithProgids]
@DACL=(02 0000)
@SACL=
"pngfile"=hex(0):
"NeroPhotoSnapViewer.Files7.png"=hex(0):

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\OpenWithProgids]
@DACL=(02 0000)
@SACL=
"TIFImage.Document"=hex(0):
"NeroPhotoSnapViewer.Files7.tif"=hex(0):

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\OpenWithProgids]
@DACL=(02 0000)
@SACL=
"TIFImage.Document"=hex(0):
"NeroPhotoSnapViewer.Files7.tiff"=hex(0):

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\OpenWithProgids]
@DACL=(02 0000)
@SACL=
"wmffile"=hex(0):
"NeroPhotoSnapViewer.Files7.wmf"=hex(0):

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\[u]0/u]
@DACL=(02 0000)
@SACL=
"ViewView2"=hex:1c,00,00,00,05,00,00,00,00,00,00,00,00,00,a4,00,00,00,00,00,01,
00,00,00,ff,ff,ff,ff,f0,f0,f0,f0,14,00,03,00,a4,00,00,00,00,00,00,00,30,00,\

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\Desktop]
@DACL=(02 0000)
@SACL=
"Toolbars"=hex:11,00,00,00,00,00,00,00
"TaskbarWinXP"=hex:0c,00,00,00,08,00,00,00,02,00,00,00,00,00,00,00,aa,4f,28,68,
48,6a,d0,11,8c,78,00,c0,4f,d9,18,b4,90,03,00,00,60,0d,00,00,00,00,00,00,1e,\
"Upgrade"=dword:00000001

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\Shell\Bags\1]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0/u]
@DACL=(02 0000)
@SACL=
"NodeSlot"=dword:00000001
"MRUListEx"=hex:01,00,00,00,00,00,00,00,06,00,00,00,02,00,00,00,03,00,00,00,09,
00,00,00,07,00,00,00,04,00,00,00,0c,00,00,00,0b,00,00,00,0a,00,00,00,08,00,\
"0"=hex:14,00,2e,00,20,20,ec,21,ea,3a,69,10,a2,dd,08,00,2b,30,30,9d,00,00
"1"=hex:19,00,2f,43,3a,5c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00
"2"=hex:32,00,2e,00,0c,00,00,00,00,00,00,00,00,00,00,00,00,00,74,1a,59,5e,96,
df,d3,48,8d,67,17,33,bc,ee,28,ba,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,\
"3"=hex:52,00,2e,00,2c,00,02,00,00,00,48,00,50,00,5f,00,50,00,72,00,6f,00,70,
00,72,00,69,00,e9,00,74,00,61,00,69,00,72,00,65,00,00,00,00,00,00,00,00,00,\
"4"=hex:29,00,2f,45,3a,5c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
01,01,05,8a,eb,fb,ee,be,42,44,80,4e,40,9d,6c,45,15,e9,00,00
"5"=hex:19,00,2f,45,3a,5c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00
"6"=hex:19,00,2f,4b,3a,5c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00
"7"=hex:19,00,2f,4c,3a,5c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00
"8"=hex:6e,01,2e,00,48,01,26,03,15,03,01,00,00,00,48,00,00,00,7b,00,36,00,42,
00,44,00,44,00,31,00,46,00,43,00,36,00,2d,00,38,00,31,00,30,00,46,00,2d,00,\
"9"=hex:14,00,2e,80,4a,b6,9f,fc,b2,1e,cf,4c,af,5e,1a,49,7a,9b,5c,2d,00,00
"10"=hex:19,00,2f,4d,3a,5c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00
"11"=hex:70,01,2e,00,4a,01,06,20,31,08,03,00,00,00,00,00,00,00,00,00,00,00,84,
00,00,00,01,00,00,00,14,00,00,00,3d,00,00,00,00,00,41,00,70,00,70,00,61,00,\
"12"=hex:19,00,2f,44,3a,5c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0/u\[u]0/u]
@DACL=(02 0000)
"NodeSlot"=dword:00000002
"MRUListEx"=hex:00,00,00,00,01,00,00,00,02,00,00,00,05,00,00,00,03,00,00,00,06,
00,00,00,04,00,00,00,ff,ff,ff,ff
"0"=hex:1e,00,71,2d,00,00,00,00,00,00,00,00,00,00,80,a2,27,22,ea,3a,69,10,a2,
de,08,00,2b,30,30,9d,00,00
"1"=hex:1e,00,71,80,00,00,00,00,00,00,00,00,00,00,c7,ac,07,70,02,32,d1,11,aa,
d2,00,80,5f,c1,27,0e,00,00
"2"=hex:1e,00,71,80,00,00,00,00,00,00,00,00,00,00,e1,a4,0e,d2,57,39,d2,11,a4,
0b,0c,50,20,52,41,53,00,00
"3"=hex:1e,00,71,80,00,00,00,00,00,00,00,00,00,00,90,79,27,d6,6a,4c,cf,11,8d,
87,00,aa,00,60,f5,bf,00,00
"4"=hex:1e,00,71,80,00,00,00,00,00,00,00,00,00,00,b4,67,01,64,b0,59,a6,47,b3,
35,a6,b3,c0,69,5a,ea,00,00
"5"=hex:1e,00,71,80,00,00,00,00,00,00,00,00,00,00,36,b7,11,e2,fd,43,d1,11,9e,
fb,00,00,f8,75,7f,cd,00,00
"6"=hex:1e,00,71,80,00,00,00,00,00,00,00,00,00,00,e1,a4,0e,d2,57,39,d2,11,a4,
0b,0c,50,20,52,41,52,00,00

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0/u\1\[u]0/u\[u]0/u]
@DACL=(02 0000)
"0"=hex:52,00,35,00,00,00,00,00,21,32,d8,a3,10,00,4d,00,65,00,6e,00,75,00,20,
00,44,00,e9,00,6d,00,61,00,32,00,03,00,04,00,ef,be,79,31,30,1b,1b,33,34,4b,\
"MRUListEx"=hex:00,00,00,00,01,00,00,00,02,00,00,00,05,00,00,00,04,00,00,00,03,
00,00,00,ff,ff,ff,ff
"1"=hex:42,00,31,00,00,00,00,00,1b,33,78,4b,10,00,44,4f,43,55,4d,45,7e,31,00,
00,2a,00,03,00,04,00,ef,be,79,31,2a,1b,24,33,34,44,14,00,00,00,44,00,6f,00,\
"NodeSlot"=dword:000000ab
"2"=hex:50,00,31,00,00,00,00,00,85,33,2e,67,10,00,41,50,50,4c,49,43,7e,31,00,
00,38,00,03,00,04,00,ef,be,79,31,23,1b,2b,34,04,7c,14,00,00,00,41,00,70,00,\
"3"=hex:3a,00,31,00,00,00,00,00,91,33,3d,74,10,00,42,75,72,65,61,75,00,00,24,
00,03,00,04,00,ef,be,78,31,ae,0c,2b,34,10,7c,14,00,00,00,42,00,75,00,72,00,\
"4"=hex:3c,00,31,00,00,00,00,00,78,31,ae,0c,10,00,46,61,76,6f,72,69,73,00,26,
00,03,00,04,00,ef,be,78,31,ae,0c,2b,34,86,7d,14,00,00,00,46,00,61,00,76,00,\
"5"=hex:46,00,35,00,00,00,00,00,78,31,af,0c,10,00,4d,00,6f,00,64,00,e8,00,6c,
00,65,00,73,00,00,00,61,00,26,00,03,00,04,00,ef,be,78,31,af,0c,22,36,d3,6a,\

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0/u\1\[u]0/u\1]
@DACL=(02 0000)
"0"=hex:3a,00,31,00,00,00,00,00,1b,33,6a,8c,10,00,42,75,72,65,61,75,00,00,24,
00,03,00,04,00,ef,be,1a,33,4a,af,1b,33,6a,8c,14,00,00,00,42,00,75,00,72,00,\
"MRUListEx"=hex:02,00,00,00,00,00,00,00,07,00,00,00,05,00,00,00,01,00,00,00,06,
00,00,00,04,00,00,00,0a,00,00,00,0f,00,00,00,0d,00,00,00,0c,00,00,00,08,00,\
"NodeSlot"=dword:00000018
"1"=hex:4a,00,31,00,00,00,00,00,1b,33,65,8e,10,00,4d,45,4e,55,44,4d,7e,31,00,
00,32,00,03,00,04,00,ef,be,1a,33,4a,af,1c,33,06,7f,14,00,00,00,4d,00,65,00,\
"2"=hex:74,00,31,00,00,00,00,00,1c,33,5c,6d,11,00,4d,45,53,44,4f,43,7e,31,00,
00,32,00,03,00,04,00,ef,be,1a,33,4a,af,1c,33,06,7f,14,00,00,00,4d,00,65,00,\
"3"=hex:3c,00,31,00,00,00,00,00,79,31,41,1b,14,00,43,6f,6f,6b,69,65,73,00,26,
00,03,00,04,00,ef,be,1a,33,4a,af,1c,33,06,7f,14,00,00,00,43,00,6f,00,6f,00,\
"4"=hex:50,00,31,00,00,00,00,00,1c,33,5c,6d,10,00,41,50,50,4c,49,43,7e,31,00,
00,38,00,03,00,04,00,ef,be,1a,33,4a,af,1c,33,06,7f,14,00,00,00,41,00,70,00,\
"5"=hex:52,00,31,00,00,00,00,00,00,00,00,00,10,00,4c,6f,63,61,6c,20,53,65,74,
74,69,6e,67,73,00,00,34,00,03,00,04,00,ef,be,00,00,00,00,00,00,00,00,14,00,\
"6"=hex:4e,00,31,00,00,00,00,00,70,34,e1,ac,13,00,52,65,63,65,6e,74,00,00,38,
00,03,00,04,00,ef,be,1a,33,66,af,70,34,e1,ac,14,00,22,00,52,00,65,00,63,00,\
"7"=hex:50,00,31,00,00,00,00,00,7e,34,70,97,11,00,46,61,76,6f,72,69,73,00,3a,
00,03,00,04,00,ef,be,1a,33,4a,af,2e,35,44,4e,14,00,24,00,46,00,61,00,76,00,\
"8"=hex:3a,00,31,00,00,00,00,00,79,31,4a,1b,10,00,53,65,6e,64,54,6f,00,00,24,
00,03,00,04,00,ef,be,1a,33,4a,af,2e,35,d6,45,14,00,00,00,53,00,65,00,6e,00,\
"9"=hex:40,00,31,00,00,00,00,00,25,33,10,5e,14,00,55,73,65,72,44,61,74,61,00,
00,28,00,03,00,04,00,ef,be,25,33,10,5e,2d,35,37,8a,14,00,00,00,55,00,73,00,\
"10"=hex:3c,00,31,00,00,00,00,00,21,32,e2,a4,10,00,57,49,4e,44,4f,57,53,00,26,
00,03,00,04,00,ef,be,1a,33,4a,af,2d,35,37,8a,14,00,00,00,57,00,49,00,4e,00,\
"11"=hex:40,00,31,00,00,00,00,00,2b,35,da,98,10,00,43,6f,6e,74,61,63,74,73,00,
00,28,00,03,00,04,00,ef,be,2b,35,3b,93,7e,35,f8,8a,14,00,00,00,43,00,6f,00,\
"12"=hex:3a,00,31,00,00,00,00,00,45,36,09,b0,10,00,53,68,61,72,65,64,00,00,24,
00,03,00,04,00,ef,be,45,36,ae,81,45,36,09,b0,14,00,00,00,53,00,68,00,61,00,\
"13"=hex:42,00,31,00,00,00,00,00,45,36,89,b1,10,00,4c,49,4d,45,57,49,7e,31,00,
00,2a,00,03,00,04,00,ef,be,45,36,57,81,47,36,61,0d,14,00,00,00,2e,00,6c,00,\
"14"=hex:3e,00,31,00,00,00,00,00,41,32,f5,3d,10,00,4d,4f,44,4c,45,53,7e,31,00,
00,26,00,03,00,04,00,ef,be,1a,33,4a,af,57,36,6f,58,14,00,00,00,4d,00,6f,00,\
"15"=hex:44,00,31,00,00,00,00,00,91,36,cb,4b,10,00,49,4e,43,4f,4d,50,7e,31,00,
00,2c,00,03,00,04,00,ef,be,45,36,ae,81,91,36,41,65,14,00,00,00,49,00,6e,00,\

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0/u\1\[u]0/u\2]
@DACL=(02 0000)
"NodeSlot"=dword:0000003f
"MRUListEx"=hex:01,00,00,00,05,00,00,00,04,00,00,00,08,00,00,00,02,00,00,00,00,
00,00,00,07,00,00,00,06,00,00,00,03,00,00,00,ff,ff,ff,ff
"0"=hex:4a,00,31,00,00,00,00,00,21,32,c2,a8,10,00,4d,45,53,44,4f,43,7e,31,00,
00,32,00,03,00,04,00,ef,be,78,31,af,0c,53,33,bc,9e,14,00,00,00,4d,00,65,00,\
"1"=hex:50,00,31,00,00,00,00,00,21,32,2c,a7,10,00,41,50,50,4c,49,43,7e,31,00,
00,38,00,03,00,04,00,ef,be,79,31,31,1b,2b,34,86,7d,14,00,00,00,41,00,70,00,\
"2"=hex:3c,00,31,00,00,00,00,00,79,31,41,1b,14,00,43,6f,6f,6b,69,65,73,00,26,
00,03,00,04,00,ef,be,79,31,32,1b,2b,34,86,7d,14,00,00,00,43,00,6f,00,6f,00,\
"3"=hex:52,00,35,00,00,00,00,00,79,31,45,1b,10,00,4d,00,65,00,6e,00,75,00,20,
00,44,00,e9,00,6d,00,61,00,32,00,03,00,04,00,ef,be,79,31,35,1b,2b,34,86,7d,\
"4"=hex:3a,00,31,00,00,00,00,00,79,31,49,1b,10,00,52,65,63,65,6e,74,00,00,24,
00,03,00,04,00,ef,be,78,31,af,0c,2b,34,86,7d,14,00,00,00,52,00,65,00,63,00,\
"5"=hex:3c,00,31,00,00,00,00,00,21,32,e2,a4,10,00,57,49,4e,44,4f,57,53,00,26,
00,03,00,04,00,ef,be,1a,33,12,af,2b,34,86,7d,14,00,00,00,57,00,49,00,4e,00,\
"6"=hex:3a,00,31,00,00,00,00,00,79,31,4a,1b,10,00,53,65,6e,64,54,6f,00,00,24,
00,03,00,04,00,ef,be,79,31,38,1b,64,36,18,43,14,00,00,00,53,00,65,00,6e,00,\
"7"=hex:3a,00,31,00,00,00,00,00,21,32,46,a5,10,00,42,75,72,65,61,75,00,00,24,
00,03,00,04,00,ef,be,78,31,af,0c,6c,36,31,6b,14,00,00,00,42,00,75,00,72,00,\
"8"=hex:3c,00,31,00,00,00,00,00,1a,33,65,af,10,00,46,61,76,6f,72,69,73,00,26,
00,03,00,04,00,ef,be,79,31,32,1b,64,36,18,43,14,00,00,00,46,00,61,00,76,00,\

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0/u\1\[u]0/u\3]
@DACL=(02 0000)
"NodeSlot"=dword:000001c1
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:4c,00,31,00,00,00,00,00,f7,34,10,ac,10,00,4c,4f,43,41,4c,53,7e,31,00,
00,34,00,03,00,04,00,ef,be,f7,34,10,ac,22,36,d4,6a,14,00,00,00,4c,00,6f,00,\

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0/u\1\1]
@DACL=(02 0000)
"0"=hex:54,00,31,00,00,00,00,00,21,32,ba,70,10,00,4d,55,56,45,45,54,7e,31,00,
00,3c,00,03,00,04,00,ef,be,21,32,ba,70,21,32,ba,70,14,00,00,00,6d,00,75,00,\
"MRUListEx"=hex:16,00,00,00,09,00,00,00,4b,00,00,00,14,00,00,00,0d,00,00,00,51,
00,00,00,25,00,00,00,1f,00,00,00,0c,00,00,00,07,00,00,00,0b,00,00,00,08,00,\
"NodeSlot"=dword:00000019
"1"=hex:3c,00,31,00,00,00,00,00,1b,33,a5,8c,10,00,64,69,72,65,63,74,78,00,26,
00,03,00,04,00,ef,be,1b,33,a5,8c,1c,33,37,7f,14,00,00,00,64,00,69,00,72,00,\
"2"=hex:2e,00,31,00,00,00,00,00,21,32,98,a3,10,00,48,50,00,00,1c,00,03,00,04,
00,ef,be,21,32,d4,a2,1c,33,06,7f,14,00,00,00,48,00,50,00,00,00,12,00,00,00
"3"=hex:40,00,31,00,00,00,00,00,1b,33,97,8c,10,00,55,42,49,53,4f,46,7e,31,00,
00,28,00,03,00,04,00,ef,be,1b,33,97,8c,1c,33,06,7f,14,00,00,00,55,00,62,00,\
"4"=hex:40,00,31,00,00,00,00,00,4c,33,ad,99,10,00,41,50,50,53,54,4d,7e,31,00,
00,28,00,03,00,04,00,ef,be,4c,33,ad,99,4c,33,ae,99,14,00,00,00,41,00,70,00,\
"5"=hex:34,00,31,00,00,00,00,00,2a,33,0a,92,10,00,44,69,76,58,00,00,20,00,03,
00,04,00,ef,be,2a,33,fd,91,53,33,4f,9e,14,00,00,00,44,00,69,00,76,00,58,00,\
"6"=hex:5a,00,31,00,00,00,00,00,2a,33,22,9d,10,00,44,49,56,58,56,49,7e,31,00,
00,42,00,03,00,04,00,ef,be,23,33,8b,96,53,33,4f,9e,14,00,00,00,44,00,69,00,\
"7"=hex:58,00,31,00,00,00,00,00,1c,33,09,68,10,00,56,33,37,38,35,44,7e,31,00,
00,40,00,03,00,04,00,ef,be,1c,33,20,67,4e,33,19,99,14,00,00,00,56,00,33,00,\
"8"=hex:3c,00,31,00,00,00,00,00,4e,33,44,99,10,00,55,62,69,73,6f,66,74,00,26,
00,03,00,04,00,ef,be,4e,33,8a,98,56,33,29,93,14,00,00,00,55,00,62,00,69,00,\
"9"=hex:50,00,31,00,00,00,00,00,2e,33,a0,7c,10,00,46,49,43,48,49,45,7e,31,00,
00,38,00,03,00,04,00,ef,be,79,31,56,1b,56,33,db,a5,14,00,00,00,46,00,69,00,\
"10"=hex:54,00,31,00,00,00,00,00,1c,33,10,6f,10,00,41,4e,55,4d,41,4e,7e,31,00,
00,3c,00,03,00,04,00,ef,be,1c,33,10,6f,56,33,ec,a6,14,00,00,00,41,00,6e,00,\
"11"=hex:5a,00,31,00,00,00,00,00,78,31,b7,0c,10,00,55,4e,49,4e,53,54,7e,31,00,
00,42,00,03,00,04,00,ef,be,78,31,b7,0c,56,33,e9,ab,14,00,00,00,55,00,6e,00,\
"12"=hex:40,00,31,00,00,00,00,00,2c,34,c0,9d,10,00,56,69,64,65,6f,4c,41,4e,00,
00,28,00,03,00,04,00,ef,be,2c,34,c0,9d,30,34,f8,a2,14,00,00,00,56,00,69,00,\
"13"=hex:58,00,31,00,00,00,00,00,85,33,3c,68,10,00,57,49,4e,44,4f,57,7e,31,00,
00,40,00,03,00,04,00,ef,be,79,31,78,1b,36,34,0a,7b,14,00,00,00,57,00,69,00,\
"14"=hex:34,00,31,00,00,00,00,00,4b,34,d0,8c,10,00,4e,65,72,6f,00,00,20,00,03,
00,04,00,ef,be,4b,34,d0,8c,55,34,57,75,14,00,00,00,4e,00,65,00,72,00,6f,00,\
"15"=hex:e3,00,31,00,00,00,00,00,21,32,96,a8,10,00,41,54,49,54,45,43,7e,31,00,
00,38,00,03,00,04,00,ef,be,21,32,96,a8,62,34,18,4f,14,00,00,00,41,00,54,00,\
"16"=hex:42,00,31,00,00,00,00,00,50,34,4f,74,10,00,32,4b,53,50,4f,52,7e,31,00,
00,2a,00,03,00,04,00,ef,be,50,34,4f,74,62,34,18,4f,14,00,00,00,32,00,4b,00,\
"17"=hex:3a,00,31,00,00,00,00,00,23,33,aa,96,10,00,4d,6f,72,67,61,6e,00,00,24,
00,03,00,04,00,ef,be,23,33,aa,96,62,34,18,4f,14,00,00,00,4d,00,6f,00,72,00,\
"18"=hex:5a,00,31,00,00,00,00,00,00,00,00,00,10,00,53,65,72,76,69,63,65,73,20,
65,6e,20,6c,69,67,6e,65,00,3a,00,03,00,04,00,ef,be,00,00,00,00,00,00,00,00,\
"19"=hex:4e,00,31,00,00,00,00,00,52,34,fa,79,10,00,4d,49,43,52,4f,53,7e,34,00,
00,36,00,03,00,04,00,ef,be,57,33,83,70,92,34,50,9e,14,00,00,00,4d,00,69,00,\
"20"=hex:44,00,31,00,00,00,00,00,41,32,f6,3d,10,00,57,49,4e,44,4f,57,7e,32,00,
00,2c,00,03,00,04,00,ef,be,79,31,7a,1b,99,34,a4,82,14,00,00,00,57,00,69,00,\
"21"=hex:5c,00,31,00,00,00,00,00,92,34,cf,b3,10,00,57,49,4e,44,4f,57,7e,34,00,
00,44,00,03,00,04,00,ef,be,92,34,cf,b3,99,34,a4,82,14,00,00,00,57,00,69,00,\
"22"=hex:36,00,31,00,00,00,00,00,9a,34,e8,b3,10,00,65,4d,75,6c,65,00,22,00,03,
00,04,00,ef,be,8f,34,ad,49,9b,34,eb,21,14,00,00,00,65,00,4d,00,75,00,6c,00,\
"23"=hex:4a,00,31,00,00,00,00,00,83,34,d1,95,10,00,4d,53,4e,4d,45,53,7e,31,00,
00,32,00,03,00,04,00,ef,be,83,34,d0,95,a2,34,15,80,14,00,00,00,4d,00,53,00,\
"24"=hex:3c,00,31,00,00,00,00,00,99,34,0a,82,10,00,75,62,69,2e,63,6f,6d,00,26,
00,03,00,04,00,ef,be,94,34,50,84,ab,34,a4,48,14,00,00,00,75,00,62,00,69,00,\
"25"=hex:4c,00,31,00,00,00,00,00,ac,34,65,7e,10,00,50,41,54,43,48,52,7e,31,2e,
34,35,00,32,00,03,00,04,00,ef,be,ab,34,2b,9c,ac,34,65,7e,14,00,00,00,50,00,\
"26"=hex:5a,00,31,00,00,00,00,00,85,34,c5,98,10,00,50,43,2d,44,4f,43,7e,31,00,
00,42,00,03,00,04,00,ef,be,21,32,7b,a5,ac,34,ef,78,14,00,00,00,50,00,43,00,\
"27"=hex:4e,00,31,00,00,00,00,00,b0,34,5d,59,10,00,49,4e,53,54,41,4c,7e,32,00,
00,36,00,03,00,04,00,ef,be,b0,34,d7,58,bd,34,89,3b,14,00,00,00,49,00,6e,00,\
"28"=hex:3c,00,31,00,00,00,00,00,b5,34,99,85,10,00,53,61,6d,73,75,6e,67,00,26,
00,03,00,04,00,ef,be,b5,34,99,85,c2,34,c6,4b,14,00,00,00,53,00,61,00,6d,00,\
"29"=hex:52,00,31,00,00,00,00,00,d5,34,1a,80,10,00,49,4e,54,45,52,4e,7e,31,00,
00,3a,00,03,00,04,00,ef,be,79,31,63,1b,e6,34,26,59,14,00,00,00,49,00,6e,00,\
"30"=hex:44,00,31,00,00,00,00,00,b0,34,4f,5a,10,00,4d,4f,4e,50,52,4f,7e,31,00,
00,2c,00,03,00,04,00,ef,be,b0,34,4e,5a,e6,34,26,59,14,00,00,00,4d,00,6f,00,\
"31"=hex:3c,00,31,00,00,00,00,00,e6,34,bd,59,10,00,57,61,6e,61,64,6f,6f,00,26,
00,03,00,04,00,ef,be,7e,34,70,80,e6,34,c0,59,14,00,00,00,57,00,61,00,6e,00,\
"32"=hex:4e,00,31,00,00,00,00,00,97,34,79,6a,10,00,57,41,4e,41,44,4f,7e,32,00,
00,36,00,03,00,04,00,ef,be,94,34,57,62,e6,34,7a,59,14,00,00,00,77,00,61,00,\
"33"=hex:46,00,31,00,00,00,00,00,22,35,45,79,10,00,54,52,45,4e,44,4d,7e,31,00,
00,2e,00,03,00,04,00,ef,be,22,35,45,79,2c,35,c7,8e,14,00,00,00,54,00,72,00,\
"34"=hex:40,00,31,00,00,00,00,00,2c,35,44,9b,10,00,4c,61,76,61,73,6f,66,74,00,
00,28,00,03,00,04,00,ef,be,2c,35,44,9b,2c,35,44,9b,14,00,00,00,4c,00,61,00,\
"35"=hex:42,00,31,00,00,00,00,00,85,34,c4,98,10,00,4d,45,53,53,45,4e,7e,31,00,
00,2a,00,03,00,04,00,ef,be,79,31,64,1b,38,35,e6,72,14,00,00,00,4d,00,65,00,\
"36"=hex:48,00,31,00,00,00,00,00,a4,34,93,84,10,00,54,48,52,55,53,54,7e,31,00,
00,30,00,03,00,04,00,ef,be,a4,34,93,84,3c,35,e6,7e,14,00,00,00,54,00,68,00,\
"37"=hex:50,00,31,00,00,00,00,00,85,34,c5,98,10,00,57,41,4e,41,44,4f,7e,31,00,
00,38,00,03,00,04,00,ef,be,84,34,b3,2d,3c,35,01,81,14,00,00,00,57,00,61,00,\
"38"=hex:40,00,31,00,00,00,00,00,af,34,4a,6f,10,00,45,41,47,41,4d,45,7e,31,00,
00,28,00,03,00,04,00,ef,be,7a,33,b7,56,3c,35,e7,7e,14,00,00,00,45,00,41,00,\
"39"=hex:36,00,31,00,00,00,00,00,21,32,58,a4,10,00,53,6f,6e,69,63,00,22,00,03,
00,04,00,ef,be,21,32,3a,a4,58,35,36,99,14,00,00,00,53,00,6f,00,6e,00,69,00,\
"40"=hex:36,00,31,00,00,00,00,00,32,34,97,95,10,00,48,4f,54,50,43,00,22,00,03,
00,04,00,ef,be,32,34,97,95,62,35,67,42,14,00,00,00,48,00,4f,00,54,00,50,00,\
"41"=hex:42,00,31,00,00,00,00,00,db,34,d8,6d,10,00,53,45,43,55,52,49,7e,31,00,
00,2a,00,03,00,04,00,ef,be,da,34,f1,41,62,35,d4,3d,14,00,00,00,53,00,65,00,\
"42"=hex:30,00,31,00,00,00,00,00,48,34,59,78,10,00,4d,53,4e,00,1e,00,03,00,04,
00,ef,be,79,31,68,1b,71,35,8a,90,14,00,00,00,4d,00,53,00,4e,00,00,00,12,00,\
"43"=hex:4e,00,31,00,00,00,00,00,79,31,6f,1b,10,00,4d,53,4e,47,41,4d,7e,31,00,
00,36,00,03,00,04,00,ef,be,79,31,6f,1b,71,35,8a,90,14,00,00,00,4d,00,53,00,\
"44"=hex:42,00,31,00,00,00,00,00,e7,34,75,5e,10,00,42,4c,41,43,4b,42,7e,31,00,
00,2a,00,03,00,04,00,ef,be,e7,34,75,5e,8a,35,46,44,14,00,00,00,42,00,6c,00,\
"45"=hex:3a,00,31,00,00,00,00,00,0d,35,b0,7c,10,00,43,6f,63,68,6f,6e,00,00,24,
00,03,00,04,00,ef,be,0d,35,b0,7c,9d,35,34,58,14,00,00,00,43,00,6f,00,63,00,\
"46"=hex:62,00,31,00,00,00,00,00,2d,35,b2,7d,10,00,53,50,59,42,4f,54,7e,31,00,
00,4a,00,03,00,04,00,ef,be,2d,35,d4,7a,9f,35,5c,4f,14,00,00,00,53,00,70,00,\
"47"=hex:40,00,31,00,00,00,00,00,45,36,8a,81,10,00,4c,69,6d,65,57,69,72,65,00,
00,28,00,03,00,04,00,ef,be,45,36,86,81,4d,36,f8,9b,14,00,00,00,4c,00,69,00,\
"48"=hex:5e,00,31,00,00,00,00,00,41,36,13,9c,10,00,57,49,34,44,46,36,7e,31,00,
00,46,00,03,00,04,00,ef,be,3c,36,ae,7c,63,36,a1,91,14,00,00,00,57,00,69,00,\
"49"=hex:40,00,31,00,00,00,00,00,36,36,00,68,10,00,49,6e,76,65,6e,74,65,6c,00,
00,28,00,03,00,04,00,ef,be,36,36,00,68,8a,36,8c,a0,14,00,00,00,49,00,6e,00,\
"50"=hex:4e,00,31,00,00,00,00,00,72,35,ef,03,10,00,45,4c,45,43,54,52,7e,31,00,
00,36,00,03,00,04,00,ef,be,72,35,ef,03,a6,36,58,44,14,00,00,00,45,00,6c,00,\
"51"=hex:42,00,31,00,00,00,00,00,c4,36,21,8c,10,00,45,41,53,50,4f,52,7e,31,00,
00,2a,00,03,00,04,00,ef,be,c4,36,21,8c,c4,36,21,8c,14,00,00,00,45,00,41,00,\
"52"=hex:4a,00,31,00,00,00,00,00,bd,36,1c,72,10,00,43,4f,53,4d,4f,53,7e,31,00,
00,32,00,03,00,04,00,ef,be,bd,36,1c,72,c4,36,0e,8d,14,00,00,00,43,00,6f,00,\
"53"=hex:54,00,31,00,00,00,00,00,2e,34,42,4a,10,00,45,4d,50,49,52,45,7e,31,00,
00,3c,00,03,00,04,00,ef,be,1b,33,3c,82,c4,36,22,8d,14,00,00,00,45,00,6d,00,\
"54"=hex:3a,00,31,00,00,00,00,00,23,33,a8,96,10,00,47,61,62,65,73,74,00,00,24,
00,03,00,04,00,ef,be,23,33,a8,96,c4,36,22,8d,14,00,00,00,47,00,61,00,62,00,\
"55"=hex:40,00,31,00,00,00,00,00,0d,35,f3,7b,10,00,47,49,52,4c,38,54,45,45,00,
00,28,00,03,00,04,00,ef,be,0d,35,f3,7b,c4,36,22,8d,14,00,00,00,47,00,49,00,\
"56"=hex:42,00,31,00,00,00,00,00,23,33,a9,96,10,00,41,43,33,46,49,4c,7e,31,00,
00,2a,00,03,00,04,00,ef,be,23,33,a9,96,c4,36,0e,8d,14,00,00,00,41,00,43,00,\
"57"=hex:36,00,31,00,00,00,00,00,63,36,11,8e,10,00,41,64,6f,62,65,00,22,00,03,
00,04,00,ef,be,21,32,8e,a4,c4,36,1d,8c,14,00,00,00,41,00,64,00,6f,00,62,00,\
"58"=hex:36,00,31,00,00,00,00,00,2b,33,ec,4a,10,00,41,68,65,61,64,00,22,00,03,
00,04,00,ef,be,2b,33,c4,4a,c4,36,22,8d,14,00,00,00,41,00,68,00,65,00,61,00,\
"59"=hex:3c,00,31,00,00,00,00,00,1c,33,3a,6d,10,00,41,72,63,53,6f,66,74,00,26,
00,03,00,04,00,ef,be,1c,33,3a,6d,c4,36,22,8d,14,00,00,00,41,00,72,00,63,00,\
"60"=hex:46,00,31,00,00,00,00,00,27,36,a4,9d,10,00,42,4f,4f,4e,54,59,7e,31,00,
00,2e,00,03,00,04,00,ef,be,22,36,38,7e,c4,36,22,8d,14,00,00,00,42,00,6f,00,\
"61"=hex:5a,00,31,00,00,00,00,00,c4,36,bc,74,10,00,54,48,45,41,44,56,7e,31,00,
00,42,00,03,00,04,00,ef,be,c4,36,bc,74,c4,36,22,8d,14,00,00,00,54,00,68,00,\
"62"=hex:56,00,31,00,00,00,00,00,43,36,e9,6b,10,00,54,48,45,42,49,54,7e,31,00,
00,3e,00,03,00,04,00,ef,be,43,36,e9,6b,c4,36,22,8d,14,00,00,00,54,00,68,00,\
"63"=hex:3c,00,31,00,00,00,00,00,22,35,50,a6,10,00,56,69,6d,69,63,72,6f,00,26,
00,03,00,04,00,ef,be,22,35,50,a6,c4,36,22,8d,14,00,00,00,56,00,69,00,6d,00,\
"64"=hex:64,00,31,00,00,00,00,00,cd,36,21,51,10,00,53,49,58,54,45,45,7e,31,00,
00,4c,00,03,00,04,00,ef,be,cd,36,21,51,cd,36,9c,5b,14,00,00,00,73,00,69,00,\
"65"=hex:4e,00,31,00,00,00,00,00,85,34,c4,98,10,00,4d,49,43,52,4f,53,7e,32,00,
00,36,00,03,00,04,00,ef,be,1b,33,0f,51,42,37,92,89,14,00,00,00,4d,00,69,00,\
"66"=hex:4a,00,31,00,00,00,00,00,72,36,d6,49,10,00,4d,41,52,49,4f,46,7e,31,00,
00,32,00,03,00,04,00,ef,be,71,36,6b,87,43,37,94,71,14,00,00,00,4d,00,61,00,\
"67"=hex:52,00,31,00,00,00,00,00,27,36,01,9e,10,00,44,45,53,54,52,4f,7e,31,00,
00,3a,00,03,00,04,00,ef,be,94,34,ce,83,43,37,f2,6c,14,00,00,00,44,00,65,00,\
"68"=hex:44,00,31,00,00,00,00,00,08,37,4a,6f,10,00,47,41,4d,45,53,48,7e,31,00,
00,2c,00,03,00,04,00,ef,be,07,37,99,a8,43,37,f1,a3,14,00,00,00,47,00,61,00,\
"69"=hex:3a,00,31,00,00,00,00,00,25,37,fb,76,10,00,47,6f,6f,67,6c,65,00,00,24,
00,03,00,04,00,ef,be,64,35,83,56,43,37,f1,a3,14,00,00,00,47,00,6f,00,6f,00,\
"70"=hex:42,00,31,00,00,00,00,00,dc,34,05,78,10,00,4e,4f,56,41,4c,4f,7e,31,00,
00,2a,00,03,00,04,00,ef,be,76,33,09,7d,43,37,25,a4,14,00,00,00,4e,00,6f,00,\
"71"=hex:5e,00,31,00,00,00,00,00,2e,34,e5,4a,10,00,52,45,44,53,54,4f,7e,31,00,
00,46,00,03,00,04,00,ef,be,29,33,71,7f,43,37,25,a4,14,00,00,00,52,00,65,00,\
"72"=hex:4a,00,31,00,00,00,00,00,86,34,cc,91,10,00,54,52,41,49,4e,44,7e,31,00,
00,32,00,03,00,04,00,ef,be,86,34,81,91,50,37,35,53,14,00,00,00,54,00,72,00,\
"73"=hex:5c,00,31,00,00,00,00,00,78,37,f6,9e,10,00,44,43,41,44,53,41,7e,31,00,
00,44,00,03,00,04,00,ef,be,78,37,6a,0f,79,37,4a,5f,14,00,00,00,44,00,63,00,\
"74"=hex:58,00,31,00,00,00,00,00,4b,37,4f,6a,10,00,57,49,4e,44,4f,57,7e,34,00,
00,40,00,03,00,04,00,ef,be,31,35,cc,80,79,37,f8,68,14,00,00,00,57,00,69,00,\
"75"=hex:36,00,31,00,00,00,00,00,79,31,81,1b,10,00,78,65,72,6f,78,00,22,00,03,
00,04,00,ef,be,79,31,81,1b,79,37,76,6f,14,00,00,00,78,00,65,00,72,00,6f,00,\
"76"=hex:4a,00,31,00,00,00,00,00,76,37,29,63,10,00,46,49,52,41,58,49,7e,31,00,
00,32,00,03,00,04,00,ef,be,76,37,29,63,79,37,10,6e,14,00,00,00,46,00,69,00,\
"77"=hex:46,00,31,00,00,00,00,00,2a,35,ae,3c,10,00,43,4f,44,45,4d,41,7e,31,00,
00,2e,00,03,00,04,00,ef,be,2a,35,ae,3c,79,37,75,6f,14,00,00,00,43,00,6f,00,\
"78"=hex:5a,00,31,00,00,00,00,00,4b,37,c3,6b,10,00,41,50,50,4c,45,53,7e,31,00,
00,42,00,03,00,04,00,ef,be,6c,36,1c,64,79,37,75,6f,14,00,00,00,41,00,70,00,\
"79"=hex:52,00,31,00,00,00,00,00,f7,34,60,9e,10,00,41,4e,54,49,56,49,7e,31,00,
00,3a,00,03,00,04,00,ef,be,e7,34,09,95,7a,37,bb,79,14,00,00,00,41,00,6e,00,\
"80"=hex:34,00,31,00,00,00,00,00,79,37,27,03,10,00,41,78,42,78,00,00,20,00,03,
00,04,00,ef,be,79,37,27,03,7a,37,1b,79,14,00,00,00,41,00,78,00,42,00,78,00,\
"81"=hex:48,00,31,00,00,00,00,00,5b,38,52,75,10,00,57,49,31,46,38,36,7e,31,00,
00,30,00,03,00,04,00,ef,be,82,37,89,ab,c1,38,6c,60,14,00,00,00,57,00,69,00,\

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0/u\1\10]
@DACL=(02 0000)
"NodeSlot"=dword:0000006a
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:34,00,31,00,00,00,00,00,21,32,fb,a8,10,00,69,33,38,36,00,00,20,00,03,
00,04,00,ef,be,21,32,fb,a8,2c,38,39,5b,14,00,00,00,69,00,33,00,38,00,36,00,\

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0/u\1\11]
@DACL=(02 0000)
"NodeSlot"=dword:0000006d
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0/u\1\12]
@DACL=(02 0000)
"NodeSlot"=dword:0000018b
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0/u\1\13]
@DACL=(02 0000)
"NodeSlot"=dword:000001a4
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0/u\1\14]
@DACL=(02 0000)
"NodeSlot"=dword:000001a5
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0/u\1\15]
@DACL=(02 0000)
"0"=hex:40,00,31,00,00,00,00,00,00,00,00,00,10,00,48,50,5f,50,52,4f,7e,31,00,
00,28,00,03,00,04,00,ef,be,00,00,00,00,00,00,00,00,14,00,00,00,48,00,50,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0/u\1\16]
@DACL=(02 0000)
"0"=hex:36,00,31,00,00,00,00,00,e8,38,c2,b2,10,00,61,64,6f,62,65,00,22,00,03,
00,04,00,ef,be,e8,38,c2,b2,e8,38,c2,b2,14,00,00,00,61,00,64,00,6f,00,62,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0/u\1\17]
@DACL=(02 0000)
"NodeSlot"=dword:0000048b
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0/u\1\2]
@DACL=(02 0000)
"0"=hex:54,00,32,00,a5,8a,7d,0b,59,2e,ba,45,20,00,52,41,59,4d,41,4e,7e,31,2e,
5a,49,50,00,00,38,00,03,00,04,00,ef,be,59,2e,ba,45,59,2e,ba,45,14,00,00,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"NodeSlot"=dword:0000000e

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0/u\1\3]
@DACL=(02 0000)
"NodeSlot"=dword:00000016
"MRUListEx"=hex:00,00,00,00,01,00,00,00,08,00,00,00,05,00,00,00,06,00,00,00,07,
00,00,00,03,00,00,00,04,00,00,00,02,00,00,00,ff,ff,ff,ff
"0"=hex:3a,00,31,00,00,00,00,00,78,31,b8,0c,10,00,43,6f,6e,66,69,67,00,00,24,
00,03,00,04,00,ef,be,78,31,b8,0c,1b,33,a0,89,14,00,00,00,43,00,6f,00,6e,00,\
"1"=hex:c1,00,31,00,00,00,00,00,1b,33,ac,8c,10,00,55,62,69,73,6f,66,74,00,26,
00,03,00,04,00,ef,be,1b,33,ac,8c,56,33,ea,ab,14,00,00,00,55,00,62,00,69,00,\
"2"=hex:3c,00,31,00,00,00,00,00,4f,33,45,75,10,00,43,52,45,41,54,4f,52,00,26,
00,03,00,04,00,ef,be,21,32,e3,a4,85,33,33,66,14,00,00,00,43,00,52,00,45,00,\
"3"=hex:70,00,31,00,00,00,00,00,00,00,00,00,10,00,44,6f,77,6e,6c,6f,61,64,65,
64,20,50,72,6f,67,72,61,6d,20,46,69,6c,65,73,00,00,48,00,03,00,04,00,ef,be,\
"4"=hex:36,00,31,00,00,00,00,00,21,32,8a,a4,10,00,43,61,63,68,65,00,22,00,03,
00,04,00,ef,be,21,32,8a,a4,62,34,f3,50,14,00,00,00,43,00,61,00,63,00,68,00,\
"5"=hex:40,00,31,00,00,00,00,00,92,34,2e,6c,10,00,73,79,73,74,65,6d,33,32,00,
00,28,00,03,00,04,00,ef,be,79,31,58,22,92,34,8b,9a,14,00,00,00,73,00,79,00,\
"6"=hex:3a,00,31,00,00,00,00,00,41,33,25,8a,10,00,73,79,73,74,65,6d,00,00,24,
00,03,00,04,00,ef,be,79,31,32,1f,6c,36,cb,6b,14,00,00,00,73,00,79,00,73,00,\
"7"=hex:3a,00,31,00,00,00,00,00,88,37,57,9b,10,00,57,69,6e,53,78,53,00,00,24,
00,03,00,04,00,ef,be,79,31,69,22,21,38,42,9d,14,00,00,00,57,00,69,00,6e,00,\
"8"=hex:40,00,31,00,00,00,00,00,2c,38,b0,5a,10,20,50,72,65,66,65,74,63,68,00,
00,28,00,03,00,04,00,ef,be,1a,33,e6,ae,2c,38,15,5c,14,00,00,00,50,00,72,00,\

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0/u\1\4]
@DACL=(02 0000)
"NodeSlot"=dword:00000164
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0/u\1\5]
@DACL=(02 0000)
"NodeSlot"=dword:00000165
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0/u\1\6]
@DACL=(02 0000)
"NodeSlot"=dword:00000166
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0/u\1\7]
@DACL=(02 0000)
"NodeSlot"=dword:00000013
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:40,00,31,00,00,00,00,00,41,33,1d,8a,10,00,6a,65,75,78,2d,63,6c,73,00,
00,28,00,03,00,04,00,ef,be,41,33,05,8a,62,34,18,4f,14,00,00,00,6a,00,65,00,\

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0/u\1\8]
@DACL=(02 0000)
"0"=hex:3c,00,31,00,00,00,00,00,1a,33,2b,af,10,00,64,72,69,76,65,72,73,00,26,
00,03,00,04,00,ef,be,21,32,88,a1,92,34,4f,a0,14,00,00,00,64,00,72,00,69,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0/u\1\9]
@DACL=(02 0000)
"NodeSlot"=dword:00000069
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0/u\10]
@DACL=(02 0000)
"0"=hex:34,00,31,00,00,00,00,00,ae,32,e9,38,10,00,44,43,49,4d,00,00,20,00,03,
00,04,00,ef,be,ae,32,e9,38,56,35,00,b0,14,00,00,00,44,00,43,00,49,00,4d,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0/u\11]
@DACL=(02 0000)
"NodeSlot"=dword:000001cf
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0/u\12]
@DACL=(02 0000)
"NodeSlot"=dword:00000311
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0/u\2]
@DACL=(02 0000)
"NodeSlot"=dword:0000000c
"MRUListEx"=hex:00,00,00,00,02,00,00,00,01,00,00,00,07,00,00,00,06,00,00,00,04,
00,00,00,05,00,00,00,03,00,00,00,ff,ff,ff,ff
"0"=hex:44,00,31,00,00,00,00,00,21,32,23,a1,10,00,4d,41,4d,55,53,49,7e,31,00,
00,2c,00,03,00,04,00,ef,be,79,31,2a,1b,1b,33,9d,89,14,00,00,00,4d,00,61,00,\
"1"=hex:44,00,31,00,00,00,00,00,1c,33,6c,6b,10,00,4d,45,53,49,4d,41,7e,31,00,
00,2c,00,03,00,04,00,ef,be,79,31,2a,1b,1c,33,6c,6b,14,00,00,00,4d,00,65,00,\
"2"=hex:58,00,31,00,00,00,00,00,1b,33,78,4b,11,00,4d,45,53,56,49,44,7e,31,00,
00,40,00,03,00,04,00,ef,be,1b,33,78,4b,1c,33,33,7f,14,00,2a,00,4d,00,65,00,\
"3"=hex:4a,00,31,00,00,00,00,00,33,33,12,99,10,00,43,44,45,58,54,52,7e,31,00,
00,32,00,03,00,04,00,ef,be,33,33,08,99,33,33,12,99,14,00,00,00,63,00,64,00,\
"4"=hex:3a,00,31,00,00,00,00,00,33,33,59,9c,10,00,61,76,69,6f,6e,73,00,00,24,
00,03,00,04,00,ef,be,33,33,08,99,33,33,59,9c,14,00,00,00,61,00,76,00,69,00,\
"5"=hex:44,00,31,00,00,00,00,00,da,34,1d,a0,10,00,43,52,41,5a,59,53,7e,31,00,
00,2c,00,03,00,04,00,ef,be,da,34,13,a0,db,34,8b,46,14,00,00,00,43,00,72,00,\
"6"=hex:46,00,31,00,00,00,00,00,4d,36,6c,7a,10,00,46,4f,54,4f,41,4d,7e,31,00,
00,2e,00,03,00,04,00,ef,be,4c,36,91,a8,57,36,70,9f,14,00,00,00,66,00,6f,00,\
"7"=hex:46,00,31,00,00,00,00,00,4e,36,d9,ad,10,00,53,45,58,41,4d,41,7e,31,00,
00,2e,00,03,00,04,00,ef,be,4c,36,9c,a6,58,36,02,3f,14,00,00,00,73,00,65,00,\

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0/u\3]
@DACL=(02 0000)
"NodeSlot"=dword:00000015
"MRUListEx"=hex:13,00,00,00,0f,00,00,00,08,00,00,00,10,00,00,00,12,00,00,00,07,
00,00,00,00,00,00,00,02,00,00,00,04,00,00,00,11,00,00,00,0e,00,00,00,0d,00,\
"0"=hex:6e,00,31,00,00,00,00,00,23,33,10,ae,11,00,4d,41,4d,55,53,49,7e,31,00,
00,2c,00,03,00,04,00,ef,be,1a,33,4a,af,2a,33,17,3e,14,00,00,00,4d,00,61,00,\
"1"=hex:44,00,31,00,00,00,00,00,25,33,46,60,10,00,4d,45,53,41,4c,42,7e,31,00,
00,2c,00,03,00,04,00,ef,be,1b,33,7a,50,2e,33,02,51,14,00,00,00,4d,00,65,00,\
"2"=hex:3e,00,31,00,00,00,00,00,23,33,a0,55,14,00,4d,45,53,44,56,44,7e,31,00,
00,26,00,03,00,04,00,ef,be,23,33,a0,55,2d,33,7b,76,14,00,00,00,4d,00,65,00,\
"3"=hex:52,00,31,00,00,00,00,00,25,33,40,60,10,00,4d,45,53,4e,55,4d,7e,31,00,
00,3a,00,03,00,04,00,ef,be,25,33,40,60,2d,33,7b,76,14,00,00,00,4d,00,65,00,\
"4"=hex:6e,00,31,00,00,00,00,00,77,33,1d,56,11,00,4d,45,53,49,4d,41,7e,31,00,
00,2c,00,03,00,04,00,ef,be,1a,33,4a,af,78,33,56,74,14,00,00,00,4d,00,65,00,\
"5"=hex:40,00,31,00,00,00,00,00,91,33,a5,60,10,00,45,41,47,41,4d,45,7e,31,00,
00,28,00,03,00,04,00,ef,be,91,33,a5,60,2e,34,3c,44,14,00,00,00,45,00,41,00,\
"6"=hex:30,00,31,00,00,00,00,00,90,33,77,af,10,00,52,49,50,00,1e,00,03,00,04,
00,ef,be,74,33,07,a3,2e,34,3c,44,14,00,00,00,52,00,49,00,50,00,00,00,12,00,\
"7"=hex:40,00,31,00,00,00,00,00,52,34,8e,7c,10,00,4d,59,47,41,4d,45,7e,31,00,
00,28,00,03,00,04,00,ef,be,52,34,8e,7c,97,34,b0,72,14,00,00,00,4d,00,79,00,\
"8"=hex:4c,00,31,00,00,00,00,00,9a,34,69,7b,10,00,4d,41,52,43,7e,31,2e,4c,45,
2d,00,00,32,00,03,00,04,00,ef,be,7e,34,65,98,9b,34,72,ab,14,00,00,00,6d,00,\
"9"=hex:46,00,31,00,00,00,00,00,55,34,78,76,10,00,41,4c,42,55,4d,50,7e,31,00,
00,2e,00,03,00,04,00,ef,be,87,33,74,76,b1,34,5a,85,14,00,00,00,61,00,6c,00,\
"10"=hex:56,00,31,00,00,00,00,00,fd,34,f8,a6,10,00,56,41,43,41,4e,43,7e,31,00,
00,3e,00,03,00,04,00,ef,be,fd,34,02,a6,23,35,34,36,14,00,00,00,76,00,61,00,\
"11"=hex:62,00,31,00,00,00,00,00,e2,34,ee,88,10,00,53,4f,52,54,49,45,7e,31,00,
00,4a,00,03,00,04,00,ef,be,e2,34,98,88,23,35,34,36,14,00,00,00,73,00,6f,00,\
"12"=hex:44,00,31,00,00,00,00,00,7f,34,3a,97,10,00,32,41,4e,53,49,4d,7e,31,00,
00,2c,00,03,00,04,00,ef,be,7f,34,db,96,23,35,2d,36,14,0

titeuf1234 Messages postés 282 Statut Membre 7

c'est bien celui la que tu veux?

Réponse 4 / 14

Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537

Re,

le rapport n'est pas complet.

Pour ma prochaine réponse,j'ai besoin de la fin.

Il faut que tu le postes en morceau car le rapport est trop long pour passer en une fois.

titeuf1234 Messages postés 282 Statut Membre 7

re voici le rapoet en deux fois

ComboFix 09-02-02.04 - HP_Propriétaire 2009-02-03 9:46:45.15 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1535.1008 [GMT 1:00]
Lancé depuis: c:\documents and settings\HP_Propriétaire\Mes documents\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090202-1] *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-01-03 au 2009-02-03 ))))))))))))))))))))))))))))))))))))
.

2009-02-02 23:08 . 2009-02-02 23:08 <REP> d-------- c:\windows\system32\IOSUBSYS
2009-01-25 11:30 . 2005-08-26 06:00 140,288 --a------ c:\windows\system32\CNMLM79.DLL
2009-01-25 11:30 . 2005-08-26 06:00 8,704 --a------ c:\windows\system32\CNMVS79.DLL
2009-01-23 19:03 . 2009-01-23 19:04 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Nero
2009-01-23 18:36 . 2009-01-23 18:36 4,767 --a------ c:\windows\Irremote.ini
2009-01-23 18:32 . 2009-01-23 18:32 <REP> d-------- c:\program files\Windows Sidebar
2009-01-23 18:12 . 2009-01-23 19:01 <REP> d-------- c:\program files\Fichiers communs\Nero
2009-01-23 18:12 . 2009-01-23 18:24 <REP> d-------- c:\documents and settings\All Users\Application Data\Nero
2009-01-22 23:22 . 2009-02-02 15:14 <REP> d-------- c:\documents and settings\HP_Propriétaire\Shared
2009-01-22 23:22 . 2009-02-02 15:14 <REP> d-------- c:\documents and settings\HP_Propriétaire\Shared
2009-01-22 23:22 . 2009-02-02 15:37 <REP> d-------- c:\documents and settings\HP_Propriétaire\Incomplete
2009-01-22 23:22 . 2009-02-02 15:37 <REP> d-------- c:\documents and settings\HP_Propriétaire\Incomplete
2009-01-22 23:20 . 2009-01-22 23:20 <REP> d-------- c:\program files\P2P_Energy
2009-01-22 23:20 . 2009-01-22 23:21 <REP> d-------- c:\program files\LimeWireTurbo
2009-01-22 23:20 . 2009-01-22 23:20 <REP> d-------- c:\program files\Conduit
2009-01-22 23:20 . 2009-02-02 13:59 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\LimeWireTurbo
2009-01-17 12:58 . 2009-01-17 12:58 0 --a------ c:\windows\nsreg.dat
2009-01-17 12:56 . 2009-01-18 18:20 <REP> d-------- c:\documents and settings\HP_Propriétaire\dwhelper
2009-01-17 12:56 . 2009-01-18 18:20 <REP> d-------- c:\documents and settings\HP_Propriétaire\dwhelper
2009-01-11 19:45 . 2009-01-11 21:25 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Orbit
2009-01-11 19:17 . 2009-01-11 19:18 <REP> d-------- c:\program files\iTunes
2009-01-11 19:17 . 2009-01-11 19:17 <REP> d-------- c:\program files\iPod
2009-01-11 19:17 . 2009-01-11 19:18 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-11 19:16 . 2009-01-11 19:16 <REP> d-------- c:\program files\Bonjour
2009-01-11 01:39 . 2009-01-11 21:21 <REP> d-------- C:\downloads
2009-01-11 01:39 . 2009-01-11 01:41 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\FMZilla
2009-01-11 01:27 . 2009-01-11 21:45 <REP> d-------- c:\program files\Free Music Zilla
2009-01-05 23:33 . 2009-01-05 23:33 3,751,995 --a------ c:\windows\system32\GPhotos.scr
2009-01-05 12:14 . 2009-01-05 12:14 <REP> d-------- C:\Sandbox

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-03 08:07 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\OpenOffice.org2
2009-02-02 22:08 --------- d-----w c:\program files\Google
2009-02-02 11:36 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-01-28 15:00 --------- d-----w c:\program files\eMule
2009-01-26 17:57 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\LimeWire
2009-01-23 17:35 --------- d-----w c:\program files\Nero
2009-01-18 19:21 5,802 ----a-w c:\documents and settings\HP_Propriétaire\Application Data\wklnhst.dat
2009-01-18 13:46 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-18 13:46 --------- d-----w c:\program files\Ubisoft
2009-01-15 20:16 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-14 15:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 15:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-12 06:43 --------- d-----w c:\program files\Apple Software Update
2009-01-11 18:17 --------- d-----w c:\program files\Fichiers communs\Apple
2009-01-11 18:15 --------- d-----w c:\program files\QuickTime
2009-01-11 18:15 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\Apple Computer
2009-01-11 16:46 --------- d-----w c:\program files\ma-config.com
2009-01-11 16:46 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
2008-12-21 11:04 202,040 ----a-w c:\windows\system32\PnkBstrB.exe
2008-12-21 11:04 137,688 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-18 09:35 --------- d-----w c:\program files\Trend Micro
2008-12-17 14:25 --------- d-----w c:\program files\Windows Live Toolbar
2008-12-17 14:25 --------- d-----w c:\program files\Windows Live
2008-12-17 14:24 --------- d-----w c:\program files\Microsoft Sync Framework
2008-12-17 14:22 --------- d-----w c:\program files\Microsoft
2008-12-17 14:21 --------- d-----w c:\program files\Windows Live SkyDrive
2008-12-17 14:12 --------- d-----w c:\program files\Fichiers communs\Windows Live
2008-12-16 14:18 --------- d-----w c:\program files\Java
2008-12-13 06:37 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-12-04 23:11 308,584 ----a-w c:\windows\WLXPGSS.SCR
2008-12-04 20:05 --------- d-----w c:\program files\Fichiers communs\Borland Shared
2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
2008-11-10 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-06-03 17:55 22,328 ----a-w c:\documents and settings\HP_Propriétaire\Application Data\PnkBstrK.sys
2006-08-07 08:25 278,528 ----a-w c:\program files\Fichiers communs\FDEUnInstaller.exe
2004-07-22 09:51 3,432,656 ----a-w c:\program files\ManagedDX.CAB
2004-07-19 21:58 1,156,363 ----a-w c:\program files\BDANT.cab
2004-07-19 21:53 976,020 ----a-w c:\program files\BDAXP.cab
2004-07-09 13:17 13,265,040 ----a-w c:\program files\dxnt.cab
2004-07-09 08:13 703,080 -c--a-w c:\program files\BDA.cab
2004-07-09 08:13 15,493,481 ----a-w c:\program files\DirectX.cab
2004-07-09 03:08 472,576 ----a-w c:\program files\dxsetup.exe
2004-07-09 03:08 2,242,560 ----a-w c:\program files\dsetup32.dll
2004-07-09 02:03 62,976 ----a-w c:\program files\DSETUP.dll
2008-10-12 09:14 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008101220081013\index.dat
.

((((((((((((((((((((((((((((( snapshot_2009-01-23_19.55.01.92 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-26 17:21:30 1,236,208 ----a-w c:\windows\system32\aswBoot.exe
+ 2008-11-26 17:15:10 97,480 ----a-w c:\windows\system32\AvastSS.scr
+ 2008-11-26 17:15:35 26,944 ----a-w c:\windows\system32\drivers\aavmker4.sys
+ 2008-11-26 17:17:25 20,560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys
+ 2008-11-26 17:18:25 93,296 ----a-w c:\windows\system32\drivers\aswmon.sys
+ 2008-11-26 17:18:18 94,032 ----a-w c:\windows\system32\drivers\aswmon2.sys
+ 2008-11-26 17:16:29 23,152 ----a-w c:\windows\system32\drivers\aswRdr.sys
+ 2008-11-26 17:17:36 111,184 ----a-w c:\windows\system32\drivers\aswSP.sys
+ 2008-11-26 17:16:38 50,864 ----a-w c:\windows\system32\drivers\aswTdi.sys
- 2008-02-23 02:38:33 43,872 ----a-w c:\windows\system32\drivers\pxhelp20.sys
+ 2008-07-31 22:17:04 43,872 ----a-w c:\windows\system32\drivers\pxhelp20.sys
+ 2005-08-26 05:00:00 20,992 ----a-w c:\windows\system32\spool\PRTPROCS\W32X86\CNMPD79.DLL
+ 2005-08-26 05:00:00 59,392 ----a-w c:\windows\system32\spool\PRTPROCS\W32X86\CNMPP79.DLL
+ 2009-02-03 08:06:18 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5dc.dat
+ 2009-02-03 08:06:38 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7c8.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P_.dll" [2008-11-23 1784856]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
2008-11-23 23:03 1784856 --a------ c:\program files\P2P_Energy\tbP2P_.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P_.dll" [2008-11-23 1784856]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-26 68856]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"AdobeUpdater"="c:\program files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2008-11-27 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 61440]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-13 339968]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-02-16 185632]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-02 13570048]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-02 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-01-14 399504]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 c:\windows\system32\Hdaudpropshortcut.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
"nwiz"="nwiz.exe" [2008-08-02 c:\windows\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 c:\windows\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 c:\windows\ALCWZRD.EXE]

c:\documents and settings\HP_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 258048]
Hyperappel de l'Encyclop‚die Universelle Larousse.lnk - c:\program files\Larousse\Encyclop‚die Universelle Larousse\Bin\hyperappel.exe [2007-04-01 53248]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.l3codec"= l3codecp.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-23 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-23 20560]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2008-08-10 170640]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-08-10 15504]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-12-19 195752]
S3 ZSMC0305;VIMICRO USB PC Camera V;c:\windows\system32\drivers\usbVM305.sys [2007-10-12 392316]
.
Contenu du dossier 'Tâches planifiées'

2009-01-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe

.
------- Examen supplémentaire -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://orange.fr/
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop
mWindow Title =
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/go/mypcchoice
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Rechercher avec Voila - file://c:\program files\WANADOO_TOOLBAR\Cache\SelectedContextSearch.htm
DPF: {48DF87EE-F2DE-11D8-BE7F-302050C10815} - hxxp://www.flygimp.com/loadergimp_fr.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
DPF: {76A2A0AB-38B7-46DB-8E47-F10CDE4D7920} - hxxp://sallevirtuelle.cotesdarmor.fr/ecwplugins/NCS.cab
DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_1_0_4.cab
FF - ProfilePath - c:\documents and settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\1s3l3iqb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://search.orbitdownloader.com
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-03 09:51:26
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\EN]
@DACL=(02 0000)
"OnLineServicesDirName"="Online Services"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\FR]
@DACL=(02 0000)
"OnLineServicesDirName"="Services en ligne"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\MX]
@DACL=(02 0000)
"OnLineServicesDirName"="Servicios en línea"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\NL]
@DACL=(02 0000)
"OnLineServicesDirName"="Online Services"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\NW]
@DACL=(02 0000)
"OnLineServicesDirName"="Online tjenster"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\SP]
@DACL=(02 0000)
"OnLineServicesDirName"="Servicios en línea"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\SW]
@DACL=(02 0000)
"OnLineServicesDirName"="Online tjänster"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\UK]
@DACL=(02 0000)
"OnLineServicesDirName"="Online services"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\US]
@DACL=(02 0000)
"OnLineServicesDirName"="Online Services"

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Internet Explorer\Toolbar\Explorer]
@DACL=(02 0000)
@SACL=
"ITBarLayout"=hex:11,00,00,00,4c,00,00,00,00,00,00,00,24,00,00,00,19,00,00,00,
3e,00,00,00,01,00,00,00,20,07,00,00,a0,0f,00,00,05,00,00,00,62,05,00,00,26,\

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
@DACL=(02 0000)
@SACL=
"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}"=hex:28,7e,84,b2,7d,5d,eb,4d,8b,67,05,
d2,8b,cf,79,f5
"{0E5CBF21-D15F-11D0-8301-00AA005B4383}"=hex:21,bf,5c,0e,5f,d1,d0,11,83,01,00,
aa,00,5b,43,83,22,00,1c,00,08,00,00,00,06,00,00,00,01,00,00,00,00,00,00,00,\
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}"=hex:81,45,e0,01,ee,4e,d0,11,bf,e9,00,
aa,00,5b,43,83,10,00,00,00,00,00,00,00,01,e0,32,f4,01,00,00,00
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:32,bd,99,ef,fb,c1,d2,11,89,2f,00,
90,27,1d,4f,88
"{4E7BD74F-2B8D-469E-8FB0-B921F5DBF922}"=hex:4f,d7,7b,4e,8d,2b,9e,46,8f,b0,b9,
21,f5,db,f9,22
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"=hex:bf,d1,cd,42,fb,3f,38,42,8a,d1,78,
59,df,00,b1,d6
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"=hex:ad,1d,ad,bd,46,c9,17,4a,ad,c1,64,
b5,b4,ff,55,d0
"{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}"=hex:41,fe,4f,bc,9f,de,fa,46,b4,55,aa,
d4,9b,9f,99,38,7b,41,36,39,45,39,36,31,45,2d,42,37,37,32,2d,34,39,66,36,2d,\
"{71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7}"=hex:f7,ac,b6,71,0f,4f,d8,4f,bb,69,6d,
1a,4d,27,1c,b7
"ITBar7Layout"=hex:13,00,00,00,00,00,00,00,00,00,00,00,30,00,00,00,10,00,04,00,
2b,00,00,00,01,00,00,00,00,07,00,00,5e,01,00,00,08,00,00,00,41,07,00,00,00,\
"ITBarLayout"=hex:11,00,00,00,4c,00,00,00,00,00,00,00,34,00,00,00,1f,00,1e,00,
bd,00,00,00,01,00,00,00,20,07,00,00,a0,0f,00,00,05,00,00,00,62,05,00,00,26,\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:b1,c2,18,23,65,49,d4,11,9b,18,00,
90,27,a5,cd,4f

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\OpenWithProgids]
@DACL=(02 0000)
@SACL=
"Paint.Picture"=hex(0):
"NeroPhotoSnapViewer.Files7.bmp"=hex(0):

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\OpenWithProgids]
@DACL=(02 0000)
@SACL=
"giffile"=hex(0):
"NeroPhotoSnapViewer.Files7.gif"=hex(0):

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\OpenWithProgids]
@DACL=(02 0000)
@SACL=
"icofile"=hex(0):
"NeroPhotoSnapViewer.Files7.ico"=hex(0):

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\OpenWithProgids]
@DACL=(02 0000)
@SACL=
"pjpegfile"=hex(0):
"NeroPhotoSnapViewer.Files7.jfif"=hex(0):

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\OpenWithProgids]
@DACL=(02 0000)
@SACL=
"jpegfile"=hex(0):
"NeroPhotoSnapViewer.Files7.jpeg"=hex(0):

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithProgids]
@DACL=(02 0000)
@SACL=
"jpegfile"=hex(0):
"NeroPhotoSnapViewer.Files7.jpg"=hex(0):

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\OpenWithProgids]
@DACL=(02 0000)
@SACL=
"pngfile"=hex(0):
"NeroPhotoSnapViewer.Files7.png"=hex(0):

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\OpenWithProgids]
@DACL=(02 0000)
@SACL=
"TIFImage.Document"=hex(0):
"NeroPhotoSnapViewer.Files7.tif"=hex(0):

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\OpenWithProgids]
@DACL=(02 0000)
@SACL=
"TIFImage.Document"=hex(0):
"NeroPhotoSnapViewer.Files7.tiff"=hex(0):

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\OpenWithProgids]
@DACL=(02 0000)
@SACL=
"wmffile"=hex(0):
"NeroPhotoSnapViewer.Files7.wmf"=hex(0):

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\[u]0/u]
@DACL=(02 0000)
@SACL=
"ViewView2"=hex:1c,00,00,00,05,00,00,00,00,00,00,00,00,00,a4,00,00,00,00,00,01,
00,00,00,ff,ff,ff,ff,f0,f0,f0,f0,14,00,03,00,a4,00,00,00,00,00,00,00,30,00,\

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\Desktop]
@DACL=(02 0000)
@SACL=
"Toolbars"=hex:11,00,00,00,00,00,00,00
"TaskbarWinXP"=hex:0c,00,00,00,08,00,00,00,02,00,00,00,00,00,00,00,aa,4f,28,68,
48,6a,d0,11,8c,78,00,c0,4f,d9,18,b4,90,03,00,00,60,0d,00,00,00,00,00,00,1e,\
"Upgrade"=dword:00000001

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\Shell\Bags\1]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0/u]
@DACL=(02 0000)
@SACL=
"NodeSlot"=dword:00000001
"MRUListEx"=hex:01,00,00,00,00,00,00,00,06,00,00,00,02,00,00,00,03,00,00,00,09,
00,00,00,07,00,00,00,04,00,00,00,0c,00,00,00,0b,00,00,00,0a,00,00,00,08,00,\
"0"=hex:14,00,2e,00,20,20,ec,21,ea,3a,69,10,a2,dd,08,00,2b,30,30,9d,00,00
"1"=hex:19,00,2f,43,3a,5c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00
"2"=hex:32,00,2e,00,0c,00,00,00,00,00,00,00,00,00,00,00,00,00,74,1a,59,5e,96,
df,d3,48,8d,67,17,33,bc,ee,28,ba,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,\
"3"=hex:52,00,2e,00,2c,00,02,00,00,00,48,00,50,00,5f,00,50,00,72,00,6f,00,70,
00,72,00,69,00,e9,00,74,00,61,00,69,00,72,00,65,00,00,00,00,00,00,00,00,00,\
"4"=hex:29,00,2f,45,3a,5c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
01,01,05,8a,eb,fb,ee,be,42,44,80,4e,40,9d,6c,45,15,e9,00,00
"5"=hex:19,00,2f,45,3a,5c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00
"6"=hex:19,00,2f,4b,3a,5c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00
"7"=hex:19,00,2f,4c,3a,5c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00
"8"=hex:6e,01,2e,00,48,01,26,03,15,03,01,00,00,00,48,00,00,00,7b,00,36,00,42,
00,44,00,44,00,31,00,46,00,43,00,36,00,2d,00,38,00,31,00,30,00,46,00,2d,00,\
"9"=hex:14,00,2e,80,4a,b6,9f,fc,b2,1e,cf,4c,af,5e,1a,49,7a,9b,5c,2d,00,00
"10"=hex:19,00,2f,4d,3a,5c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00
"11"=hex:70,01,2e,00,4a,01,06,20,31,08,03,00,00,00,00,00,00,00,00,00,00,00,84,
00,00,00,01,00,00,00,14,00,00,00,3d,00,00,00,00,00,41,00,70,00,70,00,61,00,\
"12"=hex:19,00,2f,44,3a,5c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0/u\[u]0/u]
@DACL=(02 0000)
"NodeSlot"=dword:00000002
"MRUListEx"=hex:00,00,00,00,01,00,00,00,02,00,00,00,05,00,00,00,03,00,00,00,06,
00,00,00,04,00,00,00,ff,ff,ff,ff
"0"=hex:1e,00,71,2d,00,00,00,00,00,00,00,00,00,00,80,a2,27,22,ea,3a,69,10,a2,
de,08,00,2b,30,30,9d,00,00
"1"=hex:1e,00,71,80,00,00,00,00,00,00,00,00,00,00,c7,ac,07,70,02,32,d1,11,aa,
d2,00,80,5f,c1,27,0e,00,00
"2"=hex:1e,00,71,80,00,00,00,00,00,00,00,00,00,00,e1,a4,0e,d2,57,39,d2,11,a4,
0b,0c,50,20,52,41,53,00,00
"3"=hex:1e,00,71,80,00,00,00,00,00,00,00,00,00,00,90,79,27,d6,6a,4c,cf,11,8d,
87,00,aa,00,60,f5,bf,00,00
"4"=hex:1e,00,71,80,00,00,00,00,00,00,00,00,00,00,b4,67,01,64,b0,59,a6,47,b3,
35,a6,b3,c0,69,5a,ea,00,00
"5"=hex:1e,00,71,80,00,00,00,00,00,00,00,00,00,00,36,b7,11,e2,fd,43,d1,11,9e,
fb,00,00,f8,75,7f,cd,00,00
"6"=hex:1e,00,71,80,00,00,00,00,00,00,00,00,00,00,e1,a4,0e,d2,57,39,d2,11,a4,
0b,0c,50,20,52,41,52,00,00

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0/u\1\[u]0/u\[u]0/u]
@DACL=(02 0000)
"0"=hex:52,00,35,00,00,00,00,00,21,32,d8,a3,10,00,4d,00,65,00,6e,00,75,00,20,
00,44,00,e9,00,6d,00,61,00,32,00,03,00,04,00,ef,be,79,31,30,1b,1b,33,34,4b,\
"MRUListEx"=hex:00,00,00,00,01,00,00,00,02,00,00,00,05,00,00,00,04,00,00,00,03,
00,00,00,ff,ff,ff,ff
"1"=hex:42,00,31,00,00,00,00,00,1b,33,78,4b,10,00,44,4f,43,55,4d,45,7e,31,00,
00,2a,00,03,00,04,00,ef,be,79,31,2a,1b,24,33,34,44,14,00,00,00,44,00,6f,00,\
"NodeSlot"=dword:000000ab
"2"=hex:50,00,31,00,00,00,00,00,85,33,2e,67,10,00,41,50,50,4c,49,43,7e,31,00,
00,38,00,03,00,04,00,ef,be,79,31,23,1b,2b,34,04,7c,14,00,00,00,41,00,70,00,\
"3"=hex:3a,00,31,00,00,00,00,00,91,33,3d,74,10,00,42,75,72,65,61,75,00,00,24,
00,03,00,04,00,ef,be,78,31,ae,0c,2b,34,10,7c,14,00,00,00,42,00,75,00,72,00,\
"4"=hex:3c,00,31,00,00,00,00,00,78,31,ae,0c,10,00,46,61,76,6f,72,69,73,00,26,
00,03,00,04,00,ef,be,78,31,ae,0c,2b,34,86,7d,14,00,00,00,46,00,61,00,76,00,\
"5"=hex:46,00,35,00,00,00,00,00,78,31,af,0c,10,00,4d,00,6f,00,64,00,e8,00,6c,
00,65,00,73,00,00,00,61,00,26,00,03,00,04,00,ef,be,78,31,af,0c,22,36,d3,6a,\

titeuf1234 Messages postés 282 Statut Membre 7

voici la suite 2.2

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0[/u]\1\[u]0[/u]\1]
@DACL=(02 0000)
"0"=hex:3a,00,31,00,00,00,00,00,1b,33,6a,8c,10,00,42,75,72,65,61,75,00,00,24,
00,03,00,04,00,ef,be,1a,33,4a,af,1b,33,6a,8c,14,00,00,00,42,00,75,00,72,00,\
"MRUListEx"=hex:02,00,00,00,00,00,00,00,07,00,00,00,05,00,00,00,01,00,00,00,06,
00,00,00,04,00,00,00,0a,00,00,00,0f,00,00,00,0d,00,00,00,0c,00,00,00,08,00,\
"NodeSlot"=dword:00000018
"1"=hex:4a,00,31,00,00,00,00,00,1b,33,65,8e,10,00,4d,45,4e,55,44,4d,7e,31,00,
00,32,00,03,00,04,00,ef,be,1a,33,4a,af,1c,33,06,7f,14,00,00,00,4d,00,65,00,\
"2"=hex:74,00,31,00,00,00,00,00,1c,33,5c,6d,11,00,4d,45,53,44,4f,43,7e,31,00,
00,32,00,03,00,04,00,ef,be,1a,33,4a,af,1c,33,06,7f,14,00,00,00,4d,00,65,00,\
"3"=hex:3c,00,31,00,00,00,00,00,79,31,41,1b,14,00,43,6f,6f,6b,69,65,73,00,26,
00,03,00,04,00,ef,be,1a,33,4a,af,1c,33,06,7f,14,00,00,00,43,00,6f,00,6f,00,\
"4"=hex:50,00,31,00,00,00,00,00,1c,33,5c,6d,10,00,41,50,50,4c,49,43,7e,31,00,
00,38,00,03,00,04,00,ef,be,1a,33,4a,af,1c,33,06,7f,14,00,00,00,41,00,70,00,\
"5"=hex:52,00,31,00,00,00,00,00,00,00,00,00,10,00,4c,6f,63,61,6c,20,53,65,74,
74,69,6e,67,73,00,00,34,00,03,00,04,00,ef,be,00,00,00,00,00,00,00,00,14,00,\
"6"=hex:4e,00,31,00,00,00,00,00,70,34,e1,ac,13,00,52,65,63,65,6e,74,00,00,38,
00,03,00,04,00,ef,be,1a,33,66,af,70,34,e1,ac,14,00,22,00,52,00,65,00,63,00,\
"7"=hex:50,00,31,00,00,00,00,00,7e,34,70,97,11,00,46,61,76,6f,72,69,73,00,3a,
00,03,00,04,00,ef,be,1a,33,4a,af,2e,35,44,4e,14,00,24,00,46,00,61,00,76,00,\
"8"=hex:3a,00,31,00,00,00,00,00,79,31,4a,1b,10,00,53,65,6e,64,54,6f,00,00,24,
00,03,00,04,00,ef,be,1a,33,4a,af,2e,35,d6,45,14,00,00,00,53,00,65,00,6e,00,\
"9"=hex:40,00,31,00,00,00,00,00,25,33,10,5e,14,00,55,73,65,72,44,61,74,61,00,
00,28,00,03,00,04,00,ef,be,25,33,10,5e,2d,35,37,8a,14,00,00,00,55,00,73,00,\
"10"=hex:3c,00,31,00,00,00,00,00,21,32,e2,a4,10,00,57,49,4e,44,4f,57,53,00,26,
00,03,00,04,00,ef,be,1a,33,4a,af,2d,35,37,8a,14,00,00,00,57,00,49,00,4e,00,\
"11"=hex:40,00,31,00,00,00,00,00,2b,35,da,98,10,00,43,6f,6e,74,61,63,74,73,00,
00,28,00,03,00,04,00,ef,be,2b,35,3b,93,7e,35,f8,8a,14,00,00,00,43,00,6f,00,\
"12"=hex:3a,00,31,00,00,00,00,00,45,36,09,b0,10,00,53,68,61,72,65,64,00,00,24,
00,03,00,04,00,ef,be,45,36,ae,81,45,36,09,b0,14,00,00,00,53,00,68,00,61,00,\
"13"=hex:42,00,31,00,00,00,00,00,45,36,89,b1,10,00,4c,49,4d,45,57,49,7e,31,00,
00,2a,00,03,00,04,00,ef,be,45,36,57,81,47,36,61,0d,14,00,00,00,2e,00,6c,00,\
"14"=hex:3e,00,31,00,00,00,00,00,41,32,f5,3d,10,00,4d,4f,44,4c,45,53,7e,31,00,
00,26,00,03,00,04,00,ef,be,1a,33,4a,af,57,36,6f,58,14,00,00,00,4d,00,6f,00,\
"15"=hex:44,00,31,00,00,00,00,00,91,36,cb,4b,10,00,49,4e,43,4f,4d,50,7e,31,00,
00,2c,00,03,00,04,00,ef,be,45,36,ae,81,91,36,41,65,14,00,00,00,49,00,6e,00,\

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0[/u]\1\[u]0[/u]\2]
@DACL=(02 0000)
"NodeSlot"=dword:0000003f
"MRUListEx"=hex:01,00,00,00,05,00,00,00,04,00,00,00,08,00,00,00,02,00,00,00,00,
00,00,00,07,00,00,00,06,00,00,00,03,00,00,00,ff,ff,ff,ff
"0"=hex:4a,00,31,00,00,00,00,00,21,32,c2,a8,10,00,4d,45,53,44,4f,43,7e,31,00,
00,32,00,03,00,04,00,ef,be,78,31,af,0c,53,33,bc,9e,14,00,00,00,4d,00,65,00,\
"1"=hex:50,00,31,00,00,00,00,00,21,32,2c,a7,10,00,41,50,50,4c,49,43,7e,31,00,
00,38,00,03,00,04,00,ef,be,79,31,31,1b,2b,34,86,7d,14,00,00,00,41,00,70,00,\
"2"=hex:3c,00,31,00,00,00,00,00,79,31,41,1b,14,00,43,6f,6f,6b,69,65,73,00,26,
00,03,00,04,00,ef,be,79,31,32,1b,2b,34,86,7d,14,00,00,00,43,00,6f,00,6f,00,\
"3"=hex:52,00,35,00,00,00,00,00,79,31,45,1b,10,00,4d,00,65,00,6e,00,75,00,20,
00,44,00,e9,00,6d,00,61,00,32,00,03,00,04,00,ef,be,79,31,35,1b,2b,34,86,7d,\
"4"=hex:3a,00,31,00,00,00,00,00,79,31,49,1b,10,00,52,65,63,65,6e,74,00,00,24,
00,03,00,04,00,ef,be,78,31,af,0c,2b,34,86,7d,14,00,00,00,52,00,65,00,63,00,\
"5"=hex:3c,00,31,00,00,00,00,00,21,32,e2,a4,10,00,57,49,4e,44,4f,57,53,00,26,
00,03,00,04,00,ef,be,1a,33,12,af,2b,34,86,7d,14,00,00,00,57,00,49,00,4e,00,\
"6"=hex:3a,00,31,00,00,00,00,00,79,31,4a,1b,10,00,53,65,6e,64,54,6f,00,00,24,
00,03,00,04,00,ef,be,79,31,38,1b,64,36,18,43,14,00,00,00,53,00,65,00,6e,00,\
"7"=hex:3a,00,31,00,00,00,00,00,21,32,46,a5,10,00,42,75,72,65,61,75,00,00,24,
00,03,00,04,00,ef,be,78,31,af,0c,6c,36,31,6b,14,00,00,00,42,00,75,00,72,00,\
"8"=hex:3c,00,31,00,00,00,00,00,1a,33,65,af,10,00,46,61,76,6f,72,69,73,00,26,
00,03,00,04,00,ef,be,79,31,32,1b,64,36,18,43,14,00,00,00,46,00,61,00,76,00,\

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0[/u]\1\[u]0[/u]\3]
@DACL=(02 0000)
"NodeSlot"=dword:000001c1
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:4c,00,31,00,00,00,00,00,f7,34,10,ac,10,00,4c,4f,43,41,4c,53,7e,31,00,
00,34,00,03,00,04,00,ef,be,f7,34,10,ac,22,36,d4,6a,14,00,00,00,4c,00,6f,00,\

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0[/u]\1\1]
@DACL=(02 0000)
"0"=hex:54,00,31,00,00,00,00,00,21,32,ba,70,10,00,4d,55,56,45,45,54,7e,31,00,
00,3c,00,03,00,04,00,ef,be,21,32,ba,70,21,32,ba,70,14,00,00,00,6d,00,75,00,\
"MRUListEx"=hex:16,00,00,00,09,00,00,00,4b,00,00,00,14,00,00,00,0d,00,00,00,51,
00,00,00,25,00,00,00,1f,00,00,00,0c,00,00,00,07,00,00,00,0b,00,00,00,08,00,\
"NodeSlot"=dword:00000019
"1"=hex:3c,00,31,00,00,00,00,00,1b,33,a5,8c,10,00,64,69,72,65,63,74,78,00,26,
00,03,00,04,00,ef,be,1b,33,a5,8c,1c,33,37,7f,14,00,00,00,64,00,69,00,72,00,\
"2"=hex:2e,00,31,00,00,00,00,00,21,32,98,a3,10,00,48,50,00,00,1c,00,03,00,04,
00,ef,be,21,32,d4,a2,1c,33,06,7f,14,00,00,00,48,00,50,00,00,00,12,00,00,00
"3"=hex:40,00,31,00,00,00,00,00,1b,33,97,8c,10,00,55,42,49,53,4f,46,7e,31,00,
00,28,00,03,00,04,00,ef,be,1b,33,97,8c,1c,33,06,7f,14,00,00,00,55,00,62,00,\
"4"=hex:40,00,31,00,00,00,00,00,4c,33,ad,99,10,00,41,50,50,53,54,4d,7e,31,00,
00,28,00,03,00,04,00,ef,be,4c,33,ad,99,4c,33,ae,99,14,00,00,00,41,00,70,00,\
"5"=hex:34,00,31,00,00,00,00,00,2a,33,0a,92,10,00,44,69,76,58,00,00,20,00,03,
00,04,00,ef,be,2a,33,fd,91,53,33,4f,9e,14,00,00,00,44,00,69,00,76,00,58,00,\
"6"=hex:5a,00,31,00,00,00,00,00,2a,33,22,9d,10,00,44,49,56,58,56,49,7e,31,00,
00,42,00,03,00,04,00,ef,be,23,33,8b,96,53,33,4f,9e,14,00,00,00,44,00,69,00,\
"7"=hex:58,00,31,00,00,00,00,00,1c,33,09,68,10,00,56,33,37,38,35,44,7e,31,00,
00,40,00,03,00,04,00,ef,be,1c,33,20,67,4e,33,19,99,14,00,00,00,56,00,33,00,\
"8"=hex:3c,00,31,00,00,00,00,00,4e,33,44,99,10,00,55,62,69,73,6f,66,74,00,26,
00,03,00,04,00,ef,be,4e,33,8a,98,56,33,29,93,14,00,00,00,55,00,62,00,69,00,\
"9"=hex:50,00,31,00,00,00,00,00,2e,33,a0,7c,10,00,46,49,43,48,49,45,7e,31,00,
00,38,00,03,00,04,00,ef,be,79,31,56,1b,56,33,db,a5,14,00,00,00,46,00,69,00,\
"10"=hex:54,00,31,00,00,00,00,00,1c,33,10,6f,10,00,41,4e,55,4d,41,4e,7e,31,00,
00,3c,00,03,00,04,00,ef,be,1c,33,10,6f,56,33,ec,a6,14,00,00,00,41,00,6e,00,\
"11"=hex:5a,00,31,00,00,00,00,00,78,31,b7,0c,10,00,55,4e,49,4e,53,54,7e,31,00,
00,42,00,03,00,04,00,ef,be,78,31,b7,0c,56,33,e9,ab,14,00,00,00,55,00,6e,00,\
"12"=hex:40,00,31,00,00,00,00,00,2c,34,c0,9d,10,00,56,69,64,65,6f,4c,41,4e,00,
00,28,00,03,00,04,00,ef,be,2c,34,c0,9d,30,34,f8,a2,14,00,00,00,56,00,69,00,\
"13"=hex:58,00,31,00,00,00,00,00,85,33,3c,68,10,00,57,49,4e,44,4f,57,7e,31,00,
00,40,00,03,00,04,00,ef,be,79,31,78,1b,36,34,0a,7b,14,00,00,00,57,00,69,00,\
"14"=hex:34,00,31,00,00,00,00,00,4b,34,d0,8c,10,00,4e,65,72,6f,00,00,20,00,03,
00,04,00,ef,be,4b,34,d0,8c,55,34,57,75,14,00,00,00,4e,00,65,00,72,00,6f,00,\
"15"=hex:e3,00,31,00,00,00,00,00,21,32,96,a8,10,00,41,54,49,54,45,43,7e,31,00,
00,38,00,03,00,04,00,ef,be,21,32,96,a8,62,34,18,4f,14,00,00,00,41,00,54,00,\
"16"=hex:42,00,31,00,00,00,00,00,50,34,4f,74,10,00,32,4b,53,50,4f,52,7e,31,00,
00,2a,00,03,00,04,00,ef,be,50,34,4f,74,62,34,18,4f,14,00,00,00,32,00,4b,00,\
"17"=hex:3a,00,31,00,00,00,00,00,23,33,aa,96,10,00,4d,6f,72,67,61,6e,00,00,24,
00,03,00,04,00,ef,be,23,33,aa,96,62,34,18,4f,14,00,00,00,4d,00,6f,00,72,00,\
"18"=hex:5a,00,31,00,00,00,00,00,00,00,00,00,10,00,53,65,72,76,69,63,65,73,20,
65,6e,20,6c,69,67,6e,65,00,3a,00,03,00,04,00,ef,be,00,00,00,00,00,00,00,00,\
"19"=hex:4e,00,31,00,00,00,00,00,52,34,fa,79,10,00,4d,49,43,52,4f,53,7e,34,00,
00,36,00,03,00,04,00,ef,be,57,33,83,70,92,34,50,9e,14,00,00,00,4d,00,69,00,\
"20"=hex:44,00,31,00,00,00,00,00,41,32,f6,3d,10,00,57,49,4e,44,4f,57,7e,32,00,
00,2c,00,03,00,04,00,ef,be,79,31,7a,1b,99,34,a4,82,14,00,00,00,57,00,69,00,\
"21"=hex:5c,00,31,00,00,00,00,00,92,34,cf,b3,10,00,57,49,4e,44,4f,57,7e,34,00,
00,44,00,03,00,04,00,ef,be,92,34,cf,b3,99,34,a4,82,14,00,00,00,57,00,69,00,\
"22"=hex:36,00,31,00,00,00,00,00,9a,34,e8,b3,10,00,65,4d,75,6c,65,00,22,00,03,
00,04,00,ef,be,8f,34,ad,49,9b,34,eb,21,14,00,00,00,65,00,4d,00,75,00,6c,00,\
"23"=hex:4a,00,31,00,00,00,00,00,83,34,d1,95,10,00,4d,53,4e,4d,45,53,7e,31,00,
00,32,00,03,00,04,00,ef,be,83,34,d0,95,a2,34,15,80,14,00,00,00,4d,00,53,00,\
"24"=hex:3c,00,31,00,00,00,00,00,99,34,0a,82,10,00,75,62,69,2e,63,6f,6d,00,26,
00,03,00,04,00,ef,be,94,34,50,84,ab,34,a4,48,14,00,00,00,75,00,62,00,69,00,\
"25"=hex:4c,00,31,00,00,00,00,00,ac,34,65,7e,10,00,50,41,54,43,48,52,7e,31,2e,
34,35,00,32,00,03,00,04,00,ef,be,ab,34,2b,9c,ac,34,65,7e,14,00,00,00,50,00,\
"26"=hex:5a,00,31,00,00,00,00,00,85,34,c5,98,10,00,50,43,2d,44,4f,43,7e,31,00,
00,42,00,03,00,04,00,ef,be,21,32,7b,a5,ac,34,ef,78,14,00,00,00,50,00,43,00,\
"27"=hex:4e,00,31,00,00,00,00,00,b0,34,5d,59,10,00,49,4e,53,54,41,4c,7e,32,00,
00,36,00,03,00,04,00,ef,be,b0,34,d7,58,bd,34,89,3b,14,00,00,00,49,00,6e,00,\
"28"=hex:3c,00,31,00,00,00,00,00,b5,34,99,85,10,00,53,61,6d,73,75,6e,67,00,26,
00,03,00,04,00,ef,be,b5,34,99,85,c2,34,c6,4b,14,00,00,00,53,00,61,00,6d,00,\
"29"=hex:52,00,31,00,00,00,00,00,d5,34,1a,80,10,00,49,4e,54,45,52,4e,7e,31,00,
00,3a,00,03,00,04,00,ef,be,79,31,63,1b,e6,34,26,59,14,00,00,00,49,00,6e,00,\
"30"=hex:44,00,31,00,00,00,00,00,b0,34,4f,5a,10,00,4d,4f,4e,50,52,4f,7e,31,00,
00,2c,00,03,00,04,00,ef,be,b0,34,4e,5a,e6,34,26,59,14,00,00,00,4d,00,6f,00,\
"31"=hex:3c,00,31,00,00,00,00,00,e6,34,bd,59,10,00,57,61,6e,61,64,6f,6f,00,26,
00,03,00,04,00,ef,be,7e,34,70,80,e6,34,c0,59,14,00,00,00,57,00,61,00,6e,00,\
"32"=hex:4e,00,31,00,00,00,00,00,97,34,79,6a,10,00,57,41,4e,41,44,4f,7e,32,00,
00,36,00,03,00,04,00,ef,be,94,34,57,62,e6,34,7a,59,14,00,00,00,77,00,61,00,\
"33"=hex:46,00,31,00,00,00,00,00,22,35,45,79,10,00,54,52,45,4e,44,4d,7e,31,00,
00,2e,00,03,00,04,00,ef,be,22,35,45,79,2c,35,c7,8e,14,00,00,00,54,00,72,00,\
"34"=hex:40,00,31,00,00,00,00,00,2c,35,44,9b,10,00,4c,61,76,61,73,6f,66,74,00,
00,28,00,03,00,04,00,ef,be,2c,35,44,9b,2c,35,44,9b,14,00,00,00,4c,00,61,00,\
"35"=hex:42,00,31,00,00,00,00,00,85,34,c4,98,10,00,4d,45,53,53,45,4e,7e,31,00,
00,2a,00,03,00,04,00,ef,be,79,31,64,1b,38,35,e6,72,14,00,00,00,4d,00,65,00,\
"36"=hex:48,00,31,00,00,00,00,00,a4,34,93,84,10,00,54,48,52,55,53,54,7e,31,00,
00,30,00,03,00,04,00,ef,be,a4,34,93,84,3c,35,e6,7e,14,00,00,00,54,00,68,00,\
"37"=hex:50,00,31,00,00,00,00,00,85,34,c5,98,10,00,57,41,4e,41,44,4f,7e,31,00,
00,38,00,03,00,04,00,ef,be,84,34,b3,2d,3c,35,01,81,14,00,00,00,57,00,61,00,\
"38"=hex:40,00,31,00,00,00,00,00,af,34,4a,6f,10,00,45,41,47,41,4d,45,7e,31,00,
00,28,00,03,00,04,00,ef,be,7a,33,b7,56,3c,35,e7,7e,14,00,00,00,45,00,41,00,\
"39"=hex:36,00,31,00,00,00,00,00,21,32,58,a4,10,00,53,6f,6e,69,63,00,22,00,03,
00,04,00,ef,be,21,32,3a,a4,58,35,36,99,14,00,00,00,53,00,6f,00,6e,00,69,00,\
"40"=hex:36,00,31,00,00,00,00,00,32,34,97,95,10,00,48,4f,54,50,43,00,22,00,03,
00,04,00,ef,be,32,34,97,95,62,35,67,42,14,00,00,00,48,00,4f,00,54,00,50,00,\
"41"=hex:42,00,31,00,00,00,00,00,db,34,d8,6d,10,00,53,45,43,55,52,49,7e,31,00,
00,2a,00,03,00,04,00,ef,be,da,34,f1,41,62,35,d4,3d,14,00,00,00,53,00,65,00,\
"42"=hex:30,00,31,00,00,00,00,00,48,34,59,78,10,00,4d,53,4e,00,1e,00,03,00,04,
00,ef,be,79,31,68,1b,71,35,8a,90,14,00,00,00,4d,00,53,00,4e,00,00,00,12,00,\
"43"=hex:4e,00,31,00,00,00,00,00,79,31,6f,1b,10,00,4d,53,4e,47,41,4d,7e,31,00,
00,36,00,03,00,04,00,ef,be,79,31,6f,1b,71,35,8a,90,14,00,00,00,4d,00,53,00,\
"44"=hex:42,00,31,00,00,00,00,00,e7,34,75,5e,10,00,42,4c,41,43,4b,42,7e,31,00,
00,2a,00,03,00,04,00,ef,be,e7,34,75,5e,8a,35,46,44,14,00,00,00,42,00,6c,00,\
"45"=hex:3a,00,31,00,00,00,00,00,0d,35,b0,7c,10,00,43,6f,63,68,6f,6e,00,00,24,
00,03,00,04,00,ef,be,0d,35,b0,7c,9d,35,34,58,14,00,00,00,43,00,6f,00,63,00,\
"46"=hex:62,00,31,00,00,00,00,00,2d,35,b2,7d,10,00,53,50,59,42,4f,54,7e,31,00,
00,4a,00,03,00,04,00,ef,be,2d,35,d4,7a,9f,35,5c,4f,14,00,00,00,53,00,70,00,\
"47"=hex:40,00,31,00,00,00,00,00,45,36,8a,81,10,00,4c,69,6d,65,57,69,72,65,00,
00,28,00,03,00,04,00,ef,be,45,36,86,81,4d,36,f8,9b,14,00,00,00,4c,00,69,00,\
"48"=hex:5e,00,31,00,00,00,00,00,41,36,13,9c,10,00,57,49,34,44,46,36,7e,31,00,
00,46,00,03,00,04,00,ef,be,3c,36,ae,7c,63,36,a1,91,14,00,00,00,57,00,69,00,\
"49"=hex:40,00,31,00,00,00,00,00,36,36,00,68,10,00,49,6e,76,65,6e,74,65,6c,00,
00,28,00,03,00,04,00,ef,be,36,36,00,68,8a,36,8c,a0,14,00,00,00,49,00,6e,00,\
"50"=hex:4e,00,31,00,00,00,00,00,72,35,ef,03,10,00,45,4c,45,43,54,52,7e,31,00,
00,36,00,03,00,04,00,ef,be,72,35,ef,03,a6,36,58,44,14,00,00,00,45,00,6c,00,\
"51"=hex:42,00,31,00,00,00,00,00,c4,36,21,8c,10,00,45,41,53,50,4f,52,7e,31,00,
00,2a,00,03,00,04,00,ef,be,c4,36,21,8c,c4,36,21,8c,14,00,00,00,45,00,41,00,\
"52"=hex:4a,00,31,00,00,00,00,00,bd,36,1c,72,10,00,43,4f,53,4d,4f,53,7e,31,00,
00,32,00,03,00,04,00,ef,be,bd,36,1c,72,c4,36,0e,8d,14,00,00,00,43,00,6f,00,\
"53"=hex:54,00,31,00,00,00,00,00,2e,34,42,4a,10,00,45,4d,50,49,52,45,7e,31,00,
00,3c,00,03,00,04,00,ef,be,1b,33,3c,82,c4,36,22,8d,14,00,00,00,45,00,6d,00,\
"54"=hex:3a,00,31,00,00,00,00,00,23,33,a8,96,10,00,47,61,62,65,73,74,00,00,24,
00,03,00,04,00,ef,be,23,33,a8,96,c4,36,22,8d,14,00,00,00,47,00,61,00,62,00,\
"55"=hex:40,00,31,00,00,00,00,00,0d,35,f3,7b,10,00,47,49,52,4c,38,54,45,45,00,
00,28,00,03,00,04,00,ef,be,0d,35,f3,7b,c4,36,22,8d,14,00,00,00,47,00,49,00,\
"56"=hex:42,00,31,00,00,00,00,00,23,33,a9,96,10,00,41,43,33,46,49,4c,7e,31,00,
00,2a,00,03,00,04,00,ef,be,23,33,a9,96,c4,36,0e,8d,14,00,00,00,41,00,43,00,\
"57"=hex:36,00,31,00,00,00,00,00,63,36,11,8e,10,00,41,64,6f,62,65,00,22,00,03,
00,04,00,ef,be,21,32,8e,a4,c4,36,1d,8c,14,00,00,00,41,00,64,00,6f,00,62,00,\
"58"=hex:36,00,31,00,00,00,00,00,2b,33,ec,4a,10,00,41,68,65,61,64,00,22,00,03,
00,04,00,ef,be,2b,33,c4,4a,c4,36,22,8d,14,00,00,00,41,00,68,00,65,00,61,00,\
"59"=hex:3c,00,31,00,00,00,00,00,1c,33,3a,6d,10,00,41,72,63,53,6f,66,74,00,26,
00,03,00,04,00,ef,be,1c,33,3a,6d,c4,36,22,8d,14,00,00,00,41,00,72,00,63,00,\
"60"=hex:46,00,31,00,00,00,00,00,27,36,a4,9d,10,00,42,4f,4f,4e,54,59,7e,31,00,
00,2e,00,03,00,04,00,ef,be,22,36,38,7e,c4,36,22,8d,14,00,00,00,42,00,6f,00,\
"61"=hex:5a,00,31,00,00,00,00,00,c4,36,bc,74,10,00,54,48,45,41,44,56,7e,31,00,
00,42,00,03,00,04,00,ef,be,c4,36,bc,74,c4,36,22,8d,14,00,00,00,54,00,68,00,\
"62"=hex:56,00,31,00,00,00,00,00,43,36,e9,6b,10,00,54,48,45,42,49,54,7e,31,00,
00,3e,00,03,00,04,00,ef,be,43,36,e9,6b,c4,36,22,8d,14,00,00,00,54,00,68,00,\
"63"=hex:3c,00,31,00,00,00,00,00,22,35,50,a6,10,00,56,69,6d,69,63,72,6f,00,26,
00,03,00,04,00,ef,be,22,35,50,a6,c4,36,22,8d,14,00,00,00,56,00,69,00,6d,00,\
"64"=hex:64,00,31,00,00,00,00,00,cd,36,21,51,10,00,53,49,58,54,45,45,7e,31,00,
00,4c,00,03,00,04,00,ef,be,cd,36,21,51,cd,36,9c,5b,14,00,00,00,73,00,69,00,\
"65"=hex:4e,00,31,00,00,00,00,00,85,34,c4,98,10,00,4d,49,43,52,4f,53,7e,32,00,
00,36,00,03,00,04,00,ef,be,1b,33,0f,51,42,37,92,89,14,00,00,00,4d,00,69,00,\
"66"=hex:4a,00,31,00,00,00,00,00,72,36,d6,49,10,00,4d,41,52,49,4f,46,7e,31,00,
00,32,00,03,00,04,00,ef,be,71,36,6b,87,43,37,94,71,14,00,00,00,4d,00,61,00,\
"67"=hex:52,00,31,00,00,00,00,00,27,36,01,9e,10,00,44,45,53,54,52,4f,7e,31,00,
00,3a,00,03,00,04,00,ef,be,94,34,ce,83,43,37,f2,6c,14,00,00,00,44,00,65,00,\
"68"=hex:44,00,31,00,00,00,00,00,08,37,4a,6f,10,00,47,41,4d,45,53,48,7e,31,00,
00,2c,00,03,00,04,00,ef,be,07,37,99,a8,43,37,f1,a3,14,00,00,00,47,00,61,00,\
"69"=hex:3a,00,31,00,00,00,00,00,25,37,fb,76,10,00,47,6f,6f,67,6c,65,00,00,24,
00,03,00,04,00,ef,be,64,35,83,56,43,37,f1,a3,14,00,00,00,47,00,6f,00,6f,00,\
"70"=hex:42,00,31,00,00,00,00,00,dc,34,05,78,10,00,4e,4f,56,41,4c,4f,7e,31,00,
00,2a,00,03,00,04,00,ef,be,76,33,09,7d,43,37,25,a4,14,00,00,00,4e,00,6f,00,\
"71"=hex:5e,00,31,00,00,00,00,00,2e,34,e5,4a,10,00,52,45,44,53,54,4f,7e,31,00,
00,46,00,03,00,04,00,ef,be,29,33,71,7f,43,37,25,a4,14,00,00,00,52,00,65,00,\
"72"=hex:4a,00,31,00,00,00,00,00,86,34,cc,91,10,00,54,52,41,49,4e,44,7e,31,00,
00,32,00,03,00,04,00,ef,be,86,34,81,91,50,37,35,53,14,00,00,00,54,00,72,00,\
"73"=hex:5c,00,31,00,00,00,00,00,78,37,f6,9e,10,00,44,43,41,44,53,41,7e,31,00,
00,44,00,03,00,04,00,ef,be,78,37,6a,0f,79,37,4a,5f,14,00,00,00,44,00,63,00,\
"74"=hex:58,00,31,00,00,00,00,00,4b,37,4f,6a,10,00,57,49,4e,44,4f,57,7e,34,00,
00,40,00,03,00,04,00,ef,be,31,35,cc,80,79,37,f8,68,14,00,00,00,57,00,69,00,\
"75"=hex:36,00,31,00,00,00,00,00,79,31,81,1b,10,00,78,65,72,6f,78,00,22,00,03,
00,04,00,ef,be,79,31,81,1b,79,37,76,6f,14,00,00,00,78,00,65,00,72,00,6f,00,\
"76"=hex:4a,00,31,00,00,00,00,00,76,37,29,63,10,00,46,49,52,41,58,49,7e,31,00,
00,32,00,03,00,04,00,ef,be,76,37,29,63,79,37,10,6e,14,00,00,00,46,00,69,00,\
"77"=hex:46,00,31,00,00,00,00,00,2a,35,ae,3c,10,00,43,4f,44,45,4d,41,7e,31,00,
00,2e,00,03,00,04,00,ef,be,2a,35,ae,3c,79,37,75,6f,14,00,00,00,43,00,6f,00,\
"78"=hex:5a,00,31,00,00,00,00,00,4b,37,c3,6b,10,00,41,50,50,4c,45,53,7e,31,00,
00,42,00,03,00,04,00,ef,be,6c,36,1c,64,79,37,75,6f,14,00,00,00,41,00,70,00,\
"79"=hex:52,00,31,00,00,00,00,00,f7,34,60,9e,10,00,41,4e,54,49,56,49,7e,31,00,
00,3a,00,03,00,04,00,ef,be,e7,34,09,95,7a,37,bb,79,14,00,00,00,41,00,6e,00,\
"80"=hex:34,00,31,00,00,00,00,00,79,37,27,03,10,00,41,78,42,78,00,00,20,00,03,
00,04,00,ef,be,79,37,27,03,7a,37,1b,79,14,00,00,00,41,00,78,00,42,00,78,00,\
"81"=hex:48,00,31,00,00,00,00,00,5b,38,52,75,10,00,57,49,31,46,38,36,7e,31,00,
00,30,00,03,00,04,00,ef,be,82,37,89,ab,c1,38,6c,60,14,00,00,00,57,00,69,00,\

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0[/u]\1\10]
@DACL=(02 0000)
"NodeSlot"=dword:0000006a
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:34,00,31,00,00,00,00,00,21,32,fb,a8,10,00,69,33,38,36,00,00,20,00,03,
00,04,00,ef,be,21,32,fb,a8,2c,38,39,5b,14,00,00,00,69,00,33,00,38,00,36,00,\

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0[/u]\1\11]
@DACL=(02 0000)
"NodeSlot"=dword:0000006d
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0[/u]\1\12]
@DACL=(02 0000)
"NodeSlot"=dword:0000018b
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0[/u]\1\13]
@DACL=(02 0000)
"NodeSlot"=dword:000001a4
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0[/u]\1\14]
@DACL=(02 0000)
"NodeSlot"=dword:000001a5
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0[/u]\1\15]
@DACL=(02 0000)
"0"=hex:40,00,31,00,00,00,00,00,00,00,00,00,10,00,48,50,5f,50,52,4f,7e,31,00,
00,28,00,03,00,04,00,ef,be,00,00,00,00,00,00,00,00,14,00,00,00,48,00,50,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0[/u]\1\16]
@DACL=(02 0000)
"0"=hex:36,00,31,00,00,00,00,00,e8,38,c2,b2,10,00,61,64,6f,62,65,00,22,00,03,
00,04,00,ef,be,e8,38,c2,b2,e8,38,c2,b2,14,00,00,00,61,00,64,00,6f,00,62,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0[/u]\1\17]
@DACL=(02 0000)
"NodeSlot"=dword:0000048b
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0[/u]\1\2]
@DACL=(02 0000)
"0"=hex:54,00,32,00,a5,8a,7d,0b,59,2e,ba,45,20,00,52,41,59,4d,41,4e,7e,31,2e,
5a,49,50,00,00,38,00,03,00,04,00,ef,be,59,2e,ba,45,59,2e,ba,45,14,00,00,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"NodeSlot"=dword:0000000e

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0[/u]\1\3]
@DACL=(02 0000)
"NodeSlot"=dword:00000016
"MRUListEx"=hex:00,00,00,00,01,00,00,00,08,00,00,00,05,00,00,00,06,00,00,00,07,
00,00,00,03,00,00,00,04,00,00,00,02,00,00,00,ff,ff,ff,ff
"0"=hex:3a,00,31,00,00,00,00,00,78,31,b8,0c,10,00,43,6f,6e,66,69,67,00,00,24,
00,03,00,04,00,ef,be,78,31,b8,0c,1b,33,a0,89,14,00,00,00,43,00,6f,00,6e,00,\
"1"=hex:c1,00,31,00,00,00,00,00,1b,33,ac,8c,10,00,55,62,69,73,6f,66,74,00,26,
00,03,00,04,00,ef,be,1b,33,ac,8c,56,33,ea,ab,14,00,00,00,55,00,62,00,69,00,\
"2"=hex:3c,00,31,00,00,00,00,00,4f,33,45,75,10,00,43,52,45,41,54,4f,52,00,26,
00,03,00,04,00,ef,be,21,32,e3,a4,85,33,33,66,14,00,00,00,43,00,52,00,45,00,\
"3"=hex:70,00,31,00,00,00,00,00,00,00,00,00,10,00,44,6f,77,6e,6c,6f,61,64,65,
64,20,50,72,6f,67,72,61,6d,20,46,69,6c,65,73,00,00,48,00,03,00,04,00,ef,be,\
"4"=hex:36,00,31,00,00,00,00,00,21,32,8a,a4,10,00,43,61,63,68,65,00,22,00,03,
00,04,00,ef,be,21,32,8a,a4,62,34,f3,50,14,00,00,00,43,00,61,00,63,00,68,00,\
"5"=hex:40,00,31,00,00,00,00,00,92,34,2e,6c,10,00,73,79,73,74,65,6d,33,32,00,
00,28,00,03,00,04,00,ef,be,79,31,58,22,92,34,8b,9a,14,00,00,00,73,00,79,00,\
"6"=hex:3a,00,31,00,00,00,00,00,41,33,25,8a,10,00,73,79,73,74,65,6d,00,00,24,
00,03,00,04,00,ef,be,79,31,32,1f,6c,36,cb,6b,14,00,00,00,73,00,79,00,73,00,\
"7"=hex:3a,00,31,00,00,00,00,00,88,37,57,9b,10,00,57,69,6e,53,78,53,00,00,24,
00,03,00,04,00,ef,be,79,31,69,22,21,38,42,9d,14,00,00,00,57,00,69,00,6e,00,\
"8"=hex:40,00,31,00,00,00,00,00,2c,38,b0,5a,10,20,50,72,65,66,65,74,63,68,00,
00,28,00,03,00,04,00,ef,be,1a,33,e6,ae,2c,38,15,5c,14,00,00,00,50,00,72,00,\

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0[/u]\1\4]
@DACL=(02 0000)
"NodeSlot"=dword:00000164
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0[/u]\1\5]
@DACL=(02 0000)
"NodeSlot"=dword:00000165
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0[/u]\1\6]
@DACL=(02 0000)
"NodeSlot"=dword:00000166
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0[/u]\1\7]
@DACL=(02 0000)
"NodeSlot"=dword:00000013
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:40,00,31,00,00,00,00,00,41,33,1d,8a,10,00,6a,65,75,78,2d,63,6c,73,00,
00,28,00,03,00,04,00,ef,be,41,33,05,8a,62,34,18,4f,14,00,00,00,6a,00,65,00,\

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0[/u]\1\8]
@DACL=(02 0000)
"0"=hex:3c,00,31,00,00,00,00,00,1a,33,2b,af,10,00,64,72,69,76,65,72,73,00,26,
00,03,00,04,00,ef,be,21,32,88,a1,92,34,4f,a0,14,00,00,00,64,00,72,00,69,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0[/u]\1\9]
@DACL=(02 0000)
"NodeSlot"=dword:00000069
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0[/u]\10]
@DACL=(02 0000)
"0"=hex:34,00,31,00,00,00,00,00,ae,32,e9,38,10,00,44,43,49,4d,00,00,20,00,03,
00,04,00,ef,be,ae,32,e9,38,56,35,00,b0,14,00,00,00,44,00,43,00,49,00,4d,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0[/u]\11]
@DACL=(02 0000)
"NodeSlot"=dword:000001cf
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0[/u]\12]
@DACL=(02 0000)
"NodeSlot"=dword:00000311
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0[/u]\2]
@DACL=(02 0000)
"NodeSlot"=dword:0000000c
"MRUListEx"=hex:00,00,00,00,02,00,00,00,01,00,00,00,07,00,00,00,06,00,00,00,04,
00,00,00,05,00,00,00,03,00,00,00,ff,ff,ff,ff
"0"=hex:44,00,31,00,00,00,00,00,21,32,23,a1,10,00,4d,41,4d,55,53,49,7e,31,00,
00,2c,00,03,00,04,00,ef,be,79,31,2a,1b,1b,33,9d,89,14,00,00,00,4d,00,61,00,\
"1"=hex:44,00,31,00,00,00,00,00,1c,33,6c,6b,10,00,4d,45,53,49,4d,41,7e,31,00,
00,2c,00,03,00,04,00,ef,be,79,31,2a,1b,1c,33,6c,6b,14,00,00,00,4d,00,65,00,\
"2"=hex:58,00,31,00,00,00,00,00,1b,33,78,4b,11,00,4d,45,53,56,49,44,7e,31,00,
00,40,00,03,00,04,00,ef,be,1b,33,78,4b,1c,33,33,7f,14,00,2a,00,4d,00,65,00,\
"3"=hex:4a,00,31,00,00,00,00,00,33,33,12,99,10,00,43,44,45,58,54,52,7e,31,00,
00,32,00,03,00,04,00,ef,be,33,33,08,99,33,33,12,99,14,00,00,00,63,00,64,00,\
"4"=hex:3a,00,31,00,00,00,00,00,33,33,59,9c,10,00,61,76,69,6f,6e,73,00,00,24,
00,03,00,04,00,ef,be,33,33,08,99,33,33,59,9c,14,00,00,00,61,00,76,00,69,00,\
"5"=hex:44,00,31,00,00,00,00,00,da,34,1d,a0,10,00,43,52,41,5a,59,53,7e,31,00,
00,2c,00,03,00,04,00,ef,be,da,34,13,a0,db,34,8b,46,14,00,00,00,43,00,72,00,\
"6"=hex:46,00,31,00,00,00,00,00,4d,36,6c,7a,10,00,46,4f,54,4f,41,4d,7e,31,00,
00,2e,00,03,00,04,00,ef,be,4c,36,91,a8,57,36,70,9f,14,00,00,00,66,00,6f,00,\
"7"=hex:46,00,31,00,00,00,00,00,4e,36,d9,ad,10,00,53,45,58,41,4d,41,7e,31,00,
00,2e,00,03,00,04,00,ef,be,4c,36,9c,a6,58,36,02,3f,14,00,00,00,73,00,65,00,\

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0[/u]\3]
@DACL=(02 0000)
"NodeSlot"=dword:00000015
"MRUListEx"=hex:13,00,00,00,0f,00,00,00,08,00,00,00,10,00,00,00,12,00,00,00,07,
00,00,00,00,00,00,00,02,00,00,00,04,00,00,00,11,00,00,00,0e,00,00,00,0d,00,\
"0"=hex:6e,00,31,00,00,00,00,00,23,33,10,ae,11,00,4d,41,4d,55,53,49,7e,31,00,
00,2c,00,03,00,04,00,ef,be,1a,33,4a,af,2a,33,17,3e,14,00,00,00,4d,00,61,00,\
"1"=hex:44,00,31,00,00,00,00,00,25,33,46,60,10,00,4d,45,53,41,4c,42,7e,31,00,
00,2c,00,03,00,04,00,ef,be,1b,33,7a,50,2e,33,02,51,14,00,00,00,4d,00,65,00,\
"2"=hex:3e,00,31,00,00,00,00,00,23,33,a0,55,14,00,4d,45,53,44,56,44,7e,31,00,
00,26,00,03,00,04,00,ef,be,23,33,a0,55,2d,33,7b,76,14,00,00,00,4d,00,65,00,\
"3"=hex:52,00,31,00,00,00,00,00,25,33,40,60,10,00,4d,45,53,4e,55,4d,7e,31,00,
00,3a,00,03,00,04,00,ef,be,25,33,40,60,2d,33,7b,76,14,00,00,00,4d,00,65,00,\
"4"=hex:6e,00,31,00,00,00,00,00,77,33,1d,56,11,00,4d,45,53,49,4d,41,7e,31,00,
00,2c,00,03,00,04,00,ef,be,1a,33,4a,af,78,33,56,74,14,00,00,00,4d,00,65,00,\
"5"=hex:40,00,31,00,00,00,00,00,91,33,a5,60,10,00,45,41,47,41,4d,45,7e,31,00,
00,28,00,03,00,04,00,ef,be,91,33,a5,60,2e,34,3c,44,14,00,00,00,45,00,41,00,\
"6"=hex:30,00,31,00,00,00,00,00,90,33,77,af,10,00,52,49,50,00,1e,00,03,00,04,
00,ef,be,74,33,07,a3,2e,34,3c,44,14,00,00,00,52,00,49,00,50,00,00,00,12,00,\
"7"=hex:40,00,31,00,00,00,00,00,52,34,8e,7c,10,00,4d,59,47,41,4d,45,7e,31,00,
00,28,00,03,00,04,00,ef,be,52,34,8e,7c,97,34,b0,72,14,00,00,00,4d,00,79,00,\
"8"=hex:4c,00,31,00,00,00,00,00,9a,34,69,7b,10,00,4d,41,52,43,7e,31,2e,4c,45,
2d,00,00,32,00,03,00,04,00,ef,be,7e,34,65,98,9b,34,72,ab,14,00,00,00,6d,00,\
"9"=hex:46,00,31,00,00,00,00,00,55,34,78,76,10,00,41,4c,42,55,4d,50,7e,31,00,
00,2e,00,03,00,04,00,ef,be,87,33,74,76,b1,34,5a,85,14,00,00,00,61,00,6c,00,\
"10"=hex:56,00,31,00,00,00,00,00,fd,34,f8,a6,10,00,56,41,43,41,4e,43,7e,31,00,
00,3e,00,03,00,04,00,ef,be,fd,34,02,a6,23,35,34,36,14,00,00,00,76,00,61,00,\
"11"=hex:62,00,31,00,00,00,00,00,e2,34,ee,88,10,00,53,4f,52,54,49,45,7e,31,00,
00,4a,00,03,00,04,00,ef,be,e2,34,98,88,23,35,34,36,14,00,00,00,73,00,6f,00,\
"12"=hex:44,00,31,00,00,00,00,00,7f,34,3a,97,10,00,32,41,4e,53,49,4d,7e,31,00,
00,2c,00,03,00,04,00,ef,be,7f,34,db,96,23,35,2d,36,14,00,00,00,32,00,20,00,\
"13"=hex:3a,00,31,00,00,00,00,00,64,35,b4,72,10,00,4c,45,4d,41,4e,7e,31,00,24,
00,03,00,04,00,ef,be,62,35,6e,49,64,35,d6,96,14,00,00,00,6c,00,65,00,20,00,\
"14"=hex:34,00,31,00,00,00,00,00,4e,36,6f,a9,10,00,66,69,6c,6d,00,00,20,00,03,
00,04,00,ef,be,4e,36,5b,a1,64,36,0d,84,14,00,00,00,66,00,69,00,6c,00,6d,00,\
"15"=hex:44,00,31,00,00,00,00,00,63,36,a7,86,11,00,4d,45,53,56,49,44,7e,31,00,
00,2c,00,03,00,04,00,ef,be,1a,33,4a,af,64,36,2d,80,14,00,00,00,4d,00,65,00,\
"16"=hex:4a,00,31,00,00,00,00,00,22,36,a8,84,10,00,4d,41,52,43,4c,45,7e,31,00,
00,32,00,03,00,04,00,ef,be,3d,35,d3,75,6c,36,e4,49,14,00,00,00,4d,00,61,00,\
"17"=hex:44,00,31,00,00,00,00,00,71,36,35,87,10,00,44,57,44,4f,53,53,7e,31,00,
00,2c,00,03,00,04,00,ef,be,67,36,05,7d,73,36,39,7b,14,00,00,00,64,00,77,00,\
"18"=hex:42,00,31,00,00,00,00,00,2f,37,e6,a8,10,00,4d,59,41,4c,42,55,7e,31,00,
00,2a,00,03,00,04,00,ef,be,62,35,ea,4a,30,37,16,56,14,00,00,00,4d,00,79,00,\
"19"=hex:5e,00,31,00,00,00,00,00,25,37,b4,a3,10,00,41,4d,45,54,52,45,7e,31,00,
00,46,00,03,00,04,00,ef,be,3c,35,0f,82,01,39,b3,7d,14,00,00,00,61,00,20,00,\

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0[/u]\4]
@DACL=(02 0000)
"0"=hex:96,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,84,00,31,00,00,00,00,
00,1c,33,8e,4c,10,00,41,4c,42,55,4d,49,7e,31,00,00,5e,00,03,00,04,00,ef,be,\
"MRUListEx"=hex:06,00,00,00,08,00,00,00,07,00,00,00,05,00,00,00,03,00,00,00,04,
00,00,00,01,00,00,00,02,00,00,00,00,00,00,00,ff,ff,ff,ff
"1"=hex:5a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,48,00,31,00,00,00,00,
00,1c,33,1b,57,10,00,52,65,6e,61,75,64,00,00,24,00,03,00,04,00,ef,be,1c,33,\
"2"=hex:80,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,6e,00,31,00,00,00,00,
00,1c,33,1c,57,10,00,31,39,37,35,7e,31,2e,41,4d,4f,00,00,46,00,03,00,04,00,\
"3"=hex:50,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,3e,00,31,00,00,00,00,
00,2b,33,68,4f,10,00,4a,5f,5f,00,1e,00,03,00,04,00,ef,be,2b,33,66,4f,2b,33,\
"4"=hex:b4,00,00,00,41,75,67,4d,02,00,00,00,02,00,00,00,50,00,31,00,00,00,00,
00,5b,31,a3,6d,11,00,4a,45,55,58,5f,53,7e,41,00,00,2a,00,03,00,04,00,ef,be,\
"5"=hex:a4,00,00,00,41,75,67,4d,02,00,00,00,02,00,00,00,48,00,31,00,00,00,00,
00,86,34,0b,77,11,00,69,6d,61,67,65,73,00,00,24,00,03,00,04,00,ef,be,86,34,\
"6"=hex:b4,00,00,00,41,75,67,4d,02,00,00,00,02,00,00,00,50,00,31,00,00,00,00,
00,46,34,03,8e,11,00,46,4f,4e,44,45,43,7e,39,00,00,2a,00,03,00,04,00,ef,be,\
"7"=hex:40,01,00,00,41,75,67,4d,02,00,00,00,02,00,00,00,88,00,31,00,00,00,00,
00,08,37,c2,a1,11,00,43,4f,50,49,45,44,7e,32,00,00,62,00,03,00,04,00,ef,be,\
"8"=hex:9c,00,00,00,41,75,67,4d,02,00,00,00,02,00,00,00,44,00,31,00,00,00,00,
00,8d,34,d5,7c,11,00,50,4f,50,55,50,00,22,00,03,00,04,00,ef,be,8d,34,d5,7c,\

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0[/u]\5]
@DACL=(02 0000)
"0"=hex:52,00,32,00,56,bb,fe,7f,61,33,6c,b5,01,00,30,43,4f,4d,23,33,47,35,2e,
5a,49,50,00,00,36,00,03,00,04,00,ef,be,61,33,6c,b5,61,33,6c,b5,14,00,00,00,\
"MRUListEx"=hex:01,00,00,00,00,00,00,00,ff,ff,ff,ff
"1"=hex:52,00,32,00,ed,e9,0e,00,61,33,57,b6,01,00,31,43,4f,4d,23,5a,35,45,2e,
5a,49,50,00,00,36,00,03,00,04,00,ef,be,61,33,57,b6,61,33,57,b6,14,00,00,00,\

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0[/u]\6]
@DACL=(02 0000)
"NodeSlot"=dword:00000120
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:34,00,31,00,00,00,00,00,08,33,26,88,10,00,44,43,49,4d,00,00,20,00,03,
00,04,00,ef,be,08,33,26,88,07,33,00,b8,14,00,00,00,44,00,43,00,49,00,4d,00,\

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0[/u]\7]
@DACL=(02 0000)
"NodeSlot"=dword:00000186
"MRUListEx"=hex:01,00,00,00,00,00,00,00,ff,ff,ff,ff
"0"=hex:72,00,32,00,f3,83,e2,0b,c4,36,2b,a5,20,00,5f,50,43,47,41,4d,7e,31,2e,
5a,49,50,00,00,56,00,03,00,04,00,ef,be,c4,36,f5,9d,c3,36,00,b0,14,00,00,00,\
"1"=hex:62,00,32,00,05,58,00,00,97,37,17,96,20,00,4c,45,50,52,49,4f,7e,31,2e,
5a,49,50,00,00,46,00,03,00,04,00,ef,be,97,37,17,96,96,37,00,b8,14,00,00,00,\

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0[/u]\8]
@DACL=(02 0000)
"NodeSlot"=dword:00000132
"MRUListEx"=hex:ff,ff,ff,ff

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0[/u]\9]
@DACL=(02 0000)
"NodeSlot"=dword:00000144
"MRUListEx"=hex:00,00,00,00,01,00,00,00,02,00,00,00,ff,ff,ff,ff
"0"=hex:5e,00,31,00,00,00,00,00,37,35,b9,61,10,00,50,49,54,54,2d,42,7e,31,2e,
46,52,00,44,00,03,00,04,00,ef,be,37,35,b9,61,3c,35,fc,82,14,00,00,00,70,00,\
"1"=hex:62,00,31,00,00,00,00,00,2c,35,2f,90,10,00,46,4c,4f,52,49,41,7e,31,2e,
46,52,00,48,00,03,00,04,00,ef,be,2c,35,2f,90,3c,35,fc,82,14,00,00,00,66,00,\
"2"=hex:5e,00,31,00,00,00,00,00,57,35,fd,80,10,00,45,4d,49,4c,49,45,7e,31,2e,
46,52,00,44,00,03,00,04,00,ef,be,57,35,fd,80,57,35,fd,80,14,00,00,00,65,00,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-02-03 9:53:42
ComboFix-quarantined-files.txt 2009-02-03 08:53:26
ComboFix2.txt 2009-01-23 18:56:31
ComboFix3.txt 2009-01-16 19:53:04
ComboFix4.txt 2009-01-16 12:48:26
ComboFix5.txt 2009-02-03 08:45:24

Avant-CF: 25 255 845 888 octets libres
Après-CF: 25,424,539,648 octets libres

889 --- E O F --- 2009-01-15 02:14:46

Réponse 5 / 14

Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537

Re,

Copie ou imprime les instructions avant

Déconnecte toi d'internet et ferme toutes tes applications.

Désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

Folder::
c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

Reglock::
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP]
[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Internet Explorer\Toolbar]
[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\OpenWithProgids]
[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\OpenWithProgids]
[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\OpenWithProgids]
[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\OpenWithProgids]
[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\OpenWithProgids]
[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithProgids]
[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\OpenWithProgids]
[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\OpenWithProgids]
[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\OpenWithProgids]
[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\OpenWithProgids]
[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams]
[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\Shell\Bags\1]
[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0]

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe

Clique sur le fichier CFscript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFscrïpt vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Réactive ton parefeu, ton antivirus, la garde de ton antispyware

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Attention : cette manip a été fait pour cet ordi. Tout réutilisation peut endommager sévèrement le système d'exploitation.

titeuf1234 Messages postés 282 Statut Membre 7

ok merci je v le fair mais sa ma lair un peu compliquer tout sa

Réponse 6 / 14

Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537

Re,

pas vraiment, tu suis bien les consignes.

titeuf1234 Messages postés 282 Statut Membre 7

voici les deux raports tu a reson les manipe son simple ;
mais il y a une nouvelle barre qui vien de se metre sur internet exploreur pourquoi ?

ComboFix 09-02-02.04 - HP_Propriétaire 2009-02-04 22:43:15.16 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1535.1022 [GMT 1:00]
Lancé depuis: c:\documents and settings\HP_Propriétaire\Mes documents\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\HP_Propriétaire\Bureau\CFscript.txt
AV: avast! antivirus 4.8.1296 [VPS 090203-1] *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DIFxAPI.dll
c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DifXInstall32.exe
c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\GEARAspiWDM.inf
c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\gearaspiwdmx86.cat
c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86\GEARAspi.dll
c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86\GEARAspiWDM.sys
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Il y a peut-être des sites infectés -----

hxxp://voicebunch.com
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-04 au 2009-02-04 ))))))))))))))))))))))))))))))))))))
.

2009-02-04 13:44 . 2009-02-04 13:44 <REP> d-------- c:\windows\Google Earth Pro 4.2
2009-02-04 13:43 . 2009-02-04 13:43 503 --a------ C:\image199.exe
2009-02-02 23:08 . 2009-02-02 23:08 <REP> d-------- c:\windows\system32\IOSUBSYS
2009-01-25 11:30 . 2005-08-26 06:00 140,288 --a------ c:\windows\system32\CNMLM79.DLL
2009-01-25 11:30 . 2005-08-26 06:00 8,704 --a------ c:\windows\system32\CNMVS79.DLL
2009-01-23 19:03 . 2009-01-23 19:04 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Nero
2009-01-23 18:36 . 2009-01-23 18:36 4,767 --a------ c:\windows\Irremote.ini
2009-01-23 18:32 . 2009-01-23 18:32 <REP> d-------- c:\program files\Windows Sidebar
2009-01-23 18:12 . 2009-01-23 19:01 <REP> d-------- c:\program files\Fichiers communs\Nero
2009-01-23 18:12 . 2009-01-23 18:24 <REP> d-------- c:\documents and settings\All Users\Application Data\Nero
2009-01-22 23:22 . 2009-02-02 15:14 <REP> d-------- c:\documents and settings\HP_Propriétaire\Shared
2009-01-22 23:22 . 2009-02-02 15:14 <REP> d-------- c:\documents and settings\HP_Propriétaire\Shared
2009-01-22 23:22 . 2009-02-02 15:37 <REP> d-------- c:\documents and settings\HP_Propriétaire\Incomplete
2009-01-22 23:22 . 2009-02-02 15:37 <REP> d-------- c:\documents and settings\HP_Propriétaire\Incomplete
2009-01-22 23:20 . 2009-02-04 18:06 <REP> d-------- c:\program files\P2P_Energy
2009-01-22 23:20 . 2009-01-22 23:21 <REP> d-------- c:\program files\LimeWireTurbo
2009-01-22 23:20 . 2009-01-22 23:20 <REP> d-------- c:\program files\Conduit
2009-01-22 23:20 . 2009-02-02 13:59 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\LimeWireTurbo
2009-01-17 12:58 . 2009-01-17 12:58 0 --a------ c:\windows\nsreg.dat
2009-01-17 12:56 . 2009-01-18 18:20 <REP> d-------- c:\documents and settings\HP_Propriétaire\dwhelper
2009-01-17 12:56 . 2009-01-18 18:20 <REP> d-------- c:\documents and settings\HP_Propriétaire\dwhelper
2009-01-11 19:45 . 2009-01-11 21:25 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Orbit
2009-01-11 19:17 . 2009-01-11 19:18 <REP> d-------- c:\program files\iTunes
2009-01-11 19:17 . 2009-01-11 19:17 <REP> d-------- c:\program files\iPod
2009-01-11 19:16 . 2009-01-11 19:16 <REP> d-------- c:\program files\Bonjour
2009-01-11 01:39 . 2009-01-11 21:21 <REP> d-------- C:\downloads
2009-01-11 01:39 . 2009-01-11 01:41 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\FMZilla
2009-01-11 01:27 . 2009-01-11 21:45 <REP> d-------- c:\program files\Free Music Zilla
2009-01-05 23:33 . 2009-01-05 23:33 3,751,995 --a------ c:\windows\system32\GPhotos.scr
2009-01-05 12:14 . 2009-01-05 12:14 <REP> d-------- C:\Sandbox

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-04 20:50 --------- d-----w c:\program files\eMule
2009-02-04 17:26 --------- d-----w c:\program files\Trend Micro
2009-02-04 13:36 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-04 12:51 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\LimeWire
2009-02-04 12:31 --------- d-----w c:\program files\Google
2009-02-04 09:24 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\OpenOffice.org2
2009-01-23 17:35 --------- d-----w c:\program files\Nero
2009-01-18 19:21 5,802 ----a-w c:\documents and settings\HP_Propriétaire\Application Data\wklnhst.dat
2009-01-18 13:46 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-18 13:46 --------- d-----w c:\program files\Ubisoft
2009-01-15 20:16 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-14 15:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 15:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-12 06:43 --------- d-----w c:\program files\Apple Software Update
2009-01-11 18:17 --------- d-----w c:\program files\Fichiers communs\Apple
2009-01-11 18:15 --------- d-----w c:\program files\QuickTime
2009-01-11 18:15 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\Apple Computer
2009-01-11 16:46 --------- d-----w c:\program files\ma-config.com
2009-01-11 16:46 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
2008-12-21 11:04 202,040 ----a-w c:\windows\system32\PnkBstrB.exe
2008-12-21 11:04 137,688 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-17 14:25 --------- d-----w c:\program files\Windows Live Toolbar
2008-12-17 14:25 --------- d-----w c:\program files\Windows Live
2008-12-17 14:24 --------- d-----w c:\program files\Microsoft Sync Framework
2008-12-17 14:22 --------- d-----w c:\program files\Microsoft
2008-12-17 14:21 --------- d-----w c:\program files\Windows Live SkyDrive
2008-12-17 14:12 --------- d-----w c:\program files\Fichiers communs\Windows Live
2008-12-16 14:18 --------- d-----w c:\program files\Java
2008-12-13 06:37 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-12-04 23:11 308,584 ----a-w c:\windows\WLXPGSS.SCR
2008-12-04 20:05 --------- d-----w c:\program files\Fichiers communs\Borland Shared
2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
2008-11-10 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-06-03 17:55 22,328 ----a-w c:\documents and settings\HP_Propriétaire\Application Data\PnkBstrK.sys
2006-08-07 08:25 278,528 ----a-w c:\program files\Fichiers communs\FDEUnInstaller.exe
2004-07-22 09:51 3,432,656 ----a-w c:\program files\ManagedDX.CAB
2004-07-19 21:58 1,156,363 ----a-w c:\program files\BDANT.cab
2004-07-19 21:53 976,020 ----a-w c:\program files\BDAXP.cab
2004-07-09 13:17 13,265,040 ----a-w c:\program files\dxnt.cab
2004-07-09 08:13 703,080 -c--a-w c:\program files\BDA.cab
2004-07-09 08:13 15,493,481 ----a-w c:\program files\DirectX.cab
2004-07-09 03:08 472,576 ----a-w c:\program files\dxsetup.exe
2004-07-09 03:08 2,242,560 ----a-w c:\program files\dsetup32.dll
2004-07-09 02:03 62,976 ----a-w c:\program files\DSETUP.dll
2008-10-12 09:14 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008101220081013\index.dat
.

((((((((((((((((((((((((((((( snapshot_2009-01-23_19.55.01.92 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-04 12:44:20 451,072 ----a-w c:\windows\Google Earth Pro 4.2\uninstall.exe
- 2008-08-10 18:26:39 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ARPPRODUCTICON.exe
+ 2009-02-04 12:34:38 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ARPPRODUCTICON.exe
- 2008-08-10 18:26:39 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2009-02-04 12:34:38 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
- 2008-08-10 18:26:39 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2009-02-04 12:34:38 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
- 2008-08-10 18:26:39 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2009-02-04 12:34:38 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
- 2008-08-10 18:26:39 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2009-02-04 12:34:38 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
- 2008-08-10 18:26:39 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe
+ 2009-02-04 12:34:38 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe
+ 2009-02-04 12:31:38 10,134 ----a-r c:\windows\Installer\{F43C7DE1-CB20-11DD-8D77-005056806466}\ARPPRODUCTICON.exe
+ 2009-02-04 12:31:38 26,694 ----a-r c:\windows\Installer\{F43C7DE1-CB20-11DD-8D77-005056806466}\UNINST_Uninstall_G_BCEEAF790189405A8B93BFE1E41FCD64.exe
+ 2008-11-26 17:21:30 1,236,208 ----a-w c:\windows\system32\aswBoot.exe
+ 2008-11-26 17:15:10 97,480 ----a-w c:\windows\system32\AvastSS.scr
+ 2008-11-26 17:15:35 26,944 ----a-w c:\windows\system32\drivers\aavmker4.sys
+ 2008-11-26 17:17:25 20,560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys
+ 2008-11-26 17:18:25 93,296 ----a-w c:\windows\system32\drivers\aswmon.sys
+ 2008-11-26 17:18:18 94,032 ----a-w c:\windows\system32\drivers\aswmon2.sys
+ 2008-11-26 17:16:29 23,152 ----a-w c:\windows\system32\drivers\aswRdr.sys
+ 2008-11-26 17:17:36 111,184 ----a-w c:\windows\system32\drivers\aswSP.sys
+ 2008-11-26 17:16:38 50,864 ----a-w c:\windows\system32\drivers\aswTdi.sys
- 2008-02-23 02:38:33 43,872 ----a-w c:\windows\system32\drivers\pxhelp20.sys
+ 2008-07-31 22:17:04 43,872 ----a-w c:\windows\system32\drivers\pxhelp20.sys
+ 2005-08-26 05:00:00 20,992 ----a-w c:\windows\system32\spool\PRTPROCS\W32X86\CNMPD79.DLL
+ 2005-08-26 05:00:00 59,392 ----a-w c:\windows\system32\spool\PRTPROCS\W32X86\CNMPP79.DLL
+ 2009-02-04 09:22:04 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_284.dat
+ 2009-02-04 09:21:52 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5e4.dat
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P_.dll" [2008-11-23 1784856]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
2008-11-23 23:03 1784856 --a------ c:\program files\P2P_Energy\tbP2P_.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P_.dll" [2008-11-23 1784856]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-26 68856]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 61440]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-13 339968]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-02-16 185632]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-02 13570048]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-02 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-01-14 399504]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 c:\windows\system32\Hdaudpropshortcut.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
"nwiz"="nwiz.exe" [2008-08-02 c:\windows\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 c:\windows\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 c:\windows\ALCWZRD.EXE]

c:\documents and settings\HP_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 258048]
Hyperappel de l'Encyclop‚die Universelle Larousse.lnk - c:\program files\Larousse\Encyclop‚die Universelle Larousse\Bin\hyperappel.exe [2007-04-01 53248]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.l3codec"= l3codecp.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

titeuf1234 Messages postés 282 Statut Membre 7

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-23 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-23 20560]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2008-08-10 170640]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-08-10 15504]
S2 gupdate1c986c45dccd7ec;Google Update Service (gupdate1c986c45dccd7ec);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 133104]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-12-19 195752]
S3 ZSMC0305;VIMICRO USB PC Camera V;c:\windows\system32\drivers\usbVM305.sys [2007-10-12 392316]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - GUPDATE1C986C45DCCD7EC
.
Contenu du dossier 'Tâches planifiées'

2009-01-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-02-04 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 13:30]
.
.
------- Examen supplémentaire -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://orange.fr/
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop
mWindow Title =
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/go/mypcchoice
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Rechercher avec Voila - file://c:\program files\WANADOO_TOOLBAR\Cache\SelectedContextSearch.htm
DPF: {48DF87EE-F2DE-11D8-BE7F-302050C10815} - hxxp://www.flygimp.com/loadergimp_fr.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
DPF: {76A2A0AB-38B7-46DB-8E47-F10CDE4D7920} - hxxp://sallevirtuelle.cotesdarmor.fr/ecwplugins/NCS.cab
DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_1_0_4.cab
FF - ProfilePath - c:\documents and settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\1s3l3iqb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://search.orbitdownloader.com
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-04 22:47:55
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0/u\1\[u]0/u]
@DACL=(02 0000)
@SACL=
"NodeSlot"=dword:0000000a
"MRUListEx"=hex:01,00,00,00,00,00,00,00,02,00,00,00,03,00,00,00,ff,ff,ff,ff
"0"=hex:42,00,31,00,00,00,00,00,79,31,30,1b,10,00,41,4c,4c,55,53,45,7e,31,00,
00,2a,00,03,00,04,00,ef,be,79,31,30,1b,1b,33,34,4b,14,00,00,00,41,00,6c,00,\
"1"=hex:4e,00,31,00,00,00,00,00,1a,33,66,af,10,00,48,50,5f,50,52,4f,7e,31,00,
00,36,00,03,00,04,00,ef,be,1a,33,49,af,1b,33,71,89,14,00,00,00,48,00,50,00,\
"2"=hex:48,00,31,00,00,00,00,00,1a,33,12,af,10,00,44,45,46,41,55,4c,7e,31,00,
00,30,00,03,00,04,00,ef,be,79,31,38,1b,1c,33,7b,6d,14,00,00,00,44,00,65,00,\
"3"=hex:4e,00,31,00,00,00,00,00,f7,34,10,ac,14,00,48,50,5f,50,52,4f,7e,32,00,
00,36,00,03,00,04,00,ef,be,f7,34,10,ac,22,36,d3,6a,14,00,00,00,48,00,50,00,\

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0/u\1\[u]0/u\[u]0/u]
@DACL=(02 0000)
"0"=hex:52,00,35,00,00,00,00,00,21,32,d8,a3,10,00,4d,00,65,00,6e,00,75,00,20,
00,44,00,e9,00,6d,00,61,00,32,00,03,00,04,00,ef,be,79,31,30,1b,1b,33,34,4b,\
"MRUListEx"=hex:00,00,00,00,01,00,00,00,02,00,00,00,05,00,00,00,04,00,00,00,03,
00,00,00,ff,ff,ff,ff
"1"=hex:42,00,31,00,00,00,00,00,1b,33,78,4b,10,00,44,4f,43,55,4d,45,7e,31,00,
00,2a,00,03,00,04,00,ef,be,79,31,2a,1b,24,33,34,44,14,00,00,00,44,00,6f,00,\
"NodeSlot"=dword:000000ab
"2"=hex:50,00,31,00,00,00,00,00,85,33,2e,67,10,00,41,50,50,4c,49,43,7e,31,00,
00,38,00,03,00,04,00,ef,be,79,31,23,1b,2b,34,04,7c,14,00,00,00,41,00,70,00,\
"3"=hex:3a,00,31,00,00,00,00,00,91,33,3d,74,10,00,42,75,72,65,61,75,00,00,24,
00,03,00,04,00,ef,be,78,31,ae,0c,2b,34,10,7c,14,00,00,00,42,00,75,00,72,00,\
"4"=hex:3c,00,31,00,00,00,00,00,78,31,ae,0c,10,00,46,61,76,6f,72,69,73,00,26,
00,03,00,04,00,ef,be,78,31,ae,0c,2b,34,86,7d,14,00,00,00,46,00,61,00,76,00,\
"5"=hex:46,00,35,00,00,00,00,00,78,31,af,0c,10,00,4d,00,6f,00,64,00,e8,00,6c,
00,65,00,73,00,00,00,61,00,26,00,03,00,04,00,ef,be,78,31,af,0c,22,36,d3,6a,\

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0/u\1\[u]0/u\1]
@DACL=(02 0000)
"0"=hex:3a,00,31,00,00,00,00,00,1b,33,6a,8c,10,00,42,75,72,65,61,75,00,00,24,
00,03,00,04,00,ef,be,1a,33,4a,af,1b,33,6a,8c,14,00,00,00,42,00,75,00,72,00,\
"MRUListEx"=hex:02,00,00,00,00,00,00,00,07,00,00,00,05,00,00,00,01,00,00,00,06,
00,00,00,04,00,00,00,0a,00,00,00,0f,00,00,00,0d,00,00,00,0c,00,00,00,08,00,\
"NodeSlot"=dword:00000018
"1"=hex:4a,00,31,00,00,00,00,00,1b,33,65,8e,10,00,4d,45,4e,55,44,4d,7e,31,00,
00,32,00,03,00,04,00,ef,be,1a,33,4a,af,1c,33,06,7f,14,00,00,00,4d,00,65,00,\
"2"=hex:74,00,31,00,00,00,00,00,1c,33,5c,6d,11,00,4d,45,53,44,4f,43,7e,31,00,
00,32,00,03,00,04,00,ef,be,1a,33,4a,af,1c,33,06,7f,14,00,00,00,4d,00,65,00,\
"3"=hex:3c,00,31,00,00,00,00,00,79,31,41,1b,14,00,43,6f,6f,6b,69,65,73,00,26,
00,03,00,04,00,ef,be,1a,33,4a,af,1c,33,06,7f,14,00,00,00,43,00,6f,00,6f,00,\
"4"=hex:50,00,31,00,00,00,00,00,1c,33,5c,6d,10,00,41,50,50,4c,49,43,7e,31,00,
00,38,00,03,00,04,00,ef,be,1a,33,4a,af,1c,33,06,7f,14,00,00,00,41,00,70,00,\
"5"=hex:52,00,31,00,00,00,00,00,00,00,00,00,10,00,4c,6f,63,61,6c,20,53,65,74,
74,69,6e,67,73,00,00,34,00,03,00,04,00,ef,be,00,00,00,00,00,00,00,00,14,00,\
"6"=hex:4e,00,31,00,00,00,00,00,70,34,e1,ac,13,00,52,65,63,65,6e,74,00,00,38,
00,03,00,04,00,ef,be,1a,33,66,af,70,34,e1,ac,14,00,22,00,52,00,65,00,63,00,\
"7"=hex:50,00,31,00,00,00,00,00,7e,34,70,97,11,00,46,61,76,6f,72,69,73,00,3a,
00,03,00,04,00,ef,be,1a,33,4a,af,2e,35,44,4e,14,00,24,00,46,00,61,00,76,00,\
"8"=hex:3a,00,31,00,00,00,00,00,79,31,4a,1b,10,00,53,65,6e,64,54,6f,00,00,24,
00,03,00,04,00,ef,be,1a,33,4a,af,2e,35,d6,45,14,00,00,00,53,00,65,00,6e,00,\
"9"=hex:40,00,31,00,00,00,00,00,25,33,10,5e,14,00,55,73,65,72,44,61,74,61,00,
00,28,00,03,00,04,00,ef,be,25,33,10,5e,2d,35,37,8a,14,00,00,00,55,00,73,00,\
"10"=hex:3c,00,31,00,00,00,00,00,21,32,e2,a4,10,00,57,49,4e,44,4f,57,53,00,26,
00,03,00,04,00,ef,be,1a,33,4a,af,2d,35,37,8a,14,00,00,00,57,00,49,00,4e,00,\
"11"=hex:40,00,31,00,00,00,00,00,2b,35,da,98,10,00,43,6f,6e,74,61,63,74,73,00,
00,28,00,03,00,04,00,ef,be,2b,35,3b,93,7e,35,f8,8a,14,00,00,00,43,00,6f,00,\
"12"=hex:3a,00,31,00,00,00,00,00,45,36,09,b0,10,00,53,68,61,72,65,64,00,00,24,
00,03,00,04,00,ef,be,45,36,ae,81,45,36,09,b0,14,00,00,00,53,00,68,00,61,00,\
"13"=hex:42,00,31,00,00,00,00,00,45,36,89,b1,10,00,4c,49,4d,45,57,49,7e,31,00,
00,2a,00,03,00,04,00,ef,be,45,36,57,81,47,36,61,0d,14,00,00,00,2e,00,6c,00,\
"14"=hex:3e,00,31,00,00,00,00,00,41,32,f5,3d,10,00,4d,4f,44,4c,45,53,7e,31,00,
00,26,00,03,00,04,00,ef,be,1a,33,4a,af,57,36,6f,58,14,00,00,00,4d,00,6f,00,\
"15"=hex:44,00,31,00,00,00,00,00,91,36,cb,4b,10,00,49,4e,43,4f,4d,50,7e,31,00,
00,2c,00,03,00,04,00,ef,be,45,36,ae,81,91,36,41,65,14,00,00,00,49,00,6e,00,\

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0/u\1\[u]0/u\2]
@DACL=(02 0000)
"NodeSlot"=dword:0000003f
"MRUListEx"=hex:01,00,00,00,05,00,00,00,04,00,00,00,08,00,00,00,02,00,00,00,00,
00,00,00,07,00,00,00,06,00,00,00,03,00,00,00,ff,ff,ff,ff
"0"=hex:4a,00,31,00,00,00,00,00,21,32,c2,a8,10,00,4d,45,53,44,4f,43,7e,31,00,
00,32,00,03,00,04,00,ef,be,78,31,af,0c,53,33,bc,9e,14,00,00,00,4d,00,65,00,\
"1"=hex:50,00,31,00,00,00,00,00,21,32,2c,a7,10,00,41,50,50,4c,49,43,7e,31,00,
00,38,00,03,00,04,00,ef,be,79,31,31,1b,2b,34,86,7d,14,00,00,00,41,00,70,00,\
"2"=hex:3c,00,31,00,00,00,00,00,79,31,41,1b,14,00,43,6f,6f,6b,69,65,73,00,26,
00,03,00,04,00,ef,be,79,31,32,1b,2b,34,86,7d,14,00,00,00,43,00,6f,00,6f,00,\
"3"=hex:52,00,35,00,00,00,00,00,79,31,45,1b,10,00,4d,00,65,00,6e,00,75,00,20,
00,44,00,e9,00,6d,00,61,00,32,00,03,00,04,00,ef,be,79,31,35,1b,2b,34,86,7d,\
"4"=hex:3a,00,31,00,00,00,00,00,79,31,49,1b,10,00,52,65,63,65,6e,74,00,00,24,
00,03,00,04,00,ef,be,78,31,af,0c,2b,34,86,7d,14,00,00,00,52,00,65,00,63,00,\
"5"=hex:3c,00,31,00,00,00,00,00,21,32,e2,a4,10,00,57,49,4e,44,4f,57,53,00,26,
00,03,00,04,00,ef,be,1a,33,12,af,2b,34,86,7d,14,00,00,00,57,00,49,00,4e,00,\
"6"=hex:3a,00,31,00,00,00,00,00,79,31,4a,1b,10,00,53,65,6e,64,54,6f,00,00,24,
00,03,00,04,00,ef,be,79,31,38,1b,64,36,18,43,14,00,00,00,53,00,65,00,6e,00,\
"7"=hex:3a,00,31,00,00,00,00,00,21,32,46,a5,10,00,42,75,72,65,61,75,00,00,24,
00,03,00,04,00,ef,be,78,31,af,0c,6c,36,31,6b,14,00,00,00,42,00,75,00,72,00,\
"8"=hex:3c,00,31,00,00,00,00,00,1a,33,65,af,10,00,46,61,76,6f,72,69,73,00,26,
00,03,00,04,00,ef,be,79,31,32,1b,64,36,18,43,14,00,00,00,46,00,61,00,76,00,\

[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\[u]0/u\1\[u]0/u\3]
@DACL=(02 0000)
"NodeSlot"=dword:000001c1
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:4c,00,31,00,00,00,00,00,f7,34,10,ac,10,00,4c,4f,43,41,4c,53,7e,31,00,
00,34,00,03,00,04,00,ef,be,f7,34,10,ac,22,36,d4,6a,14,00,00,00,4c,00,6f,00,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-02-04 22:50:13
ComboFix-quarantined-files.txt 2009-02-04 21:49:49
ComboFix2.txt 2009-02-03 08:53:45
ComboFix3.txt 2009-01-23 18:56:31
ComboFix4.txt 2009-01-16 19:53:04
ComboFix5.txt 2009-02-04 21:42:27

Avant-CF: 23 611 994 112 octets libres
Après-CF: 23,751,729,152 octets libres

366 --- E O F --- 2009-01-15 02:14:46

titeuf1234 Messages postés 282 Statut Membre 7

voici pour hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:57:10, on 04/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Larousse\Encyclopédie Universelle Larousse\Bin\hyperappel.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Documents and Settings\HP_Propriétaire\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://store.hp.com/us/en?jumpid=re_r11662_redirect_ETR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P1.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P1.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P1.dll
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Hyperappel de l'Encyclopédie Universelle Larousse.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Rechercher avec Voila - file://C:\Program Files\WANADOO_TOOLBAR\Cache\SelectedContextSearch.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {48DF87EE-F2DE-11D8-BE7F-302050C10815} (FlyLoader Class) - http://www.flygimp.com/loadergimp_fr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {76A2A0AB-38B7-46DB-8E47-F10CDE4D7920} - http://sallevirtuelle.cotesdarmor.fr/ecwplugins/NCS.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://photoservice.photos.orange.fr/telechargement/ImageUploader4.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c986c45dccd7ec) (gupdate1c986c45dccd7ec) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

Réponse 7 / 14

Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537

Re,

encore du travail.

Copie ou imprime les instructions avant

Déconnecte toi d'internet et ferme toutes tes applications.

Désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

File::
C:\Program Files\WANADOO_TOOLBAR\Cache\SelectedContextSearch.htm

Reglock::
[HKEY_USERS\S-1-5-21-2778005749-3122727611-1472569804-1008\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\1\0]

Registry::
[- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Rechercher avec Voila]

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe

Clique sur le fichier CFscript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFscrïpt vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Réactive ton parefeu, ton antivirus, la garde de ton antispyware

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Attention : cette manip a été fait pour cet ordi. Tout réutilisation peut endommager sévèrement le système d'exploitation.

==================

Google earth, c'est toi qui l'a réinstallé où c'est la version qui a causé tes soucis ?

===================

Télécharge Toolbar-S&D (Team IDN) sur ton Bureau :

https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option "2" puis valide en appuyant sur "Entrée".
! Ne ferme pas la fenêtre lors de la suppression !
Un rapport sera généré, poste son contenu ici.

titeuf1234 Messages postés 282 Statut Membre 7

bonjour c'est la version de google earth qui a causé mes sousis
je join le raport fini de combo

ComboFix 09-02-04.04 - HP_Propriétaire 2009-02-05 10:40:58.17 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1535.1021 [GMT 1:00]
Lancé depuis: c:\documents and settings\HP_Propriétaire\Mes documents\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\HP_Propriétaire\Bureau\CFscript.txt
AV: avast! antivirus 4.8.1296 [VPS 090204-0] *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé

FILE ::
c:\program files\WANADOO_TOOLBAR\Cache\SelectedContextSearch.htm
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-01-05 au 2009-02-05 ))))))))))))))))))))))))))))))))))))
.

2009-02-04 13:44 . 2009-02-04 13:44 <REP> d-------- c:\windows\Google Earth Pro 4.2
2009-02-04 13:43 . 2009-02-04 13:43 503 --a------ C:\image199.exe
2009-02-02 23:08 . 2009-02-02 23:08 <REP> d-------- c:\windows\system32\IOSUBSYS
2009-01-25 11:30 . 2005-08-26 06:00 140,288 --a------ c:\windows\system32\CNMLM79.DLL
2009-01-25 11:30 . 2005-08-26 06:00 8,704 --a------ c:\windows\system32\CNMVS79.DLL
2009-01-23 19:03 . 2009-01-23 19:04 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Nero
2009-01-23 18:36 . 2009-01-23 18:36 4,767 --a------ c:\windows\Irremote.ini
2009-01-23 18:32 . 2009-01-23 18:32 <REP> d-------- c:\program files\Windows Sidebar
2009-01-23 18:12 . 2009-01-23 19:01 <REP> d-------- c:\program files\Fichiers communs\Nero
2009-01-23 18:12 . 2009-01-23 18:24 <REP> d-------- c:\documents and settings\All Users\Application Data\Nero
2009-01-22 23:22 . 2009-02-02 15:14 <REP> d-------- c:\documents and settings\HP_Propriétaire\Shared
2009-01-22 23:22 . 2009-02-02 15:14 <REP> d-------- c:\documents and settings\HP_Propriétaire\Shared
2009-01-22 23:22 . 2009-02-02 15:37 <REP> d-------- c:\documents and settings\HP_Propriétaire\Incomplete
2009-01-22 23:22 . 2009-02-02 15:37 <REP> d-------- c:\documents and settings\HP_Propriétaire\Incomplete
2009-01-22 23:20 . 2009-02-04 22:54 <REP> d-------- c:\program files\P2P_Energy
2009-01-22 23:20 . 2009-01-22 23:21 <REP> d-------- c:\program files\LimeWireTurbo
2009-01-22 23:20 . 2009-01-22 23:20 <REP> d-------- c:\program files\Conduit
2009-01-22 23:20 . 2009-02-02 13:59 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\LimeWireTurbo
2009-01-17 12:58 . 2009-01-17 12:58 0 --a------ c:\windows\nsreg.dat
2009-01-17 12:56 . 2009-01-18 18:20 <REP> d-------- c:\documents and settings\HP_Propriétaire\dwhelper
2009-01-17 12:56 . 2009-01-18 18:20 <REP> d-------- c:\documents and settings\HP_Propriétaire\dwhelper
2009-01-11 19:45 . 2009-01-11 21:25 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Orbit
2009-01-11 19:17 . 2009-01-11 19:18 <REP> d-------- c:\program files\iTunes
2009-01-11 19:17 . 2009-01-11 19:17 <REP> d-------- c:\program files\iPod
2009-01-11 19:16 . 2009-01-11 19:16 <REP> d-------- c:\program files\Bonjour
2009-01-11 01:39 . 2009-01-11 21:21 <REP> d-------- C:\downloads
2009-01-11 01:39 . 2009-01-11 01:41 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\FMZilla
2009-01-11 01:27 . 2009-01-11 21:45 <REP> d-------- c:\program files\Free Music Zilla
2009-01-05 23:33 . 2009-01-05 23:33 3,751,995 --a------ c:\windows\system32\GPhotos.scr
2009-01-05 12:14 . 2009-01-05 12:14 <REP> d-------- C:\Sandbox

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-05 09:29 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\OpenOffice.org2
2009-02-04 20:50 --------- d-----w c:\program files\eMule
2009-02-04 17:26 --------- d-----w c:\program files\Trend Micro
2009-02-04 13:36 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-04 12:51 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\LimeWire
2009-02-04 12:31 --------- d-----w c:\program files\Google
2009-01-23 17:35 --------- d-----w c:\program files\Nero
2009-01-18 19:21 5,802 ----a-w c:\documents and settings\HP_Propriétaire\Application Data\wklnhst.dat
2009-01-18 13:46 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-18 13:46 --------- d-----w c:\program files\Ubisoft
2009-01-15 20:16 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-14 15:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 15:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-12 06:43 --------- d-----w c:\program files\Apple Software Update
2009-01-11 18:17 --------- d-----w c:\program files\Fichiers communs\Apple
2009-01-11 18:15 --------- d-----w c:\program files\QuickTime
2009-01-11 18:15 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\Apple Computer
2009-01-11 16:46 --------- d-----w c:\program files\ma-config.com
2009-01-11 16:46 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
2008-12-21 11:04 202,040 ----a-w c:\windows\system32\PnkBstrB.exe
2008-12-21 11:04 137,688 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-17 14:25 --------- d-----w c:\program files\Windows Live Toolbar
2008-12-17 14:25 --------- d-----w c:\program files\Windows Live
2008-12-17 14:24 --------- d-----w c:\program files\Microsoft Sync Framework
2008-12-17 14:22 --------- d-----w c:\program files\Microsoft
2008-12-17 14:21 --------- d-----w c:\program files\Windows Live SkyDrive
2008-12-17 14:12 --------- d-----w c:\program files\Fichiers communs\Windows Live
2008-12-16 14:18 --------- d-----w c:\program files\Java
2008-12-13 06:37 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-12-04 23:11 308,584 ----a-w c:\windows\WLXPGSS.SCR
2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
2008-11-10 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-06-03 17:55 22,328 ----a-w c:\documents and settings\HP_Propriétaire\Application Data\PnkBstrK.sys
2006-08-07 08:25 278,528 ----a-w c:\program files\Fichiers communs\FDEUnInstaller.exe
2004-07-22 09:51 3,432,656 ----a-w c:\program files\ManagedDX.CAB
2004-07-19 21:58 1,156,363 ----a-w c:\program files\BDANT.cab
2004-07-19 21:53 976,020 ----a-w c:\program files\BDAXP.cab
2004-07-09 13:17 13,265,040 ----a-w c:\program files\dxnt.cab
2004-07-09 08:13 703,080 -c--a-w c:\program files\BDA.cab
2004-07-09 08:13 15,493,481 ----a-w c:\program files\DirectX.cab
2004-07-09 03:08 472,576 ----a-w c:\program files\dxsetup.exe
2004-07-09 03:08 2,242,560 ----a-w c:\program files\dsetup32.dll
2004-07-09 02:03 62,976 ----a-w c:\program files\DSETUP.dll
2008-10-12 09:14 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008101220081013\index.dat
.

((((((((((((((((((((((((((((( snapshot_2009-02-04_22.48.39,21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-05 09:27:50 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_42c.dat
+ 2009-02-05 09:27:36 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5bc.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P1.dll" [2009-02-04 1881112]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
2009-02-04 22:54 1881112 --a------ c:\program files\P2P_Energy\tbP2P1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P1.dll" [2009-02-04 1881112]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{2BAE58C2-79F9-45D1-A286-81F911301C3A}"= "c:\program files\P2P_Energy\tbP2P1.dll" [2009-02-04 1881112]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-26 68856]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

titeuf1234 Messages postés 282 Statut Membre 7

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 61440]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-13 339968]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-02-16 185632]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-02 13570048]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-02 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-01-14 399504]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 c:\windows\system32\Hdaudpropshortcut.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
"nwiz"="nwiz.exe" [2008-08-02 c:\windows\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 c:\windows\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 c:\windows\ALCWZRD.EXE]

c:\documents and settings\HP_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 258048]
Hyperappel de l'Encyclop‚die Universelle Larousse.lnk - c:\program files\Larousse\Encyclop‚die Universelle Larousse\Bin\hyperappel.exe [2007-04-01 53248]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.l3codec"= l3codecp.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-23 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-23 20560]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2008-08-10 170640]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-08-10 15504]
S2 gupdate1c986c45dccd7ec;Google Update Service (gupdate1c986c45dccd7ec);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 133104]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-12-19 195752]
S3 ZSMC0305;VIMICRO USB PC Camera V;c:\windows\system32\drivers\usbVM305.sys [2007-10-12 392316]
.
Contenu du dossier 'Tâches planifiées'

2009-01-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-02-05 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 13:30]
.
.
------- Examen supplémentaire -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://orange.fr/
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop
mWindow Title =
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/go/mypcchoice
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Rechercher avec Voila - file://c:\program files\WANADOO_TOOLBAR\Cache\SelectedContextSearch.htm
DPF: {48DF87EE-F2DE-11D8-BE7F-302050C10815} - hxxp://www.flygimp.com/loadergimp_fr.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
DPF: {76A2A0AB-38B7-46DB-8E47-F10CDE4D7920} - hxxp://sallevirtuelle.cotesdarmor.fr/ecwplugins/NCS.cab
DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_1_0_4.cab
FF - ProfilePath - c:\documents and settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\1s3l3iqb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://search.orbitdownloader.com
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-05 10:44:46
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-02-05 10:46:56
ComboFix-quarantined-files.txt 2009-02-05 09:46:30
ComboFix2.txt 2009-02-04 21:50:16
ComboFix3.txt 2009-02-03 08:53:45
ComboFix4.txt 2009-01-23 18:56:31
ComboFix5.txt 2009-02-05 09:36:13

Avant-CF: 23,707,885,568 octets libres
Après-CF: 23,706,787,840 octets libres

226 --- E O F --- 2009-01-15 02:14:46

titeuf1234 Messages postés 282 Statut Membre 7

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.93GHz )
BIOS : v3.05
USER : HP_Propriétaire ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1296 [VPS 090204-0] 4.8.1296 (Activated)
C:\ (Local Disk) - NTFS - Total:179 Go (Free:22 Go)
D:\ (Local Disk) - FAT32 - Total:6 Go (Free:2 Go)
E:\ (CD or DVD) - UDF - Total:3 Go (Free:0 Go)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (CD or DVD)
L:\ (USB)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 05/02/2009|10:53 )

-----------\\ SUPPRESSION

Supprime! - C:\Program Files\P2P_Energy\INSTALL.LOG
Echec ! - C:\Program Files\P2P_Energy\tbP2P1.dll
Supprime! - C:\Program Files\P2P_Energy\tbP2P_.dll
Supprime! - C:\Program Files\P2P_Energy\toolbar.cfg
Supprime! - C:\Program Files\P2P_Energy\UNWISE.EXE
Supprime! - C:\Program Files\P2P_Energy

-----------\\ Recherche de Fichiers / Dossiers ...

-----------\\ Extensions

(HP_Propriétaire) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
"Start Page"="https://www.orange.fr/portail"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"
"Search Bar"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop"

je voi que tout ce qui a etais suprimer son les contenu que lon ma donner comme nero9

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\HP_PRO~1\Mes documents\crack
C:\DOCUME~1\HP_PRO~1\Mes documents\Keygen
C:\DOCUME~1\HP_PRO~1\Mes documents\Nero.9.v9.2.6.0.FR.Incl-Keygen.[emule-island.com].rar
C:\DOCUME~1\HP_PRO~1\Mes documents\crack\Adobe_Photoshop_CS4_Extended___Crack___Serial.4700749.TPB.torrent
C:\DOCUME~1\HP_PRO~1\Mes documents\crack\Ahead_Nero_9.0.9.4b_-_serials.4446759.TPB.torrent
C:\DOCUME~1\HP_PRO~1\Mes documents\crack\Malwarebytes' Anti-Malware.txt
C:\DOCUME~1\HP_PRO~1\Mes documents\crack\Nero_9.x.x._activator(XP__Vista___Windows_7)__SmartErase.4666928.TPB.torrent
C:\DOCUME~1\HP_PRO~1\Mes documents\Keygen\keymaker.exe
C:\DOCUME~1\HP_PRO~1\Mes documents\Mes vidéos\Adobe Photoshop CS4 Extended\CS4_Tool_Kit\adobe-master-cs4-keygen.exe
C:\DOCUME~1\HP_PRO~1\Mes documents\Mes vidéos\Adobe Photoshop CS4 Extended\CS4_Tool_Kit\CS4LicenseFix\adobe-master-cs4pre-keygen.exe
C:\DOCUME~1\HP_PRO~1\Mes documents\Mes vidéos\Adobe Photoshop CS4 Extended\CS4_Tool_Kit\CS4LicenseFix\crack.bat
C:\DOCUME~1\HP_PRO~1\Recent\Adobe_Photoshop_CS4_Extended___Crack___Serial.4700749.TPB.torrent.lnk
C:\DOCUME~1\HP_PRO~1\Recent\crack.lnk

1 - "C:\ToolBar SD\TB_1.txt" - 05/02/2009|10:53 - Option : [2]

-----------\\ Fin du rapport a 10:53:57,67

titeuf1234 Messages postés 282 Statut Membre 7

il ni a plus de souci ??

Réponse 8 / 14

Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537

Re,

on aura fini quand je te demanderai de nettoyer les outils.

=================
Ouvre Spybot search and destroy.

clique sur mode, choisis advanced mode;

dans la colonne de gauche clique sur le + devant tools.

clique sur résident (colonne de gauche)

dans la fenêtre de droite décoche la case devant "resident tea-timer"

Désinstalle Spybot S&D via le panneau de configuration, il va gêner la désinfection.

Tu le réinstalleras à la fin si tu souhaites.

Supprime aussi le répertoire C:\Program Files\Spybot - Search & Destroy

=====================

Déplace combofix.exe sur ton Bureau

====================

Copie ou imprime les instructions avant

Déconnecte toi d'internet et ferme toutes tes applications.

Désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

File::
C:\Program Files\WANADOO_TOOLBAR\Cache\SelectedContextSearch.htm
C:\image199.exe

Folder::
c:\windows\Google Earth Pro 4.2

Registry::
[- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Rechercher avec Voila]

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe

Clique sur le fichier CFscript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFscrïpt vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Réactive ton parefeu, ton antivirus, la garde de ton antispyware

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Attention : cette manip a été fait pour cet ordi. Tout réutilisation peut endommager sévèrement le système d'exploitation.

==============================
Lis bien et exécute cette manip dans l’ordre.

#Télécharge et installe ces logiciels (si tu ne les as pas) pour les 3 premiers
mets les à jour, comme indiqué dans les démos ou tutos.

Ne les utilise pas tout de suite.

Antispywares et autres :

Télécharge Malwarebytes' Anti-Malware (MBAM) et enregistre le sur ton bureau à partir de ce lien :

https://www.malwarebytes.com/

A la fin du téléchargement, ferme toutes les fenêtres et programmes, y compris celui-ci.

Double-clique sur l'icône Download_mbam-setup.exe sur ton bureau pour démarrer le programme d'installation.

Pendant l'installation, suis les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet). N'apporte aucune modification aux réglages par défaut et, en fin d'installation, vérifie que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées.

MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse. Comme MBAM se met automatiquement à jour en fin d'installation, clique sur OK pour fermer la boîte de dialogue.

Nettoyeurs (de fichiers inutiles) et autres :

*Ccleaner (gratuit)
Téléchargement :
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
Tuto :
https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

Lors de l’installation, [décoche] l’option qui t’installerait la barre Yahoo !

========================================
->Affiche tous les fichiers et dossiers :
clique sur démarrer/panneau de configuration (en affichage classique)/option des dossiers/affichage

[Coche] « afficher les dossiers et fichiers cachés »

[Décoche] la case « Masquer les fichiers protégés du système d'exploitation (recommandé) »

[Décoche] « masquer les extensions dont le type est connu »

Puis fais [appliquer] pour valider les changements.

Et [Ok]
.

=======================================

========================================
->Lance CCleaner.

Suppression des fichiers temporaires

Va dans la section "Options" situé dans la marge gauche.
Décoche "Avancé"
Retourne ensuite dans la section "Nettoyeur"
Fais bien attention de cocher toutes ces cases dans la marge gauche (Internet Explorer/Windows Explorer/Système)
• Clique sur [Analyse]
• Patiente le temps du scan, qui peut prendre un peu de temps si c'est la première fois.
• Une fois le scan terminé, clique sur [Lancer le Nettoyage]

========================================
Lance Malwarebytes AntiMalware

Dans l'onglet analyse, vérifie que "Exécuter un scan rapide" est coché et clique sur le bouton Rechercher pour démarrer l'analyse.

MBAM analyse ton ordinateur. L'analyse peut prendre un certain temps. Il suffit de vérifier de temps en temps son avancement.

A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur OK pour poursuivre.

Si des malwares ont été détectés, leur liste s'affiche.
En cliquant sur Suppression (?) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

MBAM va ouvrir le bloc-notes et y copier le rapport d'analyse. Ferme le bloc-note. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)

Ferme MBAM en cliquant sur Quitter.

Poste le rapport dans ta réponse.
========================================

->Relance CCleaner.
Suppression des incohérences du registre

• Clique sur l'icône [Registre] situés dans la marge à gauche
• Puis clique sur [Analyser les erreurs]
• Patiente pendant que CCleaner scan ton registre.
• Une fois le scan terminé, coche toutes les entrèes qu'il t'aura trouvée.
• Tu peux cliquer ensuite sur [Corriger les erreurs].

Si tu n'est pas sur de ce que tu fais, tu peux choisir de sauvegarder les entrées cochées pour les restaurer ultérieurement.
========================================
->Vide ta Corbeille.
========================================

- > Ouvre ce lien pour scanner ton PC avec un BitDefender en ligne (uniquement sous Internet Explorer) :

http://www.bitdefender.fr/scan_fr/scan8/ie.html

Utilisation :
Cliquer sur "J'accepte" puis accepter également l'ActiveX bloqué par la barre anti-popup du SP2 qui clignotera en haut et l'installer.
Ensuite, cliquer sur "Cliquez ici pour scanner".
Patienter jusqu'à la fin du scan qui peut durer assez longtemps...

Copier/coller le rapport entier sur le forum.

Tutoriel en images ici : http://pageperso.aol.fr/rginformatique/mapage/defender.htm (merci à Balltrap34 pour cette réalisation)
[Recoche] la case « Masquer les fichiers protégés du système d'exploitation (recommandé) »

titeuf1234 Messages postés 282 Statut Membre 7

bonjour desoler du retard ,
je joint le raport de bit defendeur

BitDefender Online Scanner
Rapport d'analyse généré à: Sun, Feb 08, 2009 - 13:41:27
Voie d'analyse: C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;L:\;
Statistiques
Temps
00:44:35
Fichiers
178713
Directoires
12539
Secteurs de boot
0
Archives
3365
Paquets programmes
16526
Résultats
Virus identifiés
2
Fichiers infectés
2
Fichiers suspects
0
Avertissements
0
Désinfectés
0
Fichiers effacés
2
Info sur les moteurs
Définition virus
2640088
Version des moteurs
AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)
Analyse des plugins
17
Archive des plugins
45
Unpack des plugins
7
E-mail plugins
6
Système plugins
4
Paramètres d'analyse
Première action
Désinfecté
econde Action
Supprimé
Heuristique
Oui
Acceptez les avertissements
Oui
Extensions analysées
exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;
Excludez les extensions
Analyse d'emails
Oui
Analyse des Archives
Oui
Analyser paquets programmes
Oui
Analyse des fichiers
Oui
Analyse de boot
Oui
Fichier analysé
Statut
C:\Documents and Settings\HP_Propriétaire\Mes documents\Keygen\keymaker.exe
Infecté par: Trojan.Packed.45180
C:\Documents and Settings\HP_Propriétaire\Mes documents\Keygen\keymaker.exe
Supprimé
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP321\A0090671.exe
Infecté par: Trojan.Generic.1325930
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP321\A0090671.exe
Supprimé

Réponse 9 / 14

Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537

Bonjour,

C:\Documents and Settings\HP_Propriétaire\Mes documents\Keygen\keymaker.exe
Infecté par: Trojan.Packed.45180

==========

Poste le rapport MBAM.

titeuf1234 Messages postés 282 Statut Membre 7

re
vraiment un grand merci de ta part

comment je suprime C:\Documents and Settings\HP_Propriétaire\Mes documents\Keygen\keymaker.exe
Infecté par: Trojan.Packed.45180
je le suprime direct ou je doit le fair avec un autre programe?

Réponse 10 / 14

Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537

Re,

Bit Defender s'en est occupé :

C:\Documents and Settings\HP_Propriétaire\Mes documents\Keygen\keymaker.exe
Supprimé

Le rapport MBAM stp.

titeuf1234 Messages postés 282 Statut Membre 7

ha ok
peut tu me dire si tout est regler sur mon ordinateur?

Réponse 11 / 14

Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537

Re,

comment veux que je te réponde si tu ne postes pas les rapports que je demande.

La réponse est dans les rapports.

Il me faut celui de MBAM.

Réponse 12 / 14

titeuf1234 Messages postés 282 Statut Membre 7

Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1738
Windows 5.1.2600 Service Pack 3

08/02/2009 23:21:38
mbam-log-2009-02-08 (23-21-37).txt

Type de recherche: Examen rapide
Eléments examinés: 53805
Temps écoulé: 4 minute(s), 1 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Réponse 13 / 14

Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537

Re,

on peut nettoyer.

démarrer, exécuter, tu tapes

combofix /u

dans la zone de saisie et OK.

* Télécharge ToolsCleaner par A.Rothstein & dj QUIOU sur ton Bureau.

http://pc-system.fr/
hxxp://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe
hxxp://pagesperso-orange.fr/AceRothstein/ToolsCleaner2.exe

* Clique sur Recherche et laisse le scan se terminer.

* Clique, sur Suppression pour finaliser.

* Tu peux, si tu le souhaites, te servir des Options facultatives.

* Clique sur Quitter, pour que le rapport puisse se créer.

* Poste moi le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur( C:\).

On purge la restauration système :

Ouvre ce lien :

http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20020830101856924

dans un premier temps tu le suis pour désactiver la restauration système.

Tu fermes la fenêtre.

Dans un deuxième temps, tu le suis pour réactiver la restauration.

Ceci recréé automatiquement un point de restauration daté de l"heure de la réactivation.

titeuf1234 Messages postés 282 Statut Membre 7

[ Rapport ToolsCleaner version 2.2.5 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\Combofix.txt: trouvé !
C:\TB.txt: trouvé !
C:\Qoobox: trouvé !
C:\Toolbar SD: trouvé !
C:\Documents and Settings\HP_Propriétaire\Bureau\HijackThis.exe: trouvé !
C:\Documents and Settings\HP_Propriétaire\Mes documents\GenProc.zip: trouvé !
C:\Documents and Settings\HP_Propriétaire\Mes documents\ComboFix.exe: trouvé !
C:\Documents and Settings\HP_Propriétaire\Mes documents\GenProc: trouvé !
C:\Program Files\Trend Micro\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\hijackthis.log: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\HP_Propriétaire\Bureau\HijackThis.exe: supprimé !
C:\Documents and Settings\HP_Propriétaire\Mes documents\GenProc.zip: supprimé !
C:\Documents and Settings\HP_Propriétaire\Mes documents\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Program Files\Trend Micro\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\TB.txt: supprimé !
C:\Program Files\Trend Micro\hijackthis.log: supprimé !
C:\Qoobox: supprimé !
C:\Toolbar SD: supprimé !
C:\Documents and Settings\HP_Propriétaire\Mes documents\GenProc: supprimé !

Corbeille vidée!
Fichiers temporaires nettoyés !

Réponse 14 / 14

Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537

Re

supprime

C:\Documents and Settings\HP_Propriétaire\Mes documents\ComboFix.exe

ToolsCleaner sur ton Bureau et C:\TCleaner.txt.

=========================
Voici quelques conseils pour mieux protéger ton ordi des malwares :

1) Mets à jour Windows en consultant régulièrement le site de mise à jour :
http://www.update.microsoft.com/windowsupdate/v6/default.aspx
2) pour réduire les risques de réinfection, je te recommande fortement d'installer ces programmes gratuits :

- SpywareBlaster protège des ActiveX malicieux : http://www.commentcamarche.net/telecharger/telecharger 226 spyware blaster

un tutoriel :
https://www.malekal.com/tutorial-spywareblaster/

- SpywareGuard offre une protection en temps réel contre les tentatives d'installation des spywares. Prends garde à n'avoir qu'un seul anti-spyware en garde active pour éviter les risques de conflit : http://www.commentcamarche.net/telecharger/telecharger 34055277 spywareguard .

- Sécurise Internet Explorer
* Clique sur Démarrer puis Exécuter
* Tape Inetcpl.cpl dans la zone de saisie puis OK
* Clique sur l'onglet Sécurité
* Clique sur "Rétablir toutes les zones au niveau par défaut"
* Sélectionne Zone Internet et clique sur "Personaliser le niveau"
* Dans la section sur les ActiveX, règle sur "Demander" les téléchargements des ActiveX sognés et non sognés et règle sur "Désactivé" "Contrôles d'initialisation et de script ActiveX non marqués comme sécurisés"

- ATF Cleaner nettoye les fichiers temporaires d'Internet Explorer et Windows (et Firefox), vide la corbeille et effectue quelques autres actions de nettoyage. Il améliore la vitesse et élimine les fichiers malveillants logés dans les fichiers temporaires : https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

- Noscript est un "Addon" pour Firefox qui empêche l'exécution de scripts en provenance des sites Web. il stoppe l'installation de logiciels infectieux via flash, java, javascript et d'autres points d'entrée : http://www.geekstogo.com/forum/redirect.php?url=http%3A%2F%2Fwww.noscript.net

- Conserve une sauvegarde des fichiers importants. Ceco devient de plus en plus important. Cet article, en anglais, est rempli d'informations sur les solutions possibles : http://www.geekstogo.com/559/options-for-home-computer-data-backup-part-1/

- MVPS Hosts replace le fichier Hosts par un fichier contenantles sites de pub et autres sites dangereux. Fondamentalement, cela empêche l'ordi de se connecter à ces sites en redirigeant l'appel vers 127.0.0.1 qui correspond à ton ordi. Ceci rend plus difficile d'infecter l'ordi.

https://winhelp2002.mvps.org/hosts.htm

- Il vaut mieux utiliser un navigateur alternatif à Internet Explorer. Je recommande celui de Mozilla, Firefox, très agréable, mieux sécurisé et doté d'un très bon bloqueur de pop-ups. lien de téléchargement : http://www.commentcamarche.net/telecharger/telecharger 111 firefox

3) Si tu lis l'anglais, cet article de Tony Klein comporte d'excellentes suggestions : http://www.geekstogo.com/how-did-i-get-infected-in-the-first-place

4)ERUNT (Emergency Recovery Utility NT) permet de prendre une sauvegarde de la base de registre et de la restaurer en cas de besoin. La copie de sauvegarde du registre effectuée par Windows n'est pas complète : http://www.commentcamarche.net/telecharger/telecharger 34055395 erunt

5)Console de récupération Face aux nouvelles menaces (attaque du secteur de boot par exemple), la Console de récupération peut être la seule solution. Un tutoriel ici : https://www.pcastuces.com/pratique/windows/xp/console_recuperation/page1.htm . N'hésite pas à poser des questions si nécessaire.

Multiple attaque "malwar.trace"

14 réponses

Votre réponse

Discussions similaires

Newsletters