A voir également:
- Virus shield 2009
- Virus mcafee - Accueil - Piratage
- Telecharger splitcam ancienne version 2009 - Télécharger - Messagerie
- Virus facebook demande d'amis - Accueil - Facebook
- Msn 2009 - Télécharger - Messagerie
- Virus informatique - Guide
6 réponses
Bonjour,
Pour commencer
Télécharge Random's System Information Tool (RSIT) par random/random et sauvegarde-le sur ton Bureau.
http://images.malwareremoval.com/random/RSIT.exe
* Double-clique sur RSIT.exe afin de lancer RSIT.
* Clique sur Continue à l'écran Disclaimer.
* Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
* Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
--> Poste le contenu de log.txt (<<qui sera affiché) ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
Note : Les deux rapports sont également sauvegardés C:\rsit
Pour commencer
Télécharge Random's System Information Tool (RSIT) par random/random et sauvegarde-le sur ton Bureau.
http://images.malwareremoval.com/random/RSIT.exe
* Double-clique sur RSIT.exe afin de lancer RSIT.
* Clique sur Continue à l'écran Disclaimer.
* Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
* Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
--> Poste le contenu de log.txt (<<qui sera affiché) ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
Note : Les deux rapports sont également sauvegardés C:\rsit
voila l 1er fichier :
nfo.txt logfile of random's system information tool 1.06 2009-06-06 22:15:21
======Uninstall list======
-->"c:\apps\skype\phone\unins000.exe"
-->"C:\Program Files\Fichiers communs\aolshare\Coach\AolCInUn.exe" -lang="fr-fr"
-->C:\PROGRA~1\FICHIE~1\AOL\ACS\AcsUninstall.exe /c
-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\Fichiers communs\AOL\Screensaver\uninst_ygpss.exe
-->C:\Program Files\Fichiers communs\aolshare\Aolunins_fr.exe
-->C:\Program Files\Fichiers communs\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AFA4872-16B2-419E-ADCA-8E96E739115D}\setup.exe" -l0x40c
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70000000000}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe SVG Viewer 3.0-->C:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Install.log
AIDA32 v3.93-->"C:\Program Files\AIDA32 - Personal System Information\unins000.exe"
Alexandra Ledermann 6-->C:\Program Files\UbiSoft\Lexis Numérique\Alexandra Ledermann 6\Desinst.exe
Apple Software Update-->MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Baghdad Central (Desert Gunner) (remove only)-->"C:\Program Files\Fusion Games\Baghdad Central (Desert Gunner)\Uninstall.exe"
Belkin 802.11g Wireless PCI Card-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59C2635E-336A-4CDF-8936-994F989E67D1}\Setup.exe"
Bigben PC controller-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFE1AA90-5B5E-4907-95E6-F55923555B16}\setup.exe" -l0x9 -removeonly
BitTorrent-->"C:\Program Files\BitTorrent\uninstall.exe"
Browser Address Error Redirector-->regsvr32 /u /s "C:\APPS\BAE\BAE.dll"
Codeur Windows Media Série 9-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Codeur Windows Media Série 9-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Correctif n° 2 pour Windows XP Édition Media Center 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
DD PlayCam-->C:\WINDOWS\unvise32.exe C:\Program Files\DD PlayCam\1.0\Thempty.log
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EA SPORTS online 2007-->C:\Program Files\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
Exact Audio Copy 0.95b4-->C:\Program Files\Exact Audio Copy\uninst.exe
FA-18 Operation Desert Storm-->C:\WINDOWS\iun6002.exe "C:\Program Files\FA-18 Operation Desert Storm\irunin.ini"
Favorit-->"c:\documents and settings\parents\local settings\application data\kkcqg.exe" -uninstall
FileZilla Client 3.2.4.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
Freeplayer-->C:\Program Files\Freeplayer\Uninstall.exe
Furnish Pro-->C:\WINDOWS\unvise32.exe C:\Program Files\Furnish Pro\Furnish Pro uninstal.log
Garmin PC Basemap v2-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C865B036-B1D9-417F-BA37-E0D5D391B79F}\setup.exe" -l0x9
Garmin Training Center 3.4.3-->MsiExec.exe /X{CEAEEFA6-DEBC-4B16-8F04-84C81440CA32}
Garmin Training Center-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{A0F7389A-9A1A-41C6-820A-1C31A27C4495} /l1036
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
GSpot 2.21 Fr-->"C:\Program Files\GSpot221\unins000.exe"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
HP Customer Participation Program 7.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Document Viewer 7.0-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photosmart, Officejet and Deskjet 7.0.A-->C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
IsoBuster 2.5-->"C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
IsoBuster Toolbar-->C:\PROGRA~1\ISOBUS~1\UNWISE.EXE /U C:\PROGRA~1\ISOBUS~1\INSTALL.LOG
J2SE Runtime Environment 5.0 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Macromedia Flash Player 8-->MsiExec.exe /X{5E8A1B08-0FBD-4543-9646-F2C2D0D05750}
Macromedia Shockwave Player-->MsiExec.exe /X{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}
MCE Software Encoder 1.0-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7655E113-C306-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
Micro Application - Faire-part 2007 +-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B14F9A9-4735-4DA6-B47C-7D4E5766C354}\setup.exe" -l0x40c
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour le Codeur Windows Media (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Step by Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Mise à jour pour Lecteur Windows Media 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Mise à jour pour Lecteur Windows Media 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Mise à jour pour Lecteur Windows Media 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Mise à jour pour Windows Internet Explorer 8 (KB968220)-->"C:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
MotionBased Agent-->MsiExec.exe /I{70C4EFA5-F8B8-4015-9378-FCAA9000DF19}
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OCR Software by I.R.I.S 7.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74}
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
Pixie 1.4.1-->"C:\Program Files\Pixie\unins000.exe"
PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
QUAD Registry Cleaner v.1.5.69-->C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\uninst.exe
QuickTime-->MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SmartSound Quicktracks Plugin-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD LE-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
SpyHunter-->"C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe" "C:\Program Files\Enigma Software Group\SpyHunter\install.log" -u
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Ulead PhotoImpact 10 SE-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A065EA0-0EEC-4E94-A2A0-40812576C122}\setup.exe" -l0x40c
Ulead VideoStudio 9.0 SE DVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EAB2384-C794-40ED-A9DD-3270A0D2BB76}\setup.exe" -l0x40c
VIA Rhine-Family Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VideoCAM Trek-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F3220F3E-3B12-4B65-861D-B8EFCCA44A39}\Setup.exe" -l0x40c
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Wireless LAN Network Adapter-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C8AD5732-FE33-43DE-B3B9-9E06C13A4615}\Setup.exe" -l0x9
X10 Hardware(TM)-->C:\WINDOWS\UNWISE.EXE C:\PROGRA~1\X10HAR~1\Install.log
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
======Hosts File======
206.53.61.77 google.ae
206.53.61.77 google.as
206.53.61.77 google.at
206.53.61.77 google.az
206.53.61.77 google.ba
206.53.61.77 google.be
206.53.61.77 google.bg
206.53.61.77 google.bs
206.53.61.77 google.ca
206.53.61.77 google.cd
======Security center information======
AV: Virus Shield 2009
AV: avast! antivirus 4.8.1335 [VPS 090605-0]
FW: Norton Internet Worm Protection (disabled)
FW: Virus Shield 2009
======System event log======
Computer Name: emma
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Compatibilité avec le Changement rapide d'utilisateur.
Record Number: 129059
Source Name: Service Control Manager
Time Written: 20090517073604.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: emma
Event Code: 7036
Message: Le service Services Terminal Server est entré dans l'état : en cours d'exécution.
Record Number: 129058
Source Name: Service Control Manager
Time Written: 20090517073456.000000+120
Event Type: Informations
User:
Computer Name: emma
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Services Terminal Server.
Record Number: 129057
Source Name: Service Control Manager
Time Written: 20090517073456.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: emma
Event Code: 7036
Message: Le service Explorateur d'ordinateur est entré dans l'état : arrêté.
Record Number: 129056
Source Name: Service Control Manager
Time Written: 20090517073421.000000+120
Event Type: Informations
User:
Computer Name: emma
Event Code: 7036
Message: Le service Carte de performance WMI est entré dans l'état : en cours d'exécution.
Record Number: 129055
Source Name: Service Control Manager
Time Written: 20090517073420.000000+120
Event Type: Informations
User:
=====Application event log=====
Computer Name: emma
Event Code: 102
Message: MsnMsgr (2880) \\.\C:\Documents and Settings\parents\Local Settings\Application Data\Microsoft\Messenger\f.fre.d@hotmail.fr\SharingMetadata\Working\database_7038_E95E_38E9_23B6\dfsr.db: Le moteur de base de données a démarré une nouvelle instance (0).
Record Number: 40530
Source Name: ESENT
Time Written: 20090412191132.000000+120
Event Type: Informations
User:
Computer Name: emma
Event Code: 100
Message: MsnMsgr (2880) Le moteur de base de données 5.01.2600.5512 est démarré.
Record Number: 40529
Source Name: ESENT
Time Written: 20090412191132.000000+120
Event Type: Informations
User:
Computer Name: emma
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.
Record Number: 40528
Source Name: usnjsvc
Time Written: 20090412191130.000000+120
Event Type:
User:
Computer Name: emma
Event Code: 0
Message:
Record Number: 40527
Source Name: gusvc
Time Written: 20090412165720.000000+120
Event Type: Informations
User:
Computer Name: emma
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.
Record Number: 40526
Source Name: SecurityCenter
Time Written: 20090412165552.000000+120
Event Type: Informations
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Fichiers communs\Ulead Systems\MPEG;C:\Program Files\QuickTime\QTSystem\;%PIXIEHOME%\bin;C:\Program Files\Smart Projects\IsoBuster
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
"PIXIEHOME"=C:\Program Files\Pixie
"SHADERS"=%PIXIEHOME%\shaders
-----------------EOF-----------------
nfo.txt logfile of random's system information tool 1.06 2009-06-06 22:15:21
======Uninstall list======
-->"c:\apps\skype\phone\unins000.exe"
-->"C:\Program Files\Fichiers communs\aolshare\Coach\AolCInUn.exe" -lang="fr-fr"
-->C:\PROGRA~1\FICHIE~1\AOL\ACS\AcsUninstall.exe /c
-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\Fichiers communs\AOL\Screensaver\uninst_ygpss.exe
-->C:\Program Files\Fichiers communs\aolshare\Aolunins_fr.exe
-->C:\Program Files\Fichiers communs\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AFA4872-16B2-419E-ADCA-8E96E739115D}\setup.exe" -l0x40c
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70000000000}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe SVG Viewer 3.0-->C:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Install.log
AIDA32 v3.93-->"C:\Program Files\AIDA32 - Personal System Information\unins000.exe"
Alexandra Ledermann 6-->C:\Program Files\UbiSoft\Lexis Numérique\Alexandra Ledermann 6\Desinst.exe
Apple Software Update-->MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Baghdad Central (Desert Gunner) (remove only)-->"C:\Program Files\Fusion Games\Baghdad Central (Desert Gunner)\Uninstall.exe"
Belkin 802.11g Wireless PCI Card-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59C2635E-336A-4CDF-8936-994F989E67D1}\Setup.exe"
Bigben PC controller-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFE1AA90-5B5E-4907-95E6-F55923555B16}\setup.exe" -l0x9 -removeonly
BitTorrent-->"C:\Program Files\BitTorrent\uninstall.exe"
Browser Address Error Redirector-->regsvr32 /u /s "C:\APPS\BAE\BAE.dll"
Codeur Windows Media Série 9-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Codeur Windows Media Série 9-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Correctif n° 2 pour Windows XP Édition Media Center 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
DD PlayCam-->C:\WINDOWS\unvise32.exe C:\Program Files\DD PlayCam\1.0\Thempty.log
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EA SPORTS online 2007-->C:\Program Files\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
Exact Audio Copy 0.95b4-->C:\Program Files\Exact Audio Copy\uninst.exe
FA-18 Operation Desert Storm-->C:\WINDOWS\iun6002.exe "C:\Program Files\FA-18 Operation Desert Storm\irunin.ini"
Favorit-->"c:\documents and settings\parents\local settings\application data\kkcqg.exe" -uninstall
FileZilla Client 3.2.4.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
Freeplayer-->C:\Program Files\Freeplayer\Uninstall.exe
Furnish Pro-->C:\WINDOWS\unvise32.exe C:\Program Files\Furnish Pro\Furnish Pro uninstal.log
Garmin PC Basemap v2-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C865B036-B1D9-417F-BA37-E0D5D391B79F}\setup.exe" -l0x9
Garmin Training Center 3.4.3-->MsiExec.exe /X{CEAEEFA6-DEBC-4B16-8F04-84C81440CA32}
Garmin Training Center-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{A0F7389A-9A1A-41C6-820A-1C31A27C4495} /l1036
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
GSpot 2.21 Fr-->"C:\Program Files\GSpot221\unins000.exe"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
HP Customer Participation Program 7.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Document Viewer 7.0-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photosmart, Officejet and Deskjet 7.0.A-->C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
IsoBuster 2.5-->"C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
IsoBuster Toolbar-->C:\PROGRA~1\ISOBUS~1\UNWISE.EXE /U C:\PROGRA~1\ISOBUS~1\INSTALL.LOG
J2SE Runtime Environment 5.0 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Macromedia Flash Player 8-->MsiExec.exe /X{5E8A1B08-0FBD-4543-9646-F2C2D0D05750}
Macromedia Shockwave Player-->MsiExec.exe /X{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}
MCE Software Encoder 1.0-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7655E113-C306-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
Micro Application - Faire-part 2007 +-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B14F9A9-4735-4DA6-B47C-7D4E5766C354}\setup.exe" -l0x40c
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour le Codeur Windows Media (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Step by Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Mise à jour pour Lecteur Windows Media 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Mise à jour pour Lecteur Windows Media 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Mise à jour pour Lecteur Windows Media 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Mise à jour pour Windows Internet Explorer 8 (KB968220)-->"C:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
MotionBased Agent-->MsiExec.exe /I{70C4EFA5-F8B8-4015-9378-FCAA9000DF19}
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OCR Software by I.R.I.S 7.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74}
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
Pixie 1.4.1-->"C:\Program Files\Pixie\unins000.exe"
PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
QUAD Registry Cleaner v.1.5.69-->C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\uninst.exe
QuickTime-->MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SmartSound Quicktracks Plugin-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD LE-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
SpyHunter-->"C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe" "C:\Program Files\Enigma Software Group\SpyHunter\install.log" -u
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Ulead PhotoImpact 10 SE-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A065EA0-0EEC-4E94-A2A0-40812576C122}\setup.exe" -l0x40c
Ulead VideoStudio 9.0 SE DVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EAB2384-C794-40ED-A9DD-3270A0D2BB76}\setup.exe" -l0x40c
VIA Rhine-Family Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VideoCAM Trek-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F3220F3E-3B12-4B65-861D-B8EFCCA44A39}\Setup.exe" -l0x40c
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Wireless LAN Network Adapter-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C8AD5732-FE33-43DE-B3B9-9E06C13A4615}\Setup.exe" -l0x9
X10 Hardware(TM)-->C:\WINDOWS\UNWISE.EXE C:\PROGRA~1\X10HAR~1\Install.log
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
======Hosts File======
206.53.61.77 google.ae
206.53.61.77 google.as
206.53.61.77 google.at
206.53.61.77 google.az
206.53.61.77 google.ba
206.53.61.77 google.be
206.53.61.77 google.bg
206.53.61.77 google.bs
206.53.61.77 google.ca
206.53.61.77 google.cd
======Security center information======
AV: Virus Shield 2009
AV: avast! antivirus 4.8.1335 [VPS 090605-0]
FW: Norton Internet Worm Protection (disabled)
FW: Virus Shield 2009
======System event log======
Computer Name: emma
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Compatibilité avec le Changement rapide d'utilisateur.
Record Number: 129059
Source Name: Service Control Manager
Time Written: 20090517073604.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: emma
Event Code: 7036
Message: Le service Services Terminal Server est entré dans l'état : en cours d'exécution.
Record Number: 129058
Source Name: Service Control Manager
Time Written: 20090517073456.000000+120
Event Type: Informations
User:
Computer Name: emma
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Services Terminal Server.
Record Number: 129057
Source Name: Service Control Manager
Time Written: 20090517073456.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: emma
Event Code: 7036
Message: Le service Explorateur d'ordinateur est entré dans l'état : arrêté.
Record Number: 129056
Source Name: Service Control Manager
Time Written: 20090517073421.000000+120
Event Type: Informations
User:
Computer Name: emma
Event Code: 7036
Message: Le service Carte de performance WMI est entré dans l'état : en cours d'exécution.
Record Number: 129055
Source Name: Service Control Manager
Time Written: 20090517073420.000000+120
Event Type: Informations
User:
=====Application event log=====
Computer Name: emma
Event Code: 102
Message: MsnMsgr (2880) \\.\C:\Documents and Settings\parents\Local Settings\Application Data\Microsoft\Messenger\f.fre.d@hotmail.fr\SharingMetadata\Working\database_7038_E95E_38E9_23B6\dfsr.db: Le moteur de base de données a démarré une nouvelle instance (0).
Record Number: 40530
Source Name: ESENT
Time Written: 20090412191132.000000+120
Event Type: Informations
User:
Computer Name: emma
Event Code: 100
Message: MsnMsgr (2880) Le moteur de base de données 5.01.2600.5512 est démarré.
Record Number: 40529
Source Name: ESENT
Time Written: 20090412191132.000000+120
Event Type: Informations
User:
Computer Name: emma
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.
Record Number: 40528
Source Name: usnjsvc
Time Written: 20090412191130.000000+120
Event Type:
User:
Computer Name: emma
Event Code: 0
Message:
Record Number: 40527
Source Name: gusvc
Time Written: 20090412165720.000000+120
Event Type: Informations
User:
Computer Name: emma
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.
Record Number: 40526
Source Name: SecurityCenter
Time Written: 20090412165552.000000+120
Event Type: Informations
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Fichiers communs\Ulead Systems\MPEG;C:\Program Files\QuickTime\QTSystem\;%PIXIEHOME%\bin;C:\Program Files\Smart Projects\IsoBuster
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
"PIXIEHOME"=C:\Program Files\Pixie
"SHADERS"=%PIXIEHOME%\shaders
-----------------EOF-----------------
voila pour le 2em fichier :
Logfile of random's system information tool 1.06 (written by random/random)
Run by parents at 2009-06-07 10:42:26
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 237 GB (80%) free of 297 GB
Total RAM: 1022 MB (10% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:42:40, on 07/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\Program Files\B54 Wireless Monitor\WLService.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\B54 Wireless Monitor\WLanCfgG.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\APPS\SMP\SmpSys.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\documents and settings\parents\local settings\application data\kkcqg.exe
C:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\utility.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
J:\RSIT.exe
C:\Program Files\trend micro\parents.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/?fr=fp-yie8
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = fr.yahoo.com/?fr=fp-yie8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/?fr=fp-yie8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?fr=fp-yie8
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer fourni par Yahoo!
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIso0.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIso0.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [EULA] C:\APPS\PB_TB\EULALauncher.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] C:\Program Files\BitComet\BitComet.exe /tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [kkcqg] "c:\documents and settings\parents\local settings\application data\kkcqg.exe" kkcqg
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Belkin 802.11g Wireless PCI Card Configuration Utility.lnk = ?
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.serviceshub.microsoft.com/supportforbusiness/create
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} (isInstalled Class) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6-windows-i586.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://gamenextfr.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{CEBADC0A-B2D0-471E-A0A6-DFB0361826F6}: NameServer = 212.27.40.240,212.27.40.241
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: WLB54 Service (WLB54) - Unknown owner - C:\Program Files\B54 Wireless Monitor\WLService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Logfile of random's system information tool 1.06 (written by random/random)
Run by parents at 2009-06-07 10:42:26
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 237 GB (80%) free of 297 GB
Total RAM: 1022 MB (10% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:42:40, on 07/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\Program Files\B54 Wireless Monitor\WLService.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\B54 Wireless Monitor\WLanCfgG.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\APPS\SMP\SmpSys.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\documents and settings\parents\local settings\application data\kkcqg.exe
C:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\utility.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
J:\RSIT.exe
C:\Program Files\trend micro\parents.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/?fr=fp-yie8
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = fr.yahoo.com/?fr=fp-yie8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/?fr=fp-yie8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?fr=fp-yie8
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer fourni par Yahoo!
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIso0.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIso0.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [EULA] C:\APPS\PB_TB\EULALauncher.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] C:\Program Files\BitComet\BitComet.exe /tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [kkcqg] "c:\documents and settings\parents\local settings\application data\kkcqg.exe" kkcqg
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Belkin 802.11g Wireless PCI Card Configuration Utility.lnk = ?
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.serviceshub.microsoft.com/supportforbusiness/create
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} (isInstalled Class) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6-windows-i586.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://gamenextfr.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{CEBADC0A-B2D0-471E-A0A6-DFB0361826F6}: NameServer = 212.27.40.240,212.27.40.241
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: WLB54 Service (WLB54) - Unknown owner - C:\Program Files\B54 Wireless Monitor\WLService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
ok plusieurs infections
commence par ceci stp
Télécharge combofix.exe (par sUBs) et sauvegarde le sur ton bureau.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Déconnecte toi d'internet et ferme toutes tes applications.
* Désactive tes protections (antivirus, parefeu,antispyware) provisoirement et seulement le temps de l'utilisation de ComboFix,
* Double-clic sur combofix.exe, il est possible que ton parefeu te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sûre: accepte.
* /! Ne touche à rien tant que le scan n'est pas terminé.Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne /!
* Attends que Combofix ait terminé, un rapport sera créé.
* réactive ton parefeu, ton antivirus, la garde de ton antispyware
* copie/colle le rapport, le rapport se trouve dans : C:Combofix.txt
* Réactive tes protections en temps réel, Antivirus, Antispywares, avant de te reconnecter à internet.
commence par ceci stp
Télécharge combofix.exe (par sUBs) et sauvegarde le sur ton bureau.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Déconnecte toi d'internet et ferme toutes tes applications.
* Désactive tes protections (antivirus, parefeu,antispyware) provisoirement et seulement le temps de l'utilisation de ComboFix,
* Double-clic sur combofix.exe, il est possible que ton parefeu te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sûre: accepte.
* /! Ne touche à rien tant que le scan n'est pas terminé.Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne /!
* Attends que Combofix ait terminé, un rapport sera créé.
* réactive ton parefeu, ton antivirus, la garde de ton antispyware
* copie/colle le rapport, le rapport se trouve dans : C:Combofix.txt
* Réactive tes protections en temps réel, Antivirus, Antispywares, avant de te reconnecter à internet.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
ComboFix 09-06-06.03 - parents 07/06/2009 11:14.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1022.522 [GMT 2:00]
Lancé depuis: c:\documents and settings\parents\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090606-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Virus Shield 2009 *On-access scanning enabled* (Updated) {C27BC89E-717E-412E-8C31-7A49444A3FE9}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: Virus Shield 2009 *enabled* {BE17CC0F-04BB-4482-BA15-75317B49AFFD}
.
Les fichiers ci-dessous ont été désactivés pendant l'exécution:
c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\parents\Application Data\Microsoft\Internet Explorer\Quick Launch\Virus Shield 2009.lnk
c:\documents and settings\parents\Local Settings\Application Data\kkcqg.dat
c:\documents and settings\parents\Local Settings\Application Data\kkcqg.exe
c:\documents and settings\parents\Local Settings\Application Data\kkcqg_nav.dat
c:\documents and settings\parents\Local Settings\Application Data\kkcqg_navps.dat
c:\program files\QUAD Utilities
c:\program files\QUAD Utilities\QUAD Registry Cleaner\Vista Scheduler.dll
c:\windows\system32\_000005_.tmp.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-07 au 2009-06-07 ))))))))))))))))))))))))))))))))))))
.
2009-06-07 06:06 . 2009-06-07 06:06 -------- d-----w- C:\ToolBar SD
2009-06-06 21:42 . 2009-06-06 21:42 304 ----a-w- c:\documents and settings\parents\exc.dat
2009-06-06 20:21 . 2009-06-06 20:21 -------- d-----w- c:\program files\CCleaner
2009-06-06 20:14 . 2009-06-07 08:42 -------- d-----w- c:\program files\trend micro
2009-06-06 20:14 . 2009-06-06 20:15 -------- d-----w- C:\rsit
2009-06-06 19:40 . 2009-06-06 19:40 -------- d-----w- c:\program files\Enigma Software Group
2009-06-06 11:55 . 2009-06-06 12:00 -------- d-sh--w- c:\documents and settings\parents\Application Data\Virus Shield 2009
2009-06-06 11:55 . 2009-06-06 11:55 -------- d-sh--w- c:\documents and settings\All Users\Application Data\ProtectSystem
2009-06-06 11:54 . 2009-06-06 11:55 2097152 ----a-w- c:\documents and settings\All Users\Application Data\54005fc\VS5400.exe
2009-06-06 11:54 . 2009-06-06 21:42 -------- d-sh--w- c:\documents and settings\All Users\Application Data\54005fc
2009-05-31 07:47 . 2009-05-31 07:46 737280 ----a-w- c:\windows\iun6002.exe
2009-05-31 07:47 . 2009-05-31 08:51 -------- d-----w- c:\program files\FA-18 Operation Desert Storm
2009-05-21 15:42 . 2009-05-21 15:46 -------- d-----w- c:\program files\RegCleaner
2009-05-18 10:34 . 2009-05-18 10:34 -------- d-----w- c:\program files\AIDA32 - Personal System Information
2009-05-18 10:32 . 2009-05-18 10:32 -------- d-----w- c:\program files\SiSoftware
2009-05-16 13:59 . 2009-05-16 13:59 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-05-16 13:58 . 2009-05-16 13:58 -------- d-----w- c:\documents and settings\parents\Local Settings\Application Data\Downloaded Installations
2009-05-12 18:16 . 2009-05-12 18:16 -------- d-----w- c:\documents and settings\emma2000\Local Settings\Application Data\Conduit
2009-05-12 18:16 . 2009-06-01 11:31 -------- d-----w- c:\documents and settings\emma2000\Local Settings\Application Data\IsoBuster
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-07 07:39 . 2009-05-03 13:13 -------- d-----w- c:\documents and settings\parents\Application Data\BitTorrent
2009-05-31 07:10 . 2009-05-04 01:25 72328877 ----a-w- c:\documents and settings\parents\Application Data\BitTorrent\incomplete\abbb735b-c17d\CoD4MW-1.4-PatchSetup.exe
2009-05-29 05:07 . 2009-05-07 19:33 -------- d-----w- c:\program files\IsoBuster
2009-05-24 06:57 . 2006-11-25 15:46 -------- d-----w- c:\program files\X10 Hardware
2009-05-18 10:33 . 2009-05-18 10:33 2311 ----a-w- c:\documents and settings\All Users\Application Data\xmlE8.tmp
2009-05-18 10:33 . 2009-05-18 10:33 13295 ----a-w- c:\documents and settings\All Users\Application Data\xmlE7.tmp
2009-05-18 10:33 . 2009-05-18 10:33 8519 ----a-w- c:\documents and settings\All Users\Application Data\xmlE6.tmp
2009-05-16 14:00 . 2006-11-25 15:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-07 19:33 . 2009-05-07 19:33 -------- d-----w- c:\program files\Conduit
2009-05-07 19:33 . 2009-05-07 19:33 -------- d-----w- c:\program files\Smart Projects
2009-05-07 05:26 . 2009-05-04 12:12 -------- d-----w- c:\documents and settings\parents\Application Data\FileZilla
2009-05-06 19:01 . 2009-05-06 19:01 -------- d-----w- c:\program files\FileZilla FTP Client
2009-05-05 20:59 . 2009-05-04 14:51 -------- d-----w- c:\documents and settings\parents\Application Data\vlc
2009-05-04 15:10 . 2009-05-04 14:50 -------- d-----w- c:\program files\Freeplayer
2009-05-04 10:42 . 2009-05-03 23:45 1009496 ----a-w- c:\documents and settings\parents\Application Data\BitTorrent\incomplete\abbb735b-c17d\HamachiSetup-1.0.2.5-en.exe
2009-05-04 10:42 . 2009-05-03 21:35 3581384 ----a-w- c:\documents and settings\parents\Application Data\BitTorrent\incomplete\abbb735b-c17d\daemon-4112-lite.exe
2009-05-04 10:42 . 2009-05-03 21:29 3017216 ----a-w- c:\documents and settings\parents\Application Data\BitTorrent\incomplete\abbb735b-c17d\Crack\iw3sp.exe
2009-05-03 13:13 . 2009-05-03 13:13 -------- d-----w- c:\program files\BitTorrent
2009-04-28 04:43 . 2004-09-23 17:12 77278 ----a-w- c:\windows\system32\perfc00C.dat
2009-04-28 04:43 . 2004-09-23 17:12 474734 ----a-w- c:\windows\system32\perfh00C.dat
2009-04-18 10:59 . 2009-04-18 10:59 -------- d-----w- c:\documents and settings\emma2000\Application Data\DivX
2009-04-14 15:44 . 2009-04-14 15:44 -------- d-----w- c:\documents and settings\emma2000\Application Data\Yahoo!
2009-04-12 14:58 . 2009-04-12 14:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-04-12 14:47 . 2009-04-12 14:47 -------- d-----w- c:\program files\Yahoo!
2009-04-12 14:47 . 2009-04-12 14:47 -------- d-----w- c:\documents and settings\parents\Application Data\Yahoo!
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]
2009-05-29 05:07 2094616 ----a-w- c:\program files\IsoBuster\tbIso0.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\apps\SMP\SmpSys.exe" [2005-11-17 975360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-08 68856]
"BitTorrent"="c:\program files\BitTorrent\bittorrent.exe" [2006-12-04 43008]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"DetectorApp"="c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"EULA"="c:\apps\PB_TB\EULALauncher.exe" [2006-09-29 18944]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-23 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-11-09 26112]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2009-04-02 868352]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-05-18 16207872]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Belkin 802.11g Wireless PCI Card Configuration Utility.lnk - c:\program files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\utility.exe [2007-3-2 327765]
D‚marrage rapide de HP Photosmart Premier.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aAvgApi.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AAWTray.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Ad-Aware.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\adaware.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\advxdwin.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\agentw.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\alertsvc.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\alevir.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\alogserv.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\amon9x.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\antivirus.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AntivirusXP.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ants.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\apimonitor.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aplica32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\arr.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\atcon.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\atguard.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\atro55en.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\atupdater.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\atwatch.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\au.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aupdate.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\auto-protect.nav80try.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autotrace.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autoupdate.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avciman.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgcc32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgemc.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgrsx.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgserv.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgserv9.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgtray.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avkpop.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avkservice.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avkwctl9.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avwin.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avwinnt.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avwupd.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avwupsrv.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avxmonitor9x.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avxmonitornt.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avxquar.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\backweb.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bargains.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdmcon.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bd_professional.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\beagle.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\belt.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bidef.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bidserver.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bipcp.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bipcpevalsetup.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bisp.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\blink.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\blss.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bootconf.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bootwarn.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\borg2.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bpc.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\brasil.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bs120.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bundle.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bvt.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccpxysvc.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cdp.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfd.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfgwiz.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\clean.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cleanpc.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\click.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cmd32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cmesys.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cmgrdian.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cmon016.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\connectionmonitor.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\control]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cpd.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cpf9x206.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cpfnt206.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ctrl.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cv.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cwnb181.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cwntdwmo.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\datemanager.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dcomx.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\defalert.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\defscangui.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\deputy.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\divx.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dllcache.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dllreg.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\doors.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dpf.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dpfsetup.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dpps2.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drwatson.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dssagent.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\efpeadm.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\emsw.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ent.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\escanhnt.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\escanv95.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ethereal.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\etrustcipe.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\evpn.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\exantivirus-cnet.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\exe.avxw.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\expert.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\explore.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fast.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fch32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fih32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\firewall.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fnrb32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fp-win_trial.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\frmwrk32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsaa.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsav.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsav530stbyb.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsav530wtbyb.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsav95.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsgk32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsm32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsmb32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\gator.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\gbmenu.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\gbpoll.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\generics.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\gmt.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guarddog.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\hacktracersetup.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\hbinst.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\hbsrv.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\hotactio.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\hotpatch.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\htlog.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\htpatch.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\hwpe.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\hxdl.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\hxiul.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iamstats.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\idle.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iedll.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iedriver.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iexplorer.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ifw2000.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\inetlnfo.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\infus.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\infwin.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\init.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\intdel.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\intren.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\istsvc.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\jammer.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\jdbgmrg.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kavlite40eng.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kavpers40eng.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kazza.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\keenvalue.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kerio-pf-213-en-win.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kerio-wrl-421-en-win.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kerio-wrp-421-en-win.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\killprocesssetup161.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\launcher.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ldnetmon.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ldpro.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ldpromenu.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ldscan.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\lnetinfo.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\loader.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\localnet.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\lockdown.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\lordpe.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\lsetup.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\luau.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\luinit.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\luspt.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mapisvc32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcmnhdlr.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\McSACore.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mctool.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcupdate.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcvsrte.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\md.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mfin32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mfw2en.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mfweng3.02d30.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mgavrtcl.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mgavrte.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mgui.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\minilog.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mmod.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\monitor.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mostat.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mpfagent.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mpfservice.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mrflux.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msapp.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MSASCui.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msbb.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msblast.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mscache.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msccn32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mscman.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msconfig]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msdm.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msdos.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msiexec16.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msinfo32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mslaugh.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msmgt.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msmsgri32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mssmmc32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mssys.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msvxd.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mu0311ad.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mwatch.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nav.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navap.navapsvc.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navdx.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nc2000.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ncinst4.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ndd32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\neomonitor.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\neowatchlog.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\netarmor.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\netd32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\netinfo.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\netmon.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\netscanpro.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\netspyhunter-1.2.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\netstat.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\netutils.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\norton_internet_secu_3.0_407.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\notstart.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\npf40_tw_98_nt_me_2k.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\npfmessenger.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nprotect.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\npscheck.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\npssvc.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nsched32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nssys32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nstask32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nsupdate.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nt.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ntrtscan.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ntvdm.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ntxconfig.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nui.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nvarch16.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nvsvc32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nwinst4.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nwservice.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nwtool16.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\onsrvr.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\optimize.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ostronet.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\otfix.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\outpostinstall.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\outpostproinstall.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\padmin.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\panixk.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\patch.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pav.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PavFnSvr.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pavproxy.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pavprsrv.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pc.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pcip10117_0.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pcscan.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pdsetup.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\periscope.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\perswf.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pf2.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pfwadmin.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pgmonitr.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pingscan.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\platin.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pop3trap.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\poproxy.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\popscan.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\portdetective.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\portmonitor.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\powerscan.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ppinupdt.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pptbc.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ppvstop.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\prizesurfer.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\prmt.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\prmvr.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\procdump.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\processmonitor.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\procexplorerv1.0.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\programauditor.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\proport.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\protectx.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PskSvc.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pspf.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\purge.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\qconsole.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\qserver.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rapapp.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rav8win32eng.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ray.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rb32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rcsync.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\realmon.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\reged.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rescue.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rescue32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rrguard.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rshell.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rtvscn95.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rulaunch.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\run32dll.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rundll.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rundll16.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ruxdll32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sahagent.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\save.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\savenow.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sbserv.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sc.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\scam32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\setupvameeval.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\setup_flowprotector_us.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sfc.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sgssfw32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sh.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\shellspyinstall.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\shn.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\showbehind.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sms.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\smss32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\soap.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sofi.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sperm.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\spf.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\spoler.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\spoolcv.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\spoolsv32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\spyxx.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\srexe.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\srng.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1022.522 [GMT 2:00]
Lancé depuis: c:\documents and settings\parents\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090606-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Virus Shield 2009 *On-access scanning enabled* (Updated) {C27BC89E-717E-412E-8C31-7A49444A3FE9}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: Virus Shield 2009 *enabled* {BE17CC0F-04BB-4482-BA15-75317B49AFFD}
.
Les fichiers ci-dessous ont été désactivés pendant l'exécution:
c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\parents\Application Data\Microsoft\Internet Explorer\Quick Launch\Virus Shield 2009.lnk
c:\documents and settings\parents\Local Settings\Application Data\kkcqg.dat
c:\documents and settings\parents\Local Settings\Application Data\kkcqg.exe
c:\documents and settings\parents\Local Settings\Application Data\kkcqg_nav.dat
c:\documents and settings\parents\Local Settings\Application Data\kkcqg_navps.dat
c:\program files\QUAD Utilities
c:\program files\QUAD Utilities\QUAD Registry Cleaner\Vista Scheduler.dll
c:\windows\system32\_000005_.tmp.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-07 au 2009-06-07 ))))))))))))))))))))))))))))))))))))
.
2009-06-07 06:06 . 2009-06-07 06:06 -------- d-----w- C:\ToolBar SD
2009-06-06 21:42 . 2009-06-06 21:42 304 ----a-w- c:\documents and settings\parents\exc.dat
2009-06-06 20:21 . 2009-06-06 20:21 -------- d-----w- c:\program files\CCleaner
2009-06-06 20:14 . 2009-06-07 08:42 -------- d-----w- c:\program files\trend micro
2009-06-06 20:14 . 2009-06-06 20:15 -------- d-----w- C:\rsit
2009-06-06 19:40 . 2009-06-06 19:40 -------- d-----w- c:\program files\Enigma Software Group
2009-06-06 11:55 . 2009-06-06 12:00 -------- d-sh--w- c:\documents and settings\parents\Application Data\Virus Shield 2009
2009-06-06 11:55 . 2009-06-06 11:55 -------- d-sh--w- c:\documents and settings\All Users\Application Data\ProtectSystem
2009-06-06 11:54 . 2009-06-06 11:55 2097152 ----a-w- c:\documents and settings\All Users\Application Data\54005fc\VS5400.exe
2009-06-06 11:54 . 2009-06-06 21:42 -------- d-sh--w- c:\documents and settings\All Users\Application Data\54005fc
2009-05-31 07:47 . 2009-05-31 07:46 737280 ----a-w- c:\windows\iun6002.exe
2009-05-31 07:47 . 2009-05-31 08:51 -------- d-----w- c:\program files\FA-18 Operation Desert Storm
2009-05-21 15:42 . 2009-05-21 15:46 -------- d-----w- c:\program files\RegCleaner
2009-05-18 10:34 . 2009-05-18 10:34 -------- d-----w- c:\program files\AIDA32 - Personal System Information
2009-05-18 10:32 . 2009-05-18 10:32 -------- d-----w- c:\program files\SiSoftware
2009-05-16 13:59 . 2009-05-16 13:59 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-05-16 13:58 . 2009-05-16 13:58 -------- d-----w- c:\documents and settings\parents\Local Settings\Application Data\Downloaded Installations
2009-05-12 18:16 . 2009-05-12 18:16 -------- d-----w- c:\documents and settings\emma2000\Local Settings\Application Data\Conduit
2009-05-12 18:16 . 2009-06-01 11:31 -------- d-----w- c:\documents and settings\emma2000\Local Settings\Application Data\IsoBuster
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-07 07:39 . 2009-05-03 13:13 -------- d-----w- c:\documents and settings\parents\Application Data\BitTorrent
2009-05-31 07:10 . 2009-05-04 01:25 72328877 ----a-w- c:\documents and settings\parents\Application Data\BitTorrent\incomplete\abbb735b-c17d\CoD4MW-1.4-PatchSetup.exe
2009-05-29 05:07 . 2009-05-07 19:33 -------- d-----w- c:\program files\IsoBuster
2009-05-24 06:57 . 2006-11-25 15:46 -------- d-----w- c:\program files\X10 Hardware
2009-05-18 10:33 . 2009-05-18 10:33 2311 ----a-w- c:\documents and settings\All Users\Application Data\xmlE8.tmp
2009-05-18 10:33 . 2009-05-18 10:33 13295 ----a-w- c:\documents and settings\All Users\Application Data\xmlE7.tmp
2009-05-18 10:33 . 2009-05-18 10:33 8519 ----a-w- c:\documents and settings\All Users\Application Data\xmlE6.tmp
2009-05-16 14:00 . 2006-11-25 15:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-07 19:33 . 2009-05-07 19:33 -------- d-----w- c:\program files\Conduit
2009-05-07 19:33 . 2009-05-07 19:33 -------- d-----w- c:\program files\Smart Projects
2009-05-07 05:26 . 2009-05-04 12:12 -------- d-----w- c:\documents and settings\parents\Application Data\FileZilla
2009-05-06 19:01 . 2009-05-06 19:01 -------- d-----w- c:\program files\FileZilla FTP Client
2009-05-05 20:59 . 2009-05-04 14:51 -------- d-----w- c:\documents and settings\parents\Application Data\vlc
2009-05-04 15:10 . 2009-05-04 14:50 -------- d-----w- c:\program files\Freeplayer
2009-05-04 10:42 . 2009-05-03 23:45 1009496 ----a-w- c:\documents and settings\parents\Application Data\BitTorrent\incomplete\abbb735b-c17d\HamachiSetup-1.0.2.5-en.exe
2009-05-04 10:42 . 2009-05-03 21:35 3581384 ----a-w- c:\documents and settings\parents\Application Data\BitTorrent\incomplete\abbb735b-c17d\daemon-4112-lite.exe
2009-05-04 10:42 . 2009-05-03 21:29 3017216 ----a-w- c:\documents and settings\parents\Application Data\BitTorrent\incomplete\abbb735b-c17d\Crack\iw3sp.exe
2009-05-03 13:13 . 2009-05-03 13:13 -------- d-----w- c:\program files\BitTorrent
2009-04-28 04:43 . 2004-09-23 17:12 77278 ----a-w- c:\windows\system32\perfc00C.dat
2009-04-28 04:43 . 2004-09-23 17:12 474734 ----a-w- c:\windows\system32\perfh00C.dat
2009-04-18 10:59 . 2009-04-18 10:59 -------- d-----w- c:\documents and settings\emma2000\Application Data\DivX
2009-04-14 15:44 . 2009-04-14 15:44 -------- d-----w- c:\documents and settings\emma2000\Application Data\Yahoo!
2009-04-12 14:58 . 2009-04-12 14:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-04-12 14:47 . 2009-04-12 14:47 -------- d-----w- c:\program files\Yahoo!
2009-04-12 14:47 . 2009-04-12 14:47 -------- d-----w- c:\documents and settings\parents\Application Data\Yahoo!
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]
2009-05-29 05:07 2094616 ----a-w- c:\program files\IsoBuster\tbIso0.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\apps\SMP\SmpSys.exe" [2005-11-17 975360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-08 68856]
"BitTorrent"="c:\program files\BitTorrent\bittorrent.exe" [2006-12-04 43008]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"DetectorApp"="c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"EULA"="c:\apps\PB_TB\EULALauncher.exe" [2006-09-29 18944]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-23 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-11-09 26112]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2009-04-02 868352]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-05-18 16207872]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Belkin 802.11g Wireless PCI Card Configuration Utility.lnk - c:\program files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\utility.exe [2007-3-2 327765]
D‚marrage rapide de HP Photosmart Premier.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aAvgApi.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AAWTray.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Ad-Aware.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\adaware.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\advxdwin.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\agentw.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\alertsvc.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\alevir.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\alogserv.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\amon9x.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\antivirus.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AntivirusXP.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ants.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\apimonitor.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aplica32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\arr.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\atcon.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\atguard.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\atro55en.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\atupdater.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\atwatch.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\au.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aupdate.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\auto-protect.nav80try.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autotrace.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autoupdate.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avciman.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgcc32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgemc.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgrsx.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgserv.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgserv9.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgtray.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avkpop.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avkservice.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avkwctl9.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avwin.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avwinnt.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avwupd.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avwupsrv.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avxmonitor9x.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avxmonitornt.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avxquar.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\backweb.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bargains.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdmcon.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bd_professional.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\beagle.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\belt.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bidef.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bidserver.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bipcp.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bipcpevalsetup.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bisp.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\blink.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\blss.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bootconf.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bootwarn.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\borg2.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bpc.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\brasil.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bs120.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bundle.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bvt.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccpxysvc.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cdp.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfd.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfgwiz.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\clean.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cleanpc.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\click.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cmd32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cmesys.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cmgrdian.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cmon016.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\connectionmonitor.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\control]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cpd.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cpf9x206.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cpfnt206.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ctrl.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cv.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cwnb181.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cwntdwmo.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\datemanager.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dcomx.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\defalert.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\defscangui.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\deputy.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\divx.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dllcache.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dllreg.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\doors.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dpf.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dpfsetup.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dpps2.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drwatson.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dssagent.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\efpeadm.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\emsw.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ent.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\escanhnt.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\escanv95.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ethereal.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\etrustcipe.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\evpn.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\exantivirus-cnet.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\exe.avxw.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\expert.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\explore.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fast.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fch32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fih32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\firewall.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fnrb32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fp-win_trial.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\frmwrk32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsaa.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsav.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsav530stbyb.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsav530wtbyb.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsav95.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsgk32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsm32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsmb32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\gator.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\gbmenu.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\gbpoll.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\generics.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\gmt.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guarddog.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\hacktracersetup.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\hbinst.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\hbsrv.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\hotactio.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\hotpatch.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\htlog.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\htpatch.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\hwpe.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\hxdl.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\hxiul.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iamstats.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\idle.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iedll.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iedriver.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iexplorer.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ifw2000.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\inetlnfo.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\infus.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\infwin.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\init.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\intdel.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\intren.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\istsvc.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\jammer.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\jdbgmrg.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kavlite40eng.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kavpers40eng.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kazza.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\keenvalue.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kerio-pf-213-en-win.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kerio-wrl-421-en-win.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kerio-wrp-421-en-win.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\killprocesssetup161.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\launcher.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ldnetmon.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ldpro.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ldpromenu.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ldscan.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\lnetinfo.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\loader.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\localnet.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\lockdown.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\lordpe.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\lsetup.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\luau.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\luinit.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\luspt.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mapisvc32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcmnhdlr.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\McSACore.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mctool.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcupdate.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcvsrte.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\md.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mfin32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mfw2en.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mfweng3.02d30.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mgavrtcl.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mgavrte.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mgui.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\minilog.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mmod.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\monitor.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mostat.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mpfagent.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mpfservice.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mrflux.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msapp.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MSASCui.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msbb.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msblast.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mscache.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msccn32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mscman.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msconfig]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msdm.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msdos.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msiexec16.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msinfo32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mslaugh.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msmgt.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msmsgri32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mssmmc32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mssys.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msvxd.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mu0311ad.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mwatch.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nav.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navap.navapsvc.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navdx.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nc2000.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ncinst4.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ndd32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\neomonitor.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\neowatchlog.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\netarmor.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\netd32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\netinfo.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\netmon.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\netscanpro.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\netspyhunter-1.2.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\netstat.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\netutils.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\norton_internet_secu_3.0_407.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\notstart.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\npf40_tw_98_nt_me_2k.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\npfmessenger.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nprotect.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\npscheck.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\npssvc.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nsched32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nssys32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nstask32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nsupdate.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nt.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ntrtscan.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ntvdm.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ntxconfig.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nui.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nvarch16.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nvsvc32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nwinst4.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nwservice.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nwtool16.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\onsrvr.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\optimize.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ostronet.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\otfix.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\outpostinstall.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\outpostproinstall.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\padmin.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\panixk.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\patch.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pav.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PavFnSvr.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pavproxy.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pavprsrv.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pc.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pcip10117_0.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pcscan.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pdsetup.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\periscope.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\perswf.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pf2.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pfwadmin.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pgmonitr.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pingscan.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\platin.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pop3trap.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\poproxy.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\popscan.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\portdetective.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\portmonitor.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\powerscan.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ppinupdt.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pptbc.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ppvstop.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\prizesurfer.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\prmt.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\prmvr.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\procdump.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\processmonitor.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\procexplorerv1.0.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\programauditor.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\proport.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\protectx.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PskSvc.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pspf.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\purge.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\qconsole.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\qserver.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rapapp.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rav8win32eng.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ray.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rb32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rcsync.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\realmon.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\reged.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rescue.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rescue32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rrguard.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rshell.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rtvscn95.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rulaunch.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\run32dll.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rundll.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rundll16.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ruxdll32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sahagent.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\save.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\savenow.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sbserv.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sc.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\scam32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\setupvameeval.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\setup_flowprotector_us.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sfc.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sgssfw32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sh.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\shellspyinstall.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\shn.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\showbehind.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sms.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\smss32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\soap.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sofi.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sperm.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\spf.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\spoler.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\spoolcv.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\spoolsv32.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\spyxx.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\srexe.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\srng.exe]
"Debugger"=rundll32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file
Bonsoir,
ton rapport n'est pas complet, pour la suite fait ce qui suit
Télécharge LOP S&D d'Eric71 ici https://sites.google.com/site/eric71mespages/lop.sd.fr
Double-clique dessus pour lancer l'installation.
Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau.
Séléctionne la langue souhaitée , puis choisis l'Option 1 ( Recherche )
Patiente jusqu'à la fin du scan.
Poste le rapport généré (situé aussi ici C:\lopR.txt )
( Si le Bureau ne réapparaît pas, lance le gestionnaire des tâches en cliquant sur Ctrl + Alt + Suppr , puis Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )
@+
ton rapport n'est pas complet, pour la suite fait ce qui suit
Télécharge LOP S&D d'Eric71 ici https://sites.google.com/site/eric71mespages/lop.sd.fr
Double-clique dessus pour lancer l'installation.
Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau.
Séléctionne la langue souhaitée , puis choisis l'Option 1 ( Recherche )
Patiente jusqu'à la fin du scan.
Poste le rapport généré (situé aussi ici C:\lopR.txt )
( Si le Bureau ne réapparaît pas, lance le gestionnaire des tâches en cliquant sur Ctrl + Alt + Suppr , puis Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )
@+
