Rapport Hijackthis suite à message erreur
so
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
En allumant mon ordinateur, j'ai le message suivant: Windows script host:
C:/WINDOWS/system32/VirusRemoval.vbs
J'ai lancé Hijackthis. Voici le rapport:
Logfile of random's system information tool 1.06 (written by random/random)
Run by So at 2009-11-08 16:32:36
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 18 GB (47%) free of 38 GB
Total RAM: 191 MB (14% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:33:20, on 08/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\So\Bureau\RSIT.exe
C:\Downloads\Software\So.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://sujin.com.np/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Sujin.com.np
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\VirusRemoval.vbs
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.01net.com/telecharger/
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. https://www.bitdefender.fr/ - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
En allumant mon ordinateur, j'ai le message suivant: Windows script host:
C:/WINDOWS/system32/VirusRemoval.vbs
J'ai lancé Hijackthis. Voici le rapport:
Logfile of random's system information tool 1.06 (written by random/random)
Run by So at 2009-11-08 16:32:36
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 18 GB (47%) free of 38 GB
Total RAM: 191 MB (14% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:33:20, on 08/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\So\Bureau\RSIT.exe
C:\Downloads\Software\So.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://sujin.com.np/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Sujin.com.np
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\VirusRemoval.vbs
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.01net.com/telecharger/
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. https://www.bitdefender.fr/ - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
A voir également:
- Rapport Hijackthis suite à message erreur
- Recuperer message whatsapp supprimé - Guide
- Message absence thunderbird - Guide
- Epingler un message whatsapp - Accueil - Messagerie instantanée
- Message supprimé whatsapp - Guide
- ^^ Signification message ✓ - Forum Mobile
2 réponses
salut :
Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent
▶ Télécharge List&Kill'em et enregistre le sur ton bureau
Il ne necessite pas d'installation
▶double clic (clic droit "executer en tant qu'administrateur" pour Vista) pour lancer le scan
choisis la langue puis choisis l'option 1 = Mode Recherche
▶laisse travailler l'outil
le rapport va s'afficher , une fois le scan fini
▶colle le contenu dans ta prochaine réponse
Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent
▶ Télécharge List&Kill'em et enregistre le sur ton bureau
Il ne necessite pas d'installation
▶double clic (clic droit "executer en tant qu'administrateur" pour Vista) pour lancer le scan
choisis la langue puis choisis l'option 1 = Mode Recherche
▶laisse travailler l'outil
le rapport va s'afficher , une fois le scan fini
▶colle le contenu dans ta prochaine réponse
REDEMARRE EN MODE SANS ECHEC , puis :
▶ Relance List&Kill'em comme tu as fait pour l'option 1 (soit en clic droit pour vista),
mais cette fois-ci :
▶ choisis l'option 2 = Mode Destruction
laisse travailler l'outil.
en fin de scan un rapport s'ouvre ,ferme-le
puis un scond , ferme-le
puis redemarre
▶ colle le contenu dans ta reponse apres avoir redemarré en mode normal :
C:\Kill'em.txt
▶ Relance List&Kill'em comme tu as fait pour l'option 1 (soit en clic droit pour vista),
mais cette fois-ci :
▶ choisis l'option 2 = Mode Destruction
laisse travailler l'outil.
en fin de scan un rapport s'ouvre ,ferme-le
puis un scond , ferme-le
puis redemarre
▶ colle le contenu dans ta reponse apres avoir redemarré en mode normal :
C:\Kill'em.txt
nouveau rapport:
List'em by g3n-h@ckm@n 1.0.5.2
Thx to Chiquitine29.....
User : So (Administrateurs) # PC-SO
Update on 07/11/2009 by g3n-h@ckm@n ::::: 20.00
Start at: 17:36:07 | 08/11/2009
Contact : g3n-h@ckm@n sur CCM
Intel(R) Celeron(R) CPU 2.80GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : BitDefender Antivirus 12.0 [ (!) Disabled | Updated ]
FW : BitDefender Firewall[ (!) Disabled ]12.0
C:\ -> Disque fixe local | 37,25 Go (17,32 Go free) | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque fixe local | 232,88 Go (46,83 Go free) [disque externe So] | NTFS
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processus en cours
C:\WINDOWS\System32\smss.exe 824
C:\WINDOWS\system32\csrss.exe 872
C:\WINDOWS\system32\winlogon.exe 896
C:\WINDOWS\system32\services.exe 940
C:\WINDOWS\system32\lsass.exe 952
C:\WINDOWS\system32\Ati2evxx.exe 1100
C:\WINDOWS\system32\svchost.exe 1120
C:\WINDOWS\system32\svchost.exe 1184
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe 1220
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe 1252
C:\WINDOWS\System32\svchost.exe 1344
C:\WINDOWS\system32\svchost.exe 1392
C:\WINDOWS\system32\svchost.exe 1524
C:\WINDOWS\system32\spoolsv.exe 1916
C:\WINDOWS\system32\svchost.exe 1992
C:\Program Files\Executive Software\Diskeeper\DkService.exe 2040
C:\WINDOWS\system32\HPZipm12.exe 180
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe 216
C:\WINDOWS\system32\svchost.exe 288
C:\WINDOWS\system32\Ati2evxx.exe 1380
C:\WINDOWS\Explorer.EXE 396
C:\WINDOWS\system32\wbem\wmiapsrv.exe 792
C:\WINDOWS\System32\alg.exe 1256
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe 2524
C:\Program Files\Apoint2K\Apoint.exe 2556
C:\WINDOWS\AGRSMMSG.exe 2568
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe 2596
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe 2608
C:\Program Files\Free Download Manager\fdm.exe 2624
C:\WINDOWS\system32\ctfmon.exe 2656
C:\Program Files\Apoint2K\Apntex.exe 2956
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe 2996
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN 3028
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe 3320
C:\Program Files\Internet Explorer\iexplore.exe 3440
C:\Program Files\Internet Explorer\iexplore.exe 2516
C:\Program Files\Internet Explorer\iexplore.exe 2788
C:\Program Files\Internet Explorer\iexplore.exe 4036
C:\WINDOWS\system32\wscntfy.exe 3128
C:\Downloads\Software\List_Killem.exe 776
C:\WINDOWS\system32\cmd.exe 492
C:\WINDOWS\system32\wbem\wmiprvse.exe 3840
C:\Documents and Settings\So\Local Settings\Temp\96.tmp\pv.exe 3656
======================
Cles de demarrage "Run"
======================
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Free Download Manager"="\"C:\\Program Files\\Free Download Manager\\fdm.exe\" -autorun"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"DiskeeperSystray"="\"C:\\Program Files\\Executive Software\\Diskeeper\\DkIcon.exe\""
"BDAgent"="\"C:\\Program Files\\BitDefender\\BitDefender 2009\\bdagent.exe\""
"BitDefender Antiphishing Helper"="\"C:\\Program Files\\BitDefender\\BitDefender 2009\\IEShow.exe\""
"Apoint"="C:\\Program Files\\Apoint2K\\Apoint.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""
"ATIModeChange"="Ati2mdxx.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb12.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
@=""
=====================
cles additionnelles
=====================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
===============
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=dword:00000000
===============
===============
===============
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
======
BHO :
======
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
@="AcroIEHelperStub"
"NoExplorer"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
"NoExplorer"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
"NoExplorer"=dword:00000001
==========================
===============
Path : C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Executive Software\Diskeeper;C:\Program Files\ESTsoft\ALZip;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\ESTsoft\ALZip
===============
¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\System32\_003998_.tmp.dll
C:\WINDOWS\System32\_003999_.tmp.dll
C:\WINDOWS\System32\_004000_.tmp.dll
C:\WINDOWS\System32\_004001_.tmp.dll
C:\WINDOWS\System32\_004006_.tmp.dll
C:\WINDOWS\System32\_004007_.tmp.dll
C:\WINDOWS\System32\_004008_.tmp.dll
C:\WINDOWS\System32\_004009_.tmp.dll
C:\WINDOWS\System32\_004010_.tmp.dll
C:\WINDOWS\System32\_004011_.tmp.dll
C:\WINDOWS\System32\_004012_.tmp.dll
C:\WINDOWS\System32\_004013_.tmp.dll
C:\WINDOWS\System32\_004014_.tmp.dll
C:\WINDOWS\System32\_004015_.tmp.dll
C:\WINDOWS\System32\_004017_.tmp.dll
C:\WINDOWS\System32\_004018_.tmp.dll
C:\WINDOWS\System32\_004020_.tmp.dll
C:\WINDOWS\System32\_004021_.tmp.dll
C:\WINDOWS\System32\_004022_.tmp.dll
C:\WINDOWS\System32\_004024_.tmp.dll
C:\WINDOWS\System32\_004026_.tmp.dll
C:\WINDOWS\System32\_004027_.tmp.dll
C:\WINDOWS\System32\_004028_.tmp.dll
C:\WINDOWS\System32\_004031_.tmp.dll
C:\WINDOWS\System32\_004032_.tmp.dll
C:\WINDOWS\System32\_004033_.tmp.dll
C:\WINDOWS\System32\_004034_.tmp.dll
C:\WINDOWS\System32\_004035_.tmp.dll
C:\WINDOWS\System32\_004036_.tmp.dll
C:\WINDOWS\System32\_004037_.tmp.dll
C:\WINDOWS\System32\_004038_.tmp.dll
C:\WINDOWS\System32\_004040_.tmp.dll
C:\WINDOWS\System32\_004041_.tmp.dll
C:\WINDOWS\System32\_004042_.tmp.dll
C:\WINDOWS\System32\_004043_.tmp.dll
C:\WINDOWS\System32\_004044_.tmp.dll
C:\WINDOWS\System32\_004045_.tmp.dll
C:\WINDOWS\System32\_004046_.tmp.dll
C:\WINDOWS\System32\_004047_.tmp.dll
C:\WINDOWS\System32\_004048_.tmp.dll
C:\WINDOWS\System32\_004049_.tmp.dll
C:\WINDOWS\System32\_004050_.tmp.dll
C:\WINDOWS\System32\_004051_.tmp.dll
C:\WINDOWS\System32\_004054_.tmp.dll
C:\WINDOWS\System32\_004055_.tmp.dll
C:\WINDOWS\System32\_004056_.tmp.dll
C:\WINDOWS\System32\_004058_.tmp.dll
C:\WINDOWS\System32\_004059_.tmp.dll
C:\WINDOWS\System32\_004060_.tmp.dll
C:\WINDOWS\System32\_004062_.tmp.dll
C:\WINDOWS\System32\_004064_.tmp.dll
C:\WINDOWS\System32\_004065_.tmp.dll
C:\WINDOWS\System32\_004066_.tmp.dll
C:\WINDOWS\System32\_004070_.tmp.dll
C:\WINDOWS\System32\_004071_.tmp.dll
C:\WINDOWS\System32\_004073_.tmp.dll
C:\WINDOWS\System32\_004075_.tmp.dll
C:\WINDOWS\System32\_004076_.tmp.dll
C:\WINDOWS\System32\_004078_.tmp.dll
C:\WINDOWS\System32\_004079_.tmp.dll
C:\WINDOWS\System32\_004080_.tmp.dll
C:\WINDOWS\System32\_004081_.tmp.dll
C:\WINDOWS\System32\_004084_.tmp.dll
C:\WINDOWS\System32\_004085_.tmp.dll
C:\WINDOWS\System32\_004086_.tmp.dll
C:\WINDOWS\System32\_004087_.tmp.dll
C:\WINDOWS\System32\_004088_.tmp.dll
C:\WINDOWS\System32\_004093_.tmp.dll
C:\WINDOWS\System32\drivers\_003973_.tmp.dll
C:\WINDOWS\System32\drivers\_003981_.tmp.dll
C:\WINDOWS\System32\SET1065.tmp
C:\WINDOWS\System32\SET1067.tmp
C:\WINDOWS\System32\SET1068.tmp
C:\WINDOWS\System32\SET106D.tmp
C:\WINDOWS\System32\SET1072.tmp
C:\WINDOWS\System32\SET1080.tmp
C:\WINDOWS\System32\SET10A9.tmp
C:\WINDOWS\System32\SET10D5.tmp
C:\WINDOWS\System32\SET1137.tmp
C:\WINDOWS\System32\SET113A.tmp
C:\WINDOWS\System32\SET113F.tmp
C:\WINDOWS\System32\SET1144.tmp
C:\WINDOWS\System32\SET1152.tmp
C:\WINDOWS\System32\SET117B.tmp
C:\WINDOWS\System32\SET11A7.tmp
C:\WINDOWS\System32\SET143.tmp
C:\WINDOWS\System32\SET144.tmp
C:\WINDOWS\System32\SET146.tmp
C:\WINDOWS\System32\SET148.tmp
C:\WINDOWS\System32\SET149.tmp
C:\WINDOWS\System32\SET14A.tmp
C:\WINDOWS\System32\SET151.tmp
C:\WINDOWS\System32\SET152.tmp
C:\WINDOWS\System32\SET155.tmp
C:\WINDOWS\System32\SET160.tmp
C:\WINDOWS\System32\SET161.tmp
C:\WINDOWS\System32\SET163.tmp
C:\WINDOWS\System32\SET165.tmp
C:\WINDOWS\System32\SET166.tmp
C:\WINDOWS\System32\SET167.tmp
C:\WINDOWS\System32\SET16A.tmp
C:\WINDOWS\System32\SET16E.tmp
C:\WINDOWS\System32\SET16F.tmp
C:\WINDOWS\System32\SET172.tmp
C:\WINDOWS\System32\SET173.tmp
C:\WINDOWS\System32\SET174.tmp
C:\WINDOWS\System32\SET177.tmp
C:\WINDOWS\System32\SET178.tmp
C:\WINDOWS\System32\SET179.tmp
C:\WINDOWS\System32\SET17B.tmp
C:\WINDOWS\System32\SET17C.tmp
C:\WINDOWS\System32\SET17F.tmp
C:\WINDOWS\System32\SET180.tmp
C:\WINDOWS\System32\SET181.tmp
C:\WINDOWS\System32\SET182.tmp
C:\WINDOWS\System32\SET187.tmp
C:\WINDOWS\System32\SET188.tmp
C:\WINDOWS\System32\SET18A.tmp
C:\WINDOWS\System32\SET18B.tmp
C:\WINDOWS\System32\SET18C.tmp
C:\WINDOWS\System32\SET18D.tmp
C:\WINDOWS\System32\SET18F.tmp
C:\WINDOWS\System32\SET190.tmp
C:\WINDOWS\System32\SET193.tmp
C:\WINDOWS\System32\SET194.tmp
C:\WINDOWS\System32\SET195.tmp
C:\WINDOWS\System32\SET199.tmp
C:\WINDOWS\System32\SET19A.tmp
C:\WINDOWS\System32\SET19B.tmp
C:\WINDOWS\System32\SET19C.tmp
C:\WINDOWS\System32\SET19F.tmp
C:\WINDOWS\System32\SET1A1.tmp
C:\WINDOWS\System32\SET1A2.tmp
C:\WINDOWS\System32\SET1A3.tmp
C:\WINDOWS\System32\SET1A4.tmp
C:\WINDOWS\System32\SET1A5.tmp
C:\WINDOWS\System32\SET1A7.tmp
C:\WINDOWS\System32\SET1A9.tmp
C:\WINDOWS\System32\SET1AA.tmp
C:\WINDOWS\System32\SET1AE.tmp
C:\WINDOWS\System32\SET1B0.tmp
C:\WINDOWS\System32\SET1B1.tmp
C:\WINDOWS\System32\SET1B3.tmp
C:\WINDOWS\System32\SET1B4.tmp
C:\WINDOWS\System32\SET1B5.tmp
C:\WINDOWS\System32\SET1B6.tmp
C:\WINDOWS\System32\SET1B7.tmp
C:\WINDOWS\System32\SET1B8.tmp
C:\WINDOWS\System32\SET1B9.tmp
C:\WINDOWS\System32\SET1BB.tmp
C:\WINDOWS\System32\SET1BC.tmp
C:\WINDOWS\System32\SET1BD.tmp
C:\WINDOWS\System32\SET1BE.tmp
C:\WINDOWS\System32\SET1BF.tmp
C:\WINDOWS\System32\SET1C2.tmp
C:\WINDOWS\System32\SET1C5.tmp
C:\WINDOWS\System32\SET1C6.tmp
C:\WINDOWS\System32\SET1C7.tmp
C:\WINDOWS\System32\SET1C8.tmp
C:\WINDOWS\System32\SET1C9.tmp
C:\WINDOWS\System32\SET1CC.tmp
C:\WINDOWS\System32\SET1CE.tmp
C:\WINDOWS\System32\SET1CF.tmp
C:\WINDOWS\System32\SET1D2.tmp
C:\WINDOWS\System32\SET1D5.tmp
C:\WINDOWS\System32\SET1D6.tmp
C:\WINDOWS\System32\SET1D7.tmp
C:\WINDOWS\System32\SET1DD.tmp
C:\WINDOWS\System32\SET1DE.tmp
C:\WINDOWS\System32\SET1DF.tmp
C:\WINDOWS\System32\SET1E0.tmp
C:\WINDOWS\System32\SET1E1.tmp
C:\WINDOWS\System32\SET1E4.tmp
C:\WINDOWS\System32\SET1E5.tmp
C:\WINDOWS\System32\SET1E8.tmp
C:\WINDOWS\System32\SET1E9.tmp
C:\WINDOWS\System32\SET1EE.tmp
C:\WINDOWS\System32\SET1EF.tmp
C:\WINDOWS\System32\SET1F2.tmp
C:\WINDOWS\System32\SET1F3.tmp
C:\WINDOWS\System32\SET1F4.tmp
C:\WINDOWS\System32\SET1F5.tmp
C:\WINDOWS\System32\SET1F6.tmp
C:\WINDOWS\System32\SET1F7.tmp
C:\WINDOWS\System32\SET1F8.tmp
C:\WINDOWS\System32\SET1F9.tmp
C:\WINDOWS\System32\SET1FC.tmp
C:\WINDOWS\System32\SET1FD.tmp
C:\WINDOWS\System32\SET208.tmp
C:\WINDOWS\System32\SET20B.tmp
C:\WINDOWS\System32\SET20C.tmp
C:\WINDOWS\System32\SET20D.tmp
C:\WINDOWS\System32\SET20F.tmp
C:\WINDOWS\System32\SET211.tmp
C:\WINDOWS\System32\SET212.tmp
C:\WINDOWS\System32\SET213.tmp
C:\WINDOWS\System32\SET214.tmp
C:\WINDOWS\System32\SET216.tmp
C:\WINDOWS\System32\SET217.tmp
C:\WINDOWS\System32\SET219.tmp
C:\WINDOWS\System32\SET21A.tmp
C:\WINDOWS\System32\SET21B.tmp
C:\WINDOWS\System32\SET21C.tmp
C:\WINDOWS\System32\SET21D.tmp
C:\WINDOWS\System32\SET21E.tmp
C:\WINDOWS\System32\SET220.tmp
C:\WINDOWS\System32\SET221.tmp
C:\WINDOWS\System32\SET224.tmp
C:\WINDOWS\System32\SET227.tmp
C:\WINDOWS\System32\SET228.tmp
C:\WINDOWS\System32\SET229.tmp
C:\WINDOWS\System32\SET231.tmp
C:\WINDOWS\System32\SET234.tmp
C:\WINDOWS\System32\SET237.tmp
C:\WINDOWS\System32\SET238.tmp
C:\WINDOWS\System32\SET239.tmp
C:\WINDOWS\System32\SET23B.tmp
C:\WINDOWS\System32\SET23D.tmp
C:\WINDOWS\System32\SET23E.tmp
C:\WINDOWS\System32\SET240.tmp
C:\WINDOWS\System32\SET242.tmp
C:\WINDOWS\System32\SET243.tmp
C:\WINDOWS\System32\SET244.tmp
C:\WINDOWS\System32\SET245.tmp
C:\WINDOWS\System32\SET248.tmp
C:\WINDOWS\System32\SET249.tmp
C:\WINDOWS\System32\SET24A.tmp
C:\WINDOWS\System32\SET24E.tmp
C:\WINDOWS\System32\SET24F.tmp
C:\WINDOWS\System32\SET250.tmp
C:\WINDOWS\System32\SET251.tmp
C:\WINDOWS\System32\SET253.tmp
C:\WINDOWS\System32\SET254.tmp
C:\WINDOWS\System32\SET255.tmp
C:\WINDOWS\System32\SET258.tmp
C:\WINDOWS\System32\SET259.tmp
C:\WINDOWS\System32\SET25A.tmp
C:\WINDOWS\System32\SET260.tmp
C:\WINDOWS\System32\SET261.tmp
C:\WINDOWS\System32\SET262.tmp
C:\WINDOWS\System32\SET263.tmp
C:\WINDOWS\System32\SET264.tmp
C:\WINDOWS\System32\SET265.tmp
C:\WINDOWS\System32\SET268.tmp
C:\WINDOWS\System32\SET26A.tmp
C:\WINDOWS\System32\SET26D.tmp
C:\WINDOWS\System32\SET270.tmp
C:\WINDOWS\System32\SET273.tmp
C:\WINDOWS\System32\SET274.tmp
C:\WINDOWS\System32\SET275.tmp
C:\WINDOWS\System32\SET277.tmp
C:\WINDOWS\System32\SET278.tmp
C:\WINDOWS\System32\SET27B.tmp
C:\WINDOWS\System32\SET27C.tmp
C:\WINDOWS\System32\SET27D.tmp
C:\WINDOWS\System32\SET27E.tmp
C:\WINDOWS\System32\SET281.tmp
C:\WINDOWS\System32\SET282.tmp
C:\WINDOWS\System32\SET284.tmp
C:\WINDOWS\System32\SET289.tmp
C:\WINDOWS\System32\SET28A.tmp
C:\WINDOWS\System32\SET28C.tmp
C:\WINDOWS\System32\SET28D.tmp
C:\WINDOWS\System32\SET28E.tmp
C:\WINDOWS\System32\SET28F.tmp
C:\WINDOWS\System32\SET290.tmp
C:\WINDOWS\System32\SET291.tmp
C:\WINDOWS\System32\SET293.tmp
C:\WINDOWS\System32\SET294.tmp
C:\WINDOWS\System32\SET295.tmp
C:\WINDOWS\System32\SET297.tmp
C:\WINDOWS\System32\SET298.tmp
C:\WINDOWS\System32\SET299.tmp
C:\WINDOWS\System32\SET29B.tmp
C:\WINDOWS\System32\SET29E.tmp
C:\WINDOWS\System32\SET29F.tmp
C:\WINDOWS\System32\SET2A3.tmp
C:\WINDOWS\System32\SET2A4.tmp
C:\WINDOWS\System32\SET2A5.tmp
C:\WINDOWS\System32\SET2A8.tmp
C:\WINDOWS\System32\SET2AA.tmp
C:\WINDOWS\System32\SET2AB.tmp
C:\WINDOWS\System32\SET2AC.tmp
C:\WINDOWS\System32\SET2AD.tmp
C:\WINDOWS\System32\SET2AE.tmp
C:\WINDOWS\System32\SET2B0.tmp
C:\WINDOWS\System32\SET2B1.tmp
C:\WINDOWS\System32\SET2B2.tmp
C:\WINDOWS\System32\SET2B3.tmp
C:\WINDOWS\System32\SET2B4.tmp
C:\WINDOWS\System32\SET2B5.tmp
C:\WINDOWS\System32\SET2B7.tmp
C:\WINDOWS\System32\SET2B8.tmp
C:\WINDOWS\System32\SET2BA.tmp
C:\WINDOWS\System32\SET2BB.tmp
C:\WINDOWS\System32\SET2BE.tmp
C:\WINDOWS\System32\SET2BF.tmp
C:\WINDOWS\System32\SET2C6.tmp
C:\WINDOWS\System32\SET2C8.tmp
C:\WINDOWS\System32\SET2C9.tmp
C:\WINDOWS\System32\SET2CB.tmp
C:\WINDOWS\System32\SET2CC.tmp
C:\WINDOWS\System32\SET2CD.tmp
C:\WINDOWS\System32\SET2D0.tmp
C:\WINDOWS\System32\SET2D2.tmp
C:\WINDOWS\System32\SET2D3.tmp
C:\WINDOWS\System32\SET2D4.tmp
C:\WINDOWS\System32\SET2D6.tmp
C:\WINDOWS\System32\SET2D7.tmp
C:\WINDOWS\System32\SET2D9.tmp
C:\WINDOWS\System32\SET2DE.tmp
C:\WINDOWS\System32\SET2E0.tmp
C:\WINDOWS\System32\SET2E1.tmp
C:\WINDOWS\System32\SET2E2.tmp
C:\WINDOWS\System32\SET2E3.tmp
C:\WINDOWS\System32\SET2E4.tmp
C:\WINDOWS\System32\SET2E5.tmp
C:\WINDOWS\System32\SET2E7.tmp
C:\WINDOWS\System32\SET2E8.tmp
C:\WINDOWS\System32\SET2E9.tmp
C:\WINDOWS\System32\SET2EA.tmp
C:\WINDOWS\System32\SET2EB.tmp
C:\WINDOWS\System32\SET2EC.tmp
C:\WINDOWS\System32\SET2ED.tmp
C:\WINDOWS\System32\SET2EE.tmp
C:\WINDOWS\System32\SET2F0.tmp
C:\WINDOWS\System32\SET2F2.tmp
C:\WINDOWS\System32\SET2F5.tmp
C:\WINDOWS\System32\SET2F8.tmp
C:\WINDOWS\System32\SET2FA.tmp
C:\WINDOWS\System32\SET2FC.tmp
C:\WINDOWS\System32\SET2FD.tmp
C:\WINDOWS\System32\SET2FF.tmp
C:\WINDOWS\System32\SET301.tmp
C:\WINDOWS\System32\SET302.tmp
C:\WINDOWS\System32\SET303.tmp
C:\WINDOWS\System32\SET305.tmp
C:\WINDOWS\System32\SET307.tmp
C:\WINDOWS\System32\SET30A.tmp
C:\WINDOWS\System32\SET30B.tmp
C:\WINDOWS\System32\SET30C.tmp
C:\WINDOWS\System32\SET30E.tmp
C:\WINDOWS\System32\SET30F.tmp
C:\WINDOWS\System32\SET311.tmp
C:\WINDOWS\System32\SET312.tmp
C:\WINDOWS\System32\SET313.tmp
C:\WINDOWS\System32\SET314.tmp
C:\WINDOWS\System32\SET315.tmp
C:\WINDOWS\System32\SET316.tmp
C:\WINDOWS\System32\SET318.tmp
C:\WINDOWS\System32\SET319.tmp
C:\WINDOWS\System32\SET31A.tmp
C:\WINDOWS\System32\SET31C.tmp
C:\WINDOWS\System32\SET31D.tmp
C:\WINDOWS\System32\SET31E.tmp
C:\WINDOWS\System32\SET320.tmp
C:\WINDOWS\System32\SET321.tmp
C:\WINDOWS\System32\SET324.tmp
C:\WINDOWS\System32\SET325.tmp
C:\WINDOWS\System32\SET326.tmp
C:\WINDOWS\System32\SET327.tmp
C:\WINDOWS\System32\SET328.tmp
C:\WINDOWS\System32\SET32B.tmp
C:\WINDOWS\System32\SET32E.tmp
C:\WINDOWS\System32\SET32F.tmp
C:\WINDOWS\System32\SET330.tmp
C:\WINDOWS\System32\SET333.tmp
C:\WINDOWS\System32\SET335.tmp
C:\WINDOWS\System32\SET337.tmp
C:\WINDOWS\System32\SET338.tmp
C:\WINDOWS\System32\SET339.tmp
C:\WINDOWS\System32\SET33B.tmp
C:\WINDOWS\System32\SET33C.tmp
C:\WINDOWS\System32\SET33D.tmp
C:\WINDOWS\System32\SET340.tmp
C:\WINDOWS\System32\SET342.tmp
C:\WINDOWS\System32\SET343.tmp
C:\WINDOWS\System32\SET344.tmp
C:\WINDOWS\System32\SET346.tmp
C:\WINDOWS\System32\SET348.tmp
C:\WINDOWS\System32\SET349.tmp
C:\WINDOWS\System32\SET34C.tmp
C:\WINDOWS\System32\SET34F.tmp
C:\WINDOWS\System32\SET350.tmp
C:\WINDOWS\System32\SET351.tmp
C:\WINDOWS\System32\SET358.tmp
C:\WINDOWS\System32\SET35A.tmp
C:\WINDOWS\System32\SET35D.tmp
C:\WINDOWS\System32\SET35F.tmp
C:\WINDOWS\System32\SET363.tmp
C:\WINDOWS\System32\SET365.tmp
C:\WINDOWS\System32\SET367.tmp
C:\WINDOWS\System32\SET368.tmp
C:\WINDOWS\System32\SET369.tmp
C:\WINDOWS\System32\SET36C.tmp
C:\WINDOWS\System32\SET36D.tmp
C:\WINDOWS\System32\SET36E.tmp
C:\WINDOWS\System32\SET371.tmp
C:\WINDOWS\System32\SET376.tmp
C:\WINDOWS\System32\SET378.tmp
C:\WINDOWS\System32\SET37A.tmp
C:\WINDOWS\System32\SET37B.tmp
C:\WINDOWS\System32\SET381.tmp
C:\WINDOWS\System32\SET382.tmp
C:\WINDOWS\System32\SET383.tmp
C:\WINDOWS\System32\SET384.tmp
C:\WINDOWS\System32\SET385.tmp
C:\WINDOWS\System32\SET386.tmp
C:\WINDOWS\System32\SET387.tmp
C:\WINDOWS\System32\SET388.tmp
C:\WINDOWS\System32\SET38A.tmp
C:\WINDOWS\System32\SET38B.tmp
C:\WINDOWS\System32\SET38C.tmp
C:\WINDOWS\System32\SET38E.tmp
C:\WINDOWS\System32\SET391.tmp
C:\WINDOWS\System32\SET392.tmp
C:\WINDOWS\System32\SET395.tmp
C:\WINDOWS\System32\SET396.tmp
C:\WINDOWS\System32\SET398.tmp
C:\WINDOWS\System32\SET39D.tmp
C:\WINDOWS\System32\SET39F.tmp
C:\WINDOWS\System32\SET3A0.tmp
C:\WINDOWS\System32\SET3A1.tmp
C:\WINDOWS\System32\SET3A2.tmp
C:\WINDOWS\System32\SET3A4.tmp
C:\WINDOWS\System32\SET3A5.tmp
C:\WINDOWS\System32\SET3A6.tmp
C:\WINDOWS\System32\SET3A7.tmp
C:\WINDOWS\System32\SET3A8.tmp
C:\WINDOWS\System32\SET3AA.tmp
C:\WINDOWS\System32\SET3AF.tmp
C:\WINDOWS\System32\SET3B0.tmp
C:\WINDOWS\System32\SET3B2.tmp
C:\WINDOWS\System32\SET3B3.tmp
C:\WINDOWS\System32\SET3B4.tmp
C:\WINDOWS\System32\SET3BB.tmp
C:\WINDOWS\System32\SET3BF.tmp
C:\WINDOWS\System32\SET3C7.tmp
C:\WINDOWS\System32\SET3CB.tmp
C:\WINDOWS\System32\SET3CC.tmp
C:\WINDOWS\System32\SET3CD.tmp
C:\WINDOWS\System32\SET3CE.tmp
C:\WINDOWS\System32\SET3D1.tmp
C:\WINDOWS\System32\SET3D2.tmp
C:\WINDOWS\System32\SET3D3.tmp
C:\WINDOWS\System32\SET3DB.tmp
C:\WINDOWS\System32\SET3DD.tmp
C:\WINDOWS\System32\SET3DF.tmp
C:\WINDOWS\System32\SET3E3.tmp
C:\WINDOWS\System32\SET3E5.tmp
C:\WINDOWS\System32\SET3E6.tmp
C:\WINDOWS\System32\SET3ED.tmp
C:\WINDOWS\System32\SET3EF.tmp
C:\WINDOWS\System32\SET3F4.tmp
C:\WINDOWS\System32\SET3F5.tmp
C:\WINDOWS\System32\SET3F8.tmp
C:\WINDOWS\System32\SET3FC.tmp
C:\WINDOWS\System32\SET3FD.tmp
C:\WINDOWS\System32\SET400.tmp
C:\WINDOWS\System32\SET407.tmp
C:\WINDOWS\System32\SET408.tmp
C:\WINDOWS\System32\SET409.tmp
C:\WINDOWS\System32\SET40B.tmp
C:\WINDOWS\System32\SET40C.tmp
C:\WINDOWS\System32\SET40D.tmp
C:\WINDOWS\System32\SET40E.tmp
C:\WINDOWS\System32\SET410.tmp
C:\WINDOWS\System32\SET412.tmp
C:\WINDOWS\System32\SET413.tmp
C:\WINDOWS\System32\SET415.tmp
C:\WINDOWS\System32\SET418.tmp
C:\WINDOWS\System32\SET419.tmp
C:\WINDOWS\System32\SET41A.tmp
C:\WINDOWS\System32\SET41E.tmp
C:\WINDOWS\System32\SET41F.tmp
C:\WINDOWS\System32\SET420.tmp
C:\WINDOWS\System32\SET422.tmp
C:\WINDOWS\System32\SET424.tmp
C:\WINDOWS\System32\SET428.tmp
C:\WINDOWS\System32\SET42B.tmp
C:\WINDOWS\System32\SET42E.tmp
C:\WINDOWS\System32\SET430.tmp
C:\WINDOWS\System32\SET435.tmp
C:\WINDOWS\System32\SET439.tmp
C:\WINDOWS\System32\SET43C.tmp
C:\WINDOWS\System32\SET43E.tmp
C:\WINDOWS\System32\SET442.tmp
C:\WINDOWS\System32\SET445.tmp
C:\WINDOWS\System32\SET446.tmp
C:\WINDOWS\System32\SET447.tmp
C:\WINDOWS\System32\SET449.tmp
C:\WINDOWS\System32\SET44B.tmp
C:\WINDOWS\System32\SET44C.tmp
C:\WINDOWS\System32\SET450.tmp
C:\WINDOWS\System32\SET451.tmp
C:\WINDOWS\System32\SET453.tmp
C:\WINDOWS\System32\SET455.tmp
C:\WINDOWS\System32\SET456.tmp
C:\WINDOWS\System32\SET457.tmp
C:\WINDOWS\System32\SET45C.tmp
C:\WINDOWS\System32\SET45E.tmp
C:\WINDOWS\System32\SET45F.tmp
C:\WINDOWS\System32\SET463.tmp
C:\WINDOWS\System32\SET464.tmp
C:\WINDOWS\System32\SET465.tmp
C:\WINDOWS\System32\SET467.tmp
C:\WINDOWS\System32\SET46F.tmp
C:\WINDOWS\System32\SET475.tmp
C:\WINDOWS\System32\SET477.tmp
C:\WINDOWS\System32\SET478.tmp
C:\WINDOWS\System32\SET479.tmp
C:\WINDOWS\System32\SET485.tmp
C:\WINDOWS\System32\SET490.tmp
C:\WINDOWS\System32\SET4A3.tmp
C:\WINDOWS\System32\SET4A4.tmp
C:\WINDOWS\System32\SET4B7.tmp
C:\WINDOWS\System32\SET4C9.tmp
C:\WINDOWS\System32\SET4CE.tmp
C:\WINDOWS\System32\SET4D1.tmp
C:\WINDOWS\System32\SET4D8.tmp
C:\WINDOWS\System32\SET4D9.tmp
C:\WINDOWS\System32\SET4DA.tmp
C:\WINDOWS\System32\SET4DC.tmp
C:\WINDOWS\System32\SET4DD.tmp
C:\WINDOWS\System32\SET4DE.tmp
C:\WINDOWS\System32\SET4DF.tmp
C:\WINDOWS\System32\SET4E1.tmp
C:\WINDOWS\System32\SET4E3.tmp
C:\WINDOWS\System32\SET4E4.tmp
C:\WINDOWS\System32\SET4E6.tmp
C:\WINDOWS\System32\SET4E9.tmp
C:\WINDOWS\System32\SET4EB.tmp
C:\WINDOWS\System32\SET4F0.tmp
C:\WINDOWS\System32\SET4F1.tmp
C:\WINDOWS\System32\SET4F9.tmp
C:\WINDOWS\System32\SET4FF.tmp
C:\WINDOWS\System32\SET506.tmp
C:\WINDOWS\System32\SET50A.tmp
C:\WINDOWS\System32\SET50D.tmp
C:\WINDOWS\System32\SET50F.tmp
C:\WINDOWS\System32\SET513.tmp
C:\WINDOWS\System32\SET516.tmp
C:\WINDOWS\System32\SET517.tmp
C:\WINDOWS\System32\SET51C.tmp
C:\WINDOWS\System32\SET51D.tmp
C:\WINDOWS\System32\SET521.tmp
C:\WINDOWS\System32\SET522.tmp
C:\WINDOWS\System32\SET527.tmp
C:\WINDOWS\System32\SET52D.tmp
C:\WINDOWS\System32\SET53.tmp
C:\WINDOWS\System32\SET530.tmp
C:\WINDOWS\System32\SET534.tmp
C:\WINDOWS\System32\SET536.tmp
C:\WINDOWS\System32\SET538.tmp
C:\WINDOWS\System32\SET57.tmp
C:\WINDOWS\System32\SET5F.tmp
C:\WINDOWS\System32\SETA7.tmp
¤¤¤¤¤¤¤¤¤¤ Clés de registre Presentes :
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe
¤¤¤¤¤¤¤¤¤¤ C:\WINDOWS\Prefetch :
AGRSMMSG.EXE-0034A7F7.pf
APNTEX.EXE-2C02AAE6.pf
APOINT.EXE-1B53748D.pf
ATI2MDXX.EXE-00F23993.pf
ATIPRBXX.EXE-28AA41C0.pf
ATIPTAXX.EXE-18FE8D8B.pf
BDAGENT.EXE-11EBF49E.pf
CMD.EXE-087B4001.pf
CONTROL.EXE-013DBFB5.pf
CSCRIPT.EXE-1C26180C.pf
CTFMON.EXE-0E17969B.pf
DEFRAG.EXE-273F131E.pf
DFRGNTFS.EXE-269967DF.pf
DKICON.EXE-253EAB47.pf
DUMPREP.EXE-1B46F901.pf
DWWIN.EXE-30875ADC.pf
FDM.EXE-1EBA87D2.pf
HELPSVC.EXE-2878DDA2.pf
HIJACKTHIS(1).EXE-21C2E761.pf
HPZTSB12.EXE-0B929B9E.pf
IESHOW.EXE-0AED1730.pf
IEXPLORE.EXE-27122324.pf
IMAPI.EXE-0BF740A4.pf
IMJPMIG.EXE-03882F7A.pf
Layout.ini
LIST_KILLEM.EXE-2AC91642.pf
LOGON.SCR-151EFAEA.pf
LOGONUI.EXE-0AF22957.pf
MBAM.EXE-0BEE0439.pf
MBAMGUI.EXE-1286D63B.pf
MODE.COM-31685BAE.pf
NOTEPAD.EXE-336351A9.pf
NTOSBOOT-B00DFAAD.pf
OSA.EXE-2CD63980.pf
PV.EXE-33724C27.pf
QUICKSTART.EXE-1CEE9C20.pf
READER_SL.EXE-2B4EA1CB.pf
REG.EXE-0D2A95F7.pf
REGSVR32.EXE-25EEFE2F.pf
RSIT.EXE-08FC3919.pf
RUNDLL32.EXE-3D97474F.pf
RUNDLL32.EXE-451FC2C0.pf
SECCENTER.EXE-0C3FA3AC.pf
SIGNCHECK.EXE-28675D39.pf
SO.EXE-0C12C600.pf
SOFFICE.BIN-242AA534.pf
SOFFICE.EXE-2C1A3A5B.pf
STCLIENT_WRAPPER.EXE-0FBCE9FC.pf
TINTSETP.EXE-39BF0732.pf
UISCAN.EXE-1D502E3C.pf
UPGREPL.EXE-24BD643C.pf
VERCLSID.EXE-3667BD89.pf
WMIADAP.EXE-2DF425B2.pf
WMIPRVSE.EXE-28F301A9.pf
WSCNTFY.EXE-1B24F5EB.pf
WUAUCLT.EXE-399A8E72.pf
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤