Bonjour, comme vous aurez pu le comprendre dans le titre j'ai chopé ce virus il y a peu de temps (le jour de noël, quelle veine) en me renseignant un peu sur internet, j'ai trouvé un sujet qui en parlais, il s'agirait apparement d'un nouveau keylogger, sortit en Décembre, je possède Kapersky, et il n'arrive pas a s'en débarasser, il me demande de redémarrer le PC encore et encore, bref, je suppose qu'il n'ont pas encore trouver le moyen de le virer.... je pense donc que je serais obligé de formater mon PC... Bref, ma question n'est pas là (néanmoins si l'un d'entre vous possèdes des informations pour pouvoir le delete, je n'ai rien contre) Bref, je viens ici pour vous demander, si, avec le clavier virtuel que fournit kapersky dans son pack, je pouvais continuer de rentrer des informations "confidentielles" sans risque que le keylogger puisse les choper au passage, Merci d'avance de votre réponse

hello Guillaume5188 :-) bonne année à toi aussi ;-) @evotis : ici, on ne reformate pas les pc si facilement, on désinfecte ! très peu de cas ou il fallait réparer, voir reformater le pc ;-) en premier : Télécharge HostsXpert sur ton Bureau : http://www.funkytoad.com/download/HostsXpert.zip ---> Décompresse-le (Clic droit >> Extraire ici) ---> Double-clique sur HostsXpert pour le lancer , laisse travailler l’outil. ---> clique sur le bouton "Restore MS Hosts File" puis ferme le programme PS : Avant de cliquer sur le bouton "Restore MS Hosts File", vérifie que le cadenas en haut à gauche est ouvert sinon tu vas avoir un message d'erreur. Télécharge Toolbar-S&D (Team IDN) sur ton Bureau. https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cpVobGk5bHnxrhQ4yaoEUDJvOYNnEGyYjgqHZz5GqZLfutR3fMFPlsC3-CGIilfupPAguYATNyua3csodN_frdMK8sSzUpit10Yac-QJCOkMqJKkbdKcP6ySs8trWPgoNVIq4TGGWCe6o0txXQv-ZueJF9vZzw3RXsGwFYIqN2lvF2LPdQzS8mE1d5kWOVOz6EMzQuE5-lClSJM869uq3oc7-t7yg%3D%3D&attredirects=3 ou ici : https://sites.google.com/site/toolbarsd/ * Lance l'installation du programme en exécutant le fichier téléchargé. * Double-clique maintenant sur le raccourci de Toolbar-S&D. * Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée. * Choisis maintenant l'option 2 (suppression). Patiente jusqu'à la fin de la recherche. * Poste le rapport généré. (C:\TB.txt) Tuto : https://www.malekal.com/adwcleaner-supprimer-virus-adwares-pup/ Télécharge de AD-Remover (Merci à Cyrildu17 / C_XX) sur ton Bureau. http://pagesperso-orange.fr/NosTools/C_XX/AD-R.exe Miroir: https://www.androidworld.fr/ - Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program files). - Double-clique sur l'icône Ad-remover située sur ton Bureau. - Au menu principal, choisis l'option « L ». - Laisse travailler l’outil. - Poste le rapport qui apparaît à la fin. (Le rapport est sauvegardé aussi sous C:\Ad-report(date).log) (CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller) Note : "Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Tuto : http://pagesperso-orange.fr/NosTools/tuto_adr_3.html Télécharge USBFIX de Chiquitine29, C_xx et Chimay8 http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe ou ici : https://www.ionos.fr/?affiliate_id=77097 /!\ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir • Double clic sur le raccourci UsbFix présent sur ton bureau . • Choisis l'option 1 (Recherche) • Laisse travailler l'outil. • Ensuite post le rapport UsbFix.txt qui apparaîtra. • Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt ) ( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller ) • Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. • Tuto : http://pagesperso-orange.fr/nostools/tuto_usbfix2.html

Rootkit.win32.agent.aagq

Réponse 21 / 28

evotis Messages postés 14 Date d'inscription vendredi 1 janvier 2010 Statut Membre Dernière intervention 2 janvier 2010
1 janv. 2010 à 21:43

où on la trouve la clé d'enregistrement?

Réponse 22 / 28

evotis Messages postés 14 Date d'inscription vendredi 1 janvier 2010 Statut Membre Dernière intervention 2 janvier 2010
1 janv. 2010 à 22:22

voila pour l'autre rapport
Logfile of random's system information tool 1.06 (written by random/random)
Run by dadou at 2010-01-01 22:20:54
Microsoft Windows XP Professionnel Service Pack 3
System drive H: has 164 GB (34%) free of 477 GB
Total RAM: 3327 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:21:00, on 01/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\PnkBstrA.exe
H:\WINDOWS\system32\PnkBstrB.exe
H:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
H:\Program Files\RealVNC\VNC4\WinVNC4.exe
H:\WINDOWS\system32\SearchIndexer.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\WgaTray.exe
H:\WINDOWS\explorer.exe
H:\WINDOWS\system32\wuauclt.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\Windows Live\Messenger\msnmsgr.exe
H:\Program Files\Windows Live\Contacts\wlcomm.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Documents and Settings\dadou\Mes documents\Téléchargements\RSIT.exe
H:\WINDOWS\system32\SearchProtocolHost.exe
H:\Program Files\Trend Micro\HijackThis\dadou.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - H:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - H:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - H:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - H:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - H:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SoundMAXPnP] H:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "H:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [DAEMON Tools-1033] "H:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [RemoteControl] H:\WINDOWS\system32\rmctrl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] H:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "H:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] H:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] H:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] H:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [fssui] "H:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [avp] "H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EA Core] "H:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Google Update] "H:\Documents and Settings\dadou\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "H:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "H:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Steam] "H:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de notification Live Search.lnk = H:\Documents and Settings\dadou\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O8 - Extra context menu item: Ajouter à l'Anti-bannière - H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.google.fr/?gws_rd=ssl
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: H:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll,H:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll
O23 - Service: Apple Mobile Device - Apple Inc. - H:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - H:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - H:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - H:\Program Files\RealVNC\VNC4\WinVNC4.exe

Réponse 23 / 28

Utilisateur anonyme
1 janv. 2010 à 22:55

la clé de windows se trouve sur un autocollant, affiché sur ton pc, là ou se trouve la version de ton vindows
ou par défaut, sur la pochette de cd d'installation de windows.

• Mode Recherche :

Desactive ton antivirus le temps de la manip ainsi que ton pare-feu si présent

Télécharge list&Killem.zip et enregistre le sur ton bureau
http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem.zip

Utilise un programme pour dézipper le fichier compressé.
Exécute le fichier Killem.exe.
Il ne nécessite pas d'installation
double clic (clic droit "exécuter en tant qu'administrateur" pour Vista) pour lancer le scan
choisis la langue puis choisis l'option 1 = Mode Recherche
laisse travailler l'outil
le rapport va s’afficher, une fois le scan fini
Fais un copier, puis colle son rapport sur ton prochain message.

je regarde la suite demain, sur ce bonne nuit :-)

Réponse 24 / 28

evotis Messages postés 14 Date d'inscription vendredi 1 janvier 2010 Statut Membre Dernière intervention 2 janvier 2010
2 janv. 2010 à 12:25

voila pour le rapport :

List'em by g3n-h@ckm@n 1.1.7.0

Thx to Chiquitine29.....& CCM team

User : dadou (Administrateurs) # NZXT
Update on 30/12/2009 by g3n-h@ckm@n ::::: 23:45
Start at: 12:14:21 | 02/01/2010
Contact : g3n-h@ckm@n sur CCM

Processeur Intel Pentium III Xeon
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Disabled
AV : Kaspersky Internet Security 9.0.0.463 [ (!) Disabled | Updated ]
FW : Kaspersky Internet Security[ (!) Disabled ]9.0.0.463

C:\ -> Disque amovible
D:\ -> Disque amovible
E:\ -> Disque amovible
F:\ -> Disque amovible
G:\ -> Disque CD-ROM
H:\ -> Disque fixe local | 465,75 Go (159,88 Go free) | NTFS
I:\ -> Disque CD-ROM
J:\ -> Disque CD-ROM

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\csrss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\PnkBstrA.exe
H:\WINDOWS\system32\PnkBstrB.exe
H:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
H:\Program Files\RealVNC\VNC4\WinVNC4.exe
H:\WINDOWS\system32\SearchIndexer.exe
H:\WINDOWS\System32\alg.exe
H:\WINDOWS\system32\WgaTray.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Analog Devices\Core\smax4pnp.exe
H:\Program Files\Analog Devices\SoundMAX\Smax4.exe
H:\Program Files\D-Tools\daemon.exe
H:\WINDOWS\system32\rmctrl.exe
H:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Program Files\iTunes\iTunesHelper.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
H:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
H:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
H:\WINDOWS\system32\wuauclt.exe
H:\Program Files\Skype\Phone\Skype.exe
H:\Documents and Settings\dadou\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
H:\Program Files\iPod\bin\iPodService.exe
H:\Program Files\DAEMON Tools Lite\DTLite.exe
H:\Program Files\Steam\Steam.exe
H:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
H:\Documents and Settings\dadou\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
H:\Program Files\Windows Live\Contacts\wlcomm.exe
H:\Program Files\Skype\Plugin Manager\skypePM.exe
H:\WINDOWS\system32\wbem\wmiapsrv.exe
H:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
H:\Program Files\WinRAR\WinRAR.exe
H:\WINDOWS\system32\SearchProtocolHost.exe
H:\WINDOWS\system32\SearchFilterHost.exe
H:\WINDOWS\system32\wscntfy.exe
H:\WINDOWS\system32\rundll32.exe
H:\Documents and Settings\dadou\Bureau\List_Killem\List_Kill'em.exe
H:\WINDOWS\system32\cmd.exe
H:\WINDOWS\system32\wbem\wmiprvse.exe
H:\Documents and Settings\dadou\Local Settings\Temp\27B.tmp\pv.exe

======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE REG_SZ H:\WINDOWS\system32\ctfmon.exe
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} REG_SZ "H:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
MsnMsgr REG_SZ "H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
EA Core REG_SZ "H:\Program Files\Electronic Arts\EADM\Core.exe" -silent
Google Update REG_SZ "H:\Documents and Settings\dadou\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
Skype REG_SZ "H:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
DAEMON Tools Lite REG_SZ "H:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
Steam REG_SZ "H:\Program Files\Steam\Steam.exe" -silent

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SoundMAXPnP REG_SZ H:\Program Files\Analog Devices\Core\smax4pnp.exe
SoundMAX REG_SZ "H:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
DAEMON Tools-1033 REG_SZ "H:\Program Files\D-Tools\daemon.exe" -lang 1033
RemoteControl REG_SZ H:\WINDOWS\system32\rmctrl.exe
Adobe Reader Speed Launcher REG_SZ "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
NvCplDaemon REG_SZ RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz REG_SZ nwiz.exe /install
NeroFilterCheck REG_SZ H:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
NBKeyScan REG_SZ "H:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
JMB36X IDE Setup REG_SZ H:\WINDOWS\RaidTool\xInsIDE.exe
36X Raid Configurer REG_SZ H:\WINDOWS\system32\xRaidSetup.exe boot
SunJavaUpdateSched REG_SZ "H:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
AppleSyncNotifier REG_SZ H:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
NvMediaCenter REG_SZ RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
QuickTime Task REG_SZ "H:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper REG_SZ "H:\Program Files\iTunes\iTunesHelper.exe"
fssui REG_SZ "H:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
avp REG_SZ "H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 128 (0x80)
NoDriveAutoRun REG_DWORD 128 (0x80)
HonorAutoRunSetting REG_DWORD 0 (0x0)

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 0 (0x0)
NoDriveAutoRun REG_DWORD 128 (0x80)
NoDriveTypeAutoRun REG_DWORD 128 (0x80)

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ H:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll

===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
{56F9679E-7826-4C84-81F3-532071A8BCC5} REG_SZ

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
H:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE REG_SZ H:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
H:\Program Files\RealVNC\VNC4\winvnc4.exe REG_SZ H:\Program Files\RealVNC\VNC4\winvnc4.exe:*:Enabled:VNC Server
H:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe REG_SZ H:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32
H:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe REG_SZ H:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32
H:\WINDOWS\system32\PnkBstrA.exe REG_SZ H:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA
H:\WINDOWS\system32\PnkBstrB.exe REG_SZ H:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB
H:\Program Files\LimeWire\LimeWire.exe REG_SZ H:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
G:\setup.exe REG_SZ G:\setup.exe:*:Enabled:Programme d'installation de Kaspersky Internet Security 2009
H:\Program Files\Bonjour\mDNSResponder.exe REG_SZ H:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
H:\Program Files\Electronic Arts\Démo de Battlefield 2142\BF2142.exe REG_SZ H:\Program Files\Electronic Arts\Démo de Battlefield 2142\BF2142.exe:*:Enabled:Battlefield 2
H:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe REG_SZ H:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (CLI)
H:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe REG_SZ H:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (SRV)
H:\Program Files\ma-config.com\maconfservice.exe REG_SZ H:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice
H:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe REG_SZ H:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club
H:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe REG_SZ H:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV
H:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe REG_SZ H:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM)
H:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe REG_SZ H:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM)
H:\Program Files\iTunes\iTunes.exe REG_SZ H:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
H:\Program Files\Messenger\msmsgs.exe REG_SZ H:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
H:\Program Files\Mass Effect\Binaries\MassEffect.exe REG_SZ H:\Program Files\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game
H:\Program Files\Mass Effect\MassEffectLauncher.exe REG_SZ H:\Program Files\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher
H:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe REG_SZ H:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)
H:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe REG_SZ H:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV
H:\Program Files\Skype\Plugin Manager\skypePM.exe REG_SZ H:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
H:\Program Files\World of Warcraft\BackgroundDownloader.exe REG_SZ H:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader
H:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ H:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
H:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ H:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
H:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe REG_SZ H:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9
H:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe REG_SZ H:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10
H:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe REG_SZ H:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update
H:\Program Files\Volition Inc\Red Faction Guerrilla\rfg.exe REG_SZ H:\Program Files\Volition Inc\Red Faction Guerrilla\rfg.exe:*:Enabled:Red Faction: Guerrilla
H:\Program Files\World of Warcraft\Launcher.exe REG_SZ H:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Launcher.exe
H:\Program Files\Microsoft Games\Halo 2\halo2.exe REG_SZ H:\Program Files\Microsoft Games\Halo 2\halo2.exe:*:Enabled:Halo 2
H:\Documents and Settings\dadou\Bureau\Age of Empires II + Extensions\Age of Empires II + Extensions\Crack NoCD - The Age Of Kings\empires2(1).exe REG_SZ H:\Documents and Settings\dadou\Bureau\Age of Empires II + Extensions\Age of Empires II + Extensions\Crack NoCD - The Age Of Kings\empires2(1).exe:*:Enabled:Age of Empires II
H:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe REG_SZ H:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2
H:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe REG_SZ H:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer
H:\Program Files\Skype\Phone\Skype.exe REG_SZ H:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
H:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ H:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
H:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ H:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare

===============
ActivX controls
===============
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}

===============
SilentIEStubProcessing REG_SZ Y
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0fde1f56-0d59-4fd7-9624-e3df6b419d0f}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5056b317-8d4c-43ee-8543-b9d1e234b8f4}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EF289A85-8E57-408d-BE47-73B55609861A}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}

==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E33CF602-D945-461A-83F0-819F76A199F8}]

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3
EapHost : 0x3
SharedAccess : 0x2
wuauserv : 0x2

=========

=======
Drive :
=======

D‚fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

¤¤¤¤¤¤¤¤¤¤ Files/folders :

H:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
H:\Program Files\DAEMON Tools Toolbar
H:\WINDOWS\System32\fjhdyfhsn.bat

¤¤¤¤¤¤¤¤¤¤ Keys :

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"

================
Other infections
================

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-02 12:16:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gqjig]
"Type"=dword:00000001
"Start"=dword:00000000
"ErrorControl"=dword:00000000
"Group"="Boot Bus Extender"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="H:\Program Files\DAEMON Tools Lite\"
"u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
"h0"=dword:00000000
"hdf12"=hex:df,c7,58,45,6f,f2,85,6f,3d,82,80,7d,a3,9b,03,e1,75,41,d8,9b,de,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,20,54,14,c2,b7,48,7e,86,50,3b,07,12,74,a2,15,68,b6,..
"hdf12"=hex:90,e6,69,1e,e7,47,cb,91,20,91,14,02,9c,86,69,98,07,9f,ff,4b,90,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:0b,ac,27,74,6a,f7,ee,6f,54,f4,86,b2,3f,ef,44,32,39,f7,e2,e2,cc,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\gqjig]
"Type"=dword:00000001
"Start"=dword:00000000
"ErrorControl"=dword:00000000
"Group"="Boot Bus Extender"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="H:\Program Files\DAEMON Tools Lite\"
"u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
"h0"=dword:00000000
"hdf12"=hex:6f,d8,8a,9b,ec,4b,cc,70,95,26,66,03,91,25,21,23,a6,ed,1b,88,69,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,20,54,14,c2,b7,48,7e,86,50,3b,07,12,74,a2,15,68,b6,..
"hdf12"=hex:90,e6,69,1e,e7,47,cb,91,20,91,14,02,9c,86,69,98,07,9f,ff,4b,90,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:0b,ac,27,74,6a,f7,ee,6f,54,f4,86,b2,3f,ef,44,32,39,f7,e2,e2,cc,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

==========
Programs
==========

Activision
Ad-Remover
Adobe
AGEIA Technologies
AIDA32 - Personal System Information
Alwil Software
Analog Devices
Apple Software Update
ASUS WiFi-AP Solo
Bonjour
CCP
Cheat Engine
Circle Develoement
Combined Community Codec Pack
Common Files
ComPlus Applications
CyberLink
D-Tools
DAEMON Tools Lite
DAEMON Tools Toolbar
DivX
Dofus
Dofus 2
Dofus 2 Online
dofus2
DofusBeta
EA Games
Electronic Arts
Fichiers communs
Games-Masters.com
Gpotato.eu
InstallShield Installation Information
Intel
Internet Explorer
iPod
iTunes
Java
Kaspersky Lab
LimeWire
ma-config.com
Marvell
Mass Effect
McAfee Security Scan
Media Player Classic
Megaupload
Messenger
Messenger Plus! Live
Microsoft
microsoft frontpage
Microsoft Games
Microsoft Games for Windows - LIVE
Microsoft Office
Microsoft Office Outlook Connector
Microsoft Silverlight
Microsoft SQL Server Compact Edition
Microsoft Sync Framework
Microsoft Visual Studio
Microsoft Works
Movie Maker
Mozilla Firefox
MSBuild
MSN
MSN Gaming Zone
MSXML 4.0
Mumble
Nero
NetMeeting
Online Services
Outlook Express
QuickTime
RealVNC
Reference Assemblies
Rockstar Games
Safari
Securitoo
Services en ligne
Skype
SpeedSim
StartupRun
Steam
Sun
Teamspeak2_RC2
TimeGate Studios
Trend Micro
Ubisoft
Uninstall Information
UxTheme Multipatcher Fr
Volition Inc
Wakfu
Warcraft III
Windows Desktop Search
Windows Live
Windows Live Safety Center
Windows Live SkyDrive
Windows Media Connect 2
Windows Media Player
Windows NT
WindowsUpdate
WinRAR
World of Warcraft
xerox

============
Lecteur H:
============

8ec512cdc2463eb2d312a7fd45267c
Ad-Report-CLEAN[1].log
autorun.inf
boot.ini
Bootfont.bin
Documents and Settings
Intel
Kill'em
List'em.txt
MSOCache
NTDETECT.COM
ntldr
NVIDIA
pagefile.sys
Program Files
RaidTool
RECYCLER
rsit
System Volume Information
TB.txt
Temp
ToolBar SD
UsbFix
WINDOWS

¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials

H:\Documents and Settings\dadou\Bureau\Age of Empires III.part1\Age of Empires III\Le Serial\Serial.txt
H:\Documents and Settings\dadou\Mes documents\PacSteamT\Patches
H:\Documents and Settings\dadou\Mes documents\PacSteamT\Patches\Forced Steam LOGOUT.exe
H:\Documents and Settings\dadou\Mes documents\PacSteamT\Patches\OFFLINE mode.exe
H:\Documents and Settings\dadou\Mes documents\PacSteamT\Patches\ONLINE mode.exe
H:\Documents and Settings\dadou\Mes documents\PacSteamT\Patches\SetiServers-UNDO.exe
H:\Documents and Settings\dadou\Mes documents\PacSteamT\Patches\SetiServers.exe
H:\Documents and Settings\dadou\Mes documents\PacSteamT\Patches\Update.exe
H:\Documents and Settings\dadou\Recent\Serial.lnk
H:\Program Files\Electronic Arts\Alerte Rouge 3\Launcher\Patch
H:\Program Files\Electronic Arts\Alerte Rouge 3\Launcher\Patch\csf0001.dat
H:\Program Files\Electronic Arts\Alerte Rouge 3\Launcher\Patch\csf0002.dat
H:\Program Files\Electronic Arts\Alerte Rouge 3\Launcher\Patch\csf0003.dat
H:\Program Files\Electronic Arts\Alerte Rouge 3\Launcher\Patch\csf0005.dat
H:\Program Files\Electronic Arts\Alerte Rouge 3\Launcher\Patch\csf0006.dat
H:\Program Files\Electronic Arts\Alerte Rouge 3\Launcher\Patch\csf0007.dat
H:\Program Files\Electronic Arts\Alerte Rouge 3\Launcher\Patch\csf0009.dat
H:\Program Files\Electronic Arts\Alerte Rouge 3\Launcher\Patch\csf0010.dat
H:\Program Files\Electronic Arts\Alerte Rouge 3\Launcher\Patch\csf0011.dat
H:\Program Files\Electronic Arts\Alerte Rouge 3\Launcher\Patch\csf0013.dat
H:\Program Files\Electronic Arts\Alerte Rouge 3\Launcher\Patch\csf0015.dat
H:\Program Files\Electronic Arts\Alerte Rouge 3\Launcher\Patch\csf0016.dat
H:\Program Files\Electronic Arts\EADM\html\PatchProgressWin.html
H:\Program Files\Electronic Arts\EADM\html\PatchProgressWin.swf
H:\Program Files\Gpotato.eu\Flyff\PatchLog.txt
H:\Program Files\Warcraft III\Patch.txt
H:\Program Files\World of Warcraft\Patch.html
H:\Program Files\World of Warcraft\Patch.txt
H:\Program Files\World of Warcraft\Patches
H:\Program Files\World of Warcraft\Patches\WoW-3.0.9-to-3.1.0-frFR-Win-patch
H:\Program Files\World of Warcraft\Patches\WoW-3.1.3-to-3.2.0-frFR-Win-patch
H:\Program Files\World of Warcraft\Patches\WoW-3.0.9-to-3.1.0-frFR-Win-patch\Blizzard Updater.exe
H:\Program Files\World of Warcraft\Patches\WoW-3.0.9-to-3.1.0-frFR-Win-patch\wow-final.MPQ
H:\Program Files\World of Warcraft\Patches\WoW-3.0.9-to-3.1.0-frFR-Win-patch\wow-partial-1.MPQ
H:\Program Files\World of Warcraft\Patches\WoW-3.0.9-to-3.1.0-frFR-Win-patch\wow-partial-2.MPQ
H:\Program Files\World of Warcraft\Patches\WoW-3.1.3-to-3.2.0-frFR-Win-patch\Blizzard Updater.exe
H:\Program Files\World of Warcraft\Patches\WoW-3.1.3-to-3.2.0-frFR-Win-patch\wow-final.MPQ
H:\Program Files\World of Warcraft\Patches\WoW-3.1.3-to-3.2.0-frFR-Win-patch\wow-partial-1.MPQ
H:\Program Files\World of Warcraft\Patches\WoW-3.1.3-to-3.2.0-frFR-Win-patch\wow-partial-2.MPQ

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Réponse 25 / 28

Utilisateur anonyme
2 janv. 2010 à 14:15

bonjourn
supprime ces cracks :

H:\Documents and Settings\dadou\Bureau\Age of Empires III.part1\Age of Empires III\Le Serial\Serial.txt
H:\Documents and Settings\dadou\Mes documents\PacSteamT\Patches
H:\Documents and Settings\dadou\Mes documents\PacSteamT\Patches\Forced Steam LOGOUT.exe
H:\Documents and Settings\dadou\Mes documents\PacSteamT\Patches\OFFLINE mode.exe
H:\Documents and Settings\dadou\Mes documents\PacSteamT\Patches\ONLINE mode.exe
H:\Documents and Settings\dadou\Mes documents\PacSteamT\Patches\SetiServers-UNDO.exe
H:\Documents and Settings\dadou\Mes documents\PacSteamT\Patches\SetiServers.exe
H:\Documents and Settings\dadou\Mes documents\PacSteamT\Patches\Update.exe
H:\Documents and Settings\dadou\Recent\Serial.lnk
H:\Program Files\Electronic Arts\Alerte Rouge 3\Launcher\Patch
H:\Program Files\Electronic Arts\Alerte Rouge 3\Launcher\Patch\csf0001.dat
H:\Program Files\Electronic Arts\Alerte Rouge 3\Launcher\Patch\csf0002.dat
H:\Program Files\Electronic Arts\Alerte Rouge 3\Launcher\Patch\csf0003.dat
H:\Program Files\Electronic Arts\Alerte Rouge 3\Launcher\Patch\csf0005.dat
H:\Program Files\Electronic Arts\Alerte Rouge 3\Launcher\Patch\csf0006.dat
H:\Program Files\Electronic Arts\Alerte Rouge 3\Launcher\Patch\csf0007.dat
H:\Program Files\Electronic Arts\Alerte Rouge 3\Launcher\Patch\csf0009.dat
H:\Program Files\Electronic Arts\Alerte Rouge 3\Launcher\Patch\csf0010.dat
H:\Program Files\Electronic Arts\Alerte Rouge 3\Launcher\Patch\csf0011.dat
H:\Program Files\Electronic Arts\Alerte Rouge 3\Launcher\Patch\csf0013.dat
H:\Program Files\Electronic Arts\Alerte Rouge 3\Launcher\Patch\csf0015.dat
H:\Program Files\Electronic Arts\Alerte Rouge 3\Launcher\Patch\csf0016.dat
H:\Program Files\Electronic Arts\EADM\html\PatchProgressWin.html
H:\Program Files\Electronic Arts\EADM\html\PatchProgressWin.swf
H:\Program Files\Gpotato.eu\Flyff\PatchLog.txt
H:\Program Files\Warcraft III\Patch.txt
H:\Program Files\World of Warcraft\Patch.html
H:\Program Files\World of Warcraft\Patch.txt
H:\Program Files\World of Warcraft\Patches
H:\Program Files\World of Warcraft\Patches\WoW-3.0.9-to-3.1.0-frFR-Win-patch
H:\Program Files\World of Warcraft\Patches\WoW-3.1.3-to-3.2.0-frFR-Win-patch
H:\Program Files\World of Warcraft\Patches\WoW-3.0.9-to-3.1.0-frFR-Win-patch\Blizzard Updater.exe
H:\Program Files\World of Warcraft\Patches\WoW-3.0.9-to-3.1.0-frFR-Win-patch\wow-final.MPQ
H:\Program Files\World of Warcraft\Patches\WoW-3.0.9-to-3.1.0-frFR-Win-patch\wow-partial-1.MPQ
H:\Program Files\World of Warcraft\Patches\WoW-3.0.9-to-3.1.0-frFR-Win-patch\wow-partial-2.MPQ
H:\Program Files\World of Warcraft\Patches\WoW-3.1.3-to-3.2.0-frFR-Win-patch\Blizzard Updater.exe
H:\Program Files\World of Warcraft\Patches\WoW-3.1.3-to-3.2.0-frFR-Win-patch\wow-final.MPQ
H:\Program Files\World of Warcraft\Patches\WoW-3.1.3-to-3.2.0-frFR-Win-patch\wow-partial-1.MPQ
H:\Program Files\World of Warcraft\Patches\WoW-3.1.3-to-3.2.0-frFR-Win-patch\wow-partial-2.MPQ

relance l'outil en mode suppression :

REDEMARRE EN MODE SANS ECHEC
Redémarre l'ordinateur en tapotant la touche F8 plusieurs fois jusqu'à l'apparition d'un menu (blanc sur fond noir).
Ne t'inquiète pas si les couleurs et les icônes ne sont pas comme d'habitude
Dans ce menu, à l'aide des touches directionnelles, mettez en surbrillance la ligne Démarrer en mode sans échec.
Choisir le système d'exploitation à démarrer.
Choisir votre compte habituel pour vous loguer.
A l'avertissement disant que l'ordinateur a démarré en mode sans échec, cliquer sur Continuer.
Remarque: Sur certains ordinateurs, la touche F8 est inopérante. Utiliser dans ce cas la touche F5 ou F12(ordinateur US).
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
Tuto:http://www.vista-xp.fr/forum/topic93.html
Relance List&Kill'em (clic droit pour vista),
mais cette fois-ci :
choisis l'option 2 = Mode Destruction
laisse travailler l'outil
après les vérifications , un rapport va s'ouvrir.
Ferme-le.
Un deuxième rapport va s’ouvrir,
colle son contenu dans ta réponse après avoir redémarré en mode normal

Réponse 26 / 28

evotis Messages postés 14 Date d'inscription vendredi 1 janvier 2010 Statut Membre Dernière intervention 2 janvier 2010
2 janv. 2010 à 14:35

mais ... je peux pas virer ces crack, puisque ça n'es pas des crack, ce sont tout simplement des mise a jour, de jeux officiel que j'ai acheté ^^"
Ce sont des jeux que j'ai depuis 2 ans

Réponse 27 / 28

Utilisateur anonyme
2 janv. 2010 à 16:14

ok, passe à la suite :-)

Réponse 28 / 28

Utilisateur anonyme
2 janv. 2010 à 19:08

hello le mode sans echec n'est plus obligatoire pour la supression