Trojan.generic.291379, Comment le supprimer ?

Résolu/Fermé

Utilisateur anonyme - 2 janv. 2010 à 01:43
Utilisateur anonyme - 12 févr. 2010 à 11:44

Bonjour et bonne année à tous,

Depuis quelques jours, mon ordi est infecté par les virus trojan.generic.2913791.

Je suspectais déjà un virus, mais aujourd'hui, bitdefender a enfin réussi à faire une analyse anti-malwares complète (jusqu'alors, l'ordi plantait en plein milieu de l'analyse) et ce virus a été détecté, mais bitdefender est incapable de le supprimer.

Bitdefender détecte 13 fichiers infectés, 11 infectés par trojan.generic.2911258 qui sont supprimés, mais qui reviennent en permanence, et 2 infectés par trojan.generic.2913791 qui ne peuvent pas être supprimés.

Le tout, dans le même fichier :

<system>=>globalroot\systemroot\system32\h8srtirqqqweupw.dll(memory dump) et (full dump)

Apparemment, et comme le suggère l'emplacement du fichier infecté, l'infection est bien enracinée, car depuis l'infection :

-La restauration du système, la défragmentation, le formatage des autres partitions sont impossible.

-Il m'est impossible d'installer spytbotS&D (je clique sur l'exe d'instal, le sablier apparait, puis rien du tout).

-Les mises à jours via internet explorer et le site windows update sont très difficiles (explorer se ferme).

-Le système freeze régulièrement.

-J'ai réinstaller un jeu qui depuis ne fonctionne plus (toutes les 2 min, les couleurs bugent, et le jeu est réduit en barre des taches)

Je joints le log Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:23:47, on 02/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\Feu Central\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 5284 bytes

Le site d'évaluation de log en ligne de hijackthis ne trouve rien d'anormal.

Voilà, ce problème dépasse très largement mes compétences informatiques, et je ne sais vraiment pas quoi faire.

Quelqu'un aurait-il une idée ??

Merci d'avance.

A voir également:

Trojan.generic.291379, Comment le supprimer ?
Comment supprimer une page sur word - Guide
Supprimer compte instagram - Guide
Comment recuperer un message supprimé sur whatsapp - Guide
Comment supprimer un compte gmail - Guide
Impossible de supprimer un fichier - Guide

84 réponses

Réponse 21 / 84

moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 274
3 janv. 2010 à 22:23

comment tu faisais ?

Réponse 22 / 84

Utilisateur anonyme
3 janv. 2010 à 22:46

Je cliquais sur l'icône avec mon doigt...

Sinon, Lucifer me voilà ! :

http://www.cijoint.fr/cjlink.php?file=cj201001/cijIE3AGhM.txt

Merci pour le tuyau (cijoint.fr)

Réponse 23 / 84

moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 274
3 janv. 2010 à 22:50

Relance ZHPDiag ( Clic droit " Executer en tant qu'administrateur " sous vista ) , fais un scan puis cette fois-ci cliques sur l'icone en forme d'écusson vert " ZHPFix ".

ZHPFix se lancera, clique maintenant sur le " H " bleu ( coller les lignes helper ) puis copie/colle ces lignes

O43 - CFD:Common File Directory ----D- C:\Program Files\DAEMON Tools Toolbar
O44 - LFC:Last File Created 01/01/2010 - 15:04:39 ---A- C:\WINDOWS\System32\perfc009.dat
O44 - LFC:Last File Created 01/01/2010 - 15:04:39 ---A- C:\WINDOWS\System32\perfc00C.dat
O44 - LFC:Last File Created 01/01/2010 - 15:04:39 ---A- C:\WINDOWS\System32\perfh009.dat
O44 - LFC:Last File Created 01/01/2010 - 15:04:39 ---A- C:\WINDOWS\System32\perfh00C.dat
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O44 - LFC:Last File Created 03/01/2010 - 05:57:05 ---A- C:\WINDOWS\WindowsUpdate.log
O44 - LFC:Last File Created 03/01/2010 - 05:56:29 ---A- C:\WINDOWS\wiadebug.log
O44 - LFC:Last File Created 03/01/2010 - 05:55:51 ---A- C:\WINDOWS\wiaservc.log
O44 - LFC:Last File Created 03/01/2010 - 02:48:45 ---A- C:\WINDOWS\comsetup.log
O44 - LFC:Last File Created 03/01/2010 - 02:48:45 ---A- C:\WINDOWS\iis6.log
O44 - LFC:Last File Created 03/01/2010 - 02:48:45 ---A- C:\WINDOWS\imsins.log
O44 - LFC:Last File Created 03/01/2010 - 02:48:45 ---A- C:\WINDOWS\ntdtcsetup.log
O44 - LFC:Last File Created 03/01/2010 - 02:48:45 ---A- C:\WINDOWS\ocgen.log
O44 - LFC:Last File Created 03/01/2010 - 02:48:45 ---A- C:\WINDOWS\ocmsn.log
O44 - LFC:Last File Created 03/01/2010 - 02:48:45 ---A- C:\WINDOWS\tsoc.log
O44 - LFC:Last File Created 03/01/2010 - 02:48:44 ---A- C:\WINDOWS\FaxSetup.log
O44 - LFC:Last File Created 03/01/2010 - 02:48:32 ---A- C:\WINDOWS\setupapi.log
O44 - LFC:Last File Created 01/01/2010 - 15:07:18 ---A- C:\WINDOWS\spupdsvc.log
O44 - LFC:Last File Created 01/01/2010 - 15:05:30 ---A- C:\WINDOWS\COM+.log
O44 - LFC:Last File Created 01/01/2010 - 15:05:10 ---A- C:\WINDOWS\KB963093.log
O44 - LFC:Last File Created 01/01/2010 - 15:05:10 ---A- C:\WINDOWS\updspapi.log
O44 - LFC:Last File Created 01/01/2010 - 15:04:39 ---A- C:\WINDOWS\System32\perfc009.dat
O44 - LFC:Last File Created 01/01/2010 - 15:04:39 ---A- C:\WINDOWS\System32\perfc00C.dat
O44 - LFC:Last File Created 01/01/2010 - 15:04:39 ---A- C:\WINDOWS\System32\perfh009.dat
O44 - LFC:Last File Created 01/01/2010 - 15:04:39 ---A- C:\WINDOWS\System32\perfh00C.dat
O44 - LFC:Last File Created 01/01/2010 - 15:03:47 ---A- C:\WINDOWS\KB954154.log
O44 - LFC:Last File Created 01/01/2010 - 15:03:44 ---A- C:\WINDOWS\KB929399.log
O44 - LFC:Last File Created 01/01/2010 - 15:03:32 ---A- C:\WINDOWS\KB939683.log
O44 - LFC:Last File Created 01/01/2010 - 15:03:20 ---A- C:\WINDOWS\KB941569.log
O44 - LFC:Last File Created 01/01/2010 - 11:19:20 ---A- C:\WINDOWS\KB952069.log
O44 - LFC:Last File Created 01/01/2010 - 11:19:17 ---A- C:\WINDOWS\KB954155.log
O44 - LFC:Last File Created 01/01/2010 - 11:19:15 ---A- C:\WINDOWS\KB968816.log
O44 - LFC:Last File Created 01/01/2010 - 11:19:12 ---A- C:\WINDOWS\KB973540.log
O44 - LFC:Last File Created 01/01/2010 - 11:19:12 ---A- C:\WINDOWS\wmsetup.log
O44 - LFC:Last File Created 01/01/2010 - 11:14:51 ---A- C:\WINDOWS\KB971513.log
O44 - LFC:Last File Created 01/01/2010 - 11:14:47 ---A- C:\WINDOWS\basecsp.log
O44 - LFC:Last File Created 01/01/2010 - 11:14:39 ---A- C:\WINDOWS\KB940157.log
O44 - LFC:Last File Created 01/01/2010 - 11:14:01 ---A- C:\WINDOWS\KB915800-v4.log
O44 - LFC:Last File Created 01/01/2010 - 11:13:52 ---A- C:\WINDOWS\MSCompPackV1.log
O44 - LFC:Last File Created 01/01/2010 - 11:13:47 ---A- C:\WINDOWS\wmp11.log
O44 - LFC:Last File Created 01/01/2010 - 11:13:47 ---A- C:\WINDOWS\wmsetup10.log
O44 - LFC:Last File Created 01/01/2010 - 11:13:01 ---A- C:\WINDOWS\WMFDist11.log
O44 - LFC:Last File Created 01/01/2010 - 11:12:19 ---A- C:\WINDOWS\Wudf01000Inst.log
O44 - LFC:Last File Created 01/01/2010 - 11:10:22 ---A- C:\WINDOWS\KB955759.log
O44 - LFC:Last File Created 01/01/2010 - 11:10:21 ---A- C:\WINDOWS\setupact.log
O44 - LFC:Last File Created 01/01/2010 - 11:10:21 ---A- C:\WINDOWS\setuperr.log
O44 - LFC:Last File Created 31/12/2009 - 04:58:51 ---A- C:\WINDOWS\System32\spupdwxp.log
O44 - LFC:Last File Created 31/12/2009 - 04:19:51 ---A- C:\WINDOWS\System32\spdwnwxp.log

Clique sur " Ok " , puis " Tous " et enfin " Nettoyer ".

Copie/Colle le rapport à l'écran dans ton prochain message

Réponse 24 / 84

Utilisateur anonyme
3 janv. 2010 à 23:07

ZHPFix v1.12.24  by Nicolas Coolman - Rapport de suppression du 03/01/2010 23:06:14
Fichier d'export Registre : C:\ZHPExportRegistry-03-01-2010-23-06-14.txt
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html


Processus mémoire :
(Néant)

Module mémoire :
(Néant)

Clé du Registre :
(Néant)

Valeur du Registre :
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe  => Valeur supprimée avec succès
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE  => Valeur supprimée avec succès
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE  => Valeur absente

Elément de données du Registre :
(Néant)

Dossier :
C:\Program Files\DAEMON Tools Toolbar  => Supprimé et mis en quarantaine

Fichier :
c:\windows\system32\perfc009.dat  => Supprimé et mis en quarantaine
c:\windows\system32\perfc00c.dat  => Supprimé et mis en quarantaine
c:\windows\system32\perfh009.dat  => Supprimé et mis en quarantaine
c:\windows\system32\perfh00c.dat  => Supprimé et mis en quarantaine
c:\windows\system32\ctfmon.exe  => Fichier supprimé au reboot
c:\windows\windowsupdate.log  => Fichier supprimé au reboot
c:\windows\wiadebug.log  => Fichier supprimé au reboot
c:\windows\wiaservc.log  => Fichier supprimé au reboot
c:\windows\comsetup.log  => Supprimé et mis en quarantaine
c:\windows\iis6.log  => Supprimé et mis en quarantaine
c:\windows\imsins.log  => Supprimé et mis en quarantaine
c:\windows\ntdtcsetup.log  => Supprimé et mis en quarantaine
c:\windows\ocgen.log  => Supprimé et mis en quarantaine
c:\windows\ocmsn.log  => Supprimé et mis en quarantaine
c:\windows\tsoc.log  => Supprimé et mis en quarantaine
c:\windows\faxsetup.log  => Supprimé et mis en quarantaine
c:\windows\setupapi.log  => Supprimé et mis en quarantaine
c:\windows\spupdsvc.log  => Supprimé et mis en quarantaine
c:\windows\com+.log  => Supprimé et mis en quarantaine
c:\windows\kb963093.log  => Supprimé et mis en quarantaine
c:\windows\updspapi.log  => Supprimé et mis en quarantaine
c:\windows\system32\perfc009.dat  => Fichier absent
c:\windows\system32\perfc00c.dat  => Fichier absent
c:\windows\system32\perfh009.dat  => Fichier absent
c:\windows\system32\perfh00c.dat  => Fichier absent
c:\windows\kb954154.log  => Supprimé et mis en quarantaine
c:\windows\kb929399.log  => Supprimé et mis en quarantaine
c:\windows\kb939683.log  => Supprimé et mis en quarantaine
c:\windows\kb941569.log  => Supprimé et mis en quarantaine
c:\windows\kb952069.log  => Supprimé et mis en quarantaine
c:\windows\kb954155.log  => Supprimé et mis en quarantaine
c:\windows\kb968816.log  => Supprimé et mis en quarantaine
c:\windows\kb973540.log  => Supprimé et mis en quarantaine
c:\windows\wmsetup.log  => Supprimé et mis en quarantaine
c:\windows\kb971513.log  => Supprimé et mis en quarantaine
c:\windows\basecsp.log  => Supprimé et mis en quarantaine
c:\windows\kb940157.log  => Supprimé et mis en quarantaine
c:\windows\kb915800-v4.log  => Supprimé et mis en quarantaine
c:\windows\mscomppackv1.log  => Supprimé et mis en quarantaine
c:\windows\wmp11.log  => Supprimé et mis en quarantaine
c:\windows\wmsetup10.log  => Supprimé et mis en quarantaine
c:\windows\wmfdist11.log  => Supprimé et mis en quarantaine
c:\windows\wudf01000inst.log  => Supprimé et mis en quarantaine
c:\windows\kb955759.log  => Supprimé et mis en quarantaine
c:\windows\setupact.log  => Supprimé et mis en quarantaine
c:\windows\setuperr.log  => Supprimé et mis en quarantaine
c:\windows\system32\spupdwxp.log  => Supprimé et mis en quarantaine
c:\windows\system32\spdwnwxp.log  => Supprimé et mis en quarantaine

Logiciel :
(Néant)

Script Registre :
(Néant)

Autre :
(Néant)


Récapitulatif :
Processus mémoire : 0
Module mémoire : 0
Clé du Registre : 0
Valeur du Registre : 3
Elément de données du Registre : 0
Dossier : 1
Fichier : 48
Logiciel : 0
Autre : 0


End of the scan

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 25 / 84

Utilisateur anonyme
3 janv. 2010 à 23:42

Bon, moment de grace, je vais me coucher l'ami, je suis vraiment claqué là...

Je te remercie encore de tout ce que tu fais pour moi...

Je verrais çà demain... Bonne nuit à toi...

PS: A propos du double clic sur les icônes, je te charriais un peu, c'était ironique...

Réponse 26 / 84

moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 274
4 janv. 2010 à 05:42

(sourire)

1)

vérifier ta Console Java ? :
https://www.java.com/fr/download/uninstalltool.jsp

et installer la nouvelle version si besoin est (dans ce cas désinstalle avant l'ancienne version).

voici pour desinstaller :

JavaRa
http://raproducts.org/click/click.php?id=1

Décompresse le fichier sur le Bureau (Clic droit > Extraire tout).
* Double-clique (clic droit "en tant qu'administrateur" pour Vista) sur le répertoire JavaRa.
* Puis double-clique sur le fichier JavaRa.exe (le exe peut ne pas s'afficher).
* Choisis Français puis clique sur Select.
* Clique sur Recherche de mises à jour.
* Sélectionne Mettre à jour via jucheck.exe puis clique sur Rechercher.
* Autorise le processus à se connecter s'il le demande, clique sur Installer et suis les instructions d'installation qui prennent quelques minutes.
* L'installation est terminée, reviens à l'écran de JavaRa et clique sur Effacer les anciennes versions.
* Clique sur Oui pour confirmer. Laisse travailler et clique ensuite sur OK, puis une deuxième fois sur OK.
* Un rapport va s'ouvrir. Poste-le dans ta prochaine réponse.
* Ferme l'application.

Note : le rapport se trouve aussi dans C:\ sous le nom JavaRa.log.

...............

2)
IMPORTANT

Purger la restauration systeme XP

http://www.bibou0007.com/windows-xp-f101/purger-la-restauration-du-systeme-sous-windows-xp-t151.htm

...................

3)
ToolsCleaner2sur ton Bureau.
https://www.commentcamarche.net/telecharger/securite/22061-toolscleaner/

* Double-clique (clic droit "en tant qu'administrateur" pour Vista) sur ToolsCleaner2.exe pour le lancer.
* Clique sur Recherche et laisse le scan agir.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options Facultatives.
* Clique sur Quitter pour obtenir le rapport.
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

Réponse 27 / 84

Utilisateur anonyme
4 janv. 2010 à 21:24

Ok, moment de grace, j'ai fais tout ce que tu m'as demandé, mais pas de TCleaner.txt, j'ai réouvert le programme et fais quitter, et là j'ai eu un log, mais bien sûr, il était vide...
Mais la suppression s'est déroulée sans problème...

Le rapport de JavaRa :

JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Mon Jan 04 21:01:26 2010

Found and removed: C:\Documents and Settings\Feu Central\Application Data\Sun\Java\jre1.6.0_13

Found and removed: C:\Documents and Settings\Feu Central\Application Data\Sun\Java\jre1.6.0_15

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

------------------------------------

Finished reporting.

Réponse 28 / 84

moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 274
5 janv. 2010 à 02:45

avant de partir

fais ceci

Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection)

▶ Télécharge et installe List&Kill'em et enregistre le sur ton bureau
http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem_Install.exe

double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

coche la case "creer une icone sur le bureau"

une fois terminée , clic sur "terminer" et le programme se lancer seul

choisis la langue puis choisis l'option 1 = Mode Recherche

▶ laisse travailler l'outil

à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.

▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"

tu peux supprimer le rapport catchme.log de ton bureau maintenant.

Réponse 29 / 84

Utilisateur anonyme
5 janv. 2010 à 18:34

Alors, j'ai fais ce que tu m'as dis, mais j'avais oublié de désactiver l'antivirus et le pare-feu...

Mais il n'a pas été détecté comme infection, c'est normal ??

Sinon, j'ai vu qu'à la fin, il cherche des Cracks | Keygens | Serials , je me demande bien pourquoi, en plus, il n'a trouvé que cette entrée :

C:\Program Files\BitDefender\BitDefender 2009\BDInProcPatch.exe

Alors que j'ai des Cracks | Keygens | Serials, dans mes dossiers, bon, les logiciels ne sont pas installés mais c'est bizarre qu'il ne les ait pas listé...

Qu'en penses-tu ??

Bon, pour le pare-feu, je viens de m'apercevoir que je n'en ai pas, je croyais à tort que bitdefender en incluais un (c'est pas mon PC, mais celui de mes parents), donc, en fait, il n'y a que celui de windows (j'étais tellement sûr que les gens du magasin informatique où mes parents ont acheté le PC en avaient inclus un que je pensais qu'on avait bitdefender, la suite, avec le firewall inclus alors que c'est juste l'antivirus...) Je vais télécharger ZoneAlarm je pense, à moins que tu me préconises un autre produit...

Réponse 30 / 84

moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 274
5 janv. 2010 à 18:41

fais List&Kill'em comme indiqué au post 29 et postes le rapport

il devrait y avoir des cochonneries encore

Réponse 31 / 84

Utilisateur anonyme
5 janv. 2010 à 19:49

Ok, mais je ne peux pas quitter bitdefender, dois-je désactiver la protection en temps réel et le controle vie privée ?? Dois-je aussi déactiver le pare-feu Windows ??

Réponse 32 / 84

moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 274
5 janv. 2010 à 20:09

coupe internet,déactives antivirus (protection en temps réel ) pare feu le temps du scan--

Je cherche beaucoup...et parfois je trouve !
(sourire)

Réponse 33 / 84

Utilisateur anonyme
6 janv. 2010 à 00:27

List'em by g3n-h@ckm@n 1.1.7.1 

Thx to Chiquitine29.....& CCM team 

User : Feu Central (Administrateurs) # FEUCENTRAL
Update on 03/12/2009 by g3n-h@ckm@n ::::: 21:00 
Start at: 21:29:29 | 05/01/2010
Contact : g3n-h@ckm@n sur CCM

AMD Sempron(tm)   2400+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : Antivirus BitDefender  12.0 [ (!) Disabled | Updated ]

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 77,62 Go (47,51 Go free) | NTFS
D:\ -> Disque fixe local | 77,62 Go (77,56 Go free) | NTFS
E:\ -> Disque fixe local
F:\ -> Disque CD-ROM

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running 

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Feu Central\Local Settings\Temp\12C.tmp\pv.exe

======================
Keys "Run" 
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe	REG_SZ         	C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
BDAgent	REG_SZ         	"C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" 
BitDefender Antiphishing Helper	REG_SZ         	"C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" 
HPDJ Taskbar Utility	REG_SZ         	C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe 
Adobe ARM	REG_SZ         	"C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" 
SunJavaUpdateSched	REG_SZ         	"C:\Program Files\Java\jre6\bin\jusched.exe" 
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] 
dontdisplaylastusername	REG_DWORD      	0 (0x0) 
legalnoticecaption	REG_SZ         	 
legalnoticetext	REG_SZ         	 
shutdownwithoutlogon	REG_DWORD      	1 (0x1) 
undockwithoutlogon	REG_DWORD      	1 (0x1) 
DisableRegistryTools	REG_DWORD      	0 (0x0) 

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] 
NoDriveTypeAutoRun	REG_DWORD      	323 (0x143) 
NoDriveAutoRun	REG_DWORD      	67108863 (0x3ffffff) 
NoDrives	REG_DWORD      	0 (0x0) 

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] 
HonorAutoRunSetting	REG_DWORD      	1 (0x1) 
NoDriveAutoRun	REG_DWORD      	67108863 (0x3ffffff) 
NoDriveTypeAutoRun	REG_DWORD      	323 (0x143) 
NoDrives	REG_DWORD      	0 (0x0) 

=============== 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972}	REG_SZ         	 
{56F9679E-7826-4C84-81F3-532071A8BCC5}	REG_SZ         	 

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe	REG_SZ         	%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe	REG_SZ         	%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\uTorrent\uTorrent.exe	REG_SZ         	C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
C:\Program Files\eMule\emule.exe	REG_SZ         	C:\Program Files\eMule\emule.exe:*:Enabled:eMule
C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe	REG_SZ         	C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe	REG_SZ         	%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe	REG_SZ         	%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

===============
ActivX controls
===============
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}

===============
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{CB58DED6-4AF3-4080-9DF1-DEE72075169F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Microsoft Base Smart Card Crypto Provider Package
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{72AD53CC-CCC0-3757-8480-9EE176866A7C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EF289A85-8E57-408d-BE47-73B55609861A}

==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page	REG_SZ         	https://www.msn.com/fr-fr/?ocid=iehp

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page	REG_SZ         	https://www.google.fr/?gws_rd=ssl

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services] 

Ndisuio : 0x3 
EapHost : 0x3 
SharedAccess : 0x2 
wuauserv : 0x2 

=========
 
=======
Drive :
=======

D‚fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

Rapport d'analyse                 	 
    77,62 Go total,  47,52 Go libre (61%),  7% fragment‚ (fragmentation du fichier 15%)

Il ne vous est pas n‚cessaire de d‚fragmenter ce volume. 	 

¤¤¤¤¤¤¤¤¤¤ Files/folders :

C:\Documents and Settings\All Users\Application Data\sysReserve.ini  
C:\WINDOWS\System32\drivers\_004569_.tmp.dll  
C:\WINDOWS\System32\SET100.tmp  
C:\WINDOWS\System32\SET101.tmp  
C:\WINDOWS\System32\SET102.tmp  
C:\WINDOWS\System32\SET103.tmp  
C:\WINDOWS\System32\SET104.tmp  
C:\WINDOWS\System32\SET105.tmp  
C:\WINDOWS\System32\SET106.tmp  
C:\WINDOWS\System32\SET107.tmp  
C:\WINDOWS\System32\SET108.tmp  
C:\WINDOWS\System32\SET109.tmp  
C:\WINDOWS\System32\SET109F.tmp  
C:\WINDOWS\System32\SET10A.tmp  
C:\WINDOWS\System32\SET10A7.tmp  
C:\WINDOWS\System32\SET10A9.tmp  
C:\WINDOWS\System32\SET10AC.tmp  
C:\WINDOWS\System32\SET10AD.tmp  
C:\WINDOWS\System32\SET10B.tmp  
C:\WINDOWS\System32\SET10BA.tmp  
C:\WINDOWS\System32\SET10C.tmp  
C:\WINDOWS\System32\SET10C7.tmp  
C:\WINDOWS\System32\SET10D.tmp  
C:\WINDOWS\System32\SET10E.tmp  
C:\WINDOWS\System32\SET10E0.tmp  
C:\WINDOWS\System32\SET10E6.tmp  
C:\WINDOWS\System32\SET110.tmp  
C:\WINDOWS\System32\SET111.tmp  
C:\WINDOWS\System32\SET112.tmp  
C:\WINDOWS\System32\SET113.tmp  
C:\WINDOWS\System32\SET114.tmp  
C:\WINDOWS\System32\SET115.tmp  
C:\WINDOWS\System32\SET116.tmp  
C:\WINDOWS\System32\SET117.tmp  
C:\WINDOWS\System32\SET118.tmp  
C:\WINDOWS\System32\SET119.tmp  
C:\WINDOWS\System32\SET11A.tmp  
C:\WINDOWS\System32\SET11B.tmp  
C:\WINDOWS\System32\SET11C.tmp  
C:\WINDOWS\System32\SET11D.tmp  
C:\WINDOWS\System32\SET11E.tmp  
C:\WINDOWS\System32\SET11F.tmp  
C:\WINDOWS\System32\SET120.tmp  
C:\WINDOWS\System32\SET121.tmp  
C:\WINDOWS\System32\SET122.tmp  
C:\WINDOWS\System32\SET123.tmp  
C:\WINDOWS\System32\SET124.tmp  
C:\WINDOWS\System32\SET125.tmp  
C:\WINDOWS\System32\SET126.tmp  
C:\WINDOWS\System32\SET127.tmp  
C:\WINDOWS\System32\SET128.tmp  
C:\WINDOWS\System32\SET129.tmp  
C:\WINDOWS\System32\SET12A.tmp  
C:\WINDOWS\System32\SET12B.tmp  
C:\WINDOWS\System32\SET12C.tmp  
C:\WINDOWS\System32\SET12D.tmp  
C:\WINDOWS\System32\SET12E.tmp  
C:\WINDOWS\System32\SET12F.tmp  
C:\WINDOWS\System32\SET130.tmp  
C:\WINDOWS\System32\SET131.tmp  
C:\WINDOWS\System32\SET132.tmp  
C:\WINDOWS\System32\SET133.tmp  
C:\WINDOWS\System32\SET134.tmp  
C:\WINDOWS\System32\SET135.tmp  
C:\WINDOWS\System32\SET136.tmp  
C:\WINDOWS\System32\SET137.tmp  
C:\WINDOWS\System32\SET138.tmp  
C:\WINDOWS\System32\SET139.tmp  
C:\WINDOWS\System32\SET13A.tmp  
C:\WINDOWS\System32\SET13B.tmp  
C:\WINDOWS\System32\SET13C.tmp  
C:\WINDOWS\System32\SET13D.tmp  
C:\WINDOWS\System32\SET13E.tmp  
C:\WINDOWS\System32\SET13F.tmp  
C:\WINDOWS\System32\SET140.tmp  
C:\WINDOWS\System32\SET141.tmp  
C:\WINDOWS\System32\SET142.tmp  
C:\WINDOWS\System32\SET143.tmp  
C:\WINDOWS\System32\SET144.tmp  
C:\WINDOWS\System32\SET145.tmp  
C:\WINDOWS\System32\SET146.tmp  
C:\WINDOWS\System32\SET147.tmp  
C:\WINDOWS\System32\SET148.tmp  
C:\WINDOWS\System32\SET149.tmp  
C:\WINDOWS\System32\SET14A.tmp  
C:\WINDOWS\System32\SET14B.tmp  
C:\WINDOWS\System32\SET14C.tmp  
C:\WINDOWS\System32\SET14D.tmp  
C:\WINDOWS\System32\SET14E.tmp  
C:\WINDOWS\System32\SET14F.tmp  
C:\WINDOWS\System32\SET150.tmp  
C:\WINDOWS\System32\SET180.tmp  
C:\WINDOWS\System32\SET184.tmp  
C:\WINDOWS\System32\SET185.tmp  
C:\WINDOWS\System32\SET187.tmp  
C:\WINDOWS\System32\SET189.tmp  
C:\WINDOWS\System32\SET18B.tmp  
C:\WINDOWS\System32\SET18E.tmp  
C:\WINDOWS\System32\SET192.tmp  
C:\WINDOWS\System32\SET193.tmp  
C:\WINDOWS\System32\SET196.tmp  
C:\WINDOWS\System32\SET1A5.tmp  
C:\WINDOWS\System32\SET1AB.tmp  
C:\WINDOWS\System32\SET1AC.tmp  
C:\WINDOWS\System32\SET1AF.tmp  
C:\WINDOWS\System32\SET1B0.tmp  
C:\WINDOWS\System32\SET1B1.tmp  
C:\WINDOWS\System32\SET1B3.tmp  
C:\WINDOWS\System32\SET1B4.tmp  
C:\WINDOWS\System32\SET1B7.tmp  
C:\WINDOWS\System32\SET1B8.tmp  
C:\WINDOWS\System32\SET1B9.tmp  
C:\WINDOWS\System32\SET1BA.tmp  
C:\WINDOWS\System32\SET1C0.tmp  
C:\WINDOWS\System32\SET1C7.tmp  
C:\WINDOWS\System32\SET1C8.tmp  
C:\WINDOWS\System32\SET1C9.tmp  
C:\WINDOWS\System32\SET1CA.tmp  
C:\WINDOWS\System32\SET1CD.tmp  
C:\WINDOWS\System32\SET1CF.tmp  
C:\WINDOWS\System32\SET1D0.tmp  
C:\WINDOWS\System32\SET1D7.tmp  
C:\WINDOWS\System32\SET1D9.tmp  
C:\WINDOWS\System32\SET1DA.tmp  
C:\WINDOWS\System32\SET1DB.tmp  
C:\WINDOWS\System32\SET1DD.tmp  
C:\WINDOWS\System32\SET1DE.tmp  
C:\WINDOWS\System32\SET1DF.tmp  
C:\WINDOWS\System32\SET1E1.tmp  
C:\WINDOWS\System32\SET1E4.tmp  
C:\WINDOWS\System32\SET1E5.tmp  
C:\WINDOWS\System32\SET1E6.tmp  
C:\WINDOWS\System32\SET1E7.tmp  
C:\WINDOWS\System32\SET1EA.tmp  
C:\WINDOWS\System32\SET1F0.tmp  
C:\WINDOWS\System32\SET1F5.tmp  
C:\WINDOWS\System32\SET1F6.tmp  
C:\WINDOWS\System32\SET1F9.tmp  
C:\WINDOWS\System32\SET1FC.tmp  
C:\WINDOWS\System32\SET1FD.tmp  
C:\WINDOWS\System32\SET1FF.tmp  
C:\WINDOWS\System32\SET204.tmp  
C:\WINDOWS\System32\SET205.tmp  
C:\WINDOWS\System32\SET207.tmp  
C:\WINDOWS\System32\SET20A.tmp  
C:\WINDOWS\System32\SET214.tmp  
C:\WINDOWS\System32\SET215.tmp  
C:\WINDOWS\System32\SET218.tmp  
C:\WINDOWS\System32\SET21A.tmp  
C:\WINDOWS\System32\SET21B.tmp  
C:\WINDOWS\System32\SET21C.tmp  
C:\WINDOWS\System32\SET21D.tmp  
C:\WINDOWS\System32\SET21F.tmp  
C:\WINDOWS\System32\SET22F.tmp  
C:\WINDOWS\System32\SET234.tmp  
C:\WINDOWS\System32\SET236.tmp  
C:\WINDOWS\System32\SET238.tmp  
C:\WINDOWS\System32\SET239.tmp  
C:\WINDOWS\System32\SET23A.tmp  
C:\WINDOWS\System32\SET23B.tmp  
C:\WINDOWS\System32\SET23D.tmp  
C:\WINDOWS\System32\SET23E.tmp  
C:\WINDOWS\System32\SET242.tmp  
C:\WINDOWS\System32\SET243.tmp  
C:\WINDOWS\System32\SET247.tmp  
C:\WINDOWS\System32\SET248.tmp  
C:\WINDOWS\System32\SET24E.tmp  
C:\WINDOWS\System32\SET24F.tmp  
C:\WINDOWS\System32\SET250.tmp  
C:\WINDOWS\System32\SET258.tmp  
C:\WINDOWS\System32\SET25E.tmp  
C:\WINDOWS\System32\SET25F.tmp  
C:\WINDOWS\System32\SET260.tmp  
C:\WINDOWS\System32\SET262.tmp  
C:\WINDOWS\System32\SET264.tmp  
C:\WINDOWS\System32\SET26A.tmp  
C:\WINDOWS\System32\SET276.tmp  
C:\WINDOWS\System32\SET278.tmp  
C:\WINDOWS\System32\SET27A.tmp  
C:\WINDOWS\System32\SET27B.tmp  
C:\WINDOWS\System32\SET27C.tmp  
C:\WINDOWS\System32\SET27F.tmp  
C:\WINDOWS\System32\SET289.tmp  
C:\WINDOWS\System32\SET28B.tmp  
C:\WINDOWS\System32\SET28C.tmp  
C:\WINDOWS\System32\SET290.tmp  
C:\WINDOWS\System32\SET292.tmp  
C:\WINDOWS\System32\SET296.tmp  
C:\WINDOWS\System32\SET29B.tmp  
C:\WINDOWS\System32\SET29C.tmp  
C:\WINDOWS\System32\SET29D.tmp  
C:\WINDOWS\System32\SET29F.tmp  
C:\WINDOWS\System32\SET2A0.tmp  
C:\WINDOWS\System32\SET2A9.tmp  
C:\WINDOWS\System32\SET2AA.tmp  
C:\WINDOWS\System32\SET2B1.tmp  
C:\WINDOWS\System32\SET2B2.tmp  
C:\WINDOWS\System32\SET2B5.tmp  
C:\WINDOWS\System32\SET2B6.tmp  
C:\WINDOWS\System32\SET2B7.tmp  
C:\WINDOWS\System32\SET2B8.tmp  
C:\WINDOWS\System32\SET2B9.tmp  
C:\WINDOWS\System32\SET2BC.tmp  
C:\WINDOWS\System32\SET2BD.tmp  
C:\WINDOWS\System32\SET2BE.tmp  
C:\WINDOWS\System32\SET2C0.tmp  
C:\WINDOWS\System32\SET2C1.tmp  
C:\WINDOWS\System32\SET2C2.tmp  
C:\WINDOWS\System32\SET2C5.tmp  
C:\WINDOWS\System32\SET2C8.tmp  
C:\WINDOWS\System32\SET2CD.tmp  
C:\WINDOWS\System32\SET2CE.tmp  
C:\WINDOWS\System32\SET2CF.tmp  
C:\WINDOWS\System32\SET2D4.tmp  
C:\WINDOWS\System32\SET2D5.tmp  
C:\WINDOWS\System32\SET2D6.tmp  
C:\WINDOWS\System32\SET2D8.tmp  
C:\WINDOWS\System32\SET2DB.tmp  
C:\WINDOWS\System32\SET2DD.tmp  
C:\WINDOWS\System32\SET2DE.tmp  
C:\WINDOWS\System32\SET2E1.tmp  
C:\WINDOWS\System32\SET2E2.tmp  
C:\WINDOWS\System32\SET2E5.tmp  
C:\WINDOWS\System32\SET2E8.tmp  
C:\WINDOWS\System32\SET2E9.tmp  
C:\WINDOWS\System32\SET2EB.tmp  
C:\WINDOWS\System32\SET2F0.tmp  
C:\WINDOWS\System32\SET2F7.tmp  
C:\WINDOWS\System32\SET2FF.tmp  
C:\WINDOWS\System32\SET300.tmp  
C:\WINDOWS\System32\SET303.tmp  
C:\WINDOWS\System32\SET304.tmp  
C:\WINDOWS\System32\SET311.tmp  
C:\WINDOWS\System32\SET314.tmp  
C:\WINDOWS\System32\SET316.tmp  
C:\WINDOWS\System32\SET317.tmp  
C:\WINDOWS\System32\SET323.tmp  
C:\WINDOWS\System32\SET327.tmp  
C:\WINDOWS\System32\SET328.tmp  
C:\WINDOWS\System32\SET329.tmp  
C:\WINDOWS\System32\SET32A.tmp  
C:\WINDOWS\System32\SET32C.tmp  
C:\WINDOWS\System32\SET32E.tmp  
C:\WINDOWS\System32\SET332.tmp  
C:\WINDOWS\System32\SET336.tmp  
C:\WINDOWS\System32\SET33B.tmp  
C:\WINDOWS\System32\SET33D.tmp  
C:\WINDOWS\System32\SET342.tmp  
C:\WINDOWS\System32\SET344.tmp  
C:\WINDOWS\System32\SET345.tmp  
C:\WINDOWS\System32\SET346.tmp  
C:\WINDOWS\System32\SET348.tmp  
C:\WINDOWS\System32\SET349.tmp  
C:\WINDOWS\System32\SET34E.tmp  
C:\WINDOWS\System32\SET350.tmp  
C:\WINDOWS\System32\SET351.tmp  
C:\WINDOWS\System32\SET358.tmp  
C:\WINDOWS\System32\SET363.tmp  
C:\WINDOWS\System32\SET366.tmp  
C:\WINDOWS\System32\SET367.tmp  
C:\WINDOWS\System32\SET368.tmp  
C:\WINDOWS\System32\SET36C.tmp  
C:\WINDOWS\System32\SET370.tmp  
C:\WINDOWS\System32\SET371.tmp  
C:\WINDOWS\System32\SET372.tmp  
C:\WINDOWS\System32\SET373.tmp  
C:\WINDOWS\System32\SET374.tmp  
C:\WINDOWS\System32\SET375.tmp  
C:\WINDOWS\System32\SET376.tmp  
C:\WINDOWS\System32\SET378.tmp  
C:\WINDOWS\System32\SET379.tmp  
C:\WINDOWS\System32\SET37A.tmp  
C:\WINDOWS\System32\SET37B.tmp  
C:\WINDOWS\System32\SET37C.tmp  
C:\WINDOWS\System32\SET37D.tmp  
C:\WINDOWS\System32\SET37E.tmp  
C:\WINDOWS\System32\SET37F.tmp  
C:\WINDOWS\System32\SET380.tmp  
C:\WINDOWS\System32\SET381.tmp  
C:\WINDOWS\System32\SET382.tmp  
C:\WINDOWS\System32\SET383.tmp  
C:\WINDOWS\System32\SET384.tmp  
C:\WINDOWS\System32\SET385.tmp  
C:\WINDOWS\System32\SET386.tmp  
C:\WINDOWS\System32\SET387.tmp  
C:\WINDOWS\System32\SET388.tmp  
C:\WINDOWS\System32\SET389.tmp  
C:\WINDOWS\System32\SET38A.tmp  
C:\WINDOWS\System32\SET38B.tmp  
C:\WINDOWS\System32\SET38C.tmp  
C:\WINDOWS\System32\SET38D.tmp  
C:\WINDOWS\System32\SET38E.tmp  
C:\WINDOWS\System32\SET38F.tmp  
C:\WINDOWS\System32\SET390.tmp  
C:\WINDOWS\System32\SET391.tmp  
C:\WINDOWS\System32\SET392.tmp  
C:\WINDOWS\System32\SET393.tmp  
C:\WINDOWS\System32\SET394.tmp  
C:\WINDOWS\System32\SET398.tmp  
C:\WINDOWS\System32\SET3A0.tmp  
C:\WINDOWS\System32\SET3A2.tmp  
C:\WINDOWS\System32\SET3AA.tmp  
C:\WINDOWS\System32\SET3AC.tmp  
C:\WINDOWS\System32\SET3C6.tmp  
C:\WINDOWS\System32\SET3C9.tmp  
C:\WINDOWS\System32\SET3CB.tmp  
C:\WINDOWS\System32\SET3CD.tmp  
C:\WINDOWS\System32\SET3CF.tmp  
C:\WINDOWS\System32\SET3D6.tmp  
C:\WINDOWS\System32\SET3DB.tmp  
C:\WINDOWS\System32\SET3F4.tmp  
C:\WINDOWS\System32\SET3FA.tmp  
C:\WINDOWS\System32\SET3FC.tmp  
C:\WINDOWS\System32\SET3FD.tmp  
C:\WINDOWS\System32\SET403.tmp  
C:\WINDOWS\System32\SET407.tmp  
C:\WINDOWS\System32\SET416.tmp  
C:\WINDOWS\System32\SET418.tmp  
C:\WINDOWS\System32\SET419.tmp  
C:\WINDOWS\System32\SET41A.tmp  
C:\WINDOWS\System32\SET424.tmp  
C:\WINDOWS\System32\SET428.tmp  
C:\WINDOWS\System32\SET42D.tmp  
C:\WINDOWS\System32\SET433.tmp  
C:\WINDOWS\System32\SET43E.tmp  
C:\WINDOWS\System32\SET446.tmp  
C:\WINDOWS\System32\SET447.tmp  
C:\WINDOWS\System32\SET472.tmp  
C:\WINDOWS\System32\SET475.tmp  
C:\WINDOWS\System32\SET47C.tmp  
C:\WINDOWS\System32\SET47D.tmp  
C:\WINDOWS\System32\SET47E.tmp  
C:\WINDOWS\System32\SET480.tmp  
C:\WINDOWS\System32\SET481.tmp  
C:\WINDOWS\System32\SET482.tmp  
C:\WINDOWS\System32\SET485.tmp  
C:\WINDOWS\System32\SET487.tmp  
C:\WINDOWS\System32\SET488.tmp  
C:\WINDOWS\System32\SET48A.tmp  
C:\WINDOWS\System32\SET48E.tmp  
C:\WINDOWS\System32\SET490.tmp  
C:\WINDOWS\System32\SET495.tmp  
C:\WINDOWS\System32\SET496.tmp  
C:\WINDOWS\System32\SET49E.tmp  
C:\WINDOWS\System32\SET4A4.tmp  
C:\WINDOWS\System32\SET4AA.tmp  
C:\WINDOWS\System32\SET4AE.tmp  
C:\WINDOWS\System32\SET4B1.tmp  
C:\WINDOWS\System32\SET4B3.tmp  
C:\WINDOWS\System32\SET4B7.tmp  
C:\WINDOWS\System32\SET4BA.tmp  
C:\WINDOWS\System32\SET4BC.tmp  
C:\WINDOWS\System32\SET4BD.tmp  
C:\WINDOWS\System32\SET4C1.tmp  
C:\WINDOWS\System32\SET4C2.tmp  
C:\WINDOWS\System32\SET4C6.tmp  
C:\WINDOWS\System32\SET4C7.tmp  
C:\WINDOWS\System32\SET4CA.tmp  
C:\WINDOWS\System32\SET4D1.tmp  
C:\WINDOWS\System32\SET4D4.tmp  
C:\WINDOWS\System32\SET4D6.tmp  
C:\WINDOWS\System32\SET4D9.tmp  
C:\WINDOWS\System32\SET4DC.tmp  
C:\WINDOWS\System32\SET4DE.tmp  
C:\WINDOWS\System32\SET4E2.tmp  
C:\WINDOWS\System32\SET86.tmp  
C:\WINDOWS\System32\SET87.tmp  
C:\WINDOWS\System32\SET88.tmp  
C:\WINDOWS\System32\SET89.tmp  
C:\WINDOWS\System32\SET8A.tmp  
C:\WINDOWS\System32\SET8B.tmp  
C:\WINDOWS\System32\SET8C.tmp  
C:\WINDOWS\System32\SET8E.tmp  
C:\WINDOWS\System32\SET8F.tmp  
C:\WINDOWS\System32\SET90.tmp  
C:\WINDOWS\System32\SET91.tmp  
C:\WINDOWS\System32\SET92.tmp  
C:\WINDOWS\System32\SET93.tmp  
C:\WINDOWS\System32\SET94.tmp  
C:\WINDOWS\System32\SET95.tmp  
C:\WINDOWS\System32\SET96.tmp  
C:\WINDOWS\System32\SET97.tmp  
C:\WINDOWS\System32\SET98.tmp  
C:\WINDOWS\System32\SET99.tmp  
C:\WINDOWS\System32\SET9A.tmp  
C:\WINDOWS\System32\SET9B.tmp  
C:\WINDOWS\System32\SET9C.tmp  
C:\WINDOWS\System32\SET9D.tmp  
C:\WINDOWS\System32\SET9E.tmp  
C:\WINDOWS\System32\SET9F.tmp  
C:\WINDOWS\System32\SETA0.tmp  
C:\WINDOWS\System32\SETA1.tmp  
C:\WINDOWS\System32\SETA2.tmp  
C:\WINDOWS\System32\SETA3.tmp  
C:\WINDOWS\System32\SETA4.tmp  
C:\WINDOWS\System32\SETA5.tmp  
C:\WINDOWS\System32\SETA6.tmp  
C:\WINDOWS\System32\SETA7.tmp  
C:\WINDOWS\System32\SETA8.tmp  
C:\WINDOWS\System32\SETA9.tmp  
C:\WINDOWS\System32\SETAA.tmp  
C:\WINDOWS\System32\SETBA.tmp  
C:\WINDOWS\System32\SETBB.tmp  
C:\WINDOWS\System32\SETBC.tmp  
C:\WINDOWS\System32\SETBD.tmp  
C:\WINDOWS\System32\SETBE.tmp  
C:\WINDOWS\System32\SETBF.tmp  
C:\WINDOWS\System32\SETC0.tmp  
C:\WINDOWS\System32\SETC2.tmp  
C:\WINDOWS\System32\SETC3.tmp  
C:\WINDOWS\System32\SETC4.tmp  
C:\WINDOWS\System32\SETC5.tmp  
C:\WINDOWS\System32\SETC6.tmp  
C:\WINDOWS\System32\SETC7.tmp  
C:\WINDOWS\System32\SETC8.tmp  
C:\WINDOWS\System32\SETC9.tmp  
C:\WINDOWS\System32\SETCA.tmp  
C:\WINDOWS\System32\SETCB.tmp  
C:\WINDOWS\System32\SETCC.tmp  
C:\WINDOWS\System32\SETCD.tmp  
C:\WINDOWS\System32\SETCE.tmp  
C:\WINDOWS\System32\SETCF.tmp  
C:\WINDOWS\System32\SETD0.tmp  
C:\WINDOWS\System32\SETD1.tmp  
C:\WINDOWS\System32\SETD2.tmp  
C:\WINDOWS\System32\SETD3.tmp  
C:\WINDOWS\System32\SETD4.tmp  
C:\WINDOWS\System32\SETD5.tmp  
C:\WINDOWS\System32\SETD6.tmp  
C:\WINDOWS\System32\SETD7.tmp  
C:\WINDOWS\System32\SETD8.tmp  
C:\WINDOWS\System32\SETD9.tmp  
C:\WINDOWS\System32\SETDA.tmp  
C:\WINDOWS\System32\SETDB.tmp  
C:\WINDOWS\System32\SETDC.tmp  
C:\WINDOWS\System32\SETDD.tmp  
C:\WINDOWS\System32\SETDE.tmp  
C:\WINDOWS\System32\SETE3.tmp  
C:\WINDOWS\System32\SETE4.tmp  
C:\WINDOWS\System32\SETE5.tmp  
C:\WINDOWS\System32\SETE6.tmp  
C:\WINDOWS\System32\SETE7.tmp  
C:\WINDOWS\System32\SETE8.tmp  
C:\WINDOWS\System32\SETE9.tmp  
C:\WINDOWS\System32\SETEB.tmp  
C:\WINDOWS\System32\SETEC.tmp  
C:\WINDOWS\System32\SETED.tmp  
C:\WINDOWS\System32\SETEE.tmp  
C:\WINDOWS\System32\SETEF.tmp  
C:\WINDOWS\System32\SETF0.tmp  
C:\WINDOWS\System32\SETF1.tmp  
C:\WINDOWS\System32\SETF2.tmp  
C:\WINDOWS\System32\SETF3.tmp  
C:\WINDOWS\System32\SETF4.tmp  
C:\WINDOWS\System32\SETF5.tmp  
C:\WINDOWS\System32\SETF6.tmp  
C:\WINDOWS\System32\SETF7.tmp  
C:\WINDOWS\System32\SETF8.tmp  
C:\WINDOWS\System32\SETF9.tmp  
C:\WINDOWS\System32\SETFA.tmp  
C:\WINDOWS\System32\SETFB.tmp  
C:\WINDOWS\System32\SETFC.tmp  
C:\WINDOWS\System32\SETFD.tmp  
C:\WINDOWS\System32\SETFE.tmp  
C:\WINDOWS\System32\SETFF.tmp  
C:\Documents and Settings\Feu Central\Application Data\GDIPFONTCACHEV1.DAT  
C:\Documents and Settings\Feu Central\Application Data\wklnhst.dat  
 
¤¤¤¤¤¤¤¤¤¤ Keys : 

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools"  
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr"  
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"  
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"  

================
Other infections
================

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-05 21:33:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\H8SRTd.sys]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\H8SRTkllxownswi.sys"
"group"="file system"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules]
"H8SRTd"="\\?\globalroot\systemroot\system32\drivers\H8SRTkllxownswi.sys"
"H8SRTc"="\\?\globalroot\systemroot\system32\H8SRTsrtexmobwu.dll"
"H8SRTsrcr"="\\?\globalroot\systemroot\system32\H8SRTbkovkbuyxu.dat"
"h8srtserf"="\\?\globalroot\systemroot\system32\H8SRTirqqqweupw.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:71,8a,b5,98,f5,58,c6,f4,ee,2c,7c,9c,69,ee,19,fa,63,f2,e0,3d,11,..
"u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\H8SRTd.sys]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\H8SRTkllxownswi.sys"
"group"="file system"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules]
"H8SRTd"="\\?\globalroot\systemroot\system32\drivers\H8SRTkllxownswi.sys"
"H8SRTc"="\\?\globalroot\systemroot\system32\H8SRTsrtexmobwu.dll"
"H8SRTsrcr"="\\?\globalroot\systemroot\system32\H8SRTbkovkbuyxu.dat"
"h8srtserf"="\\?\globalroot\systemroot\system32\H8SRTirqqqweupw.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:71,8a,b5,98,f5,58,c6,f4,ee,2c,7c,9c,69,ee,19,fa,63,f2,e0,3d,11,..
"u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:26,5a,78,f7,f1,8c,92,6e,1c,c7,ac,94,40,75,b0,c4,7d,db,30,a3,ff,..
"u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,e7,37,45,55,7a,46,3d,09,b3,ed,9e,60,39,36,4b,8d,f9,..
"hdf12"=hex:97,d8,48,bb,7a,7b,fe,45,dc,39,19,4e,fe,bd,13,26,91,c6,1a,7d,29,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:39,b3,d2,5f,d4,5e,47,48,3f,b8,f9,38,cd,92,ac,fc,9c,0a,13,96,59,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\H8SRTd.sys]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\H8SRTkllxownswi.sys"
"group"="file system"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules]
"H8SRTd"="\\?\globalroot\systemroot\system32\drivers\H8SRTkllxownswi.sys"
"H8SRTc"="\\?\globalroot\systemroot\system32\H8SRTsrtexmobwu.dll"
"H8SRTsrcr"="\\?\globalroot\systemroot\system32\H8SRTbkovkbuyxu.dat"
"h8srtserf"="\\?\globalroot\systemroot\system32\H8SRTirqqqweupw.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:26,5a,78,f7,f1,8c,92,6e,1c,c7,ac,94,40,75,b0,c4,7d,db,30,a3,ff,..
"u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,e7,37,45,55,7a,46,3d,09,b3,ed,9e,60,39,36,4b,8d,f9,..
"hdf12"=hex:97,d8,48,bb,7a,7b,fe,45,dc,39,19,4e,fe,bd,13,26,91,c6,1a,7d,29,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:39,b3,d2,5f,d4,5e,47,48,3f,b8,f9,38,cd,92,ac,fc,9c,0a,13,96,59,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\H8SRTd.sys]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\H8SRTkllxownswi.sys"
"group"="file system"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules]
"H8SRTd"="\\?\globalroot\systemroot\system32\drivers\H8SRTkllxownswi.sys"
"H8SRTc"="\\?\globalroot\systemroot\system32\H8SRTsrtexmobwu.dll"
"H8SRTsrcr"="\\?\globalroot\systemroot\system32\H8SRTbkovkbuyxu.dat"
"h8srtserf"="\\?\globalroot\systemroot\system32\H8SRTirqqqweupw.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:26,5a,78,f7,f1,8c,92,6e,1c,c7,ac,94,40,75,b0,c4,7d,db,30,a3,ff,..
"u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,e7,37,45,55,7a,46,3d,09,b3,ed,9e,60,39,36,4b,8d,f9,..
"hdf12"=hex:97,d8,48,bb,7a,7b,fe,45,dc,39,19,4e,fe,bd,13,26,91,c6,1a,7d,29,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:39,b3,d2,5f,d4,5e,47,48,3f,b8,f9,38,cd,92,ac,fc,9c,0a,13,96,59,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:26,5a,78,f7,f1,8c,92,6e,1c,c7,ac,94,40,75,b0,c4,7d,db,30,a3,ff,..
"u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,e7,37,45,55,7a,46,3d,09,b3,ed,9e,60,39,36,4b,8d,f9,..
"hdf12"=hex:97,d8,48,bb,7a,7b,fe,45,dc,39,19,4e,fe,bd,13,26,91,c6,1a,7d,29,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:39,b3,d2,5f,d4,5e,47,48,3f,b8,f9,38,cd,92,ac,fc,9c,0a,13,96,59,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK 

==========
Programs
==========

Adobe
Apple Software Update
ATI Technologies
AvRack
BitDefender
BlackIsle
Canon
CCleaner
ChessBase
ComPlus Applications
DAEMON Tools Lite
eMule
Exact Audio Copy
Fichiers communs
Hewlett-Packard
hp deskjet 840c series
InstallShield Installation Information
Internet Explorer
Inventel
Java
K-Lite Codec Pack
List_Kill'em
Malwarebytes' Anti-Malware
Messenger
microsoft frontpage
Microsoft Office
Microsoft Silverlight
Microsoft Works
Microsoft Works Suite 2005
Movie Maker
Mozilla Firefox
MSBuild
MSN
MSN Gaming Zone
MSXML 4.0
MSXML 6.0
NetMeeting
Outlook Express
QuickTime
Real Alternative
Realtek Sound Manager
Reference Assemblies
Services en ligne
Softwin
Spybot - Search & Destroy
TimeAdjuster
Uninstall Information
uTorrent
VIA
VIAudioi
Windows Desktop Search
Windows Media Connect 2
Windows Media Player
Windows NT
WindowsUpdate
WinRAR
xerox
XnView-win

============
Lecteur C:
============

AUTOEXEC.BAT
Boot.bak
boot.ini
Bootfont.bin
cc930bf4229d606ec1207b1247
cmdcons
cmldr
CONFIG.SYS
Documents and Settings
hiberfil.sys
IO.SYS
Kill'em
List'em.txt
MSDOS.SYS
NTDETECT.COM
ntldr
pagefile.sys
Program Files
RECYCLER
System Volume Information
WINDOWS
 
¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials 
 
C:\Program Files\BitDefender\BitDefender 2009\BDInProcPatch.exe 
 
 
 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Réponse 34 / 84

Utilisateur anonyme
6 janv. 2010 à 00:28

EDIT : Oups, j'avais pas vu que le log catch me était inclus dans le log List'em... Voilà, c'est effacé...

Réponse 35 / 84

moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 274
6 janv. 2010 à 03:20

▶ Relance List&Kill'em avec le raccourci sur ton bureau ,

mais cette fois-ci :

▶ choisis l'option 2 = Mode Suppression

laisse travailler l'outil.

en fin de scan un rapport s'ouvre

▶ colle le contenu dans ta reponse

Réponse 36 / 84

Utilisateur anonyme
7 janv. 2010 à 03:11

Kill'em by g3n-h@ckm@n 1.1.7.1 
 
User : Feu Central (Administrateurs) # FEUCENTRAL
Update on 03/12/2009 by g3n-h@ckm@n ::::: 21:00 
Start at: 02:38:02 | 07/01/2010
Contact : g3n-h@ckm@n sur CCM

AMD Sempron(tm)   2400+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : Antivirus BitDefender  12.0 [ Enabled | Updated ]

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 77,62 Go (47,48 Go free) | NTFS
D:\ -> Disque fixe local | 77,62 Go (77,56 Go free) | NTFS
E:\ -> Disque fixe local
F:\ -> Disque CD-ROM
 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
 
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Feu Central\Local Settings\Temp\2BE.tmp\pv.exe
 
Detections : 
========== 
 

¤¤¤¤¤¤¤¤¤¤ Files/folders : 

"C:\Documents and Settings\All Users\Application Data\sysReserve.ini"  
C:\WINDOWS\System32\drivers\_004569_.tmp.dll  
C:\WINDOWS\System32\SET100.tmp  
C:\WINDOWS\System32\SET101.tmp  
C:\WINDOWS\System32\SET102.tmp  
C:\WINDOWS\System32\SET103.tmp  
C:\WINDOWS\System32\SET104.tmp  
C:\WINDOWS\System32\SET105.tmp  
C:\WINDOWS\System32\SET106.tmp  
C:\WINDOWS\System32\SET107.tmp  
C:\WINDOWS\System32\SET108.tmp  
C:\WINDOWS\System32\SET109.tmp  
C:\WINDOWS\System32\SET109F.tmp  
C:\WINDOWS\System32\SET10A.tmp  
C:\WINDOWS\System32\SET10A7.tmp  
C:\WINDOWS\System32\SET10A9.tmp  
C:\WINDOWS\System32\SET10AC.tmp  
C:\WINDOWS\System32\SET10AD.tmp  
C:\WINDOWS\System32\SET10B.tmp  
C:\WINDOWS\System32\SET10BA.tmp  
C:\WINDOWS\System32\SET10C.tmp  
C:\WINDOWS\System32\SET10C7.tmp  
C:\WINDOWS\System32\SET10D.tmp  
C:\WINDOWS\System32\SET10E.tmp  
C:\WINDOWS\System32\SET10E0.tmp  
C:\WINDOWS\System32\SET10E6.tmp  
C:\WINDOWS\System32\SET110.tmp  
C:\WINDOWS\System32\SET111.tmp  
C:\WINDOWS\System32\SET112.tmp  
C:\WINDOWS\System32\SET113.tmp  
C:\WINDOWS\System32\SET114.tmp  
C:\WINDOWS\System32\SET115.tmp  
C:\WINDOWS\System32\SET116.tmp  
C:\WINDOWS\System32\SET117.tmp  
C:\WINDOWS\System32\SET118.tmp  
C:\WINDOWS\System32\SET119.tmp  
C:\WINDOWS\System32\SET11A.tmp  
C:\WINDOWS\System32\SET11B.tmp  
C:\WINDOWS\System32\SET11C.tmp  
C:\WINDOWS\System32\SET11D.tmp  
C:\WINDOWS\System32\SET11E.tmp  
C:\WINDOWS\System32\SET11F.tmp  
C:\WINDOWS\System32\SET120.tmp  
C:\WINDOWS\System32\SET121.tmp  
C:\WINDOWS\System32\SET122.tmp  
C:\WINDOWS\System32\SET123.tmp  
C:\WINDOWS\System32\SET124.tmp  
C:\WINDOWS\System32\SET125.tmp  
C:\WINDOWS\System32\SET126.tmp  
C:\WINDOWS\System32\SET127.tmp  
C:\WINDOWS\System32\SET128.tmp  
C:\WINDOWS\System32\SET129.tmp  
C:\WINDOWS\System32\SET12A.tmp  
C:\WINDOWS\System32\SET12B.tmp  
C:\WINDOWS\System32\SET12C.tmp  
C:\WINDOWS\System32\SET12D.tmp  
C:\WINDOWS\System32\SET12E.tmp  
C:\WINDOWS\System32\SET12F.tmp  
C:\WINDOWS\System32\SET130.tmp  
C:\WINDOWS\System32\SET131.tmp  
C:\WINDOWS\System32\SET132.tmp  
C:\WINDOWS\System32\SET133.tmp  
C:\WINDOWS\System32\SET134.tmp  
C:\WINDOWS\System32\SET135.tmp  
C:\WINDOWS\System32\SET136.tmp  
C:\WINDOWS\System32\SET137.tmp  
C:\WINDOWS\System32\SET138.tmp  
C:\WINDOWS\System32\SET139.tmp  
C:\WINDOWS\System32\SET13A.tmp  
C:\WINDOWS\System32\SET13B.tmp  
C:\WINDOWS\System32\SET13C.tmp  
C:\WINDOWS\System32\SET13D.tmp  
C:\WINDOWS\System32\SET13E.tmp  
C:\WINDOWS\System32\SET13F.tmp  
C:\WINDOWS\System32\SET140.tmp  
C:\WINDOWS\System32\SET141.tmp  
C:\WINDOWS\System32\SET142.tmp  
C:\WINDOWS\System32\SET143.tmp  
C:\WINDOWS\System32\SET144.tmp  
C:\WINDOWS\System32\SET145.tmp  
C:\WINDOWS\System32\SET146.tmp  
C:\WINDOWS\System32\SET147.tmp  
C:\WINDOWS\System32\SET148.tmp  
C:\WINDOWS\System32\SET149.tmp  
C:\WINDOWS\System32\SET14A.tmp  
C:\WINDOWS\System32\SET14B.tmp  
C:\WINDOWS\System32\SET14C.tmp  
C:\WINDOWS\System32\SET14D.tmp  
C:\WINDOWS\System32\SET14E.tmp  
C:\WINDOWS\System32\SET14F.tmp  
C:\WINDOWS\System32\SET150.tmp  
C:\WINDOWS\System32\SET180.tmp  
C:\WINDOWS\System32\SET184.tmp  
C:\WINDOWS\System32\SET185.tmp  
C:\WINDOWS\System32\SET187.tmp  
C:\WINDOWS\System32\SET189.tmp  
C:\WINDOWS\System32\SET18B.tmp  
C:\WINDOWS\System32\SET18E.tmp  
C:\WINDOWS\System32\SET192.tmp  
C:\WINDOWS\System32\SET193.tmp  
C:\WINDOWS\System32\SET196.tmp  
C:\WINDOWS\System32\SET1A5.tmp  
C:\WINDOWS\System32\SET1AB.tmp  
C:\WINDOWS\System32\SET1AC.tmp  
C:\WINDOWS\System32\SET1AF.tmp  
C:\WINDOWS\System32\SET1B0.tmp  
C:\WINDOWS\System32\SET1B1.tmp  
C:\WINDOWS\System32\SET1B3.tmp  
C:\WINDOWS\System32\SET1B4.tmp  
C:\WINDOWS\System32\SET1B7.tmp  
C:\WINDOWS\System32\SET1B8.tmp  
C:\WINDOWS\System32\SET1B9.tmp  
C:\WINDOWS\System32\SET1BA.tmp  
C:\WINDOWS\System32\SET1C0.tmp  
C:\WINDOWS\System32\SET1C7.tmp  
C:\WINDOWS\System32\SET1C8.tmp  
C:\WINDOWS\System32\SET1C9.tmp  
C:\WINDOWS\System32\SET1CA.tmp  
C:\WINDOWS\System32\SET1CD.tmp  
C:\WINDOWS\System32\SET1CF.tmp  
C:\WINDOWS\System32\SET1D0.tmp  
C:\WINDOWS\System32\SET1D7.tmp  
C:\WINDOWS\System32\SET1D9.tmp  
C:\WINDOWS\System32\SET1DA.tmp  
C:\WINDOWS\System32\SET1DB.tmp  
C:\WINDOWS\System32\SET1DD.tmp  
C:\WINDOWS\System32\SET1DE.tmp  
C:\WINDOWS\System32\SET1DF.tmp  
C:\WINDOWS\System32\SET1E1.tmp  
C:\WINDOWS\System32\SET1E4.tmp  
C:\WINDOWS\System32\SET1E5.tmp  
C:\WINDOWS\System32\SET1E6.tmp  
C:\WINDOWS\System32\SET1E7.tmp  
C:\WINDOWS\System32\SET1EA.tmp  
C:\WINDOWS\System32\SET1F0.tmp  
C:\WINDOWS\System32\SET1F5.tmp  
C:\WINDOWS\System32\SET1F6.tmp  
C:\WINDOWS\System32\SET1F9.tmp  
C:\WINDOWS\System32\SET1FC.tmp  
C:\WINDOWS\System32\SET1FD.tmp  
C:\WINDOWS\System32\SET1FF.tmp  
C:\WINDOWS\System32\SET204.tmp  
C:\WINDOWS\System32\SET205.tmp  
C:\WINDOWS\System32\SET207.tmp  
C:\WINDOWS\System32\SET20A.tmp  
C:\WINDOWS\System32\SET214.tmp  
C:\WINDOWS\System32\SET215.tmp  
C:\WINDOWS\System32\SET218.tmp  
C:\WINDOWS\System32\SET21A.tmp  
C:\WINDOWS\System32\SET21B.tmp  
C:\WINDOWS\System32\SET21C.tmp  
C:\WINDOWS\System32\SET21D.tmp  
C:\WINDOWS\System32\SET21F.tmp  
C:\WINDOWS\System32\SET22F.tmp  
C:\WINDOWS\System32\SET234.tmp  
C:\WINDOWS\System32\SET236.tmp  
C:\WINDOWS\System32\SET238.tmp  
C:\WINDOWS\System32\SET239.tmp  
C:\WINDOWS\System32\SET23A.tmp  
C:\WINDOWS\System32\SET23B.tmp  
C:\WINDOWS\System32\SET23D.tmp  
C:\WINDOWS\System32\SET23E.tmp  
C:\WINDOWS\System32\SET242.tmp  
C:\WINDOWS\System32\SET243.tmp  
C:\WINDOWS\System32\SET247.tmp  
C:\WINDOWS\System32\SET248.tmp  
C:\WINDOWS\System32\SET24E.tmp  
C:\WINDOWS\System32\SET24F.tmp  
C:\WINDOWS\System32\SET250.tmp  
C:\WINDOWS\System32\SET258.tmp  
C:\WINDOWS\System32\SET25E.tmp  
C:\WINDOWS\System32\SET25F.tmp  
C:\WINDOWS\System32\SET260.tmp  
C:\WINDOWS\System32\SET262.tmp  
C:\WINDOWS\System32\SET264.tmp  
C:\WINDOWS\System32\SET26A.tmp  
C:\WINDOWS\System32\SET276.tmp  
C:\WINDOWS\System32\SET278.tmp  
C:\WINDOWS\System32\SET27A.tmp  
C:\WINDOWS\System32\SET27B.tmp  
C:\WINDOWS\System32\SET27C.tmp  
C:\WINDOWS\System32\SET27F.tmp  
C:\WINDOWS\System32\SET289.tmp  
C:\WINDOWS\System32\SET28B.tmp  
C:\WINDOWS\System32\SET28C.tmp  
C:\WINDOWS\System32\SET290.tmp  
C:\WINDOWS\System32\SET292.tmp  
C:\WINDOWS\System32\SET296.tmp  
C:\WINDOWS\System32\SET29B.tmp  
C:\WINDOWS\System32\SET29C.tmp  
C:\WINDOWS\System32\SET29D.tmp  
C:\WINDOWS\System32\SET29F.tmp  
C:\WINDOWS\System32\SET2A0.tmp  
C:\WINDOWS\System32\SET2A9.tmp  
C:\WINDOWS\System32\SET2AA.tmp  
C:\WINDOWS\System32\SET2B1.tmp  
C:\WINDOWS\System32\SET2B2.tmp  
C:\WINDOWS\System32\SET2B5.tmp  
C:\WINDOWS\System32\SET2B6.tmp  
C:\WINDOWS\System32\SET2B7.tmp  
C:\WINDOWS\System32\SET2B8.tmp  
C:\WINDOWS\System32\SET2B9.tmp  
C:\WINDOWS\System32\SET2BC.tmp  
C:\WINDOWS\System32\SET2BD.tmp  
C:\WINDOWS\System32\SET2BE.tmp  
C:\WINDOWS\System32\SET2C0.tmp  
C:\WINDOWS\System32\SET2C1.tmp  
C:\WINDOWS\System32\SET2C2.tmp  
C:\WINDOWS\System32\SET2C5.tmp  
C:\WINDOWS\System32\SET2C8.tmp  
C:\WINDOWS\System32\SET2CD.tmp  
C:\WINDOWS\System32\SET2CE.tmp  
C:\WINDOWS\System32\SET2CF.tmp  
C:\WINDOWS\System32\SET2D4.tmp  
C:\WINDOWS\System32\SET2D5.tmp  
C:\WINDOWS\System32\SET2D6.tmp  
C:\WINDOWS\System32\SET2D8.tmp  
C:\WINDOWS\System32\SET2DB.tmp  
C:\WINDOWS\System32\SET2DD.tmp  
C:\WINDOWS\System32\SET2DE.tmp  
C:\WINDOWS\System32\SET2E1.tmp  
C:\WINDOWS\System32\SET2E2.tmp  
C:\WINDOWS\System32\SET2E5.tmp  
C:\WINDOWS\System32\SET2E8.tmp  
C:\WINDOWS\System32\SET2E9.tmp  
C:\WINDOWS\System32\SET2EB.tmp  
C:\WINDOWS\System32\SET2F0.tmp  
C:\WINDOWS\System32\SET2F7.tmp  
C:\WINDOWS\System32\SET2FF.tmp  
C:\WINDOWS\System32\SET300.tmp  
C:\WINDOWS\System32\SET303.tmp  
C:\WINDOWS\System32\SET304.tmp  
C:\WINDOWS\System32\SET311.tmp  
C:\WINDOWS\System32\SET314.tmp  
C:\WINDOWS\System32\SET316.tmp  
C:\WINDOWS\System32\SET317.tmp  
C:\WINDOWS\System32\SET323.tmp  
C:\WINDOWS\System32\SET327.tmp  
C:\WINDOWS\System32\SET328.tmp  
C:\WINDOWS\System32\SET329.tmp  
C:\WINDOWS\System32\SET32A.tmp  
C:\WINDOWS\System32\SET32C.tmp  
C:\WINDOWS\System32\SET32E.tmp  
C:\WINDOWS\System32\SET332.tmp  
C:\WINDOWS\System32\SET336.tmp  
C:\WINDOWS\System32\SET33B.tmp  
C:\WINDOWS\System32\SET33D.tmp  
C:\WINDOWS\System32\SET342.tmp  
C:\WINDOWS\System32\SET344.tmp  
C:\WINDOWS\System32\SET345.tmp  
C:\WINDOWS\System32\SET346.tmp  
C:\WINDOWS\System32\SET348.tmp  
C:\WINDOWS\System32\SET349.tmp  
C:\WINDOWS\System32\SET34E.tmp  
C:\WINDOWS\System32\SET350.tmp  
C:\WINDOWS\System32\SET351.tmp  
C:\WINDOWS\System32\SET358.tmp  
C:\WINDOWS\System32\SET363.tmp  
C:\WINDOWS\System32\SET366.tmp  
C:\WINDOWS\System32\SET367.tmp  
C:\WINDOWS\System32\SET368.tmp  
C:\WINDOWS\System32\SET36C.tmp  
C:\WINDOWS\System32\SET370.tmp  
C:\WINDOWS\System32\SET371.tmp  
C:\WINDOWS\System32\SET372.tmp  
C:\WINDOWS\System32\SET373.tmp  
C:\WINDOWS\System32\SET374.tmp  
C:\WINDOWS\System32\SET375.tmp  
C:\WINDOWS\System32\SET376.tmp  
C:\WINDOWS\System32\SET378.tmp  
C:\WINDOWS\System32\SET379.tmp  
C:\WINDOWS\System32\SET37A.tmp  
C:\WINDOWS\System32\SET37B.tmp  
C:\WINDOWS\System32\SET37C.tmp  
C:\WINDOWS\System32\SET37D.tmp  
C:\WINDOWS\System32\SET37E.tmp  
C:\WINDOWS\System32\SET37F.tmp  
C:\WINDOWS\System32\SET380.tmp  
C:\WINDOWS\System32\SET381.tmp  
C:\WINDOWS\System32\SET382.tmp  
C:\WINDOWS\System32\SET383.tmp  
C:\WINDOWS\System32\SET384.tmp  
C:\WINDOWS\System32\SET385.tmp  
C:\WINDOWS\System32\SET386.tmp  
C:\WINDOWS\System32\SET387.tmp  
C:\WINDOWS\System32\SET388.tmp  
C:\WINDOWS\System32\SET389.tmp  
C:\WINDOWS\System32\SET38A.tmp  
C:\WINDOWS\System32\SET38B.tmp  
C:\WINDOWS\System32\SET38C.tmp  
C:\WINDOWS\System32\SET38D.tmp  
C:\WINDOWS\System32\SET38E.tmp  
C:\WINDOWS\System32\SET38F.tmp  
C:\WINDOWS\System32\SET390.tmp  
C:\WINDOWS\System32\SET391.tmp  
C:\WINDOWS\System32\SET392.tmp  
C:\WINDOWS\System32\SET393.tmp  
C:\WINDOWS\System32\SET394.tmp  
C:\WINDOWS\System32\SET398.tmp  
C:\WINDOWS\System32\SET3A0.tmp  
C:\WINDOWS\System32\SET3A2.tmp  
C:\WINDOWS\System32\SET3AA.tmp  
C:\WINDOWS\System32\SET3AC.tmp  
C:\WINDOWS\System32\SET3C6.tmp  
C:\WINDOWS\System32\SET3C9.tmp  
C:\WINDOWS\System32\SET3CB.tmp  
C:\WINDOWS\System32\SET3CD.tmp  
C:\WINDOWS\System32\SET3CF.tmp  
C:\WINDOWS\System32\SET3D6.tmp  
C:\WINDOWS\System32\SET3DB.tmp  
C:\WINDOWS\System32\SET3F4.tmp  
C:\WINDOWS\System32\SET3FA.tmp  
C:\WINDOWS\System32\SET3FC.tmp  
C:\WINDOWS\System32\SET3FD.tmp  
C:\WINDOWS\System32\SET403.tmp  
C:\WINDOWS\System32\SET407.tmp  
C:\WINDOWS\System32\SET416.tmp  
C:\WINDOWS\System32\SET418.tmp  
C:\WINDOWS\System32\SET419.tmp  
C:\WINDOWS\System32\SET41A.tmp  
C:\WINDOWS\System32\SET424.tmp  
C:\WINDOWS\System32\SET428.tmp  
C:\WINDOWS\System32\SET42D.tmp  
C:\WINDOWS\System32\SET433.tmp  
C:\WINDOWS\System32\SET43E.tmp  
C:\WINDOWS\System32\SET446.tmp  
C:\WINDOWS\System32\SET447.tmp  
C:\WINDOWS\System32\SET472.tmp  
C:\WINDOWS\System32\SET475.tmp  
C:\WINDOWS\System32\SET47C.tmp  
C:\WINDOWS\System32\SET47D.tmp  
C:\WINDOWS\System32\SET47E.tmp  
C:\WINDOWS\System32\SET480.tmp  
C:\WINDOWS\System32\SET481.tmp  
C:\WINDOWS\System32\SET482.tmp  
C:\WINDOWS\System32\SET485.tmp  
C:\WINDOWS\System32\SET487.tmp  
C:\WINDOWS\System32\SET488.tmp  
C:\WINDOWS\System32\SET48A.tmp  
C:\WINDOWS\System32\SET48E.tmp  
C:\WINDOWS\System32\SET490.tmp  
C:\WINDOWS\System32\SET495.tmp  
C:\WINDOWS\System32\SET496.tmp  
C:\WINDOWS\System32\SET49E.tmp  
C:\WINDOWS\System32\SET4A4.tmp  
C:\WINDOWS\System32\SET4AA.tmp  
C:\WINDOWS\System32\SET4AE.tmp  
C:\WINDOWS\System32\SET4B1.tmp  
C:\WINDOWS\System32\SET4B3.tmp  
C:\WINDOWS\System32\SET4B7.tmp  
C:\WINDOWS\System32\SET4BA.tmp  
C:\WINDOWS\System32\SET4BC.tmp  
C:\WINDOWS\System32\SET4BD.tmp  
C:\WINDOWS\System32\SET4C1.tmp  
C:\WINDOWS\System32\SET4C2.tmp  
C:\WINDOWS\System32\SET4C6.tmp  
C:\WINDOWS\System32\SET4C7.tmp  
C:\WINDOWS\System32\SET4CA.tmp  
C:\WINDOWS\System32\SET4D1.tmp  
C:\WINDOWS\System32\SET4D4.tmp  
C:\WINDOWS\System32\SET4D6.tmp  
C:\WINDOWS\System32\SET4D9.tmp  
C:\WINDOWS\System32\SET4DC.tmp  
C:\WINDOWS\System32\SET4DE.tmp  
C:\WINDOWS\System32\SET4E2.tmp  
C:\WINDOWS\System32\SET86.tmp  
C:\WINDOWS\System32\SET87.tmp  
C:\WINDOWS\System32\SET88.tmp  
C:\WINDOWS\System32\SET89.tmp  
C:\WINDOWS\System32\SET8A.tmp  
C:\WINDOWS\System32\SET8B.tmp  
C:\WINDOWS\System32\SET8C.tmp  
C:\WINDOWS\System32\SET8E.tmp  
C:\WINDOWS\System32\SET8F.tmp  
C:\WINDOWS\System32\SET90.tmp  
C:\WINDOWS\System32\SET91.tmp  
C:\WINDOWS\System32\SET92.tmp  
C:\WINDOWS\System32\SET93.tmp  
C:\WINDOWS\System32\SET94.tmp  
C:\WINDOWS\System32\SET95.tmp  
C:\WINDOWS\System32\SET96.tmp  
C:\WINDOWS\System32\SET97.tmp  
C:\WINDOWS\System32\SET98.tmp  
C:\WINDOWS\System32\SET99.tmp  
C:\WINDOWS\System32\SET9A.tmp  
C:\WINDOWS\System32\SET9B.tmp  
C:\WINDOWS\System32\SET9C.tmp  
C:\WINDOWS\System32\SET9D.tmp  
C:\WINDOWS\System32\SET9E.tmp  
C:\WINDOWS\System32\SET9F.tmp  
C:\WINDOWS\System32\SETA0.tmp  
C:\WINDOWS\System32\SETA1.tmp  
C:\WINDOWS\System32\SETA2.tmp  
C:\WINDOWS\System32\SETA3.tmp  
C:\WINDOWS\System32\SETA4.tmp  
C:\WINDOWS\System32\SETA5.tmp  
C:\WINDOWS\System32\SETA6.tmp  
C:\WINDOWS\System32\SETA7.tmp  
C:\WINDOWS\System32\SETA8.tmp  
C:\WINDOWS\System32\SETA9.tmp  
C:\WINDOWS\System32\SETAA.tmp  
C:\WINDOWS\System32\SETBA.tmp  
C:\WINDOWS\System32\SETBB.tmp  
C:\WINDOWS\System32\SETBC.tmp  
C:\WINDOWS\System32\SETBD.tmp  
C:\WINDOWS\System32\SETBE.tmp  
C:\WINDOWS\System32\SETBF.tmp  
C:\WINDOWS\System32\SETC0.tmp  
C:\WINDOWS\System32\SETC2.tmp  
C:\WINDOWS\System32\SETC3.tmp  
C:\WINDOWS\System32\SETC4.tmp  
C:\WINDOWS\System32\SETC5.tmp  
C:\WINDOWS\System32\SETC6.tmp  
C:\WINDOWS\System32\SETC7.tmp  
C:\WINDOWS\System32\SETC8.tmp  
C:\WINDOWS\System32\SETC9.tmp  
C:\WINDOWS\System32\SETCA.tmp  
C:\WINDOWS\System32\SETCB.tmp  
C:\WINDOWS\System32\SETCC.tmp  
C:\WINDOWS\System32\SETCD.tmp  
C:\WINDOWS\System32\SETCE.tmp  
C:\WINDOWS\System32\SETCF.tmp  
C:\WINDOWS\System32\SETD0.tmp  
C:\WINDOWS\System32\SETD1.tmp  
C:\WINDOWS\System32\SETD2.tmp  
C:\WINDOWS\System32\SETD3.tmp  
C:\WINDOWS\System32\SETD4.tmp  
C:\WINDOWS\System32\SETD5.tmp  
C:\WINDOWS\System32\SETD6.tmp  
C:\WINDOWS\System32\SETD7.tmp  
C:\WINDOWS\System32\SETD8.tmp  
C:\WINDOWS\System32\SETD9.tmp  
C:\WINDOWS\System32\SETDA.tmp  
C:\WINDOWS\System32\SETDB.tmp  
C:\WINDOWS\System32\SETDC.tmp  
C:\WINDOWS\System32\SETDD.tmp  
C:\WINDOWS\System32\SETDE.tmp  
C:\WINDOWS\System32\SETE3.tmp  
C:\WINDOWS\System32\SETE4.tmp  
C:\WINDOWS\System32\SETE5.tmp  
C:\WINDOWS\System32\SETE6.tmp  
C:\WINDOWS\System32\SETE7.tmp  
C:\WINDOWS\System32\SETE8.tmp  
C:\WINDOWS\System32\SETE9.tmp  
C:\WINDOWS\System32\SETEB.tmp  
C:\WINDOWS\System32\SETEC.tmp  
C:\WINDOWS\System32\SETED.tmp  
C:\WINDOWS\System32\SETEE.tmp  
C:\WINDOWS\System32\SETEF.tmp  
C:\WINDOWS\System32\SETF0.tmp  
C:\WINDOWS\System32\SETF1.tmp  
C:\WINDOWS\System32\SETF2.tmp  
C:\WINDOWS\System32\SETF3.tmp  
C:\WINDOWS\System32\SETF4.tmp  
C:\WINDOWS\System32\SETF5.tmp  
C:\WINDOWS\System32\SETF6.tmp  
C:\WINDOWS\System32\SETF7.tmp  
C:\WINDOWS\System32\SETF8.tmp  
C:\WINDOWS\System32\SETF9.tmp  
C:\WINDOWS\System32\SETFA.tmp  
C:\WINDOWS\System32\SETFB.tmp  
C:\WINDOWS\System32\SETFC.tmp  
C:\WINDOWS\System32\SETFD.tmp  
C:\WINDOWS\System32\SETFE.tmp  
C:\WINDOWS\System32\SETFF.tmp  
 
 
¤¤¤¤¤¤¤¤¤¤ Files/folders deleted : 
  
Quarantine : 

SET100.tmp.Kill'em
SET101.tmp.Kill'em
SET102.tmp.Kill'em
SET103.tmp.Kill'em
SET104.tmp.Kill'em
SET105.tmp.Kill'em
SET106.tmp.Kill'em
SET107.tmp.Kill'em
SET108.tmp.Kill'em
SET109.tmp.Kill'em
SET109F.tmp.Kill'em
SET10A.tmp.Kill'em
SET10A7.tmp.Kill'em
SET10A9.tmp.Kill'em
SET10AC.tmp.Kill'em
SET10AD.tmp.Kill'em
SET10B.tmp.Kill'em
SET10BA.tmp.Kill'em
SET10C.tmp.Kill'em
SET10C7.tmp.Kill'em
SET10D.tmp.Kill'em
SET10E.tmp.Kill'em
SET10E0.tmp.Kill'em
SET10E6.tmp.Kill'em
SET110.tmp.Kill'em
SET111.tmp.Kill'em
SET112.tmp.Kill'em
SET113.tmp.Kill'em
SET114.tmp.Kill'em
SET115.tmp.Kill'em
SET116.tmp.Kill'em
SET117.tmp.Kill'em
SET118.tmp.Kill'em
SET119.tmp.Kill'em
SET11A.tmp.Kill'em
SET11B.tmp.Kill'em
SET11C.tmp.Kill'em
SET11D.tmp.Kill'em
SET11E.tmp.Kill'em
SET11F.tmp.Kill'em
SET120.tmp.Kill'em
SET121.tmp.Kill'em
SET122.tmp.Kill'em
SET123.tmp.Kill'em
SET124.tmp.Kill'em
SET125.tmp.Kill'em
SET126.tmp.Kill'em
SET127.tmp.Kill'em
SET128.tmp.Kill'em
SET129.tmp.Kill'em
SET12A.tmp.Kill'em
SET12B.tmp.Kill'em
SET12C.tmp.Kill'em
SET12D.tmp.Kill'em
SET12E.tmp.Kill'em
SET12F.tmp.Kill'em
SET130.tmp.Kill'em
SET131.tmp.Kill'em
SET132.tmp.Kill'em
SET133.tmp.Kill'em
SET134.tmp.Kill'em
SET135.tmp.Kill'em
SET136.tmp.Kill'em
SET137.tmp.Kill'em
SET138.tmp.Kill'em
SET139.tmp.Kill'em
SET13A.tmp.Kill'em
SET13B.tmp.Kill'em
SET13C.tmp.Kill'em
SET13D.tmp.Kill'em
SET13E.tmp.Kill'em
SET13F.tmp.Kill'em
SET140.tmp.Kill'em
SET141.tmp.Kill'em
SET142.tmp.Kill'em
SET143.tmp.Kill'em
SET144.tmp.Kill'em
SET145.tmp.Kill'em
SET146.tmp.Kill'em
SET147.tmp.Kill'em
SET148.tmp.Kill'em
SET149.tmp.Kill'em
SET14A.tmp.Kill'em
SET14B.tmp.Kill'em
SET14C.tmp.Kill'em
SET14D.tmp.Kill'em
SET14E.tmp.Kill'em
SET14F.tmp.Kill'em
SET150.tmp.Kill'em
SET180.tmp.Kill'em
SET184.tmp.Kill'em
SET185.tmp.Kill'em
SET187.tmp.Kill'em
SET189.tmp.Kill'em
SET18B.tmp.Kill'em
SET18E.tmp.Kill'em
SET192.tmp.Kill'em
SET193.tmp.Kill'em
SET196.tmp.Kill'em
SET1A5.tmp.Kill'em
SET1AB.tmp.Kill'em
SET1AC.tmp.Kill'em
SET1AF.tmp.Kill'em
SET1B0.tmp.Kill'em
SET1B1.tmp.Kill'em
SET1B3.tmp.Kill'em
SET1B4.tmp.Kill'em
SET1B7.tmp.Kill'em
SET1B8.tmp.Kill'em
SET1B9.tmp.Kill'em
SET1BA.tmp.Kill'em
SET1C0.tmp.Kill'em
SET1C7.tmp.Kill'em
SET1C8.tmp.Kill'em
SET1C9.tmp.Kill'em
SET1CA.tmp.Kill'em
SET1CD.tmp.Kill'em
SET1CF.tmp.Kill'em
SET1D0.tmp.Kill'em
SET1D7.tmp.Kill'em
SET1D9.tmp.Kill'em
SET1DA.tmp.Kill'em
SET1DB.tmp.Kill'em
SET1DD.tmp.Kill'em
SET1DE.tmp.Kill'em
SET1DF.tmp.Kill'em
SET1E1.tmp.Kill'em
SET1E4.tmp.Kill'em
SET1E5.tmp.Kill'em
SET1E6.tmp.Kill'em
SET1E7.tmp.Kill'em
SET1EA.tmp.Kill'em
SET1F0.tmp.Kill'em
SET1F5.tmp.Kill'em
SET1F6.tmp.Kill'em
SET1F9.tmp.Kill'em
SET1FC.tmp.Kill'em
SET1FD.tmp.Kill'em
SET1FF.tmp.Kill'em
SET204.tmp.Kill'em
SET205.tmp.Kill'em
SET207.tmp.Kill'em
SET20A.tmp.Kill'em
SET214.tmp.Kill'em
SET215.tmp.Kill'em
SET218.tmp.Kill'em
SET21A.tmp.Kill'em
SET21B.tmp.Kill'em
SET21C.tmp.Kill'em
SET21D.tmp.Kill'em
SET21F.tmp.Kill'em
SET22F.tmp.Kill'em
SET234.tmp.Kill'em
SET236.tmp.Kill'em
SET238.tmp.Kill'em
SET239.tmp.Kill'em
SET23A.tmp.Kill'em
SET23B.tmp.Kill'em
SET23D.tmp.Kill'em
SET23E.tmp.Kill'em
SET242.tmp.Kill'em
SET243.tmp.Kill'em
SET247.tmp.Kill'em
SET248.tmp.Kill'em
SET24E.tmp.Kill'em
SET24F.tmp.Kill'em
SET250.tmp.Kill'em
SET258.tmp.Kill'em
SET25E.tmp.Kill'em
SET25F.tmp.Kill'em
SET260.tmp.Kill'em
SET262.tmp.Kill'em
SET264.tmp.Kill'em
SET26A.tmp.Kill'em
SET276.tmp.Kill'em
SET278.tmp.Kill'em
SET27A.tmp.Kill'em
SET27B.tmp.Kill'em
SET27C.tmp.Kill'em
SET27F.tmp.Kill'em
SET289.tmp.Kill'em
SET28B.tmp.Kill'em
SET28C.tmp.Kill'em
SET290.tmp.Kill'em
SET292.tmp.Kill'em
SET296.tmp.Kill'em
SET29B.tmp.Kill'em
SET29C.tmp.Kill'em
SET29D.tmp.Kill'em
SET29F.tmp.Kill'em
SET2A0.tmp.Kill'em
SET2A9.tmp.Kill'em
SET2AA.tmp.Kill'em
SET2B1.tmp.Kill'em
SET2B2.tmp.Kill'em
SET2B5.tmp.Kill'em
SET2B6.tmp.Kill'em
SET2B7.tmp.Kill'em
SET2B8.tmp.Kill'em
SET2B9.tmp.Kill'em
SET2BC.tmp.Kill'em
SET2BD.tmp.Kill'em
SET2BE.tmp.Kill'em
SET2C0.tmp.Kill'em
SET2C1.tmp.Kill'em
SET2C2.tmp.Kill'em
SET2C5.tmp.Kill'em
SET2C8.tmp.Kill'em
SET2CD.tmp.Kill'em
SET2CE.tmp.Kill'em
SET2CF.tmp.Kill'em
SET2D4.tmp.Kill'em
SET2D5.tmp.Kill'em
SET2D6.tmp.Kill'em
SET2D8.tmp.Kill'em
SET2DB.tmp.Kill'em
SET2DD.tmp.Kill'em
SET2DE.tmp.Kill'em
SET2E1.tmp.Kill'em
SET2E2.tmp.Kill'em
SET2E5.tmp.Kill'em
SET2E8.tmp.Kill'em
SET2E9.tmp.Kill'em
SET2EB.tmp.Kill'em
SET2F0.tmp.Kill'em
SET2F7.tmp.Kill'em
SET2FF.tmp.Kill'em
SET300.tmp.Kill'em
SET303.tmp.Kill'em
SET304.tmp.Kill'em
SET311.tmp.Kill'em
SET314.tmp.Kill'em
SET316.tmp.Kill'em
SET317.tmp.Kill'em
SET323.tmp.Kill'em
SET327.tmp.Kill'em
SET328.tmp.Kill'em
SET329.tmp.Kill'em
SET32A.tmp.Kill'em
SET32C.tmp.Kill'em
SET32E.tmp.Kill'em
SET332.tmp.Kill'em
SET336.tmp.Kill'em
SET33B.tmp.Kill'em
SET33D.tmp.Kill'em
SET342.tmp.Kill'em
SET344.tmp.Kill'em
SET345.tmp.Kill'em
SET346.tmp.Kill'em
SET348.tmp.Kill'em
SET349.tmp.Kill'em
SET34E.tmp.Kill'em
SET350.tmp.Kill'em
SET351.tmp.Kill'em
SET358.tmp.Kill'em
SET363.tmp.Kill'em
SET366.tmp.Kill'em
SET367.tmp.Kill'em
SET368.tmp.Kill'em
SET36C.tmp.Kill'em
SET370.tmp.Kill'em
SET371.tmp.Kill'em
SET372.tmp.Kill'em
SET373.tmp.Kill'em
SET374.tmp.Kill'em
SET375.tmp.Kill'em
SET376.tmp.Kill'em
SET378.tmp.Kill'em
SET379.tmp.Kill'em
SET37A.tmp.Kill'em
SET37B.tmp.Kill'em
SET37C.tmp.Kill'em
SET37D.tmp.Kill'em
SET37E.tmp.Kill'em
SET37F.tmp.Kill'em
SET380.tmp.Kill'em
SET381.tmp.Kill'em
SET382.tmp.Kill'em
SET383.tmp.Kill'em
SET384.tmp.Kill'em
SET385.tmp.Kill'em
SET386.tmp.Kill'em
SET387.tmp.Kill'em
SET388.tmp.Kill'em
SET389.tmp.Kill'em
SET38A.tmp.Kill'em
SET38B.tmp.Kill'em
SET38C.tmp.Kill'em
SET38D.tmp.Kill'em
SET38E.tmp.Kill'em
SET38F.tmp.Kill'em
SET390.tmp.Kill'em
SET391.tmp.Kill'em
SET392.tmp.Kill'em
SET393.tmp.Kill'em
SET394.tmp.Kill'em
SET398.tmp.Kill'em
SET3A0.tmp.Kill'em
SET3A2.tmp.Kill'em
SET3AA.tmp.Kill'em
SET3AC.tmp.Kill'em
SET3C6.tmp.Kill'em
SET3C9.tmp.Kill'em
SET3CB.tmp.Kill'em
SET3CD.tmp.Kill'em
SET3CF.tmp.Kill'em
SET3D6.tmp.Kill'em
SET3DB.tmp.Kill'em
SET3F4.tmp.Kill'em
SET3FA.tmp.Kill'em
SET3FC.tmp.Kill'em
SET3FD.tmp.Kill'em
SET403.tmp.Kill'em
SET407.tmp.Kill'em
SET416.tmp.Kill'em
SET418.tmp.Kill'em
SET419.tmp.Kill'em
SET41A.tmp.Kill'em
SET424.tmp.Kill'em
SET428.tmp.Kill'em
SET42D.tmp.Kill'em
SET433.tmp.Kill'em
SET43E.tmp.Kill'em
SET446.tmp.Kill'em
SET447.tmp.Kill'em
SET472.tmp.Kill'em
SET475.tmp.Kill'em
SET47C.tmp.Kill'em
SET47D.tmp.Kill'em
SET47E.tmp.Kill'em
SET480.tmp.Kill'em
SET481.tmp.Kill'em
SET482.tmp.Kill'em
SET485.tmp.Kill'em
SET487.tmp.Kill'em
SET488.tmp.Kill'em
SET48A.tmp.Kill'em
SET48E.tmp.Kill'em
SET490.tmp.Kill'em
SET495.tmp.Kill'em
SET496.tmp.Kill'em
SET49E.tmp.Kill'em
SET4A4.tmp.Kill'em
SET4AA.tmp.Kill'em
SET4AE.tmp.Kill'em
SET4B1.tmp.Kill'em
SET4B3.tmp.Kill'em
SET4B7.tmp.Kill'em
SET4BA.tmp.Kill'em
SET4BC.tmp.Kill'em
SET4BD.tmp.Kill'em
SET4C1.tmp.Kill'em
SET4C2.tmp.Kill'em
SET4C6.tmp.Kill'em
SET4C7.tmp.Kill'em
SET4CA.tmp.Kill'em
SET4D1.tmp.Kill'em
SET4D4.tmp.Kill'em
SET4D6.tmp.Kill'em
SET4D9.tmp.Kill'em
SET4DC.tmp.Kill'em
SET4DE.tmp.Kill'em
SET4E2.tmp.Kill'em
SET86.tmp.Kill'em
SET87.tmp.Kill'em
SET88.tmp.Kill'em
SET89.tmp.Kill'em
SET8A.tmp.Kill'em
SET8B.tmp.Kill'em
SET8C.tmp.Kill'em
SET8E.tmp.Kill'em
SET8F.tmp.Kill'em
SET90.tmp.Kill'em
SET91.tmp.Kill'em
SET92.tmp.Kill'em
SET93.tmp.Kill'em
SET94.tmp.Kill'em
SET95.tmp.Kill'em
SET96.tmp.Kill'em
SET97.tmp.Kill'em
SET98.tmp.Kill'em
SET99.tmp.Kill'em
SET9A.tmp.Kill'em
SET9B.tmp.Kill'em
SET9C.tmp.Kill'em
SET9D.tmp.Kill'em
SET9E.tmp.Kill'em
SET9F.tmp.Kill'em
SETA0.tmp.Kill'em
SETA1.tmp.Kill'em
SETA2.tmp.Kill'em
SETA3.tmp.Kill'em
SETA4.tmp.Kill'em
SETA5.tmp.Kill'em
SETA6.tmp.Kill'em
SETA7.tmp.Kill'em
SETA8.tmp.Kill'em
SETA9.tmp.Kill'em
SETAA.tmp.Kill'em
SETBA.tmp.Kill'em
SETBB.tmp.Kill'em
SETBC.tmp.Kill'em
SETBD.tmp.Kill'em
SETBE.tmp.Kill'em
SETBF.tmp.Kill'em
SETC0.tmp.Kill'em
SETC2.tmp.Kill'em
SETC3.tmp.Kill'em
SETC4.tmp.Kill'em
SETC5.tmp.Kill'em
SETC6.tmp.Kill'em
SETC7.tmp.Kill'em
SETC8.tmp.Kill'em
SETC9.tmp.Kill'em
SETCA.tmp.Kill'em
SETCB.tmp.Kill'em
SETCC.tmp.Kill'em
SETCD.tmp.Kill'em
SETCE.tmp.Kill'em
SETCF.tmp.Kill'em
SETD0.tmp.Kill'em
SETD1.tmp.Kill'em
SETD2.tmp.Kill'em
SETD3.tmp.Kill'em
SETD4.tmp.Kill'em
SETD5.tmp.Kill'em
SETD6.tmp.Kill'em
SETD7.tmp.Kill'em
SETD8.tmp.Kill'em
SETD9.tmp.Kill'em
SETDA.tmp.Kill'em
SETDB.tmp.Kill'em
SETDC.tmp.Kill'em
SETDD.tmp.Kill'em
SETDE.tmp.Kill'em
SETE3.tmp.Kill'em
SETE4.tmp.Kill'em
SETE5.tmp.Kill'em
SETE6.tmp.Kill'em
SETE7.tmp.Kill'em
SETE8.tmp.Kill'em
SETE9.tmp.Kill'em
SETEB.tmp.Kill'em
SETEC.tmp.Kill'em
SETED.tmp.Kill'em
SETEE.tmp.Kill'em
SETEF.tmp.Kill'em
SETF0.tmp.Kill'em
SETF1.tmp.Kill'em
SETF2.tmp.Kill'em
SETF3.tmp.Kill'em
SETF4.tmp.Kill'em
SETF5.tmp.Kill'em
SETF6.tmp.Kill'em
SETF7.tmp.Kill'em
SETF8.tmp.Kill'em
SETF9.tmp.Kill'em
SETFA.tmp.Kill'em
SETFB.tmp.Kill'em
SETFC.tmp.Kill'em
SETFD.tmp.Kill'em
SETFE.tmp.Kill'em
SETFF.tmp.Kill'em
sysReserve.ini.Kill'em
_004569_.tmp.dll.Kill'em

==============
host file OK !
==============

========
Registry
========
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools  
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr  
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe  
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe  

============
Disk Cleaned
============
 
================
Prefetch cleaned 
================
 
 
 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Réponse 37 / 84

moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 274
7 janv. 2010 à 04:08

c'est plus propre ainsi...

le pc est il ok ?

Réponse 38 / 84

Utilisateur anonyme
7 janv. 2010 à 06:11

Oui, le PC est ok... Merci à toi...

Réponse 39 / 84

moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 274
7 janv. 2010 à 06:14

tu peux mettre le topic en resolu
https://www.commentcamarche.net/infos/25917-marquer-un-fil-de-discussion-comme-etant-resolu/

Bonne continuation et surtout , prudence et bon surf :)

Réponse 40 / 84

Utilisateur anonyme
7 janv. 2010 à 22:06

catchme a trouvé du TDSS dans List_Kill'em.....