Virus impossible à supprimer
Résolu
quanoo
Messages postés
60
Statut
Membre
-
moment de grace Messages postés 30049 Statut Contributeur sécurité -
moment de grace Messages postés 30049 Statut Contributeur sécurité -
Bonjour,
Voila, je suis sure d'avoir un virus. Malheureusement il bloque mon antivirus et tout autre logiciel me permettant de le supprimé. Quand j'essaie de le supprimé manuellement il me dit qu'il est impossible de le supprimé car le dossier n'est pas vide.
Merci de votre aide.
Voila, je suis sure d'avoir un virus. Malheureusement il bloque mon antivirus et tout autre logiciel me permettant de le supprimé. Quand j'essaie de le supprimé manuellement il me dit qu'il est impossible de le supprimé car le dossier n'est pas vide.
Merci de votre aide.
A voir également:
- Sfsync02.sys boot error
- Supprimer rond bleu whatsapp - Guide
- Fichier impossible à supprimer - Guide
- Impossible de supprimer une page word - Guide
- Comment supprimer fausse alerte virus mcafee - Accueil - Piratage
- Supprimer pub youtube - Accueil - Streaming
57 réponses
Mhhh et bien des fichiers que je ne connait pas, je sais absolument pas ce qu'ils font ici. Mais à chaque fois que j'allume mon pc il ouvre se fichier.
cites moi quelques noms de fichiers
et il se trouve où dans ton pc ce dossier logiciel
supprimons les outils utilisés pour voir si ca a un rapport
Télécharge ToolsCleaner2sur ton Bureau.
https://www.commentcamarche.net/telecharger/securite/22061-toolscleaner/
* Double-clique (clic droit "en tant qu'administrateur" pour Vista) sur ToolsCleaner2.exe pour le lancer.
* Clique sur Recherche et laisse le scan agir.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options Facultatives.
* Clique sur Quitter pour obtenir le rapport.
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
▶ Tu peux supprimer ensuite ToolCleaner
et il se trouve où dans ton pc ce dossier logiciel
supprimons les outils utilisés pour voir si ca a un rapport
Télécharge ToolsCleaner2sur ton Bureau.
https://www.commentcamarche.net/telecharger/securite/22061-toolscleaner/
* Double-clique (clic droit "en tant qu'administrateur" pour Vista) sur ToolsCleaner2.exe pour le lancer.
* Clique sur Recherche et laisse le scan agir.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options Facultatives.
* Clique sur Quitter pour obtenir le rapport.
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
▶ Tu peux supprimer ensuite ToolCleaner
Le fichier est dans le lecteur D, il comporte les fichiers "install.res.1028.dll", "eula.3082", "PLATFORM.ILE", ...
Sinon ToolCleaner ne fonctionne pas. Dés que je lance la recherche le logiciel ne répond plus.
Sinon ToolCleaner ne fonctionne pas. Dés que je lance la recherche le logiciel ne répond plus.
supprimes toolcleaner
.................
Téléchargez USBFIX de Chiquitine29, C_xx
http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe
ou
https://www.ionos.fr/?affiliate_id=77097
/!\ Utilisateur de vista et windows 7 :
ne pas oublier de désactiver Le contrôle des comptes utilisateurs
https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac
/!\ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
• Double clic sur le raccourci UsbFix présent sur le bureau .
• Choisir l'option 1 (Recherche)
(d’autres options disponibles, voir le tutoriel).
• Laissez travailler l'outil.
• Ensuite postez le rapport UsbFix.txt qui apparaîtra.
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
• Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html
.................
Téléchargez USBFIX de Chiquitine29, C_xx
http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe
ou
https://www.ionos.fr/?affiliate_id=77097
/!\ Utilisateur de vista et windows 7 :
ne pas oublier de désactiver Le contrôle des comptes utilisateurs
https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac
/!\ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
• Double clic sur le raccourci UsbFix présent sur le bureau .
• Choisir l'option 1 (Recherche)
(d’autres options disponibles, voir le tutoriel).
• Laissez travailler l'outil.
• Ensuite postez le rapport UsbFix.txt qui apparaîtra.
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
• Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
############################## | UsbFix V6.074 |
User : Propriétaire (Administrateurs) # REQUIER-1C9D4F7
Update on 15/01/2010 by El Desaparecido , C_XX & Chimay8
Start at: 18:17:40 | 16/01/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
AMD Sempron(tm) Processor 3000+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
FW : Look 'n' Stop 2.06p3 (Soft4Ever)[ (!) Disabled ]2.06p3
C:\ -> Disque fixe local # 39,07 Go (5,5 Go free) # NTFS
D:\ -> Disque fixe local # 109,97 Go (65,84 Go free) # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM # 650,12 Mo (0 Mo free) [Sims2EP1_1] # CDFS
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe 848
C:\WINDOWS\system32\csrss.exe 900
C:\WINDOWS\system32\winlogon.exe 924
C:\WINDOWS\system32\services.exe 968
C:\WINDOWS\system32\lsass.exe 980
C:\WINDOWS\system32\svchost.exe 1152
C:\WINDOWS\system32\svchost.exe 1212
C:\WINDOWS\System32\svchost.exe 1336
C:\Program Files\Ahead\InCD\InCDsrv.exe 1356
C:\WINDOWS\system32\svchost.exe 1512
C:\WINDOWS\system32\svchost.exe 1580
C:\WINDOWS\system32\svchost.exe 1764
C:\WINDOWS\system32\spoolsv.exe 1864
C:\Program Files\Avira\AntiVir Desktop\sched.exe 1900
C:\WINDOWS\system32\svchost.exe 1984
C:\WINDOWS\Explorer.EXE 324
C:\WINDOWS\system32\S3trayp.exe 476
C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe 484
C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe 492
C:\WINDOWS\system32\VTTimer.exe 500
C:\WINDOWS\RTHDCPL.EXE 508
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe 576
D:\daemon.exe 608
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 640
C:\WINDOWS\PixArt\PAC207\Monitor.exe 648
C:\Program Files\Java\jre6\bin\jusched.exe 656
C:\WINDOWS\system32\ctfmon.exe 664
C:\Program Files\DNA\btdna.exe 680
C:\Program Files\Neuf\Kit\9props.exe 1616
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe 1636
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe 1644
C:\Program Files\Avira\AntiVir Desktop\avguard.exe 1704
C:\Program Files\Bonjour\mDNSResponder.exe 1732
C:\WINDOWS\System32\svchost.exe 2004
C:\Program Files\Java\jre6\bin\jqs.exe 256
C:\WINDOWS\system32\HPZipm12.exe 1392
C:\WINDOWS\system32\svchost.exe 1028
C:\WINDOWS\system32\wbem\wmiapsrv.exe 2940
C:\WINDOWS\System32\alg.exe 3236
C:\WINDOWS\System32\svchost.exe 3684
C:\Program Files\Mozilla Firefox\firefox.exe 3880
C:\Program Files\Windows Media Player\wmplayer.exe 1808
C:\WINDOWS\system32\wbem\wmiprvse.exe 304
################## | Elements infectieux |
C:\log.txt
F:\autorun.inf
################## | Registre |
################## | Mountpoints2 |
################## | Cracks > Keygens > Serials |
"D:\Da sims 2\crack\Sims2EP4.exe"
17/10/2006 14:53 |Size 16322560 |Crc32 f62e489f |Md5 21c1414fa932286ba6569176bbd0ce92
"D:\Da sims 2\Les Sims 2 La Bonne Affaire\Keygen\Keygen.exe"
02/03/2006 19:19 |Size 123904 |Crc32 8d8a00d7 |Md5 3c710465b319394538bffe9ff2595e62
"D:\Da sims 2\crack.rar"
-> contain : crack\Sims2EP4.exe
################## | ! Fin du rapport # UsbFix V6.074 ! |
User : Propriétaire (Administrateurs) # REQUIER-1C9D4F7
Update on 15/01/2010 by El Desaparecido , C_XX & Chimay8
Start at: 18:17:40 | 16/01/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
AMD Sempron(tm) Processor 3000+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
FW : Look 'n' Stop 2.06p3 (Soft4Ever)[ (!) Disabled ]2.06p3
C:\ -> Disque fixe local # 39,07 Go (5,5 Go free) # NTFS
D:\ -> Disque fixe local # 109,97 Go (65,84 Go free) # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM # 650,12 Mo (0 Mo free) [Sims2EP1_1] # CDFS
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe 848
C:\WINDOWS\system32\csrss.exe 900
C:\WINDOWS\system32\winlogon.exe 924
C:\WINDOWS\system32\services.exe 968
C:\WINDOWS\system32\lsass.exe 980
C:\WINDOWS\system32\svchost.exe 1152
C:\WINDOWS\system32\svchost.exe 1212
C:\WINDOWS\System32\svchost.exe 1336
C:\Program Files\Ahead\InCD\InCDsrv.exe 1356
C:\WINDOWS\system32\svchost.exe 1512
C:\WINDOWS\system32\svchost.exe 1580
C:\WINDOWS\system32\svchost.exe 1764
C:\WINDOWS\system32\spoolsv.exe 1864
C:\Program Files\Avira\AntiVir Desktop\sched.exe 1900
C:\WINDOWS\system32\svchost.exe 1984
C:\WINDOWS\Explorer.EXE 324
C:\WINDOWS\system32\S3trayp.exe 476
C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe 484
C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe 492
C:\WINDOWS\system32\VTTimer.exe 500
C:\WINDOWS\RTHDCPL.EXE 508
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe 576
D:\daemon.exe 608
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 640
C:\WINDOWS\PixArt\PAC207\Monitor.exe 648
C:\Program Files\Java\jre6\bin\jusched.exe 656
C:\WINDOWS\system32\ctfmon.exe 664
C:\Program Files\DNA\btdna.exe 680
C:\Program Files\Neuf\Kit\9props.exe 1616
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe 1636
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe 1644
C:\Program Files\Avira\AntiVir Desktop\avguard.exe 1704
C:\Program Files\Bonjour\mDNSResponder.exe 1732
C:\WINDOWS\System32\svchost.exe 2004
C:\Program Files\Java\jre6\bin\jqs.exe 256
C:\WINDOWS\system32\HPZipm12.exe 1392
C:\WINDOWS\system32\svchost.exe 1028
C:\WINDOWS\system32\wbem\wmiapsrv.exe 2940
C:\WINDOWS\System32\alg.exe 3236
C:\WINDOWS\System32\svchost.exe 3684
C:\Program Files\Mozilla Firefox\firefox.exe 3880
C:\Program Files\Windows Media Player\wmplayer.exe 1808
C:\WINDOWS\system32\wbem\wmiprvse.exe 304
################## | Elements infectieux |
C:\log.txt
F:\autorun.inf
################## | Registre |
################## | Mountpoints2 |
################## | Cracks > Keygens > Serials |
"D:\Da sims 2\crack\Sims2EP4.exe"
17/10/2006 14:53 |Size 16322560 |Crc32 f62e489f |Md5 21c1414fa932286ba6569176bbd0ce92
"D:\Da sims 2\Les Sims 2 La Bonne Affaire\Keygen\Keygen.exe"
02/03/2006 19:19 |Size 123904 |Crc32 8d8a00d7 |Md5 3c710465b319394538bffe9ff2595e62
"D:\Da sims 2\crack.rar"
-> contain : crack\Sims2EP4.exe
################## | ! Fin du rapport # UsbFix V6.074 ! |
non rien de particulier
j'avoue pour l'instant ma faiblesse sur ce coup là
fais tourner antivir sur le disque D et voyons ce qu'il en pense
j'avoue pour l'instant ma faiblesse sur ce coup là
fais tourner antivir sur le disque D et voyons ce qu'il en pense
msn a dur souffrir de bagle et à réinstaller surement
en revanche ton dossier logiciel, je regarderai de chez moi à nouveau tes rapports...
pour supprimer les outil
Télécharge OTC de Old Timer.
http://www.geekstogo.com/forum/files/file/403-otc-oldtimers-clean-it/
Clique droit sur OTCleanIt et choisis Exécuter en tant qu'administrateur.
Clique sur le bouton "CleanUp!" .
Sélectionne Oui lorsque la demande " processus de nettoyage?" s'affiche.
Si tu es invité à redémarrer le PC au cours de l'assainissement, sélectionne Oui.
L'outil va se supprimer lui-même une fois la fin de l'opération.
Sinon supprime le manuellement.
en revanche ton dossier logiciel, je regarderai de chez moi à nouveau tes rapports...
pour supprimer les outil
Télécharge OTC de Old Timer.
http://www.geekstogo.com/forum/files/file/403-otc-oldtimers-clean-it/
Clique droit sur OTCleanIt et choisis Exécuter en tant qu'administrateur.
Clique sur le bouton "CleanUp!" .
Sélectionne Oui lorsque la demande " processus de nettoyage?" s'affiche.
Si tu es invité à redémarrer le PC au cours de l'assainissement, sélectionne Oui.
L'outil va se supprimer lui-même une fois la fin de l'opération.
Sinon supprime le manuellement.
Daemon est supprimé ! Le dossier n'apparait plus au démarrage :)
Par contre impossible de réinstaller Msn, il m'affiche qu'il y a une erreur.
Par contre impossible de réinstaller Msn, il m'affiche qu'il y a une erreur.
Effectivement il était mal désinstallé ;)
Tout fonctionne parfaitement maintenant, et même encore mieux qu'avant !
Merci beaucoup de m'avoir aidé !
Tout fonctionne parfaitement maintenant, et même encore mieux qu'avant !
Merci beaucoup de m'avoir aidé !
ce n'est pas fini
cette fois ci on reste jusqu'au bout...
(sourire)
relances RSIT et postes le rapport log pour un prochain post, ce soir ou demain, de nettoyage
cette fois ci on reste jusqu'au bout...
(sourire)
relances RSIT et postes le rapport log pour un prochain post, ce soir ou demain, de nettoyage
Désolé pour ce très long moment sans réponse, mais pour des raisons personnelles je n'ai pas pu retourner sur le pc depuis. Je ne sais pas si qqun a touché à qqchose depuis ce moment d'absence mais je poste quand même le rapport:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Propriétaire at 2010-03-21 17:16:00
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 3 GB (7%) free of 40 GB
Total RAM: 447 MB (8% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:42:00, on 19/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\S3trayp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Logfile of random's system information tool 1.06 (written by random/random)
Run by Propriétaire at 2010-03-21 17:16:00
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 3 GB (7%) free of 40 GB
Total RAM: 447 MB (8% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:42:00, on 19/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\S3trayp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
bonjour
effectivement du temps à passer
selon ton rapport il y a des petites choses
1)
vu le temps passé on supprime tous les outils utilisés précedement
Télécharge ToolsCleaner2sur ton Bureau.
https://www.commentcamarche.net/telecharger/securite/22061-toolscleaner/
* Double-clique (clic droit "en tant qu'administrateur" pour Vista) sur ToolsCleaner2.exe pour le lancer.
* Clique sur Recherche et laisse le scan agir.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options Facultatives.
* Clique sur Quitter pour obtenir le rapport.
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
Tu peux supprimer ToolCleaner ensuite
.....................
2)
si tu as encore List_Kill'em désinstalles et supprimes le
(il a bien grandi depuis...sourire)
Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection)
? Télécharge et installe List&Kill'em et enregistre le sur ton bureau
http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem_Install.exe
double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation
coche la case "creer une icone sur le bureau"
une fois terminée , clic sur "terminer" et le programme se lancer seul
choisis la langue puis choisis l'option 1 = Mode Recherche
? laisse travailler l'outil
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.
un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.
? Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
tu peux supprimer le rapport catchme.log de ton bureau maintenant.
effectivement du temps à passer
selon ton rapport il y a des petites choses
1)
vu le temps passé on supprime tous les outils utilisés précedement
Télécharge ToolsCleaner2sur ton Bureau.
https://www.commentcamarche.net/telecharger/securite/22061-toolscleaner/
* Double-clique (clic droit "en tant qu'administrateur" pour Vista) sur ToolsCleaner2.exe pour le lancer.
* Clique sur Recherche et laisse le scan agir.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options Facultatives.
* Clique sur Quitter pour obtenir le rapport.
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
Tu peux supprimer ToolCleaner ensuite
.....................
2)
si tu as encore List_Kill'em désinstalles et supprimes le
(il a bien grandi depuis...sourire)
Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection)
? Télécharge et installe List&Kill'em et enregistre le sur ton bureau
http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem_Install.exe
double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation
coche la case "creer une icone sur le bureau"
une fois terminée , clic sur "terminer" et le programme se lancer seul
choisis la langue puis choisis l'option 1 = Mode Recherche
? laisse travailler l'outil
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.
un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.
? Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
tu peux supprimer le rapport catchme.log de ton bureau maintenant.
List'em by g3n-h@ckm@n 1.6.0.2
User : Propriétaire (Administrateurs)
Update on 18/03/2010 by g3n-h@ckm@n ::::: 12.30
Start at: 17:42:14 | 21/03/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7
AMD Sempron(tm) Processor 3000+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.32 [ (!) Disabled | Updated ]
FW : Look 'n' Stop 2.06p3 (Soft4Ever)[ (!) Disabled ]2.06p3
C:\ -> Disque fixe local | 39,07 Go (2,74 Go free) | NTFS
D:\ -> Disque fixe local | 109,97 Go (64,92 Go free) | NTFS
E:\ -> Disque CD-ROM
G:\ -> Disque amovible
Boot: Normal
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\S3trayp.exe
C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Neuf\Kit\9props.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\eMule\emule.exe
C:\WINDOWS\Iwutea.exe
C:\Program Files\Fichiers communs\Adobe\Updater6\Adobe_Updater.exe
C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\Idx.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\pv.exe
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
BitTorrent DNA REG_SZ "C:\Program Files\DNA\btdna.exe"
Uniblue RegistryBooster 2009 REG_SZ D:\Logiciel pour carte graphique\Uniblue\RegistryBooster\RegistryBooster.exe /S
Connexion SFR 9props.exe REG_SZ "C:\Program Files\Neuf\Kit\9props.exe" /trayicon
YVIBBBHA8C REG_SZ C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\Idx.exe
WEK9EMDHI9 REG_SZ C:\WINDOWS\Iwutea.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
S3Trayp REG_SZ S3trayp.exe
Pop-Up Stopper REG_SZ "C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe"
Adobe Photo Downloader REG_SZ "D:\3.2\Apps\apdproxy.exe"
VTTimer REG_SZ VTTimer.exe
RTHDCPL REG_SZ RTHDCPL.EXE
SkyTel REG_SZ SkyTel.EXE
Alcmtr REG_SZ ALCMTR.EXE
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
QuickTime Task REG_SZ "D:\QuickTime\qttask.exe" -atboottime
avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
Monitor REG_SZ C:\WINDOWS\PixArt\PAC207\Monitor.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
EnableLUA REG_DWORD 0 (0x0)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_BINARY 95000000
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 1 (0x1)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultDomainName REG_SZ REQUIER-1C9D4F7
DefaultUserName REG_SZ Propriétaire
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 1 (0x1)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 1 (0x1)
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 0 (0x0)
AltDefaultUserName REG_SZ Propriétaire
AltDefaultDomainName REG_SZ REQUIER-1C9D4F7
ChangePasswordUseKerberos REG_DWORD 1 (0x1)
AutoAdminLogon REG_SZ 0
Background REG_SZ 0 0 0
SfcScan REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe REG_SZ C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe:*:Enabled:Kaspersky Anti-Virus
C:\Program Files\eMule\emule.exe REG_SZ C:\Program Files\eMule\emule.exe:*:Enabled:eMule
C:\Program Files\Vendetta\Vendetta.exe REG_SZ C:\Program Files\Vendetta\Vendetta.exe:*:Enabled:Vendetta
C:\Documents and Settings\Propriétaire\Bureau\LimeWire\LimeWire.exe REG_SZ C:\Documents and Settings\Propriétaire\Bureau\LimeWire\LimeWire.exe:*:Enabled:LimeWire
C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\services.exe REG_SZ C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\services.exe:*:Enabled:Flash Player2
C:\Program Files\Bonjour\mDNSResponder.exe REG_SZ C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
D:\LimeWire\LimeWire.exe REG_SZ D:\LimeWire\LimeWire.exe:*:Enabled:LimeWire
D:\Mes documents\eMule\emule.exe REG_SZ D:\Mes documents\eMule\emule.exe:*:Enabled:eMule
C:\Program Files\MySpace\IM\MySpaceIM.exe REG_SZ C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger
C:\WINDOWS\system32\dpvsetup.exe REG_SZ C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
C:\WINDOWS\system32\rundll32.exe REG_SZ C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application
C:\WINDOWS\system32\drivers\svchost.exe REG_SZ C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost
C:\Program Files\ma-config.com\maconfservice.exe REG_SZ C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice
C:\Program Files\DNA\btdna.exe REG_SZ C:\Program Files\DNA\btdna.exe:*:Enabled:DNA
C:\Program Files\BitTorrent\bittorrent.exe REG_SZ C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
C:\Program Files\HP\Digital Imaging\bin\hposid01.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe REG_SZ C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe REG_SZ C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe
C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
===============
ActivX controls
===============
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{0CCA191D-13A6-4E29-B746-314DEE697D83}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{166B1BCA-3F9C-11CF-8075-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{20A60F0D-9AFA-4515-A0FD-83BD84642501}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{233C1507-6A77-46A4-9443-F871F945D258}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D6F45B3-9043-443D-A792-115447494D24}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6414512B-B978-451D-A0D8-FCFDF33E833C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{867E13F2-7F31-44FB-AC97-CD38E0DC46EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48}]
===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{ED3DF1A7-E9AD-41C7-A62A-1CDA6E33F517}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Microsoft Base Smart Card Crypto Provider Package]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{233C1507-6A77-46A4-9443-F871F945D258}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2BF024F4-FEA1-E6F6-4D88-2B624839AB85}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3EB7DEA8-CAE0-B143-B016-F0F3C48BBBCE}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5056b317-8d4c-43ee-8543-b9d1e234b8f4}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{729A8BE0-FC8F-B46B-85C3-6CBC63A548E8}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9331AFAF-D6C1-E0A5-21FB-266572A249F1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B508B3F1-A24A-32C0-B310-85786919EF28}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B61F7032-38D5-17DD-0E76-BCB2A3C093E2}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EB88F089-A126-0812-CF4E-CCC61FB1A7B7}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}]
==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
===
DNS
===
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9426CA9E-0EAE-452C-B0BB-DC29DD1B35C7}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9426CA9E-0EAE-452C-B0BB-DC29DD1B35C7}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x2 ( OK = 2 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
=========
Atapi.sys
=========
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\ServicePackFiles\i386\atapi.sys
##
96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\ServicePackFiles\i386\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\system32\drivers\atapi.sys
##
96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\system32\drivers\atapi.sys
Référence :
==========
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e
=======
Drive :
=======
D'fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.
Rapport d'analyse
39,07 Go total, 2,74 Go libre (7%), 29% fragment' (fragmentation du fichier 52%)
Vous devriez d'fragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Present !! : C:\Program Files\Circle Dvelopement
Present !! : C:\Program Files\GamesBar
Present !! : C:\WINDOWS\002928_.tmp
Present !! : C:\WINDOWS\003061_.tmp
Present !! : C:\WINDOWS\SET3.tmp
Present !! : C:\WINDOWS\SET4.tmp
Present !! : C:\WINDOWS\SET77.tmp
Present !! : C:\WINDOWS\SET7A.tmp
Present !! : C:\WINDOWS\SET8.tmp
Present !! : C:\WINDOWS\SET86.tmp
Present !! : C:\WINDOWS\SETB9.tmp
Present !! : C:\WINDOWS\System32\sshnas??.dll
Present !! : C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
Present !! : C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
Present !! : C:\Documents and Settings\Propri'taire\Application Data\awyqivusez.ban
Present !! : C:\Documents and Settings\Propri'taire\Application Data\ademimoq.dat
Present !! : C:\Documents and Settings\Propri'taire\Application Data\GDIPFONTCACHEV1.DAT
Present !! : C:\Documents and Settings\Propri'taire\Application Data\ozokusebyt.dat
Present !! : C:\Documents and Settings\Propri'taire\Application Data\HPSU_48BitScanUpdate.log
Present !! : C:\Documents and Settings\Propri'taire\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
Present !! : C:\Documents and Settings\Propri'taire\Application Data\Update_HP_RedboxHprblog_HPSU.log
Present !! : C:\Documents and Settings\Propri'taire\Application Data\ademimoq.dat
Present !! : C:\Documents and Settings\Propri'taire\Application Data\GDIPFONTCACHEV1.DAT
Present !! : C:\Documents and Settings\Propri'taire\Application Data\ozokusebyt.dat
Present !! : C:\Documents and Settings\Propri'taire\Application Data\drivers
Present !! : C:\Documents and Settings\Propri'taire\Local Settings\Temp\a.dat
Present !! : C:\Documents and Settings\Propri'taire\Local Settings\Temp\b.dat
Present !! : C:\Documents and Settings\Propri'taire\Local Settings\Temp\Id0.exe
Present !! : C:\Documents and Settings\Propri'taire\Local Settings\Temp\Idv.exe
Present !! : C:\Documents and Settings\Propri'taire\Local Settings\Temp\Idw.exe
Present !! : C:\Documents and Settings\Propri'taire\Local Settings\Temp\Idx.exe
Present !! : C:\Documents and Settings\Propri'taire\Local Settings\Temp\Idy.exe
Present !! : C:\Documents and Settings\Propri'taire\Local Settings\Temp\Idz.exe
Present !! : C:\Documents and Settings\Propri'taire\LOCAL Settings\Temp\8BD54F3E-DD19-4a69-93D8-5C6A5BBBE20E.exe
Present !! : C:\Documents and Settings\Propri'taire\LOCAL Settings\Temp\eauninstall.exe
Present !! : C:\Documents and Settings\Propri'taire\LOCAL Settings\Temp\Id0.exe
Present !! : C:\Documents and Settings\Propri'taire\LOCAL Settings\Temp\Idv.exe
Present !! : C:\Documents and Settings\Propri'taire\LOCAL Settings\Temp\Idw.exe
Present !! : C:\Documents and Settings\Propri'taire\LOCAL Settings\Temp\Idx.exe
Present !! : C:\Documents and Settings\Propri'taire\LOCAL Settings\Temp\Idy.exe
Present !! : C:\Documents and Settings\Propri'taire\LOCAL Settings\Temp\Idz.exe
Present !! : C:\Documents and Settings\Propri'taire\LOCAL Settings\Temp\lsnfier.exe
Present !! : C:\Documents and Settings\Propri'taire\LOCAL Settings\Temp\msizapMG.exe
Present !! : C:\Documents and Settings\Propri'taire\LOCAL Settings\Temp\The Sims 2_uninst.exe
Present !! : C:\Documents and Settings\Propri'taire\LOCAL Settings\Temp\a.dat
Present !! : C:\Documents and Settings\Propri'taire\LOCAL Settings\Temp\b.dat
Present !! : C:\Documents and Settings\Propri'taire\LOCAL Settings\Temp\sshnas21.dll
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Present !! : HKCU\Software\bisoft
Present !! : HKCU\Software\Lanconfig
Present !! : HKCU\Software\livesvc
Present !! : HKCU\SOFTWARE\Microsoft\Handle
Present !! : HKCU\SOFTWARE\XML
Present !! : HKLM\SYSTEM\ControlSet001\Enum\Root\Legacy_SSHNAS
Present !! : HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_tdssserv.sys
Present !! : HKLM\SYSTEM\ControlSet001\Services\SSHNAS
Present !! : HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_SSHNAS
Present !! : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_tdssserv.sys
Present !! : HKLM\SYSTEM\CurrentControlSet\Services\SSHNAS
============
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-21 18:18:13
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys viaide.sys
kernel: MBR read successfully
user & kernel MBR OK
¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials
D:\Da sims 2\Les Sims 2 La Bonne Affaire\Keygen\Keygen.exe
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 18:23:40,37
User : Propriétaire (Administrateurs)
Update on 18/03/2010 by g3n-h@ckm@n ::::: 12.30
Start at: 17:42:14 | 21/03/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7
AMD Sempron(tm) Processor 3000+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.32 [ (!) Disabled | Updated ]
FW : Look 'n' Stop 2.06p3 (Soft4Ever)[ (!) Disabled ]2.06p3
C:\ -> Disque fixe local | 39,07 Go (2,74 Go free) | NTFS
D:\ -> Disque fixe local | 109,97 Go (64,92 Go free) | NTFS
E:\ -> Disque CD-ROM
G:\ -> Disque amovible
Boot: Normal
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\S3trayp.exe
C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Neuf\Kit\9props.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\eMule\emule.exe
C:\WINDOWS\Iwutea.exe
C:\Program Files\Fichiers communs\Adobe\Updater6\Adobe_Updater.exe
C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\Idx.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\pv.exe
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
BitTorrent DNA REG_SZ "C:\Program Files\DNA\btdna.exe"
Uniblue RegistryBooster 2009 REG_SZ D:\Logiciel pour carte graphique\Uniblue\RegistryBooster\RegistryBooster.exe /S
Connexion SFR 9props.exe REG_SZ "C:\Program Files\Neuf\Kit\9props.exe" /trayicon
YVIBBBHA8C REG_SZ C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\Idx.exe
WEK9EMDHI9 REG_SZ C:\WINDOWS\Iwutea.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
S3Trayp REG_SZ S3trayp.exe
Pop-Up Stopper REG_SZ "C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe"
Adobe Photo Downloader REG_SZ "D:\3.2\Apps\apdproxy.exe"
VTTimer REG_SZ VTTimer.exe
RTHDCPL REG_SZ RTHDCPL.EXE
SkyTel REG_SZ SkyTel.EXE
Alcmtr REG_SZ ALCMTR.EXE
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
QuickTime Task REG_SZ "D:\QuickTime\qttask.exe" -atboottime
avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
Monitor REG_SZ C:\WINDOWS\PixArt\PAC207\Monitor.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
EnableLUA REG_DWORD 0 (0x0)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_BINARY 95000000
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 1 (0x1)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultDomainName REG_SZ REQUIER-1C9D4F7
DefaultUserName REG_SZ Propriétaire
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 1 (0x1)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 1 (0x1)
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 0 (0x0)
AltDefaultUserName REG_SZ Propriétaire
AltDefaultDomainName REG_SZ REQUIER-1C9D4F7
ChangePasswordUseKerberos REG_DWORD 1 (0x1)
AutoAdminLogon REG_SZ 0
Background REG_SZ 0 0 0
SfcScan REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe REG_SZ C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe:*:Enabled:Kaspersky Anti-Virus
C:\Program Files\eMule\emule.exe REG_SZ C:\Program Files\eMule\emule.exe:*:Enabled:eMule
C:\Program Files\Vendetta\Vendetta.exe REG_SZ C:\Program Files\Vendetta\Vendetta.exe:*:Enabled:Vendetta
C:\Documents and Settings\Propriétaire\Bureau\LimeWire\LimeWire.exe REG_SZ C:\Documents and Settings\Propriétaire\Bureau\LimeWire\LimeWire.exe:*:Enabled:LimeWire
C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\services.exe REG_SZ C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\services.exe:*:Enabled:Flash Player2
C:\Program Files\Bonjour\mDNSResponder.exe REG_SZ C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
D:\LimeWire\LimeWire.exe REG_SZ D:\LimeWire\LimeWire.exe:*:Enabled:LimeWire
D:\Mes documents\eMule\emule.exe REG_SZ D:\Mes documents\eMule\emule.exe:*:Enabled:eMule
C:\Program Files\MySpace\IM\MySpaceIM.exe REG_SZ C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger
C:\WINDOWS\system32\dpvsetup.exe REG_SZ C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
C:\WINDOWS\system32\rundll32.exe REG_SZ C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application
C:\WINDOWS\system32\drivers\svchost.exe REG_SZ C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost
C:\Program Files\ma-config.com\maconfservice.exe REG_SZ C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice
C:\Program Files\DNA\btdna.exe REG_SZ C:\Program Files\DNA\btdna.exe:*:Enabled:DNA
C:\Program Files\BitTorrent\bittorrent.exe REG_SZ C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
C:\Program Files\HP\Digital Imaging\bin\hposid01.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe REG_SZ C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe REG_SZ C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe
C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
===============
ActivX controls
===============
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{0CCA191D-13A6-4E29-B746-314DEE697D83}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{166B1BCA-3F9C-11CF-8075-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{20A60F0D-9AFA-4515-A0FD-83BD84642501}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{233C1507-6A77-46A4-9443-F871F945D258}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D6F45B3-9043-443D-A792-115447494D24}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6414512B-B978-451D-A0D8-FCFDF33E833C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{867E13F2-7F31-44FB-AC97-CD38E0DC46EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48}]
===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{ED3DF1A7-E9AD-41C7-A62A-1CDA6E33F517}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Microsoft Base Smart Card Crypto Provider Package]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{233C1507-6A77-46A4-9443-F871F945D258}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2BF024F4-FEA1-E6F6-4D88-2B624839AB85}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3EB7DEA8-CAE0-B143-B016-F0F3C48BBBCE}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5056b317-8d4c-43ee-8543-b9d1e234b8f4}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{729A8BE0-FC8F-B46B-85C3-6CBC63A548E8}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9331AFAF-D6C1-E0A5-21FB-266572A249F1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B508B3F1-A24A-32C0-B310-85786919EF28}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B61F7032-38D5-17DD-0E76-BCB2A3C093E2}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EB88F089-A126-0812-CF4E-CCC61FB1A7B7}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}]
==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
===
DNS
===
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9426CA9E-0EAE-452C-B0BB-DC29DD1B35C7}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9426CA9E-0EAE-452C-B0BB-DC29DD1B35C7}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x2 ( OK = 2 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
=========
Atapi.sys
=========
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\ServicePackFiles\i386\atapi.sys
##
96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\ServicePackFiles\i386\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\system32\drivers\atapi.sys
##
96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\system32\drivers\atapi.sys
Référence :
==========
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e
=======
Drive :
=======
D'fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.
Rapport d'analyse
39,07 Go total, 2,74 Go libre (7%), 29% fragment' (fragmentation du fichier 52%)
Vous devriez d'fragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Present !! : C:\Program Files\Circle Dvelopement
Present !! : C:\Program Files\GamesBar
Present !! : C:\WINDOWS\002928_.tmp
Present !! : C:\WINDOWS\003061_.tmp
Present !! : C:\WINDOWS\SET3.tmp
Present !! : C:\WINDOWS\SET4.tmp
Present !! : C:\WINDOWS\SET77.tmp
Present !! : C:\WINDOWS\SET7A.tmp
Present !! : C:\WINDOWS\SET8.tmp
Present !! : C:\WINDOWS\SET86.tmp
Present !! : C:\WINDOWS\SETB9.tmp
Present !! : C:\WINDOWS\System32\sshnas??.dll
Present !! : C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
Present !! : C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
Present !! : C:\Documents and Settings\Propri'taire\Application Data\awyqivusez.ban
Present !! : C:\Documents and Settings\Propri'taire\Application Data\ademimoq.dat
Present !! : C:\Documents and Settings\Propri'taire\Application Data\GDIPFONTCACHEV1.DAT
Present !! : C:\Documents and Settings\Propri'taire\Application Data\ozokusebyt.dat
Present !! : C:\Documents and Settings\Propri'taire\Application Data\HPSU_48BitScanUpdate.log
Present !! : C:\Documents and Settings\Propri'taire\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
Present !! : C:\Documents and Settings\Propri'taire\Application Data\Update_HP_RedboxHprblog_HPSU.log
Present !! : C:\Documents and Settings\Propri'taire\Application Data\ademimoq.dat
Present !! : C:\Documents and Settings\Propri'taire\Application Data\GDIPFONTCACHEV1.DAT
Present !! : C:\Documents and Settings\Propri'taire\Application Data\ozokusebyt.dat
Present !! : C:\Documents and Settings\Propri'taire\Application Data\drivers
Present !! : C:\Documents and Settings\Propri'taire\Local Settings\Temp\a.dat
Present !! : C:\Documents and Settings\Propri'taire\Local Settings\Temp\b.dat
Present !! : C:\Documents and Settings\Propri'taire\Local Settings\Temp\Id0.exe
Present !! : C:\Documents and Settings\Propri'taire\Local Settings\Temp\Idv.exe
Present !! : C:\Documents and Settings\Propri'taire\Local Settings\Temp\Idw.exe
Present !! : C:\Documents and Settings\Propri'taire\Local Settings\Temp\Idx.exe
Present !! : C:\Documents and Settings\Propri'taire\Local Settings\Temp\Idy.exe
Present !! : C:\Documents and Settings\Propri'taire\Local Settings\Temp\Idz.exe
Present !! : C:\Documents and Settings\Propri'taire\LOCAL Settings\Temp\8BD54F3E-DD19-4a69-93D8-5C6A5BBBE20E.exe
Present !! : C:\Documents and Settings\Propri'taire\LOCAL Settings\Temp\eauninstall.exe
Present !! : C:\Documents and Settings\Propri'taire\LOCAL Settings\Temp\Id0.exe
Present !! : C:\Documents and Settings\Propri'taire\LOCAL Settings\Temp\Idv.exe
Present !! : C:\Documents and Settings\Propri'taire\LOCAL Settings\Temp\Idw.exe
Present !! : C:\Documents and Settings\Propri'taire\LOCAL Settings\Temp\Idx.exe
Present !! : C:\Documents and Settings\Propri'taire\LOCAL Settings\Temp\Idy.exe
Present !! : C:\Documents and Settings\Propri'taire\LOCAL Settings\Temp\Idz.exe
Present !! : C:\Documents and Settings\Propri'taire\LOCAL Settings\Temp\lsnfier.exe
Present !! : C:\Documents and Settings\Propri'taire\LOCAL Settings\Temp\msizapMG.exe
Present !! : C:\Documents and Settings\Propri'taire\LOCAL Settings\Temp\The Sims 2_uninst.exe
Present !! : C:\Documents and Settings\Propri'taire\LOCAL Settings\Temp\a.dat
Present !! : C:\Documents and Settings\Propri'taire\LOCAL Settings\Temp\b.dat
Present !! : C:\Documents and Settings\Propri'taire\LOCAL Settings\Temp\sshnas21.dll
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Present !! : HKCU\Software\bisoft
Present !! : HKCU\Software\Lanconfig
Present !! : HKCU\Software\livesvc
Present !! : HKCU\SOFTWARE\Microsoft\Handle
Present !! : HKCU\SOFTWARE\XML
Present !! : HKLM\SYSTEM\ControlSet001\Enum\Root\Legacy_SSHNAS
Present !! : HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_tdssserv.sys
Present !! : HKLM\SYSTEM\ControlSet001\Services\SSHNAS
Present !! : HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_SSHNAS
Present !! : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_tdssserv.sys
Present !! : HKLM\SYSTEM\CurrentControlSet\Services\SSHNAS
============
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-21 18:18:13
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys viaide.sys
kernel: MBR read successfully
user & kernel MBR OK
¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials
D:\Da sims 2\Les Sims 2 La Bonne Affaire\Keygen\Keygen.exe
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 18:23:40,37
1)
? Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :
? choisis l'option 2 = Mode Suppression
ton PC va redemarrer,
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
? colle le contenu dans ta reponse
Tu peux le désinstaller ensuite
.....................
2)
lances MalwareByte's Anti-Malware
mets le à jour
examen complet
supprimer ce qu'il trouve
poster le rapport
? Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :
? choisis l'option 2 = Mode Suppression
ton PC va redemarrer,
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
? colle le contenu dans ta reponse
Tu peux le désinstaller ensuite
.....................
2)
lances MalwareByte's Anti-Malware
mets le à jour
examen complet
supprimer ce qu'il trouve
poster le rapport
Kill'em by g3n-h@ckm@n 1.6.0.2
User : Propriétaire (Administrateurs)
Update on 18/03/2010 by g3n-h@ckm@n ::::: 12.30
Start at: 20:41:43 | 21/03/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7
AMD Sempron(tm) Processor 3000+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
FW : Look 'n' Stop 2.06p3 (Soft4Ever)[ (!) Disabled ]2.06p3
C:\ -> Disque fixe local | 39,07 Go (2,67 Go free) | NTFS
D:\ -> Disque fixe local | 109,97 Go (64,92 Go free) | NTFS
E:\ -> Disque CD-ROM
G:\ -> Disque amovible
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\Idx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Iwutea.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\ERUNT.EXE
C:\Program Files\List_Kill'em\pv.exe
Detections :
==========
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\Program Files\Circle Dvelopement
Quarantined & Deleted !! : C:\Program Files\GamesBar
Quarantined & Deleted !! : C:\WINDOWS\002928_.tmp
Quarantined & Deleted !! : C:\WINDOWS\003061_.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET3.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET4.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET77.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET7A.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET8.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET86.tmp
Quarantined & Deleted !! : C:\WINDOWS\SETB9.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\sshnas21.dll
Quarantined & Deleted !! : C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
Quarantined & Deleted !! : C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
Quarantined & Deleted !! : C:\Documents and Settings\Propri'taire\Application Data\awyqivusez.ban
Quarantined & Deleted !! : C:\Documents and Settings\Propri'taire\Application Data\ademimoq.dat
Quarantined & Deleted !! : C:\Documents and Settings\Propri'taire\Application Data\GDIPFONTCACHEV1.DAT
Quarantined & Deleted !! : C:\Documents and Settings\Propri'taire\Application Data\ozokusebyt.dat
Quarantined & Deleted !! : C:\Documents and Settings\Propri'taire\Application Data\HPSU_48BitScanUpdate.log
Quarantined & Deleted !! : C:\Documents and Settings\Propri'taire\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
Quarantined & Deleted !! : C:\Documents and Settings\Propri'taire\Application Data\Update_HP_RedboxHprblog_HPSU.log
Quarantined & Deleted !! : C:\Documents and Settings\Propri'taire\Application Data\drivers
Quarantined & Deleted !! : C:\Documents and Settings\Propri'taire\Local Settings\Temp\a.dat
Quarantined & Deleted !! : C:\Documents and Settings\Propri'taire\Local Settings\Temp\b.dat
Quarantined & Deleted !! : C:\Documents and Settings\Propri'taire\Local Settings\Temp\Id0.exe
Quarantined & Deleted !! : C:\Documents and Settings\Propri'taire\Local Settings\Temp\Idv.exe
Quarantined & Deleted !! : C:\Documents and Settings\Propri'taire\Local Settings\Temp\Idw.exe
Quarantined & Deleted !! : C:\Documents and Settings\Propri'taire\Local Settings\Temp\Idx.exe
Quarantined & Deleted !! : C:\Documents and Settings\Propri'taire\Local Settings\Temp\Idy.exe
Quarantined & Deleted !! : C:\Documents and Settings\Propri'taire\Local Settings\Temp\Idz.exe
Quarantined & Deleted !! : C:\Documents and Settings\Propri'taire\LOCAL Settings\Temp\8BD54F3E-DD19-4a69-93D8-5C6A5BBBE20E.exe
Quarantined & Deleted !! : C:\Documents and Settings\Propri'taire\LOCAL Settings\Temp\eauninstall.exe
Quarantined & Deleted !! : C:\Documents and Settings\Propri'taire\LOCAL Settings\Temp\lsnfier.exe
Quarantined & Deleted !! : C:\Documents and Settings\Propri'taire\LOCAL Settings\Temp\msizapMG.exe
Quarantined & Deleted !! : C:\Documents and Settings\Propri'taire\LOCAL Settings\Temp\The Sims 2_uninst.exe
Quarantined & Deleted !! : C:\Documents and Settings\Propri'taire\LOCAL Settings\Temp\sshnas21.dll
==============
host file OK !
==============
========
Registry
========
Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Deleted : HKCU\Software\bisoft
Deleted : HKCU\Software\Lanconfig
Deleted : HKCU\Software\livesvc
Deleted : HKCU\SOFTWARE\Microsoft\Handle
Deleted : HKCU\SOFTWARE\XML
Deleted : HKLM\SYSTEM\ControlSet001\Enum\Root\Legacy_SSHNAS
Deleted : HKLM\SYSTEM\ControlSet001\Services\SSHNAS
========
Services
=========
Ndisuio : Start = 3
EapHost : Start = 2
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2
============
Disk Cleaned
============
=================
anti-ver blaster : OK !!
=================
================
Prefetch cleaned
================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
User : Propriétaire (Administrateurs)
Update on 18/03/2010 by g3n-h@ckm@n ::::: 12.30
Start at: 20:41:43 | 21/03/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7
AMD Sempron(tm) Processor 3000+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
FW : Look 'n' Stop 2.06p3 (Soft4Ever)[ (!) Disabled ]2.06p3
C:\ -> Disque fixe local | 39,07 Go (2,67 Go free) | NTFS
D:\ -> Disque fixe local | 109,97 Go (64,92 Go free) | NTFS
E:\ -> Disque CD-ROM
G:\ -> Disque amovible
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\Idx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Iwutea.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\ERUNT.EXE
C:\Program Files\List_Kill'em\pv.exe
Detections :
==========
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\Program Files\Circle Dvelopement
Quarantined & Deleted !! : C:\Program Files\GamesBar
Quarantined & Deleted !! : C:\WINDOWS\002928_.tmp
Quarantined & Deleted !! : C:\WINDOWS\003061_.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET3.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET4.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET77.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET7A.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET8.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET86.tmp
Quarantined & Deleted !! : C:\WINDOWS\SETB9.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\sshnas21.dll
Quarantined & Deleted !! : C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
Quarantined & Deleted !! : C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
Quarantined & Deleted !! : C:\Documents and Settings\Propri'taire\Application Data\awyqivusez.ban
Quarantined & Deleted !! : C:\Documents and Settings\Propri'taire\Application Data\ademimoq.dat
Quarantined & Deleted !! : C:\Documents and Settings\Propri'taire\Application Data\GDIPFONTCACHEV1.DAT
Quarantined & Deleted !! : C:\Documents and Settings\Propri'taire\Application Data\ozokusebyt.dat
Quarantined & Deleted !! : C:\Documents and Settings\Propri'taire\Application Data\HPSU_48BitScanUpdate.log
Quarantined & Deleted !! : C:\Documents and Settings\Propri'taire\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
Quarantined & Deleted !! : C:\Documents and Settings\Propri'taire\Application Data\Update_HP_RedboxHprblog_HPSU.log
Quarantined & Deleted !! : C:\Documents and Settings\Propri'taire\Application Data\drivers
Quarantined & Deleted !! : C:\Documents and Settings\Propri'taire\Local Settings\Temp\a.dat
Quarantined & Deleted !! : C:\Documents and Settings\Propri'taire\Local Settings\Temp\b.dat
Quarantined & Deleted !! : C:\Documents and Settings\Propri'taire\Local Settings\Temp\Id0.exe
Quarantined & Deleted !! : C:\Documents and Settings\Propri'taire\Local Settings\Temp\Idv.exe
Quarantined & Deleted !! : C:\Documents and Settings\Propri'taire\Local Settings\Temp\Idw.exe
Quarantined & Deleted !! : C:\Documents and Settings\Propri'taire\Local Settings\Temp\Idx.exe
Quarantined & Deleted !! : C:\Documents and Settings\Propri'taire\Local Settings\Temp\Idy.exe
Quarantined & Deleted !! : C:\Documents and Settings\Propri'taire\Local Settings\Temp\Idz.exe
Quarantined & Deleted !! : C:\Documents and Settings\Propri'taire\LOCAL Settings\Temp\8BD54F3E-DD19-4a69-93D8-5C6A5BBBE20E.exe
Quarantined & Deleted !! : C:\Documents and Settings\Propri'taire\LOCAL Settings\Temp\eauninstall.exe
Quarantined & Deleted !! : C:\Documents and Settings\Propri'taire\LOCAL Settings\Temp\lsnfier.exe
Quarantined & Deleted !! : C:\Documents and Settings\Propri'taire\LOCAL Settings\Temp\msizapMG.exe
Quarantined & Deleted !! : C:\Documents and Settings\Propri'taire\LOCAL Settings\Temp\The Sims 2_uninst.exe
Quarantined & Deleted !! : C:\Documents and Settings\Propri'taire\LOCAL Settings\Temp\sshnas21.dll
==============
host file OK !
==============
========
Registry
========
Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Deleted : HKCU\Software\bisoft
Deleted : HKCU\Software\Lanconfig
Deleted : HKCU\Software\livesvc
Deleted : HKCU\SOFTWARE\Microsoft\Handle
Deleted : HKCU\SOFTWARE\XML
Deleted : HKLM\SYSTEM\ControlSet001\Enum\Root\Legacy_SSHNAS
Deleted : HKLM\SYSTEM\ControlSet001\Services\SSHNAS
========
Services
=========
Ndisuio : Start = 3
EapHost : Start = 2
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2
============
Disk Cleaned
============
=================
anti-ver blaster : OK !!
=================
================
Prefetch cleaned
================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
