Pubs intempestives
gribouille444
Messages postés
5
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour, depuis quelque temps j ai des pubs qui apparaît sur mon écran même si je ne vais pas sur un site elle apparaisses comme ça lorsque ma cession est ouverte et c est très embetant et pour finir se n ai pas toujours la même pub mes quelques une revienne souvent pouvez vous m aider a résoudre se problème svp merci d avance a bientôt
A voir également:
- Pubs intempestives
- Bloquer les pubs youtube - Accueil - Streaming
- Supprimer les pubs - Guide
- Comment couper le son des pubs dans les jeux - Forum Enceintes / HiFi
- Mon téléphone lance des pubs tout seul ✓ - Forum Téléphones & tablettes Android
- Pourquoi j'ai des pubs de site de rencontre ✓ - Forum Réseaux sociaux
16 réponses
salut :
C'est un adware installé par les programmes suivants:
* Funky Emoticons
* Games Attack
* go-astro
* GoRecord
* HotTVPlayer / HotTVPlayer & Paris Hilton
* Live-Player
* MailSkinner
* Messenger Skinner
* Instant Access
* InternetGameBox
* Official Emule (Version d'Emule modifiée)
* Original Solitaire
* SuperSexPlayer
* Speed Downloading
* Sudoplanet
* Webmediaplayer
* Sur le site www.games-desktop.com (n'allez pas dessus!!)
(N'aie plus aucun contact avec eux)
Lien utile: http://www.malekal.com/Adware.Magic_Control.php
Télécharge Navilog1 depuis-ce lien
▶ Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
▶ Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
▶ Au menu principal, Fais le choix 1 >> Recherche / suppression automatique
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
>>>>> Le fix peut durer une dizaine de minutes ;)
▶ Appuie sur une touche le bloc note va s'ouvrir.
▶ Copie-colle le rapport ici.
C'est un adware installé par les programmes suivants:
* Funky Emoticons
* Games Attack
* go-astro
* GoRecord
* HotTVPlayer / HotTVPlayer & Paris Hilton
* Live-Player
* MailSkinner
* Messenger Skinner
* Instant Access
* InternetGameBox
* Official Emule (Version d'Emule modifiée)
* Original Solitaire
* SuperSexPlayer
* Speed Downloading
* Sudoplanet
* Webmediaplayer
* Sur le site www.games-desktop.com (n'allez pas dessus!!)
(N'aie plus aucun contact avec eux)
Lien utile: http://www.malekal.com/Adware.Magic_Control.php
Télécharge Navilog1 depuis-ce lien
▶ Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
▶ Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
▶ Au menu principal, Fais le choix 1 >> Recherche / suppression automatique
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
>>>>> Le fix peut durer une dizaine de minutes ;)
▶ Appuie sur une touche le bloc note va s'ouvrir.
▶ Copie-colle le rapport ici.
http://www.blogger.com/quizz.phphttp://www.blogger.com/quizz.phpFix Navipromo version 4.0.6 commencé le 16/01/2010 5:23:03,98
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
Outil exécuté depuis C:\Program Files\navilog1http://www.blogger.com/quizz.phphttp://www.blogger.com/quizz.phpFix Navipromo version 4.0.6 commencé le 16/01/2010 5:23:03,98
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 03.01.2010 à 11h00 par IL-MAFIOSO
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 Processor 3500+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : franck ( Administrator )
BOOT : Normal boot
Antivirus : AntiVir Desktop 9.0.1.32 (Activated)
C:\ (Local Disk) - NTFS - Total:142 Go (Free:34 Go)
D:\ (Local Disk) - FAT32 - Total:6 Go (Free:1 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
Recherche executée en mode normal
[b]Aucune Infection Navipromo/Egdaccess trouvée/b
*** Scan terminé 16/01/2010 5:23:46,12 ***
Mise à jour le 03.01.2010 à 11h00 par IL-MAFIOSO
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 Processor 3500+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : franck ( Administrator )
BOOT : Normal boot
Antivirus : AntiVir Desktop 9.0.1.32 (Activated)
C:\ (Local Disk) - NTFS - Total:142 Go (Free:34 Go)
D:\ (Local Disk) - FAT32 - Total:6 Go (Free:1 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
Recherche executée en mode normal
[b]Aucune Infection Navipromo/Egdaccess trouvée/b
*** Scan terminé 16/01/2010 5:23:46,12 ***
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
Outil exécuté depuis C:\Program Files\navilog1http://www.blogger.com/quizz.phphttp://www.blogger.com/quizz.phpFix Navipromo version 4.0.6 commencé le 16/01/2010 5:23:03,98
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 03.01.2010 à 11h00 par IL-MAFIOSO
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 Processor 3500+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : franck ( Administrator )
BOOT : Normal boot
Antivirus : AntiVir Desktop 9.0.1.32 (Activated)
C:\ (Local Disk) - NTFS - Total:142 Go (Free:34 Go)
D:\ (Local Disk) - FAT32 - Total:6 Go (Free:1 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
Recherche executée en mode normal
[b]Aucune Infection Navipromo/Egdaccess trouvée/b
*** Scan terminé 16/01/2010 5:23:46,12 ***
Mise à jour le 03.01.2010 à 11h00 par IL-MAFIOSO
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 Processor 3500+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : franck ( Administrator )
BOOT : Normal boot
Antivirus : AntiVir Desktop 9.0.1.32 (Activated)
C:\ (Local Disk) - NTFS - Total:142 Go (Free:34 Go)
D:\ (Local Disk) - FAT32 - Total:6 Go (Free:1 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
Recherche executée en mode normal
[b]Aucune Infection Navipromo/Egdaccess trouvée/b
*** Scan terminé 16/01/2010 5:23:46,12 ***
Télécharge OTL de OLDTimer
▶ enregistre le sur ton Bureau.
▶ Double clic ( pour vista / 7 => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.
▶ Coche les 2 cases Lop et Purity
▶ Coche la case devant scan all users
▶ règle-le sur "60 Days"
▶ dans la colonne de gauche , mets tout sur all
ne modifie pas ceci :
"files created whithin" et "files modified whithin"
▶Clic sur Run Scan.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)
▶▶▶ NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier ci-dessus.
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
▶▶ Tu feras la meme chose avec le "Extra.txt".
▶ enregistre le sur ton Bureau.
▶ Double clic ( pour vista / 7 => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.
▶ Coche les 2 cases Lop et Purity
▶ Coche la case devant scan all users
▶ règle-le sur "60 Days"
▶ dans la colonne de gauche , mets tout sur all
ne modifie pas ceci :
"files created whithin" et "files modified whithin"
▶Clic sur Run Scan.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)
▶▶▶ NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier ci-dessus.
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
▶▶ Tu feras la meme chose avec le "Extra.txt".
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
▶ Télécharge Ad-remover ( de C_XX ) sur ton bureau :
▶ Déconnecte toi et ferme toutes applications en cours !
▶ Double clique sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .
▶ Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .
▶ Au menu principal choisis l'option "L" et tape sur [entrée] .
▶ Laisse travailler l'outil et ne touche à rien ...
▶ Poste le rapport qui apparait à la fin , sur le forum ...
( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
▶ Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
▶ Déconnecte toi et ferme toutes applications en cours !
▶ Double clique sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .
▶ Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .
▶ Au menu principal choisis l'option "L" et tape sur [entrée] .
▶ Laisse travailler l'outil et ne touche à rien ...
▶ Poste le rapport qui apparait à la fin , sur le forum ...
( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
▶ Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
.
======= RAPPORT D'AD-REMOVER 1.1.4.6_H | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 15.01.2010 à 20:01
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 6:06:17, 16/01/2010 | Mode Normal | Option: CLEAN
Exécuté de: C:\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: NOM-FB9B15D2723 | Utilisateur actuel: franck
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
C:\Poker\Poker 770
C:\Program Files\Crawler
C:\Program Files\EoRezo
C:\Program Files\pdfforge Toolbar
C:\Program Files\Winsudate
C:\DOCUME~1\franck\APPLIC~1\EoRezo
C:\DOCUME~1\franck\APPLIC~1\pdfforge
C:\DOCUME~1\franck\APPLIC~1\Search Settings
C:\Windows\Installer\1839ed3.msi
C:\Documents and Settings\elliott\Local Settings\Application Data\AskToolbar
C:\Documents and Settings\elliott\Application Data\Desktopicon
C:\Documents and Settings\elliott\Application Data\EoRezo
C:\Documents and Settings\davy\Application Data\EoRezo
C:\Documents and Settings\elliott\Application Data\pdfforge
C:\Documents and Settings\davy\Application Data\pdfforge
C:\WINDOWS\system32\config\systemprofile\Application Data\Search Settings
C:\Documents and Settings\elliott\Application Data\Search Settings
C:\Documents and Settings\davy\Application Data\Search Settings
C:\DOCUME~1\franck\Bureau\mes jeux\Casino 770.lnk
(!) -- Fichiers temporaires supprimés.
.
HKCU\software\CToolbar
HKCU\software\EoRezo
HKCU\software\microsoft\internet explorer\searchscopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
HKCU\software\microsoft\internet explorer\searchscopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
HKCU\software\pdfforge
HKCU\software\Poker 770
HKCU\software\Search Settings
HKLM\Software\Classes\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
HKLM\software\classes\appid\EoRezoBHO.DLL
HKLM\Software\Classes\CLSID\{183643C8-EE67-4574-9A38-927852E34163}
HKLM\Software\Classes\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
HKLM\Software\Classes\CLSID\{1DDA201E-5B42-4352-933E-21A92B297E3B}
HKLM\Software\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
HKLM\Software\Classes\CLSID\{4D25FB7A-8902-4291-960E-9ADA051CFBBF}
HKLM\Software\Classes\CLSID\{54ECA872-DB2A-4C6B-BBB2-F3777C6786CC}
HKLM\Software\Classes\CLSID\{8736C681-37A0-40C6-A0F0-4C083409151C}
HKLM\Software\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
HKLM\Software\Classes\CLSID\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
HKLM\Software\Classes\CLSID\{DBDB6FAA-1F5F-4A18-B60B-7A905C7FF83F}
HKLM\software\classes\ComObject.DeskbarEnabler
HKLM\software\classes\ComObject.DeskbarEnabler.1
HKLM\software\classes\ctbr.R404Pro
HKLM\software\classes\CToolbar.TB4Client
HKLM\software\classes\CToolbar.TB4Script
HKLM\software\classes\CToolbar.TB4Server
HKLM\software\classes\EoRezoBHO.EoBHO
HKLM\software\classes\EoRezoBHO.EoBHO.1
HKLM\Software\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}
HKLM\Software\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}
HKLM\Software\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}
HKLM\Software\Classes\Interface\{819DB72D-1C28-4387-9778-E2FF3DC86F74}
HKLM\Software\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}
HKLM\Software\Classes\TypeLib\{04006843-5199-4CE4-B3CD-8092CC91706E}
HKLM\Software\Classes\TypeLib\{506F578A-91E1-46CE-830F-E2F4268E9966}
HKLM\Software\Classes\TypeLib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
HKLM\Software\Classes\TypeLib\{E79BB61D-7F1A-41DF-8AD0-402795E3B566}
HKLM\software\CToolbar
HKLM\software\EoRezo
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\0292226F570267D459357AF78015E534
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\03285961954D5824C85975D955031EE8
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\377026901A2D8744A8423A983B50E0D1
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6AC3985F4D64C2245A96D31569D1BF40
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\76DA9915C36F3D742951F63351CF5C97
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\855847FA0E25FBA46B8516389DFDD4B3
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9B0B0584E80456A4FB98DA3973B1EB3F
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9DC2844D0E3E8924C8973C3B3BAE1F58
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A89F1E0FE544529429C8BF82FE74CE39
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\AFEB575AA30ACB243B748619F62F0782
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B278DBFACA5AB424DA79915F3A109F9A
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B3B348F18694F1949B4D6BD9507F2886
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\C9667115F6A9CE340B31B63B680FF26F
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E48E3A6D380B2EC4ABCEB3BA048D767F
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EFB70E89C3D6D354596520DE424F89D6
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F461B8DD96FF5AA41A52D14E1D7B69C7
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F49A213B5069AC348994D03F81B56C19
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F715D253BF28D554C9C0F60ABA8585CF
HKLM\software\microsoft\windows\currentversion\uninstall\CToolbar_UNINSTALL
HKLM\software\microsoft\windows\currentversion\uninstall\eoEngine_is1
HKLM\software\microsoft\windows\currentversion\uninstall\Poker 770
HKLM\software\microsoft\windows\currentversion\uninstall\SoftwareUpdate_is1
HKLM\software\pdfforge
HKLM\software\Poker 770
HKLM\software\Search Settings
.
============== Scan additionnel ==============
.
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Show_ToolBar: yes
Enable Browser Extensions: yes
Start Page Redirect Cache_TIMESTAMP: d69dcfe72970ca01
Start Page: hxxp://fr.msn.com/
Use Search Asst: no
SearchAssistant:
Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Start Page: hxxp://fr.msn.com/
Search Bar: hxxp://search.msn.com/spbasic.htm
Local Page: C:\WINDOWS\system32\blank.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
8562 Octet(s) - C:\Ad-Report-CLEAN[1].log
7784 Octet(s) - C:\Ad-Report-CLEAN[2].log
14558 Octet(s) - C:\Ad-Report-SCAN[1].log
6637 Octet(s) - C:\Ad-Report-SCAN[2].log
.
56 Fichier(s) - C:\DOCUME~1\franck\LOCALS~1\Temp
2 Fichier(s) - C:\WINDOWS\Temp
8 Fichier(s) - C:\WINDOWS\Prefetch
.
17 Fichier(s) - C:\Ad-Remover\BACKUP
3228 Fichier(s) - C:\Ad-Remover\QUARANTINE
.
Fin à: 6:22:10 | 16/01/2010 - CLEAN[2]
.
============== E.O.F ==============
.
======= RAPPORT D'AD-REMOVER 1.1.4.6_H | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 15.01.2010 à 20:01
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 6:06:17, 16/01/2010 | Mode Normal | Option: CLEAN
Exécuté de: C:\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: NOM-FB9B15D2723 | Utilisateur actuel: franck
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
C:\Poker\Poker 770
C:\Program Files\Crawler
C:\Program Files\EoRezo
C:\Program Files\pdfforge Toolbar
C:\Program Files\Winsudate
C:\DOCUME~1\franck\APPLIC~1\EoRezo
C:\DOCUME~1\franck\APPLIC~1\pdfforge
C:\DOCUME~1\franck\APPLIC~1\Search Settings
C:\Windows\Installer\1839ed3.msi
C:\Documents and Settings\elliott\Local Settings\Application Data\AskToolbar
C:\Documents and Settings\elliott\Application Data\Desktopicon
C:\Documents and Settings\elliott\Application Data\EoRezo
C:\Documents and Settings\davy\Application Data\EoRezo
C:\Documents and Settings\elliott\Application Data\pdfforge
C:\Documents and Settings\davy\Application Data\pdfforge
C:\WINDOWS\system32\config\systemprofile\Application Data\Search Settings
C:\Documents and Settings\elliott\Application Data\Search Settings
C:\Documents and Settings\davy\Application Data\Search Settings
C:\DOCUME~1\franck\Bureau\mes jeux\Casino 770.lnk
(!) -- Fichiers temporaires supprimés.
.
HKCU\software\CToolbar
HKCU\software\EoRezo
HKCU\software\microsoft\internet explorer\searchscopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
HKCU\software\microsoft\internet explorer\searchscopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
HKCU\software\pdfforge
HKCU\software\Poker 770
HKCU\software\Search Settings
HKLM\Software\Classes\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
HKLM\software\classes\appid\EoRezoBHO.DLL
HKLM\Software\Classes\CLSID\{183643C8-EE67-4574-9A38-927852E34163}
HKLM\Software\Classes\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
HKLM\Software\Classes\CLSID\{1DDA201E-5B42-4352-933E-21A92B297E3B}
HKLM\Software\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
HKLM\Software\Classes\CLSID\{4D25FB7A-8902-4291-960E-9ADA051CFBBF}
HKLM\Software\Classes\CLSID\{54ECA872-DB2A-4C6B-BBB2-F3777C6786CC}
HKLM\Software\Classes\CLSID\{8736C681-37A0-40C6-A0F0-4C083409151C}
HKLM\Software\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
HKLM\Software\Classes\CLSID\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
HKLM\Software\Classes\CLSID\{DBDB6FAA-1F5F-4A18-B60B-7A905C7FF83F}
HKLM\software\classes\ComObject.DeskbarEnabler
HKLM\software\classes\ComObject.DeskbarEnabler.1
HKLM\software\classes\ctbr.R404Pro
HKLM\software\classes\CToolbar.TB4Client
HKLM\software\classes\CToolbar.TB4Script
HKLM\software\classes\CToolbar.TB4Server
HKLM\software\classes\EoRezoBHO.EoBHO
HKLM\software\classes\EoRezoBHO.EoBHO.1
HKLM\Software\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}
HKLM\Software\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}
HKLM\Software\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}
HKLM\Software\Classes\Interface\{819DB72D-1C28-4387-9778-E2FF3DC86F74}
HKLM\Software\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}
HKLM\Software\Classes\TypeLib\{04006843-5199-4CE4-B3CD-8092CC91706E}
HKLM\Software\Classes\TypeLib\{506F578A-91E1-46CE-830F-E2F4268E9966}
HKLM\Software\Classes\TypeLib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
HKLM\Software\Classes\TypeLib\{E79BB61D-7F1A-41DF-8AD0-402795E3B566}
HKLM\software\CToolbar
HKLM\software\EoRezo
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\0292226F570267D459357AF78015E534
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\03285961954D5824C85975D955031EE8
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\377026901A2D8744A8423A983B50E0D1
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6AC3985F4D64C2245A96D31569D1BF40
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\76DA9915C36F3D742951F63351CF5C97
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\855847FA0E25FBA46B8516389DFDD4B3
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9B0B0584E80456A4FB98DA3973B1EB3F
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9DC2844D0E3E8924C8973C3B3BAE1F58
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A89F1E0FE544529429C8BF82FE74CE39
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\AFEB575AA30ACB243B748619F62F0782
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B278DBFACA5AB424DA79915F3A109F9A
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B3B348F18694F1949B4D6BD9507F2886
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\C9667115F6A9CE340B31B63B680FF26F
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E48E3A6D380B2EC4ABCEB3BA048D767F
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EFB70E89C3D6D354596520DE424F89D6
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F461B8DD96FF5AA41A52D14E1D7B69C7
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F49A213B5069AC348994D03F81B56C19
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F715D253BF28D554C9C0F60ABA8585CF
HKLM\software\microsoft\windows\currentversion\uninstall\CToolbar_UNINSTALL
HKLM\software\microsoft\windows\currentversion\uninstall\eoEngine_is1
HKLM\software\microsoft\windows\currentversion\uninstall\Poker 770
HKLM\software\microsoft\windows\currentversion\uninstall\SoftwareUpdate_is1
HKLM\software\pdfforge
HKLM\software\Poker 770
HKLM\software\Search Settings
.
============== Scan additionnel ==============
.
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Show_ToolBar: yes
Enable Browser Extensions: yes
Start Page Redirect Cache_TIMESTAMP: d69dcfe72970ca01
Start Page: hxxp://fr.msn.com/
Use Search Asst: no
SearchAssistant:
Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Start Page: hxxp://fr.msn.com/
Search Bar: hxxp://search.msn.com/spbasic.htm
Local Page: C:\WINDOWS\system32\blank.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
8562 Octet(s) - C:\Ad-Report-CLEAN[1].log
7784 Octet(s) - C:\Ad-Report-CLEAN[2].log
14558 Octet(s) - C:\Ad-Report-SCAN[1].log
6637 Octet(s) - C:\Ad-Report-SCAN[2].log
.
56 Fichier(s) - C:\DOCUME~1\franck\LOCALS~1\Temp
2 Fichier(s) - C:\WINDOWS\Temp
8 Fichier(s) - C:\WINDOWS\Prefetch
.
17 Fichier(s) - C:\Ad-Remover\BACKUP
3228 Fichier(s) - C:\Ad-Remover\QUARANTINE
.
Fin à: 6:22:10 | 16/01/2010 - CLEAN[2]
.
============== E.O.F ==============
.
bonjours , gen hackman je voulai savoir si c est terminé et esque je met sur le site que c est résolu ? merci a bientot
hello
Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.
▶ Télécharge :
Malwarebytes
ou :
Malwarebytes
▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX
▶ Potasses le Tuto pour te familiariser avec le prg :
( cela dit, il est très simple d'utilisation ).
relance malwarebytes en suivant scrupuleusement ces consignes :
! Déconnecte toi et ferme toutes applications en cours !
▶ Lance Malwarebyte's .
Fais un examen dit "Complet" .
▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
▶ Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .
▶ Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
▶ Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.
▶ Télécharge :
Malwarebytes
ou :
Malwarebytes
▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX
▶ Potasses le Tuto pour te familiariser avec le prg :
( cela dit, il est très simple d'utilisation ).
relance malwarebytes en suivant scrupuleusement ces consignes :
! Déconnecte toi et ferme toutes applications en cours !
▶ Lance Malwarebyte's .
Fais un examen dit "Complet" .
▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
▶ Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .
▶ Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
▶ Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
ok je le ferai dans la soirée car mon fils a un devoir a faire et a besoin de l ordi a tout a l heure merci par contre dis moi si je t envoi le rapport ici ?
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3583
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
17/01/2010 22:43:07
mbam-log-2010-01-17 (22-43-07).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 304344
Temps écoulé: 2 hour(s), 28 minute(s), 49 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 17
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Ad-Remover\QUARANTINE\DOCUME~1\franck\APPLIC~1\EoRezo\SOFTWA~1\SoftwareUpdate.exe.vir (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Ad-Remover\QUARANTINE\DOCUME~1\franck\APPLIC~1\EoRezo\SOFTWA~1\SoftwareUpdateHP.exe.vir (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Ad-Remover\QUARANTINE\Poker\POKER7~1\_SetupCasino_24d4[1].exe.vir (Adware.Casino) -> Quarantined and deleted successfully.
C:\Ad-Remover\QUARANTINE\Poker\POKER7~1\_SetupCasino_2efa[1].exe.vir (Adware.Casino) -> Quarantined and deleted successfully.
C:\Ad-Remover\QUARANTINE\PROGRA~1\EoRezo\EoEngine.exe.vir (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Ad-Remover\QUARANTINE\PROGRA~1\EoRezo\EoAdv\EoAdv.dll.vir (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Ad-Remover\QUARANTINE\PROGRA~1\EoRezo\EoAdv\EoRezoBHO.dll.vir (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Ad-Remover\QUARANTINE\PROGRA~1\WINSUD~1\gibsvc(2).exe.vir (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP91\A0030464.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP97\A0032830.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP97\A0032831.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP97\A0032923.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP97\A0032946.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP97\A0032947.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP97\A0032958.exe (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP97\A0032960.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP97\A0032961.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
esque c est bien se rapport que tu voulai que je poste ?
Version de la base de données: 3583
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
17/01/2010 22:43:07
mbam-log-2010-01-17 (22-43-07).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 304344
Temps écoulé: 2 hour(s), 28 minute(s), 49 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 17
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Ad-Remover\QUARANTINE\DOCUME~1\franck\APPLIC~1\EoRezo\SOFTWA~1\SoftwareUpdate.exe.vir (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Ad-Remover\QUARANTINE\DOCUME~1\franck\APPLIC~1\EoRezo\SOFTWA~1\SoftwareUpdateHP.exe.vir (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Ad-Remover\QUARANTINE\Poker\POKER7~1\_SetupCasino_24d4[1].exe.vir (Adware.Casino) -> Quarantined and deleted successfully.
C:\Ad-Remover\QUARANTINE\Poker\POKER7~1\_SetupCasino_2efa[1].exe.vir (Adware.Casino) -> Quarantined and deleted successfully.
C:\Ad-Remover\QUARANTINE\PROGRA~1\EoRezo\EoEngine.exe.vir (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Ad-Remover\QUARANTINE\PROGRA~1\EoRezo\EoAdv\EoAdv.dll.vir (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Ad-Remover\QUARANTINE\PROGRA~1\EoRezo\EoAdv\EoRezoBHO.dll.vir (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Ad-Remover\QUARANTINE\PROGRA~1\WINSUD~1\gibsvc(2).exe.vir (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP91\A0030464.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP97\A0032830.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP97\A0032831.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP97\A0032923.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP97\A0032946.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP97\A0032947.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP97\A0032958.exe (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP97\A0032960.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP97\A0032961.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
esque c est bien se rapport que tu voulai que je poste ?
bon jesper que c est bien se rapport que tu voulais je regarderai demain si tu ma répondu merci a +++
bien un dernier coup d'oeil , et on plie bagages avec le menage final
Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection)
▶ Télécharge et installe List&Kill'em et enregistre le sur ton bureau
▶ Branche clés usb , disques durs externes , mp3 , mp4 , etc..
double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation
coche la case "creer une icone sur le bureau"
une fois terminée , clic sur "terminer" et le programme se lancera seul
choisis la langue puis choisis l'option 1 = Mode Recherche
▶ laisse travailler l'outil
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.
un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.
▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
tu peux supprimer le rapport catchme.log de ton bureau maintenant.
Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection)
▶ Télécharge et installe List&Kill'em et enregistre le sur ton bureau
▶ Branche clés usb , disques durs externes , mp3 , mp4 , etc..
double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation
coche la case "creer une icone sur le bureau"
une fois terminée , clic sur "terminer" et le programme se lancera seul
choisis la langue puis choisis l'option 1 = Mode Recherche
▶ laisse travailler l'outil
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.
un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.
▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
tu peux supprimer le rapport catchme.log de ton bureau maintenant.
List'em by g3n-h@ckm@n 1.1.8.4
thx to CCM team.....
User : franck (Administrateurs)
Update on 17/01/2010 by g3n-h@ckm@n ::::: 00:10
Start at: 08:06:31 | 18/01/2010
Contact : g3n-h@ckm@n sur CCM
AMD Athlon(tm) 64 Processor 3500+
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.32 [ (!) Disabled | Updated ]
C:\ -> Disque fixe local | 142,28 Go (34,57 Go free) [HP_PAVILION] | NTFS
D:\ -> Disque fixe local | 6,74 Go (1,49 Go free) [HP_RECOVERY] | FAT32
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mmrtkrnl.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\vVX1000.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\Labtec Laser Mouse Software\MulMouse.exe
C:\Documents and Settings\franck\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\franck\Local Settings\Temp\3B.tmp\pv.exe
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
Recguard REG_SZ C:\WINDOWS\SMINST\RECGUARD.EXE
Realtime Audio Engine REG_SZ "mmrtkrnl.exe" /i
HPBootOp REG_SZ "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
ehTray REG_SZ C:\WINDOWS\ehome\ehtray.exe
EdenFlirt REG_SZ C:\Program Files\Eden Flirt\EdenFlirt.exe
DMAScheduler REG_SZ "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
AlwaysReady Power Message APP REG_SZ ARPWRMSG.EXE
BluetoothAuthenticationAgent REG_SZ rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
RTHDCPL REG_SZ RTHDCPL.EXE
C-Media Mixer REG_SZ Mixer.exe /startup
avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
LifeCam REG_SZ "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
VX1000 REG_SZ C:\WINDOWS\vVX1000.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Adobe ARM REG_SZ "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
InstallVisualStyle REG_EXPAND_SZ C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
InstallTheme REG_EXPAND_SZ C:\WINDOWS\Resources\Themes\Royale.theme
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveAutorun REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 1 (0x1)
NoCDBurning REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ
===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\AOL 9.0\waol.exe REG_SZ C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL France
C:\Program Files\eMule\eMule.exe REG_SZ C:\Program Files\eMule\eMule.exe:*:Enabled:eMule Plus
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\InstantTouch\bin\CmCenterV2.exe REG_SZ C:\Program Files\InstantTouch\bin\CmCenterV2.exe:*:Enabled:CmCenter Module
C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe REG_SZ C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe REG_SZ C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
C:\Program Files\SpacialAudio\SAMBC\SAMBC.exe REG_SZ C:\Program Files\SpacialAudio\SAMBC\SAMBC.exe:*:Enabled:SAMBC
C:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe REG_SZ C:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe:*:Enabled:mRouterRuntime
C:\Program Files\PremierOpinion\pmropn.exe REG_SZ C:\Program Files\PremierOpinion\pmropn.exe:*:Enabled:pmropn.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe REG_SZ C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player
C:\Program Files\Zattoo\zattood.exe REG_SZ C:\Program Files\Zattoo\zattood.exe:*:Enabled:zattood
C:\Program Files\Zattoo\Zattoo2.exe REG_SZ C:\Program Files\Zattoo\Zattoo2.exe:*:Enabled:
C:\Program Files\Microsoft Games\Age of Empires II Trial\EMPIRES2.EXE REG_SZ C:\Program Files\Microsoft Games\Age of Empires II Trial\EMPIRES2.EXE:*:Disabled:Age of Empires II
C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\Program Files\LimeWire\LimeWire.exe REG_SZ C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
C:\Program Files\HP\Digital Imaging\bin\hposid01.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe REG_SZ C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator
C:\Program Files\Microsoft LifeCam\LifeCam.exe REG_SZ C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe
C:\Program Files\Microsoft LifeCam\LifeExp.exe REG_SZ C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe
C:\Documents and Settings\elliott\Bureau\Logi\e mule\eMule\emule.exe REG_SZ C:\Documents and Settings\elliott\Bureau\Logi\e mule\eMule\emule.exe:*:Enabled:eMule
C:\Program Files\Microsoft Games\Age of Empires II The Conquerors Expansion Trial\age2_x1t.exe REG_SZ C:\Program Files\Microsoft Games\Age of Empires II The Conquerors Expansion Trial\age2_x1t.exe:*:Disabled:Age of Empires II Expansion
C:\Program Files\Microsoft Games\Age of Empires III - The WarChiefs Trial\age3x.exe REG_SZ C:\Program Files\Microsoft Games\Age of Empires III - The WarChiefs Trial\age3x.exe:*:Disabled:Age of Empires III - The WarChiefs Trial
C:\Program Files\GameSpy Arcade\Aphex.exe REG_SZ C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
===============
ActivX controls
===============
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\Garmin Communicator Plug-In
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{084DAC27-6FA3-4F55-9005-033F2F102F5C}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{0CCA191D-13A6-4E29-B746-314DEE697D83}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{166B1BCA-3F9C-11CF-8075-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{233C1507-6A77-46A4-9443-F871F945D258}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5ED80217-570B-4DA9-BF44-BE107C0EC166}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8100D56A-5661-482C-BEE8-AFECE305D968}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{87AF076E-D86D-4E87-ADDD-F05804E1F150}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{9D190AE6-C81E-4039-8061-978EBAD10073}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}
===============
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{CB58DED6-4AF3-4080-9DF1-DEE72075169F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\KB910393
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Microsoft Base Smart Card Crypto Provider Package
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0291E591-EA41-4c82-8106-3DC6CE7F7664}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{233C1507-6A77-46A4-9443-F871F945D258}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{26D80B9A-4F0E-A5E9-05E1-B7B9C956CEBC}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{407408d4-94ed-4d86-ab69-a7f649d112ee}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{72AD53CC-CCC0-3757-8480-9EE176866A7C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8b15971b-5355-4c82-8c07-7e181ea07608}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{94de52c8-2d59-4f1b-883e-79663d2d9a8c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B508B3F1-A24A-32C0-B310-85786919EF28}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BDE0FA43-6952-4BA8-8C58-09AF690F88E1}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E8EA5BD6-D931-4001-ABF6-81BAA500360A}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EA29D410-CE41-4953-A862-2DE706A1DAD7}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EF289A85-8E57-408d-BE47-73B55609861A}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FDC11A6F-17D1-48f9-9EA3-9051954BAA24}
==============
BHO :
======
[<NO NAME> REG_SZ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3
EapHost : 0x3
SharedAccess : 0x2
wuauserv : 0x2
=========
D:\Autorun.inf :
----------------
[AUTORUN]
ShellExecute=Info.exe protect.ed 480 480
=======
Drive :
=======
D‚fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.
Rapport d'analyse
142 Go total, 34,58 Go libre (24%), 5% fragment‚ (fragmentation du fichier 10%)
Il ne vous est pas n‚cessaire de d‚fragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Files/folders :
C:\WINDOWS\kb913800.exe
C:\WINDOWS\System32\drivers\etc\hosts.msn
C:\WINDOWS\system32\MSWINSCK.OCX
¤¤¤¤¤¤¤¤¤¤ Keys :
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{B922D405-6D13-4A2B-AE89-08A030DA4402}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
"HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d}
HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d}
HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}
HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}
HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}
================
Other infections
================
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-18 08:08:40
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0013eff0c26d]
"0023d6c63cd5"=hex:ea,2d,64,c6,c1,c5,1d,ed,20,32,c8,00,2c,9b,3c,d9
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0013eff0c26d]
"0023d6c63cd5"=hex:ea,2d,64,c6,c1,c5,1d,ed,20,32,c8,00,2c,9b,3c,d9
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:000000af
"TracesSuccessful"=dword:000000ae
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
==========
Programs
==========
3DSNMP
Activision
Adobe
Alwil Software
Application Updater
Avanquest update
Avira
AVS4YOU
Babylon
CCleaner
ComPlus Applications
Conduit
Corel
d-lusion
Dexpot
DigitalSoundPlanet
DivX
Dofus 2
Droppix
Drumsite demo
EasyBits
Eazel-FR
Eden Flirt
ehthumbs.db
eLume
Family Toolbar
Fichiers communs
Firebird
Free FLV Converter
FrenchOtto
GameSpy Arcade
GemMasterFrench
Glary Utilities
Google
Hewlett-Packard
HP
HP DigitalMedia Archive
illiminable
Illustrate
Image Convert 1.0
Image-Line
InstallShield Installation Information
InstantTouch
Internet Explorer
Intuwave Ltd
Java
La ChaŒne M‚t‚o
Labtec Laser Mouse Software
List_Kill'em
Logitech
Ludi
MAGIX
Malwarebytes' Anti-Malware
McAfee Security Scan
Media Convert Master
Megaupload
Messenger
Messenger Plus! Live
Micro Scrabble
Microsoft
Microsoft CAPICOM 2.1.0.2
microsoft frontpage
Microsoft Games
Microsoft Games(3)
Microsoft LifeCam
Microsoft Office
Microsoft Silverlight
Microsoft SQL Server Compact Edition
Microsoft Sync Framework
Microsoft.NET
Midimass
MixVibesHOME7DEMO
Movie Maker
MSBuild
MSECache
MSN
MSN Gaming Zone
MSXML 4.0
muvee Technologies
myBabylon_English
MyHeritage
MyMediaRecorder (YouTube & Dailymotion Enabled)
MyXOFT
Navilog1
NeoTrace Express
Nero
NetMeeting
Neuf
NOS
OfficeRecovery
Online Services
Outlook Express
Outsim
PDF Suite
peer2Peer-FR2
PHPNukeFR
PianoFX
Playalot Games
PokerStars
Pvm
Real
Reference Assemblies
Samsung
scrabbleproB
Services en ligne
SoftLogica
Softwin
Sonic
SpacialAudio
SPAMfighter
Steam
Trend Micro
Uninstall Information
VDOWNLOADER
VideoLAN
VirginMega
VstPlugins
Windows Desktop Search
Windows Live
Windows Live Safety Center
Windows Live SkyDrive
Windows Media Connect 2
Windows Media Player
Windows NT
Windows Plus
WindowsUpdate
Winferno
WinRAR
xerox
Yahoo!
============
Lecteur C:
============
0d38e17182c411c1c5a4ab01b66c
aaw7boot.cmd
Ad-Remover
Ad-Report-CLEAN[1].log
Ad-Report-CLEAN[2].log
Ad-Report-SCAN[1].log
Ad-Report-SCAN[2].log
BOOT.BAK
boot.ini
Bootfont.bin
bugarap rho ziwok(romann jerome).wmv
cleannavi.txt
cmdcons
cmldr
CMPNENTS
Config.Msi
Documents and Settings
Easy Music Composer Free
ehthumbs.db
eJay
f8d9791eee8b44a03f
Florensia
found.000
Garmin
hiberfil.sys
hp
img2-001.raw
IO.SYS
Kill'em
List'em.txt
MSDOS.SYS
Netts
NTDETECT.COM
ntldr
pagefile.sys
Pixia
Poker
Program Files
Python22
RECYCLER
System Volume Information
Team17
temp
WINDOWS
World War One
¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials
C:\Documents and Settings\All Users\Application Data\Age of Empires 3 XPack Trial\Patches
C:\Documents and Settings\All Users\Application Data\Age of Empires 3 YPack Trial\Patches
C:\eJay\Dance eJay 7 Demo\DrumWaves\Snares\crack sn.wav
C:\eJay\Dance eJay 7 Demo\DrumWaves\Snares\cracking sn.wav
C:\Program Files\Image-Line\FL Studio 8\Data\Patches
C:\Program Files\Image-Line\FL Studio 8\Data\Patches\Speech
C:\Program Files\Image-Line\FL Studio 8\Data\Patches\Speech\FunkyMusic.zgr
C:\Program Files\Image-Line\FL Studio 8\Data\Patches\Speech\Hardman.zgr
C:\Program Files\Image-Line\FL Studio 8\Data\Patches\Speech\higherstate.zgr
C:\Program Files\Image-Line\FL Studio 8\Data\Patches\Speech\human beatbox.zgr
C:\Program Files\Image-Line\FL Studio 8\Data\Patches\Speech\IHaveFreedom_long.zgr
C:\Program Files\Image-Line\FL Studio 8\Data\Patches\Speech\Superstar.zgr
C:\Program Files\Image-Line\FL Studio 8\Data\Patches\Speech\Targetlocked_Colossus.zgr
C:\Program Files\Image-Line\FL Studio 8\Data\Patches\Speech\TestLow_hi.zgr
C:\Program Files\Image-Line\FL Studio 8\Data\Patches\Speech\TestLow_Tipsy.zgr
C:\Program Files\Image-Line\FL Studio 8\Data\Patches\Speech\TheFutureIsNow.zgr
C:\Program Files\Image-Line\FL Studio 8\Data\Patches\Speech\TimeToGroove.zgr
C:\Program Files\Image-Line\FL Studio 8\Data\Patches\Speech\Transmission.zgr
C:\Program Files\Image-Line\FL Studio 8\Data\Patches\Speech\UKbeat.zgr
C:\Program Files\Image-Line\FL Studio 8\Data\Patches\Speech\WestCoast.zgr
C:\Program Files\Image-Line\FL Studio 8\Data\Patches\Speech\YouNeedAHaircut.zgr
C:\World War One\Serial.ini
C:\Documents and Settings\Administrateur\Local Settings\Application Data\ApplicationHistory\Install.exe.446b110b.ini
C:\Documents and Settings\davy\Local Settings\Application Data\ApplicationHistory\Install.exe.446b110b.ini
C:\Documents and Settings\Default User\Local Settings\Application Data\ApplicationHistory\Install.exe.446b110b.ini
C:\Documents and Settings\elliott\Local Settings\Application Data\ApplicationHistory\Install.exe.446b110b.ini
C:\Documents and Settings\elliott\Local Settings\Temp\R‚pertoire temporaire 1 pour MyMediaRecorder10-Demo-FR[1].zip\Install.exe
C:\Documents and Settings\franck\Local Settings\Application Data\ApplicationHistory\Install.exe.446b110b.ini
C:\Documents and Settings\franck\Local Settings\Application Data\ApplicationHistory\Install.exe.eb8320c1.ini
C:\Documents and Settings\Invit‚\Local Settings\Application Data\ApplicationHistory\Install.exe.446b110b.ini
C:\hp\KBD\Install.exe
C:\hp\patches\64WW1NDR\CPC_UPD\OwnerPatch.exe
C:\hp\recovery\bin\PE_Patch.exe
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\Install.exe.446b110b.ini
D:\MiniNT\system32\OwnerPatch.exe
D:\I386\APPS\APP28427\src\MSWorks\Install.exe
D:\I386\DRV\APP02744\Install.exe
D:\I386\DRV\APP02744\src\Install.exe
D:\I386\SYSTEM32\OwnerPatch.exe
D:\hp\patches\64WW1NDR\CPC_UPD\OwnerPatch.exe
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
thx to CCM team.....
User : franck (Administrateurs)
Update on 17/01/2010 by g3n-h@ckm@n ::::: 00:10
Start at: 08:06:31 | 18/01/2010
Contact : g3n-h@ckm@n sur CCM
AMD Athlon(tm) 64 Processor 3500+
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.32 [ (!) Disabled | Updated ]
C:\ -> Disque fixe local | 142,28 Go (34,57 Go free) [HP_PAVILION] | NTFS
D:\ -> Disque fixe local | 6,74 Go (1,49 Go free) [HP_RECOVERY] | FAT32
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mmrtkrnl.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\vVX1000.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\Labtec Laser Mouse Software\MulMouse.exe
C:\Documents and Settings\franck\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\franck\Local Settings\Temp\3B.tmp\pv.exe
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
Recguard REG_SZ C:\WINDOWS\SMINST\RECGUARD.EXE
Realtime Audio Engine REG_SZ "mmrtkrnl.exe" /i
HPBootOp REG_SZ "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
ehTray REG_SZ C:\WINDOWS\ehome\ehtray.exe
EdenFlirt REG_SZ C:\Program Files\Eden Flirt\EdenFlirt.exe
DMAScheduler REG_SZ "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
AlwaysReady Power Message APP REG_SZ ARPWRMSG.EXE
BluetoothAuthenticationAgent REG_SZ rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
RTHDCPL REG_SZ RTHDCPL.EXE
C-Media Mixer REG_SZ Mixer.exe /startup
avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
LifeCam REG_SZ "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
VX1000 REG_SZ C:\WINDOWS\vVX1000.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Adobe ARM REG_SZ "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
InstallVisualStyle REG_EXPAND_SZ C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
InstallTheme REG_EXPAND_SZ C:\WINDOWS\Resources\Themes\Royale.theme
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveAutorun REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 1 (0x1)
NoCDBurning REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ
===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\AOL 9.0\waol.exe REG_SZ C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL France
C:\Program Files\eMule\eMule.exe REG_SZ C:\Program Files\eMule\eMule.exe:*:Enabled:eMule Plus
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\InstantTouch\bin\CmCenterV2.exe REG_SZ C:\Program Files\InstantTouch\bin\CmCenterV2.exe:*:Enabled:CmCenter Module
C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe REG_SZ C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe REG_SZ C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
C:\Program Files\SpacialAudio\SAMBC\SAMBC.exe REG_SZ C:\Program Files\SpacialAudio\SAMBC\SAMBC.exe:*:Enabled:SAMBC
C:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe REG_SZ C:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe:*:Enabled:mRouterRuntime
C:\Program Files\PremierOpinion\pmropn.exe REG_SZ C:\Program Files\PremierOpinion\pmropn.exe:*:Enabled:pmropn.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe REG_SZ C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player
C:\Program Files\Zattoo\zattood.exe REG_SZ C:\Program Files\Zattoo\zattood.exe:*:Enabled:zattood
C:\Program Files\Zattoo\Zattoo2.exe REG_SZ C:\Program Files\Zattoo\Zattoo2.exe:*:Enabled:
C:\Program Files\Microsoft Games\Age of Empires II Trial\EMPIRES2.EXE REG_SZ C:\Program Files\Microsoft Games\Age of Empires II Trial\EMPIRES2.EXE:*:Disabled:Age of Empires II
C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\Program Files\LimeWire\LimeWire.exe REG_SZ C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
C:\Program Files\HP\Digital Imaging\bin\hposid01.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe REG_SZ C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator
C:\Program Files\Microsoft LifeCam\LifeCam.exe REG_SZ C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe
C:\Program Files\Microsoft LifeCam\LifeExp.exe REG_SZ C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe
C:\Documents and Settings\elliott\Bureau\Logi\e mule\eMule\emule.exe REG_SZ C:\Documents and Settings\elliott\Bureau\Logi\e mule\eMule\emule.exe:*:Enabled:eMule
C:\Program Files\Microsoft Games\Age of Empires II The Conquerors Expansion Trial\age2_x1t.exe REG_SZ C:\Program Files\Microsoft Games\Age of Empires II The Conquerors Expansion Trial\age2_x1t.exe:*:Disabled:Age of Empires II Expansion
C:\Program Files\Microsoft Games\Age of Empires III - The WarChiefs Trial\age3x.exe REG_SZ C:\Program Files\Microsoft Games\Age of Empires III - The WarChiefs Trial\age3x.exe:*:Disabled:Age of Empires III - The WarChiefs Trial
C:\Program Files\GameSpy Arcade\Aphex.exe REG_SZ C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
===============
ActivX controls
===============
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\Garmin Communicator Plug-In
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{084DAC27-6FA3-4F55-9005-033F2F102F5C}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{0CCA191D-13A6-4E29-B746-314DEE697D83}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{166B1BCA-3F9C-11CF-8075-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{233C1507-6A77-46A4-9443-F871F945D258}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5ED80217-570B-4DA9-BF44-BE107C0EC166}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8100D56A-5661-482C-BEE8-AFECE305D968}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{87AF076E-D86D-4E87-ADDD-F05804E1F150}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{9D190AE6-C81E-4039-8061-978EBAD10073}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}
===============
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{CB58DED6-4AF3-4080-9DF1-DEE72075169F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\KB910393
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Microsoft Base Smart Card Crypto Provider Package
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0291E591-EA41-4c82-8106-3DC6CE7F7664}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{233C1507-6A77-46A4-9443-F871F945D258}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{26D80B9A-4F0E-A5E9-05E1-B7B9C956CEBC}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{407408d4-94ed-4d86-ab69-a7f649d112ee}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{72AD53CC-CCC0-3757-8480-9EE176866A7C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8b15971b-5355-4c82-8c07-7e181ea07608}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{94de52c8-2d59-4f1b-883e-79663d2d9a8c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B508B3F1-A24A-32C0-B310-85786919EF28}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BDE0FA43-6952-4BA8-8C58-09AF690F88E1}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E8EA5BD6-D931-4001-ABF6-81BAA500360A}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EA29D410-CE41-4953-A862-2DE706A1DAD7}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EF289A85-8E57-408d-BE47-73B55609861A}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FDC11A6F-17D1-48f9-9EA3-9051954BAA24}
==============
BHO :
======
[<NO NAME> REG_SZ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3
EapHost : 0x3
SharedAccess : 0x2
wuauserv : 0x2
=========
D:\Autorun.inf :
----------------
[AUTORUN]
ShellExecute=Info.exe protect.ed 480 480
=======
Drive :
=======
D‚fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.
Rapport d'analyse
142 Go total, 34,58 Go libre (24%), 5% fragment‚ (fragmentation du fichier 10%)
Il ne vous est pas n‚cessaire de d‚fragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Files/folders :
C:\WINDOWS\kb913800.exe
C:\WINDOWS\System32\drivers\etc\hosts.msn
C:\WINDOWS\system32\MSWINSCK.OCX
¤¤¤¤¤¤¤¤¤¤ Keys :
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{B922D405-6D13-4A2B-AE89-08A030DA4402}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
"HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d}
HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d}
HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}
HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}
HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}
================
Other infections
================
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-18 08:08:40
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0013eff0c26d]
"0023d6c63cd5"=hex:ea,2d,64,c6,c1,c5,1d,ed,20,32,c8,00,2c,9b,3c,d9
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0013eff0c26d]
"0023d6c63cd5"=hex:ea,2d,64,c6,c1,c5,1d,ed,20,32,c8,00,2c,9b,3c,d9
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:000000af
"TracesSuccessful"=dword:000000ae
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
==========
Programs
==========
3DSNMP
Activision
Adobe
Alwil Software
Application Updater
Avanquest update
Avira
AVS4YOU
Babylon
CCleaner
ComPlus Applications
Conduit
Corel
d-lusion
Dexpot
DigitalSoundPlanet
DivX
Dofus 2
Droppix
Drumsite demo
EasyBits
Eazel-FR
Eden Flirt
ehthumbs.db
eLume
Family Toolbar
Fichiers communs
Firebird
Free FLV Converter
FrenchOtto
GameSpy Arcade
GemMasterFrench
Glary Utilities
Hewlett-Packard
HP
HP DigitalMedia Archive
illiminable
Illustrate
Image Convert 1.0
Image-Line
InstallShield Installation Information
InstantTouch
Internet Explorer
Intuwave Ltd
Java
La ChaŒne M‚t‚o
Labtec Laser Mouse Software
List_Kill'em
Logitech
Ludi
MAGIX
Malwarebytes' Anti-Malware
McAfee Security Scan
Media Convert Master
Megaupload
Messenger
Messenger Plus! Live
Micro Scrabble
Microsoft
Microsoft CAPICOM 2.1.0.2
microsoft frontpage
Microsoft Games
Microsoft Games(3)
Microsoft LifeCam
Microsoft Office
Microsoft Silverlight
Microsoft SQL Server Compact Edition
Microsoft Sync Framework
Microsoft.NET
Midimass
MixVibesHOME7DEMO
Movie Maker
MSBuild
MSECache
MSN
MSN Gaming Zone
MSXML 4.0
muvee Technologies
myBabylon_English
MyHeritage
MyMediaRecorder (YouTube & Dailymotion Enabled)
MyXOFT
Navilog1
NeoTrace Express
Nero
NetMeeting
Neuf
NOS
OfficeRecovery
Online Services
Outlook Express
Outsim
PDF Suite
peer2Peer-FR2
PHPNukeFR
PianoFX
Playalot Games
PokerStars
Pvm
Real
Reference Assemblies
Samsung
scrabbleproB
Services en ligne
SoftLogica
Softwin
Sonic
SpacialAudio
SPAMfighter
Steam
Trend Micro
Uninstall Information
VDOWNLOADER
VideoLAN
VirginMega
VstPlugins
Windows Desktop Search
Windows Live
Windows Live Safety Center
Windows Live SkyDrive
Windows Media Connect 2
Windows Media Player
Windows NT
Windows Plus
WindowsUpdate
Winferno
WinRAR
xerox
Yahoo!
============
Lecteur C:
============
0d38e17182c411c1c5a4ab01b66c
aaw7boot.cmd
Ad-Remover
Ad-Report-CLEAN[1].log
Ad-Report-CLEAN[2].log
Ad-Report-SCAN[1].log
Ad-Report-SCAN[2].log
BOOT.BAK
boot.ini
Bootfont.bin
bugarap rho ziwok(romann jerome).wmv
cleannavi.txt
cmdcons
cmldr
CMPNENTS
Config.Msi
Documents and Settings
Easy Music Composer Free
ehthumbs.db
eJay
f8d9791eee8b44a03f
Florensia
found.000
Garmin
hiberfil.sys
hp
img2-001.raw
IO.SYS
Kill'em
List'em.txt
MSDOS.SYS
Netts
NTDETECT.COM
ntldr
pagefile.sys
Pixia
Poker
Program Files
Python22
RECYCLER
System Volume Information
Team17
temp
WINDOWS
World War One
¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials
C:\Documents and Settings\All Users\Application Data\Age of Empires 3 XPack Trial\Patches
C:\Documents and Settings\All Users\Application Data\Age of Empires 3 YPack Trial\Patches
C:\eJay\Dance eJay 7 Demo\DrumWaves\Snares\crack sn.wav
C:\eJay\Dance eJay 7 Demo\DrumWaves\Snares\cracking sn.wav
C:\Program Files\Image-Line\FL Studio 8\Data\Patches
C:\Program Files\Image-Line\FL Studio 8\Data\Patches\Speech
C:\Program Files\Image-Line\FL Studio 8\Data\Patches\Speech\FunkyMusic.zgr
C:\Program Files\Image-Line\FL Studio 8\Data\Patches\Speech\Hardman.zgr
C:\Program Files\Image-Line\FL Studio 8\Data\Patches\Speech\higherstate.zgr
C:\Program Files\Image-Line\FL Studio 8\Data\Patches\Speech\human beatbox.zgr
C:\Program Files\Image-Line\FL Studio 8\Data\Patches\Speech\IHaveFreedom_long.zgr
C:\Program Files\Image-Line\FL Studio 8\Data\Patches\Speech\Superstar.zgr
C:\Program Files\Image-Line\FL Studio 8\Data\Patches\Speech\Targetlocked_Colossus.zgr
C:\Program Files\Image-Line\FL Studio 8\Data\Patches\Speech\TestLow_hi.zgr
C:\Program Files\Image-Line\FL Studio 8\Data\Patches\Speech\TestLow_Tipsy.zgr
C:\Program Files\Image-Line\FL Studio 8\Data\Patches\Speech\TheFutureIsNow.zgr
C:\Program Files\Image-Line\FL Studio 8\Data\Patches\Speech\TimeToGroove.zgr
C:\Program Files\Image-Line\FL Studio 8\Data\Patches\Speech\Transmission.zgr
C:\Program Files\Image-Line\FL Studio 8\Data\Patches\Speech\UKbeat.zgr
C:\Program Files\Image-Line\FL Studio 8\Data\Patches\Speech\WestCoast.zgr
C:\Program Files\Image-Line\FL Studio 8\Data\Patches\Speech\YouNeedAHaircut.zgr
C:\World War One\Serial.ini
C:\Documents and Settings\Administrateur\Local Settings\Application Data\ApplicationHistory\Install.exe.446b110b.ini
C:\Documents and Settings\davy\Local Settings\Application Data\ApplicationHistory\Install.exe.446b110b.ini
C:\Documents and Settings\Default User\Local Settings\Application Data\ApplicationHistory\Install.exe.446b110b.ini
C:\Documents and Settings\elliott\Local Settings\Application Data\ApplicationHistory\Install.exe.446b110b.ini
C:\Documents and Settings\elliott\Local Settings\Temp\R‚pertoire temporaire 1 pour MyMediaRecorder10-Demo-FR[1].zip\Install.exe
C:\Documents and Settings\franck\Local Settings\Application Data\ApplicationHistory\Install.exe.446b110b.ini
C:\Documents and Settings\franck\Local Settings\Application Data\ApplicationHistory\Install.exe.eb8320c1.ini
C:\Documents and Settings\Invit‚\Local Settings\Application Data\ApplicationHistory\Install.exe.446b110b.ini
C:\hp\KBD\Install.exe
C:\hp\patches\64WW1NDR\CPC_UPD\OwnerPatch.exe
C:\hp\recovery\bin\PE_Patch.exe
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\Install.exe.446b110b.ini
D:\MiniNT\system32\OwnerPatch.exe
D:\I386\APPS\APP28427\src\MSWorks\Install.exe
D:\I386\DRV\APP02744\Install.exe
D:\I386\DRV\APP02744\src\Install.exe
D:\I386\SYSTEM32\OwnerPatch.exe
D:\hp\patches\64WW1NDR\CPC_UPD\OwnerPatch.exe
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤