Sujet Précédent Sujet Suivant

Trojan-Downloader.Win32.Agent.cyuj

Fermé
Kraneuse - 31 janv. 2010 à 23:59
 Utilisateur anonyme - 16 févr. 2010 à 23:57
Bonjour,

J'ai un petit problème avec l'ordinateur... C'est hyper compliqué pour moi.. Mon Anti-Virus Kaspersky me dit que ma machine est infectée par 4 chevaux de Troie et 203 applications indésirables. Mais il ne semble pas être capable de faire son travail et supprimer tout ça. Dans mes rapports, ça indique que la suppression de Trojan-Downloader.Win32.Agent.cyuj est impossible et qu'il a aussi détecté d'autre trucs comme : Trojan-Downloader.Win32.Agent.cyuj et Trojan-Downloader.Win32.Small.aoly.

J'ai été lire vos forums, mais je préfère me faire dire quoi faire exactement avec ça, comment guérir mon ordi :P Je vois que vous demandez souvent un rapport de HiJackThis alors le voici :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:56:55, on 2010-01-31
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Jay\Mes documents\Les photos\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=fr&client=dell-row&channel=ca&ibd=6060927
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\Jay\MESDOC~1\LESPHO~1\JOANNI~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Documents and Settings\Jay\Mes documents\Les photos\Joannie PIk\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RemoveIT Pro v7Ent] C:\Documents and Settings\Jay\Mes documents\Program Files\InCode Solutions\RemoveIT Pro v7 Enterprise\removeit.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727; MSN Optimized;CA; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MSN Optimized;CA)" -"https://www.y8.com/games/Fishin_Fever"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.17\AMVConverter\grab.html
O8 - Extra context menu item: Ajouter à l'Anti-bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\DOCUME~1\Jay\MESDOC~1\LESPHO~1\JOANNI~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\DOCUME~1\Jay\MESDOC~1\LESPHO~1\JOANNI~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://janisottawa.spaces.live.com/PhotoUpload/MsnPUpld.cab?10,0,912,0
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://allyssonboivin.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://www.cogeco.ca/fra/OLS3.3/fscax.cab
O16 - DPF: {C212D449-8B3C-41F2-BD9A-047BD770550F} (Perparer Class) - http://www.fiaa.eu/OPLauncher.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://www.creative.com/su2/CTL_V02002/ocx/15033/CTPID.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
A voir également:

27 réponses

  • 1
  • 2
Réponse 1 / 27
Utilisateur anonyme
1 févr. 2010 à 01:07
fais-le en mode normal
1
Kraneuse
2 févr. 2010 à 01:41
http://www.cijoint.fr/cjlink.php?file=cj201002/cij78M8JM8.zip

mon envoi de ce matin n'a pas fonctionné... alors apres avoir scanner touuuute la nuit.. il a supprimé quelques trucs et mit en quarantaine d'autre trucs aussi.
0
Réponse 2 / 27
Utilisateur anonyme
1 févr. 2010 à 00:01
salut :

▶ Télécharge Dr Web CureIt sur ton Bureau :

▶ redemarre en mode sans échec


▶- Double clique (clic droit "en tant qu'admin" sous Vista) <drweb-cureit.exe> et ensuite clique sur <Analyse>;

▶- Clique <Ok> à l'invite de l'analyse rapide. S'il trouve des processus infectés alors clique le bouton <Oui>.

Note : une fenêtre s'ouvrira avec options pour "Commander" ou "50% de réduction" : Quitte en cliquant le "X".

▶- Lorsque le scan rapide est terminé, clique sur le menu <Options> puis <Changer la configuration> ; Choisis l'onglet <Scanner>, et décoche <Analyse heuristique>. Clique ensuite sur <Ok>.
▶- De retour à la fenêtre principale : clique pour activer <Analyse complète>
▶- Clique le bouton avec flèche verte sur la droite, et le scan débutera.
▶- Clique <Oui> pour tout à l'invite "Désinfecter ?" lorsqu'un fichier est détecté, et ensuite clique "Désinfecter".
▶- Lorsque le scan sera complété, regarde si tu peux cliquer sur l' icône, adjacente aux fichiers détectés (plusieurs feuilles l'une sur l'autre). Si oui, alors clique dessus et ensuite clique sur l'icône <Suivant>, au dessous, et choisis <Déplacer en quarantaine l'objet indésirable>.
▶- Du menu principal de l'outil, au haut à gauche, clique sur le menu <Fichier> et choisis <Enregistrer le rapport>. Sauvegarde le rapport sur ton Bureau. Ce dernier se nommera DrWeb.csv


▶-pour le rapport tu l enregistres sur ton bureau , tu clic droit dessus /envoyer vers / dossiers compresses

ensuite :

tu m'envoies l'archive comme ceci :

clique sur ce lien : http://www.cijoint.fr/

▶ Clique sur Parcourir et cherche le fichier ci-dessus.

▶ Clique sur Ouvrir.

▶ Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

est ajouté dans la page.

▶ Copie ce lien dans ta réponse.

▶- Ferme Dr.Web Cureit
▶- Redémarre ton ordi (important car certains fichiers peuvent être déplacés/réparés au redémarrage).




0
Réponse 3 / 27
Kraneuse
1 févr. 2010 à 01:01
Resalut, bon!! J'essaie de redémarrer en mode sans échec, mais ça ne fonctionne pas. J'ai beau peser sur le F2 pour entrer dans les setups lors du redémarrage, mais que dalles!! Il redémarre en mode normal, est ce qu'il y a une autre alternative ??
0
Réponse 4 / 27
Utilisateur anonyme
2 févr. 2010 à 01:46
desinstalle RemoveIT Pro il a la reputation d'etre un rogue

Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection)

▶ Télécharge List&Kill'em et enregistre le sur ton bureau

▶ Branche clés usb , disques durs externes , mp3 , mp4 , etc..

double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

coche la case "creer une icone sur le bureau"

une fois terminée , clic sur "terminer" et le programme se lancera seul

choisis la langue puis choisis l'option 1 = Mode Recherche

▶ laisse travailler l'outil

à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.

▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"

tu peux supprimer le rapport catchme.log de ton bureau maintenant.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 27
Kraneuse Messages postés 18 Date d'inscription mardi 2 février 2010 Statut Membre Dernière intervention 15 avril 2011
2 févr. 2010 à 05:17
Dakodak.. Voici le rapport. Et concernant RemoveIt je crois que je l'ai enlever hier soir, etk jle vois pas dans la liste des programmes.

List'em by g3n-h@ckm@n 1.2.1.4
User : Jay (Administrateurs)
Update on 02/02/2010 by g3n-h@ckm@n ::::: 00.45
Start at: 20:13:11 | 2010-02-01
Contact : g3n-h@ckm@n sur CCM

Intel(R) Celeron(R) CPU 2.80GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : Kaspersky Internet Security 9.0.0.463 [ (!) Disabled | Updated ]
FW : Kaspersky Internet Security[ (!) Disabled ]9.0.0.463

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 52,7 Go (16,47 Go free) | NTFS
D:\ -> Disque fixe local | 18,61 Go (10,09 Go free) [Sauvegarder] | NTFS
E:\ -> Disque CD-ROM

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Jay\Mes documents\Les photos\Joannie PIk\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Jay\Bureau\List_Kill'em\List_Kill'em.scr
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Jay\Local Settings\Temp\1FFB.tmp\pv.exe

======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
SpybotSD TeaTimer REG_SZ C:\Documents and Settings\Jay\Mes documents\Les photos\Joannie PIk\Spybot - Search & Destroy\TeaTimer.exe
RemoveIT Pro v7Ent REG_SZ C:\Documents and Settings\Jay\Mes documents\Program Files\InCode Solutions\RemoveIT Pro v7 Enterprise\removeit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SoundMAXPnP REG_SZ "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
DLA REG_SZ C:\WINDOWS\System32\DLA\DLACTRLW.EXE
ISUSScheduler REG_SZ "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
igfxtray REG_SZ C:\WINDOWS\system32\igfxtray.exe
igfxpers REG_SZ C:\WINDOWS\system32\igfxpers.exe
AVP REG_SZ "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 145 (0x91)

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 1 (0x1)
NoCDBurning REG_DWORD 0 (0x0)

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultDomainName REG_SZ SALON
DefaultUserName REG_SZ Jay
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 1 (0x1)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 1 (0x1)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 0 (0x0)
AltDefaultUserName REG_SZ Jay
AltDefaultDomainName REG_SZ SALON
ChangePasswordUseKerberos REG_DWORD 1 (0x1)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\SCLogon

===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\klogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
{56F9679E-7826-4C84-81F3-532071A8BCC5} REG_SZ

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
C:\WINDOWS\system32\sessmgr.exe REG_SZ C:\WINDOWS\system32\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\french\setup.exe REG_SZ C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\french\setup.exe:*:Enabled:Programme d'installation de Kaspersky Internet Security 2009
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
C:\Program Files\mIRC\mirc.exe REG_SZ C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare

===============
ActivX controls
===============
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\CabBuilder
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{0CCA191D-13A6-4E29-B746-314DEE697D83}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{138E6DC9-722B-4F4B-B09D-95D191869696}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{166B1BCA-3F9C-11CF-8075-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{17492023-C23A-453E-A040-C7C580BBF700}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{20A60F0D-9AFA-4515-A0FD-83BD84642501}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{233C1507-6A77-46A4-9443-F871F945D258}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{7FC1B346-83E6-4774-8D20-1A6B09B0E737}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{C212D449-8B3C-41F2-BD9A-047BD770550F}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{F6ACF75C-C32C-447B-9BEF-46B766368D29}

===============
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{CB58DED6-4AF3-4080-9DF1-DEE72075169F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0291E591-EA41-4c82-8106-3DC6CE7F7664}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{233C1507-6A77-46A4-9443-F871F945D258}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{72AD53CC-CCC0-3757-8480-9EE176866A7C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8b15971b-5355-4c82-8c07-7e181ea07608}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{94de52c8-2d59-4f1b-883e-79663d2d9a8c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B508B3F1-A24A-32C0-B310-85786919EF28}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}

==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{2F85D76C-0569-466F-A488-493E6BD0E955}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{53707962-6F74-2D53-2644-206D7942484F}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.ca/?gws_rd=ssl

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3
EapHost : 0x3
SharedAccess : 0x2
wuauserv : 0x2

=========
Atapi.sys
=========

%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Documents and Settings\Jay\Local Settings\Temp\1FFB.tmp
## C:\> hashdeep C:\WINDOWS\System32\Drivers\atapi.sys
##
96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\System32\Drivers\atapi.sys


Sources
=======

C:\i386\atapi.sys
C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
C:\WINDOWS\ServicePackFiles\i386\atapi.sys
C:\WINDOWS\system32\drivers\atapi.sys
C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

Référence :
==========

Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C

=======
Drive :
=======

D‚fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

Rapport d'analyse
52,70 Go total, 16,47 Go libre (31%), 3% fragment‚ (fragmentation du fichier 7%)

Il ne vous est pas n‚cessaire de d‚fragmenter ce volume.

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Present !! : C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
Present !! : C:\WINDOWS\002885_.tmp
Present !! : C:\WINDOWS\system32\x3daudio1_0.dll
Present !! : C:\WINDOWS\system32\x3daudio1_1.dll
Present !! : C:\WINDOWS\system32\x3daudio1_2.dll
Present !! : C:\WINDOWS\system32\xinput9_1_0.dll
Present !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Present !! : C:\WINDOWS\System32\drivers\Sonyhcp.dll
Present !! : C:\WINDOWS\System32\SET49.tmp
Present !! : C:\WINDOWS\System32\SET4B.tmp
Present !! : C:\WINDOWS\System32\SET57.tmp
Present !! : C:\Documents and Settings\Jay\Application Data\wklnhst.dat
Present !! : C:\Documents and Settings\Jay\Application Data\wklnhst.dat
Present !! : C:\Documents and Settings\Jay\Application Data\VideoEgg

¤¤¤¤¤¤¤¤¤¤ Keys :

Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}
Present !! : "HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0}"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File execution Options\taskmgr.exe"
Present !! : HKCR\CLSID\{168dc258-1455-4e61-8590-9dac2f27b675}
Present !! : HKCR\CLSID\{1a8642f1-dc80-4edc-a39d-0fb62a58b455}
Present !! : HKCR\CLSID\{3f91eb90-ef62-44ee-a685-fac29af111cd}
Present !! : HKCR\CLSID\{5c29c7e4-5321-4cad-be2e-877666bed5df}
Present !! : HKCR\CLSID\{83dfb6ee-ab18-41b5-86d4-b544a141d67e}
Present !! : HKCR\CLSID\{88d6cf0e-cf70-4c24-bf6e-e4e414bc649c}
Present !! : HKCR\CLSID\{8f6a82a2-d7b1-443e-bb9f-f7dc887dd618}
Present !! : HKCR\CLSID\{9856e2d8-ffb2-4fe5-8cad-d5ad6a35a804}
Present !! : HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
Present !! : HKCR\CLSID\{a3d06987-c35e-49e4-8fe2-ac67b9fbfb4c}
Present !! : HKCR\CLSID\{a58c497b-3ee2-45e7-9594-daca6be2a0d0}
Present !! : HKCR\CLSID\{ad0a3058-fd49-4f98-a514-fd055201835e}
Present !! : HKCR\CLSID\{ad5915ea-b61a-4dba-b5c8-ef4b2df0a3c7}
Present !! : HKCR\CLSID\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0}
Present !! : HKCR\CLSID\{bb187c0d-6f53-4f3e-9590-98fd3a7364a2}
Present !! : HKCR\CLSID\{c5041fd9-4819-4dc4-b20e-c950b5b03d2a}
Present !! : HKCR\CLSID\{d17726cc-d4dd-4c4a-9671-471d56e413b5}
Present !! : HKCR\CLSID\{db8cce99-59c6-4552-8bfc-058feb38d6ce}
Present !! : HKCR\CLSID\{dc3a04ee-cdd7-4407-915c-a5502f97eecd}
Present !! : HKCR\CLSID\{e1a63484-a022-4d42-830a-fbd411514440}
Present !! : HKCR\CLSID\{e282c728-189d-419e-8ee2-1601f4b39ba5}
Present !! : HKCR\ImageOle.GifAnimator
Present !! : HKCR\ImageOle.GifAnimator.1
Present !! : HKCR\interface\{0C1CF2DF-05A3-4FEF-8CD4-F5CFC4355A16}
Present !! : HKCR\videoegg.activexloader
Present !! : HKCR\videoegg.activexloader.1
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\videoegg
Present !! : HKCU\SOFTWARE\VideoEgg
Present !! : HKLM\Software\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Present !! : HKLM\SOFTWARE\VideoEgg
Present !! : HKLM\SYSTEM\ControlSet001\Enum\Root\Legacy_BHDRVX86
Present !! : HKLM\SYSTEM\ControlSet002\Enum\Root\Legacy_BHDRVX86
Present !! : HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_BHDRVX86

============

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-01 20:39:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

C:\Documents and Settings\Jay\Local Settings\Temporary Internet Files\Content.IE5\2UU912LU\p_1259144973=10[2].txt 25 bytes

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

==========
Programs
==========

Adobe
Analog Devices
Apple Software Update
ArcSoft
Audible
BAE
ComPlus Applications
CONEXANT
Creative
Creative Installation Information
Dell
Dell Computer
Digital Line Detect
EmpirePokerMaster
FaxTools
Fichiers communs
Google
InstallShield Installation Information
Intel
InterActual
Internet Explorer
iPod
iTunes
Jasc Software Inc
Java
Jeune Styliste 2
Kaspersky Lab
Microsoft
Microsoft CAPICOM 2.1.0.2
microsoft frontpage
Microsoft Office
Microsoft Office Outlook Connector
Microsoft Silverlight
Microsoft SQL Server Compact Edition
Microsoft Sync Framework
Microsoft Visual Studio
Microsoft Works
Microsoft.NET
mIRC
Modem Helper
Movie Maker
MP3 Player Utilities 4.11
MP3 Player Utilities 4.17
MSBuild
MSECache
MSN
MSN Gaming Zone
MSXML 4.0
Navilog1
NetMeeting
NetWaiting
Online Services
Outlook Express
Panasonic
PartyGaming
PhotoViewer
PIXELA
PokerStars.NET
Pure Networks
QuickTime
Reference Assemblies
Roxio
Services en ligne
Sonic
Sony Corporation
Spybot - Search & Destroy
Styliste2
Sun
TuneUp Utilities 2010
Ubisoft
Uninstall Information
Windows Desktop Search
Windows Live
Windows Live SkyDrive
Windows Live Toolbar
Windows Media Connect 2
Windows Media Player
Windows NT
WindowsUpdate
xerox
Yahoo!

============
Drive C:
============

.jagex_cache_32
3207629a007828bebcd650
7f38df109e234604f780ac8f71f28577
8fc7b5cad965a9f7863763256c77c554
asdict.dat
AUTOEXEC.BAT
b2bb02e773844f968883c4
boot.ini
Bootfont.bin
cleannavi.txt
Config.Msi
CONFIG.SYS
dell
dell.sdr
Documents and Settings
Downloads
drivers
dwl.dat
eujbmv.exe
fsaua.data
hiberfil.sys
httpdwl.dat
i386
INFCACHE.1
Installer.log
IO.SYS
Kill'em
List'em.txt
LogiSetup.log
mediamp3.dat
Mes documents
MSDOS.SYS
MSOCache
My Downloads
NTDETECT.COM
ntldr
pagefile.sys
Program Files
RECYCLER
rtsr_eml_sr.dat
setupfax.log
SIERRA
Sierra On-Line
sqmdata00.sqm
sqmdata01.sqm
sqmdata02.sqm
sqmdata03.sqm
sqmdata04.sqm
sqmdata05.sqm
sqmdata06.sqm
sqmdata07.sqm
sqmdata08.sqm
sqmdata09.sqm
sqmdata10.sqm
sqmdata11.sqm
sqmdata12.sqm
sqmdata13.sqm
sqmdata14.sqm
sqmdata15.sqm
sqmdata16.sqm
sqmdata17.sqm
sqmdata18.sqm
sqmdata19.sqm
sqmnoopt00.sqm
sqmnoopt01.sqm
sqmnoopt02.sqm
sqmnoopt03.sqm
sqmnoopt04.sqm
sqmnoopt05.sqm
sqmnoopt06.sqm
sqmnoopt07.sqm
sqmnoopt08.sqm
sqmnoopt09.sqm
sqmnoopt10.sqm
sqmnoopt11.sqm
sqmnoopt12.sqm
sqmnoopt13.sqm
sqmnoopt14.sqm
sqmnoopt15.sqm
sqmnoopt16.sqm
sqmnoopt17.sqm
sqmnoopt18.sqm
sqmnoopt19.sqm
System Volume Information
VolumeC defragmentation du 28 juillet 2007.txt
VSNAP.IDX
VundoFix Backups
VundoFix.txt
WINDOWS
YServer.txt

¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials

C:\Documents and Settings\Francis\Application Data\Macromedia\Flash Player\#SharedObjects\KAPGST5U\crackle.com
C:\Documents and Settings\Jay\Local Settings\Temporary Internet Files\Content.IE5\C1YGKSD3\crack_team_of_bodyguards[1].gif
C:\Documents and Settings\Jay\Local Settings\Temporary Internet Files\Content.IE5\U3F0RKTF\crack_team_of_bodyguards_s[1].gif
C:\Program Files\InterActual\InterActual Player\Patches
C:\Program Files\InterActual\InterActual Player\Patches\artisan
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010
C:\Program Files\InterActual\InterActual Player\Patches\artisan\t2x
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x2
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\closed.htm
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\control.htm
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\default.htm
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\index.htm
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\loading.htm
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\nav.htm
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\play.htm
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\t2.js
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\timecodes.js
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\vidplay.htm
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\void.htm
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch0.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch1.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch10.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch11.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch12.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch13.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch14.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch15.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch16.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch17.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch18.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch19.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch2.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch20.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch21.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch22.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch23.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch24.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch25.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch26.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch27.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch28.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch29.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch3.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch30.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch31.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch32.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch33.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch34.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch35.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch36.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch37.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch38.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch39.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch4.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch40.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch41.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch42.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch43.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch44.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch45.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch46.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch47.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch48.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch49.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch5.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch50.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch51.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch52.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch53.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch54.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch55.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch56.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch57.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch58.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch59.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch6.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch60.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch61.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch62.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch63.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch64.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch65.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch66.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch67.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch68.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch69.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch7.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch70.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch71.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch72.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch8.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch9.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\chap.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\control_bk.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ddot1.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ddot10.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ddot11.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ddot12.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ddot2.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ddot3.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ddot4.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ddot5.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ddot6.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ddot7.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ddot8.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ddot9.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ddown.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dnum1.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dnum2.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dnum3.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dnum4.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dot1.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dot10.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dot10_o.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dot11.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dot11_o.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dot12.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dot12_o.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dot1_o.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dot2.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dot2_o.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dot3.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dot3_o.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dot4.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dot4_o.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dot5.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dot5_o.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dot6.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dot6_o.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dot7.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dot7_o.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dot8.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dot8_o.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dot9.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dot9_o.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\down.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\down_d.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\down_o.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dup.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\full.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\full_d.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\full_o.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\hide.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\hide_d.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\hide_o.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\loading.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\loadingg.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\menu.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\menu_d.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\menu_o.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\mute.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\mute_d.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\mute_o.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\next.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\next_d.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\next_o.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num1.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num10.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num10_o.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num11.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num11_o.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num12.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num12_o.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num13.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num13_o.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num14.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num14_o.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num15.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num15_o.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num16.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num16_o.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num17.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num17_o.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num18.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num18_o.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num19.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num19_o.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num1_o.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num2.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num2_o.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num3.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num3_o.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num4.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num4_o.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num5.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num5_o.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num6.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num6_o.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num7.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num7_o.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num8.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num8_o.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num9.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num9_o.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\pause.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\pause_d.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\pause_o.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\play.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\play_d.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\play_o.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\prev.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\prev_d.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\prev_o.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_03.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_05.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_06.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_10.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_11.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_12.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_13.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_18.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_51.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_58.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_59.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_62.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_63.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_66.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_68.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_70.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_72.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_74.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_76.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_78.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_80.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_82.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_84.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_87.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_88.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_89.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_90.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_91.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_92.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_93.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_94.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_95.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_96.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_97.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_98.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\spacer.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\stop.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\stop_d.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\stop_o.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\up.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\up_d.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\up_o.gif
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\dvdvideo.htm
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\frame
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\index.htm
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\index2.htm
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\popnew.htm
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\popwin.htm
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\premain.htm
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\resume.htm
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\script
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\sload.htm
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\vari.htm
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\vari2.htm
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\void.htm
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\frame\1f.htm
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\frame\2f.htm
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\script\common.js
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\script\IAlib.js
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\script\static.js
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\script\vari.js
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\script\vid.js
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x2\default.htm
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x2\vidplay.htm
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x2\win
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x2\win\dvdvideo.htm
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x2\win\frame
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x2\win\index.htm
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x2\win\index2.htm
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x2\win\popnew.htm
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x2\win\popwin.htm
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x2\win\premain.htm
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x2\win\resume.htm
C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x2\wi
0
Réponse 6 / 27
Utilisateur anonyme
3 févr. 2010 à 15:23
salut

▶ Relance List&Kill'em(soit en clic droit pour vista),avec le raccourci sur ton bureau.
mais cette fois-ci :

▶ choisis l'option 2 = Mode Suppression

laisse travailler l'outil.

en fin de scan un rapport s'ouvre

▶ colle le contenu dans ta reponse
0
Réponse 7 / 27
Kraneuse Messages postés 18 Date d'inscription mardi 2 février 2010 Statut Membre Dernière intervention 15 avril 2011
4 févr. 2010 à 00:00
Voici le resultats



Kill'em by g3n-h@ckm@n 1.2.1.4

User : Jay (Administrateurs)
Update on 02/02/2010 by g3n-h@ckm@n ::::: 00.45
Start at: 16:54:45 | 2010-02-03
Contact : g3n-h@ckm@n sur CCM

Intel(R) Celeron(R) CPU 2.80GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : Kaspersky Internet Security 9.0.0.463 [ Enabled | Updated ]
FW : Kaspersky Internet Security[ Enabled ]9.0.0.463

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 52,7 Go (16,58 Go free) | NTFS
D:\ -> Disque fixe local | 18,61 Go (10,09 Go free) [Sauvegarder] | NTFS
E:\ -> Disque CD-ROM


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Jay\Mes documents\Les photos\Joannie PIk\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jay\Bureau\List_Kill'em\List_Kill'em.scr
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Jay\Local Settings\Temp\E5.tmp\pv.exe

Detections :
==========


¤¤¤¤¤¤¤¤¤¤ Files/folders :

Quarantined & Deleted !! : C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
Quarantined & Deleted !! : C:\WINDOWS\002885_.tmp

Quarantined & Deleted !! : C:\WINDOWS\system32\x3daudio1_0.dll
Quarantined & Deleted !! : C:\WINDOWS\system32\x3daudio1_1.dll
Quarantined & Deleted !! : C:\WINDOWS\system32\x3daudio1_2.dll
Quarantined & Deleted !! : C:\WINDOWS\system32\xinput9_1_0.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Quarantined & Deleted !! : C:\WINDOWS\system32\drivers\Sonyhcp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\SET49.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4B.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET57.tmp
Quarantined & Deleted !! : C:\Documents and Settings\Jay\Application Data\wklnhst.dat
Quarantined & Deleted !! : C:\Documents and Settings\Jay\Local Settings\Temp\dw.log

==============
host file OK !
==============

========
Registry
========
Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File execution Options\taskmgr.exe"
Deleted : HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
Deleted : HKCR\ImageOle.GifAnimator
Deleted : HKCR\ImageOle.GifAnimator.1
Deleted : HKCR\interface\{0C1CF2DF-05A3-4FEF-8CD4-F5CFC4355A16}
Deleted : HKLM\SYSTEM\ControlSet001\Enum\Root\Legacy_BHDRVX86
Deleted : HKLM\SYSTEM\ControlSet002\Enum\Root\Legacy_BHDRVX86

============
Disk Cleaned
============

================
Prefetch cleaned
================



¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Réponse 8 / 27
Utilisateur anonyme
4 févr. 2010 à 00:12
as-tu bien desactivé l antivirus pour la suppression ?
0
Réponse 9 / 27
Kraneuse Messages postés 18 Date d'inscription mardi 2 février 2010 Statut Membre Dernière intervention 15 avril 2011
4 févr. 2010 à 00:14
oups.. :S non, c'est grave??
0
Réponse 10 / 27
Utilisateur anonyme
4 févr. 2010 à 00:17
oui enfin non mais il n a fait le travail qu'a moité

relance list_kill'em , desinstalle-le , retelecharge-le et refais l option 2 sans antivirus
0
Réponse 11 / 27
Kraneuse Messages postés 18 Date d'inscription mardi 2 février 2010 Statut Membre Dernière intervention 15 avril 2011
4 févr. 2010 à 01:21
Tentative no 2 : j'ai desactivé l'antivirus



Kill'em by g3n-h@ckm@n 1.2.2.0

User : Jay (Administrateurs)
Update on 03/02/2010 by g3n-h@ckm@n ::::: 16.30
Start at: 18:37:08 | 2010-02-03
Contact : https://forums.commentcamarche.net/forum/virus-securite-7

Intel(R) Celeron(R) CPU 2.80GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : Kaspersky Internet Security 9.0.0.463 [ (!) Disabled | Updated ]
FW : Kaspersky Internet Security[ (!) Disabled ]9.0.0.463

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 52,7 Go (16,57 Go free) | NTFS
D:\ -> Disque fixe local | 18,61 Go (10,09 Go free) [Sauvegarder] | NTFS
E:\ -> Disque CD-ROM


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
C:\Documents and Settings\Jay\Bureau\List_Kill'em\List_Kill'em.scr
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Jay\Local Settings\Temp\E6.tmp\ERUNT.EXE
C:\Documents and Settings\Jay\Local Settings\Temp\E6.tmp\pv.exe

Detections :
==========


¤¤¤¤¤¤¤¤¤¤ Files/folders :



==============
host file OK !
==============

========
Registry
========
¤¤¤¤¤¤¤¤¤¤ Services fonctionnels

Ndisuio : Start = 3
EapHost -> Start = 2
Ip6Fw -> Start = 2
SharedAccess -> Start = 2
wscsvc -> Start = 2

============
Disk Cleaned
============

================
Prefetch cleaned
================



¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Réponse 12 / 27
Utilisateur anonyme
4 févr. 2010 à 01:31
Télécharge OTL de OLDTimer

enregistre le sur ton Bureau.

▶ Double clic ( pour vista / 7 => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.

▶ Coche les 2 cases Lop et Purity

▶ Coche la case devant scan all users

▶ règle-le sur "60 Days"

▶ dans la colonne de gauche , mets tout sur all

ne modifie pas ceci :

"files created whithin" et "files modified whithin"

▶Clic sur Run Scan.

A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)

▶▶▶ NE LE POSTE PAS SUR LE FORUM

Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

▶ Clique sur Parcourir et cherche le fichier ci-dessus.

▶ Clique sur Ouvrir.

▶ Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

est ajouté dans la page.

▶ Copie ce lien dans ta réponse.

▶▶ Tu feras la meme chose avec le "Extra.txt".
0
Réponse 13 / 27
Kraneuse Messages postés 18 Date d'inscription mardi 2 février 2010 Statut Membre Dernière intervention 15 avril 2011
4 févr. 2010 à 01:45
OTL
http://www.cijoint.fr/cjlink.php?file=cj201002/cijzF39XYH.txt

Extra
http://www.cijoint.fr/cjlink.php?file=cj201002/cij3f4wzrm.txt
0
Réponse 14 / 27
Utilisateur anonyme
4 févr. 2010 à 02:17
▶ Télécharge Zeb-Restoreet enregistre ce fichier sur le bureau.

▶-Clic droit Zeb-Restore.zip ==> Extraire tout choisis comme lieu d'enregistrement le bureau.

▶-Ouvre le dossier ZR_1.0.0.37 ==> double clic sur Zeb-Restore.exe

▶- Coche la case devant : sites de confiance

▶- Ne coche aucune autre case

▶-Clique sur Restaurer

▶-Redémarre ton PC

ensuite :

▶ Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
* - Coche Afficher les fichiers et dossiers cachés
* - Décoche Masquer les extensions des fichiers dont le type est connu
* - Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)

▶ clique sur Appliquer, puis OK.

N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important

Fais analyser le(s) fichier(s) suivants sur Virustotal :

Virus Total

* Clique sur Parcourir en haut, choisis Poste de travail et cherche ces fichiers :

C:\WINDOWS\sysgtime.dll
C:\WINDOWS\System32\proclsvr.drv


* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
* Une nouvelle fenêtre de ton navigateur va apparaître
* Clique alors sur les deux fleches
* Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
* Enfin colle le résultat dans ta prochaine réponse.

Note : Pour analyser un autre fichier, clique en bas sur Autre fichier.

ensuite :

▶ clic droit "executer en tant qu'administrateur" sur OTL.exe pour le lancer.


▶Copie la liste qui se trouve en gras ci-dessous,

▶ colle-la dans la zone sous Customs Scans/Fixes :

:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
O3 - HKLM\..\Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C212D449-8B3C-41F2-BD9A-047BD770550F} http://www.fiaa.eu/OPLauncher.cab (Perparer Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/su2/CTL_V02002/ocx/15033/CTPID.cab (Reg Error: Key error.)
O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
O33 - MountPoints2\{73e51da2-f4b7-11de-8920-001676a492e8}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O33 - MountPoints2\{e996eda2-936f-11dc-8304-001676a492e8}\Shell - "" = AutoRun
O33 - MountPoints2\{e996eda2-936f-11dc-8304-001676a492e8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"=-

:commands
[emptytemp]
[start explorer]
[reboot]


▶ Clique sur RunFix pour lancer la suppression.


▶ Poste le rapport.
0
Réponse 15 / 27
Kraneuse Messages postés 18 Date d'inscription mardi 2 février 2010 Statut Membre Dernière intervention 15 avril 2011
4 févr. 2010 à 05:15
Fichier sysgtime.dll reçu le 2010.02.04 03:57:39 (UTC)Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.02.04 -
AhnLab-V3 5.0.0.2 2010.02.04 -
AntiVir 7.9.1.158 2010.02.03 -
Antiy-AVL 2.0.3.7 2010.02.03 -
Authentium 5.2.0.5 2010.02.04 -
Avast 4.8.1351.0 2010.02.02 -
AVG 9.0.0.730 2010.02.03 -
BitDefender 7.2 2010.02.04 -
CAT-QuickHeal 10.00 2010.02.03 -
ClamAV 0.96.0.0-git 2010.02.03 -
Comodo 3811 2010.02.04 -
DrWeb 5.0.1.12222 2010.02.04 -
eSafe 7.0.17.0 2010.02.03 -
eTrust-Vet 35.2.7281 2010.02.04 -
F-Prot 4.5.1.85 2010.02.04 -
F-Secure 9.0.15370.0 2010.02.04 -
Fortinet 4.0.14.0 2010.02.04 -
GData 19 2010.02.04 -
Ikarus T3.1.1.80.0 2010.02.04 -
Jiangmin 13.0.900 2010.02.03 -
K7AntiVirus 7.10.966 2010.02.03 -
Kaspersky 7.0.0.125 2010.02.04 -
McAfee 5881 2010.02.03 -
McAfee+Artemis 5881 2010.02.03 -
McAfee-GW-Edition 6.8.5 2010.02.03 -
Microsoft 1.5406 2010.02.03 -
NOD32 4833 2010.02.03 -
Norman 6.04.03 2010.02.03 -
nProtect 2009.1.8.0 2010.02.03 -
Panda 10.0.2.2 2010.02.03 -
PCTools 7.0.3.5 2010.02.04 -
Prevx 3.0 2010.02.04 -
Rising 22.33.03.01 2010.02.04 -
Sophos 4.50.0 2010.02.04 -
Sunbelt 3.2.1858.2 2010.02.04 -
TheHacker 6.5.1.0.179 2010.02.04 -
TrendMicro 9.120.0.1004 2010.02.04 -
VBA32 3.12.12.1 2010.02.03 -
ViRobot 2010.2.4.2171 2010.02.04 -
VirusBuster 5.0.21.0 2010.02.03 -

Information additionnelle
File size: 24448 bytes
MD5...: 22a75b83e04acbf0969231691b486a3c
SHA1..: 24cd82d3cf990538f3928e9513b992052dde7ccc
SHA256: cd889e8faffe2fa22bd4411bfa2c42fea1eb6970424269732cec0ea566964f9c
ssdeep: 3:Hgje6qj2gin:AKk<BR>
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set<BR>-
pdfid.: -
trid..: Unknown!
sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>




Fichier proclsvr.drv reçu le 2010.02.04 04:00:59 (UTC)Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.02.04 -
AhnLab-V3 5.0.0.2 2010.02.04 -
AntiVir 7.9.1.158 2010.02.03 -
Antiy-AVL 2.0.3.7 2010.02.03 -
Authentium 5.2.0.5 2010.02.04 -
Avast 4.8.1351.0 2010.02.02 -
AVG 9.0.0.730 2010.02.03 -
BitDefender 7.2 2010.02.04 -
CAT-QuickHeal 10.00 2010.02.03 -
ClamAV 0.96.0.0-git 2010.02.03 -
Comodo 3811 2010.02.04 -
DrWeb 5.0.1.12222 2010.02.04 -
eSafe 7.0.17.0 2010.02.03 -
eTrust-Vet 35.2.7281 2010.02.04 -
F-Prot 4.5.1.85 2010.02.04 -
F-Secure 9.0.15370.0 2010.02.04 -
Fortinet 4.0.14.0 2010.02.04 -
GData 19 2010.02.04 -
Ikarus T3.1.1.80.0 2010.02.04 -
K7AntiVirus 7.10.966 2010.02.03 -
Kaspersky 7.0.0.125 2010.02.04 -
McAfee 5881 2010.02.03 -
McAfee+Artemis 5881 2010.02.03 -
McAfee-GW-Edition 6.8.5 2010.02.03 -
Microsoft 1.5406 2010.02.03 -
NOD32 4833 2010.02.03 -
Norman 6.04.03 2010.02.03 -
nProtect 2009.1.8.0 2010.02.03 -
Panda 10.0.2.2 2010.02.03 -
PCTools 7.0.3.5 2010.02.04 -
Prevx 3.0 2010.02.04 -
Rising 22.33.03.01 2010.02.04 -
Sophos None 2010.02.04 -
Sunbelt 3.2.1858.2 2010.02.04 -
TheHacker 6.5.1.0.179 2010.02.04 -
TrendMicro 9.120.0.1004 2010.02.04 -
VBA32 3.12.12.1 2010.02.03 -
ViRobot 2010.2.4.2171 2010.02.04 -
VirusBuster 5.0.21.0 2010.02.03 -

Information additionnelle
File size: 24448 bytes
MD5...: 1d03eda8ecaf1be9223f12c891bbb5c1
SHA1..: 90669b4216583540b18a6af177accefc41852e06
SHA256: 231075bae934db870bed2ffcc53ef2f72ae8d1a2dee545dbbde97220df47c499
ssdeep: 3:HgBNLAjWnAm:APP<BR>
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set<BR>-
pdfid.: -
trid..: Unknown!
sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>
0
Réponse 16 / 27
Kraneuse Messages postés 18 Date d'inscription mardi 2 février 2010 Statut Membre Dernière intervention 15 avril 2011
4 févr. 2010 à 05:43
Mais je relance OTL avec les memes options que la premiere fois??
0
Réponse 17 / 27
Kraneuse Messages postés 18 Date d'inscription mardi 2 février 2010 Statut Membre Dernière intervention 15 avril 2011
4 févr. 2010 à 06:52
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Starting removal of ActiveX control {0CCA191D-13A6-4E29-B746-314DEE697D83}
C:\WINDOWS\Downloaded Program Files\PhotoUploader5.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0CCA191D-13A6-4E29-B746-314DEE697D83}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CCA191D-13A6-4E29-B746-314DEE697D83}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0CCA191D-13A6-4E29-B746-314DEE697D83}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CCA191D-13A6-4E29-B746-314DEE697D83}\ not found.
Starting removal of ActiveX control {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll\ not found.
Starting removal of ActiveX control {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
C:\WINDOWS\Downloaded Program Files\mcinsctl.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Starting removal of ActiveX control {67DABFBF-D0AB-41FA-9C46-CC0F21721616}
C:\WINDOWS\Downloaded Program Files\DivXPlugin.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {C212D449-8B3C-41F2-BD9A-047BD770550F}
C:\WINDOWS\Downloaded Program Files\OPLauncher.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C212D449-8B3C-41F2-BD9A-047BD770550F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C212D449-8B3C-41F2-BD9A-047BD770550F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C212D449-8B3C-41F2-BD9A-047BD770550F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C212D449-8B3C-41F2-BD9A-047BD770550F}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {F6ACF75C-C32C-447B-9BEF-46B766368D29}
C:\WINDOWS\Downloaded Program Files\CTPID.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{F6ACF75C-C32C-447B-9BEF-46B766368D29}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6ACF75C-C32C-447B-9BEF-46B766368D29}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F6ACF75C-C32C-447B-9BEF-46B766368D29}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6ACF75C-C32C-447B-9BEF-46B766368D29}\ not found.
Starting removal of ActiveX control CabBuilder
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\CabBuilder\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\CabBuilder\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\CabBuilder\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73e51da2-f4b7-11de-8920-001676a492e8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73e51da2-f4b7-11de-8920-001676a492e8}\ not found.
File F:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e996eda2-936f-11dc-8304-001676a492e8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e996eda2-936f-11dc-8304-001676a492e8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e996eda2-936f-11dc-8304-001676a492e8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e996eda2-936f-11dc-8304-001676a492e8}\ not found.
File F:\LaunchU3.exe not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSScheduler not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Francis
->Temp folder emptied: 45034658 bytes
->Temporary Internet Files folder emptied: 11479526 bytes
->Java cache emptied: 12697675 bytes

User: Francis et Minoc
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 5513566 bytes

User: Invité
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 5865597 bytes

User: Ismael
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jay
->Temp folder emptied: 7635448 bytes
->Temporary Internet Files folder emptied: 14634760 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 2501374 bytes

User: LocalService
->Temp folder emptied: 66351 bytes
->Temporary Internet Files folder emptied: 49554 bytes

User: NetworkService
->Temp folder emptied: 2116417 bytes
->Temporary Internet Files folder emptied: 81035092 bytes

User: Propriétaire

User: Roland
->Temp folder emptied: 43532810 bytes
->Temporary Internet Files folder emptied: 44788016 bytes
->Java cache emptied: 25856102 bytes

User: TEMP
->Temporary Internet Files folder emptied: 32768 bytes

User: TEMP.SALON
->Temporary Internet Files folder emptied: 147456 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 213656 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 503898 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 35876 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 290,00 mb


OTL by OldTimer - Version 3.1.27.1 log created on 02042010_003501

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
0
Réponse 18 / 27
Kraneuse Messages postés 18 Date d'inscription mardi 2 février 2010 Statut Membre Dernière intervention 15 avril 2011
4 févr. 2010 à 07:05
Et pourrais tu me recommander un antivirus de depannage car le mien vient tout juste d'expirer...
0
Réponse 19 / 27
Utilisateur anonyme
4 févr. 2010 à 17:12
hello refais ceci stp avant :

https://forums.commentcamarche.net/forum/affich-16395936-trojan-downloader-win32-agent-cyuj#13
0
Réponse 20 / 27
Kraneuse Messages postés 18 Date d'inscription mardi 2 février 2010 Statut Membre Dernière intervention 15 avril 2011
4 févr. 2010 à 21:35
http://www.cijoint.fr/cjlink.php?file=cj201002/cijRAVOoCU.txt

ya pas eu d'extras cette fois ci
0

Discussions similaires

Virus : trojan:win32/wacatac.h!ml
Alky09 -
bazfile -

8 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
Aide pour un virus
cerise92700 -
MisteryBean -

41 réponses
Trojan impossible à supprimer!
Gridouu -
Malekal_morte- -

12 réponses
C'est quoi "Win32:Trojan-gen {Other}"
Uzumaki -
Utilisateur anonyme -

5 réponses