Trojan-Downloader.Win32.Agent.cyuj

Kraneuse -  
 gen-hackman -
Bonjour,

J'ai un petit problème avec l'ordinateur... C'est hyper compliqué pour moi.. Mon Anti-Virus Kaspersky me dit que ma machine est infectée par 4 chevaux de Troie et 203 applications indésirables. Mais il ne semble pas être capable de faire son travail et supprimer tout ça. Dans mes rapports, ça indique que la suppression de Trojan-Downloader.Win32.Agent.cyuj est impossible et qu'il a aussi détecté d'autre trucs comme : Trojan-Downloader.Win32.Agent.cyuj et Trojan-Downloader.Win32.Small.aoly.

J'ai été lire vos forums, mais je préfère me faire dire quoi faire exactement avec ça, comment guérir mon ordi :P Je vois que vous demandez souvent un rapport de HiJackThis alors le voici :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:56:55, on 2010-01-31
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Jay\Mes documents\Les photos\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=fr&client=dell-row&channel=ca&ibd=6060927
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\Jay\MESDOC~1\LESPHO~1\JOANNI~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Documents and Settings\Jay\Mes documents\Les photos\Joannie PIk\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RemoveIT Pro v7Ent] C:\Documents and Settings\Jay\Mes documents\Program Files\InCode Solutions\RemoveIT Pro v7 Enterprise\removeit.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727; MSN Optimized;CA; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MSN Optimized;CA)" -"https://www.y8.com/games/Fishin_Fever"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.17\AMVConverter\grab.html
O8 - Extra context menu item: Ajouter à l'Anti-bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\DOCUME~1\Jay\MESDOC~1\LESPHO~1\JOANNI~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\DOCUME~1\Jay\MESDOC~1\LESPHO~1\JOANNI~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://janisottawa.spaces.live.com/PhotoUpload/MsnPUpld.cab?10,0,912,0
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://allyssonboivin.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://www.cogeco.ca/fra/OLS3.3/fscax.cab
O16 - DPF: {C212D449-8B3C-41F2-BD9A-047BD770550F} (Perparer Class) - http://www.fiaa.eu/OPLauncher.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://www.creative.com/su2/CTL_V02002/ocx/15033/CTPID.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 10456 bytes

Merci beaucoup, j'ai bien hate de savoir comment enlever les méchants de mon ordi :D
Configuration: Windows XP Internet Explorer 7.0

27 réponses

  • 1
  • 2
  1. gen-hackman
     
    fais-le en mode normal
    1
    1. Kraneuse
       
      http://www.cijoint.fr/cjlink.php?file=cj201002/cij78M8JM8.zip

      mon envoi de ce matin n'a pas fonctionné... alors apres avoir scanner touuuute la nuit.. il a supprimé quelques trucs et mit en quarantaine d'autre trucs aussi.
      0
  2. gen-hackman
     
    salut :

    ▶ Télécharge Dr Web CureIt sur ton Bureau :

    ▶ redemarre en mode sans échec

    ▶- Double clique (clic droit "en tant qu'admin" sous Vista) <drweb-cureit.exe> et ensuite clique sur <Analyse>;

    ▶- Clique <Ok> à l'invite de l'analyse rapide. S'il trouve des processus infectés alors clique le bouton <Oui>.

    Note : une fenêtre s'ouvrira avec options pour "Commander" ou "50% de réduction" : Quitte en cliquant le "X".

    ▶- Lorsque le scan rapide est terminé, clique sur le menu <Options> puis <Changer la configuration> ; Choisis l'onglet <Scanner>, et décoche <Analyse heuristique>. Clique ensuite sur <Ok>.
    ▶- De retour à la fenêtre principale : clique pour activer <Analyse complète>
    ▶- Clique le bouton avec flèche verte sur la droite, et le scan débutera.
    ▶- Clique <Oui> pour tout à l'invite "Désinfecter ?" lorsqu'un fichier est détecté, et ensuite clique "Désinfecter".
    ▶- Lorsque le scan sera complété, regarde si tu peux cliquer sur l' icône, adjacente aux fichiers détectés (plusieurs feuilles l'une sur l'autre). Si oui, alors clique dessus et ensuite clique sur l'icône <Suivant>, au dessous, et choisis <Déplacer en quarantaine l'objet indésirable>.
    ▶- Du menu principal de l'outil, au haut à gauche, clique sur le menu <Fichier> et choisis <Enregistrer le rapport>. Sauvegarde le rapport sur ton Bureau. Ce dernier se nommera DrWeb.csv

    ▶-pour le rapport tu l enregistres sur ton bureau , tu clic droit dessus /envoyer vers / dossiers compresses

    ensuite :

    tu m'envoies l'archive comme ceci :

    clique sur ce lien : http://www.cijoint.fr/

    ▶ Clique sur Parcourir et cherche le fichier ci-dessus.

    ▶ Clique sur Ouvrir.

    ▶ Clique sur "Cliquez ici pour déposer le fichier".

    Un lien de cette forme :

    http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

    est ajouté dans la page.

    ▶ Copie ce lien dans ta réponse.

    ▶- Ferme Dr.Web Cureit
    ▶- Redémarre ton ordi (important car certains fichiers peuvent être déplacés/réparés au redémarrage).

    0
  3. Kraneuse
     
    Resalut, bon!! J'essaie de redémarrer en mode sans échec, mais ça ne fonctionne pas. J'ai beau peser sur le F2 pour entrer dans les setups lors du redémarrage, mais que dalles!! Il redémarre en mode normal, est ce qu'il y a une autre alternative ??
    0
  4. gen-hackman
     
    desinstalle RemoveIT Pro il a la reputation d'etre un rogue

    Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection)

    ▶ Télécharge List&Kill'em et enregistre le sur ton bureau

    ▶ Branche clés usb , disques durs externes , mp3 , mp4 , etc..

    double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

    coche la case "creer une icone sur le bureau"

    une fois terminée , clic sur "terminer" et le programme se lancera seul

    choisis la langue puis choisis l'option 1 = Mode Recherche

    ▶ laisse travailler l'outil

    à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

    un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.

    ▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"

    tu peux supprimer le rapport catchme.log de ton bureau maintenant.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Kraneuse Messages postés 19 Statut Membre
     
    Dakodak.. Voici le rapport. Et concernant RemoveIt je crois que je l'ai enlever hier soir, etk jle vois pas dans la liste des programmes.

    List'em by g3n-h@ckm@n 1.2.1.4
    User : Jay (Administrateurs)
    Update on 02/02/2010 by g3n-h@ckm@n ::::: 00.45
    Start at: 20:13:11 | 2010-02-01
    Contact : g3n-h@ckm@n sur CCM

    Intel(R) Celeron(R) CPU 2.80GHz
    Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
    Internet Explorer 8.0.6001.18702
    Windows Firewall Status : Disabled
    AV : Kaspersky Internet Security 9.0.0.463 [ (!) Disabled | Updated ]
    FW : Kaspersky Internet Security[ (!) Disabled ]9.0.0.463

    A:\ -> Lecteur de disquettes 3 ½ pouces
    C:\ -> Disque fixe local | 52,7 Go (16,47 Go free) | NTFS
    D:\ -> Disque fixe local | 18,61 Go (10,09 Go free) [Sauvegarder] | NTFS
    E:\ -> Disque CD-ROM

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Jay\Mes documents\Les photos\Joannie PIk\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\Jay\Bureau\List_Kill'em\List_Kill'em.scr
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Documents and Settings\Jay\Local Settings\Temp\1FFB.tmp\pv.exe

    ======================
    Keys "Run"
    ======================
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
    SpybotSD TeaTimer REG_SZ C:\Documents and Settings\Jay\Mes documents\Les photos\Joannie PIk\Spybot - Search & Destroy\TeaTimer.exe
    RemoveIT Pro v7Ent REG_SZ C:\Documents and Settings\Jay\Mes documents\Program Files\InCode Solutions\RemoveIT Pro v7 Enterprise\removeit.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    SoundMAXPnP REG_SZ "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
    DLA REG_SZ C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    ISUSScheduler REG_SZ "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    igfxtray REG_SZ C:\WINDOWS\system32\igfxtray.exe
    igfxpers REG_SZ C:\WINDOWS\system32\igfxpers.exe
    AVP REG_SZ "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

    =====================
    Other Keys
    =====================
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    dontdisplaylastusername REG_DWORD 0 (0x0)
    legalnoticecaption REG_SZ
    legalnoticetext REG_SZ
    shutdownwithoutlogon REG_DWORD 1 (0x1)
    undockwithoutlogon REG_DWORD 1 (0x1)

    ===============
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    NoDriveTypeAutoRun REG_DWORD 145 (0x91)

    ===============
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    HonorAutoRunSetting REG_DWORD 1 (0x1)
    NoCDBurning REG_DWORD 0 (0x0)

    ===============
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    AppInit_DLLS REG_SZ

    ===============
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    AutoRestartShell REG_DWORD 1 (0x1)
    DefaultDomainName REG_SZ SALON
    DefaultUserName REG_SZ Jay
    LegalNoticeCaption REG_SZ
    LegalNoticeText REG_SZ
    PowerdownAfterShutdown REG_SZ 0
    ReportBootOk REG_SZ 1
    Shell REG_SZ Explorer.exe
    ShutdownWithoutLogon REG_SZ 0
    System REG_SZ
    Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
    VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
    SfcQuota REG_DWORD -1 (0xffffffff)
    allocatecdroms REG_SZ 0
    allocatedasd REG_SZ 0
    allocatefloppies REG_SZ 0
    cachedlogonscount REG_SZ 10
    forceunlocklogon REG_DWORD 0 (0x0)
    passwordexpirywarning REG_DWORD 14 (0xe)
    scremoveoption REG_SZ 0
    AllowMultipleTSSessions REG_DWORD 1 (0x1)
    UIHost REG_EXPAND_SZ logonui.exe
    LogonType REG_DWORD 1 (0x1)
    Background REG_SZ 0 0 0
    DebugServerCommand REG_SZ no
    SFCDisable REG_DWORD 0 (0x0)
    WinStationsDisabled REG_SZ 0
    HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
    ShowLogonOptions REG_DWORD 0 (0x0)
    AltDefaultUserName REG_SZ Jay
    AltDefaultDomainName REG_SZ SALON
    ChangePasswordUseKerberos REG_DWORD 1 (0x1)
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\SCLogon

    ===============
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\klogon]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

    ===============
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    {AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
    {56F9679E-7826-4C84-81F3-532071A8BCC5} REG_SZ

    ===============
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    C:\WINDOWS\system32\sessmgr.exe REG_SZ C:\WINDOWS\system32\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019
    C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\french\setup.exe REG_SZ C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\french\setup.exe:*:Enabled:Programme d'installation de Kaspersky Internet Security 2009
    C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
    C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
    C:\Program Files\mIRC\mirc.exe REG_SZ C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    %windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
    C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
    C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare

    ===============
    ActivX controls
    ===============
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\CabBuilder
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{0CCA191D-13A6-4E29-B746-314DEE697D83}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{138E6DC9-722B-4F4B-B09D-95D191869696}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{166B1BCA-3F9C-11CF-8075-444553540000}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{17492023-C23A-453E-A040-C7C580BBF700}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{20A60F0D-9AFA-4515-A0FD-83BD84642501}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{233C1507-6A77-46A4-9443-F871F945D258}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{7FC1B346-83E6-4774-8D20-1A6B09B0E737}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{C212D449-8B3C-41F2-BD9A-047BD770550F}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{F6ACF75C-C32C-447B-9BEF-46B766368D29}

    ===============
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{CB58DED6-4AF3-4080-9DF1-DEE72075169F}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0291E591-EA41-4c82-8106-3DC6CE7F7664}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{233C1507-6A77-46A4-9443-F871F945D258}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{72AD53CC-CCC0-3757-8480-9EE176866A7C}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8b15971b-5355-4c82-8c07-7e181ea07608}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{94de52c8-2d59-4f1b-883e-79663d2d9a8c}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B508B3F1-A24A-32C0-B310-85786919EF28}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}

    ==============
    BHO :
    ======
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{2F85D76C-0569-466F-A488-493E6BD0E955}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{53707962-6F74-2D53-2644-206D7942484F}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

    ================
    Internet Explorer :
    ================
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    Start Page REG_SZ https://www.google.ca/?gws_rd=ssl

    ========
    Services
    ========
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

    Ndisuio : 0x3
    EapHost : 0x3
    SharedAccess : 0x2
    wuauserv : 0x2

    =========
    Atapi.sys
    =========

    %%%% HASHDEEP-1.0
    %%%% size,md5,sha256,filename
    ## Invoked from: C:\Documents and Settings\Jay\Local Settings\Temp\1FFB.tmp
    ## C:\> hashdeep C:\WINDOWS\System32\Drivers\atapi.sys
    ##
    96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\System32\Drivers\atapi.sys

    Sources
    =======

    C:\i386\atapi.sys
    C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
    C:\WINDOWS\ServicePackFiles\i386\atapi.sys
    C:\WINDOWS\system32\drivers\atapi.sys
    C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

    Référence :
    ==========

    Win XP_32b : a64013e98426e1877cb653685c5c0009
    Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
    Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
    Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
    Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
    Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
    Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
    Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
    Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C

    =======
    Drive :
    =======

    D‚fragmenteur de disque Windows
    Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

    Rapport d'analyse
    52,70 Go total, 16,47 Go libre (31%), 3% fragment‚ (fragmentation du fichier 7%)

    Il ne vous est pas n‚cessaire de d‚fragmenter ce volume.

    ¤¤¤¤¤¤¤¤¤¤ Files/folders :

    Present !! : C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    Present !! : C:\WINDOWS\002885_.tmp
    Present !! : C:\WINDOWS\system32\x3daudio1_0.dll
    Present !! : C:\WINDOWS\system32\x3daudio1_1.dll
    Present !! : C:\WINDOWS\system32\x3daudio1_2.dll
    Present !! : C:\WINDOWS\system32\xinput9_1_0.dll
    Present !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
    Present !! : C:\WINDOWS\System32\drivers\Sonyhcp.dll
    Present !! : C:\WINDOWS\System32\SET49.tmp
    Present !! : C:\WINDOWS\System32\SET4B.tmp
    Present !! : C:\WINDOWS\System32\SET57.tmp
    Present !! : C:\Documents and Settings\Jay\Application Data\wklnhst.dat
    Present !! : C:\Documents and Settings\Jay\Application Data\wklnhst.dat
    Present !! : C:\Documents and Settings\Jay\Application Data\VideoEgg

    ¤¤¤¤¤¤¤¤¤¤ Keys :

    Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
    Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}
    Present !! : "HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0}"
    Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
    Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
    Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File execution Options\taskmgr.exe"
    Present !! : HKCR\CLSID\{168dc258-1455-4e61-8590-9dac2f27b675}
    Present !! : HKCR\CLSID\{1a8642f1-dc80-4edc-a39d-0fb62a58b455}
    Present !! : HKCR\CLSID\{3f91eb90-ef62-44ee-a685-fac29af111cd}
    Present !! : HKCR\CLSID\{5c29c7e4-5321-4cad-be2e-877666bed5df}
    Present !! : HKCR\CLSID\{83dfb6ee-ab18-41b5-86d4-b544a141d67e}
    Present !! : HKCR\CLSID\{88d6cf0e-cf70-4c24-bf6e-e4e414bc649c}
    Present !! : HKCR\CLSID\{8f6a82a2-d7b1-443e-bb9f-f7dc887dd618}
    Present !! : HKCR\CLSID\{9856e2d8-ffb2-4fe5-8cad-d5ad6a35a804}
    Present !! : HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
    Present !! : HKCR\CLSID\{a3d06987-c35e-49e4-8fe2-ac67b9fbfb4c}
    Present !! : HKCR\CLSID\{a58c497b-3ee2-45e7-9594-daca6be2a0d0}
    Present !! : HKCR\CLSID\{ad0a3058-fd49-4f98-a514-fd055201835e}
    Present !! : HKCR\CLSID\{ad5915ea-b61a-4dba-b5c8-ef4b2df0a3c7}
    Present !! : HKCR\CLSID\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0}
    Present !! : HKCR\CLSID\{bb187c0d-6f53-4f3e-9590-98fd3a7364a2}
    Present !! : HKCR\CLSID\{c5041fd9-4819-4dc4-b20e-c950b5b03d2a}
    Present !! : HKCR\CLSID\{d17726cc-d4dd-4c4a-9671-471d56e413b5}
    Present !! : HKCR\CLSID\{db8cce99-59c6-4552-8bfc-058feb38d6ce}
    Present !! : HKCR\CLSID\{dc3a04ee-cdd7-4407-915c-a5502f97eecd}
    Present !! : HKCR\CLSID\{e1a63484-a022-4d42-830a-fbd411514440}
    Present !! : HKCR\CLSID\{e282c728-189d-419e-8ee2-1601f4b39ba5}
    Present !! : HKCR\ImageOle.GifAnimator
    Present !! : HKCR\ImageOle.GifAnimator.1
    Present !! : HKCR\interface\{0C1CF2DF-05A3-4FEF-8CD4-F5CFC4355A16}
    Present !! : HKCR\videoegg.activexloader
    Present !! : HKCR\videoegg.activexloader.1
    Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\videoegg
    Present !! : HKCU\SOFTWARE\VideoEgg
    Present !! : HKLM\Software\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
    Present !! : HKLM\SOFTWARE\VideoEgg
    Present !! : HKLM\SYSTEM\ControlSet001\Enum\Root\Legacy_BHDRVX86
    Present !! : HKLM\SYSTEM\ControlSet002\Enum\Root\Legacy_BHDRVX86
    Present !! : HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_BHDRVX86

    ============

    catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-02-01 20:39:56
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    C:\Documents and Settings\Jay\Local Settings\Temporary Internet Files\Content.IE5\2UU912LU\p_1259144973=10[2].txt 25 bytes

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 1

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    kernel: MBR read successfully
    user & kernel MBR OK

    ==========
    Programs
    ==========

    Adobe
    Analog Devices
    Apple Software Update
    ArcSoft
    Audible
    BAE
    ComPlus Applications
    CONEXANT
    Creative
    Creative Installation Information
    Dell
    Dell Computer
    Digital Line Detect
    EmpirePokerMaster
    FaxTools
    Fichiers communs
    Google
    InstallShield Installation Information
    Intel
    InterActual
    Internet Explorer
    iPod
    iTunes
    Jasc Software Inc
    Java
    Jeune Styliste 2
    Kaspersky Lab
    Microsoft
    Microsoft CAPICOM 2.1.0.2
    microsoft frontpage
    Microsoft Office
    Microsoft Office Outlook Connector
    Microsoft Silverlight
    Microsoft SQL Server Compact Edition
    Microsoft Sync Framework
    Microsoft Visual Studio
    Microsoft Works
    Microsoft.NET
    mIRC
    Modem Helper
    Movie Maker
    MP3 Player Utilities 4.11
    MP3 Player Utilities 4.17
    MSBuild
    MSECache
    MSN
    MSN Gaming Zone
    MSXML 4.0
    Navilog1
    NetMeeting
    NetWaiting
    Online Services
    Outlook Express
    Panasonic
    PartyGaming
    PhotoViewer
    PIXELA
    PokerStars.NET
    Pure Networks
    QuickTime
    Reference Assemblies
    Roxio
    Services en ligne
    Sonic
    Sony Corporation
    Spybot - Search & Destroy
    Styliste2
    Sun
    TuneUp Utilities 2010
    Ubisoft
    Uninstall Information
    Windows Desktop Search
    Windows Live
    Windows Live SkyDrive
    Windows Live Toolbar
    Windows Media Connect 2
    Windows Media Player
    Windows NT
    WindowsUpdate
    xerox
    Yahoo!

    ============
    Drive C:
    ============

    .jagex_cache_32
    3207629a007828bebcd650
    7f38df109e234604f780ac8f71f28577
    8fc7b5cad965a9f7863763256c77c554
    asdict.dat
    AUTOEXEC.BAT
    b2bb02e773844f968883c4
    boot.ini
    Bootfont.bin
    cleannavi.txt
    Config.Msi
    CONFIG.SYS
    dell
    dell.sdr
    Documents and Settings
    Downloads
    drivers
    dwl.dat
    eujbmv.exe
    fsaua.data
    hiberfil.sys
    httpdwl.dat
    i386
    INFCACHE.1
    Installer.log
    IO.SYS
    Kill'em
    List'em.txt
    LogiSetup.log
    mediamp3.dat
    Mes documents
    MSDOS.SYS
    MSOCache
    My Downloads
    NTDETECT.COM
    ntldr
    pagefile.sys
    Program Files
    RECYCLER
    rtsr_eml_sr.dat
    setupfax.log
    SIERRA
    Sierra On-Line
    sqmdata00.sqm
    sqmdata01.sqm
    sqmdata02.sqm
    sqmdata03.sqm
    sqmdata04.sqm
    sqmdata05.sqm
    sqmdata06.sqm
    sqmdata07.sqm
    sqmdata08.sqm
    sqmdata09.sqm
    sqmdata10.sqm
    sqmdata11.sqm
    sqmdata12.sqm
    sqmdata13.sqm
    sqmdata14.sqm
    sqmdata15.sqm
    sqmdata16.sqm
    sqmdata17.sqm
    sqmdata18.sqm
    sqmdata19.sqm
    sqmnoopt00.sqm
    sqmnoopt01.sqm
    sqmnoopt02.sqm
    sqmnoopt03.sqm
    sqmnoopt04.sqm
    sqmnoopt05.sqm
    sqmnoopt06.sqm
    sqmnoopt07.sqm
    sqmnoopt08.sqm
    sqmnoopt09.sqm
    sqmnoopt10.sqm
    sqmnoopt11.sqm
    sqmnoopt12.sqm
    sqmnoopt13.sqm
    sqmnoopt14.sqm
    sqmnoopt15.sqm
    sqmnoopt16.sqm
    sqmnoopt17.sqm
    sqmnoopt18.sqm
    sqmnoopt19.sqm
    System Volume Information
    VolumeC defragmentation du 28 juillet 2007.txt
    VSNAP.IDX
    VundoFix Backups
    VundoFix.txt
    WINDOWS
    YServer.txt

    ¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials

    C:\Documents and Settings\Francis\Application Data\Macromedia\Flash Player\#SharedObjects\KAPGST5U\crackle.com
    C:\Documents and Settings\Jay\Local Settings\Temporary Internet Files\Content.IE5\C1YGKSD3\crack_team_of_bodyguards[1].gif
    C:\Documents and Settings\Jay\Local Settings\Temporary Internet Files\Content.IE5\U3F0RKTF\crack_team_of_bodyguards_s[1].gif
    C:\Program Files\InterActual\InterActual Player\Patches
    C:\Program Files\InterActual\InterActual Player\Patches\artisan
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\t2x
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x2
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\closed.htm
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\control.htm
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\default.htm
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\index.htm
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\loading.htm
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\nav.htm
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\play.htm
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\t2.js
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\timecodes.js
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\vidplay.htm
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\void.htm
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch0.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch1.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch10.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch11.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch12.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch13.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch14.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch15.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch16.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch17.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch18.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch19.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch2.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch20.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch21.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch22.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch23.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch24.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch25.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch26.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch27.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch28.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch29.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch3.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch30.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch31.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch32.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch33.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch34.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch35.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch36.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch37.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch38.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch39.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch4.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch40.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch41.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch42.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch43.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch44.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch45.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch46.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch47.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch48.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch49.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch5.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch50.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch51.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch52.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch53.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch54.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch55.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch56.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch57.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch58.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch59.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch6.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch60.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch61.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch62.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch63.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch64.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch65.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch66.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch67.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch68.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch69.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch7.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch70.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch71.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch72.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch8.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ch9.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\chap.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\control_bk.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ddot1.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ddot10.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ddot11.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ddot12.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ddot2.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ddot3.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ddot4.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ddot5.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ddot6.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ddot7.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ddot8.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ddot9.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\ddown.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dnum1.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dnum2.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dnum3.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dnum4.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dot1.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dot10.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dot10_o.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dot11.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dot11_o.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dot12.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dot12_o.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dot1_o.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dot2.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dot2_o.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dot3.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dot3_o.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dot4.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dot4_o.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dot5.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dot5_o.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dot6.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dot6_o.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dot7.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dot7_o.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dot8.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dot8_o.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dot9.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dot9_o.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\down.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\down_d.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\down_o.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\dup.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\full.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\full_d.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\full_o.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\hide.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\hide_d.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\hide_o.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\loading.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\loadingg.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\menu.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\menu_d.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\menu_o.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\mute.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\mute_d.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\mute_o.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\next.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\next_d.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\next_o.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num1.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num10.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num10_o.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num11.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num11_o.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num12.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num12_o.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num13.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num13_o.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num14.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num14_o.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num15.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num15_o.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num16.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num16_o.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num17.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num17_o.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num18.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num18_o.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num19.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num19_o.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num1_o.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num2.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num2_o.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num3.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num3_o.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num4.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num4_o.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num5.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num5_o.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num6.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num6_o.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num7.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num7_o.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num8.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num8_o.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num9.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\num9_o.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\pause.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\pause_d.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\pause_o.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\play.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\play_d.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\play_o.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\prev.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\prev_d.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\prev_o.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_03.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_05.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_06.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_10.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_11.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_12.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_13.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_18.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_51.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_58.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_59.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_62.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_63.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_66.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_68.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_70.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_72.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_74.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_76.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_78.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_80.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_82.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_84.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_87.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_88.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_89.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_90.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_91.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_92.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_93.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_94.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_95.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_96.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_97.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\Slice_98.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\spacer.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\stop.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\stop_d.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\stop_o.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\up.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\up_d.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\images\up_o.gif
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\dvdvideo.htm
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\frame
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\index.htm
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\index2.htm
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\popnew.htm
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\popwin.htm
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\premain.htm
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\resume.htm
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\script
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\sload.htm
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\vari.htm
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\vari2.htm
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\void.htm
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\frame\1f.htm
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\frame\2f.htm
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\script\common.js
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\script\IAlib.js
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\script\static.js
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\script\vari.js
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\script\vid.js
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x2\default.htm
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x2\vidplay.htm
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x2\win
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x2\win\dvdvideo.htm
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x2\win\frame
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x2\win\index.htm
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x2\win\index2.htm
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x2\win\popnew.htm
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x2\win\popwin.htm
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x2\win\premain.htm
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x2\win\resume.htm
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x2\wi
    0
  7. gen-hackman
     
    salut

    ▶ Relance List&Kill'em(soit en clic droit pour vista),avec le raccourci sur ton bureau.
    mais cette fois-ci :

    ▶ choisis l'option 2 = Mode Suppression

    laisse travailler l'outil.

    en fin de scan un rapport s'ouvre

    ▶ colle le contenu dans ta reponse
    0
  8. Kraneuse Messages postés 19 Statut Membre
     
    Voici le resultats

    Kill'em by g3n-h@ckm@n 1.2.1.4

    User : Jay (Administrateurs)
    Update on 02/02/2010 by g3n-h@ckm@n ::::: 00.45
    Start at: 16:54:45 | 2010-02-03
    Contact : g3n-h@ckm@n sur CCM

    Intel(R) Celeron(R) CPU 2.80GHz
    Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
    Internet Explorer 8.0.6001.18702
    Windows Firewall Status : Disabled
    AV : Kaspersky Internet Security 9.0.0.463 [ Enabled | Updated ]
    FW : Kaspersky Internet Security[ Enabled ]9.0.0.463

    A:\ -> Lecteur de disquettes 3 ½ pouces
    C:\ -> Disque fixe local | 52,7 Go (16,58 Go free) | NTFS
    D:\ -> Disque fixe local | 18,61 Go (10,09 Go free) [Sauvegarder] | NTFS
    E:\ -> Disque CD-ROM

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Jay\Mes documents\Les photos\Joannie PIk\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Jay\Bureau\List_Kill'em\List_Kill'em.scr
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Documents and Settings\Jay\Local Settings\Temp\E5.tmp\pv.exe

    Detections :
    ==========

    ¤¤¤¤¤¤¤¤¤¤ Files/folders :

    Quarantined & Deleted !! : C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    Quarantined & Deleted !! : C:\WINDOWS\002885_.tmp

    Quarantined & Deleted !! : C:\WINDOWS\system32\x3daudio1_0.dll
    Quarantined & Deleted !! : C:\WINDOWS\system32\x3daudio1_1.dll
    Quarantined & Deleted !! : C:\WINDOWS\system32\x3daudio1_2.dll
    Quarantined & Deleted !! : C:\WINDOWS\system32\xinput9_1_0.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
    Quarantined & Deleted !! : C:\WINDOWS\system32\drivers\Sonyhcp.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET49.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET4B.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET57.tmp
    Quarantined & Deleted !! : C:\Documents and Settings\Jay\Application Data\wklnhst.dat
    Quarantined & Deleted !! : C:\Documents and Settings\Jay\Local Settings\Temp\dw.log

    ==============
    host file OK !
    ==============

    ========
    Registry
    ========
    Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
    Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}
    Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
    Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
    Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File execution Options\taskmgr.exe"
    Deleted : HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
    Deleted : HKCR\ImageOle.GifAnimator
    Deleted : HKCR\ImageOle.GifAnimator.1
    Deleted : HKCR\interface\{0C1CF2DF-05A3-4FEF-8CD4-F5CFC4355A16}
    Deleted : HKLM\SYSTEM\ControlSet001\Enum\Root\Legacy_BHDRVX86
    Deleted : HKLM\SYSTEM\ControlSet002\Enum\Root\Legacy_BHDRVX86

    ============
    Disk Cleaned
    ============

    ================
    Prefetch cleaned
    ================

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    0
  9. gen-hackman
     
    as-tu bien desactivé l antivirus pour la suppression ?
    0
  10. Kraneuse Messages postés 19 Statut Membre
     
    oups.. :S non, c'est grave??
    0
  11. gen-hackman
     
    oui enfin non mais il n a fait le travail qu'a moité

    relance list_kill'em , desinstalle-le , retelecharge-le et refais l option 2 sans antivirus
    0
  12. Kraneuse Messages postés 19 Statut Membre
     
    Tentative no 2 : j'ai desactivé l'antivirus

    Kill'em by g3n-h@ckm@n 1.2.2.0

    User : Jay (Administrateurs)
    Update on 03/02/2010 by g3n-h@ckm@n ::::: 16.30
    Start at: 18:37:08 | 2010-02-03
    Contact : https://forums.commentcamarche.net/forum/virus-securite-7

    Intel(R) Celeron(R) CPU 2.80GHz
    Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
    Internet Explorer 8.0.6001.18702
    Windows Firewall Status : Disabled
    AV : Kaspersky Internet Security 9.0.0.463 [ (!) Disabled | Updated ]
    FW : Kaspersky Internet Security[ (!) Disabled ]9.0.0.463

    A:\ -> Lecteur de disquettes 3 ½ pouces
    C:\ -> Disque fixe local | 52,7 Go (16,57 Go free) | NTFS
    D:\ -> Disque fixe local | 18,61 Go (10,09 Go free) [Sauvegarder] | NTFS
    E:\ -> Disque CD-ROM

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
    C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
    C:\Documents and Settings\Jay\Bureau\List_Kill'em\List_Kill'em.scr
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Documents and Settings\Jay\Local Settings\Temp\E6.tmp\ERUNT.EXE
    C:\Documents and Settings\Jay\Local Settings\Temp\E6.tmp\pv.exe

    Detections :
    ==========

    ¤¤¤¤¤¤¤¤¤¤ Files/folders :

    ==============
    host file OK !
    ==============

    ========
    Registry
    ========
    ¤¤¤¤¤¤¤¤¤¤ Services fonctionnels

    Ndisuio : Start = 3
    EapHost -> Start = 2
    Ip6Fw -> Start = 2
    SharedAccess -> Start = 2
    wscsvc -> Start = 2

    ============
    Disk Cleaned
    ============

    ================
    Prefetch cleaned
    ================

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    0
  13. gen-hackman
     
    Télécharge OTL de OLDTimer

    enregistre le sur ton Bureau.

    ▶ Double clic ( pour vista / 7 => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.

    ▶ Coche les 2 cases Lop et Purity

    ▶ Coche la case devant scan all users

    ▶ règle-le sur "60 Days"

    ▶ dans la colonne de gauche , mets tout sur all

    ne modifie pas ceci :

    "files created whithin" et "files modified whithin"


    ▶Clic sur Run Scan.

    A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

    Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)

    ▶▶▶ NE LE POSTE PAS SUR LE FORUM

    Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

    ▶ Clique sur Parcourir et cherche le fichier ci-dessus.

    ▶ Clique sur Ouvrir.

    ▶ Clique sur "Cliquez ici pour déposer le fichier".

    Un lien de cette forme :

    http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

    est ajouté dans la page.

    ▶ Copie ce lien dans ta réponse.

    ▶▶ Tu feras la meme chose avec le "Extra.txt".
    0
  14. Kraneuse Messages postés 19 Statut Membre
     
    OTL
    http://www.cijoint.fr/cjlink.php?file=cj201002/cijzF39XYH.txt

    Extra
    http://www.cijoint.fr/cjlink.php?file=cj201002/cij3f4wzrm.txt
    0
  15. gen-hackman
     
    ▶ Télécharge Zeb-Restoreet enregistre ce fichier sur le bureau.

    ▶-Clic droit Zeb-Restore.zip ==> Extraire tout choisis comme lieu d'enregistrement le bureau.

    ▶-Ouvre le dossier ZR_1.0.0.37 ==> double clic sur Zeb-Restore.exe

    ▶- Coche la case devant : sites de confiance

    ▶- Ne coche aucune autre case

    ▶-Clique sur Restaurer

    ▶-Redémarre ton PC

    ensuite :

    ▶ Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
    * - Coche Afficher les fichiers et dossiers cachés
    * - Décoche Masquer les extensions des fichiers dont le type est connu
    * - Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)

    ▶ clique sur Appliquer, puis OK.

    N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important

    Fais analyser le(s) fichier(s) suivants sur Virustotal :

    Virus Total

    * Clique sur Parcourir en haut, choisis Poste de travail et cherche ces fichiers :

    C:\WINDOWS\sysgtime.dll
    C:\WINDOWS\System32\proclsvr.drv


    * Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
    * Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
    * Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
    * Une nouvelle fenêtre de ton navigateur va apparaître
    * Clique alors sur les deux fleches
    * Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
    * Enfin colle le résultat dans ta prochaine réponse.

    Note : Pour analyser un autre fichier, clique en bas sur Autre fichier.

    ensuite :

    ▶ clic droit "executer en tant qu'administrateur" sur OTL.exe pour le lancer.

    ▶Copie la liste qui se trouve en gras ci-dessous,

    ▶ colle-la dans la zone sous Customs Scans/Fixes :

    :processes
    explorer.exe
    iexplore.exe
    firefox.exe
    msnmsgr.exe
    Teatimer.exe

    :OTL
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
    O3 - HKLM\..\Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Reg Error: Key error.)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Reg Error: Key error.)
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (Reg Error: Key error.)
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {C212D449-8B3C-41F2-BD9A-047BD770550F} http://www.fiaa.eu/OPLauncher.cab (Perparer Class)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/su2/CTL_V02002/ocx/15033/CTPID.cab (Reg Error: Key error.)
    O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
    O33 - MountPoints2\{73e51da2-f4b7-11de-8920-001676a492e8}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
    O33 - MountPoints2\{e996eda2-936f-11dc-8304-001676a492e8}\Shell - "" = AutoRun
    O33 - MountPoints2\{e996eda2-936f-11dc-8304-001676a492e8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found

    :reg
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "ISUSScheduler"=-

    :commands
    [emptytemp]
    [start explorer]
    [reboot]


    ▶ Clique sur RunFix pour lancer la suppression.

    ▶ Poste le rapport.
    0
  16. Kraneuse Messages postés 19 Statut Membre
     
    Fichier sysgtime.dll reçu le 2010.02.04 03:57:39 (UTC)Antivirus Version Dernière mise à jour Résultat
    a-squared 4.5.0.50 2010.02.04 -
    AhnLab-V3 5.0.0.2 2010.02.04 -
    AntiVir 7.9.1.158 2010.02.03 -
    Antiy-AVL 2.0.3.7 2010.02.03 -
    Authentium 5.2.0.5 2010.02.04 -
    Avast 4.8.1351.0 2010.02.02 -
    AVG 9.0.0.730 2010.02.03 -
    BitDefender 7.2 2010.02.04 -
    CAT-QuickHeal 10.00 2010.02.03 -
    ClamAV 0.96.0.0-git 2010.02.03 -
    Comodo 3811 2010.02.04 -
    DrWeb 5.0.1.12222 2010.02.04 -
    eSafe 7.0.17.0 2010.02.03 -
    eTrust-Vet 35.2.7281 2010.02.04 -
    F-Prot 4.5.1.85 2010.02.04 -
    F-Secure 9.0.15370.0 2010.02.04 -
    Fortinet 4.0.14.0 2010.02.04 -
    GData 19 2010.02.04 -
    Ikarus T3.1.1.80.0 2010.02.04 -
    Jiangmin 13.0.900 2010.02.03 -
    K7AntiVirus 7.10.966 2010.02.03 -
    Kaspersky 7.0.0.125 2010.02.04 -
    McAfee 5881 2010.02.03 -
    McAfee+Artemis 5881 2010.02.03 -
    McAfee-GW-Edition 6.8.5 2010.02.03 -
    Microsoft 1.5406 2010.02.03 -
    NOD32 4833 2010.02.03 -
    Norman 6.04.03 2010.02.03 -
    nProtect 2009.1.8.0 2010.02.03 -
    Panda 10.0.2.2 2010.02.03 -
    PCTools 7.0.3.5 2010.02.04 -
    Prevx 3.0 2010.02.04 -
    Rising 22.33.03.01 2010.02.04 -
    Sophos 4.50.0 2010.02.04 -
    Sunbelt 3.2.1858.2 2010.02.04 -
    TheHacker 6.5.1.0.179 2010.02.04 -
    TrendMicro 9.120.0.1004 2010.02.04 -
    VBA32 3.12.12.1 2010.02.03 -
    ViRobot 2010.2.4.2171 2010.02.04 -
    VirusBuster 5.0.21.0 2010.02.03 -

    Information additionnelle
    File size: 24448 bytes
    MD5...: 22a75b83e04acbf0969231691b486a3c
    SHA1..: 24cd82d3cf990538f3928e9513b992052dde7ccc
    SHA256: cd889e8faffe2fa22bd4411bfa2c42fea1eb6970424269732cec0ea566964f9c
    ssdeep: 3:Hgje6qj2gin:AKk<BR>
    PEiD..: -
    PEInfo: -
    RDS...: NSRL Reference Data Set<BR>-
    pdfid.: -
    trid..: Unknown!
    sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>

    Fichier proclsvr.drv reçu le 2010.02.04 04:00:59 (UTC)Antivirus Version Dernière mise à jour Résultat
    a-squared 4.5.0.50 2010.02.04 -
    AhnLab-V3 5.0.0.2 2010.02.04 -
    AntiVir 7.9.1.158 2010.02.03 -
    Antiy-AVL 2.0.3.7 2010.02.03 -
    Authentium 5.2.0.5 2010.02.04 -
    Avast 4.8.1351.0 2010.02.02 -
    AVG 9.0.0.730 2010.02.03 -
    BitDefender 7.2 2010.02.04 -
    CAT-QuickHeal 10.00 2010.02.03 -
    ClamAV 0.96.0.0-git 2010.02.03 -
    Comodo 3811 2010.02.04 -
    DrWeb 5.0.1.12222 2010.02.04 -
    eSafe 7.0.17.0 2010.02.03 -
    eTrust-Vet 35.2.7281 2010.02.04 -
    F-Prot 4.5.1.85 2010.02.04 -
    F-Secure 9.0.15370.0 2010.02.04 -
    Fortinet 4.0.14.0 2010.02.04 -
    GData 19 2010.02.04 -
    Ikarus T3.1.1.80.0 2010.02.04 -
    K7AntiVirus 7.10.966 2010.02.03 -
    Kaspersky 7.0.0.125 2010.02.04 -
    McAfee 5881 2010.02.03 -
    McAfee+Artemis 5881 2010.02.03 -
    McAfee-GW-Edition 6.8.5 2010.02.03 -
    Microsoft 1.5406 2010.02.03 -
    NOD32 4833 2010.02.03 -
    Norman 6.04.03 2010.02.03 -
    nProtect 2009.1.8.0 2010.02.03 -
    Panda 10.0.2.2 2010.02.03 -
    PCTools 7.0.3.5 2010.02.04 -
    Prevx 3.0 2010.02.04 -
    Rising 22.33.03.01 2010.02.04 -
    Sophos None 2010.02.04 -
    Sunbelt 3.2.1858.2 2010.02.04 -
    TheHacker 6.5.1.0.179 2010.02.04 -
    TrendMicro 9.120.0.1004 2010.02.04 -
    VBA32 3.12.12.1 2010.02.03 -
    ViRobot 2010.2.4.2171 2010.02.04 -
    VirusBuster 5.0.21.0 2010.02.03 -

    Information additionnelle
    File size: 24448 bytes
    MD5...: 1d03eda8ecaf1be9223f12c891bbb5c1
    SHA1..: 90669b4216583540b18a6af177accefc41852e06
    SHA256: 231075bae934db870bed2ffcc53ef2f72ae8d1a2dee545dbbde97220df47c499
    ssdeep: 3:HgBNLAjWnAm:APP<BR>
    PEiD..: -
    PEInfo: -
    RDS...: NSRL Reference Data Set<BR>-
    pdfid.: -
    trid..: Unknown!
    sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>
    0
  17. Kraneuse Messages postés 19 Statut Membre
     
    Mais je relance OTL avec les memes options que la premiere fois??
    0
  18. Kraneuse Messages postés 19 Statut Membre
     
    All processes killed
    ========== PROCESSES ==========
    No active process named explorer.exe was found!
    No active process named iexplore.exe was found!
    No active process named firefox.exe was found!
    No active process named msnmsgr.exe was found!
    No active process named Teatimer.exe was found!
    ========== OTL ==========
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
    Starting removal of ActiveX control {0CCA191D-13A6-4E29-B746-314DEE697D83}
    C:\WINDOWS\Downloaded Program Files\PhotoUploader5.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0CCA191D-13A6-4E29-B746-314DEE697D83}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CCA191D-13A6-4E29-B746-314DEE697D83}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0CCA191D-13A6-4E29-B746-314DEE697D83}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CCA191D-13A6-4E29-B746-314DEE697D83}\ not found.
    Starting removal of ActiveX control {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll\ not found.
    Starting removal of ActiveX control {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
    C:\WINDOWS\Downloaded Program Files\mcinsctl.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
    Starting removal of ActiveX control {67DABFBF-D0AB-41FA-9C46-CC0F21721616}
    C:\WINDOWS\Downloaded Program Files\DivXPlugin.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\WINDOWS\Downloaded Program Files\erma.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Starting removal of ActiveX control {C212D449-8B3C-41F2-BD9A-047BD770550F}
    C:\WINDOWS\Downloaded Program Files\OPLauncher.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C212D449-8B3C-41F2-BD9A-047BD770550F}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C212D449-8B3C-41F2-BD9A-047BD770550F}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C212D449-8B3C-41F2-BD9A-047BD770550F}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C212D449-8B3C-41F2-BD9A-047BD770550F}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {F6ACF75C-C32C-447B-9BEF-46B766368D29}
    C:\WINDOWS\Downloaded Program Files\CTPID.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{F6ACF75C-C32C-447B-9BEF-46B766368D29}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6ACF75C-C32C-447B-9BEF-46B766368D29}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F6ACF75C-C32C-447B-9BEF-46B766368D29}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6ACF75C-C32C-447B-9BEF-46B766368D29}\ not found.
    Starting removal of ActiveX control CabBuilder
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\CabBuilder\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\CabBuilder\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\CabBuilder\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73e51da2-f4b7-11de-8920-001676a492e8}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73e51da2-f4b7-11de-8920-001676a492e8}\ not found.
    File F:\setup.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e996eda2-936f-11dc-8304-001676a492e8}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e996eda2-936f-11dc-8304-001676a492e8}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e996eda2-936f-11dc-8304-001676a492e8}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e996eda2-936f-11dc-8304-001676a492e8}\ not found.
    File F:\LaunchU3.exe not found.
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSScheduler not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Francis
    ->Temp folder emptied: 45034658 bytes
    ->Temporary Internet Files folder emptied: 11479526 bytes
    ->Java cache emptied: 12697675 bytes

    User: Francis et Minoc
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 5513566 bytes

    User: Invité
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 5865597 bytes

    User: Ismael
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Jay
    ->Temp folder emptied: 7635448 bytes
    ->Temporary Internet Files folder emptied: 14634760 bytes
    ->Java cache emptied: 0 bytes
    ->Apple Safari cache emptied: 2501374 bytes

    User: LocalService
    ->Temp folder emptied: 66351 bytes
    ->Temporary Internet Files folder emptied: 49554 bytes

    User: NetworkService
    ->Temp folder emptied: 2116417 bytes
    ->Temporary Internet Files folder emptied: 81035092 bytes

    User: Propriétaire

    User: Roland
    ->Temp folder emptied: 43532810 bytes
    ->Temporary Internet Files folder emptied: 44788016 bytes
    ->Java cache emptied: 25856102 bytes

    User: TEMP
    ->Temporary Internet Files folder emptied: 32768 bytes

    User: TEMP.SALON
    ->Temporary Internet Files folder emptied: 147456 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 3072 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 213656 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 503898 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 35876 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 290,00 mb

    OTL by OldTimer - Version 3.1.27.1 log created on 02042010_003501

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
    0
  19. Kraneuse Messages postés 19 Statut Membre
     
    Et pourrais tu me recommander un antivirus de depannage car le mien vient tout juste d'expirer...
    0
  20. Kraneuse Messages postés 19 Statut Membre
     
    http://www.cijoint.fr/cjlink.php?file=cj201002/cijRAVOoCU.txt

    ya pas eu d'extras cette fois ci
    0
  • 1
  • 2