Virus internet security 2010
hlubflo
Messages postés
1
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
je sollicite votre aide car un virus "internet security 2010 s'est incrusté dans mon pc. Je l'avais donc éteins et depuis il se rallume mais s'éteint qq minutes après.
Je ne peux donc plus rien faire sur mon pc...
J'ai vraiment besoin de votre aide!!!
je sollicite votre aide car un virus "internet security 2010 s'est incrusté dans mon pc. Je l'avais donc éteins et depuis il se rallume mais s'éteint qq minutes après.
Je ne peux donc plus rien faire sur mon pc...
J'ai vraiment besoin de votre aide!!!
A voir également:
- Virus internet security 2010
- Microsoft security essentials - Télécharger - Antivirus & Antimalwares
- Eset internet security download - Télécharger - Sécurité
- Virus mcafee - Accueil - Piratage
- Gps sans internet - Guide
- Clé activation office 2010 gratuit - Télécharger - Sécurité
7 réponses
salut
Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection)
▶ Télécharge List&Kill'em et enregistre le sur ton bureau
▶ Branche clés usb , disques durs externes , mp3 , mp4 , etc..
double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation
coche la case "creer une icone sur le bureau"
une fois terminée , clic sur "terminer" et le programme se lancera seul
choisis la langue puis choisis l'option 1 = Mode Recherche
▶ laisse travailler l'outil
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.
un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.
▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
tu peux supprimer le rapport catchme.log de ton bureau maintenant.
Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection)
▶ Télécharge List&Kill'em et enregistre le sur ton bureau
▶ Branche clés usb , disques durs externes , mp3 , mp4 , etc..
double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation
coche la case "creer une icone sur le bureau"
une fois terminée , clic sur "terminer" et le programme se lancera seul
choisis la langue puis choisis l'option 1 = Mode Recherche
▶ laisse travailler l'outil
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.
un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.
▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
tu peux supprimer le rapport catchme.log de ton bureau maintenant.
salut :
▶ Relance List&Kill'em(soit en clic droit pour vista),avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'option 2 = Mode Suppression
laisse travailler l'outil.
en fin de scan un rapport s'ouvre
▶ colle le contenu dans ta reponse
▶ Relance List&Kill'em(soit en clic droit pour vista),avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'option 2 = Mode Suppression
laisse travailler l'outil.
en fin de scan un rapport s'ouvre
▶ colle le contenu dans ta reponse
Merci pour ta réponse, voici le second rapport:
Kill'em by g3n-h@ckm@n 1.2.5.0
User : carole (Administrateurs)
Update on 08/02/2010 by g3n-h@ckm@n ::::: 15.30
Start at: 11:37:42 | 14/02/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7
Genuine Intel(R) CPU T2050 @ 1.60GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 7.0.5730.11
Windows Firewall Status : Enabled
AV : avast! antivirus 4.8.1335 [VPS 100213-1] 4.8.1335 [ Enabled | Updated ]
FW : Norton Internet Worm Protection[ (!) Disabled ]2006
C:\ -> Disque fixe local | 103,97 Go (65,38 Go free) [HDD] | NTFS
D:\ -> Disque CD-ROM
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\carole\Local Settings\Application Data\av.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\APPS\SMP\SmpSys.exe
C:\Program Files\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\Program Files\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\List_Kill'em\List_Kill'em.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\carole\Local Settings\Temp\DC7.tmp\ERUNT.EXE
C:\Documents and Settings\carole\Local Settings\Temp\DC7.tmp\pv.exe
Detections :
==========
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\WINDOWS\kb913800.exe
Quarantined & Deleted !! : C:\WINDOWS\System32\SynSvc_.exe
Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Quarantined & Deleted !! : C:\WINDOWS\System32\SET37.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET38.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET83.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET85.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET91.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SETCA.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SETCF.tmp
Quarantined & Deleted !! : C:\Documents and Settings\carole\Application Data\GDIPFONTCACHEV1.DAT
Quarantined & Deleted !! : C:\Documents and Settings\carole\Local Settings\Temp\AC2.tmp
Quarantined & Deleted !! : C:\Documents and Settings\carole\Local Settings\Temp\AC3.tmp
Quarantined & Deleted !! : C:\Documents and Settings\carole\Local Settings\Temp\AC4.tmp
Quarantined & Deleted !! : C:\Documents and Settings\carole\Local Settings\Temp\AC5.tmp
Quarantined & Deleted !! : C:\Documents and Settings\carole\Local Settings\Temp\AC6.tmp
Quarantined & Deleted !! : C:\Documents and Settings\carole\Local Settings\Temp\AC7.tmp
Quarantined & Deleted !! : C:\Documents and Settings\carole\Local Settings\Temp\AC8.tmp
Quarantined & Deleted !! : C:\Documents and Settings\carole\Local Settings\Temp\AC9.tmp
Quarantined & Deleted !! : C:\Documents and Settings\carole\Local Settings\Temp\ACA.tmp
Quarantined & Deleted !! : C:\Documents and Settings\carole\Local Settings\Temp\ACB.tmp
Quarantined & Deleted !! : C:\Documents and Settings\carole\Local Settings\Temp\ACC.tmp
Quarantined & Deleted !! : C:\Documents and Settings\carole\Local Settings\Temp\ACD.tmp
Quarantined & Deleted !! : C:\Documents and Settings\carole\Local Settings\Temp\ACE.tmp
Quarantined & Deleted !! : C:\Documents and Settings\carole\Local Settings\Temp\ACF.tmp
Quarantined & Deleted !! : C:\Documents and Settings\carole\Local Settings\Temp\dw.log
Quarantined & Deleted !! : C:\Documents and Settings\carole\LOCAL Settings\Temp\Install.wse.exe
Quarantined & Deleted !! : C:\Documents and Settings\carole\LOCAL Settings\Temp\Install_Messenger.exe
Quarantined & Deleted !! : C:\Documents and Settings\carole\LOCAL Settings\Temp\Install_WLMessenger.exe
Quarantined & Deleted !! : C:\Documents and Settings\carole\LOCAL Settings\Temp\jre-6u1-windows-i586-p-iftw_fa96d0d7.exe
Quarantined & Deleted !! : C:\Documents and Settings\carole\LOCAL Settings\Temp\matcleanup.exe
Quarantined & Deleted !! : C:\Documents and Settings\carole\LOCAL Settings\Temp\MCCCleanup.exe
Quarantined & Deleted !! : C:\Documents and Settings\carole\LOCAL Settings\Temp\setup_wm.exe
Quarantined & Deleted !! : C:\Documents and Settings\carole\LOCAL Settings\Temp\SHSetup.exe
Quarantined & Deleted !! : C:\Documents and Settings\carole\LOCAL Settings\Temp\wlsetup-cvr.exe
Quarantined & Deleted !! : C:\Documents and Settings\carole\LOCAL Settings\Temp\AVRES_OPTRF_LiveUpdate.dat
Quarantined & Deleted !! : C:\Documents and Settings\carole\LOCAL Settings\Temp\Perflib_Perfdata_c04.dat
Quarantined & Deleted !! : C:\Documents and Settings\carole\LOCAL Settings\Temp\catchme.dll
Quarantined & Deleted !! : C:\Documents and Settings\carole\LOCAL Settings\Temp\InstHelp.dll
Quarantined & Deleted !! : C:\Documents and Settings\carole\LOCAL Settings\Temp\tmpCB9.tmp
Quarantined & Deleted !! : C:\Documents and Settings\carole\RefEdit.exd
==============
host file OK !
==============
========
Registry
========
Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
========
Services
=========
Ndisuio : Start = 3
Ip6Fw : Start = 2
SharedAccess : Start = 2
windefend : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2
============
Disk Cleaned
============
=================
anti-ver blaster : OK !!
=================
================
Prefetch cleaned
================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Kill'em by g3n-h@ckm@n 1.2.5.0
User : carole (Administrateurs)
Update on 08/02/2010 by g3n-h@ckm@n ::::: 15.30
Start at: 11:37:42 | 14/02/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7
Genuine Intel(R) CPU T2050 @ 1.60GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 7.0.5730.11
Windows Firewall Status : Enabled
AV : avast! antivirus 4.8.1335 [VPS 100213-1] 4.8.1335 [ Enabled | Updated ]
FW : Norton Internet Worm Protection[ (!) Disabled ]2006
C:\ -> Disque fixe local | 103,97 Go (65,38 Go free) [HDD] | NTFS
D:\ -> Disque CD-ROM
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\carole\Local Settings\Application Data\av.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\APPS\SMP\SmpSys.exe
C:\Program Files\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\Program Files\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\List_Kill'em\List_Kill'em.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\carole\Local Settings\Temp\DC7.tmp\ERUNT.EXE
C:\Documents and Settings\carole\Local Settings\Temp\DC7.tmp\pv.exe
Detections :
==========
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\WINDOWS\kb913800.exe
Quarantined & Deleted !! : C:\WINDOWS\System32\SynSvc_.exe
Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Quarantined & Deleted !! : C:\WINDOWS\System32\SET37.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET38.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET83.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET85.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET91.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SETCA.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SETCF.tmp
Quarantined & Deleted !! : C:\Documents and Settings\carole\Application Data\GDIPFONTCACHEV1.DAT
Quarantined & Deleted !! : C:\Documents and Settings\carole\Local Settings\Temp\AC2.tmp
Quarantined & Deleted !! : C:\Documents and Settings\carole\Local Settings\Temp\AC3.tmp
Quarantined & Deleted !! : C:\Documents and Settings\carole\Local Settings\Temp\AC4.tmp
Quarantined & Deleted !! : C:\Documents and Settings\carole\Local Settings\Temp\AC5.tmp
Quarantined & Deleted !! : C:\Documents and Settings\carole\Local Settings\Temp\AC6.tmp
Quarantined & Deleted !! : C:\Documents and Settings\carole\Local Settings\Temp\AC7.tmp
Quarantined & Deleted !! : C:\Documents and Settings\carole\Local Settings\Temp\AC8.tmp
Quarantined & Deleted !! : C:\Documents and Settings\carole\Local Settings\Temp\AC9.tmp
Quarantined & Deleted !! : C:\Documents and Settings\carole\Local Settings\Temp\ACA.tmp
Quarantined & Deleted !! : C:\Documents and Settings\carole\Local Settings\Temp\ACB.tmp
Quarantined & Deleted !! : C:\Documents and Settings\carole\Local Settings\Temp\ACC.tmp
Quarantined & Deleted !! : C:\Documents and Settings\carole\Local Settings\Temp\ACD.tmp
Quarantined & Deleted !! : C:\Documents and Settings\carole\Local Settings\Temp\ACE.tmp
Quarantined & Deleted !! : C:\Documents and Settings\carole\Local Settings\Temp\ACF.tmp
Quarantined & Deleted !! : C:\Documents and Settings\carole\Local Settings\Temp\dw.log
Quarantined & Deleted !! : C:\Documents and Settings\carole\LOCAL Settings\Temp\Install.wse.exe
Quarantined & Deleted !! : C:\Documents and Settings\carole\LOCAL Settings\Temp\Install_Messenger.exe
Quarantined & Deleted !! : C:\Documents and Settings\carole\LOCAL Settings\Temp\Install_WLMessenger.exe
Quarantined & Deleted !! : C:\Documents and Settings\carole\LOCAL Settings\Temp\jre-6u1-windows-i586-p-iftw_fa96d0d7.exe
Quarantined & Deleted !! : C:\Documents and Settings\carole\LOCAL Settings\Temp\matcleanup.exe
Quarantined & Deleted !! : C:\Documents and Settings\carole\LOCAL Settings\Temp\MCCCleanup.exe
Quarantined & Deleted !! : C:\Documents and Settings\carole\LOCAL Settings\Temp\setup_wm.exe
Quarantined & Deleted !! : C:\Documents and Settings\carole\LOCAL Settings\Temp\SHSetup.exe
Quarantined & Deleted !! : C:\Documents and Settings\carole\LOCAL Settings\Temp\wlsetup-cvr.exe
Quarantined & Deleted !! : C:\Documents and Settings\carole\LOCAL Settings\Temp\AVRES_OPTRF_LiveUpdate.dat
Quarantined & Deleted !! : C:\Documents and Settings\carole\LOCAL Settings\Temp\Perflib_Perfdata_c04.dat
Quarantined & Deleted !! : C:\Documents and Settings\carole\LOCAL Settings\Temp\catchme.dll
Quarantined & Deleted !! : C:\Documents and Settings\carole\LOCAL Settings\Temp\InstHelp.dll
Quarantined & Deleted !! : C:\Documents and Settings\carole\LOCAL Settings\Temp\tmpCB9.tmp
Quarantined & Deleted !! : C:\Documents and Settings\carole\RefEdit.exd
==============
host file OK !
==============
========
Registry
========
Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
========
Services
=========
Ndisuio : Start = 3
Ip6Fw : Start = 2
SharedAccess : Start = 2
windefend : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2
============
Disk Cleaned
============
=================
anti-ver blaster : OK !!
=================
================
Prefetch cleaned
================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
relance List_Kill'em , puis option desinstaller
ensuite :
Télécharge OTL de OLDTimer
▶ enregistre le sur ton Bureau.
▶ Double clic ( pour vista / 7 => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.
▶ Coche les 2 cases Lop et Purity
▶ Coche la case devant scan all users
▶ règle-le sur "60 Days"
▶ dans la colonne de gauche , mets tout sur all
ne modifie pas ceci :
"files created whithin" et "files modified whithin"
▶Clic sur Run Scan.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)
▶▶▶ NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier ci-dessus.
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
▶▶ Tu feras la meme chose avec le "Extra.txt".
ensuite :
Télécharge OTL de OLDTimer
▶ enregistre le sur ton Bureau.
▶ Double clic ( pour vista / 7 => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.
▶ Coche les 2 cases Lop et Purity
▶ Coche la case devant scan all users
▶ règle-le sur "60 Days"
▶ dans la colonne de gauche , mets tout sur all
ne modifie pas ceci :
"files created whithin" et "files modified whithin"
▶Clic sur Run Scan.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)
▶▶▶ NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier ci-dessus.
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
▶▶ Tu feras la meme chose avec le "Extra.txt".
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Voici les deux liens du rapport:
http://www.cijoint.fr/cjlink.php?file=cj201002/cijSL47v9y.txt
http://www.cijoint.fr/cjlink.php?file=cj201002/cijYa2hwfJ.txt
http://www.cijoint.fr/cjlink.php?file=cj201002/cijSL47v9y.txt
http://www.cijoint.fr/cjlink.php?file=cj201002/cijYa2hwfJ.txt
▶ Télécharge UsbFix
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
▶ Double clic sur le raccourci UsbFix présent sur ton bureau .
▶ Au menu principal choisis l'option " F " pour français et tape sur [entrée] .
▶ Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]
▶ Laisse travailler l'outil.
▶ Ensuite post le rapport UsbFix.txt qui apparaitra.
Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
▶ Double clic sur le raccourci UsbFix présent sur ton bureau .
▶ Au menu principal choisis l'option " F " pour français et tape sur [entrée] .
▶ Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]
▶ Laisse travailler l'outil.
▶ Ensuite post le rapport UsbFix.txt qui apparaitra.
Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
J'ai le même problème avec le rogue "xp internet security 2010" sur mon ordi. J'ai lancer ton outil et je te soumet le rapport. Aurais-tu une solution? Merci par avance.
List'em by g3n-h@ckm@n 1.2.5.0
User : carole (Administrateurs)
Update on 08/02/2010 by g3n-h@ckm@n ::::: 15.30
Start at: 23:16:24 | 13/02/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7
Genuine Intel(R) CPU T2050 @ 1.60GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 7.0.5730.11
Windows Firewall Status : Enabled
AV : avast! antivirus 4.8.1335 [VPS 100213-1] 4.8.1335 [ Enabled | Updated ]
FW : Norton Internet Worm Protection[ (!) Disabled ]2006
C:\ -> Disque fixe local | 103,97 Go (65,39 Go free) [HDD] | NTFS
D:\ -> Disque CD-ROM
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\WINDOWS\system32\ctfmon.exe
C:\APPS\SMP\SmpSys.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\carole\Local Settings\Application Data\av.exe
C:\Program Files\List_Kill'em\List_Kill'em.scr
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\carole\Local Settings\Temp\DE2.tmp\pv.exe
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SmpcSys REG_SZ C:\APPS\SMP\SmpSys.exe
MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
updateMgr REG_SZ C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
TomTomHOME.exe REG_SZ "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
IMJPMIG8.1 REG_SZ "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
PHIME2002ASync REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
ehTray REG_SZ C:\WINDOWS\ehome\ehtray.exe
Raccourci vers la page des propriétés de High Definition Audio REG_SZ HDAShCut.exe
SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
igfxtray REG_SZ C:\WINDOWS\system32\igfxtray.exe
igfxhkcmd REG_SZ C:\WINDOWS\system32\hkcmd.exe
igfxpers REG_SZ C:\WINDOWS\system32\igfxpers.exe
HControl REG_SZ C:\WINDOWS\ATK0100\HControl.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
DetectorApp REG_SZ C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
ISUSPM Startup REG_SZ C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
ISUSScheduler REG_SZ "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
BJCFD REG_SZ C:\Program Files\BroadJump\Client Foundation\CFD.exe
HP Software Update REG_SZ C:\Program Files\HP Software Update\HPWuSchd2.exe
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
RealTray REG_SZ C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
hpqSRMon REG_SZ C:\Program Files\Digital Imaging\bin\hpqSRMon.exe
ORAHSSSessionManager REG_SZ C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
Windows Defender REG_SZ "C:\Program Files\Windows Defender\MSASCui.exe" -hide
Malwarebytes Anti-Malware (reboot) REG_SZ "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
InstallVisualStyle REG_EXPAND_SZ C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
InstallTheme REG_EXPAND_SZ C:\WINDOWS\Resources\Themes\Royale.theme
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 145 (0x91)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoCDBurning REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultUserName REG_SZ carole
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 1 (0x1)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 1 (0x1)
Background REG_SZ 0 0 0
DefaultPassword REG_SZ
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 0 (0x0)
AltDefaultUserName REG_SZ carole
AltDefaultDomainName REG_SZ AIGNAN76
DefaultDomainName REG_SZ AIGNAN76
===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} REG_SZ Microsoft AntiMalware ShellExecuteHook
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%ProgramFiles%\AOL 9.0\aol.exe REG_SZ %ProgramFiles%\AOL 9.0\aol.exe:*:Enabled:AOL
%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe REG_SZ %ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA
%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe REG_SZ %ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe:*:Enabled:PANDORA
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\APPS\Inventime\my.exe REG_SZ C:\APPS\Inventime\my.exe:*:Enabled:INVENTIME
C:\Program Files\AOL 9.0\waol.exe REG_SZ C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0
C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\Program Files\MSN Messenger\msncall.exe REG_SZ C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Digital Imaging\bin\hpqscnvw.exe REG_SZ C:\Program Files\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
C:\Program Files\MSN Messenger\livecall.exe REG_SZ C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
C:\APPS\skype\phone\Skype.exe REG_SZ C:\APPS\skype\phone\Skype.exe:*:Enabled:Skype
D:\setup\HPZNUI01.EXE REG_SZ D:\setup\HPZNUI01.EXE:*:Enabled:hpznui01.exe
C:\Program Files\Digital Imaging\bin\hpqtra08.exe REG_SZ C:\Program Files\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
C:\Program Files\Digital Imaging\bin\hpqste08.exe REG_SZ C:\Program Files\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
C:\Program Files\Digital Imaging\bin\hpofxm08.exe REG_SZ C:\Program Files\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
C:\Program Files\Digital Imaging\bin\hposfx08.exe REG_SZ C:\Program Files\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
C:\Program Files\Digital Imaging\bin\hposid01.exe REG_SZ C:\Program Files\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
C:\Program Files\Digital Imaging\bin\hpqCopy.exe REG_SZ C:\Program Files\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
C:\Program Files\Digital Imaging\bin\hpfccopy.exe REG_SZ C:\Program Files\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
C:\Program Files\Digital Imaging\bin\hpzwiz01.exe REG_SZ C:\Program Files\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
C:\Program Files\Digital Imaging\Unload\HpqPhUnl.exe REG_SZ C:\Program Files\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
C:\Program Files\Digital Imaging\Unload\HpqDIA.exe REG_SZ C:\Program Files\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
C:\Program Files\Digital Imaging\bin\hpoews01.exe REG_SZ C:\Program Files\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
C:\Program Files\Digital Imaging\bin\hpqnrs08.exe REG_SZ C:\Program Files\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe
C:\Program Files\Digital Imaging\bin\hpiscnapp.exe REG_SZ C:\Program Files\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe
C:\Program Files\Digital Imaging\bin\hpqkygrp.exe REG_SZ C:\Program Files\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe REG_SZ C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\AOL 9.0\waol.exe REG_SZ C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0
C:\Program Files\MSN Messenger\msncall.exe REG_SZ C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\MSN Messenger\livecall.exe REG_SZ C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
===============
ActivX controls
===============
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\Microsoft XML Parser for Java
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D6F45B3-9043-443D-A792-115447494D24}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
===============
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\KB910393
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{166B1BCA-3F9C-11CF-8075-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1BC46932-21B2-4130-86E0-B4EB4F7A7A7B}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{407408d4-94ed-4d86-ab69-a7f649d112ee}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B508B3F1-A24A-32C0-B310-85786919EF28}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BDE0FA43-6952-4BA8-8C58-09AF690F88E1}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E8EA5BD6-D931-4001-ABF6-81BAA500360A}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FDC11A6F-17D1-48f9-9EA3-9051954BAA24}
==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0347C33E-8762-4905-BF09-768834316C61}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3 ( OK = 3 )
SharedAccess : 0x4 ( OK = 2 )
windefend : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
=========
Atapi.sys
=========
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Documents and Settings\carole\Local Settings\Temp\DE2.tmp
## C:\> hashdeep C:\WINDOWS\System32\Drivers\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\System32\Drivers\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Documents and Settings\carole\Local Settings\Temp\DE2.tmp
## C:\> hashdeep C:\WINDOWS\System32\DllCache\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\System32\DllCache\atapi.sys
Sources
=======
Référence :
==========
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
=======
Drive :
=======
D‚fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.
Rapport d'analyse
104 Go total, 65,39 Go libre (62%), 5% fragment‚ (fragmentation du fichier 11%)
Il ne vous est pas n‚cessaire de d‚fragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Present !! : C:\WINDOWS\kb913800.exe
Present !! : C:\WINDOWS\System32\*_.exe
Present !! : C:\WINDOWS\System32\ACTSKN43.ocx
Present !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Present !! : C:\WINDOWS\System32\SET*.tmp
Present !! : C:\Documents and Settings\carole\Application Data\GDIPFONTCACHEV1.DAT
Present !! : C:\Documents and Settings\carole\Application Data\GDIPFONTCACHEV1.DAT
Present !! : C:\Documents and Settings\carole\Local Settings\Temp\AC2.tmp
Present !! : C:\Documents and Settings\carole\Local Settings\Temp\AC3.tmp
Present !! : C:\Documents and Settings\carole\Local Settings\Temp\AC4.tmp
Present !! : C:\Documents and Settings\carole\Local Settings\Temp\AC5.tmp
Present !! : C:\Documents and Settings\carole\Local Settings\Temp\AC6.tmp
Present !! : C:\Documents and Settings\carole\Local Settings\Temp\AC7.tmp
Present !! : C:\Documents and Settings\carole\Local Settings\Temp\AC8.tmp
Present !! : C:\Documents and Settings\carole\Local Settings\Temp\AC9.tmp
Present !! : C:\Documents and Settings\carole\Local Settings\Temp\ACA.tmp
Present !! : C:\Documents and Settings\carole\Local Settings\Temp\ACB.tmp
Present !! : C:\Documents and Settings\carole\Local Settings\Temp\ACC.tmp
Present !! : C:\Documents and Settings\carole\Local Settings\Temp\ACD.tmp
Present !! : C:\Documents and Settings\carole\Local Settings\Temp\ACE.tmp
Present !! : C:\Documents and Settings\carole\Local Settings\Temp\ACF.tmp
Present !! : C:\Documents and Settings\carole\Local Settings\Temp\dw.log
Present !! : C:\Documents and Settings\carole\LOCAL Settings\Temp\Install.wse.exe
Present !! : C:\Documents and Settings\carole\LOCAL Settings\Temp\Install_Messenger.exe
Present !! : C:\Documents and Settings\carole\LOCAL Settings\Temp\Install_WLMessenger.exe
Present !! : C:\Documents and Settings\carole\LOCAL Settings\Temp\jre-6u1-windows-i586-p-iftw_fa96d0d7.exe
Present !! : C:\Documents and Settings\carole\LOCAL Settings\Temp\matcleanup.exe
Present !! : C:\Documents and Settings\carole\LOCAL Settings\Temp\MCCCleanup.exe
Present !! : C:\Documents and Settings\carole\LOCAL Settings\Temp\setup_wm.exe
Present !! : C:\Documents and Settings\carole\LOCAL Settings\Temp\SHSetup.exe
Present !! : C:\Documents and Settings\carole\LOCAL Settings\Temp\wlsetup-cvr.exe
Present !! : C:\Documents and Settings\carole\LOCAL Settings\Temp\AVRES_OPTRF_LiveUpdate.dat
Present !! : C:\Documents and Settings\carole\LOCAL Settings\Temp\Perflib_Perfdata_c04.dat
Present !! : C:\Documents and Settings\carole\LOCAL Settings\Temp\InstHelp.dll
Present !! : C:\Documents and Settings\carole\LOCAL Settings\Temp\tmpCB9.tmp
Present !! : C:\Documents and Settings\carole\RefEdit.exd
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
============
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
==========
Programs
==========
Adobe
Alwil Software
Analog Devices
AOL 9.0
AOL Compagnon
BroadJump
Club-Internet
Common Files
ComPlus Applications
CyberLink
Digital Imaging
Enigma Software Group
Fichiers communs
Free
Google
Hewlett-Packard
HP
HP Software Update
InstallShield Installation Information
Intel
Internet Explorer
Inventel
Java
Learn2.com
List_Kill'em
Malwarebytes' Anti-Malware
Messenger
Microsoft
Microsoft CAPICOM 2.1.0.2
microsoft frontpage
Microsoft Office
Microsoft Silverlight
Microsoft SQL Server Compact Edition
Microsoft Sync Framework
Movie Maker
MSBuild
MSN
MSN Gaming Zone
MSXML 4.0
MSXML 6.0
NetMeeting
Norman
Online Services
OrangeHSS
Outlook Express
Photosmart Essential
QuickTime
Real
Realtek
Reference Assemblies
Samsung
Securitoo
Services en ligne
SmartSound Software
Sonic
Synaptics
TomTom DesktopSuite
TomTom HOME 2
TomTom International B.V
Ulead Systems
Uninstall Information
Viewpoint
Windows Defender
Windows Live
Windows Live SkyDrive
Windows Live Toolbar
Windows Media Components
Windows Media Connect 2
Windows Media Player
Windows NT
Windows Plus
WindowsUpdate
WinRAR
xerox
============
Drive C:
============
0cd56e1fcc19b1f4847d5e9f16
8b55479400d773d80eed4bf6
APPS
bae2c9ffcbe82547ee8c59
BOOT.BAK
BOOT.INI
Bootfont.bin
cmdcons
cmldr
Config.Msi
conmgr.log
d43ce0a7f5aa4518096efb9c73
DIVTOOLS
Documents and Settings
DRIVERS
DWNLOG.TXT
found.000
hiberfil.sys
IO.SYS
IPH.PH
Kill'em
List'em.txt
MSDOS.SYS
My Music
Norman
NTDETECT.COM
NTLDR
pagefile.sys
PNP
Program Files
RECYCLER
rkill.log
SAUDIT.TXT
sqmdata00.sqm
sqmdata01.sqm
sqmdata02.sqm
sqmdata03.sqm
sqmdata04.sqm
sqmdata05.sqm
sqmdata06.sqm
sqmdata07.sqm
sqmdata08.sqm
sqmdata09.sqm
sqmdata10.sqm
sqmdata11.sqm
sqmdata12.sqm
sqmdata13.sqm
sqmdata14.sqm
sqmdata15.sqm
sqmdata16.sqm
sqmdata17.sqm
sqmdata18.sqm
sqmdata19.sqm
sqmnoopt00.sqm
sqmnoopt01.sqm
sqmnoopt02.sqm
sqmnoopt03.sqm
sqmnoopt04.sqm
sqmnoopt05.sqm
sqmnoopt06.sqm
sqmnoopt07.sqm
sqmnoopt08.sqm
sqmnoopt09.sqm
sqmnoopt10.sqm
sqmnoopt11.sqm
sqmnoopt12.sqm
sqmnoopt13.sqm
sqmnoopt14.sqm
sqmnoopt15.sqm
sqmnoopt16.sqm
sqmnoopt17.sqm
sqmnoopt18.sqm
sqmnoopt19.sqm
System Volume Information
WINDOWS
¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials
C:\APPS\OFFICE_1\33\ciel\Install.exe
C:\APPS\OFFICE_1\All\i110webupdate\Install.exe
C:\APPS\OFFICE_1\All\oonecoffre\Install.exe
C:\APPS\OFFICE_1\All\oonecomptes\Install.exe
C:\APPS\OFFICE_1\All\oonefonts\Install.exe
C:\APPS\OFFICE_1\All\oonemodels\Install.exe
C:\APPS\OFFICE_1\All\oonezip\Install.exe
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 0:20:55,09