probleme de virus

Question

Bonjour,
j'ai l'antivirus avast qui me dit que j'ai un virus je met en quarantaine a chaque fois il revient comment faire pour m'en debarrasser definitivement merci.nom du fichier DOCUME ADMINI 1 LOCAL 1 TEMP /53TREMP. WIN 32 TROJAN GEN . VIRUS/VER. VERSION VPS 100204-1,04/02/2010.j'attaends vos reponses au plus vite .merci

gen-hackman · Answer

salut :

Télécharge OTL de OLDTimer

&#9654 enregistre le sur ton Bureau.

&#9654 Double clic ( pour vista / 7 => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.

&#9654 Coche les 2 cases Lop et Purity

&#9654 Coche la case devant scan all users

&#9654 règle-le sur "60 Days"

&#9654 dans la colonne de gauche , mets tout sur all

ne modifie pas ceci : 

"files created whithin" et "files modified whithin" 

&#9654Clic sur Run Scan.

A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)

&#9654&#9654&#9654 NE LE POSTE PAS SUR LE FORUM

Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

&#9654 Clique sur Parcourir et cherche le fichier ci-dessus.

&#9654 Clique sur Ouvrir.

&#9654 Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

est ajouté dans la page.

&#9654 Copie ce lien dans ta réponse.

&#9654&#9654 Tu feras la meme chose avec le "Extra.txt".

choupette422 · Answer

J'espere que tu pourras m'aider  avec sa?http://www.cijoint.fr/cjlhttp://www.cijoint.fr/cjlink.php?file=cj201002/cijM82TKhL.txt ink.php?file=cj201002/cijMYQ2hOL.txt  J'ATTENDS TON AIDE MERCI

gen-hackman · Answer

la page demandée n'existe plus :(

choupette422 · Answer

COMMENT JE FAI S ALORS ?

gen-hackman · Answer

c'est bon je l'ai eu

Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection)

&#9654 Télécharge List&Kill'em et enregistre le sur ton bureau 

&#9654 Branche clés usb , disques durs externes , mp3 , mp4 , etc..

double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

coche la case "creer une icone sur le bureau"

une fois terminée , clic sur "terminer" et le programme se lancera seul

choisis la langue puis choisis l'option 1 = Mode Recherche

&#9654 laisse travailler l'outil

à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.

&#9654 Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"

tu peux supprimer le rapport catchme.log de ton bureau maintenant.

choupette422 · Answer

PKOI JE DOIS BRANCHER MON DISC DUR ET MON MP4

gen-hackman · Answer

car ils ont pu etre infectés

choupette422 · Answer

OU IL FAUT QUE JE POSTE LE CONTENUN DU RAPPORT QUI S'OUVRE A 100 POUR CENT A L'ECRAN

choupette422 · Answer

je pense que sa a marcher qu'est ce que je fais maintenant?

gen-hackman · Answer

tu colles le contenu dans ta reponse

choupette422 · Answer

JE TE COLLE TOUT ET JE TE L'ENVOIE ICI

gen-hackman · Answer

oui

choupette422 · Answer

List'em by g3n-h@ckm@n 1.2.2.1
User : Administrateur (Administrateurs) 
Update on 04/02/2010 by g3n-h@ckm@n ::::: 16.00 
Start at: 09:52:43 | 05/02/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7

              Intel(R) Pentium(R) 4 CPU 3.40GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : avast! antivirus 4.8.1368 [VPS 100204-1] 4.8.1368 [ (!) Disabled | Updated ]

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 149,05 Go (109,51 Go free) | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque fixe local | 298,02 Go (165,05 Go free) [STOREX] | FAT32

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running 

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\infocard.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\InternetSecurity2010\IS2010.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\List_Kill'em\List_Kill'em.scr
C:\WINDOWS\system32\cmd.exe
C:\Program Files\List_Kill'em\List_Kill'em.scr
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Administrateur\Local Settings\Temp\98.tmp\pv.exe

======================
Keys "Run" 
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE	REG_SZ         	C:\WINDOWS\system32\ctfmon.exe
WOOKIT	REG_SZ         	C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
SpybotSD TeaTimer	REG_SZ         	C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
swg	REG_SZ         	"C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
msnmsgr	REG_SZ         	~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
Steam	REG_SZ         	"C:\Program Files\Steam\Steam.exe" -silent
Internet Security 2010	REG_SZ         	C:\Program Files\InternetSecurity2010\IS2010.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
nwiz	REG_SZ         	nwiz.exe /installquiet 
NvCplDaemon	REG_SZ         	RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup 
avast!	REG_SZ         	C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 
WOOWATCH	REG_SZ         	C:\PROGRA~1\Wanadoo\Watch.exe 
WOOTASKBARICON	REG_SZ         	C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe 
Share-to-Web Namespace Daemon	REG_SZ         	C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe 
Easy-PrintToolBox	REG_SZ         	C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon 
Babylon Client	REG_SZ         	C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart 
LifeCam	REG_SZ         	"C:\Program Files\Microsoft LifeCam\LifeExp.exe" 
VX1000	REG_SZ         	C:\WINDOWS\vVX1000.exe 
SweetIM	REG_SZ         	C:\Program Files\SweetIM\Messenger\SweetIM.exe 
Firewall Administrating	REG_SZ         	infocard.exe 
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] 
dontdisplaylastusername	REG_DWORD      	0 (0x0) 
legalnoticecaption	REG_SZ         	 
legalnoticetext	REG_SZ         	 
shutdownwithoutlogon	REG_DWORD      	1 (0x1) 
undockwithoutlogon	REG_DWORD      	1 (0x1) 
EnableLUA	REG_DWORD      	0 (0x0) 

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] 
NoDriveTypeAutoRun	REG_BINARY     	95000000 
NoSetActiveDesktop	REG_DWORD      	1 (0x1) 
NoActiveDesktopChanges	REG_DWORD      	1 (0x1) 

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] 
HonorAutoRunSetting	REG_DWORD      	1 (0x1) 
NoSetActiveDesktop	REG_DWORD      	1 (0x1) 
NoActiveDesktopChanges	REG_DWORD      	1 (0x1) 

=============== 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS	REG_SZ         	

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 
 AutoRestartShell	REG_DWORD      	1 (0x1) 
 DefaultUserName	REG_SZ         	Administrateur 
 LegalNoticeCaption	REG_SZ         	 
 LegalNoticeText	REG_SZ         	 
 PowerdownAfterShutdown	REG_SZ         	0 
 ReportBootOk	REG_SZ         	1 
 Shell	REG_SZ         	Explorer.exe rundll32.exe qtru.lfo gynfhtv 
 ShutdownWithoutLogon	REG_SZ         	0 
 System	REG_SZ         	 
 Userinit	REG_SZ         	C:\WINDOWS\system32\winlogon32.exe 
 VmApplet	REG_SZ         	rundll32 shell32,Control_RunDLL "sysdm.cpl" 
 SfcQuota	REG_DWORD      	-1 (0xffffffff) 
 allocatecdroms	REG_SZ         	0 
 allocatedasd	REG_SZ         	0 
 allocatefloppies	REG_SZ         	0 
 cachedlogonscount	REG_SZ         	10 
 forceunlocklogon	REG_DWORD      	0 (0x0) 
 passwordexpirywarning	REG_DWORD      	14 (0xe) 
 scremoveoption	REG_SZ         	0 
 AllowMultipleTSSessions	REG_DWORD      	1 (0x1) 
 UIHost	REG_EXPAND_SZ  	logonui.exe 
 LogonType	REG_DWORD      	1 (0x1) 
 Background	REG_SZ         	0 0 0 
 DefaultPassword	REG_SZ         	 
 DebugServerCommand	REG_SZ         	no 
 SFCDisable	REG_DWORD      	0 (0x0) 
 WinStationsDisabled	REG_SZ         	0 
 HibernationPreviouslyEnabled	REG_DWORD      	1 (0x1) 
 ShowLogonOptions	REG_DWORD      	0 (0x0) 
 AltDefaultUserName	REG_SZ         	Administrateur 
 AltDefaultDomainName	REG_SZ         	HP31481307002 
 AutoAdminLogon	REG_SZ         	0 
 DefaultDomainName	REG_SZ         	HP31481307002 
 ChangePasswordUseKerberos	REG_DWORD      	1 (0x1) 

===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify	ermsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\wlballoon]

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972}	REG_SZ         	 

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe	REG_SZ         	%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe	REG_SZ         	%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\uTorrent\uTorrent.exe	REG_SZ         	C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
C:\Program Files\Steam\SteamApps\morientesdu42\counter-strike source\hl2.exe	REG_SZ         	C:\Program Files\Steam\SteamApps\morientesdu42\counter-strike source\hl2.exe:*:Disabled:hl2
C:\Program Files\Windows Live\Messenger\wlcsdk.exe	REG_SZ         	C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe	REG_SZ         	C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\eMule\emule.exe	REG_SZ         	C:\Program Files\eMule\emule.exe:*:Enabled:eMule
C:\Program Files\Bonjour\mDNSResponder.exe	REG_SZ         	C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
C:\Program Files\Microsoft LifeCam\LifeCam.exe	REG_SZ         	C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe
C:\Program Files\Microsoft LifeCam\LifeExp.exe	REG_SZ         	C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP	yfgd.exe	REG_SZ         	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP	yfgd.exe:*:Enabled:Firewall Administrating

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe	REG_SZ         	%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe	REG_SZ         	%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Windows Live\Messenger\wlcsdk.exe	REG_SZ         	C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe	REG_SZ         	C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

===============
ActivX controls
===============
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{233C1507-6A77-46A4-9443-F871F945D258}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D6F45B3-9043-443D-A792-115447494D24}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6414512B-B978-451D-A0D8-FCFDF33E833C}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D0C0F75C-683A-4390-A791-1ACFD5599AB8}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D1121FE0-0145-44C9-AA35-72071AC20A9B}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}

===============
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0291E591-EA41-4c82-8106-3DC6CE7F7664}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0FC94251-FF74-B719-7748-7A07158BD5E3}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5056b317-8d4c-43ee-8543-b9d1e234b8f4}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6DE54C93-AF53-1356-9A17-9E54E2D9D3D0}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{72E001F6-BE98-B81F-E016-0F4346C6A3C5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}

==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{1C3B806C-C5DA-4F6E-BA43-B1FF982F0A02}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{53707962-6F74-2D53-2644-206D7942484F}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{CB0D163C-E9F4-4236-9496-0597E24B23A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page	REG_SZ         	https://home.sweetim.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page	REG_SZ         	http://freeart1cile.com

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services] 

Ndisuio : 0x3 
EapHost : 0x3 
SharedAccess : 0x2 
wuauserv : 0x2 

=========
Atapi.sys
=========

%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Documents and Settings\Administrateur\Local Settings\Temp\98.tmp
## C:\> hashdeep C:\WINDOWS\System32\Drivers\atapi.sys
## 
96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\System32\Drivers\atapi.sys


Sources
======= 
 
C:\WINDOWS\$NtServicePackUninstall$\atapi.sys  
C:\WINDOWS\ServicePackFiles\i386\atapi.sys  
C:\WINDOWS\system32\drivers\atapi.sys  
C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys  
C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys  

Référence :
==========

Win XP_32b     : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b      : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b  : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b  : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b  : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b  : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b  : 02062C0B390B7729EDC9E69C680A6F3C
 
=======
Drive :
=======

D‚fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

Rapport d'analyse                 	 
    149 Go total,  110 Go libre (73%),  10% fragment‚ (fragmentation du fichier 20%)

Il ne vous est pas n‚cessaire de d‚fragmenter ce volume. 	 

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Present !! : C:\Documents and Settings\All Users\Application Data\GamesBar  
Present !! : C:\Program Files\GamesBar  
Present !! : C:\Program Files\InternetSecurity2010  
Present !! : C:\Program Files\TorrentSpeeder  
Present !! : C:\WINDOWS\002675_.tmp  
Present !! : C:\WINDOWS\SET3.TMP  
Present !! : C:\WINDOWS\SET4.TMP  
Present !! : C:\WINDOWS\SET8.TMP  
Present !! : C:\WINDOWS\Downloaded Program Files\popcaploader.inf  
Present !! : C:\WINDOWS\infocard.exe  
Present !! : C:\WINDOWS\iun6002.exe  
Present !! : C:\WINDOWS\system32\x3daudio1_0.dll  
Present !! : C:\WINDOWS\system32\x3daudio1_1.dll  
Present !! : C:\WINDOWS\system32\xinput9_1_0.dll  
Present !! : C:\WINDOWS\System32\41.exe  
Present !! : C:\WINDOWS\System32\SET101.tmp  
Present !! : C:\WINDOWS\System32\SET105.tmp  
Present !! : C:\WINDOWS\System32\SET10D.tmp  
Present !! : C:\WINDOWS\System32\smss32.exe  
Present !! : C:\WINDOWS\System32\warning.html  
Present !! : C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Security 2010.lnk  
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Temp\4A.tmp  
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Temp\72.tmp  
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Temp\7C.tmp  
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\igraal.exe  
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\Kerio-Personal-Firewall.exe  
 
¤¤¤¤¤¤¤¤¤¤ Keys : 

Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SweetIM  
Present !! : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}  
Present !! : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{EEE6C35B-6118-11DC-9C72-001320C79847}  
Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}  
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges  
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop  
Present !! : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges  
Present !! : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop  
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr  
Present !! : "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}"  
Present !! : "HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1a93c934-025b-4c3a-b38e-9654a7003239}"  
Present !! : "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}"  
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"  
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"  
Present !! : "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe"  
Present !! : "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cb0d163c-e9f4-4236-9496-0597e24b23a5}"  
Present !! : "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}"  
Present !! : "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}"  
Present !! : "HKLM\Software\Trymedia Systems"  
Present !! : HKCR\CLSID\{6f282b65-56bf-4bd1-a8b2-a4449a05863d}  
Present !! : HKCR\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}  
Present !! : HKCR\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}  
Present !! : HKCR\CLSID\{cb0d163c-e9f4-4236-9496-0597e24b23a5}  
Present !! : HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}  
Present !! : HKCR\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}  
Present !! : HKCR\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}  
Present !! : HKCR\idid  
Present !! : HKCR\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632  
Present !! : HKCR\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0  
Present !! : HKCR\interface\{0C1CF2DF-05A3-4FEF-8CD4-F5CFC4355A16}  
Present !! : HKCR\Interface\{4897bba6-48d9-468c-8efa-846275d7701b}  
Present !! : HKCR\Interface\{daa37aad-f156-4c2c-ac48-3c22ef92ae2f}  
Present !! : HKCR\interface\{EEE6C358-6118-11DC-9C72-001320C79847}  
Present !! : HKCR\interface\{EEE6C359-6118-11DC-9C72-001320C79847}  
Present !! : HKCR\interface\{EEE6C35A-6118-11DC-9C72-001320C79847}  
Present !! : HKCR\MediaPlayer.GraphicsUtils  
Present !! : HKCR\MediaPlayer.GraphicsUtils.1  
Present !! : HKCR\MgMediaPlayer.GifAnimator  
Present !! : HKCR\MgMediaPlayer.GifAnimator.1  
Present !! : HKCR\oberontb.band  
Present !! : HKCR\oberontb.band.1  
Present !! : HKCR\popcaploader.popcaploaderctrl2  
Present !! : HKCR\popcaploader.popcaploaderctrl2.1  
Present !! : HKCR\SWEETIE.IEToolbar  
Present !! : HKCR\SWEETIE.IEToolbar.1  
Present !! : HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook  
Present !! : HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook.1  
Present !! : HKCR\Toolbar3.SWEETIE  
Present !! : HKCR\Toolbar3.SWEETIE.1  
Present !! : HKCR\TypeLib\{4509d3cc-b642-4745-b030-645b79522c6d}  
Present !! : HKCR\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}  
Present !! : HKCR\Typelib\{710993A2-4F87-41D7-B6FE-F5A20368465F}  
Present !! : HKCR\TypeLib\{ad76633e-e50d-4844-9e7f-4dfbc7c18467}  
Present !! : HKCR\Typelib\{EEE6C35E-6118-11DC-9C72-001320C79847}  
Present !! : HKCR\Typelib\{EEE6C35F-6118-11DC-9C72-001320C79847}  
Present !! : HKCU\SOFTWARE\fcn  
Present !! : HKCU\SOFTWARE\IS2010  
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1c3b806c-c5da-4f6e-ba43-b1ff982f0a02}  
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{6f282b65-56bf-4bd1-a8b2-a4449a05863d}  
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239}  
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1c3b806c-c5da-4f6e-ba43-b1ff982f0a02}  
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d}  
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cb0d163c-e9f4-4236-9496-0597e24b23a5}  
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}  
Present !! : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}  
Present !! : HKCU\Software\SweetIM  
Present !! : HKLM\Software\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}  
Present !! : HKLM\Software\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}  
Present !! : HKLM\Software\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}  
Present !! : HKLM\Software\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}  
Present !! : HKLM\Software\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}  
Present !! : HKLM\Software\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}  
Present !! : HKLM\Software\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}  
Present !! : HKLM\Software\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}  
Present !! : HKLM\Software\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}  
Present !! : HKLM\Software\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}  
Present !! : HKLM\Software\Classes\MediaPlayer.GraphicsUtils  
Present !! : HKLM\Software\Classes\MediaPlayer.GraphicsUtils.1  
Present !! : HKLM\Software\Classes\MgMediaPlayer.GifAnimator  
Present !! : HKLM\Software\Classes\MgMediaPlayer.GifAnimator.1  
Present !! : HKLM\Software\Classes\SWEETIE.IEToolbar  
Present !! : HKLM\Software\Classes\SWEETIE.IEToolbar.1  
Present !! : HKLM\Software\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook  
Present !! : HKLM\Software\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook.1  
Present !! : HKLM\Software\Classes\Toolbar3.SWEETIE  
Present !! : HKLM\Software\Classes\Toolbar3.SWEETIE.1  
Present !! : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}  
Present !! : HKLM\Software\Classes\Typelib\{EEE6C35E-6118-11DC-9C72-001320C79847}  
Present !! : HKLM\Software\Classes\Typelib\{EEE6C35F-6118-11DC-9C72-001320C79847}  
Present !! : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0  
Present !! : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632  
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501  
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636  
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F  
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8  
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43  
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\351716A953E21214898904032EAE2E81  
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED  
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4318DF19719275242801CBE292063A4C  
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0  
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1  
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7  
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB  
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA  
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E  
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC  
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0  
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF  
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC  
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5  
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74  
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3  
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E  
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E  
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058  
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15  
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A189D17A469616C4688D23E192996267  
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB  
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0  
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F  
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9  
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A  
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7  
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6  
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D  
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC  
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5  
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839  
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420  
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0  
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0  
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9  
Present !! : HKLM\SOFTWARE\SweetIM  

============

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-05 09:59:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK 

==========
Programs
==========

ACD Systems
Adobe
Alwil Software
Analog Devices
Apple Software Update
ArcSoft
Babylon
Blingee Plus
Bonjour
Boonty
BoontyGames
Braingame
Broadcom
Canon
CCleaner
COMPAQ
ComPlus Applications
Conduit
eMule
Fichiers communs
File Scanner Library (Spybot - Search & Destroy)
Gamenext
GamesBar
GoBit Games
Google
Hewlett-Packard
HP PhotoSmart Printers
HP Tools
HPQ
InstallShield Installation Information
Intel
Internet Explorer
InternetSecurity2010
iTunes
Java
Jewel Quest
List_Kill'em
Messenger
Microsoft
microsoft frontpage
Microsoft LifeCam
Microsoft Office
Misc. Support Library (Spybot - Search & Destroy)
Movie Maker
MSN
MSN Gaming Zone
myBabylon_English
NetMeeting
Online Services
orange
Outlook Express
PartyGaming
PokerStars
Raccourcis de programmes
SAGEM
SDHelper (Spybot - Search & Destroy)
Securitoo
Sega
Services en ligne
Spybot - Search & Destroy
Steam
SweetIM
TeaTimer (Spybot - Search & Destroy)
TorrentSpeeder
Trellix Corporation
T‚l‚chargeur de Sonic Adventure DX
Uninstall Information
uTorrent
VideoLAN
Wanadoo
Windows Live
Windows Live SkyDrive
Windows Media Player
Windows NT
WindowsUpdate
WinRAR
xerox
Yahoo!
Zylom Games

============
Drive C:
============

BJPrinter
boot.ini
Bootfont.bin
COMPAQ
CPQAPPS
Documents and Settings
i386
img2-001.raw
IO.SYS
Kill'em
List'em.txt
Log.txt
MSDOS.SYS
NTDETECT.COM
ntldr
orange.bmp
pagefile.sys
Program Files
RECYCLER
Setup.log
System Volume Information
SYSTEM.SAV
temp
WINDOWS
 
¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials 
 
C:\Documents and Settings\Administrateur\Mes documents\Ma musique\Zuma's Revenge!\Keygen games zuma s revenge 
C:\Documents and Settings\Administrateur\Mes documents\Ma musique\Zuma's Revenge!\Keygen games zuma s revenge\!!!readfirst.txt 
C:\Documents and Settings\Administrateur\Mes documents\Ma musique\Zuma's Revenge!\Keygen games zuma s revenge\Install.exe 
E:	elechargement\dani\PC-Booster 5.0 Deluxe & Serial\crack.exe 
C:\Documents and Settings\Administrateur\Mes documents\Ma musique\Zuma's Revenge!\Keygen games zuma s revenge\Install.exe 
E:	elechargement\dani\PC-Booster 5.0 Deluxe & Serial\crack.exe 
 
 
 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

gen-hackman · Answer

&#9654 Relance List&Kill'em(soit en clic droit pour vista),avec le raccourci sur ton bureau.
mais cette fois-ci :

&#9654 choisis l'option 2 = Mode Suppression

laisse travailler l'outil.

en fin de scan un rapport s'ouvre 

&#9654 colle le contenu dans ta reponse

choupette422 · Answer

g pas eu de rapport  tous c fermer

gen-hackman · Answer

??????????

ici : C:\Kill'em.txt

choupette422 · Answer

est ce que tu m'aider  j'ai ma page d'acceuil  qui etait orange  et maintenant quand j'ouvre c freetart1cile.com qui se met  j'arrive pas  a changer  j'ai ete dans outils  sa revient toujours

choupette422 · Answer

mais g pas  sa  sa c fermer g rien eu le temps de faire

gen-hackman · Answer

tu as desactivé l antivirus pour faire la suppression ?

choupette422 · Answer

non  et je recommence

gen-hackman · Answer

attends supprime-le , retelecharge-le , et renomme-le a l enregistrement

choupette422 · Answer

trop tard j'ai 2 pc celui sur laquelle j'ai fais les manip que tu ma dis  il c fermer  tus seul j'arrive plus a le reouvrir  je vais l'emmener en reparation sa sera + simple merci beaucoup pour ton aide t sympa

gen-hackman · Answer

il s'est eteint et ne se rallume plus ?

choupette422 · Answer

si il se rallume il me met  bienvenue administrateur quand je clique sur administrateur  sa marque deconexion et je reste  sur la page administrateur

gen-hackman · Answer

au demarrage tu as le choix de demarrer sur windows ,ou de demarrer sur la console de recuperation ?

choupette422 · Answer

c koi une console de recuperation?

gen-hackman · Answer

au demarrage du pc , avec le lancement de windows , tu as une page avec demarrer en mode sans echec , derniere bonne configuration connue , etc .....

choupette422 · Answer

NON JE L ' AI PAS SA  il m'ouvre windows j'ai mon fond d'ecran qui s'affiche sans icones  avec le sablier et apres sa me met administrateur

choupette422 · Answer

tu  es d'ou ?

gen-hackman · Answer

de Marseille

et apres sa me met administrateur

tu peux preciser ceci ?

en l allumant tapote la touche F8 jusqu'a une page noire avec des ecritures blanches

choupette422 · Answer

TU SAIS  QUAND TU OUVRES TU AS LE MESSAGE BIENVENUE WINDOWS  QUAND TU TE SERS PAS TOUT DE SUITE DU PC IL  SE MET EN VEILLE ET KAN TU REVIENS IL FAUT CLIQUER SUR UTILISATEUR  C LE TRUC QUE TU AS KAN TU AS PLUSIEURS SESSION  DE PERSONNES  ( ouvrir la sesion de ......) et BIEN MOI SA ME MET ADMINISTRATEUR  TU AS SAISIE UN PEU CE QUE JE VOULAIS DIRE. ET BIEN KAN JE CLIQUE DESSUS  SA MARQUE DECONNEXION  ET SA REVIENT A ADMINISTRATEUR

gen-hackman · Answer

ok 

en l allumant tapote la touche F8 jusqu'a une page noire avec des ecritures blanches 

as-tu essayé ceci ? si tu arrives a afficher cette page au demarrage , tu essaies de demarrer avec "derniere bonne configuration connue"
(il faut tapoter assez rapidement sur F8 dès que tu allumes le PC

choupette422 · Answer

SA SE BLOQUE SUR L'ECRAN NOIR  ecriture blanche et sa marque CTRL-S  ENTER ET KAN ON FAIS SA  SA MARCHE PAS RIEN NE SE PASSE

choupette422 · Answer

LAISSE TOMBER MERCI DE TON AIDE SYMPA BYE

gen-hackman · Answer

ok tiens moi au courant.....

Probleme de virus

35 réponses

Votre réponse

Discussions similaires

Newsletters