Sujet Précédent Sujet Suivant

Security Tool... Coriace... Très coriace !

Fermé
simant49 Messages postés 40 Date d'inscription dimanche 30 août 2009 Statut Membre Dernière intervention 18 novembre 2010 - 19 févr. 2010 à 22:43
 Utilisateur anonyme - 22 févr. 2010 à 20:48
Bonjour chers Helpers,
Je parle au nom de mon ami, sa situation est assez difficile. En naviguant sur un site pourtant jugé sûr il a "attrapé" l'horrible Security Tool... Jusque là tout semble assez "courant" , ce genre de spyware est assez répandu et fait ch*** de nombreux pauvres gens.

Le problème mon ami n'avait pas Mbam ni aucun anti spyware sur son ordi, avast est inefficace, son internet de marche pas même en mode sans échec...C'est donc armé de Mbam et autres log anti-spyware sur ma clef USB que me voilà parti l'aider.

Impossible de brancher ma clef même en mode sans échec (normal?) et toujours impossible de se connecter à internet, aussi bien avec firefox que avec IE...

Embarrassant tout ça... et c'est un peu dépités que nous sommes donc allés voir dans msconfig pour voir si il n'était pas possible d'empêcher security tool de se lancer au démarrage (ouai fallait pas rêver)! Déjà il a fallut passer par le mode sans échec pour accéder à msconfig puis après et sans même avoir eu le temps de vérifier si il n'y avait pas quelconque programme suspect l'ordi s'est tout simplement arrêté...

Maintenant nous en sommes au point mort, c'est à dire que l'ordi ne s'allume quasiment plus, le ventilo tourne la tour s'allume, mais pas d'image... pour les bips ils se comptent au nombre de 6 bips longs...
Et qui plus est nous ne savons pas quelle est la marque de son BIOS...

C'est un ordi DELL de bureau si cela peut aider...

Merci pour lui, et merci à votre très belle communauté.
En espérant qu'il existe une solution permettant de revoir une image sur ce satané écran et permettant surtout de virer cette véritable m**** :)

!Bonne soirée!
A voir également:

7 réponses

Réponse 1 / 7
Utilisateur anonyme
19 févr. 2010 à 22:48
salut debranche le pc , enleve la pile de la carte mere pendant 10 mn , remets-la , rebranche , et redemarre le pc
0
Réponse 2 / 7
simant49 Messages postés 40 Date d'inscription dimanche 30 août 2009 Statut Membre Dernière intervention 18 novembre 2010
19 févr. 2010 à 22:53
Merci pour ta réponse Gen-Hackman, Je ne suis pas près de lui en ce moment on se parle via téléphone et il ne voit pas trop de quelle pile il s'agit je pense donc que cela va devoir attendre lundi que je puisse aller le voir.

En espérant te revoir lundi!

D'après toi cela devrait permettre au PC de redémarrer ?

Quelques indications pour après (en espérant que l'ordi se rallume) vu que je pense que security total aura de nouveau bloquer internet que que nous serons alors complétement perdus sans aide professionnelle ?

Merci encore.
0
Réponse 3 / 7
Utilisateur anonyme
19 févr. 2010 à 23:00
c'est une pile assez grosse , a coté du bios , elle doit faire 2.2 cm de diametre , la reference ecrite dessus est CR2016 ou CR2032 il me semble...m'enfin c'est un truc rond chromé...une pile de montre en plus gros

sinon si le pc demarre , fais le redemarrer en mode sans echec avec prise en charge reseau , et fais tourner ceci dessus :

Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection)

▶ Télécharge List&Kill'em et enregistre le sur ton bureau

▶ Branche clés usb , disques durs externes , mp3 , mp4 , etc..

double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

coche la case "creer une icone sur le bureau"

une fois terminée , clic sur "terminer" et le programme se lancera seul

choisis la langue puis choisis l'option 1 = Mode Recherche

▶ laisse travailler l'outil

à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.

▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"

tu peux supprimer le rapport catchme.log de ton bureau maintenant.

0
Réponse 4 / 7
simant49 Messages postés 40 Date d'inscription dimanche 30 août 2009 Statut Membre Dernière intervention 18 novembre 2010
19 févr. 2010 à 23:15
Je prend note. Merci pour tout ! Je pense que l'on va attendre d'être ensemble je te tiens au courant.

Encore merci.
Bonne nuit.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 7
Utilisateur anonyme
19 févr. 2010 à 23:46
ok non souci ^^
0
Réponse 6 / 7
simant49 Messages postés 40 Date d'inscription dimanche 30 août 2009 Statut Membre Dernière intervention 18 novembre 2010
22 févr. 2010 à 20:24
Salut Gen-Hackman !

Nous avons suivis tes instructions, tout s'est apparemment bien déroulée.
Voilà le rapport du log:

List'em by g3n-h@ckm@n 1.2.5.3

User : Martin (Administrateurs)
Update on 19/02/2010 by g3n-h@ckm@n ::::: 13.15
Start at: 03:41:03 | 25/05/2005
Contact : https://forums.commentcamarche.net/forum/virus-securite-7

Intel(R) Pentium(R) 4 CPU 3.00GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : avast! antivirus 4.8.1368 [VPS 100218-1] 4.8.1368 [ (!) Disabled | Updated ]

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 145,95 Go (11,15 Go free) | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\EoRezo\EoEngine.exe
C:\Documents and Settings\Dominique\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Temp\_ex-08.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Documents and Settings\Martin\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\List_Kill'em\List_Kill'em.scr
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Martin\Local Settings\Temp\3D.tmp\pv.exe

======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
WOOKIT REG_SZ C:\Program Files\Wanadoo\GestMaj.exe EspaceWanadoo.exe
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
TomTomHOME.exe REG_SZ "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
IAAnotif REG_SZ C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
SigmatelSysTrayApp REG_SZ stsystra.exe
ATIPTA REG_SZ C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
dla REG_SZ C:\WINDOWS\system32\dla\tfswctrl.exe
WOOWATCH REG_SZ C:\PROGRA~1\Wanadoo\Watch.exe
WOOTASKBARICON REG_SZ C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Sony Ericsson PC Suite REG_SZ "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
SSBkgdUpdate REG_SZ "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
PaperPort PTD REG_SZ "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
IndexSearch REG_SZ "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
PPort11reminder REG_SZ "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
BrMfcWnd REG_SZ C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
ControlCenter3 REG_SZ C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
EoEngine REG_SZ "C:\Program Files\EoRezo\EoEngine.exe"
SoftwareHelper REG_SZ C:\Documents and Settings\Dominique\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
BigDogPath REG_SZ C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
XboxStat REG_SZ "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
KernelFaultCheck REG_EXPAND_SZ %systemroot%\system32\dumprep 0 -k
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
31617826 REG_SZ C:\DOCUME~1\ALLUSE~1\APPLIC~1\31617826\31617826.exe
CTFMON REG_SZ C:\WINDOWS\Temp\_ex-08.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 145 (0x91)

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 1 (0x1)
NoCDBurning REG_DWORD 0 (0x0)

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ MsgPlusLoader.dll

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultDomainName REG_SZ D2XDWV1J
DefaultUserName REG_SZ Martin
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 1 (0x1)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 1 (0x1)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 0 (0x0)
AltDefaultUserName REG_SZ Martin
AltDefaultDomainName REG_SZ D2XDWV1J
ChangePasswordUseKerberos REG_DWORD 1 (0x1)

===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\eMule\emule.exe REG_SZ C:\Program Files\eMule\emule.exe:*:Enabled:eMule
C:\Program Files\Microsoft Games\Age of Empires III\age3.exe REG_SZ C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires 3
C:\Program Files\utorrent\utorrent.exe REG_SZ C:\Program Files\utorrent\utorrent.exe:*:Enabled:µTorrent
C:\Program Files\Mozilla Firefox\firefox.exe REG_SZ C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:firefox
C:\Program Files\Internet Explorer\iexplore.exe REG_SZ C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer
C:\Program Files\Skype\Phone\Skype.exe REG_SZ C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
C:\Program Files\Counter-Strike\cstrike.exe REG_SZ C:\Program Files\Counter-Strike\cstrike.exe:*:Disabled:Half-Life Launcher
C:\Program Files\LimeWire\LimeWire.exe REG_SZ C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
C:\WINDOWS\system32\LEXPPS.EXE REG_SZ C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Documents and Settings\Martin\Mes documents\Jeux\Call of Duty 4\Call of Duty 4 - Modern Warfare\iw3mp.exe REG_SZ C:\Documents and Settings\Martin\Mes documents\Jeux\Call of Duty 4\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Disabled:iw3mp
C:\WINDOWS\system32\PnkBstrA.exe REG_SZ C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA
C:\WINDOWS\system32\PnkBstrB.exe REG_SZ C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB
C:\Documents and Settings\Martin\Mes documents\Downloads\Left.4.Dead.Full-Rip.Skullptura\Left 4 Dead\left4dead.exe REG_SZ C:\Documents and Settings\Martin\Mes documents\Downloads\Left.4.Dead.Full-Rip.Skullptura\Left 4 Dead\left4dead.exe:*:Enabled:left4dead
C:\Documents and Settings\Martin\Mes documents\Downloads\hamachi.exe REG_SZ C:\Documents and Settings\Martin\Mes documents\Downloads\hamachi.exe:*:Enabled:Hamachi Client
C:\Program Files\Bonjour\mDNSResponder.exe REG_SZ C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
C:\Program Files\iTunes\iTunes.exe REG_SZ C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
C:\WINDOWS\Temp\_ex-08.exe REG_SZ C:\WINDOWS\Temp\_ex-08.exe:*:Enabled:Promo

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare

===============
ActivX controls
===============
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{00B71CFB-6864-4346-A978-C0A14556272C}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{166B1BCA-3F9C-11CF-8075-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{1E54D648-B804-468d-BC78-4AFFED8E262E}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{233C1507-6A77-46A4-9443-F871F945D258}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{2917297F-F02B-4B9D-81DF-494B6333150B}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{3E82BB3F-ABE4-458D-9281-0187286A4E51}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D6F45B3-9043-443D-A792-115447494D24}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{B8BE5E93-A60C-4D26-A2DC-220313175592}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8}

===============
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{DFB17AA8-042A-429D-987C-26CE244A4189}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{166B1BCA-3F9C-11CF-8075-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{233C1507-6A77-46A4-9443-F871F945D258}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8b15971b-5355-4c82-8c07-7e181ea07608}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{94de52c8-2d59-4f1b-883e-79663d2d9a8c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}

==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{74CC49F7-EB32-4A08-B204-948962A6E3DB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.fr

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )

=========
Atapi.sys
=========

%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Documents and Settings\Martin\Local Settings\Temp\3D.tmp
## C:\> hashdeep C:\WINDOWS\System32\Drivers\atapi.sys
##
96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\System32\Drivers\atapi.sys


Sources
=======

C:\i386\atapi.sys
C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
C:\WINDOWS\ServicePackFiles\i386\atapi.sys
C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\atapi.sys
C:\WINDOWS\system32\drivers\atapi.sys
C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys

Référence :
==========

Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C

=======
Drive :
=======

D‚fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

Rapport d'analyse
146 Go total, 11,15 Go libre (7%), 21% fragment‚ (fragmentation du fichier 41%)

Vous devriez d‚fragmenter ce volume.

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Present !! : C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
Present !! : C:\Program Files\EoRezo
Present !! : C:\Program Files\Everest Poker
Present !! : C:\Program Files\MyWaySA
Present !! : C:\Program Files\ShopperReports
Present !! : C:\Program Files\WinPCap
Present !! : C:\WINDOWS\002908_.tmp
Present !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Present !! : C:\WINDOWS\System32\drivers\npf.sys
Present !! : C:\WINDOWS\System32\Packet.dll
Present !! : C:\WINDOWS\System32\pthreadVC.dll
Present !! : C:\WINDOWS\System32\WanPacket.dll
Present !! : C:\WINDOWS\System32\wpcap.dll
Present !! : C:\WINDOWS\Temp\_ex-08.exe
Present !! : C:\Documents and Settings\Martin\Application Data\avdrn.dat
Present !! : C:\Documents and Settings\Martin\Application Data\avdrn.dat
Present !! : C:\Documents and Settings\Martin\LOCAL Settings\Temp\IE8-Setup-Full-MSN-XP.exe
Present !! : C:\Documents and Settings\Martin\LOCAL Settings\Temp\swt-awt-win32-3346.dll
Present !! : C:\Documents and Settings\Martin\LOCAL Settings\Temp\swt-win32-3346.dll
Present !! : C:\Documents and Settings\Martin\LOCAL Settings\Temp\TMP3E.tmp

¤¤¤¤¤¤¤¤¤¤ Keys :

Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Eoengine
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SoftwareHelper
Present !! : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{74CC49F7-EB32-4A08-B204-948962A6E3DB}
Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Present !! : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}
Present !! : "HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7e66936c-fea0-4984-ad26-7b6661ac5b2e}"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74CC49F7-EB32-4A08-B204-948962A6E3DB}"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}"
Present !! : "HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Everest Poker"
Present !! : HKCR\CLSID\{0ab71193-ec19-4d70-85c2-e46e2ff02755}
Present !! : HKCR\CLSID\{1e0004ec-5df0-48c7-a8f0-fbb0488a3d94}
Present !! : HKCR\CLSID\{31a59636-0fa3-4a56-954d-db7ad02840d8}
Present !! : HKCR\CLSID\{3fa917b9-df69-477f-9e4f-b60d929de79f}
Present !! : HKCR\CLSID\{420c35c9-e4f2-49f9-bf67-2be1ecf86989}
Present !! : HKCR\CLSID\{460ac4db-b0de-4626-a0f0-175dd84dcb9b}
Present !! : HKCR\CLSID\{7e66936c-fea0-4984-ad26-7b6661ac5b2e}
Present !! : HKCR\CLSID\{8c875948-9c60-4381-9248-0df180542d53}
Present !! : HKCR\CLSID\{a14c0d8d-e753-4e73-9e2b-4070791d8940}
Present !! : HKCR\CLSID\{c2baa4c9-ae1e-4605-ae2f-a1c49a30d881}
Present !! : HKCR\CLSID\{ed8525ea-2bfc-4440-bd8a-20efb9d5e541}
Present !! : HKCR\CLSID\{fa16bce1-5e36-472a-8466-e0cdd5ce00e6}
Present !! : HKCR\EoRezoBHO.EoBho
Present !! : HKCR\EoRezoBHO.EoBho.1
Present !! : HKCR\hbcoresrv.dynamicprop
Present !! : HKCR\hbcoresrv.dynamicprop.1
Present !! : HKCR\hbtcoresrv.hbtcoreservices
Present !! : HKCR\hbtcoresrv.hbtcoreservices.1
Present !! : HKCR\hbtcoresrv.lfgax
Present !! : HKCR\hbtcoresrv.lfgax.1
Present !! : HKCR\hbthostol.hbtmailanim
Present !! : HKCR\hbthostol.hbtmailanim.1
Present !! : HKCR\hbthostol.hbtwebmailsend
Present !! : HKCR\hbthostol.hbtwebmailsend.1
Present !! : HKCR\hbtinstie.hbinstobj
Present !! : HKCR\hbtinstie.hbinstobj.1
Present !! : HKCR\hbtools.hbtcommband
Present !! : HKCR\hbtools.hbtcommband.1
Present !! : HKCR\hbtsrv.hbtcoreservices
Present !! : HKCR\hbtsrv.hbtcoreservices.1
Present !! : HKCR\hbttoolbar.hbthtmlmenuui
Present !! : HKCR\hbttoolbar.hbthtmlmenuui.1
Present !! : HKCR\hbttoolbar.hbttoolbarctl
Present !! : HKCR\hbttoolbar.hbttoolbarctl.1
Present !! : HKCR\hbttools.hbmain
Present !! : HKCR\hbttools.hbmain.1
Present !! : HKCR\Interface\{175816a5-219e-4079-b2f9-53c501c409ba}
Present !! : HKCR\Interface\{1c1793e0-1034-4cac-837d-aa545f6961bf}
Present !! : HKCR\Interface\{27c4569f-8728-4958-a920-a607cae8153c}
Present !! : HKCR\Interface\{38370864-346f-4afa-8c4b-4fbff518c0bb}
Present !! : HKCR\Interface\{397a208b-3d09-4b3e-93e8-ca171886612e}
Present !! : HKCR\Interface\{421745e9-16df-4ee4-a758-d51f939c49cb}
Present !! : HKCR\Interface\{4331ec56-0aab-499e-8757-dd2ee44ad671}
Present !! : HKCR\Interface\{54286c3a-e044-4e65-bd44-528d6ae28a18}
Present !! : HKCR\Interface\{5d16197a-1eaa-45af-b29a-69f1aa055e87}
Present !! : HKCR\Interface\{5f2b9de7-f878-4762-8cfe-e9c58f082f0e}
Present !! : HKCR\Interface\{8654592e-952a-4e7c-a960-304763b35fa6}
Present !! : HKCR\Interface\{8a61a950-c325-4f44-ba64-273180ff3464}
Present !! : HKCR\Interface\{8d5c4ec6-af8e-4b85-ba27-64babe410510}
Present !! : HKCR\Interface\{8e98faf8-794f-47f9-af90-15305564ed81}
Present !! : HKCR\Interface\{af15975b-1498-4740-8e6c-90af78e4198c}
Present !! : HKCR\Interface\{b53d4cd4-406d-43cc-8244-7893d72236dd}
Present !! : HKCR\Interface\{b671426c-5c1a-48ac-9652-bc9402b1c404}
Present !! : HKCR\Interface\{b9bb3219-f84c-4060-966b-4a1e73e24226}
Present !! : HKCR\Interface\{bc8c2e5f-d8b4-4997-bce3-8775c3707956}
Present !! : HKCR\Interface\{d082721f-4bd4-4b8b-bb82-06753ee6174f}
Present !! : HKCR\Interface\{d24f9d3c-5d4c-47f8-9ab7-632b44ad6a0d}
Present !! : HKCR\Interface\{f43ec88b-b6c8-4969-a763-e2bf55602cce}
Present !! : HKCR\Interface\{f786cb18-3809-4e49-bc99-9a66da47db8b}
Present !! : HKCR\Typelib\{45397063-d7d0-47c2-9508-26487608a298}
Present !! : HKCR\Typelib\{4cf5a3c1-07a2-4336-9b54-6870452ebde1}
Present !! : HKCR\Typelib\{71e9cf40-af72-4b55-bd3f-1fea2a0eaea6}
Present !! : HKCR\Typelib\{71efe583-62fe-4419-9918-ca3b683f7b36}
Present !! : HKCR\Typelib\{9967a873-40f3-4c7e-9239-6c8760f19f61}
Present !! : HKCR\Typelib\{b9f51d42-cca0-4408-bb02-d433d1865a3a}
Present !! : HKCU\SOFTWARE\EoRezo
Present !! : HKLM\SOFTWARE\Classes\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
Present !! : HKLM\SOFTWARE\Classes\AppID\EoRezoBHO.dll
Present !! : HKLM\SOFTWARE\Classes\CLSID\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
Present !! : HKLM\Software\Classes\EoRezoBHO.EoBho
Present !! : HKLM\Software\Classes\EoRezoBHO.EoBho.1
Present !! : HKLM\software\classes\HbCoreSrv.DynamicProp
Present !! : HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp.1
Present !! : HKLM\SOFTWARE\Classes\HbtCoreSrv.HbtCoreServices
Present !! : HKLM\SOFTWARE\Classes\HbtCoreSrv.HbtCoreServices.1
Present !! : HKLM\SOFTWARE\Classes\HbtCoreSrv.LfgAx
Present !! : HKLM\SOFTWARE\Classes\HbtCoreSrv.LfgAx.1
Present !! : HKLM\SOFTWARE\Classes\HbtHostIE.Bho
Present !! : HKLM\SOFTWARE\Classes\HbtHostIE.Bho.1
Present !! : HKLM\SOFTWARE\Classes\HbtHostOL.HbtMailAnim
Present !! : HKLM\SOFTWARE\Classes\HbtHostOL.HbtMailAnim.1
Present !! : HKLM\SOFTWARE\Classes\HbtHostOL.HbtWebmailSend
Present !! : HKLM\SOFTWARE\Classes\HbtHostOL.HbtWebmailSend.1
Present !! : HKLM\SOFTWARE\Classes\HbTools.HbtCommBand
Present !! : HKLM\SOFTWARE\Classes\HbTools.HbtCommBand.1
Present !! : HKLM\SOFTWARE\Classes\HbTools.HbtTravelCompareBar
Present !! : HKLM\SOFTWARE\Classes\HbTools.HbtTravelCompareBar.1
Present !! : HKLM\SOFTWARE\Classes\HbtSrv.HbtCoreServices
Present !! : HKLM\SOFTWARE\Classes\HbtSrv.HbtCoreServices.1
Present !! : HKLM\SOFTWARE\Classes\HbtToolbar.HbtHtmlMenuUI
Present !! : HKLM\SOFTWARE\Classes\HbtToolbar.HbtHtmlMenuUI.1
Present !! : HKLM\SOFTWARE\Classes\HbtToolbar.HbtToolbarCtl
Present !! : HKLM\SOFTWARE\Classes\HbtToolbar.HbtToolbarCtl.1
Present !! : HKLM\SOFTWARE\Classes\HbtTools.HbMain
Present !! : HKLM\SOFTWARE\Classes\HbtTools.HbMain.1
Present !! : HKLM\Software\Classes\Interface\{819DB72D-1C28-4387-9778-E2FF3DC86F74}
Present !! : HKLM\SOFTWARE\Classes\RprtsPSClient.PSExecuter
Present !! : HKLM\SOFTWARE\Classes\RprtsPSClient.PSExecuter.1
Present !! : HKLM\SOFTWARE\Classes\ShprRprts.HbAx
Present !! : HKLM\SOFTWARE\Classes\ShprRprts.HbAx.1
Present !! : HKLM\SOFTWARE\Classes\ShprRprts.HbInfoBand
Present !! : HKLM\SOFTWARE\Classes\ShprRprts.HbInfoBand.1
Present !! : HKLM\SOFTWARE\Classes\ShprRprts.IEButton
Present !! : HKLM\SOFTWARE\Classes\ShprRprts.IEButton.1
Present !! : HKLM\SOFTWARE\Classes\ShprRprts.IEButtonA
Present !! : HKLM\SOFTWARE\Classes\ShprRprts.IEButtonA.1
Present !! : HKLM\SOFTWARE\Classes\ShprRprts.SmrtShprCtl
Present !! : HKLM\SOFTWARE\Classes\ShprRprts.SmrtShprCtl.1
Present !! : HKLM\SOFTWARE\Classes\TypeLib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
Present !! : HKLM\SOFTWARE\EoRezo
Present !! : HKLM\SOFTWARE\HbTools
Present !! : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eoEngine_is1
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
Present !! : HKLM\SOFTWARE\ShopperReports
Present !! : HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_NPF
Present !! : HKLM\SYSTEM\ControlSet002\Services\npf
Present !! : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NPF
Present !! : HKLM\SYSTEM\CurrentControlSet\Services\npf

============

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2005-05-25 04:07:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

C:\Documents and Settings\Martin\Local Settings\Temporary Internet Files\Content.IE5\I6OCWOMG\199_2_137_27[1]
C:\Documents and Settings\Martin\Menu Démarrer\Programmes\Démarrage\monnid32.exe 27648 bytes executable

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 2


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
kernel: MBR read successfully
user & kernel MBR OK

==========
Programs
==========

Activision
Adobe
Ahead
Alwil Software
Apple Software Update
ArcSoft
Atari
ATI Technologies
AtomixMP3
Bonjour
Brother
ComPlus Applications
CyberLink
Dell
Dell Computer
Dell Inc
Dinamic Multimedia
DivX
EA Games
EA SPORTS
eMule
EoRezo
Everest Poker
Fichiers communs
Free iPod Video Converter
Funcom
GameSpy Arcade
Google
InstallShield Installation Information
Intel
Internet Explorer
iPod
iTunes
IZArc
Jasc Software Inc
Java
Jeux classiques
Learn2.com
LimeWire
List_Kill'em
Malwarebytes' Anti-Malware
McAfee
Messenger
MessengerPlus! 3
Metin2_France
Microsoft
Microsoft CAPICOM 2.1.0.2
microsoft frontpage
Microsoft Games
Microsoft Office
Microsoft Silverlight
Microsoft SQL Server Compact Edition
Microsoft Sync Framework
Microsoft Visual Studio
Microsoft Works
Microsoft Xbox 360 Accessories
Mindscape
MotoRacer2
Movie Maker
Mozilla Firefox
MSBuild
MSN
MSN Gaming Zone
MSXML 4.0
MyWaySA
NetMeeting
Nikon
Nuance
Online Services
Orange
Orange Toolbar FR
Outlook Express
Philips
Picasa2
QuickTime
Real
Reference Assemblies
SAGEM
ScanSoft
Services en ligne
ShopperReports
Sigmatel
Skype
Sonic
Sony Ericsson
Symantec
SystemRequirementsLab
TomTom HOME 2
TomTom International B.V
Ubi Soft
Uninstall Information
utorrent
VideoLAN
Viewpoint
Vimicro
VirginMega
ViviCam 10 and 20
Wanadoo
Wanadoo Messager
Webteh
Windows Live
Windows Live SkyDrive
Windows Live Toolbar
Windows Media Connect 2
Windows Media Player
Windows NT
WindowsUpdate
WinPcap
WinRAR
xerox
Yahoo!
Your Company Name

============
Drive C:
============

11dba6c33b94fe5c1877
14c5786b96f7fa1c697588bd33
19355c33735930dc85b0
a4d0c4d5837d5ee2a8bf3b038d
AILog.txt
AUTOEXEC.BAT
boot.ini
Bootfont.bin
Config.Msi
CONFIG.SYS
debugInstaller.txt
DebugTrace-RockallDLL.log
dell
dell.sdr
Documents and Settings
drivers
Films
Games
hiberfil.sys
i386
INFCACHE.1
IO.SYS
IPH.PH
Kill'em
List'em.txt
MSDOS.SYS
My Music
NTDETECT.COM
ntldr
pagefile.sys
Program Files
RECYCLER
sqmdata00.sqm
sqmdata01.sqm
sqmdata02.sqm
sqmdata03.sqm
sqmdata04.sqm
sqmdata05.sqm
sqmdata06.sqm
sqmdata07.sqm
sqmdata08.sqm
sqmdata09.sqm
sqmdata10.sqm
sqmdata11.sqm
sqmdata12.sqm
sqmdata13.sqm
sqmdata14.sqm
sqmdata15.sqm
sqmdata16.sqm
sqmdata17.sqm
sqmdata18.sqm
sqmdata19.sqm
sqmnoopt00.sqm
sqmnoopt01.sqm
sqmnoopt02.sqm
sqmnoopt03.sqm
sqmnoopt04.sqm
sqmnoopt05.sqm
sqmnoopt06.sqm
sqmnoopt07.sqm
sqmnoopt08.sqm
sqmnoopt09.sqm
sqmnoopt10.sqm
sqmnoopt11.sqm
sqmnoopt12.sqm
sqmnoopt13.sqm
sqmnoopt14.sqm
sqmnoopt15.sqm
sqmnoopt16.sqm
sqmnoopt17.sqm
sqmnoopt18.sqm
sqmnoopt19.sqm
Status.inf
System Volume Information
v17-10-1-v17-10-2.CHK
v17-10-1-v17-10-2.RES
v17-10-1-v17-10-2.RTP
v17-10-1-v17-10-2.SIG
v17-10-2-v17-10-3.CHK
v17-10-2-v17-10-3.RES
v17-10-2-v17-10-3.RTP
v17-10-2-v17-10-3.SIG
WINDOWS

¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials





¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

End of scan : 5:50:31,46
0
Réponse 7 / 7
Utilisateur anonyme
22 févr. 2010 à 20:48
▶ Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :

▶ choisis l'option 2 = Mode Suppression

laisse travailler l'outil.

en fin de scan un rapport s'ouvre

▶ colle le contenu dans ta reponse
0

Discussions similaires

Code de réinitialisation mdp facebook sans le demander
Colonel_El_Moustachat -
Colonel_El_Moustachat -

4 réponses
Analyse de l'appli "AI SECURITY"
cl06 -
CCMBot -

1 réponse
Boîte mail piratée ?
mike the llama -
mike the llama -

4 réponses
Service Tool Canon V3400
Arno -
Mi -

1 réponse