Utilisation de l'UC toujours à 100%!!

Question

Bonjour,
mon ordi faisait un bruit énorme et j'ai donc decidé de l'ouvrir afin de voir si la ventilation en etait la cause. Je l'ai néttoyé et refermeé. La il faisait moins de bruit mais en faisait quand meme un peu. J'ai donc reouvert et essayé de retirer l'hélice principale pour la nettoyer (elle etait pleine de poussiere) mais je n'ai pas reussi a l'enlever donc je lai laissée et  nettoye comme je pouvais. j'ai refermé et rallumer l'ordi, la PANIQUE, il s'allumait et se reteignait aussitot!! Apres de longs moment d'attentes, il s'allume enfin mais la c'est le desastre!!! Il est revenu plus lent et plus bruyant que jamais!!! L'UC est presque tout le temps à 100% en fait elle oscille elle passe de 20 a 70 % tout le temps puis des que j'ouvre quelque chose elle passe a 100%! 
Par exemple, juste pour ouvrir l'onglet "applications" de iTunes ca ma pris au moins 5 min!!
 Aidez moi SVP!!
Merci d'avance!

benurrr · Answer

Salut :en espérant que tu n'a pas abimer ton ventillo

Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection)

 Télécharge et installe List&Kill'em et enregistre le sur ton bureau

http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem_Install.exe


 Branche clés usb , disques durs externes , mp3 , mp4 , etc..

double clique ( clic droit "exécuter en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

coche la case "créer une icône sur le bureau"

une fois terminée , clic sur "terminer" et le programme se lancera seul

choisis la langue puis choisis l'option 1 = Mode Recherche

 laisse travailler l'outil

à l'apparition de la fenêtre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.

Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'écran "COMPLETED"

jeremss · Answer

Voila ce que j'ai obtenu. Merci beaucoup de ta réponse! List'em by g3n-h@ckm@n 1.2.5.3 User : Jeremie (Administrateurs) Update on 19/02/2010 by g3n-h@ckm@n ::::: 13.15 Start at: 00:03:51 | 24/02/2010 Contact : https://forums.commentcamarche.net/forum/virus-securite-7 Intel(R) Pentium(R) 4 CPU 2.93GHz Microsoft Windows XP Edition familiale (5.1.2600 32-bit) # Service Pack 2 Internet Explorer 7.0.5730.11 Windows Firewall Status : Enabled AV : avast! antivirus 4.8.1356 [VPS 100223-2] 4.8.1356 [ Enabled | Updated ] C:\ -> Disque fixe local | 186,31 Go (37,32 Go free) [Disque C] | NTFS D:\ -> Disque CD-ROM E:\ -> Disque CD-ROM F:\ -> Disque CD-ROM G:\ -> Disque CD-ROM H:\ -> Disque amovible I:\ -> Disque amovible J:\ -> Disque amovible K:\ -> Disque amovible L:\ -> Disque amovible M:\ -> Disque fixe local | 149,01 Go (69,07 Go free) [DISQUE 2] | FAT32 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\FreezeScreenSaver.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\HP\HP Software Update\HPWuSchd.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Styler\Styler.exe C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\DAP\DAP.EXE C:\Program Files\List_Kill'em\List_Kill'em.scr C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Documents and Settings\Jeremie\Local Settings\Temp\99.tmp\pv.exe ====================== Keys "Run" ====================== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe WOOKIT REG_SZ C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM= MessengerPlus3 REG_SZ "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart RocketDock REG_SZ "C:\Program Files\RocketDock\RocketDock.exe" AdobeUpdater REG_SZ C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" HKEY_CURRENT_USER\software\microsoft\windows\currentversion un\AdobeUpdater [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe HP Software Update REG_SZ "C:\Program Files\HP\HP Software Update\HPWuSchd.exe" SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" Google Desktop Search REG_SZ "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup Cmaudio REG_SZ RunDll32 cmicnfg.cpl,CMICtrlWnd SoundMan REG_SZ SOUNDMAN.EXE avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe TrayServer REG_SZ C:\Program Files\MAGIX\Movie_Edit_Pro_15_Plus_Download_version\TrayServer.exe HP Component Manager REG_SZ "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime ORAHSSSessionManager REG_SZ "C:\Program Files\Orange\Connexion Internet Orange\SessionManager\SessionManager.exe" iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] ===================== Other Keys ===================== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] dontdisplaylastusername REG_DWORD 0 (0x0) legalnoticecaption REG_SZ legalnoticetext REG_SZ shutdownwithoutlogon REG_DWORD 1 (0x1) undockwithoutlogon REG_DWORD 1 (0x1) =============== [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] NoDriveTypeAutoRun REG_DWORD 145 (0x91) NoDriveAutorun REG_DWORD 0 (0x0) =============== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] HonorAutoRunSetting REG_DWORD 1 (0x1) =============== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] AppInit_DLLS REG_SZ C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,wbsys.dll =============== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] AutoRestartShell REG_DWORD 1 (0x1) DefaultDomainName REG_SZ NOM-E158B5DDB2C DefaultUserName REG_SZ Jeremie LegalNoticeCaption REG_SZ LegalNoticeText REG_SZ PowerdownAfterShutdown REG_SZ 0 ReportBootOk REG_SZ 1 Shell REG_SZ Explorer.exe ShutdownWithoutLogon REG_SZ 0 System REG_SZ Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,userinit.exe VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl" SfcQuota REG_DWORD -1 (0xffffffff) allocatecdroms REG_SZ 0 allocatedasd REG_SZ 0 allocatefloppies REG_SZ 0 cachedlogonscount REG_SZ 10 forceunlocklogon REG_DWORD 0 (0x0) passwordexpirywarning REG_DWORD 14 (0xe) scremoveoption REG_SZ 0 AllowMultipleTSSessions REG_DWORD 1 (0x1) UIHost REG_EXPAND_SZ %SystemRoot%\system32\logonui.exe LogonType REG_DWORD 1 (0x1) Background REG_SZ 0 0 0 DebugServerCommand REG_SZ no SFCDisable REG_DWORD 0 (0x0) WinStationsDisabled REG_SZ 0 HibernationPreviouslyEnabled REG_DWORD 1 (0x1) ShowLogonOptions REG_DWORD 1 (0x1) AltDefaultUserName REG_SZ Jeremie AltDefaultDomainName REG_SZ NOM-E158B5DDB2C SfcScan REG_DWORD 0 (0x0) =============== [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\AtiExtEvent] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\crypt32chain] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\cryptnet] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\cscdll] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\ScCertProp] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\Schedule] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\sclgntfy] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\SensLogn] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify ermsrv] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\WBSrv] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\WgaLogon] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\wlballoon] =============== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] {AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ {097F10A7-487F-4457-AB1F-827C59479A72} REG_SZ NSIS Media Extension {637E1684-78EE-42D4-9609-B4ED50F3BA63} REG_SZ Downlevel ShellHook Module {56F9679E-7826-4C84-81F3-532071A8BCC5} REG_SZ =============== [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] %windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 C:\Program Files\eMule\emule.exe REG_SZ C:\Program Files\eMule\emule.exe:*:Enabled:eMule C:\WINDOWS\system32 tcshare.exe REG_SZ C:\WINDOWS\system32 tcshare.exe:*:Disabled:Partage de l'application RTC C:\Program Files\Internet Explorer\IEXPLORE.EXE REG_SZ C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Disabled:Internet Explorer C:\WINDOWS\system32\dpvsetup.exe REG_SZ C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test C:\WINDOWS\system32 undll32.exe REG_SZ C:\WINDOWS\system32 undll32.exe:*:Disabled:Executer une DLL en tant qu'application C:\WINDOWS\system32\svchost.exe REG_SZ C:\WINDOWS\system32\svchost.exe:*:Enabled:Microsoft Update C:\DOCUME~1\Matthieu\LOCALS~1\Temp\43exmodul32.exe REG_SZ C:\DOCUME~1\Matthieu\LOCALS~1\Temp\43exmodul32.exe:*:Enabled:Microsoft Update C:\DOCUME~1\Matthieu\LOCALS~1\Temp\91exmodul32.exe REG_SZ C:\DOCUME~1\Matthieu\LOCALS~1\Temp\91exmodul32.exe:*:Enabled:Microsoft Update C:\DOCUME~1\Matthieu\LOCALS~1\Temp\11exmodul32.exe REG_SZ C:\DOCUME~1\Matthieu\LOCALS~1\Temp\11exmodul32.exe:*:Enabled:Microsoft Update C:\DOCUME~1\Matthieu\LOCALS~1\Temp\27exmodul32.exe REG_SZ C:\DOCUME~1\Matthieu\LOCALS~1\Temp\27exmodul32.exe:*:Enabled:Microsoft Update C:\DOCUME~1\Matthieu\LOCALS~1\Temp\73exmodul32.exe REG_SZ C:\DOCUME~1\Matthieu\LOCALS~1\Temp\73exmodul32.exe:*:Enabled:Microsoft Update C:\DOCUME~1\Matthieu\LOCALS~1\Temp\16exmodul32.exe REG_SZ C:\DOCUME~1\Matthieu\LOCALS~1\Temp\16exmodul32.exe:*:Enabled:Microsoft Update C:\Program Files\Mozilla Firefox\firefox.exe REG_SZ C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox C:\DOCUME~1\Matthieu\LOCALS~1\Temp\52exmodul32.exe REG_SZ C:\DOCUME~1\Matthieu\LOCALS~1\Temp\52exmodul32.exe:*:Enabled:Microsoft Update C:\DOCUME~1\Matthieu\LOCALS~1\Temp\66exmodul32.exe REG_SZ C:\DOCUME~1\Matthieu\LOCALS~1\Temp\66exmodul32.exe:*:Enabled:Microsoft Update C:\DOCUME~1\Matthieu\LOCALS~1\Temp\38exmodul32.exe REG_SZ C:\DOCUME~1\Matthieu\LOCALS~1\Temp\38exmodul32.exe:*:Enabled:Microsoft Update C:\StubInstaller.exe REG_SZ C:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer C:\Program Files\LimeWire\LimeWire.exe REG_SZ C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe REG_SZ C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe:LocalSubNet:Disabled:PMCService %windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 C:\Program Files\Azureus\Azureus.exe REG_SZ C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus C:\Program Files\Microsoft Games\Age of Empires III\age3.exe REG_SZ C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires 3 %windir%\explorer.exe REG_SZ %windir%\explorer.exe:*:Enabled:Windows Explorer C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger C:\Program Files\TightVNC\WinVNC.exe REG_SZ C:\Program Files\TightVNC\WinVNC.exe:*:Enabled:TightVNC Win32 Server C:\Program Files\Vuze\Azureus.exe REG_SZ C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus C:\Program Files\iPhone Tunnel Suite\iTunnel\iTunnel.exe REG_SZ C:\Program Files\iPhone Tunnel Suite\iTunnel\iTunnel.exe:*:Disabled:iTunnel C:\Program Files\Electronic Arts\EADM\Core.exe REG_SZ C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager C:\Program Files\Bonjour\mDNSResponder.exe REG_SZ C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour C:\Program Files\VideoLAN\VLC\vlc.exe REG_SZ C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare C:\Temp\janinblr\iTunnel\iTunnel.exe REG_SZ C:\Temp\janinblr\iTunnel\iTunnel.exe:*:Enabled:iTunnel C:\Program Files\Orange\Connexion Internet Orange\Connectivity\ConnectivityManager.exe REG_SZ C:\Program Files\Orange\Connexion Internet Orange\Connectivity\ConnectivityManager.exe:*:enabled:CSS C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE REG_SZ C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook C:\Program Files\iTunes\iTunes.exe REG_SZ C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] %windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 %windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare =============== ActivX controls =============== HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{00B71CFB-6864-4346-A978-C0A14556272C} HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{14B87622-7E19-4EA8-93B3-97215F77A6BC} HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{166B1BCA-3F9C-11CF-8075-444553540000} HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{20A60F0D-9AFA-4515-A0FD-83BD84642501} HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{238F6F83-B8B4-11CF-8771-00A024541EE3} HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{2917297F-F02B-4B9D-81DF-494B6333150B} HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D6F45B3-9043-443D-A792-115447494D24} HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93} HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{B8BE5E93-A60C-4D26-A2DC-220313175592} HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072} HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000} HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D8089245-3211-40F6-819B-9E5E92CD61A2} HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{F6BF0D00-0B2A-4A75-BF7B-F385591623AF} =============== HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Microsoft Base Smart Card Crypto Provider Package HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0291E591-EA41-4c82-8106-3DC6CE7F7664} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{166B1BCA-3F9C-11CF-8075-444553540000} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{233C1507-6A77-46A4-9443-F871F945D258} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3F7924B9-D148-3141-87B1-68F36043A940} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6D86A1DB-7879-0AB6-03A4-5F56E579A55D} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{74F8E27A-1C16-8FDB-69DA-652E186007DE} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8b15971b-5355-4c82-8c07-7e181ea07608} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{94de52c8-2d59-4f1b-883e-79663d2d9a8c} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9C450606-ED24-4958-92BA-B8940C99D441} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B508B3F1-A24A-32C0-B310-85786919EF28} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ECD292A0-0347-4244-8C24-5DBCE990FB40} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EF289A85-8E57-408d-BE47-73B55609861A} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F196AC50-7C95-42E1-9947-BDAB18BF3C8C} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FB6D6065-F37A-3F59-84EC-5C5D766EC2B8} ============== BHO : ====== [ REG_SZ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{206E52E0-D52E-11D4-AD54-0000E86C26F6}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}] ================ Internet Explorer : ================ [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] Start Page REG_SZ http://home.speedbit.com/?aff=101 ======== Services ======== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services] Ndisuio : 0x3 ( OK = 3 ) SharedAccess : 0x2 ( OK = 2 ) wuauserv : 0x2 ( OK = 2 ) ========= Atapi.sys ========= %%%% HASHDEEP-1.0 %%%% size,md5,sha256,filename ## Invoked from: C:\Documents and Settings\Jeremie\Local Settings\Temp\99.tmp ## C:\> hashdeep C:\WINDOWS\System32\Drivers\atapi.sys ## 95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\System32\Drivers\atapi.sys Sources ======= C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\atapi.sys C:\WINDOWS\system32\drivers\atapi.sys Rιfιrence : ========== Win XP_32b : a64013e98426e1877cb653685c5c0009 Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51 Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674 Vista_32b : e03e8c99d15d0381e02743c36afc7c6f Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9 Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4 Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C ======= Drive : ======= D?fragmenteur de disque Windows Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc. Rapport d'analyse 186 Go total, 37,33 Go libre (20%), 22% fragment? (fragmentation du fichier 44%) Vous devriez d?fragmenter ce volume. ¤¤¤¤¤¤¤¤¤¤ Files/folders : Present !! : C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache Present !! : C:\blackra1n.exe Present !! : C:\install.exe Present !! : C:\Program Files\DAEMON Tools Toolbar Present !! : C:\Program Files\Mozilla FireFox\Components\AskSearch.js Present !! : C:\Program Files\P2P_Energy Present !! : C:\WINDOWS\_delis32.ini Present !! : C:\WINDOWS\iun6002.exe Present !! : C:\WINDOWS\System32\SET*.tmp Present !! : C:\WINDOWS\winstart.bat Present !! : C:\Documents and Settings\Jeremie\Application Data\GDIPFONTCACHEV1.DAT Present !! : C:\Documents and Settings\Jeremie\Application Data\wklnhst.dat Present !! : C:\Documents and Settings\Jeremie\Application Data\pcouffin.inf Present !! : C:\Documents and Settings\Jeremie\Application Data\GDIPFONTCACHEV1.DAT Present !! : C:\Documents and Settings\Jeremie\Application Data\wklnhst.dat Present !! : C:\Documents and Settings\Jeremie\Application Data\inst.exe Present !! : C:\Documents and Settings\Jeremie\Local Settings\Temp\dw.log Present !! : C:\Documents and Settings\Jeremie\Local Settings\Temp\Hsi.doc Present !! : C:\Documents and Settings\Jeremie\LOCAL Settings\Temp\_is23.exe Present !! : C:\Documents and Settings\Jeremie\LOCAL Settings\Temp\_is2D.exe Present !! : C:\Documents and Settings\Jeremie\LOCAL Settings\Temp\_is2E.exe Present !! : C:\Documents and Settings\Jeremie\LOCAL Settings\Temp\cabex.dll Present !! : C:\Documents and Settings\Jeremie\LOCAL Settings\Temp\catchme.dll Present !! : C:\Documents and Settings\Jeremie\LOCAL Settings\Temp mp1E.tmp Present !! : C:\Documents and Settings\Jeremie\LOCAL Settings\Temp mp2B9.tmp Present !! : C:\Documents and Settings\Jeremie\LOCAL Settings\Temp mp9E.tmp Present !! : C:\Documents and Settings\Jeremie\LOCAL Settings\Temp mpB.tmp Present !! : C:\Documents and Settings\Jeremie\LOCAL Settings\Temp mpC.tmp ¤¤¤¤¤¤¤¤¤¤ Keys : Present !! : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{32099AAC-C132-4136-9E9A-4E364A424E17} Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383} Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} Present !! : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} Present !! : "HKCU\software\Fun Web Products" Present !! : "HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}" Present !! : "HKCU\software\microsoft\internet explorer\searchscopes\{CF739809-1C6C-47C0-85B9-569DBB141420}" Present !! : "HKLM\software\Fun Web Products" Present !! : "HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}" Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe" Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe" Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File execution Options askmgr.exe" Present !! : HKCR\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} Present !! : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d} Present !! : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d} Present !! : HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} Present !! : HKCR\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} Present !! : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d} Present !! : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d} Present !! : HKCR\interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} Present !! : HKCR\interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} Present !! : HKCR\MyWebSearch.HTMLPanel Present !! : HKCR\MyWebSearch.HTMLPanel.1 Present !! : HKCR\MyWebSearch.PseudoTransparentPlugin Present !! : HKCR\MyWebSearch.PseudoTransparentPlugin.1 Present !! : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d} Present !! : HKCU\SOFTWARE\FunWebProducts Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f919fbd3-a96b-4679-af26-f551439bb5fd} Present !! : HKCU\software\MyWebSearch Present !! : HKLM\Software\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} Present !! : HKLM\Software\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179} Present !! : HKLM\Software\Classes\Interface\{DB885111-F39F-4D88-9EE5-C88460B6DF7B} Present !! : HKLM\SOFTWARE\FocusInteractive Present !! : HKLM\SOFTWARE\FunWebProducts Present !! : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss Present !! : HKLM\SOFTWARE\MyWebSearch ============ catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-24 00:41:41 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MediaProperties\PrivateProperties\Midi\Ports\Mappeur MIDI Microsoft [™mulΉ]] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MediaProperties\PrivateProperties\Midi\Ports\Mappeur MIDI Microsoft [™mulΉ]\Out] "DMPortGUID"=hex:51,34,04,d3,29,e5,62,42,b0,29,22,32,5c,62,6d,01 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MediaProperties\PrivateProperties\Midi\Ports\Synth. SW table de sons GS Mic [™mulΉ]] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MediaProperties\PrivateProperties\Midi\Ports\Synth. SW table de sons GS Mic [™mulΉ]\Out] "DMPortGUID"=hex:42,43,4c,ee,0f,0f,e0,44,97,82,30,72,02,a5,34,e5 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions] "Miniport rΉseau Ήtendu (L2TP)"=str(7):"1\0" "Miniport rΉseau Ήtendu (PPTP)"=str(7):"1\0" "ParallΈle direct"=str(7):"1\0" "Miniport rΉseau Ήtendu (IP)"=str(7):"1\0" "Carte rΉseau 1394"=str(7):"1\0002\0" "Connexion TV/vidΉo Microsoft"=str(7):"1\0" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC] "p0"="C:\Program Files\DAEMON Tools Lite\" "h0"=dword:00000001 "hdf12"=hex:1d,49,00,3b,77,81,58,cb,e0,d8,7e,41,34,3a,56,b7,5c,7b,f5,bf,29,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001] "a0"=hex:20,01,00,00,29,29,be,7d,60,6b,1d,7f,81,f5,1d,ef,97,81,b3,0b,1f,.. "hdf12"=hex:e4,e0,b3,4f,40,b1,f9,05,d7,95,5e,d4,77,38,ad,94,46,7f,93,c7,41,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0] "hdf12"=hex:b2,15,62,d3,56,fb,82,be,db,d6,57,3f,a8,93,a7,2e,bd,0f,ba,b0,26,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1] "hdf12"=hex:1d,06,35,5b,c1,74,81,60,87,c0,8d,46,32,e5,9f,5a,ad,50,d5,10,55,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:87,8f,a0,5c,56,76,4a,25,8d,db,3e,df,ab,b8,f8,c4,3f,2f,50,f4,a7,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,76,9c,db,f4,9f,b8,4b,23,a2,63,f2,84,26,9f,08,e1,78,.. "khjeh"=hex:1e,01,47,58,f8,f7,de,3d,56,76,4b,e5,02,cd,a7,be,1f,df,50,2a,30,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:ad,25,28,b7,c8,2d,e5,ca,58,49,0f,5a,97,e6,95,6c,56,aa,d2,d1,b4,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries\{3f9e6818-8458-48bd-9135-d88f38a1bbeb}] "Attributs du magasin de donnΉes"=dword:00000021 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\MediaProperties\PrivateProperties\Midi\Ports\Mappeur MIDI Microsoft [™mulΉ]] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\MediaProperties\PrivateProperties\Midi\Ports\Mappeur MIDI Microsoft [™mulΉ]\Out] "DMPortGUID"=hex:51,34,04,d3,29,e5,62,42,b0,29,22,32,5c,62,6d,01 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\MediaProperties\PrivateProperties\Midi\Ports\Synth. SW table de sons GS Mic [™mulΉ]] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\MediaProperties\PrivateProperties\Midi\Ports\Synth. SW table de sons GS Mic [™mulΉ]\Out] "DMPortGUID"=hex:42,43,4c,ee,0f,0f,e0,44,97,82,30,72,02,a5,34,e5 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions] "Miniport rΉseau Ήtendu (L2TP)"=str(7):"1\0" "Miniport rΉseau Ήtendu (PPTP)"=str(7):"1\0" "ParallΈle direct"=str(7):"1\0" "Miniport rΉseau Ήtendu (IP)"=str(7):"1\0" "Carte rΉseau 1394"=str(7):"1\0002\0" "Connexion TV/vidΉo Microsoft"=str(7):"1\0" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC] "p0"="C:\Program Files\DAEMON Tools Lite\" "h0"=dword:00000001 "hdf12"=hex:1d,49,00,3b,77,81,58,cb,e0,d8,7e,41,34,3a,56,b7,5c,7b,f5,bf,29,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001] "a0"=hex:20,01,00,00,29,29,be,7d,60,6b,1d,7f,81,f5,1d,ef,97,81,b3,0b,1f,.. "hdf12"=hex:e4,e0,b3,4f,40,b1,f9,05,d7,95,5e,d4,77,38,ad,94,46,7f,93,c7,41,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0] "hdf12"=hex:b2,15,62,d3,56,fb,82,be,db,d6,57,3f,a8,93,a7,2e,bd,0f,ba,b0,26,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1] "hdf12"=hex:1d,06,35,5b,c1,74,81,60,87,c0,8d,46,32,e5,9f,5a,ad,50,d5,10,55,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:87,8f,a0,5c,56,76,4a,25,8d,db,3e,df,ab,b8,f8,c4,3f,2f,50,f4,a7,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,76,9c,db,f4,9f,b8,4b,23,a2,63,f2,84,26,9f,08,e1,78,.. "khjeh"=hex:1e,01,47,58,f8,f7,de,3d,56,76,4b,e5,02,cd,a7,be,1f,df,50,2a,30,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:ad,25,28,b7,c8,2d,e5,ca,58,49,0f,5a,97,e6,95,6c,56,aa,d2,d1,b4,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SysmonLog\Log Queries\{3f9e6818-8458-48bd-9135-d88f38a1bbeb}] "Attributs du magasin de donnΉes"=dword:00000021 scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Tap'Touche 3.0 DΉmo] "SlowInfoCache"=hex:28,02,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,00,.. "Changed"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes] "Windows par dΉfaut"="",,,,,,,,,,,,,"" "Windows animΉ"=""C:\WINDOWS\Cursors ainbow.ani,,C:\WINDOWS\Cursors\appstart.ani,C:\WINDOWS\Cursors\hourglas.ani,C:\WINDOWS\Cursors\cross.cur,,,,C:\WINDOWS\Cursors\sizens.ani,C:\WINDOWS\Cursors\sizewe.ani,C:\WINDOWS\Cursors\sizenwse.ani,C:\WINDOWS\Cursors\sizenesw.ani,,"" "Windows Noir (trΈs grande police)"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors o_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur" "Windows InversΉ"="C:\WINDOWS\cursors\arrow_i.cur,C:\WINDOWS\cursors\help_i.cur,C:\WINDOWS\cursors\wait_i.cur,C:\WINDOWS\cursors\busy_i.cur,C:\WINDOWS\cursors\cross_i.cur,C:\WINDOWS\cursors\beam_i.cur,C:\WINDOWS\cursors\pen_i.cur,C:\WINDOWS\cursors o_i.cur,C:\WINDOWS\cursors\size4_i.cur,C:\WINDOWS\cursors\size3_i.cur,C:\WINDOWS\cursors\size2_i.cur,C:\WINDOWS\cursors\size1_i.cur,C:\WINDOWS\cursors\move_i.cur,C:\WINDOWS\cursors\up_i.cur" "Windows InversΉ (grande police)"="C:\WINDOWS\cursors\arrow_im.cur,C:\WINDOWS\cursors\help_im.cur,C:\WINDOWS\cursors\wait_im.cur,C:\WINDOWS\cursors\busy_im.cur,C:\WINDOWS\cursors\cross_im.cur,C:\WINDOWS\cursors\beam_im.cur,C:\WINDOWS\cursors\pen_im.cur,C:\WINDOWS\cursors o_im.cur,C:\WINDOWS\cursors\size4_im.cur,C:\WINDOWS\cursors\size3_im.cur,C:\WINDOWS\cursors\size2_im.cur,C:\WINDOWS\cursors\size1_im.cur,C:\WINDOWS\cursors\move_im.cur,C:\WINDOWS\cursors\up_im.cur" "Windows InversΉ (trΈs grande police)"="C:\WINDOWS\cursors\arrow_il.cur,C:\WINDOWS\cursors\help_il.cur,C:\WINDOWS\cursors\wait_il.cur,C:\WINDOWS\cursors\busy_il.cur,C:\WINDOWS\cursors\cross_il.cur,C:\WINDOWS\cursors\beam_il.cur,C:\WINDOWS\cursors\pen_il.cur,C:\WINDOWS\cursors o_il.cur,C:\WINDOWS\cursors\size4_il.cur,C:\WINDOWS\cursors\size3_il.cur,C:\WINDOWS\cursors\size2_il.cur,C:\WINDOWS\cursors\size1_il.cur,C:\WINDOWS\cursors\move_il.cur,C:\WINDOWS\cursors\up_il.cur" "Windows Standard (trΈs grande police)"="C:\WINDOWS\cursors\arrow_l.cur,C:\WINDOWS\cursors\help_l.cur,C:\WINDOWS\cursors\wait_l.cur,C:\WINDOWS\cursors\busy_l.cur,C:\WINDOWS\cursors\cross_l.cur,C:\WINDOWS\cursors\beam_l.cur,C:\WINDOWS\cursors\pen_l.cur,C:\WINDOWS\cursors o_l.cur,C:\WINDOWS\cursors\size4_l.cur,C:\WINDOWS\cursors\size3_l.cur,C:\WINDOWS\cursors\size2_l.cur,C:\WINDOWS\cursors\size1_l.cur,C:\WINDOWS\cursors\move_l.cur,C:\WINDOWS\cursors\up_l.cur" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DocFolderPaths] "PropriΉtaire"="C:\Documents and Settings\Propriιtaire\Mes documents" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "c:\Documents and Settings\All Users\Menu DΉmarrer\Programmes\Microsoft Works\"="" "C:\Documents and Settings\All Users\Menu DΉmarrer\Programmes\HP\Memories Disc\"="" "C:\Documents and Settings\All Users\Menu DΉmarrer\Programmes\HP\"="" "C:\Program Files\ACD Systems\FotoSlate\3.0\Page Library\ACD Inventaire\Album photo\Format lΉgal US (8.5x14in)\"="1" "C:\Program Files\ACD Systems\FotoSlate\3.0\Page Library\ACD Inventaire\feuilles d'impression\Format lΉgal US (8.5x14in)\"="1" "C:\Program Files\ACD Systems\FotoSlate\3.0\Page Library\CrΉatif\"="1" "C:\Program Files\ACD Systems\FotoSlate\3.0\Page Library\CrΉatif\Album photo\"="1" "C:\Program Files\ACD Systems\FotoSlate\3.0\Page Library\CrΉatif\feuilles d'impression\"="1" "C:\Program Files\ACD Systems\FotoSlate\3.0\Page Library\Tailles Standard\AmΉrique du Nord\"="1" "C:\Program Files\ACD Systems\FotoSlate\3.0\Page Library\ACD Inventaire\Album photo\Format lΉgal US (8.5x14in)\Paysage\"="" "C:\Program Files\ACD Systems\FotoSlate\3.0\Page Library\ACD Inventaire\Album photo\Format lΉgal US (8.5x14in)\Portrait\"="" "C:\Program Files\ACD Systems\FotoSlate\3.0\Page Library\ACD Inventaire\feuilles d'impression\Format lΉgal US (8.5x14in)\Paysage\"="" "C:\Program Files\ACD Systems\FotoSlate\3.0\Page Library\ACD Inventaire\feuilles d'impression\Format lΉgal US (8.5x14in)\Portrait\"="" "C:\Program Files\ACD Systems\FotoSlate\3.0\Page Library\CrΉatif\Album photo\Paysage\"="" "C:\Program Files\ACD Systems\FotoSlate\3.0\Page Library\CrΉatif\Album photo\Portrait\"="" "C:\Program Files\ACD Systems\FotoSlate\3.0\Page Library\CrΉatif\bandes-tΉmoins\"="" "C:\Program Files\ACD Systems\FotoSlate\3.0\Page Library\CrΉatif\Calendrier\"="" "C:\Program Files\ACD Systems\FotoSlate\3.0\Page Library\CrΉatif\cartes de voeux\"="" "C:\Program Files\ACD Systems\FotoSlate\3.0\Page Library\CrΉatif\CD et DVD\"="" "C:\Program Files\ACD Systems\FotoSlate\3.0\Page Library\CrΉatif\feuilles d'impression\Paysage\"="" "C:\Program Files\ACD Systems\FotoSlate\3.0\Page Library\CrΉatif\feuilles d'impression\Portrait\"="" "C:\Program Files\ACD Systems\FotoSlate\3.0\Page Library\CrΉatif\Transferts de T-Shirt\"="" "C:\Program Files\ACD Systems\FotoSlate\3.0\Page Library\Tailles Standard\AmΉrique du Nord\Paysage\"="" "C:\Program Files\ACD Systems\FotoSlate\3.0\Page Library\Tailles Standard\AmΉrique du Nord\Portrait\"="" "C:\Documents and Settings\All Users\Menu DΉmarrer\Programmes\ACD Systems\"="" "C:\Documents and Settings\Matthieu\Menu DΉmarrer\Programmes\TuneUp Utilities 2007\Utilities\"="1" "C:\Documents and Settings\Matthieu\Menu DΉmarrer\Programmes\TuneUp Utilities 2007\"="1" "C:\Documents and Settings\All Users\Menu DΉmarrer\Programmes\TuneUp Utilities 2007\Utilities\"="1" "C:\Documents and Settings\All Users\Menu DΉmarrer\Programmes\TuneUp Utilities 2007\"="1" "C:\Documents and Settings\Matthieu\Menu DΉmarrer\Programmes\Google Earth\"="" "C:\Documents and Settings\All Users\Menu DΉmarrer\Programmes\Powertoys for Windows XP\"="" "C:\Documents and Settings\All Users\Menu DΉmarrer\Programmes\Windows Live\"="" "C:\Documents and Settings\All Users\Menu DΉmarrer\Programmes\AGEIA\"="" "C:\Documents and Settings\Nicolas\Menu DΉmarrer\Programmes\OpenOffice.org 3.0\"="" "C:\Documents and Settings\Jeremie\Menu DΉmarrer\Programmes\Regressi\"="" "C:\Documents and Settings\Matthieu\Menu DΉmarrer\Programmes\Regressi\"="" "C:\Documents and Settings\Jeremie\Menu DΉmarrer\Programmes\OpenOffice.org 3.0\"="" "C:\Documents and Settings\All Users\Menu DΉmarrer\Programmes\Microsoft Office Live Add-in\"="" "C:\Documents and Settings\All Users\Menu DΉmarrer\Programmes\Nikon Transfer\"="" "C:\Documents and Settings\All Users\Menu DΉmarrer\Programmes\ViewNX\"="" "C:\Documents and Settings\All Users\Menu DΉmarrer\Programmes\Safari\"="" "C:\Documents and Settings\All Users\Menu DΉmarrer\Programmes\HP\PSC All-In-One 1300 series\"="" "C:\Documents and Settings\All Users\Menu DΉmarrer\Programmes\Tunebite 7\"="1" "C:\Documents and Settings\All Users\Menu DΉmarrer\Programmes\Tunebite 7\Help and support\"="1" "C:\Documents and Settings\All Users\Menu DΉmarrer\Programmes\QuickTime\"="" "C:\Documents and Settings\Jeremie\Menu DΉmarrer\Programmes\Styler\"="" "C:\Documents and Settings\All Users\Menu DΉmarrer\Programmes\TortoiseSVN\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\Modules externes\Filtres\Styles d'Ήclairage\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\Modules externes\Images de rΉfΉrence\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Bichromie\3 encres\Gris\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Bichromie\3 encres\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Bichromie\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Bichromie\3 encres\PANTONE(R)\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Bichromie\3 encres\Primaires\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Bichromie\4 encres\Gris\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Bichromie\4 encres\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Bichromie\4 encres\PANTONE(R)\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Bichromie\4 encres\Primaires\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Bichromie\Bichromie\Gris-Noir\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Bichromie\Bichromie\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Bichromie\Bichromie\PANTONE(R)\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Bichromie\Bichromie\Primaires\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Catalogues de couleurs\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Contours\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Couleurs optimisΉes\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Courbes\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Dispositions\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\DΉgradΉs\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Espaces de travail\1-Espaces de travail standard\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Espaces de travail\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Espaces de travail\2-Espaces de travail basΉs sur les t²ches\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Formes\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Formes personnalisΉes\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Galerie Web Photo\Bordure pointillΉe - Blanc-noir\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Galerie Web Photo\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Galerie Web Photo\Bordure pointillΉe - Blanc-noir\images\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Galerie Web Photo\Bordure pointillΉe - Noir-blanc\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Galerie Web Photo\Bordure pointillΉe - Noir-blanc\images\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Galerie Web Photo\Cadre centrΉ 1 - Base\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Galerie Web Photo\Cadre centrΉ 1 - Base\images\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Galerie Web Photo\Cadre centrΉ 1 - Infos seules\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Galerie Web Photo\Cadre centrΉ 1 - Infos seules\images\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Galerie Web Photo\Cadre centrΉ 1 - Retour\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Galerie Web Photo\Cadre centrΉ 1 - Retour\images\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Galerie Web Photo\Cadre centrΉ 2 - Retour\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Galerie Web Photo\Cadre centrΉ 2 - Retour\images\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Galerie Web Photo\Flash - Galerie 1\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Galerie Web Photo\Flash - Galerie 2\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Galerie Web Photo\Horizontale - Retour\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Galerie Web Photo\Horizontale - Retour\images\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Galerie Web Photo\Horizontale grise\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Galerie Web Photo\Horizontale grise\images\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Galerie Web Photo\Horizontale neutre\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Galerie Web Photo\Horizontale neutre\images\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Galerie Web Photo\Horizontale ° diaporama\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Galerie Web Photo\Horizontale ° diaporama\images\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Galerie Web Photo\Simple\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Galerie Web Photo\Simple - Tableau de vignettes\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Galerie Web Photo\Simple - Tableau de vignettes\images\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Galerie Web Photo\Simple - Vignettes horizontales\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Galerie Web Photo\Simple - Vignettes horizontales\images\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Galerie Web Photo\Simple - Vignettes verticales\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Galerie Web Photo\Simple - Vignettes verticales\images\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Galerie Web Photo\Tableau - Minimal\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Galerie Web Photo\Tableau - Minimal\images\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Galerie Web Photo\Tableau 1\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Galerie Web Photo\Tableau 1\images\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Galerie Web Photo\Tableau 2\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Galerie Web Photo\Tableau 2\images\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Galerie Web Photo\Vignettes grises\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Galerie Web Photo\Vignettes grises\images\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Motifs\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Motifs\Motifs PostScript\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\MΉlangeur de couches\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Noir et blanc\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Nuanciers\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Outils\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\ParamΈtres de sortie optimisΉs\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\ParamΈtres optimisΉs\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Personnalisation de menus\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Raccourcis clavier\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Scripts\"="" "M:\Program Files\Adobe\Adobe Photoshop CS3\ParamΈtres prΉdΉfinis\Scripts\Adapter l'image\"="" "M:\Program Files\Adobe\Adobe Photoshop C

jeremss · Answer

Oups j'ai oublié de désactiver Avast!!

benurrr · Answer

salut

rapport pas complet mais fait quand meme l'option 2

&#9654; Relance List&Kill'em(soit en clic droit pour vista),avec le raccourci sur ton bureau.
mais cette fois-ci :

&#9654; choisis l'option 2 = Mode Suppression

laisse travailler l'outil.

en fin de scan un rapport s'ouvre

&#9654; colle le contenu dans ta réponse

jeremss · Answer

Ok je ferais ca apres. Faudra que je desactive Avast?

benurrr · Answer

oui

jeremss · Answer

D'accord merci. Je ne comprends pas pourquoi tu dis que le rapport est incomplet... Il y avait bien marqué "complet"...

benurrr · Answer

il manque la fin la partie relatif au rootkit mbr

peut-être un problème dans le copier coller ou le message trop long

jeremss · Answer

Ah d'accord. Je peux peut etre essayer de retrouver le ficher? Il a été enregistré?

jeremss · Answer

L'ordinateur est cependant beaucoup plus rapide qu'hier(je suppose que ca n'a rien a voir)! Il oscille maintenant entre 10 et 30% quand j'ai au moins une fenetre d'ouverte et entre 0 et 10% quand il est au "repos". Par contre pour le bruit... on dirait un aspirateur^^...

benurrr · Answer

il est dans C:killm.txt tu prend que la fin

jeremss · Answer

"C:\Documents and Settings\All Users\Menu DΉmarrer\Programmes\Microsoft Office\"=""
"C:\Documents and Settings\All Users\Menu DΉmarrer\Programmes\Microsoft Office\Microsoft Office Tools\"=""
"C:\Documents and Settings\All Users\Menu DΉmarrer\Programmes\iTunes\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\Documents and Settings\All Users\Documents\Mes vidΉos\Photoshoot.mpg.scn"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Tap'Touche 3.0 DΉmo]
"UninstallString"="C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Tap'Touche 3 Dιmo\Uninst.isu""
"DisplayName"="Tap'Touche 3.0 Dιmo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"WST_Czec (toutes rΉsolutions)"="wst_czec.FON"
"WST_Engl (toutes rΉsolutions)"="wst_engl.FON"
"WST_Fren (toutes rΉsolutions)"="wst_fren.FON"
"WST_Germ (toutes rΉsolutions)"="wst_germ.FON"
"WST_Ital (toutes rΉsolutions)"="wst_ital.FON"
"WST_Span (toutes rΉsolutions)"="wst_span.FON"
"WST_Swed (toutes rΉsolutions)"="wst_swed.FON"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Volume Control\Realtek AC97 Audio\ContrΔle d'enre]
"LineStates"=hex:04,00,00,00,43,00,6f,00,6e,00,74,00,72,00,f4,00,6c,00,65,00,20,..
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Volume Control\Realtek AC97 Audio\ContrΔle du vol]
"LineStates"=hex:00,00,00,00,43,00,6f,00,6e,00,74,00,72,00,f4,00,6c,00,65,00,20,..
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Accessoires\AccessibilitΉ]
"Order"=hex:08,00,00,00,02,00,00,00,88,02,00,00,01,00,00,00,04,00,00,00,ac,..
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Accessoires\Outils systΈme]
"Order"=hex:08,00,00,00,02,00,00,00,ae,05,00,00,01,00,00,00,09,00,00,00,ca,..
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Documents and Settings\Jeremie\Mes documents\TΉlΉchargements\iTunesSetup.exe"="iTunes Installer"
"C:\Documents and Settings\Jeremie\Mes documents\TΉlΉchargements\Install_CopyTrans_Suite.exe"="Install_CopyTrans_Suite"
"C:\Documents and Settings\Jeremie\Mes documents\TΉlΉchargements\WinAVI_Video_Converter.exe"="www.winavi.fr "
"C:\Documents and Settings\Jeremie\Mes documents\TΉlΉchargements\FreeYouTubeToMp3Converter.exe"="Free YouTube to MP3 Converter 3.2 Setup "
"C:\Documents and Settings\Jeremie\Bureau\iPod Touch 2g de JΉrΉmie\xvideos_d_setup.exe"="xVideos Video Downloader Setup "
"C:\Documents and Settings\Jeremie\Bureau\iPod Touch 2g de JΉrΉmie\VLCSetup.exe"="VLC Connection Utility Setup "
"C:\Documents and Settings\Jeremie\Bureau\iPod Touch 2g de JΉrΉmie\Nouveau dossier\TotoneTheme\TotoneTheme.exe"="TotoneThθme"
"M:\Dossiers de la famille\JΉrΉmie\DSLtest2101.exe"="DSLtest"
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Network\Observateur d'ΉvΉnements]
"SaveSettings"="1"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86FDA1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x86fda1f8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !

==========
Programs
==========

ACD Systems
ActivIcons
Adobe
Advanced Messenger Plus
AGEIA Technologies
Ahead
AirPort
Alwil Software
Apple Software Update
ATI Technologies
Auslogics
Avidemux 2.4
AviSynth 2.5
AVS4YOU
Axialis
Azureus
Belkin
Bodom-Child - RaBBi
Bonjour
Boonty
BoontyGames
BoostYourPC.com
C-Media
CCleaner
CDBurnerXP
Citrix
Conduit
CubicExplorer
CubicExplorer_dev
DAEMON Tools
DAEMON Tools Lite
DAEMON Tools Toolbar
DAP
directx
DivX
DVDVideoSoft
EA GAMES
Electronic Arts
eMule
eMule Super Booster
Evariste
Executive Software
Fichiers communs
Free iPod Video Converter
Free Offers from Freeze.com
Freeze.com
GIMP-2.0
Google
GSC Game World
GUILD WARS
Guitar Pro 5
Hobbyist Software
HP
iArt
Icone
Illustrate
ImgBurn
InstallShield Installation Information
Intermec
Internet Explorer
InterVideo
Inventel
iPod
IrfanView
iTunes
IVCsoft
Java
JRE
Kodak
LETMIN
LibUSB-Win32
LimeWire
List_Kill'em
MagicDVDRipper
MAGIX
MeCanto
Messenger
Messenger Plus! Live
MessengerPlus! 3
Microsoft
Microsoft CAPICOM 2.1.0.2
microsoft frontpage
Microsoft Games
Microsoft Office
Microsoft Silverlight
Microsoft SQL Server
Microsoft SQL Server Compact Edition
Microsoft Sync Framework
Microsoft Visual Studio
Microsoft Works
Microsoft WSE
Microsoft.NET
MIKSOFT
Mio Technology
Movie Maker
Mozilla Firefox
MSBuild
MSECache
MSN
MSN Gaming Zone
MSXML 4.0
MSXML 6.0
MyWebSearch
Need4 Software Launcher
Need4 Video Converter 6
Nero
NetMeeting
Nikon
Notepad++
OLYMPUS
Online Services
OpenOffice.org 3
Orange
Outlook Express
P2P_Energy
Paint.NET
PcPrivacySoftware.com
Photo Service Edition
Picasa2
Pinnacle
PixiePack Codec Pack
PIXresizer
QuickTime
RapidSolution
Real
Realtek AC97
Reference Assemblies
RegClean
Ripp-it_AM
RocketDock
RomStation
Safari
Securitoo
SereneScreen
Services en ligne
Sierra
Sierra On-Line
Smart Data Recovery
SoundTaxi
SoundTaxi Media Suite
SpeedBit Video Accelerator
SpeedOptimizer
Stardock
Styler
SystemRequirementsLab
The Adventure Company
The KMPlayer FR
TicTacPhoto
TightVNC
TortoiseSVN
touchFree
TuneUp Utilities 2007
Ubi Soft
Ubisoft
Uninstall Information
VideoLAN
Virtools Web Player 3.0
ViStart
Vuze
Wanadoo
Western Digital
WinAVI Video Converter
Windows Desktop Search
Windows Installer Clean Up
Windows Live
Windows Live SkyDrive
Windows Media Connect 2
Windows Media Player
Windows NT
WindowsUpdate
WindSolutions
WinRAR
WinSCP
Wisdom-soft ScreenHunter 5 Free
xerox
Yahoo!
Yamb
Zumie

============
Drive C:
============

65d75e769bda2ba8792b7f1c7729
6c50efe17d7ccf51ab04677f4c
868000430717.dat
9546486a4f11ac86c2d554961e11
APIHook.log
ati.log
AUTOEXEC.BAT
blackra1n.exe
blackra1n.log
blackrain.exe
boot.ini
Bootfont.bin
checkrun.txt
Config.Msi
CONFIG.SYS
Converted
Default.Bmp
Dev-Cpp
Documents and Settings
Downloads
DVDVideoSoft
error.log
eula.1028.txt
eula.1031.txt
eula.1033.txt
eula.1036.txt
eula.1040.txt
eula.1041.txt
eula.1042.txt
eula.2052.txt
eula.3082.txt
expand.txt
files
FirstSteps
gdiplus.dll
globdata.ini
hiberfil.sys
install
install.exe
install.ini
install.res.1028.dll
install.res.1031.dll
install.res.1033.dll
install.res.1036.dll
install.res.1040.dll
install.res.1041.dll
install.res.1042.dll
install.res.2052.dll
install.res.3082.dll
IO.SYS
ISP
Kill'em
LANG.TXT
Language.txt
List'em.txt
log.html
log.txt
LogiSetup.log
Logs
Mes t?l?chargements
MicroGaming
MOPYFISH
MSDOS.SYS
MSIInstall.log
MSOCache
MSWorks
NIS2005
nsq14F.tmp
NTDETECT.COM
ntldr
oem.tag
orange.bmp
os466477.bin
pagefile.sys
pebuilder3110a
pluginmanager.txt
PMC.COMInterop.txt
Prodlog.txt
Program Files
ProgramData
RECYCLER
SBSI
SIERRA
sqmdata00.sqm
sqmdata01.sqm
sqmdata02.sqm
sqmdata03.sqm
sqmdata04.sqm
sqmdata05.sqm
sqmdata06.sqm
sqmdata07.sqm
sqmdata08.sqm
sqmdata09.sqm
sqmdata10.sqm
sqmdata11.sqm
sqmdata12.sqm
sqmdata13.sqm
sqmdata14.sqm
sqmdata15.sqm
sqmdata16.sqm
sqmdata17.sqm
sqmdata18.sqm
sqmdata19.sqm
sqmnoopt00.sqm
sqmnoopt01.sqm
sqmnoopt02.sqm
sqmnoopt03.sqm
sqmnoopt04.sqm
sqmnoopt05.sqm
sqmnoopt06.sqm
sqmnoopt07.sqm
sqmnoopt08.sqm
sqmnoopt09.sqm
sqmnoopt10.sqm
sqmnoopt11.sqm
sqmnoopt12.sqm
sqmnoopt13.sqm
sqmnoopt14.sqm
sqmnoopt15.sqm
sqmnoopt16.sqm
sqmnoopt17.sqm
sqmnoopt18.sqm
sqmnoopt19.sqm
StubInstaller.exe
System Volume Information
Temp
vcredist.bmp
VC_RED.cab
VC_RED.MSI
Vid o 1.scn
WINDOWS
www.dailymotion_.flv.html

¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials

C:\Documents and Settings\All Users\Documents\Nouveau dossier (6)\Keygen + No-CD\Keygen.exe
C:\MSWorks\Install.exe

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

End of scan : 4:27:41,09

benurrr · Answer

possible MBR rootkit infection

tu fera sa plutôt si sa marche pas en fera un fixmbr

&#9654; Relance List&Kill'em(soit en clic droit pour vista),avec le raccourci sur ton bureau.
mais cette fois-ci :

&#9654; choisis l'option 2 = Mode Suppression

laisse travailler l'outil.

en fin de scan un rapport s'ouvre

&#9654; colle le contenu dans ta réponse

ensuite :

&#9654; Relance List&Kill'em(soit en clic droit pour vista),avec le raccourci sur ton bureau.
mais cette fois-ci :

&#9654; choisis l'option 6 = Restore MBR

laisse travailler l'outil.

en fin de scan un rapport s'ouvre

&#9654; colle le contenu dans ta réponse

jeremss · Answer

Ok je ferais ca en fin d'apres midi car ca doit etre long et j'ai du travail a faire. En tout cas merci beaucoup de m'aider ca fait vraiment plaisir!

jeremss · Answer

voila!
AKill'em by g3n-h@ckm@n 1.2.5.3 
 
User : Jeremie (Administrateurs) 
Update on 19/02/2010 by g3n-h@ckm@n ::::: 13.15 
Start at: 00:12:44 | 25/02/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7

              Intel(R) Pentium(R) 4 CPU 2.93GHz
Microsoft Windows XP Edition familiale (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 7.0.5730.11
Windows Firewall Status : Enabled
AV : avast! antivirus 4.8.1356 [VPS 100223-2] 4.8.1356 [ (!) Disabled | Updated ]

C:\ -> Disque fixe local | 186,31 Go (41,14 Go free) [Disque C] | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM | 683,56 Mo (0 Mo free) [DISK1] | CDFS
F:\ -> Disque CD-ROM
G:\ -> Disque CD-ROM
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible
K:\ -> Disque amovible
L:\ -> Disque amovible
M:\ -> Disque fixe local | 149,01 Go (68,48 Go free) [DISQUE 2] | FAT32
 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
 
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\FreezeScreenSaver.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\List_Kill'em\List_Kill'em.scr
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Jeremie\Local Settings\Temp\1A7.tmp\ERUNT.EXE
C:\Documents and Settings\Jeremie\Local Settings\Temp\1A7.tmp\pv.exe
 
Detections : 
========== 
 

¤¤¤¤¤¤¤¤¤¤ Files/folders : 

Quarantined & Deleted !! : C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache 
Quarantined & Deleted !! : C:\blackra1n.exe 
Quarantined & Deleted !! : C:\install.exe 
Quarantined & Deleted !! : C:\Program Files\DAEMON Tools Toolbar 
Quarantined & Deleted !! : C:\Program Files\Mozilla FireFox\Components\AskSearch.js 
Quarantined & Deleted !! : C:\Program Files\P2P_Energy 
Quarantined & Deleted !! : C:\WINDOWS\_delis32.ini 
Quarantined & Deleted !! : C:\WINDOWS\iun6002.exe 
 
Quarantined & Deleted !! : C:\WINDOWS\System32\SET563.tmp 
Quarantined & Deleted !! : C:\WINDOWS\System32\SET564.tmp 
Quarantined & Deleted !! : C:\WINDOWS\System32\SET571.tmp 
Quarantined & Deleted !! : C:\WINDOWS\System32\SET91.tmp 
Quarantined & Deleted !! : C:\WINDOWS\System32\SET93.tmp 
Quarantined & Deleted !! : C:\WINDOWS\System32\SETA2.tmp 
Quarantined & Deleted !! : C:\WINDOWS\winstart.bat 
Quarantined & Deleted !! : C:\Documents and Settings\Jeremie\Application Data\GDIPFONTCACHEV1.DAT 
Quarantined & Deleted !! : C:\Documents and Settings\Jeremie\Application Data\wklnhst.dat 
Quarantined & Deleted !! : C:\Documents and Settings\Jeremie\Application Data\pcouffin.inf 
Quarantined & Deleted !! : C:\Documents and Settings\Jeremie\Application Data\inst.exe 
Quarantined & Deleted !! : C:\Documents and Settings\Jeremie\Local Settings\Temp\dw.log 
Quarantined & Deleted !! : C:\Documents and Settings\Jeremie\Local Settings\Temp\Hsi.doc 
Quarantined & Deleted !! : C:\Documents and Settings\Jeremie\LOCAL Settings\Temp\i4jdel0.exe 
Quarantined & Deleted !! : C:\Documents and Settings\Jeremie\LOCAL Settings\Temp\_is23.exe 
Quarantined & Deleted !! : C:\Documents and Settings\Jeremie\LOCAL Settings\Temp\_is2D.exe 
Quarantined & Deleted !! : C:\Documents and Settings\Jeremie\LOCAL Settings\Temp\_is2E.exe 
Quarantined & Deleted !! : C:\Documents and Settings\Jeremie\LOCAL Settings\Temp\cabex.dll 
Quarantined & Deleted !! : C:\Documents and Settings\Jeremie\LOCAL Settings\Temp\swt-gdip-win32-3448.dll 
Quarantined & Deleted !! : C:\Documents and Settings\Jeremie\LOCAL Settings\Temp\swt-win32-3448.dll 
Quarantined & Deleted !! : C:\Documents and Settings\Jeremie\LOCAL Settings\Temp	mp1E.tmp 
Quarantined & Deleted !! : C:\Documents and Settings\Jeremie\LOCAL Settings\Temp	mp2B9.tmp 
Quarantined & Deleted !! : C:\Documents and Settings\Jeremie\LOCAL Settings\Temp	mp9E.tmp 
Quarantined & Deleted !! : C:\Documents and Settings\Jeremie\LOCAL Settings\Temp	mpB.tmp 
Quarantined & Deleted !! : C:\Documents and Settings\Jeremie\LOCAL Settings\Temp	mpC.tmp 
 
==============
host file OK !
==============

========
Registry
========

Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{32099AAC-C132-4136-9E9A-4E364A424E17}  
Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}  
Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440}  
Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D}  
Deleted : "HKCU\software\Fun Web Products"  
Deleted : "HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}"  
Deleted : "HKCU\software\microsoft\internet explorer\searchscopes\{CF739809-1C6C-47C0-85B9-569DBB141420}"  
Deleted : "HKLM\software\Fun Web Products"  
Deleted : "HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}"  
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"  
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"  
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File execution Options	askmgr.exe"  
Deleted : HKCR\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239}  
Deleted : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d}  
Deleted : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d}  
Deleted : HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}  
Deleted : HKCR\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3}  
Deleted : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}  
Deleted : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}  
Deleted : HKCR\interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc}  
Deleted : HKCR\interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff}  
Deleted : HKCR\MyWebSearch.HTMLPanel  
Deleted : HKCR\MyWebSearch.HTMLPanel.1  
Deleted : HKCR\MyWebSearch.PseudoTransparentPlugin  
Deleted : HKCR\MyWebSearch.PseudoTransparentPlugin.1  
Deleted : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}  
Deleted : HKCU\SOFTWARE\FunWebProducts  
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d}  
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca}  
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca}  
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465}  
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2}  
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3}  
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f919fbd3-a96b-4679-af26-f551439bb5fd}  
Deleted : HKCU\software\MyWebSearch  
Deleted : HKLM\Software\Classes\Interface\{DB885111-F39F-4D88-9EE5-C88460B6DF7B}  
Deleted : HKLM\SOFTWARE\FocusInteractive  
Deleted : HKLM\SOFTWARE\FunWebProducts  
Deleted : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss  
Deleted : HKLM\SOFTWARE\MyWebSearch  
========
Services
=========

 Ndisuio : Start = 3   
 Ip6Fw : Start = 2   
 SharedAccess : Start = 2   
 wuauserv : Start = 2   
 wscsvc : Start = 2   

============
Disk Cleaned
============
 
=================
anti-ver blaster : OK !! 
=================

================
Prefetch cleaned 
================
 
 
 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

benurrr · Answer

&#9654; Relance List&Kill'em(soit en clic droit pour vista),avec le raccourci sur ton bureau.
mais cette fois-ci :

&#9654; choisis l'option 6 = Restore MBR

laisse travailler l'outil.

en fin de scan un rapport s'ouvre

&#9654; colle le contenu dans ta réponse

jeremss · Answer

Me revoila après plus d'un an avec le même ordinateur et le même problème. J'espere que tu es toujours la benurrr^^. Bon je vais faire la manip que j'aurais du faire il y a un an :D

Utilisation de l'UC toujours à 100%!!

17 réponses

Votre réponse

Discussions similaires

Newsletters