Sujet Précédent Sujet Suivant

Probleme PC de plus en plus lent, etc

Fenomenal -  
 Eric -
Bonjour,
J'ai eu des gros problème avec mon PC depuis un moment et sa n'arrête pas d'empirer !
Tout cela est arriver a cause d'avast.

Il prenais windows pour un virus et empêcher l'ouverture de session.
Je l'ai donc désinstaller.
Mais lors de la désinstallation, je pense qu'il a supprimer les composants systeme.
Car:
-Impossible d'ouvrir le composant "fservices.exe" donc pas de parefeu.
-A chaque ouverture de session, pleins de message d'erreur de la part de explorer.exe
-PC ralentissement
-Bug du bureau (par moment il "tremble")

J'espere recevoir de l'aide merci d'avance.

Je fourni aussi un rapport de HiJack Hunter au cas ou:

[quote]
Hijack Hunter 1.1.0.0
https://www.novirusthanks.org/
Log created on 24/02/2010 at 23:06:44

[+] Generic system info

Operating System: Microsoft Windows XP Service Pack 3 32-bit OS
Build Version: 2600.xpsp_sp3_gdr.091208-2036
Internet Explorer: 8.0.6001.18702
System Folder: C:\WINDOWS.0\system32

[+] Running processes

C:\WINDOWS.0\services.exe (350764 bytes) (Unknown) (aac3068e8611d6bfed7c1ed9f66545bb)
C:\xampp\apache\bin\apache.exe (24635 bytes) (Apache Software Foundation) (97ed5aa5fbaa105ef614b8c240b62ba1)
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (144672 bytes) (Apple Inc.) (4b5ae15e5c73eb4dc8dbec2788230d41)
C:\Program Files\Bonjour\mDNSResponder.exe (238888 bytes) (Apple Inc.) (3f56903e124e820aeece6d471583c6c1)
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (40999448 bytes) (Microsoft Corporation) (b5d37852d666e863e8051c1001548328)
C:\xampp\apache\bin\apache.exe (24635 bytes) (Apache Software Foundation) (97ed5aa5fbaa105ef614b8c240b62ba1)
C:\xampp\mysql\bin\mysqld-nt.exe (4653056 bytes) (Unknown) (f49c7c5d43d3c88fcc7bbcbab9797ca8)
C:\WINDOWS.0\system32\nvsvc32.exe (163908 bytes) (NVIDIA Corporation) (c501206816f35d20422b4c3f88d62860)
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (98840 bytes) (Microsoft Corporation) (637a0f23f9012358e92e6f99835494d1)
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (185640 bytes) (TeamViewer GmbH) (2c269c49285184de9de8e0fa341b1dfd)
C:\WINDOWS.0\RTHDCPL.EXE (16855552 bytes) (Realtek Semiconductor Corp.) (f8e9d5fbb2339fb71b770e89b577b360)
C:\Program Files\iTunes\iTunesHelper.exe (141608 bytes) (Apple Inc.) (8dc7685764b22db97891012026fa7ed1)
C:\Program Files\RALINK\Common\RaUI.exe (589824 bytes) (Ralink Technology, Corp.) (2d387cf3e565f5cbd31256c70547a021)
C:\Program Files\iPod\bin\iPodService.exe (545576 bytes) (Apple Inc.) (1e6f080d5edb4c3b4c4eb787a0848dcc)
C:\WINDOWS.0\services.exe (350764 bytes) (Unknown) (aac3068e8611d6bfed7c1ed9f66545bb)
C:\WINDOWS.0\RTHDCPL.EXE (16855552 bytes) (Realtek Semiconductor Corp.) (f8e9d5fbb2339fb71b770e89b577b360)
C:\Documents and Settings\NOM MASQUER\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe (368224 bytes) (EoRezo) (5ecd3c3b70b6b50f284dbaf6016b2ddf)
C:\Program Files\iTunes\iTunesHelper.exe (141608 bytes) (Apple Inc.) (8dc7685764b22db97891012026fa7ed1)
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (2075384 bytes) (Veoh Networks) (6b1a1c2c7c6c4d005a380a873f80ad75)
C:\Program Files\Skype\Phone\Skype.exe (25623336 bytes) (Skype Technologies S.A.) (bf9eab227d409ce1e75c23bb10cf5dbc)
C:\Program Files\aMSN\bin\wish.exe (36864 bytes) (ActiveState Corporation) (ce0245764cd5fff4307af0f264e239a1)
C:\Program Files\uTorrent\uTorrent.exe (319280 bytes) (BitTorrent, Inc.) (93ca7c617dcb874904d1ecb79c34044e)
C:\Program Files\RALINK\Common\RaUI.exe (589824 bytes) (Ralink Technology, Corp.) (2d387cf3e565f5cbd31256c70547a021)
C:\WINDOWS.0\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe (630784 bytes) (Unknown) (4ac28b51530d3a93b3f27eb7a72f575f)
C:\Program Files\Skype\Plugin Manager\skypePM.exe (78008 bytes) (Skype Technologies) (89cf33e9040e3cc39f097238d3d97032)
C:\Program Files\Mozilla Firefox 3.6 Beta 2\firefox.exe (910296 bytes) (Mozilla Corporation) (9a1d58a8d5da06ee6592673cf695db95)
C:\Program Files\FileZilla FTP Client\filezilla.exe (7525376 bytes) (FileZilla Project) (ceb494498dfae3cb7ae9a1f344c8b828)
C:\Program Files\LimeWire\LimeWire.exe (503808 bytes) (Lime Wire, LLC) (2b7f2dc5741bb18f7f5ec7558da68197)
C:\Program Files\Opera\opera.exe (832296 bytes) (Opera Software) (a5f6a9a70592c33f451acb0708266174)
C:\Program Files\NoVirusThanks\Hijack Hunter\HijackHunter.exe (441856 bytes) (NoVirusThanks Company Srl) (4b61f927ae05cbccf4c8231e0a316fa9)

[+] Loaded Modules

C:\WINDOWS.0\system32\msacm32.drv (20992 bytes) (Microsoft Corporation) (675c6cf2eba4eb1c9ed86dbb73383c10)
C:\WINDOWS.0\AppPatch\AcAdProc.dll (39424 bytes) (Microsoft Corporation) (44fd9cfd9d732b25c10792ce0aeb3e7d)
C:\Program Files\Bonjour\mdnsNSP.dll (147456 bytes) (Apple Inc.) (292f92469efb2fd402e00742c06d539d)
C:\WINDOWS.0\system32\Normaliz.dll (23552 bytes) (Microsoft Corporation) (10753a3adc3e39a3b10cc3f08e98e6b4)
C:\WINDOWS.0\system32\iertutil.dll (1985536 bytes) (Microsoft Corporation) (e143f6a1c023c5bf2cfa9924f1a11f96)
C:\WINDOWS.0\system32\wups2.dll (44768 bytes) (Microsoft Corporation) (5bd1234e11b39c63bba87022af6d43c2)
C:\Program Files\SmartFTP Client\sfShellTools.dll (471864 bytes) (SmartSoft Ltd.) (8408b92d2b89d269bf84850e5347413b)
C:\Program Files\SmartFTP Client\fr-FR\sfShellTools.dll.mui (12288 bytes) (SmartSoft Ltd.) (8fbfd8facf853e38d5ddcb958b002dab)
C:\WINDOWS.0\system32\ieframe.dll (11070464 bytes) (Microsoft Corporation) (3cf9a6f04a2708646fb2def4db92688b)
C:\WINDOWS.0\system32\reginv.dll (36864 bytes) (Unknown) (562e0d01d6571fa2251a1e9f54c6cc69)
C:\WINDOWS.0\WS2HELP.dll (21172 bytes) (Microsoft Corporation) (638b49df7c7fed583e35401167b21c91)
C:\WINDOWS.0\Wplugin.dll (110592 bytes) (Microsoft Corporation) (8847a8302dacc1d6fca61f125c8fe8e0)
C:\WINDOWS.0\system32\wpdshserviceobj.dll (133632 bytes) (Microsoft Corporation) (045e228f71c31901084b64be59093499)
C:\Program Files\FileZilla FTP Client\fzshellext.dll (94208 bytes) (Unknown) (471ec1a4b5588ce0d06eed97dffc1485)
C:\WINDOWS.0\system32\portabledevicetypes.dll (166912 bytes) (Microsoft Corporation) (22358578cb321f3325496a3723029409)
C:\WINDOWS.0\system32\portabledeviceapi.dll (284160 bytes) (Microsoft Corporation) (9d45b2201d0ecf9f42136c7b99deb8b2)
C:\WINDOWS.0\system32\winkey.dll (13312 bytes) (Unknown) (b4c72da9fd1a0dcb0698b7da97daa0cd)
C:\xampp\apache\bin\libapr-1.dll (135241 bytes) (Apache Software Foundation) (7e601641c8268ec216009762fe593f3b)
C:\xampp\apache\bin\libaprutil-1.dll (168018 bytes) (Apache Software Foundation) (dcef3744c62a69328b09b2f697c3a6e6)
C:\xampp\apache\bin\libapriconv-1.dll (36948 bytes) (Apache Software Foundation) (527ebd3252791a4d3837a7564b1aaee7)
C:\xampp\apache\bin\libhttpd.dll (270398 bytes) (Apache Software Foundation) (f61337296475715e27e3ca2f989ff7ee)
C:\xampp\apache\modules\mod_actions.so (24657 bytes) (Apache Software Foundation) (9ce92275a45bad4baf39825273623fcf)
C:\xampp\apache\modules\mod_alias.so (24655 bytes) (Apache Software Foundation) (65c2ca4993d8109c666bec6f05f95f80)
C:\xampp\apache\modules\mod_asis.so (24657 bytes) (Apache Software Foundation) (96276ddb2457ac913d526761e300f95d)
C:\xampp\apache\modules\mod_auth_basic.so (24656 bytes) (Apache Software Foundation) (2fc76af03adc56503e877608aa46c203)
C:\xampp\apache\modules\mod_authn_default.so (24659 bytes) (Apache Software Foundation) (2a9c4e817a33a43749e3395647ba336a)
C:\xampp\apache\modules\mod_authn_file.so (24656 bytes) (Apache Software Foundation) (fb6bb20b490bb5c51c719b95027889e7)
C:\xampp\apache\modules\mod_authz_default.so (24659 bytes) (Apache Software Foundation) (2bedc3fde47a3726315c6fd024b72617)
C:\xampp\apache\modules\mod_authz_groupfile.so (24661 bytes) (Apache Software Foundation) (a24f8f4e946b47cd6a9eb4057cf9ee5c)
C:\xampp\apache\modules\mod_authz_host.so (24656 bytes) (Apache Software Foundation) (ab38c4a819f767dc424f433511242bd1)
C:\xampp\apache\modules\mod_authz_user.so (24656 bytes) (Apache Software Foundation) (e65e24030ef3c9fe97e8782cffeed5d3)
C:\xampp\apache\modules\mod_cgi.so (28752 bytes) (Apache Software Foundation) (c34974517544e0191e27dfc4011b1ee5)
C:\xampp\apache\modules\mod_dav.so (81998 bytes) (Apache Software Foundation) (5be79531209ccdc2cf454b21abda1225)
C:\xampp\apache\modules\mod_dav_fs.so (45135 bytes) (Apache Software Foundation) (5c2ec421e4cf9a2e484b0c9747350c27)
C:\xampp\apache\modules\mod_dir.so (24653 bytes) (Apache Software Foundation) (86635dc7800465d7ea4dc7f0f5b97c56)
C:\xampp\apache\modules\mod_env.so (24654 bytes) (Apache Software Foundation) (9ba4bafd1c165b6bb9a31b20f36f2ddb)
C:\xampp\apache\modules\mod_include.so (41041 bytes) (Apache Software Foundation) (bf89f467450735fd4704c202a071fd58)
C:\xampp\apache\modules\mod_info.so (28753 bytes) (Apache Software Foundation) (cdf000a630e5e0c7a66541194ce2a7f5)
C:\xampp\apache\modules\mod_isapi.so (32850 bytes) (Apache Software Foundation) (8a60765187db75386f485b8db0c13368)
C:\xampp\apache\modules\mod_ldap.so (45131 bytes) (Apache Software Foundation) (b07887201c400a8c1564399dcca28a34)
C:\xampp\apache\modules\mod_log_config.so (28756 bytes) (Apache Software Foundation) (2bf699c3bf46de4194e2e58db8adecc1)
C:\xampp\apache\modules\mod_mime.so (28747 bytes) (Apache Software Foundation) (4ea4835bbf627ada7a8783a72dce541a)
C:\xampp\apache\modules\mod_negotiation.so (36949 bytes) (Apache Software Foundation) (016df68983146bc1047105de4cbc3df0)
C:\xampp\apache\modules\mod_rewrite.so (57425 bytes) (Apache Software Foundation) (120dcf6d7d280fd1bc0af39b25452ff7)
C:\xampp\apache\modules\mod_setenvif.so (24659 bytes) (Apache Software Foundation) (15db7afe62c7839278d729914d3fd267)
C:\xampp\apache\modules\mod_status.so (28755 bytes) (Apache Software Foundation) (b7fa03593bf0e1fe3db16cb082d30866)
C:\xampp\apache\modules\mod_ssl.so (122953 bytes) (Apache Software Foundation) (bbf8d91c9274981d50d476d765e40327)
C:\xampp\apache\bin\LIBEAY32.dll (1069126 bytes) (The OpenSSL Project, https://www.openssl.org/ (c7ef0cb9eb63b6788d849cbdf5516b21)
C:\xampp\apache\bin\zlib1.dll (73782 bytes) (Unknown) (8300c329344da7cc6d87a338f86fc024)
C:\xampp\apache\bin\SSLEAY32.dll (200774 bytes) (The OpenSSL Project, https://www.openssl.org/ (dfe2cbddc75220e89a9408407ab5eb78)
C:\xampp\apache\modules\mod_autoindex_color.so (36963 bytes) (Apache Software Foundation) (d02c74da206fe6ae9f6646ddc45fc9ff)
C:\xampp\apache\bin\php5apache2.dll (36927 bytes) (The PHP Group) (4e7e0826dc1fa3cea75b0ddcb86aa5c6)
C:\xampp\apache\bin\php5ts.dll (4796472 bytes) (The PHP Group) (9fd6f90faea899700af1d94f947a798a)
C:\xampp\php\zendOptimizer\lib\ZendExtensionManager.dll (20687 bytes) (Unknown) (a73fc128c095fc3ba957f9012369fd75)
C:\xampp\php\ext\php_gd2.dll (950329 bytes) (The PHP Group) (ba5d2a308408f55c9cd03cb688edeb5c)
C:\xampp\php\ext\php_gettext.dll (45117 bytes) (The PHP Group) (c39571e9d0fda7b09277748e24eb91aa)
C:\xampp\php\ext\php_imap.dll (835642 bytes) (The PHP Group) (e58cb0580a7ab37f8b154c96ebce1c91)
C:\xampp\php\ext\php_mbstring.dll (1871934 bytes) (The PHP Group) (ba3b4faf0c86df1185922e8dbade1c64)
C:\xampp\php\ext\php_exif.dll (57402 bytes) (The PHP Group) (18de86f3b27898c9029741b630169fa4)
C:\xampp\php\ext\php_mcrypt.dll (41020 bytes) (The PHP Group) (ff4f495226d459c00aaf9c9ad0866bdf)
C:\xampp\apache\bin\libmcrypt.dll (166912 bytes) (Unknown) (31727051d9d8f48f2298785e93350738)
C:\xampp\php\ext\php_mime_magic.dll (32832 bytes) (The PHP Group) (1cdd3495d8ff111b69774b82c17124a3)
C:\xampp\php\ext\php_ming.dll (327738 bytes) (The PHP Group) (5296866b78e5c81137439788e2a27470)
C:\xampp\php\ext\php_mssql.dll (49211 bytes) (The PHP Group) (f7357b5685a5fc99c2b103c557482999)
C:\xampp\apache\bin\ntwdblib.dll (278800 bytes) (Microsoft Corporation) (5e332688261363797426223e02de7d34)
C:\xampp\php\ext\php_mysql.dll (49211 bytes) (The PHP Group) (55dac469c262a81b082fb3dab99a0e9c)
C:\xampp\apache\bin\LIBMYSQL.dll (1662976 bytes) (Unknown) (55ef2139d23f0675da75027f9d64705a)
C:\xampp\php\ext\php_mysqli.dll (86076 bytes) (The PHP Group) (325389349800f09a680089bdf793eb0e)
C:\xampp\php\ext\php_pdf.dll (679993 bytes) (The PHP Group) (899b3cc3556613fe2f20319332907ce2)
C:\xampp\php\ext\php_pdo.dll (86073 bytes) (The PHP Group) (fc817787111a51d78b21426336d01cfa)
C:\xampp\php\ext\php_pdo_mssql.dll (24639 bytes) (The PHP Group) (d084e2f87fdd868c5e38adba344555f2)
C:\xampp\php\ext\php_pdo_mysql.dll (28735 bytes) (The PHP Group) (8cd50f1654a7abfe95b443929d20f8b7)
C:\xampp\php\ext\php_pgsql.dll (167995 bytes) (The PHP Group) (4515ab55a551287278fefdcc449cc25a)
C:\xampp\php\ext\php_soap.dll (249914 bytes) (The PHP Group) (7c9526fe4a9755fdd59bded5919e4d1c)
C:\xampp\php\ext\php_sockets.dll (49213 bytes) (The PHP Group) (ca21819fa234773c47f1780a2cd5cc6f)
C:\xampp\php\ext\php_sqlite.dll (241724 bytes) (The PHP Group) (b81770ca11093a0e6f6e96e328502cd9)
C:\xampp\php\ext\php_xmlrpc.dll (73788 bytes) (The PHP Group) (f1bfc92da3ee35bc1efacf73979dc62f)
C:\xampp\php\ext\php_xsl.dll (213049 bytes) (The PHP Group) (ef4479609f380e336922e389f6535008)
C:\xampp\php\ext\php_zip.dll (57401 bytes) (The PHP Group) (609b2367d87263b1758097743425ed02)
C:\xampp\php\ext\php_ps.dll (45056 bytes) (The PHP Group) (ede4d87e484ca49fd97024c4ccfda5af)
C:\xampp\apache\bin\pslib.dll (163840 bytes) (Unknown) (2caf1cf5f60e80a4769c7bd79edf9eba)
C:\xampp\php\ext\php_paradox.dll (45056 bytes) (The PHP Group) (ec8e321775654251cbeb08da7879deb3)
C:\xampp\apache\bin\pxlib.dll (86016 bytes) (Unknown) (b8b6b630e90804067ba1d4fe91a72849)
C:\xampp\apache\bin\iconv.dll (888832 bytes) (Free Software Foundation) (ea2714c8a9ff6ca9e6556b4f41583991)
C:\xampp\php\zendOptimizer\lib\Optimizer\php-5.2.x\ZendOptimizer.dll (721090 bytes) (Unknown) (0a34d3a432189dc68ca760459c930434)
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlos.dll (17944 bytes) (Microsoft Corporation) (d5afe08b548af0e80b0c6e421d81475c)
C:\WINDOWS.0\system32\odbcbcp.dll (24576 bytes) (Microsoft Corporation) (d9a5ac696964a63437d2aaed0a3b391c)
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\opends60.dll (23064 bytes) (Microsoft Corporation) (b88613be5b9939bd5dd63f9e196413ad)
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\BatchParser.dll (127512 bytes) (Microsoft Corporation) (0fb5aa33d26f7212963d832083cd0c5c)
c:\Program Files\Microsoft SQL Server\100\Shared\instapi10.dll (37400 bytes) (Microsoft Corporation) (e31e4e9f644fbfe79dca532d9781f71d)
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\Resources\1036\sqlevn70.rll (2537496 bytes) (Microsoft Corporation) (cd33df48b231f5cbac9f919680315bcd)
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\Resources\1033\sqlevn70.rll (2090520 bytes) (Microsoft Corporation) (080a55a56119b0effa809565a32ed8c3)
C:\WINDOWS.0\system32\MSCOREE.DLL (282112 bytes) (Microsoft Corporation) (c99248b969a799b771f484cd68bcb96e)
C:\WINDOWS.0\system32\nvapi.dll (667648 bytes) (NVIDIA Corporation) (0357b4e820e451848edf61e15b633cd4)
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwvss_xp.dll (193048 bytes) (Microsoft Corporation) (070812b5fcd46f5a22af74ebf6a81e06)
C:\Program Files\iTunes\iTunesHelper.dll (211232 bytes) (Apple Inc.) (1a3e2d7c7ec0f4f7158f908e4b3805d8)
C:\Program Files\Fichiers communs\Apple\Apple Application Support\CoreFoundation.dll (824608 bytes) (Apple Inc.) (76a7a2522603d07a87f6b296d5218713)
C:\Program Files\Fichiers communs\Apple\Apple Application Support\pthreadVC2.dll (53024 bytes) (Open Source Software community project) (c9680f06e51db8b9a0772c20f3e10db6)
C:\Program Files\Fichiers communs\Apple\Apple Application Support\objc.dll (120096 bytes) (Apple Inc.) (afa686aa5b86b971d44a1a0099267c72)
C:\Program Files\Fichiers communs\Apple\Apple Application Support\icuin40.dll (1041696 bytes) (IBM Corporation and others) (3ec960911c99e7f1fef081ac188603b9)
C:\Program Files\Fichiers communs\Apple\Apple Application Support\icuuc40.dll (922912 bytes) (IBM Corporation and others) (81b49cbeee971e8ef87cf4fc67d92149)
C:\Program Files\Fichiers communs\Apple\Apple Application Support\icudt40.dll (14009632 bytes) (IBM Corporation and others) (491d57c8c0567d5b9408fa5c7f8ffc03)
C:\Program Files\Fichiers communs\Apple\Apple Application Support\ASL.dll (39712 bytes) (Unknown) (bc52f54af3eda4d3ad55d220d43a7060)
C:\Program Files\iTunes\iTunesHelper.Resources\fr.lproj\iTunesHelperLocalized.DLL (49440 bytes) (Apple Inc.) (c6db160ed7aa57ea85401520a9d6f615)
C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL (47904 bytes) (Apple Inc.) (e9d03c3357ef137aa5b896a39eca896c)
C:\Program Files\QuickTime\QTSystem\QuickTime.qts (12124160 bytes) (Apple Inc.) (86d32bb043c88fd79194ff7ab2ab3434)
C:\Program Files\QuickTime\QTSystem\QTCF.dll (180224 bytes) (Apple Inc.) (84f6b3ae2bbbfc146a27ede853eccb6b)
C:\Program Files\Fichiers communs\Apple\Apple Application Support\CFNetwork.DLL (603424 bytes) (Apple, Inc.) (74aa945b76964995552c63a37ba285e6)
C:\Program Files\Fichiers communs\Apple\Apple Application Support\SQLite3.dll (406816 bytes) (Apple Inc.) (9f9541640695eff246ff06a070a5d5d5)
C:\Program Files\Fichiers communs\Apple\Apple Application Support\zlib1.dll (67872 bytes) (Unknown) (bab1ea7bed98dea85ea3fc44eb423654)
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\iTunesMobileDevice.dll (1352992 bytes) (Apple Inc.) (b63a750ab385a44d4f888751da6703ae)
C:\Program Files\RALINK\Common\AegisE5.dll (1421403 bytes) (Meetinghouse Data Communications) (b29e0bd5ecddfc10c9a4c6c31c22831d)
C:\Program Files\iPod\bin\iPodService.Resources\fr.lproj\iPodServiceLocalized.DLL (48928 bytes) (Apple Inc.) (1b3e40fba8b307c0956d14dcdcc62ea7)
C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL (47904 bytes) (Apple Inc.) (51cd1cbf74ebd9714e3b745872d8aca0)
C:\WINDOWS.0\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll (69632 bytes) (Unknown) (b84e20c5487e3f6fd5f9e8943ac4674a)
c:\WINDOWS.0\system32\dfshim.dll (96760 bytes) (Microsoft Corporation) (b6c9a03e1ba3e74e33633369b35ae526)
c:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll (5812560 bytes) (Microsoft Corporation) (a29e27328caa54ee94104694270fd8d0)
C:\WINDOWS.0\system32\nvcpl.dll (13684736 bytes) (NVIDIA Corporation) (f20e4e51f989d7ffe247bee763f5b27a)
C:\WINDOWS.0\system32\NVRSFR.DLL (282624 bytes) (NVIDIA Corporation) (1913d89ba7b3e593f122548b28859c50)
C:\WINDOWS.0\system32\nvshell.dll (466944 bytes) (Unknown) (46762823e564c186491ea17242063bc5)
C:\Program Files\WinRAR\rarext.dll (141312 bytes) (Unknown) (a070b8c38ceb3a30cc18d1b7c433144c)
C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\AmvTransform.dll (32768 bytes) (Unknown) (0bba49f0b0f3f646d9128b963d6bb777)
C:\Program Files\Notepad++\NppShell.dll (53760 bytes) (Unknown) (2e11a8fd4e1286723b1de7f99350ed39)
C:\PROGRA~1\IZArc\IZArcCM.dll (644096 bytes) (Unknown) (3a1d37702ae38045b79272f0507a1129)
C:\Program Files\Veoh Networks\VeohWebPlayer\QtWebKit4.dll (8472576 bytes) (Unknown) (743bc5eaa44d86581f307ad5d094e580)
C:\Program Files\Veoh Networks\VeohWebPlayer\phonon4.dll (241664 bytes) (Unknown) (bbb0ffdbf229845372be3d86a176717f)
C:\Program Files\Veoh Networks\VeohWebPlayer\QtGui4.dll (7235584 bytes) (Unknown) (7b98a909aa792f08d9c6e803686bf236)
C:\Program Files\Veoh Networks\VeohWebPlayer\QtCore4.dll (1967616 bytes) (Unknown) (24f7605dd519ac533f586399bf4a3235)
C:\Program Files\Veoh Networks\VeohWebPlayer\QtNetwork4.dll (873472 bytes) (Unknown) (70f905a0e4e8f5eaa95abad51a65f824)
C:\Program Files\Veoh Networks\VeohWebPlayer\imageformats\qgif4.dll (22016 bytes) (Unknown) (00a9625b45d1679a1afe388263d28b7d)
C:\Program Files\Veoh Networks\VeohWebPlayer\imageformats\qjpeg4.dll (120320 bytes) (Unknown) (a0b45612adc32e0b06290a998326dd0b)
C:\Program Files\Veoh Networks\VeohWebPlayer\ssleay32.dll (188416 bytes) (The OpenSSL Project, https://www.openssl.org/ (98bc9eb05782f536f2a655f848735cb7)
C:\Program Files\Veoh Networks\VeohWebPlayer\LIBEAY32.dll (1009152 bytes) (The OpenSSL Project, https://www.openssl.org/ (a6c11586a851cc9aee3472c796ed1531)
C:\WINDOWS.0\system32\macromed\Flash\NPSWF32.dll (3885984 bytes) (Unknown) (6291009ff02c67c1957194c798e0fdce)
C:\WINDOWS.0\system32\MAPI32.DLL (203776 bytes) (Microsoft Corporation) (0f816849e07e26c0ae4efa584b4ca1dc)
C:\WINDOWS.0\system32\netfxperf.dll (41984 bytes) (Microsoft Corporation) (29a5c01e8846529d0a6c8d88735a31e6)
c:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\perfcounter.dll (88584 bytes) (Microsoft Corporation) (c5a9554406507ab2ab341b221d97519d)
c:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\CorperfmonExt.dll (89608 bytes) (Microsoft Corporation) (2e61c409474416cc78d66300f1bcb722)
c:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\aspnet_perf.dll (33800 bytes) (Microsoft Corporation) (f1430f5d20f4bb71a003209c3db3addf)
C:\WINDOWS.0\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll (79896 bytes) (Microsoft Corporation) (9b05176a4581ca84c1f21ada20588249)
C:\WINDOWS.0\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll (50200 bytes) (Microsoft Corporation) (72f5bc9cd034e80e7c927a941a27c3d5)
C:\Program Files\aMSN\bin\tcl85.dll (823296 bytes) (ActiveState Corporation) (8c830160dbef091ad0195362ee4a5282)
C:\Program Files\aMSN\bin\tk85.dll (1011712 bytes) (ActiveState Corporation) (79a132e09ee4f3b18ca5b6a0b0c6d036)
C:\Program Files\aMSN\lib\tcl8.5\reg1.2\tclreg12.dll (24576 bytes) (Unknown) (3108aa27dee05d55adc71f49cb73edbb)
C:\Program Files\aMSN\scripts\utils\windows\snack2.2\libsnack.dll (503808 bytes) (Unknown) (22d737c1cf9f609e903657a1b224c779)
C:\Program Files\aMSN\scripts\utils\TkCximage\TkCximage.dll (299008 bytes) (Unknown) (dc284a3451e542516590358b967fc16b)
C:\Program Files\aMSN\scripts\utils\windows\tkdnd\libtkdnd.dll (98304 bytes) (Unknown) (59c450698b7ebbb2e226087e43360700)
C:\Program Files\aMSN\scripts\utils\asyncresolver\libasyncresolver.dll (24576 bytes) (Unknown) (aad10f3bd2e9173e2575ce5c0c25f526)
C:\Program Files\aMSN\lib\tls\tls16.dll (715776 bytes) (Unknown) (ad57a27d34d2edaca01ff8e37f79ca47)
C:\Program Files\aMSN\scripts\utils\windows\winico0.6\Winico06.dll (25600 bytes) (Unknown) (68e34a3d922deb5b5811c01be5ee175e)
C:\Program Files\aMSN\scripts\utils\farsight\tcl_farsight.dll (73728 bytes) (Unknown) (4ecc9da1df90c7f10d6e1a0d0e71b8c8)
C:\Program Files\aMSN\scripts\utils\windows\gstreamer\libglib-2.0-0.dll (1171256 bytes) (The GLib developer community) (b6087f61c6f3657dce75d14665338f3e)
C:\Program Files\aMSN\scripts\utils\windows\gstreamer\libgstreamer-0.10.dll (619008 bytes) (Unknown) (6702dcce0d56e0f44fed1f4319821ce1)
C:\Program Files\aMSN\scripts\utils\windows\gstreamer\libgobject-2.0-0.dll (316989 bytes) (The GLib developer community) (c7e6bf3f68183caf1f37feacff198169)
C:\Program Files\aMSN\scripts\utils\windows\gstreamer\libgthread-2.0-0.dll (46605 bytes) (The GLib developer community) (2756082573a6136956ef6ffba50115ed)
C:\Program Files\aMSN\scripts\utils\windows\gstreamer\libgmodule-2.0-0.dll (39516 bytes) (The GLib developer community) (087d1c7669132024e0fad1a62b898cd4)
C:\Program Files\aMSN\scripts\utils\windows\gstreamer\libxml2-2.dll (1527731 bytes) (Unknown) (c7db382be4391e8e207144c638c0d85e)
C:\Program Files\aMSN\scripts\utils\windows\gstreamer\zlib1.dll (75264 bytes) (Unknown) (874fbb58e2ce323d8027a268f011daae)
C:\Program Files\aMSN\scripts\utils\windows\gstreamer\libgstinterfaces-0.10.dll (49152 bytes) (Unknown) (fc5d5afd05e2e943b3b9f3935a9a156a)
C:\Program Files\aMSN\scripts\utils\windows\gstreamer\libgstfarsight-0.10.dll (45056 bytes) (Unknown) (edc015093f800c8daab9c0c3eb8351f1)
C:\Program Files\aMSN\scripts\utils\windows\gstreamer\libfsrtpconference.dll (124928 bytes) (Unknown) (513a84191c5553ad9aa4a1f7aaa7eb85)
C:\Program Files\aMSN\scripts\utils\windows\gstreamer\libgstrtp-0.10.dll (54272 bytes) (Unknown) (9f77685b7a5e408a2b46ef8b70f32942)
C:\Program Files\aMSN\scripts\utils\windows\gstreamer\libgstbase-0.10.dll (163840 bytes) (Unknown) (1c38e00cf183d99b156b5618dd2915f2)
C:\Program Files\aMSN\scripts\utils\windows\gstreamer\libgstrtpmanager.dll (147456 bytes) (Unknown) (94e02ed9335358173d065462177757c6)
C:\Program Files\aMSN\scripts\utils\windows\gstreamer\libgstnetbuffer-0.10.dll (10752 bytes) (Unknown) (d12aaed5e21de62d167c5a9b1d6a5b01)
C:\Program Files\aMSN\scripts\utils\windows\gstreamer\libgstcoreelements.dll (118272 bytes) (Unknown) (3a2c4655e78439bfd40bec360c330d2c)
C:\Program Files\aMSN\scripts\utils\windows\gstreamer\libgstvalve.dll (12800 bytes) (Unknown) (f25a834e7f2458b8ed6bd1c980757eaf)
C:\Program Files\aMSN\scripts\utils\windows\gstreamer\libfsfunnel.dll (14336 bytes) (Unknown) (143bdaeb5951b8f25ea7c29dfbca1a18)
C:\Program Files\aMSN\scripts\utils\windows\gstreamer\libgstrtpmux.dll (19968 bytes) (Unknown) (517be9f78bb8b478306ebf9da932cf80)
C:\Program Files\aMSN\scripts\utils\windows\gstreamer\libnice-transmitter.dll (39936 bytes) (Unknown) (8d6fa68bf39c31063aeb4568461720ba)
C:\Program Files\aMSN\scripts\utils\windows\gstreamer\libnice.dll (116736 bytes) (Unknown) (f99e8bc6ab3f35bf8eeb6840a3950088)
C:\Program Files\aMSN\scripts\utils\windows\gstreamer\libgstnice.dll (23552 bytes) (Unknown) (0427497899463459236df820f1e3d133)
C:\Program Files\aMSN\scripts\utils\windows\gstreamer\libfsrtcpfilter.dll (11776 bytes) (Unknown) (ea6cb9372e978c67eaab61ad038526b5)
C:\Program Files\aMSN\scripts\utils\windows\winflash\flash.dll (20480 bytes) (Unknown) (2e887d7ffa7d08ec7756bfb16b3ef73c)
C:\Program Files\aMSN\scripts\utils\windows\winutils\winutils.dll (20480 bytes) (Unknown) (3d893320853210af8dfa12912041e8fd)
C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (3347640 bytes) (EasyBits Media AS) (6cd38af9591784d71d0f93064e549caf)
C:\Program Files\Mozilla Firefox 3.6 Beta 2\xul.dll (11623896 bytes) (Mozilla Foundation) (82b98a3939963d8055a9263201a3ebff)
C:\Program Files\Mozilla Firefox 3.6 Beta 2\sqlite3.dll (458200 bytes) (sqlite.org) (fa273210f3527d7ae0a5b46f3a308d33)
C:\Program Files\Mozilla Firefox 3.6 Beta 2\MOZCRT19.dll (718296 bytes) (Mozilla Foundation) (ff256c6c22ed468ebd59836914fc8306)
C:\Program Files\Mozilla Firefox 3.6 Beta 2\js3250.dll (1014232 bytes) (Unknown) (42e938499019ebfacb47b445992934fe)
C:\Program Files\Mozilla Firefox 3.6 Beta 2\nspr4.dll (169432 bytes) (Mozilla Foundation) (01f0d64633ef7db59c8552cff33a5b07)
C:\Program Files\Mozilla Firefox 3.6 Beta 2\smime3.dll (103896 bytes) (Mozilla Foundation) (d7d17757f0c89e0c9d29b3c87705f73c)
C:\Program Files\Mozilla Firefox 3.6 Beta 2\nss3.dll (636376 bytes) (Mozilla Foundation) (bea720e5360f9df06dad037888775529)
C:\Program Files\Mozilla Firefox 3.6 Beta 2\nssutil3.dll (87512 bytes) (Mozilla Foundation) (035ffbd0851e410c24b6c1db4e21cf19)
C:\Program Files\Mozilla Firefox 3.6 Beta 2\plc4.dll (20440 bytes) (Mozilla Foundation) (540d0988084beb567afa2af25884053f)
C:\Program Files\Mozilla Firefox 3.6 Beta 2\plds4.dll (17368 bytes) (Mozilla Foundation) (7a77e13b3f9672e20aaf2b37e7c9df8a)
C:\Program Files\Mozilla Firefox 3.6 Beta 2\ssl3.dll (136664 bytes) (Mozilla Foundation) (412936de5f1aea5b37482c612f3fc2d1)
C:\Program Files\Mozilla Firefox 3.6 Beta 2\xpcom.dll (17880 bytes) (Mozilla Foundation) (2f46d92cf30ee165919ae546665eee86)
C:\Program Files\Mozilla Firefox 3.6 Beta 2\components\browserdirprovider.dll (23000 bytes) (Mozilla Foundation) (9afb3623afac763d2793db3b7a190e40)
C:\Program Files\Mozilla Firefox 3.6 Beta 2\components\brwsrcmp.dll (138712 bytes) (Mozilla Foundation) (05ed83523f36ae311e14f1dc262c9b4f)
C:\Program Files\Mozilla Firefox 3.6 Beta 2\softokn3.dll (155648 bytes) (Mozilla Foundation) (a87b04299a14747bbcbe8cb4147612c2)
C:\Program Files\Mozilla Firefox 3.6 Beta 2\nssdbm3.dll (98304 bytes) (Mozilla Foundation) (52d4d6ec27a57313ab9f90e242c3cfa4)
C:\Program Files\Mozilla Firefox 3.6 Beta 2\freebl3.dll (249856 bytes) (Mozilla Foundation) (462e2f4886a0b389d4fda12a15f8219a)
C:\Program Files\Mozilla Firefox 3.6 Beta 2\nssckbi.dll (341464 bytes) (Mozilla Foundation) (436f3f5f82e646cc69fa927406bd85ba)
C:\Documents and Settings\NOM MASQUER\Application Data\Mozilla\Firefox\Profiles\9jhp3ddv.default\extensions\{d8da40f3-c588-41c7-ad62-ba042a0e4d61}\components\FFExternalAlert.dll (52224 bytes) (Unknown) (ebebdbf1df7621623bbc5af82b533542)
C:\Program Files\Conduit\Community Alerts\Alert.dll (518680 bytes) (Conduit Ltd.) (d619ec60610eeed1f661ed534f5150c4)
C:\Program Files\FileZilla FTP Client\mingwm10.dll (18207 bytes) (Unknown) (f54e240fe3cc87b24a50380d90fcd496)
C:\Program Files\Java\jre6\bin\msvcr71.dll (348160 bytes) (Microsoft Corporation) (86f1895ae8c5e8b17d99ece768a70732)
C:\Program Files\Java\jre6\bin\client\jvm.dll (2572288 bytes) (Sun Microsystems, Inc.) (9019aebd2f7212170f739e162d09471b)
C:\Program Files\Java\jre6\bin\splashscreen.dll (131072 bytes) (Sun Microsystems, Inc.) (aed2bc88bdc18efcaba6a9f79d3918e5)
C:\Program Files\Java\jre6\bin\verify.dll (31744 bytes) (Sun Microsystems, Inc.) (0df848825a95a7143dcbaaf59426d204)
C:\Program Files\Java\jre6\bin\java.dll (126976 bytes) (Sun Microsystems, Inc.) (83c5b76956238620e666cec09bf575d8)
C:\Program Files\Java\jre6\bin\hpi.dll (15872 bytes) (Sun Microsystems, Inc.) (444b4c6bb5a208e5f3ba8583242be715)
C:\Program Files\Java\jre6\bin\zip.dll (47104 bytes) (Sun Microsystems, Inc.) (4bd8d51fe0b91216864df8cffa4cf9fb)
C:\Program Files\Java\jre6\bin\awt.dll (1208320 bytes) (Sun Microsystems, Inc.) (7088887bf0a526f863ea76cbec296c7d)
C:\Program Files\Java\jre6\bin\fontmanager.dll (339968 bytes) (Sun Microsystems, Inc.) (fd711ecc6141057c6d202f14a005028b)
C:\Program Files\LimeWire\lib\SystemUtilities.dll (90112 bytes) (Unknown) (826733847f85d08b1cd5d3b63f459b3d)
C:\Program Files\Java\jre6\bin\net.dll (77824 bytes) (Sun Microsystems, Inc.) (d06be260b64e46edfa902acdaa894cc9)
C:\Documents and Settings\NOM MASQUER\Local Settings\Temp\jna6968323336483402667.tmp (335742 bytes) (Java(TM) Native Access (JNA)) (d2ad3ea6351f6b4102d15cebb091f11c)
C:\Program Files\Java\jre6\bin\nio.dll (20480 bytes) (Sun Microsystems, Inc.) (d8463540466ef1c429f7c6561c11a9a4)
C:\Program Files\Java\jre6\bin\dcpr.dll (143360 bytes) (Sun Microsystems, Inc.) (f0835990c1731a48901a229a63c6ada1)
C:\Documents and Settings\NOM MASQUER\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll (10240 bytes) (Mozilla Foundation) (e43a57461e57144d65d6b02a41cf36d0)
C:\Documents and Settings\NOM MASQUER\Application Data\LimeWire\browser\xulrunner\nspr4.dll (159744 bytes) (Mozilla Foundation) (8273103b4c5f9234e9ae6685627af0b4)
C:\Documents and Settings\NOM MASQUER\Application Data\LimeWire\browser\xulrunner\plc4.dll (11264 bytes) (Mozilla Foundation) (67a1fafb6b6702889958cf7d9e5bf4bb)
C:\Documents and Settings\NOM MASQUER\Application Data\LimeWire\browser\xulrunner\plds4.dll (9216 bytes) (Mozilla Foundation) (388b36d25b75702310bb85090d5e5b2d)
C:\Documents and Settings\NOM MASQUER\Application Data\LimeWire\browser\xulrunner\sqlite3.dll (409600 bytes) (sqlite.org) (2a7f9efcafdae771dbee4c90b9abc398)
C:\Documents and Settings\NOM MASQUER\Application Data\LimeWire\browser\xulrunner\nssutil3.dll (73728 bytes) (Mozilla Foundation) (13863c1bbf27aa8ee9554217deedf5cc)
C:\Documents and Settings\NOM MASQUER\Application Data\LimeWire\browser\xulrunner\softokn3.dll (143360 bytes) (Mozilla Foundation) (efb2cf1c315102ef47dc7cfdff135895)
C:\Documents and Settings\NOM MASQUER\Application Data\LimeWire\browser\xulrunner\nss3.dll (688128 bytes) (Mozilla Foundation) (151cf0a292284ebedf19760296a17029)
C:\Documents and Settings\NOM MASQUER\Application Data\LimeWire\browser\xulrunner\ssl3.dll (126976 bytes) (Mozilla Foundation) (40c4c4677c9fa3f6bb45c5577b8a8091)
C:\Documents and Settings\NOM MASQUER\Application Data\LimeWire\browser\xulrunner\smime3.dll (98304 bytes) (Mozilla Foundation) (964317ea0f1a754ead724997d0304fda)
C:\Documents and Settings\NOM MASQUER\Application Data\LimeWire\browser\xulrunner\js3250.dll (610304 bytes) (Netscape Communications Corporation) (3968afdcd198b781b06113c5087141bf)
C:\Documents and Settings\NOM MASQUER\Application Data\LimeWire\browser\xulrunner\xul.dll (8462336 bytes) (Mozilla Foundation) (3ca7c9dc85834fbab03361238aa3a17c)
C:\Documents and Settings\NOM MASQUER\Application Data\LimeWire\browser\xulrunner\MSVCP71.dll (499712 bytes) (Microsoft Corporation) (561fa2abb31dfa8fab762145f81667c2)
C:\Documents and Settings\NOM MASQUER\Application Data\LimeWire\browser\xulrunner\xpcom.dll (9728 bytes) (Mozilla Foundation) (55de452c6d8bd1d55a6a6134365f742d)
C:\Program Files\Java\jre6\bin\jawt.dll (5120 bytes) (Sun Microsystems, Inc.) (8b513edec1b01d490896c74edec12678)
C:\Documents and Settings\NOM MASQUER\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll (98304 bytes) (Mozilla Foundation) (61f626bb2229741ddea5093387f118fb)
C:\Documents and Settings\NOM MASQUER\Application Data\LimeWire\browser\xulrunner\freebl3.dll (229376 bytes) (Mozilla Foundation) (a5fbc9c20e6ea36e7d4203981788fe11)
C:\Documents and Settings\NOM MASQUER\Application Data\LimeWire\browser\xulrunner\nssckbi.dll (290816 bytes) (Mozilla Foundation) (f6104525c1c2beaac206741be4939bd5)
C:\Program Files\Java\jre6\bin\management.dll (18432 bytes) (Sun Microsystems, Inc.) (a7b4e3387a9e4068d85c73e455a63066)
C:\Program Files\Java\jre6\bin\sunmscapi.dll (16384 bytes) (Sun Microsystems, Inc.) (60b211d48d99172e9d00ccfb5ed68910)
C:\Program Files\LimeWire\lib\jdic.dll (110592 bytes) (JDesktop Integration Components (JDIC) Project) (a1e460904c64a49cd4d30274c717c646)
C:\Program Files\LimeWire\lib\jacob-1.15-M1-lw-x86.dll (159744 bytes) (Unknown) (ea84736832552d8ca34f14ac156f7c69)
C:\WINDOWS.0\system32\mucltui.dll (274288 bytes) (Microsoft Corporation) (5e6339ce905ab989795e8005d447a59f)
C:\Program Files\Opera\Opera.dll (4450088 bytes) (Opera Software) (8ff8e09222d13ee0ab8f33827341523a)
C:\Documents and Settings\NOM MASQUER\Local Settings\Application Data\Opera\Opera\voice\vxmplugin.dll (44544 bytes) (Opera Software ASA) (41db955f0f257705f11367bcdb8f8580)
C:\Documents and Settings\NOM MASQUER\Local Settings\Application Data\Opera\Opera\voice\vxm.dll (942080 bytes) (Unknown) (711c9f0ef379594626dcaaa2bc07c0c2)
C:\Documents and Settings\NOM MASQUER\Local Settings\Application Data\Opera\Opera\voice\xmlparse.dll (35328 bytes) (Unknown) (12b0e8c9826632b089a3b3b6a82d123b)
C:\Documents and Settings\NOM MASQUER\Local Settings\Application Data\Opera\Opera\voice\vxmservices.dll (1236992 bytes) (Unknown) (5a0dc5006af27ec2c4225aed66f728c3)
C:\Documents and Settings\NOM MASQUER\Local Settings\Application Data\Opera\Opera\voice\ecictts.dll (720896 bytes) (Unknown) (a23d329c2bde6b0502e28dcfa37ecdf1)
C:\Documents and Settings\NOM MASQUER\Local Settings\Application Data\Opera\Opera\voice\ecienus.syn (1814528 bytes) (Unknown) (4335f69386c930647fb65b080e56698b)

[+] Registry startups

Value: RTHDCPL
Data: RTHDCPL.EXE
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: Alcmtr
Data: ALCMTR.EXE
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: NvCplDaemon
Data: RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: nwiz
Data: nwiz.exe /install
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: SoftwareHelper
Data: C:\Documents and Settings\NOM MASQUER\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: Adobe Reader Speed Launcher
Data: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: Adobe ARM
Data: "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: AppleSyncNotifier
Data: C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: EoEngine
Data:
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: HKLM
Data: C:\WINDOWS.0\install\explorer.exe
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: QuickTime Task
Data: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: iTunesHelper
Data: "C:\Program Files\iTunes\iTunesHelper.exe"
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: VeohPlugin
Data: "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
Key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: Skype
Data: "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
Key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: HKCU
Data: C:\WINDOWS.0\install\explorer.exe
Key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: amsn
Data: C:\Program Files\aMSN\amsn.exe
Key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: uTorrent
Data: "C:\Program Files\uTorrent\uTorrent.exe"
Key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: Policies
Data: C:\WINDOWS.0\install\explorer.exe
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

Value: DirectX For Microsoft® Windows
Data: C:\WINDOWS.0\system32\fservice.exe
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

Value: Policies
Data: C:\WINDOWS.0\install\explorer.exe
Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

Value: StubPath
Data: C:\WINDOWS.0\system32\ieudinit.exe
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}

Value: StubPath
Data: C:\WINDOWS.0\system32\ie4uinit.exe -UserIconConfig
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}

Value: StubPath
Data: "C:\WINDOWS.0\system32\rundll32.exe" "C:\WINDOWS.0\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}

Value: StubPath
Data: RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS

Value: StubPath
Data: %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}

Value: StubPath
Data: C:\WINDOWS.0\install\explorer.exe Restart
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5JF-4FCB-11CF-AAA5-00401C6XX500}

Value: StubPath
Data: %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}

Value: StubPath
Data: "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}

Value: StubPath
Data: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS.0\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}

Value: StubPath
Data: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS.0\INF\msmsgs.inf,BLC.QuietInstall.PerUser
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}

Value: StubPath
Data: C:\WINDOWS.0\system\sservice.exe
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5Y99AE78-58TT-11dW-BE53-Y67078979Y}

Value: StubPath
Data: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS.0\INF\wmp.inf,PerUserStub
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}

Value: StubPath
Data: "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}

Value: StubPath
Data: regsvr32.exe /s /n /i:U shell32.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}

Value: StubPath
Data: C:\WINDOWS.0\system32\ie4uinit.exe -BaseSettings
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}

Value: StubPath
Data: c:\WINDOWS.0\system32\Rundll32.exe c:\WINDOWS.0\system32\mscories.dll,Install
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}

Value: SecurityProviders
Data: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders

Value: SCRNSAVE.EXE
Data: C:\WINDOWS.0\system32\sstext3d.scr
Key: HKEY_CURRENT_USER\Control Panel\Desktop

Value: Shell
Data: Explorer.exe C:\WINDOWS.0\system32\fservice.exe
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

Value: Userinit
Data: C:\WINDOWS.0\system32\userinit.exe,
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

Value: UIHost
Data: logonui.exe
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

Value: VmApplet
Data: rundll32 shell32,Control_RunDLL "sysdm.cpl"
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

Value: {038cb5c7-48ea-4af9-94e0-a1646542e62b}
Data: C:\Program Files\ToggleEN\tbTog1.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}

Value: {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
Data: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

Value: {31c322dc-5878-452e-a2d8-c4aab9973c9a}
Data: C:\Program Files\interdescargas-FR\tbint1.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31c322dc-5878-452e-a2d8-c4aab9973c9a}

Value: {D4027C7F-154A-4066-A1AD-4243D8127440}
Data: C:\Program Files\Ask.com\GenericAskToolbar.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

Value: {DBC80044-A445-435b-BC74-9C25C1C588A9}
Data: C:\Program Files\Java\jre6\bin\jp2ssv.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}

Value: {EEE6C35C-6118-11DC-9C72-001320C79847}
Data: C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}

[+] Other Startups Methods

Value: WebCheck
Data: C:\WINDOWS.0\system32\webcheck.dll
CLSID: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

Value: WPDShServiceObj
Data: C:\WINDOWS.0\system32\wpdshserviceobj.dll
CLSID: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

Value: PostBootReminder
Data: %SystemRoot%\system32\SHELL32.dll
CLSID: {7849596a-48ea-486e-8937-a2a3009f31a9}
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

Value: CDBurn
Data: %SystemRoot%\system32\SHELL32.dll
CLSID: {fbeb8a05-beee-4442-804e-409d6c4515e9}
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

Value: SysTray
Data: C:\WINDOWS.0\system32\stobject.dll
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

Value:
Data: "%1" %*
Key: HKEY_CLASSES_ROOT\exefile\shell\open\command\

Value:
Data: "%1" %*
Key: HKEY_CLASSES_ROOT\comfile\shell\open\command\

Value:
Data: "%1" %*
Key: HKEY_CLASSES_ROOT\batfile\shell\open\command\

Value:
Data: "%1" %*
Key: HKEY_CLASSES_ROOT\piffile\shell\open\command\

Value:
Data: "%1" /S
Key: HKEY_CLASSES_ROOT\scrfile\shell\open\command\

Value:
Data: C:\WINDOWS.0\system32\mshta.exe "%1" %*
Key: HKEY_CLASSES_ROOT\htafile\shell\open\command\

Value:
Data: %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Key: HKEY_CLASSES_ROOT\Unknown\shell\openas\command\

Value:
Data: %SystemRoot%\Explorer.exe
Key: HKEY_CLASSES_ROOT\Directory\shell\find\command\

Value:
Data: %SystemRoot%\Explorer.exe /idlist,%I,%L
Key: HKEY_CLASSES_ROOT\Folder\shell\open\command\

Value:
Data: %SystemRoot%\Explorer.exe /e,/idlist,%I,%L
Key: HKEY_CLASSES_ROOT\Folder\shell\explore\command\

Value:
Data: %SystemRoot%\Explorer.exe
Key: HKEY_CLASSES_ROOT\Drive\shell\find\command\

Value:
Data: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1
Key: HKEY_CLASSES_ROOT\Applications\iexplore.exe\shell\open\command\

Value:
Data: C:\Program Files\Internet Explorer\iexplore.exe
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\

Value: DllName
Data: crypt32.dll
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain

Value: DllName
Data: cryptnet.dll
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet

Value: DLLName
Data: cscdll.dll
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll

Value: DllName
Data: %SystemRoot%\System32\dimsntfy.dll
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy

Value: DLLName
Data: wlnotify.dll
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp

Value: DllName
Data: wlnotify.dll
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule

Value: DllName
Data: sclgntfy.dll
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy

Value: DLLName
Data: WlNotify.dll
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn

Value: DllName
Data: wlnotify.dll
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv

Value: DLLName
Data: wlnotify.dll
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon

Value:
Data: shell32.dll
CLSID: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

Value: Pré-chargeur Browseui
Data: %SystemRoot%\system32\browseui.dll
CLSID: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler

Value: Démon de cache des catégories de composant
Data: %SystemRoot%\system32\browseui.dll
CLSID: {8C7461EF-2B13-11d2-BE35-3078302C2030}
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler

Value: midi
Data: wdmaud.drv
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Drivers32

Value: Windows
Data: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems

Value: AlternateShell
Data: cmd.exe
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot

Value: Debugger
Data: ntsd -d
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path

[+] Startup folders

C:\Documents and Settings\NOM MASQUER\Menu Démarrer\Programmes\Démarrage\desktop.ini (84 bytes) (Unknown) (d6a6856702e3f0953e7246a9b4a9fe35)
C:\Documents and Settings\NOM MASQUER\Menu Démarrer\Programmes\Démarrage\RocketDock.lnk (858 bytes) (Unknown) (23667e909eaf8480e9172efec0c69f92)
C:\Documents and Settings\All Users.WINDOWS.0\Menu Démarrer\Programmes\Démarrage\desktop.ini (84 bytes) (Unknown) (d6a6856702e3f0953e7246a9b4a9fe35)
C:\Documents and Settings\All Users.WINDOWS.0\Menu Démarrer\Programmes\Démarrage\Ralink Wireless Utility.lnk (1645 bytes) (Unknown) (d65721ef7221896775de685fc7c1e70f)

[+] TCPIP nameservers

[+] Internet Explorer settings

Value: Start Page
Data: https://home.sweetim.com/
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main

Value: Start Page
Data: https://www.msn.com/fr-fr/?ocid=iehp
Key: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

Value: Default_Search_URL
Data: https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main

Value: Search Bar
Data: http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Key: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

Value: Search Page
Data: http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Key: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

Value: Search Page
Data: https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main

Value: Default_Page_URL
Data: https://www.msn.com/fr-fr/?ocid=iehp
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main

Value: SearchAssistant
Data: https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search

Value: SearchAssistant
Data: https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
Key: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search

Value: ProxyOverride
Data: *.local
Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings

Value: blank
Data: res://mshtml.dll/blank.htm
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs

Value: DesktopItemNavigationFailure
Data: res://ieframe.dll/navcancl.htm
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs

Value: Home
Data: 270
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs

Value: NavigationCanceled
Data: res://ieframe.dll/navcancl.htm
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs

Value: NavigationFailure
Data: res://ieframe.dll/navcancl.htm
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs

Value: NoAdd-ons
Data: res://ieframe.dll/noaddon.htm
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs

Value: NoAdd-onsInfo
Data: res://ieframe.dll/noaddoninfo.htm
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs

Value: OfflineInformation
Data: res://ieframe.dll/offcancl.htm
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs

Value: PostNotCached
Data: res://ieframe.dll/repost.htm
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs

Value: SecurityRisk
Data: res://ieframe.dll/securityatrisk.htm
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs

Value: Tabs
Data: res://ieframe.dll/tabswelcome.htm
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs

Value: InPrivate
Data: res://ieframe.dll/inprivate.htm
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs

Value: RunInvalidSignatures
Data: 1
Key: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download

Value: CheckExeSignatures
Data: no
Key: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download

[+] Windows Firewall allowed programs

Value: %windir%\system32\sessmgr.exe
Data: %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\xampp\apache\bin\apache.exe
Data: C:\xampp\apache\bin\apache.exe:*:Enabled:Apache HTTP Server
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Program Files\ma-config.com\maconfservice.exe
Data: C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: %windir%\Network Diagnostic\xpnetdiag.exe
Data: %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
Data: C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Program Files\LimeWire\LimeWire.exe
Data: C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Program Files\eMule\emule.exe
Data: C:\Program Files\eMule\emule.exe:*:Enabled:eMule
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Program Files\Skype\Plugin Manager\skypePM.exe
Data: C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Program Files\Bonjour\mDNSResponder.exe
Data: C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Program Files\iTunes\iTunes.exe
Data: C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Program Files\Final Gunz\theduel.exe
Data: C:\Program Files\Final Gunz\theduel.exe:*:Enabled:Gunz
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Users\NOM MASQUER\Mes documents\Serveur\emulator v35\Holograph Emulator.exe
Data: C:\Users\NOM MASQUER\Mes documents\Serveur\emulator v35\Holograph Emulator.exe:*:Enabled:Holo V35 Emulater
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Program Files\LiveZilla\LiveZilla Server Admin.exe
Data: C:\Program Files\LiveZilla\LiveZilla Server Admin.exe:*:Enabled:LiveZilla Server Admin
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Program Files\TeamViewer\Version5\TeamViewer.exe
Data: C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Users\NOM MASQUER\Mes documents\scripting\HoloScripter\HoloScripter v3.0.exe
Data: C:\Users\NOM MASQUER\Mes documents\scripting\HoloScripter\HoloScripter v3.0.exe:*:Enabled:HoloScripter v3.0
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Users\NOM MASQUER\Mes documents\scripting\HoloScripterv2\HoloScripter v2.0.exe
Data: C:\Users\NOM MASQUER\Mes documents\scripting\HoloScripterv2\HoloScripter v2.0.exe:*:Enabled:HoloScripter v2.0
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Program Files\SmartFTP Client\SmartFTP.exe
Data: C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 4.0
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Users\NOM MASQUER\Mes documents\Retro\Serveur\HoloEmu v40\bin\Release\Holograph Emulator.exe
Data: C:\Users\NOM MASQUER\Mes documents\Retro\Serveur\HoloEmu v40\bin\Release\Holograph Emulator.exe:*:Enabled:Holograph Emulator
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Program Files\Skype\Phone\Skype.exe
Data: C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Program Files\Windows Live\Messenger\wlcsdk.exe
Data: C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
Data: C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: %windir%\system32\sessmgr.exe
Data: %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fi
A voir également:

11 réponses

Réponse 1 / 11
skynetfull Messages postés 17 Statut Membre 1
 
Salut,

Sans lire le rapport, c'est probablement à cause d'infections virales que Avast a supprimé des composants, là je pense que le mieux pour toi est de récupérer ce que tu ne veux pas perdre et de réinstaller Windows pour repartir sur du propre.
0
Réponse 2 / 11
cosmido
 
bonjour,

Intéressant comme rapport.

Une toolbar et un ou 2 Adware gérés par Ad-remover

Téléchargez sur votre bureau Ad-Remover (de C_XX)

/|\ Désactiver l'antivirus. /|\

• Lancez AD-R.exe,
• Sélectionner la langue, F et validez par Entrée,
• Déconnectez-vous, quittez les applications ouvertes
• Sélectionner l'option [L. Lancer le nettoyage]

>> Laisser le aller,

• Après le scan, appuyez sur une touche pour ouvrir le rapport..
► Postez le rapport (C:\Ad-Report-Clean.log).

/|\ Réactiver l'antivirus. /|\
____________________________________________

Téléchargez Malwarebytes gratuit
• Lancez l'installation,
• Choisissez de créer un icône sur le bureau,
• Après l'installation, s'il propose de redémarrer <- N'acceptez pas

• Lancer Malwarebytes ..avec son icône,
• Aller dans [Mise à jours] --> [Recherche de mise à jour]..,
• Aller dans [Recherche] --> [Exécuter un examen Complet],

Après le scan;
• Sauvegarder le rapport ..et
• Appuyer sur [Supprimer la sélection] << (IMPORTANT),
>> Redémarrer si proposé.. << (IMPORTANT),

Postez le rapport Malwarebytes.
____________________________________________

Produisez et postez un diagnostique complet du PC >> procédure <<.
Y a aucune info personnelle dans ce genre de rapport.

Postez le rapport de l'antivirus de service.
Et aller autoriser les processus actif du parefeux, dans l'antivirus
0
Réponse 3 / 11
Fenomenal
 
Je n'est plus d'antivirus car apres avoir enlever avast j'en ai essayer un autre et il prenner aussi windows pour un virus.

Je vais essayer les logiciel pour voir.
0
Réponse 4 / 11
Fenomenal
 
Voici le rapport de AD-remover:

[quote]
.
======= LOGFILE OF AD-REMOVER 1.1.4.6_J | ONLY XP/VISTA/7 =======
.
Updated by C_XX on 05.02.2010 at 17:34
Contact: AdRemover.contact@gmail.com
Website: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Launch at: 0:15:50, 25/02/2010 | Normal Boot | Option: CLEAN
Executed from: C:\Ad-Remover\
Operating system: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Computer Name: SWEET-3C195996B | Current user: Administrateur
.
============== NEUTRALIZED ELEMENT(S) ==============
.

C:\WINDOWS.0\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
C:\WINDOWS.0\Tasks\Scheduled Update for Ask Toolbar.job
C:\DOCUME~1\ADMINI~1\MENUDM~1\PROGRA~1\Ask Search Assistant
C:\Program Files\Ask Search Assistant
C:\Program Files\Ask.com
C:\Program Files\AskTBar
C:\Program Files\Iminent
C:\Program Files\Need2Find
C:\Program Files\SweetIM
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo
C:\DOCUME~1\ALLUSE~1.0\APPLIC~1\SweetIM

(!) -- Temp files deleted.

.
HKCU\software\EoRezo
HKCU\software\Iminent
HKCU\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKCU\software\SweetIM
HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
HKLM\software\classes\appid\GenericAskToolbar.DLL
HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
HKLM\Software\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
HKLM\Software\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\Software\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKLM\Software\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKLM\Software\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
HKLM\software\classes\GenericAskToolbar.ToolbarWnd
HKLM\software\classes\GenericAskToolbar.ToolbarWnd.1
HKLM\software\classes\installer\Products\A28B4D68DEBAA244EB686953B7074FEF
HKLM\Software\Classes\Interface\{0CA97EEE-C8C4-4B10-A332-10AF1FBEB534}
HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
HKLM\software\classes\MediaPlayer.GraphicsUtils
HKLM\software\classes\MediaPlayer.GraphicsUtils.1
HKLM\software\classes\MgMediaPlayer.GifAnimator
HKLM\software\classes\MgMediaPlayer.GifAnimator.1
HKLM\software\classes\Need2FindBar.SettingsPlugin
HKLM\software\classes\Need2FindBar.SettingsPlugin.1
HKLM\software\classes\Need2FindBar.ToolbarPlugin
HKLM\software\classes\Need2FindBar.ToolbarPlugin.1
HKLM\software\classes\SWEETIE.IEToolbar
HKLM\software\classes\SWEETIE.IEToolbar.1
HKLM\software\classes\SweetIM_URLSearchHook.ToolbarURLSearchHook
HKLM\software\classes\SweetIM_URLSearchHook.ToolbarURLSearchHook.1
HKLM\software\classes\Toolbar3.SWEETIE
HKLM\software\classes\Toolbar3.SWEETIE.1
HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
HKLM\Software\Classes\TypeLib\{2C6674DB-EFB5-464A-A715-3E770B9C8A94}
HKLM\Software\Classes\TypeLib\{4D1C4E80-A32A-416B-BCDB-33B3EF3617D3}
HKLM\Software\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
HKLM\Software\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
HKLM\Software\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
HKLM\software\EoRezo
HKLM\software\iAvatars.com
HKLM\software\Iminent
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
HKLM\software\microsoft\internet explorer\searchscopes\{EEE6C360-6118-11DC-9C72-001320C79847}
HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKLM\software\microsoft\shared tools\msconfig\startupreg\SweetIM
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\351716A953E21214898904032EAE2E81
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A189D17A469616C4688D23E192996267
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\EoEngine
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SoftwareHelper
HKLM\software\microsoft\windows\currentversion\uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
HKLM\software\microsoft\windows\currentversion\uninstall\Ask.com Search Assistant
HKLM\software\microsoft\windows\currentversion\uninstall\SoftwareUpdate_is1
HKLM\software\SweetIM
.
============== Added scan ==============
.
.
* Mozilla FireFox Version 3.6 [fr] *
.
ProfilePath: 3421d3io.default (Administrateur)
.
(ADMINI~1, prefs.js) Browser.download.lastDir, C:\Documents and Settings\Administrateur\Mes documents\Téléchargements
(ADMINI~1, prefs.js) Browser.startup.homepage, hxxp://www.plusnetwork.com
(ADMINI~1, prefs.js) Extensions.enabledItems, {20a82645-c095-46ed-80e3-08825760534b}:1.1,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6
.
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Enable Browser Extensions: yes
Do404Search: 01000000
Local Page: C:\WINDOWS.0\system32\blank.htm
Show_ToolBar: yes
Search Bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Use Custom Search URL: 0 (0x0)
Use Search Asst: no
Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS.0\system32\blank.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
Search Bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials, ...) ==============
.
C:\Documents and Settings\All Users.WINDOWS.0\Menu D‚marrer\Programmes\Accessoires\GTA San Andreas Final Patch\Page d'accueil de GTA San Andreas Final Patch.url
C:\Users\All Users.WINDOWS.0\Menu D‚marrer\Programmes\Accessoires\GTA San Andreas Final Patch\Page d'accueil de GTA San Andreas Final Patch.url
.
===================================
.
15231 Byte(s) - C:\Ad-Report-CLEAN[1].log
24882 Byte(s) - C:\Ad-Report-SCAN[1].log
.
2120 File(s) - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
0 File(s) - C:\WINDOWS.0\Temp
0 File(s) - C:\WINDOWS.0\Prefetch
.
20 File(s) - C:\Ad-Remover\BACKUP
152 File(s) - C:\Ad-Remover\QUARANTINE
.
End at: 0:18:23 | 25/02/2010 - CLEAN[1]
.
============== E.O.F ==============
.
/quote
0
Fenomenal
 
Up !
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 11
cosmido
 
..

Avez vous été capable de faire Malwarebytes ?
Postez le rapport qui est dans [Rapports/Logs]

► Produisez et postez un diagnostique complet du PC >> procédure <<.
Y a aucune info personnelle dans ce genre de rapport.
0
Réponse 6 / 11
Fenomenal
 
http://cjoint.com/data/cAmVNjlzjA.htm Voila pour le rapport de ZHP Diag

Malwarebytes, je vais le faire ce soir, j'editerais ensuite.
0
Réponse 7 / 11
cosmido
 
Mmmmmm.., Malwarebytes lancé il y a 24 heures.
Autait fait de quoi d'utile.

Si entre temps, vous avez lancé Malwarebytes. Postez le rapport !
Très possible que certaines lignes à supprimer avec ZHPFix, y soient pas.

________________________________________________________

• Lancez ZHPFix du raccouci du bureau .
• Cliquez sur le bouton [H] ( "coller les lignes Helper" ) .
• Copiez/collez les lignes suivantes dans la fenêtres de ZHPFix,
• Cliquez sur ’’Tous’’ et sur ’’Nettoyer ’,
• Copiez/collez la totalité du rapport dans votre prochaine réponse. 

[MD5.AAC3068E8611D6BFED7C1ED9F66545BB] - (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS.0\system32\fservice.exe 
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS.0\system32\fservice.exe 
O4 - HKLM\..\Run: [HKLM] . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\install\explorer.exe   
O4 - HKCU\..\Run: [HKCU] . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\install\explorer.exe     
O4 - HKLM\..\policies\Explorer\Run: [Policies] . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\install\explorer.exe     
O4 - HKLM\..\policies\Explorer\Run: [DirectX For Microsoft® Windows] . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\fservice.exe 
O4 - HKCU\..\policies\Explorer\Run: [Policies] . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\install\explorer.exe     
O8 - Extra context menu item: &Search - (.not file.) - http:\\ko.bar.need2find.com\KO\menusearch.html?p=KO 
O39 - APT:Automatic Planified Task  - C:\WINDOWS.0\Tasks\Install_NSS.job 
O39 - APT:Automatic Planified Task  - C:\WINDOWS.0\Tasks\User_Feed_Synchronization-{1EA49363-82D2-4C4E-A4ED-E6632FB6B42B}.job     
O39 - APT:Automatic Planified Task  - C:\WINDOWS.0\Tasks\User_Feed_Synchronization-{61307779-48D4-425F-BA3D-6C5D73C27D72}.job     
O40 - ASIC: (no name) - {5Y99AE78-58TT-11dW-BE53-Y67078979Y} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS.0\system\sservice.exe
O43 - CFD:Common File Directory ----D- C:\Program Files\Altnet 
O44 - LFC:[MD5.562E0D01D6571FA2251A1E9F54C6CC69] - 26/02/2010 - 12:35:58 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS.0\System32\reginv.dll 
O44 - LFC:[MD5.B4C72DA9FD1A0DCB0698B7DA97DAA0CD] - 26/02/2010 - 12:35:58 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS.0\System32\winkey.dll 
O44 - LFC:[MD5.B3916EC2FCCAC1478EBC253C7B77B6F3] - 26/02/2010 - 01:32:18 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS.0\ktd32.atm


Vérification du répertoire C:\WINDOWS.0\install
Y a quoi la dedans.

• Aller dans Démarrer -> Tout les programmes -> Accessoires ..
• Ouvrez l'invité de commandes,
• Copier/coller(par un clic-droit) les commandes suivantes et valider pour chacune :

Dir /a "C:\WINDOWS.0\install" > C:\WinInst.txt
Start notepad C:\WinInst.txt

>>Un rapport va s'ouvrir à l'écran.
Postez le rapport (C:\WinInst.txt).

P.S.
S'il est volumineux, >> utiliser plutôt l'hébergeur CJoint
________________________________________________________

Installation d'un antivirus.
Antivir : téléchargement et tuto de config.
• Après config. et mise à jours,
• Lancez un scan complet.
Postez le rapport.

Avec Antivir en protection résidente.
Et Malwarebytes utile en 2ième de défense.
Avec lequel une mise à jours doit toujours précédée un scan.
Un PC est très bien protégé, en détection / suppression en tout genre.
________________________________________________________

Mises à jours Logiciels.
Très Important pour prévenir les failles de sécurités des logiciels qui ont accès à Internet.

• Adobe : https://get2.adobe.com/reader/otherversions/

• Suivez ce tuto de Javara, pour télécharger et installer Java,
• Et ensuite, supprimer les anciennes version de Java.

• Faites les mise à jours proposées par Sumo Lite ou Secunia.

► À vérifier aux 30jours.
________________________________________________________

Avec un BackDoor dans la place.
Préférable, par mesure de sécurité.
De changer tout vos mot-de passe d'institutions financières etc

Vous avez fait une réinstallation(Réparer) de windows.
Était-ce pour contrer une infection.
0
Réponse 8 / 11
Fenomenal
 
Rapport malwaresbytes:

""""""""""""""""""""""""""

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3833
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

08/03/2010 19:02:43
mbam-log-2010-03-08 (19-02-31).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 589310
Temps écoulé: 1 hour(s), 54 minute(s), 7 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 8
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 6
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 23

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS.0\Wplugin.dll (Trojan.Dropper) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{08b0e5jf-4fcb-11cf-aaa5-00401c6xx500} (Generic.Bot.H) -> No action taken.
HKEY_CLASSES_ROOT\rxresult.rxresultfilter (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\rxresult.rxresultfilter.1 (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d1c4e81-a32a-416b-bcdb-33b3ef3617d3} (Adware.Need2Find) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5y99ae78-58tt-11dw-be53-y67078979y} (Backdoor.ProRat) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{08b0e5jf-4fcb-11cf-aaa5-00401c6xx500} (Backdoor.Bot) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{5y99ae78-58tt-11dw-be53-y67078979y} (Backdoor.ProRat) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\directx for microsoft® windows (Backdoor.Prorat) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hklm (Backdoor.Bot) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hkcu (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Backdoor.Bot) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Backdoor.Bot) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Backdoor.Prorat) -> Data: c:\windows.0\system32\fservice.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Backdoor.Prorat) -> Data: system32\fservice.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe C:\WINDOWS.0\system32\fservice.exe) Good: (Explorer.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS.0\system32\fservice.exe (Backdoor.Prorat) -> No action taken.
C:\WINDOWS.0\system\sservice.exe (Backdoor.ProRat) -> No action taken.
C:\Program Files\By Mr.4l3x4y\GTA San Andreas\trainer.exe (Trojan.Downloader) -> No action taken.
C:\Users\Censurer\Mes documents\censurer\CMS\NLB CMS\holohack\HoloHackFinalV2.6.exe (Trojan.Dropper) -> No action taken.
C:\Users\Censurer\Mes documents\Retro\CMS\NLB CMS\ServerWerpoV37\ServeurWerpoHabboV37.exe (Trojan.Dropper) -> No action taken.
C:\Users\Censurer\Mes documents\Retro\CMS\NLB-CMS version publics\holohack\HoloHackFinalV2.6.exe (Trojan.Dropper) -> No action taken.
C:\Users\Censurer\Mes documents\Téléchargements\Official-eMule_setup.exe (Adware.Navipromo) -> No action taken.
C:\Users\Censurer\Mes documents\Téléchargements\HoloSqlHackerV2.2.exe (HackTool.Gen) -> No action taken.
C:\Users\Censurer\Mes documents\Téléchargements\installation.exe (Trojan.Dialer) -> No action taken.
C:\Users\Censurer\Mes documents\Hack, script and phishing\Hacking\HoloHackFinalV2.6.exe (Trojan.Dropper) -> No action taken.
C:\Users\Censurer\Mes documents\Hack, script and phishing\Hacking\Steam Cracked Compte.exe (Trojan.Dropper) -> No action taken.
C:\Users\Censurer\Mes documents\Hack, script and phishing\Hacking\[NLB] Darknight ressence.exe (Backdoor.Bot) -> No action taken.
C:\Users\Censurer\Mes documents\Hack, script and phishing\scripting\holohack.exe (Backdoor.Core) -> No action taken.
C:\Users\Censurer\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe (Rogue.Eorezo) -> No action taken.
C:\WINDOWS.0\services.exe (Backdoor.Prorat) -> No action taken.
C:\WINDOWS.0\Wplugin.dll (Trojan.Dropper) -> No action taken.
C:\WINDOWS.0\system32\reginv.dll (Backdoor.ProRat) -> No action taken.
C:\WINDOWS.0\system32\reginv.dll.vzr (Backdoor.ProRat) -> No action taken.
C:\WINDOWS.0\system32\winkey.dll (Backdoor.ProRat) -> No action taken.
C:\WINDOWS.0\system32\spynet\server.exe (Malware.Packer.Morphine) -> No action taken.
C:\xampp\htdocs\holohack\HoloHackFinalV2.6.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Censurer\Application Data\logs.dat (Bifrose.Trace) -> No action taken.
C:\WINDOWS.0\ktd32.atm (Backdoor.ProRat) -> No action taken.

"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""

Rapport WinInst:

""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""

Le volume dans le lecteur C s'appelle BOOT
Le num‚ro de s‚rie du volume est EE3D-B12F

R‚pertoire de C:\WINDOWS.0\install

07/03/2010 23:28 <REP> .
07/03/2010 23:28 <REP> ..
0 fichier(s) 0 octets
2 R‚p(s) 502ÿ708ÿ621ÿ312 octets libres
"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
0
Réponse 9 / 11
cosmido
 
..

Y aurait été préférable d'avoir tout les rapports plutôt.
Là, la désinfection est à reprendre du début.

Le rapport de Malwarebytes montre (-> No action taken).
Ouvrez malwarebytes, aller dans [Quarantaine], appuyer sur [Tout supprimer] et redémarrer le PC.

Aller à la procédure #6 et postez le rapport de ZHPDiag avec l'hébergeur CJoint.
ZHPDiag devrait être déjà installé sur le PC.
0
Réponse 10 / 11
cosmido
 
..

Après.. re-faites cette procédure

Téléchargez sur votre bureau Ad-Remover (de C_XX)

/|\ Désactiver l'antivirus. /|\

• Lancez AD-R.exe,
• Sélectionner la langue, F et validez par Entrée,
• Déconnectez-vous, quittez les applications ouvertes
• Sélectionner l'option [L. Lancer le nettoyage]

>> Laisser le aller,

• Après le scan, appuyez sur une touche pour ouvrir le rapport..
Postez le rapport (C:\Ad-Report-Clean.log).

/|\ Réactiver l'antivirus. /|\
0
Réponse 11 / 11
Eric
 
Après avoir télécharger qtwebkit4.dll tout est résolue:

http://www.down-dll.com/index.php?file-download=qtwebkit4.dll

Merci
0