Problème de virus
Résolu/Fermé
jojorisman
Messages postés
72
Date d'inscription
mercredi 5 septembre 2007
Statut
Membre
Dernière intervention
12 juillet 2011
-
5 avril 2010 à 16:14
jacques.gache Messages postés 33453 Date d'inscription mardi 13 novembre 2007 Statut Contributeur sécurité Dernière intervention 25 janvier 2016 - 10 avril 2010 à 16:40
jacques.gache Messages postés 33453 Date d'inscription mardi 13 novembre 2007 Statut Contributeur sécurité Dernière intervention 25 janvier 2016 - 10 avril 2010 à 16:40
A voir également:
- Problème de virus
- Youtu.be virus - Accueil - Guide virus
- Svchost.exe virus - Guide
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Faux message virus ordinateur - Accueil - Arnaque
25 réponses
jojorisman
Messages postés
72
Date d'inscription
mercredi 5 septembre 2007
Statut
Membre
Dernière intervention
12 juillet 2011
10 avril 2010 à 11:30
10 avril 2010 à 11:30
[ Rapport ToolsCleaner version 2.2.5 (par A.Rothstein & dj QUIOU) ]
-->- Recherche:
C:\Combofix.txt: trouvé !
C:\cleannavi.txt: trouvé !
C:\lopR.txt: trouvé !
C:\TB.txt: trouvé !
C:\Lop SD: trouvé !
C:\GenProc: trouvé !
C:\Qoobox: trouvé !
C:\Toolbar SD: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\jeremy\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\jeremy\Bureau\LopSD.exe: trouvé !
C:\Documents and Settings\jeremy\Bureau\Gmer.zip: trouvé !
C:\Documents and Settings\jeremy\Bureau\Winsoftware.bfu: trouvé !
C:\Documents and Settings\jeremy\Bureau\Bfu.exe: trouvé !
C:\Documents and Settings\jeremy\Bureau\GenProc.zip: trouvé !
C:\Documents and Settings\jeremy\Bureau\Navilog1.exe: trouvé !
C:\Documents and Settings\jeremy\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\jeremy\Bureau\HJTInstall.exe: trouvé !
C:\Documents and Settings\jeremy\Bureau\ToolBarSD.exe: trouvé !
C:\Documents and Settings\jeremy\Bureau\Gmer.txt: trouvé !
C:\Documents and Settings\jeremy\Bureau\GenProc: trouvé !
C:\Documents and Settings\jeremy\Bureau\GenProc\outil\hijackthis.log: trouvé !
C:\Documents and Settings\jeremy\Bureau\GenProc\outil\mbr.exe: trouvé !
C:\GenProc\outil\mbr.exe: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\Navilog1\Navilog1.bat: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
-->- Recherche:
C:\Combofix.txt: trouvé !
C:\cleannavi.txt: trouvé !
C:\lopR.txt: trouvé !
C:\TB.txt: trouvé !
C:\Lop SD: trouvé !
C:\GenProc: trouvé !
C:\Qoobox: trouvé !
C:\Toolbar SD: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\jeremy\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\jeremy\Bureau\LopSD.exe: trouvé !
C:\Documents and Settings\jeremy\Bureau\Gmer.zip: trouvé !
C:\Documents and Settings\jeremy\Bureau\Winsoftware.bfu: trouvé !
C:\Documents and Settings\jeremy\Bureau\Bfu.exe: trouvé !
C:\Documents and Settings\jeremy\Bureau\GenProc.zip: trouvé !
C:\Documents and Settings\jeremy\Bureau\Navilog1.exe: trouvé !
C:\Documents and Settings\jeremy\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\jeremy\Bureau\HJTInstall.exe: trouvé !
C:\Documents and Settings\jeremy\Bureau\ToolBarSD.exe: trouvé !
C:\Documents and Settings\jeremy\Bureau\Gmer.txt: trouvé !
C:\Documents and Settings\jeremy\Bureau\GenProc: trouvé !
C:\Documents and Settings\jeremy\Bureau\GenProc\outil\hijackthis.log: trouvé !
C:\Documents and Settings\jeremy\Bureau\GenProc\outil\mbr.exe: trouvé !
C:\GenProc\outil\mbr.exe: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\Navilog1\Navilog1.bat: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
jojorisman
Messages postés
72
Date d'inscription
mercredi 5 septembre 2007
Statut
Membre
Dernière intervention
12 juillet 2011
10 avril 2010 à 11:37
10 avril 2010 à 11:37
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Fichiers communs\\AOL\\ACF\\ActCntxt.dll"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Fichiers communs\\AOL\\ACF\\FreeActr.dll"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Fichiers communs\\AOL\\ACF\\StaActvr.dll"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Fichiers communs\\AOL\\aoltpspd.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Fichiers communs\\AOL\\Flasha.ocx"=dword:00000002
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\WINDOWS\\Downloaded Program Files\\ReflexiveWebGameLoader.dll"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\WINDOWS\\System32\\FTRTSVC.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\WINDOWS\\Downloaded Program Files\\stg_drm.ocx"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\PROGRA~1\\Mozilla Firefox\\extensions\\dealio@mybrowserbar.com"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\PROGRA~1\\Mozilla Firefox\\extensions\\searchsettings@spigot.com"=dword:00000001
[HKEY_CLASSES_ROOT\gibfile\shell\open]
[HKEY_CLASSES_ROOT\gibfile\shell\open\command]
@="C:\\Program Files\\Letmin\\winletmin.exe %1"
[HKEY_CLASSES_ROOT\gibfile\shell\open\command\729219-1008_CLASSES]
[HKEY_CLASSES_ROOT\gibfile\shell\open\command\729219-1008_CLASSES\.gib]
[HKEY_CLASSES_ROOT\gibfile\shell\open\command\729219-1008_CLASSES\.gib\3729219-1008_CLASSES]
[HKEY_CLASSES_ROOT\gibfile\shell\open\command\729219-1008_CLASSES\.gib\3729219-1008_CLASSES\.gib]
[HKEY_CLASSES_ROOT\gibfile\shell\open\command\729219-1008_CLASSES\.gib\3729219-1008_CLASSES\.gib\4??????]
[HKEY_CLASSES_ROOT\gibfile\shell\open\command\729219-1008_CLASSES\.gib\3729219-1008_CLASSES\.gib\4??????\???????? ? W ?
[HKEY_CLASSES_ROOT\gibfile\shell\open\command\729219-1008_CLASSES\.gib\3729219-1008_CLASSES\.gib\4??????\??????ment de données
[HKEY_CLASSES_ROOT\gibfile\shell\open\command\729219-1008_CLASSES\.gib\3729219-1008_CLASSES\.gib\4??????\???????????? ???????? ?
[HKEY_CLASSES_ROOT\gibfile\shell\open\command\729219-1008_CLASSES\.gib\3729219-1008_CLASSES\.gib\4??????\???????????? ???????? ?
[HKEY_CLASSES_ROOT\gibfile\shell\open\command\729219-1008_CLASSES\.gib\3729219-1008_CLASSES\.gib\4??????\?????????????????????????????
[HKEY_CLASSES_ROOT\CLSID\{38B2A7ED-92EB-11D5-A2D5-001083025146}]
@="IPStaAct Class"
[HKEY_CLASSES_ROOT\CLSID\{38B2A7ED-92EB-11D5-A2D5-001083025146}\InprocServer32]
@="C:\\PROGRA~1\\FICHIE~1\\AOL\\ACF\\StaActvr.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{38B2A7ED-92EB-11D5-A2D5-001083025146}\ProgID]
@="DStaActivator.IPStaAct.1"
[HKEY_CLASSES_ROOT\CLSID\{38B2A7ED-92EB-11D5-A2D5-001083025146}\TypeLib]
@="{38B2A7E0-92EB-11D5-A2D5-001083025146}"
[HKEY_CLASSES_ROOT\CLSID\{38B2A7ED-92EB-11D5-A2D5-001083025146}\VersionIndependentProgID]
@="DStaActivator.IPStaAct"
[HKEY_CLASSES_ROOT\CLSID\{4B2A604D-B751-11D5-A2D5-001083025146}]
@="Activation Class"
[HKEY_CLASSES_ROOT\CLSID\{4B2A604D-B751-11D5-A2D5-001083025146}\InprocServer32]
@="C:\\PROGRA~1\\FICHIE~1\\AOL\\ACF\\ActCntxt.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{4B2A604D-B751-11D5-A2D5-001083025146}\ProgID]
@="Acontext.Activation.1"
[HKEY_CLASSES_ROOT\CLSID\{4B2A604D-B751-11D5-A2D5-001083025146}\TypeLib]
@="{4B2A6040-B751-11D5-A2D5-001083025146}"
[HKEY_CLASSES_ROOT\CLSID\{4B2A604D-B751-11D5-A2D5-001083025146}\VersionIndependentProgID]
@="Acontext.Activation"
[HKEY_CLASSES_ROOT\CLSID\{67377570-6FC6-4B15-A5B9-D6C80957767D}]
@="ALUSchedulerEngine Class"
"AppID"="{0F7E18A5-6DE6-4F73-9DCC-1F9BD36E84CC}"
[HKEY_CLASSES_ROOT\CLSID\{67377570-6FC6-4B15-A5B9-D6C80957767D}\LocalServer32]
@="\"C:\\Program Files\\Symantec\\LiveUpdate\\ALUSchedulerSvc.exe\""
[HKEY_CLASSES_ROOT\CLSID\{67377570-6FC6-4B15-A5B9-D6C80957767D}\ProgID]
@="ALUSchedulerSvc.ALUSchedulerEngine.1"
[HKEY_CLASSES_ROOT\CLSID\{67377570-6FC6-4B15-A5B9-D6C80957767D}\TypeLib]
@="{3A13372E-954F-4FD1-846F-D770B23E11D8}"
[HKEY_CLASSES_ROOT\CLSID\{67377570-6FC6-4B15-A5B9-D6C80957767D}\VersionIndependentProgID]
@="ALUSchedulerSvc.ALUSchedulerEngine"
[HKEY_CLASSES_ROOT\CLSID\{75D44B92-DCAF-43f3-A7D1-91041F34E719}]
@="AOLFlashProp Class"
[HKEY_CLASSES_ROOT\CLSID\{75D44B92-DCAF-43f3-A7D1-91041F34E719}\InprocServer32]
@="C:\\PROGRA~1\\FICHIE~1\\AOL\\Flasha.ocx"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{75D44B92-DCAF-43f3-A7D1-91041F34E719}\Programmable]
[HKEY_CLASSES_ROOT\CLSID\{A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6}]
@="AOL YGP Screensaver"
[HKEY_CLASSES_ROOT\CLSID\{A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6}\Control]
[HKEY_CLASSES_ROOT\CLSID\{A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6}\InprocServer32]
@="C:\\PROGRA~1\\FICHIE~1\\AOL\\SCREEN~1\\YGPSCR~1.DLL"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6}\MiscStatus]
@="0"
[HKEY_CLASSES_ROOT\CLSID\{A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6}\MiscStatus\1]
@="131473"
[HKEY_CLASSES_ROOT\CLSID\{A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6}\ProgID]
@="AOL.PicSsvrCtrl.1"
[HKEY_CLASSES_ROOT\CLSID\{A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6}\Programmable]
[HKEY_CLASSES_ROOT\CLSID\{A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6}\ToolboxBitmap32]
@="C:\\PROGRA~1\\FICHIE~1\\AOL\\SCREEN~1\\YGPSCR~1.DLL, 101"
[HKEY_CLASSES_ROOT\CLSID\{A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6}\TypeLib]
@="{DD3FCE4D-8442-4EFA-A71E-1C131F502F4A}"
[HKEY_CLASSES_ROOT\CLSID\{A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6}\Version]
@="1.0"
[HKEY_CLASSES_ROOT\CLSID\{A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6}\VersionIndependentProgID]
@="AOL.PicSsvrCtrl"
[HKEY_CLASSES_ROOT\CLSID\{C1145550-A454-11D4-9020-00D0B7239081}]
@="AOL Flash Object"
[HKEY_CLASSES_ROOT\CLSID\{C1145550-A454-11D4-9020-00D0B7239081}\Control]
[HKEY_CLASSES_ROOT\CLSID\{C1145550-A454-11D4-9020-00D0B7239081}\EnableFullPage]
[HKEY_CLASSES_ROOT\CLSID\{C1145550-A454-11D4-9020-00D0B7239081}\EnableFullPage\.spl]
[HKEY_CLASSES_ROOT\CLSID\{C1145550-A454-11D4-9020-00D0B7239081}\EnableFullPage\.swf]
[HKEY_CLASSES_ROOT\CLSID\{C1145550-A454-11D4-9020-00D0B7239081}\Implemented Categories]
[HKEY_CLASSES_ROOT\CLSID\{C1145550-A454-11D4-9020-00D0B7239081}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}]
[HKEY_CLASSES_ROOT\CLSID\{C1145550-A454-11D4-9020-00D0B7239081}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}]
[HKEY_CLASSES_ROOT\CLSID\{C1145550-A454-11D4-9020-00D0B7239081}\InprocServer32]
@="C:\\PROGRA~1\\FICHIE~1\\AOL\\Flasha.ocx"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{C1145550-A454-11D4-9020-00D0B7239081}\MiscStatus]
@="0"
[HKEY_CLASSES_ROOT\CLSID\{C1145550-A454-11D4-9020-00D0B7239081}\MiscStatus\1]
@="131473"
[HKEY_CLASSES_ROOT\CLSID\{C1145550-A454-11D4-9020-00D0B7239081}\ProgID]
@="AOLFlash.AOLFlash.1"
[HKEY_CLASSES_ROOT\CLSID\{C1145550-A454-11D4-9020-00D0B7239081}\Programmable]
[HKEY_CLASSES_ROOT\CLSID\{C1145550-A454-11D4-9020-00D0B7239081}\ToolboxBitmap32]
@="C:\\PROGRA~1\\FICHIE~1\\AOL\\Flasha.ocx, 1"
[HKEY_CLASSES_ROOT\CLSID\{C1145550-A454-11D4-9020-00D0B7239081}\TypeLib]
@="{C114555B-A454-11D4-9020-00D0B7239081}"
[HKEY_CLASSES_ROOT\CLSID\{C1145550-A454-11D4-9020-00D0B7239081}\Version]
@="1.0"
[HKEY_CLASSES_ROOT\CLSID\{C1145550-A454-11D4-9020-00D0B7239081}\VersionIndependentProgID]
@="AOLFlash.AOLFlash"
[HKEY_CLASSES_ROOT\CLSID\{C1145551-A454-11D4-9020-00D0B7239081}]
@="AOL Flash Factory Object"
[HKEY_CLASSES_ROOT\CLSID\{C1145551-A454-11D4-9020-00D0B7239081}\Control]
[HKEY_CLASSES_ROOT\CLSID\{C1145551-A454-11D4-9020-00D0B7239081}\InprocServer32]
@="C:\\PROGRA~1\\FICHIE~1\\AOL\\Flasha.ocx"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{C1145551-A454-11D4-9020-00D0B7239081}\ProgID]
@="AOLFlashFactory.AOLFlashFactory.1"
[HKEY_CLASSES_ROOT\CLSID\{C1145551-A454-11D4-9020-00D0B7239081}\Programmable]
[HKEY_CLASSES_ROOT\CLSID\{C1145551-A454-11D4-9020-00D0B7239081}\ToolboxBitmap32]
@="C:\\PROGRA~1\\FICHIE~1\\AOL\\Flasha.ocx, 1"
[HKEY_CLASSES_ROOT\CLSID\{C1145551-A454-11D4-9020-00D0B7239081}\TypeLib]
@="{C114555B-A454-11D4-9020-00D0B7239081}"
[HKEY_CLASSES_ROOT\CLSID\{C1145551-A454-11D4-9020-00D0B7239081}\Version]
@="1.0"
[HKEY_CLASSES_ROOT\CLSID\{C1145551-A454-11D4-9020-00D0B7239081}\VersionIndependentProgID]
@="AOLFlashFactory.AOLFlashFactory"
[HKEY_CLASSES_ROOT\CLSID\{F687EF8D-9C9D-11D5-A2D5-001083025146}]
@="FreeActivator Class"
[HKEY_CLASSES_ROOT\CLSID\{F687EF8D-9C9D-11D5-A2D5-001083025146}\InprocServer32]
@="C:\\PROGRA~1\\FICHIE~1\\AOL\\ACF\\FreeActr.dll"
"ThreadingModel"="Free"
[HKEY_CLASSES_ROOT\CLSID\{F687EF8D-9C9D-11D5-A2D5-001083025146}\ProgID]
@="DFreeActivator.FreeActivator.1"
[HKEY_CLASSES_ROOT\CLSID\{F687EF8D-9C9D-11D5-A2D5-001083025146}\TypeLib]
@="{F687EF80-9C9D-11D5-A2D5-001083025146}"
[HKEY_CLASSES_ROOT\CLSID\{F687EF8D-9C9D-11D5-A2D5-001083025146}\VersionIndependentProgID]
@="DFreeActivator.FreeActivator"
[HKEY_CLASSES_ROOT\Interface\{72F6F43A-C397-4763-9D43-00126CF729D0}]
@="IALUSchedulerEngine"
[HKEY_CLASSES_ROOT\Interface\{72F6F43A-C397-4763-9D43-00126CF729D0}\ProxyStubClsid]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_CLASSES_ROOT\Interface\{72F6F43A-C397-4763-9D43-00126CF729D0}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_CLASSES_ROOT\Interface\{72F6F43A-C397-4763-9D43-00126CF729D0}\TypeLib]
@="{3A13372E-954F-4FD1-846F-D770B23E11D8}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\HijackThis.exe]
@="C:\\Program Files\\Trend Micro\\HijackThis\\hijackthis.exe"
"Path"="C:\\Program Files\\Trend Micro\\HijackThis"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Common Client\\"="1"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Fichiers communs\\Symantec Shared\\Help\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Fichiers communs\\Symantec Shared\\VirusDefs\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Norton AntiVirus\\"="1"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Fichiers communs\\Symantec Shared\\SPManifests\\"="1"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Documents and Settings\\All Users\\Application Data\\SweetIM\\Messenger\\"="1"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Documents and Settings\\All Users\\Application Data\\SweetIM\\"="1"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Documents and Settings\\All Users\\Application Data\\SweetIM\\Messenger\\data\\"="1"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\SweetIM\\"="1"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Documents and Settings\\All Users\\Application Data\\SweetIM\\Messenger\\update\\"="1"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Documents and Settings\\All Users\\Application Data\\SweetIM\\Messenger\\conf\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Documents and Settings\\All Users\\Application Data\\SweetIM\\Messenger\\conf\\users\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Documents and Settings\\All Users\\Application Data\\SweetIM\\Messenger\\data\\contentdb\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\SweetIM\\Messenger\\resources\\"="1"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\SweetIM\\Messenger\\"="1"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Documents and Settings\\All Users\\Application Data\\SweetIM\\Messenger\\logs\\"="1"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\SweetIM\\Messenger\\resources\\images\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\SweetIM\\Toolbars\\Internet Explorer\\"="1"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\SweetIM\\Toolbars\\"="1"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\SweetIM\\Toolbars\\Internet Explorer\\conf\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\SweetIM\\Toolbars\\Internet Explorer\\resources\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Dealio Toolbar\\"="1"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Dealio Toolbar\\FF\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Dealio Toolbar\\FF\\chrome\\content\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Dealio Toolbar\\FF\\chrome\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Dealio Toolbar\\FF\\chrome\\locale\\EN-US\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Dealio Toolbar\\FF\\chrome\\locale\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Dealio Toolbar\\FF\\chrome\\skin\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Dealio Toolbar\\FF\\components\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Dealio Toolbar\\Res\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Application Updater\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Dealio Toolbar\\IE\\4.0.2\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Dealio Toolbar\\IE\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Search Settings\\FF\\chrome\\skin\\"="1"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Search Settings\\FF\\chrome\\"="1"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Search Settings\\FF\\"="1"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Search Settings\\"="1"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Search Settings\\res\\"="1"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Search Settings\\temp\\"="1"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Search Settings\\FF\\chrome\\content\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Search Settings\\FF\\chrome\\locale\\en-US\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Search Settings\\FF\\chrome\\locale\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Search Settings\\FF\\components\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Remover]
"DisplayName"="Ad-Remover By C_XX"
"UninstallString"="\"C:\\Ad-Remover\\Un-ADR.exe\""
"DisplayIcon"="C:\\Ad-Remover\\res\\icon.ico"
"Publisher"="C_XX"
"NoModify"=dword:00000001
"NoRepair"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\AOL Connectivity Services]
"UninstallString"="C:\\PROGRA~1\\FICHIE~1\\AOL\\ACS\\AcsUninstall.exe /c"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\AOL YGP Screensaver]
"UninstallString"="C:\\Program Files\\Fichiers communs\\AOL\\Screensaver\\uninst_ygpss.exe"
"DisplayIcon"="C:\\Program Files\\Fichiers communs\\AOL\\Screensaver\\ygpsstra.exe"
[HKEY_LOCAL_MACHINE\Software\TrendMicro]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\HijackThis]
"Order"=hex:08,00,00,00,02,00,00,00,8a,00,00,00,01,00,00,00,01,00,00,00,7e,\
00,00,00,00,00,00,00,70,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,5e,00,\
32,00,d5,06,00,00,22,3b,d0,9b,20,00,48,49,4a,41,43,4b,7e,31,2e,4c,4e,4b,00,\
00,34,00,03,00,04,00,ef,be,21,3b,a0,6e,6e,3c,90,55,14,00,00,00,48,00,69,00,\
6a,00,61,00,63,00,6b,00,54,00,68,00,69,00,73,00,2e,00,6c,00,6e,00,6b,00,00,\
00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Program Files\\Trend Micro\\HijackThis\\HijackThis.exe"="HijackThis"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Documents and Settings\\jeremy\\Local Settings\\Temporary Internet Files\\Content.IE5\\CKQIRWT7\\OTM[1].exe"="OTM[1]"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Documents and Settings\\jeremy\\Bureau\\OTM.exe"="OTM"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Documents and Settings\\jeremy\\Local Settings\\Temporary Internet Files\\Content.IE5\\F5SNHRJI\\ToolsCleaner2[1].exe"="ToolsCleaner2[1]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Fichiers communs\\AOL\\ACF\\ActCntxt.dll"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Fichiers communs\\AOL\\ACF\\FreeActr.dll"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Fichiers communs\\AOL\\ACF\\StaActvr.dll"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Fichiers communs\\AOL\\aoltpspd.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Fichiers communs\\AOL\\Flasha.ocx"=dword:00000002
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\WINDOWS\\Downloaded Program Files\\ReflexiveWebGameLoader.dll"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\WINDOWS\\System32\\FTRTSVC.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\WINDOWS\\Downloaded Program Files\\stg_drm.ocx"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\PROGRA~1\\Mozilla Firefox\\extensions\\dealio@mybrowserbar.com"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\PROGRA~1\\Mozilla Firefox\\extensions\\searchsettings@spigot.com"=dword:00000001
[HKEY_CLASSES_ROOT\gibfile\shell\open]
[HKEY_CLASSES_ROOT\gibfile\shell\open\command]
@="C:\\Program Files\\Letmin\\winletmin.exe %1"
[HKEY_CLASSES_ROOT\gibfile\shell\open\command\729219-1008_CLASSES]
[HKEY_CLASSES_ROOT\gibfile\shell\open\command\729219-1008_CLASSES\.gib]
[HKEY_CLASSES_ROOT\gibfile\shell\open\command\729219-1008_CLASSES\.gib\3729219-1008_CLASSES]
[HKEY_CLASSES_ROOT\gibfile\shell\open\command\729219-1008_CLASSES\.gib\3729219-1008_CLASSES\.gib]
[HKEY_CLASSES_ROOT\gibfile\shell\open\command\729219-1008_CLASSES\.gib\3729219-1008_CLASSES\.gib\4??????]
[HKEY_CLASSES_ROOT\gibfile\shell\open\command\729219-1008_CLASSES\.gib\3729219-1008_CLASSES\.gib\4??????\???????? ? W ?
[HKEY_CLASSES_ROOT\gibfile\shell\open\command\729219-1008_CLASSES\.gib\3729219-1008_CLASSES\.gib\4??????\??????ment de données
[HKEY_CLASSES_ROOT\gibfile\shell\open\command\729219-1008_CLASSES\.gib\3729219-1008_CLASSES\.gib\4??????\???????????? ???????? ?
[HKEY_CLASSES_ROOT\gibfile\shell\open\command\729219-1008_CLASSES\.gib\3729219-1008_CLASSES\.gib\4??????\???????????? ???????? ?
[HKEY_CLASSES_ROOT\gibfile\shell\open\command\729219-1008_CLASSES\.gib\3729219-1008_CLASSES\.gib\4??????\?????????????????????????????
[HKEY_CLASSES_ROOT\CLSID\{38B2A7ED-92EB-11D5-A2D5-001083025146}]
@="IPStaAct Class"
[HKEY_CLASSES_ROOT\CLSID\{38B2A7ED-92EB-11D5-A2D5-001083025146}\InprocServer32]
@="C:\\PROGRA~1\\FICHIE~1\\AOL\\ACF\\StaActvr.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{38B2A7ED-92EB-11D5-A2D5-001083025146}\ProgID]
@="DStaActivator.IPStaAct.1"
[HKEY_CLASSES_ROOT\CLSID\{38B2A7ED-92EB-11D5-A2D5-001083025146}\TypeLib]
@="{38B2A7E0-92EB-11D5-A2D5-001083025146}"
[HKEY_CLASSES_ROOT\CLSID\{38B2A7ED-92EB-11D5-A2D5-001083025146}\VersionIndependentProgID]
@="DStaActivator.IPStaAct"
[HKEY_CLASSES_ROOT\CLSID\{4B2A604D-B751-11D5-A2D5-001083025146}]
@="Activation Class"
[HKEY_CLASSES_ROOT\CLSID\{4B2A604D-B751-11D5-A2D5-001083025146}\InprocServer32]
@="C:\\PROGRA~1\\FICHIE~1\\AOL\\ACF\\ActCntxt.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{4B2A604D-B751-11D5-A2D5-001083025146}\ProgID]
@="Acontext.Activation.1"
[HKEY_CLASSES_ROOT\CLSID\{4B2A604D-B751-11D5-A2D5-001083025146}\TypeLib]
@="{4B2A6040-B751-11D5-A2D5-001083025146}"
[HKEY_CLASSES_ROOT\CLSID\{4B2A604D-B751-11D5-A2D5-001083025146}\VersionIndependentProgID]
@="Acontext.Activation"
[HKEY_CLASSES_ROOT\CLSID\{67377570-6FC6-4B15-A5B9-D6C80957767D}]
@="ALUSchedulerEngine Class"
"AppID"="{0F7E18A5-6DE6-4F73-9DCC-1F9BD36E84CC}"
[HKEY_CLASSES_ROOT\CLSID\{67377570-6FC6-4B15-A5B9-D6C80957767D}\LocalServer32]
@="\"C:\\Program Files\\Symantec\\LiveUpdate\\ALUSchedulerSvc.exe\""
[HKEY_CLASSES_ROOT\CLSID\{67377570-6FC6-4B15-A5B9-D6C80957767D}\ProgID]
@="ALUSchedulerSvc.ALUSchedulerEngine.1"
[HKEY_CLASSES_ROOT\CLSID\{67377570-6FC6-4B15-A5B9-D6C80957767D}\TypeLib]
@="{3A13372E-954F-4FD1-846F-D770B23E11D8}"
[HKEY_CLASSES_ROOT\CLSID\{67377570-6FC6-4B15-A5B9-D6C80957767D}\VersionIndependentProgID]
@="ALUSchedulerSvc.ALUSchedulerEngine"
[HKEY_CLASSES_ROOT\CLSID\{75D44B92-DCAF-43f3-A7D1-91041F34E719}]
@="AOLFlashProp Class"
[HKEY_CLASSES_ROOT\CLSID\{75D44B92-DCAF-43f3-A7D1-91041F34E719}\InprocServer32]
@="C:\\PROGRA~1\\FICHIE~1\\AOL\\Flasha.ocx"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{75D44B92-DCAF-43f3-A7D1-91041F34E719}\Programmable]
[HKEY_CLASSES_ROOT\CLSID\{A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6}]
@="AOL YGP Screensaver"
[HKEY_CLASSES_ROOT\CLSID\{A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6}\Control]
[HKEY_CLASSES_ROOT\CLSID\{A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6}\InprocServer32]
@="C:\\PROGRA~1\\FICHIE~1\\AOL\\SCREEN~1\\YGPSCR~1.DLL"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6}\MiscStatus]
@="0"
[HKEY_CLASSES_ROOT\CLSID\{A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6}\MiscStatus\1]
@="131473"
[HKEY_CLASSES_ROOT\CLSID\{A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6}\ProgID]
@="AOL.PicSsvrCtrl.1"
[HKEY_CLASSES_ROOT\CLSID\{A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6}\Programmable]
[HKEY_CLASSES_ROOT\CLSID\{A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6}\ToolboxBitmap32]
@="C:\\PROGRA~1\\FICHIE~1\\AOL\\SCREEN~1\\YGPSCR~1.DLL, 101"
[HKEY_CLASSES_ROOT\CLSID\{A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6}\TypeLib]
@="{DD3FCE4D-8442-4EFA-A71E-1C131F502F4A}"
[HKEY_CLASSES_ROOT\CLSID\{A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6}\Version]
@="1.0"
[HKEY_CLASSES_ROOT\CLSID\{A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6}\VersionIndependentProgID]
@="AOL.PicSsvrCtrl"
[HKEY_CLASSES_ROOT\CLSID\{C1145550-A454-11D4-9020-00D0B7239081}]
@="AOL Flash Object"
[HKEY_CLASSES_ROOT\CLSID\{C1145550-A454-11D4-9020-00D0B7239081}\Control]
[HKEY_CLASSES_ROOT\CLSID\{C1145550-A454-11D4-9020-00D0B7239081}\EnableFullPage]
[HKEY_CLASSES_ROOT\CLSID\{C1145550-A454-11D4-9020-00D0B7239081}\EnableFullPage\.spl]
[HKEY_CLASSES_ROOT\CLSID\{C1145550-A454-11D4-9020-00D0B7239081}\EnableFullPage\.swf]
[HKEY_CLASSES_ROOT\CLSID\{C1145550-A454-11D4-9020-00D0B7239081}\Implemented Categories]
[HKEY_CLASSES_ROOT\CLSID\{C1145550-A454-11D4-9020-00D0B7239081}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}]
[HKEY_CLASSES_ROOT\CLSID\{C1145550-A454-11D4-9020-00D0B7239081}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}]
[HKEY_CLASSES_ROOT\CLSID\{C1145550-A454-11D4-9020-00D0B7239081}\InprocServer32]
@="C:\\PROGRA~1\\FICHIE~1\\AOL\\Flasha.ocx"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{C1145550-A454-11D4-9020-00D0B7239081}\MiscStatus]
@="0"
[HKEY_CLASSES_ROOT\CLSID\{C1145550-A454-11D4-9020-00D0B7239081}\MiscStatus\1]
@="131473"
[HKEY_CLASSES_ROOT\CLSID\{C1145550-A454-11D4-9020-00D0B7239081}\ProgID]
@="AOLFlash.AOLFlash.1"
[HKEY_CLASSES_ROOT\CLSID\{C1145550-A454-11D4-9020-00D0B7239081}\Programmable]
[HKEY_CLASSES_ROOT\CLSID\{C1145550-A454-11D4-9020-00D0B7239081}\ToolboxBitmap32]
@="C:\\PROGRA~1\\FICHIE~1\\AOL\\Flasha.ocx, 1"
[HKEY_CLASSES_ROOT\CLSID\{C1145550-A454-11D4-9020-00D0B7239081}\TypeLib]
@="{C114555B-A454-11D4-9020-00D0B7239081}"
[HKEY_CLASSES_ROOT\CLSID\{C1145550-A454-11D4-9020-00D0B7239081}\Version]
@="1.0"
[HKEY_CLASSES_ROOT\CLSID\{C1145550-A454-11D4-9020-00D0B7239081}\VersionIndependentProgID]
@="AOLFlash.AOLFlash"
[HKEY_CLASSES_ROOT\CLSID\{C1145551-A454-11D4-9020-00D0B7239081}]
@="AOL Flash Factory Object"
[HKEY_CLASSES_ROOT\CLSID\{C1145551-A454-11D4-9020-00D0B7239081}\Control]
[HKEY_CLASSES_ROOT\CLSID\{C1145551-A454-11D4-9020-00D0B7239081}\InprocServer32]
@="C:\\PROGRA~1\\FICHIE~1\\AOL\\Flasha.ocx"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{C1145551-A454-11D4-9020-00D0B7239081}\ProgID]
@="AOLFlashFactory.AOLFlashFactory.1"
[HKEY_CLASSES_ROOT\CLSID\{C1145551-A454-11D4-9020-00D0B7239081}\Programmable]
[HKEY_CLASSES_ROOT\CLSID\{C1145551-A454-11D4-9020-00D0B7239081}\ToolboxBitmap32]
@="C:\\PROGRA~1\\FICHIE~1\\AOL\\Flasha.ocx, 1"
[HKEY_CLASSES_ROOT\CLSID\{C1145551-A454-11D4-9020-00D0B7239081}\TypeLib]
@="{C114555B-A454-11D4-9020-00D0B7239081}"
[HKEY_CLASSES_ROOT\CLSID\{C1145551-A454-11D4-9020-00D0B7239081}\Version]
@="1.0"
[HKEY_CLASSES_ROOT\CLSID\{C1145551-A454-11D4-9020-00D0B7239081}\VersionIndependentProgID]
@="AOLFlashFactory.AOLFlashFactory"
[HKEY_CLASSES_ROOT\CLSID\{F687EF8D-9C9D-11D5-A2D5-001083025146}]
@="FreeActivator Class"
[HKEY_CLASSES_ROOT\CLSID\{F687EF8D-9C9D-11D5-A2D5-001083025146}\InprocServer32]
@="C:\\PROGRA~1\\FICHIE~1\\AOL\\ACF\\FreeActr.dll"
"ThreadingModel"="Free"
[HKEY_CLASSES_ROOT\CLSID\{F687EF8D-9C9D-11D5-A2D5-001083025146}\ProgID]
@="DFreeActivator.FreeActivator.1"
[HKEY_CLASSES_ROOT\CLSID\{F687EF8D-9C9D-11D5-A2D5-001083025146}\TypeLib]
@="{F687EF80-9C9D-11D5-A2D5-001083025146}"
[HKEY_CLASSES_ROOT\CLSID\{F687EF8D-9C9D-11D5-A2D5-001083025146}\VersionIndependentProgID]
@="DFreeActivator.FreeActivator"
[HKEY_CLASSES_ROOT\Interface\{72F6F43A-C397-4763-9D43-00126CF729D0}]
@="IALUSchedulerEngine"
[HKEY_CLASSES_ROOT\Interface\{72F6F43A-C397-4763-9D43-00126CF729D0}\ProxyStubClsid]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_CLASSES_ROOT\Interface\{72F6F43A-C397-4763-9D43-00126CF729D0}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_CLASSES_ROOT\Interface\{72F6F43A-C397-4763-9D43-00126CF729D0}\TypeLib]
@="{3A13372E-954F-4FD1-846F-D770B23E11D8}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\HijackThis.exe]
@="C:\\Program Files\\Trend Micro\\HijackThis\\hijackthis.exe"
"Path"="C:\\Program Files\\Trend Micro\\HijackThis"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Common Client\\"="1"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Fichiers communs\\Symantec Shared\\Help\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Fichiers communs\\Symantec Shared\\VirusDefs\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Norton AntiVirus\\"="1"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Fichiers communs\\Symantec Shared\\SPManifests\\"="1"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Documents and Settings\\All Users\\Application Data\\SweetIM\\Messenger\\"="1"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Documents and Settings\\All Users\\Application Data\\SweetIM\\"="1"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Documents and Settings\\All Users\\Application Data\\SweetIM\\Messenger\\data\\"="1"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\SweetIM\\"="1"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Documents and Settings\\All Users\\Application Data\\SweetIM\\Messenger\\update\\"="1"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Documents and Settings\\All Users\\Application Data\\SweetIM\\Messenger\\conf\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Documents and Settings\\All Users\\Application Data\\SweetIM\\Messenger\\conf\\users\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Documents and Settings\\All Users\\Application Data\\SweetIM\\Messenger\\data\\contentdb\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\SweetIM\\Messenger\\resources\\"="1"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\SweetIM\\Messenger\\"="1"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Documents and Settings\\All Users\\Application Data\\SweetIM\\Messenger\\logs\\"="1"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\SweetIM\\Messenger\\resources\\images\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\SweetIM\\Toolbars\\Internet Explorer\\"="1"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\SweetIM\\Toolbars\\"="1"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\SweetIM\\Toolbars\\Internet Explorer\\conf\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\SweetIM\\Toolbars\\Internet Explorer\\resources\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Dealio Toolbar\\"="1"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Dealio Toolbar\\FF\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Dealio Toolbar\\FF\\chrome\\content\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Dealio Toolbar\\FF\\chrome\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Dealio Toolbar\\FF\\chrome\\locale\\EN-US\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Dealio Toolbar\\FF\\chrome\\locale\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Dealio Toolbar\\FF\\chrome\\skin\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Dealio Toolbar\\FF\\components\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Dealio Toolbar\\Res\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Application Updater\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Dealio Toolbar\\IE\\4.0.2\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Dealio Toolbar\\IE\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Search Settings\\FF\\chrome\\skin\\"="1"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Search Settings\\FF\\chrome\\"="1"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Search Settings\\FF\\"="1"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Search Settings\\"="1"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Search Settings\\res\\"="1"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Search Settings\\temp\\"="1"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Search Settings\\FF\\chrome\\content\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Search Settings\\FF\\chrome\\locale\\en-US\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Search Settings\\FF\\chrome\\locale\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Search Settings\\FF\\components\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Remover]
"DisplayName"="Ad-Remover By C_XX"
"UninstallString"="\"C:\\Ad-Remover\\Un-ADR.exe\""
"DisplayIcon"="C:\\Ad-Remover\\res\\icon.ico"
"Publisher"="C_XX"
"NoModify"=dword:00000001
"NoRepair"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\AOL Connectivity Services]
"UninstallString"="C:\\PROGRA~1\\FICHIE~1\\AOL\\ACS\\AcsUninstall.exe /c"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\AOL YGP Screensaver]
"UninstallString"="C:\\Program Files\\Fichiers communs\\AOL\\Screensaver\\uninst_ygpss.exe"
"DisplayIcon"="C:\\Program Files\\Fichiers communs\\AOL\\Screensaver\\ygpsstra.exe"
[HKEY_LOCAL_MACHINE\Software\TrendMicro]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\HijackThis]
"Order"=hex:08,00,00,00,02,00,00,00,8a,00,00,00,01,00,00,00,01,00,00,00,7e,\
00,00,00,00,00,00,00,70,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,5e,00,\
32,00,d5,06,00,00,22,3b,d0,9b,20,00,48,49,4a,41,43,4b,7e,31,2e,4c,4e,4b,00,\
00,34,00,03,00,04,00,ef,be,21,3b,a0,6e,6e,3c,90,55,14,00,00,00,48,00,69,00,\
6a,00,61,00,63,00,6b,00,54,00,68,00,69,00,73,00,2e,00,6c,00,6e,00,6b,00,00,\
00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Program Files\\Trend Micro\\HijackThis\\HijackThis.exe"="HijackThis"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Documents and Settings\\jeremy\\Local Settings\\Temporary Internet Files\\Content.IE5\\CKQIRWT7\\OTM[1].exe"="OTM[1]"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Documents and Settings\\jeremy\\Bureau\\OTM.exe"="OTM"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Documents and Settings\\jeremy\\Local Settings\\Temporary Internet Files\\Content.IE5\\F5SNHRJI\\ToolsCleaner2[1].exe"="ToolsCleaner2[1]"
jojorisman
Messages postés
72
Date d'inscription
mercredi 5 septembre 2007
Statut
Membre
Dernière intervention
12 juillet 2011
10 avril 2010 à 11:39
10 avril 2010 à 11:39
L'ordi va mieux, il n'y a plus le PERSONAL SECURITY et je n'ai plus besoin de me mettre en mode sans echec donc sa va.
jacques.gache
Messages postés
33453
Date d'inscription
mardi 13 novembre 2007
Statut
Contributeur sécurité
Dernière intervention
25 janvier 2016
1 616
10 avril 2010 à 12:12
10 avril 2010 à 12:12
ok on verras pour les mise à jour après la j'aimerais bien que tu passes list&kill"em en option search et clean car il y as une ligne qui me plais pas dans le host , merci
Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection)
. Télécharge List&Kill'em et enregistre le sur ton bureau
. Branche clés usb , disques durs externes , mp3 , mp4 , etc..
double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation
choisis la langue puis choisis search
. laisse travailler l'outil
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.
un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.
. Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
tu peux supprimer le rapport catchme.log de ton bureau maintenant.
==============================
. Relance List&Kill'em(soit en clic droit pour vista),.
mais cette fois-ci :
. choisis clean
laisse travailler l'outil.
en fin de scan un rapport s'ouvre
. colle le contenu dans ta reponse
Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection)
. Télécharge List&Kill'em et enregistre le sur ton bureau
. Branche clés usb , disques durs externes , mp3 , mp4 , etc..
double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation
choisis la langue puis choisis search
. laisse travailler l'outil
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.
un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.
. Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
tu peux supprimer le rapport catchme.log de ton bureau maintenant.
==============================
. Relance List&Kill'em(soit en clic droit pour vista),.
mais cette fois-ci :
. choisis clean
laisse travailler l'outil.
en fin de scan un rapport s'ouvre
. colle le contenu dans ta reponse
jojorisman
Messages postés
72
Date d'inscription
mercredi 5 septembre 2007
Statut
Membre
Dernière intervention
12 juillet 2011
10 avril 2010 à 12:34
10 avril 2010 à 12:34
List'em by g3n-h@ckm@n 1.7.0.4
User : jeremy (Administrateurs)
Update on 09/04/2010 by g3n-h@ckm@n ::::: 15.30
Start at: 12:16:14 | 10/04/2010
AMD Athlon(tm) XP 3000+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1229 [VPS 090831-0] 4.8.1229 [ Enabled | (!) Outdated ]
C:\ -> Disque fixe local | 144,04 Go (2,78 Go free) [HDD] | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible
Boot: Normal
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\mysql\bin\mysqld-nt.exe
C:\Program Files\VeriSign\NAVI\naviagent.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\VeriSign\NAVI\NAVICL~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\internet explorer\iexplore.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\REALTEK\USB Wireless LAN Utility\RtWLan.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\pv.exe
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
WOOKIT REG_SZ C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
NCLaunch REG_SZ C:\WINDOWS\NCLAUNCH.EXe
ccleaner REG_SZ "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
WOOWATCH REG_SZ C:\PROGRA~1\Wanadoo\Watch.exe
VTTimer REG_SZ VTTimer.exe
TomcatStartup 2.5 REG_SZ C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
StatusClient 2.6 REG_SZ C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
PCMService REG_SZ "c:\Apps\Powercinema\PCMService.exe"
Google Desktop Search REG_SZ "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
ATIPTA REG_SZ C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
UserFaultCheck REG_EXPAND_SZ %systemroot%\system32\dumprep 0 -u
Logitech Hardware Abstraction Layer REG_SZ KHALMNPR.EXE
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
AppleSyncNotifier REG_SZ C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
hpqSRMon REG_SZ C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hpqSRMon.exe
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
ConsentPromptBehaviorAdmin REG_DWORD 0 (0x0)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveAutoRun REG_DWORD 255 (0xff)
NoDriveTypeAutoRun REG_DWORD 255 (0xff)
HonorAutoRunSetting REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 0 (0x0)
NoCDBurning REG_DWORD 0 (0x0)
NoDriveAutoRun REG_DWORD 255 (0xff)
NoDriveTypeAutoRun REG_DWORD 255 (0xff)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultDomainName REG_SZ ORDIENFANTS
DefaultUserName REG_SZ jeremy
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 1 (0x1)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 1 (0x1)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 0 (0x0)
AltDefaultUserName REG_SZ jeremy
AltDefaultDomainName REG_SZ ORDIENFANTS
===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
===============
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
C:\WINDOWS\system32\sessmgr.exe REG_SZ C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019
C:\APPS\Inventime\my.exe REG_SZ C:\APPS\Inventime\my.exe:*:Disabled:INVENTIME
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe REG_SZ C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe:*:Enabled:javaw
C:\iTunes.exe REG_SZ C:\iTunes.exe:*:Enabled:iTunes
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\eMule\emule.exe REG_SZ C:\Program Files\eMule\emule.exe:*:Enabled:eMule
C:\Documents and Settings\jeremy\Bureau\Fichiers non utilisés\GameData\jamp.exe REG_SZ C:\Documents and Settings\jeremy\Bureau\Fichiers non utilisés\GameData\jamp.exe:*:Enabled:Jedi Academy MultiPlayer
C:\Program Files\Bonjour\mDNSResponder.exe REG_SZ C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
C:\Program Files\microsoft office\Office12\OUTLOOK.EXE REG_SZ C:\Program Files\microsoft office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
C:\Program Files\BitTorrent\bittorrent.exe REG_SZ C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
C:\Program Files\iTunes\iTunes.exe REG_SZ C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
===============
ActivX controls
===============
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\Microsoft XML Parser for Java]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{00000055-9980-0010-8000-00AA00389B71}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{17492023-C23A-453E-A040-C7C580BBF700}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8100D56A-5661-482C-BEE8-AFECE305D968}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{B38870E4-7ECB-40DA-8C6A-595F0A5519FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{B79A53C0-1DAC-4636-BACE-FD086A7A79BF}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6}]
===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{166B1BCA-3F9C-11CF-8075-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{233C1507-6A77-46A4-9443-F871F945D258}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4F977AA2-805F-BC0C-5132-74005EFEF149}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{72AD53CC-CCC0-3757-8480-9EE176866A7C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B508B3F1-A24A-32C0-B310-85786919EF28}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C02E9BA6-F236-FED1-C613-2EB0EBED7F5C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CD214A03-179D-65FB-EED0-5F092896C4B5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
==============
BHO :
======
[<NO NAME> REG_SZ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0347C33E-8762-4905-BF09-768834316C61}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{CE000992-A58C-4441-8938-744CD72AB27F}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
===
DNS
===
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C7423273-CA8A-4C31-99B8-3B9B26033170}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C7423273-CA8A-4C31-99B8-3B9B26033170}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C7423273-CA8A-4C31-99B8-3B9B26033170}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Default_Search_URL REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_Page_URL REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.com/?gws_rd=ssl
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3 ( OK = 3 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
=========
Atapi.sys
=========
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\atapi.sys
##
96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\system32\drivers\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\system32\drivers\atapi.sys
Référence :
==========
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e
=======
Drive :
=======
Défragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.
Rapport d'analyse
144 Go total, 2,79 Go libre (1%), 27% fragmenté (fragmentation du fichier 52%)
Vous devriez défragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Present !! : C:\Documents and Settings\jeremy\Local Settings\Temporary Internet Files\SuggestedSites.dat
¤¤¤¤¤¤¤¤¤¤ Keys :
============
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-10 12:33:20
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82FD71F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x82fd71f8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
AntiVirusOverride REG_DWORD 1 (0x1)
FirewallOverride REG_DWORD 1 (0x1)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 12:33:23,09
User : jeremy (Administrateurs)
Update on 09/04/2010 by g3n-h@ckm@n ::::: 15.30
Start at: 12:16:14 | 10/04/2010
AMD Athlon(tm) XP 3000+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1229 [VPS 090831-0] 4.8.1229 [ Enabled | (!) Outdated ]
C:\ -> Disque fixe local | 144,04 Go (2,78 Go free) [HDD] | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible
Boot: Normal
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\mysql\bin\mysqld-nt.exe
C:\Program Files\VeriSign\NAVI\naviagent.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\VeriSign\NAVI\NAVICL~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\internet explorer\iexplore.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\REALTEK\USB Wireless LAN Utility\RtWLan.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\pv.exe
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
WOOKIT REG_SZ C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
NCLaunch REG_SZ C:\WINDOWS\NCLAUNCH.EXe
ccleaner REG_SZ "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
WOOWATCH REG_SZ C:\PROGRA~1\Wanadoo\Watch.exe
VTTimer REG_SZ VTTimer.exe
TomcatStartup 2.5 REG_SZ C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
StatusClient 2.6 REG_SZ C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
PCMService REG_SZ "c:\Apps\Powercinema\PCMService.exe"
Google Desktop Search REG_SZ "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
ATIPTA REG_SZ C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
UserFaultCheck REG_EXPAND_SZ %systemroot%\system32\dumprep 0 -u
Logitech Hardware Abstraction Layer REG_SZ KHALMNPR.EXE
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
AppleSyncNotifier REG_SZ C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
hpqSRMon REG_SZ C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hpqSRMon.exe
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
ConsentPromptBehaviorAdmin REG_DWORD 0 (0x0)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveAutoRun REG_DWORD 255 (0xff)
NoDriveTypeAutoRun REG_DWORD 255 (0xff)
HonorAutoRunSetting REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 0 (0x0)
NoCDBurning REG_DWORD 0 (0x0)
NoDriveAutoRun REG_DWORD 255 (0xff)
NoDriveTypeAutoRun REG_DWORD 255 (0xff)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultDomainName REG_SZ ORDIENFANTS
DefaultUserName REG_SZ jeremy
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 1 (0x1)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 1 (0x1)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 0 (0x0)
AltDefaultUserName REG_SZ jeremy
AltDefaultDomainName REG_SZ ORDIENFANTS
===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
===============
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
C:\WINDOWS\system32\sessmgr.exe REG_SZ C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019
C:\APPS\Inventime\my.exe REG_SZ C:\APPS\Inventime\my.exe:*:Disabled:INVENTIME
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe REG_SZ C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe:*:Enabled:javaw
C:\iTunes.exe REG_SZ C:\iTunes.exe:*:Enabled:iTunes
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\eMule\emule.exe REG_SZ C:\Program Files\eMule\emule.exe:*:Enabled:eMule
C:\Documents and Settings\jeremy\Bureau\Fichiers non utilisés\GameData\jamp.exe REG_SZ C:\Documents and Settings\jeremy\Bureau\Fichiers non utilisés\GameData\jamp.exe:*:Enabled:Jedi Academy MultiPlayer
C:\Program Files\Bonjour\mDNSResponder.exe REG_SZ C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
C:\Program Files\microsoft office\Office12\OUTLOOK.EXE REG_SZ C:\Program Files\microsoft office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
C:\Program Files\BitTorrent\bittorrent.exe REG_SZ C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
C:\Program Files\iTunes\iTunes.exe REG_SZ C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
===============
ActivX controls
===============
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\Microsoft XML Parser for Java]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{00000055-9980-0010-8000-00AA00389B71}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{17492023-C23A-453E-A040-C7C580BBF700}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8100D56A-5661-482C-BEE8-AFECE305D968}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{B38870E4-7ECB-40DA-8C6A-595F0A5519FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{B79A53C0-1DAC-4636-BACE-FD086A7A79BF}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6}]
===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{166B1BCA-3F9C-11CF-8075-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{233C1507-6A77-46A4-9443-F871F945D258}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4F977AA2-805F-BC0C-5132-74005EFEF149}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{72AD53CC-CCC0-3757-8480-9EE176866A7C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B508B3F1-A24A-32C0-B310-85786919EF28}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C02E9BA6-F236-FED1-C613-2EB0EBED7F5C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CD214A03-179D-65FB-EED0-5F092896C4B5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
==============
BHO :
======
[<NO NAME> REG_SZ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0347C33E-8762-4905-BF09-768834316C61}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{CE000992-A58C-4441-8938-744CD72AB27F}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
===
DNS
===
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C7423273-CA8A-4C31-99B8-3B9B26033170}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C7423273-CA8A-4C31-99B8-3B9B26033170}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C7423273-CA8A-4C31-99B8-3B9B26033170}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Default_Search_URL REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_Page_URL REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.com/?gws_rd=ssl
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3 ( OK = 3 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
=========
Atapi.sys
=========
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\atapi.sys
##
96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\system32\drivers\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\system32\drivers\atapi.sys
Référence :
==========
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e
=======
Drive :
=======
Défragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.
Rapport d'analyse
144 Go total, 2,79 Go libre (1%), 27% fragmenté (fragmentation du fichier 52%)
Vous devriez défragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Present !! : C:\Documents and Settings\jeremy\Local Settings\Temporary Internet Files\SuggestedSites.dat
¤¤¤¤¤¤¤¤¤¤ Keys :
============
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-10 12:33:20
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82FD71F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x82fd71f8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
AntiVirusOverride REG_DWORD 1 (0x1)
FirewallOverride REG_DWORD 1 (0x1)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 12:33:23,09
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
jojorisman
Messages postés
72
Date d'inscription
mercredi 5 septembre 2007
Statut
Membre
Dernière intervention
12 juillet 2011
10 avril 2010 à 13:18
10 avril 2010 à 13:18
Kill'em by g3n-h@ckm@n 1.7.0.4
User : jeremy (Administrateurs)
Update on 09/04/2010 by g3n-h@ckm@n ::::: 15.30
Start at: 12:40:29 | 10/04/2010
AMD Athlon(tm) XP 3000+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : avast! antivirus 4.8.1229 [VPS 090831-0] 4.8.1229 [ Enabled | (!) Outdated ]
C:\ -> Disque fixe local | 144,04 Go (2,78 Go free) [HDD] | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\mysql\bin\mysqld-nt.exe
C:\Program Files\VeriSign\NAVI\naviagent.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\VeriSign\NAVI\NAVICL~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\List_Kill'em\ERUNT.EXE
C:\Program Files\List_Kill'em\pv.exe
Detections :
==========
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\Documents and Settings\jeremy\Local Settings\Temporary Internet Files\SuggestedSites.dat
==============
host file OK !
==============
========
Registry
========
=================
Internet Explorer
=================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.com/?gws_rd=ssl
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
===============
Security Center
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
AntiVirusOverride REG_DWORD 1 (0x1)
FirewallOverride REG_DWORD 1 (0x1)
========
Services
=========
Ndisuio : Start = 3
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2
============
Disk Cleaned
============
=================
anti-ver blaster : OK !!
=================
================
Prefetch cleaned
================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
User : jeremy (Administrateurs)
Update on 09/04/2010 by g3n-h@ckm@n ::::: 15.30
Start at: 12:40:29 | 10/04/2010
AMD Athlon(tm) XP 3000+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : avast! antivirus 4.8.1229 [VPS 090831-0] 4.8.1229 [ Enabled | (!) Outdated ]
C:\ -> Disque fixe local | 144,04 Go (2,78 Go free) [HDD] | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\mysql\bin\mysqld-nt.exe
C:\Program Files\VeriSign\NAVI\naviagent.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\VeriSign\NAVI\NAVICL~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\List_Kill'em\ERUNT.EXE
C:\Program Files\List_Kill'em\pv.exe
Detections :
==========
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\Documents and Settings\jeremy\Local Settings\Temporary Internet Files\SuggestedSites.dat
==============
host file OK !
==============
========
Registry
========
=================
Internet Explorer
=================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.com/?gws_rd=ssl
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
===============
Security Center
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
AntiVirusOverride REG_DWORD 1 (0x1)
FirewallOverride REG_DWORD 1 (0x1)
========
Services
=========
Ndisuio : Start = 3
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2
============
Disk Cleaned
============
=================
anti-ver blaster : OK !!
=================
================
Prefetch cleaned
================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
jacques.gache
Messages postés
33453
Date d'inscription
mardi 13 novembre 2007
Statut
Contributeur sécurité
Dernière intervention
25 janvier 2016
1 616
10 avril 2010 à 16:40
10 avril 2010 à 16:40
bon , maintenant il faudra penser à faire les mise à jour pour ton pc sinon tu as des failles de sécurité et les malwares risque de s'y inflitrer !!
donc tu installeras le SP3 de xp : https://www.commentcamarche.net/telecharger/systemes-d-exploitation/20759-sp3-windows-xp/
et puis désinstalles java depuis ajout suppression des programmes et installes la derniére version : https://www.commentcamarche.net/telecharger/developpement/12917-java-runtime-environment/
et puis tu as avast 4 , qui n'est pas donné comme le plus performant des anti-virus gratuit , perso je te conseillerais de passer à antivir beaucoup plus performant !!
Mais si tiens à conserver avast il faudrait désinstaller la version 4 et installer la dernière la 5
bon pour désinstaller avast aide toi de cette page : https://www.commentcamarche.net/telecharger/securite/22859-utilitaire-de-desinstallation-de-avast/
après soit tu passes à antivir : https://www.commentcamarche.net/faq/16831-tutoriel-configuration-optimale-d-antivir-personal
soit tu installes la dernière version de avast : http://www.commentcamarche.net/telecharger/telecharger-151-avast
et si besoin un tuto pour t'aider à le configurer le mieux possible : https://forums.cnetfrance.fr/tutoriels-securite-informatique/265269-avast-5-nouveau-tutoriel-avast
donc tu installeras le SP3 de xp : https://www.commentcamarche.net/telecharger/systemes-d-exploitation/20759-sp3-windows-xp/
et puis désinstalles java depuis ajout suppression des programmes et installes la derniére version : https://www.commentcamarche.net/telecharger/developpement/12917-java-runtime-environment/
et puis tu as avast 4 , qui n'est pas donné comme le plus performant des anti-virus gratuit , perso je te conseillerais de passer à antivir beaucoup plus performant !!
Mais si tiens à conserver avast il faudrait désinstaller la version 4 et installer la dernière la 5
bon pour désinstaller avast aide toi de cette page : https://www.commentcamarche.net/telecharger/securite/22859-utilitaire-de-desinstallation-de-avast/
après soit tu passes à antivir : https://www.commentcamarche.net/faq/16831-tutoriel-configuration-optimale-d-antivir-personal
soit tu installes la dernière version de avast : http://www.commentcamarche.net/telecharger/telecharger-151-avast
et si besoin un tuto pour t'aider à le configurer le mieux possible : https://forums.cnetfrance.fr/tutoriels-securite-informatique/265269-avast-5-nouveau-tutoriel-avast