Virus antispyware soft
jremi
-
jremi -
jremi -
Bonjour à tous ! Je viens de me faire avoir par une fenêtre pop-up qui m'a installé antispyware soft dans la barre des tâches.
J'ai globalement le même problème qu'un utilisateur qui a déjà posté ici pour le même prob. Je créer mon topic pour poster mes rapports. Je suis sous vista et ai antivir. J'aivai aussi antimalwarebyte avec lequel j'ai fait un scan et supprimé les fichiers infectés. Voici le rapport (cf après). Je suis en train de faire un scan avec List_kill'em.
Je vais suivre la procédure que vous avez déjà décrit sur le forum, mais si un "ange gardien du web" pouvait me chapeauter ce serai cool ! Merci encore du travail que vous faites. J'attend votre réponse et vais faire un nettoyage avec list kill'em dès que possible...
Malwarebytes' Anti-Malware 1.41
Database version: 2909
Windows 6.0.6001 Service Pack 1 (Safe Mode)
29/04/2010 13:57:25
mbam-log-2010-04-29 (13-57-25).txt
Scan type: Full Scan (C:\|E:\|)
Objects scanned: 235405
Time elapsed: 1 hour(s), 8 minute(s), 51 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\partner service (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\partner service (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\partner service (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\softwarehelper (Rogue.Eorezo) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\aimée\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\ProgramData\Partner\partner.exe (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Users\aimée\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdate.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
J'ai globalement le même problème qu'un utilisateur qui a déjà posté ici pour le même prob. Je créer mon topic pour poster mes rapports. Je suis sous vista et ai antivir. J'aivai aussi antimalwarebyte avec lequel j'ai fait un scan et supprimé les fichiers infectés. Voici le rapport (cf après). Je suis en train de faire un scan avec List_kill'em.
Je vais suivre la procédure que vous avez déjà décrit sur le forum, mais si un "ange gardien du web" pouvait me chapeauter ce serai cool ! Merci encore du travail que vous faites. J'attend votre réponse et vais faire un nettoyage avec list kill'em dès que possible...
Malwarebytes' Anti-Malware 1.41
Database version: 2909
Windows 6.0.6001 Service Pack 1 (Safe Mode)
29/04/2010 13:57:25
mbam-log-2010-04-29 (13-57-25).txt
Scan type: Full Scan (C:\|E:\|)
Objects scanned: 235405
Time elapsed: 1 hour(s), 8 minute(s), 51 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\partner service (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\partner service (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\partner service (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\softwarehelper (Rogue.Eorezo) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\aimée\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\ProgramData\Partner\partner.exe (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Users\aimée\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdate.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
A voir également:
- Virus antispyware soft
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Dvd soft - Télécharger - TV & Vidéo
- Undisclosed-recipients virus - Guide
- Disc soft lite bus service ✓ - Forum Téléchargement
1 réponse
Voici le rapport de kill'em après clean:
Kill'em by g3n-h@ckm@n 1.7.2.4
User : Jean-rémi (Administrateurs)
Update on 28/04/2010 by g3n-h@ckm@n ::::: 10.45
Start at: 14:37:24 | 29/04/2010
Pentium(R) Dual-Core CPU T4200 @ 2.00GHz
Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 8.0.6001.18904
Windows Firewall Status : Enabled
C:\ -> Disque fixe local | 232,73 Go (38,01 Go free) [Vista] | NTFS
E:\ -> Disque fixe local | 231,57 Go (226,32 Go free) [Data] | NTFS
F:\ -> Disque CD-ROM
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\runonce.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\PresentationSettings.exe
C:\Program Files\List_Kill'em\ERUNT.EXE
C:\Program Files\List_Kill'em\pv.exe
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\ProgramData\hpzinstall.log
Quarantined & Deleted !! : C:\Program Files\Ask.com
Quarantined & Deleted !! : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Quarantined & Deleted !! : C:\Windows\system32\drivers\Fdc.sys
Quarantined & Deleted !! : C:\Windows\Temp\CabB467.tmp
Quarantined & Deleted !! : C:\Windows\Temp\CFGA8AD.tmp
Quarantined & Deleted !! : C:\Windows\Temp\CFGB347.tmp
Quarantined & Deleted !! : C:\Windows\Temp\CFGBAC6.tmp
Quarantined & Deleted !! : C:\Windows\Temp\DMI16AC.tmp
Quarantined & Deleted !! : C:\Windows\Temp\DMI49BC.tmp
Quarantined & Deleted !! : C:\Windows\Temp\DMI5CD0.tmp
Quarantined & Deleted !! : C:\Windows\Temp\DMI5D99.tmp
Quarantined & Deleted !! : C:\Windows\Temp\DMI850E.tmp
Quarantined & Deleted !! : C:\Windows\Temp\DMI9674.tmp
Quarantined & Deleted !! : C:\Windows\Temp\DMIA321.tmp
Quarantined & Deleted !! : C:\Windows\Temp\DMIA562.tmp
Quarantined & Deleted !! : C:\Windows\Temp\DMIA68B.tmp
Quarantined & Deleted !! : C:\Windows\Temp\DMIAE09.tmp
Quarantined & Deleted !! : C:\Windows\Temp\DMIB0B8.tmp
Quarantined & Deleted !! : C:\Windows\Temp\DMIB1B1.tmp
Quarantined & Deleted !! : C:\Windows\Temp\DMICCC.tmp
Quarantined & Deleted !! : C:\Windows\Temp\DMIF.tmp
Quarantined & Deleted !! : C:\Windows\Temp\gd4308.tmp
Quarantined & Deleted !! : C:\Windows\Temp\gdD806.tmp
Quarantined & Deleted !! : C:\Windows\Temp\GUR2B26.tmp
Quarantined & Deleted !! : C:\Windows\Temp\GUR6315.tmp
Quarantined & Deleted !! : C:\Windows\Temp\GUR6882.tmp
Quarantined & Deleted !! : C:\Windows\Temp\GUR9C4E.tmp
Quarantined & Deleted !! : C:\Windows\Temp\GURD0F5.tmp
Quarantined & Deleted !! : C:\Windows\Temp\GURDD34.tmp
Quarantined & Deleted !! : C:\Windows\Temp\GURED0C.tmp
Quarantined & Deleted !! : C:\Windows\Temp\TarB468.tmp
Quarantined & Deleted !! : C:\Users\Jean-r'mi\AppData\Local\d3d9caps.dat
Quarantined & Deleted !! : C:\Users\Jean-r'mi\AppData\Local\GDIPFONTCACHEV1.DAT
Quarantined & Deleted !! : C:\Users\Jean-r'mi\AppData\LocalLow\AskToolbar
Quarantined & Deleted !! : C:\Users\Jean-r'mi\Local Settings\Temp\ytb.exe
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\BMcd.exe
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\contentDATs.exe
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\Mabk.exe
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\SecurityScan_Release.exe
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\war3_Install.exe
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\CmdLineExt02.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna1558396530451620481.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna1882782165277571249.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna1968886539398638109.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna2191728199911518993.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna2297090831920943793.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna2334470321804123106.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna2567876367199998894.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna2673338784072051152.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna2675313595752296625.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna2707275351836836136.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna2818183448183821384.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna3321685185356508708.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna3353112227014646415.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna3455976507611652411.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna3494455078020477596.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna3498901180250257700.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna3635765337706762989.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna3695229256794664104.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna3721263925447090588.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna4103800937865380935.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna4200407759099484525.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna4449989490631112749.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna4542209430517416904.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna4595035736131794994.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna4670279343891491951.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna4986305248727253176.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna5123811701302008458.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna5359176037237522146.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna5481799004554288871.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna5585566046227737642.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna5604110154026007514.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna5843778338827493027.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna5862036406192811792.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna5925597476537882149.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna5948350941260307943.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna6186330262878662707.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna6398012156885169912.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna6436134983259655553.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna6584982352264930685.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna6739519523035812732.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna7359111716186339159.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna7496557533589828280.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna7769477923952817333.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna7795119377123571659.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna7855067652815445449.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna7878938335585473393.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna7946093482254808849.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna7967893920537020521.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna8394066177592418672.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna8422011979465590422.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna8617873643844747695.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna8882133399666634254.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna8918101644974224486.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna8989794079280837431.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna9042368691357413197.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna9061150383104923690.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna9085262336214209886.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna972996783610866396.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\SIntf16.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\SIntf32.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\SIntfNT.dll
=======
Hosts :
=======
127.0.0.1 localhost
========
Registry
========
Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440}
Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440}
Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\{00000000-6E41-4FD3-8538-502F5495E5FC}
Deleted : "HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}"
Deleted : "HKCU\software\microsoft\internet explorer\searchscopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}"
Deleted : "HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}"
Deleted : "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar"
Deleted : "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}"
Deleted : HKCR\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}
Deleted : HKCR\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}
Deleted : HKCR\GenericAskToolbar.ToolbarWnd
Deleted : HKCR\GenericAskToolbar.ToolbarWnd.1
Deleted : HKCR\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Deleted : HKCU\software\appdatalow\AskToolbarInfo
Deleted : HKCU\software\appdatalow\software\AskToolbar
Deleted : HKCU\software\Ask.com
Deleted : HKCU\SOFTWARE\avsoft
Deleted : HKCU\Software\avsuite
Deleted : HKCU\SOFTWARE\EoRezo
Deleted : HKLM\software\classes\appid\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Deleted : HKLM\software\classes\appid\GenericAskToolbar.DLL
Deleted : HKLM\software\classes\installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Deleted : HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Deleted : HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Deleted : HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Deleted : HKLM\software\microsoft\windows\currentversion\uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
=================
Internet Explorer
=================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.com/?gws_rd=ssl
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
===============
Security Center
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval REG_DWORD 1 (0x1)
FirstRunDisabled REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
AntiVirusOverride REG_DWORD 1 (0x1)
FirewallOverride REG_DWORD 1 (0x1)
========
Services
=========
Ndisuio : Start = 3
EapHost : Start = 2
Wlansvc : Start = 2
SharedAccess : Start = 2
windefend : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2
============
Disk Cleaned
anti-ver blaster : OK
Prefetch cleaned
================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Kill'em by g3n-h@ckm@n 1.7.2.4
User : Jean-rémi (Administrateurs)
Update on 28/04/2010 by g3n-h@ckm@n ::::: 10.45
Start at: 14:37:24 | 29/04/2010
Pentium(R) Dual-Core CPU T4200 @ 2.00GHz
Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 8.0.6001.18904
Windows Firewall Status : Enabled
C:\ -> Disque fixe local | 232,73 Go (38,01 Go free) [Vista] | NTFS
E:\ -> Disque fixe local | 231,57 Go (226,32 Go free) [Data] | NTFS
F:\ -> Disque CD-ROM
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\runonce.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\PresentationSettings.exe
C:\Program Files\List_Kill'em\ERUNT.EXE
C:\Program Files\List_Kill'em\pv.exe
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\ProgramData\hpzinstall.log
Quarantined & Deleted !! : C:\Program Files\Ask.com
Quarantined & Deleted !! : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Quarantined & Deleted !! : C:\Windows\system32\drivers\Fdc.sys
Quarantined & Deleted !! : C:\Windows\Temp\CabB467.tmp
Quarantined & Deleted !! : C:\Windows\Temp\CFGA8AD.tmp
Quarantined & Deleted !! : C:\Windows\Temp\CFGB347.tmp
Quarantined & Deleted !! : C:\Windows\Temp\CFGBAC6.tmp
Quarantined & Deleted !! : C:\Windows\Temp\DMI16AC.tmp
Quarantined & Deleted !! : C:\Windows\Temp\DMI49BC.tmp
Quarantined & Deleted !! : C:\Windows\Temp\DMI5CD0.tmp
Quarantined & Deleted !! : C:\Windows\Temp\DMI5D99.tmp
Quarantined & Deleted !! : C:\Windows\Temp\DMI850E.tmp
Quarantined & Deleted !! : C:\Windows\Temp\DMI9674.tmp
Quarantined & Deleted !! : C:\Windows\Temp\DMIA321.tmp
Quarantined & Deleted !! : C:\Windows\Temp\DMIA562.tmp
Quarantined & Deleted !! : C:\Windows\Temp\DMIA68B.tmp
Quarantined & Deleted !! : C:\Windows\Temp\DMIAE09.tmp
Quarantined & Deleted !! : C:\Windows\Temp\DMIB0B8.tmp
Quarantined & Deleted !! : C:\Windows\Temp\DMIB1B1.tmp
Quarantined & Deleted !! : C:\Windows\Temp\DMICCC.tmp
Quarantined & Deleted !! : C:\Windows\Temp\DMIF.tmp
Quarantined & Deleted !! : C:\Windows\Temp\gd4308.tmp
Quarantined & Deleted !! : C:\Windows\Temp\gdD806.tmp
Quarantined & Deleted !! : C:\Windows\Temp\GUR2B26.tmp
Quarantined & Deleted !! : C:\Windows\Temp\GUR6315.tmp
Quarantined & Deleted !! : C:\Windows\Temp\GUR6882.tmp
Quarantined & Deleted !! : C:\Windows\Temp\GUR9C4E.tmp
Quarantined & Deleted !! : C:\Windows\Temp\GURD0F5.tmp
Quarantined & Deleted !! : C:\Windows\Temp\GURDD34.tmp
Quarantined & Deleted !! : C:\Windows\Temp\GURED0C.tmp
Quarantined & Deleted !! : C:\Windows\Temp\TarB468.tmp
Quarantined & Deleted !! : C:\Users\Jean-r'mi\AppData\Local\d3d9caps.dat
Quarantined & Deleted !! : C:\Users\Jean-r'mi\AppData\Local\GDIPFONTCACHEV1.DAT
Quarantined & Deleted !! : C:\Users\Jean-r'mi\AppData\LocalLow\AskToolbar
Quarantined & Deleted !! : C:\Users\Jean-r'mi\Local Settings\Temp\ytb.exe
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\BMcd.exe
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\contentDATs.exe
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\Mabk.exe
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\SecurityScan_Release.exe
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\war3_Install.exe
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\CmdLineExt02.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna1558396530451620481.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna1882782165277571249.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna1968886539398638109.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna2191728199911518993.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna2297090831920943793.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna2334470321804123106.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna2567876367199998894.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna2673338784072051152.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna2675313595752296625.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna2707275351836836136.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna2818183448183821384.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna3321685185356508708.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna3353112227014646415.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna3455976507611652411.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna3494455078020477596.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna3498901180250257700.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna3635765337706762989.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna3695229256794664104.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna3721263925447090588.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna4103800937865380935.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna4200407759099484525.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna4449989490631112749.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna4542209430517416904.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna4595035736131794994.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna4670279343891491951.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna4986305248727253176.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna5123811701302008458.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna5359176037237522146.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna5481799004554288871.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna5585566046227737642.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna5604110154026007514.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna5843778338827493027.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna5862036406192811792.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna5925597476537882149.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna5948350941260307943.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna6186330262878662707.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna6398012156885169912.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna6436134983259655553.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna6584982352264930685.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna6739519523035812732.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna7359111716186339159.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna7496557533589828280.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna7769477923952817333.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna7795119377123571659.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna7855067652815445449.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna7878938335585473393.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna7946093482254808849.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna7967893920537020521.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna8394066177592418672.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna8422011979465590422.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna8617873643844747695.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna8882133399666634254.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna8918101644974224486.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna8989794079280837431.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna9042368691357413197.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna9061150383104923690.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna9085262336214209886.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\jna972996783610866396.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\SIntf16.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\SIntf32.dll
Quarantined & Deleted !! : C:\Users\Jean-r'mi\LOCAL Settings\Temp\SIntfNT.dll
=======
Hosts :
=======
127.0.0.1 localhost
========
Registry
========
Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440}
Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440}
Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\{00000000-6E41-4FD3-8538-502F5495E5FC}
Deleted : "HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}"
Deleted : "HKCU\software\microsoft\internet explorer\searchscopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}"
Deleted : "HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}"
Deleted : "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar"
Deleted : "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}"
Deleted : HKCR\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}
Deleted : HKCR\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}
Deleted : HKCR\GenericAskToolbar.ToolbarWnd
Deleted : HKCR\GenericAskToolbar.ToolbarWnd.1
Deleted : HKCR\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Deleted : HKCU\software\appdatalow\AskToolbarInfo
Deleted : HKCU\software\appdatalow\software\AskToolbar
Deleted : HKCU\software\Ask.com
Deleted : HKCU\SOFTWARE\avsoft
Deleted : HKCU\Software\avsuite
Deleted : HKCU\SOFTWARE\EoRezo
Deleted : HKLM\software\classes\appid\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Deleted : HKLM\software\classes\appid\GenericAskToolbar.DLL
Deleted : HKLM\software\classes\installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Deleted : HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Deleted : HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Deleted : HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Deleted : HKLM\software\microsoft\windows\currentversion\uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
=================
Internet Explorer
=================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.com/?gws_rd=ssl
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
===============
Security Center
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval REG_DWORD 1 (0x1)
FirstRunDisabled REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
AntiVirusOverride REG_DWORD 1 (0x1)
FirewallOverride REG_DWORD 1 (0x1)
========
Services
=========
Ndisuio : Start = 3
EapHost : Start = 2
Wlansvc : Start = 2
SharedAccess : Start = 2
windefend : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2
============
Disk Cleaned
anti-ver blaster : OK
Prefetch cleaned
================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
