Pc-infecté

zenasmus Messages postés 91 Statut Membre -  
zenasmus Messages postés 91 Statut Membre -
Bonjour,

je pense que mon pc à un probleme que ni kaspersky ni malwarebytes ni usbfixe n'a resoud ce probleme aidez moi svp merci ci-joint rapport hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:17:19, on 30/06/2011
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\dwrcs\DWRCST.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\mzenasni\AppData\Local\MediaGet2\mediaget.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
C:\Windows\system32\DllHost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\explorer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.5.32.3:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.175.0.38;10.5.1.27;10.5.1.15;10.175.12.255;10.175.2.23;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Gossiper Toolbar - {0a452a47-c5a8-4854-a237-4b9b06b376f0} - C:\Program Files\Gossiper\tbGoss.dll
R3 - URLSearchHook: Messenger Plus Toolbar - {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - C:\Program Files\Messenger_Plus\prxtbMess.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Gossiper Toolbar - {0a452a47-c5a8-4854-a237-4b9b06b376f0} - C:\Program Files\Gossiper\tbGoss.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTorr.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Messenger Plus - {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - C:\Program Files\Messenger_Plus\prxtbMess.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTorr.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Gossiper Toolbar - {0a452a47-c5a8-4854-a237-4b9b06b376f0} - C:\Program Files\Gossiper\tbGoss.dll
O3 - Toolbar: Messenger Plus Toolbar - {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - C:\Program Files\Messenger_Plus\prxtbMess.dll
O3 - Toolbar: LimeWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [DameWare MRC Agent] C:\Windows\dwrcs\DWRCST.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MediaGet2] C:\Users\mzenasni\AppData\Local\MediaGet2\mediaget.exe --minimized
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - Startup: Microsoft SharePoint Workspace.lnk = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
O4 - Global Startup: tracker.html
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Ajouter à l'Anti-bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Télécharger avec Mipony - file://C:\Program Files\MiPony\Browser\IEContext.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = shdpina.local
O17 - HKLM\Software\..\Telephony: DomainName = shdpina.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = shdpina.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = shdpina.local
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DameWare Mini Remote Control (dwmrcs) - DameWare Development LLC - C:\Windows\dwrcs\DWRCS.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) PROSet Monitoring Service - Intel Corporation - C:\Windows\system32\IProsetMonitor.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 11543 bytes

51 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Problème identifié : malgré des outils de sécurité tels que Kaspersky, Malwarebytes et USBFix, le rapport HijackThis signale une configuration système lourde en éléments potentiellement indésirables et en paramètres réseau suspects.
Parmi les éléments relevés figure une succession d’extensions et de modules (BHO), barres d’outils et programmes au démarrage, ainsi que des entrées proxy et des entries Winsock douteuses, suggérant une possible infection multi-composants.
En cas de détails supplémentaires, la présence de domaine local shdpina.local et d’un proxy 10.5.32.3:8080, ainsi que des noms de services et de processus inhabituels, apportent des pistes à explorer pour un nettoyage ciblé.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. g3n-h@ckm@n
     
    salut on ne fait pas installer avast alors que l'internaute a déjà Kaspersky c'est inutile
    ¤¤¤¤¤¤¤¤¤¤_g3n-h@ckm@n_developpement_¤¤¤¤¤¤¤¤¤¤
    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤_Pre_scan_¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    3
  2. g3n-h@ckm@n
     
    salut

    desactive ton antivirus
    desactive Windows defender si présent
    desactive ton pare-feu

    Ferme toutes tes appilications en cours

    telecharge et enregistre ceci sur ton bureau :

    Pre_Scan

    mirroir :

    http://www.archive-host.com

    s'il n'est pas sur ton bureau coupe-le de ton dossier telechargements et colle-le sur ton bureau

    Avertissement: Il y aura une extinction courte du bureau --> pas de panique.

    une fois telechargé lance-le , laisse faire le scan jusqu'à l'apparition de "Pre_scan.txt" sur le bureau.

    si 'outil est bloqué par l'infection utilise cette version : Version .pif

    si l'outil detecte un proxy et que tu n'en as pas installé clique sur "supprimer le proxy"

    si l'outil semble ne pas avoir fonctionné renomme-le winlogon , ou change son extension en .com ou .scr

    Il se peut qu'une multitude de fenêtres noires clignotent , laisse-le travailler

    Poste Pre_Scan.txt qui apparaitra sur le bureau en fin de scan

    ▶▶▶ NE LE POSTE PAS SUR LE FORUM (il est trop long)

    clique sur ce lien : http://www.cijoint.fr/

    ▶ Clique sur Parcourir et cherche le fichier ci-dessus.

    ▶ Clique sur Ouvrir.

    ▶ Clique sur "Cliquez ici pour déposer le fichier".

    Un lien de cette forme :

    http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

    est ajouté dans la page.

    ▶ Copie ce lien dans ta réponse.
    3
  3. g3n-h@ckm@n
     
    ne fais que ce que je te demande et n'ecoute pas les conseils des autres sauf si j'approuve

    ▶ Télécharge ici : Ad-remover sur ton bureau :

    ▶ Déconnecte toi et ferme toutes applications en cours !

    si tu as XP => double clique
    si tu as Vista ou windows 7 => clic droit "executer en tant que...."


    ▶ sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .

    ▶ clique le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .

    ▶ Au menu principal choisis "option Nettoyer" et tape sur [entrée] .

    ▶ Laisse travailler l'outil et ne touche à rien ...

    ▶ Poste le rapport qui apparait à la fin , sur le forum ...

    ( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
    ( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

    2
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. g3n-h@ckm@n
     
    n'utilise pas les outils sans que je te le demande

    desinstalle tout ce qui contient le mot toolbar

    ===============================

    tu fais n importe quoi avec ton ordinateur

    ===============================

    plutot que de cracker Micrososft office , tu peux utiliser open office qui lui est gratuit

    ===========================

    fais glisser n'importe quel fichier sur Pre_scan , pre_script va apparaitre

    si ce n'est le cas , télécharge-le ici :

    http://dl.dropbox.com/u/21363431/Pre_Script.exe

    ouvre Pre_script et colle ce qui suit en gras, à l'interieur du texte qui s'ouvre ,
    sans les lignes , en une seule fois en le mettant en surbrillance :
    ___________________________________________________
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MediaGet2"=-
    "IDMan"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"=-
    "Adobe Reader Speed Launcher"=-
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar]
    "{7c5c0f58-e061-457d-9033-77307f5ed00c}"=-
    "{0a452a47-c5a8-4854-a237-4b9b06b376f0}"=-
    "{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}"=-
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    [-HKEY_CURRENT_USER\Software\Avfxaug]
    [-HKEY_CURRENT_USER\Software\Awcfnakk]
    [-HKEY_CURRENT_USER\Software\BitLord]
    [-HKEY_CURRENT_USER\Software\Kitoy Kim]
    [-HKEY_CURRENT_USER\Software\kNok]
    [-HKEY_CURRENT_USER\Software\ooefxzbc]
    [-HKEY_LOCAL_MACHINE\Software\Gossiper]
    [-HKEY_LOCAL_MACHINE\Software\MediaGet]
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    C:\Windows\system32\csrss.exe=-
    C:\Windows\system32\winlogon.exe=-
    C:\Windows\system32\wininit.exe=-
    C:\Windows\System32\svchost.exe=-
    C:\Windows\system32\Dwm.exe=-
    C:\Windows\system32\services.exe=-
    C:\Windows\system32\LogonUI.exe=-
    C:\Windows\system32\taskeng.exe=-
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe=-
    C:\Windows\Explorer.EXE=-
    C:\Windows\system32\atiesrxx.exe=-

    file::
    C:\Windows\Tasks\AutoKMS.job
    C:\Windows\Tasks\AutoKMSDaily.job
    C:\Windows\Tasks\Updater.job
    C:\Windows\Tasks\Windows 7 Manager Live Update.job

    folder::
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitLord
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaGet2
    C:\Users\mzenasni\AppData\Roaming\kkl
    C:\Users\mzenasni\AppData\Roaming\Media Get LLC
    C:\Users\mzenasni\AppData\Roaming\moovida-1
    C:\ProgramData\Media Get LLC
    C:\Users\mzenasni\AppData\Local\crazyloader Air
    C:\Users\mzenasni\AppData\Local\Media Get LLC
    C:\Users\mzenasni\AppData\Local\MediaGet2
    C:\Users\mzenasni\AppData\Local\moovida Air
    C:\Program Files\BitLord
    C:\Program Files\Gossiper
    C:\Program Files\Live_TV
    C:\Program Files\Messenger_Plus

    attrib::

    ___________________________________________________

    copie-le (ctrl+c ou clique droit sur la selection puis => copier)

    puis onglet fichier => enregistrer (pas enregistrer sous...) , puis ferme le texte

    des fenetres noires risquent de clignoter , c'est normal , c'est le programme qui travaille

    poste Pre_Script.txt qui apparaitra sur le bureau en fin de travail
    1
  6. zenasmus Messages postés 91 Statut Membre
     
    voici le lien du rapport

    http://www.cijoint.fr/cjlink.php?file=cj201106/cijJnxoIKz.txt
    0
  7. g3n-h@ckm@n
     
    Fais analyser le(s) fichier(s) suivants sur Virustotal :

    Virus Total

    clique sur "Parcourir" et trouve puis selectionne ce(s) fichier(s) :

    C:\Windows\dwrcs\DWRCS.EXE

    * Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
    * Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
    * Lorsque l'analyse est terminée colle le lien de(s)( la) page(s) dans ta prochaine réponse.
    0
  8. zenasmus Messages postés 91 Statut Membre
     
    voici:

    http://www.virustotal.com/file-scan/report.html?id=27af6b57b188467b6a4a1144a4c5d60876c20995f0d1823a688ec5938cba7b93-1305127594
    0
  9. zenasmus Messages postés 91 Statut Membre
     
    voici le lien :

    http://www.virustotal.com/file-scan/report.html?id=27af6b57b188467b6a4a1144a4c5d60876c20995f0d1823a688ec5938cba7b93-1305127594
    0
  10. g3n-h@ckm@n
     
    le nom du fichier ne correspond pas avec ma demande
    0
  11. zenasmus Messages postés 91 Statut Membre
     
    voici :

    http://www.cijoint.fr/cjlink.php?file=cj201107/cijhrrab3I.txt
    0
  12. zenasmus Messages postés 91 Statut Membre
     
    --je n'ai pas compris?????
    0
  13. zenasmus Messages postés 91 Statut Membre
     
    -http://www.cijoint.fr/cjlink.php?file=cj201107/cijU7HFmEM.txt
    0
  14. zenasmus Messages postés 91 Statut Membre
     
    --je ne sais pas qu'st ce qui se passe 2 mn
    0
  15. zenasmus Messages postés 91 Statut Membre
     
    le problème je n'arrive pas à m'inscrire sur le site cijoint.fr
    0
  16. zenasmus Messages postés 91 Statut Membre
     
    je n'ai pas d'autre solution:

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan 1.0.2.35 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤ XP | Vista | Seven - 32/64 bits ¤¤¤¤¤

    Mis à jour le 30/06/2011 | 17.50 par g3n-h@ckm@n
    Informations : http://www.forum-fec.net/t1444-pre_scan-versions
    Remontées : http://www.forum-fec.net/t1445-feedback-pre_scan

    Utilisateur : mzenasni (Administrateurs)
    Ordinateur : INT-HEB-5655

    Système d'exploitation : Windows 7 Ultimate (32 bits) Ultimate
    Type d'installation : Client
    Enregistré sous : adida
    Processeur : Intel(R) Core(TM)2 Quad CPU Q9400 @ 2.66GHz
    Identification : x86 Family 6 Model 23 Stepping 10
    Internet Explorer : 8.0.7600.16385
    Mozilla Firefox : 5.0 (fr)
    Pare-feu windows : Actif
    Windows Defender : Actif

    c:\ -> [Fixed] | [] | Total : 136000 Mo | Free : 11300 Mo -> NTFS
    d:\ -> [Fixed] | [] | Total : 340930 Mo | Free : 165410 Mo -> NTFS
    e:\ -> [CDROM] | [GB1CENVOL_EN_DVD] | Total : 3630 Mo | Free : 0 Mo -> UDF
    g:\ -> [CDROM] | [] | Total : 0 Mo | Free : 0 Mo ->
    r:\ -> [Network] | [] | Total : 52000 Mo | Free : 41840 Mo -> NTFS

    Scan : 12:07:56 | 01/07/2011

    ¤¤¤¤¤¤¤¤¤¤ Sessions

    [HKLM | ProfileList] | S-1-5-21-2334014890-2074115081-2488859327-1000 : ProfileImagePath -> C:\Users\adida
    [HKLM | ProfileList] | S-1-5-21-2334014890-2074115081-2488859327-1000 : RefCount -> 0
    [HKLM | ProfileList] | S-1-5-21-2334014890-2074115081-2488859327-1000 : State -> 0
    [HKLM | ProfileList] | S-1-5-21-3028403037-2726206162-3131094494-1649 : ProfileImagePath -> C:\Users\adida.SHDPINA
    [HKLM | ProfileList] | S-1-5-21-3028403037-2726206162-3131094494-1649 : RefCount -> 0
    [HKLM | ProfileList] | S-1-5-21-3028403037-2726206162-3131094494-1649 : State -> 0
    [HKLM | ProfileList] | S-1-5-21-3028403037-2726206162-3131094494-1650 : ProfileImagePath -> C:\Users\mzenasni
    [HKLM | ProfileList] | S-1-5-21-3028403037-2726206162-3131094494-1650 : RefCount -> 1
    [HKLM | ProfileList] | S-1-5-21-3028403037-2726206162-3131094494-1650 : State -> 256
    [HKLM | ProfileList] | S-1-5-21-3028403037-2726206162-3131094494-500 : ProfileImagePath -> C:\Users\administrateur
    [HKLM | ProfileList] | S-1-5-21-3028403037-2726206162-3131094494-500 : RefCount -> 0
    [HKLM | ProfileList] | S-1-5-21-3028403037-2726206162-3131094494-500 : State -> 256

    ¤¤¤¤¤¤¤¤¤¤¤ Processus en cours

    Demarrage : Normal

    492 | C:\Windows\System32\smss.exe - Système - Normal - \SystemRoot\System32\smss.exe - 4
    608 | C:\Windows\system32\csrss.exe - Système - Normal - %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 - 564
    688 | C:\Windows\system32\wininit.exe - Système - High - wininit.exe - 564
    696 | C:\Windows\system32\csrss.exe - Système - Normal - %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 - 680
    736 | C:\Windows\system32\services.exe - Système - Normal - C:\Windows\system32\services.exe - 688
    752 | C:\Windows\system32\lsass.exe - Système - Normal - C:\Windows\system32\lsass.exe - 688
    760 | C:\Windows\system32\lsm.exe - Système - Normal - C:\Windows\system32\lsm.exe - 688
    864 | C:\Windows\system32\svchost.exe - Système - Normal - C:\Windows\system32\svchost.exe -k DcomLaunch - 736
    956 | C:\Windows\system32\winlogon.exe - Système - High - winlogon.exe - 680
    996 | C:\Windows\system32\svchost.exe - SERVICE RÉSEAU - Normal - C:\Windows\system32\svchost.exe -k RPCSS - 736
    1056 | C:\Windows\system32\atiesrxx.exe - Système - Normal - C:\Windows\system32\atiesrxx.exe - 736
    1100 | C:\Windows\System32\svchost.exe - SERVICE LOCAL - Normal - C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted - 736
    1152 | C:\Windows\System32\svchost.exe - Système - Normal - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted - 736
    1188 | C:\Windows\system32\svchost.exe - Système - Normal - C:\Windows\system32\svchost.exe -k netsvcs - 736
    1376 | C:\Windows\system32\svchost.exe - SERVICE LOCAL - Normal - C:\Windows\system32\svchost.exe -k LocalService - 736
    1424 | C:\Windows\system32\atieclxx.exe - Système - Normal - atieclxx - 1056
    1580 | C:\Windows\system32\svchost.exe - SERVICE RÉSEAU - Normal - C:\Windows\system32\svchost.exe -k NetworkService - 736
    1760 | C:\Windows\System32\spoolsv.exe - Système - Normal - C:\Windows\System32\spoolsv.exe - 736
    1808 | C:\Windows\system32\svchost.exe - SERVICE LOCAL - Normal - C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork - 736
    1932 | C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe - Système - Normal - "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" -r - 736
    1968 | C:\Program Files\Bonjour\mDNSResponder.exe - Système - Normal - "C:\Program Files\Bonjour\mDNSResponder.exe" - 736
    2012 | C:\Windows\dwrcs\DWRCS.EXE - Système - Normal - C:\Windows\dwrcs\DWRCS.EXE -service - 736
    508 | C:\Windows\system32\svchost.exe - SERVICE LOCAL - Normal - C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation - 736
    544 | C:\Windows\system32\IProsetMonitor.exe - Système - Normal - C:\Windows\system32\IProsetMonitor.exe - 736
    572 | C:\Windows\system32\svchost.exe - SERVICE LOCAL - Normal - C:\Windows\system32\svchost.exe -k imgsvc - 736
    2072 | C:\Windows\System32\svchost.exe - Système - Normal - C:\Windows\System32\svchost.exe -k WerSvcGroup - 736
    2108 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE - Système - Normal - "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" - 736
    2360 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe - Système - Normal - WLIDSvcM.exe 2108 - 2108
    2764 | C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE - SERVICE RÉSEAU - Normal - "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" - 736
    2924 | C:\Windows\system32\svchost.exe - SERVICE RÉSEAU - Normal - C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted - 736
    3052 | C:\Windows\System32\svchost.exe - SERVICE LOCAL - Normal - C:\Windows\System32\svchost.exe -k LocalServicePeerNet - 736
    3388 | C:\Windows\dwrcs\DWRCST.exe - mzenasni - Normal - 6129 - 2012
    3484 | C:\Windows\system32\taskhost.exe - mzenasni - Normal - taskhost.exe USER - 736
    3636 | C:\Windows\system32\Dwm.exe - mzenasni - High - "C:\Windows\system32\Dwm.exe" - 1152
    3748 | C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe - mzenasni - Normal - "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" - 3672
    3348 | C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe - mzenasni - Normal - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray - 3672
    3324 | C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe - mzenasni - Normal - "C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe" /watchfiles startup - 3672
    3860 | C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe - mzenasni - Normal - "C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" -tray - 3672
    1924 | C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE - mzenasni - Normal - "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" - 3672
    2960 | C:\Program Files\Skype\Phone\Skype.exe - mzenasni - Normal - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized - 3672
    3924 | C:\Program Files\Internet Download Manager\IDMan.exe - mzenasni - Normal - "C:\Program Files\Internet Download Manager\IDMan.exe" /onboot - 3672
    4296 | C:\Program Files\Internet Download Manager\IEMonitor.exe - mzenasni - Normal - "C:\Program Files\Internet Download Manager\IEMonitor.exe" - 3924
    4380 | C:\Program Files\PC Connectivity Solution\ServiceLayer.exe - Système - Normal - "C:\Program Files\PC Connectivity Solution\ServiceLayer.exe" - 736
    4616 | C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe - Système - High - {CA1E2503-69FD-4ACD-B2B9-4EDE21C09ADE} - 4380
    4660 | C:\Windows\System32\mobsync.exe - mzenasni - Normal - C:\Windows\System32\mobsync.exe -Embedding - 864
    4804 | C:\Windows\system32\wbem\wmiprvse.exe - SERVICE RÉSEAU - Normal - C:\Windows\system32\wbem\wmiprvse.exe - 864
    5092 | C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe - Système - High - {CF000141-DA69-4C19-8A82-17313502412F} - 4380
    5344 | C:\Windows\System32\svchost.exe - Système - Normal - C:\Windows\System32\svchost.exe -k secsvcs - 736
    3936 | C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe - mzenasni - High - {106B2759-E487-4CA8-AAD2-35FF7A6365DA} - 4380
    4412 | C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe - mzenasni - Normal - "C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe" - 3860
    168 | C:\Program Files\Microsoft Office\Office14\GROOVE.EXE - mzenasni - Normal - "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /TrayOnly - 3672
    3220 | C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe - Système - Normal - "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" - 736
    604 | C:\Program Files\Nero\Update\NASvc.exe - Système - Normal - "C:\Program Files\Nero\Update\NASvc.exe" - 736
    5736 | C:\Windows\system32\AUDIODG.EXE - SERVICE LOCAL - Normal - C:\Windows\system32\AUDIODG.EXE 0x270 - 1100
    5372 | C:\Windows\system32\DllHost.exe - mzenasni - Normal - C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} - 864
    2300 | C:\Windows\system32\taskeng.exe - mzenasni - Normal - taskeng.exe {5DF97403-EAED-4408-92D2-4A70E97DAE38} - 1188
    2584 | C:\Users\mzenasni\Desktop\Pre_scan.exe - mzenasni - High - "C:\Users\mzenasni\Desktop\Pre_scan.exe" - 3672
    1132 | C:\Windows\system32\cmd.exe - mzenasni - Normal - cmd /c ""C:\Kill'em\Pv.bat" " - 2584
    3340 | C:\Windows\system32\conhost.exe - mzenasni - Normal - \??\C:\Windows\system32\conhost.exe - 696
    7116 | C:\Kill'em\Pv.exe - mzenasni - Normal - C:\Kill'em\pv.exe -o"%i | %f - %u - %p - %l - %r" - 1132

    ¤¤¤¤¤¤¤¤¤¤ Démarrage principaux avant suppression

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [?]
    "NokiaOviSuite2"=C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray [?]
    "OfficeSyncProcess"="C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" [?]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [?]
    "MediaGet2"=C:\Users\mzenasni\AppData\Local\MediaGet2\mediaget.exe --minimized [?]
    "IDMan"=C:\Program Files\Internet Download Manager\IDMan.exe /onboot [?]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [?]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [?]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime [?]
    "BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [?]
    "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [?]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [?]
    "Malwarebytes' Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [?]
    "NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup [?]
    "DameWare MRC Agent"=C:\Windows\dwrcs\DWRCST.exe [16/06/2011|07:22:48]

    ¤¤¤¤¤¤¤¤¤¤ Autres Démarrages Silencieux

    ¤

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] | {B5A7F190-DDA6-4420-B3BA-52453494E6CD} -> Groove GFS Stub Execution Hook
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar] | {7c5c0f58-e061-457d-9033-77307f5ed00c} -> TorrentMan Toolbar
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar] | {EF99BD32-C1FB-11D2-892F-0090271D4F88} -> 0x00
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar] | {0a452a47-c5a8-4854-a237-4b9b06b376f0} -> Gossiper Toolbar
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar] | {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} -> Messenger Plus Toolbar
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar] | {D4027C7F-154A-4066-A1AD-4243D8127440} -> 0x00
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {00C6D95F-329C-409a-81D7-C46C66EA7F33} ->
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {80009818-f38f-4af1-87b5-eadab9433e58} -> MF ADTS Property Handler
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> WinRAR shell extension
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {F764812A-132C-4013-9960-5CBBEB408A0E} -> Nero Shell Extension
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} -> Shell Extensions for RealOne Player
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} -> PowerISO
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {5E2121EE-0300-11D4-8D3B-444553540000} -> Catalyst Context Menu extension
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {872A9397-E0D6-4e28-B64D-52B8D0A7EA35} -> Display CPL Extension
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {AD392E40-428C-459F-961E-9B147782D099} -> UltraISO
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {79BC0345-1015-11D2-A299-006008312725} -> blue.shell
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {81E3EEF3-EE35-4FAF-8588-8196C8F6B1BE} -> Oxygen Express Context Menu Shell Extension
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {E2CB0FA1-5AB0-4886-A8CE-7A84D1B9B261} -> Oxygen Express Context Menu Shell Extension
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {9318A0B9-1B4A-44AA-9BEE-61E6A42936BA} -> Oxygen Express Property Sheet Shell Extension
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} -> Nokia Phone Browser
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {06A2568A-CED6-4187-BB20-400B8C02BE5A} ->
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {00F33137-EE26-412F-8D71-F84E4C2C6625} ->
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} -> Windows Live Photo Gallery Autoplay Drop Target
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} -> Windows Live Photo Gallery Viewer Drop Target
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {00F374B7-B390-4884-B372-2FC349F2172B} -> Windows Live Photo Gallery Editor Drop Target
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} -> Windows Live Photo Gallery Viewer Drop Target Shim
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} -> Windows Live Photo Gallery Editor Drop Target Shim
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {00F30F90-3E96-453B-AFCD-D71989ECC2C7} -> Windows Live Photo Gallery Autoplay Drop Target Shim
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {42042206-2D85-11D3-8CFF-005004838597} -> Microsoft Office HTML Icon Handler
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} -> Microsoft Office Metadata Handler
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} -> Microsoft Office Thumbnail Handler
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} -> Groove Namespace Extension
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} -> Microsoft OneNote Namespace Extension for Windows Desktop Search
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {506F4668-F13E-4AA1-BB04-B43203AB3CC0} -> {506F4668-F13E-4AA1-BB04-B43203AB3CC0}
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {D66DC78C-4F61-447F-942B-3FB6980118CF} -> {D66DC78C-4F61-447F-942B-3FB6980118CF}
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> Groove GFS Browser Helper
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {6C467336-8281-4E60-8204-430CED96822D} -> Groove GFS Context Menu Handler
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} -> Groove GFS Explorer Bar
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {16F3DD56-1AF5-4347-846D-7C10C4192619} -> Groove Explorer Icon Overlay 3 (GFS Folder)
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {B5A7F190-DDA6-4420-B3BA-52453494E6CD} -> Groove GFS Stub Execution Hook
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {A449600E-1DC6-4232-B948-9BD794D62056} -> Groove GFS Stub Icon Handler
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} -> Groove Explorer Icon Overlay 2 (GFS Stub)
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {920E6DB1-9907-4370-B3A0-BAFC03D81399} -> Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} -> Groove Explorer Icon Overlay 4 (GFS Unread Mark)
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {99FD978C-D287-4F50-827F-B2C658EDA8E7} -> Groove Explorer Icon Overlay 1 (GFS Unread Stub)
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {387E725D-DC16-4D76-B310-2C93ED4752A0} -> Groove XML Icon Handler
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {00020D75-0000-0000-C000-000000000046} -> Microsoft Outlook Desktop Icon Handler
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {0006F045-0000-0000-C000-000000000046} -> Microsoft Outlook Custom Icon Handler
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {358B5852-38EB-4549-9D8A-B90C9DCAD0DB} -> DMRC Shell Extension V2
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {CDC95B92-E27C-4745-A8C5-64A52A78855D} -> IDM Shell Extension
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {327669A0-59A7-4be9-B99E-1C9F3A57611A} -> Haali Matroska Thumbnail Exctractor

    ¤¤¤¤¤¤¤¤¤¤ BHO

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}] | (IDM integration (IDMIEHlprObj Class)) -> C:\Program Files\Internet Download Manager\IDMIECC.dll [09/06/2011|16:52:11]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] | (&Yahoo! Toolbar Helper) -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [28/07/2008|11:47:40]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0a452a47-c5a8-4854-a237-4b9b06b376f0}] | (Gossiper Toolbar) -> C:\Program Files\Gossiper\tbGoss.dll [06/10/2010|19:00:40]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] | (Adobe PDF Link Helper) -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [22/09/2010|18:04:14]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}] | (IEVkbdBHO Class) -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll [24/04/2011|23:13:06]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] | (Groove GFS Browser Helper) -> C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [25/03/2010|10:25:22]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}] | (TorrentMan Toolbar) -> C:\Program Files\TorrentMan\tbTorr.dll [28/09/2010|22:14:53]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] | (Windows Live ID Sign-in Helper) -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [21/09/2010|14:08:38]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] | (Office Document Cache Handler) -> C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [28/02/2010|02:20:14]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}] | (Messenger Plus Toolbar) -> C:\Program Files\Messenger_Plus\prxtbMess.dll [05/05/2011|16:04:41]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] | (LimeWire Toolbar) -> [?]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] | (Java(tm) Plug-In 2 SSV Helper) -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [30/09/2010|12:02:24]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}] | (FilterBHO Class) -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll [24/04/2011|23:13:12]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}] | (SingleInstance Class) -> C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [28/07/2008|11:47:42]

    ¤¤¤¤¤¤¤¤¤¤ ActiveX

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] | WMPACCESS -> Microsoft Windows Media Player
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] | IEACCESS -> Internet Explorer
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] | BRANDING.CAB -> Browser Customizations
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}] | JAVAVM -> Java (Sun)
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] | -> Microsoft Windows Media Player 12.0
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] | Theme Component -> Themes Setup
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2D46B6DC-2207-486B-B523-A557E6D54B47}] | ClearIconCache -> Internet Explorer
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}] | MobilePk -> Offline Browsing Pack
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] | MailNews -> Microsoft Windows
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}] | DirectDrawEx -> DirectDrawEx
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}] | HelpCont -> Internet Explorer Help
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}] | MSVBScript -> Microsoft Windows Script 5.6
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}] | GenSetup -> Internet Explorer Setup Tools
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}] | ExtraPack -> Browsing Enhancements
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] | Microsoft Windows Media Player -> Microsoft Windows Media Player
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}] | MSN_Auth -> MSN Site Access
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] | -> Address Book 7
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}] | .NETFramework -> .NET Framework
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7C665EAA-E544-C2DB-932E-7128F7DEAC0E}] | -> Microsoft Windows Media Player 12.0
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] | IE4_SHELLID -> Windows Desktop Update
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] | BASEIE40_W2K -> Web Platform Customizations
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] | DOTNETFRAMEWORKS ->
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}] | Tridata -> Dynamic HTML Data Binding
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}] | .NETFramework -> .NET Framework
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}] | Fontcore -> Internet Explorer Core Fonts
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}] | HTMLHelp -> HTML Help
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}] | Yahoo! Messenger ->
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}] | ADSI -> Active Directory Service Interface

    ¤¤¤¤¤¤¤¤¤¤ Winlogon

    [HKLM | Winlogon] | Shell : Explorer.exe
    [HKLM | Winlogon] | AutoRestartShell : 1
    [HKLM | Winlogon] | userinit : C:\Windows\system32\Userinit.exe,
    [HKLM | Winlogon] | PowerDownAfterShutdown : 1
    [HKLM | Winlogon] | System :
    [HKLM | Winlogon] | Taskman :

    ¤¤¤¤¤¤¤¤¤¤ Winlogon\Notify

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]

    ¤¤¤¤¤¤¤¤¤¤ Associations

    [.exe] : exefile
    [exefile | command] : "%1" %*
    [.com] : ComFile
    [comfile | command] : "%1" %*
    [.reg] : regfile
    [regfile | command] : regedit.exe "%1"
    [.scr] : scrfile
    [scrfile | command] : "%1" /S
    [.bat] : batfile
    [batfile | command] : "%1" %*
    [.cmd] : cmdfile
    [cmdfile | command] : "%1" %*
    [.pif] : piffile
    [piffile | command] : "%1" %*
    [.url] : InternetShortcut
    [InternetShortcut | command] : "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l
    [Application.Manifest | command] : rundll32.exe dfshim.dll,ShOpenVerbApplication %1
    [Application.Reference | command] : rundll32.exe dfshim.dll,ShOpenVerbShortcut %1|%2
    [Folder | command] : C:\Windows\explorer.exe

    ¤

    [Firefox | Command] | @ : "C:\Program Files\Mozilla Firefox\Firefox.exe"
    [Firefox - Safemode | Command] | @ : "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
    [IE | Command] | @ : "C:\Program Files\Internet Explorer\iexplore.exe"
    [Applications | IE | Command] | @ : "C:\Program Files\Internet Explorer\iexplore.exe" %1
    [Safari | Command] | @ : "C:\Program Files\Safari\Safari.exe"
    [Assoc | Applications] | @ : http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s

    ¤¤¤¤¤¤¤¤¤¤ Divers

    [HKLM | HideDesktopIcons\ClassicStartMenu] | {9343812e-1c37-4a49-a12e-4b2d810d956b} : 0
    [HKLM | HideDesktopIcons\NewStartPanel] | {F02C1A0D-BE21-4350-88B0-7367FC96EF3C} : 0
    [HKLM | HideDesktopIcons\NewStartPanel] | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 0
    [HKLM | HideDesktopIcons\NewStartPanel] | {208D2C60-3AEA-1069-A2D7-08002B30309D} : 0
    [HKLM | HideDesktopIcons\NewStartPanel] | {871C5380-42A0-1069-A2EA-08002B30309D} : 0
    [HKLM | HideDesktopIcons\NewStartPanel] | {5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0} : 0
    [HKLM | HideDesktopIcons\NewStartPanel] | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 0
    [HKLM | HideDesktopIcons\NewStartPanel] | {9343812e-1c37-4a49-a12e-4b2d810d956b} : 0
    [HKCU | Desktop] | Wallpaper : C:\Users\mzenasni\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    [HKCU | policies\Explorer] | NoDriveTypeAutoRun : 145
    [HKLM | policies\Explorer] | NoDriveTypeAutoRun : 145

    ¤¤¤¤¤¤¤¤¤¤ Services

    [Ndisuio] | Start : 3 : Actif
    [Power] | Start : 2 : Actif
    [Profsvc] | Start : 2 : Actif
    [PlugPlay] | Start : 2 : Actif
    [PEAUTH] | Start : 2 : Actif
    [Parvdm] | Start : 2 : Inactif
    [nsi] | Start : 2 : Actif
    [NLASvc] | Start : 2 : Actif
    [MPSsvc] | Start : 2 : Actif
    [MMCSS] | Start : 2 : Actif
    [luafv] | Start : 2 : Actif
    [lltdio] | Start : 2 : Actif
    [Iphlpsvc] | Start : 2 : Actif
    [IKEEXT] | Start : 2 : Actif
    [gpsvc] | Start : 2 : Actif
    [lmhosts] | Start : 2 : Actif
    [LanmanWorkstation] | Start : 2 : Actif
    [LanmanServer] | Start : 2 : Actif
    [agp440] | Start : 2 : Inactif
    [AudioEndpointBuilder] | Start : 2 : Actif
    [Audiosrv] | Start : 2 : Actif
    [BFE] | Start : 2 : Actif
    [Bits] | Start : 2 : Actif
    [CryptSvc] | Start : 2 : Actif
    [EapHost] | Start : 2 : Actif
    [Wlansvc] | Start : 2 : Actif
    [SharedAccess] | Start : 2 : Inactif
    [windefend] | Start : 2 : Actif
    [wuauserv] | Start : 2 : Actif
    [WerSvc] | Start : 2 : Actif
    [wscsvc] | Start : 2 : Actif

    ¤¤¤¤¤¤¤¤¤¤ Internet Explorer

    [HKCU | Main] | Start Page : https://www.google.com/?gws_rd=ssl
    [HKCU | Main] | Local Page : C:\Windows\system32\blank.htm
    [HKCU | Main] | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

    [HKLM | Main] | Start Page : https://www.msn.com/fr-fr/?ocid=iehp
    [HKLM | Main] | Local Page : -> C:\Windows\system32\blank.htm
    [HKLM | Main] | Default_Search_URL : https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    [HKLM | Main] | Default_Page_URL : https://www.msn.com/fr-fr/?ocid=iehp
    [HKLM | Main] | Search Page : https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

    ¤

    [HKCU | PhishingFilter] | Enabled : 2
    [HKCU | PhishingFilter] | EnabledV8 : 1
    [HKCU | Internet settings] | ProxyOverride : *.local
    [HKCU | Internet Settings] | MigrateProxy : 1
    [HKCU | Internet Settings] | WarnonBadCertRecving : 1
    [HKCU | Internet Settings] | WarnOnHTTPSToHTTPRedirect : 1
    [HKCU | Internet Settings] | WarnonZoneCrossing : 1
    [HKCU | Internet Settings] | AutoConfigProxy : 0

    ¤¤¤¤¤¤¤¤¤¤ DNS

    [HKLM\CCS | Tcpip\Parameters] | DhcpNameServer -> 10.5.1.17 10.5.1.11
    [HKLM\CCS | Interfaces\{F6F5B491-6657-4E50-A63E-E38CD9AA9F36}] | DhcpNameServer -> 10.5.1.17 10.5.1.11
    [HKLM\CS001 | Interfaces\{F6F5B491-6657-4E50-A63E-E38CD9AA9F36}] | DhcpNameServer -> 10.5.1.17 10.5.1.11
    [HKLM\CS002 | Interfaces\{F6F5B491-6657-4E50-A63E-E38CD9AA9F36}] | DhcpNameServer -> 10.5.1.17 10.5.1.11

    ¤¤¤¤¤¤¤¤¤¤ Hosts

    ¤¤¤¤¤¤¤¤¤¤ HKCU\Software

    [HKEY_CURRENT_USER\Software\AC3filter]
    [HKEY_CURRENT_USER\Software\Adobe]
    [HKEY_CURRENT_USER\Software\AMD]
    [HKEY_CURRENT_USER\Software\AppDataLow]
    [HKEY_CURRENT_USER\Software\Apple Computer, Inc.]
    [HKEY_CURRENT_USER\Software\Apple Inc.]
    [HKEY_CURRENT_USER\Software\ATI]
    [HKEY_CURRENT_USER\Software\Avfxaug]
    [HKEY_CURRENT_USER\Software\AVS4YOU]
    [HKEY_CURRENT_USER\Software\Awcfnakk]
    [HKEY_CURRENT_USER\Software\BenVista]
    [HKEY_CURRENT_USER\Software\BitComet]
    [HKEY_CURRENT_USER\Software\BitComet eMule plugin]
    [HKEY_CURRENT_USER\Software\BitComet Ultra Accelerator]
    [HKEY_CURRENT_USER\Software\BitLord]
    [HKEY_CURRENT_USER\Software\BSD]
    [HKEY_CURRENT_USER\Software\Caphyon]
    [HKEY_CURRENT_USER\Software\Clients]
    [HKEY_CURRENT_USER\Software\Convar]
    [HKEY_CURRENT_USER\Software\CoreVorbis]
    [HKEY_CURRENT_USER\Software\cybelsoft]
    [HKEY_CURRENT_USER\Software\Datastead]
    [HKEY_CURRENT_USER\Software\Debug]
    [HKEY_CURRENT_USER\Software\Digital River]
    [HKEY_CURRENT_USER\Software\DivXNetworks]
    [HKEY_CURRENT_USER\Software\DownloadManager]
    [HKEY_CURRENT_USER\Software\dskMetrics]
    [HKEY_CURRENT_USER\Software\DSS]
    [HKEY_CURRENT_USER\Software\DT Soft]
    [HKEY_CURRENT_USER\Software\EasyBits]
    [HKEY_CURRENT_USER\Software\EasyBoot Systems]
    [HKEY_CURRENT_USER\Software\EasySetup]
    [HKEY_CURRENT_USER\Software\Elecard]
    [HKEY_CURRENT_USER\Software\FileMaker]
    [HKEY_CURRENT_USER\Software\g3n-h@ckm@n]
    [HKEY_CURRENT_USER\Software\Gabest]
    [HKEY_CURRENT_USER\Software\GNU]
    [HKEY_CURRENT_USER\Software\Google]
    [HKEY_CURRENT_USER\Software\GSpot Appliance Corp]
    [HKEY_CURRENT_USER\Software\Haali]
    [HKEY_CURRENT_USER\Software\HariSoft]
    [HKEY_CURRENT_USER\Software\Hewlett-Packard]
    [HKEY_CURRENT_USER\Software\IM Providers]
    [HKEY_CURRENT_USER\Software\ImTOO]
    [HKEY_CURRENT_USER\Software\Intel]
    [HKEY_CURRENT_USER\Software\iXi Tools]
    [HKEY_CURRENT_USER\Software\JavaSoft]
    [HKEY_CURRENT_USER\Software\KasperskyLab]
    [HKEY_CURRENT_USER\Software\KillBox]
    [HKEY_CURRENT_USER\Software\Kitoy Kim]
    [HKEY_CURRENT_USER\Software\kNok]
    [HKEY_CURRENT_USER\Software\Leadertech]
    [HKEY_CURRENT_USER\Software\LightScribe]
    [HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications]
    [HKEY_CURRENT_USER\Software\Macromedia]
    [HKEY_CURRENT_USER\Software\madFlac]
    [HKEY_CURRENT_USER\Software\MagicISO]
    [HKEY_CURRENT_USER\Software\Magix]
    [HKEY_CURRENT_USER\Software\MAGIX AG]
    [HKEY_CURRENT_USER\Software\Magnet]
    [HKEY_CURRENT_USER\Software\MainConcept]
    [HKEY_CURRENT_USER\Software\MainConcept (Adobe2)]
    [HKEY_CURRENT_USER\Software\Malwarebytes' Anti-Malware]
    [HKEY_CURRENT_USER\Software\MediaTek]
    [HKEY_CURRENT_USER\Software\Microsoft]
    [HKEY_CURRENT_USER\Software\Minnetonka Audio Software]
    [HKEY_CURRENT_USER\Software\Move Media Player]
    [HKEY_CURRENT_USER\Software\MoveNetworks]
    [HKEY_CURRENT_USER\Software\Mozilla]
    [HKEY_CURRENT_USER\Software\MozillaPlugins]
    [HKEY_CURRENT_USER\Software\MyHeritage.com]
    [HKEY_CURRENT_USER\Software\Nero]
    [HKEY_CURRENT_USER\Software\Netscape]
    [HKEY_CURRENT_USER\Software\Nokia]
    [HKEY_CURRENT_USER\Software\Nokia Mobile Phones]
    [HKEY_CURRENT_USER\Software\NokiaTool]
    [HKEY_CURRENT_USER\Software\NVIDIA Corporation]
    [HKEY_CURRENT_USER\Software\ODBC]
    [HKEY_CURRENT_USER\Software\ooefxzbc]
    [HKEY_CURRENT_USER\Software\ORACLE]
    [HKEY_CURRENT_USER\Software\Pinnacle Systems]
    [HKEY_CURRENT_USER\Software\Piriform]
    [HKEY_CURRENT_USER\Software\Policies]
    [HKEY_CURRENT_USER\Software\PowerISO]
    [HKEY_CURRENT_USER\Software\Random's]
    [HKEY_CURRENT_USER\Software\RealNetworks]
    [HKEY_CURRENT_USER\Software\Roxio]
    [HKEY_CURRENT_USER\Software\SafeSoft]
    [HKEY_CURRENT_USER\Software\Scalable]
    [HKEY_CURRENT_USER\Software\SecureMedia]
    [HKEY_CURRENT_USER\Software\SereneScreen]
    [HKEY_CURRENT_USER\Software\Siber Systems]
    [HKEY_CURRENT_USER\Software\Skype]
    [HKEY_CURRENT_USER\Software\Smart Projects]
    [HKEY_CURRENT_USER\Software\Softonic]
    [HKEY_CURRENT_USER\Software\SpeedBit]
    [HKEY_CURRENT_USER\Software\Stardock]
    [HKEY_CURRENT_USER\Software\SubSystems]
    [HKEY_CURRENT_USER\Software\SWiSHzone.com]
    [HKEY_CURRENT_USER\Software\Sysinternals]
    [HKEY_CURRENT_USER\Software\Trolltech]
    [HKEY_CURRENT_USER\Software\tvp]
    [HKEY_CURRENT_USER\Software\UniqueSW]
    [HKEY_CURRENT_USER\Software\Uniscope]
    [HKEY_CURRENT_USER\Software\Usbfix]
    [HKEY_CURRENT_USER\Software\VB and VBA Program Settings]
    [HKEY_CURRENT_USER\Software\VOB]
    [HKEY_CURRENT_USER\Software\Windows 7 - Codec Pack]
    [HKEY_CURRENT_USER\Software\WinRAR]
    [HKEY_CURRENT_USER\Software\WinRAR SFX]
    [HKEY_CURRENT_USER\Software\Yahoo]
    [HKEY_CURRENT_USER\Software\Yamicsoft]
    [HKEY_CURRENT_USER\Software\Yuna Software]
    [HKEY_CURRENT_USER\Software\Classes]

    ¤¤¤¤¤¤¤¤¤¤ HKLM\Software

    [HKEY_LOCAL_MACHINE\Software\685D6D1C-D73A-4F37-B7E5E53660311DDB]
    [HKEY_LOCAL_MACHINE\Software\Adobe]
    [HKEY_LOCAL_MACHINE\Software\AGEIA Technologies]
    [HKEY_LOCAL_MACHINE\Software\AMD]
    [HKEY_LOCAL_MACHINE\Software\AppDataLow]
    [HKEY_LOCAL_MACHINE\Software\Apple Computer, Inc.]
    [HKEY_LOCAL_MACHINE\Software\Apple Inc.]
    [HKEY_LOCAL_MACHINE\Software\ATI]
    [HKEY_LOCAL_MACHINE\Software\ATI Technologies]
    [HKEY_LOCAL_MACHINE\Software\AVS4YOU]
    [HKEY_LOCAL_MACHINE\Software\Bitcomet Ultra Accelerator]
    [HKEY_LOCAL_MACHINE\Software\BrowserChoice]
    [HKEY_LOCAL_MACHINE\Software\BSD]
    [HKEY_LOCAL_MACHINE\Software\Classes]
    [HKEY_LOCAL_MACHINE\Software\Clients]
    [HKEY_LOCAL_MACHINE\Software\CrazyLoader]
    [HKEY_LOCAL_MACHINE\Software\cybelsoft]
    [HKEY_LOCAL_MACHINE\Software\D-Unlocker]
    [HKEY_LOCAL_MACHINE\Software\DameWare Development]
    [HKEY_LOCAL_MACHINE\Software\DICE]
    [HKEY_LOCAL_MACHINE\Software\Digital River]
    [HKEY_LOCAL_MACHINE\Software\Distributed Computing Technologies, Inc.]
    [HKEY_LOCAL_MACHINE\Software\DivX]
    [HKEY_LOCAL_MACHINE\Software\DivXNetworks]
    [HKEY_LOCAL_MACHINE\Software\DoesNotExist]
    [HKEY_LOCAL_MACHINE\Software\DT Soft]
    [HKEY_LOCAL_MACHINE\Software\EasyBoot Systems]
    [HKEY_LOCAL_MACHINE\Software\Electronic Arts]
    [HKEY_LOCAL_MACHINE\Software\FAST Multimedia]
    [HKEY_LOCAL_MACHINE\Software\FileMaker]
    [HKEY_LOCAL_MACHINE\Software\FVDCNV]
    [HKEY_LOCAL_MACHINE\Software\GEAR Software]
    [HKEY_LOCAL_MACHINE\Software\Global IP Solutions]
    [HKEY_LOCAL_MACHINE\Software\GNU]
    [HKEY_LOCAL_MACHINE\Software\Godlike Developers]
    [HKEY_LOCAL_MACHINE\Software\Google]
    [HKEY_LOCAL_MACHINE\Software\Gossiper]
    [HKEY_LOCAL_MACHINE\Software\HaaliMkx]
    [HKEY_LOCAL_MACHINE\Software\Hewlett-Packard]
    [HKEY_LOCAL_MACHINE\Software\Hewlett-Packard Company]
    [HKEY_LOCAL_MACHINE\Software\Imagineer Systems Ltd]
    [HKEY_LOCAL_MACHINE\Software\InstallShield]
    [HKEY_LOCAL_MACHINE\Software\Intel]
    [HKEY_LOCAL_MACHINE\Software\Internet Download Manager]
    [HKEY_LOCAL_MACHINE\Software\iTinySoft]
    [HKEY_LOCAL_MACHINE\Software\JavaSoft]
    [HKEY_LOCAL_MACHINE\Software\JDownloader]
    [HKEY_LOCAL_MACHINE\Software\JreMetrics]
    [HKEY_LOCAL_MACHINE\Software\KasperskyLab]
    [HKEY_LOCAL_MACHINE\Software\Khronos]
    [HKEY_LOCAL_MACHINE\Software\Licenses]
    [HKEY_LOCAL_MACHINE\Software\Lidan]
    [HKEY_LOCAL_MACHINE\Software\Macromedia]
    [HKEY_LOCAL_MACHINE\Software\Macrovision]
    [HKEY_LOCAL_MACHINE\Software\MagicISO]
    [HKEY_LOCAL_MACHINE\Software\MAGIX]
    [HKEY_LOCAL_MACHINE\Software\Malwarebytes' Anti-Malware]
    [HKEY_LOCAL_MACHINE\Software\MediaGet]
    [HKEY_LOCAL_MACHINE\Software\Messenger_Plus]
    [HKEY_LOCAL_MACHINE\Software\Microsoft]
    [HKEY_LOCAL_MACHINE\Software\MimarSinan]
    [HKEY_LOCAL_MACHINE\Software\Minnetonka Audio Software]
    [HKEY_LOCAL_MACHINE\Software\Mozilla]
    [HKEY_LOCAL_MACHINE\Software\mozilla.org]
    [HKEY_LOCAL_MACHINE\Software\MozillaPlugins]
    [HKEY_LOCAL_MACHINE\Software\MyHeritage.com]
    [HKEY_LOCAL_MACHINE\Software\Nero]
    [HKEY_LOCAL_MACHINE\Software\Nokia]
    [HKEY_LOCAL_MACHINE\Software\Nokia Mobile Phones]
    [HKEY_LOCAL_MACHINE\Software\ODBC]
    [HKEY_LOCAL_MACHINE\Software\OMSI]
    [HKEY_LOCAL_MACHINE\Software\ORACLE]
    [HKEY_LOCAL_MACHINE\Software\PC Connectivity Solution]
    [HKEY_LOCAL_MACHINE\Software\PCSuite]
    [HKEY_LOCAL_MACHINE\Software\Pegasus Imaging]
    [HKEY_LOCAL_MACHINE\Software\PegasusImaging]
    [HKEY_LOCAL_MACHINE\Software\Pinnacle Systems]
    [HKEY_LOCAL_MACHINE\Software\Piriform]
    [HKEY_LOCAL_MACHINE\Software\PixArt]
    [HKEY_LOCAL_MACHINE\Software\Policies]
    [HKEY_LOCAL_MACHINE\Software\PowerISO]
    [HKEY_LOCAL_MACHINE\Software\Prolific Technology INC]
    [HKEY_LOCAL_MACHINE\Software\RealNetworks]
    [HKEY_LOCAL_MACHINE\Software\RegisteredApplications]
    [HKEY_LOCAL_MACHINE\Software\RichFX]
    [HKEY_LOCAL_MACHINE\Software\Roxio]
    [HKEY_LOCAL_MACHINE\Software\S3R521]
    [HKEY_LOCAL_MACHINE\Software\SenBit]
    [HKEY_LOCAL_MACHINE\Software\SereneScreen]
    [HKEY_LOCAL_MACHINE\Software\ShuangSoft]
    [HKEY_LOCAL_MACHINE\Software\Siber Systems]
    [HKEY_LOCAL_MACHINE\Software\SigMa Chip]
    [HKEY_LOCAL_MACHINE\Software\Skype]
    [HKEY_LOCAL_MACHINE\Software\Sonic]
    [HKEY_LOCAL_MACHINE\Software\SpeedBit]
    [HKEY_LOCAL_MACHINE\Software\Swearware]
    [HKEY_LOCAL_MACHINE\Software\Synthetic Aperture]
    [HKEY_LOCAL_MACHINE\Software\TorrentMan]
    [HKEY_LOCAL_MACHINE\Software\TrendMicro]
    [HKEY_LOCAL_MACHINE\Software\Unlock Codes Calculator v1.1 (by Crux)]
    [HKEY_LOCAL_MACHINE\Software\VideoLAN]
    [HKEY_LOCAL_MACHINE\Software\Volatile]
    [HKEY_LOCAL_MACHINE\Software\WinISO]
    [HKEY_LOCAL_MACHINE\Software\WinRAR]
    [HKEY_LOCAL_MACHINE\Software\WombatUpdater]
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node]
    [HKEY_LOCAL_MACHINE\Software\Xara]
    [HKEY_LOCAL_MACHINE\Software\Xing Technology Corp.]
    [HKEY_LOCAL_MACHINE\Software\Yahoo]
    [HKEY_LOCAL_MACHINE\Software\Yuna Software]
    [HKEY_LOCAL_MACHINE\Software\Z3X]

    ¤¤¤¤¤¤¤¤¤¤ Processus

    C:\Users\mzenasni\AppData\Local\MediaGet2\mediaget.exe -> Processus stoppé

    ¤¤¤¤¤¤¤¤¤¤ Traitement Fichiers | Dossiers | Registre

    Mise en quarantaine : C:\$Recycle.bin\S-1-5-21-3028403037-2726206162-3131094494-1650\desktop.ini
    Erreur de suppression : C:\Users\mzenasni\AppData\Local\Symbian-Toys.com
    Clé Supprimée : [HKLM | Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar]
    Erreur de suppression : C:\Windows\Temp\klsD182.tmp
    Erreur de suppression : C:\Windows\Temp\klsD182.tmp
    Mise en quarantaine : C:\Users\mzenasni\AppData\Local\Temp\TFR625F.tmp
    Mise en quarantaine : C:\Users\mzenasni\AppData\Local\Temp\TFREB61.tmp

    ¤¤¤¤¤¤¤¤¤¤ IFEO

    ¤¤¤¤¤¤¤¤¤¤ Mountpoints2

    ¤¤¤¤¤¤¤¤¤¤ %StartMenu%

    [14/07/2009|05:46:35] | C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
    [14/07/2009|05:37:43] | C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
    [15/10/2010|10:47:53] | C:\ProgramData\Microsoft\Windows\Start Menu\My 7 Optimizer
    [28/09/2010|19:19:21] | C:\ProgramData\Microsoft\Windows\Start Menu\Programmes
    [14/07/2009|03:37:05] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs
    [14/07/2009|05:37:43] | C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk

    ¤¤¤¤¤¤¤¤¤¤ %StartMenu%\Programs

    [14/07/2009|03:37:05] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
    [14/07/2009|05:52:30] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    [15/01/2011|11:12:23] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CS4.lnk
    [15/01/2011|11:10:28] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS4.lnk
    [10/12/2010|15:45:32] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS3.lnk
    [15/01/2011|11:08:25] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS4.lnk
    [10/12/2010|15:45:42] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
    [15/01/2011|11:06:37] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS4.lnk
    [15/01/2011|11:06:54] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS4.lnk
    [15/01/2011|11:10:00] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CS4.lnk
    [15/01/2011|11:09:36] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Pixel Bender Toolkit.lnk
    [10/12/2010|15:47:41] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro CS3.lnk
    [16/10/2010|09:32:18] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
    [03/02/2011|12:49:36] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Allok 3GP PSP MP4 iPod Video Converter
    [02/11/2010|10:00:37] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Any Media to MP3 Converter
    [02/03/2011|15:00:37] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATI Stream SDK v2
    [28/09/2010|22:05:57] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitLord
    [02/03/2011|15:00:32] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
    [15/06/2011|20:29:49] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [30/06/2011|22:24:10] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chaos Shredder
    [16/05/2011|15:18:56] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\chat-land
    [14/07/2009|05:41:57] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
    [16/01/2011|11:53:01] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ethereal
    [14/07/2009|05:52:30] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    [29/01/2011|15:47:18] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hewlett-Packard Company
    [30/06/2011|17:17:03] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
    [21/06/2011|21:05:14] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
    [16/06/2011|08:41:04] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012
    [02/03/2011|11:48:15] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ma-config.com
    [29/09/2010|17:33:27] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
    [02/03/2011|09:55:21] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
    [14/07/2009|03:37:05] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
    [21/06/2011|21:02:05] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [18/04/9999|04:20:24] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
    [21/06/2011|15:43:33] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaGet2
    [05/05/2011|17:50:57] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
    [09/02/2011|09:59:29] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    [03/03/2011|09:22:23] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SOAP Toolkit Version 3
    [15/01/2011|11:10:46] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mocha for After Effects CS4.lnk
    [13/05/2011|09:16:58] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [15/01/2011|15:28:25] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
    [30/06/2011|22:42:15] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NoClone
    [09/03/2011|19:30:42] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
    [20/03/2011|17:53:19] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia PC Suite
    [09/03/2011|14:24:49] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NokiaFREE Calculator
    [13/03/2011|22:02:27] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NSS
    [13/01/2011|12:33:26] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    [17/06/2011|19:49:49] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phoenix
    [04/03/2011|10:07:49] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle Studio 14
    [06/02/2011|14:40:53] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
    [07/03/2011|21:08:07] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [30/01/2011|08:38:54] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
    [30/01/2011|08:38:54] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealPlayer.lnk
    [25/06/2011|14:38:23] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
    [20/12/2010|14:33:31] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SereneScreen
    [05/05/2011|17:50:57] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
    [26/06/2011|22:57:30] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shark007 Codecs
    [14/07/2009|05:42:29] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
    [20/06/2011|06:38:41] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [14/01/2011|12:56:34] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Projects
    [14/07/2009|03:37:05] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
    [05/02/2011|10:51:51] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Video Converter
    [04/03/2011|09:47:50] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO
    [13/03/2011|22:18:13] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Universal Simlock Remover
    [12/10/2010|15:05:23] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB Disk Security
    [29/09/2010|15:54:02] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UsbFix
    [27/06/2011|22:02:22] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    [26/06/2011|22:44:00] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 - Codec Pack
    [18/04/9999|04:20:16] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
    [14/07/2009|05:42:24] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
    [25/03/2011|13:26:45] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
    [25/03/2011|15:09:36] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
    [25/03/2011|14:21:39] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
    [14/07/2009|05:46:36] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    [07/02/2011|08:40:14] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinISO
    [16/01/2011|16:01:34] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
    [28/09/2010|22:24:20] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinTools Software
    [14/07/2009|05:42:30] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
    [27/03/2011|08:51:30] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
    [28/09/2010|22:25:17] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Uninstaller 2010

    ¤¤¤¤¤¤¤¤¤¤ %StartMenu%\Programs\Startup

    [22/01/2011|14:55:05] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\tracker.html

    ¤¤¤¤¤¤¤¤¤¤ %AppData%

    [29/09/2010|10:47:02] | C:\Users\mzenasni\AppData\Roaming\Adobe
    [07/03/2011|21:09:39] | C:\Users\mzenasni\AppData\Roaming\Apple Computer
    [02/03/2011|15:01:41] | C:\Users\mzenasni\AppData\Roaming\ATI
    [26/06/2011|14:04:52] | C:\Users\mzenasni\AppData\Roaming\AVS4YOU
    [06/10/2010|19:01:19] | C:\Users\mzenasni\AppData\Roaming\BitComet
    [06/10/2010|18:44:57] | C:\Users\mzenasni\AppData\Roaming\BitComet Turbo
    [06/10/2010|18:49:57] | C:\Users\mzenasni\AppData\Roaming\BitTorrent
    [20/03/2011|15:42:22] | C:\Users\mzenasni\AppData\Roaming\BSD
    [14/01/2011|13:10:25] | C:\Users\mzenasni\AppData\Roaming\DAEMON Tools Pro
    [27/06/2011|08:56:49] | C:\Users\mzenasni\AppData\Roaming\DivX
    [30/09/2010|10:01:55] | C:\Users\mzenasni\AppData\Roaming\DMCache
    [20/10/2010|17:09:01] | C:\Users\mzenasni\AppData\Roaming\dvdcss
    [24/01/2011|21:17:39] | C:\Users\mzenasni\AppData\Roaming\FileMaker
    [24/01/2011|21:28:48] | C:\Users\mzenasni\AppData\Roaming\FileMaker Pro Advanced
    [29/09/2010|10:12:16] | C:\Users\mzenasni\AppData\Roaming\Godlike
    [21/06/2011|21:29:15] | C:\Users\mzenasni\AppData\Roaming\HTML Executable
    [29/09/2010|10:05:22] | C:\Users\mzenasni\AppData\Roaming\Identities
    [21/06/2011|21:05:18] | C:\Users\mzenasni\AppData\Roaming\IDM
    [19/01/2011|10:36:56] | C:\Users\mzenasni\AppData\Roaming\InstallShield
    [28/06/2011|16:51:55] | C:\Users\mzenasni\AppData\Roaming\kkl
    [24/01/2011|21:18:11] | C:\Users\mzenasni\AppData\Roaming\Leadertech
    [29/09/2010|10:50:37] | C:\Users\mzenasni\AppData\Roaming\Macromedia
    [01/03/2011|20:13:34] | C:\Users\mzenasni\AppData\Roaming\MAGIX
    [09/10/2010|10:56:14] | C:\Users\mzenasni\AppData\Roaming\Malwarebytes
    [29/09/2010|10:05:16] | C:\Users\mzenasni\AppData\Roaming\Media Center Programs
    [20/04/2011|16:13:27] | C:\Users\mzenasni\AppData\Roaming\Media Get LLC
    [29/09/2010|10:05:16] | C:\Users\mzenasni\AppData\Roaming\Microsoft
    [05/12/2010|10:25:45] | C:\Users\mzenasni\AppData\Roaming\Mipony
    [10/03/2011|15:12:21] | C:\Users\mzenasni\AppData\Roaming\moovida-1
    [30/01/2011|11:32:07] | C:\Users\mzenasni\AppData\Roaming\Move Networks
    [06/02/2011|09:46:40] | C:\Users\mzenasni\AppData\Roaming\Mozilla
    [15/01/2011|15:34:20] | C:\Users\mzenasni\AppData\Roaming\Nero
    [05/03/2011|17:33:14] | C:\Users\mzenasni\AppData\Roaming\Nokia
    [18/06/2011|22:13:19] | C:\Users\mzenasni\AppData\Roaming\Nokia Ovi Suite
    [16/06/2011|19:29:07] | C:\Users\mzenasni\AppData\Roaming\OfficeRecovery
    [16/06/2011|19:29:07] | C:\Users\mzenasni\AppData\Roaming\OfficeRecovery.3e584593
    [04/03/2011|21:24:26] | C:\Users\mzenasni\AppData\Roaming\PC Suite
    [13/01/2011|12:46:14] | C:\Users\mzenasni\AppData\Roaming\PnkBstrK.sys
    [23/01/2011|14:46:18] | C:\Users\mzenasni\AppData\Roaming\RapidGet
    [30/01/2011|08:38:17] | C:\Users\mzenasni\AppData\Roaming\Real
    [29/09/2010|17:29:55] | C:\Users\mzenasni\AppData\Roaming\Roxio
    [13/05/2011|22:17:31] | C:\Users\mzenasni\AppData\Roaming\Samsung
    [29/09/2010|16:51:34] | C:\Users\mzenasni\AppData\Roaming\Skype
    [29/09/2010|16:52:33] | C:\Users\mzenasni\AppData\Roaming\skypePM
    [30/09/2010|08:33:40] | C:\Users\mzenasni\AppData\Roaming\URSoft
    [30/09/2010|08:24:35] | C:\Users\mzenasni\AppData\Roaming\ViGlance
    [30/09/2010|12:02:52] | C:\Users\mzenasni\AppData\Roaming\VitySoft
    [29/09/2010|15:14:11] | C:\Users\mzenasni\AppData\Roaming\vlc
    [26/06/2011|22:57:06] | C:\Users\mzenasni\AppData\Roaming\Win7codecs
    [05/02/2011|08:48:56] | C:\Users\mzenasni\AppData\Roaming\WinAVI
    [13/03/2011|21:16:33] | C:\Users\mzenasni\AppData\Roaming\WinBatch
    [29/09/2010|17:28:34] | C:\Users\mzenasni\AppData\Roaming\WinRAR
    [02/02/2011|18:12:07] | C:\Users\mzenasni\AppData\Roaming\Xilisoft Corporation
    [29/09/2010|15:47:35] | C:\Users\mzenasni\AppData\Roaming\Yahoo!

    ¤¤¤¤¤¤¤¤¤¤ %CommonAppData%

    [28/09/2010|20:31:23] | C:\ProgramData\Adobe
    [24/01/2011|21:20:51] | C:\ProgramData\Apple
    [07/03/2011|21:07:58] | C:\ProgramData\Apple Computer
    [14/07/2009|05:53:55] | C:\ProgramData\Application Data
    [02/03/2011|15:01:41] | C:\ProgramData\ATI
    [26/06/2011|14:04:53] | C:\ProgramData\AVS4YOU
    [16/01/2011|15:43:17] | C:\ProgramData\DragToDiscUserNameE.txt
    [01/10/2010|09:33:04] | C:\ProgramData\Kaspersky Lab
    [02/03/2011|11:48:15] | C:\ProgramData\ma-config.com
    [01/03/2011|20:10:53] | C:\ProgramData\MAGIX
    [09/10/2010|10:56:10] | C:\ProgramData\Malwarebytes
    [21/06/2011|15:43:30] | C:\ProgramData\Media Get LLC
    [28/09/2010|19:19:21] | C:\ProgramData\Menu Démarrer
    [05/05/2011|15:37:20] | C:\ProgramData\Messenger Plus!
    [14/07/2009|03:37:05] | C:\ProgramData\Microsoft
    [29/09/2010|17:57:36] | C:\ProgramData\Microsoft Help
    [28/09/2010|19:19:21] | C:\ProgramData\Modèles
    [15/01/2011|15:29:05] | C:\ProgramData\Nero
    [06/02/2011|09:06:14] | C:\ProgramData\Nokia
    [04/03/2011|21:21:12] | C:\ProgramData\NokiaInstallerCache
    [29/09/2010|10:04:39] | C:\ProgramData\ntuser.pol
    [02/10/2010|17:49:35] | C:\ProgramData\Office Genuine Advantage
    [04/03/2011|21:24:39] | C:\ProgramData\PC Suite
    [04/03/2011|09:52:08] | C:\ProgramData\Pinnacle
    [04/03/2011|10:03:50] | C:\ProgramData\Pinnacle Studio Plus
    [04/03/2011|10:09:33] | C:\ProgramData\Pinnacle Studio Ultimate Collection
    [28/09/2010|22:16:59] | C:\ProgramData\Skype
    [14/07/2009|05:53:55] | C:\ProgramData\Start Menu
    [04/03/2011|10:03:50] | C:\ProgramData\Studio 14
    [26/06/2011|22:55:42] | C:\ProgramData\Win7codecs
    [27/03/2011|08:51:29] | C:\ProgramData\Yahoo!
    [29/09/2010|15:47:35] | C:\ProgramData\Yahoo! Companion
    [13/06/2011|15:03:40] | C:\ProgramData\{0ACE0403-C75D-488C-A403-7A57E9848B62}
    [07/03/2011|21:08:54] | C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [06/03/2011|10:42:10] | C:\ProgramData\{4439F0FD-AFAF-434D-86E2-DEB14A9C58AC}

    ¤¤¤¤¤¤¤¤¤¤ %LocalAppData%

    [29/09/2010|10:05:16] | C:\Users\mzenasni\AppData\Local\Application Data
    [30/09/2010|09:47:31] | C:\Users\mzenasni\AppData\Local\Apps
    [02/03/2011|15:01:41] | C:\Users\mzenasni\AppData\Local\ATI
    [16/10/2010|15:15:15] | C:\Users\mzenasni\AppData\Local\crazyloader Air
    [16/10/2010|15:38:54] | C:\Users\mzenasni\AppData\Local\Dan2010
    [02/11/2010|10:03:41] | C:\Users\mzenasni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [29/09/2010|15:02:38] | C:\Users\mzenasni\AppData\Local\Diagnostics
    [04/03/2011|10:10:14] | C:\Users\mzenasni\AppData\Local\Downloaded Installations
    [07/10/2010|09:36:40] | C:\Users\mzenasni\AppData\Local\eMule
    [15/03/2011|14:41:23] | C:\Users\mzenasni\AppData\Local\FastestTube
    [24/01/2011|21:27:37] | C:\Users\mzenasni\AppData\Local\FileMaker
    [29/04/2011|20:21:19] | C:\Users\mzenasni\AppData\Local\FileServe Manager
    [29/09/2010|10:08:24] | C:\Users\mzenasni\AppData\Local\GDIPFONTCACHEV1.DAT
    [09/10/2010|14:18:36] | C:\Users\mzenasni\AppData\Local\Google
    [29/09/2010|10:05:16] | C:\Users\mzenasni\AppData\Local\Historique
    [29/06/2011|20:20:48] | C:\Users\mzenasni\AppData\Local\IconCache.db
    [20/04/2011|16:13:27] | C:\Users\mzenasni\AppData\Local\Media Get LLC
    [20/04/2011|16:13:22] | C:\Users\mzenasni\AppData\Local\MediaGet2
    [29/09/2010|10:05:16] | C:\Users\mzenasni\AppData\Local\Microsoft
    [29/09/2010|15:58:50] | C:\Users\mzenasni\AppData\Local\Microsoft Games
    [29/09/2010|17:57:37] | C:\Users\mzenasni\AppData\Local\Microsoft Help
    [11/10/2010|16:14:22] | C:\U
    0
  17. zenasmus Messages postés 91 Statut Membre
     
    svp mesieurs aidez moi. ce virus me bouffe tout l'espace disque dur
    0
  18. g3n-h@ckm@n
     
    tu ne fais pas ce que je demande

    je t'ai dit que le fichier que tu avais analysé sur virus total n'avait pas le nom qui correspond à ce que je t'ai demandé d'analyser alors il est inutile d'envoyer 50 scans de pre_scan ca changera rien
    0
  • 1
  • 2
  • 3