Sujet Précédent Sujet Suivant

Pc-infecté

Fermé
zenasmus Messages postés 86 Date d'inscription mardi 10 juin 2008 Statut Membre Dernière intervention 11 novembre 2015 - 30 juin 2011 à 18:26
zenasmus Messages postés 86 Date d'inscription mardi 10 juin 2008 Statut Membre Dernière intervention 11 novembre 2015 - 3 juil. 2011 à 23:43
Bonjour,

je pense que mon pc à un probleme que ni kaspersky ni malwarebytes ni usbfixe n'a resoud ce probleme aidez moi svp merci ci-joint rapport hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:17:19, on 30/06/2011
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\dwrcs\DWRCST.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\mzenasni\AppData\Local\MediaGet2\mediaget.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
C:\Windows\system32\DllHost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\explorer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.5.32.3:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.175.0.38;10.5.1.27;10.5.1.15;10.175.12.255;10.175.2.23;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Gossiper Toolbar - {0a452a47-c5a8-4854-a237-4b9b06b376f0} - C:\Program Files\Gossiper\tbGoss.dll
R3 - URLSearchHook: Messenger Plus Toolbar - {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - C:\Program Files\Messenger_Plus\prxtbMess.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Gossiper Toolbar - {0a452a47-c5a8-4854-a237-4b9b06b376f0} - C:\Program Files\Gossiper\tbGoss.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTorr.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Messenger Plus - {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - C:\Program Files\Messenger_Plus\prxtbMess.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTorr.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Gossiper Toolbar - {0a452a47-c5a8-4854-a237-4b9b06b376f0} - C:\Program Files\Gossiper\tbGoss.dll
O3 - Toolbar: Messenger Plus Toolbar - {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - C:\Program Files\Messenger_Plus\prxtbMess.dll
O3 - Toolbar: LimeWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [DameWare MRC Agent] C:\Windows\dwrcs\DWRCST.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MediaGet2] C:\Users\mzenasni\AppData\Local\MediaGet2\mediaget.exe --minimized
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - Startup: Microsoft SharePoint Workspace.lnk = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
O4 - Global Startup: tracker.html
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Ajouter à l'Anti-bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Télécharger avec Mipony - file://C:\Program Files\MiPony\Browser\IEContext.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = shdpina.local
O17 - HKLM\Software\..\Telephony: DomainName = shdpina.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = shdpina.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = shdpina.local
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DameWare Mini Remote Control (dwmrcs) - DameWare Development LLC - C:\Windows\dwrcs\DWRCS.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) PROSet Monitoring Service - Intel Corporation - C:\Windows\system32\IProsetMonitor.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
A voir également:

51 réponses

Réponse 1 / 51
Utilisateur anonyme
Modifié par g3n-h@ckm@n le 30/06/2011 à 18:38
salut on ne fait pas installer avast alors que l'internaute a déjà Kaspersky c'est inutile
¤¤¤¤¤¤¤¤¤¤_g3n-h@ckm@n_developpement_¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤_Pre_scan_¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
3
Réponse 2 / 51
Utilisateur anonyme
30 juin 2011 à 18:30
salut

desactive ton antivirus
desactive Windows defender si présent
desactive ton pare-feu

Ferme toutes tes appilications en cours

telecharge et enregistre ceci sur ton bureau :

Pre_Scan

mirroir :

http://www.archive-host.com

s'il n'est pas sur ton bureau coupe-le de ton dossier telechargements et colle-le sur ton bureau

Avertissement: Il y aura une extinction courte du bureau --> pas de panique.

une fois telechargé lance-le , laisse faire le scan jusqu'à l'apparition de "Pre_scan.txt" sur le bureau.

si 'outil est bloqué par l'infection utilise cette version : Version .pif

si l'outil detecte un proxy et que tu n'en as pas installé clique sur "supprimer le proxy"

si l'outil semble ne pas avoir fonctionné renomme-le winlogon , ou change son extension en .com ou .scr

Il se peut qu'une multitude de fenêtres noires clignotent , laisse-le travailler

Poste Pre_Scan.txt qui apparaitra sur le bureau en fin de scan

▶▶▶ NE LE POSTE PAS SUR LE FORUM (il est trop long)

clique sur ce lien : http://www.cijoint.fr/

▶ Clique sur Parcourir et cherche le fichier ci-dessus.

▶ Clique sur Ouvrir.

▶ Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

est ajouté dans la page.

▶ Copie ce lien dans ta réponse.
3
Réponse 3 / 51
Utilisateur anonyme
1 juil. 2011 à 19:37
ne fais que ce que je te demande et n'ecoute pas les conseils des autres sauf si j'approuve


▶ Télécharge ici : Ad-remover sur ton bureau :


▶ Déconnecte toi et ferme toutes applications en cours !

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."

▶ sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .

▶ clique le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .

▶ Au menu principal choisis "option Nettoyer" et tape sur [entrée] .

▶ Laisse travailler l'outil et ne touche à rien ...

▶ Poste le rapport qui apparait à la fin , sur le forum ...

( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

2
Réponse 4 / 51
Utilisateur anonyme
1 juil. 2011 à 15:44
https://forums.commentcamarche.net/forum/affich-22512133-pc-infecte?full#7
1

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 51
Utilisateur anonyme
1 juil. 2011 à 17:23
n'utilise pas les outils sans que je te le demande

desinstalle tout ce qui contient le mot toolbar

===============================

tu fais n importe quoi avec ton ordinateur

===============================

plutot que de cracker Micrososft office , tu peux utiliser open office qui lui est gratuit

===========================


fais glisser n'importe quel fichier sur Pre_scan , pre_script va apparaitre

si ce n'est le cas , télécharge-le ici :

http://dl.dropbox.com/u/21363431/Pre_Script.exe

ouvre Pre_script et colle ce qui suit en gras, à l'interieur du texte qui s'ouvre ,
sans les lignes , en une seule fois en le mettant en surbrillance :
___________________________________________________
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MediaGet2"=-
"IDMan"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
"Adobe Reader Speed Launcher"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"=-
"{0a452a47-c5a8-4854-a237-4b9b06b376f0}"=-
"{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}"=-
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_CURRENT_USER\Software\Avfxaug]
[-HKEY_CURRENT_USER\Software\Awcfnakk]
[-HKEY_CURRENT_USER\Software\BitLord]
[-HKEY_CURRENT_USER\Software\Kitoy Kim]
[-HKEY_CURRENT_USER\Software\kNok]
[-HKEY_CURRENT_USER\Software\ooefxzbc]
[-HKEY_LOCAL_MACHINE\Software\Gossiper]
[-HKEY_LOCAL_MACHINE\Software\MediaGet]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
C:\Windows\system32\csrss.exe=-
C:\Windows\system32\winlogon.exe=-
C:\Windows\system32\wininit.exe=-
C:\Windows\System32\svchost.exe=-
C:\Windows\system32\Dwm.exe=-
C:\Windows\system32\services.exe=-
C:\Windows\system32\LogonUI.exe=-
C:\Windows\system32\taskeng.exe=-
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe=-
C:\Windows\Explorer.EXE=-
C:\Windows\system32\atiesrxx.exe=-

file::
C:\Windows\Tasks\AutoKMS.job
C:\Windows\Tasks\AutoKMSDaily.job
C:\Windows\Tasks\Updater.job
C:\Windows\Tasks\Windows 7 Manager Live Update.job

folder::
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitLord
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaGet2
C:\Users\mzenasni\AppData\Roaming\kkl
C:\Users\mzenasni\AppData\Roaming\Media Get LLC
C:\Users\mzenasni\AppData\Roaming\moovida-1
C:\ProgramData\Media Get LLC
C:\Users\mzenasni\AppData\Local\crazyloader Air
C:\Users\mzenasni\AppData\Local\Media Get LLC
C:\Users\mzenasni\AppData\Local\MediaGet2
C:\Users\mzenasni\AppData\Local\moovida Air
C:\Program Files\BitLord
C:\Program Files\Gossiper
C:\Program Files\Live_TV
C:\Program Files\Messenger_Plus

attrib::
___________________________________________________

copie-le (ctrl+c ou clique droit sur la selection puis => copier)

puis onglet fichier => enregistrer (pas enregistrer sous...) , puis ferme le texte

des fenetres noires risquent de clignoter , c'est normal , c'est le programme qui travaille

poste Pre_Script.txt qui apparaitra sur le bureau en fin de travail
1
Réponse 6 / 51
zenasmus Messages postés 86 Date d'inscription mardi 10 juin 2008 Statut Membre Dernière intervention 11 novembre 2015
30 juin 2011 à 19:42
voici le lien du rapport

http://www.cijoint.fr/cjlink.php?file=cj201106/cijJnxoIKz.txt
0
Réponse 7 / 51
Utilisateur anonyme
30 juin 2011 à 19:47
Fais analyser le(s) fichier(s) suivants sur Virustotal :

Virus Total

clique sur "Parcourir" et trouve puis selectionne ce(s) fichier(s) :

C:\Windows\dwrcs\DWRCS.EXE

* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée colle le lien de(s)( la) page(s) dans ta prochaine réponse.
0
Réponse 8 / 51
zenasmus Messages postés 86 Date d'inscription mardi 10 juin 2008 Statut Membre Dernière intervention 11 novembre 2015
30 juin 2011 à 19:57
voici:

http://www.virustotal.com/file-scan/report.html?id=27af6b57b188467b6a4a1144a4c5d60876c20995f0d1823a688ec5938cba7b93-1305127594
0
Réponse 9 / 51
zenasmus Messages postés 86 Date d'inscription mardi 10 juin 2008 Statut Membre Dernière intervention 11 novembre 2015
30 juin 2011 à 20:33
voici le lien :

http://www.virustotal.com/file-scan/report.html?id=27af6b57b188467b6a4a1144a4c5d60876c20995f0d1823a688ec5938cba7b93-1305127594
0
Réponse 10 / 51
Utilisateur anonyme
1 juil. 2011 à 00:09
le nom du fichier ne correspond pas avec ma demande
0
Réponse 11 / 51
zenasmus Messages postés 86 Date d'inscription mardi 10 juin 2008 Statut Membre Dernière intervention 11 novembre 2015
1 juil. 2011 à 13:13
voici :

http://www.cijoint.fr/cjlink.php?file=cj201107/cijhrrab3I.txt
0
Réponse 12 / 51
Utilisateur anonyme
1 juil. 2011 à 13:15
??
0
Réponse 13 / 51
zenasmus Messages postés 86 Date d'inscription mardi 10 juin 2008 Statut Membre Dernière intervention 11 novembre 2015
1 juil. 2011 à 13:16
--je n'ai pas compris?????
0
Réponse 14 / 51
Utilisateur anonyme
1 juil. 2011 à 13:21
je parlais de virus total
0
Réponse 15 / 51
zenasmus Messages postés 86 Date d'inscription mardi 10 juin 2008 Statut Membre Dernière intervention 11 novembre 2015
1 juil. 2011 à 13:21
-http://www.cijoint.fr/cjlink.php?file=cj201107/cijU7HFmEM.txt
0
Réponse 16 / 51
zenasmus Messages postés 86 Date d'inscription mardi 10 juin 2008 Statut Membre Dernière intervention 11 novembre 2015
1 juil. 2011 à 13:23
--je ne sais pas qu'st ce qui se passe 2 mn
0
Réponse 17 / 51
zenasmus Messages postés 86 Date d'inscription mardi 10 juin 2008 Statut Membre Dernière intervention 11 novembre 2015
1 juil. 2011 à 13:28
le problème je n'arrive pas à m'inscrire sur le site cijoint.fr
0
Réponse 18 / 51
zenasmus Messages postés 86 Date d'inscription mardi 10 juin 2008 Statut Membre Dernière intervention 11 novembre 2015
1 juil. 2011 à 13:32
je n'ai pas d'autre solution:


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan 1.0.2.35 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤ XP | Vista | Seven - 32/64 bits ¤¤¤¤¤

Mis à jour le 30/06/2011 | 17.50 par g3n-h@ckm@n
Informations : http://www.forum-fec.net/t1444-pre_scan-versions
Remontées : http://www.forum-fec.net/t1445-feedback-pre_scan

Utilisateur : mzenasni (Administrateurs)
Ordinateur : INT-HEB-5655

Système d'exploitation : Windows 7 Ultimate (32 bits) Ultimate
Type d'installation : Client
Enregistré sous : adida
Processeur : Intel(R) Core(TM)2 Quad CPU Q9400 @ 2.66GHz
Identification : x86 Family 6 Model 23 Stepping 10
Internet Explorer : 8.0.7600.16385
Mozilla Firefox : 5.0 (fr)
Pare-feu windows : Actif
Windows Defender : Actif

c:\ -> [Fixed] | [] | Total : 136000 Mo | Free : 11300 Mo -> NTFS
d:\ -> [Fixed] | [] | Total : 340930 Mo | Free : 165410 Mo -> NTFS
e:\ -> [CDROM] | [GB1CENVOL_EN_DVD] | Total : 3630 Mo | Free : 0 Mo -> UDF
g:\ -> [CDROM] | [] | Total : 0 Mo | Free : 0 Mo ->
r:\ -> [Network] | [] | Total : 52000 Mo | Free : 41840 Mo -> NTFS

Scan : 12:07:56 | 01/07/2011

¤¤¤¤¤¤¤¤¤¤ Sessions

[HKLM | ProfileList] | S-1-5-21-2334014890-2074115081-2488859327-1000 : ProfileImagePath -> C:\Users\adida
[HKLM | ProfileList] | S-1-5-21-2334014890-2074115081-2488859327-1000 : RefCount -> 0
[HKLM | ProfileList] | S-1-5-21-2334014890-2074115081-2488859327-1000 : State -> 0
[HKLM | ProfileList] | S-1-5-21-3028403037-2726206162-3131094494-1649 : ProfileImagePath -> C:\Users\adida.SHDPINA
[HKLM | ProfileList] | S-1-5-21-3028403037-2726206162-3131094494-1649 : RefCount -> 0
[HKLM | ProfileList] | S-1-5-21-3028403037-2726206162-3131094494-1649 : State -> 0
[HKLM | ProfileList] | S-1-5-21-3028403037-2726206162-3131094494-1650 : ProfileImagePath -> C:\Users\mzenasni
[HKLM | ProfileList] | S-1-5-21-3028403037-2726206162-3131094494-1650 : RefCount -> 1
[HKLM | ProfileList] | S-1-5-21-3028403037-2726206162-3131094494-1650 : State -> 256
[HKLM | ProfileList] | S-1-5-21-3028403037-2726206162-3131094494-500 : ProfileImagePath -> C:\Users\administrateur
[HKLM | ProfileList] | S-1-5-21-3028403037-2726206162-3131094494-500 : RefCount -> 0
[HKLM | ProfileList] | S-1-5-21-3028403037-2726206162-3131094494-500 : State -> 256

¤¤¤¤¤¤¤¤¤¤¤ Processus en cours

Demarrage : Normal

492 | C:\Windows\System32\smss.exe - Système - Normal - \SystemRoot\System32\smss.exe - 4
608 | C:\Windows\system32\csrss.exe - Système - Normal - %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 - 564
688 | C:\Windows\system32\wininit.exe - Système - High - wininit.exe - 564
696 | C:\Windows\system32\csrss.exe - Système - Normal - %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 - 680
736 | C:\Windows\system32\services.exe - Système - Normal - C:\Windows\system32\services.exe - 688
752 | C:\Windows\system32\lsass.exe - Système - Normal - C:\Windows\system32\lsass.exe - 688
760 | C:\Windows\system32\lsm.exe - Système - Normal - C:\Windows\system32\lsm.exe - 688
864 | C:\Windows\system32\svchost.exe - Système - Normal - C:\Windows\system32\svchost.exe -k DcomLaunch - 736
956 | C:\Windows\system32\winlogon.exe - Système - High - winlogon.exe - 680
996 | C:\Windows\system32\svchost.exe - SERVICE RÉSEAU - Normal - C:\Windows\system32\svchost.exe -k RPCSS - 736
1056 | C:\Windows\system32\atiesrxx.exe - Système - Normal - C:\Windows\system32\atiesrxx.exe - 736
1100 | C:\Windows\System32\svchost.exe - SERVICE LOCAL - Normal - C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted - 736
1152 | C:\Windows\System32\svchost.exe - Système - Normal - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted - 736
1188 | C:\Windows\system32\svchost.exe - Système - Normal - C:\Windows\system32\svchost.exe -k netsvcs - 736
1376 | C:\Windows\system32\svchost.exe - SERVICE LOCAL - Normal - C:\Windows\system32\svchost.exe -k LocalService - 736
1424 | C:\Windows\system32\atieclxx.exe - Système - Normal - atieclxx - 1056
1580 | C:\Windows\system32\svchost.exe - SERVICE RÉSEAU - Normal - C:\Windows\system32\svchost.exe -k NetworkService - 736
1760 | C:\Windows\System32\spoolsv.exe - Système - Normal - C:\Windows\System32\spoolsv.exe - 736
1808 | C:\Windows\system32\svchost.exe - SERVICE LOCAL - Normal - C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork - 736
1932 | C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe - Système - Normal - "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" -r - 736
1968 | C:\Program Files\Bonjour\mDNSResponder.exe - Système - Normal - "C:\Program Files\Bonjour\mDNSResponder.exe" - 736
2012 | C:\Windows\dwrcs\DWRCS.EXE - Système - Normal - C:\Windows\dwrcs\DWRCS.EXE -service - 736
508 | C:\Windows\system32\svchost.exe - SERVICE LOCAL - Normal - C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation - 736
544 | C:\Windows\system32\IProsetMonitor.exe - Système - Normal - C:\Windows\system32\IProsetMonitor.exe - 736
572 | C:\Windows\system32\svchost.exe - SERVICE LOCAL - Normal - C:\Windows\system32\svchost.exe -k imgsvc - 736
2072 | C:\Windows\System32\svchost.exe - Système - Normal - C:\Windows\System32\svchost.exe -k WerSvcGroup - 736
2108 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE - Système - Normal - "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" - 736
2360 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe - Système - Normal - WLIDSvcM.exe 2108 - 2108
2764 | C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE - SERVICE RÉSEAU - Normal - "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" - 736
2924 | C:\Windows\system32\svchost.exe - SERVICE RÉSEAU - Normal - C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted - 736
3052 | C:\Windows\System32\svchost.exe - SERVICE LOCAL - Normal - C:\Windows\System32\svchost.exe -k LocalServicePeerNet - 736
3388 | C:\Windows\dwrcs\DWRCST.exe - mzenasni - Normal - 6129 - 2012
3484 | C:\Windows\system32\taskhost.exe - mzenasni - Normal - taskhost.exe USER - 736
3636 | C:\Windows\system32\Dwm.exe - mzenasni - High - "C:\Windows\system32\Dwm.exe" - 1152
3748 | C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe - mzenasni - Normal - "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" - 3672
3348 | C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe - mzenasni - Normal - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray - 3672
3324 | C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe - mzenasni - Normal - "C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe" /watchfiles startup - 3672
3860 | C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe - mzenasni - Normal - "C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" -tray - 3672
1924 | C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE - mzenasni - Normal - "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" - 3672
2960 | C:\Program Files\Skype\Phone\Skype.exe - mzenasni - Normal - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized - 3672
3924 | C:\Program Files\Internet Download Manager\IDMan.exe - mzenasni - Normal - "C:\Program Files\Internet Download Manager\IDMan.exe" /onboot - 3672
4296 | C:\Program Files\Internet Download Manager\IEMonitor.exe - mzenasni - Normal - "C:\Program Files\Internet Download Manager\IEMonitor.exe" - 3924
4380 | C:\Program Files\PC Connectivity Solution\ServiceLayer.exe - Système - Normal - "C:\Program Files\PC Connectivity Solution\ServiceLayer.exe" - 736
4616 | C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe - Système - High - {CA1E2503-69FD-4ACD-B2B9-4EDE21C09ADE} - 4380
4660 | C:\Windows\System32\mobsync.exe - mzenasni - Normal - C:\Windows\System32\mobsync.exe -Embedding - 864
4804 | C:\Windows\system32\wbem\wmiprvse.exe - SERVICE RÉSEAU - Normal - C:\Windows\system32\wbem\wmiprvse.exe - 864
5092 | C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe - Système - High - {CF000141-DA69-4C19-8A82-17313502412F} - 4380
5344 | C:\Windows\System32\svchost.exe - Système - Normal - C:\Windows\System32\svchost.exe -k secsvcs - 736
3936 | C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe - mzenasni - High - {106B2759-E487-4CA8-AAD2-35FF7A6365DA} - 4380
4412 | C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe - mzenasni - Normal - "C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe" - 3860
168 | C:\Program Files\Microsoft Office\Office14\GROOVE.EXE - mzenasni - Normal - "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /TrayOnly - 3672
3220 | C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe - Système - Normal - "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" - 736
604 | C:\Program Files\Nero\Update\NASvc.exe - Système - Normal - "C:\Program Files\Nero\Update\NASvc.exe" - 736
5736 | C:\Windows\system32\AUDIODG.EXE - SERVICE LOCAL - Normal - C:\Windows\system32\AUDIODG.EXE 0x270 - 1100
5372 | C:\Windows\system32\DllHost.exe - mzenasni - Normal - C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} - 864
2300 | C:\Windows\system32\taskeng.exe - mzenasni - Normal - taskeng.exe {5DF97403-EAED-4408-92D2-4A70E97DAE38} - 1188
2584 | C:\Users\mzenasni\Desktop\Pre_scan.exe - mzenasni - High - "C:\Users\mzenasni\Desktop\Pre_scan.exe" - 3672
1132 | C:\Windows\system32\cmd.exe - mzenasni - Normal - cmd /c ""C:\Kill'em\Pv.bat" " - 2584
3340 | C:\Windows\system32\conhost.exe - mzenasni - Normal - \??\C:\Windows\system32\conhost.exe - 696
7116 | C:\Kill'em\Pv.exe - mzenasni - Normal - C:\Kill'em\pv.exe -o"%i | %f - %u - %p - %l - %r" - 1132

¤¤¤¤¤¤¤¤¤¤ Démarrage principaux avant suppression

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [?]
"NokiaOviSuite2"=C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray [?]
"OfficeSyncProcess"="C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" [?]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [?]
"MediaGet2"=C:\Users\mzenasni\AppData\Local\MediaGet2\mediaget.exe --minimized [?]
"IDMan"=C:\Program Files\Internet Download Manager\IDMan.exe /onboot [?]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [?]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [?]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime [?]
"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [?]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [?]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [?]
"Malwarebytes' Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [?]
"NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup [?]
"DameWare MRC Agent"=C:\Windows\dwrcs\DWRCST.exe [16/06/2011|07:22:48]

¤¤¤¤¤¤¤¤¤¤ Autres Démarrages Silencieux


¤

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] | {B5A7F190-DDA6-4420-B3BA-52453494E6CD} -> Groove GFS Stub Execution Hook
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar] | {7c5c0f58-e061-457d-9033-77307f5ed00c} -> TorrentMan Toolbar
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar] | {EF99BD32-C1FB-11D2-892F-0090271D4F88} -> 0x00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar] | {0a452a47-c5a8-4854-a237-4b9b06b376f0} -> Gossiper Toolbar
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar] | {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} -> Messenger Plus Toolbar
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar] | {D4027C7F-154A-4066-A1AD-4243D8127440} -> 0x00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {00C6D95F-329C-409a-81D7-C46C66EA7F33} ->
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {80009818-f38f-4af1-87b5-eadab9433e58} -> MF ADTS Property Handler
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> WinRAR shell extension
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {F764812A-132C-4013-9960-5CBBEB408A0E} -> Nero Shell Extension
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} -> Shell Extensions for RealOne Player
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} -> PowerISO
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {5E2121EE-0300-11D4-8D3B-444553540000} -> Catalyst Context Menu extension
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {872A9397-E0D6-4e28-B64D-52B8D0A7EA35} -> Display CPL Extension
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {AD392E40-428C-459F-961E-9B147782D099} -> UltraISO
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {79BC0345-1015-11D2-A299-006008312725} -> blue.shell
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {81E3EEF3-EE35-4FAF-8588-8196C8F6B1BE} -> Oxygen Express Context Menu Shell Extension
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {E2CB0FA1-5AB0-4886-A8CE-7A84D1B9B261} -> Oxygen Express Context Menu Shell Extension
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {9318A0B9-1B4A-44AA-9BEE-61E6A42936BA} -> Oxygen Express Property Sheet Shell Extension
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} -> Nokia Phone Browser
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {06A2568A-CED6-4187-BB20-400B8C02BE5A} ->
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {00F33137-EE26-412F-8D71-F84E4C2C6625} ->
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} -> Windows Live Photo Gallery Autoplay Drop Target
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} -> Windows Live Photo Gallery Viewer Drop Target
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {00F374B7-B390-4884-B372-2FC349F2172B} -> Windows Live Photo Gallery Editor Drop Target
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} -> Windows Live Photo Gallery Viewer Drop Target Shim
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} -> Windows Live Photo Gallery Editor Drop Target Shim
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {00F30F90-3E96-453B-AFCD-D71989ECC2C7} -> Windows Live Photo Gallery Autoplay Drop Target Shim
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {42042206-2D85-11D3-8CFF-005004838597} -> Microsoft Office HTML Icon Handler
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} -> Microsoft Office Metadata Handler
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} -> Microsoft Office Thumbnail Handler
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} -> Groove Namespace Extension
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} -> Microsoft OneNote Namespace Extension for Windows Desktop Search
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {506F4668-F13E-4AA1-BB04-B43203AB3CC0} -> {506F4668-F13E-4AA1-BB04-B43203AB3CC0}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {D66DC78C-4F61-447F-942B-3FB6980118CF} -> {D66DC78C-4F61-447F-942B-3FB6980118CF}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> Groove GFS Browser Helper
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {6C467336-8281-4E60-8204-430CED96822D} -> Groove GFS Context Menu Handler
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} -> Groove GFS Explorer Bar
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {16F3DD56-1AF5-4347-846D-7C10C4192619} -> Groove Explorer Icon Overlay 3 (GFS Folder)
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {B5A7F190-DDA6-4420-B3BA-52453494E6CD} -> Groove GFS Stub Execution Hook
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {A449600E-1DC6-4232-B948-9BD794D62056} -> Groove GFS Stub Icon Handler
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} -> Groove Explorer Icon Overlay 2 (GFS Stub)
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {920E6DB1-9907-4370-B3A0-BAFC03D81399} -> Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} -> Groove Explorer Icon Overlay 4 (GFS Unread Mark)
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {99FD978C-D287-4F50-827F-B2C658EDA8E7} -> Groove Explorer Icon Overlay 1 (GFS Unread Stub)
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {387E725D-DC16-4D76-B310-2C93ED4752A0} -> Groove XML Icon Handler
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {00020D75-0000-0000-C000-000000000046} -> Microsoft Outlook Desktop Icon Handler
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {0006F045-0000-0000-C000-000000000046} -> Microsoft Outlook Custom Icon Handler
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {358B5852-38EB-4549-9D8A-B90C9DCAD0DB} -> DMRC Shell Extension V2
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {CDC95B92-E27C-4745-A8C5-64A52A78855D} -> IDM Shell Extension
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {327669A0-59A7-4be9-B99E-1C9F3A57611A} -> Haali Matroska Thumbnail Exctractor

¤¤¤¤¤¤¤¤¤¤ BHO

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}] | (IDM integration (IDMIEHlprObj Class)) -> C:\Program Files\Internet Download Manager\IDMIECC.dll [09/06/2011|16:52:11]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] | (&Yahoo! Toolbar Helper) -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [28/07/2008|11:47:40]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0a452a47-c5a8-4854-a237-4b9b06b376f0}] | (Gossiper Toolbar) -> C:\Program Files\Gossiper\tbGoss.dll [06/10/2010|19:00:40]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] | (Adobe PDF Link Helper) -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [22/09/2010|18:04:14]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}] | (IEVkbdBHO Class) -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll [24/04/2011|23:13:06]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] | (Groove GFS Browser Helper) -> C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [25/03/2010|10:25:22]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}] | (TorrentMan Toolbar) -> C:\Program Files\TorrentMan\tbTorr.dll [28/09/2010|22:14:53]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] | (Windows Live ID Sign-in Helper) -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [21/09/2010|14:08:38]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] | (Office Document Cache Handler) -> C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [28/02/2010|02:20:14]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}] | (Messenger Plus Toolbar) -> C:\Program Files\Messenger_Plus\prxtbMess.dll [05/05/2011|16:04:41]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] | (LimeWire Toolbar) -> [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] | (Java(tm) Plug-In 2 SSV Helper) -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [30/09/2010|12:02:24]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}] | (FilterBHO Class) -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll [24/04/2011|23:13:12]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}] | (SingleInstance Class) -> C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [28/07/2008|11:47:42]

¤¤¤¤¤¤¤¤¤¤ ActiveX

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] | WMPACCESS -> Microsoft Windows Media Player
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] | IEACCESS -> Internet Explorer
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] | BRANDING.CAB -> Browser Customizations
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}] | JAVAVM -> Java (Sun)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] | -> Microsoft Windows Media Player 12.0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] | Theme Component -> Themes Setup
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2D46B6DC-2207-486B-B523-A557E6D54B47}] | ClearIconCache -> Internet Explorer
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}] | MobilePk -> Offline Browsing Pack
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] | MailNews -> Microsoft Windows
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}] | DirectDrawEx -> DirectDrawEx
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}] | HelpCont -> Internet Explorer Help
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}] | MSVBScript -> Microsoft Windows Script 5.6
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}] | GenSetup -> Internet Explorer Setup Tools
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}] | ExtraPack -> Browsing Enhancements
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] | Microsoft Windows Media Player -> Microsoft Windows Media Player
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}] | MSN_Auth -> MSN Site Access
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] | -> Address Book 7
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}] | .NETFramework -> .NET Framework
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7C665EAA-E544-C2DB-932E-7128F7DEAC0E}] | -> Microsoft Windows Media Player 12.0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] | IE4_SHELLID -> Windows Desktop Update
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] | BASEIE40_W2K -> Web Platform Customizations
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] | DOTNETFRAMEWORKS ->
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}] | Tridata -> Dynamic HTML Data Binding
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}] | .NETFramework -> .NET Framework
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}] | Fontcore -> Internet Explorer Core Fonts
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}] | HTMLHelp -> HTML Help
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}] | Yahoo! Messenger ->
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}] | ADSI -> Active Directory Service Interface

¤¤¤¤¤¤¤¤¤¤ Winlogon

[HKLM | Winlogon] | Shell : Explorer.exe
[HKLM | Winlogon] | AutoRestartShell : 1
[HKLM | Winlogon] | userinit : C:\Windows\system32\Userinit.exe,
[HKLM | Winlogon] | PowerDownAfterShutdown : 1
[HKLM | Winlogon] | System :
[HKLM | Winlogon] | Taskman :

¤¤¤¤¤¤¤¤¤¤ Winlogon\Notify

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]

¤¤¤¤¤¤¤¤¤¤ Associations

[.exe] : exefile
[exefile | command] : "%1" %*
[.com] : ComFile
[comfile | command] : "%1" %*
[.reg] : regfile
[regfile | command] : regedit.exe "%1"
[.scr] : scrfile
[scrfile | command] : "%1" /S
[.bat] : batfile
[batfile | command] : "%1" %*
[.cmd] : cmdfile
[cmdfile | command] : "%1" %*
[.pif] : piffile
[piffile | command] : "%1" %*
[.url] : InternetShortcut
[InternetShortcut | command] : "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l
[Application.Manifest | command] : rundll32.exe dfshim.dll,ShOpenVerbApplication %1
[Application.Reference | command] : rundll32.exe dfshim.dll,ShOpenVerbShortcut %1|%2
[Folder | command] : C:\Windows\explorer.exe

¤

[Firefox | Command] | @ : "C:\Program Files\Mozilla Firefox\Firefox.exe"
[Firefox - Safemode | Command] | @ : "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
[IE | Command] | @ : "C:\Program Files\Internet Explorer\iexplore.exe"
[Applications | IE | Command] | @ : "C:\Program Files\Internet Explorer\iexplore.exe" %1
[Safari | Command] | @ : "C:\Program Files\Safari\Safari.exe"
[Assoc | Applications] | @ : http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s

¤¤¤¤¤¤¤¤¤¤ Divers

[HKLM | HideDesktopIcons\ClassicStartMenu] | {9343812e-1c37-4a49-a12e-4b2d810d956b} : 0
[HKLM | HideDesktopIcons\NewStartPanel] | {F02C1A0D-BE21-4350-88B0-7367FC96EF3C} : 0
[HKLM | HideDesktopIcons\NewStartPanel] | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 0
[HKLM | HideDesktopIcons\NewStartPanel] | {208D2C60-3AEA-1069-A2D7-08002B30309D} : 0
[HKLM | HideDesktopIcons\NewStartPanel] | {871C5380-42A0-1069-A2EA-08002B30309D} : 0
[HKLM | HideDesktopIcons\NewStartPanel] | {5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0} : 0
[HKLM | HideDesktopIcons\NewStartPanel] | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 0
[HKLM | HideDesktopIcons\NewStartPanel] | {9343812e-1c37-4a49-a12e-4b2d810d956b} : 0
[HKCU | Desktop] | Wallpaper : C:\Users\mzenasni\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
[HKCU | policies\Explorer] | NoDriveTypeAutoRun : 145
[HKLM | policies\Explorer] | NoDriveTypeAutoRun : 145

¤¤¤¤¤¤¤¤¤¤ Services

[Ndisuio] | Start : 3 : Actif
[Power] | Start : 2 : Actif
[Profsvc] | Start : 2 : Actif
[PlugPlay] | Start : 2 : Actif
[PEAUTH] | Start : 2 : Actif
[Parvdm] | Start : 2 : Inactif
[nsi] | Start : 2 : Actif
[NLASvc] | Start : 2 : Actif
[MPSsvc] | Start : 2 : Actif
[MMCSS] | Start : 2 : Actif
[luafv] | Start : 2 : Actif
[lltdio] | Start : 2 : Actif
[Iphlpsvc] | Start : 2 : Actif
[IKEEXT] | Start : 2 : Actif
[gpsvc] | Start : 2 : Actif
[lmhosts] | Start : 2 : Actif
[LanmanWorkstation] | Start : 2 : Actif
[LanmanServer] | Start : 2 : Actif
[agp440] | Start : 2 : Inactif
[AudioEndpointBuilder] | Start : 2 : Actif
[Audiosrv] | Start : 2 : Actif
[BFE] | Start : 2 : Actif
[Bits] | Start : 2 : Actif
[CryptSvc] | Start : 2 : Actif
[EapHost] | Start : 2 : Actif
[Wlansvc] | Start : 2 : Actif
[SharedAccess] | Start : 2 : Inactif
[windefend] | Start : 2 : Actif
[wuauserv] | Start : 2 : Actif
[WerSvc] | Start : 2 : Actif
[wscsvc] | Start : 2 : Actif

¤¤¤¤¤¤¤¤¤¤ Internet Explorer

[HKCU | Main] | Start Page : https://www.google.com/?gws_rd=ssl
[HKCU | Main] | Local Page : C:\Windows\system32\blank.htm
[HKCU | Main] | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKLM | Main] | Start Page : https://www.msn.com/fr-fr/?ocid=iehp
[HKLM | Main] | Local Page : -> C:\Windows\system32\blank.htm
[HKLM | Main] | Default_Search_URL : https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKLM | Main] | Default_Page_URL : https://www.msn.com/fr-fr/?ocid=iehp
[HKLM | Main] | Search Page : https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

¤

[HKCU | PhishingFilter] | Enabled : 2
[HKCU | PhishingFilter] | EnabledV8 : 1
[HKCU | Internet settings] | ProxyOverride : *.local
[HKCU | Internet Settings] | MigrateProxy : 1
[HKCU | Internet Settings] | WarnonBadCertRecving : 1
[HKCU | Internet Settings] | WarnOnHTTPSToHTTPRedirect : 1
[HKCU | Internet Settings] | WarnonZoneCrossing : 1
[HKCU | Internet Settings] | AutoConfigProxy : 0

¤¤¤¤¤¤¤¤¤¤ DNS

[HKLM\CCS | Tcpip\Parameters] | DhcpNameServer -> 10.5.1.17 10.5.1.11
[HKLM\CCS | Interfaces\{F6F5B491-6657-4E50-A63E-E38CD9AA9F36}] | DhcpNameServer -> 10.5.1.17 10.5.1.11
[HKLM\CS001 | Interfaces\{F6F5B491-6657-4E50-A63E-E38CD9AA9F36}] | DhcpNameServer -> 10.5.1.17 10.5.1.11
[HKLM\CS002 | Interfaces\{F6F5B491-6657-4E50-A63E-E38CD9AA9F36}] | DhcpNameServer -> 10.5.1.17 10.5.1.11

¤¤¤¤¤¤¤¤¤¤ Hosts


¤¤¤¤¤¤¤¤¤¤ HKCU\Software

[HKEY_CURRENT_USER\Software\AC3filter]
[HKEY_CURRENT_USER\Software\Adobe]
[HKEY_CURRENT_USER\Software\AMD]
[HKEY_CURRENT_USER\Software\AppDataLow]
[HKEY_CURRENT_USER\Software\Apple Computer, Inc.]
[HKEY_CURRENT_USER\Software\Apple Inc.]
[HKEY_CURRENT_USER\Software\ATI]
[HKEY_CURRENT_USER\Software\Avfxaug]
[HKEY_CURRENT_USER\Software\AVS4YOU]
[HKEY_CURRENT_USER\Software\Awcfnakk]
[HKEY_CURRENT_USER\Software\BenVista]
[HKEY_CURRENT_USER\Software\BitComet]
[HKEY_CURRENT_USER\Software\BitComet eMule plugin]
[HKEY_CURRENT_USER\Software\BitComet Ultra Accelerator]
[HKEY_CURRENT_USER\Software\BitLord]
[HKEY_CURRENT_USER\Software\BSD]
[HKEY_CURRENT_USER\Software\Caphyon]
[HKEY_CURRENT_USER\Software\Clients]
[HKEY_CURRENT_USER\Software\Convar]
[HKEY_CURRENT_USER\Software\CoreVorbis]
[HKEY_CURRENT_USER\Software\cybelsoft]
[HKEY_CURRENT_USER\Software\Datastead]
[HKEY_CURRENT_USER\Software\Debug]
[HKEY_CURRENT_USER\Software\Digital River]
[HKEY_CURRENT_USER\Software\DivXNetworks]
[HKEY_CURRENT_USER\Software\DownloadManager]
[HKEY_CURRENT_USER\Software\dskMetrics]
[HKEY_CURRENT_USER\Software\DSS]
[HKEY_CURRENT_USER\Software\DT Soft]
[HKEY_CURRENT_USER\Software\EasyBits]
[HKEY_CURRENT_USER\Software\EasyBoot Systems]
[HKEY_CURRENT_USER\Software\EasySetup]
[HKEY_CURRENT_USER\Software\Elecard]
[HKEY_CURRENT_USER\Software\FileMaker]
[HKEY_CURRENT_USER\Software\g3n-h@ckm@n]
[HKEY_CURRENT_USER\Software\Gabest]
[HKEY_CURRENT_USER\Software\GNU]
[HKEY_CURRENT_USER\Software\Google]
[HKEY_CURRENT_USER\Software\GSpot Appliance Corp]
[HKEY_CURRENT_USER\Software\Haali]
[HKEY_CURRENT_USER\Software\HariSoft]
[HKEY_CURRENT_USER\Software\Hewlett-Packard]
[HKEY_CURRENT_USER\Software\IM Providers]
[HKEY_CURRENT_USER\Software\ImTOO]
[HKEY_CURRENT_USER\Software\Intel]
[HKEY_CURRENT_USER\Software\iXi Tools]
[HKEY_CURRENT_USER\Software\JavaSoft]
[HKEY_CURRENT_USER\Software\KasperskyLab]
[HKEY_CURRENT_USER\Software\KillBox]
[HKEY_CURRENT_USER\Software\Kitoy Kim]
[HKEY_CURRENT_USER\Software\kNok]
[HKEY_CURRENT_USER\Software\Leadertech]
[HKEY_CURRENT_USER\Software\LightScribe]
[HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications]
[HKEY_CURRENT_USER\Software\Macromedia]
[HKEY_CURRENT_USER\Software\madFlac]
[HKEY_CURRENT_USER\Software\MagicISO]
[HKEY_CURRENT_USER\Software\Magix]
[HKEY_CURRENT_USER\Software\MAGIX AG]
[HKEY_CURRENT_USER\Software\Magnet]
[HKEY_CURRENT_USER\Software\MainConcept]
[HKEY_CURRENT_USER\Software\MainConcept (Adobe2)]
[HKEY_CURRENT_USER\Software\Malwarebytes' Anti-Malware]
[HKEY_CURRENT_USER\Software\MediaTek]
[HKEY_CURRENT_USER\Software\Microsoft]
[HKEY_CURRENT_USER\Software\Minnetonka Audio Software]
[HKEY_CURRENT_USER\Software\Move Media Player]
[HKEY_CURRENT_USER\Software\MoveNetworks]
[HKEY_CURRENT_USER\Software\Mozilla]
[HKEY_CURRENT_USER\Software\MozillaPlugins]
[HKEY_CURRENT_USER\Software\MyHeritage.com]
[HKEY_CURRENT_USER\Software\Nero]
[HKEY_CURRENT_USER\Software\Netscape]
[HKEY_CURRENT_USER\Software\Nokia]
[HKEY_CURRENT_USER\Software\Nokia Mobile Phones]
[HKEY_CURRENT_USER\Software\NokiaTool]
[HKEY_CURRENT_USER\Software\NVIDIA Corporation]
[HKEY_CURRENT_USER\Software\ODBC]
[HKEY_CURRENT_USER\Software\ooefxzbc]
[HKEY_CURRENT_USER\Software\ORACLE]
[HKEY_CURRENT_USER\Software\Pinnacle Systems]
[HKEY_CURRENT_USER\Software\Piriform]
[HKEY_CURRENT_USER\Software\Policies]
[HKEY_CURRENT_USER\Software\PowerISO]
[HKEY_CURRENT_USER\Software\Random's]
[HKEY_CURRENT_USER\Software\RealNetworks]
[HKEY_CURRENT_USER\Software\Roxio]
[HKEY_CURRENT_USER\Software\SafeSoft]
[HKEY_CURRENT_USER\Software\Scalable]
[HKEY_CURRENT_USER\Software\SecureMedia]
[HKEY_CURRENT_USER\Software\SereneScreen]
[HKEY_CURRENT_USER\Software\Siber Systems]
[HKEY_CURRENT_USER\Software\Skype]
[HKEY_CURRENT_USER\Software\Smart Projects]
[HKEY_CURRENT_USER\Software\Softonic]
[HKEY_CURRENT_USER\Software\SpeedBit]
[HKEY_CURRENT_USER\Software\Stardock]
[HKEY_CURRENT_USER\Software\SubSystems]
[HKEY_CURRENT_USER\Software\SWiSHzone.com]
[HKEY_CURRENT_USER\Software\Sysinternals]
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\tvp]
[HKEY_CURRENT_USER\Software\UniqueSW]
[HKEY_CURRENT_USER\Software\Uniscope]
[HKEY_CURRENT_USER\Software\Usbfix]
[HKEY_CURRENT_USER\Software\VB and VBA Program Settings]
[HKEY_CURRENT_USER\Software\VOB]
[HKEY_CURRENT_USER\Software\Windows 7 - Codec Pack]
[HKEY_CURRENT_USER\Software\WinRAR]
[HKEY_CURRENT_USER\Software\WinRAR SFX]
[HKEY_CURRENT_USER\Software\Yahoo]
[HKEY_CURRENT_USER\Software\Yamicsoft]
[HKEY_CURRENT_USER\Software\Yuna Software]
[HKEY_CURRENT_USER\Software\Classes]

¤¤¤¤¤¤¤¤¤¤ HKLM\Software

[HKEY_LOCAL_MACHINE\Software\685D6D1C-D73A-4F37-B7E5E53660311DDB]
[HKEY_LOCAL_MACHINE\Software\Adobe]
[HKEY_LOCAL_MACHINE\Software\AGEIA Technologies]
[HKEY_LOCAL_MACHINE\Software\AMD]
[HKEY_LOCAL_MACHINE\Software\AppDataLow]
[HKEY_LOCAL_MACHINE\Software\Apple Computer, Inc.]
[HKEY_LOCAL_MACHINE\Software\Apple Inc.]
[HKEY_LOCAL_MACHINE\Software\ATI]
[HKEY_LOCAL_MACHINE\Software\ATI Technologies]
[HKEY_LOCAL_MACHINE\Software\AVS4YOU]
[HKEY_LOCAL_MACHINE\Software\Bitcomet Ultra Accelerator]
[HKEY_LOCAL_MACHINE\Software\BrowserChoice]
[HKEY_LOCAL_MACHINE\Software\BSD]
[HKEY_LOCAL_MACHINE\Software\Classes]
[HKEY_LOCAL_MACHINE\Software\Clients]
[HKEY_LOCAL_MACHINE\Software\CrazyLoader]
[HKEY_LOCAL_MACHINE\Software\cybelsoft]
[HKEY_LOCAL_MACHINE\Software\D-Unlocker]
[HKEY_LOCAL_MACHINE\Software\DameWare Development]
[HKEY_LOCAL_MACHINE\Software\DICE]
[HKEY_LOCAL_MACHINE\Software\Digital River]
[HKEY_LOCAL_MACHINE\Software\Distributed Computing Technologies, Inc.]
[HKEY_LOCAL_MACHINE\Software\DivX]
[HKEY_LOCAL_MACHINE\Software\DivXNetworks]
[HKEY_LOCAL_MACHINE\Software\DoesNotExist]
[HKEY_LOCAL_MACHINE\Software\DT Soft]
[HKEY_LOCAL_MACHINE\Software\EasyBoot Systems]
[HKEY_LOCAL_MACHINE\Software\Electronic Arts]
[HKEY_LOCAL_MACHINE\Software\FAST Multimedia]
[HKEY_LOCAL_MACHINE\Software\FileMaker]
[HKEY_LOCAL_MACHINE\Software\FVDCNV]
[HKEY_LOCAL_MACHINE\Software\GEAR Software]
[HKEY_LOCAL_MACHINE\Software\Global IP Solutions]
[HKEY_LOCAL_MACHINE\Software\GNU]
[HKEY_LOCAL_MACHINE\Software\Godlike Developers]
[HKEY_LOCAL_MACHINE\Software\Google]
[HKEY_LOCAL_MACHINE\Software\Gossiper]
[HKEY_LOCAL_MACHINE\Software\HaaliMkx]
[HKEY_LOCAL_MACHINE\Software\Hewlett-Packard]
[HKEY_LOCAL_MACHINE\Software\Hewlett-Packard Company]
[HKEY_LOCAL_MACHINE\Software\Imagineer Systems Ltd]
[HKEY_LOCAL_MACHINE\Software\InstallShield]
[HKEY_LOCAL_MACHINE\Software\Intel]
[HKEY_LOCAL_MACHINE\Software\Internet Download Manager]
[HKEY_LOCAL_MACHINE\Software\iTinySoft]
[HKEY_LOCAL_MACHINE\Software\JavaSoft]
[HKEY_LOCAL_MACHINE\Software\JDownloader]
[HKEY_LOCAL_MACHINE\Software\JreMetrics]
[HKEY_LOCAL_MACHINE\Software\KasperskyLab]
[HKEY_LOCAL_MACHINE\Software\Khronos]
[HKEY_LOCAL_MACHINE\Software\Licenses]
[HKEY_LOCAL_MACHINE\Software\Lidan]
[HKEY_LOCAL_MACHINE\Software\Macromedia]
[HKEY_LOCAL_MACHINE\Software\Macrovision]
[HKEY_LOCAL_MACHINE\Software\MagicISO]
[HKEY_LOCAL_MACHINE\Software\MAGIX]
[HKEY_LOCAL_MACHINE\Software\Malwarebytes' Anti-Malware]
[HKEY_LOCAL_MACHINE\Software\MediaGet]
[HKEY_LOCAL_MACHINE\Software\Messenger_Plus]
[HKEY_LOCAL_MACHINE\Software\Microsoft]
[HKEY_LOCAL_MACHINE\Software\MimarSinan]
[HKEY_LOCAL_MACHINE\Software\Minnetonka Audio Software]
[HKEY_LOCAL_MACHINE\Software\Mozilla]
[HKEY_LOCAL_MACHINE\Software\mozilla.org]
[HKEY_LOCAL_MACHINE\Software\MozillaPlugins]
[HKEY_LOCAL_MACHINE\Software\MyHeritage.com]
[HKEY_LOCAL_MACHINE\Software\Nero]
[HKEY_LOCAL_MACHINE\Software\Nokia]
[HKEY_LOCAL_MACHINE\Software\Nokia Mobile Phones]
[HKEY_LOCAL_MACHINE\Software\ODBC]
[HKEY_LOCAL_MACHINE\Software\OMSI]
[HKEY_LOCAL_MACHINE\Software\ORACLE]
[HKEY_LOCAL_MACHINE\Software\PC Connectivity Solution]
[HKEY_LOCAL_MACHINE\Software\PCSuite]
[HKEY_LOCAL_MACHINE\Software\Pegasus Imaging]
[HKEY_LOCAL_MACHINE\Software\PegasusImaging]
[HKEY_LOCAL_MACHINE\Software\Pinnacle Systems]
[HKEY_LOCAL_MACHINE\Software\Piriform]
[HKEY_LOCAL_MACHINE\Software\PixArt]
[HKEY_LOCAL_MACHINE\Software\Policies]
[HKEY_LOCAL_MACHINE\Software\PowerISO]
[HKEY_LOCAL_MACHINE\Software\Prolific Technology INC]
[HKEY_LOCAL_MACHINE\Software\RealNetworks]
[HKEY_LOCAL_MACHINE\Software\RegisteredApplications]
[HKEY_LOCAL_MACHINE\Software\RichFX]
[HKEY_LOCAL_MACHINE\Software\Roxio]
[HKEY_LOCAL_MACHINE\Software\S3R521]
[HKEY_LOCAL_MACHINE\Software\SenBit]
[HKEY_LOCAL_MACHINE\Software\SereneScreen]
[HKEY_LOCAL_MACHINE\Software\ShuangSoft]
[HKEY_LOCAL_MACHINE\Software\Siber Systems]
[HKEY_LOCAL_MACHINE\Software\SigMa Chip]
[HKEY_LOCAL_MACHINE\Software\Skype]
[HKEY_LOCAL_MACHINE\Software\Sonic]
[HKEY_LOCAL_MACHINE\Software\SpeedBit]
[HKEY_LOCAL_MACHINE\Software\Swearware]
[HKEY_LOCAL_MACHINE\Software\Synthetic Aperture]
[HKEY_LOCAL_MACHINE\Software\TorrentMan]
[HKEY_LOCAL_MACHINE\Software\TrendMicro]
[HKEY_LOCAL_MACHINE\Software\Unlock Codes Calculator v1.1 (by Crux)]
[HKEY_LOCAL_MACHINE\Software\VideoLAN]
[HKEY_LOCAL_MACHINE\Software\Volatile]
[HKEY_LOCAL_MACHINE\Software\WinISO]
[HKEY_LOCAL_MACHINE\Software\WinRAR]
[HKEY_LOCAL_MACHINE\Software\WombatUpdater]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node]
[HKEY_LOCAL_MACHINE\Software\Xara]
[HKEY_LOCAL_MACHINE\Software\Xing Technology Corp.]
[HKEY_LOCAL_MACHINE\Software\Yahoo]
[HKEY_LOCAL_MACHINE\Software\Yuna Software]
[HKEY_LOCAL_MACHINE\Software\Z3X]

¤¤¤¤¤¤¤¤¤¤ Processus

C:\Users\mzenasni\AppData\Local\MediaGet2\mediaget.exe -> Processus stoppé

¤¤¤¤¤¤¤¤¤¤ Traitement Fichiers | Dossiers | Registre

Mise en quarantaine : C:\$Recycle.bin\S-1-5-21-3028403037-2726206162-3131094494-1650\desktop.ini
Erreur de suppression : C:\Users\mzenasni\AppData\Local\Symbian-Toys.com
Clé Supprimée : [HKLM | Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar]
Erreur de suppression : C:\Windows\Temp\klsD182.tmp
Erreur de suppression : C:\Windows\Temp\klsD182.tmp
Mise en quarantaine : C:\Users\mzenasni\AppData\Local\Temp\TFR625F.tmp
Mise en quarantaine : C:\Users\mzenasni\AppData\Local\Temp\TFREB61.tmp

¤¤¤¤¤¤¤¤¤¤ IFEO


¤¤¤¤¤¤¤¤¤¤ Mountpoints2



¤¤¤¤¤¤¤¤¤¤ %StartMenu%

[14/07/2009|05:46:35] | C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
[14/07/2009|05:37:43] | C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
[15/10/2010|10:47:53] | C:\ProgramData\Microsoft\Windows\Start Menu\My 7 Optimizer
[28/09/2010|19:19:21] | C:\ProgramData\Microsoft\Windows\Start Menu\Programmes
[14/07/2009|03:37:05] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs
[14/07/2009|05:37:43] | C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk

¤¤¤¤¤¤¤¤¤¤ %StartMenu%\Programs

[14/07/2009|03:37:05] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[14/07/2009|05:52:30] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[15/01/2011|11:12:23] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CS4.lnk
[15/01/2011|11:10:28] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS4.lnk
[10/12/2010|15:45:32] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS3.lnk
[15/01/2011|11:08:25] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS4.lnk
[10/12/2010|15:45:42] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
[15/01/2011|11:06:37] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS4.lnk
[15/01/2011|11:06:54] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS4.lnk
[15/01/2011|11:10:00] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CS4.lnk
[15/01/2011|11:09:36] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Pixel Bender Toolkit.lnk
[10/12/2010|15:47:41] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro CS3.lnk
[16/10/2010|09:32:18] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[03/02/2011|12:49:36] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Allok 3GP PSP MP4 iPod Video Converter
[02/11/2010|10:00:37] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Any Media to MP3 Converter
[02/03/2011|15:00:37] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATI Stream SDK v2
[28/09/2010|22:05:57] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitLord
[02/03/2011|15:00:32] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[15/06/2011|20:29:49] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[30/06/2011|22:24:10] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chaos Shredder
[16/05/2011|15:18:56] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\chat-land
[14/07/2009|05:41:57] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
[16/01/2011|11:53:01] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ethereal
[14/07/2009|05:52:30] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[29/01/2011|15:47:18] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hewlett-Packard Company
[30/06/2011|17:17:03] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[21/06/2011|21:05:14] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[16/06/2011|08:41:04] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012
[02/03/2011|11:48:15] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ma-config.com
[29/09/2010|17:33:27] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
[02/03/2011|09:55:21] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
[14/07/2009|03:37:05] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[21/06/2011|21:02:05] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[18/04/9999|04:20:24] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[21/06/2011|15:43:33] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaGet2
[05/05/2011|17:50:57] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[09/02/2011|09:59:29] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[03/03/2011|09:22:23] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SOAP Toolkit Version 3
[15/01/2011|11:10:46] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mocha for After Effects CS4.lnk
[13/05/2011|09:16:58] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[15/01/2011|15:28:25] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[30/06/2011|22:42:15] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NoClone
[09/03/2011|19:30:42] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
[20/03/2011|17:53:19] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia PC Suite
[09/03/2011|14:24:49] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NokiaFREE Calculator
[13/03/2011|22:02:27] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NSS
[13/01/2011|12:33:26] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[17/06/2011|19:49:49] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phoenix
[04/03/2011|10:07:49] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle Studio 14
[06/02/2011|14:40:53] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
[07/03/2011|21:08:07] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[30/01/2011|08:38:54] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[30/01/2011|08:38:54] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealPlayer.lnk
[25/06/2011|14:38:23] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[20/12/2010|14:33:31] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SereneScreen
[05/05/2011|17:50:57] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[26/06/2011|22:57:30] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shark007 Codecs
[14/07/2009|05:42:29] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[20/06/2011|06:38:41] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[14/01/2011|12:56:34] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Projects
[14/07/2009|03:37:05] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[05/02/2011|10:51:51] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Video Converter
[04/03/2011|09:47:50] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO
[13/03/2011|22:18:13] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Universal Simlock Remover
[12/10/2010|15:05:23] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB Disk Security
[29/09/2010|15:54:02] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UsbFix
[27/06/2011|22:02:22] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[26/06/2011|22:44:00] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 - Codec Pack
[18/04/9999|04:20:16] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[14/07/2009|05:42:24] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[25/03/2011|13:26:45] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[25/03/2011|15:09:36] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[25/03/2011|14:21:39] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[14/07/2009|05:46:36] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[07/02/2011|08:40:14] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinISO
[16/01/2011|16:01:34] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[28/09/2010|22:24:20] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinTools Software
[14/07/2009|05:42:30] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[27/03/2011|08:51:30] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[28/09/2010|22:25:17] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Uninstaller 2010

¤¤¤¤¤¤¤¤¤¤ %StartMenu%\Programs\Startup

[22/01/2011|14:55:05] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\tracker.html

¤¤¤¤¤¤¤¤¤¤ %AppData%

[29/09/2010|10:47:02] | C:\Users\mzenasni\AppData\Roaming\Adobe
[07/03/2011|21:09:39] | C:\Users\mzenasni\AppData\Roaming\Apple Computer
[02/03/2011|15:01:41] | C:\Users\mzenasni\AppData\Roaming\ATI
[26/06/2011|14:04:52] | C:\Users\mzenasni\AppData\Roaming\AVS4YOU
[06/10/2010|19:01:19] | C:\Users\mzenasni\AppData\Roaming\BitComet
[06/10/2010|18:44:57] | C:\Users\mzenasni\AppData\Roaming\BitComet Turbo
[06/10/2010|18:49:57] | C:\Users\mzenasni\AppData\Roaming\BitTorrent
[20/03/2011|15:42:22] | C:\Users\mzenasni\AppData\Roaming\BSD
[14/01/2011|13:10:25] | C:\Users\mzenasni\AppData\Roaming\DAEMON Tools Pro
[27/06/2011|08:56:49] | C:\Users\mzenasni\AppData\Roaming\DivX
[30/09/2010|10:01:55] | C:\Users\mzenasni\AppData\Roaming\DMCache
[20/10/2010|17:09:01] | C:\Users\mzenasni\AppData\Roaming\dvdcss
[24/01/2011|21:17:39] | C:\Users\mzenasni\AppData\Roaming\FileMaker
[24/01/2011|21:28:48] | C:\Users\mzenasni\AppData\Roaming\FileMaker Pro Advanced
[29/09/2010|10:12:16] | C:\Users\mzenasni\AppData\Roaming\Godlike
[21/06/2011|21:29:15] | C:\Users\mzenasni\AppData\Roaming\HTML Executable
[29/09/2010|10:05:22] | C:\Users\mzenasni\AppData\Roaming\Identities
[21/06/2011|21:05:18] | C:\Users\mzenasni\AppData\Roaming\IDM
[19/01/2011|10:36:56] | C:\Users\mzenasni\AppData\Roaming\InstallShield
[28/06/2011|16:51:55] | C:\Users\mzenasni\AppData\Roaming\kkl
[24/01/2011|21:18:11] | C:\Users\mzenasni\AppData\Roaming\Leadertech
[29/09/2010|10:50:37] | C:\Users\mzenasni\AppData\Roaming\Macromedia
[01/03/2011|20:13:34] | C:\Users\mzenasni\AppData\Roaming\MAGIX
[09/10/2010|10:56:14] | C:\Users\mzenasni\AppData\Roaming\Malwarebytes
[29/09/2010|10:05:16] | C:\Users\mzenasni\AppData\Roaming\Media Center Programs
[20/04/2011|16:13:27] | C:\Users\mzenasni\AppData\Roaming\Media Get LLC
[29/09/2010|10:05:16] | C:\Users\mzenasni\AppData\Roaming\Microsoft
[05/12/2010|10:25:45] | C:\Users\mzenasni\AppData\Roaming\Mipony
[10/03/2011|15:12:21] | C:\Users\mzenasni\AppData\Roaming\moovida-1
[30/01/2011|11:32:07] | C:\Users\mzenasni\AppData\Roaming\Move Networks
[06/02/2011|09:46:40] | C:\Users\mzenasni\AppData\Roaming\Mozilla
[15/01/2011|15:34:20] | C:\Users\mzenasni\AppData\Roaming\Nero
[05/03/2011|17:33:14] | C:\Users\mzenasni\AppData\Roaming\Nokia
[18/06/2011|22:13:19] | C:\Users\mzenasni\AppData\Roaming\Nokia Ovi Suite
[16/06/2011|19:29:07] | C:\Users\mzenasni\AppData\Roaming\OfficeRecovery
[16/06/2011|19:29:07] | C:\Users\mzenasni\AppData\Roaming\OfficeRecovery.3e584593
[04/03/2011|21:24:26] | C:\Users\mzenasni\AppData\Roaming\PC Suite
[13/01/2011|12:46:14] | C:\Users\mzenasni\AppData\Roaming\PnkBstrK.sys
[23/01/2011|14:46:18] | C:\Users\mzenasni\AppData\Roaming\RapidGet
[30/01/2011|08:38:17] | C:\Users\mzenasni\AppData\Roaming\Real
[29/09/2010|17:29:55] | C:\Users\mzenasni\AppData\Roaming\Roxio
[13/05/2011|22:17:31] | C:\Users\mzenasni\AppData\Roaming\Samsung
[29/09/2010|16:51:34] | C:\Users\mzenasni\AppData\Roaming\Skype
[29/09/2010|16:52:33] | C:\Users\mzenasni\AppData\Roaming\skypePM
[30/09/2010|08:33:40] | C:\Users\mzenasni\AppData\Roaming\URSoft
[30/09/2010|08:24:35] | C:\Users\mzenasni\AppData\Roaming\ViGlance
[30/09/2010|12:02:52] | C:\Users\mzenasni\AppData\Roaming\VitySoft
[29/09/2010|15:14:11] | C:\Users\mzenasni\AppData\Roaming\vlc
[26/06/2011|22:57:06] | C:\Users\mzenasni\AppData\Roaming\Win7codecs
[05/02/2011|08:48:56] | C:\Users\mzenasni\AppData\Roaming\WinAVI
[13/03/2011|21:16:33] | C:\Users\mzenasni\AppData\Roaming\WinBatch
[29/09/2010|17:28:34] | C:\Users\mzenasni\AppData\Roaming\WinRAR
[02/02/2011|18:12:07] | C:\Users\mzenasni\AppData\Roaming\Xilisoft Corporation
[29/09/2010|15:47:35] | C:\Users\mzenasni\AppData\Roaming\Yahoo!

¤¤¤¤¤¤¤¤¤¤ %CommonAppData%

[28/09/2010|20:31:23] | C:\ProgramData\Adobe
[24/01/2011|21:20:51] | C:\ProgramData\Apple
[07/03/2011|21:07:58] | C:\ProgramData\Apple Computer
[14/07/2009|05:53:55] | C:\ProgramData\Application Data
[02/03/2011|15:01:41] | C:\ProgramData\ATI
[26/06/2011|14:04:53] | C:\ProgramData\AVS4YOU
[16/01/2011|15:43:17] | C:\ProgramData\DragToDiscUserNameE.txt
[01/10/2010|09:33:04] | C:\ProgramData\Kaspersky Lab
[02/03/2011|11:48:15] | C:\ProgramData\ma-config.com
[01/03/2011|20:10:53] | C:\ProgramData\MAGIX
[09/10/2010|10:56:10] | C:\ProgramData\Malwarebytes
[21/06/2011|15:43:30] | C:\ProgramData\Media Get LLC
[28/09/2010|19:19:21] | C:\ProgramData\Menu Démarrer
[05/05/2011|15:37:20] | C:\ProgramData\Messenger Plus!
[14/07/2009|03:37:05] | C:\ProgramData\Microsoft
[29/09/2010|17:57:36] | C:\ProgramData\Microsoft Help
[28/09/2010|19:19:21] | C:\ProgramData\Modèles
[15/01/2011|15:29:05] | C:\ProgramData\Nero
[06/02/2011|09:06:14] | C:\ProgramData\Nokia
[04/03/2011|21:21:12] | C:\ProgramData\NokiaInstallerCache
[29/09/2010|10:04:39] | C:\ProgramData\ntuser.pol
[02/10/2010|17:49:35] | C:\ProgramData\Office Genuine Advantage
[04/03/2011|21:24:39] | C:\ProgramData\PC Suite
[04/03/2011|09:52:08] | C:\ProgramData\Pinnacle
[04/03/2011|10:03:50] | C:\ProgramData\Pinnacle Studio Plus
[04/03/2011|10:09:33] | C:\ProgramData\Pinnacle Studio Ultimate Collection
[28/09/2010|22:16:59] | C:\ProgramData\Skype
[14/07/2009|05:53:55] | C:\ProgramData\Start Menu
[04/03/2011|10:03:50] | C:\ProgramData\Studio 14
[26/06/2011|22:55:42] | C:\ProgramData\Win7codecs
[27/03/2011|08:51:29] | C:\ProgramData\Yahoo!
[29/09/2010|15:47:35] | C:\ProgramData\Yahoo! Companion
[13/06/2011|15:03:40] | C:\ProgramData\{0ACE0403-C75D-488C-A403-7A57E9848B62}
[07/03/2011|21:08:54] | C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[06/03/2011|10:42:10] | C:\ProgramData\{4439F0FD-AFAF-434D-86E2-DEB14A9C58AC}

¤¤¤¤¤¤¤¤¤¤ %LocalAppData%

[29/09/2010|10:05:16] | C:\Users\mzenasni\AppData\Local\Application Data
[30/09/2010|09:47:31] | C:\Users\mzenasni\AppData\Local\Apps
[02/03/2011|15:01:41] | C:\Users\mzenasni\AppData\Local\ATI
[16/10/2010|15:15:15] | C:\Users\mzenasni\AppData\Local\crazyloader Air
[16/10/2010|15:38:54] | C:\Users\mzenasni\AppData\Local\Dan2010
[02/11/2010|10:03:41] | C:\Users\mzenasni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[29/09/2010|15:02:38] | C:\Users\mzenasni\AppData\Local\Diagnostics
[04/03/2011|10:10:14] | C:\Users\mzenasni\AppData\Local\Downloaded Installations
[07/10/2010|09:36:40] | C:\Users\mzenasni\AppData\Local\eMule
[15/03/2011|14:41:23] | C:\Users\mzenasni\AppData\Local\FastestTube
[24/01/2011|21:27:37] | C:\Users\mzenasni\AppData\Local\FileMaker
[29/04/2011|20:21:19] | C:\Users\mzenasni\AppData\Local\FileServe Manager
[29/09/2010|10:08:24] | C:\Users\mzenasni\AppData\Local\GDIPFONTCACHEV1.DAT
[09/10/2010|14:18:36] | C:\Users\mzenasni\AppData\Local\Google
[29/09/2010|10:05:16] | C:\Users\mzenasni\AppData\Local\Historique
[29/06/2011|20:20:48] | C:\Users\mzenasni\AppData\Local\IconCache.db
[20/04/2011|16:13:27] | C:\Users\mzenasni\AppData\Local\Media Get LLC
[20/04/2011|16:13:22] | C:\Users\mzenasni\AppData\Local\MediaGet2
[29/09/2010|10:05:16] | C:\Users\mzenasni\AppData\Local\Microsoft
[29/09/2010|15:58:50] | C:\Users\mzenasni\AppData\Local\Microsoft Games
[29/09/2010|17:57:37] | C:\Users\mzenasni\AppData\Local\Microsoft Help
[11/10/2010|16:14:22] | C:\U
0
Réponse 19 / 51
zenasmus Messages postés 86 Date d'inscription mardi 10 juin 2008 Statut Membre Dernière intervention 11 novembre 2015
1 juil. 2011 à 15:02
svp mesieurs aidez moi. ce virus me bouffe tout l'espace disque dur
0
Réponse 20 / 51
Utilisateur anonyme
1 juil. 2011 à 15:21
tu ne fais pas ce que je demande

je t'ai dit que le fichier que tu avais analysé sur virus total n'avait pas le nom qui correspond à ce que je t'ai demandé d'analyser alors il est inutile d'envoyer 50 scans de pre_scan ca changera rien
0