pc-infecté

Question

Bonjour, 

je pense que mon pc à un probleme que ni kaspersky ni malwarebytes ni usbfixe n'a resoud ce probleme aidez moi svp merci ci-joint rapport hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:17:19, on 30/06/2011
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\dwrcs\DWRCST.exe
C:\Windows\system32	askhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\mzenasni\AppData\Local\MediaGet2\mediaget.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files\Common Files\Nokia\NoA
okiaaserver.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
C:\Windows\system32\DllHost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\explorer.exe
C:\Windows\system32	askhost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.5.32.3:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.175.0.38;10.5.1.27;10.5.1.15;10.175.12.255;10.175.2.23;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Gossiper Toolbar - {0a452a47-c5a8-4854-a237-4b9b06b376f0} - C:\Program Files\Gossiper	bGoss.dll
R3 - URLSearchHook: Messenger Plus Toolbar - {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - C:\Program Files\Messenger_Plus\prxtbMess.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Gossiper Toolbar - {0a452a47-c5a8-4854-a237-4b9b06b376f0} - C:\Program Files\Gossiper	bGoss.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan	bTorr.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Messenger Plus - {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - C:\Program Files\Messenger_Plus\prxtbMess.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan	bTorr.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Gossiper Toolbar - {0a452a47-c5a8-4854-a237-4b9b06b376f0} - C:\Program Files\Gossiper	bGoss.dll
O3 - Toolbar: Messenger Plus Toolbar - {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - C:\Program Files\Messenger_Plus\prxtbMess.dll
O3 - Toolbar: LimeWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [DameWare MRC Agent] C:\Windows\dwrcs\DWRCST.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MediaGet2] C:\Users\mzenasni\AppData\Local\MediaGet2\mediaget.exe --minimized
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - Startup: Microsoft SharePoint Workspace.lnk = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
O4 - Global Startup: tracker.html
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Ajouter à l'Anti-bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Télécharger avec Mipony - file://C:\Program Files\MiPony\Browser\IEContext.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = shdpina.local
O17 - HKLM\Software\..\Telephony: DomainName = shdpina.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = shdpina.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = shdpina.local
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DameWare Mini Remote Control (dwmrcs) - DameWare Development LLC - C:\Windows\dwrcs\DWRCS.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) PROSet Monitoring Service - Intel Corporation - C:\Windows\system32\IProsetMonitor.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

g3n-h@ckm@n · Accepted Answer

salut

desactive ton antivirus
desactive Windows defender si présent
desactive ton pare-feu

Ferme toutes tes appilications en cours

telecharge et enregistre ceci sur ton bureau :

Pre_Scan

mirroir :

http://www.archive-host.com

s'il n'est pas sur ton bureau coupe-le de ton dossier telechargements et colle-le sur ton bureau

Avertissement: Il y aura une extinction courte du bureau --> pas de panique. 

une fois telechargé lance-le , laisse faire le scan jusqu'à l'apparition de "Pre_scan.txt" sur le bureau.

si 'outil est bloqué par l'infection utilise cette version : Version .pif

si l'outil detecte un proxy et que tu n'en as pas installé clique sur "supprimer le proxy"

si l'outil semble ne pas avoir fonctionné renomme-le winlogon , ou change son extension en .com ou .scr

 Il se peut qu'une multitude de fenêtres noires clignotent , laisse-le travailler 

Poste Pre_Scan.txt qui apparaitra sur le bureau en fin de scan

&#9654&#9654&#9654 NE LE POSTE PAS SUR LE FORUM (il est trop long)

clique sur ce lien : http://www.cijoint.fr/

&#9654 Clique sur Parcourir et cherche le fichier ci-dessus.

&#9654 Clique sur Ouvrir.

&#9654 Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

est ajouté dans la page.

&#9654 Copie ce lien dans ta réponse.

g3n-h@ckm@n · Answer

salut on ne fait pas installer avast alors que l'internaute a déjà Kaspersky c'est inutile 
¤¤¤¤¤¤¤¤¤¤_g3n-h@ckm@n_developpement_¤¤¤¤¤¤¤¤¤¤ 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤_Pre_scan_¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

zenasmus · Answer

voici le lien du rapport

http://www.cijoint.fr/cjlink.php?file=cj201106/cijJnxoIKz.txt

g3n-h@ckm@n · Answer

Fais analyser le(s) fichier(s) suivants sur Virustotal :

Virus Total

    clique sur "Parcourir" et trouve puis selectionne ce(s) fichier(s) :

C:\Windows\dwrcs\DWRCS.EXE 

    * Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
    * Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
    * Lorsque l'analyse est terminée colle le lien de(s)( la) page(s)  dans ta prochaine réponse.

zenasmus · Answer

voici:

http://www.virustotal.com/file-scan/report.html?id=27af6b57b188467b6a4a1144a4c5d60876c20995f0d1823a688ec5938cba7b93-1305127594

zenasmus · Answer

voici le lien :

http://www.virustotal.com/file-scan/report.html?id=27af6b57b188467b6a4a1144a4c5d60876c20995f0d1823a688ec5938cba7b93-1305127594

g3n-h@ckm@n · Answer

le nom du fichier ne correspond pas avec ma demande

zenasmus · Answer

voici :

http://www.cijoint.fr/cjlink.php?file=cj201107/cijhrrab3I.txt

g3n-h@ckm@n · Answer

??

zenasmus · Answer

--je n'ai pas compris?????

g3n-h@ckm@n · Answer

je parlais de virus total

zenasmus · Answer

-http://www.cijoint.fr/cjlink.php?file=cj201107/cijU7HFmEM.txt

zenasmus · Answer

--je ne sais pas qu'st ce qui se passe 2 mn

zenasmus · Answer

le problème je n'arrive pas à m'inscrire sur le site cijoint.fr

zenasmus · Answer

je n'ai pas d'autre solution:


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan 1.0.2.35 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤ XP | Vista | Seven - 32/64 bits ¤¤¤¤¤

Mis à jour le 30/06/2011 | 17.50 par g3n-h@ckm@n
Informations : http://www.forum-fec.net/t1444-pre_scan-versions
Remontées : http://www.forum-fec.net/t1445-feedback-pre_scan

Utilisateur : mzenasni (Administrateurs)
Ordinateur : INT-HEB-5655

Système d'exploitation : Windows 7 Ultimate (32 bits) Ultimate 
Type d'installation : Client
Enregistré sous : adida
Processeur : Intel(R) Core(TM)2 Quad CPU    Q9400  @ 2.66GHz
Identification : x86 Family 6 Model 23 Stepping 10
Internet Explorer : 8.0.7600.16385
Mozilla Firefox : 5.0 (fr)
Pare-feu windows : Actif
Windows Defender : Actif

c:\ -> [Fixed] | [] | Total : 136000 Mo | Free : 11300 Mo -> NTFS
d:\ -> [Fixed] | [] | Total : 340930 Mo | Free : 165410 Mo -> NTFS
e:\ -> [CDROM] | [GB1CENVOL_EN_DVD] | Total : 3630 Mo | Free : 0 Mo -> UDF
g:\ -> [CDROM] | [] | Total : 0 Mo | Free : 0 Mo -> 
r:\ -> [Network] | [] | Total : 52000 Mo | Free : 41840 Mo -> NTFS

Scan : 12:07:56 | 01/07/2011

¤¤¤¤¤¤¤¤¤¤ Sessions

[HKLM | ProfileList] | S-1-5-21-2334014890-2074115081-2488859327-1000 : ProfileImagePath -> C:\Users\adida
[HKLM | ProfileList] | S-1-5-21-2334014890-2074115081-2488859327-1000 : RefCount -> 0
[HKLM | ProfileList] | S-1-5-21-2334014890-2074115081-2488859327-1000 : State -> 0
[HKLM | ProfileList] | S-1-5-21-3028403037-2726206162-3131094494-1649 : ProfileImagePath -> C:\Users\adida.SHDPINA
[HKLM | ProfileList] | S-1-5-21-3028403037-2726206162-3131094494-1649 : RefCount -> 0
[HKLM | ProfileList] | S-1-5-21-3028403037-2726206162-3131094494-1649 : State -> 0
[HKLM | ProfileList] | S-1-5-21-3028403037-2726206162-3131094494-1650 : ProfileImagePath -> C:\Users\mzenasni
[HKLM | ProfileList] | S-1-5-21-3028403037-2726206162-3131094494-1650 : RefCount -> 1
[HKLM | ProfileList] | S-1-5-21-3028403037-2726206162-3131094494-1650 : State -> 256
[HKLM | ProfileList] | S-1-5-21-3028403037-2726206162-3131094494-500 : ProfileImagePath -> C:\Users\administrateur
[HKLM | ProfileList] | S-1-5-21-3028403037-2726206162-3131094494-500 : RefCount -> 0
[HKLM | ProfileList] | S-1-5-21-3028403037-2726206162-3131094494-500 : State -> 256

¤¤¤¤¤¤¤¤¤¤¤ Processus en cours

Demarrage : Normal  

492 | C:\Windows\System32\smss.exe - Système - Normal - \SystemRoot\System32\smss.exe - 4
608 | C:\Windows\system32\csrss.exe - Système - Normal - %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 - 564
688 | C:\Windows\system32\wininit.exe - Système - High - wininit.exe - 564
696 | C:\Windows\system32\csrss.exe - Système - Normal - %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 - 680
736 | C:\Windows\system32\services.exe - Système - Normal - C:\Windows\system32\services.exe - 688
752 | C:\Windows\system32\lsass.exe - Système - Normal - C:\Windows\system32\lsass.exe - 688
760 | C:\Windows\system32\lsm.exe - Système - Normal - C:\Windows\system32\lsm.exe - 688
864 | C:\Windows\system32\svchost.exe - Système - Normal - C:\Windows\system32\svchost.exe -k DcomLaunch - 736
956 | C:\Windows\system32\winlogon.exe - Système - High - winlogon.exe - 680
996 | C:\Windows\system32\svchost.exe - SERVICE RÉSEAU - Normal - C:\Windows\system32\svchost.exe -k RPCSS - 736
1056 | C:\Windows\system32\atiesrxx.exe - Système - Normal - C:\Windows\system32\atiesrxx.exe - 736
1100 | C:\Windows\System32\svchost.exe - SERVICE LOCAL - Normal - C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted - 736
1152 | C:\Windows\System32\svchost.exe - Système - Normal - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted - 736
1188 | C:\Windows\system32\svchost.exe - Système - Normal - C:\Windows\system32\svchost.exe -k netsvcs - 736
1376 | C:\Windows\system32\svchost.exe - SERVICE LOCAL - Normal - C:\Windows\system32\svchost.exe -k LocalService - 736
1424 | C:\Windows\system32\atieclxx.exe - Système - Normal - atieclxx - 1056
1580 | C:\Windows\system32\svchost.exe - SERVICE RÉSEAU - Normal - C:\Windows\system32\svchost.exe -k NetworkService - 736
1760 | C:\Windows\System32\spoolsv.exe - Système - Normal - C:\Windows\System32\spoolsv.exe - 736
1808 | C:\Windows\system32\svchost.exe - SERVICE LOCAL - Normal - C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork - 736
1932 | C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe - Système - Normal - "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" -r - 736
1968 | C:\Program Files\Bonjour\mDNSResponder.exe - Système - Normal - "C:\Program Files\Bonjour\mDNSResponder.exe" - 736
2012 | C:\Windows\dwrcs\DWRCS.EXE - Système - Normal - C:\Windows\dwrcs\DWRCS.EXE -service - 736
508 | C:\Windows\system32\svchost.exe - SERVICE LOCAL - Normal - C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation - 736
544 | C:\Windows\system32\IProsetMonitor.exe - Système - Normal - C:\Windows\system32\IProsetMonitor.exe - 736
572 | C:\Windows\system32\svchost.exe - SERVICE LOCAL - Normal - C:\Windows\system32\svchost.exe -k imgsvc - 736
2072 | C:\Windows\System32\svchost.exe - Système - Normal - C:\Windows\System32\svchost.exe -k WerSvcGroup - 736
2108 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE - Système - Normal - "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" - 736
2360 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe - Système - Normal - WLIDSvcM.exe 2108 - 2108
2764 | C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE - SERVICE RÉSEAU - Normal - "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" - 736
2924 | C:\Windows\system32\svchost.exe - SERVICE RÉSEAU - Normal - C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted - 736
3052 | C:\Windows\System32\svchost.exe - SERVICE LOCAL - Normal - C:\Windows\System32\svchost.exe -k LocalServicePeerNet - 736
3388 | C:\Windows\dwrcs\DWRCST.exe - mzenasni - Normal -  6129 - 2012
3484 | C:\Windows\system32	askhost.exe - mzenasni - Normal - taskhost.exe USER - 736
3636 | C:\Windows\system32\Dwm.exe - mzenasni - High - "C:\Windows\system32\Dwm.exe" - 1152
3748 | C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe - mzenasni - Normal - "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"  - 3672
3348 | C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe - mzenasni - Normal - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray - 3672
3324 | C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe - mzenasni - Normal - "C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe" /watchfiles startup - 3672
3860 | C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe - mzenasni - Normal - "C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" -tray - 3672
1924 | C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE - mzenasni - Normal - "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"  - 3672
2960 | C:\Program Files\Skype\Phone\Skype.exe - mzenasni - Normal - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized - 3672
3924 | C:\Program Files\Internet Download Manager\IDMan.exe - mzenasni - Normal - "C:\Program Files\Internet Download Manager\IDMan.exe" /onboot - 3672
4296 | C:\Program Files\Internet Download Manager\IEMonitor.exe - mzenasni - Normal - "C:\Program Files\Internet Download Manager\IEMonitor.exe" - 3924
4380 | C:\Program Files\PC Connectivity Solution\ServiceLayer.exe - Système - Normal - "C:\Program Files\PC Connectivity Solution\ServiceLayer.exe" - 736
4616 | C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe - Système - High -  {CA1E2503-69FD-4ACD-B2B9-4EDE21C09ADE} - 4380
4660 | C:\Windows\System32\mobsync.exe - mzenasni - Normal - C:\Windows\System32\mobsync.exe -Embedding - 864
4804 | C:\Windows\system32\wbem\wmiprvse.exe - SERVICE RÉSEAU - Normal - C:\Windows\system32\wbem\wmiprvse.exe - 864
5092 | C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe - Système - High -  {CF000141-DA69-4C19-8A82-17313502412F} - 4380
5344 | C:\Windows\System32\svchost.exe - Système - Normal - C:\Windows\System32\svchost.exe -k secsvcs - 736
3936 | C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe - mzenasni - High -  {106B2759-E487-4CA8-AAD2-35FF7A6365DA} - 4380
4412 | C:\Program Files\Common Files\Nokia\NoA
okiaaserver.exe - mzenasni - Normal - "C:\Program Files\Common Files\Nokia\NoA
okiaaserver.exe"  - 3860
168 | C:\Program Files\Microsoft Office\Office14\GROOVE.EXE - mzenasni - Normal - "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /TrayOnly - 3672
3220 | C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe - Système - Normal - "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" - 736
604 | C:\Program Files\Nero\Update\NASvc.exe - Système - Normal - "C:\Program Files\Nero\Update\NASvc.exe" - 736
5736 | C:\Windows\system32\AUDIODG.EXE - SERVICE LOCAL - Normal - C:\Windows\system32\AUDIODG.EXE 0x270 - 1100
5372 | C:\Windows\system32\DllHost.exe - mzenasni - Normal - C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} - 864
2300 | C:\Windows\system32	askeng.exe - mzenasni - Normal - taskeng.exe {5DF97403-EAED-4408-92D2-4A70E97DAE38} - 1188
2584 | C:\Users\mzenasni\Desktop\Pre_scan.exe - mzenasni - High - "C:\Users\mzenasni\Desktop\Pre_scan.exe"  - 3672
1132 | C:\Windows\system32\cmd.exe - mzenasni - Normal - cmd /c ""C:\Kill'em\Pv.bat" " - 2584
3340 | C:\Windows\system32\conhost.exe - mzenasni - Normal - \??\C:\Windows\system32\conhost.exe - 696
7116 | C:\Kill'em\Pv.exe - mzenasni - Normal - C:\Kill'em\pv.exe  -o"%i | %f - %u - %p - %l - %r" - 1132

¤¤¤¤¤¤¤¤¤¤ Démarrage principaux avant suppression

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background  [?]
"NokiaOviSuite2"=C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray  [?]
"OfficeSyncProcess"="C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"  [?]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized  [?]
"MediaGet2"=C:\Users\mzenasni\AppData\Local\MediaGet2\mediaget.exe --minimized  [?]
"IDMan"=C:\Program Files\Internet Download Manager\IDMan.exe /onboot  [?]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"  [?]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun  [?]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime  [?]
"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices  [?]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"  [?]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"  [?]
"Malwarebytes' Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray  [?]
"NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup  [?]
"DameWare MRC Agent"=C:\Windows\dwrcs\DWRCST.exe  [16/06/2011|07:22:48]

¤¤¤¤¤¤¤¤¤¤ Autres Démarrages Silencieux


¤

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] | {B5A7F190-DDA6-4420-B3BA-52453494E6CD} -> Groove GFS Stub Execution Hook
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar] | {7c5c0f58-e061-457d-9033-77307f5ed00c} -> TorrentMan Toolbar
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar] | {EF99BD32-C1FB-11D2-892F-0090271D4F88} -> 0x00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar] | {0a452a47-c5a8-4854-a237-4b9b06b376f0} -> Gossiper Toolbar
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar] | {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} -> Messenger Plus Toolbar
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar] | {D4027C7F-154A-4066-A1AD-4243D8127440} -> 0x00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {00C6D95F-329C-409a-81D7-C46C66EA7F33} -> 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {80009818-f38f-4af1-87b5-eadab9433e58} -> MF ADTS Property Handler
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> WinRAR shell extension
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {F764812A-132C-4013-9960-5CBBEB408A0E} -> Nero Shell Extension
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} -> Shell Extensions for RealOne Player
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} -> PowerISO
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {5E2121EE-0300-11D4-8D3B-444553540000} -> Catalyst Context Menu extension
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {872A9397-E0D6-4e28-B64D-52B8D0A7EA35} -> Display CPL Extension
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {AD392E40-428C-459F-961E-9B147782D099} -> UltraISO
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {79BC0345-1015-11D2-A299-006008312725} -> blue.shell
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {81E3EEF3-EE35-4FAF-8588-8196C8F6B1BE} -> Oxygen Express Context Menu Shell Extension
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {E2CB0FA1-5AB0-4886-A8CE-7A84D1B9B261} -> Oxygen Express Context Menu Shell Extension
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {9318A0B9-1B4A-44AA-9BEE-61E6A42936BA} -> Oxygen Express Property Sheet Shell Extension
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} -> Nokia Phone Browser
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {06A2568A-CED6-4187-BB20-400B8C02BE5A} -> 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {00F33137-EE26-412F-8D71-F84E4C2C6625} -> 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} -> Windows Live Photo Gallery Autoplay Drop Target
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} -> Windows Live Photo Gallery Viewer Drop Target
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {00F374B7-B390-4884-B372-2FC349F2172B} -> Windows Live Photo Gallery Editor Drop Target
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} -> Windows Live Photo Gallery Viewer Drop Target Shim
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} -> Windows Live Photo Gallery Editor Drop Target Shim
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {00F30F90-3E96-453B-AFCD-D71989ECC2C7} -> Windows Live Photo Gallery Autoplay Drop Target Shim
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {42042206-2D85-11D3-8CFF-005004838597} -> Microsoft Office HTML Icon Handler
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} -> Microsoft Office Metadata Handler
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} -> Microsoft Office Thumbnail Handler
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} -> Groove Namespace Extension
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} -> Microsoft OneNote Namespace Extension for Windows Desktop Search
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {506F4668-F13E-4AA1-BB04-B43203AB3CC0} -> {506F4668-F13E-4AA1-BB04-B43203AB3CC0}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {D66DC78C-4F61-447F-942B-3FB6980118CF} -> {D66DC78C-4F61-447F-942B-3FB6980118CF}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> Groove GFS Browser Helper
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {6C467336-8281-4E60-8204-430CED96822D} -> Groove GFS Context Menu Handler
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} -> Groove GFS Explorer Bar
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {16F3DD56-1AF5-4347-846D-7C10C4192619} -> Groove Explorer Icon Overlay 3 (GFS Folder)
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {B5A7F190-DDA6-4420-B3BA-52453494E6CD} -> Groove GFS Stub Execution Hook
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {A449600E-1DC6-4232-B948-9BD794D62056} -> Groove GFS Stub Icon Handler
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} -> Groove Explorer Icon Overlay 2 (GFS Stub)
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {920E6DB1-9907-4370-B3A0-BAFC03D81399} -> Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} -> Groove Explorer Icon Overlay 4 (GFS Unread Mark)
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {99FD978C-D287-4F50-827F-B2C658EDA8E7} -> Groove Explorer Icon Overlay 1 (GFS Unread Stub)
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {387E725D-DC16-4D76-B310-2C93ED4752A0} -> Groove XML Icon Handler
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {00020D75-0000-0000-C000-000000000046} -> Microsoft Outlook Desktop Icon Handler
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {0006F045-0000-0000-C000-000000000046} -> Microsoft Outlook Custom Icon Handler
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {358B5852-38EB-4549-9D8A-B90C9DCAD0DB} -> DMRC Shell Extension V2
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {CDC95B92-E27C-4745-A8C5-64A52A78855D} -> IDM Shell Extension
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] | {327669A0-59A7-4be9-B99E-1C9F3A57611A} -> Haali Matroska Thumbnail Exctractor

¤¤¤¤¤¤¤¤¤¤ BHO 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}] | (IDM integration (IDMIEHlprObj Class)) -> C:\Program Files\Internet Download Manager\IDMIECC.dll  [09/06/2011|16:52:11]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] | (&Yahoo! Toolbar Helper) -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll  [28/07/2008|11:47:40]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0a452a47-c5a8-4854-a237-4b9b06b376f0}] | (Gossiper Toolbar) -> C:\Program Files\Gossiper	bGoss.dll  [06/10/2010|19:00:40]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] | (Adobe PDF Link Helper) -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll  [22/09/2010|18:04:14]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}] | (IEVkbdBHO Class) -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll  [24/04/2011|23:13:06]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] | (Groove GFS Browser Helper) -> C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL  [25/03/2010|10:25:22]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}] | (TorrentMan Toolbar) -> C:\Program Files\TorrentMan	bTorr.dll  [28/09/2010|22:14:53]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] | (Windows Live ID Sign-in Helper) -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll  [21/09/2010|14:08:38]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] | (Office Document Cache Handler) -> C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL  [28/02/2010|02:20:14]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}] | (Messenger Plus Toolbar) -> C:\Program Files\Messenger_Plus\prxtbMess.dll  [05/05/2011|16:04:41]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] | (LimeWire Toolbar) ->   [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] | (Java(tm) Plug-In 2 SSV Helper) -> C:\Program Files\Java\jre6\bin\jp2ssv.dll  [30/09/2010|12:02:24]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}] | (FilterBHO Class) -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll  [24/04/2011|23:13:12]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}] | (SingleInstance Class) -> C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll  [28/07/2008|11:47:42]

¤¤¤¤¤¤¤¤¤¤ ActiveX 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] | WMPACCESS -> Microsoft Windows Media Player
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] | IEACCESS -> Internet Explorer
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] | BRANDING.CAB -> Browser Customizations
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}] | JAVAVM -> Java (Sun)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] |  -> Microsoft Windows Media Player 12.0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] | Theme Component -> Themes Setup
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2D46B6DC-2207-486B-B523-A557E6D54B47}] | ClearIconCache -> Internet Explorer
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}] | MobilePk -> Offline Browsing Pack
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] | MailNews -> Microsoft Windows
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}] | DirectDrawEx -> DirectDrawEx
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}] | HelpCont -> Internet Explorer Help
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}] | MSVBScript -> Microsoft Windows Script 5.6
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}] | GenSetup -> Internet Explorer Setup Tools
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}] | ExtraPack -> Browsing Enhancements
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] | Microsoft Windows Media Player -> Microsoft Windows Media Player
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}] | MSN_Auth -> MSN Site Access
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] |  -> Address Book 7
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}] | .NETFramework -> .NET Framework
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7C665EAA-E544-C2DB-932E-7128F7DEAC0E}] |  -> Microsoft Windows Media Player 12.0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] | IE4_SHELLID -> Windows Desktop Update
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] | BASEIE40_W2K -> Web Platform Customizations
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] | DOTNETFRAMEWORKS -> 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}] | Tridata -> Dynamic HTML Data Binding
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}] | .NETFramework -> .NET Framework
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}] | Fontcore -> Internet Explorer Core Fonts
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}] | HTMLHelp -> HTML Help
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}] | Yahoo! Messenger -> 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}] | ADSI -> Active Directory Service Interface

¤¤¤¤¤¤¤¤¤¤ Winlogon

[HKLM | Winlogon] | Shell : Explorer.exe
[HKLM | Winlogon] | AutoRestartShell : 1
[HKLM | Winlogon] | userinit : C:\Windows\system32\Userinit.exe,
[HKLM | Winlogon] | PowerDownAfterShutdown : 1
[HKLM | Winlogon] | System : 
[HKLM | Winlogon] | Taskman : 

¤¤¤¤¤¤¤¤¤¤ Winlogon\Notify 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]

¤¤¤¤¤¤¤¤¤¤ Associations

[.exe] : exefile
[exefile | command] : "%1" %*
[.com] : ComFile
[comfile | command] : "%1" %*
[.reg] : regfile
[regfile | command] : regedit.exe "%1"
[.scr] : scrfile
[scrfile | command] : "%1" /S
[.bat] : batfile
[batfile | command] : "%1" %*
[.cmd] : cmdfile
[cmdfile | command] : "%1" %*
[.pif] : piffile
[piffile | command] : "%1" %*
[.url] : InternetShortcut
[InternetShortcut | command] : "C:\Windows\System32undll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l
[Application.Manifest | command] : rundll32.exe dfshim.dll,ShOpenVerbApplication %1
[Application.Reference | command] : rundll32.exe dfshim.dll,ShOpenVerbShortcut %1|%2
[Folder | command] : C:\Windows\explorer.exe

¤

[Firefox | Command] | @  : "C:\Program Files\Mozilla Firefox\Firefox.exe"
[Firefox - Safemode | Command] | @ : "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
[IE | Command] | @ : "C:\Program Files\Internet Explorer\iexplore.exe"
[Applications | IE | Command] | @ : "C:\Program Files\Internet Explorer\iexplore.exe" %1
[Safari | Command] | @ : "C:\Program Files\Safari\Safari.exe"
[Assoc | Applications] | @ : http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s

¤¤¤¤¤¤¤¤¤¤ Divers

[HKLM | HideDesktopIcons\ClassicStartMenu] | {9343812e-1c37-4a49-a12e-4b2d810d956b} : 0
[HKLM | HideDesktopIcons\NewStartPanel] | {F02C1A0D-BE21-4350-88B0-7367FC96EF3C} : 0
[HKLM | HideDesktopIcons\NewStartPanel] | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 0
[HKLM | HideDesktopIcons\NewStartPanel] | {208D2C60-3AEA-1069-A2D7-08002B30309D} : 0
[HKLM | HideDesktopIcons\NewStartPanel] | {871C5380-42A0-1069-A2EA-08002B30309D} : 0
[HKLM | HideDesktopIcons\NewStartPanel] | {5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0} : 0
[HKLM | HideDesktopIcons\NewStartPanel] | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 0
[HKLM | HideDesktopIcons\NewStartPanel] | {9343812e-1c37-4a49-a12e-4b2d810d956b} : 0
[HKCU | Desktop] | Wallpaper : C:\Users\mzenasni\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
[HKCU | policies\Explorer] | NoDriveTypeAutoRun : 145
[HKLM | policies\Explorer] | NoDriveTypeAutoRun : 145

¤¤¤¤¤¤¤¤¤¤ Services

[Ndisuio] | Start : 3 : Actif
[Power] | Start : 2 : Actif
[Profsvc] | Start : 2 : Actif
[PlugPlay] | Start : 2 : Actif
[PEAUTH] | Start : 2 : Actif
[Parvdm] | Start : 2 : Inactif
[nsi] | Start : 2 : Actif
[NLASvc] | Start : 2 : Actif
[MPSsvc] | Start : 2 : Actif
[MMCSS] | Start : 2 : Actif
[luafv] | Start : 2 : Actif
[lltdio] | Start : 2 : Actif
[Iphlpsvc] | Start : 2 : Actif
[IKEEXT] | Start : 2 : Actif
[gpsvc] | Start : 2 : Actif
[lmhosts] | Start : 2 : Actif
[LanmanWorkstation] | Start : 2 : Actif
[LanmanServer] | Start : 2 : Actif
[agp440] | Start : 2 : Inactif
[AudioEndpointBuilder] | Start : 2 : Actif
[Audiosrv] | Start : 2 : Actif
[BFE] | Start : 2 : Actif
[Bits] | Start : 2 : Actif
[CryptSvc] | Start : 2 : Actif
[EapHost] | Start : 2 : Actif
[Wlansvc] | Start : 2 : Actif
[SharedAccess] | Start : 2 : Inactif
[windefend] | Start : 2 : Actif
[wuauserv] | Start : 2 : Actif
[WerSvc] | Start : 2 : Actif
[wscsvc] | Start : 2 : Actif

¤¤¤¤¤¤¤¤¤¤ Internet Explorer

[HKCU | Main] | Start Page : https://www.google.com/?gws_rd=ssl
[HKCU | Main] | Local Page : C:\Windows\system32\blank.htm
[HKCU | Main] | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKLM | Main] | Start Page : https://www.msn.com/fr-fr/?ocid=iehp
[HKLM | Main] | Local Page :  -> C:\Windows\system32\blank.htm
[HKLM | Main] | Default_Search_URL : https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKLM | Main] | Default_Page_URL : https://www.msn.com/fr-fr/?ocid=iehp
[HKLM | Main] | Search Page : https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

¤

[HKCU | PhishingFilter] | Enabled : 2
[HKCU | PhishingFilter] | EnabledV8 : 1
[HKCU | Internet settings] | ProxyOverride : *.local
[HKCU | Internet Settings] | MigrateProxy : 1
[HKCU | Internet Settings] | WarnonBadCertRecving : 1
[HKCU | Internet Settings] | WarnOnHTTPSToHTTPRedirect : 1
[HKCU | Internet Settings] | WarnonZoneCrossing : 1
[HKCU | Internet Settings] | AutoConfigProxy : 0

¤¤¤¤¤¤¤¤¤¤ DNS

[HKLM\CCS | Tcpip\Parameters] | DhcpNameServer -> 10.5.1.17 10.5.1.11
[HKLM\CCS | Interfaces\{F6F5B491-6657-4E50-A63E-E38CD9AA9F36}] | DhcpNameServer -> 10.5.1.17 10.5.1.11
[HKLM\CS001 | Interfaces\{F6F5B491-6657-4E50-A63E-E38CD9AA9F36}] | DhcpNameServer -> 10.5.1.17 10.5.1.11
[HKLM\CS002 | Interfaces\{F6F5B491-6657-4E50-A63E-E38CD9AA9F36}] | DhcpNameServer -> 10.5.1.17 10.5.1.11

¤¤¤¤¤¤¤¤¤¤ Hosts


¤¤¤¤¤¤¤¤¤¤ HKCU\Software

[HKEY_CURRENT_USER\Software\AC3filter]
[HKEY_CURRENT_USER\Software\Adobe]
[HKEY_CURRENT_USER\Software\AMD]
[HKEY_CURRENT_USER\Software\AppDataLow]
[HKEY_CURRENT_USER\Software\Apple Computer, Inc.]
[HKEY_CURRENT_USER\Software\Apple Inc.]
[HKEY_CURRENT_USER\Software\ATI]
[HKEY_CURRENT_USER\Software\Avfxaug]
[HKEY_CURRENT_USER\Software\AVS4YOU]
[HKEY_CURRENT_USER\Software\Awcfnakk]
[HKEY_CURRENT_USER\Software\BenVista]
[HKEY_CURRENT_USER\Software\BitComet]
[HKEY_CURRENT_USER\Software\BitComet eMule plugin]
[HKEY_CURRENT_USER\Software\BitComet Ultra Accelerator]
[HKEY_CURRENT_USER\Software\BitLord]
[HKEY_CURRENT_USER\Software\BSD]
[HKEY_CURRENT_USER\Software\Caphyon]
[HKEY_CURRENT_USER\Software\Clients]
[HKEY_CURRENT_USER\Software\Convar]
[HKEY_CURRENT_USER\Software\CoreVorbis]
[HKEY_CURRENT_USER\Software\cybelsoft]
[HKEY_CURRENT_USER\Software\Datastead]
[HKEY_CURRENT_USER\Software\Debug]
[HKEY_CURRENT_USER\Software\Digital River]
[HKEY_CURRENT_USER\Software\DivXNetworks]
[HKEY_CURRENT_USER\Software\DownloadManager]
[HKEY_CURRENT_USER\Software\dskMetrics]
[HKEY_CURRENT_USER\Software\DSS]
[HKEY_CURRENT_USER\Software\DT Soft]
[HKEY_CURRENT_USER\Software\EasyBits]
[HKEY_CURRENT_USER\Software\EasyBoot Systems]
[HKEY_CURRENT_USER\Software\EasySetup]
[HKEY_CURRENT_USER\Software\Elecard]
[HKEY_CURRENT_USER\Software\FileMaker]
[HKEY_CURRENT_USER\Software\g3n-h@ckm@n]
[HKEY_CURRENT_USER\Software\Gabest]
[HKEY_CURRENT_USER\Software\GNU]
[HKEY_CURRENT_USER\Software\Google]
[HKEY_CURRENT_USER\Software\GSpot Appliance Corp]
[HKEY_CURRENT_USER\Software\Haali]
[HKEY_CURRENT_USER\Software\HariSoft]
[HKEY_CURRENT_USER\Software\Hewlett-Packard]
[HKEY_CURRENT_USER\Software\IM Providers]
[HKEY_CURRENT_USER\Software\ImTOO]
[HKEY_CURRENT_USER\Software\Intel]
[HKEY_CURRENT_USER\Software\iXi Tools]
[HKEY_CURRENT_USER\Software\JavaSoft]
[HKEY_CURRENT_USER\Software\KasperskyLab]
[HKEY_CURRENT_USER\Software\KillBox]
[HKEY_CURRENT_USER\Software\Kitoy Kim]
[HKEY_CURRENT_USER\Software\kNok]
[HKEY_CURRENT_USER\Software\Leadertech]
[HKEY_CURRENT_USER\Software\LightScribe]
[HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications]
[HKEY_CURRENT_USER\Software\Macromedia]
[HKEY_CURRENT_USER\Software\madFlac]
[HKEY_CURRENT_USER\Software\MagicISO]
[HKEY_CURRENT_USER\Software\Magix]
[HKEY_CURRENT_USER\Software\MAGIX AG]
[HKEY_CURRENT_USER\Software\Magnet]
[HKEY_CURRENT_USER\Software\MainConcept]
[HKEY_CURRENT_USER\Software\MainConcept (Adobe2)]
[HKEY_CURRENT_USER\Software\Malwarebytes' Anti-Malware]
[HKEY_CURRENT_USER\Software\MediaTek]
[HKEY_CURRENT_USER\Software\Microsoft]
[HKEY_CURRENT_USER\Software\Minnetonka Audio Software]
[HKEY_CURRENT_USER\Software\Move Media Player]
[HKEY_CURRENT_USER\Software\MoveNetworks]
[HKEY_CURRENT_USER\Software\Mozilla]
[HKEY_CURRENT_USER\Software\MozillaPlugins]
[HKEY_CURRENT_USER\Software\MyHeritage.com]
[HKEY_CURRENT_USER\Software\Nero]
[HKEY_CURRENT_USER\Software\Netscape]
[HKEY_CURRENT_USER\Software\Nokia]
[HKEY_CURRENT_USER\Software\Nokia Mobile Phones]
[HKEY_CURRENT_USER\Software\NokiaTool]
[HKEY_CURRENT_USER\Software\NVIDIA Corporation]
[HKEY_CURRENT_USER\Software\ODBC]
[HKEY_CURRENT_USER\Software\ooefxzbc]
[HKEY_CURRENT_USER\Software\ORACLE]
[HKEY_CURRENT_USER\Software\Pinnacle Systems]
[HKEY_CURRENT_USER\Software\Piriform]
[HKEY_CURRENT_USER\Software\Policies]
[HKEY_CURRENT_USER\Software\PowerISO]
[HKEY_CURRENT_USER\Software\Random's]
[HKEY_CURRENT_USER\Software\RealNetworks]
[HKEY_CURRENT_USER\Software\Roxio]
[HKEY_CURRENT_USER\Software\SafeSoft]
[HKEY_CURRENT_USER\Software\Scalable]
[HKEY_CURRENT_USER\Software\SecureMedia]
[HKEY_CURRENT_USER\Software\SereneScreen]
[HKEY_CURRENT_USER\Software\Siber Systems]
[HKEY_CURRENT_USER\Software\Skype]
[HKEY_CURRENT_USER\Software\Smart Projects]
[HKEY_CURRENT_USER\Software\Softonic]
[HKEY_CURRENT_USER\Software\SpeedBit]
[HKEY_CURRENT_USER\Software\Stardock]
[HKEY_CURRENT_USER\Software\SubSystems]
[HKEY_CURRENT_USER\Software\SWiSHzone.com]
[HKEY_CURRENT_USER\Software\Sysinternals]
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software	vp]
[HKEY_CURRENT_USER\Software\UniqueSW]
[HKEY_CURRENT_USER\Software\Uniscope]
[HKEY_CURRENT_USER\Software\Usbfix]
[HKEY_CURRENT_USER\Software\VB and VBA Program Settings]
[HKEY_CURRENT_USER\Software\VOB]
[HKEY_CURRENT_USER\Software\Windows 7 - Codec Pack]
[HKEY_CURRENT_USER\Software\WinRAR]
[HKEY_CURRENT_USER\Software\WinRAR SFX]
[HKEY_CURRENT_USER\Software\Yahoo]
[HKEY_CURRENT_USER\Software\Yamicsoft]
[HKEY_CURRENT_USER\Software\Yuna Software]
[HKEY_CURRENT_USER\Software\Classes]

¤¤¤¤¤¤¤¤¤¤ HKLM\Software

[HKEY_LOCAL_MACHINE\Software\685D6D1C-D73A-4F37-B7E5E53660311DDB]
[HKEY_LOCAL_MACHINE\Software\Adobe]
[HKEY_LOCAL_MACHINE\Software\AGEIA Technologies]
[HKEY_LOCAL_MACHINE\Software\AMD]
[HKEY_LOCAL_MACHINE\Software\AppDataLow]
[HKEY_LOCAL_MACHINE\Software\Apple Computer, Inc.]
[HKEY_LOCAL_MACHINE\Software\Apple Inc.]
[HKEY_LOCAL_MACHINE\Software\ATI]
[HKEY_LOCAL_MACHINE\Software\ATI Technologies]
[HKEY_LOCAL_MACHINE\Software\AVS4YOU]
[HKEY_LOCAL_MACHINE\Software\Bitcomet Ultra Accelerator]
[HKEY_LOCAL_MACHINE\Software\BrowserChoice]
[HKEY_LOCAL_MACHINE\Software\BSD]
[HKEY_LOCAL_MACHINE\Software\Classes]
[HKEY_LOCAL_MACHINE\Software\Clients]
[HKEY_LOCAL_MACHINE\Software\CrazyLoader]
[HKEY_LOCAL_MACHINE\Software\cybelsoft]
[HKEY_LOCAL_MACHINE\Software\D-Unlocker]
[HKEY_LOCAL_MACHINE\Software\DameWare Development]
[HKEY_LOCAL_MACHINE\Software\DICE]
[HKEY_LOCAL_MACHINE\Software\Digital River]
[HKEY_LOCAL_MACHINE\Software\Distributed Computing Technologies, Inc.]
[HKEY_LOCAL_MACHINE\Software\DivX]
[HKEY_LOCAL_MACHINE\Software\DivXNetworks]
[HKEY_LOCAL_MACHINE\Software\DoesNotExist]
[HKEY_LOCAL_MACHINE\Software\DT Soft]
[HKEY_LOCAL_MACHINE\Software\EasyBoot Systems]
[HKEY_LOCAL_MACHINE\Software\Electronic Arts]
[HKEY_LOCAL_MACHINE\Software\FAST Multimedia]
[HKEY_LOCAL_MACHINE\Software\FileMaker]
[HKEY_LOCAL_MACHINE\Software\FVDCNV]
[HKEY_LOCAL_MACHINE\Software\GEAR Software]
[HKEY_LOCAL_MACHINE\Software\Global IP Solutions]
[HKEY_LOCAL_MACHINE\Software\GNU]
[HKEY_LOCAL_MACHINE\Software\Godlike Developers]
[HKEY_LOCAL_MACHINE\Software\Google]
[HKEY_LOCAL_MACHINE\Software\Gossiper]
[HKEY_LOCAL_MACHINE\Software\HaaliMkx]
[HKEY_LOCAL_MACHINE\Software\Hewlett-Packard]
[HKEY_LOCAL_MACHINE\Software\Hewlett-Packard Company]
[HKEY_LOCAL_MACHINE\Software\Imagineer Systems Ltd]
[HKEY_LOCAL_MACHINE\Software\InstallShield]
[HKEY_LOCAL_MACHINE\Software\Intel]
[HKEY_LOCAL_MACHINE\Software\Internet Download Manager]
[HKEY_LOCAL_MACHINE\Software\iTinySoft]
[HKEY_LOCAL_MACHINE\Software\JavaSoft]
[HKEY_LOCAL_MACHINE\Software\JDownloader]
[HKEY_LOCAL_MACHINE\Software\JreMetrics]
[HKEY_LOCAL_MACHINE\Software\KasperskyLab]
[HKEY_LOCAL_MACHINE\Software\Khronos]
[HKEY_LOCAL_MACHINE\Software\Licenses]
[HKEY_LOCAL_MACHINE\Software\Lidan]
[HKEY_LOCAL_MACHINE\Software\Macromedia]
[HKEY_LOCAL_MACHINE\Software\Macrovision]
[HKEY_LOCAL_MACHINE\Software\MagicISO]
[HKEY_LOCAL_MACHINE\Software\MAGIX]
[HKEY_LOCAL_MACHINE\Software\Malwarebytes' Anti-Malware]
[HKEY_LOCAL_MACHINE\Software\MediaGet]
[HKEY_LOCAL_MACHINE\Software\Messenger_Plus]
[HKEY_LOCAL_MACHINE\Software\Microsoft]
[HKEY_LOCAL_MACHINE\Software\MimarSinan]
[HKEY_LOCAL_MACHINE\Software\Minnetonka Audio Software]
[HKEY_LOCAL_MACHINE\Software\Mozilla]
[HKEY_LOCAL_MACHINE\Software\mozilla.org]
[HKEY_LOCAL_MACHINE\Software\MozillaPlugins]
[HKEY_LOCAL_MACHINE\Software\MyHeritage.com]
[HKEY_LOCAL_MACHINE\Software\Nero]
[HKEY_LOCAL_MACHINE\Software\Nokia]
[HKEY_LOCAL_MACHINE\Software\Nokia Mobile Phones]
[HKEY_LOCAL_MACHINE\Software\ODBC]
[HKEY_LOCAL_MACHINE\Software\OMSI]
[HKEY_LOCAL_MACHINE\Software\ORACLE]
[HKEY_LOCAL_MACHINE\Software\PC Connectivity Solution]
[HKEY_LOCAL_MACHINE\Software\PCSuite]
[HKEY_LOCAL_MACHINE\Software\Pegasus Imaging]
[HKEY_LOCAL_MACHINE\Software\PegasusImaging]
[HKEY_LOCAL_MACHINE\Software\Pinnacle Systems]
[HKEY_LOCAL_MACHINE\Software\Piriform]
[HKEY_LOCAL_MACHINE\Software\PixArt]
[HKEY_LOCAL_MACHINE\Software\Policies]
[HKEY_LOCAL_MACHINE\Software\PowerISO]
[HKEY_LOCAL_MACHINE\Software\Prolific Technology INC]
[HKEY_LOCAL_MACHINE\Software\RealNetworks]
[HKEY_LOCAL_MACHINE\Software\RegisteredApplications]
[HKEY_LOCAL_MACHINE\Software\RichFX]
[HKEY_LOCAL_MACHINE\Software\Roxio]
[HKEY_LOCAL_MACHINE\Software\S3R521]
[HKEY_LOCAL_MACHINE\Software\SenBit]
[HKEY_LOCAL_MACHINE\Software\SereneScreen]
[HKEY_LOCAL_MACHINE\Software\ShuangSoft]
[HKEY_LOCAL_MACHINE\Software\Siber Systems]
[HKEY_LOCAL_MACHINE\Software\SigMa Chip]
[HKEY_LOCAL_MACHINE\Software\Skype]
[HKEY_LOCAL_MACHINE\Software\Sonic]
[HKEY_LOCAL_MACHINE\Software\SpeedBit]
[HKEY_LOCAL_MACHINE\Software\Swearware]
[HKEY_LOCAL_MACHINE\Software\Synthetic Aperture]
[HKEY_LOCAL_MACHINE\Software\TorrentMan]
[HKEY_LOCAL_MACHINE\Software\TrendMicro]
[HKEY_LOCAL_MACHINE\Software\Unlock Codes Calculator v1.1 (by Crux)]
[HKEY_LOCAL_MACHINE\Software\VideoLAN]
[HKEY_LOCAL_MACHINE\Software\Volatile]
[HKEY_LOCAL_MACHINE\Software\WinISO]
[HKEY_LOCAL_MACHINE\Software\WinRAR]
[HKEY_LOCAL_MACHINE\Software\WombatUpdater]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node]
[HKEY_LOCAL_MACHINE\Software\Xara]
[HKEY_LOCAL_MACHINE\Software\Xing Technology Corp.]
[HKEY_LOCAL_MACHINE\Software\Yahoo]
[HKEY_LOCAL_MACHINE\Software\Yuna Software]
[HKEY_LOCAL_MACHINE\Software\Z3X]

¤¤¤¤¤¤¤¤¤¤ Processus

C:\Users\mzenasni\AppData\Local\MediaGet2\mediaget.exe -> Processus stoppé 

¤¤¤¤¤¤¤¤¤¤ Traitement Fichiers | Dossiers | Registre

Mise en quarantaine :  C:\$Recycle.bin\S-1-5-21-3028403037-2726206162-3131094494-1650\desktop.ini
Erreur de suppression :  C:\Users\mzenasni\AppData\Local\Symbian-Toys.com
Clé Supprimée : [HKLM | Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar]
Erreur de suppression :  C:\Windows\Temp\klsD182.tmp
Erreur de suppression :  C:\Windows\Temp\klsD182.tmp
Mise en quarantaine :  C:\Users\mzenasni\AppData\Local\Temp\TFR625F.tmp
Mise en quarantaine :  C:\Users\mzenasni\AppData\Local\Temp\TFREB61.tmp

¤¤¤¤¤¤¤¤¤¤ IFEO


¤¤¤¤¤¤¤¤¤¤ Mountpoints2



¤¤¤¤¤¤¤¤¤¤ %StartMenu%

[14/07/2009|05:46:35] | C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
[14/07/2009|05:37:43] | C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
[15/10/2010|10:47:53] | C:\ProgramData\Microsoft\Windows\Start Menu\My 7 Optimizer
[28/09/2010|19:19:21] | C:\ProgramData\Microsoft\Windows\Start Menu\Programmes
[14/07/2009|03:37:05] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs
[14/07/2009|05:37:43] | C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk

¤¤¤¤¤¤¤¤¤¤ %StartMenu%\Programs

[14/07/2009|03:37:05] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[14/07/2009|05:52:30] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[15/01/2011|11:12:23] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CS4.lnk
[15/01/2011|11:10:28] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS4.lnk
[10/12/2010|15:45:32] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS3.lnk
[15/01/2011|11:08:25] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS4.lnk
[10/12/2010|15:45:42] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
[15/01/2011|11:06:37] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS4.lnk
[15/01/2011|11:06:54] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS4.lnk
[15/01/2011|11:10:00] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CS4.lnk
[15/01/2011|11:09:36] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Pixel Bender Toolkit.lnk
[10/12/2010|15:47:41] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro CS3.lnk
[16/10/2010|09:32:18] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[03/02/2011|12:49:36] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Allok 3GP PSP MP4 iPod Video Converter
[02/11/2010|10:00:37] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Any Media to MP3 Converter
[02/03/2011|15:00:37] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATI Stream SDK v2
[28/09/2010|22:05:57] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitLord
[02/03/2011|15:00:32] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[15/06/2011|20:29:49] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[30/06/2011|22:24:10] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chaos Shredder
[16/05/2011|15:18:56] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\chat-land
[14/07/2009|05:41:57] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
[16/01/2011|11:53:01] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ethereal
[14/07/2009|05:52:30] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[29/01/2011|15:47:18] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hewlett-Packard Company
[30/06/2011|17:17:03] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[21/06/2011|21:05:14] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[16/06/2011|08:41:04] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012
[02/03/2011|11:48:15] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ma-config.com
[29/09/2010|17:33:27] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
[02/03/2011|09:55:21] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
[14/07/2009|03:37:05] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[21/06/2011|21:02:05] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[18/04/9999|04:20:24] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[21/06/2011|15:43:33] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaGet2
[05/05/2011|17:50:57] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[09/02/2011|09:59:29] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[03/03/2011|09:22:23] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SOAP Toolkit Version 3
[15/01/2011|11:10:46] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mocha for After Effects CS4.lnk
[13/05/2011|09:16:58] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[15/01/2011|15:28:25] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[30/06/2011|22:42:15] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NoClone
[09/03/2011|19:30:42] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
[20/03/2011|17:53:19] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia PC Suite
[09/03/2011|14:24:49] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NokiaFREE Calculator
[13/03/2011|22:02:27] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NSS
[13/01/2011|12:33:26] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[17/06/2011|19:49:49] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phoenix
[04/03/2011|10:07:49] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle Studio 14
[06/02/2011|14:40:53] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
[07/03/2011|21:08:07] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[30/01/2011|08:38:54] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[30/01/2011|08:38:54] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealPlayer.lnk
[25/06/2011|14:38:23] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[20/12/2010|14:33:31] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SereneScreen
[05/05/2011|17:50:57] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[26/06/2011|22:57:30] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shark007 Codecs
[14/07/2009|05:42:29] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[20/06/2011|06:38:41] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[14/01/2011|12:56:34] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Projects
[14/07/2009|03:37:05] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[05/02/2011|10:51:51] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Video Converter
[04/03/2011|09:47:50] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO
[13/03/2011|22:18:13] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Universal Simlock Remover
[12/10/2010|15:05:23] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB Disk Security
[29/09/2010|15:54:02] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UsbFix
[27/06/2011|22:02:22] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[26/06/2011|22:44:00] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 - Codec Pack
[18/04/9999|04:20:16] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[14/07/2009|05:42:24] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[25/03/2011|13:26:45] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[25/03/2011|15:09:36] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[25/03/2011|14:21:39] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[14/07/2009|05:46:36] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[07/02/2011|08:40:14] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinISO
[16/01/2011|16:01:34] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[28/09/2010|22:24:20] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinTools Software
[14/07/2009|05:42:30] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[27/03/2011|08:51:30] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[28/09/2010|22:25:17] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Uninstaller 2010

¤¤¤¤¤¤¤¤¤¤ %StartMenu%\Programs\Startup

[22/01/2011|14:55:05] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup	racker.html

¤¤¤¤¤¤¤¤¤¤ %AppData%

[29/09/2010|10:47:02] | C:\Users\mzenasni\AppData\Roaming\Adobe
[07/03/2011|21:09:39] | C:\Users\mzenasni\AppData\Roaming\Apple Computer
[02/03/2011|15:01:41] | C:\Users\mzenasni\AppData\Roaming\ATI
[26/06/2011|14:04:52] | C:\Users\mzenasni\AppData\Roaming\AVS4YOU
[06/10/2010|19:01:19] | C:\Users\mzenasni\AppData\Roaming\BitComet
[06/10/2010|18:44:57] | C:\Users\mzenasni\AppData\Roaming\BitComet Turbo
[06/10/2010|18:49:57] | C:\Users\mzenasni\AppData\Roaming\BitTorrent
[20/03/2011|15:42:22] | C:\Users\mzenasni\AppData\Roaming\BSD
[14/01/2011|13:10:25] | C:\Users\mzenasni\AppData\Roaming\DAEMON Tools Pro
[27/06/2011|08:56:49] | C:\Users\mzenasni\AppData\Roaming\DivX
[30/09/2010|10:01:55] | C:\Users\mzenasni\AppData\Roaming\DMCache
[20/10/2010|17:09:01] | C:\Users\mzenasni\AppData\Roaming\dvdcss
[24/01/2011|21:17:39] | C:\Users\mzenasni\AppData\Roaming\FileMaker
[24/01/2011|21:28:48] | C:\Users\mzenasni\AppData\Roaming\FileMaker Pro Advanced
[29/09/2010|10:12:16] | C:\Users\mzenasni\AppData\Roaming\Godlike
[21/06/2011|21:29:15] | C:\Users\mzenasni\AppData\Roaming\HTML Executable
[29/09/2010|10:05:22] | C:\Users\mzenasni\AppData\Roaming\Identities
[21/06/2011|21:05:18] | C:\Users\mzenasni\AppData\Roaming\IDM
[19/01/2011|10:36:56] | C:\Users\mzenasni\AppData\Roaming\InstallShield
[28/06/2011|16:51:55] | C:\Users\mzenasni\AppData\Roaming\kkl
[24/01/2011|21:18:11] | C:\Users\mzenasni\AppData\Roaming\Leadertech
[29/09/2010|10:50:37] | C:\Users\mzenasni\AppData\Roaming\Macromedia
[01/03/2011|20:13:34] | C:\Users\mzenasni\AppData\Roaming\MAGIX
[09/10/2010|10:56:14] | C:\Users\mzenasni\AppData\Roaming\Malwarebytes
[29/09/2010|10:05:16] | C:\Users\mzenasni\AppData\Roaming\Media Center Programs
[20/04/2011|16:13:27] | C:\Users\mzenasni\AppData\Roaming\Media Get LLC
[29/09/2010|10:05:16] | C:\Users\mzenasni\AppData\Roaming\Microsoft
[05/12/2010|10:25:45] | C:\Users\mzenasni\AppData\Roaming\Mipony
[10/03/2011|15:12:21] | C:\Users\mzenasni\AppData\Roaming\moovida-1
[30/01/2011|11:32:07] | C:\Users\mzenasni\AppData\Roaming\Move Networks
[06/02/2011|09:46:40] | C:\Users\mzenasni\AppData\Roaming\Mozilla
[15/01/2011|15:34:20] | C:\Users\mzenasni\AppData\Roaming\Nero
[05/03/2011|17:33:14] | C:\Users\mzenasni\AppData\Roaming\Nokia
[18/06/2011|22:13:19] | C:\Users\mzenasni\AppData\Roaming\Nokia Ovi Suite
[16/06/2011|19:29:07] | C:\Users\mzenasni\AppData\Roaming\OfficeRecovery
[16/06/2011|19:29:07] | C:\Users\mzenasni\AppData\Roaming\OfficeRecovery.3e584593
[04/03/2011|21:24:26] | C:\Users\mzenasni\AppData\Roaming\PC Suite
[13/01/2011|12:46:14] | C:\Users\mzenasni\AppData\Roaming\PnkBstrK.sys
[23/01/2011|14:46:18] | C:\Users\mzenasni\AppData\Roaming\RapidGet
[30/01/2011|08:38:17] | C:\Users\mzenasni\AppData\Roaming\Real
[29/09/2010|17:29:55] | C:\Users\mzenasni\AppData\Roaming\Roxio
[13/05/2011|22:17:31] | C:\Users\mzenasni\AppData\Roaming\Samsung
[29/09/2010|16:51:34] | C:\Users\mzenasni\AppData\Roaming\Skype
[29/09/2010|16:52:33] | C:\Users\mzenasni\AppData\Roaming\skypePM
[30/09/2010|08:33:40] | C:\Users\mzenasni\AppData\Roaming\URSoft
[30/09/2010|08:24:35] | C:\Users\mzenasni\AppData\Roaming\ViGlance
[30/09/2010|12:02:52] | C:\Users\mzenasni\AppData\Roaming\VitySoft
[29/09/2010|15:14:11] | C:\Users\mzenasni\AppData\Roaming\vlc
[26/06/2011|22:57:06] | C:\Users\mzenasni\AppData\Roaming\Win7codecs
[05/02/2011|08:48:56] | C:\Users\mzenasni\AppData\Roaming\WinAVI
[13/03/2011|21:16:33] | C:\Users\mzenasni\AppData\Roaming\WinBatch
[29/09/2010|17:28:34] | C:\Users\mzenasni\AppData\Roaming\WinRAR
[02/02/2011|18:12:07] | C:\Users\mzenasni\AppData\Roaming\Xilisoft Corporation
[29/09/2010|15:47:35] | C:\Users\mzenasni\AppData\Roaming\Yahoo!

¤¤¤¤¤¤¤¤¤¤ %CommonAppData%

[28/09/2010|20:31:23] | C:\ProgramData\Adobe
[24/01/2011|21:20:51] | C:\ProgramData\Apple
[07/03/2011|21:07:58] | C:\ProgramData\Apple Computer
[14/07/2009|05:53:55] | C:\ProgramData\Application Data
[02/03/2011|15:01:41] | C:\ProgramData\ATI
[26/06/2011|14:04:53] | C:\ProgramData\AVS4YOU
[16/01/2011|15:43:17] | C:\ProgramData\DragToDiscUserNameE.txt
[01/10/2010|09:33:04] | C:\ProgramData\Kaspersky Lab
[02/03/2011|11:48:15] | C:\ProgramData\ma-config.com
[01/03/2011|20:10:53] | C:\ProgramData\MAGIX
[09/10/2010|10:56:10] | C:\ProgramData\Malwarebytes
[21/06/2011|15:43:30] | C:\ProgramData\Media Get LLC
[28/09/2010|19:19:21] | C:\ProgramData\Menu Démarrer
[05/05/2011|15:37:20] | C:\ProgramData\Messenger Plus!
[14/07/2009|03:37:05] | C:\ProgramData\Microsoft
[29/09/2010|17:57:36] | C:\ProgramData\Microsoft Help
[28/09/2010|19:19:21] | C:\ProgramData\Modèles
[15/01/2011|15:29:05] | C:\ProgramData\Nero
[06/02/2011|09:06:14] | C:\ProgramData\Nokia
[04/03/2011|21:21:12] | C:\ProgramData\NokiaInstallerCache
[29/09/2010|10:04:39] | C:\ProgramData
tuser.pol
[02/10/2010|17:49:35] | C:\ProgramData\Office Genuine Advantage
[04/03/2011|21:24:39] | C:\ProgramData\PC Suite
[04/03/2011|09:52:08] | C:\ProgramData\Pinnacle
[04/03/2011|10:03:50] | C:\ProgramData\Pinnacle Studio Plus
[04/03/2011|10:09:33] | C:\ProgramData\Pinnacle Studio Ultimate Collection
[28/09/2010|22:16:59] | C:\ProgramData\Skype
[14/07/2009|05:53:55] | C:\ProgramData\Start Menu
[04/03/2011|10:03:50] | C:\ProgramData\Studio 14
[26/06/2011|22:55:42] | C:\ProgramData\Win7codecs
[27/03/2011|08:51:29] | C:\ProgramData\Yahoo!
[29/09/2010|15:47:35] | C:\ProgramData\Yahoo! Companion
[13/06/2011|15:03:40] | C:\ProgramData\{0ACE0403-C75D-488C-A403-7A57E9848B62}
[07/03/2011|21:08:54] | C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[06/03/2011|10:42:10] | C:\ProgramData\{4439F0FD-AFAF-434D-86E2-DEB14A9C58AC}

¤¤¤¤¤¤¤¤¤¤ %LocalAppData%

[29/09/2010|10:05:16] | C:\Users\mzenasni\AppData\Local\Application Data
[30/09/2010|09:47:31] | C:\Users\mzenasni\AppData\Local\Apps
[02/03/2011|15:01:41] | C:\Users\mzenasni\AppData\Local\ATI
[16/10/2010|15:15:15] | C:\Users\mzenasni\AppData\Local\crazyloader Air
[16/10/2010|15:38:54] | C:\Users\mzenasni\AppData\Local\Dan2010
[02/11/2010|10:03:41] | C:\Users\mzenasni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[29/09/2010|15:02:38] | C:\Users\mzenasni\AppData\Local\Diagnostics
[04/03/2011|10:10:14] | C:\Users\mzenasni\AppData\Local\Downloaded Installations
[07/10/2010|09:36:40] | C:\Users\mzenasni\AppData\Local\eMule
[15/03/2011|14:41:23] | C:\Users\mzenasni\AppData\Local\FastestTube
[24/01/2011|21:27:37] | C:\Users\mzenasni\AppData\Local\FileMaker
[29/04/2011|20:21:19] | C:\Users\mzenasni\AppData\Local\FileServe Manager
[29/09/2010|10:08:24] | C:\Users\mzenasni\AppData\Local\GDIPFONTCACHEV1.DAT
[09/10/2010|14:18:36] | C:\Users\mzenasni\AppData\Local\Google
[29/09/2010|10:05:16] | C:\Users\mzenasni\AppData\Local\Historique
[29/06/2011|20:20:48] | C:\Users\mzenasni\AppData\Local\IconCache.db
[20/04/2011|16:13:27] | C:\Users\mzenasni\AppData\Local\Media Get LLC
[20/04/2011|16:13:22] | C:\Users\mzenasni\AppData\Local\MediaGet2
[29/09/2010|10:05:16] | C:\Users\mzenasni\AppData\Local\Microsoft
[29/09/2010|15:58:50] | C:\Users\mzenasni\AppData\Local\Microsoft Games
[29/09/2010|17:57:37] | C:\Users\mzenasni\AppData\Local\Microsoft Help
[11/10/2010|16:14:22] | C:\U

zenasmus · Answer

svp mesieurs aidez moi. ce virus me bouffe tout l'espace disque dur

g3n-h@ckm@n · Answer

tu ne fais pas ce que je demande

je t'ai dit que le fichier que tu avais analysé sur virus total n'avait pas le nom qui correspond à ce que je t'ai demandé d'analyser alors il est inutile d'envoyer 50 scans de pre_scan ca changera rien

zenasmus · Answer

--bonjour tout le monde????

zenasmus · Answer

donc j'ai pas compris la procedure de quel fichier s'agit-il exactement expliquez moi pas à pas svp merci encore

Wathias · Answer

Essayez ce que je vous ai dit hier soir.

zenasmus · Answer

ok je n'ai pas compris de quel fichier s'agit-il expliquez moi pas à pas svp et merci encore.

g3n-h@ckm@n · Answer

https://forums.commentcamarche.net/forum/affich-22512133-pc-infecte?full#7

zenasmus · Answer

apres avoir scané 

File name:    DWRCS.EXE
Submission date:     2011-07-01 13:45:51 (UTC)


resultat:

http://www.virustotal.com/file-scan/report.html?id=27af6b57b188467b6a4a1144a4c5d60876c20995f0d1823a688ec5938cba7b93-1305127594

g3n-h@ckm@n · Answer

je comprends pas pourquoi j'ai ca sur la page :


File name:
64DBA5067864CAAFF7D608E9C916E4000655F2CF.EXE
Submission date:
2011-05-11 15:26:34 (UTC)

zenasmus · Answer

aucune idée j'ai scané avec kaspersky full scan et malwarebytes et toujours pc instable il vient juste de changer de theme tout seul en plus le disque local C est presque plein pourtant j'ai désinstallé plusieurs logs et des fois je l'eteint avec par exemple 11G° de libre le lendemain je trouve que 8G° de libre d'où vient la difference. voilà mon problème essayez de m'aider

ps: meme usbfixe n'a rien trouvé .

zenasmus · Answer

slt GEN voici le resultat


http://www.virustotal.com/file-scan/report.html?id=27af6b57b188467b6a4a1144a4c5d60876c20995f0d1823a688ec5938cba7b93-1309527951

g3n-h@ckm@n · Answer

n'utilise pas les outils sans que je te le demande

desinstalle tout ce qui contient le mot toolbar

===============================

tu fais n importe quoi avec ton ordinateur

===============================

plutot que de cracker Micrososft office , tu peux utiliser open office qui lui est gratuit

===========================


fais glisser n'importe quel fichier sur Pre_scan , pre_script va apparaitre

si ce n'est le cas , télécharge-le ici :

http://dl.dropbox.com/u/21363431/Pre_Script.exe

ouvre Pre_script et colle ce qui suit en gras,  à l'interieur du texte qui s'ouvre , 
sans les lignes , en une seule fois en le mettant en surbrillance  :
___________________________________________________
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"MediaGet2"=-
"IDMan"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
"Adobe Reader Speed Launcher"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"=-
"{0a452a47-c5a8-4854-a237-4b9b06b376f0}"=-
"{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}"=-
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_CURRENT_USER\Software\Avfxaug]      
[-HKEY_CURRENT_USER\Software\Awcfnakk]      
[-HKEY_CURRENT_USER\Software\BitLord]   
[-HKEY_CURRENT_USER\Software\Kitoy Kim]      
[-HKEY_CURRENT_USER\Software\kNok]      
[-HKEY_CURRENT_USER\Software\ooefxzbc]      
[-HKEY_LOCAL_MACHINE\Software\Gossiper] 
[-HKEY_LOCAL_MACHINE\Software\MediaGet]      
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
C:\Windows\system32\csrss.exe=-
C:\Windows\system32\winlogon.exe=-
C:\Windows\system32\wininit.exe=-
C:\Windows\System32\svchost.exe=-
C:\Windows\system32\Dwm.exe=-
C:\Windows\system32\services.exe=-
C:\Windows\system32\LogonUI.exe=-
C:\Windows\system32	askeng.exe=-
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe=-
C:\Windows\Explorer.EXE=-
C:\Windows\system32\atiesrxx.exe=-

file::
C:\Windows\Tasks\AutoKMS.job     
C:\Windows\Tasks\AutoKMSDaily.job                
C:\Windows\Tasks\Updater.job
C:\Windows\Tasks\Windows 7 Manager Live Update.job    
  
folder::
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitLord     
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaGet2 
C:\Users\mzenasni\AppData\Roaming\kkl      
C:\Users\mzenasni\AppData\Roaming\Media Get LLC    
C:\Users\mzenasni\AppData\Roaming\moovida-1    
C:\ProgramData\Media Get LLC   
C:\Users\mzenasni\AppData\Local\crazyloader Air     
C:\Users\mzenasni\AppData\Local\Media Get LLC
C:\Users\mzenasni\AppData\Local\MediaGet2    
C:\Users\mzenasni\AppData\Local\moovida Air    
C:\Program Files\BitLord    
C:\Program Files\Gossiper    
C:\Program Files\Live_TV    
C:\Program Files\Messenger_Plus    

attrib::                                    
___________________________________________________

copie-le (ctrl+c ou clique droit sur la selection puis => copier)

 puis onglet fichier => enregistrer (pas enregistrer sous...) , puis ferme le texte

des fenetres noires risquent de clignoter , c'est normal , c'est le programme qui travaille 

poste Pre_Script.txt qui apparaitra sur le bureau en fin de travail

zenasmus · Answer

merci gen voici le pre script


http://www.cijoint.fr/cjlink.php?file=cj201107/cijo7HP1O9.txt



¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Script ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤ XP | Vista | Seven - 32/64 bits ¤¤¤¤¤

Utilisateur : mzenasni (Administrateurs)
Ordinateur : INT-HEB-5655
Système d'exploitation : Windows 7 Ultimate (32 bits)
Internet Explorer : 8.0.7600.16385
Mozilla Firefox : 5.0 (fr)

Switchs possibles :

processes:: | file:: | folder::
Registry:: | Driver:: | replace::
txt:: | Host:: | DNS:: | NsLook::
Command:: | list:: | attrib::

Script : 18:23:15

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

switchs :

file::
C:\Windows\Tasks\AutoKMS.job
C:\Windows\Tasks\AutoKMSDaily.job
C:\Windows\Tasks\Updater.job
C:\Windows\Tasks\Windows 7 Manager Live Update.job


folder::
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitLord
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaGet2
C:\Users\mzenasni\AppData\Roaming\kkl
C:\Users\mzenasni\AppData\Roaming\Media Get LLC
C:\Users\mzenasni\AppData\Roaming\moovida-1
C:\ProgramData\Media Get LLC
C:\Users\mzenasni\AppData\Local\crazyloader Air
C:\Users\mzenasni\AppData\Local\Media Get LLC
C:\Users\mzenasni\AppData\Local\MediaGet2
C:\Users\mzenasni\AppData\Local\moovida Air
C:\Program Files\BitLord
C:\Program Files\Gossiper
C:\Program Files\Live_TV
C:\Program Files\Messenger_Plus


Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MediaGet2"=-
"IDMan"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
"Adobe Reader Speed Launcher"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"=-
"{0a452a47-c5a8-4854-a237-4b9b06b376f0}"=-
"{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}"=-
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_CURRENT_USER\Software\Avfxaug]
[-HKEY_CURRENT_USER\Software\Awcfnakk]
[-HKEY_CURRENT_USER\Software\BitLord]
[-HKEY_CURRENT_USER\Software\Kitoy Kim]
[-HKEY_CURRENT_USER\Software\kNok]
[-HKEY_CURRENT_USER\Software\ooefxzbc]
[-HKEY_LOCAL_MACHINE\Software\Gossiper]
[-HKEY_LOCAL_MACHINE\Software\MediaGet]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
C:\Windows\system32\csrss.exe=-
C:\Windows\system32\winlogon.exe=-
C:\Windows\system32\wininit.exe=-
C:\Windows\System32\svchost.exe=-
C:\Windows\system32\Dwm.exe=-
C:\Windows\system32\services.exe=-
C:\Windows\system32\LogonUI.exe=-
C:\Windows\system32	askeng.exe=-
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe=-
C:\Windows\Explorer.EXE=-
C:\Windows\system32\atiesrxx.exe=-


attrib:: 


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Modification du registre effectuéé

¤

Supprimé : C:\Windows\Tasks\AutoKMS.job
Supprimé : C:\Windows\Tasks\AutoKMSDaily.job
Supprimé : C:\Windows\Tasks\Updater.job
Supprimé : C:\Windows\Tasks\Windows 7 Manager Live Update.job

¤

Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitLord
Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaGet2
Supprimé : C:\Users\mzenasni\AppData\Roaming\kkl
Supprimé : C:\Users\mzenasni\AppData\Roaming\Media Get LLC
Supprimé : C:\Users\mzenasni\AppData\Roaming\moovida-1
Supprimé : C:\ProgramData\Media Get LLC
Supprimé : C:\Users\mzenasni\AppData\Local\crazyloader Air
non Supprimé : C:\Users\mzenasni\AppData\Local\Media Get LLC
non Supprimé : C:\Users\mzenasni\AppData\Local\MediaGet2
Supprimé : C:\Users\mzenasni\AppData\Local\moovida Air
Supprimé : C:\Program Files\BitLord
Supprimé : C:\Program Files\Gossiper
Supprimé : C:\Program Files\Live_TV
Supprimé : C:\Program Files\Messenger_Plus

¤

Disques externes : 19 Objets réattribués
Disque Local : 7 Objets réattribués
Utilisateurs : 0 Objets réattribués
ProgramFiles : 95 Objets réattribués
Music : 4 Objets réattribués
Pictures : 0 Objets réattribués
Videos : 2 Objets réattribués
Downloads : 2 Objets réattribués
Desktop : 11 Objets réattribués
Links : 0 Objets réattribués
Searches : 3 Objets réattribués
Contacts : 0 Objets réattribués
Saved Games : 0 Objets réattribués
Favorites : 0 Objets réattribués
Documents : 17 Objets réattribués
Windows : 149 Objets réattribués
StartMenu : 2 Objets réattribués
Librairies : 0 Objets réattribués
Quick Launch : 0 Objets réattribués
%AppData% : 57 Objets réattribués

¤


explorer.exe -> Processus redémarré

Fin : 18:24:50

¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤

g3n-h@ckm@n · Answer

ne fais que ce que je te demande et n'ecoute pas les conseils des autres sauf si j'approuve


&#9654 Télécharge ici : Ad-remover sur ton bureau : 


&#9654 Déconnecte toi et ferme toutes applications en cours ! 

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...." 

&#9654 sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut . 

&#9654 clique le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .
 
&#9654 Au menu principal choisis "option Nettoyer" et tape sur [entrée] .

&#9654 Laisse travailler l'outil et ne touche à rien ... 

&#9654 Poste le rapport qui apparait à la fin , sur le forum ...

( Le rapport est sauvegardé aussi sous C:\Ad-report.log ) 
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

zenasmus · Answer

excuse celui là je l'ai fais tout à l'heure je vais le refaire

zenasmus · Answer

voilà  le rapport clean et merci



http://www.cijoint.fr/cjlink.php?file=cj201107/cijEOUzhKQ.txt

g3n-h@ckm@n · Answer

Télécharge ici :OTL

&#9654 enregistre le sur ton Bureau.

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...." 

sur OTL.exe pour le lancer.

&#9654 => Clique ici pour voir la Configuration

&#9654Clic sur Analyse.

A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)

&#9654&#9654&#9654 NE LE POSTE PAS SUR LE FORUM (il est trop long)

Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

&#9654 Clique sur Parcourir et cherche le fichier ci-dessus.

&#9654 Clique sur Ouvrir.

&#9654 Clique sur "Cliquez ici pour déposer le fichier".

juste au niveau du bouton , en fin de chargement du fichier , Un lien de cette forme apparaitra :

http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

&#9654 Copie ce lien dans ta réponse.

&#9654&#9654 Tu feras la meme chose avec le "Extra.txt" qui logiquement sera aussi sur ton bureau.

zenasmus · Answer

bonjour Gen 
voici le rapport otl.txt :

http://www.cijoint.fr/cjlink.php?file=cj201107/cij1U0EM2e.txt

zenasmus · Answer

bonjour Gen
voici le rapport extra.txt :           


http://www.cijoint.fr/cjlink.php?file=cj201107/cijjtP8aeG.txt

g3n-h@ckm@n · Answer

refais nettoyer avec Ad-Remover en mode sans echec 
¤¤¤¤¤¤¤¤¤¤_g3n-h@ckm@n_developpement_¤¤¤¤¤¤¤¤¤¤ 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤_Pre_scan_¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

zenasmus · Answer

bonjour Gen 
j'ai nettoyer en mode sans echec et voilà le resultat:

http://www.cijoint.fr/cjlink.php?file=cj201107/cij4C8Atw3.txt

g3n-h@ckm@n · Answer

tu bosses sur linux aussi ?

zenasmus · Answer

non jamais j'ai windows 7

g3n-h@ckm@n · Answer

refzis un scan OTL avec les reglages préconisés ?

zenasmus · Answer

voici les deux rapports:

otl.txt

http://www.cijoint.fr/cjlink.php?file=cj201107/cij3cUcx24.txt


extra.txt


http://www.cijoint.fr/cjlink.php?file=cj201107/cijIqWv9LH.txt

g3n-h@ckm@n · Answer

desinstalle adobe reader 9
desinstalle torrentman toolba

==========================================

Fais analyser le(s) fichier(s) suivants sur Virustotal :

Virus Total

    clique sur "Parcourir" et trouve puis selectionne ce(s) fichier(s) :

C:\Windows\System32\drivers\hmfs.sys 
C:\Windows\System32\drivers
skbfltr.sys           

    * Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
    * Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
    * Lorsque l'analyse est terminée colle le lien de(s)( la) page(s)  dans ta prochaine réponse.
=
=======================================

ATTENTION !!! : Script personnalisé pour cette machine uniquement , ne pas reproduire !! 

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...." 

sur OTL.exe pour le lancer.


&#9654Copie la liste qui se trouve en gras ci-dessous,

&#9654 colle-la dans la zone sous "Personnalisation" :


:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe

:Services
gcbbzzez
ewksrlfu

:OTL
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1      
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 10.175.0.38;<local>      
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.5.32.3:8080      
IE - HKU\S-1-5-21-3028403037-2726206162-3131094494-1650\Software\Microsoft\Internet Explorer\SearchURL\mg, = http://www.megauploaded.org/index.php?t=search&sourceid=www.freeware-alternative.uni.cc&w=%s      
IE - HKU\S-1-5-21-3028403037-2726206162-3131094494-1650\Software\Microsoft\Internet Explorer\SearchURL\mg,  = +      
IE - HKU\S-1-5-21-3028403037-2726206162-3131094494-1650\Software\Microsoft\Internet Explorer\SearchURL\mg,# = %23      
IE - HKU\S-1-5-21-3028403037-2726206162-3131094494-1650\Software\Microsoft\Internet Explorer\SearchURL\mg,& = %26      
IE - HKU\S-1-5-21-3028403037-2726206162-3131094494-1650\Software\Microsoft\Internet Explorer\SearchURL\mg,? = %3F      
IE - HKU\S-1-5-21-3028403037-2726206162-3131094494-1650\Software\Microsoft\Internet Explorer\SearchURL\mg,+ = %2B      
IE - HKU\S-1-5-21-3028403037-2726206162-3131094494-1650\Software\Microsoft\Internet Explorer\SearchURL\mg,= = %3D      
IE - HKU\S-1-5-21-3028403037-2726206162-3131094494-1650\Software\Microsoft\Internet Explorer\SearchURLs, = http://www.rapidshared.org/index.php?t=search&sourceid=www.freeware-alternative.uni.cc&w=%s      
IE - HKU\S-1-5-21-3028403037-2726206162-3131094494-1650\Software\Microsoft\Internet Explorer\SearchURLs,  = +      
IE - HKU\S-1-5-21-3028403037-2726206162-3131094494-1650\Software\Microsoft\Internet Explorer\SearchURLs,# = %23      
IE - HKU\S-1-5-21-3028403037-2726206162-3131094494-1650\Software\Microsoft\Internet Explorer\SearchURLs,& = %26      
IE - HKU\S-1-5-21-3028403037-2726206162-3131094494-1650\Software\Microsoft\Internet Explorer\SearchURLs,? = %3F      
IE - HKU\S-1-5-21-3028403037-2726206162-3131094494-1650\Software\Microsoft\Internet Explorer\SearchURLs,+ = %2B      
IE - HKU\S-1-5-21-3028403037-2726206162-3131094494-1650\Software\Microsoft\Internet Explorer\SearchURLs,= = %3D      
IE - HKU\S-1-5-21-3028403037-2726206162-3131094494-1650\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1      
IE - HKU\S-1-5-21-3028403037-2726206162-3131094494-1650\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.5.32.3:8080      
FF - prefs.js..browser.search.defaultthis.engineName: "Messenger Plus Customized Web Search"      
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.5.1      
FF - prefs.js..network.proxy.backup.ftp: "10.5.32.3"      
FF - prefs.js..network.proxy.backup.ftp_port: 8080      
FF - prefs.js..network.proxy.backup.socks: "10.5.32.3"      
FF - prefs.js..network.proxy.backup.socks_port: 8080      
FF - prefs.js..network.proxy.backup.ssl: "10.5.32.3"      
FF - prefs.js..network.proxy.backup.ssl_port: 8080      
FF - prefs.js..network.proxy.ftp: "10.5.32.3"      
FF - prefs.js..network.proxy.ftp_port: 8080      
FF - prefs.js..network.proxy.gopher: "10.5.32.3"      
FF - prefs.js..network.proxy.gopher_port: 8080      
FF - prefs.js..network.proxy.http: "10.5.32.3"      
FF - prefs.js..network.proxy.http_port: 8080      
FF - prefs.js..network.proxy.no_proxies_on: "10.175.0.38,localhost,127.0.0.1"      
FF - prefs.js..network.proxy.share_proxy_settings: true      
FF - prefs.js..network.proxy.socks: "10.5.32.3"      
FF - prefs.js..network.proxy.socks_port: 8080      
FF - prefs.js..network.proxy.ssl: "10.5.32.3"      
FF - prefs.js..network.proxy.ssl_port: 8080      
FF - prefs.js..network.proxy.type: 1      
FF - user.js..keyword.enabled: 1      
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present  

:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"QuickTime Task"=-
[-HKEY_CLASSES_ROOT\CLSID\{0a452a47-c5a8-4854-a237-4b9b06b376f0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0a452a47-c5a8-4854-a237-4b9b06b376f0}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\settings\{0a452a47-c5a8-4854-a237-4b9b06b376f0}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\stats\{0a452a47-c5a8-4854-a237-4b9b06b376f0}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0a452a47-c5a8-4854-a237-4b9b06b376f0}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0a452a47-c5a8-4854-a237-4b9b06b376f0}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0a452a47-c5a8-4854-a237-4b9b06b376f0}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0a452a47-c5a8-4854-a237-4b9b06b376f0}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{0a452a47-c5a8-4854-a237-4b9b06b376f0}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{0a452a47-c5a8-4854-a237-4b9b06b376f0}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{0a452a47-c5a8-4854-a237-4b9b06b376f0}"=-
[-HKEY_CLASSES_ROOT\CLSID\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\settings\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\stats\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"=-
[-HKEY_CLASSES_ROOT\CLSID\{b69a9db4-d0a1-4722-b56b-f20757a29cdf}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b69a9db4-d0a1-4722-b56b-f20757a29cdf}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\settings\{b69a9db4-d0a1-4722-b56b-f20757a29cdf}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\stats\{b69a9db4-d0a1-4722-b56b-f20757a29cdf}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b69a9db4-d0a1-4722-b56b-f20757a29cdf}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b69a9db4-d0a1-4722-b56b-f20757a29cdf}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b69a9db4-d0a1-4722-b56b-f20757a29cdf}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{b69a9db4-d0a1-4722-b56b-f20757a29cdf}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{b69a9db4-d0a1-4722-b56b-f20757a29cdf}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{b69a9db4-d0a1-4722-b56b-f20757a29cdf}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{b69a9db4-d0a1-4722-b56b-f20757a29cdf}"=-
[-HKEY_CLASSES_ROOT\CLSID\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\settings\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\stats\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}"=-
[-HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\settings\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\stats\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-

:Files
C:\Users\mzenasni\AppData\Roaming\Media Get LLC         
C:\Users\mzenasni\AppData\Local\{*}
C:\Windows\KMSEmulator.exe      
C:\ProgramData\Media Get LLC     
C:\Windows\System32\avs.dll    
C:\Windows\Uninstal.exe  

:commands
[CLEARALLRESTOREPOINTS]
[emptytemp]
[start explorer]
[reboot]


&#9654 Clique sur "Correction" pour lancer la suppression.


&#9654 Poste le rapport qui logiquement s'ouvrira tout seul en fin de travail appres le redemarrage.

zenasmus · Answer

salut G3n

http://www.virustotal.com/file-scan/report.html?id=3da4f51682e7d42c5569f1fb1adc6295182962e36f748219e1d0c8f2389ba516-1309622884        

le second 


http://www.virustotal.com/file-scan/report.html?id=8d75f1d1cfadf9c8bf6194464fddb5498285c317b483c4480d631fa1664b227e-1309622951

g3n-h@ckm@n · Answer

ok la suite

zenasmus · Answer

voici la suite


http://www.cijoint.fr/cjlink.php?file=cj201107/cijnTjN1vO.txt

zenasmus · Answer

bonjour G3n

zenasmus · Answer

salut G3n

g3n-h@ckm@n · Answer

salut

est-ce que tu trouve ce fichier dans le dossier C:\_OTL\Moved Files

C:\Windows\System32\avs.dll

je crois qu'il est pris pour infection à tort et qu'il vient plutot d'un logiciel de conversion mp3

zenasmus · Answer

salut G3n;

que dois je faire maintenant je vous ai attendu toute la journée

g3n-h@ckm@n · Answer

c'est une blague ?

zenasmus · Answer

--desinstaller avs

zenasmus · Answer

merci G3n pour votre assistance et à bientot je vais essayer avec un autre site encore merci

Pc-infecté - Page 3

Newsletters