Infecté pare virus qui a détruit mes protect

Romhimtib -
Romhimtib - 28 juin 2007 à 08:24

Mon PC est infecté par un virus qui m'empêche de me connecter à mon réseau wifi et qui m'a tué (supprimé leur .exe) mes anti-virus et pare feu ainsi que spybot...
Voici ma liste hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 19:20:50, on 14/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{67B59E4D-7693-4CD1-B625-921A7C7E116A}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Pourriez-vous s'il vous plait me conseiller et m'aider à résoudre mon problème...

Romhimtib

Afficher la suite

A voir également:

Infecté pare virus qui a détruit mes protect
Virus mcafee - Accueil - Piratage
Virus informatique - Guide
Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
Copy protect - Télécharger - Chiffrement
Undisclosed-recipients virus - Guide

6 réponses

Réponse 1 / 6

Utilisateur anonyme

Bonjour

As-tu essayé une restauration du système ?

Romhimtib

Non, je pensai pouvoir le tuer sans ça...
J'ai essayé de démarrer en mode sans éxhec mais ça me mets une erreur...
Si je fais une restauration du système je vais perdre quoi concrètement?

Romhimtib

De plus, et surtout mon problème c'est que je n'ai plus le cd du windows que j'ai installé sur mon pc...

Réponse 2 / 6

Utilisateur anonyme

Bon, ton PC semble en galére !

Télécharge ComboScan sur ton Bureau.
---> http://www.techsupportforum.com/sectools/Deckard/dss.exe
Ferme toutes les applications en cours ; antivirus, pare-feu, etc ..
Double-clic sur comboscan.exe A la fenêtre qui s'affiche, clic sur OK.
Soit patient ..
Le rapport Comboscan.txt s'affichera, copie et colle le contenu de ce fichier ici.
Attention, il peut avoir deux, trois rapports mets les tous ici stp

Romhimtib

Deckard's System Scanner v20070611.50
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professionnel (build 2600) SP 2.0
Architecture: X86; Language: French

CPU 0: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz
CPU 1: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz
Percentage of Memory in Use: 20%
Physical Memory (total/avail): 2047.29 MiB / 1635.18 MiB
Pagefile Memory (total/avail): 2897.23 MiB / 2642.15 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1957.2 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 224.6 GiB total, 30.99 GiB free.
D: is CDROM (No Media)
E: is Fixed (NTFS) - 146.49 GiB total, 146.42 GiB free.
F: is CDROM (UDF)
G: is Removable (FAT)

-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.
AntivirusOverride is set.
FirewallOverride is set.

FW: Sunbelt Kerio Personal Firewall v4.3.635 T (Sunbelt Kerio) [COLOR=RED]Disabled[/COLOR]
AV: avast! antivirus 4.7.1001 [VPS 000740-2] v4.7.1001 (ALWIL Software) [COLOR=RED]Outdated[/COLOR]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\orkiler\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Fichiers communs
COMPUTERNAME=ROOT
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\orkiler
LOGONSERVER=\\ROOT
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\orkiler\LOCALS~1\Temp
TMP=C:\DOCUME~1\orkiler\LOCALS~1\Temp
USERDOMAIN=ROOT
USERNAME=orkiler
USERPROFILE=C:\Documents and Settings\orkiler
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

orkiler [I](admin)[/I]

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3DSeXVilla Crack 30.001 --> MsiExec.exe /I{7C3037E1-8AC6-493E-A513-AE0C8A3869EB}
Adobe Reader 6.0.1 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A00000000001}
adsl TV --> C:\Program Files\adslTV\Uninstal.exe
AkvaarioGes 1.1.0 --> "C:\Program Files\AkvaarioGes\unins000.exe"
Archiveur WinRAR --> C:\Program Files\WinRAR\uninstall.exe
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
Beck @CHIPTOOL V5.9.9.1 --> "C:\Program Files\Chiptool\unins000.exe"
Counter-Strike 1.6 Lan --> C:\Program Files\Valve Lan\Désinstaller Counter-Strike 1.6 Lan.exe
eMule --> "C:\Program Files\eMule\Uninstall.exe"
Far Cry --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC} /l1036
Gothic III --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{02B244A2-7F6A-42E8-A36F-8C385D7A1625}\setup.exe" -l0x40c -removeonly
Gothic III Release Update --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1998BD34-1AAB-4169-ACFF-67342E2AF9B4}\setup.exe" -l0x40c -removeonly
Half-Life Lan --> C:\Program Files\Valve Lan\Désinstaller Half-Life Lan.exe
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
Hijackthis Version Française --> "C:\Program Files\Hijackthis Version Française\unins000.exe"
ItsTV 3.0 --> "C:\Program Files\Its Label\ItsTV\unins000.exe"
JMB36X Raid Configurer --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\Setup.exe" -l0x40c -removeonly
K-Lite Mega Codec Pack 1.53 --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kerio Personal Firewall --> MsiExec.exe /I{8315396A-5EA1-419D-BEC4-978284BDF556}
Logiciel QuickCam de Logitech --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x40c
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Combat Flight Simulator 3.0 --> "C:\Program Files\Microsoft Games\Combat Flight Simulator 3\UNINSTAL.EXE" /runtemp /addremove
Microsoft Flight Simulator 2004 Un siècle d'aviation --> "C:\Program Files\Microsoft Games\Flight Simulator 9\UNINSTAL.EXE" /runtemp /addremove
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (2.0.0.3) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 7 --> MsiExec.exe /I{F0A7FB2C-99E2-4884-9187-4BC60B2C1036}
Niagara Screensaver --> C:\WINDOWS\system32\Niagara.scr /U
Pack Crystal Clear 1.0 --> C:\WINDOWS\BricoPacks\Crystal Clear\Remove.exe
PowerQuest PartitionMagic 8.0 --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
Programme de gestion Camera de Logitech® --> "C:\Program Files\Fichiers communs\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
S.T.A.L.K.E.R. - Shadow of Chernobyl --> "C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\unins000.exe"
SAGEM Wi-Fi 11g USB adapter (pilote) --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7421E270-0140-4F62-AE39-ECB9F1C81B35}\Setup.exe" -l0x40c
SereneScreen Marine Aquarium 2.6 --> "C:\Program Files\SereneScreen\Marine Aquarium 2.6\unins000.exe"
Serious Sam 2 --> C:\Program Files\Serious Sam 2\Bin\Uninstall.exe
SpellForce 2 - Shadow Wars --> MsiExec.exe /X{E63A550D-7A75-462C-B495-D77F0808D083}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam --> C:\PROGRA~1\Steam\UNWISE.EXE C:\PROGRA~1\Steam\INSTALL.LOG
Sunbelt Kerio Personal Firewall --> MsiExec.exe /X{E659E0EE-10E6-49B7-8696-60F38D0EB174}
Super-Bikes Riding Challenge --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{190F801F-A2D2-40CF-85A3-8FEF893D1A29}\Setup.exe" -l0x40c
thriXXX 3DSexVilla-030.001 --> "C:\Program Files\thriXXX\3D SexVilla\Binaries\Uninstall-3DSexVilla-030.001.exe"
TuneUp Utilities 2007 --> MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
Unreal II --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{626F32D6-007C-41D5-8157-9509AB1428BE}\Setup.exe" -l0x40c
VMware Workstation --> MsiExec.exe /I{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}
Web TV --> C:\PROGRA~1\WEBTV~1\UNWISE.EXE C:\PROGRA~1\WEBTV~1\INSTALL.LOG
Windows Live Messenger --> MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
WinFast(R) Display Driver --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F69FD33C-8815-46BF-9134-A643DE68F3C0}\setup.exe" -l0x40c -removeonly
WinStars 2.0 --> "C:\Program Files\WinStars2\unins000.exe"

-- End of Deckard's System Scanner: finished at 2007-06-17 at 18:59:30 ---------

Deckard's System Scanner v20070611.50
Run by orkiler on 2007-06-17 at 18:57:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.

-- Last 1 Restore Point(s) --
1: 2007-06-17 16:57:12 UTC - RP1 - Point de vérification système

Backed up registry hives.

Performed disk cleanup.

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-06-17 18:58:40
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\RTHDCPL.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\VMware\VMware Workstation\hqtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
G:\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{67B59E4D-7693-4CD1-B625-921A7C7E116A}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
O23 - Service: avast! Antivirus - Unknown owner - "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
O23 - Service: avast! Mail Scanner - Unknown owner - "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
O23 - Service: avast! Web Scanner - Unknown owner - "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - "C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe"
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - "C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe"
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
R2 atksgt - c:\windows\system32\drivers\atksgt.sys
R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys
R3 m_hook (Empty) - c:\documents and settings\orkiler\application data\hidires\m_hook.sys

S3 GMSIPCI - d:\install\gmsipci.sys (file missing)
S3 PCANDIS5 (PCANDIS5 Protocol Driver) - c:\windows\system32\pcandis5.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R3 NMIndexingService - "c:\program files\fichiers communs\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home>

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S4 aswUpdSv (avast! iAVS4 Control Service) - "c:\program files\alwil software\avast4\aswupdsv.exe" (file missing)
S4 avast! Antivirus - "c:\program files\alwil software\avast4\ashserv.exe" (file missing)
S4 avast! Mail Scanner - "c:\program files\alwil software\avast4\ashmaisv.exe" /service (file missing)
S4 avast! Web Scanner - "c:\program files\alwil software\avast4\ashwebsv.exe" /service (file missing)

-- Scheduled Tasks -------------------------------------------------------------

2007-06-15 17:15:38 412 --a------ C:\WINDOWS\Tasks\Maintenance en 1 clic.job

-- Files created between 2007-05-17 and 2007-06-17 -----------------------------

2007-06-15 16:25:23 0 d-------- C:\Program Files\THQ
2007-06-15 16:13:26 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-06-15 16:00:51 0 d-------- C:\Unreal2
2007-06-15 15:56:41 0 d-------- C:\UT2004
2007-06-15 15:24:37 0 d-------- C:\Documents and Settings\NetworkService.AUTORITE NT\Application Data\VMware
2007-06-15 15:24:32 0 d-------- C:\Documents and Settings\orkiler\Application Data\VMware
2007-06-15 15:22:49 0 d-------- C:\Documents and Settings\LocalService.AUTORITE NT\Application Data\VMware
2007-06-15 15:21:52 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Bureau
2007-06-15 15:21:36 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\VMware
2007-06-15 15:21:27 0 d-------- C:\Program Files\VMware
2007-06-15 15:21:27 0 d-------- C:\Program Files\Fichiers communs\VMware
2007-06-14 19:20:18 0 d-------- C:\Program Files\Hijackthis Version Française
2007-05-31 18:03:01 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-05-30 17:29:10 0 d-------- C:\Program Files\Kerio
2007-05-29 18:12:10 0 d-------- C:\Program Files\LifeGlobe
2007-05-29 17:59:47 0 d-------- C:\Program Files\Formosoft
2007-05-28 17:07:13 2932736 --a------ C:\WINDOWS\system32\MA2_6.scr
2007-05-28 17:07:13 0 d-------- C:\Program Files\SereneScreen
2007-05-28 01:02:36 19 --a------ C:\WINDOWS\popcinfo.dat
2007-05-28 00:56:23 0 d-------- C:\Documents and Settings\orkiler\Application Data\Zylom
2007-05-28 00:56:18 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Zylom
2007-05-28 00:56:12 0 d-------- C:\Program Files\Zylom Games
2007-05-28 00:43:05 0 d-------- C:\WINDOWS\exefld
2007-05-28 00:42:59 115826 --a------ C:\WINDOWS\system32\flec003.exe
2007-05-27 02:01:43 119808 --a------ C:\WINDOWS\system32\Xdrive.dll <Not Verified; Xironic; XWare Package>
2007-05-27 02:01:43 675840 -----n--- C:\WINDOWS\system32\ISource2.dll <Not Verified; Smaller Animals Software, Inc.; _ISource2.DLL>
2007-05-27 02:01:43 0 d-------- C:\Program Files\PC Inspector Smart Recovery
2007-05-24 01:35:22 0 d-------- C:\Program Files\Chiptool
2007-05-22 18:06:37 0 d-------- C:\Program Files\AkvaarioGes
2007-05-18 02:18:37 0 d-------- C:\Documents and Settings\orkiler\Application Data\vlc
2007-05-18 02:18:36 0 d-------- C:\Program Files\adslTV
2007-05-18 01:41:54 119568 --a------ C:\WINDOWS\system32\VB6FR.DLL <Not Verified; Microsoft Corporation; Environnement Visual Basic>
2007-05-18 01:41:53 102912 --a------ C:\WINDOWS\system32\Vb6stkit.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Basic pour Windows>
2007-05-18 01:41:53 0 d-------- C:\Program Files\Web TV
2007-05-18 01:28:33 0 d-------- C:\Documents and Settings\orkiler\Application Data\ItsLabel
2007-05-18 01:28:20 0 d-------- C:\Program Files\Its Label
2007-05-18 01:27:42 0 d-------- C:\Program Files\eoRezo
2007-05-18 01:27:42 0 d-------- C:\Documents and Settings\orkiler\Application Data\EoRezo
2007-05-18 01:17:16 1607184 --a------ C:\WINDOWS\system32\Aquarium Exotique.scr <Not Verified; Axialis Software; Axialis Screen Saver Producer>
2007-05-18 01:16:07 528384 --a------ C:\WINDOWS\system32\Niagara.scr <Not Verified; ScreensaverShot Inc; >

-- Find3M Report ---------------------------------------------------------------

2007-06-15 16:00:50 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-06-15 15:21:52 373098 --a------ C:\WINDOWS\system32\perfh00C.dat
2007-06-15 15:21:52 50704 --a------ C:\WINDOWS\system32\perfc00C.dat
2007-06-15 15:21:27 0 d-------- C:\Program Files\Fichiers communs
2007-06-04 17:03:37 0 d-------- C:\Program Files\DAEMON Tools
2007-05-30 00:52:04 0 d-------- C:\Program Files\eMule
2007-05-28 00:56:23 0 d-------- C:\Documents and Settings\orkiler\Application Data\Identities
2007-05-22 20:15:56 0 d-------- C:\Program Files\Steam
2007-05-17 11:55:44 0 d-------- C:\Program Files\Messenger Plus! Live
2007-05-17 11:55:43 0 d-------- C:\Program Files\MSN Messenger
2007-05-16 13:36:52 0 d-------- C:\Program Files\WebCam Spy
2007-05-14 18:31:22 0 d-------- C:\Program Files\TuneUp Utilities 2007
2007-05-14 18:31:18 0 d-------- C:\Documents and Settings\orkiler\Application Data\TuneUp Software
2007-05-14 18:30:48 0 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-05-14 18:25:11 0 d-------- C:\Program Files\PowerQuest
2007-05-03 16:22:32 0 d-------- C:\Documents and Settings\orkiler\Application Data\Media Player Classic
2007-05-02 15:55:06 0 d-------- C:\Documents and Settings\orkiler\Application Data\DeskSoft
2007-05-02 00:59:36 0 d-------- C:\Program Files\Valve Lan
2007-04-02 19:39:12 65536 --a------ C:\WINDOWS\DTDraw.dll
2007-03-23 10:05:16 5451776 -ra------ C:\WINDOWS\system32\V2iDiskLib.dll <Not Verified; Symantec Corporation; V2iDiskLib>

-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"RTHDCPL"="RTHDCPL.EXE"
"SkyTel"="SkyTel.EXE"
"Alcmtr"="ALCMTR.EXE"
"JMB36X Configure"="C:\\WINDOWS\\system32\\JMRaidTool.exe boot"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"NeroFilterCheck"="C:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NeroCheck.exe"
"ISUSPM Startup"="C:\\PROGRA~1\\FICHIE~1\\INSTAL~1\\UPDATE~1\\isuspm.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Fichiers communs\\InstallShield\\UpdateService\\issch.exe\" -start"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
"vmware-tray"="C:\\Program Files\\VMware\\VMware Workstation\\vmware-tray.exe"
"VMware hqtray"="\"C:\\Program Files\\VMware\\VMware Workstation\\hqtray.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NMBgMonitor.exe\""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"Config"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,\
5c,72,75,6e,2e,63,6d,64,00
"nlsf"=hex(2):63,6d,64,2e,65,78,65,20,2f,43,20,6d,6f,76,65,20,2f,59,20,22,25,\
53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,73,79,73,73,\
65,74,75,62,2e,64,6c,6c,22,20,22,25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,\
79,73,74,65,6d,33,32,5c,73,79,73,73,65,74,75,70,2e,64,6c,6c,22,00
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=dword:00000001
"NoStartBanner"=hex:01,00,00,00
"MemCheckBoxInRunDlg"=dword:00000001
"NoSMBalloonTip"=dword:00000001
"NoDesktopCleanupWizard"=dword:00000001
"NoWelcomeScreen"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=dword:00000001
"NoStartBanner"=hex:01,00,00,00
"MemCheckBoxInRunDlg"=dword:00000001
"NoSMBalloonTip"=dword:00000001
"NoDesktopCleanupWizard"=dword:00000001
"NoWelcomeScreen"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source REG_SZ 7db39a0d-580f-4be9-9195-8bfcd226f6c2

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[color=red]SafeBoot registry key needs to be repaired. This machine cannot enter Safe Mode.[/color]

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
UxTuneUp

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce365811-d256-11db-941c-806d6172696f}]
Shell\AutoRun\command D:\setup.exe
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_M_HOOK

-- End of Deckard's System Scanner: finished at 2007-06-17 at 18:59:30 ---------

Directories/Files moved to C:\Deckard\System Scanner\backup

2007-06-15 17:15:28 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\.zylominstallertemp1180501745
2007-04-10 12:37:04 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\Adobe
2007-06-17 13:16:36 20974 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\Arabic.bin
2007-03-26 18:00:12 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\bye3A.tmp
2007-06-15 16:11:01 36864 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\CmdLineExt02.dll
2007-06-15 16:37:06 378504 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\CmdLineExtInstallerExe.exe
2007-06-17 13:16:36 24310 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\Czech.bin
2007-06-17 13:16:36 22769 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\Danish.bin
2007-06-15 16:43:43 65536 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\drm_dialogs.dll <Not Verified; Sony DADC Austria AG; >
2007-06-17 13:16:36 25741 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\Dutch.bin
2007-06-14 18:26:04 4602 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\dw.log
2007-03-14 20:51:44 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\dx90c
2007-06-17 13:16:36 21911 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\English.bin
2007-05-18 00:39:45 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\eTemp
2007-06-17 13:16:36 22853 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\Finnish.bin
2007-06-17 13:16:36 27237 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\French.bin
2007-06-17 13:16:36 25746 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\German.bin
2007-06-17 13:16:36 25080 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\Greek.bin
2007-06-17 13:16:36 19553 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\Hebrew.bin
2007-06-17 13:16:36 26076 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\Hungarian.bin
2007-05-18 01:28:31 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\is-MDD37.tmp
2007-05-14 18:36:52 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\isp3E.tmp
2007-05-14 18:36:52 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\isp5.tmp
2007-05-14 18:36:52 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\isp58.tmp
2007-05-14 18:36:52 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\ispD.tmp
2007-03-20 15:36:30 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\iss15.tmp
2007-05-14 18:36:52 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\iss3B.tmp
2007-03-20 15:06:30 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\iss9.tmp
2007-06-17 13:16:36 27409 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\Italian.bin
2007-06-17 13:16:36 24297 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\Japanese.bin
2007-06-17 13:16:36 20135 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\Korean.bin
2007-06-15 15:34:30 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\Logitech-LSU
2007-06-17 18:53:28 36253 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\LVCOMSX.LOG
2007-06-01 17:15:27 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\MessengerCache
2007-03-25 22:32:21 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\msohtml
2007-03-29 17:15:32 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\msohtml1
2007-06-11 19:31:52 0 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\NER9.tmp
2007-03-20 16:01:56 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\NeroDemo12069
2007-06-17 13:16:36 21958 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\Norwegian.bin
2007-03-20 16:04:55 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\nps.tmp
2007-03-20 16:02:12 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\nro.log
2007-03-20 16:04:35 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\nro.tmp
2007-06-14 17:21:37 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\ocd
2007-06-01 17:15:27 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\outlook logging
2007-03-14 19:34:20 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\pft16~tmp
2007-06-17 13:16:36 24219 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\Polish.bin
2007-06-17 13:16:36 25067 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\Portuguese(Brazil).bin
2007-06-17 13:16:36 26256 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\Portuguese.bin
2007-06-15 15:20:23 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\Rar$EX00.344
2007-06-17 13:16:36 26125 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\Russian.bin
2007-06-17 13:16:36 16404 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\SimChin.bin
2007-06-15 16:22:48 12067 --a-----t C:\DOCUME~1\orkiler\LOCALS~1\Temp\SIntf16.dll
2007-06-15 16:22:48 19924 --a-----t C:\DOCUME~1\orkiler\LOCALS~1\Temp\SIntf32.dll
2007-06-15 16:22:48 4592 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\SIntfIcn.ani
2007-06-15 16:22:48 24516 --a-----t C:\DOCUME~1\orkiler\LOCALS~1\Temp\SIntfNT.dll
2007-05-25 17:16:24 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\smfsetup
2007-06-17 13:16:36 27754 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\Spanish.bin
2007-06-17 13:16:36 24088 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\SWEDISH.bin
2007-06-13 19:03:50 4592 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\temp.ani
2007-06-12 20:44:42 0 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\TempCover10
2007-06-14 17:53:25 0 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\TempCover11
2007-06-11 19:31:00 0 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\TempCover9
2007-06-17 13:16:36 21977 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\Thai.bin
2007-06-17 13:16:36 16949 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\TradChin.bin
2007-06-17 13:16:36 22246 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\Turkish.bin
2007-06-15 17:15:28 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\VBE
2007-06-15 15:23:16 52099 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\vminst.log
2007-06-15 15:23:16 1291306 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\vmmsi.log
2007-03-14 20:51:44 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\xfire
2007-06-15 15:20:23 262239 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\zwt1.tmp <Not Verified; VMware, Inc.; VMware Workstation>
2007-06-15 15:20:23 323659 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\zwt2.tmp <Not Verified; VMware, Inc.; VMware P2V Assistant>
2007-06-04 18:59:54 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\_avast4_
2007-03-14 20:07:10 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\_av_sfx.tm~a01600
2007-05-14 18:36:52 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\_ir_sf7_temp_0
2007-05-30 17:28:57 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\_isF
2007-03-15 01:38:18 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\_ISTMP1.DIR
2007-05-14 18:26:16 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
2007-03-26 18:04:34 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\{6D3F065E-E02E-4214-BBEA-A563DA17A7C0}
2007-05-14 18:25:55 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\{a68c3403-53ac-44da-b6c5-2a902bd8bbe9}
2007-05-16 15:23:43 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\~nsu.tmp
2007-03-20 15:37:54 489 --a------ C:\WINDOWS\temp\CamServr.log
2007-03-20 15:37:46 52055 --a------ C:\WINDOWS\temp\CamWizrd.log
2007-03-20 15:05:51 359 --a------ C:\WINDOWS\temp\Instmed.log
2007-03-20 15:05:54 444 --a------ C:\WINDOWS\temp\InstVid.log
2007-03-14 19:34:21 0 d-------- C:\WINDOWS\temp\IntelChip
2007-05-17 11:45:52 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_100.dat
2007-05-26 20:10:32 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_114.dat
2007-05-18 09:11:30 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_118.dat
2007-06-17 13:37:09 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_134.dat
2007-06-17 13:17:31 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_614.dat
2007-06-15 15:25:37 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_618.dat
2007-05-15 12:34:02 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_7f8.dat
2007-06-15 15:22:49 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_a60.dat
2007-04-13 12:31:36 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_cc.dat
2007-06-15 16:11:13 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_cc8.dat
2007-04-12 11:44:22 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_e0.dat
2007-03-26 17:23:11 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_e8.dat
2007-05-18 14:01:53 6384 --a------ C:\WINDOWS\temp\PQ_DEBUG.001
2007-05-18 00:46:46 6384 --a------ C:\WINDOWS\temp\PQ_DEBUG.002
2007-05-16 21:39:12 6384 --a------ C:\WINDOWS\temp\PQ_DEBUG.003
2007-05-15 22:49:00 6384 --a------ C:\WINDOWS\temp\PQ_DEBUG.004
2007-05-15 13:27:19 8921 --a------ C:\WINDOWS\temp\PQ_DEBUG.005
2007-06-17 13:36:21 6390 --a------ C:\WINDOWS\temp\PQ_DEBUG.TXT
2007-06-17 13:36:11 85 --a------ C:\WINDOWS\temp\vmware-vmount-1.log
2007-06-17 13:16:31 85 --a------ C:\WINDOWS\temp\vmware-vmount-2.log
2007-06-15 16:10:16 85 --a------ C:\WINDOWS\temp\vmware-vmount-3.log
2007-06-15 15:24:39 85 --a------ C:\WINDOWS\temp\vmware-vmount-4.log
2007-05-31 18:05:56 0 d-------- C:\WINDOWS\temp\_avast4_

-*- End of Logfile -*-
voilà...

Romhimtib

J'ai bien fais ce que tu m'as demandé?
Tu en pense quoi?
Bonne journée!

Romhimtib

boulepate62,
Pourriez-vous s'il vous me faire signe, je m'inquiète de ne pas avoir de vos nouvelles...

Merci de votre attention...

Rom

Réponse 3 / 6

Utilisateur anonyme

Bonjour ;-)

Télécharge ELIBAGLA sur ton bureau:
http://www.zonavirus.com/datos/archivos/Descargas/Utilidades%20SATINFO/EliBaglA.exe

Double-clic sur Elibagla.exe laisse coché la case "eliminar ficheros automaticamente" et clic sur"explorar"
Laisse-le travailler, dès qu'il a terminé colle le rapport ici, que tu pourras trouver aussi à cet endroit
dans c:\infosat.txt

ET

Fais ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2 (en haut) va se mettre à clignoter, clic dessus et choisis "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp

https://www.bitdefender.com/toolbox/

ça ne sera pas terminé, je reviens plus tard ;-)

Romhimtib

Mon problème c'est qu'avec ce virus je ne peux pas me connecter à internet, mon pc me dis qu'un autre logiciel/system gère mon réseau wifi et donc qu'il ne reconnais aucune connection... La personne qui ma posé ce virus m'a aussi piraté ma livebox...

A bientôt,

Merci encore pour votre aide...

Réponse 4 / 6

Utilisateur anonyme

Télécharge le premier logiciel alors et exécute le sur ton PC.

Puis supprime ce dossier : C:\Deckard\System Scanner\backup

Romhimtib

Je viens d'exécuter le logiciel, voici le rapport :

Fri Jun 22 13:40:30 2007
EliBagle v10.41 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Renombrado a .VIR
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ORKILER\APPLICATION DATA\HIDIRES\HIDR.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ORKILER\APPLICATION DATA\HIDIRES\M_HOOK.SYS --> Eliminado Bagle (rootkit)
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v10.41
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\HLDRRR.EXE --> Bagle Renombrado a .VIR
Eliminada Carpeta "%WinDir%\exefld"
Restaurada Clave: "SafeBoot\Minimal y Network"

Fri Jun 22 13:40:44 2007
EliBagle v10.41 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Fri Jun 22 13:43:47 2007
EliBagle v10.41 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Eliminada Carpeta "%AppData%\Hidires"

Fri Jun 22 13:45:53 2007
EliBagle v10.41 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Fri Jun 22 13:45:54 2007
EliBagle v10.41 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Fri Jun 22 13:46:28 2007
EliBagle v10.41 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad G:\

Fri Jun 22 13:46:38 2007
EliBagle v10.41 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Merci encore!
Je supprime le fichier toute suite.

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 5 / 6

Utilisateur anonyme

Voilà, c'est mieux tu peux supprimer : EliBagle

¤ ¤ Télécharge ce programme puis double clic dessus (ferme ton antivirus s'il te détecte quoi que ce soit)
http://www.suspectfile.com/systemscan/

* Coche uniquement ces cases, décoche tout le reste :

- Recent Files, 60 days
- Registry Run Key
- Hidden objects
- suspucious files

Puis clic sur scan now, soit patient.
Une fois qu'il aura terminé, un rapport va s'ouvrir, copie et colle son contenu ici et vérifie qu'il soit bien en entier, si besoin crée deux messages.

Romhimtib

SystemScan - www.suspectfile.com - ver. 3.1.2

Running on: Windows XP PROFESSIONAL Edition, Service Pack 2 (2600.5.1)
System directory: C:\WINDOWS

Date: 24/06/2007
Time: 19:17:58

Output limited to:
-Recent files
-Registry Run Keys
-Hidden objects
-Suspicious Files

===================== Recent files (60 days old)=====================

----- recent files in C:\
14/05/2007 21:46:37 (DIR) 0 byte 41 days old -- Romhimtib
23/05/2007 19:08:36 268 byte 32 days old -- sqmdata18.sqm
23/05/2007 19:08:36 244 byte 32 days old -- sqmnoopt18.sqm
23/05/2007 19:14:04 268 byte 32 days old -- sqmdata19.sqm
23/05/2007 19:14:04 244 byte 32 days old -- sqmnoopt19.sqm
24/05/2007 18:14:05 232 byte 31 days old -- sqmdata00.sqm
24/05/2007 18:14:05 244 byte 31 days old -- sqmnoopt00.sqm
07/06/2007 20:35:39 232 byte 17 days old -- sqmdata01.sqm
07/06/2007 20:35:39 244 byte 17 days old -- sqmnoopt01.sqm
08/06/2007 17:22:30 244 byte 16 days old -- sqmnoopt02.sqm
08/06/2007 17:22:30 232 byte 16 days old -- sqmdata02.sqm
09/06/2007 15:41:05 244 byte 15 days old -- sqmnoopt03.sqm
09/06/2007 15:41:05 232 byte 15 days old -- sqmdata03.sqm
09/06/2007 15:59:15 244 byte 15 days old -- sqmnoopt04.sqm
09/06/2007 15:59:15 232 byte 15 days old -- sqmdata04.sqm
10/06/2007 14:52:14 232 byte 14 days old -- sqmdata05.sqm
10/06/2007 14:52:14 244 byte 14 days old -- sqmnoopt05.sqm
10/06/2007 16:51:05 232 byte 14 days old -- sqmdata06.sqm
10/06/2007 16:51:05 244 byte 14 days old -- sqmnoopt06.sqm
10/06/2007 17:03:00 232 byte 14 days old -- sqmdata07.sqm
10/06/2007 17:03:00 244 byte 14 days old -- sqmnoopt07.sqm
10/06/2007 21:02:59 232 byte 14 days old -- sqmdata08.sqm
10/06/2007 21:02:59 244 byte 14 days old -- sqmnoopt08.sqm
11/06/2007 18:06:58 232 byte 13 days old -- sqmdata09.sqm
11/06/2007 18:06:58 244 byte 13 days old -- sqmnoopt09.sqm
12/06/2007 17:37:02 232 byte 12 days old -- sqmdata10.sqm
12/06/2007 17:37:02 244 byte 12 days old -- sqmnoopt10.sqm
12/06/2007 20:43:01 232 byte 12 days old -- sqmdata11.sqm
12/06/2007 20:43:01 244 byte 12 days old -- sqmnoopt11.sqm
12/06/2007 23:52:52 232 byte 12 days old -- sqmdata12.sqm
12/06/2007 23:52:52 244 byte 12 days old -- sqmnoopt12.sqm
13/06/2007 18:14:39 244 byte 11 days old -- sqmnoopt13.sqm
13/06/2007 18:14:39 232 byte 11 days old -- sqmdata13.sqm
14/06/2007 17:19:49 244 byte 10 days old -- sqmnoopt14.sqm
14/06/2007 17:19:49 232 byte 10 days old -- sqmdata14.sqm
14/06/2007 17:37:17 232 byte 10 days old -- sqmdata15.sqm
14/06/2007 17:37:17 244 byte 10 days old -- sqmnoopt15.sqm
14/06/2007 17:49:22 244 byte 10 days old -- sqmnoopt16.sqm
14/06/2007 17:49:22 232 byte 10 days old -- sqmdata16.sqm
14/06/2007 18:26:03 232 byte 10 days old -- sqmdata17.sqm
14/06/2007 18:26:03 244 byte 10 days old -- sqmnoopt17.sqm
14/06/2007 18:32:04 212 byte 10 days old -- boot.ini
15/06/2007 15:21:54 1024 byte 9 days old -- .rnd
15/06/2007 15:56:41 (DIR) 0 byte 9 days old -- UT2004
15/06/2007 16:03:28 (DIR) 0 byte 9 days old -- Unreal2
15/06/2007 16:25:23 (DIR) 0 byte 9 days old -- Program Files
17/06/2007 18:57:04 (DIR) 0 byte 7 days old -- Deckard
17/06/2007 18:57:09 (DIR) 0 byte 7 days old -- System Volume Information
22/06/2007 13:40:30 (DIR) 0 byte 2 days old -- Muestras
22/06/2007 13:40:36 (DIR) 0 byte 2 days old -- WINDOWS
22/06/2007 13:46:38 1872 byte 2 days old -- InfoSat.txt
24/06/2007 19:09:51 1048576000 byte 0 days old -- pagefile.sys
24/06/2007 19:17:57 (DIR) 0 byte 0 days old -- suspectfile

----- recent files in C:\WINDOWS\
14/05/2007 18:31:27 (DIR) 0 byte 41 days old -- Tasks
15/05/2007 12:57:47 1409 byte 40 days old -- QTFont.for
18/05/2007 23:00:50 1048576000 byte 37 days old -- MEMORY.DMP
18/05/2007 23:00:54 (DIR) 0 byte 37 days old -- Minidump
19/05/2007 20:17:45 54156 byte 36 days old -- QTFont.qfn
27/05/2007 17:10:34 15798 byte 28 days old -- wmsetup.log
28/05/2007 17:04:50 19 byte 27 days old -- popcinfo.dat
14/06/2007 18:32:04 607 byte 10 days old -- win.ini
14/06/2007 18:32:04 277 byte 10 days old -- system.ini
15/06/2007 15:22:46 745511 byte 9 days old -- setupapi.log
15/06/2007 15:22:52 (DIR) 0 byte 9 days old -- Installer
15/06/2007 16:10:43 1074 byte 9 days old -- IE4 Error Log.txt
15/06/2007 16:35:16 170959 byte 9 days old -- DirectX.log
15/06/2007 16:35:16 (DIR) 0 byte 9 days old -- inf
17/06/2007 18:57:14 (DIR) 0 byte 7 days old -- ERDNT
20/06/2007 23:29:06 69 byte 4 days old -- NeroDigital.ini
22/06/2007 13:40:35 (DIR) 0 byte 2 days old -- system32
22/06/2007 16:12:55 32380 byte 2 days old -- SchedLgU.Txt
24/06/2007 19:09:53 2048 byte 0 days old -- bootstat.dat
24/06/2007 19:10:03 50 byte 0 days old -- wiaservc.log
24/06/2007 19:10:09 159 byte 0 days old -- wiadebug.log
24/06/2007 19:10:11 327315 byte 0 days old -- WindowsUpdate.log
24/06/2007 19:11:10 0 byte 0 days old -- 0.log
24/06/2007 19:11:10 (DIR) 0 byte 0 days old -- Temp
24/06/2007 19:17:26 (DIR) 0 byte 0 days old -- Prefetch

----- recent files in C:\WINDOWS\Downloaded Program Files\

----- recent files in C:\WINDOWS\system\

----- recent files in C:\WINDOWS\system32\
30/04/2007 17:35:28 95872 byte 55 days old -- AVASTSS.scr
30/04/2007 17:46:10 745600 byte 55 days old -- aswBoot.exe
01/05/2007 21:45:40 207664 byte 54 days old -- vmnc.dll
01/05/2007 22:51:02 13104 byte 54 days old -- vnetinst.dll
01/05/2007 22:51:04 50992 byte 54 days old -- vmnetbridge.dll
01/05/2007 22:51:42 437040 byte 54 days old -- vnetlib.dll
01/05/2007 22:51:46 121648 byte 54 days old -- vmnetdhcp.exe
01/05/2007 22:52:32 150320 byte 54 days old -- vmnat.exe
16/05/2007 15:22:43 (DIR) 0 byte 39 days old -- config
16/05/2007 21:06:50 1914 byte 39 days old -- lvcoinst.log
18/05/2007 01:16:07 528384 byte 37 days old -- Niagara.scr
18/05/2007 01:16:07 2701311 byte 37 days old -- Niagara.mpf
18/05/2007 01:17:16 1607184 byte 37 days old -- Aquarium Exotique.scr
22/05/2007 19:55:55 (DIR) 0 byte 33 days old -- wbem
29/05/2007 07:05:12 52736 byte 26 days old -- WINTEMS.EXE.VIR
31/05/2007 18:04:26 3121 byte 24 days old -- CONFIG.NT
15/06/2007 15:21:52 784080 byte 9 days old -- PerfStringBackup.INI
15/06/2007 15:21:52 373098 byte 9 days old -- perfh00C.dat
15/06/2007 15:21:52 50704 byte 9 days old -- perfc00C.dat
15/06/2007 15:21:52 42046 byte 9 days old -- perfc009.dat
15/06/2007 15:21:52 317192 byte 9 days old -- perfh009.dat
15/06/2007 15:22:32 (DIR) 0 byte 9 days old -- drivers
15/06/2007 16:13:26 43520 byte 9 days old -- CmdLineExt03.dll
15/06/2007 16:35:10 (DIR) 0 byte 9 days old -- DirectX
15/06/2007 16:37:06 108144 byte 9 days old -- CmdLineExt.dll
17/06/2007 18:57:09 (DIR) 0 byte 7 days old -- Restore
22/06/2007 13:01:55 (DIR) 0 byte 2 days old -- CatRoot2
24/06/2007 19:09:54 2206 byte 0 days old -- wpa.dbl
24/06/2007 19:13:28 80671 byte 0 days old -- nvapps.xml

----- recent files in C:\WINDOWS\system32\drivers\
30/04/2007 17:37:23 26888 byte 55 days old -- aavmker4.sys
30/04/2007 17:38:51 43176 byte 55 days old -- aswTdi.sys
30/04/2007 17:39:41 23416 byte 55 days old -- aswRdr.sys
30/04/2007 17:41:42 94552 byte 55 days old -- aswmon2.sys
30/04/2007 17:41:55 85952 byte 55 days old -- aswmon.sys
01/05/2007 22:51:02 16816 byte 54 days old -- vmnetadapter.sys
01/05/2007 22:51:02 17712 byte 54 days old -- vmnet.sys
01/05/2007 22:51:02 28592 byte 54 days old -- vmnetbridge.sys
01/05/2007 22:52:02 16176 byte 54 days old -- vmparport.sys
01/05/2007 22:52:50 430128 byte 54 days old -- vmx86.sys
01/05/2007 22:52:52 25264 byte 54 days old -- vmnetuserif.sys
01/05/2007 22:52:52 34608 byte 54 days old -- hcmon.sys
01/05/2007 22:52:56 21040 byte 54 days old -- VMkbd.sys
29/05/2007 07:05:00 12123 byte 26 days old -- fwdrv.err

----- recent files in C:\WINDOWS\temp\
17/06/2007 18:53:06 85 byte 7 days old -- vmware-vmount-9.log
17/06/2007 18:54:05 16384 byte 7 days old -- Perflib_Perfdata_570.dat
17/06/2007 21:52:49 85 byte 7 days old -- vmware-vmount-8.log
17/06/2007 21:53:47 16384 byte 7 days old -- Perflib_Perfdata_130.dat
18/06/2007 17:33:03 85 byte 6 days old -- vmware-vmount-7.log
18/06/2007 17:34:01 16384 byte 6 days old -- Perflib_Perfdata_620.dat
18/06/2007 20:20:50 85 byte 6 days old -- vmware-vmount-6.log
18/06/2007 20:21:48 16384 byte 6 days old -- Perflib_Perfdata_12c.dat
19/06/2007 18:03:50 85 byte 5 days old -- vmware-vmount-5.log
19/06/2007 18:04:49 16384 byte 5 days old -- Perflib_Perfdata_688.dat
20/06/2007 17:33:30 85 byte 4 days old -- vmware-vmount-4.log
20/06/2007 20:21:15 85 byte 4 days old -- vmware-vmount-3.log
20/06/2007 20:22:13 16384 byte 4 days old -- Perflib_Perfdata_49c.dat
20/06/2007 23:21:56 85 byte 4 days old -- vmware-vmount-2.log
20/06/2007 23:22:54 16384 byte 4 days old -- Perflib_Perfdata_678.dat
22/06/2007 12:59:15 85 byte 2 days old -- vmware-vmount-1.log
22/06/2007 13:00:13 16384 byte 2 days old -- Perflib_Perfdata_238.dat
24/06/2007 19:10:11 85 byte 0 days old -- vmware-vmount.log
24/06/2007 19:11:10 16384 byte 0 days old -- Perflib_Perfdata_120.dat

----- recent files in C:\Program Files\
02/05/2007 00:59:36 (DIR) 0 byte 53 days old -- Valve Lan
14/05/2007 18:25:11 (DIR) 0 byte 41 days old -- PowerQuest
14/05/2007 18:31:22 (DIR) 0 byte 41 days old -- TuneUp Utilities 2007
16/05/2007 13:36:52 (DIR) 0 byte 39 days old -- WebCam Spy
17/05/2007 11:55:43 (DIR) 0 byte 38 days old -- MSN Messenger
17/05/2007 11:55:44 (DIR) 0 byte 38 days old -- Messenger Plus! Live
18/05/2007 01:28:20 (DIR) 0 byte 37 days old -- Its Label
18/05/2007 01:35:00 (DIR) 0 byte 37 days old -- eoRezo
18/05/2007 01:41:56 (DIR) 0 byte 37 days old -- Web TV
20/05/2007 21:40:03 (DIR) 0 byte 35 days old -- adslTV
22/05/2007 18:27:47 (DIR) 0 byte 33 days old -- AkvaarioGes
22/05/2007 20:15:56 (DIR) 0 byte 33 days old -- Steam
24/05/2007 01:35:22 (DIR) 0 byte 31 days old -- Chiptool
27/05/2007 02:06:15 (DIR) 0 byte 28 days old -- PC Inspector Smart Recovery
28/05/2007 17:07:13 (DIR) 0 byte 27 days old -- SereneScreen
29/05/2007 17:59:47 (DIR) 0 byte 26 days old -- Formosoft
29/05/2007 18:12:10 (DIR) 0 byte 26 days old -- LifeGlobe
30/05/2007 00:52:04 (DIR) 0 byte 25 days old -- eMule
30/05/2007 07:09:06 (DIR) 0 byte 25 days old -- Zylom Games
30/05/2007 17:29:10 (DIR) 0 byte 25 days old -- Kerio
04/06/2007 17:03:37 (DIR) 0 byte 20 days old -- DAEMON Tools
14/06/2007 19:21:32 (DIR) 0 byte 10 days old -- Hijackthis Version Française
15/06/2007 15:21:27 (DIR) 0 byte 9 days old -- VMware
15/06/2007 15:21:27 (DIR) 0 byte 9 days old -- Fichiers communs
15/06/2007 16:00:50 (DIR) 0 byte 9 days old -- InstallShield Installation Information
15/06/2007 16:25:23 (DIR) 0 byte 9 days old -- THQ
15/06/2007 16:40:22 (DIR) 0 byte 9 days old -- Mozilla Firefox
22/06/2007 13:45:47 (DIR) 0 byte 2 days old -- Spybot - Search & Destroy

----- recent files in C:\Program Files\Fichiers communs\
14/05/2007 18:30:48 (DIR) 0 byte 41 days old -- Wise Installation Wizard
15/06/2007 15:21:27 (DIR) 0 byte 9 days old -- VMware

===================== REGISTRY SCAN =====================

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"RTHDCPL"="RTHDCPL.EXE"
"SkyTel"="SkyTel.EXE"
"Alcmtr"="ALCMTR.EXE"
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe boot"
"NvCplDaemon"="RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit"
"DAEMON Tools"="\"C:\Program Files\DAEMON Tools\daemon.exe\" -lang 1033"
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe "
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe"
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe"
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup"
"ISUSScheduler"="\"C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe\" -start"
"KernelFaultCheck"=expand:"%systemroot%\system32\dumprep 0 -k"
"vmware-tray"="C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
"VMware hqtray"="\"C:\Program Files\VMware\VMware Workstation\hqtray.exe\""

[Run\OptionalComponents]

[Run\OptionalComponents\IMAIL]
"Installed"="1"

[Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[Run\OptionalComponents\MSFS]
"Installed"="1"

-----HKCU\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"LogitechSoftwareUpdate"="\"C:\Program Files\Logitech\Video\ManifestEngine.exe\" boot"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe\""

-----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-----

[Windows]
"AppInit_DLLs"=""

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad-----

[ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
#### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
#### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
#### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"%SystemRoot%\system32\webcheck.dll"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
#### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @="C:\WINDOWS\system32\stobject.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-----

[ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]
"Shell"="Explorer.exe"
"System"=""
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"UIHost"=expand:"logonui.exe"
"LogonType"=dword:00000001
"WinStationsDisabled"="0"

[Winlogon\GPExtensions]

[Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
"@="Sans fil"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
"@="Folder Redirection"
"DllName"=expand:"fdeploy.dll"

[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
"@="Quota du disque Microsoft"
"DllName"=expand:"dskquota.dll"

[Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
"@="Planificateur de paquets QoS"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
"@="Scripts"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
"@="Mappage de zones Internet Explorer"
"DllName"=expand:"iedkcs32.dll"

[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="Security"

[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"DllName"=expand:"iedkcs32.dll"
"@="Personnalisation de Internet Explorer"

[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="EFS recovery"

[Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
"@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\System32\cscui.dll"

[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
"@="Installation de logiciel"
"DllName"=expand:"appmgmts.dll"

[Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
"@="Sécurité IP"
"DllName"=expand:"gptext.dll"

[Winlogon\Notify]

[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"
"Logoff"="ChainWlxLogoffEvent"

[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"
"Logoff"="CryptnetWlxLogoffEvent"

[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"StartShell"="WinlogonStartShellEvent"

[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001

[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"DllName"=expand:"sclgntfy.dll"

[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"

[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"

[Winlogon\SpecialAccounts]

[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]
"ParseAutoexec"="1"
"ExcludeProfileDirs"="Local Settings;Temporary Internet Files;Historique;Temp;Local Settings\Application Data\Microsoft\Outlook"
"BuildNumber"=dword:00000a28

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-----

[Image File Execution Options\Your Image File Name Here without a path]
"Debugger"="ntsd -d"

-----HKLM\System\CurrentControlSet\Control\Session Manager\-----

[Session Manager]
"BootExecute"=multi:"autocheck autochk *\00\00"

[Session Manager\SubSystems]
"Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"

-----HKLM\SYSTEM\CurrentControlSet\Control\WOW-----

[WOW]
"cmdline"=expand:"%SystemRoot%\system32\ntvdm.exe"
"wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386"

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

[RunOnce]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

[RunOnceEx]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-----

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

[RunOnce]

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-----

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

-----HKLM\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-----

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup-----

-----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run-----

-----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-----

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-----

[Browser Helper Objects]

[Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
#### HKCR\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\InprocServer32 @="C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll"

[Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
#### HKCR\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\InprocServer32 @="C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"

[Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}]
@="EoRezoBHO"

[Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
@=""

-----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-----

[URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @=expand:"%SystemRoot%\system32\shdocvw.dll"

-----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder-----

[startupfolder]

-----HKCU\Control Panel\Desktop\-----

[Desktop]
"SCRNSAVE.EXE"="C:\WINDOWS\system32\MA2_6.scr"

[Desktop\Sound]

[Desktop\WindowMetrics]

-----HKEY_CLASSES_ROOT\exefile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\comfile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\batfile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\piffile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\scrFile\shell\open\command-----

[command]
@="\"%1\" /S"

-----HKEY_CLASSES_ROOT\htafile\shell\open\command-----

[Command]
@="C:\WINDOWS\system32\mshta.exe \"%1\" %*"

-----HKEY_CLASSES_ROOT\logfile\shell\open\command-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL-----

[URL]

[URL\DefaultPrefix]
@="http://"

[URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"

-----HKLM\SYSTEM\CurrentControlSet\Control\Lsa-----

[Lsa]
"Authentication Packages"=multi:"msv1_0\00\00"
"Bounds"=hex:00,30,00,00,00,20,00,00
"Security Packages"=multi:"kerberos\00msv1_0\00schannel\00wdigest\00\00"
"ImpersonatePrivilegeUpgradeToolHasRun"=dword:00000001
"LsaPid"=dword:00000414
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"disabledomaincreds"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nodefaultadminowner"=dword:00000001
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=multi:"scecli\00\00"

[Lsa\AccessProviders]
"ProviderOrder"=multi:"Windows NT Access Provider\00\00"

[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"

[Lsa\Audit]

[Lsa\Audit\PerUserAuditing]

[Lsa\Audit\PerUserAuditing\System]

[Lsa\Data]
@Class="02f162b4"
"Pattern"=hex:19,70,e5,5f,61,2b,ca,96,08,e9,c9,07,ca,ef,15,82,30,32,66,31,36,\
32,62,34,00,fd,07,00,e0,4d,00,00,34,fa,07,00,4e,82,74,75,20,fa,07,00,40,fd,\
07,00,4c,fd,07,00,f5,3a,ec,9d,77,ed,f1,7b,63,78,a2,02

[Lsa\GBG]
@Class="f5ed1877"
"GrafBlumGroup"=hex:9f,b6,0e,9d,0d,85,64,26,d8

[Lsa\JD]
@Class="63a29d7b"
"Lookup"=hex:ca,bc,9a,28,d7,d9

[Lsa\Kerberos]

[Lsa\Kerberos\Domains]

[Lsa\Kerberos\SidCache]

[Lsa\MSV1_0]
"Auth132"="IISSUBA"
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000

[Lsa\Skew1]
@Class="ec3a78bd"
"SkewMatrix"=hex:a8,c6,61,ee,fc,d9,be,76,28,f6,97,68,a3,61,3d,88

[Lsa\SSO]

[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[Lsa\SspiCache]
"Time"=hex:a4,af,b2,80,8a,66,c7,01

[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"Capabilities"=dword:00004050
"RpcId"=dword:0000ffff
"Version"=dword:00000001
"TokenSize"=dword:0000ffff
"Time"=hex:00,ea,0b,83,fe,85,c4,01
"Type"=dword:00000031

[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000011
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,cb,01,89,fe,85,c4,01
"Type"=dword:00000031

[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000012
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,cb,01,89,fe,85,c4,01
"Type"=dword:00000031

-----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-----

[SharedAccess]
"DependOnGroup"=multi:"\00"
"DependOnService"=multi:"Netman\00WinMgmt\00\00"
"Description"="Assure la traduction d'adresses de réseau, l'adressage, les services de résolution de noms et/ou les services de prévention d'intrusion pour un réseau de petite entreprise ou un réseau domestique."
"DisplayName"="Pare-feu Windows / Partage de connexion Internet"
"ErrorControl"=dword:00000001
"ImagePath"=expand:"%SystemRoot%\system32\svchost.exe -k netsvcs"
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020

[SharedAccess\Epoch]
"Epoch"=dword:0000127b

[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"

[SharedAccess\Parameters\FirewallPolicy]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=dword:00000000
"DoNotAllowExceptions"=dword:00000000
"DisableNotifications"=dword:00000000
"DisableUnicastResponsesToMulticastBroadcast"=dword:00000000

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000000
"DoNotAllowExceptions"=dword:00000000
"DisableNotifications"=dword:00000000
"DisableUnicastResponsesToMulticastBroadcast"=dword:00000000

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"139:TCP"="139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002"

[SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001

[SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"All"=dword:00000001

-----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2-----

-----HKLM\Software\Microsoft\Ole-----

[Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,5c,00,00,00,6c,00,00,00,00,00,00,00,\
14,00,00,00,02,00,48,00,03,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
00,05,04,00,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,00,05,12,00,00,\
00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,\
20,00,00,00,20,02,00,00
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
14,00,00,00,02,00,34,00,02,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
00,01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,\
00,00,00,00,05,20,00,00,00,20,02,00,00
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
14,00,00,00,02,00,30,00,02,00,00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,\
00,00,05,07,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,01,00,00,\
00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00
"EnableDCOM"="Y"

[Ole\AppCompat]

[Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"

-----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-----

[Security Center]
"FirstRunDisabled"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"DisablePagingExecutive"=dword:00000001
"LargeSystemCache"=dword:00000000
"SecondLevelDataCache"=dword:00000200

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-----

[SystemRestore]
"DisableSR"=dword:00000000
"CreateFirstRunRp"=dword:00000001
"DSMin"=dword:000000c8
"DSMax"=dword:00000190
"RPSessionInterval"=dword:00000000
"RPGlobalInterval"=dword:00015180
"RPLifeInterval"=dword:0076a700
"CompressionBurst"=dword:0000003c
"TimerInterval"=dword:00000078
"DiskPercent"=dword:0000000c
"ThawInterval"=dword:00000384
"RestoreDiskSpaceError"=dword:00000000

[SystemRestore\Cfg]
"DiskPercent"=dword:0000000c
"MachineGuid"="{70A0A8BF-CC7C-4147-A82A-5A707C2F098B}"

[SystemRestore\SnapshotCallbacks]
@=""

-----HKEY_CURRENT_USER\Software\VB and VBA Program Settings-----

[VB and VBA Program Settings]

[VB and VBA Program Settings\AkvaarioGes]

[VB and VBA Program Settings\AkvaarioGes\ColorGUI]

[VB and VBA Program Settings\AkvaarioGes\Compatibilite]

[VB and VBA Program Settings\AkvaarioGes\Install]

[VB and VBA Program Settings\AkvaarioGes\Options]

[VB and VBA Program Settings\AkvaarioGes\Param]

[VB and VBA Program Settings\Euro Add-in]

[VB and VBA Program Settings\Euro Add-in\Wizard Options]

-----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\-----

[MountPoints2]

[MountPoints2\A]
"BaseClass"="Drive"

[MountPoints2\C]
"BaseClass"="Drive"

[MountPoints2\D]
"BaseClass"="Drive"

[MountPoints2\E]
"BaseClass"="Drive"

[MountPoints2\G]
"BaseClass"="Drive"

[MountPoints2\R]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,df,df,df,5f,df,df,00,5f,5f,5f,5f,5f,5f,5f,5f,\
5f,5f,00,01,00,00,00,08,00,00,00

[MountPoints2\{0f749a98-024b-11dc-b85e-806d6172696f}]
"BaseClass"="Drive"

[MountPoints2\{0f749a99-024b-11dc-b85e-806d6172696f}]
"BaseClass"="Drive"

[MountPoints2\{0f749a9b-024b-11dc-b85e-001302520a30}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,df,df,df,5f,df,df,00,5f,5f,5f,5f,5f,5f,5f,5f,\
5f,5f,00,01,00,00,00,08,00,00,00

[MountPoints2\{39f9be01-0206-11dc-a4b7-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,df,df,df,5f,df,df,00,5f,5f,5f,5f,5f,5f,5f,5f,\
5f,5f,00,01,00,00,00,08,00,00,00

[MountPoints2\{39f9be01-0206-11dc-a4b7-806d6172696f}\shell]
@="None"

[MountPoints2\{39f9be01-0206-11dc-a4b7-806d6172696f}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[MountPoints2\{39f9be01-0206-11dc-a4b7-806d6172696f}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

[MountPoints2\{3a20675e-d258-11db-b9d4-001302520a30}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,06,00,00

[MountPoints2\{3a20675e-d258-11db-b9d4-001302520a30}\shell]
@="None"

[MountPoints2\{3a20675e-d258-11db-b9d4-001302520a30}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[MountPoints2\{3a20675e-d258-11db-b9d4-001302520a30}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

[MountPoints2\{40279f93-02d1-11dc-b861-001302520a30}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,df,df,df,5f,df,df,cf,5f,5f,5f,5f,5f,5f,5f,5f,\
5f,5f,00,01,00,00,00,00,00,00,00

[MountPoints2\{40279f93-02d1-11dc-b861-001302520a30}\shell]
@="None"

[MountPoints2\{40279f93-02d1-11dc-b861-001302520a30}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[MountPoints2\{40279f93-02d1-11dc-b861-001302520a30}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

[MountPoints2\{6a627295-deb6-11db-b9f4-001302520a30}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,07,00,00

[MountPoints2\{6a627295-deb6-11db-b9f4-001302520a30}\shell]
@="None"

[MountPoints2\{6a627295-deb6-11db-b9f4-001302520a30}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[MountPoints2\{6a627295-deb6-11db-b9f4-001302520a30}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

[MountPoints2\{6a627296-deb6-11db-b9f4-001302520a30}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,07,00,00

[MountPoints2\{6a627296-deb6-11db-b9f4-001302520a30}\shell]
@="None"

[MountPoints2\{6a627296-deb6-11db-b9f4-001302520a30}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[MountPoints2\{6a627296-deb6-11db-b9f4-001302520a30}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

[MountPoints2\{6b799826-d252-11db-b9cf-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,20,00,00,00,00,00,00,00

[MountPoints2\{73af0f60-d254-11db-b9d2-0019db225b88}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00

[MountPoints2\{98211998-d25f-11db-b9d7-001302520a30}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,20,00,00,00,09,00,00,00

[MountPoints2\{98211998-d25f-11db-b9d7-001302520a30}\_Autorun]

[MountPoints2\{98211998-d25f-11db-b9d7-001302520a30}\_Autorun\DefaultIcon]
@="F:\setup.exe,0"

[MountPoints2\{a5141562-f97f-11db-a80a-001302520a30}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,01,00,00,00,08,07,00,00

[MountPoints2\{a5141562-f97f-11db-a80a-001302520a30}\shell]
@="None"

[MountPoints2\{a5141562-f97f-11db-a80a-001302520a30}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[MountPoints2\{a5141562-f97f-11db-a80a-001302520a30}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

[MountPoints2\{b40281a9-02d5-11dc-b862-001302520a30}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,df,df,df,5f,df,df,00,5f,5f,5f,5f,5f,5f,5f,5f,\
5f,5f,00,01,00,00,00,08,00,00,00

[MountPoints2\{b40281aa-02d5-11dc-b862-001302520a30}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,df,df,df,5f,df,df,00,5f,5f,5f,5f,5f,5f,5f,5f,\
5f,5f,00,01,00,00,00,08,00,00,00

[MountPoints2\{b40281ad-02d5-11dc-b862-001302520a30}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,df,df,df,5f,df,df,00,5f,5f,5f,5f,5f,5f,5f,5f,\
5f,5f,00,01,00,00,00,08,00,00,00

[MountPoints2\{b40281ad-02d5-11dc-b862-001302520a30}\shell]
@="None"

[MountPoints2\{b40281ad-02d5-11dc-b862-001302520a30}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[MountPoints2\{b40281ad-02d5-11dc-b862-001302520a30}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

[MountPoints2\{b40281ae-02d5-11dc-b862-001302520a30}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,df,df,df,5f,df,df,cf,5f,5f,5f,5f,5f,5f,5f,5f,\
5f,5f,00,01,00,00,00,00,00,00,00

[MountPoints2\{b40281b2-02d5-11dc-b862-001302520a30}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,01,00,00,00,08,07,00,00

[MountPoints2\{ce365810-d256-11db-941c-806d6172696f}]
"BaseClass"="Drive"

[MountPoints2\{ce365811-d256-11db-941c-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,20,00,00,00,09,00,00,00

[MountPoints2\{ce365811-d256-11db-941c-806d6172696f}\Shell]
@="AutoRun"

[MountPoints2\{ce365811-d256-11db-941c-806d6172696f}\Shell\AutoRun]
@="&Exécution automatique"

[MountPoints2\{ce365811-d256-11db-941c-806d6172696f}\Shell\AutoRun\command]
@="D:\setup.exe"

[MountPoints2\{ce365811-d256-11db-941c-806d6172696f}\_Autorun]

[MountPoints2\{ce365811-d256-11db-941c-806d6172696f}\_Autorun\DefaultIcon]
@="D:\MSIICO.ICO"

[MountPoints2\{ce365812-d256-11db-941c-806d6172696f}]
"BaseClass"="Drive"

[MountPoints2\{d32f270a-02cd-11dc-b85f-001302520a30}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,00,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,01,00,00,00,08,07,00,00

[MountPoints2\{d32f270a-02cd-11dc-b85f-001302520a30}\shell]
@="None"

[MountPoints2\{d32f270a-02cd-11dc-b85f-001302520a30}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[MountPoints2\{d32f270a-02cd-11dc-b85f-001302520a30}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

[MountPoints2\{d6523192-d25e-11db-b9d6-001302520a30}]
"BaseClass"="Drive"
"_CommentFromDesktopINI"=""
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,01,00,00,00,08,06,00,00

[MountPoints2\{d6523192-d25e-11db-b9d6-001302520a30}\shell]
@="None"

[MountPoints2\{d6523192-d25e-11db-b9d6-001302520a30}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[MountPoints2\{d6523192-d25e-11db-b9d6-001302520a30}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

[MountPoints2\{e428455e-d6d7-11db-b9e3-001302520a30}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,01,00,00,00,08,07,00,00

[MountPoints2\{e428455e-d6d7-11db-b9e3-001302520a30}\shell]
@="None"

[MountPoints2\{e428455e-d6d7-11db-b9e3-001302520a30}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[MountPoints2\{e428455e-d6d7-11db-b9e3-001302520a30}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

[MountPoints2\{fd149448-10fa-11dc-b881-0019db225b88}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,02,00,00

[MountPoints2\{fd149448-10fa-11dc-b881-0019db225b88}\shell]
@="None"

[MountPoints2\{fd149448-10fa-11dc-b881-0019db225b88}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[MountPoints2\{fd149448-10fa-11dc-b881-0019db225b88}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

[AdvancedOptions]

-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

-----HKLM\Software\Microsoft\Active Setup\Installed Components-----

[Installed Components]

[Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"Stubpath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"
"@="Microsoft Windows Media Player"
"ComponentID"="WMPACCESS"

[Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
"@="Internet Explorer"
"ComponentID"="IEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE"

[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
"@="Personnalisation du navigateur"
"ComponentID"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"

[Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
"@="Outlook Express"
"ComponentID"="OEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"

[Installed Components\D27CDB6E-AE6D-11CF-96B8-444553540000]
"@="Adobe Flash Player 9 ActiveX"
"ComponentID"="Flash"

[Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
"@="Rendu VML (Vector Graphics Rendering)"
"ComponentID"="MSVML"

[Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
#### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="NetShow"
"StubPath"=""

[Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"@="Lecteur Windows Media Microsoft 6.4"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"=""

[Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
#### HKCR\CLSID\{283807B5-2C60-11D0-A31D-00AA00B92C03}\InprocServer32 @="C:\WINDOWS\system32\danim.dll"
"@="DirectAnimation"
"ComponentID"="DirectAnimation"

[Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
"@="Themes Setup"
"ComponentID"="Theme Component"
"StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"

[Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
"@="Liaison de données Dynamic HTML pour Java"
"ComponentID"="TridataJava"

[Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
"@="Logiciel de navigation hors connexion"
"ComponentID"="MobilePk"

[Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
"@="Uniscribe"
"ComponentID"="USP10"

[Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
"@="Création avancée"
"ComponentID"="AdvAuth"

[Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"@="Microsoft Outlook Express 6"
"ComponentID"="MailNews"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"

[Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
"@="DirectShow"
"ComponentID"="activemovie"

[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
"@="DirectDrawEx"
"ComponentID"="DirectDrawEx"

[Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
"@="Aide sur Internet Explorer"
"ComponentID"="HelpCont"

[Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
"@="Classes Java DirectAnimation"
"ComponentID"="DAJava"

[Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
"@="Microsoft Windows Script 5.6"
"ComponentID"="MSVBScript"

[Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"

[Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
"@="Outils d'installation Internet Explorer"
"ComponentID"="GenSetup"

[Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
"@="Améliorations pour la navigation"
"ComponentID"="ExtraPack"
"KeyFileName"="C:\WINDOWS\system32\msieftp.dll"

[Insta

Romhimtib

Coment je le supprime ELIBAGLE? Juste comme ça où j'utilise un anti?

Réponse 6 / 6

Utilisateur anonyme

Clic sur démarrer, rechercher, tous les fichiers et dossiers, cherche et supprime :

eoRezo (saloperie)
WINTEMS.EXE.VIR

**Si un fichier/dossier persiste lors de la suppression fait ceci:
- Redémarre ton PC. Dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaître choisis "mode sans echec" attends un peu..
Puis va supprimer les fichiers/dossiers, vide ta corbeille et redémarre ton PC normalement.

Crée toi une nouvelle connexion et vois ce que ça donne

Romhimtib

J'ai supprimé les fichiers! Et j'ai pu réinstaller mon anti-virus, auriez-vous des conseils à me donner en terme de logiciel de protection à utiliser pour éviter que je me fasse encore hacker...

Je pense tester ma connection internet ce soir ou demain, je vous tiens au courant de l'évolution.

Bonne journée!

Merci encore pour votre aide!

Romhimtib

Bonjou boulepate62,

Je tenais à te remercier et à te dire que pour moi tu as réussit à m'aider. A ce jour je n'arrive toujours pas à récupérer ma connection internet et j'en vraiment besoin. Par concéquent je vais formater mon pc...

Merci encore...

Bonne continuation!

Cordialement

Romhimtib

Discussions similaires

Softonic,est-ce un virus ?

virus Artemis!

Désinstaller Softonic

Problème dans page dl-protect.link dans zone telechargement

Message Apple virus !!

Infecté pare virus qui a détruit mes protect

6 réponses

Votre réponse

Discussions similaires

Newsletters