Infecté pare virus qui a détruit mes protect

Romhimtib -  
 Romhimtib -
Mon PC est infecté par un virus qui m'empêche de me connecter à mon réseau wifi et qui m'a tué (supprimé leur .exe) mes anti-virus et pare feu ainsi que spybot...
Voici ma liste hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 19:20:50, on 14/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{67B59E4D-7693-4CD1-B625-921A7C7E116A}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Pourriez-vous s'il vous plait me conseiller et m'aider à résoudre mon problème...

Romhimtib
Configuration: Windows XP
Firefox 1.0

6 réponses

  1. Utilisateur anonyme
     
    Bonjour

    As-tu essayé une restauration du système ?
    0
    1. Romhimtib
       
      Non, je pensai pouvoir le tuer sans ça...
      J'ai essayé de démarrer en mode sans éxhec mais ça me mets une erreur...
      Si je fais une restauration du système je vais perdre quoi concrètement?
      0
    2. Romhimtib
       
      De plus, et surtout mon problème c'est que je n'ai plus le cd du windows que j'ai installé sur mon pc...
      0
  2. Utilisateur anonyme
     
    Bon, ton PC semble en galére !

    Télécharge ComboScan sur ton Bureau.
    ---> http://www.techsupportforum.com/sectools/Deckard/dss.exe
    Ferme toutes les applications en cours ; antivirus, pare-feu, etc ..
    Double-clic sur comboscan.exe A la fenêtre qui s'affiche, clic sur OK.
    Soit patient ..
    Le rapport Comboscan.txt s'affichera, copie et colle le contenu de ce fichier ici.
    Attention, il peut avoir deux, trois rapports mets les tous ici stp
    0
    1. Romhimtib
       
      Deckard's System Scanner v20070611.50
      Extra logfile - please post this as an attachment with your post.
      --------------------------------------------------------------------------------

      -- System Information ----------------------------------------------------------

      Microsoft Windows XP Professionnel (build 2600) SP 2.0
      Architecture: X86; Language: French

      CPU 0: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz
      CPU 1: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz
      Percentage of Memory in Use: 20%
      Physical Memory (total/avail): 2047.29 MiB / 1635.18 MiB
      Pagefile Memory (total/avail): 2897.23 MiB / 2642.15 MiB
      Virtual Memory (total/avail): 2047.88 MiB / 1957.2 MiB

      A: is Removable (No Media)
      C: is Fixed (NTFS) - 224.6 GiB total, 30.99 GiB free.
      D: is CDROM (No Media)
      E: is Fixed (NTFS) - 146.49 GiB total, 146.42 GiB free.
      F: is CDROM (UDF)
      G: is Removable (FAT)


      -- Security Center -------------------------------------------------------------

      AUOptions is disabled.
      Windows Internal Firewall is disabled.

      FirstRunDisabled is set.
      AntiVirusDisableNotify is set.
      FirewallDisableNotify is set.
      UpdatesDisableNotify is set.
      AntivirusOverride is set.
      FirewallOverride is set.

      FW: Sunbelt Kerio Personal Firewall v4.3.635 T (Sunbelt Kerio) [COLOR=RED]Disabled[/COLOR]
      AV: avast! antivirus 4.7.1001 [VPS 000740-2] v4.7.1001 (ALWIL Software) [COLOR=RED]Outdated[/COLOR]

      [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
      "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

      [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
      "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
      "C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"


      -- Environment Variables -------------------------------------------------------

      ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
      APPDATA=C:\Documents and Settings\orkiler\Application Data
      CLIENTNAME=Console
      CommonProgramFiles=C:\Program Files\Fichiers communs
      COMPUTERNAME=ROOT
      ComSpec=C:\WINDOWS\system32\cmd.exe
      FP_NO_HOST_CHECK=NO
      HOMEDRIVE=C:
      HOMEPATH=\Documents and Settings\orkiler
      LOGONSERVER=\\ROOT
      NUMBER_OF_PROCESSORS=2
      OS=Windows_NT
      Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
      PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
      PROCESSOR_ARCHITECTURE=x86
      PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
      PROCESSOR_LEVEL=6
      PROCESSOR_REVISION=0f06
      ProgramFiles=C:\Program Files
      PROMPT=$P$G
      SESSIONNAME=Console
      SystemDrive=C:
      SystemRoot=C:\WINDOWS
      TEMP=C:\DOCUME~1\orkiler\LOCALS~1\Temp
      TMP=C:\DOCUME~1\orkiler\LOCALS~1\Temp
      USERDOMAIN=ROOT
      USERNAME=orkiler
      USERPROFILE=C:\Documents and Settings\orkiler
      windir=C:\WINDOWS


      -- User Profiles ---------------------------------------------------------------

      orkiler [I](admin)[/I]


      -- Add/Remove Programs ---------------------------------------------------------

      --> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
      --> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
      --> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
      --> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
      --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
      --> C:\WINDOWS\UNRecode.exe /UNINSTALL
      --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
      3DSeXVilla Crack 30.001 --> MsiExec.exe /I{7C3037E1-8AC6-493E-A513-AE0C8A3869EB}
      Adobe Reader 6.0.1 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A00000000001}
      adsl TV --> C:\Program Files\adslTV\Uninstal.exe
      AkvaarioGes 1.1.0 --> "C:\Program Files\AkvaarioGes\unins000.exe"
      Archiveur WinRAR --> C:\Program Files\WinRAR\uninstall.exe
      avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
      Beck @CHIPTOOL V5.9.9.1 --> "C:\Program Files\Chiptool\unins000.exe"
      Counter-Strike 1.6 Lan --> C:\Program Files\Valve Lan\Désinstaller Counter-Strike 1.6 Lan.exe
      eMule --> "C:\Program Files\eMule\Uninstall.exe"
      Far Cry --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC} /l1036
      Gothic III --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{02B244A2-7F6A-42E8-A36F-8C385D7A1625}\setup.exe" -l0x40c -removeonly
      Gothic III Release Update --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1998BD34-1AAB-4169-ACFF-67342E2AF9B4}\setup.exe" -l0x40c -removeonly
      Half-Life Lan --> C:\Program Files\Valve Lan\Désinstaller Half-Life Lan.exe
      High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
      Hijackthis Version Française --> "C:\Program Files\Hijackthis Version Française\unins000.exe"
      ItsTV 3.0 --> "C:\Program Files\Its Label\ItsTV\unins000.exe"
      JMB36X Raid Configurer --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\Setup.exe" -l0x40c -removeonly
      K-Lite Mega Codec Pack 1.53 --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
      Kerio Personal Firewall --> MsiExec.exe /I{8315396A-5EA1-419D-BEC4-978284BDF556}
      Logiciel QuickCam de Logitech --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x40c
      Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
      Microsoft Combat Flight Simulator 3.0 --> "C:\Program Files\Microsoft Games\Combat Flight Simulator 3\UNINSTAL.EXE" /runtemp /addremove
      Microsoft Flight Simulator 2004 Un siècle d'aviation --> "C:\Program Files\Microsoft Games\Flight Simulator 9\UNINSTAL.EXE" /runtemp /addremove
      Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
      Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
      Mozilla Firefox (2.0.0.3) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
      Nero 7 --> MsiExec.exe /I{F0A7FB2C-99E2-4884-9187-4BC60B2C1036}
      Niagara Screensaver --> C:\WINDOWS\system32\Niagara.scr /U
      Pack Crystal Clear 1.0 --> C:\WINDOWS\BricoPacks\Crystal Clear\Remove.exe
      PowerQuest PartitionMagic 8.0 --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
      Programme de gestion Camera de Logitech® --> "C:\Program Files\Fichiers communs\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
      Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
      S.T.A.L.K.E.R. - Shadow of Chernobyl --> "C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\unins000.exe"
      SAGEM Wi-Fi 11g USB adapter (pilote) --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7421E270-0140-4F62-AE39-ECB9F1C81B35}\Setup.exe" -l0x40c
      SereneScreen Marine Aquarium 2.6 --> "C:\Program Files\SereneScreen\Marine Aquarium 2.6\unins000.exe"
      Serious Sam 2 --> C:\Program Files\Serious Sam 2\Bin\Uninstall.exe
      SpellForce 2 - Shadow Wars --> MsiExec.exe /X{E63A550D-7A75-462C-B495-D77F0808D083}
      Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
      Steam --> C:\PROGRA~1\Steam\UNWISE.EXE C:\PROGRA~1\Steam\INSTALL.LOG
      Sunbelt Kerio Personal Firewall --> MsiExec.exe /X{E659E0EE-10E6-49B7-8696-60F38D0EB174}
      Super-Bikes Riding Challenge --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{190F801F-A2D2-40CF-85A3-8FEF893D1A29}\Setup.exe" -l0x40c
      thriXXX 3DSexVilla-030.001 --> "C:\Program Files\thriXXX\3D SexVilla\Binaries\Uninstall-3DSexVilla-030.001.exe"
      TuneUp Utilities 2007 --> MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
      Unreal II --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{626F32D6-007C-41D5-8157-9509AB1428BE}\Setup.exe" -l0x40c
      VMware Workstation --> MsiExec.exe /I{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}
      Web TV --> C:\PROGRA~1\WEBTV~1\UNWISE.EXE C:\PROGRA~1\WEBTV~1\INSTALL.LOG
      Windows Live Messenger --> MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
      WinFast(R) Display Driver --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F69FD33C-8815-46BF-9134-A643DE68F3C0}\setup.exe" -l0x40c -removeonly
      WinStars 2.0 --> "C:\Program Files\WinStars2\unins000.exe"


      -- End of Deckard's System Scanner: finished at 2007-06-17 at 18:59:30 ---------

      Deckard's System Scanner v20070611.50
      Run by orkiler on 2007-06-17 at 18:57:08
      Computer is in Normal Mode.
      --------------------------------------------------------------------------------

      -- System Restore --------------------------------------------------------------

      System Restore is disabled; attempting to re-enable...success.


      -- Last 1 Restore Point(s) --
      1: 2007-06-17 16:57:12 UTC - RP1 - Point de vérification système


      Backed up registry hives.

      Performed disk cleanup.


      -- HijackThis Clone ------------------------------------------------------------

      Emulating logfile of HijackThis v1.99.1
      Scan saved at 2007-06-17 18:58:40
      Platform: Windows XP Service Pack 2 (5.01.2600)
      MSIE: Internet Explorer (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\system32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\explorer.exe
      C:\WINDOWS\RTHDCPL.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\DAEMON Tools\daemon.exe
      C:\WINDOWS\system32\LVCOMSX.EXE
      C:\Program Files\Logitech\Video\LogiTray.exe
      C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
      C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
      C:\Program Files\VMware\VMware Workstation\hqtray.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
      C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
      C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
      C:\Program Files\Logitech\Video\FxSvr2.exe
      C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
      C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
      C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
      C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
      C:\WINDOWS\system32\vmnat.exe
      C:\WINDOWS\system32\vmnetdhcp.exe
      C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
      G:\dss.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
      R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
      O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
      O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
      O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
      O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
      O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
      O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
      O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
      O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
      O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
      O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
      O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
      O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{67B59E4D-7693-4CD1-B625-921A7C7E116A}: NameServer = 192.168.1.1
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
      O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
      O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL
      O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL
      O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
      O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll
      O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll
      O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll
      O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
      O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
      O23 - Service: avast! Antivirus - Unknown owner - "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
      O23 - Service: avast! Mail Scanner - Unknown owner - "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
      O23 - Service: avast! Web Scanner - Unknown owner - "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
      O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - "C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe"
      O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
      O23 - Service: NMIndexingService - Nero AG - "C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe"
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


      -- File Associations -----------------------------------------------------------

      All associations okay.


      -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

      R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
      R2 atksgt - c:\windows\system32\drivers\atksgt.sys
      R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys
      R3 m_hook (Empty) - c:\documents and settings\orkiler\application data\hidires\m_hook.sys

      S3 GMSIPCI - d:\install\gmsipci.sys (file missing)
      S3 PCANDIS5 (PCANDIS5 Protocol Driver) - c:\windows\system32\pcandis5.sys (file missing)


      -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

      R3 NMIndexingService - "c:\program files\fichiers communs\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home>

      S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
      S4 aswUpdSv (avast! iAVS4 Control Service) - "c:\program files\alwil software\avast4\aswupdsv.exe" (file missing)
      S4 avast! Antivirus - "c:\program files\alwil software\avast4\ashserv.exe" (file missing)
      S4 avast! Mail Scanner - "c:\program files\alwil software\avast4\ashmaisv.exe" /service (file missing)
      S4 avast! Web Scanner - "c:\program files\alwil software\avast4\ashwebsv.exe" /service (file missing)


      -- Scheduled Tasks -------------------------------------------------------------

      2007-06-15 17:15:38 412 --a------ C:\WINDOWS\Tasks\Maintenance en 1 clic.job


      -- Files created between 2007-05-17 and 2007-06-17 -----------------------------

      2007-06-15 16:25:23 0 d-------- C:\Program Files\THQ
      2007-06-15 16:13:26 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
      2007-06-15 16:00:51 0 d-------- C:\Unreal2
      2007-06-15 15:56:41 0 d-------- C:\UT2004
      2007-06-15 15:24:37 0 d-------- C:\Documents and Settings\NetworkService.AUTORITE NT\Application Data\VMware
      2007-06-15 15:24:32 0 d-------- C:\Documents and Settings\orkiler\Application Data\VMware
      2007-06-15 15:22:49 0 d-------- C:\Documents and Settings\LocalService.AUTORITE NT\Application Data\VMware
      2007-06-15 15:21:52 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Bureau
      2007-06-15 15:21:36 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\VMware
      2007-06-15 15:21:27 0 d-------- C:\Program Files\VMware
      2007-06-15 15:21:27 0 d-------- C:\Program Files\Fichiers communs\VMware
      2007-06-14 19:20:18 0 d-------- C:\Program Files\Hijackthis Version Française
      2007-05-31 18:03:01 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
      2007-05-30 17:29:10 0 d-------- C:\Program Files\Kerio
      2007-05-29 18:12:10 0 d-------- C:\Program Files\LifeGlobe
      2007-05-29 17:59:47 0 d-------- C:\Program Files\Formosoft
      2007-05-28 17:07:13 2932736 --a------ C:\WINDOWS\system32\MA2_6.scr
      2007-05-28 17:07:13 0 d-------- C:\Program Files\SereneScreen
      2007-05-28 01:02:36 19 --a------ C:\WINDOWS\popcinfo.dat
      2007-05-28 00:56:23 0 d-------- C:\Documents and Settings\orkiler\Application Data\Zylom
      2007-05-28 00:56:18 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Zylom
      2007-05-28 00:56:12 0 d-------- C:\Program Files\Zylom Games
      2007-05-28 00:43:05 0 d-------- C:\WINDOWS\exefld
      2007-05-28 00:42:59 115826 --a------ C:\WINDOWS\system32\flec003.exe
      2007-05-27 02:01:43 119808 --a------ C:\WINDOWS\system32\Xdrive.dll <Not Verified; Xironic; XWare Package>
      2007-05-27 02:01:43 675840 -----n--- C:\WINDOWS\system32\ISource2.dll <Not Verified; Smaller Animals Software, Inc.; _ISource2.DLL>
      2007-05-27 02:01:43 0 d-------- C:\Program Files\PC Inspector Smart Recovery
      2007-05-24 01:35:22 0 d-------- C:\Program Files\Chiptool
      2007-05-22 18:06:37 0 d-------- C:\Program Files\AkvaarioGes
      2007-05-18 02:18:37 0 d-------- C:\Documents and Settings\orkiler\Application Data\vlc
      2007-05-18 02:18:36 0 d-------- C:\Program Files\adslTV
      2007-05-18 01:41:54 119568 --a------ C:\WINDOWS\system32\VB6FR.DLL <Not Verified; Microsoft Corporation; Environnement Visual Basic>
      2007-05-18 01:41:53 102912 --a------ C:\WINDOWS\system32\Vb6stkit.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Basic pour Windows>
      2007-05-18 01:41:53 0 d-------- C:\Program Files\Web TV
      2007-05-18 01:28:33 0 d-------- C:\Documents and Settings\orkiler\Application Data\ItsLabel
      2007-05-18 01:28:20 0 d-------- C:\Program Files\Its Label
      2007-05-18 01:27:42 0 d-------- C:\Program Files\eoRezo
      2007-05-18 01:27:42 0 d-------- C:\Documents and Settings\orkiler\Application Data\EoRezo
      2007-05-18 01:17:16 1607184 --a------ C:\WINDOWS\system32\Aquarium Exotique.scr <Not Verified; Axialis Software; Axialis Screen Saver Producer>
      2007-05-18 01:16:07 528384 --a------ C:\WINDOWS\system32\Niagara.scr <Not Verified; ScreensaverShot Inc; >


      -- Find3M Report ---------------------------------------------------------------

      2007-06-15 16:00:50 0 d--h----- C:\Program Files\InstallShield Installation Information
      2007-06-15 15:21:52 373098 --a------ C:\WINDOWS\system32\perfh00C.dat
      2007-06-15 15:21:52 50704 --a------ C:\WINDOWS\system32\perfc00C.dat
      2007-06-15 15:21:27 0 d-------- C:\Program Files\Fichiers communs
      2007-06-04 17:03:37 0 d-------- C:\Program Files\DAEMON Tools
      2007-05-30 00:52:04 0 d-------- C:\Program Files\eMule
      2007-05-28 00:56:23 0 d-------- C:\Documents and Settings\orkiler\Application Data\Identities
      2007-05-22 20:15:56 0 d-------- C:\Program Files\Steam
      2007-05-17 11:55:44 0 d-------- C:\Program Files\Messenger Plus! Live
      2007-05-17 11:55:43 0 d-------- C:\Program Files\MSN Messenger
      2007-05-16 13:36:52 0 d-------- C:\Program Files\WebCam Spy
      2007-05-14 18:31:22 0 d-------- C:\Program Files\TuneUp Utilities 2007
      2007-05-14 18:31:18 0 d-------- C:\Documents and Settings\orkiler\Application Data\TuneUp Software
      2007-05-14 18:30:48 0 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
      2007-05-14 18:25:11 0 d-------- C:\Program Files\PowerQuest
      2007-05-03 16:22:32 0 d-------- C:\Documents and Settings\orkiler\Application Data\Media Player Classic
      2007-05-02 15:55:06 0 d-------- C:\Documents and Settings\orkiler\Application Data\DeskSoft
      2007-05-02 00:59:36 0 d-------- C:\Program Files\Valve Lan
      2007-04-02 19:39:12 65536 --a------ C:\WINDOWS\DTDraw.dll
      2007-03-23 10:05:16 5451776 -ra------ C:\WINDOWS\system32\V2iDiskLib.dll <Not Verified; Symantec Corporation; V2iDiskLib>


      -- Registry Dump ---------------------------------------------------------------

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
      {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
      {53707962-6F74-2D53-2644-206D7942484F} C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
      "RTHDCPL"="RTHDCPL.EXE"
      "SkyTel"="SkyTel.EXE"
      "Alcmtr"="ALCMTR.EXE"
      "JMB36X Configure"="C:\\WINDOWS\\system32\\JMRaidTool.exe boot"
      "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
      "nwiz"="nwiz.exe /install"
      "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
      "DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
      "LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
      "LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
      "LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
      "NeroFilterCheck"="C:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NeroCheck.exe"
      "ISUSPM Startup"="C:\\PROGRA~1\\FICHIE~1\\INSTAL~1\\UPDATE~1\\isuspm.exe -startup"
      "ISUSScheduler"="\"C:\\Program Files\\Fichiers communs\\InstallShield\\UpdateService\\issch.exe\" -start"
      "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
      "vmware-tray"="C:\\Program Files\\VMware\\VMware Workstation\\vmware-tray.exe"
      "VMware hqtray"="\"C:\\Program Files\\VMware\\VMware Workstation\\hqtray.exe\""

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
      "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
      "LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
      "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NMBgMonitor.exe\""

      [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
      "Config"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,\
      5c,72,75,6e,2e,63,6d,64,00
      "nlsf"=hex(2):63,6d,64,2e,65,78,65,20,2f,43,20,6d,6f,76,65,20,2f,59,20,22,25,\
      53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,73,79,73,73,\
      65,74,75,62,2e,64,6c,6c,22,20,22,25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,\
      79,73,74,65,6d,33,32,5c,73,79,73,73,65,74,75,70,2e,64,6c,6c,22,00
      "tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
      33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "NoLowDiskSpaceChecks"=dword:00000001
      "NoStartBanner"=hex:01,00,00,00
      "MemCheckBoxInRunDlg"=dword:00000001
      "NoSMBalloonTip"=dword:00000001
      "NoDesktopCleanupWizard"=dword:00000001
      "NoWelcomeScreen"=dword:00000001

      [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
      "NoLowDiskSpaceChecks"=dword:00000001
      "NoStartBanner"=hex:01,00,00,00
      "MemCheckBoxInRunDlg"=dword:00000001
      "NoSMBalloonTip"=dword:00000001
      "NoDesktopCleanupWizard"=dword:00000001
      "NoWelcomeScreen"=dword:00000001

      [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
      Source REG_SZ 7db39a0d-580f-4be9-9195-8bfcd226f6c2

      HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
      Authentication Packages REG_MULTI_SZ msv1_0\0\0
      Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
      Notification Packages REG_MULTI_SZ scecli\0\0

      [color=red]SafeBoot registry key needs to be repaired. This machine cannot enter Safe Mode.[/color]

      [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
      HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
      LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
      NetworkService REG_MULTI_SZ DnsCache\0\0
      DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
      rpcss REG_MULTI_SZ RpcSs\0\0
      imgsvc REG_MULTI_SZ StiSvc\0\0
      termsvcs REG_MULTI_SZ TermService\0\0

      hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
      UxTuneUp


      [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce365811-d256-11db-941c-806d6172696f}]
      Shell\AutoRun\command D:\setup.exe
      *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_M_HOOK


      -- End of Deckard's System Scanner: finished at 2007-06-17 at 18:59:30 ---------


      Directories/Files moved to C:\Deckard\System Scanner\backup

      2007-06-15 17:15:28 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\.zylominstallertemp1180501745
      2007-04-10 12:37:04 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\Adobe
      2007-06-17 13:16:36 20974 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\Arabic.bin
      2007-03-26 18:00:12 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\bye3A.tmp
      2007-06-15 16:11:01 36864 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\CmdLineExt02.dll
      2007-06-15 16:37:06 378504 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\CmdLineExtInstallerExe.exe
      2007-06-17 13:16:36 24310 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\Czech.bin
      2007-06-17 13:16:36 22769 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\Danish.bin
      2007-06-15 16:43:43 65536 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\drm_dialogs.dll <Not Verified; Sony DADC Austria AG; >
      2007-06-17 13:16:36 25741 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\Dutch.bin
      2007-06-14 18:26:04 4602 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\dw.log
      2007-03-14 20:51:44 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\dx90c
      2007-06-17 13:16:36 21911 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\English.bin
      2007-05-18 00:39:45 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\eTemp
      2007-06-17 13:16:36 22853 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\Finnish.bin
      2007-06-17 13:16:36 27237 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\French.bin
      2007-06-17 13:16:36 25746 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\German.bin
      2007-06-17 13:16:36 25080 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\Greek.bin
      2007-06-17 13:16:36 19553 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\Hebrew.bin
      2007-06-17 13:16:36 26076 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\Hungarian.bin
      2007-05-18 01:28:31 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\is-MDD37.tmp
      2007-05-14 18:36:52 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\isp3E.tmp
      2007-05-14 18:36:52 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\isp5.tmp
      2007-05-14 18:36:52 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\isp58.tmp
      2007-05-14 18:36:52 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\ispD.tmp
      2007-03-20 15:36:30 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\iss15.tmp
      2007-05-14 18:36:52 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\iss3B.tmp
      2007-03-20 15:06:30 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\iss9.tmp
      2007-06-17 13:16:36 27409 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\Italian.bin
      2007-06-17 13:16:36 24297 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\Japanese.bin
      2007-06-17 13:16:36 20135 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\Korean.bin
      2007-06-15 15:34:30 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\Logitech-LSU
      2007-06-17 18:53:28 36253 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\LVCOMSX.LOG
      2007-06-01 17:15:27 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\MessengerCache
      2007-03-25 22:32:21 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\msohtml
      2007-03-29 17:15:32 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\msohtml1
      2007-06-11 19:31:52 0 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\NER9.tmp
      2007-03-20 16:01:56 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\NeroDemo12069
      2007-06-17 13:16:36 21958 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\Norwegian.bin
      2007-03-20 16:04:55 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\nps.tmp
      2007-03-20 16:02:12 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\nro.log
      2007-03-20 16:04:35 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\nro.tmp
      2007-06-14 17:21:37 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\ocd
      2007-06-01 17:15:27 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\outlook logging
      2007-03-14 19:34:20 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\pft16~tmp
      2007-06-17 13:16:36 24219 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\Polish.bin
      2007-06-17 13:16:36 25067 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\Portuguese(Brazil).bin
      2007-06-17 13:16:36 26256 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\Portuguese.bin
      2007-06-15 15:20:23 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\Rar$EX00.344
      2007-06-17 13:16:36 26125 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\Russian.bin
      2007-06-17 13:16:36 16404 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\SimChin.bin
      2007-06-15 16:22:48 12067 --a-----t C:\DOCUME~1\orkiler\LOCALS~1\Temp\SIntf16.dll
      2007-06-15 16:22:48 19924 --a-----t C:\DOCUME~1\orkiler\LOCALS~1\Temp\SIntf32.dll
      2007-06-15 16:22:48 4592 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\SIntfIcn.ani
      2007-06-15 16:22:48 24516 --a-----t C:\DOCUME~1\orkiler\LOCALS~1\Temp\SIntfNT.dll
      2007-05-25 17:16:24 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\smfsetup
      2007-06-17 13:16:36 27754 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\Spanish.bin
      2007-06-17 13:16:36 24088 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\SWEDISH.bin
      2007-06-13 19:03:50 4592 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\temp.ani
      2007-06-12 20:44:42 0 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\TempCover10
      2007-06-14 17:53:25 0 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\TempCover11
      2007-06-11 19:31:00 0 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\TempCover9
      2007-06-17 13:16:36 21977 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\Thai.bin
      2007-06-17 13:16:36 16949 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\TradChin.bin
      2007-06-17 13:16:36 22246 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\Turkish.bin
      2007-06-15 17:15:28 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\VBE
      2007-06-15 15:23:16 52099 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\vminst.log
      2007-06-15 15:23:16 1291306 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\vmmsi.log
      2007-03-14 20:51:44 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\xfire
      2007-06-15 15:20:23 262239 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\zwt1.tmp <Not Verified; VMware, Inc.; VMware Workstation>
      2007-06-15 15:20:23 323659 --a------ C:\DOCUME~1\orkiler\LOCALS~1\Temp\zwt2.tmp <Not Verified; VMware, Inc.; VMware P2V Assistant>
      2007-06-04 18:59:54 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\_avast4_
      2007-03-14 20:07:10 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\_av_sfx.tm~a01600
      2007-05-14 18:36:52 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\_ir_sf7_temp_0
      2007-05-30 17:28:57 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\_isF
      2007-03-15 01:38:18 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\_ISTMP1.DIR
      2007-05-14 18:26:16 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
      2007-03-26 18:04:34 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\{6D3F065E-E02E-4214-BBEA-A563DA17A7C0}
      2007-05-14 18:25:55 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\{a68c3403-53ac-44da-b6c5-2a902bd8bbe9}
      2007-05-16 15:23:43 0 d-------- C:\DOCUME~1\orkiler\LOCALS~1\Temp\~nsu.tmp
      2007-03-20 15:37:54 489 --a------ C:\WINDOWS\temp\CamServr.log
      2007-03-20 15:37:46 52055 --a------ C:\WINDOWS\temp\CamWizrd.log
      2007-03-20 15:05:51 359 --a------ C:\WINDOWS\temp\Instmed.log
      2007-03-20 15:05:54 444 --a------ C:\WINDOWS\temp\InstVid.log
      2007-03-14 19:34:21 0 d-------- C:\WINDOWS\temp\IntelChip
      2007-05-17 11:45:52 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_100.dat
      2007-05-26 20:10:32 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_114.dat
      2007-05-18 09:11:30 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_118.dat
      2007-06-17 13:37:09 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_134.dat
      2007-06-17 13:17:31 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_614.dat
      2007-06-15 15:25:37 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_618.dat
      2007-05-15 12:34:02 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_7f8.dat
      2007-06-15 15:22:49 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_a60.dat
      2007-04-13 12:31:36 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_cc.dat
      2007-06-15 16:11:13 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_cc8.dat
      2007-04-12 11:44:22 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_e0.dat
      2007-03-26 17:23:11 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_e8.dat
      2007-05-18 14:01:53 6384 --a------ C:\WINDOWS\temp\PQ_DEBUG.001
      2007-05-18 00:46:46 6384 --a------ C:\WINDOWS\temp\PQ_DEBUG.002
      2007-05-16 21:39:12 6384 --a------ C:\WINDOWS\temp\PQ_DEBUG.003
      2007-05-15 22:49:00 6384 --a------ C:\WINDOWS\temp\PQ_DEBUG.004
      2007-05-15 13:27:19 8921 --a------ C:\WINDOWS\temp\PQ_DEBUG.005
      2007-06-17 13:36:21 6390 --a------ C:\WINDOWS\temp\PQ_DEBUG.TXT
      2007-06-17 13:36:11 85 --a------ C:\WINDOWS\temp\vmware-vmount-1.log
      2007-06-17 13:16:31 85 --a------ C:\WINDOWS\temp\vmware-vmount-2.log
      2007-06-15 16:10:16 85 --a------ C:\WINDOWS\temp\vmware-vmount-3.log
      2007-06-15 15:24:39 85 --a------ C:\WINDOWS\temp\vmware-vmount-4.log
      2007-05-31 18:05:56 0 d-------- C:\WINDOWS\temp\_avast4_

      -*- End of Logfile -*-
      voilà...
      0
    2. Romhimtib
       
      J'ai bien fais ce que tu m'as demandé?
      Tu en pense quoi?
      Bonne journée!
      0
    3. Romhimtib
       
      boulepate62,
      Pourriez-vous s'il vous me faire signe, je m'inquiète de ne pas avoir de vos nouvelles...

      Merci de votre attention...

      Rom
      0
  3. Utilisateur anonyme
     
    Bonjour ;-)

    Télécharge ELIBAGLA sur ton bureau:
    http://www.zonavirus.com/datos/archivos/Descargas/Utilidades%20SATINFO/EliBaglA.exe

    Double-clic sur Elibagla.exe laisse coché la case "eliminar ficheros automaticamente" et clic sur"explorar"
    Laisse-le travailler, dès qu'il a terminé colle le rapport ici, que tu pourras trouver aussi à cet endroit
    dans c:\infosat.txt

    ET

    Fais ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2 (en haut) va se mettre à clignoter, clic dessus et choisis "accepter l'active X" pour faire fonctionner le scan anti-virus.
    Une fois qu'il a terminé colle le rapport ici stp

    https://www.bitdefender.com/toolbox/

    ça ne sera pas terminé, je reviens plus tard ;-)
    0
    1. Romhimtib
       
      Mon problème c'est qu'avec ce virus je ne peux pas me connecter à internet, mon pc me dis qu'un autre logiciel/system gère mon réseau wifi et donc qu'il ne reconnais aucune connection... La personne qui ma posé ce virus m'a aussi piraté ma livebox...

      A bientôt,

      Merci encore pour votre aide...
      0
  4. Utilisateur anonyme
     
    Télécharge le premier logiciel alors et exécute le sur ton PC.

    Puis supprime ce dossier : C:\Deckard\System Scanner\backup
    0
    1. Romhimtib
       
      Je viens d'exécuter le logiciel, voici le rapport :

      Fri Jun 22 13:40:30 2007
      EliBagle v10.41 (c)2007 S.G.H. / Satinfo S.L.
      ----------------------------------------------
      Lista de Acciones (por Acción Directa):
      C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Renombrado a .VIR
      C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
      C:\DOCUMENTS AND SETTINGS\ORKILER\APPLICATION DATA\HIDIRES\HIDR.EXE --> Eliminado Bagle
      C:\DOCUMENTS AND SETTINGS\ORKILER\APPLICATION DATA\HIDIRES\M_HOOK.SYS --> Eliminado Bagle (rootkit)
      Por favor, envienos una muestra del fichero
      C:\Muestras\HLDRRR.EXE.Muestra EliBagle v10.41
      a "virus@satinfo.es". Gracias.
      C:\WINDOWS\SYSTEM32\HLDRRR.EXE --> Bagle Renombrado a .VIR
      Eliminada Carpeta "%WinDir%\exefld"
      Restaurada Clave: "SafeBoot\Minimal y Network"

      Fri Jun 22 13:40:44 2007
      EliBagle v10.41 (c)2007 S.G.H. / Satinfo S.L.
      ----------------------------------------------
      Lista de Acciones (por Exploración):
      Explorando Unidad C:\

      Fri Jun 22 13:43:47 2007
      EliBagle v10.41 (c)2007 S.G.H. / Satinfo S.L.
      ----------------------------------------------
      Lista de Acciones (por Acción Directa):
      Eliminada Carpeta "%AppData%\Hidires"

      Fri Jun 22 13:45:53 2007
      EliBagle v10.41 (c)2007 S.G.H. / Satinfo S.L.
      ----------------------------------------------
      Lista de Acciones (por Acción Directa):

      Fri Jun 22 13:45:54 2007
      EliBagle v10.41 (c)2007 S.G.H. / Satinfo S.L.
      ----------------------------------------------
      Lista de Acciones (por Exploración):
      Explorando Unidad C:\

      Fri Jun 22 13:46:28 2007
      EliBagle v10.41 (c)2007 S.G.H. / Satinfo S.L.
      ----------------------------------------------
      Lista de Acciones (por Exploración):
      Explorando Unidad G:\

      Fri Jun 22 13:46:38 2007
      EliBagle v10.41 (c)2007 S.G.H. / Satinfo S.L.
      ----------------------------------------------
      Lista de Acciones (por Exploración):
      Explorando Unidad C:\

      Merci encore!
      Je supprime le fichier toute suite.
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Utilisateur anonyme
     
    Voilà, c'est mieux tu peux supprimer : EliBagle

    ¤ ¤ Télécharge ce programme puis double clic dessus (ferme ton antivirus s'il te détecte quoi que ce soit)
    http://www.suspectfile.com/systemscan/

    * Coche uniquement ces cases, décoche tout le reste :

    - Recent Files, 60 days
    - Registry Run Key
    - Hidden objects
    - suspucious files

    Puis clic sur scan now, soit patient.
    Une fois qu'il aura terminé, un rapport va s'ouvrir, copie et colle son contenu ici et vérifie qu'il soit bien en entier, si besoin crée deux messages.
    0
    1. Romhimtib
       
      SystemScan - www.suspectfile.com - ver. 3.1.2

      Running on: Windows XP PROFESSIONAL Edition, Service Pack 2 (2600.5.1)
      System directory: C:\WINDOWS

      Date: 24/06/2007
      Time: 19:17:58

      Output limited to:
      -Recent files
      -Registry Run Keys
      -Hidden objects
      -Suspicious Files

      ===================== Recent files (60 days old)=====================

      ----- recent files in C:\
      14/05/2007 21:46:37 (DIR) 0 byte 41 days old -- Romhimtib
      23/05/2007 19:08:36 268 byte 32 days old -- sqmdata18.sqm
      23/05/2007 19:08:36 244 byte 32 days old -- sqmnoopt18.sqm
      23/05/2007 19:14:04 268 byte 32 days old -- sqmdata19.sqm
      23/05/2007 19:14:04 244 byte 32 days old -- sqmnoopt19.sqm
      24/05/2007 18:14:05 232 byte 31 days old -- sqmdata00.sqm
      24/05/2007 18:14:05 244 byte 31 days old -- sqmnoopt00.sqm
      07/06/2007 20:35:39 232 byte 17 days old -- sqmdata01.sqm
      07/06/2007 20:35:39 244 byte 17 days old -- sqmnoopt01.sqm
      08/06/2007 17:22:30 244 byte 16 days old -- sqmnoopt02.sqm
      08/06/2007 17:22:30 232 byte 16 days old -- sqmdata02.sqm
      09/06/2007 15:41:05 244 byte 15 days old -- sqmnoopt03.sqm
      09/06/2007 15:41:05 232 byte 15 days old -- sqmdata03.sqm
      09/06/2007 15:59:15 244 byte 15 days old -- sqmnoopt04.sqm
      09/06/2007 15:59:15 232 byte 15 days old -- sqmdata04.sqm
      10/06/2007 14:52:14 232 byte 14 days old -- sqmdata05.sqm
      10/06/2007 14:52:14 244 byte 14 days old -- sqmnoopt05.sqm
      10/06/2007 16:51:05 232 byte 14 days old -- sqmdata06.sqm
      10/06/2007 16:51:05 244 byte 14 days old -- sqmnoopt06.sqm
      10/06/2007 17:03:00 232 byte 14 days old -- sqmdata07.sqm
      10/06/2007 17:03:00 244 byte 14 days old -- sqmnoopt07.sqm
      10/06/2007 21:02:59 232 byte 14 days old -- sqmdata08.sqm
      10/06/2007 21:02:59 244 byte 14 days old -- sqmnoopt08.sqm
      11/06/2007 18:06:58 232 byte 13 days old -- sqmdata09.sqm
      11/06/2007 18:06:58 244 byte 13 days old -- sqmnoopt09.sqm
      12/06/2007 17:37:02 232 byte 12 days old -- sqmdata10.sqm
      12/06/2007 17:37:02 244 byte 12 days old -- sqmnoopt10.sqm
      12/06/2007 20:43:01 232 byte 12 days old -- sqmdata11.sqm
      12/06/2007 20:43:01 244 byte 12 days old -- sqmnoopt11.sqm
      12/06/2007 23:52:52 232 byte 12 days old -- sqmdata12.sqm
      12/06/2007 23:52:52 244 byte 12 days old -- sqmnoopt12.sqm
      13/06/2007 18:14:39 244 byte 11 days old -- sqmnoopt13.sqm
      13/06/2007 18:14:39 232 byte 11 days old -- sqmdata13.sqm
      14/06/2007 17:19:49 244 byte 10 days old -- sqmnoopt14.sqm
      14/06/2007 17:19:49 232 byte 10 days old -- sqmdata14.sqm
      14/06/2007 17:37:17 232 byte 10 days old -- sqmdata15.sqm
      14/06/2007 17:37:17 244 byte 10 days old -- sqmnoopt15.sqm
      14/06/2007 17:49:22 244 byte 10 days old -- sqmnoopt16.sqm
      14/06/2007 17:49:22 232 byte 10 days old -- sqmdata16.sqm
      14/06/2007 18:26:03 232 byte 10 days old -- sqmdata17.sqm
      14/06/2007 18:26:03 244 byte 10 days old -- sqmnoopt17.sqm
      14/06/2007 18:32:04 212 byte 10 days old -- boot.ini
      15/06/2007 15:21:54 1024 byte 9 days old -- .rnd
      15/06/2007 15:56:41 (DIR) 0 byte 9 days old -- UT2004
      15/06/2007 16:03:28 (DIR) 0 byte 9 days old -- Unreal2
      15/06/2007 16:25:23 (DIR) 0 byte 9 days old -- Program Files
      17/06/2007 18:57:04 (DIR) 0 byte 7 days old -- Deckard
      17/06/2007 18:57:09 (DIR) 0 byte 7 days old -- System Volume Information
      22/06/2007 13:40:30 (DIR) 0 byte 2 days old -- Muestras
      22/06/2007 13:40:36 (DIR) 0 byte 2 days old -- WINDOWS
      22/06/2007 13:46:38 1872 byte 2 days old -- InfoSat.txt
      24/06/2007 19:09:51 1048576000 byte 0 days old -- pagefile.sys
      24/06/2007 19:17:57 (DIR) 0 byte 0 days old -- suspectfile

      ----- recent files in C:\WINDOWS\
      14/05/2007 18:31:27 (DIR) 0 byte 41 days old -- Tasks
      15/05/2007 12:57:47 1409 byte 40 days old -- QTFont.for
      18/05/2007 23:00:50 1048576000 byte 37 days old -- MEMORY.DMP
      18/05/2007 23:00:54 (DIR) 0 byte 37 days old -- Minidump
      19/05/2007 20:17:45 54156 byte 36 days old -- QTFont.qfn
      27/05/2007 17:10:34 15798 byte 28 days old -- wmsetup.log
      28/05/2007 17:04:50 19 byte 27 days old -- popcinfo.dat
      14/06/2007 18:32:04 607 byte 10 days old -- win.ini
      14/06/2007 18:32:04 277 byte 10 days old -- system.ini
      15/06/2007 15:22:46 745511 byte 9 days old -- setupapi.log
      15/06/2007 15:22:52 (DIR) 0 byte 9 days old -- Installer
      15/06/2007 16:10:43 1074 byte 9 days old -- IE4 Error Log.txt
      15/06/2007 16:35:16 170959 byte 9 days old -- DirectX.log
      15/06/2007 16:35:16 (DIR) 0 byte 9 days old -- inf
      17/06/2007 18:57:14 (DIR) 0 byte 7 days old -- ERDNT
      20/06/2007 23:29:06 69 byte 4 days old -- NeroDigital.ini
      22/06/2007 13:40:35 (DIR) 0 byte 2 days old -- system32
      22/06/2007 16:12:55 32380 byte 2 days old -- SchedLgU.Txt
      24/06/2007 19:09:53 2048 byte 0 days old -- bootstat.dat
      24/06/2007 19:10:03 50 byte 0 days old -- wiaservc.log
      24/06/2007 19:10:09 159 byte 0 days old -- wiadebug.log
      24/06/2007 19:10:11 327315 byte 0 days old -- WindowsUpdate.log
      24/06/2007 19:11:10 0 byte 0 days old -- 0.log
      24/06/2007 19:11:10 (DIR) 0 byte 0 days old -- Temp
      24/06/2007 19:17:26 (DIR) 0 byte 0 days old -- Prefetch

      ----- recent files in C:\WINDOWS\Downloaded Program Files\

      ----- recent files in C:\WINDOWS\system\

      ----- recent files in C:\WINDOWS\system32\
      30/04/2007 17:35:28 95872 byte 55 days old -- AVASTSS.scr
      30/04/2007 17:46:10 745600 byte 55 days old -- aswBoot.exe
      01/05/2007 21:45:40 207664 byte 54 days old -- vmnc.dll
      01/05/2007 22:51:02 13104 byte 54 days old -- vnetinst.dll
      01/05/2007 22:51:04 50992 byte 54 days old -- vmnetbridge.dll
      01/05/2007 22:51:42 437040 byte 54 days old -- vnetlib.dll
      01/05/2007 22:51:46 121648 byte 54 days old -- vmnetdhcp.exe
      01/05/2007 22:52:32 150320 byte 54 days old -- vmnat.exe
      16/05/2007 15:22:43 (DIR) 0 byte 39 days old -- config
      16/05/2007 21:06:50 1914 byte 39 days old -- lvcoinst.log
      18/05/2007 01:16:07 528384 byte 37 days old -- Niagara.scr
      18/05/2007 01:16:07 2701311 byte 37 days old -- Niagara.mpf
      18/05/2007 01:17:16 1607184 byte 37 days old -- Aquarium Exotique.scr
      22/05/2007 19:55:55 (DIR) 0 byte 33 days old -- wbem
      29/05/2007 07:05:12 52736 byte 26 days old -- WINTEMS.EXE.VIR
      31/05/2007 18:04:26 3121 byte 24 days old -- CONFIG.NT
      15/06/2007 15:21:52 784080 byte 9 days old -- PerfStringBackup.INI
      15/06/2007 15:21:52 373098 byte 9 days old -- perfh00C.dat
      15/06/2007 15:21:52 50704 byte 9 days old -- perfc00C.dat
      15/06/2007 15:21:52 42046 byte 9 days old -- perfc009.dat
      15/06/2007 15:21:52 317192 byte 9 days old -- perfh009.dat
      15/06/2007 15:22:32 (DIR) 0 byte 9 days old -- drivers
      15/06/2007 16:13:26 43520 byte 9 days old -- CmdLineExt03.dll
      15/06/2007 16:35:10 (DIR) 0 byte 9 days old -- DirectX
      15/06/2007 16:37:06 108144 byte 9 days old -- CmdLineExt.dll
      17/06/2007 18:57:09 (DIR) 0 byte 7 days old -- Restore
      22/06/2007 13:01:55 (DIR) 0 byte 2 days old -- CatRoot2
      24/06/2007 19:09:54 2206 byte 0 days old -- wpa.dbl
      24/06/2007 19:13:28 80671 byte 0 days old -- nvapps.xml

      ----- recent files in C:\WINDOWS\system32\drivers\
      30/04/2007 17:37:23 26888 byte 55 days old -- aavmker4.sys
      30/04/2007 17:38:51 43176 byte 55 days old -- aswTdi.sys
      30/04/2007 17:39:41 23416 byte 55 days old -- aswRdr.sys
      30/04/2007 17:41:42 94552 byte 55 days old -- aswmon2.sys
      30/04/2007 17:41:55 85952 byte 55 days old -- aswmon.sys
      01/05/2007 22:51:02 16816 byte 54 days old -- vmnetadapter.sys
      01/05/2007 22:51:02 17712 byte 54 days old -- vmnet.sys
      01/05/2007 22:51:02 28592 byte 54 days old -- vmnetbridge.sys
      01/05/2007 22:52:02 16176 byte 54 days old -- vmparport.sys
      01/05/2007 22:52:50 430128 byte 54 days old -- vmx86.sys
      01/05/2007 22:52:52 25264 byte 54 days old -- vmnetuserif.sys
      01/05/2007 22:52:52 34608 byte 54 days old -- hcmon.sys
      01/05/2007 22:52:56 21040 byte 54 days old -- VMkbd.sys
      29/05/2007 07:05:00 12123 byte 26 days old -- fwdrv.err

      ----- recent files in C:\WINDOWS\temp\
      17/06/2007 18:53:06 85 byte 7 days old -- vmware-vmount-9.log
      17/06/2007 18:54:05 16384 byte 7 days old -- Perflib_Perfdata_570.dat
      17/06/2007 21:52:49 85 byte 7 days old -- vmware-vmount-8.log
      17/06/2007 21:53:47 16384 byte 7 days old -- Perflib_Perfdata_130.dat
      18/06/2007 17:33:03 85 byte 6 days old -- vmware-vmount-7.log
      18/06/2007 17:34:01 16384 byte 6 days old -- Perflib_Perfdata_620.dat
      18/06/2007 20:20:50 85 byte 6 days old -- vmware-vmount-6.log
      18/06/2007 20:21:48 16384 byte 6 days old -- Perflib_Perfdata_12c.dat
      19/06/2007 18:03:50 85 byte 5 days old -- vmware-vmount-5.log
      19/06/2007 18:04:49 16384 byte 5 days old -- Perflib_Perfdata_688.dat
      20/06/2007 17:33:30 85 byte 4 days old -- vmware-vmount-4.log
      20/06/2007 20:21:15 85 byte 4 days old -- vmware-vmount-3.log
      20/06/2007 20:22:13 16384 byte 4 days old -- Perflib_Perfdata_49c.dat
      20/06/2007 23:21:56 85 byte 4 days old -- vmware-vmount-2.log
      20/06/2007 23:22:54 16384 byte 4 days old -- Perflib_Perfdata_678.dat
      22/06/2007 12:59:15 85 byte 2 days old -- vmware-vmount-1.log
      22/06/2007 13:00:13 16384 byte 2 days old -- Perflib_Perfdata_238.dat
      24/06/2007 19:10:11 85 byte 0 days old -- vmware-vmount.log
      24/06/2007 19:11:10 16384 byte 0 days old -- Perflib_Perfdata_120.dat

      ----- recent files in C:\Program Files\
      02/05/2007 00:59:36 (DIR) 0 byte 53 days old -- Valve Lan
      14/05/2007 18:25:11 (DIR) 0 byte 41 days old -- PowerQuest
      14/05/2007 18:31:22 (DIR) 0 byte 41 days old -- TuneUp Utilities 2007
      16/05/2007 13:36:52 (DIR) 0 byte 39 days old -- WebCam Spy
      17/05/2007 11:55:43 (DIR) 0 byte 38 days old -- MSN Messenger
      17/05/2007 11:55:44 (DIR) 0 byte 38 days old -- Messenger Plus! Live
      18/05/2007 01:28:20 (DIR) 0 byte 37 days old -- Its Label
      18/05/2007 01:35:00 (DIR) 0 byte 37 days old -- eoRezo
      18/05/2007 01:41:56 (DIR) 0 byte 37 days old -- Web TV
      20/05/2007 21:40:03 (DIR) 0 byte 35 days old -- adslTV
      22/05/2007 18:27:47 (DIR) 0 byte 33 days old -- AkvaarioGes
      22/05/2007 20:15:56 (DIR) 0 byte 33 days old -- Steam
      24/05/2007 01:35:22 (DIR) 0 byte 31 days old -- Chiptool
      27/05/2007 02:06:15 (DIR) 0 byte 28 days old -- PC Inspector Smart Recovery
      28/05/2007 17:07:13 (DIR) 0 byte 27 days old -- SereneScreen
      29/05/2007 17:59:47 (DIR) 0 byte 26 days old -- Formosoft
      29/05/2007 18:12:10 (DIR) 0 byte 26 days old -- LifeGlobe
      30/05/2007 00:52:04 (DIR) 0 byte 25 days old -- eMule
      30/05/2007 07:09:06 (DIR) 0 byte 25 days old -- Zylom Games
      30/05/2007 17:29:10 (DIR) 0 byte 25 days old -- Kerio
      04/06/2007 17:03:37 (DIR) 0 byte 20 days old -- DAEMON Tools
      14/06/2007 19:21:32 (DIR) 0 byte 10 days old -- Hijackthis Version Française
      15/06/2007 15:21:27 (DIR) 0 byte 9 days old -- VMware
      15/06/2007 15:21:27 (DIR) 0 byte 9 days old -- Fichiers communs
      15/06/2007 16:00:50 (DIR) 0 byte 9 days old -- InstallShield Installation Information
      15/06/2007 16:25:23 (DIR) 0 byte 9 days old -- THQ
      15/06/2007 16:40:22 (DIR) 0 byte 9 days old -- Mozilla Firefox
      22/06/2007 13:45:47 (DIR) 0 byte 2 days old -- Spybot - Search & Destroy

      ----- recent files in C:\Program Files\Fichiers communs\
      14/05/2007 18:30:48 (DIR) 0 byte 41 days old -- Wise Installation Wizard
      15/06/2007 15:21:27 (DIR) 0 byte 9 days old -- VMware

      ===================== REGISTRY SCAN =====================


      -----HKLM\Software\Microsoft\Windows\CurrentVersion\Run-----

      [Run]
      "RTHDCPL"="RTHDCPL.EXE"
      "SkyTel"="SkyTel.EXE"
      "Alcmtr"="ALCMTR.EXE"
      "JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe boot"
      "NvCplDaemon"="RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup"
      "nwiz"="nwiz.exe /install"
      "NvMediaCenter"="RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit"
      "DAEMON Tools"="\"C:\Program Files\DAEMON Tools\daemon.exe\" -lang 1033"
      "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE"
      "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe "
      "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe"
      "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe"
      "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup"
      "ISUSScheduler"="\"C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe\" -start"
      "KernelFaultCheck"=expand:"%systemroot%\system32\dumprep 0 -k"
      "vmware-tray"="C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
      "VMware hqtray"="\"C:\Program Files\VMware\VMware Workstation\hqtray.exe\""

      [Run\OptionalComponents]

      [Run\OptionalComponents\IMAIL]
      "Installed"="1"

      [Run\OptionalComponents\MAPI]
      "Installed"="1"
      "NoChange"="1"

      [Run\OptionalComponents\MSFS]
      "Installed"="1"

      -----HKCU\Software\Microsoft\Windows\CurrentVersion\Run-----

      [Run]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
      "LogitechSoftwareUpdate"="\"C:\Program Files\Logitech\Video\ManifestEngine.exe\" boot"
      "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe\""

      -----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-----

      [Run]

      -----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

      -----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

      -----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-----

      [Windows]
      "AppInit_DLLs"=""

      -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad-----

      [ShellServiceObjectDelayLoad]
      "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
      #### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
      "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
      #### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
      "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
      #### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"%SystemRoot%\system32\webcheck.dll"
      "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
      #### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @="C:\WINDOWS\system32\stobject.dll"

      -----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-----

      [ShellExecuteHooks]
      "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
      #### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"

      -----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

      [Winlogon]
      "Shell"="Explorer.exe"
      "System"=""
      "Userinit"="C:\WINDOWS\system32\userinit.exe,"
      "VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
      "UIHost"=expand:"logonui.exe"
      "LogonType"=dword:00000001
      "WinStationsDisabled"="0"

      [Winlogon\GPExtensions]

      [Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
      "@="Sans fil"
      "DllName"=expand:"gptext.dll"

      [Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
      "@="Folder Redirection"
      "DllName"=expand:"fdeploy.dll"

      [Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
      "@="Quota du disque Microsoft"
      "DllName"=expand:"dskquota.dll"

      [Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
      "@="Planificateur de paquets QoS"
      "DllName"=expand:"gptext.dll"

      [Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
      "@="Scripts"
      "DllName"=expand:"gptext.dll"

      [Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
      "@="Mappage de zones Internet Explorer"
      "DllName"=expand:"iedkcs32.dll"

      [Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
      "DllName"=expand:"scecli.dll"
      "@="Security"

      [Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
      "DllName"=expand:"iedkcs32.dll"
      "@="Personnalisation de Internet Explorer"

      [Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
      "DllName"=expand:"scecli.dll"
      "@="EFS recovery"

      [Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
      "@="Microsoft Offline Files"
      "DllName"=expand:"%SystemRoot%\System32\cscui.dll"

      [Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
      "@="Installation de logiciel"
      "DllName"=expand:"appmgmts.dll"

      [Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
      "@="Sécurité IP"
      "DllName"=expand:"gptext.dll"

      [Winlogon\Notify]

      [Winlogon\Notify\crypt32chain]
      "DllName"=expand:"crypt32.dll"
      "Logoff"="ChainWlxLogoffEvent"

      [Winlogon\Notify\cryptnet]
      "DllName"=expand:"cryptnet.dll"
      "Logoff"="CryptnetWlxLogoffEvent"

      [Winlogon\Notify\cscdll]
      "DLLName"="cscdll.dll"
      "Logon"="WinlogonLogonEvent"
      "Logoff"="WinlogonLogoffEvent"
      "ScreenSaver"="WinlogonScreenSaverEvent"
      "Startup"="WinlogonStartupEvent"
      "StartShell"="WinlogonStartShellEvent"

      [Winlogon\Notify\ScCertProp]
      "DLLName"="wlnotify.dll"
      "Logon"="SCardStartCertProp"
      "Logoff"="SCardStopCertProp"
      "Lock"="SCardSuspendCertProp"
      "Unlock"="SCardResumeCertProp"
      "Enabled"=dword:00000001

      [Winlogon\Notify\Schedule]
      "DllName"=expand:"wlnotify.dll"
      "StartShell"="SchedStartShell"
      "Logoff"="SchedEventLogOff"

      [Winlogon\Notify\sclgntfy]
      "Logoff"="WLEventLogoff"
      "DllName"=expand:"sclgntfy.dll"

      [Winlogon\Notify\SensLogn]
      "DLLName"="WlNotify.dll"
      "Lock"="SensLockEvent"
      "Logon"="SensLogonEvent"
      "Logoff"="SensLogoffEvent"
      "Safe"=dword:00000001
      "MaxWait"=dword:00000258
      "StartScreenSaver"="SensStartScreenSaverEvent"
      "StopScreenSaver"="SensStopScreenSaverEvent"
      "Startup"="SensStartupEvent"
      "StartShell"="SensStartShellEvent"
      "PostShell"="SensPostShellEvent"
      "Disconnect"="SensDisconnectEvent"
      "Reconnect"="SensReconnectEvent"
      "Unlock"="SensUnlockEvent"

      [Winlogon\Notify\termsrv]
      "DllName"=expand:"wlnotify.dll"
      "Logoff"="TSEventLogoff"
      "Logon"="TSEventLogon"
      "PostShell"="TSEventPostShell"
      "StartShell"="TSEventStartShell"
      "Startup"="TSEventStartup"
      "MaxWait"=dword:00000258
      "Reconnect"="TSEventReconnect"
      "Disconnect"="TSEventDisconnect"

      [Winlogon\Notify\wlballoon]
      "DLLName"="wlnotify.dll"
      "Logon"="RegisterTicketExpiredNotificationEvent"
      "Logoff"="UnregisterTicketExpiredNotificationEvent"

      [Winlogon\SpecialAccounts]

      [Winlogon\SpecialAccounts\UserList]
      "HelpAssistant"=dword:00000000
      "TsInternetUser"=dword:00000000
      "SQLAgentCmdExec"=dword:00000000
      "NetShowServices"=dword:00000000
      "IWAM_"=dword:00010000
      "IUSR_"=dword:00010000
      "VUSR_"=dword:00010000

      -----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

      [Winlogon]
      "ParseAutoexec"="1"
      "ExcludeProfileDirs"="Local Settings;Temporary Internet Files;Historique;Temp;Local Settings\Application Data\Microsoft\Outlook"
      "BuildNumber"=dword:00000a28

      -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-----

      [Image File Execution Options\Your Image File Name Here without a path]
      "Debugger"="ntsd -d"

      -----HKLM\System\CurrentControlSet\Control\Session Manager\-----

      [Session Manager]
      "BootExecute"=multi:"autocheck autochk *\00\00"

      [Session Manager\SubSystems]
      "Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"

      -----HKLM\SYSTEM\CurrentControlSet\Control\WOW-----

      [WOW]
      "cmdline"=expand:"%SystemRoot%\system32\ntvdm.exe"
      "wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386"

      -----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-----

      -----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

      [RunOnce]

      -----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

      [RunOnceEx]

      -----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-----

      -----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

      -----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

      [RunOnce]

      -----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

      -----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-----

      -----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-----

      -----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

      -----HKLM\Software\Microsoft\Command Processor\Autorun-----

      -----HKCU\Software\Microsoft\Command Processor\Autorun-----

      -----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-----

      -----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup-----

      -----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

      -----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

      -----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

      -----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run-----

      -----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-----

      -----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

      -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-----

      [SharedTaskScheduler]
      "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
      #### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"
      "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
      #### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"

      -----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-----

      [Browser Helper Objects]

      [Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
      #### HKCR\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\InprocServer32 @="C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll"

      [Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
      #### HKCR\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\InprocServer32 @="C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"

      [Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}]
      @="EoRezoBHO"

      [Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
      @=""

      -----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-----

      [URLSearchHooks]
      "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
      #### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @=expand:"%SystemRoot%\system32\shdocvw.dll"

      -----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder-----

      [startupfolder]

      -----HKCU\Control Panel\Desktop\-----

      [Desktop]
      "SCRNSAVE.EXE"="C:\WINDOWS\system32\MA2_6.scr"

      [Desktop\Sound]

      [Desktop\WindowMetrics]

      -----HKEY_CLASSES_ROOT\exefile\shell\open\command-----

      [command]
      @="\"%1\" %*"

      -----HKEY_CLASSES_ROOT\comfile\shell\open\command-----

      [command]
      @="\"%1\" %*"

      -----HKEY_CLASSES_ROOT\batfile\shell\open\command-----

      [command]
      @="\"%1\" %*"

      -----HKEY_CLASSES_ROOT\piffile\shell\open\command-----

      [command]
      @="\"%1\" %*"

      -----HKEY_CLASSES_ROOT\scrFile\shell\open\command-----

      [command]
      @="\"%1\" /S"

      -----HKEY_CLASSES_ROOT\htafile\shell\open\command-----

      [Command]
      @="C:\WINDOWS\system32\mshta.exe \"%1\" %*"

      -----HKEY_CLASSES_ROOT\logfile\shell\open\command-----

      -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL-----

      [URL]

      [URL\DefaultPrefix]
      @="http://"

      [URL\Prefixes]
      "ftp"="ftp://"
      "gopher"="gopher://"
      "home"="http://"
      "mosaic"="http://"
      "www"="http://"

      -----HKLM\SYSTEM\CurrentControlSet\Control\Lsa-----

      [Lsa]
      "Authentication Packages"=multi:"msv1_0\00\00"
      "Bounds"=hex:00,30,00,00,00,20,00,00
      "Security Packages"=multi:"kerberos\00msv1_0\00schannel\00wdigest\00\00"
      "ImpersonatePrivilegeUpgradeToolHasRun"=dword:00000001
      "LsaPid"=dword:00000414
      "SecureBoot"=dword:00000001
      "auditbaseobjects"=dword:00000000
      "crashonauditfail"=dword:00000000
      "disabledomaincreds"=dword:00000000
      "everyoneincludesanonymous"=dword:00000000
      "fipsalgorithmpolicy"=dword:00000000
      "forceguest"=dword:00000001
      "fullprivilegeauditing"=hex:00
      "limitblankpassworduse"=dword:00000001
      "lmcompatibilitylevel"=dword:00000000
      "nodefaultadminowner"=dword:00000001
      "nolmhash"=dword:00000000
      "restrictanonymous"=dword:00000000
      "restrictanonymoussam"=dword:00000001
      "Notification Packages"=multi:"scecli\00\00"

      [Lsa\AccessProviders]
      "ProviderOrder"=multi:"Windows NT Access Provider\00\00"

      [Lsa\AccessProviders\Windows NT Access Provider]
      "ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"

      [Lsa\Audit]

      [Lsa\Audit\PerUserAuditing]

      [Lsa\Audit\PerUserAuditing\System]

      [Lsa\Data]
      @Class="02f162b4"
      "Pattern"=hex:19,70,e5,5f,61,2b,ca,96,08,e9,c9,07,ca,ef,15,82,30,32,66,31,36,\
      32,62,34,00,fd,07,00,e0,4d,00,00,34,fa,07,00,4e,82,74,75,20,fa,07,00,40,fd,\
      07,00,4c,fd,07,00,f5,3a,ec,9d,77,ed,f1,7b,63,78,a2,02

      [Lsa\GBG]
      @Class="f5ed1877"
      "GrafBlumGroup"=hex:9f,b6,0e,9d,0d,85,64,26,d8

      [Lsa\JD]
      @Class="63a29d7b"
      "Lookup"=hex:ca,bc,9a,28,d7,d9

      [Lsa\Kerberos]

      [Lsa\Kerberos\Domains]

      [Lsa\Kerberos\SidCache]

      [Lsa\MSV1_0]
      "Auth132"="IISSUBA"
      "ntlmminclientsec"=dword:00000000
      "ntlmminserversec"=dword:00000000

      [Lsa\Skew1]
      @Class="ec3a78bd"
      "SkewMatrix"=hex:a8,c6,61,ee,fc,d9,be,76,28,f6,97,68,a3,61,3d,88

      [Lsa\SSO]

      [Lsa\SSO\Passport1.4]
      "SSOURL"="http://www.passport.com"

      [Lsa\SspiCache]
      "Time"=hex:a4,af,b2,80,8a,66,c7,01

      [Lsa\SspiCache\digest.dll]
      "Name"="Digest"
      "Comment"="Digest SSPI Authentication Package"
      "Capabilities"=dword:00004050
      "RpcId"=dword:0000ffff
      "Version"=dword:00000001
      "TokenSize"=dword:0000ffff
      "Time"=hex:00,ea,0b,83,fe,85,c4,01
      "Type"=dword:00000031

      [Lsa\SspiCache\msapsspc.dll]
      "Name"="DPA"
      "Comment"="DPA Security Package"
      "Capabilities"=dword:00000037
      "RpcId"=dword:00000011
      "Version"=dword:00000001
      "TokenSize"=dword:00000300
      "Time"=hex:00,cb,01,89,fe,85,c4,01
      "Type"=dword:00000031

      [Lsa\SspiCache\msnsspc.dll]
      "Name"="MSN"
      "Comment"="MSN Security Package"
      "Capabilities"=dword:00000037
      "RpcId"=dword:00000012
      "Version"=dword:00000001
      "TokenSize"=dword:00000300
      "Time"=hex:00,cb,01,89,fe,85,c4,01
      "Type"=dword:00000031

      -----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-----

      [SharedAccess]
      "DependOnGroup"=multi:"\00"
      "DependOnService"=multi:"Netman\00WinMgmt\00\00"
      "Description"="Assure la traduction d'adresses de réseau, l'adressage, les services de résolution de noms et/ou les services de prévention d'intrusion pour un réseau de petite entreprise ou un réseau domestique."
      "DisplayName"="Pare-feu Windows / Partage de connexion Internet"
      "ErrorControl"=dword:00000001
      "ImagePath"=expand:"%SystemRoot%\system32\svchost.exe -k netsvcs"
      "ObjectName"="LocalSystem"
      "Start"=dword:00000002
      "Type"=dword:00000020

      [SharedAccess\Epoch]
      "Epoch"=dword:0000127b

      [SharedAccess\Parameters]
      "ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"

      [SharedAccess\Parameters\FirewallPolicy]

      [SharedAccess\Parameters\FirewallPolicy\DomainProfile]
      "EnableFirewall"=dword:00000000
      "DoNotAllowExceptions"=dword:00000000
      "DisableNotifications"=dword:00000000
      "DisableUnicastResponsesToMulticastBroadcast"=dword:00000000

      [SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

      [SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
      "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
      "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
      "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

      [SharedAccess\Parameters\FirewallPolicy\StandardProfile]
      "EnableFirewall"=dword:00000000
      "DoNotAllowExceptions"=dword:00000000
      "DisableNotifications"=dword:00000000
      "DisableUnicastResponsesToMulticastBroadcast"=dword:00000000

      [SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

      [SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
      "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
      "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
      "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
      "C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"

      [SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

      [SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
      "1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
      "2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
      "139:TCP"="139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004"
      "445:TCP"="445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005"
      "137:UDP"="137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001"
      "138:UDP"="138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002"

      [SharedAccess\Setup]
      "ServiceUpgrade"=dword:00000001

      [SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
      "All"=dword:00000001

      -----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-----

      -----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2-----

      -----HKLM\Software\Microsoft\Ole-----

      [Ole]
      "DefaultLaunchPermission"=hex:01,00,04,80,5c,00,00,00,6c,00,00,00,00,00,00,00,\
      14,00,00,00,02,00,48,00,03,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
      00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
      00,05,04,00,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,00,05,12,00,00,\
      00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,\
      20,00,00,00,20,02,00,00
      "MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
      14,00,00,00,02,00,34,00,02,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
      00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
      00,01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,\
      00,00,00,00,05,20,00,00,00,20,02,00,00
      "MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
      14,00,00,00,02,00,30,00,02,00,00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,\
      00,00,05,07,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,01,00,00,\
      00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,\
      05,20,00,00,00,20,02,00,00
      "EnableDCOM"="Y"

      [Ole\AppCompat]

      [Ole\AppCompat\ActivationSecurityCheckExemptionList]
      "{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
      "{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
      "{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
      "{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"

      -----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\-----

      -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-----

      [Security Center]
      "FirstRunDisabled"=dword:00000001
      "AntiVirusOverride"=dword:00000001
      "FirewallOverride"=dword:00000001
      "AntiVirusDisableNotify"=dword:00000001
      "FirewallDisableNotify"=dword:00000001
      "UpdatesDisableNotify"=dword:00000001
      "DisablePagingExecutive"=dword:00000001
      "LargeSystemCache"=dword:00000000
      "SecondLevelDataCache"=dword:00000200

      -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-----

      [SystemRestore]
      "DisableSR"=dword:00000000
      "CreateFirstRunRp"=dword:00000001
      "DSMin"=dword:000000c8
      "DSMax"=dword:00000190
      "RPSessionInterval"=dword:00000000
      "RPGlobalInterval"=dword:00015180
      "RPLifeInterval"=dword:0076a700
      "CompressionBurst"=dword:0000003c
      "TimerInterval"=dword:00000078
      "DiskPercent"=dword:0000000c
      "ThawInterval"=dword:00000384
      "RestoreDiskSpaceError"=dword:00000000

      [SystemRestore\Cfg]
      "DiskPercent"=dword:0000000c
      "MachineGuid"="{70A0A8BF-CC7C-4147-A82A-5A707C2F098B}"

      [SystemRestore\SnapshotCallbacks]
      @=""

      -----HKEY_CURRENT_USER\Software\VB and VBA Program Settings-----

      [VB and VBA Program Settings]

      [VB and VBA Program Settings\AkvaarioGes]

      [VB and VBA Program Settings\AkvaarioGes\ColorGUI]

      [VB and VBA Program Settings\AkvaarioGes\Compatibilite]

      [VB and VBA Program Settings\AkvaarioGes\Install]

      [VB and VBA Program Settings\AkvaarioGes\Options]

      [VB and VBA Program Settings\AkvaarioGes\Param]

      [VB and VBA Program Settings\Euro Add-in]

      [VB and VBA Program Settings\Euro Add-in\Wizard Options]

      -----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\-----

      [MountPoints2]

      [MountPoints2\A]
      "BaseClass"="Drive"

      [MountPoints2\C]
      "BaseClass"="Drive"

      [MountPoints2\D]
      "BaseClass"="Drive"

      [MountPoints2\E]
      "BaseClass"="Drive"

      [MountPoints2\G]
      "BaseClass"="Drive"

      [MountPoints2\R]
      "BaseClass"="Drive"
      "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
      5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
      cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,df,df,df,5f,df,df,00,5f,5f,5f,5f,5f,5f,5f,5f,\
      5f,5f,00,01,00,00,00,08,00,00,00

      [MountPoints2\{0f749a98-024b-11dc-b85e-806d6172696f}]
      "BaseClass"="Drive"

      [MountPoints2\{0f749a99-024b-11dc-b85e-806d6172696f}]
      "BaseClass"="Drive"

      [MountPoints2\{0f749a9b-024b-11dc-b85e-001302520a30}]
      "BaseClass"="Drive"
      "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
      5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
      cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,df,df,df,5f,df,df,00,5f,5f,5f,5f,5f,5f,5f,5f,\
      5f,5f,00,01,00,00,00,08,00,00,00

      [MountPoints2\{39f9be01-0206-11dc-a4b7-806d6172696f}]
      "BaseClass"="Drive"
      "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
      5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
      cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,df,df,df,5f,df,df,00,5f,5f,5f,5f,5f,5f,5f,5f,\
      5f,5f,00,01,00,00,00,08,00,00,00

      [MountPoints2\{39f9be01-0206-11dc-a4b7-806d6172696f}\shell]
      @="None"

      [MountPoints2\{39f9be01-0206-11dc-a4b7-806d6172696f}\shell\Autoplay]
      "MUIVerb"="@shell32.dll,-8504"

      [MountPoints2\{39f9be01-0206-11dc-a4b7-806d6172696f}\shell\Autoplay\DropTarget]
      "CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
      #### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

      [MountPoints2\{3a20675e-d258-11db-b9d4-001302520a30}]
      "BaseClass"="Drive"
      "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
      5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
      ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
      ff,ff,00,00,10,00,00,08,06,00,00

      [MountPoints2\{3a20675e-d258-11db-b9d4-001302520a30}\shell]
      @="None"

      [MountPoints2\{3a20675e-d258-11db-b9d4-001302520a30}\shell\Autoplay]
      "MUIVerb"="@shell32.dll,-8504"

      [MountPoints2\{3a20675e-d258-11db-b9d4-001302520a30}\shell\Autoplay\DropTarget]
      "CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
      #### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

      [MountPoints2\{40279f93-02d1-11dc-b861-001302520a30}]
      "BaseClass"="Drive"
      "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
      5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
      cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,df,df,df,5f,df,df,cf,5f,5f,5f,5f,5f,5f,5f,5f,\
      5f,5f,00,01,00,00,00,00,00,00,00

      [MountPoints2\{40279f93-02d1-11dc-b861-001302520a30}\shell]
      @="None"

      [MountPoints2\{40279f93-02d1-11dc-b861-001302520a30}\shell\Autoplay]
      "MUIVerb"="@shell32.dll,-8504"

      [MountPoints2\{40279f93-02d1-11dc-b861-001302520a30}\shell\Autoplay\DropTarget]
      "CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
      #### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

      [MountPoints2\{6a627295-deb6-11db-b9f4-001302520a30}]
      "BaseClass"="Drive"
      "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
      5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
      ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
      ff,ff,00,00,10,00,00,08,07,00,00

      [MountPoints2\{6a627295-deb6-11db-b9f4-001302520a30}\shell]
      @="None"

      [MountPoints2\{6a627295-deb6-11db-b9f4-001302520a30}\shell\Autoplay]
      "MUIVerb"="@shell32.dll,-8504"

      [MountPoints2\{6a627295-deb6-11db-b9f4-001302520a30}\shell\Autoplay\DropTarget]
      "CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
      #### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

      [MountPoints2\{6a627296-deb6-11db-b9f4-001302520a30}]
      "BaseClass"="Drive"
      "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
      5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
      ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
      ff,ff,00,00,10,00,00,08,07,00,00

      [MountPoints2\{6a627296-deb6-11db-b9f4-001302520a30}\shell]
      @="None"

      [MountPoints2\{6a627296-deb6-11db-b9f4-001302520a30}\shell\Autoplay]
      "MUIVerb"="@shell32.dll,-8504"

      [MountPoints2\{6a627296-deb6-11db-b9f4-001302520a30}\shell\Autoplay\DropTarget]
      "CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
      #### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

      [MountPoints2\{6b799826-d252-11db-b9cf-806d6172696f}]
      "BaseClass"="Drive"
      "_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
      ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
      ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
      ff,ff,00,20,00,00,00,00,00,00,00

      [MountPoints2\{73af0f60-d254-11db-b9d2-0019db225b88}]
      "BaseClass"="Drive"
      "_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
      ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
      ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
      ff,ff,00,00,10,00,00,08,00,00,00

      [MountPoints2\{98211998-d25f-11db-b9d7-001302520a30}]
      "BaseClass"="Drive"
      "_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
      ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
      ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
      ff,ff,00,20,00,00,00,09,00,00,00

      [MountPoints2\{98211998-d25f-11db-b9d7-001302520a30}\_Autorun]

      [MountPoints2\{98211998-d25f-11db-b9d7-001302520a30}\_Autorun\DefaultIcon]
      @="F:\setup.exe,0"

      [MountPoints2\{a5141562-f97f-11db-a80a-001302520a30}]
      "BaseClass"="Drive"
      "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
      5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
      ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
      ff,ff,00,01,00,00,00,08,07,00,00

      [MountPoints2\{a5141562-f97f-11db-a80a-001302520a30}\shell]
      @="None"

      [MountPoints2\{a5141562-f97f-11db-a80a-001302520a30}\shell\Autoplay]
      "MUIVerb"="@shell32.dll,-8504"

      [MountPoints2\{a5141562-f97f-11db-a80a-001302520a30}\shell\Autoplay\DropTarget]
      "CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
      #### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

      [MountPoints2\{b40281a9-02d5-11dc-b862-001302520a30}]
      "BaseClass"="Drive"
      "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
      5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
      cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,df,df,df,5f,df,df,00,5f,5f,5f,5f,5f,5f,5f,5f,\
      5f,5f,00,01,00,00,00,08,00,00,00

      [MountPoints2\{b40281aa-02d5-11dc-b862-001302520a30}]
      "BaseClass"="Drive"
      "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
      5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
      cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,df,df,df,5f,df,df,00,5f,5f,5f,5f,5f,5f,5f,5f,\
      5f,5f,00,01,00,00,00,08,00,00,00

      [MountPoints2\{b40281ad-02d5-11dc-b862-001302520a30}]
      "BaseClass"="Drive"
      "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
      5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
      cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,df,df,df,5f,df,df,00,5f,5f,5f,5f,5f,5f,5f,5f,\
      5f,5f,00,01,00,00,00,08,00,00,00

      [MountPoints2\{b40281ad-02d5-11dc-b862-001302520a30}\shell]
      @="None"

      [MountPoints2\{b40281ad-02d5-11dc-b862-001302520a30}\shell\Autoplay]
      "MUIVerb"="@shell32.dll,-8504"

      [MountPoints2\{b40281ad-02d5-11dc-b862-001302520a30}\shell\Autoplay\DropTarget]
      "CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
      #### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

      [MountPoints2\{b40281ae-02d5-11dc-b862-001302520a30}]
      "BaseClass"="Drive"
      "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
      5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
      cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,df,df,df,5f,df,df,cf,5f,5f,5f,5f,5f,5f,5f,5f,\
      5f,5f,00,01,00,00,00,00,00,00,00

      [MountPoints2\{b40281b2-02d5-11dc-b862-001302520a30}]
      "BaseClass"="Drive"
      "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
      5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
      ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
      ff,ff,00,01,00,00,00,08,07,00,00

      [MountPoints2\{ce365810-d256-11db-941c-806d6172696f}]
      "BaseClass"="Drive"

      [MountPoints2\{ce365811-d256-11db-941c-806d6172696f}]
      "BaseClass"="Drive"
      "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
      ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
      ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
      ff,ff,00,20,00,00,00,09,00,00,00

      [MountPoints2\{ce365811-d256-11db-941c-806d6172696f}\Shell]
      @="AutoRun"

      [MountPoints2\{ce365811-d256-11db-941c-806d6172696f}\Shell\AutoRun]
      @="&Exécution automatique"

      [MountPoints2\{ce365811-d256-11db-941c-806d6172696f}\Shell\AutoRun\command]
      @="D:\setup.exe"

      [MountPoints2\{ce365811-d256-11db-941c-806d6172696f}\_Autorun]

      [MountPoints2\{ce365811-d256-11db-941c-806d6172696f}\_Autorun\DefaultIcon]
      @="D:\MSIICO.ICO"

      [MountPoints2\{ce365812-d256-11db-941c-806d6172696f}]
      "BaseClass"="Drive"

      [MountPoints2\{d32f270a-02cd-11dc-b85f-001302520a30}]
      "BaseClass"="Drive"
      "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
      5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,00,ff,ff,ff,ff,\
      ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
      ff,ff,00,01,00,00,00,08,07,00,00

      [MountPoints2\{d32f270a-02cd-11dc-b85f-001302520a30}\shell]
      @="None"

      [MountPoints2\{d32f270a-02cd-11dc-b85f-001302520a30}\shell\Autoplay]
      "MUIVerb"="@shell32.dll,-8504"

      [MountPoints2\{d32f270a-02cd-11dc-b85f-001302520a30}\shell\Autoplay\DropTarget]
      "CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
      #### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

      [MountPoints2\{d6523192-d25e-11db-b9d6-001302520a30}]
      "BaseClass"="Drive"
      "_CommentFromDesktopINI"=""
      "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
      5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
      ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
      ff,ff,00,01,00,00,00,08,06,00,00

      [MountPoints2\{d6523192-d25e-11db-b9d6-001302520a30}\shell]
      @="None"

      [MountPoints2\{d6523192-d25e-11db-b9d6-001302520a30}\shell\Autoplay]
      "MUIVerb"="@shell32.dll,-8504"

      [MountPoints2\{d6523192-d25e-11db-b9d6-001302520a30}\shell\Autoplay\DropTarget]
      "CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
      #### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

      [MountPoints2\{e428455e-d6d7-11db-b9e3-001302520a30}]
      "BaseClass"="Drive"
      "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
      5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
      ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
      ff,ff,00,01,00,00,00,08,07,00,00

      [MountPoints2\{e428455e-d6d7-11db-b9e3-001302520a30}\shell]
      @="None"

      [MountPoints2\{e428455e-d6d7-11db-b9e3-001302520a30}\shell\Autoplay]
      "MUIVerb"="@shell32.dll,-8504"

      [MountPoints2\{e428455e-d6d7-11db-b9e3-001302520a30}\shell\Autoplay\DropTarget]
      "CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
      #### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

      [MountPoints2\{fd149448-10fa-11dc-b881-0019db225b88}]
      "BaseClass"="Drive"
      "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
      5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
      cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
      ff,ff,00,00,10,00,00,08,02,00,00

      [MountPoints2\{fd149448-10fa-11dc-b881-0019db225b88}\shell]
      @="None"

      [MountPoints2\{fd149448-10fa-11dc-b881-0019db225b88}\shell\Autoplay]
      "MUIVerb"="@shell32.dll,-8504"

      [MountPoints2\{fd149448-10fa-11dc-b881-0019db225b88}\shell\Autoplay\DropTarget]
      "CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
      #### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

      -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

      [AdvancedOptions]

      -----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

      -----HKLM\Software\Microsoft\Active Setup\Installed Components-----

      [Installed Components]

      [Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
      #### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
      "Stubpath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"
      "@="Microsoft Windows Media Player"
      "ComponentID"="WMPACCESS"

      [Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
      "@="Internet Explorer"
      "ComponentID"="IEACCESS"
      "StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE"

      [Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
      "@="Personnalisation du navigateur"
      "ComponentID"="BRANDING.CAB"
      "StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"

      [Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
      "@="Outlook Express"
      "ComponentID"="OEACCESS"
      "StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"

      [Installed Components\D27CDB6E-AE6D-11CF-96B8-444553540000]
      "@="Adobe Flash Player 9 ActiveX"
      "ComponentID"="Flash"

      [Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
      "@="Rendu VML (Vector Graphics Rendering)"
      "ComponentID"="MSVML"

      [Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
      #### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
      "ComponentID"="NetShow"
      "StubPath"=""

      [Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
      #### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
      "@="Lecteur Windows Media Microsoft 6.4"
      "ComponentID"="Microsoft Windows Media Player"
      "StubPath"=""

      [Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
      #### HKCR\CLSID\{283807B5-2C60-11D0-A31D-00AA00B92C03}\InprocServer32 @="C:\WINDOWS\system32\danim.dll"
      "@="DirectAnimation"
      "ComponentID"="DirectAnimation"

      [Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
      "@="Themes Setup"
      "ComponentID"="Theme Component"
      "StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"

      [Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
      "@="Liaison de données Dynamic HTML pour Java"
      "ComponentID"="TridataJava"

      [Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
      "@="Logiciel de navigation hors connexion"
      "ComponentID"="MobilePk"

      [Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
      "@="Uniscribe"
      "ComponentID"="USP10"

      [Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
      "@="Création avancée"
      "ComponentID"="AdvAuth"

      [Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
      "@="Microsoft Outlook Express 6"
      "ComponentID"="MailNews"
      "StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"

      [Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
      "@="DirectShow"
      "ComponentID"="activemovie"

      [Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
      "@="DirectDrawEx"
      "ComponentID"="DirectDrawEx"

      [Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
      "@="Aide sur Internet Explorer"
      "ComponentID"="HelpCont"

      [Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
      "@="Classes Java DirectAnimation"
      "ComponentID"="DAJava"

      [Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
      "@="Microsoft Windows Script 5.6"
      "ComponentID"="MSVBScript"

      [Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
      "(Default)"="Internet Connection Wizard"
      "ComponentID"="ICW"

      [Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
      "@="Outils d'installation Internet Explorer"
      "ComponentID"="GenSetup"

      [Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
      "@="Améliorations pour la navigation"
      "ComponentID"="ExtraPack"
      "KeyFileName"="C:\WINDOWS\system32\msieftp.dll"

      [Insta
      0
    2. Romhimtib
       
      Coment je le supprime ELIBAGLE? Juste comme ça où j'utilise un anti?
      0
  7. Utilisateur anonyme
     
    Clic sur démarrer, rechercher, tous les fichiers et dossiers, cherche et supprime :

    eoRezo (saloperie)
    WINTEMS.EXE.VIR

    **Si un fichier/dossier persiste lors de la suppression fait ceci:
    - Redémarre ton PC. Dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaître choisis "mode sans echec" attends un peu..
    Puis va supprimer les fichiers/dossiers, vide ta corbeille et redémarre ton PC normalement.

    Crée toi une nouvelle connexion et vois ce que ça donne
    0
    1. Romhimtib
       
      J'ai supprimé les fichiers! Et j'ai pu réinstaller mon anti-virus, auriez-vous des conseils à me donner en terme de logiciel de protection à utiliser pour éviter que je me fasse encore hacker...

      Je pense tester ma connection internet ce soir ou demain, je vous tiens au courant de l'évolution.

      Bonne journée!

      Merci encore pour votre aide!
      0
    2. Romhimtib
       
      Bonjou boulepate62,

      Je tenais à te remercier et à te dire que pour moi tu as réussit à m'aider. A ce jour je n'arrive toujours pas à récupérer ma connection internet et j'en vraiment besoin. Par concéquent je vais formater mon pc...

      Merci encore...

      Bonne continuation!

      Cordialement


      Romhimtib
      0