Probleme de plantage,vraiment besoin d'aide.

julienEVO6 Messages postés 24 Statut Membre -  
julienEVO6 Messages postés 24 Statut Membre -
Bonjour,voila je vien vers vous parce que cela fais quelques jours que je galere.
Voila mon PC plante des qu'on ouvre une cession,peu importe l'utilisateur,ca plante.Donc je n'ai plus acces a mes programmes bref c'est chiant.
Heureusement mon pere lorsqu'il avai installé Windows XP l'avais installé 2 fois et n'avais jamais pris le temp de supprimé le 2em windows xp et donc c'est en passant par la que j'ai quand meme acces au net.
ET donc depuis quelques jours je fais des analyse antivirus (je possede avast) que je fais des scan via secuser ou autres,et que je supprime tout ce que les logiciels antivirus trouvent mais que rien ne s'arrange.Ca continue de planter si je vais dans la partie ou il y a tout d'installé et meme dans la partie ou j'ai acces au net ca rame et pas mal de fenetre me demandant d'installer WinAntivirusPro 2006 ou ancore WinAntiSpyware s'ouvrent bref j'aimerais bien sortir de tout ca.

J'ai trouvé comme virus Dialer970 (ou 790 je ne sait plus) et dans mes programmes recemment installé (vous savez quand on clic sur "Demarrer" puis qu'on va dans "Tous les programmes" j'en est un du nom de Del et quand je met ma souris dessus ca affiche "Internet Dialer".

Je vous met le rapport Hijackthis que je vien de faire:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\attrib.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\PIERROT\Bureau\HiJackThis_v2.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\attrib.exe
O2 - BHO: (no name) - {02129DF5-3B05-4C9C-8AC4-A972EB859637} - C:\WINDOWS\System32\pmnnn.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4} - C:\WINDOWS\system32\gebcywt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\logon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O20 - Winlogon Notify: gebcywt - C:\WINDOWS\SYSTEM32\gebcywt.dll
O20 - Winlogon Notify: pmnnn - C:\WINDOWS\System32\pmnnn.dll
O20 - Winlogon Notify: urqqron - C:\WINDOWS\SYSTEM32\urqqron.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: attrib - Unknown owner - C:\WINDOWS\attrib.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Prise en charge des cartes à puces (SCardDrv) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

--
End of file - 5323 bytes

Voila j'espere que je me suis fais comprendre et que vous pourrez m'aider.
D'avance merci.
Configuration: Windows XP
Internet Explorer 6.0

23 réponses

  • 1
  • 2
  1. Utilisateur anonyme
     
    Bonjour

    Télécharge SDFix sur ton bureau
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
    Redémarre ton ordinateur en mode sans échec (redemarrage + tapotte sans arret sur F8 des que l'ordi s'allume)
    Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
    Appuie sur Y pour commencer le processus de nettoyage.
    Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    Appuie sur une touche pour redémarrer le PC.
    Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

    Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum.

    ET

    Télécharge Ad-Fix
    http://home.tele2.fr/gchrispage/index/download/divers/Ad-Fix.zip

    Dézippe tout le contenu dans le même dossier.
    Clic sur Ad-Fix.bat et choisis l'otpion 1
    Soit patient.
    A la fin du scan un rapport va s'ouvrir copie et colle le contenu ici.
    0
  2. julienEVO6 Messages postés 24 Statut Membre
     
    Hello voila deja le rapport de SDFix,je ferais celui de AD fix plus tard:

    SDFix: Version 1.101

    Run by PIERROT on 30/08/2007 at 19:36

    Microsoft Windows XP [version 5.1.2600]

    Running From: C:\DOCUME~1\PIERROT\Bureau\SDFix\SDFix

    Safe Mode:
    Checking Services:

    Name:
    DomainService

    ImagePath:
    C:\WINDOWS\System32\lwcqlicf.exe /service

    DomainService - Deleted

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...

    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\WINDOWS\SYSTEM32\CKKYBNK.EXE - Deleted

    Folder C:\Program Files\Fichiers communs\delsim - Removed

    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.

    Final Check:

    Remaining Services:
    ------------------

    Authorized Application Key Export:

    Remaining Files:
    ---------------

    File Backups: - C:\DOCUME~1\PIERROT\Bureau\SDFix\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    C:\WINDOWS\attrib.exe
    C:\WINDOWS\system32\bdksuffw.exe
    C:\WINDOWS\system32\chunnkgs.exe
    C:\WINDOWS\system32\csmnjza.exe
    C:\WINDOWS\system32\csrs.exe
    C:\WINDOWS\system32\cyioc.exe
    C:\WINDOWS\system32\dqsrrnn.exe
    C:\WINDOWS\system32\evueki.exe
    C:\WINDOWS\system32\jbitl.exe
    C:\WINDOWS\system32\jergwvm.exe
    C:\WINDOWS\system32\kand.exe
    C:\WINDOWS\system32\kbumlrd.exe
    C:\WINDOWS\system32\khlvwoj.exe
    C:\WINDOWS\system32\lnffknqe.exe
    C:\WINDOWS\system32\mirkrrx.exe
    C:\WINDOWS\system32\omlebde.exe
    C:\WINDOWS\system32\pipfpvpl.exe
    C:\WINDOWS\system32\tphm.exe
    C:\WINDOWS\system32\wzhawmr.exe
    C:\WINDOWS\system32\ynkvwfq.exe
    C:\WINDOWS\system32\ysxhsna.exe

    Finished
    0
  3. Utilisateur anonyme
     
    Ok, ça semble pas triste :-)
    0
  4. julienEVO6 Messages postés 24 Statut Membre
     
    Arfff!!
    Bon voici le scan Ad Fix:

    Ad-Fix v0.101a
    by gchris

    OPTION 1 (Scan) :

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Démarré à :

    23:40:52,07 30/08/2007

    Executé depuis :

    C:\Documents and Settings\PIERROT\Bureau\SDFix\Ad-Fix

    Os :

    Microsoft Windows XP [version 5.1.2600]

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Recherche de fichier manquant

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Fichiers cachés (pas forcément mauvais)

    .exe dans System32 :

    C:\WINDOWS\SYSTEM32\
    bdksuffw.exe Sun 26 Aug 2007 21:48:26 A..H. 45 056 44,00 K
    chunnkgs.exe Thu 23 Aug 2007 21:36:24 A..H. 25 504 24,91 K
    csmnjza.exe Thu 23 Aug 2007 21:36:30 A..H. 10 884 10,63 K
    cyioc.exe Thu 23 Aug 2007 21:39:40 A..H. 48 180 47,05 K
    dqsrrnn.exe Thu 23 Aug 2007 21:59:56 A..H. 39 420 38,50 K
    evueki.exe Thu 23 Aug 2007 21:37:40 A..H. 35 770 34,93 K
    jbitl.exe Thu 23 Aug 2007 21:18:38 A..H. 26 868 26,24 K
    kand.exe Thu 23 Aug 2007 21:15:58 A..H. 54 440 53,16 K
    kbumlrd.exe Thu 23 Aug 2007 21:38:32 A..H. 31 390 30,65 K
    khlvwoj.exe Thu 23 Aug 2007 21:39:34 A..H. 49 056 47,91 K
    lnffknqe.exe Thu 23 Aug 2007 21:37:32 A..H. 34 898 34,08 K
    omlebde.exe Thu 23 Aug 2007 21:18:10 A..H. 56 772 55,44 K
    pipfpvpl.exe Thu 23 Aug 2007 21:17:18 A..H. 7 158 6,99 K
    rswv.exe Thu 30 Aug 2007 19:46:28 A..H. 38 912 38,00 K
    tphm.exe Thu 23 Aug 2007 21:19:18 A..H. 10 732 10,48 K
    wzhawmr.exe Sun 26 Aug 2007 23:43:44 A..H. 29 864 29,16 K
    ynkvwfq.exe Thu 23 Aug 2007 21:29:24 A..H. 4 380 4,28 K
    ysxhsna.exe Tue 28 Aug 2007 22:02:58 A..H. 4 162 4,06 K

    18 items found: 18 files, 0 directories.
    Total of file sizes: 553 446 bytes 540,47 K

    .dll dans System32 :

    No matches found.

    .dat dans System32 :

    No matches found.

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Analyse du registre

    ---------- USER AGENT -- POST PLATFORM

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

    ----------

    ---------- AppInit_DLLs

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""

    ----------

    Complete!

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Recherche de fichiers et dossiers

    C:\WINDOWS\Downloaded Program Files\*_*_*NetInstaller.exe Détecté !
    C:\WINDOWS\Downloaded Program Files\CONFLICT.? Détecté !
    C:\WINDOWS\Downloaded Program Files\CONFLICT.?? Détecté !

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Terminé à 23:45:16,20

    A vous de jouez :D
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Utilisateur anonyme
     
    ok,
    Redémarre en mode sans échec, (en tapotant F8 au démarrage).

    Lance de nouveau Ad-Fix
    Choisis l'option 2
    Le bureau ou les icônes vont disparaître, c'est normal.
    Quand c'est terminé, presse la touche "entrée" pour redémarrer l'ordinateur.

    Une fois redémarré, navigue dans le dossier Ad-Fix
    Double-clic sur le fichier "view_log.bat" ou "view_log"
    Et copie-colle ici, le contenu du nouveau rapport.

    Ensuite,
    ¤ Télécharge ce programme puis double clic dessus (ferme ton antivirus s'il te détecte quoi que ce soit)
    http://www.suspectfile.com/systemscan/

    * Coche uniquement ces cases, décoche tout le reste :

    - Recent Files, 30 days
    - Registry Run Key
    - installed applications

    Puis clic sur scan now, soit patient.
    Une fois qu'il aura terminé, un rapport va s'ouvrir, copie et colle son contenu ici et vérifie qu'il soit bien en entier, si besoin crée deux messages.

    Puis on supprimera les bestioles exotiques ;-)
    0
  7. julienEVO6 Messages postés 24 Statut Membre
     
    Salut,quand je fais l'option 2 pour ADFix ca me lance un nettoyage du disque mais ca plante ,alors comme il est ecrit de faire annuler si ca plante et bien je fais annuler.Alors ADFix reprend mais reste bloqué sur "Supression des fichiers temporaires" veuillez patienter...
    J'ai laisser en route toute la nuit je pense que j'ai assez patienter lol mais ca n'a plus avance.
    Donc que faire ?
    merci :(
    0
  8. Utilisateur anonyme
     
    Fais la 2ème chose on reviendra dessus après ;-)
    0
  9. julienEVO6 Messages postés 24 Statut Membre
     
    SystemScan - www.suspectfile.com - ver. 3.2.0

    Running on: Windows XP HOME Edition (2600.5.1)
    System directory: C:\WINDOWS

    Date: 31/08/2007
    Time: 19:43:40

    Output limited to:
    -Recent files
    -Registry Run Keys
    -Installed Applications

    ===================== Recent files (30 days old)=====================

    ----- recent files in C:\
    23/08/2007 21:08:39 314 byte 8 days old -- boot.ini
    23/08/2007 21:22:22 (DIR) 0 byte 8 days old -- System Volume Information
    23/08/2007 22:07:50 (DIR) 0 byte 8 days old -- RECYCLER
    24/08/2007 22:13:57 (DIR) 0 byte 7 days old -- Downloads
    24/08/2007 22:56:19 (DIR) 0 byte 7 days old -- WA7PV
    29/08/2007 22:11:48 (DIR) 0 byte 2 days old -- Documents and Settings
    30/08/2007 23:12:52 (DIR) 0 byte 1 days old -- Program Files
    31/08/2007 00:05:56 (DIR) 0 byte 0 days old -- WINDOWS
    31/08/2007 00:45:31 1197 byte 0 days old -- Ad-Fix.cmd
    31/08/2007 00:45:31 1161 byte 0 days old -- Ad-Fix.txt
    31/08/2007 19:40:12 402653184 byte 0 days old -- pagefile.sys
    31/08/2007 19:43:40 (DIR) 0 byte 0 days old -- suspectfile

    ----- recent files in C:\WINDOWS\
    23/08/2007 21:10:16 (DIR) 0 byte 8 days old -- Cursors
    23/08/2007 21:11:15 37 byte 8 days old -- vbaddin.ini
    23/08/2007 21:11:15 36 byte 8 days old -- vb.ini
    23/08/2007 21:11:38 43 byte 8 days old -- removalfile.bat
    23/08/2007 21:11:57 (DIR) 0 byte 8 days old -- Help
    23/08/2007 21:12:12 (DIR) 0 byte 8 days old -- PCHEALTH
    23/08/2007 21:13:01 (DIR) 0 byte 8 days old -- srchasst
    23/08/2007 21:13:34 749 byte 8 days old -- WindowsShell.Manifest
    23/08/2007 21:13:52 (DIR) 0 byte 8 days old -- Offline Web Pages
    23/08/2007 21:15:48 (DIR) 0 byte 8 days old -- Registration
    23/08/2007 21:16:01 4207 byte 8 days old -- ODBCINST.INI
    23/08/2007 21:16:02 (DIR) 0 byte 8 days old -- Tasks
    23/08/2007 21:16:14 299552 byte 8 days old -- WMSysPrx.prx
    23/08/2007 21:16:30 504 byte 8 days old -- win.ini
    23/08/2007 21:16:31 0 byte 8 days old -- control.ini
    23/08/2007 21:16:41 (DIR) 0 byte 8 days old -- repair
    23/08/2007 21:16:42 (DIR) 0 byte 8 days old -- ime
    23/08/2007 21:21:55 8192 byte 8 days old -- REGLOCS.OLD
    23/08/2007 21:24:20 (DIR) 0 byte 8 days old -- Installer
    23/08/2007 22:00:32 (DIR) 0 byte 8 days old -- WinSxS
    23/08/2007 22:01:00 (DIR) 0 byte 8 days old -- system
    23/08/2007 22:01:11 (DIR) 0 byte 8 days old -- Fonts
    23/08/2007 22:01:12 231 byte 8 days old -- system.ini
    24/08/2007 21:36:34 (DIR) 0 byte 7 days old -- security
    24/08/2007 21:49:26 (DIR) 0 byte 7 days old -- SoftwareDistribution
    24/08/2007 21:55:34 (DIR) 0 byte 7 days old -- $NtUninstallKB842773$
    24/08/2007 22:52:04 (DIR) 0 byte 7 days old -- inf
    28/08/2007 21:02:13 645632 byte 3 days old -- attrib.exe
    28/08/2007 22:09:27 8880 byte 3 days old -- ModemLog_Generic SoftK56.txt
    28/08/2007 22:34:52 184 byte 3 days old -- cookies.ini
    29/08/2007 19:44:55 286720 byte 2 days old -- PATCH.EXE
    29/08/2007 19:44:56 69689 byte 2 days old -- UNZIP.DLL
    29/08/2007 19:44:56 507904 byte 2 days old -- TMUPDATE.DLL
    29/08/2007 19:45:14 (DIR) 0 byte 2 days old -- AU_Log
    29/08/2007 19:45:19 170 byte 2 days old -- GetServer.ini
    29/08/2007 20:19:20 29727481 byte 2 days old -- LPT$VPN.677
    29/08/2007 20:19:20 1163344 byte 2 days old -- vsapi32.dll
    29/08/2007 20:19:20 71749 byte 2 days old -- hcextoutput.dll
    29/08/2007 20:19:20 29727481 byte 2 days old -- VPTNFILE.677
    29/08/2007 20:19:20 86094 byte 2 days old -- BPMNT.dll
    29/08/2007 20:19:21 (DIR) 0 byte 2 days old -- AU_Temp
    29/08/2007 20:19:21 (DIR) 0 byte 2 days old -- AU_Backup
    29/08/2007 20:19:21 1866050 byte 2 days old -- tsc.ptn
    29/08/2007 20:19:21 267845 byte 2 days old -- tsc.exe
    29/08/2007 20:19:47 (DIR) 0 byte 2 days old -- report
    29/08/2007 20:19:56 823 byte 2 days old -- tsc.ini
    30/08/2007 19:36:18 (DIR) 0 byte 1 days old -- ERUNT
    30/08/2007 22:24:31 2328 byte 1 days old -- setupapi.log
    30/08/2007 23:07:43 (DIR) 0 byte 1 days old -- Web
    31/08/2007 00:05:30 (DIR) 0 byte 0 days old -- Downloaded Program Files
    31/08/2007 00:05:56 0 byte 0 days old -- setuperr.log
    31/08/2007 08:11:43 300 byte 0 days old -- setupact.log
    31/08/2007 08:30:10 386806 byte 0 days old -- ntbtlog.txt
    31/08/2007 19:40:15 2048 byte 0 days old -- bootstat.dat
    31/08/2007 19:40:38 (DIR) 0 byte 0 days old -- Debug
    31/08/2007 19:41:10 0 byte 0 days old -- 0.log
    31/08/2007 19:41:46 (DIR) 0 byte 0 days old -- Prefetch
    31/08/2007 19:42:30 25619 byte 0 days old -- WindowsUpdate.log
    31/08/2007 19:42:30 2388 byte 0 days old -- SchedLgU.Txt
    31/08/2007 19:43:09 (DIR) 0 byte 0 days old -- Temp
    31/08/2007 19:43:32 (DIR) 0 byte 0 days old -- system32

    ----- recent files in C:\WINDOWS\Downloaded Program Files\
    23/08/2007 21:13:52 65 byte 8 days old -- desktop.ini
    30/08/2007 00:16:30 (DIR) 0 byte 1 days old -- CONFLICT.3
    30/08/2007 00:16:30 (DIR) 0 byte 1 days old -- CONFLICT.2
    30/08/2007 22:24:31 (DIR) 0 byte 1 days old -- CONFLICT.1

    ----- recent files in C:\WINDOWS\system\

    ----- recent files in C:\WINDOWS\system32\
    23/08/2007 21:08:58 (DIR) 0 byte 8 days old -- spool
    23/08/2007 21:11:08 (DIR) 0 byte 8 days old -- MsDtc
    23/08/2007 21:11:08 43542 byte 8 days old -- gebcywt.dll
    23/08/2007 21:11:29 21892 byte 8 days old -- emptyregdb.dat
    23/08/2007 21:11:31 (DIR) 0 byte 8 days old -- Com
    23/08/2007 21:11:58 (DIR) 0 byte 8 days old -- Restore
    23/08/2007 21:12:12 143360 byte 8 days old -- lgd.exe
    23/08/2007 21:12:27 (DIR) 0 byte 8 days old -- oobe
    23/08/2007 21:12:47 (DIR) 0 byte 8 days old -- Macromed
    23/08/2007 21:12:48 (DIR) 0 byte 8 days old -- DirectX
    23/08/2007 21:13:34 749 byte 8 days old -- sapi.cpl.manifest
    23/08/2007 21:13:34 749 byte 8 days old -- wuaucpl.cpl.manifest
    23/08/2007 21:13:34 749 byte 8 days old -- nwc.cpl.manifest
    23/08/2007 21:13:34 749 byte 8 days old -- ncpa.cpl.manifest
    23/08/2007 21:13:34 749 byte 8 days old -- cdplayer.exe.manifest
    23/08/2007 21:13:51 488 byte 8 days old -- WindowsLogon.manifest
    23/08/2007 21:13:51 488 byte 8 days old -- logonui.exe.manifest
    23/08/2007 21:15:21 (DIR) 0 byte 8 days old -- ias
    23/08/2007 21:15:57 54440 byte 8 days old -- kand.exe
    23/08/2007 21:16:18 23392 byte 8 days old -- nscompat.tlb
    23/08/2007 21:16:18 16832 byte 8 days old -- amcompat.tlb
    23/08/2007 21:16:42 (DIR) 0 byte 8 days old -- wbem
    23/08/2007 21:16:42 (DIR) 0 byte 8 days old -- xircom
    23/08/2007 21:17:16 7158 byte 8 days old -- pipfpvpl.exe
    23/08/2007 21:18:08 56772 byte 8 days old -- omlebde.exe
    23/08/2007 21:18:36 26868 byte 8 days old -- jbitl.exe
    23/08/2007 21:19:12 261 byte 8 days old -- $winnt$.inf
    23/08/2007 21:19:16 10732 byte 8 days old -- tphm.exe
    23/08/2007 21:21:47 90296 byte 8 days old -- FNTCACHE.DAT
    23/08/2007 21:23:14 43542 byte 8 days old -- urqqron.dll
    23/08/2007 21:24:15 25065 byte 8 days old -- wmpscheme.xml
    23/08/2007 21:24:35 118 byte 8 days old -- vnggr.bat
    23/08/2007 21:29:13 298080 byte 8 days old -- pmnnn.dll
    23/08/2007 21:29:23 4380 byte 8 days old -- ynkvwfq.exe
    23/08/2007 21:36:23 25504 byte 8 days old -- chunnkgs.exe
    23/08/2007 21:36:28 10884 byte 8 days old -- csmnjza.exe
    23/08/2007 21:37:31 34898 byte 8 days old -- lnffknqe.exe
    23/08/2007 21:37:39 35770 byte 8 days old -- evueki.exe
    23/08/2007 21:38:30 31390 byte 8 days old -- kbumlrd.exe
    23/08/2007 21:39:32 49056 byte 8 days old -- khlvwoj.exe
    23/08/2007 21:39:39 48180 byte 8 days old -- cyioc.exe
    23/08/2007 21:39:41 134656 byte 8 days old -- sfc_os.dll
    23/08/2007 21:39:41 475136 byte 8 days old -- jta.exe
    23/08/2007 21:56:03 120 byte 8 days old -- wzcqyqd.bat
    23/08/2007 21:59:55 39420 byte 8 days old -- dqsrrnn.exe
    23/08/2007 22:00:40 (DIR) 0 byte 8 days old -- CatRoot
    23/08/2007 22:03:06 120 byte 8 days old -- jzetcva.bat
    23/08/2007 22:06:29 43542 byte 8 days old -- nnnnopn.dll
    23/08/2007 22:08:18 0 byte 8 days old -- h323log.txt
    23/08/2007 22:33:42 125504 byte 8 days old -- vttwmjql.dll
    24/08/2007 20:37:08 43542 byte 7 days old -- awttttr.dll
    24/08/2007 20:38:24 16896 byte 7 days old -- stszdvoi.exe
    24/08/2007 21:00:56 43542 byte 7 days old -- ssqolkj.dll
    24/08/2007 21:41:13 43542 byte 7 days old -- fccdawt.dll
    24/08/2007 21:55:41 (DIR) 0 byte 7 days old -- bits
    24/08/2007 21:55:42 (DIR) 0 byte 7 days old -- dllcache
    24/08/2007 21:58:18 535 byte 7 days old -- lqjmwttv.ini
    24/08/2007 21:58:27 43542 byte 7 days old -- ljjkklm.dll
    24/08/2007 23:14:56 43542 byte 7 days old -- khfgebc.dll
    24/08/2007 23:20:10 43542 byte 7 days old -- awtrqpp.dll
    24/08/2007 23:23:49 16896 byte 7 days old -- vukota.exe
    26/08/2007 21:38:30 13064 byte 5 days old -- wpa.dbl
    26/08/2007 21:38:43 43542 byte 5 days old -- wvusrol.dll
    26/08/2007 21:39:19 1263977 byte 5 days old -- enwbdgbq.ini
    26/08/2007 21:44:00 43542 byte 5 days old -- opnkjkh.dll
    26/08/2007 21:48:25 45056 byte 5 days old -- bdksuffw.exe
    26/08/2007 22:58:36 3121 byte 5 days old -- CONFIG.NT
    26/08/2007 22:58:37 (DIR) 0 byte 5 days old -- drivers
    26/08/2007 23:39:45 43542 byte 5 days old -- hggfebc.dll
    26/08/2007 23:43:42 29864 byte 5 days old -- wzhawmr.exe
    27/08/2007 13:41:43 (DIR) 0 byte 4 days old -- config
    27/08/2007 13:42:26 43542 byte 4 days old -- fccbywx.dll
    27/08/2007 15:32:24 43542 byte 4 days old -- hggfggg.dll
    27/08/2007 15:45:06 43542 byte 4 days old -- rqrrqnn.dll
    27/08/2007 22:03:49 43542 byte 4 days old -- vturomn.dll
    28/08/2007 21:01:40 43542 byte 3 days old -- jkkifda.dll
    28/08/2007 21:13:27 43542 byte 3 days old -- qomklli.dll
    28/08/2007 21:21:55 43542 byte 3 days old -- xxyyxyv.dll
    28/08/2007 22:01:23 43542 byte 3 days old -- ssqpqol.dll
    28/08/2007 22:02:06 75328 byte 3 days old -- ehhynepm.exe
    28/08/2007 22:02:57 4162 byte 3 days old -- ysxhsna.exe
    28/08/2007 22:08:13 1276065 byte 3 days old -- epffymnw.ini
    28/08/2007 22:08:15 43542 byte 3 days old -- byxurrp.dll
    28/08/2007 22:08:34 125504 byte 3 days old -- trz9.tmp
    28/08/2007 22:11:01 70208 byte 3 days old -- trz8.tmp
    28/08/2007 22:34:51 1276125 byte 3 days old -- djrmhpks.ini
    29/08/2007 19:35:37 43542 byte 2 days old -- rqrpppo.dll
    30/08/2007 19:43:01 43542 byte 1 days old -- iifgfcb.dll
    30/08/2007 19:45:59 43542 byte 1 days old -- opnkhef.dll
    30/08/2007 19:46:27 38912 byte 1 days old -- rswv.exe
    30/08/2007 21:24:05 43542 byte 1 days old -- iiffddc.dll
    30/08/2007 21:25:41 43542 byte 1 days old -- rqrrspp.dll
    30/08/2007 21:28:45 43542 byte 1 days old -- khfgdbc.dll
    30/08/2007 21:30:16 48856 byte 1 days old -- perfc00C.dat
    30/08/2007 21:30:16 311740 byte 1 days old -- perfh009.dat
    30/08/2007 21:30:16 40128 byte 1 days old -- perfc009.dat
    30/08/2007 21:30:16 368076 byte 1 days old -- perfh00C.dat
    30/08/2007 21:30:16 775210 byte 1 days old -- PerfStringBackup.INI
    30/08/2007 22:03:06 824148 byte 1 days old -- nnnmp.bak2
    30/08/2007 22:06:33 43542 byte 1 days old -- byxxxwu.dll
    30/08/2007 22:09:50 70208 byte 1 days old -- brxxquyl.dll
    30/08/2007 22:10:07 125504 byte 1 days old -- kybqqwmd.dll
    30/08/2007 22:26:31 (DIR) 0 byte 1 days old -- CatRoot2
    31/08/2007 19:40:35 17920 byte 0 days old -- tftp.exe
    31/08/2007 19:40:35 44032 byte 0 days old -- ftp.exe
    31/08/2007 19:43:42 722459 byte 0 days old -- nnnmp.ini

    ----- recent files in C:\WINDOWS\system32\drivers\
    30/08/2007 19:37:00 (DIR) 0 byte 1 days old -- etc

    ----- recent files in C:\WINDOWS\temp\
    31/08/2007 08:04:18 16384 byte 0 days old -- Perflib_Perfdata_494.dat
    31/08/2007 19:40:26 16384 byte 0 days old -- Perflib_Perfdata_4dc.dat
    31/08/2007 19:43:24 (DIR) 0 byte 0 days old -- _avast4_

    ----- recent files in C:\Program Files\
    23/08/2007 21:10:19 (DIR) 0 byte 8 days old -- Windows NT
    23/08/2007 21:10:20 (DIR) 0 byte 8 days old -- MSN Gaming Zone
    23/08/2007 21:10:38 (DIR) 0 byte 8 days old -- MSN
    23/08/2007 21:11:52 (DIR) 0 byte 8 days old -- Outlook Express
    23/08/2007 21:11:56 (DIR) 0 byte 8 days old -- NetMeeting
    23/08/2007 21:12:31 (DIR) 0 byte 8 days old -- Movie Maker
    23/08/2007 21:13:19 (DIR) 0 byte 8 days old -- Services en ligne
    23/08/2007 21:13:50 (DIR) 0 byte 8 days old -- Internet Explorer
    23/08/2007 21:16:42 (DIR) 0 byte 8 days old -- xerox
    23/08/2007 21:16:42 (DIR) 0 byte 8 days old -- microsoft frontpage
    23/08/2007 21:24:09 (DIR) 0 byte 8 days old -- Uninstall Information
    23/08/2007 21:24:14 (DIR) 0 byte 8 days old -- Messenger
    23/08/2007 21:24:15 (DIR) 0 byte 8 days old -- Windows Media Player
    23/08/2007 22:34:13 (DIR) 0 byte 8 days old -- WindowsUpdate
    26/08/2007 21:57:59 (DIR) 0 byte 5 days old -- Spybot - Search & Destroy
    26/08/2007 22:58:19 (DIR) 0 byte 5 days old -- Alwil Software
    29/08/2007 22:03:42 (DIR) 0 byte 2 days old -- CCleaner
    29/08/2007 22:06:16 (DIR) 0 byte 2 days old -- Grisoft
    30/08/2007 23:02:07 (DIR) 0 byte 1 days old -- Fichiers communs

    ----- recent files in C:\Program Files\Fichiers communs\
    23/08/2007 21:11:44 (DIR) 0 byte 8 days old -- MSSoap
    23/08/2007 21:11:52 (DIR) 0 byte 8 days old -- Services
    23/08/2007 21:11:52 (DIR) 0 byte 8 days old -- System
    23/08/2007 21:24:18 (DIR) 0 byte 8 days old -- Microsoft Shared
    23/08/2007 22:01:13 (DIR) 0 byte 8 days old -- SpeechEngines
    23/08/2007 22:01:16 (DIR) 0 byte 8 days old -- ODBC
    26/08/2007 23:01:51 (DIR) 0 byte 5 days old -- delsim.1

    ----- recent files in C:\Documents and Settings\PIERROT\Application Data\
    23/08/2007 21:24:14 (DIR) 0 byte 8 days old -- Identities
    23/08/2007 22:00:51 62 byte 8 days old -- desktop.ini
    24/08/2007 23:11:58 (DIR) 0 byte 7 days old -- WinAntiVirus Pro 2007
    28/08/2007 22:30:29 (DIR) 0 byte 3 days old -- Microsoft
    29/08/2007 22:06:28 (DIR) 0 byte 2 days old -- Grisoft

    ----- recent files in C:\DOCUME~1\PIERROT\LOCALS~1\Temp\
    30/08/2007 00:18:36 (DIR) 0 byte 1 days old -- _avast4_
    30/08/2007 00:22:36 (DIR) 0 byte 1 days old -- WER1.tmp.dir00
    30/08/2007 19:26:55 (DIR) 0 byte 1 days old -- WER2.tmp.dir00
    30/08/2007 19:43:06 (DIR) 0 byte 1 days old -- WER1.tmp.dir01
    30/08/2007 21:31:59 (DIR) 0 byte 1 days old -- WER2.tmp.dir01
    30/08/2007 22:06:34 43 byte 1 days old -- removalfile.bat
    30/08/2007 22:07:06 (DIR) 0 byte 1 days old -- WER3.tmp.dir00
    30/08/2007 22:19:29 (DIR) 0 byte 1 days old -- NI.UWA7PV_0001_N96M0206
    30/08/2007 22:59:56 (DIR) 0 byte 1 days old -- ~offfilt
    30/08/2007 23:37:56 (DIR) 0 byte 1 days old -- WER4.tmp.dir00
    31/08/2007 08:34:20 (DIR) 0 byte 0 days old -- WER1.tmp.dir02
    31/08/2007 08:34:20 0 byte 0 days old -- WER1.tmp
    31/08/2007 19:42:23 0 byte 0 days old -- WER2.tmp
    31/08/2007 19:42:23 (DIR) 0 byte 0 days old -- WER2.tmp.dir02
    31/08/2007 19:42:42 16384 byte 0 days old -- ~DFBE5D.tmp
    31/08/2007 19:42:43 (DIR) 0 byte 0 days old -- nsr4.tmp

    ===================== REGISTRY SCAN =====================

    -----HKLM\Software\Microsoft\Windows\CurrentVersion\Run-----

    [Run]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe"
    "UserFaultCheck"=expand:"%systemroot%\system32\dumprep 0 -u"
    "!AVG Anti-Spyware"="\"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe\" /minimized"

    -----HKCU\Software\Microsoft\Windows\CurrentVersion\Run-----

    [Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe"
    "MSMSGS"="\"C:\Program Files\Messenger\msmsgs.exe\" /background"

    -----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-----

    [Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE"

    -----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

    -----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

    -----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-----

    [Windows]
    "AppInit_DLLs"=""

    -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad-----

    [ShellServiceObjectDelayLoad]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    #### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    #### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    #### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"%SystemRoot%\System32\webcheck.dll"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
    #### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @="C:\WINDOWS\System32\stobject.dll"

    -----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-----

    [ShellExecuteHooks]
    "{57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4}"=""
    #### HKCR\CLSID\{57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4}\InprocServer32 @="C:\WINDOWS\system32\gebcywt.dll"
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
    #### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
    #### HKCR\CLSID\{57B86673-276A-48B2-BAE7-C6DBB3020EB8}\InprocServer32 @="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll"

    -----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

    [Winlogon]
    "Shell"="Explorer.exe %WINDIR%\attrib.exe"
    "System"=""
    "Userinit"="C:\WINDOWS\system32\userinit.exe,"
    "VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
    "UIHost"=expand:"logonui.exe"
    "LogonType"=dword:00000001
    "WinStationsDisabled"="0"

    [Winlogon\GPExtensions]

    [Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
    "@="Quota du disque Microsoft"
    "DllName"=expand:"dskquota.dll"

    [Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
    "DllName"=expand:"scecli.dll"
    "@="Security"

    [Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
    "DllName"=expand:"iedkcs32.dll"
    "@="Personnalisation de Internet Explorer"

    [Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
    "DllName"=expand:"scecli.dll"
    "@="EFS recovery"

    [Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
    "@="Installation de logiciel"
    "DllName"=expand:"appmgmts.dll"

    [Winlogon\Notify]

    [Winlogon\Notify\crypt32chain]
    "DllName"=expand:"crypt32.dll"
    "Logoff"="ChainWlxLogoffEvent"

    [Winlogon\Notify\cryptnet]
    "DllName"=expand:"cryptnet.dll"
    "Logoff"="CryptnetWlxLogoffEvent"

    [Winlogon\Notify\cscdll]
    "DLLName"="cscdll.dll"
    "Logon"="WinlogonLogonEvent"
    "Logoff"="WinlogonLogoffEvent"
    "ScreenSaver"="WinlogonScreenSaverEvent"
    "Startup"="WinlogonStartupEvent"
    "StartShell"="WinlogonStartShellEvent"

    [Winlogon\Notify\gebcywt]
    "DllName"="gebcywt.dll"
    "Logon"="Logon"
    "Logoff"="Logoff"

    [Winlogon\Notify\pmnnn]
    "DllName"="C:\WINDOWS\System32\pmnnn.dll"
    "Startup"="RealLogon"
    "Logoff"="RealLogoff"

    [Winlogon\Notify\ScCertProp]
    "DLLName"="wlnotify.dll"
    "Logon"="SCardStartCertProp"
    "Logoff"="SCardStopCertProp"
    "Lock"="SCardSuspendCertProp"
    "Unlock"="SCardResumeCertProp"
    "Enabled"=dword:00000001

    [Winlogon\Notify\Schedule]
    "DllName"=expand:"wlnotify.dll"
    "StartShell"="SchedStartShell"
    "Logoff"="SchedEventLogOff"

    [Winlogon\Notify\sclgntfy]
    "Logoff"="WLEventLogoff"
    "DllName"=expand:"sclgntfy.dll"

    [Winlogon\Notify\SensLogn]
    "DLLName"="WlNotify.dll"
    "Lock"="SensLockEvent"
    "Logon"="SensLogonEvent"
    "Logoff"="SensLogoffEvent"
    "Safe"=dword:00000001
    "MaxWait"=dword:00000258
    "StartScreenSaver"="SensStartScreenSaverEvent"
    "StopScreenSaver"="SensStopScreenSaverEvent"
    "Startup"="SensStartupEvent"
    "StartShell"="SensStartShellEvent"
    "PostShell"="SensPostShellEvent"
    "Disconnect"="SensDisconnectEvent"
    "Reconnect"="SensReconnectEvent"
    "Unlock"="SensUnlockEvent"

    [Winlogon\Notify\termsrv]
    "DllName"=expand:"wlnotify.dll"
    "Logoff"="TSEventLogoff"
    "Logon"="TSEventLogon"
    "PostShell"="TSEventPostShell"
    "StartShell"="TSEventStartShell"
    "Startup"="TSEventStartup"
    "MaxWait"=dword:00000258
    "Reconnect"="TSEventReconnect"
    "Disconnect"="TSEventDisconnect"

    [Winlogon\Notify\urqqron]
    "DllName"="urqqron.dll"
    "Logon"="Logon"
    "Logoff"="Logoff"

    [Winlogon\Notify\wlballoon]
    "DLLName"="wlnotify.dll"
    "Logon"="RegisterTicketExpiredNotificationEvent"
    "Logoff"="UnregisterTicketExpiredNotificationEvent"

    [Winlogon\SpecialAccounts]

    [Winlogon\SpecialAccounts\UserList]
    "HelpAssistant"=dword:00000000
    "TsInternetUser"=dword:00000000
    "SQLAgentCmdExec"=dword:00000000
    "NetShowServices"=dword:00000000
    "IWAM_"=dword:00010000
    "IUSR_"=dword:00010000
    "VUSR_"=dword:00010000

    -----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

    [Winlogon]
    "ParseAutoexec"="1"
    "ExcludeProfileDirs"="Local Settings;Temporary Internet Files;Historique;Temp"
    "BuildNumber"=dword:00000a28

    -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-----

    [Image File Execution Options\Your Image File Name Here without a path]
    "Debugger"="ntsd -d"

    -----HKLM\System\CurrentControlSet\Control\Session Manager\-----

    [Session Manager]
    "BootExecute"=multi:"autocheck autochk *\00stera\00\00"

    [Session Manager\SubSystems]
    "Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"

    -----HKLM\SYSTEM\CurrentControlSet\Control\WOW-----

    [WOW]
    "cmdline"=expand:"%SystemRoot%\system32\ntvdm.exe"
    "wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386"

    -----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-----

    -----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

    [RunOnce]

    -----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

    [RunOnceEx]

    -----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-----

    [RunServices]

    -----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

    -----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

    [RunOnce]

    -----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

    -----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-----

    [RunServices]

    -----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-----

    -----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

    -----HKLM\Software\Microsoft\Command Processor\Autorun-----

    -----HKCU\Software\Microsoft\Command Processor\Autorun-----

    -----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-----

    -----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup-----

    -----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

    -----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

    -----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

    -----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run-----

    -----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-----

    -----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

    -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-----

    [SharedTaskScheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
    #### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\System32\browseui.dll"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
    #### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\System32\browseui.dll"

    -----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-----

    [Browser Helper Objects]

    [Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    #### HKCR\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\InprocServer32 @="C:\PROGRA~1\SPYBOT~1\SDHelper.dll"

    [Browser Helper Objects\{57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4}]
    #### HKCR\CLSID\{57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4}\InprocServer32 @="C:\WINDOWS\system32\gebcywt.dll"

    [Browser Helper Objects\{D1672E56-2A73-4FC6-B7FE-184EE91A3650}]
    #### HKCR\CLSID\{D1672E56-2A73-4FC6-B7FE-184EE91A3650}\InprocServer32 @="C:\WINDOWS\System32\pmnnn.dll"

    -----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-----

    [URLSearchHooks]
    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
    #### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @=expand:"%SystemRoot%\System32\shdocvw.dll"

    -----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder-----

    -----HKCU\Control Panel\Desktop\-----

    [Desktop]
    "SCRNSAVE.EXE"="C:\WINDOWS\System32\logon.scr"

    [Desktop\WindowMetrics]

    -----HKEY_CLASSES_ROOT\exefile\shell\open\command-----

    [command]
    @="\"%1\" %*"

    -----HKEY_CLASSES_ROOT\comfile\shell\open\command-----

    [command]
    @="\"%1\" %*"

    -----HKEY_CLASSES_ROOT\batfile\shell\open\command-----

    [command]
    @="\"%1\" %*"

    -----HKEY_CLASSES_ROOT\piffile\shell\open\command-----

    [command]
    @="\"%1\" %*"

    -----HKEY_CLASSES_ROOT\scrFile\shell\open\command-----

    [command]
    @="\"%1\" /S"

    -----HKEY_CLASSES_ROOT\htafile\shell\open\command-----

    [Command]
    @="C:\WINDOWS\system32\mshta.exe \"%1\" %*"

    -----HKEY_CLASSES_ROOT\logfile\shell\open\command-----

    -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL-----

    [URL]

    [URL\DefaultPrefix]
    @="http://"

    [URL\Prefixes]
    "ftp"="ftp://"
    "gopher"="gopher://"
    "home"="http://"
    "mosaic"="http://"
    "www"="http://"

    -----HKLM\SYSTEM\CurrentControlSet\Control\Lsa-----

    [Lsa]
    "Authentication Packages"=multi:"msv1_0\00\00"
    "Bounds"=hex:00,30,00,00,00,20,00,00
    "Security Packages"=multi:"kerberos\00msv1_0\00schannel\00wdigest\00\00"
    "LsaPid"=dword:0000022c
    "SecureBoot"=dword:00000001
    "auditbaseobjects"=dword:00000000
    "crashonauditfail"=dword:00000000
    "disabledomaincreds"=dword:00000000
    "everyoneincludesanonymous"=dword:00000000
    "fipsalgorithmpolicy"=dword:00000000
    "forceguest"=dword:00000001
    "fullprivilegeauditing"=hex:00
    "limitblankpassworduse"=dword:00000001
    "lmcompatibilitylevel"=dword:00000000
    "nodefaultadminowner"=dword:00000001
    "nolmhash"=dword:00000000
    "restrictanonymous"=dword:00000001
    "restrictanonymoussam"=dword:00000001
    "Notification Packages"=multi:"scecli\00\00"

    [Lsa\AccessProviders]
    "ProviderOrder"=multi:"Windows NT Access Provider\00\00"

    [Lsa\AccessProviders\Windows NT Access Provider]
    "ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"

    [Lsa\Data]
    @Class="1229466c"
    "Pattern"=hex:b1,fe,93,b7,8a,69,b5,9f,8e,a9,cd,52,09,59,18,db,31,32,32,39,34,\
    36,36,63,00,67,07,00,01,00,00,00,dc,00,00,00,e0,00,00,00,48,fa,06,00,97,55,\
    51,74,04,00,00,00,a0,fd,06,00,b8,fd,06,00,15,18,cc,67

    [Lsa\GBG]
    @Class="159a0941"
    "GrafBlumGroup"=hex:55,be,72,00,72,5a,6f,37,dc

    [Lsa\JD]
    @Class="ceef67bd"
    "Lookup"=hex:c4,ad,01,86,3d,47

    [Lsa\Kerberos]

    [Lsa\Kerberos\Domains]

    [Lsa\Kerberos\SidCache]

    [Lsa\msv1_0]
    "ntlmminclientsec"=dword:00000000
    "ntlmminserversec"=dword:00000000

    [Lsa\Skew1]
    @Class="cc18ef85"
    "SkewMatrix"=hex:8d,fc,c5,7e,4f,d6,43,09,95,19,41,54,b4,05,54,4b

    [Lsa\SSO]

    [Lsa\SSO\Passport1.4]
    "SSOURL"="http://www.passport.com"

    [Lsa\SspiCache]
    "Time"=hex:8e,5b,47,09,c1,e5,c7,01

    [Lsa\SspiCache\digest.dll]
    "Name"="Digest"
    "Comment"="Digest SSPI Authentication Package"
    "Capabilities"=dword:00004050
    "RpcId"=dword:0000ffff
    "Version"=dword:00000001
    "TokenSize"=dword:0000ffff
    "Time"=hex:00,e0,8c,f6,b8,2f,c1,01
    "Type"=dword:00000031

    [Lsa\SspiCache\msapsspc.dll]
    "Name"="DPA"
    "Comment"="DPA Security Package"
    "Capabilities"=dword:00000037
    "RpcId"=dword:00000011
    "Version"=dword:00000001
    "TokenSize"=dword:00000300
    "Time"=hex:00,e0,8c,f6,b8,2f,c1,01
    "Type"=dword:00000031

    [Lsa\SspiCache\msnsspc.dll]
    "Name"="MSN"
    "Comment"="MSN Security Package"
    "Capabilities"=dword:00000037
    "RpcId"=dword:00000012
    "Version"=dword:00000001
    "TokenSize"=dword:00000300
    "Time"=hex:00,e0,8c,f6,b8,2f,c1,01
    "Type"=dword:00000031

    -----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-----

    [SharedAccess]
    "Type"=dword:00000020
    "Start"=dword:00000002
    "ErrorControl"=dword:00000001
    "ImagePath"=expand:"%SystemRoot%\System32\svchost.exe -k netsvcs"
    "DisplayName"="Pare-feu de connexion Internet (ICF) / Partage de connexion Internet (ICS)"
    "DependOnService"=multi:"Netman\00NLA\00RasMan\00ALG\00\00"
    "DependOnGroup"=multi:"\00"
    "ObjectName"="LocalSystem"
    "Description"="Assure la traduction d'adresses de réseau, l'adressage, les services de résolution de noms et/ou les services de prévention d'intrusion pour un réseau de petite entreprise ou un réseau domestique."

    [SharedAccess\Parameters]
    "ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"

    -----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-----

    -----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2-----

    -----HKLM\Software\Microsoft\Ole-----

    [Ole]
    "DefaultLaunchPermission"=hex:01,00,04,80,64,00,00,00,80,00,00,00,00,00,00,00,\
    14,00,00,00,02,00,50,00,03,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,\
    00,00,05,12,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,00,\
    00,05,04,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,02,00,00,00,00,00,\
    05,20,00,00,00,20,02,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,5f,84,1f,\
    5e,2e,6b,49,ce,12,03,03,f4,01,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,\
    5f,84,1f,5e,2e,6b,49,ce,12,03,03,f4,01,00,00
    "EnableDCOM"="N"

    -----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\-----

    -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-----

    [Security Center]
    "UpdatesDisableNotify"=dword:00000001
    "AntiVirusDisableNotify"=dword:00000001
    "FirewallDisableNotify"=dword:00000001
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-----

    [SystemRestore]
    "DisableSR"=dword:00000000
    "CreateFirstRunRp"=dword:00000001
    "DSMin"=dword:000000c8
    "DSMax"=dword:00000190
    "RPSessionInterval"=dword:00000000
    "RPGlobalInterval"=dword:00015180
    "RPLifeInterval"=dword:0076a700
    "CompressionBurst"=dword:0000003c
    "TimerInterval"=dword:00000078
    "DiskPercent"=dword:0000000c
    "ThawInterval"=dword:00000384

    [SystemRestore\Cfg]
    "DiskPercent"=dword:0000000c
    "MachineGuid"="{40666F75-94C6-4723-8EAB-D8C50119EA46}"

    [SystemRestore\SnapshotCallbacks]
    @=""

    -----HKEY_CURRENT_USER\Software\VB and VBA Program Settings-----

    [VB and VBA Program Settings]

    [VB and VBA Program Settings\CCleaner]

    [VB and VBA Program Settings\CCleaner\Options]

    -----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\-----

    [MountPoints2]

    [MountPoints2\A]
    "BaseClass"="Drive"

    [MountPoints2\C]
    "BaseClass"="Drive"

    [MountPoints2\D]
    "BaseClass"="Drive"

    [MountPoints2\E]
    "BaseClass"="Drive"

    [MountPoints2\F]
    "BaseClass"="Drive"

    [MountPoints2\G]
    "BaseClass"="Drive"

    [MountPoints2\H]
    "BaseClass"="Drive"

    [MountPoints2\I]
    "BaseClass"="Drive"

    [MountPoints2\J]
    "BaseClass"="Drive"

    [MountPoints2\{2cb00041-51b3-11dc-b187-8c61dd9d25dd}]
    "BaseClass"="Drive"

    [MountPoints2\{2cb00042-51b3-11dc-b187-8c61dd9d25dd}]
    "BaseClass"="Drive"

    [MountPoints2\{2cb00043-51b3-11dc-b187-8c61dd9d25dd}]
    "BaseClass"="Drive"

    [MountPoints2\{2cb00044-51b3-11dc-b187-8c61dd9d25dd}]
    "BaseClass"="Drive"

    [MountPoints2\{69569e78-c3d5-11d9-8f7c-806d6172696f}]
    "BaseClass"="Drive"

    [MountPoints2\{69569e79-c3d5-11d9-8f7c-806d6172696f}]
    "BaseClass"="Drive"

    [MountPoints2\{69569e7a-c3d5-11d9-8f7c-806d6172696f}]
    "BaseClass"="Drive"

    [MountPoints2\{69569e7b-c3d5-11d9-8f7c-806d6172696f}]
    "BaseClass"="Drive"

    [MountPoints2\{69569e7c-c3d5-11d9-8f7c-806d6172696f}]
    "BaseClass"="Drive"

    -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

    [AdvancedOptions]

    -----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

    -----HKLM\Software\Microsoft\Active Setup\Installed Components-----

    [Installed Components]

    [Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    "@="Personnalisation du navigateur"
    "ComponentID"="BRANDING.CAB"
    "StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"

    [Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
    "@="Rendu VML (Vector Graphics Rendering)"
    "ComponentID"="MSVML"

    [Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
    #### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\System32\msdxm.ocx"
    "ComponentID"="NetShow"
    "StubPath"=""

    [Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    #### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\System32\msdxm.ocx"
    "ComponentID"="Microsoft Windows Media Player"
    "StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub.NT"
    "@="Lecteur Windows Media Microsoft 6.4"

    [Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
    #### HKCR\CLSID\{283807B5-2C60-11D0-A31D-00AA00B92C03}\InprocServer32 @="C:\WINDOWS\System32\danim.dll"
    "@="DirectAnimation"
    "ComponentID"="DirectAnimation"

    [Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    "@="Themes Setup"
    "ComponentID"="Theme Component"
    "StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"

    [Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
    "@="Liaison de données Dynamic HTML pour Java"
    "ComponentID"="TridataJava"

    [Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
    "@="Logiciel de navigation hors connexion"
    "ComponentID"="MobilePk"

    [Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
    "@="Uniscribe"
    "ComponentID"="USP10"

    [Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
    "@="Création avancée"
    "ComponentID"="AdvAuth"

    [Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    "@="Microsoft Outlook Express 6"
    "ComponentID"="MailNews"
    "StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"

    [Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    "@="NetMeeting 3.01"
    "ComponentID"="NetMeeting"
    "StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"

    [Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
    "@="DirectShow"
    "ComponentID"="activemovie"

    [Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
    "@="DirectDrawEx"
    "ComponentID"="DirectDrawEx"

    [Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
    "@="Aide sur Internet Explorer"
    "ComponentID"="HelpCont"

    [Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
    "@="Classes Java DirectAnimation"
    "ComponentID"="DAJava"

    [Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
    "@="Microsoft Windows Script 5.6"
    "ComponentID"="MSVBScript"

    [Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    "KeyFileName"="C:\Program Files\Messenger\msmsgs.exe"
    "@="Windows Messenger 4.0"
    "ComponentID"="Messenger"
    "StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser"

    [Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
    "(Default)"="Internet Connection Wizard"
    "ComponentID"="ICW"

    [Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
    "@="Outils d'installation Internet Explorer"
    "ComponentID"="GenSetup"

    [Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
    "@="Améliorations pour la navigation"
    "ComponentID"="ExtraPack"
    "KeyFileName"="C:\WINDOWS\System32\msieftp.dll"

    [Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    #### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\System32\wmp.ocx"
    "@="Microsoft Windows Media Player 8"
    "ComponentID"="Microsoft Windows Media Player 8"
    "StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub"

    [Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
    "@="Accès au site MSN"
    "ComponentID"="MSN_Auth"

    [Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    "@="Carnet d'adresses 6"
    "ComponentID"="WAB"
    "StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"

    [Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    "@="Mise à jour du Bureau Windows"
    "ComponentID"="IE4Shell_NT"
    "StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"

    [Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    "@="Internet Explorer 6"
    "ComponentID"="BASEIE40_W2K"
    "StubPath"=expand:"%SystemRoot%\system32\ie4uinit.exe"

    [Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]

    [Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
    "@="Liaison de données Dynamic HTML"
    "ComponentID"="Tridata"

    [Installed Components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]
    "@="Accès Internet Explorer"
    "ComponentID"="IEACCESS"
    "StubPath"=expand:"rundll32 iesetup.dll,IEAccessUserInst"

    [Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
    "@="Polices de base Internet Explorer"
    "ComponentID"="Fontcore"

    [Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
    "@="Planificateur de tâches"
    "ComponentID"="MSTASK"

    [Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    #### HKCR\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32 @="C:\WINDOWS\System32\macromed\flash\swflash.ocx"
    "@="Macromedia Shockwave Flash"
    "ComponentID"="Flash"

    [Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
    "@="Aide HTML"
    "ComponentID"="HTMLHelp"

    [Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
    "@="Active Directory Service Interface"
    "ComponentID"="ADSI"

    -----Comparing registry keys CCS1 vs CCS2 -----
    < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7} REG_BINARY 06000000000000000800000000000000CFE9E046D41B36FCD41B35FC03000000000000000400000000000000CFE9E04658AD88FE01000000000000000400000000000000CFE9E046FFFFFF0033000000000000000400000000000000CFE9E04600093A8036000000000000000400000000000000CFE9E04658AD88FE35000000000000000100000000000000CFE9E04605000000
    > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Dhcp\Parameters {1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7} REG_BINARY 06000000000000000800000000000000FF8CE146D41B36FCD41B35FC03000000000000000400000000000000FF8CE14658AD88FE01000000000000000400000000000000FF8CE146FFFFFF0033000000000000000400000000000000FF8CE14600093A8036000000000000000400000000000000FF8CE14658AD88FE35000000000000000100000000000000FF8CE14605000000
    < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
    > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ C:\WINDOWS\System32\ESENT.dll
    < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
    > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ C:\WINDOWS\System32\ESENT.dll
    > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\DS
    > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\LSA
    > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\NetDDE Object
    > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\SC Manager
    > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Security
    > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Security Account Manager
    > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Spooler
    > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\MRxDAV\EncryptedDirectories
    < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7} LeaseObtainedTime REG_DWORD 1188540239 (0x46D7AF4F)
    > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7} LeaseObtainedTime REG_DWORD 1188582015 (0x46D8527F)
    < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7} T1 REG_DWORD 1188842639 (0x46DC4C8F)
    > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7} T1 REG_DWORD 1188884415 (0x46DCEFBF)
    < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7} T2 REG_DWORD 1189069439 (0x46DFC27F)
    > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7} T2 REG_DWORD 1189111215 (0x46E065AF)
    < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7} LeaseTerminatesTime REG_DWORD 1189145039 (0x46E0E9CF)
    > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7} LeaseTerminatesTime REG_DWORD 1189186815 (0x46E18CFF)
    < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7}\Parameters\Tcpip LeaseObtainedTime REG_DWORD 1188540239 (0x46D7AF4F)
    > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7}\Parameters\Tcpip LeaseObtainedTime REG_DWORD 1188582015 (0x46D8527F)
    < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7}\Parameters\Tcpip T1 REG_DWORD 1188842639 (0x46DC4C8F)
    > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7}\Parameters\Tcpip T1 REG_DWORD 1188884415 (0x46DCEFBF)
    < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7}\Parameters\Tcpip T2 REG_DWORD 1189069439 (0x46DFC27F)
    > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7}\Parameters\Tcpip T2 REG_DWORD 1189111215 (0x46E065AF)
    < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7}\Parameters\Tcpip LeaseTerminatesTime REG_DWORD 1189145039 (0x46E0E9CF)
    > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7}\Parameters\Tcpip LeaseTerminatesTime REG_DWORD 1189186815 (0x46E18CFF)

    Result compared: Different

    -----Comparing registry keys CCS1 vs CCS3 -----
    < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7} REG_BINARY 06000000000000000800000000000000CFE9E046D41B36FCD41B35FC03000000000000000400000000000000CFE9E04658AD88FE01000000000000000400000000000000CFE9E046FFFFFF0033000000000000000400000000000000CFE9E04600093A8036000000000000000400000000000000CFE9E04658AD88FE35000000000000000100000000000000CFE9E04605000000
    > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Dhcp\Parameters {1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7} REG_BINARY 06000000000000000800000000000000FF8CE146D41B36FCD41B35FC03000000000000000400000000000000FF8CE14658AD88FE01000000000000000400000000000000FF8CE146FFFFFF0033000000000000000400000000000000FF8CE14600093A8036000000000000000400000000000000FF8CE14658AD88FE35000000000000000100000000000000FF8CE14605000000
    > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\DS
    > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\LSA
    > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\NetDDE Object
    > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\SC Manager
    > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Security
    > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Security Account Manager
    > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Spooler
    > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\MRxDAV\EncryptedDirectories
    < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7} LeaseObtainedTime REG_DWORD 1188540239 (0x46D7AF4F)
    > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7} LeaseObtainedTime REG_DWORD 1188582015 (0x46D8527F)
    < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7} T1 REG_DWORD 1188842639 (0x46DC4C8F)
    > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7} T1 REG_DWORD 1188884415 (0x46DCEFBF)
    < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7} T2 REG_DWORD 1189069439 (0x46DFC27F)
    > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7} T2 REG_DWORD 1189111215 (0x46E065AF)
    < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7} LeaseTerminatesTime REG_DWORD 1189145039 (0x46E0E9CF)
    > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7} LeaseTerminatesTime REG_DWORD 1189186815 (0x46E18CFF)
    < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7}\Parameters\Tcpip LeaseObtainedTime REG_DWORD 1188540239 (0x46D7AF4F)
    > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7}\Parameters\Tcpip LeaseObtainedTime REG_DWORD 1188582015 (0x46D8527F)
    < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7}\Parameters\Tcpip T1 REG_DWORD 1188842639 (0x46DC4C8F)
    > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7}\Parameters\Tcpip T1 REG_DWORD 1188884415 (0x46DCEFBF)
    < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7}\Parameters\Tcpip T2 REG_DWORD 1189069439 (0x46DFC27F)
    > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7}\Parameters\Tcpip T2 REG_DWORD 1189111215 (0x46E065AF)
    < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7}\Parameters\Tcpip LeaseTerminatesTime REG_DWORD 1189145039 (0x46E0E9CF)
    > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7}\Parameters\Tcpip LeaseTerminatesTime REG_DWORD 1189186815 (0x46E18CFF)

    Result compared: Different

    ===================== Installed Applications =====================

    -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall-----

    [Uninstall]

    [Uninstall\AddressBook]

    [Uninstall\avast!]
    "DisplayName"="avast! Antivirus"
    "InstallSource"="C:\DOCUME~1\PIERROT\Bureau"
    "DisplayIcon"="C:\Program Files\Alwil Software\Avast4\ashAvast.exe"
    "UninstallString"="rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup"

    [Uninstall\AVGAntiSpyware75]
    "DisplayName"="AVG Anti-Spyware 7.5"
    "UninstallString"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe"
    "DisplayIcon"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe"

    [Uninstall\Branding]

    [Uninstall\CCleaner]
    "DisplayName"="CCleaner (remove only)"
    "UninstallString"="\"C:\Program Files\CCleaner\uninst.exe\""

    [Uninstall\Connection Manager]

    [Uninstall\DirectAnimation]

    [Uninstall\DirectDrawEx]

    [Uninstall\Fontcore]

    [Uninstall\HijackThis]
    "DisplayName"="HijackThis 2.0.0"
    "UninstallString"="\"C:\Documents and Settings\PIERROT\Bureau\HijackThis.exe\" /uninstall"
    "DisplayIcon"="C:\Documents and Settings\PIERROT\Bureau\HijackThis.exe"

    [Uninstall\ICW]

    [Uninstall\IE40]

    [Uninstall\IE4Data]

    [Uninstall\IE5BAKEX]

    [Uninstall\IEData]

    [Uninstall\KB842773]
    "DisplayName"="Correctif Windows XP - KB842773"
    "UninstallString"="C:\WINDOWS\$NtUninstallKB842773$\spuninst\spuninst.exe"

    [Uninstall\Microsoft NetShow Player 2.0]

    [Uninstall\MobileOptionPack]

    [Uninstall\MPlayer2]

    [Uninstall\NetMeeting]

    [Uninstall\OutlookExpress]

    [Uninstall\PCHealth]
    "UninstallString"="rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf"

    [Uninstall\SchedulingAgent]

    [Uninstall\Spybot - Search & Destroy_is1]
    "DisplayName"="Spybot - Search & Destroy 1.4"
    "DisplayIcon"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
    "UninstallString"="\"C:\Program Files\Spybot - Search & Destroy\unins000.exe\""

    [Uninstall\WGA]
    "DisplayName"="Windows Genuine Advantage Validation Tool (KB892130)"

    [Uninstall\{350C97B8-3D7C-4EE8-BAA9-00BCB3D54227}]
    "InstallSource"="C:\WINDOWS\System32\"
    "DisplayName"="WebFldrs XP"

    -----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall-----

    ==========================================
    Scan completed in 0,4 minutes
    End of report
    0
  10. Utilisateur anonyme
     
    Télécharge OTMoveIt sur ton bureau
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

    Double clic sur OTMoveIt.exe
    Sélectionne et copie les lignes ci-dessous

    C:\Documents and Settings\PIERROT\Application Data\WinAntiVirus Pro 2007
    C:\WINDOWS\system32\nnnmp.ini
    C:\WINDOWS\system32\kybqqwmd.dll
    C:\WINDOWS\system32\brxxquyl.dll
    C:\WINDOWS\system32\byxxxwu.dll
    C:\WINDOWS\system32\nnnmp.bak2
    C:\WINDOWS\system32\khfgdbc.dll
    C:\WINDOWS\system32\rqrrspp.dll
    C:\WINDOWS\system32\iiffddc.dll
    C:\WINDOWS\system32\rswv.exe
    C:\WINDOWS\system32\opnkhef.dll
    C:\WINDOWS\system32\iifgfcb.dll
    C:\WINDOWS\system32\rqrpppo.dll
    C:\WINDOWS\system32\djrmhpks.ini
    C:\WINDOWS\system32\trz8.tmp
    C:\WINDOWS\system32\trz9.tmp
    C:\WINDOWS\system32\byxurrp.dll
    C:\WINDOWS\system32\epffymnw.ini
    C:\WINDOWS\system32\ysxhsna.exe
    C:\WINDOWS\system32\ehhynepm.exe
    C:\WINDOWS\system32\ssqpqol.dll
    C:\WINDOWS\system32\xxyyxyv.dll
    C:\WINDOWS\system32\qomklli.dll
    C:\WINDOWS\system32\jkkifda.dll
    C:\WINDOWS\system32\vturomn.dll
    C:\WINDOWS\system32\rqrrqnn.dll
    C:\WINDOWS\system32\hggfggg.dll
    C:\WINDOWS\system32\fccbywx.dll
    C:\WINDOWS\system32\wzhawmr.exe
    C:\WINDOWS\system32\hggfebc.dll
    C:\WINDOWS\system32\bdksuffw.exe
    C:\WINDOWS\system32\opnkjkh.dll
    C:\WINDOWS\system32\enwbdgbq.ini
    C:\WINDOWS\system32\wvusrol.dll
    C:\WINDOWS\system32\vukota.exe
    C:\WINDOWS\system32\awtrqpp.dll
    C:\WINDOWS\system32\khfgebc.dll
    C:\WINDOWS\system32\ljjkklm.dll
    C:\WINDOWS\system32\lqjmwttv.ini
    C:\WINDOWS\system32\fccdawt.dll
    C:\WINDOWS\system32\ssqolkj.dll
    C:\WINDOWS\system32\stszdvoi.exe
    C:\WINDOWS\system32\awttttr.dll
    C:\WINDOWS\system32\vttwmjql.dll
    C:\WINDOWS\system32\nnnnopn.dll
    C:\WINDOWS\system32\jzetcva.bat
    C:\WINDOWS\system32\dqsrrnn.exe
    C:\WINDOWS\system32\wzcqyqd.bat
    C:\WINDOWS\system32\jta.exe
    C:\WINDOWS\system32\cyioc.exe
    C:\WINDOWS\system32\khlvwoj.exe
    C:\WINDOWS\system32\kbumlrd.exe
    C:\WINDOWS\system32\evueki.exe
    C:\WINDOWS\system32\lnffknqe.exe
    C:\WINDOWS\system32\csmnjza.exe
    C:\WINDOWS\system32\chunnkgs.exe
    C:\WINDOWS\system32\ynkvwfq.exe
    C:\WINDOWS\system32\pmnnn.dll
    C:\WINDOWS\system32\vnggr.bat
    C:\WINDOWS\system32\urqqron.dll
    C:\WINDOWS\system32\tphm.exe
    C:\WINDOWS\system32\jbitl.exe
    C:\WINDOWS\system32\omlebde.exe
    C:\WINDOWS\system32\pipfpvpl.exe
    C:\WINDOWS\system32\kand.exe
    C:\WINDOWS\system32\gebcywt.dll
    C:\WINDOWS\Downloaded Program Files\CONFLICT.3
    C:\WINDOWS\Downloaded Program Files\CONFLICT.2
    C:\WINDOWS\Downloaded Program Files\CONFLICT.1
    C:\WINDOWS\Downloaded Program Files\*_*_*NetInstaller.exe
    C:\WINDOWS\system32\bdksuffw.exe
    C:\WINDOWS\system32\chunnkgs.exe
    C:\WINDOWS\system32\csmnjza.exe
    C:\WINDOWS\system32\cyioc.exe
    C:\WINDOWS\system32\dqsrrnn.exe
    C:\WINDOWS\system32\evueki.exe
    C:\WINDOWS\system32\jbitl.exe
    C:\WINDOWS\system32\kand.exe
    C:\WINDOWS\system32\kbumlrd.exe
    C:\WINDOWS\system32\khlvwoj.exe
    C:\WINDOWS\system32\lnffknqe.exe
    C:\WINDOWS\system32\omlebde.exe
    C:\WINDOWS\system32\pipfpvpl.exe
    C:\WINDOWS\system32\rswv.exe
    C:\WINDOWS\system32\tphm.exe
    C:\WINDOWS\system32\wzhawmr.exe
    C:\WINDOWS\system32\ynkvwfq.exe
    C:\WINDOWS\system32\ysxhsna.exe
    C:\Program Files\Fichiers communs\delsim.1

    Retourne dans OTMoveit, fais un clic droit dans la fenêtre "Paste List of Files/Folders to be moved" et choisis "coller".
    Clic sur le boutton rouge Moveit et ferme OTMoveIt
    Si un fichier ou un dossier ne peut être déplacer immédiatement il te sera demander de redémarrer ta machine pour finir l'exécution, si c'est le cas, clic sur "Yes"
    Copie et colle le rapport qu'il va te générer ici stp. Le rapport d'OTMoveit se trouve dans ce dossier : C:\_OTMoveIt\MovedFiles

    ¤ Télécharge VundoFix
    ---> http://www.atribune.org/ccount/click.php?id=4

    Redémarre ton PC. Dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaître choisis "mode sans echec" attends un peu..

    double clic dessus choisis "start for vundo"
    attends quelques minutes, quand le scan est terminé clic sur "remove vundo"
    un message te demandera si tu veux supprimes les fichiers sur "yes"
    Quand il a terminé, clic sur "yes" ton ordinateur devrait redemarrer si non, fais le par toi même
    Une fois qu'il a redémarré colle le rapport C:\vundofix.txt

    ¤ Désactive le pare-feu de Windows(SP2) il ne sert à rien puis installe Kerio pour plus de sécurité

    Téléchargeable et tutoriel sur cette page :
    --> http://redir.fr/gbom

    Plus d'info :
    -> https://kerio.probb.fr/f2-sunbelt-kerio-personal-firewall

    ¤ Puis remet un rapport hijackthis stp
    0
  11. julienEVO6 Messages postés 24 Statut Membre
     
    Voila le rapport de OTMoveit:

    C:\Documents and Settings\PIERROT\Application Data\WinAntiVirus Pro 2007\Logs moved successfully.
    C:\Documents and Settings\PIERROT\Application Data\WinAntiVirus Pro 2007 moved successfully.
    C:\WINDOWS\system32\nnnmp.ini moved successfully.
    LoadLibrary failed for C:\WINDOWS\system32\kybqqwmd.dll
    C:\WINDOWS\system32\kybqqwmd.dll NOT unregistered.
    File move failed. C:\WINDOWS\system32\kybqqwmd.dll scheduled to be moved on reboot.
    LoadLibrary failed for C:\WINDOWS\system32\brxxquyl.dll
    C:\WINDOWS\system32\brxxquyl.dll NOT unregistered.
    File move failed. C:\WINDOWS\system32\brxxquyl.dll scheduled to be moved on reboot.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\byxxxwu.dll
    C:\WINDOWS\system32\byxxxwu.dll NOT unregistered.
    C:\WINDOWS\system32\byxxxwu.dll moved successfully.
    C:\WINDOWS\system32\nnnmp.bak2 moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\khfgdbc.dll
    C:\WINDOWS\system32\khfgdbc.dll NOT unregistered.
    C:\WINDOWS\system32\khfgdbc.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\rqrrspp.dll
    C:\WINDOWS\system32\rqrrspp.dll NOT unregistered.
    C:\WINDOWS\system32\rqrrspp.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\iiffddc.dll
    C:\WINDOWS\system32\iiffddc.dll NOT unregistered.
    C:\WINDOWS\system32\iiffddc.dll moved successfully.
    C:\WINDOWS\system32\rswv.exe moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\opnkhef.dll
    C:\WINDOWS\system32\opnkhef.dll NOT unregistered.
    C:\WINDOWS\system32\opnkhef.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\iifgfcb.dll
    C:\WINDOWS\system32\iifgfcb.dll NOT unregistered.
    C:\WINDOWS\system32\iifgfcb.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\rqrpppo.dll
    C:\WINDOWS\system32\rqrpppo.dll NOT unregistered.
    C:\WINDOWS\system32\rqrpppo.dll moved successfully.
    C:\WINDOWS\system32\djrmhpks.ini moved successfully.
    C:\WINDOWS\system32\trz8.tmp moved successfully.
    C:\WINDOWS\system32\trz9.tmp moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\byxurrp.dll
    C:\WINDOWS\system32\byxurrp.dll NOT unregistered.
    C:\WINDOWS\system32\byxurrp.dll moved successfully.
    C:\WINDOWS\system32\epffymnw.ini moved successfully.
    C:\WINDOWS\system32\ysxhsna.exe moved successfully.
    C:\WINDOWS\system32\ehhynepm.exe moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\ssqpqol.dll
    C:\WINDOWS\system32\ssqpqol.dll NOT unregistered.
    C:\WINDOWS\system32\ssqpqol.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\xxyyxyv.dll
    C:\WINDOWS\system32\xxyyxyv.dll NOT unregistered.
    C:\WINDOWS\system32\xxyyxyv.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\qomklli.dll
    C:\WINDOWS\system32\qomklli.dll NOT unregistered.
    C:\WINDOWS\system32\qomklli.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\jkkifda.dll
    C:\WINDOWS\system32\jkkifda.dll NOT unregistered.
    C:\WINDOWS\system32\jkkifda.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\vturomn.dll
    C:\WINDOWS\system32\vturomn.dll NOT unregistered.
    C:\WINDOWS\system32\vturomn.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\rqrrqnn.dll
    C:\WINDOWS\system32\rqrrqnn.dll NOT unregistered.
    C:\WINDOWS\system32\rqrrqnn.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\hggfggg.dll
    C:\WINDOWS\system32\hggfggg.dll NOT unregistered.
    C:\WINDOWS\system32\hggfggg.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\fccbywx.dll
    C:\WINDOWS\system32\fccbywx.dll NOT unregistered.
    C:\WINDOWS\system32\fccbywx.dll moved successfully.
    C:\WINDOWS\system32\wzhawmr.exe moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\hggfebc.dll
    C:\WINDOWS\system32\hggfebc.dll NOT unregistered.
    C:\WINDOWS\system32\hggfebc.dll moved successfully.
    C:\WINDOWS\system32\bdksuffw.exe moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\opnkjkh.dll
    C:\WINDOWS\system32\opnkjkh.dll NOT unregistered.
    C:\WINDOWS\system32\opnkjkh.dll moved successfully.
    C:\WINDOWS\system32\enwbdgbq.ini moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\wvusrol.dll
    C:\WINDOWS\system32\wvusrol.dll NOT unregistered.
    C:\WINDOWS\system32\wvusrol.dll moved successfully.
    C:\WINDOWS\system32\vukota.exe moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\awtrqpp.dll
    C:\WINDOWS\system32\awtrqpp.dll NOT unregistered.
    C:\WINDOWS\system32\awtrqpp.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\khfgebc.dll
    C:\WINDOWS\system32\khfgebc.dll NOT unregistered.
    C:\WINDOWS\system32\khfgebc.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\ljjkklm.dll
    C:\WINDOWS\system32\ljjkklm.dll NOT unregistered.
    C:\WINDOWS\system32\ljjkklm.dll moved successfully.
    C:\WINDOWS\system32\lqjmwttv.ini moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\fccdawt.dll
    C:\WINDOWS\system32\fccdawt.dll NOT unregistered.
    C:\WINDOWS\system32\fccdawt.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\ssqolkj.dll
    C:\WINDOWS\system32\ssqolkj.dll NOT unregistered.
    C:\WINDOWS\system32\ssqolkj.dll moved successfully.
    C:\WINDOWS\system32\stszdvoi.exe moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\awttttr.dll
    C:\WINDOWS\system32\awttttr.dll NOT unregistered.
    C:\WINDOWS\system32\awttttr.dll moved successfully.
    LoadLibrary failed for C:\WINDOWS\system32\vttwmjql.dll
    C:\WINDOWS\system32\vttwmjql.dll NOT unregistered.
    File move failed. C:\WINDOWS\system32\vttwmjql.dll scheduled to be moved on reboot.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\nnnnopn.dll
    C:\WINDOWS\system32\nnnnopn.dll NOT unregistered.
    C:\WINDOWS\system32\nnnnopn.dll moved successfully.
    C:\WINDOWS\system32\jzetcva.bat moved successfully.
    C:\WINDOWS\system32\dqsrrnn.exe moved successfully.
    C:\WINDOWS\system32\wzcqyqd.bat moved successfully.
    C:\WINDOWS\system32\jta.exe moved successfully.
    C:\WINDOWS\system32\cyioc.exe moved successfully.
    C:\WINDOWS\system32\khlvwoj.exe moved successfully.
    C:\WINDOWS\system32\kbumlrd.exe moved successfully.
    C:\WINDOWS\system32\evueki.exe moved successfully.
    C:\WINDOWS\system32\lnffknqe.exe moved successfully.
    C:\WINDOWS\system32\csmnjza.exe moved successfully.
    C:\WINDOWS\system32\chunnkgs.exe moved successfully.
    C:\WINDOWS\system32\ynkvwfq.exe moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\pmnnn.dll
    C:\WINDOWS\system32\pmnnn.dll NOT unregistered.
    File move failed. C:\WINDOWS\system32\pmnnn.dll scheduled to be moved on reboot.
    C:\WINDOWS\system32\vnggr.bat moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\urqqron.dll
    C:\WINDOWS\system32\urqqron.dll NOT unregistered.
    C:\WINDOWS\system32\urqqron.dll moved successfully.
    C:\WINDOWS\system32\tphm.exe moved successfully.
    C:\WINDOWS\system32\jbitl.exe moved successfully.
    C:\WINDOWS\system32\omlebde.exe moved successfully.
    C:\WINDOWS\system32\pipfpvpl.exe moved successfully.
    C:\WINDOWS\system32\kand.exe moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\gebcywt.dll
    C:\WINDOWS\system32\gebcywt.dll NOT unregistered.
    File move failed. C:\WINDOWS\system32\gebcywt.dll scheduled to be moved on reboot.
    C:\WINDOWS\Downloaded Program Files\CONFLICT.3 moved successfully.
    C:\WINDOWS\Downloaded Program Files\CONFLICT.2 moved successfully.
    C:\WINDOWS\Downloaded Program Files\CONFLICT.1 moved successfully.
    File/Folder C:\WINDOWS\Downloaded Program Files\*_*_*NetInstaller.exe not found.
    File/Folder C:\WINDOWS\system32\bdksuffw.exe not found.
    File/Folder C:\WINDOWS\system32\chunnkgs.exe not found.
    File/Folder C:\WINDOWS\system32\csmnjza.exe not found.
    File/Folder C:\WINDOWS\system32\cyioc.exe not found.
    File/Folder C:\WINDOWS\system32\dqsrrnn.exe not found.
    File/Folder C:\WINDOWS\system32\evueki.exe not found.
    File/Folder C:\WINDOWS\system32\jbitl.exe not found.
    File/Folder C:\WINDOWS\system32\kand.exe not found.
    File/Folder C:\WINDOWS\system32\kbumlrd.exe not found.
    File/Folder C:\WINDOWS\system32\khlvwoj.exe not found.
    File/Folder C:\WINDOWS\system32\lnffknqe.exe not found.
    File/Folder C:\WINDOWS\system32\omlebde.exe not found.
    File/Folder C:\WINDOWS\system32\pipfpvpl.exe not found.
    File/Folder C:\WINDOWS\system32\rswv.exe not found.
    File/Folder C:\WINDOWS\system32\tphm.exe not found.
    File/Folder C:\WINDOWS\system32\wzhawmr.exe not found.
    File/Folder C:\WINDOWS\system32\ynkvwfq.exe not found.
    File/Folder C:\WINDOWS\system32\ysxhsna.exe not found.
    C:\Program Files\Fichiers communs\delsim.1 moved successfully.

    Created on 08/31/2007 20:31:51
    0
  12. julienEVO6 Messages postés 24 Statut Membre
     
    Voila le rapport VundoFix:

    VundoFix V6.5.7

    Checking Java version...

    Sun Java not detected
    Scan started at 20:40:38 31/08/2007

    Listing files found while scanning....

    C:\WINDOWS\System32\mwaxnplk.dll
    C:\WINDOWS\System32\nnnmp.ini
    C:\WINDOWS\System32\pmnnn.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\System32\nnnmp.ini
    C:\WINDOWS\System32\nnnmp.ini Has been deleted!

    Attempting to delete C:\WINDOWS\System32\pmnnn.dll
    C:\WINDOWS\System32\pmnnn.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\System32\nnnmp.ini
    C:\WINDOWS\System32\nnnmp.ini Has been deleted!

    Attempting to delete C:\WINDOWS\System32\pmnnn.dll
    C:\WINDOWS\System32\pmnnn.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...
    0
  13. julienEVO6 Messages postés 24 Statut Membre
     
    Rapport HijackThis:
    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 20:57:40, on 31/08/2007
    Platform: Windows XP (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\Explorer.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\attrib.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\System32\devldr32.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\PIERROT\Bureau\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\attrib.exe
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4} - C:\WINDOWS\system32\gebcywt.dll
    O2 - BHO: (no name) - {9503996D-D12F-4243-90F6-CD62CFB44425} - C:\WINDOWS\System32\pmnnn.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://fr.winantivirus.com/download/2007/download.php?file=2&aid=nm_ku_wav_meta_kw_mtrt_fr_fr_ed2&lid=wifi&affid=nm_941_1aefd47451af11dc80f5fff941fdffff_53e65491e63f44389a37064cce1db43b
    O20 - Winlogon Notify: gebcywt - C:\WINDOWS\SYSTEM32\gebcywt.dll
    O20 - Winlogon Notify: pmnnn - C:\WINDOWS\System32\pmnnn.dll
    O20 - Winlogon Notify: urqqron - urqqron.dll (file missing)
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: attrib - Unknown owner - C:\WINDOWS\attrib.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\System32\rtayywor.exe (file missing)
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
    O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
    O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINDOWS\system32\netdde.exe
    O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINDOWS\system32\netdde.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Prise en charge des cartes à puces (SCardDrv) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
    0
  14. Utilisateur anonyme
     
    ¤ Clic sur "démarrer", "exécuter", tape: services.msc
    Cherche dans la liste la ligne ci-dessous, tu fais un clic droit dessus choisis "propriétés" et régle les sur "désactivé"

    - DomainService
    - attrib

    ¤ Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked"

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\attrib.exe
    O2 - BHO: (no name) - {57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4} - C:\WINDOWS\system32\gebcywt.dll
    O2 - BHO: (no name) - {9503996D-D12F-4243-90F6-CD62CFB44425} - C:\WINDOWS\System32\pmnnn.dll
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://fr.winantivirus.com/
    O20 - Winlogon Notify: gebcywt - C:\WINDOWS\SYSTEM32\gebcywt.dll
    O20 - Winlogon Notify: pmnnn - C:\WINDOWS\System32\pmnnn.dll
    O20 - Winlogon Notify: urqqron - urqqron.dll (file missing)

    ¤¤ Redémarre le PC en mode sans échec : Dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaître choisis "mode sans echec" attends un peu

    * Clic sur démarrer, rechercher, tous les fichiers et dossiers, cherche et supprime si présent :

    - attrib.exe
    - rtayywor.exe
    - pmnnn.dll
    - gebcywt.dll

    Dès qu'ils sont supprimès, vide ta corbeille et redémarre normalement.

    ¤ Désactive le pare-feu de Windows(SP2) il ne sert à rien puis installe Kerio pour plus de sécurité

    Téléchargeable et tutoriel sur cette page :
    --> http://redir.fr/gbom

    Plus d'info :
    -> https://kerio.probb.fr/f2-sunbelt-kerio-personal-firewall

    ¤ Clic sur démarrer, panneau de configuration, connexions et réseau internet, options internet, vas dans l'onglet:
    - "Général" clci sur le bouton "Supprimer" puis clic sur "Tout supprimer"
    - "Sécurité" et clic sur "niveau par défaut"
    - même chose avec l'onglet "Confidentialité"
    - "Contenu" effacer le SSL
    - puis dans l'onglet "Avancé" clique sur "paramétres par défaut" puis "réinitialiser"

    Appliquer, puis ok.

    ¤ Fais ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2 (en haut) va se mettre à clignoter, clic dessus et choisis "accepter l'active X" pour faire fonctionner le scan anti-virus.
    Une fois qu'il a terminé colle le rapport ici stp

    https://www.bitdefender.com/toolbox/
    0
  15. julienEVO6 Messages postés 24 Statut Membre
     
    Comment je desactive le pare feu windows ?
    0
  16. Utilisateur anonyme
     
    En installant Sunbelt il sera désactivé pas de problème ;-)
    0
  17. julienEVO6 Messages postés 24 Statut Membre
     
    Alors
    -attrib.exe a été supprimé
    -rtayywor n'est pas trouvé
    -pmnnn.dll et gelcywt ne peuvent etre supprimé car ressource utilisé par une autre personne ou par un autre programme.
    Arff!C'est grave docteur ?
    0
  18. julienEVO6 Messages postés 24 Statut Membre
     
    Oui,je n'ai essayé qu'en mode sans echec.
    0
  19. julienEVO6 Messages postés 24 Statut Membre
     
    C'est bon je suis allé en mode sans echec dans la version de Windows XP ou je vais d'habitude (celle qui plante quoi) et j'ai supprimé pmnnn.dll et gebcywt.dll par contre ca ne trouve pas rtayywor.exe.

    Je peux attaquer la suite ?

    Bon allé je revien demain bonne nuit.
    0
  20. Utilisateur anonyme
     
    Oui tu pourras faire la suite ;-)

    Bonne nuit !
    0
  • 1
  • 2