Malwares détectés et supprimés - séquelles

Marc23 Messages postés 14 Statut Membre -  
 Utilisateur anonyme -
Bonjour tout le monde, ça fait longtemps que je parcours les forums de commentçamarche et aujourd'hui j'ai pas trouver de réponses à mes questions alors j'ouvre mon compte :)

Alors j'ai un nouvel ordi avec Vista 32 et manque de chance, quand j'ai téléchargé mon antivirus (antivir) j'ai chopé des malwares qui se trouvaient dans le fichier :(

j'ai analysé et détruits se que j'ai trouvé avec malwares'byte, spybot, antivir, bitdefender online et tous mon trouver des malwares sauf le dernier.

1) Je voudrais savoir si je suis toujours infecté?

Voici mon rapport hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:12:16, on 22.08.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\conime.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Windows\System32\wsqmcons.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.ch[...]=ch&ibd=5080806
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dannz.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [%AWinUpdate] C:\WINDOWS\wuauclt.vbs
O4 - HKCU\..\Run: [%ProtectMyPC] C:\Program Files\Internet Explorer\iexplore.exe http://gomyhit.com/MjA2MTk=/2/7391/ratna/
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 9230 bytes

Merci d'avance :)

2) Je vais faire une restauration système car ces malwares ont fait disparaître dans le menu démarrer de vista, la case "tous les programmes" ainsi que la cas "ordinateur" en plus de la désactivation du clic droit sur le bureau :(
Mais comme je ne peux plus accéder à "accessoires" je me demandes s'il y a un raccourci autre?

PS: J'ai un peu galérer à écrire ce message, est-ce normal que toutes les 2 lignes, le curseur revient en arrière et écrit par dessus se que j'ai déjà écrit?

Merci d'avance :)
Configuration: Windows Vista
Firefox 3.0.1

25 réponses

  • 1
  • 2
  1. Marc23 Messages postés 14 Statut Membre
     
    Je me permets de remonter mon post qui allait sombré dans l'oublie ^^
    0
  2. Utilisateur anonyme
     
    Salut ,
    j'ai analysé et détruits se que j'ai trouvé avec malwares'byte, spybot, antivir, bitdefender online et tous mon trouver des malwares sauf le dernier. 


    Poste TOUT les rapports si possible. ( sauf spybot )

    - ton pc est encore infecté.

    ++
    0
  3. Marc23 Messages postés 14 Statut Membre
     
    Salut, merci de l'intérêt :)

    hijackthis:

    cf. au dessus

    Malwarebytes:

    Malwarebytes' Anti-Malware 1.25
    Version de la base de données: 1062
    Windows 6.0.6001 Service Pack 1

    04:51:23 22.08.2008
    mbam-log-08-22-2008 (04-51-23).txt

    Type de recherche: Examen complet (C:\|D:\|E:\|)
    Eléments examinés: 116890
    Temps écoulé: 1 hour(s), 1 minute(s), 1 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 2
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 2
    Dossier(s) infecté(s): 2
    Fichier(s) infecté(s): 6

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\AntiMalwareGuard (Rogue.AntiMalwareGuard) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antimalwareguard (Rogue.AntiMalwareGuard) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    C:\Program Files\AntiMalwareGuard (Rogue.AntiMalwareGuard) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiMalwareGuard (Rogue.AntiMalwareGuard) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Program Files\AntiMalwareGuard\amg.exe (Rogue.AntiMalwareGuard) -> Quarantined and deleted successfully.
    C:\Program Files\AntiMalwareGuard\BL.dat (Rogue.AntiMalwareGuard) -> Quarantined and deleted successfully.
    C:\Program Files\AntiMalwareGuard\WL.dat (Rogue.AntiMalwareGuard) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiMalwareGuard\AntiMalwareGuard.lnk (Rogue.AntiMalwareGuard) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiMalwareGuard\Uninstall AntiMalwareGuard.lnk (Rogue.AntiMalwareGuard) -> Quarantined and deleted successfully.
    C:\Users\Marc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\AntiMalwareGuard.lnk (Rogue.AntiMalwareGuard) -> Quarantined and deleted successfully.

    Antivir:

    Premium Security Suite
    Report file date: vendredi 22 août 2008 02:43

    Scanning for 1566590 virus strains and unwanted programs.

    Licensed to: Calin Ungur
    Serial number: 1101180232-ISECE-0001
    Platform: Windows Vista
    Windows version: (Service Pack 1) [6.0.6001]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: PC-DE-MARC

    Version information:
    BUILD.DAT : 8.1.0.245 27422 Bytes 12.08.2008 11:39:00
    AVSCAN.EXE : 8.1.4.7 315649 Bytes 26.06.2008 08:57:53
    AVSCAN.DLL : 8.1.4.0 40705 Bytes 26.05.2008 07:56:40
    LUKE.DLL : 8.1.4.5 164097 Bytes 12.06.2008 12:44:19
    LUKERES.DLL : 8.1.4.0 12033 Bytes 26.05.2008 07:58:52
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18.07.2007 10:33:34
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24.06.2008 13:54:15
    ANTIVIR2.VDF : 7.0.6.10 2587136 Bytes 14.08.2008 00:39:56
    ANTIVIR3.VDF : 7.0.6.51 217600 Bytes 21.08.2008 00:39:57
    Engineversion : 8.1.1.23
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25.02.2008 09:58:21
    AESCRIPT.DLL : 8.1.0.68 315770 Bytes 22.08.2008 00:40:01
    AESCN.DLL : 8.1.0.23 119156 Bytes 10.07.2008 12:44:49
    AERDL.DLL : 8.1.0.20 418165 Bytes 24.04.2008 12:37:48
    AEPACK.DLL : 8.1.2.1 364917 Bytes 15.07.2008 12:58:35
    AEOFFICE.DLL : 8.1.0.22 192890 Bytes 22.08.2008 00:40:01
    AEHEUR.DLL : 8.1.0.50 1388918 Bytes 22.08.2008 00:40:00
    AEHELP.DLL : 8.1.0.15 115063 Bytes 10.07.2008 12:44:48
    AEGEN.DLL : 8.1.0.36 315764 Bytes 22.08.2008 00:39:58
    AEEMU.DLL : 8.1.0.7 430452 Bytes 31.07.2008 08:33:21
    AECORE.DLL : 8.1.1.8 172406 Bytes 31.07.2008 08:33:21
    AEBB.DLL : 8.1.0.1 53617 Bytes 10.07.2008 12:44:48
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 09.07.2008 08:40:05
    AVPREF.DLL : 8.0.2.0 38657 Bytes 16.05.2008 09:28:01
    AVREP.DLL : 8.0.0.2 98344 Bytes 22.08.2008 00:39:58
    AVREG.DLL : 8.0.0.1 33537 Bytes 09.05.2008 11:26:40
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12.02.2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12.06.2008 12:27:49
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22.01.2008 17:28:02
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12.06.2008 12:49:40
    NETNT.DLL : 8.0.0.1 7937 Bytes 25.01.2008 12:05:10
    RCIMAGE.DLL : 8.0.0.51 2904321 Bytes 12.06.2008 13:36:58
    RCTEXT.DLL : 8.0.46.0 86273 Bytes 12.06.2008 13:37:12

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: C:\program files\avira\avira premium security suite\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:, D:,
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: vendredi 22 août 2008 02:43

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'avwebgrd.exe' - '1' Module(s) have been scanned
    Scan process 'avmailc.exe' - '1' Module(s) have been scanned
    Scan process 'avesvc.exe' - '1' Module(s) have been scanned
    Scan process 'avfwsvc.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'WMIADAP.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'TrustedInstaller.exe' - '1' Module(s) have been scanned
    Scan process 'firefox.exe' - '1' Module(s) have been scanned
    Scan process 'BTStackServer.exe' - '1' Module(s) have been scanned
    Scan process 'KHALMNPR.exe' - '1' Module(s) have been scanned
    Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
    Scan process 'quickset.exe' - '1' Module(s) have been scanned
    Scan process 'SetPoint.exe' - '1' Module(s) have been scanned
    Scan process 'conime.exe' - '1' Module(s) have been scanned
    Scan process 'BTTray.exe' - '1' Module(s) have been scanned
    Scan process 'DellDock.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'dwm.exe' - '1' Module(s) have been scanned
    Scan process 'taskeng.exe' - '1' Module(s) have been scanned
    Scan process 'taskeng.exe' - '1' Module(s) have been scanned
    Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'stacsv.exe' - '1' Module(s) have been scanned
    Scan process 'sprtsvc.exe' - '1' Module(s) have been scanned
    Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'IAANTmon.exe' - '1' Module(s) have been scanned
    Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'upeksvr.exe' - '1' Module(s) have been scanned
    Scan process 'AEstSrv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'wlanext.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'LBTServ.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'DockLogin.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
    Scan process 'audiodg.exe' - '0' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsm.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'wininit.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    57 processes with 57 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '53' files ).

    Starting the file scan:

    Begin scan in 'C:\' <OS>
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Users\Marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T1N4GRHG\updater[1].htm
    [0] Archive type: RAR SFX (self extracting)
    --> console_1.vbs
    [DETECTION] Contains recognition pattern of the HTML/ADODB.Exploit.Gen HTML script virus
    --> console_2.vbs
    [DETECTION] Contains recognition pattern of the HTML/ADODB.Exploit.Gen HTML script virus
    --> Setup_ver1.1594.1.exe
    [DETECTION] Is the TR/Dldr.Zlob.Gen Trojan
    [NOTE] The file was deleted!
    C:\Users\Marc\AppData\Local\Temp\runUpdater.exe
    [0] Archive type: RAR SFX (self extracting)
    --> console_1.vbs
    [DETECTION] Contains recognition pattern of the HTML/ADODB.Exploit.Gen HTML script virus
    --> console_2.vbs
    [DETECTION] Contains recognition pattern of the HTML/ADODB.Exploit.Gen HTML script virus
    --> Setup_ver1.1594.1.exe
    [DETECTION] Is the TR/Dldr.Zlob.Gen Trojan
    [NOTE] The file was deleted!
    C:\Users\Marc\AppData\Local\Temp\RarSFX1\console_1.vbs
    [DETECTION] Contains recognition pattern of the HTML/ADODB.Exploit.Gen HTML script virus
    [NOTE] The file was deleted!
    C:\Users\Marc\AppData\Local\Temp\RarSFX1\console_2.vbs
    [DETECTION] Contains recognition pattern of the HTML/ADODB.Exploit.Gen HTML script virus
    [NOTE] The file was deleted!
    C:\Users\Marc\AppData\Local\Temp\RarSFX1\Setup_ver1.1594.1.exe
    [DETECTION] Is the TR/Dldr.Zlob.Gen Trojan
    [NOTE] The file was deleted!
    C:\Windows\wuauclt.vbs
    [DETECTION] Contains recognition pattern of the HTML/ADODB.Exploit.Gen HTML script virus
    [NOTE] The file was deleted!
    C:\Windows\System32\wuauclt.vbs
    [DETECTION] Contains recognition pattern of the HTML/ADODB.Exploit.Gen HTML script virus
    [NOTE] The file was deleted!
    Begin scan in 'D:\' <RECOVERY>

    End of the scan: vendredi 22 août 2008 02:54
    Used time: 11:24 Minute(s)

    The scan has been done completely.

    15965 Scanning directories
    170842 Files were scanned
    11 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    7 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    170829 Files not concerned
    938 Archives were scanned
    2 Warnings
    7 Notes

    C'est tou ce que j'ai :)
    0
  4. Utilisateur anonyme
     
    Re ,

    Super.

    ______________________________________________________________________

    Désactive l'UAC (contrôle des comptes utilisateurs) car il peut gener l'execution du programme.

    Démarrer --> Panneau de Configuration --> Comptes d'utilisateurs et protection des utilisateurs --> Comptes d'utilisateurs --> Activer ou désactiver le contrôle des comptes d'utilisateurs > désactive-le.

    /!\ Pense à le remettre aprés la désinfection /!\


    Tutorial : http://www.laboratoire-microsoft.org/tips-23933-desactiver-uac-vista.html

    ______________________________________________________________________

    → Télécharge sur ton bureau DSS (ex Comboscan) de Deckard:

    (choisis enregistrer, puis Bureau comme emplacement)

    Ferme toutes les applications en cours.

    → Double-clic sur DSS.exe pour lancer l'outil.

    → Une fenêtre s'ouvre, invitant à fermer toutes les applications, clique sur OK.

    → A la fin de l'analyse, une fenêtre s'ouvre, clique sur OK.

    Le rapport main.txt va s'afficher, copie le dans ta prochaine réponse.
    Si un rapport complémentaire a été créé ( extra.txt ), poste le aussi dans ta réponse.

    Les rapports sont ici :
    (!) C:\Deckard\System Scanner\main.txt
    (!) C:\Deckard\System Scanner\extra.txt

    (CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    ++
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Marc23 Messages postés 14 Statut Membre
     
    Arg...

    Deckard's System Scanner interacts with a specific rootkit (tdssserv) in a way that may make your system unusable (altering the svchost netsvcs registry entry). This download link has been removed until a fix is released by Deckard. For your own protection, please do not attempt to download this tool from other sites.

    08/17/2008

    Your Geeks to Go admin team
    0
  7. Utilisateur anonyme
     
    Re ,

    Ah oui c'est vrai j'ai oublié.

    honte a moi .

    Télécharge http://www.suspectfile.com/systemscan/ ( Systemscan )

    → Double clic dessus (ferme ton antivirus le temps du téléchargement s'il te détecte quoi que ce soit et réactive le après)

    → Clique sur Unselect all

    Coche uniquement ces cases :

    _ Recent Files, 30 days

    _ Registry run keys

    _ Suspicious files

    Puis clique sur scan now, sois patient.
    Une fois le scan terminé, un rapport va s'ouvrir, copie et colle son contenu ici et vérifie qu'il soit bien en entier, si besoin crée deux messages.

    (CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    ++
    0
  8. Marc23 Messages postés 14 Statut Membre
     
    ça a duré même pas 2 secondes ^^

    SystemScan - www.suspectfile.com - ver. 3.5.5 (code: holifay & bReAkdOWn)

    Running on: Windows VISTA , Service Pack 1 (6001.6.0)
    System directory: C:\Windows
    SystemScan file: C:\Users\Marc\Desktop\sys55571.exe
    Running in: User mode
    Date: 22.08.2008
    Time: 14:30:44

    Output limited to:
    -Recent files
    -Registry Run Keys
    -Suspicious Files

    ===================== RECENT FILES =====================

    Showing files newer than 30 days

    ----- recent files in C:\
    05.08.2008 18:35:22 (DIR) 0 byte 17 days old -- Documents and Settings
    06.08.2008 04:09:50 (DIR) 0 byte 16 days old -- Drivers
    06.08.2008 04:09:51 (DIR) 0 byte 16 days old -- doctemp
    06.08.2008 04:14:35 5050 byte 16 days old -- dell.sdr
    18.08.2008 22:04:52 (DIR) 0 byte 4 days old -- Users
    18.08.2008 22:05:59 (DIR) 0 byte 4 days old -- $Recycle.Bin
    18.08.2008 22:31:42 (DIR) 0 byte 4 days old -- DELL
    21.08.2008 15:05:10 (DIR) 0 byte 1 days old -- kav
    22.08.2008 02:26:19 (DIR) 0 byte 0 days old -- Config.Msi
    22.08.2008 02:34:20 (DIR) 0 byte 0 days old -- System Volume Information
    22.08.2008 04:52:21 5406 byte 0 days old -- avenger.txt
    22.08.2008 04:52:21 (DIR) 0 byte 0 days old -- Avenger
    22.08.2008 04:55:01 (DIR) 0 byte 0 days old -- ProgramData
    22.08.2008 12:12:07 (DIR) 0 byte 0 days old -- Program Files
    22.08.2008 12:17:35 (DIR) 0 byte 0 days old -- Windows
    22.08.2008 14:17:59 (DIR)-538902528 byte 0 days old -- hiberfil.sys
    22.08.2008 14:17:59 (DIR)-225292288 byte 0 days old -- pagefile.sys

    ----- recent files in C:\Windows\
    05.08.2008 18:24:01 (DIR) 0 byte 17 days old -- Help
    05.08.2008 18:30:36 65536 byte 17 days old -- ocsetup_cbs_install_OEMHelpCustomization.dpx
    05.08.2008 18:30:36 30081024 byte 17 days old -- ocsetup_install_OEMHelpCustomization.etl
    05.08.2008 18:30:36 196608 byte 17 days old -- ocsetup_cbs_install_OEMHelpCustomization.perf
    05.08.2008 18:35:45 74 byte 17 days old -- CT4CET.bin
    05.08.2008 18:47:06 (DIR) 0 byte 17 days old -- Fonts
    05.08.2008 18:49:11 1463 byte 17 days old -- xpsp1hfm.log
    05.08.2008 19:03:02 4506 byte 17 days old -- DtcInstall.log
    05.08.2008 19:03:55 (DIR) 0 byte 17 days old -- Panther
    05.08.2008 20:20:33 (DIR) 0 byte 17 days old -- twain_32
    05.08.2008 20:20:53 3652 byte 17 days old -- TSSysprep.log
    06.08.2008 04:07:37 (DIR) 0 byte 16 days old -- Setup
    06.08.2008 04:13:37 (DIR) 0 byte 16 days old -- Users
    06.08.2008 04:14:35 12 byte 16 days old -- csup.txt
    18.08.2008 22:14:16 493 byte 4 days old -- comsetup.log
    18.08.2008 22:21:21 (DIR) 0 byte 4 days old -- assembly
    18.08.2008 22:21:22 (DIR) 0 byte 4 days old -- Microsoft.NET
    18.08.2008 22:27:30 538 byte 4 days old -- KB893803v2.log
    18.08.2008 22:27:35 86 byte 4 days old -- KE.log
    18.08.2008 22:30:25 (DIR) 0 byte 4 days old -- AppPatch
    18.08.2008 22:30:29 (DIR) 0 byte 4 days old -- ehome
    18.08.2008 22:30:32 (DIR) 0 byte 4 days old -- PolicyDefinitions
    18.08.2008 22:35:20 (DIR) 0 byte 4 days old -- SoftwareDistribution
    19.08.2008 01:20:29 (DIR) 0 byte 3 days old -- Debug
    19.08.2008 15:26:55 (DIR) 0 byte 3 days old -- PCHEALTH
    19.08.2008 15:27:14 (DIR) 0 byte 3 days old -- winsxs
    20.08.2008 13:18:10 (DIR) 0 byte 2 days old -- Logs
    21.08.2008 00:46:25 132385 byte 1 days old -- setupact.log
    21.08.2008 00:53:27 (DIR) 0 byte 1 days old -- rescache
    21.08.2008 12:54:05 28394 byte 1 days old -- DPINST.LOG
    21.08.2008 13:42:36 (DIR) 0 byte 1 days old -- registration
    21.08.2008 13:42:40 (DIR) 0 byte 1 days old -- Tasks
    21.08.2008 22:06:15 (DIR) 0 byte 1 days old -- Installer
    22.08.2008 02:26:19 19668 byte 0 days old -- PFRO.log
    22.08.2008 03:05:39 286720 byte 0 days old -- PATCH.EXE
    22.08.2008 03:05:39 69689 byte 0 days old -- UNZIP.DLL
    22.08.2008 03:05:40 507904 byte 0 days old -- TMUPDATE.DLL
    22.08.2008 03:06:43 (DIR) 0 byte 0 days old -- AU_Log
    22.08.2008 12:17:37 (DIR) 0 byte 0 days old -- Downloaded Program Files
    22.08.2008 12:55:48 (DIR) 0 byte 0 days old -- BDOSCAN8
    22.08.2008 14:17:14 1401 byte 0 days old -- bthservsdp.dat
    22.08.2008 14:18:03 67584 byte 0 days old -- bootstat.dat
    22.08.2008 14:21:00 763211 byte 0 days old -- WindowsUpdate.log
    22.08.2008 14:24:29 (DIR) 0 byte 0 days old -- inf
    22.08.2008 14:24:29 (DIR) 0 byte 0 days old -- System32
    22.08.2008 14:29:18 (DIR) 0 byte 0 days old -- Temp
    22.08.2008 14:30:44 (DIR) 0 byte 0 days old -- Prefetch

    ----- recent files in C:\Windows\Downloaded Program Files\

    ----- recent files in C:\Windows\system\

    ----- recent files in C:\Windows\system32\
    05.08.2008 11:11:02 15888504 byte 17 days old -- mrt.exe
    05.08.2008 18:23:43 (DIR) 0 byte 17 days old -- restore
    05.08.2008 18:30:37 (DIR) 0 byte 17 days old -- Macromed
    05.08.2008 18:31:21 6089 byte 17 days old -- jupdate-1.6.0_05-b13.log
    05.08.2008 18:36:22 (DIR) 0 byte 17 days old -- FRA
    05.08.2008 18:40:38 (DIR) 0 byte 17 days old -- ja-JP
    05.08.2008 18:40:38 (DIR) 0 byte 17 days old -- it-IT
    05.08.2008 18:40:38 (DIR) 0 byte 17 days old -- ko-KR
    05.08.2008 18:40:38 (DIR) 0 byte 17 days old -- sv-SE
    05.08.2008 18:40:38 (DIR) 0 byte 17 days old -- pl-PL
    05.08.2008 18:40:38 (DIR) 0 byte 17 days old -- ru-RU
    05.08.2008 18:40:38 (DIR) 0 byte 17 days old -- pt-BR
    05.08.2008 18:40:38 (DIR) 0 byte 17 days old -- es-MX
    05.08.2008 18:40:38 (DIR) 0 byte 17 days old -- en-US
    05.08.2008 18:40:38 (DIR) 0 byte 17 days old -- es-AR
    05.08.2008 18:40:38 (DIR) 0 byte 17 days old -- zh-CN
    05.08.2008 18:40:38 (DIR) 0 byte 17 days old -- zh-TW
    05.08.2008 18:40:38 (DIR) 0 byte 17 days old -- de-DE
    05.08.2008 18:40:38 (DIR) 0 byte 17 days old -- es-ES
    05.08.2008 18:40:51 (DIR) 0 byte 17 days old -- Microsoft
    05.08.2008 19:00:01 271624 byte 17 days old -- FNTCACHE.DAT
    05.08.2008 19:03:55 (DIR) 0 byte 17 days old -- sysprep
    06.08.2008 04:07:35 (DIR) 0 byte 16 days old -- oobe
    06.08.2008 04:07:36 (DIR) 0 byte 16 days old -- oem
    06.08.2008 04:08:30 60224 byte 16 days old -- tcpmon.ini
    06.08.2008 04:13:33 615992 byte 16 days old -- ci.dll
    06.08.2008 04:13:33 927288 byte 16 days old -- winresume.exe
    06.08.2008 04:13:33 14848 byte 16 days old -- srdelayed.exe
    06.08.2008 04:13:33 318464 byte 16 days old -- rstrui.exe
    06.08.2008 04:13:33 6656 byte 16 days old -- kbd106n.dll
    06.08.2008 04:13:33 988216 byte 16 days old -- winload.exe
    06.08.2008 04:13:33 378368 byte 16 days old -- srcore.dll
    06.08.2008 04:13:33 46592 byte 16 days old -- setbcdlocale.dll
    06.08.2008 04:13:33 40960 byte 16 days old -- srclient.dll
    06.08.2008 04:13:33 19000 byte 16 days old -- kd1394.dll
    06.08.2008 04:13:43 (DIR) 0 byte 16 days old -- Boot
    06.08.2008 04:13:48 1695744 byte 16 days old -- gameux.dll
    06.08.2008 04:13:48 4240384 byte 16 days old -- GameUXLegacyGDFs.dll
    06.08.2008 04:14:00 295936 byte 16 days old -- gdi32.dll
    06.08.2008 04:14:06 2032128 byte 16 days old -- win32k.sys
    18.08.2008 21:58:23 65328 byte 4 days old -- license.rtf
    18.08.2008 22:11:14 (DIR) 0 byte 4 days old -- NDF
    18.08.2008 22:30:27 (DIR) 0 byte 4 days old -- migration
    18.08.2008 22:30:33 (DIR) 0 byte 4 days old -- fr-FR
    21.08.2008 13:42:39 (DIR) 0 byte 1 days old -- catroot2
    21.08.2008 13:42:40 (DIR) 0 byte 1 days old -- spool
    21.08.2008 13:42:46 (DIR) 0 byte 1 days old -- config
    21.08.2008 13:43:57 (DIR) 0 byte 1 days old -- wbem
    21.08.2008 13:43:58 (DIR) 0 byte 1 days old -- Msdtc
    22.08.2008 02:34:29 (DIR) 0 byte 0 days old -- catroot
    22.08.2008 04:52:21 (DIR) 0 byte 0 days old -- drivers
    22.08.2008 12:24:18 (DIR) 0 byte 0 days old -- Tasks
    22.08.2008 14:18:10 3616 byte 0 days old -- 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    22.08.2008 14:18:10 3616 byte 0 days old -- 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    22.08.2008 14:24:29 669566 byte 0 days old -- perfh00C.dat
    22.08.2008 14:24:29 1470810 byte 0 days old -- PerfStringBackup.INI
    22.08.2008 14:24:29 587178 byte 0 days old -- perfh009.dat
    22.08.2008 14:24:29 101250 byte 0 days old -- perfc009.dat
    22.08.2008 14:24:29 123556 byte 0 days old -- perfc00C.dat
    22.08.2008 14:29:19 (DIR) 0 byte 0 days old -- WDI

    ----- recent files in C:\Windows\system32\drivers\
    05.08.2008 20:19:46 0 byte 17 days old -- Msft_Kernel_Apfiltr_01005.Wdf
    06.08.2008 04:08:43 5050 byte 16 days old -- 1028_Dell_XPS_M1530.mrk
    17.08.2008 15:01:14 17144 byte 5 days old -- mbam.sys
    17.08.2008 15:01:18 38472 byte 5 days old -- mbamswissarmy.sys
    18.08.2008 22:29:40 0 byte 4 days old -- Msft_Kernel_LMouFilt_01005.Wdf
    19.08.2008 12:10:53 (DIR) 0 byte 3 days old -- UMDF

    ----- recent files in C:\Windows\temp\
    05.08.2008 18:34:53 166 byte 17 days old -- SetupAV.log
    05.08.2008 18:36:08 174 byte 17 days old -- SetupAVC.log
    05.08.2008 18:36:15 (DIR) 0 byte 17 days old -- IntelIMSM
    05.08.2008 19:01:29 0 byte 17 days old -- sqlite_vOoxHInI9cccLQx
    05.08.2008 19:01:29 1024 byte 17 days old -- sqlite_hbAw2cwGq2EFVTJ
    18.08.2008 22:00:18 0 byte 4 days old -- sqlite_2MFggpFzLJuZhkg
    18.08.2008 22:00:18 0 byte 4 days old -- sqlite_31vgf8AQwhkT65I
    18.08.2008 22:02:39 9437184 byte 4 days old -- WinSAT_KernelLog.etl
    18.08.2008 22:02:39 12582912 byte 4 days old -- WinSAT_DX.etl
    18.08.2008 22:04:30 3145728 byte 4 days old -- WinSAT_StorageAsmt.etl
    18.08.2008 22:32:07 (DIR) 0 byte 4 days old -- MCE00000
    18.08.2008 22:32:42 (DIR) 0 byte 4 days old -- Cookies
    18.08.2008 22:32:42 (DIR) 0 byte 4 days old -- Fichiers Internet temporaires
    18.08.2008 22:32:43 (DIR) 0 byte 4 days old -- History
    20.08.2008 18:49:17 120 byte 2 days old -- fwtsqmfile12.sqm
    20.08.2008 18:49:22 120 byte 2 days old -- fwtsqmfile15.sqm
    20.08.2008 18:49:22 120 byte 2 days old -- fwtsqmfile14.sqm
    20.08.2008 18:49:22 120 byte 2 days old -- fwtsqmfile13.sqm
    20.08.2008 18:49:28 120 byte 2 days old -- fwtsqmfile16.sqm
    20.08.2008 18:49:33 120 byte 2 days old -- fwtsqmfile18.sqm
    20.08.2008 18:49:33 120 byte 2 days old -- fwtsqmfile17.sqm
    20.08.2008 18:49:41 120 byte 2 days old -- fwtsqmfile00.sqm
    20.08.2008 18:49:41 120 byte 2 days old -- fwtsqmfile19.sqm
    20.08.2008 18:51:56 120 byte 2 days old -- fwtsqmfile01.sqm
    20.08.2008 19:12:27 120 byte 2 days old -- fwtsqmfile02.sqm
    20.08.2008 19:33:31 120 byte 2 days old -- fwtsqmfile03.sqm
    20.08.2008 19:54:16 120 byte 2 days old -- fwtsqmfile04.sqm
    20.08.2008 20:00:15 120 byte 2 days old -- fwtsqmfile05.sqm
    20.08.2008 20:00:20 120 byte 2 days old -- fwtsqmfile06.sqm
    20.08.2008 20:00:21 120 byte 2 days old -- fwtsqmfile07.sqm
    20.08.2008 20:00:31 120 byte 2 days old -- fwtsqmfile08.sqm
    20.08.2008 20:00:39 120 byte 2 days old -- fwtsqmfile09.sqm
    20.08.2008 20:14:45 120 byte 2 days old -- fwtsqmfile10.sqm
    20.08.2008 20:36:55 120 byte 2 days old -- fwtsqmfile11.sqm
    21.08.2008 22:03:43 14642 byte 1 days old -- MpSigStub.log
    22.08.2008 02:13:30 3798 byte 0 days old -- MpCmdRun.log

    ----- recent files in C:\Program Files\
    05.08.2008 18:31:21 (DIR) 0 byte 17 days old -- Java
    05.08.2008 18:32:02 (DIR) 0 byte 17 days old -- Intel, Inc
    05.08.2008 18:33:58 (DIR) 0 byte 17 days old -- Protector Suite QL
    05.08.2008 18:34:38 (DIR) 0 byte 17 days old -- Creative Live! Cam
    05.08.2008 18:35:22 (DIR) 0 byte 17 days old -- Creative
    05.08.2008 18:36:22 (DIR) 0 byte 17 days old -- Intel
    05.08.2008 18:40:37 (DIR) 0 byte 17 days old -- WIDCOMM
    05.08.2008 18:43:52 (DIR) 0 byte 17 days old -- Dell Support Center
    05.08.2008 18:45:27 (DIR) 0 byte 17 days old -- CyberLink
    05.08.2008 18:46:29 (DIR) 0 byte 17 days old -- Microsoft Office
    05.08.2008 18:47:09 (DIR) 0 byte 17 days old -- Microsoft Works
    05.08.2008 18:49:26 (DIR) 0 byte 17 days old -- Roxio
    05.08.2008 18:50:51 (DIR) 0 byte 17 days old -- Citrix
    05.08.2008 18:55:35 (DIR) 0 byte 17 days old -- Dell
    05.08.2008 20:19:49 (DIR) 0 byte 17 days old -- Sigmatel
    06.08.2008 04:14:20 (DIR) 0 byte 16 days old -- DellTPad
    18.08.2008 22:01:35 (DIR) 0 byte 4 days old -- Windows NT
    18.08.2008 22:01:35 (DIR) 0 byte 4 days old -- Fichiers communs
    18.08.2008 22:25:04 (DIR) 0 byte 4 days old -- Logitech
    18.08.2008 22:25:12 (DIR) 0 byte 4 days old -- InstallShield Installation Information
    18.08.2008 22:30:26 (DIR) 0 byte 4 days old -- Windows Mail
    18.08.2008 23:13:05 (DIR) 0 byte 4 days old -- Google
    18.08.2008 23:51:06 (DIR) 0 byte 4 days old -- The KMPlayer
    18.08.2008 23:53:06 (DIR) 0 byte 4 days old -- WinRAR
    19.08.2008 01:05:54 (DIR) 0 byte 3 days old -- Skype
    19.08.2008 01:12:47 (DIR) 0 byte 3 days old -- uTorrent
    19.08.2008 01:22:48 (DIR) 0 byte 3 days old -- DivX
    19.08.2008 13:26:15 (DIR) 0 byte 3 days old -- PhotoFiltre
    21.08.2008 00:48:16 (DIR) 0 byte 1 days old -- Windows Live
    21.08.2008 12:53:48 (DIR) 0 byte 1 days old -- MSN Messenger
    21.08.2008 13:01:14 (DIR) 0 byte 1 days old -- ma-config.com
    21.08.2008 15:12:44 (DIR) 0 byte 1 days old -- COMODO
    21.08.2008 15:17:39 (DIR) 0 byte 1 days old -- eMule
    21.08.2008 22:05:31 (DIR) 0 byte 1 days old -- Common Files
    21.08.2008 22:05:31 (DIR) 0 byte 1 days old -- Adobe
    22.08.2008 02:13:37 (DIR) 0 byte 0 days old -- SystemRequirementsLab
    22.08.2008 02:34:13 (DIR) 0 byte 0 days old -- Avira
    22.08.2008 03:12:28 (DIR) 0 byte 0 days old -- Malwarebytes' Anti-Malware
    22.08.2008 04:57:54 (DIR) 0 byte 0 days old -- Spybot - Search & Destroy
    22.08.2008 12:12:07 (DIR) 0 byte 0 days old -- Trend Micro
    22.08.2008 14:18:22 (DIR) 0 byte 0 days old -- Mozilla Firefox

    ----- recent files in C:\Program Files\Common Files\
    05.08.2008 18:31:04 (DIR) 0 byte 17 days old -- Java
    05.08.2008 18:35:10 (DIR) 0 byte 17 days old -- Reallusion
    05.08.2008 18:43:49 (DIR) 0 byte 17 days old -- supportsoft
    05.08.2008 18:47:43 (DIR) 0 byte 17 days old -- InstallShield
    05.08.2008 18:48:38 (DIR) 0 byte 17 days old -- Sonic Shared
    05.08.2008 18:48:38 (DIR) 0 byte 17 days old -- Roxio Shared
    05.08.2008 18:49:26 (DIR) 0 byte 17 days old -- SureThing Shared
    18.08.2008 22:25:09 (DIR) 0 byte 4 days old -- Logitech
    18.08.2008 22:25:25 (DIR) 0 byte 4 days old -- LogiShrd
    19.08.2008 01:05:54 (DIR) 0 byte 3 days old -- Skype
    19.08.2008 11:24:43 (DIR) 0 byte 3 days old -- Adobe(3)
    19.08.2008 15:26:04 (DIR) 0 byte 3 days old -- WindowsLiveInstaller
    21.08.2008 00:36:38 (DIR) 0 byte 1 days old -- PX Storage Engine
    21.08.2008 12:53:47 (DIR) 0 byte 1 days old -- microsoft shared
    21.08.2008 22:05:36 (DIR) 0 byte 1 days old -- Adobe

    ----- recent files in C:\Users\Marc\AppData\Roaming\
    18.08.2008 22:05:06 (DIR) 0 byte 4 days old -- Dell
    18.08.2008 22:05:37 (DIR) 0 byte 4 days old -- Identities
    18.08.2008 22:25:02 (DIR) 0 byte 4 days old -- InstallShield
    18.08.2008 22:29:29 (DIR) 0 byte 4 days old -- Logitech
    18.08.2008 22:47:28 (DIR) 0 byte 4 days old -- Intel
    18.08.2008 23:04:06 (DIR) 0 byte 4 days old -- Macromedia
    18.08.2008 23:22:46 (DIR) 0 byte 4 days old -- Mozilla
    18.08.2008 23:54:56 (DIR) 0 byte 4 days old -- WinRAR
    19.08.2008 01:35:28 (DIR) 0 byte 3 days old -- CyberLink
    19.08.2008 03:01:00 (DIR) 0 byte 3 days old -- Adobe
    19.08.2008 12:46:26 (DIR) 0 byte 3 days old -- DivX
    21.08.2008 00:03:07 (DIR) 0 byte 1 days old -- Microsoft
    21.08.2008 15:12:44 (DIR) 0 byte 1 days old -- Comodo
    21.08.2008 16:05:42 (DIR) 0 byte 1 days old -- skypePM
    21.08.2008 20:48:57 (DIR) 0 byte 1 days old -- Skype
    22.08.2008 02:13:27 (DIR) 0 byte 0 days old -- SystemRequirementsLab
    22.08.2008 02:25:16 (DIR) 0 byte 0 days old -- uTorrent
    22.08.2008 02:41:14 (DIR) 0 byte 0 days old -- Avira
    22.08.2008 03:11:14 (DIR) 0 byte 0 days old -- Malwarebytes

    ----- recent files in C:\Users\Marc\AppData\Local\Temp\
    18.08.2008 22:27:57 (DIR) 0 byte 4 days old -- {612C7D1E-66F3-46AC-97CE-D38006043884}
    18.08.2008 22:47:14 (DIR) 0 byte 4 days old -- BTN%Copy%1
    18.08.2008 23:08:47 (DIR) 0 byte 4 days old -- Drivers
    18.08.2008 23:08:47 (DIR) 0 byte 4 days old -- scanners
    18.08.2008 23:08:47 (DIR) 0 byte 4 days old -- comodo
    18.08.2008 23:13:05 (DIR) 0 byte 4 days old -- CDIResData
    18.08.2008 23:51:19 (DIR) 0 byte 4 days old -- {63d716f9-8880-4979-bae8-cd42242fea50}
    19.08.2008 03:00:48 (DIR) 0 byte 3 days old -- Adobe
    21.08.2008 13:02:57 (DIR) 0 byte 1 days old -- plugtmp
    21.08.2008 21:42:55 (DIR) 0 byte 1 days old -- plugtmp-2
    22.08.2008 02:25:23 (DIR) 0 byte 0 days old -- hsperfdata_Marc
    22.08.2008 04:55:22 (DIR) 0 byte 0 days old -- XScanResult
    22.08.2008 04:55:22 (DIR) 0 byte 0 days old -- testnsis
    22.08.2008 04:55:22 (DIR) 0 byte 0 days old -- RarSFX1
    22.08.2008 04:55:22 (DIR) 0 byte 0 days old -- plugtmp-1
    22.08.2008 04:55:22 (DIR) 0 byte 0 days old -- MessengerCache
    22.08.2008 04:55:22 (DIR) 0 byte 0 days old -- Google Toolbar
    22.08.2008 04:55:22 (DIR) 0 byte 0 days old -- nso188.tmp
    22.08.2008 12:17:12 (DIR) 0 byte 0 days old -- Low
    22.08.2008 12:24:20 (DIR) 0 byte 0 days old -- {947b1475-c0f7-46e4-99ee-2e3eb99ad7a0}
    22.08.2008 13:58:30 311296 byte 0 days old -- ~DFA955.tmp
    22.08.2008 14:11:24 (DIR) 0 byte 0 days old -- plugtmp-3
    22.08.2008 14:18:20 (DIR) 0 byte 0 days old -- WPDNSE
    22.08.2008 14:18:47 28700 byte 0 days old -- etilqs_VO9R86I3UHSXU4RephaM
    22.08.2008 14:19:54 31832 byte 0 days old -- Marc.bmp
    22.08.2008 14:28:16 34 byte 0 days old -- systemscan.ini
    22.08.2008 14:28:35 (DIR) 0 byte 0 days old -- nstBB82.tmp
    22.08.2008 14:28:35 16384 byte 0 days old -- ~DF6469.tmp

    ===================== REGISTRY SCAN =====================

    -----HKLM\Software\Microsoft\Windows\CurrentVersion\Run-----

    [Run]
    "Windows Defender"=expand:"%ProgramFiles%\Windows Defender\MSASCui.exe -hide"
    "ECenter"="C:\Dell\E-Center\EULALauncher.exe"
    "Apoint"="C:\Program Files\DellTPad\Apoint.exe"
    "OEM02Mon.exe"="C:\Windows\OEM02Mon.exe"
    "SigmatelSysTrayApp"=expand:"%ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe"
    "NvSvc"="RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart"
    "NvCplDaemon"="RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup"
    "NvMediaCenter"="RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit"
    "NVHotkey"="rundll32.exe C:\Windows\system32\nvHotkey.dll,Start"
    "PSQLLauncher"="\"C:\Program Files\Protector Suite QL\launcher.exe\" /startup"
    "DELL Webcam Manager"="\"C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe\" /s"
    "IAAnotif"="\"C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe\""
    "dscactivate"="\"C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe\""
    "PCMService"="\"C:\Program Files\Dell\MediaDirect\PCMService.exe\""
    "Bluetooth Connection Assistant"="LBTWIZ.EXE -silent"
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE"
    "DellSupportCenter"="\"C:\Program Files\Dell Support Center\bin\sprtcmd.exe\" /P DellSupportCenter"
    "Adobe Reader Speed Launcher"="\"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe\""
    "avgnt"="\"C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe\" /min"
    "Malwarebytes Anti-Malware (reboot)"="\"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe\" /runcleanupscript"

    [Run\OptionalComponents]
    @=""

    [Run\OptionalComponents\IMAIL]
    "Installed"="1"
    @=""

    [Run\OptionalComponents\MAPI]
    "NoChange"="1"
    "Installed"="1"
    @=""

    [Run\OptionalComponents\MSFS]
    "Installed"="1"
    @=""

    -----HKCU\Software\Microsoft\Windows\CurrentVersion\Run-----

    [Run]
    "DellSupportCenter"="\"C:\Program Files\Dell Support Center\bin\sprtcmd.exe\" /P DellSupportCenter"
    "MsnMsgr"="\"C:\Program Files\MSN Messenger\MsnMsgr.Exe\" /background"
    "%AWinUpdate"="C:\WINDOWS\wuauclt.vbs"
    "%ProtectMyPC"="C:\Program Files\Internet Explorer\iexplore.exe http://gomyhit.com/MjA2MTk=/2/7391/ratna/"
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"

    -----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-----

    [Run]

    -----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

    -----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

    -----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-----

    [Windows]
    "AppInit_DLLs"=""

    -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad-----

    [ShellServiceObjectDelayLoad]
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    #### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"C:\Windows\system32\webcheck.dll"

    -----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-----

    [ShellExecuteHooks]

    -----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

    [Winlogon]
    "Shell"="explorer.exe"
    "Userinit"="C:\Windows\system32\userinit.exe,"
    "VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
    "WinStationsDisabled"="0"

    [Winlogon\GPExtensions]

    [Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
    "@="Wireless Group Policy"
    "DllName"=expand:"wlgpclnt.dll"

    [Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
    "@="Folder Redirection"
    "DllName"=expand:"fdeploy.dll"

    [Winlogon\GPExtensions\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}]

    [Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
    "@="Microsoft Disk Quota"
    "DllName"=expand:"%SystemRoot%\System32\dskquota.dll"

    [Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
    "@="QoS Packet Scheduler"
    "DllName"=expand:"gptext.dll"

    [Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
    "DllName"=expand:"iedkcs32.dll"
    "@="Internet Explorer Zonemapping"

    [Winlogon\GPExtensions\{7933F41E-56F8-41d6-A31C-4148A711EE93}]
    "@="Windows Search Group Policy Extension"
    "DllName"=expand:"%SystemRoot%\System32\srchadmin.dll"

    [Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
    "@="Security"
    "DllName"=expand:"scecli.dll"

    [Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
    "DllName"="iedkcs32.dll"
    "@="Internet Explorer Branding"

    [Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
    "DllName"=expand:"scecli.dll"
    "@="EFS recovery"

    [Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
    "@="802.3 Group Policy"
    "DllName"=expand:"dot3gpclnt.dll"

    [Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
    "@="IP Security"
    "DllName"=expand:"%SystemRoot%\System32\polstore.dll"

    [Winlogon\GPExtensions\{FB2CA36D-0B40-4307-821B-A13B252DE56C}]
    "@="Enterprise QoS"
    "DllName"=expand:"gptext.dll"

    [Winlogon\Notify]

    [Winlogon\Notify\GoToAssist]
    "DLLName"="C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll"

    [Winlogon\Notify\psfus]
    "DLLName"="C:\Windows\system32\psqlpwd.dll"

    -----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

    [Winlogon]
    "ExcludeProfileDirs"="AppData\Local;AppData\LocalLow;$Recycle.Bin"
    "BuildNumber"=dword:00001771
    "ParseAutoexec"="1"
    "FirstLogon"=dword:00000000

    -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-----

    -----HKLM\System\CurrentControlSet\Control\Session Manager\-----

    [Session Manager]
    "BootExecute"=multi:"autocheck autochk *\00\00"

    [Session Manager\SubSystems]
    "Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"

    -----HKLM\SYSTEM\CurrentControlSet\Control\WOW-----

    [WOW]

    -----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-----

    -----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

    [RunOnce]

    -----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

    -----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-----

    -----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

    -----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

    [RunOnce]

    -----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

    -----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-----

    -----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-----

    -----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

    -----HKLM\Software\Microsoft\Command Processor\Autorun-----

    -----HKCU\Software\Microsoft\Command Processor\Autorun-----

    -----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-----

    -----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup-----

    -----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

    -----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

    -----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

    -----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run-----

    -----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-----

    -----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

    -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-----

    [SharedTaskScheduler]
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
    #### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"

    -----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-----

    [Browser Helper Objects]

    [Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    #### HKCR\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\InprocServer32 @="C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll"
    @="AcroIEHelperStub"
    "NoExplorer"=dword:00000001

    [Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    #### HKCR\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\InprocServer32 @="C:\PROGRA~1\SPYBOT~1\SDHelper.dll"

    [Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    #### HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InprocServer32 @="C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll"
    "NoExplorer"=dword:00000001

    [Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
    @=""

    [Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
    #### HKCR\CLSID\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\InprocServer32 @="C:\Program Files\Dell\BAE\BAE.dll"
    @="Browser Address Error Redirector"

    -----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-----

    [URLSearchHooks]
    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
    #### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @="C:\Windows\system32\ieframe.dll"

    -----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig-----

    -----HKCU\Control Panel\Desktop\-----

    [Desktop]
    "SCRNSAVE.EXE"="C:\Windows\system32\logon.scr"

    [Desktop\LanguageConfiguration]

    [Desktop\WindowMetrics]

    -----HKEY_CLASSES_ROOT\exefile\shell\open\command-----

    [command]
    @="\"%1\" %*"
    "IsolatedCommand"="\"%1\" %*"

    -----HKEY_CLASSES_ROOT\comfile\shell\open\command-----

    [command]
    @="\"%1\" %*"

    -----HKEY_CLASSES_ROOT\batfile\shell\open\command-----

    [command]
    @="\"%1\" %*"

    -----HKEY_CLASSES_ROOT\piffile\shell\open\command-----

    [command]
    @="\"%1\" %*"

    -----HKEY_CLASSES_ROOT\scrFile\shell\open\command-----

    [command]
    @="\"%1\" %*"

    -----HKEY_CLASSES_ROOT\htafile\shell\open\command-----

    [Command]
    @="C:\Windows\system32\mshta.exe \"%1\" %*"

    -----HKEY_CLASSES_ROOT\logfile\shell\open\command-----

    -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL-----

    [URL]

    [URL\DefaultPrefix]
    @="http://"

    [URL\Prefixes]
    "ftp"="ftp://"
    "home"="http://"
    "mosaic"="http://"
    "www"="http://"

    -----HKLM\SYSTEM\CurrentControlSet\Control\Lsa-----

    [Lsa]

    [Lsa\AccessProviders]

    [Lsa\AccessProviders\Windows NT Access Provider]
    "ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"

    [Lsa\Audit]

    [Lsa\Audit\AuditPolicy]

    [Lsa\Audit\PerUserAuditing]

    [Lsa\Audit\PerUserAuditing\System]

    [Lsa\Credssp]

    [Lsa\Data]

    [Lsa\FipsAlgorithmPolicy]

    [Lsa\SSO]

    [Lsa\SSO\Passport1.4]
    "SSOURL"="http://www.passport.com"

    [Lsa\SspiCache]

    -----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-----

    [SharedAccess]
    "DisplayName"="@%SystemRoot%\system32\ipnathlp.dll,-106"
    "ImagePath"=expand:"%SystemRoot%\System32\svchost.exe -k netsvcs"
    "Description"="@%SystemRoot%\system32\ipnathlp.dll,-107"
    "ObjectName"="LocalSystem"
    "ErrorControl"=dword:00000001
    "Start"=dword:00000004
    "Type"=dword:00000020
    "DependOnService"=multi:"Netman\00WinMgmt\00RasMan\00BFE\00\00"
    "ServiceSidType"=dword:00000001
    "RequiredPrivileges"=multi:"SeChangeNotifyPrivilege\00SeCreateGlobalPrivilege\00SeImpersonatePrivilege\00SeLoadDriverPrivilege\00SeTakeOwnershipPrivilege\00\00"
    "FailureActions"=hex:84,03,00,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\

    [SharedAccess\Defaults]

    [SharedAccess\Defaults\FirewallPolicy]
    "IPSecExempt"=dword:00000001
    "DisableStatefulFTP"=dword:00000000
    "DisableStatefulPPTP"=dword:00000000
    "PolicyVersion"=dword:00000201

    [SharedAccess\Defaults\FirewallPolicy\DomainProfile]
    "DisableNotifications"=dword:00000000
    "EnableFirewall"=dword:00000001

    [SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging]
    "LogFileSize"=dword:00001000
    "LogFilePath"="%systemroot%\system32\LogFiles\Firewall\pfirewall.log"

    [SharedAccess\Defaults\FirewallPolicy\FirewallRules]
    "PerfLogsAlerts-PLASrv-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\plasrv.exe|xxxxx@xxxxxv.exe,-10000|Desc=@PlaSrv.exe,-10001|EmbedCtxt=@PlaSrv.exe,-10005|Edge=FALSE|"
    "PerfLogsAlerts-DCOM-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=135|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=rpcss|xxxxx@xxxxxv.exe,-10002|Desc=@PlaSrv.exe,-10003|EmbedCtxt=@PlaSrv.exe,-10005|Edge=FALSE|"
    "PerfLogsAlerts-PLASrv-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\plasrv.exe|xxxxx@xxxxxv.exe,-10000|Desc=@PlaSrv.exe,-10001|EmbedCtxt=@PlaSrv.exe,-10005|Edge=FALSE|"
    "PerfLogsAlerts-DCOM-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%systemroot%\system32\svchost.exe|Svc=rpcss|xxxxx@xxxxxv.exe,-10002|Desc=@PlaSrv.exe,-10003|EmbedCtxt=@PlaSrv.exe,-10005|Edge=FALSE|"
    "WMP-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31003|Desc=@FirewallAPI.dll,-31006|EmbedCtxt=@FirewallAPI.dll,-31002|Edge=FALSE|"
    "WMP-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31007|Desc=@FirewallAPI.dll,-31010|EmbedCtxt=@FirewallAPI.dll,-31002|Edge=FALSE|"
    "WMP-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31011|Desc=@FirewallAPI.dll,-31014|EmbedCtxt=@FirewallAPI.dll,-31002|Edge=FALSE|"
    "WMPNSS-QWave-In-UDP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-31253|Desc=@FirewallAPI.dll,-31256|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
    "WMPNSS-QWave-Out-UDP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-31257|Desc=@FirewallAPI.dll,-31260|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
    "WMPNSS-QWave-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-31261|Desc=@FirewallAPI.dll,-31264|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
    "WMPNSS-QWave-Out-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-31265|Desc=@FirewallAPI.dll,-31268|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
    "WMPNSS-HTTPSTR-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=10243|App=System|xxxxx@xxxxxallAPI.dll,-31285|Desc=@FirewallAPI.dll,-31288|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
    "WMPNSS-HTTPSTR-Out-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=10243|App=System|xxxxx@xxxxxallAPI.dll,-31289|Desc=@FirewallAPI.dll,-31292|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
    "WMPNSS-WMP-In-UDP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31293|Desc=@FirewallAPI.dll,-31296|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
    "WMPNSS-WMP-Out-UDP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31297|Desc=@FirewallAPI.dll,-31300|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
    "WMPNSS-WMP-Out-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31301|Desc=@FirewallAPI.dll,-31304|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
    "WMPNSS-In-UDP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|xxxxx@xxxxxallAPI.dll,-31305|Desc=@FirewallAPI.dll,-31308|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
    "WMPNSS-Out-UDP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|xxxxx@xxxxxallAPI.dll,-31309|Desc=@FirewallAPI.dll,-31312|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
    "WMPNSS-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|xxxxx@xxxxxallAPI.dll,-31313|Desc=@FirewallAPI.dll,-31316|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
    "WMPNSS-Out-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|xxxxx@xxxxxallAPI.dll,-31317|Desc=@FirewallAPI.dll,-31320|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
    "WMPNSS-QWave-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-31253|Desc=@FirewallAPI.dll,-31256|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
    "WMPNSS-QWave-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-31257|Desc=@FirewallAPI.dll,-31260|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
    "WMPNSS-QWave-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-31261|Desc=@FirewallAPI.dll,-31264|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
    "WMPNSS-QWave-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-31265|Desc=@FirewallAPI.dll,-31268|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
    "WMPNSS-SSDPSrv-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|xxxxx@xxxxxallAPI.dll,-31269|Desc=@FirewallAPI.dll,-31272|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
    "WMPNSS-SSDPSrv-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|xxxxx@xxxxxallAPI.dll,-31273|Desc=@FirewallAPI.dll,-31276|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
    "WMPNSS-UPnPHost-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-31277|Desc=@FirewallAPI.dll,-31280|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
    "WMPNSS-UPnPHost-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-31281|Desc=@FirewallAPI.dll,-31284|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
    "WMPNSS-HTTPSTR-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=10243|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-31285|Desc=@FirewallAPI.dll,-31288|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
    "WMPNSS-HTTPSTR-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=10243|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-31289|Desc=@FirewallAPI.dll,-31292|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
    "WMPNSS-WMP-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31293|Desc=@FirewallAPI.dll,-31296|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
    "WMPNSS-WMP-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31297|Desc=@FirewallAPI.dll,-31300|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
    "WMPNSS-WMP-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31301|Desc=@FirewallAPI.dll,-31304|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
    "WMPNSS-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|xxxxx@xxxxxallAPI.dll,-31305|Desc=@FirewallAPI.dll,-31308|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
    "WMPNSS-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|xxxxx@xxxxxallAPI.dll,-31309|Desc=@FirewallAPI.dll,-31312|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
    "WMPNSS-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|xxxxx@xxxxxallAPI.dll,-31313|Desc=@FirewallAPI.dll,-31316|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
    "WMPNSS-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|xxxxx@xxxxxallAPI.dll,-31317|Desc=@FirewallAPI.dll,-31320|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
    "WMPNSS-UPnP-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|xxxxx@xxxxxallAPI.dll,-31321|Desc=@FirewallAPI.dll,-31322|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
    "MCX-SSDPSrv-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-30753|Desc=@FirewallAPI.dll,-30756|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE|"
    "MCX-SSDPSrv-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-30757|Desc=@FirewallAPI.dll,-30760|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE|"
    "MCX-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=554|LPort=8554|LPort=8555|LPort=8556|LPort=8557|LPort=8558|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ehome\ehshell.exe|xxxxx@xxxxxallAPI.dll,-30761|Desc=@FirewallAPI.dll,-30764|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE|"
    "MCX-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ehome\ehshell.exe|xxxxx@xxxxxallAPI.dll,-30765|Desc=@FirewallAPI.dll,-30768|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE|"
    "MCX-QWave-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-30769|Desc=@FirewallAPI.dll,-30772|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE|"
    "MCX-QWave-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-30773|Desc=@FirewallAPI.dll,-30776|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE|"
    "MCX-QWave-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-30777|Desc=@FirewallAPI.dll,-30780|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE|"
    "MCX-QWave-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-30781|Desc=@FirewallAPI.dll,-30784|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE|"
    "MCX-HTTPSTR-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=10244|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-30785|Desc=@FirewallAPI.dll,-30788|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE|"
    "MCX-HTTPSTR-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=10244|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-30789|Desc=@FirewallAPI.dll,-30792|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE|"
    "MCX-TERMSRV-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=3390|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-30793|Desc=@FirewallAPI.dll,-30796|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE|"
    "MCX-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=7777|LPort=7778|LPort=7779|LPort=7780|LPort=7781|LPort=5004|LPort=5005|LPort=50004|LPort=50005|LPort=50006|LPort=50007|LPort=50008|LPort=50009|LPort=50010|LPort=50011|LPort=50012|LPort=50013|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ehome\ehshell.exe|xxxxx@xxxxxallAPI.dll,-30801|Desc=@FirewallAPI.dll,-30804|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE|"
    "MCX-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ehome\ehshell.exe|xxxxx@xxxxxallAPI.dll,-30805|Desc=@FirewallAPI.dll,-30808|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE|"
    "MCX-MCX2SVC-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=mcx2svc|xxxxx@xxxxxallAPI.dll,-30810|Desc=@FirewallAPI.dll,-30811|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE|"
    "MCX-Prov-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ehome\mcx2prov.exe|xxxxx@xxxxxallAPI.dll,-30812|Desc=@FirewallAPI.dll,-30813|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE|"
    "WinCollab-DFSR-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=5722|App=%SystemRoot%\system32\dfsr.exe|Svc=Dfsr|xxxxx@xxxxxallAPI.dll,-32253|Desc=@FirewallAPI.dll,-32256|EmbedCtxt=@FirewallAPI.dll,-32252|Edge=TRUE|"
    "WinCollab-DFSR-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=5722|App=%SystemRoot%\system32\dfsr.exe|Svc=Dfsr|xxxxx@xxxxxallAPI.dll,-32257|Desc=@FirewallAPI.dll,-32260|EmbedCtxt=@FirewallAPI.dll,-32252|Edge=FALSE|"
    "WinCollab-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|App=%ProgramFiles%\Windows Collaboration\WinCollab.exe|xxxxx@xxxxxallAPI.dll,-32261|Desc=@FirewallAPI.dll,-32264|EmbedCtxt=@FirewallAPI.dll,-32252|Edge=TRUE|"
    "WinCollab-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|App=%ProgramFiles%\Windows Collaboration\WinCollab.exe|xxxxx@xxxxxallAPI.dll,-32265|Desc=@FirewallAPI.dll,-32268|EmbedCtxt=@FirewallAPI.dll,-32252|Edge=FALSE|"
    "WinCollab-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|App=%ProgramFiles%\Windows Collaboration\WinCollab.exe|xxxxx@xxxxxallAPI.dll,-32269|Desc=@FirewallAPI.dll,-32272|EmbedCtxt=@FirewallAPI.dll,-32252|Edge=TRUE|"
    "WinCollab-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|App=%ProgramFiles%\Windows Collaboration\WinCollab.exe|xxxxx@xxxxxallAPI.dll,-32273|Desc=@FirewallAPI.dll,-32276|EmbedCtxt=@FirewallAPI.dll,-32252|Edge=FALSE|"
    "WinCollab-P2P-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=3587|App=%SystemRoot%\system32\svchost.exe|Svc=P2PSvc|xxxxx@xxxxxallAPI.dll,-32277|Desc=@FirewallAPI.dll,-32280|EmbedCtxt=@FirewallAPI.dll,-32252|Edge=TRUE|"
    "WinCollab-P2P-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=3587|App=%SystemRoot%\system32\svchost.exe|Svc=P2PSvc|xxxxx@xxxxxallAPI.dll,-32281|Desc=@FirewallAPI.dll,-32284|EmbedCtxt=@FirewallAPI.dll,-32252|Edge=FALSE|"
    "RemoteAdmin-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=*|xxxxx@xxxxxallAPI.dll,-29753|Desc=@FirewallAPI.dll,-29756|EmbedCtxt=@FirewallAPI.dll,-29752|Edge=FALSE|"
    "RemoteAdmin-NP-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|xxxxx@xxxxxallAPI.dll,-29757|Desc=@FirewallAPI.dll,-29760|EmbedCtxt=@FirewallAPI.dll,-29752|Edge=FALSE|"
    "RemoteAdmin-RPCSS-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-29765|Desc=@FirewallAPI.dll,-29768|EmbedCtxt=@FirewallAPI.dll,-29752|Edge=FALSE|"
    "RemoteAdmin-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=*|xxxxx@xxxxxallAPI.dll,-29753|Desc=@FirewallAPI.dll,-29756|EmbedCtxt=@FirewallAPI.dll,-29752|Edge=FALSE|"
    "RemoteAdmin-NP-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-29757|Desc=@FirewallAPI.dll,-29760|EmbedCtxt=@FirewallAPI.dll,-29752|Edge=FALSE|"
    "RemoteAdmin-RPCSS-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-29765|Desc=@FirewallAPI.dll,-29768|EmbedCtxt=@FirewallAPI.dll,-29752|Edge=FALSE|"
    "MsiScsi-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|xxxxx@xxxxxallAPI.dll,-29003|Desc=@FirewallAPI.dll,-29006|EmbedCtxt=@FirewallAPI.dll,-29002|Edge=FALSE|"
    "MsiScsi-Out-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|xxxxx@xxxxxallAPI.dll,-29007|Desc=@FirewallAPI.dll,-29010|EmbedCtxt=@FirewallAPI.dll,-29002|Edge=FALSE|"
    "MsiScsi-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|xxxxx@xxxxxallAPI.dll,-29003|Desc=@FirewallAPI.dll,-29006|EmbedCtxt=@FirewallAPI.dll,-29002|Edge=FALSE|"
    "MsiScsi-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|xxxxx@xxxxxallAPI.dll,-29007|Desc=@FirewallAPI.dll,-29010|EmbedCtxt=@FirewallAPI.dll,-29002|Edge=FALSE|"
    "Collab-P2PHost-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|App=%SystemRoot%\system32\p2phost.exe|xxxxx@xxxxxallAPI.dll,-32003|Desc=@FirewallAPI.dll,-32006|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=TRUE|"
    "Collab-P2PHost-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|App=%SystemRoot%\system32\p2phost.exe|xxxxx@xxxxxallAPI.dll,-32007|Desc=@FirewallAPI.dll,-32010|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=FALSE|"
    "Collab-P2PHost-WSD-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\p2phost.exe|xxxxx@xxxxxallAPI.dll,-32011|Desc=@FirewallAPI.dll,-32014|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=FALSE|"
    "Collab-P2PHost-WSD-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\p2phost.exe|xxxxx@xxxxxallAPI.dll,-32015|Desc=@FirewallAPI.dll,-32018|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=FALSE|"
    "Collab-PNRP-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|xxxxx@xxxxxallAPI.dll,-32019|Desc=@FirewallAPI.dll,-32022|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=TRUE|"
    "Collab-PNRP-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|xxxxx@xxxxxallAPI.dll,-32023|Desc=@FirewallAPI.dll,-32026|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=FALSE|"
    "Collab-PNRP-SSDPSrv-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-32027|Desc=@FirewallAPI.dll,-32030|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=FALSE|"
    "Collab-PNRP-SSDPSrv-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-32031|Desc=@FirewallAPI.dll,-32034|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=FALSE|"
    "RVM-VDS-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\vds.exe|Svc=vds|xxxxx@xxxxxallAPI.dll,-34502|Desc=@FirewallAPI.dll,-34503|EmbedCtxt=@FirewallAPI.dll,-34501|Edge=FALSE|"
    "RVM-VDSLDR-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\vdsldr.exe|xxxxx@xxxxxallAPI.dll,-34504|Desc=@FirewallAPI.dll,-34505|EmbedCtxt=@FirewallAPI.dll,-34501|Edge=FALSE|"
    "RVM-RPCSS-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-34506|Desc=@FirewallAPI.dll,-34507|EmbedCtxt=@FirewallAPI.dll,-34501|Edge=FALSE|"
    "RVM-VDS-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\vds.exe|Svc=vds|xxxxx@xxxxxallAPI.dll,-34502|Desc=@FirewallAPI.dll,-34503|EmbedCtxt=@FirewallAPI.dll,-34501|Edge=FALSE|"
    "RVM-VDSLDR-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\vdsldr.exe|xxxxx@xxxxxallAPI.dll,-34504|Desc=@FirewallAPI.dll,-34505|EmbedCtxt=@FirewallAPI.dll,-34501
    0
  9. Utilisateur anonyme
     
    Re ,

    Merci.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    Lance SystemScan ,

    Clique sur ' Removal Script '

    Puis copie ce texte (en gras) :


    Files to delete:
    C:\WINDOWS\wuauclt.vbs
    C:\Users\Marc\AppData\Local\Temp\nso188.tmp
    C:\Users\Marc\AppData\Local\Temp\nstBB82.tmp

    Registry values to delete:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Adobe Reader Speed Launcher
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run|%AWinUpdate
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run|%ProtectMyPC

    Programs to launch on reboot:
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe



    Et colle-le dans le cadre blanc.

    Puis clique sur " Proceed With Removal "

    Ton pc va redémarrer , au redémarrage , Hijackthis va se lancer , poste-en moi un rapport.


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    ++
    0
  10. Marc23 Messages postés 14 Statut Membre
     
    Merci à toi.

    J'ai fais ce que tu m'a dis là mais ça me met un message d'erreur qui dis que c'est compatible uniquement avec xp :(
    0
  11. Utilisateur anonyme
     
    Re ,

    Ok.
    Pas bien grave.

    supprime ces fichiers :

    C:\WINDOWS\wuauclt.vbs
    C:\Users\Marc\AppData\Local\Temp\nso188.tmp
    C:\Users\Marc\AppData\Local\Temp\nstBB82.tmp

    → Relance hijackthis , en menu principal choisis ' Do a system scan only' Et fixe ces/cette ligne(s) : ( coche la case à leurs gauches )

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [%AWinUpdate] C:\WINDOWS\wuauclt.vbs
    O4 - HKCU\..\Run: [%ProtectMyPC] C:\Program Files\Internet Explorer\iexplore.exe http://gomyhit.com/MjA2MTk=/2/7391/ratna/


    Ferme toutes les fenêtres (hormis Hijackthis), y compris ton navigateur web.

    → clique sur ' fixchecked '

    Redémarre , et reposte un rapport hijackthis

    ++
    0
  12. Marc23 Messages postés 14 Statut Membre
     
    Ehm,

    wuauclt.vbs n'est pas dans la liste. Peut-être en dossier caché?

    Pareil pour le dossier AppData, pas présent après utlilisateurs/Marc

    PS:Je peux plus faire clic droit si jamais (pour les fichiers cachés).
    0
  13. Utilisateur anonyme
     
    Salut ,
    En effet , il faut afficher les fichiers et dossiers masqués.

    Va dans ' panneaux de configuration ' > choisi ' affichage classique ' a droite > double clique sur ' options des dossiers ' > va dans l'onglet ' affichage ' , coche :

    Afficher les dossier et fichiers cachés

    [ appliquer ] > ok

    Et continu

    ++
    0
  14. Marc23 Messages postés 14 Statut Membre
     
    Re :)

    Alors j'ai pas trouvé:

    C:\WINDOWS\wuauclt.vbs
    et
    C:\Users\Marc\AppData\Local\Temp\nstBB82.tmp

    j'ai juste trouvé:

    C:\Users\Marc\AppData\Local\Temp\nso188.tmp

    qui était par ailleurs vide.

    Sinon j'ai fais l'opération avec hijackthis :)

    J'ai viens de faire un nouveau rapport de antivir et malwarebytes qui non rien trouvé :)
    Un le nouveau rapport de hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:21:24, on 22.08.2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Dell\DellDock\DellDock.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Windows\system32\conime.exe
    c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ch/ig/dell?hl=fr&client=dell-row&channel=ch&ibd=5080806
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
    O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
    O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
    O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O15 - Trusted Zone: http://www.secuser.com
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
    O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
    O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
    O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
    O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
    O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
    O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
    O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    0
  15. Utilisateur anonyme
     
    Re ,

    As-tu redémarré ?

    quels problèmes ? ceci :

    PS:Je peux plus faire clic droit si jamais (pour les fichiers cachés).
    ?

    ++
    0
  16. Marc23 Messages postés 14 Statut Membre
     
    Je viens de redémarrer :)

    Les problèmes:

    - clic-droit ne fonctionne pas
    - "ordinateur" pas présent dans la liste "démarrage"
    - même chose pour "tous les programmes"
    - En appuyant sur Windows+E je ne vois rien dans le cadre je dois m'orienter avec le menu déroulant à gauche.

    Sinon il est complètement désinfecté maintenant :D ?
    0
  17. Utilisateur anonyme
     
    Re ,

    On va finir.

    Supprime Systemscan.

    _Maintenant , nous allons supprimer les logiciels de désinfection que je t'ai fait téléchargé.
    En effet , s'en servir est dangereux pour le pc si l'on ne s'y connais pas.
    De plus ils sont mis régulièrement à jours.

    → Ferme toutes les applications en cours, puis télécharge ToolsCleaner2 sur ton Bureau.

    → Double clique sur ToolsCleaner2.exe >
    → Clique sur .Recherche
    → puis sur Suppression quand la liste est trouvée.
    → Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

    (CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    Note : ton bureau RISQUE de disparaître, c'est normal. S'il n'apparaît pas à la fin du scan, fais la manip suivante :

    CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
    Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"

    Tape explorer.exe et valide. Cela fera re-apparaître le Bureau

    Tuto : http://www.commentcamarche.net/faq/sujet 8341 toolscleaner suppression des fix de force brute ( merci espion3004 )

    ++
    0
  18. Marc23 Messages postés 14 Statut Membre
     
    -->- Recherche:

    C:\HijackThis.lnk: trouvé !
    C:\avenger: trouvé !
    C:\Program Files\Trend Micro\HijackThis: trouvé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
    C:\Program Files\Trend Micro\HijackThis\HJTInstall.exe: trouvé !
    C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
    C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
    C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
    C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
    C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
    C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Recent\HijackThis.lnk: trouvé !
    C:\Users\Marc\Desktop\hijackthis.log: trouvé !

    ---------------------------------
    -->- Suppression:

    C:\HijackThis.lnk: supprimé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
    C:\Program Files\Trend Micro\HijackThis\HJTInstall.exe: supprimé !
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: supprimé !
    C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Recent\HijackThis.lnk: supprimé !
    C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
    C:\Users\Marc\Desktop\hijackthis.log: supprimé !
    C:\avenger: supprimé !
    C:\Program Files\Trend Micro\HijackThis: supprimé !
    C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: ERREUR DE SUPPRESSION !!
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: supprimé !

    Sauvegarde du registre crée !
    Fichiers temporaires nettoyés !
    0
  19. Utilisateur anonyme
     
    Re ,

    Supprime Toolscleaner + C:\Tcleaner.txt.

    Remasque les fichiers cachés.

    _____________________________________________________________________________

    ● Vide la quarantaine de Malwarebyte's Anti-Malware:

    _ Clique sur le raccourci de "Malwarebytes' Anti-Malware" , puis sur "Quarantaine" .

    sélectionne les divers éléments en cliquant sur "Tout" puis clique sur "Supprime".

    _____________________________________________________________________________

    vide la QUARANTAINE d'ANTIVIR en faisant : "clic-droit sur antivir" > "start antivir" > "quarantaine"
    selectionne ce qui s'y trouve via clic-droit > puis "delete" (ce pour chacun).

    _____________________________________________________________________________

    ● Télécharge la derniere version de Sun Java Runtime Environment 6 Update 7.
    ● Clique sur Windows XP/Vista/2000/2003 En ligne pour télécharger jre-6u7-windows-i586-p-iftw.exe sur ton bureau.
    ● Ferme tout les programmes qui tournent encore - tout spécialement ton navigateur web
    ● Maintenant , va dans " Ajout et suppression de programmes ou " Programmes et fonctionnalités " ( pour Vista ) et désinstalle les anciennes version de Java.
    ● Exemple d'anciennes versions :

    _J2SE Runtime Environment 5.0 Update 10
    _J2SE Runtime Environment 5.0 Update 11
    _Java™ 6 Update 2

    ● Cherche & désinstalle tout ce qui reste de Java Runtime Environment ( JRE or J2SE dans le nom )
    ● Redémarre ton pc après la/les désinstallation(s)
    ● Maintenant double clique sur jre-6u7-windows-i586-p-iftw.exe présent sur ton bureau pour lancer l'installation de la dernière version.

    A lire :
    http://www.secuser.com/vulnerabilite/2008/080305-java.htm

    _____________________________________________________________________________

    Maintenant que ton pc n'est plus infecté creer un nouveau point de restauration

    https://www.astucesinternet.com/modules/smartfaq/faq.php?faqid=113

    _____________________________________________________________________________

    Possèdes-tu le cd d'installation ?

    ++
    0
  20. Marc23 Messages postés 14 Statut Membre
     
    Re, j'étais absent désolé.

    Alors j'ai mis le nouveau java. j'ai lu l'article, c'est étonnant bien que je suis sur que dans mon cas, le problème venait du fichier que j'ai téléchargé.

    Sinon, pour faire le point de restauration, mieux ne vaut-il pas attendre que les problèmes cités plus haut soit résolus?

    PS: Je croyais le problème suivant disparu mais non, quand j'écris, tout les 10-15 mots, le curseur revient en arrière et j'écris par dessus ce que j'ai déjà taper :(

    Edit: ah oui je possède le cd d'installation made in Dell quoi. Mais j'ai aussi la partition Recovery si jamais.
    0
  • 1
  • 2