You have a security problem

Fermé

kuleman Messages postés 3 Date d'inscription dimanche 9 novembre 2008 Statut Membre Dernière intervention 9 novembre 2008 - 9 nov. 2008 à 08:25
toptitbal Messages postés 25709 Date d'inscription samedi 8 juillet 2006 Statut Contributeur sécurité Dernière intervention 4 mars 2010 - 9 nov. 2008 à 14:38

Bonjour,
depuis aujourd'hui, j'ai le bouclier rouge dans la barre des taches, qui me dit "you have a security problem".
et de temps en temps, une fenetre ou deux, s'ouvrent pour que j'aille sur des sites de protection...
j'avais entendu parle de ce virus, et j'aurai besoin d'aide, car c'est impossible a se debarasser tout seul.

comment dois-je faire ? merci de vos conseils

A voir également:

You have a security problem
Microsoft security essentials - Télécharger - Antivirus & Antimalwares
You don't have permission to access this resource ✓ - Forum Réseaux sociaux
Download failed because you may not have purchased this app ✓ - Forum Téléphones & tablettes Android
Over current have been detected on your usb device ✓ - Forum Windows
Usb disk security - Télécharger - Sécurité

3 réponses

Réponse 1 / 3

toptitbal Messages postés 25709 Date d'inscription samedi 8 juillet 2006 Statut Contributeur sécurité Dernière intervention 4 mars 2010 2 229
9 nov. 2008 à 08:30

Bonjour

Télécharge le fichier d’installation d’Hijackthis en cliquant sur ce lien

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

* Enregistre HJTInstall.exe sur ton bureau.

* Double-clique sur HJTInstall.exe pour lancer le programme

Tuto : https://www.malekal.com/tutoriel-hijackthis/
http://pagesperso-orange.fr/rginformatique/section%20virus/Hijenr.gif
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm

* Accepte la license en cliquant sur le bouton "I Accept"
* Choisis l'option "Do a system scan and save a log file"
* Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
* Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport

* Colle le rapport que tu viens de copier sur ce forum

kuleman Messages postés 3 Date d'inscription dimanche 9 novembre 2008 Statut Membre Dernière intervention 9 novembre 2008
9 nov. 2008 à 08:41

wouah, reponse tres rapide !!! j'en suis ravi, car j'ai un travail a finir pour le 13, et ce probleme de virus tombe vraiment tres mal.

voici le hijack log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 오후 4:40:40, on 2008-11-09
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\CAP4RSK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP4SWK.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\regsvr32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\ADMINI~1.KAM\LOCALS~1\Temp\xxx1099.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
C:\DOCUME~1\ADMINI~1.KAM\LOCALS~1\Temp\~tmpc.exe
E:\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\ratatouille.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: 네이버 툴바(&N) - {D09CFF09-A42A-4EDC-9804-E61224F59CA1} - C:\Program Files\naver\NaverToolbar\NaverTB_3_0_3_139.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zfvbwzfulamhzoc] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\wvepuqcomybi.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\ADMINI~1.KAM\LOCALS~1\Temp\xxx1099.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')
O8 - Extra context menu item: Download &Flash Movies - C:\Program Files\Flash2X\Flash Hunter\save.htm
O8 - Extra context menu item: 네이버 검색 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_0_3_139.dll /SEARCH.HTML
O8 - Extra context menu item: 네이버 북마크하기 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_0_3_139.dll /BOOKMARK.HTML
O8 - Extra context menu item: 네이버 블로그 담기 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_0_3_139.dll /BLOG.HTML
O8 - Extra context menu item: 네이버 사전 검색 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_0_3_139.dll /DIC.HTML
O8 - Extra context menu item: 네이버 일한 번역 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_0_3_139.dll /JKTRANS.HTML
O9 - Extra button: 바로연결 - {3EE937ED-CE4C-4416-AC3B-12A59F021185} - C:\Program Files\DC\DirectButton.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.epostbank.go.kr/js/scriptx/smsx.cab
O16 - DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} (INISAFEWeb6 V6 Class) - http://www.mycredit.co.kr/initech/plugin/down/INIS60.cab
O16 - DPF: {3B56E5F0-7B20-48BF-B439-A995BE5191EF} (SessionControl Control) - https://www.wooribank.com/
O16 - DPF: {3EFC2239-B769-469F-A5E6-38693AE0B9DE} (Sysinfo2 Control) - http://210.182.142.35:8020/qms/speed/speedtest/cab/sysinfo2.cab
O16 - DPF: {417A8BA3-7DDF-4C02-919C-4F9D1ED46E58} (PowerComSpeedTest Control) - http://210.182.142.35:8020/qms/speed/speedtest/cab/PowerComSpeedTest.cab
O16 - DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} (CyImage Class) - http://cyimg8.cyworld.com/ImageUpload/CyPictureU1.cab?20080604
O16 - DPF: {99C709C7-4F58-46C1-855B-90213C760395} (V3D Client Control) - https://secure.kcp.co.kr/webpay/v3d/file/kcp_ansimclick.cab
O16 - DPF: {9FC84F7D-D177-4A75-A7BB-429DA5BD0A3E} (SG_CAppAtx Control) -
O16 - DPF: {AB14AFC3-7AFB-403E-8ABF-8966E0FD360D} (DnsChangeX Control) - http://203.248.245.161:8080/ftth/ftth/popup/DnsChangeX.cab
O16 - DPF: {B128EFF9-0B1C-4C65-A162-28165A3A0A18} (MakeShop Secure Control) - http://ssl.makeshop.co.kr/ssl/MSecure.cab
O16 - DPF: {BBB0FC2D-1D95-45CA-BDCF-03B53F247FCC} (EwsLoader Class) - http://download.signgate.com/download/common/ews/epost/vista/ewsinstaller_full.cab
O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1010 Class) - http://tetris.hangame.com/common/HanSetup1010.cab
O16 - DPF: {C854C4D1-ED53-4B1F-AA45-783B3CF3315C} (DacomUpload Control) - http://program.webhard.co.kr/Plus/active_upload2/DacomUpload.cab
O16 - DPF: {D96D2F74-0B74-47D2-964F-B67E9F69F1CD} (CongnamulMap4Asp Control) - http://asp.congnamul.com/AspActiveX/CongnamulMap4Asp_V30.cab
O16 - DPF: {E2A96175-32D0-4651-B228-B474C2408346} (DacomDownload Control) - http://program.webhard.co.kr/Plus/active_download2/DacomDownload.cab
O16 - DPF: {EC5D5118-9FDE-4A3E-84F3-C2B711740E70} (SKCommAX Control) - http://www.signkorea.com/SKCommAX.cab
O16 - DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} (NaverAXGuide Class) - http://upphoto.cafe.naver.com/object/NaverAXGuide.cab
O16 - DPF: {FF700A33-E570-4947-9C09-92E50449B547} (WebPriSKTelecom Control) - http://emailweb.sktelecom.com/webprint/WebPri_SKTelecom.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod 서비스 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: ZipToA - Unknown owner - C:\WINDOWS\system32\ZipToA.exe (file missing)

Réponse 2 / 3

toptitbal Messages postés 25709 Date d'inscription samedi 8 juillet 2006 Statut Contributeur sécurité Dernière intervention 4 mars 2010 2 229
9 nov. 2008 à 08:47

Pas d'antivirus ni de pare feu...
Tu navigues à tombeau ouvert...

Télécharges SDFix sur ton bureau :
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe.

--->Double-cliques sur SDFix.exe et choisis "Install" .

( tuto ici : https://www.malekal.com/slenfbot-still-an-other-irc-bot/ )

Puis une fois l'installe faite, redémarre en mode sans échec .

Comment aller en Mode sans échec :
1) Redémarre ton ordi
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisis la première option : Sans Échec, et valide avec "Entrée"
5) Choisis ton compte habituel, et non Administrateur (si besoin ... )

/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
--->Tapes Y pour lancer le script ...
Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire , donc :
presse une touche pour redémarrer quand il te le sera demandé .

Le PC va mettre du temps avant de démarrer ( c'est normal), après le chargement du Bureau presse une touche lorsque "Finished" s'affiche .

Le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier C:\SDFix sous le nom "Report.txt".
Poste ce dernier dans ta prochaine réponse.

kuleman Messages postés 3 Date d'inscription dimanche 9 novembre 2008 Statut Membre Dernière intervention 9 novembre 2008
9 nov. 2008 à 10:13

oh, je suis pas du tout protege ??? je savais pas...
voici le report.txt :

[b]SDFix: Version 1.240 [/b]
Run by Administrator on 2008-11-09 at 오후 05:21

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

[b]Checking Files [/b]:

Trojan Files Found:

C:\WINDOWS\system32\wvepuqcomybi.dll - Deleted
C:\WINDOWS\system32\tjibnfvigpkb.exe - Deleted
C:\DOCUME~1\ADMINI~1.KAM\LOCALS~1\Temp\xxx1099.exe - Deleted
C:\DOCUME~1\ADMINI~1.KAM\LOCALS~1\Temp\xxx5059.exe - Deleted
C:\DOCUME~1\ADMINI~1.KAM\LOCALS~1\Temp\xxx833.exe - Deleted
C:\Documents and Settings\All Users.WINDOWS\시작 메뉴\프로그램\Antivirus XP 2008.lnk - Deleted

Removing Temp Files

[b]ADS Check [/b]:

[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-09 18:04:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]
"?21???????"=str(7):"1\0"
"(z??R??\xe04b??? ???????????"=str(7):"1\0002\0003\0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00076170237c]
"0007615a3e28"=hex:98,ef,c7,ca,38,23,41,aa,4e,d0,b4,b9,ef,13,02,0a
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\Shares]
"\4u????"=str(7):"CSCFlags=0\0MaxUses=4294967295\0Path=CSD Writer for SKY,LocalsplOnly\0Permissions=0\0Remark=CSD Writer for SKY\0Type=1\0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:db26c71b
"s2"=dword:76421578
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000001
"hdf12"=hex:ff,58,65,70,77,c4,67,1c,33,27,62,83,f4,61,ad,cd,77,e0,97,b9,7e,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,f1,8b,da,c1,c4,ba,a0,d1,d1,40,71,d4,2f,a9,ed,c4,57,..
"hdf12"=hex:a1,ee,fb,b5,4e,72,7b,2f,b2,f5,7b,51,f9,4f,70,35,4f,6a,37,d8,3c,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:ac,ae,82,85,cc,83,ad,ca,fd,8e,2e,dd,1e,91,d3,bd,36,e8,94,d4,3d,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002]
"a0"=hex:20,01,00,00,e3,e6,db,c1,a8,29,62,e0,1f,13,46,58,14,fe,2b,a1,46,..
"hdf12"=hex:9e,d0,18,31,63,a2,0b,e9,2c,a7,95,23,8b,bc,91,c9,0d,10,8d,4b,aa,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0]
"hdf12"=hex:48,ab,f8,6b,0e,1d,c9,f4,d0,b9,9f,7a,43,de,8a,95,7a,6e,fd,52,f5,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1]
"hdf12"=hex:e2,d8,85,e8,fd,f6,23,77,15,5f,55,9d,5c,df,79,89,86,a1,db,fc,43,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:2b,2e,0c,a0,bc,0a,87,12,5d,b2,bc,dd,05,44,c2,b0,29,b0,6a,62,f9,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries\{5535b345-d30b-4186-bc9f-7e502ec3b9a5}]
"$??x???????"="@C:\WINDOWS\system32\smlogcfg.dll,-735"
"p????<???1????????"=dword:00000021
"\??\f???0???t???x?????????????"="@C:\WINDOWS\system32\smlogcfg.dll,-744"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000001
"hdf12"=hex:ff,58,65,70,77,c4,67,1c,33,27,62,83,f4,61,ad,cd,77,e0,97,b9,7e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,f1,8b,da,c1,c4,ba,a0,d1,d1,40,71,d4,2f,a9,ed,c4,57,..
"hdf12"=hex:a1,ee,fb,b5,4e,72,7b,2f,b2,f5,7b,51,f9,4f,70,35,4f,6a,37,d8,3c,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:8a,39,ec,19,76,30,aa,05,84,0d,7c,71,3f,9a,9e,33,6f,30,6b,7d,da,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002]
"a0"=hex:20,01,00,00,e3,e6,db,c1,a8,29,62,e0,1f,13,46,58,14,fe,2b,a1,46,..
"hdf12"=hex:9e,d0,18,31,63,a2,0b,e9,2c,a7,95,23,8b,bc,91,c9,0d,10,8d,4b,aa,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0]
"hdf12"=hex:48,ab,f8,6b,0e,1d,c9,f4,d0,b9,9f,7a,43,de,8a,95,7a,6e,fd,52,f5,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1]
"hdf12"=hex:e2,d8,85,e8,fd,f6,23,77,15,5f,55,9d,5c,df,79,89,86,a1,db,fc,43,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:2b,2e,0c,a0,bc,0a,87,12,5d,b2,bc,dd,05,44,c2,b0,29,b0,6a,62,f9,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{5535b345-d30b-4186-bc9f-7e502ec3b9a5}]
"$??x???????"="@C:\WINDOWS\system32\smlogcfg.dll,-735"
"p????<???1????????"=dword:00000021
"\??\f???0???t???x?????????????"="@C:\WINDOWS\system32\smlogcfg.dll,-744"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]
"?21???????"=str(7):"1\0"
"(z??R??\xe04b??? ???????????"=str(7):"1\0002\0003\0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00076170237c]
"0007615a3e28"=hex:98,ef,c7,ca,38,23,41,aa,4e,d0,b4,b9,ef,13,02,0a
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\lanmanserver\Shares]
"\4u????"=str(7):"CSCFlags=0\0MaxUses=4294967295\0Path=CSD Writer for SKY,LocalsplOnly\0Permissions=0\0Remark=CSD Writer for SKY\0Type=1\0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000001
"hdf12"=hex:ff,58,65,70,77,c4,67,1c,33,27,62,83,f4,61,ad,cd,77,e0,97,b9,7e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,f1,8b,da,c1,c4,ba,a0,d1,d1,40,71,d4,2f,a9,ed,c4,57,..
"hdf12"=hex:a1,ee,fb,b5,4e,72,7b,2f,b2,f5,7b,51,f9,4f,70,35,4f,6a,37,d8,3c,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:ac,ae,82,85,cc,83,ad,ca,fd,8e,2e,dd,1e,91,d3,bd,36,e8,94,d4,3d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002]
"a0"=hex:20,01,00,00,e3,e6,db,c1,a8,29,62,e0,1f,13,46,58,14,fe,2b,a1,46,..
"hdf12"=hex:9e,d0,18,31,63,a2,0b,e9,2c,a7,95,23,8b,bc,91,c9,0d,10,8d,4b,aa,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0]
"hdf12"=hex:48,ab,f8,6b,0e,1d,c9,f4,d0,b9,9f,7a,43,de,8a,95,7a,6e,fd,52,f5,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1]
"hdf12"=hex:e2,d8,85,e8,fd,f6,23,77,15,5f,55,9d,5c,df,79,89,86,a1,db,fc,43,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:2b,2e,0c,a0,bc,0a,87,12,5d,b2,bc,dd,05,44,c2,b0,29,b0,6a,62,f9,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SysmonLog\Log Queries\{5535b345-d30b-4186-bc9f-7e502ec3b9a5}]
"$??x???????"="@C:\WINDOWS\system32\smlogcfg.dll,-735"
"p????<???1????????"=dword:00000021
"\??\f???0???t???x?????????????"="@C:\WINDOWS\system32\smlogcfg.dll,-744"

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
" ?1??"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\handapst.ani,C:\WINDOWS\Cursors\hand.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\hnodrop.cur,C:\WINDOWS\Cursors\hns.cur,C:\WINDOWS\Cursors\hwe.cur,C:\WINDOWS\Cursors\hnwse.cur,C:\WINDOWS\Cursors\hnesw.cur,C:\WINDOWS\Cursors\hmove.cur,""
" ?2??"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\handapst.ani,C:\WINDOWS\Cursors\handwait.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\handno.ani,C:\WINDOWS\Cursors\handns.ani,C:\WINDOWS\Cursors\handwe.ani,C:\WINDOWS\Cursors\handnwse.ani,C:\WINDOWS\Cursors\handnesw.ani,C:\WINDOWS\Cursors\hmove.cur,""
"x??"=""C:\WINDOWS\Cursors\3dgarro.cur,,C:\WINDOWS\Cursors\dinosaur.ani,C:\WINDOWS\Cursors\dinosau2.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\banana.ani,C:\WINDOWS\Cursors\3dsns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dsnwse.cur,C:\WINDOWS\Cursors\3dgnesw.cur,C:\WINDOWS\Cursors\3dsmove.cur,""
"\e????"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\horse.ani,C:\WINDOWS\Cursors\barber.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\coin.ani,C:\WINDOWS\Cursors\3dgns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dgnwse.cur,C:\WINDOWS\Cursors\3dgnesw.cur,C:\WINDOWS\Cursors\3dgmove.cur,""
"`\30????"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\drum.ani,C:\WINDOWS\Cursors\metronom.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\piano.ani,C:\WINDOWS\Cursors\hns.cur,C:\WINDOWS\Cursors\hwe.cur,C:\WINDOWS\Cursors\hnwse.cur,C:\WINDOWS\Cursors\hnesw.cur,C:\WINDOWS\Cursors\hmove.cur,""
"U???"=""C:\WINDOWS\Cursors\larrow.cur,,C:\WINDOWS\Cursors\lappstrt.cur,C:\WINDOWS\Cursors\lwait.cur,C:\WINDOWS\Cursors\lcross.cur,C:\WINDOWS\Cursors\libeam.cur,,C:\WINDOWS\Cursors\lnodrop.cur,C:\WINDOWS\Cursors\lns.cur,C:\WINDOWS\Cursors\lwe.cur,C:\WINDOWS\Cursors\lnwse.cur,C:\WINDOWS\Cursors\lnesw.cur,C:\WINDOWS\Cursors\lmove.cur,""
"J\25??"=""C:\WINDOWS\Cursors\fillitup.ani,,C:\WINDOWS\Cursors\raindrop.ani,C:\WINDOWS\Cursors\counter.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\wagtail.ani,C:\WINDOWS\Cursors\sizens.ani,C:\WINDOWS\Cursors\sizewe.ani,C:\WINDOWS\Cursors\sizenwse.ani,C:\WINDOWS\Cursors\sizenesw.ani,""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\???"="1"
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Bichromie\???"="1"
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Bichromie\3 encres\???"="1"
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Bichromie\4 encres\???"="1"
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Bichromie\Bichromie\???"="1"
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Galerie Web Photo\???"="1"
"C:\Program Files\Adobe\Adobe Photoshop CS2\Exemples\Photomerge\R?ultat\?"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Modules externes\Filtres\Styles d'?lairage\?"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Modules externes\Images de r??ence\??"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Bichromie\3 encres\Gris\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Bichromie\3 encres\PANTONE(R)\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Bichromie\3 encres\Primaires\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Bichromie\4 encres\Gris\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Bichromie\4 encres\PANTONE(R)\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Bichromie\4 encres\Primaires\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Bichromie\Bichromie\Gris-Noir\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Bichromie\Bichromie\PANTONE(R)\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Bichromie\Bichromie\Primaires\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Catalogues de couleurs\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Contours\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Couleurs optimis?s\????"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Dispositions\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\D?rad?\?????"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Espaces de travail\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Formes\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Formes\Adobe Photoshop Only\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Formes personnalis?s\????"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Galerie Web Photo\Bordure pointill? - Blanc-noir\????"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Galerie Web Photo\Bordure pointill? - Blanc-noir\images\????"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Galerie Web Photo\Bordure pointill? - Noir-blanc\????"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Galerie Web Photo\Bordure pointill? - Noir-blanc\images\????"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Galerie Web Photo\Cadre centr?1 - Base\????"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Galerie Web Photo\Cadre centr?1 - Base\images\????"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Galerie Web Photo\Cadre centr?1 - Infos seules\????"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Galerie Web Photo\Cadre centr?1 - Infos seules\images\????"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Galerie Web Photo\Cadre centr?1 - Retour\????"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Galerie Web Photo\Cadre centr?1 - Retour\images\????"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Galerie Web Photo\Cadre centr?2 - Retour\????"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Galerie Web Photo\Cadre centr?2 - Retour\images\????"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Galerie Web Photo\Flash - Galerie 1\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Galerie Web Photo\Flash - Galerie 2\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Galerie Web Photo\Horizontale - Retour\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Galerie Web Photo\Horizontale - Retour\images\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Galerie Web Photo\Horizontale grise\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Galerie Web Photo\Horizontale grise\images\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Galerie Web Photo\Horizontale neutre\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Galerie Web Photo\Horizontale neutre\images\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Galerie Web Photo\Horizontale ?diaporama\????"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Galerie Web Photo\Horizontale ?diaporama\images\????"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Galerie Web Photo\Simple\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Galerie Web Photo\Simple - Tableau de vignettes\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Galerie Web Photo\Simple - Tableau de vignettes\images\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Galerie Web Photo\Simple - Vignettes horizontales\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Galerie Web Photo\Simple - Vignettes horizontales\images\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Galerie Web Photo\Simple - Vignettes verticales\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Galerie Web Photo\Simple - Vignettes verticales\images\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Galerie Web Photo\Tableau - Minimal\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Galerie Web Photo\Tableau - Minimal\images\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Galerie Web Photo\Tableau 1\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Galerie Web Photo\Tableau 1\images\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Galerie Web Photo\Tableau 2\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Galerie Web Photo\Tableau 2\images\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Galerie Web Photo\Vignettes grises\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Galerie Web Photo\Vignettes grises\images\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Motifs\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Motifs\Adobe ImageReady Only\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Motifs\Motifs PostScript\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Nuanciers\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Nuanciers\Adobe Photoshop Only\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Outils\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Param?res de sortie optimis?\?????"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Param?res optimis?\?????"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Personnalisation de menus\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Raccourcis clavier\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Scripts\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Scripts\Comp. de calques en fichiers\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Scripts\Comp. de calques en GWP\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Scripts\Comp. de calques en PDF\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Scripts\Event Scripts Only\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Scripts\Event Scripts Only\Afficher le fabricant de l'appareil\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Scripts\Event Scripts Only\Avertir si RVB\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Scripts\Event Scripts Only\Bienvenue\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Scripts\Event Scripts Only\Enregistrer JPEG suppl?entaire\????"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Scripts\Event Scripts Only\Mettre ?jour les informations\????"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Scripts\Event Scripts Only\Redimensionner\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Scripts\Exporter les calques en fichiers\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Scripts\Gestionnaire d'??ements de script\?????"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Scripts Photoshop\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Styles\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\Textures\???"=""
"C:\Program Files\Adobe\Adobe Photoshop CS2\Param?res pr??inis\ZoomView\???"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper]
"t???"=dword:00000081
"t?E???"=dword:00008081
"?34??"=dword:00005081
"?34M???"=dword:0000d081
"???"=dword:00001081
"????"=dword:00009081
"\24??"=dword:00004081
"\24륢???"=dword:0000c081
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"t???&? ?t?E??&? ?? ?&? ????(?T?r?u?e?T?y?p?e?)???????????"="GULIM.TTC"
"\24??&? ?\24륢??&? ??34??&? ??34M??(?T?r?u?e?T?y?p?e?)???????????"="BATANG.TTC"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Outil de mise ?jour Google]
"Order"=hex:08,00,00,00,02,00,00,00,6a,01,00,00,01,00,00,00,02,00,00,00,be,..
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\GrpConv\MapGroups]
"i}??"="?\敗\똾"
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Twain]
"0???9M????"="C:\WINDOWS\Twain_32\CNQ4200\CISDS.DS"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

[b]Remaining Services [/b]:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\skcbgm.exe"="C:\\WINDOWS\\system32\\skcbgm.exe:*:Enabled:SK Communications Cyworld BGM Player"
"C:\\Program Files\\Nexon\\Common\\NGLC_Nexon.exe"="C:\\Program Files\\Nexon\\Common\\NGLC_Nexon.exe:*:Enabled:Nexon Game Launcher"
"C:\\Program Files\\Nexon\\Common\\NMService.exe"="C:\\Program Files\\Nexon\\Common\\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\\WINDOWS\\system32\\P3MelonSvr.exe"="C:\\WINDOWS\\system32\\P3MelonSvr.exe:*:Enabled:SKT Melon Music Control"
"C:\\Program Files\\Melon Player\\Melon.exe"="C:\\Program Files\\Melon Player\\Melon.exe:*:Enabled:MelOn Player"
"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Starcraft\\StarCraft.exe"="C:\\Program Files\\Starcraft\\StarCraft.exe:*:Enabled:Starcraft"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5"
"C:\\WINDOWS\\system32\\muz.exe"="C:\\WINDOWS\\system32\\muz.exe:*:Enabled:MUZ AOD player"
"E:\\iTunes\\iTunes.exe"="E:\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Steam\\SteamApps\\kelemon\\half-life 2 deathmatch\\hl2.exe"="C:\\Program Files\\Steam\\SteamApps\\kelemon\\half-life 2 deathmatch\\hl2.exe:*:Enabled:hl2"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:

File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Sat 7 Jul 2007 8 ..SHR --- "C:\WINDOWS\system32\2C9C860578.sys"
Sat 8 Nov 2008 1,994 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Tue 13 Jun 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\DRMv1.bak"
Fri 31 Oct 2008 1,232,896 A..H. --- "C:\Documents and Settings\Administrator.KAMJA\Application Data\Hangame\hgstarter.exe"
Sat 21 Apr 2007 0 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\Cache\Indiv01.tmp"
Mon 21 Nov 2005 2,668 A..H. --- "C:\Program Files\Corel Painter IX\Plugins\KPT Collection\MetaImage.dll"
Wed 12 Mar 2008 0 A..H. --- "C:\WINDOWS\SDold\Download\0789d19d51cfad4f96c477ef109ffd26\BIT8.tmp"
Fri 9 May 2008 0 A..H. --- "C:\WINDOWS\SDold\Download\169a8ce07a1479c0e76ab109f488e13a\BIT3.tmp"
Mon 3 Mar 2008 0 A..H. --- "C:\WINDOWS\SDold\Download\24272b87c978c282f377370947cb7db2\BIT2B.tmp"
Wed 13 Aug 2008 0 A..H. --- "C:\WINDOWS\SDold\Download\43cecbaac9edc33767f65e5ef5c685bc\BIT10.tmp"
Wed 13 Aug 2008 0 A..H. --- "C:\WINDOWS\SDold\Download\4b0c5de6050f81abddd47f558c72581e\BIT14.tmp"
Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SDold\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT5.tmp"
Wed 13 Aug 2008 0 A..H. --- "C:\WINDOWS\SDold\Download\63332712fc11a918344b5c57161775fb\BIT12.tmp"
Wed 13 Aug 2008 0 A..H. --- "C:\WINDOWS\SDold\Download\6a58ea7a1221cbf3feabee79e6ec022f\BIT16.tmp"
Wed 13 Aug 2008 0 A..H. --- "C:\WINDOWS\SDold\Download\70e5788a880147bfb27e7d2a95a7ba9d\BIT18.tmp"
Wed 13 Aug 2008 0 A..H. --- "C:\WINDOWS\SDold\Download\7568afa197ad3d31f4504d6185084419\BIT11.tmp"
Mon 3 Mar 2008 0 A..H. --- "C:\WINDOWS\SDold\Download\7c67b76cebce3eadbc6ad6e933637c25\BIT2C.tmp"
Mon 3 Mar 2008 0 A..H. --- "C:\WINDOWS\SDold\Download\8b06d7fec2e61b61d987804ce7f21136\BIT2D.tmp"
Wed 13 Aug 2008 0 A..H. --- "C:\WINDOWS\SDold\Download\ba1fd59be865702a41f73722c3b7c213\BIT15.tmp"
Wed 13 Aug 2008 0 A..H. --- "C:\WINDOWS\SDold\Download\c209f2826fe249ae909af7b1957867a2\BIT19.tmp"
Mon 3 Mar 2008 0 A..H. --- "C:\WINDOWS\SDold\Download\c9df6b46aa876523e98b7e677a679602\BIT2E.tmp"
Wed 13 Aug 2008 0 A..H. --- "C:\WINDOWS\SDold\Download\ce5be43c0d84a6698cb337027c98be97\BIT13.tmp"
Wed 13 Aug 2008 0 A..H. --- "C:\WINDOWS\SDold\Download\e077fdc65f5a8902756dd50f970ae67e\BIT17.tmp"
Tue 14 Jun 2005 140,800 A..H. --- "C:\Program Files\PCFree\Recovery\[2007-02-15]01_17_46_828\Program Files\SpyNet\NoADE.dll"
Sat 25 Dec 2004 48,128 A..H. --- "C:\Program Files\PCFree\Recovery\[2007-02-15]01_17_46_828\Program Files\SpyNet\NoADM.dll"
Wed 12 Jan 2005 67,072 A..H. --- "C:\Program Files\PCFree\Recovery\[2007-02-15]01_17_46_828\Program Files\SpyNet\NoADS.dll"
Wed 6 Apr 2005 40,960 A..H. --- "C:\Program Files\PCFree\Recovery\[2007-02-15]01_17_46_828\Program Files\SpyNet\NoADU.dll"

[b]Finished![/b]

Réponse 3 / 3

toptitbal Messages postés 25709 Date d'inscription samedi 8 juillet 2006 Statut Contributeur sécurité Dernière intervention 4 mars 2010 2 229
9 nov. 2008 à 14:38

Refais un Hijackthis stp.

Discussions similaires

Code de réinitialisation mdp facebook sans le demander

Analyse de l'appli "AI SECURITY"

Security boot fail lors du démarrage

SecurityHealth est a désactiver ou pas au démarrage de W10 Pro 64 ?

Boîte mail piratée ?