Bonjour, moi aussi je fais partie de ces personnes qui ont été frappées par ce virus msn.
Par ma faute certains de mes contacts ont cliqué sur ces liens et je voudrais vraiment pouvoir éradiquer ce virus.

Mon système d’exploitation est Windows XP!

Merci d’avance pour toute l’aide que vous pourrez m’apporter! Je vous en suis d’ores et déjà très reconnaissante.

Voici le résultat du scan Hijack :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:11:17, on 08/05/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\infocard.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\GigaTribe\gigatribe.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Hijack this\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.club-vaio.com…
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = www.club-vaio.com…
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\GoogleAFE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM…\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM…\Run: [VAIOCameraUtility] “C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe”
O4 - HKLM…\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM…\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM…\Run: [VAIO Update 2] “C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe” /Stationary
O4 - HKLM…\Run: [PDService.exe] C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
O4 - HKLM…\Run: [Acrobat Assistant 7.0] “C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe”
O4 - HKLM…\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM…\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM…\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM…\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM…\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM…\Run: [AdobeCS4ServiceManager] “C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe” -launchedbylogin
O4 - HKLM…\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM…\Run: [Firewall Administrating] C:\WINDOWS\infocard.exe
O4 - HKCU…\Run: [MsnMsgr] “C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” /background
O4 - HKCU…\Run: [updateMgr] “C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe” AcRdB7_0_8 -reboot 1
O4 - HKCU…\Run: [Skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized
O4 - HKCU…\Run: [DAEMON Tools Lite] “C:\Program Files\DAEMON Tools Lite\daemon.exe” -autorun
O4 - HKCU…\Run: [EA Core] “C:\Program Files\Electronic Arts\EADM\Core.exe” -silent
O4 - HKCU…\Run: [Firewall Administrating] C:\WINDOWS\infocard.exe
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Startup: GigaTribe.lnk = C:\Program Files\GigaTribe\gigatribe.exe
O4 - Global Startup: Lancement rapide d’Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:PROGRA~1MICROS~4OFFICE11EXCEL.EXE…
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/fr/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - gfx2.hotmail.com…
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - messenger.zone.msn.com…
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com…
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

–
End of file - 14290 bytes

Salut

Je m appele VIRUS/C/C de Helper-Formation
N’hésite pas à poser des questions
La désinfection se déroulera en plusieurs étapes.
Merci de revenir jusqu’au bout, sinon tout le travail n’aura servi à rien.

1) Lances Hijackthis
Cliques sur ==> Do a System Scan Only
coches ces Lignes

Fermes tes autres applications
Cliques sur ==> Fix Checked

ensuite

2) •Télécharges --> Malwarebytes’ (mbam)

=> Malwarebytes’ (mbam)

• installes + mise a jour
• Lances–> Malwarebytes (MBAM)
• Puis vas dans l’onglet “Recherche”, coche >>Exécuter un examen complet
• puis “Rechercher”
• Sélectionnes tes disques durs" puis clique sur “Lancer l’examen”
• A la fin du scan, clique sur Afficher les résultats puis sur Enregistrer le rapport
•Si MalwareBytes’ détecte des infections, clique sur ==>Afficher les résultats, puis sur ==>Supprimer la sélection
• S’il t’ es demandé de redémarrer, clique sur "oui "
• aprés la suppression(s) de ou des infections trouvées --> poste le rapport ici

3) * Télécharge Random’s System Information Tool (RSIT) par random/random et sauvegarde-le sur ton Bureau.

=> Random’s System Information Tool (RSIT)

• Double-clique sur RSIT.exe afin de lancer RSIT.

• Sous ==> Windows7/ Vista.

• Clic droit sur l’icône RSIT.exe , puis sur Exécuter en tant qu’administrateur dans le menu déroulant,afin de lancer RSIT.* Clique sur Continue à l’écran Disclaimer.

• Si l’outil HijackThis (version à jour) n’est pas présent ou non détecté sur l’ordinateur, RSIT le téléchargera et tu devras accepter la licence.

• Lorsque l’analyse sera terminée, deux fichiers texte s’ouvriront.

• Poste le contenu de log.txt (<==qui sera affiché) ainsi que de info.txt (<==qui sera réduit dans la Barre des Tâches).

• Héberge le rapport sur ce site,
  [http://www.cijoint.fr/ cijoint.fr]

• Note : Les deux rapports sont également sauvegardés %systemroot%\rsit

4) Vas dans => ajouter/Supprimer des programmes ==>Désinstalles => Bonjour

5) • Désactives ton antivirus

• Telecharge et install UsbFix (de C_XX & Chiquitine29)

pagesperso-orange.fr…
• Déconnectes toi et fermes toutes applications en cours
• Au message >> Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc…) susceptibles d avoir été infectés sans les ouvrir

• Double clic sur le raccourci UsbFix présent sur ton bureau .
• Choisi >> l option 1 ( Recherche )
• Laisse travailler l outil.
• Ensuite poste le rapport UsbFix.txt qui apparaitra.
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

• Réactives ton antivirus

A bientôt

VIRUS/C/C

http://www.web-modules.net/upload/cache/userbar/78/677.gif
Edité le 13/05/2010 à 14:29

Merci beaucoup pour ta réponse si rapide!!

J’ai donc commencé les différentes étapes. Voici le log de Malwarebytes :

Malwarebytes’ Anti-Malware 1.46

Version de la base de données: 4093

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

12/05/2010 21:19:45
mbam-log-2010-05-12 (21-19-45).txt

Type d’examen: Examen complet (C:|D:|L:|)
Elément(s) analysé(s): 298037
Temps écoulé: 2 heure(s), 8 minute(s), 29 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 7

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run\firewall administrating (Backdoor.IRCBot) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\Sara\Mes documents\Téléchargements\IM47892.JPG-www.myspace.com.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
L:\Jeux\Dragonshard\Dungeons.And.Dragons.Dragonshard.KeyGen-RELOADED\RLD-DDDSKG.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\mdt.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\mds.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\winbrd.jpg (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NowStarter.ocx (Adware.CWS) -> Quarantined and deleted successfully.

Pour RSIT :

• Voici le fichier log.text : www.cijoint.fr…
• Voici le fichier info.text : www.cijoint.fr…

Merci pour tout, j’entame l’étape suivante!

Salut

Fais UsbFix comme d écris ,ton rapport Log.txt de rsit me le confirme

poste le rapport d UsbFix

@+

Oui, désolée, le voici :

############################## | UsbFix V6.113 |

User : Sara (Administrateurs) # YANKUMO
Update on 12/05/2010 by El Desaparecido , C_XX & Chimay8
Start at: 08:04:15 | 13/05/2010
Website : pagesperso-orange.fr…
Contact : FindyKill.Contact@gmail.com

Genuine Intel® CPU T2300 @ 1.66GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 6.0.2900.5512
Windows Firewall Status : Enabled
AV : avast! antivirus 4.8.1335 [VPS 100512-1] 4.8.1335 [ (!) Disabled | Updated ]
FW : Norton Internet Worm Protection[ (!) Disabled ]2006

C:\ -> Disque fixe local # 37,26 Go (3 Go free) [VAIO] # NTFS
D:\ -> Disque fixe local # 30,28 Go (1,92 Go free) [VAIO] # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM
G:\ -> Disque amovible
I:\ -> Disque CD-ROM
J:\ -> Disque CD-ROM
K:\ -> Disque CD-ROM
L:\ -> Disque fixe local # 931,28 Go (377,42 Go free) [My Book] # FAT32

################## | Elements infectieux |

C:\DOCUME~1\Sara\LOCALS~1\Temp\utt130.tmp.bat
C:\DOCUME~1\Sara\LOCALS~1\Temp\utt147.tmp.bat
C:\DOCUME~1\Sara\LOCALS~1\Temp\AutoRun.exe

################## | Registre |

################## | Mountpoints2 |

HKCU…\Explorer\MountPoints2{04c95d9d-bd06-11dc-bfa4-0013a90877ce}
Shell\AutoRun\command =RavMon.exe

HKCU…\Explorer\MountPoints2{1b0c38c3-557f-11dd-8009-001302502857}
Shell\Auto\command =cmd /C launch.bat
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

HKCU…\Explorer\MountPoints2{5f1336fa-035b-11df-8114-0013a90877ce}
Shell\AutoRun\command =H:\start.exe

HKCU…\Explorer\MountPoints2{6548564c-f055-11db-bf3f-0013a90877ce}
Shell\AutoRun\command =RavMon.exe

HKCU…\Explorer\MountPoints2{6a049f3a-1716-11db-bd4f-0013a90877ce}
Shell\AutoRun\command =.\Recycled\Driveinfo.exe
Shell\Open\Command =.\Recycled\Driveinfo.exe

HKCU…\Explorer\MountPoints2{74d970bb-4d78-11dc-bf76-001302502857}
shell\verb1\command =desktop.exe

HKCU…\Explorer\MountPoints2{768b7887-1af8-11db-bd5c-0013a90877ce}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

HKCU…\Explorer\MountPoints2{a4a87f40-6457-11db-be20-0013a90877ce}
Shell\AutoRun\command =H:\LaunchU3.exe

HKCU…\Explorer\MountPoints2{f4a838e2-1cf8-11dc-bf56-0013a90877ce}
Shell\Auto\command =AdobeR.exe e
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

################## | Vaccin |

(!) Cet ordinateur n’est pas vacciné !

################## | ! Fin du rapport # UsbFix V6.113 ! |
Edité le 13/05/2010 à 08:10

Re

• Ok, on va déjà virer ça

• Relances UsbFix
• Déconnectes toi et fermes toutes applications en cours
• message ==> Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc…) susceptibles d avoir été infectés sans les ouvrir
• clic sur le raccourci UsbFix présent sur ton bureau .
• Choisi ==> l option 2 ( Suppression )
• Laisse travailler l outil.
• Ensuite poste le rapport UsbFix.txt qui apparaitra.
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

@+

Voici le rapport usbfix après redémarrage de l’ordi :

############################## | UsbFix V6.113 |

User : Sara (Administrateurs) # YANKUMO
Update on 12/05/2010 by El Desaparecido , C_XX & Chimay8
Start at: 08:28:29 | 13/05/2010
Website : pagesperso-orange.fr…
Contact : FindyKill.Contact@gmail.com

Genuine Intel® CPU T2300 @ 1.66GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 6.0.2900.5512
Windows Firewall Status : Enabled
AV : avast! antivirus 4.8.1335 [VPS 100512-1] 4.8.1335 [ Enabled | Updated ]
FW : Norton Internet Worm Protection[ (!) Disabled ]2006

C:\ -> Disque fixe local # 37,26 Go (2,94 Go free) [VAIO] # NTFS
D:\ -> Disque fixe local # 30,28 Go (1,92 Go free) [VAIO] # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM
G:\ -> Disque amovible
I:\ -> Disque CD-ROM
J:\ -> Disque CD-ROM
K:\ -> Disque CD-ROM
L:\ -> Disque fixe local # 931,28 Go (377,42 Go free) [My Book] # FAT32

################## | Elements infectieux |

Supprimé ! C:\DOCUME~1\Sara\LOCALS~1\Temp\utt130.tmp.bat
Supprimé ! C:\DOCUME~1\Sara\LOCALS~1\Temp\utt147.tmp.bat
Supprimé ! C:\DOCUME~1\Sara\LOCALS~1\Temp\AutoRun.exe
Supprimé ! C:\Recycler\S-1-5-21-139329984-3171950058-1767654482-1006
Supprimé ! C:\Recycler\S-1-5-21-139329984-3171950058-1767654482-500
Supprimé ! C:\Recycler\S-1-5-21-4167916875-3346276497-1664007675-500
Supprimé ! D:\Recycler\S-1-5-21-139329984-3171950058-1767654482-1006

################## | Registre |

################## | Mountpoints2 |

Supprimé ! HKCU…\Explorer\MountPoints2{04c95d9d-bd06-11dc-bfa4-0013a90877ce}\Shell\AutoRun\Command
Supprimé ! HKCU…\Explorer\MountPoints2{1b0c38c3-557f-11dd-8009-001302502857}\Shell\Auto\Command
Supprimé ! HKCU…\Explorer\MountPoints2{5f1336fa-035b-11df-8114-0013a90877ce}\Shell\AutoRun\Command
Supprimé ! HKCU…\Explorer\MountPoints2{6548564c-f055-11db-bf3f-0013a90877ce}\Shell\AutoRun\Command
Supprimé ! HKCU…\Explorer\MountPoints2{6a049f3a-1716-11db-bd4f-0013a90877ce}\Shell\AutoRun\Command
Supprimé ! HKCU…\Explorer\MountPoints2{74d970bb-4d78-11dc-bf76-001302502857}\Shell\verb1\Command
Supprimé ! HKCU…\Explorer\MountPoints2{768b7887-1af8-11db-bd5c-0013a90877ce}\Shell\AutoRun\Command
Supprimé ! HKCU…\Explorer\MountPoints2{a4a87f40-6457-11db-be20-0013a90877ce}\Shell\AutoRun\Command
Supprimé ! HKCU…\Explorer\MountPoints2{f4a838e2-1cf8-11dc-bf56-0013a90877ce}\Shell\Auto\Command

################## | Listing des fichiers présent |

[20/03/2006 15:47|–a------|0] C:\AUTOEXEC.BAT
[17/08/2007 21:00|-rahs----|209] C:\boot.ini
[10/08/2004 14:00|-rahs----|4952] C:\Bootfont.bin
[20/03/2006 15:47|–a------|0] C:\CONFIG.SYS
[03/02/2009 07:58|–a------|0] C:\conmgr.log
[21/03/2006 12:05|–a------|1799] C:\Documentation.lnk
[?|?|?] C:\hiberfil.sys
[20/03/2006 15:47|-rahs----|0] C:\IO.SYS
[07/06/2008 21:05|–a------|90] C:\LogiSetup.log
[20/03/2006 15:47|-rahs----|0] C:\MSDOS.SYS
[10/08/2004 14:00|-rahs----|47564] C:\NTDETECT.COM
[08/11/2008 03:21|-rahs----|252240] C:\ntldr
[?|?|?] C:\pagefile.sys
[12/08/2006 11:05|–a------|279] C:\Raccourci vers VAIO (D).lnk
[13/05/2010 08:34|–a------|3188] C:\UsbFix.txt
[12/02/2007 10:12|–a------|45236224] D:\060328-Jin-Pinky.avi
[11/07/2007 02:02|–a------|154787561] D:\Barry_White_-All_Time_Greatest_Hits.rar
[22/02/2007 19:25|–a------|4356] D:\CLub_Prive_vol.2[¸70_Dj_Bronco].rar
[13/09/2007 17:46|–a------|545] D:\eMule.lnk
[18/04/2008 17:44|–a------|96706158] D:\En souvenir de m?m? Wawa.wmv
[12/12/2009 15:19|–a------|471859200] D:\Engine 11.avi
[21/01/2007 04:46|–a------|7983] D:\Freecell.rtf
[06/01/2007 19:31|–a------|5379043] D:\get_video
[11/11/2007 18:45|–a------|29696] D:\Ha.doc
[11/11/2007 18:06|–a------|14019] D:\Ha.docx
[06/01/2007 22:39|–a------|21233119] D:\internet_video_converter_1.3_installer.exe
[14/11/2006 00:28|–a------|31744] D:\itw PHJ.doc
[20/02/2007 13:03|–a------|15943680] D:\jun pwns jin.avi
[06/12/2006 19:50|–a------|395] D:\lien hypertexte.rtf
[05/12/2006 00:10|–a------|44032] D:\manga.doc
[16/12/2007 21:01|–a------|27744] D:\mini-P1030286.JPG
[25/03/2007 01:29|–a------|6220] D:\news talk.txt
[04/03/2008 00:31|–a------|45867012] D:\Nouvelle_Star_2008_-Casting_Paris-_Benjamin_Siksou-_Just_Two_of_us.mpg
[03/08/2006 18:25|–a------|1036776] D:\P1030285.JPG
[03/08/2006 18:25|–a------|1895111] D:\P1030286.JPG
[03/08/2006 18:25|–a------|2412153] D:\P1030287.JPG
[03/08/2006 18:27|–a------|72663] D:\P1030288.JPG
[20/09/2006 18:58|–a------|2507661] D:\P1030340.JPG
[23/12/2006 00:45|–a------|5611578] D:\Pixie_gift.jpg
[25/03/2007 18:42|–a------|92160] D:\progression 2006_2007.doc
[19/12/2006 21:09|–a------|2153] D:\Read_pt.txt
[21/03/2007 00:20|–a------|5369369] D:\SSAinstall2.rar
[23/06/2007 00:52|–a------|2223002] D:\test2.avi
[23/06/2007 00:43|–a------|10283638] D:\test_effet.avi
[06/11/2009 02:47|–ahs----|387072] D:\Thumbs.db
[03/02/2007 17:18|–a------|8608001] D:\winamp521_full_bundle_emusic-7plus.rar
[06/01/2007 19:34|–a------|3921909] D:\youtube-video-downloader_youtube_video_downloader_anglais_24719.exe
[12/12/2009 13:10|–a------|471859200] D:[Yak-Sub] Engine 01.avi
[21/05/2007 18:45|–a------|105521293] D:
_faire.rar
[16/08/2007 07:11|–a------|212992] L:\Setup.exe
[26/02/2007 20:28|–a------|285888] L:\SV_A0008.3gp
[26/02/2007 20:28|–a------|280360] L:\SV_A0011.3gp
[26/02/2007 20:28|–a------|295780] L:\SV_A0012.3gp
[26/02/2007 20:28|–a------|135384] L:\SV_A0013.3gp
[26/02/2007 20:28|–a------|295472] L:\SV_A0015.3gp
[24/05/2009 15:34|–a------|374] L:\Install.log
[08/05/2010 05:14|–a------|726581248] L:\Lost_In_Translation.FRENCH.avi
[08/05/2010 00:53|–a------|733954048] L:\nrd-xmwo.avi

################## | Vaccination |

C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).

D:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).

L:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).

################## | Upload |

Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_YANKUMO.zip : chiquitine.changelog.fr…
Merci pour votre contribution .

################## | ! Fin du rapport # UsbFix V6.113 ! |

Salut

Ok !! c est bon !!

1. relance MBAM >> Quarantaine >> vide sa quarantaine, fais une mise à jour et lance un scan rapide
   s’il trouve des choses, Supprime le(s) et poste son rapport .

2)• Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection)

• Télécharge et installe List&Kill’em de gen-hackman

et enregistre le sur ton bureau

List&Kill’em de gen-hackman

• double clique ( clic droit “executer en tant qu’administrateur” pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l’installation
• coche la case “creer une icone sur le bureau”
• une fois terminée , clic sur “terminer” et le programme se lancer seul
• choisis la langue puis choisis l’option SEARCH
• laisse travailler l’outil
• à l’apparition de la fenetre blanche , c’est un peu long , c’est normal , le programme n’est pas bloqué.
• un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n’est pas fini.
• Poste le contenu du rapport qui s’ouvre aux 100 % du scan à l’ecran “COMPLETED”
• réactive ton antivirus

@+
Edité le 13/05/2010 à 12:45

:hello: Virus

juste une incruste … il y a une erreur de syntaxe dans ton lien: List&Kill’em de gen-hackman il manque le H en début d’url

Re !

Voici donc le rapport MBAM :

Malwarebytes’ Anti-Malware 1.46

Version de la base de données: 4093

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

13/05/2010 12:43:15
mbam-log-2010-05-13 (12-43-15).txt

Type d’examen: Examen rapide
Elément(s) analysé(s): 150640
Temps écoulé: 21 minute(s), 55 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Je lance à présent le List&Kill.

Salut

Merçi >> Senosen pour cette remarque ,d habitude je vérifie ,mais !! :super:
Rectifié !!!

brown_voodoook continue

Et voilà le petit dernier :

¤¤¤¤¤¤¤¤¤¤ List’em by g3n-h@ckm@n 2.0.0.1 ¤¤¤¤¤¤¤¤¤¤

User : Sara (Administrateurs)
Update on 09/05/2010 by g3n-h@ckm@n ::::: 09.15
Start at: 12:50:06 | 13/05/2010

Genuine Intel® CPU T2300 @ 1.66GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 6.0.2900.5512
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1335 [VPS 100513-0] 4.8.1335 [ (!) Disabled | Updated ]
FW : Norton Internet Worm Protection[ (!) Disabled ]2006

C:\ -> Disque fixe local | 37,26 Go (5,14 Go free) [VAIO] | NTFS
D:\ -> Disque fixe local | 30,28 Go (4,38 Go free) [VAIO] | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM
G:\ -> Disque amovible
I:\ -> Disque CD-ROM
J:\ -> Disque CD-ROM
K:\ -> Disque CD-ROM
L:\ -> Disque fixe local | 931,28 Go (374,03 Go free) [My Book] | FAT32

Boot: Normal
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\GigaTribe\gigatribe.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\List_Kill’em\List_Kill’em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill’em\pv.exe

======================
Keys “Run”

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
WebCamRT.exe REG_SZ
updateMgr REG_SZ “C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe” AcRdB7_0_8 -reboot 1
Skype REG_SZ “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized
DAEMON Tools Lite REG_SZ “C:\Program Files\DAEMON Tools Lite\daemon.exe” -autorun
EA Core REG_SZ “C:\Program Files\Electronic Arts\EADM\Core.exe” -silent

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
Apoint REG_SZ C:\Program Files\Apoint\Apoint.exe
ehTray REG_SZ C:\WINDOWS\ehome\ehtray.exe
VAIOCameraUtility REG_SZ “C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe”
SonyPowerCfg REG_SZ C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
ISBMgr.exe REG_SZ C:\Program Files\Sony\ISB Utility\ISBMgr.exe
VAIO Update 2 REG_SZ “C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe” /Stationary
PDService.exe REG_SZ C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
Acrobat Assistant 7.0 REG_SZ “C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe”
REG_SZ
LVCOMS REG_SZ C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
Omnipage REG_SZ C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
MimBoot REG_SZ C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
WD Button Manager REG_SZ WDBtnMgr.exe
LogitechGalleryRepair REG_SZ C:\Program Files\Logitech\ImageStudio\ISStart.exe
LogitechImageStudioTray REG_SZ C:\Program Files\Logitech\ImageStudio\LogiTray.exe
AdobeCS4ServiceManager REG_SZ “C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe” -launchedbylogin
AppleSyncNotifier REG_SZ C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
SunJavaUpdateSched REG_SZ “C:\Program Files\Java\jre6\bin\jusched.exe”

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
InstallVisualStyle REG_EXPAND_SZ C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
InstallTheme REG_EXPAND_SZ C:\WINDOWS\Resources\Themes\Royale.theme

===============

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 255 (0xff)
NoDriveAutoRun REG_DWORD 255 (0xff)
HonorAutoRunSetting REG_DWORD 0 (0x0)

===============

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 0 (0x0)
NoCDBurning REG_DWORD 0 (0x0)
NoDriveAutoRun REG_DWORD 255 (0xff)
NoDriveTypeAutoRun REG_DWORD 255 (0xff)

===============

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ

===============

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultUserName REG_SZ Sara
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL “sysdm.cpl”
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 1 (0x1)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 1 (0x1)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 0 (0x0)
AltDefaultUserName REG_SZ Sara
AltDefaultDomainName REG_SZ YANKUMO
DefaultDomainName REG_SZ YANKUMO
ChangePasswordUseKerberos REG_DWORD 1 (0x1)

===============

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

===============

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ

===============

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019
C:\Program Files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe REG_SZ C:\Program Files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe::Disabled:Adobe Photoshop Elements Media Server
C:\Program Files\LimeWire\LimeWire.exe REG_SZ C:\Program Files\LimeWire\LimeWire.exe::Enabled:LimeWire
C:\Documents and Settings\Sara\LimeWire\LimeWire.exe REG_SZ C:\Documents and Settings\Sara\LimeWire\LimeWire.exe::Enabled:LimeWire
C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe::Enabled:Windows Messenger
C:\Program Files\Ze leet Scraillpteu\mirc.exe REG_SZ C:\Program Files\Ze leet Scraillpteu\mirc.exe::Enabled:mIRC
C:\Program Files\uTorrent\utorrent.exe REG_SZ C:\Program Files\uTorrent\utorrent.exe::Enabled:µTorrent
C:\Program Files\ScanSoft\OmniPageSE\EregFre\NAVBrowser.exe REG_SZ C:\Program Files\ScanSoft\OmniPageSE\EregFre\NAVBrowser.exe::Enabled:NAVBrowser
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe REG_SZ C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe::Enabled:BlueSoleil
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000
C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe REG_SZ C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe::Enabled:Adobe CSI CS4
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe::Enabled:Windows Live Call
C:\Program Files\iTunes\iTunes.exe REG_SZ C:\Program Files\iTunes\iTunes.exe::Enabled:iTunes
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger
C:\Documents and Settings\Sara\Mes documents\Téléchargements\IM47892.JPG-www.myspace.com.exe REG_SZ C:\WINDOWS\infocard.exe::Enabled:Firewall Administrating
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe::Enabled:Windows Live FolderShare
C:\Program Files\GigaTribe\gigatribe.exe REG_SZ C:\Program Files\GigaTribe\gigatribe.exe::Enabled:GigaTribe
C:\Program Files\Skype\Phone\Skype.exe REG_SZ C:\Program Files\Skype\Phone\Skype.exe::Enabled:Skype

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe::Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare

===============
ActivX controls

[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\Microsoft XML Parser for Java]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units{4F1E5B1A-2A80-42CA-8532-2D05CB959537}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units{5D6F45B3-9043-443D-A792-115447494D24}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units{C3F79A2B-B9B4-4A66-B012-3EE46475B072}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units{D27CDB6E-AE6D-11CF-96B8-444553540000}]

===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\KB910393]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{070D42DE-EB2C-95A1-F04C-C2F0AFF4BC84}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{0C24CCD8-B5DE-82B9-BBF5-CB551524A57F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{1BC46932-21B2-4130-86E0-B4EB4F7A7A7B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{233C1507-6A77-46A4-9443-F871F945D258}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{2A202491-F00D-11cf-87CC-0020AFEECF20}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{407408d4-94ed-4d86-ab69-a7f649d112ee}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{411EDCF7-755D-414E-A74B-3DCD6583F589}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{4C886B6F-F34E-360C-AC6E-048EF1C98811}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{9A394342-4A68-4EBA-85A6-55B559F4E700}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{BDE0FA43-6952-4BA8-8C58-09AF690F88E1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{E8EA5BD6-D931-4001-ABF6-81BAA500360A}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{EA29D410-CE41-4953-A862-2DE706A1DAD7}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{FDC11A6F-17D1-48f9-9EA3-9051954BAA24}]

==============
BHO :

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

===
DNS

================
Internet Explorer :

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://fr.msn.com/
Local Page REG_EXPAND_SZ %SystemRoot%\system32\blank.htm
Default_Search_URL REG_SZ http://www.google.com/ie
Default_Page_URL REG_SZ http://www.club-vaio.com/fr/
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://www.google.com

========
Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )

========
Safemode

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!

=========
Atapi.sys

C:\WINDOWS$NtServicePackUninstall$\atapi.sys :
MD5 :: [cdfe4411a69c224bd1d11b2da92dac51]
SHA256 :: [0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d]

C:\WINDOWS\ServicePackFiles\i386\atapi.sys :
MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674]
SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]

C:\WINDOWS\system32\drivers\atapi.sys :
MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674]
SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]

C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys :
MD5 :: [cdfe4411a69c224bd1d11b2da92dac51]
SHA256 :: [0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d]

C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys :
MD5 :: [cdfe4411a69c224bd1d11b2da92dac51]
SHA256 :: [0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d]

Référence :

Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e

=======
Drive :

D?fragmenteur de disque Windows
Copyright © 2001 Microsoft Corp. et Executive Software International Inc.

Rapport d’analyse
37,26 Go total, 5,15 Go libre (13%), 36% fragment? (fragmentation du fichier 64%)

Vous devriez d?fragmenter ce volume.

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Present !! : C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
Present !! : C:\Documents and Settings\All Users\Application Data\espionServerData
Present !! : C:\Program Files\DAEMON Tools Toolbar
Present !! : C:\Program Files\WindowsUpdate
Present !! : C:\WINDOWS\003042_.tmp
Present !! : C:\WINDOWS\DUMP396f.tmp
Present !! : C:\WINDOWS\DUMP4390.tmp
Present !! : C:\WINDOWS_delis32.ini
Present !! : C:\WINDOWS\kb913800.exe
Present !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Present !! : C:\WINDOWS\System32\pmsbfn32.dll
Present !! : C:\WINDOWS\Temp\JET1047.tmp
Present !! : C:\WINDOWS\Temp\JET1056.tmp
Present !! : C:\WINDOWS\Temp\JET13B2.tmp
Present !! : C:\WINDOWS\Temp\JET1529.tmp
Present !! : C:\WINDOWS\Temp\JET1874.tmp
Present !! : C:\WINDOWS\Temp\JET19CC.tmp
Present !! : C:\WINDOWS\Temp\JET1A3A.tmp
Present !! : C:\WINDOWS\Temp\JET1B43.tmp
Present !! : C:\WINDOWS\Temp\JET1C4D.tmp
Present !! : C:\WINDOWS\Temp\JET20F0.tmp
Present !! : C:\WINDOWS\Temp\JET2267.tmp
Present !! : C:\WINDOWS\Temp\JET22D5.tmp
Present !! : C:\WINDOWS\Temp\JET2507.tmp
Present !! : C:\WINDOWS\Temp\JET2536.tmp
Present !! : C:\WINDOWS\Temp\JET25AA.tmp
Present !! : C:\WINDOWS\Temp\JET26D7.tmp
Present !! : C:\WINDOWS\Temp\JET272A.tmp
Present !! : C:\WINDOWS\Temp\JET27B7.tmp
Present !! : C:\WINDOWS\Temp\JET27E6.tmp
Present !! : C:\WINDOWS\Temp\JET2814.tmp
Present !! : C:\WINDOWS\Temp\JET2815.tmp
Present !! : C:\WINDOWS\Temp\JET2863.tmp
Present !! : C:\WINDOWS\Temp\JET28E0.tmp
Present !! : C:\WINDOWS\Temp\JET2AC4.tmp
Present !! : C:\WINDOWS\Temp\JET2B3C.tmp
Present !! : C:\WINDOWS\Temp\JET2DE1.tmp
Present !! : C:\WINDOWS\Temp\JET2E4E.tmp
Present !! : C:\WINDOWS\Temp\JET3071.tmp
Present !! : C:\WINDOWS\Temp\JET3166.tmp
Present !! : C:\WINDOWS\Temp\JET31C9.tmp
Present !! : C:\WINDOWS\Temp\JET341B.tmp
Present !! : C:\WINDOWS\Temp\JET35EF.tmp
Present !! : C:\WINDOWS\Temp\JET360F.tmp
Present !! : C:\WINDOWS\Temp\JET3757.tmp
Present !! : C:\WINDOWS\Temp\JET382D.tmp
Present !! : C:\WINDOWS\Temp\JET3870.tmp
Present !! : C:\WINDOWS\Temp\JET391C.tmp
Present !! : C:\WINDOWS\Temp\JET3A35.tmp
Present !! : C:\WINDOWS\Temp\JET3AF1.tmp
Present !! : C:\WINDOWS\Temp\JET413A.tmp
Present !! : C:\WINDOWS\Temp\JET439B.tmp
Present !! : C:\WINDOWS\Temp\JET43AB.tmp
Present !! : C:\WINDOWS\Temp\JET4428.tmp
Present !! : C:\WINDOWS\Temp\JET44D4.tmp
Present !! : C:\WINDOWS\Temp\JET4503.tmp
Present !! : C:\WINDOWS\Temp\JET46C8.tmp
Present !! : C:\WINDOWS\Temp\JET49C5.tmp
Present !! : C:\WINDOWS\Temp\JET4A2E.tmp
Present !! : C:\WINDOWS\Temp\JET4A62.tmp
Present !! : C:\WINDOWS\Temp\JET4ADF.tmp
Present !! : C:\WINDOWS\Temp\JET4BB9.tmp
Present !! : C:\WINDOWS\Temp\JET4EB7.tmp
Present !! : C:\WINDOWS\Temp\JET4ED2.tmp
Present !! : C:\WINDOWS\Temp\JET504D.tmp
Present !! : C:\WINDOWS\Temp\JET586B.tmp
Present !! : C:\WINDOWS\Temp\JET5956.tmp
Present !! : C:\WINDOWS\Temp\JET5ACD.tmp
Present !! : C:\WINDOWS\Temp\JET5ADC.tmp
Present !! : C:\WINDOWS\Temp\JET5B79.tmp
Present !! : C:\WINDOWS\Temp\JET5C53.tmp
Present !! : C:\WINDOWS\Temp\JET5CC1.tmp
Present !! : C:\WINDOWS\Temp\JET5E67.tmp
Present !! : C:\WINDOWS\Temp\JET5F80.tmp
Present !! : C:\WINDOWS\Temp\JET6155.tmp
Present !! : C:\WINDOWS\Temp\JET61F1.tmp
Present !! : C:\WINDOWS\Temp\JET6378.tmp
Present !! : C:\WINDOWS\Temp\JET6869.tmp
Present !! : C:\WINDOWS\Temp\JET68D7.tmp
Present !! : C:\WINDOWS\Temp\JET6963.tmp
Present !! : C:\WINDOWS\Temp\JET6964.tmp
Present !! : C:\WINDOWS\Temp\JET6C03.tmp
Present !! : C:\WINDOWS\Temp\JET6C13.tmp
Present !! : C:\WINDOWS\Temp\JET7569.tmp
Present !! : C:\WINDOWS\Temp\JET7679.tmp
Present !! : C:\WINDOWS\Temp\JET7896.tmp
Present !! : C:\WINDOWS\Temp\JET78C.tmp
Present !! : C:\WINDOWS\Temp\JET7B26.tmp
Present !! : C:\WINDOWS\Temp\JET7D1A.tmp
Present !! : C:\WINDOWS\Temp\JET7FD9.tmp
Present !! : C:\WINDOWS\Temp\JET809.tmp
Present !! : C:\WINDOWS\Temp\JET8354.tmp
Present !! : C:\WINDOWS\Temp\JET853.tmp
Present !! : C:\WINDOWS\Temp\JET86DE.tmp
Present !! : C:\WINDOWS\Temp\JET876B.tmp
Present !! : C:\WINDOWS\Temp\JET8B82.tmp
Present !! : C:\WINDOWS\Temp\JET8B91.tmp
Present !! : C:\WINDOWS\Temp\JET8C1E.tmp
Present !! : C:\WINDOWS\Temp\JET8D47.tmp
Present !! : C:\WINDOWS\Temp\JET916D.tmp
Present !! : C:\WINDOWS\Temp\JET943C.tmp
Present !! : C:\WINDOWS\Temp\JET98DF.tmp
Present !! : C:\WINDOWS\Temp\JET98EF.tmp
Present !! : C:\WINDOWS\Temp\JET9B60.tmp
Present !! : C:\WINDOWS\Temp\JET9D35.tmp
Present !! : C:\WINDOWS\Temp\JET9DE1.tmp
Present !! : C:\WINDOWS\Temp\JET9EAC.tmp
Present !! : C:\WINDOWS\Temp\JET9EAD.tmp
Present !! : C:\WINDOWS\Temp\JETA61E.tmp
Present !! : C:\WINDOWS\Temp\JETAA16.tmp
Present !! : C:\WINDOWS\Temp\JETADDE.tmp
Present !! : C:\WINDOWS\Temp\JETAEB9.tmp
Present !! : C:\WINDOWS\Temp\JETAF94.tmp
Present !! : C:\WINDOWS\Temp\JETB292.tmp
Present !! : C:\WINDOWS\Temp\JETB706.tmp
Present !! : C:\WINDOWS\Temp\JETBC27.tmp
Present !! : C:\WINDOWS\Temp\JETBD01.tmp
Present !! : C:\WINDOWS\Temp\JETC186.tmp
Present !! : C:\WINDOWS\Temp\JETC34B.tmp
Present !! : C:\WINDOWS\Temp\JETC445.tmp
Present !! : C:\WINDOWS\Temp\JETCC92.tmp
Present !! : C:\WINDOWS\Temp\JETD159.tmp
Present !! : C:\WINDOWS\Temp\JETD64B.tmp
Present !! : C:\WINDOWS\Temp\JETD9A6.tmp
Present !! : C:\WINDOWS\Temp\JETDACF.tmp
Present !! : C:\WINDOWS\Temp\JETDBC9.tmp
Present !! : C:\WINDOWS\Temp\JETDD4B.tmp
Present !! : C:\WINDOWS\Temp\JETE213.tmp
Present !! : C:\WINDOWS\Temp\JETE37A.tmp
Present !! : C:\WINDOWS\Temp\JETE484.tmp
Present !! : C:\WINDOWS\Temp\JETE6C1.tmp
Present !! : C:\WINDOWS\Temp\JETE7CF.tmp
Present !! : C:\WINDOWS\Temp\JETEDF.tmp
Present !! : C:\WINDOWS\Temp\JETEF9F.tmp
Present !! : C:\WINDOWS\Temp\JETF0F7.tmp
Present !! : C:\WINDOWS\Temp\JETF30A.tmp
Present !! : C:\WINDOWS\Temp\JETF685.tmp
Present !! : C:\WINDOWS\Temp\JETF690.tmp
Present !! : C:\WINDOWS\Temp\JETF6F2.tmp
Present !! : C:\WINDOWS\Temp\JETF898.tmp
Present !! : C:\WINDOWS\Temp\JETF8F6.tmp
Present !! : C:\WINDOWS\Temp\JETFF4A.tmp
Present !! : C:\WINDOWS\Temp\SEP2.tmp
Present !! : C:\WINDOWS\Temp\SEPB9.tmp
Present !! : C:\Documents and Settings\Sara\Local Settings\Temp\3e.doc
Present !! : C:\Documents and Settings\Sara\Local Settings\Temp\4FE.tmp
Present !! : C:\Documents and Settings\Sara\Local Settings\Temp\AC1.tmp
Present !! : C:\Documents and Settings\Sara\Local Settings\Temp\AC2.tmp
Present !! : C:\Documents and Settings\Sara\Local Settings\Temp\AC3.tmp
Present !! : C:\Documents and Settings\Sara\Local Settings\Temp\AC4.tmp
Present !! : C:\Documents and Settings\Sara\Local Settings\Temp\AC5.tmp
Present !! : C:\Documents and Settings\Sara\Local Settings\Temp\AC6.tmp
Present !! : C:\Documents and Settings\Sara\Local Settings\Temp\AC7.tmp
Present !! : C:\Documents and Settings\Sara\Local Settings\Temp\AC8.tmp
Present !! : C:\Documents and Settings\Sara\Local Settings\Temp\AC9.tmp
Present !! : C:\Documents and Settings\Sara\Local Settings\Temp\ACA.tmp
Present !! : C:\Documents and Settings\Sara\Local Settings\Temp\ACB.tmp
Present !! : C:\Documents and Settings\Sara\Local Settings\Temp\ACC.tmp
Present !! : C:\Documents and Settings\Sara\Local Settings\Temp\ACD.tmp
Present !! : C:\Documents and Settings\Sara\Local Settings\Temp\ACE.tmp
Present !! : C:\Documents and Settings\Sara\Local Settings\Temp\ACF.tmp
Present !! : C:\Documents and Settings\Sara\Local Settings\Temp\afl.log
Present !! : C:\Documents and Settings\Sara\Local Settings\Temp\alm.log
Present !! : C:\Documents and Settings\Sara\Local Settings\Temp\amt.log
Present !! : C:\Documents and Settings\Sara\Local Settings\Temp\dw.log
Present !! : C:\Documents and Settings\Sara\Local Settings\Temp\gps.pdf
Present !! : C:\Documents and Settings\Sara\Local Settings\Temp\mac.txt
Present !! : C:\Documents and Settings\Sara\Local Settings\Temp\pp.doc
Present !! : C:\Documents and Settings\Sara\Local Settings\Temp\VP6.reg
Present !! : C:\Documents and Settings\Sara\Local Settings\Temp\WT1.tmp
Present !! : C:\Documents and Settings\Sara\Local Settings\Temp\WT2.tmp
Present !! : C:\Documents and Settings\Sara\Local Settings\Temp\WT9.tmp
Present !! : C:\Documents and Settings\Sara\Local Settings\Temp\WTA.tmp
Present !! : C:\Documents and Settings\Sara\Local Settings\Temp\WTB.tmp
Present !! : C:\Documents and Settings\Sara\Local Settings\Temp\WTC.tmp
Present !! : C:\Documents and Settings\Sara\Local Settings\Temp\WTE.tmp
Present !! : C:\Documents and Settings\Sara\Local Settings\Temp\WTF.tmp
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\dotnetfx.exe
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\EAD10.exe
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\EAD11.exe
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\EAD12.exe
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\EAD13.exe
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\EAD14.exe
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\EAD15.exe
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\EAD16.exe
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\EAD17.exe
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\EAD18.exe
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\EAD19.exe
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\EAD1A.exe
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\EAD1B.exe
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\EAD1C.exe
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\EAD1D.exe
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\EAD1E.exe
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\EAD1F.exe
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\EAD20.exe
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\EAD21.exe
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\EAD22.exe
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\EAD23.exe
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\EAD24.exe
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\EAD25.exe
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\EAD26.exe
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\EAD27.exe
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\EAD28.exe
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\EAD29.exe
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\EAD2A.exe
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\EAD2B.exe
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\EAD2C.exe
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\EAD2D.exe
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\EAD2E.exe
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\EAD4.exe
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\EAD5.exe
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\EAD6.exe
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\EAD7.exe
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\EAD8.exe
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\EAD9.exe
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\EADA.exe
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\EADB.exe
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\EADC.exe
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\EADD.exe
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\EADE.exe
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\EADF.exe
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\eauninstall.exe
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\First15.exe
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\jre-6u13-windows-i586-p-iftw.exe
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\jre-6u20-windows-i586-iftw-rv.exe
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\setup_wm.exe
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\Sims2_uninst.exe
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\VP6Install.exe
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp_myclubvaio.exe
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\Perflib_Perfdata_15c.dat
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\Perflib_Perfdata_194.dat
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\Perflib_Perfdata_1ac.dat
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\Perflib_Perfdata_1e4.dat
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\Perflib_Perfdata_200.dat
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\Perflib_Perfdata_2c0.dat
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\Perflib_Perfdata_324.dat
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\Perflib_Perfdata_49c.dat
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\Perflib_Perfdata_568.dat
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\Perflib_Perfdata_574.dat
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\Perflib_Perfdata_644.dat
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\Perflib_Perfdata_648.dat
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\Perflib_Perfdata_680.dat
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\Perflib_Perfdata_77c.dat
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\Perflib_Perfdata_7ec.dat
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\Perflib_Perfdata_7f4.dat
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\Perflib_Perfdata_880.dat
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\Perflib_Perfdata_8f4.dat
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\Perflib_Perfdata_96c.dat
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\Perflib_Perfdata_9cc.dat
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\Perflib_Perfdata_9fc.dat
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\Perflib_Perfdata_aac.dat
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\Perflib_Perfdata_abc.dat
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\Perflib_Perfdata_b14.dat
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\Perflib_Perfdata_bcc.dat
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\Perflib_Perfdata_be8.dat
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\Perflib_Perfdata_bf0.dat
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\Perflib_Perfdata_c1c.dat
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\Perflib_Perfdata_c4.dat
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\Perflib_Perfdata_cd0.dat
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\Perflib_Perfdata_d58.dat
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\Perflib_Perfdata_d7c.dat
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\Perflib_Perfdata_d98.dat
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\Perflib_Perfdata_de4.dat
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\Perflib_Perfdata_e50.dat
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\Perflib_Perfdata_e68.dat
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\Perflib_Perfdata_e90.dat
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\Perflib_Perfdata_ed4.dat
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\Perflib_Perfdata_f50.dat
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\Perflib_Perfdata_f58.dat
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\Perflib_Perfdata_f5c.dat
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\Perflib_Perfdata_f60.dat
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\Perflib_Perfdata_f84.dat
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\Perflib_Perfdata_f98.dat
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\Perflib_Perfdata_fb8.dat
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\AutoRunGUI.dll
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\UninstallEADM.dll
Present !! : C:\Documents and Settings\Sara\LOCAL Settings\Temp\VP6VFW.dll

¤¤¤¤¤¤¤¤¤¤ Keys :

Present !! : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar : {32099AAC-C132-4136-9E9A-4E364A424E17}
Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {0E5CBF21-D15F-11D0-8301-00AA005B4383}
Present !! : “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe”
Present !! : HKCR\CLSID{0055c089-8582-441b-a0bf-17b458c2a3a8}
Present !! : HKLM\Software\Classes\Interface{DB885111-F39F-4D88-9EE5-C88460B6DF7B}
Present !! : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NDISRD
Present !! : HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_NDISRD
Present !! : HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_NDISRD
Present !! : HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_NDISRD

============

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2010-05-13 13:03:30
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes …

scanning hidden services …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, www.gmer.net…

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spap.sys >>UNKNOWN [0x87586938]<<
kernel: MBR read successfully
user & kernel MBR OK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled REG_DWORD 1 (0x1)
UpdatesDisableNotify REG_DWORD 0 (0x0)
AntiVirusOverride REG_DWORD 0 (0x0)
FirewallOverride REG_DWORD 0 (0x0)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

End of scan : 13:03:31,89

Merçi >> Senosen pour cette remarque ,d habitude je vérifie ,mais !! :super:
Rectifié !!!

brown_voodoook continue
[/quote]

Par rapport aux h manquants, je pense qu’il en manque dans chacun de tes liens rouges, je les avais rajoutés à chaque fois. Je pensais que c’était une précaution de ta part (ou quelque chose comme ça).

Je te préviens au cas où tu voudrais aider d’autres petits miséreux comme moi qui ne savent pas nettoyer leurs ordis!

Merci encore pour toutes tes précieuses indications!!!
Edité le 13/05/2010 à 13:33

Re

exact,quand j utilse Google Chrome et que je ne verifie pas le lien ,ça me le fait !!Autant pour moi

• Relance List_Kill’em( clic droit “executer en tant qu’administrateur” pour vista/7),avec le raccourci sur ton bureau.
• cette fois-ci :
• choisis l’option >> CLEAN
• ton PC va redemarrer,
• laisse travailler l’outil.
• en fin de scan la fenêtre se ferme , et tu as un rapport du nom de Kill’em.txt sur ton bureau ,
• colle le contenu dans ta reponse
• Héberge le rapport sur ce site,

Cijoint.fr

ensuite

• télécharges et installes Ccleaner

Ccleaner

• Une fois sur le bureau, clic sur l’install de CCleaner.

• Ensuite, clique sur Options ==> Avancé et décoche la case
  * Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures

• Clique sur l’onglet ==> Nettoyeur puis sur ==>Lancer le Nettoyage.

• Ensuite clique sur l’icone==> Registre , à droite, clique sur ==>Chercher des erreurs" puis sur "Réparer les erreurs sélectionnées.

• Accepte la sauvegarde, de la BDR (base de registre )qu’il propose

• Je te conseille de le repasser au moins deux fois,(ou + jusqu’à qu’il ne trouve plus d’erreurs.)

• Redémarres ton PC

• Poste un nouveau RSIT

• Comment va ton PC

Alors voici le rapport Kill’em : www.cijoint.fr…

Et voici le rapport RSIT :

• le fichier log : www.cijoint.fr…
• le fichier info : www.cijoint.fr…

Re

1. Ton log RSIT est correct

2. Mets à jour Explorer

Internet Explorer

3) Important >>Rends toi ici pour Vérifier l’installation de Java

Version Java

4. Installe ce Soft qui te tiendra au courant des mises à jour de tes Logiciels installés

Secunia Personal Software Inspector

Fais les mises à jour proposées car il y en a à faire sur ton PC

4)Comment va ton PC

5. Télécharges ToolsCleaner de A.Rothstein
   .pour enlever les programmes utilisés pendant la procédure.

ToolsCleaner de A.Rothstein

. Enregistres ToolsCleaner2.exe sur le Bureau.
. Double-cliquer dessus, puis cliquer sur Recherche ==> Le programme va chercher les utilitaires installé
.Il se peut que la fenêtre devienne blanche pendant le scan, c’est normal !
.Copier-coller le contenu du rapport qui apparait dans la fenêtre blanche.
. Lorsque la recherche est terminée ToolsCleaner affiche une liste des différents outils trouvés,
. poste le rapport

Reviens pour la suite

@+
Edité le 13/05/2010 à 19:36

J’en suis aux mises à jour!

Cela fait deux fois que je te vois poster “comment va ton PC”, du coup je me demande ce que je dois dire ? Est-ce qu’il a explosé ? Est-ce qu’il résiste aux changements ?

A priori il va bien, enfin je crois!
Edité le 13/05/2010 à 20:51

Re

ok ,continue et reviens aprés

explosé je ne sais pas :lol:
c est normal ,pour savoir s il n y a pas de sympthômes ou autres probs

@+
Edité le 13/05/2010 à 21:13

Il y a trois éléments qui ne veulent décidément pas être mis à jour : avast, divx player et windows XP…

Je les ai téléchargés au moins cinq fois! J’ai redémarré etc etc. Je pense que c’est rapé, alors je passe directement à l’étape suivante!

Et voici le rapport de Toolscleaner :

[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

–> Recherche:

C:\UsbFix.txt: trouvé !
C:\UsbFix: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\Sara\Bureau\Rsit.exe: trouvé !
C:\Documents and Settings\Sara\Mes documents\Téléchargements\UsbFix.exe: trouvé !
C:\Hijack this\HijackThis.exe: trouvé !
C:\Hijack this\hijackthis.log: trouvé !
C:\Program Files\List_Kill’em\catchme.exe: trouvé !
C:\Program Files\List_Kill’em\mbr.exe: trouvé !
C:\Program Files\trend micro\HijackThis.exe: trouvé !
C:\Program Files\trend micro\hijackthis.log: trouvé !
Edité le 13/05/2010 à 23:42