Je suis rempli d espion ou de troyens

Salut,

Installe déjà un anti-virus et un pare-feu pour etre tranquille !

Avast:(anti-virus gratuit)
Avast Antivirus

Kerio:(pare-feu gratuit)
Pare-feu Kerio
-tutoriel: pour configurer et comprendre Kerio
http://kerio.probb.fr/


Fais ce scan anti-virus en ligne et colles le rapport ici une fosi qu'il a finit avec un nouveau rapport hijackthis stp

http://www.bitdefender.com/scan8/ie.html

C'est en forgeant que l'on devient forgeron ;-)

Salut.

Ben évidemment : t'as ni antivirus, ni firewall ....
après ca faut pas t'étonner d'avoir des virus

voir http://sebsauvage.net/safehex.html
~- < | JIGÉGÉ | > -~

il y a pas lontemps j ai trouvé un win32 spybot nlx

vous rigoler la jesper ?loool si j en ai pas c est pour une bonne raison non?c est parce qu on me la demandé ca ma fait un pe de nettoyage car si vous le gars m a infecté deja le telechargement avec un adware mediapipe puis l installation des logiciels dans msi et la desinstallation des logiciels sinon j avais tout avan javai zone alarm ewido a2 free et spybot quelque fois j allais sur le net secuser.com mais le mek il ma envoyé quand meme ca
et a2 squared le detecte sinon aussi
**** Run Keys ****

RUN: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
RUN: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
RUN: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
RUN: [WooCnxMon]
RUN: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background


**** Browser Helper Objects ****



**** IE Toolbars ****



**** IE Extensions ****



**** Hosts File Entries ****



**** IE Settings ****

Default Page: http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default Search: http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Local Page: \blank.htm
Search Page: http://www.msn.com/access/allinone.asp


**** IE Context Menu (Right click) ****



**** Layered Service Providers ****

LSP: imslsp/1144400931 over [CA ISafe LSP over [MSAFD Tcpip [TCP/IP]]]
LSP: imslsp/1144400931 over [CA ISafe LSP over [MSAFD Tcpip [UDP/IP]]]
LSP: imslsp/1144400931 over [MSAFD Tcpip [TCP/IP]]
LSP: imslsp/1144400931 over [MSAFD Tcpip [UDP/IP]]
LSP: CA ISafe LSP over [MSAFD Tcpip [TCP/IP]]
LSP: CA ISafe LSP over [MSAFD Tcpip [UDP/IP]]
LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: RSVP UDP Service Provider
LSP: RSVP TCP Service Provider
LSP: MSAFD nwlnkipx [IPX]
LSP: MSAFD nwlnkspx [SPX]
LSP: MSAFD nwlnkspx [SPX] [Pseudo Stream]
LSP: MSAFD nwlnkspx [SPX II]
LSP: MSAFD nwlnkspx [SPX II] [Pseudo Stream]
LSP: MSAFD NetBIOS [\Device\NwlnkNb] SEQPACKET 3
LSP: MSAFD NetBIOS [\Device\NwlnkNb] DATAGRAM 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3BBF674C-1113-41D3-B7DF-E12A5AB9EF53}] SEQPACKET 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3BBF674C-1113-41D3-B7DF-E12A5AB9EF53}] DATAGRAM 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FB458613-4778-4C16-92F4-0450C437C848}] SEQPACKET 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FB458613-4778-4C16-92F4-0450C437C848}] DATAGRAM 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{74046427-157B-460E-8CF1-35C9520B9896}] SEQPACKET 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{74046427-157B-460E-8CF1-35C9520B9896}] DATAGRAM 2


**** Blocked Control Panel Items ****

BLOCKED: [ncpa.cpl] No
BLOCKED: [odbccp32.cpl] No


**** Downloaded Program Files ****



**** Windows Services ****

[Alerter] %SystemRoot%\System32\svchost.exe -k LocalService
[ALG] %SystemRoot%\System32\alg.exe
[AppMgmt] %SystemRoot%\system32\svchost.exe -k netsvcs
[aspnet_state] %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
[AudioSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[BITS] %SystemRoot%\System32\svchost.exe -k netsvcs
[Browser] %SystemRoot%\System32\svchost.exe -k netsvcs
[CAISafe] C:\WINDOWS\system32\ZoneLabs\isafe.exe
[CiSvc] %SystemRoot%\system32\cisvc.exe
[ClipSrv] %SystemRoot%\system32\clipsrv.exe
[COMSysApp] C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
[CryptSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[DcomLaunch] %SystemRoot%\system32\svchost -k DcomLaunch
[Dhcp] %SystemRoot%\System32\svchost.exe -k netsvcs
[dmadmin] %SystemRoot%\System32\dmadmin.exe /com
[dmserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[Dnscache] %SystemRoot%\System32\svchost.exe -k NetworkService
[ERSvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[Eventlog] %SystemRoot%\system32\services.exe
[EventSystem] C:\WINDOWS\System32\svchost.exe -k netsvcs
[ewido security suite control] C:\Program Files\ewido anti-malware\ewidoctrl.exe
[FastUserSwitchingCompatibility] %SystemRoot%\System32\svchost.exe -k netsvcs
[Fax] %systemroot%\system32\fxssvc.exe
[FTRTSVC] C:\WINDOWS\System32\FTRTSVC.exe
[helpsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[HidServ] %SystemRoot%\System32\svchost.exe -k netsvcs
[HTTPFilter] %SystemRoot%\System32\svchost.exe -k HTTPFilter
[IDriverT] "C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"
[ImapiService] C:\WINDOWS\System32\imapi.exe
[lanmanserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[lanmanworkstation] %SystemRoot%\System32\svchost.exe -k netsvcs
[LmHosts] %SystemRoot%\System32\svchost.exe -k LocalService
[LPDSVC] %SystemRoot%\System32\tcpsvcs.exe
[Messenger] %SystemRoot%\System32\svchost.exe -k netsvcs
[mnmsrvc] C:\WINDOWS\System32\mnmsrvc.exe
[MSDTC] C:\WINDOWS\System32\msdtc.exe
[MSIServer] C:\WINDOWS\System32\msiexec.exe /V
[NetDDE] %SystemRoot%\system32\netdde.exe
[NetDDEdsdm] %SystemRoot%\system32\netdde.exe
[Netlogon] %SystemRoot%\System32\lsass.exe
[Netman] %SystemRoot%\System32\svchost.exe -k netsvcs
[Nla] %SystemRoot%\System32\svchost.exe -k netsvcs
[NtLmSsp] %SystemRoot%\System32\lsass.exe
[NtmsSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[NVSvc] %SystemRoot%\System32\nvsvc32.exe
[PavPrSrv] "C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe"
[PlugPlay] %SystemRoot%\system32\services.exe
[PolicyAgent] %SystemRoot%\System32\lsass.exe
[ProtectedStorage] %SystemRoot%\system32\lsass.exe
[RasAuto] %SystemRoot%\System32\svchost.exe -k netsvcs
[RasMan] %SystemRoot%\System32\svchost.exe -k netsvcs
[RDSessMgr] C:\WINDOWS\system32\sessmgr.exe
[RemoteAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[RpcLocator] %SystemRoot%\System32\locator.exe
[RpcSs] %SystemRoot%\system32\svchost -k rpcss
[RSVP] %SystemRoot%\System32\rsvp.exe
[SamSs] %SystemRoot%\system32\lsass.exe
[SCardSvr] %SystemRoot%\System32\SCardSvr.exe
[Schedule] %SystemRoot%\System32\svchost.exe -k netsvcs
[seclogon] %SystemRoot%\System32\svchost.exe -k netsvcs
[SENS] %SystemRoot%\system32\svchost.exe -k netsvcs
[SharedAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[ShellHWDetection] %SystemRoot%\System32\svchost.exe -k netsvcs
[Spooler] %SystemRoot%\system32\spoolsv.exe
[spupdsvc] C:\WINDOWS\system32\spupdsvc.exe
[srservice] %SystemRoot%\System32\svchost.exe -k netsvcs
[SSDPSRV] %SystemRoot%\System32\svchost.exe -k LocalService
[stisvc] %SystemRoot%\System32\svchost.exe -k imgsvc
[SwPrv] C:\WINDOWS\System32\dllhost.exe /Processid:{C4798664-C900-47C5-B3C3-98CB7EEAA115}
[SysmonLog] %SystemRoot%\system32\smlogsvc.exe
[TapiSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[TermService] %SystemRoot%\System32\svchost -k DComLaunch
[Themes] %SystemRoot%\System32\svchost.exe -k netsvcs
[TrkWks] %SystemRoot%\system32\svchost.exe -k netsvcs
[UMWdf] C:\WINDOWS\system32\wdfmgr.exe
[upnphost] %SystemRoot%\System32\svchost.exe -k LocalService
[UPS] %SystemRoot%\System32\ups.exe
[vsmon] C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service
[VSS] %SystemRoot%\System32\vssvc.exe
[W32Time] %SystemRoot%\System32\svchost.exe -k netsvcs
[WebClient] %SystemRoot%\System32\svchost.exe -k LocalService
[winmgmt] %systemroot%\system32\svchost.exe -k netsvcs
[WmdmPmSN] %SystemRoot%\System32\svchost.exe -k netsvcs
[WmiApSrv] C:\WINDOWS\System32\wbem\wmiapsrv.exe
[wuauserv] %systemroot%\system32\svchost.exe -k netsvcs
[WZCSVC] %SystemRoot%\System32\svchost.exe -k netsvcs
[xmlprov] %SystemRoot%\System32\svchost.exe -k netsvcs


**** Custom IE Search Items ****

SEARCH: [SearchAssistant] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
SEARCH: [CustomizeSearch] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
SEARCH: [Default_Search_URL] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch


**** Complete IE Options ****

IEOPT: [NoUpdateCheck]
IEOPT: [NoJITSetup]
IEOPT: [Disable Script Debugger] yes
IEOPT: [Show_ChannelBand] No
IEOPT: [Anchor Underline] yes
IEOPT: [Cache_Update_Frequency] Once_Per_Session
IEOPT: [Display Inline Images] yes
IEOPT: [Do404Search]
IEOPT: [Save_Session_History_On_Exit] no
IEOPT: [Show_FullURL] no
IEOPT: [Show_StatusBar] yes
IEOPT: [Show_ToolBar] yes
IEOPT: [Show_URLinStatusBar] yes
IEOPT: [Show_URLToolBar] yes
IEOPT: [Start Page] about:blank
IEOPT: [Use_DlgBox_Colors] yes
IEOPT: [Window_Placement] ,
IEOPT: [Use Custom Search URL]
IEOPT: [Use FormSuggest] yes
IEOPT: [Error Dlg Displayed On Every Error] no
IEOPT: [ShowedCheckBrowser] Yes
IEOPT: [Check_Associations] Yes
IEOPT: [FullScreen] no
IEOPT: [NotifyDownloadComplete] yes
IEOPT: [FormSuggest PW Ask] no
IEOPT: [AddToFavoritesExpanded]
IEOPT: [Search Page] http://www.msn.com/access/allinone.asp
IEOPT: [Default_Search_URL] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IEOPT: [AutoSearch]
IEOPT: [Local Page] \blank.htm
IEOPT: [Window Title] Wanadoo
IEOPT: [Enable_Disk_Cache] yes
IEOPT: [Cache_Percent_of_Disk]
IEOPT: [Delete_Temp_Files_On_Exit] yes
IEOPT: [Anchor_Visitation_Horizon]
IEOPT: [Use_Async_DNS] yes
IEOPT: [Placeholder_Width]
IEOPT: [Placeholder_Height]
IEOPT: [Start Page] http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IEOPT: [CompanyName] Microsoft Corporation
IEOPT: [Custom_Key] MICROSO
IEOPT: [Wizard_Version] 6.00.2800.1017
IEOPT: [FullScreen] no
IEOPT: [Default_Page_URL] http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IEOPT: [Default_Search_URL] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IEOPT: [Search Page] http://www.msn.com/access/allinone.asp
IEOPT: [Local Page] \blank.htm
IEOPT: [BigBitmap] C:\PROGRA~1\Wanadoo\static38.bmp
IEOPT: [SmallBitmap] C:\PROGRA~1\Wanadoo\static22.bmp

si vous voulez plus j installe de logiciels et plus ca m infecte apparemment

Salut.

Oui, et alors ?
Normal, si t'as pas d'anti-virus !

zone alarm ewido a2 free et spybot ne sont PAS des anti-virus, mon grand !

Et je crois qu'ils rigolent du tout, au-dessus, là ! Sur CCM, on essaie d'être "sérieux", et de donner des conseils "sérieux".
Ca m'étonenrait d'ailleurs que Secuser t'ait envoyé tout ce que tu nous listes là ; c'est un site sérieux et clean, aussi, et ce depuis des années.

Cela dit, as-tu suivi les liens donnés au < 1 > et au < 2 > ?
Y'a toutes les infos basiques sur la sécurité.

Et pour ton log Hijack, on va s'en occuper, mais c'est désespéré : si tu fais rien, ton PC va à nouveau être vérolé dans les huit minutes.

Alors, bon, tu veux pas mettre d'antivirus ni de firewall, c'est ton choix, t'es majeur et vacciné, c'est ton PC, tu es complètement libre, tu en fais ce que tu veux, mais bon, faut pas t'étonner après et revenir pleurer dès ce soir avec une liste encore plus longue ....
Mais bon, ça te regarde....



A propos "si j en ai pas c est pour une bonne raison non?c est parce qu on me la demandé " : on peut savoir QUEL est l'artiste qui t'a demandé de faire ça ????
-=O(_BmV_)O=- L'amour comme épée, l'humour comme bouclier
      ||       ||

et ca pas un antivirus? mdr

Logfile of HijackThis v1.99.1
Scan saved at 12:00:25, on 07/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\spupdsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spnpinst.exe
C:\WINDOWS\system32\Sysocmgr.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [WinAntiVirusPro2006] "C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O10 - Unknown file in Winsock LSP: c:\program files\winantivirus pro 2006\mailscan.dll
O10 - Unknown file in Winsock LSP: c:\program files\winantivirus pro 2006\mailscan.dll
O10 - Unknown file in Winsock LSP: c:\program files\winantivirus pro 2006\mailscan.dll
O10 - Unknown file in Winsock LSP: c:\program files\winantivirus pro 2006\mailscan.dll
O10 - Unknown file in Winsock LSP: c:\program files\winantivirus pro 2006\mailscan.dll
O10 - Unknown file in Winsock LSP: c:\program files\winantivirus pro 2006\mailscan.dll
O10 - Unknown file in Winsock LSP: c:\program files\winantivirus pro 2006\mailscan.dll
O10 - Unknown file in Winsock LSP: c:\program files\winantivirus pro 2006\mailscan.dll
O10 - Unknown file in Winsock LSP: c:\program files\winantivirus pro 2006\mailscan.dll
O10 - Unknown file in Winsock LSP: c:\program files\winantivirus pro 2006\mailscan.dll
O10 - Unknown file in Winsock LSP: c:\program files\winantivirus pro 2006\mailscan.dll
O10 - Unknown file in Winsock LSP: c:\program files\winantivirus pro 2006\mailscan.dll
O10 - Unknown file in Winsock LSP: c:\program files\winantivirus pro 2006\mailscan.dll
O10 - Unknown file in Winsock LSP: c:\program files\winantivirus pro 2006\mailscan.dll
O10 - Unknown file in Winsock LSP: c:\program files\winantivirus pro 2006\mailscan.dll
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0BD981B-DC06-4912-BB1C-327A9C6F9516}: NameServer = 80.10.246.1 80.10.246.132
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Firewall service (FWSvc) - WinSoftware, Ltd. - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


c est comme le port salut c est ecrit dessus je sais ce que c est ce sont des anti troyen anti malware et anti spyware

Lis bien sur mes lèvres : zone alarm, ewido, a2 free ,et spybot ne sont PAS des anti-virus !

Je constate cependant avec plaisir qu'entre ton premier log et celui-ci tu as installé ou réactivé l'antivirus Windows et Zone Alarm.
C'est un début.

Cela dit, si tu t'y connais si bien que ça, pourquoi tu viens poser tes problèmes ici ?

Tchao !
-=O(_BmV_)O=- L'amour comme épée, l'humour comme bouclier
      ||       ||

Arrêtes un peu de faire ton mâlin ! t'es pas content on te retient pas ! ecoute les personnes qui sont plus "calés" que toi au lieu de jouer les cyber rebelles.

O4 - HKLM\..\Run: [WinAntiVirusPro2006] "C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe"

si c'est ça ton anti-virus revois tes connaissances ;-)

C'est en forgeant que l'on devient forgeron ;-)

la en fait c est les desinstalation des logiciels
bon a la base si vous voulez il y avait plus de chose car on ma di de desinstaller tout ce qui etait securité je lai fait et il me resté wanadoo et kb

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-03-30 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-04-01 Includes\Cookies.sbi
2006-04-01 Includes\Dialer.sbi
2006-04-01 Includes\Hijackers.sbi
2006-04-01 Includes\Keyloggers.sbi
2004-11-29 Includes\LSP.sbi
2006-04-01 Includes\Malware.sbi
2006-04-01 Includes\PUPS.sbi
2006-04-01 Includes\Revision.sbi
2006-04-01 Includes\Security.sbi
2006-04-01 Includes\Spybots.sbi
2005-02-17 Includes\Tracks.uti
2006-04-01 Includes\Trojans.sbi

a-squared Free 1.6.5 1.6 (a-squared Free_is1)
install location: C:\Program Files\a-squared\
uninstall cmd: "C:\Program Files\a-squared\unins000.exe"
publisher: Emsi Software GmbH
comments: a-squared
help link: http://forum.emsisoft.com

Outil de connexion Wanadoo (EspaceWanadoo.exe)
uninstall cmd: C:\PROGRA~1\Wanadoo\MessageDesinstallation.exe Wanadoo

ewido anti-malware (ewidoantimalware)
install location: C:\Program Files\ewido anti-malware
uninstall cmd: C:\Program Files\ewido anti-malware\Uninstall.exe
publisher: ewido networks
help link: http://www.ewido.net

Navigateur Wanadoo (FranceTelecomUninstall_FTBrowser)
install location: C:\PROGRA~1\Wanadoo\WOOBrowser
uninstall cmd: C:\PROGRA~1\Wanadoo\Shell.exe inst\uninst_FTBrowser.shl

HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.

(KB905915)

4.8.0.6787 (MailFrontier Desktop)
publisher: MailFrontier

WinAntiVirus Pro 2006 2.0.175.0 (WA6P_is1)
install location: C:\Program Files\WinAntiVirus Pro 2006\
uninstall cmd: "C:\Program Files\WinAntiVirus Pro 2006\pv.exe"
publisher: WinSoftware, Ltd.
help link: http://fr.winsoftware.com

ZoneAlarm Security Suite 6.1.744.001 (ZoneAlarm Security Suite)
uninstall cmd: C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
publisher: Zone Labs, Inc
help link: C:\Program Files\Zone Labs\ZoneAlarm\Aide\zaclients.chm

"on ma di de desinstaller tout ce qui etait securité" : mais p**$ de bor*$ùù* de $ù§§* , QUI t'a dit de désinstaller tout ça ?

QUI ???????


Bon.
Allez.
Stop.

On va pas te faire un laïus là dessus, tu ne réponds pas à nos questions, tu sais tout mieux que tout le monde (à part que tu confonds tout, les AV, les antispy, les programmes, les process normaux, les infections, etc.) , alors tu fais comme tu veux avec ton PC.

Encore une fois, va voir ici http://sebsauvage.net/safehex.html (parce que je suis certain que t'es pas allé lire ...)
-=O(_BmV_)O=- L'amour comme épée, l'humour comme bouclier
      ||       ||

Bonjour tout le monde,

benjamin66, la personne ou le forum qui t'as demandé de désinstaller ce qui était en rapport avec la sécurité de ton PC n'était pas digne de confiance.

Par contre, notre forum CCM est digne de confiance - tu peux nous poser des questions tout en restant très poli.

Pour commencer, visite la page que BmV s'efforce de te montrer depuis un certain temps, histoire de voir le minimum que tu devrais posséder pour sécuriser ton PC.

Avec notre collaboration, tu devrais parvenir à guérir ton PC, mais tout dépend de Toi ;)

Courage man ^^
Voici le "H" comme Hip Hop, voir Profil

bin c est un gars sur un autre site mais qui fais les memes chose que vous quoi je crois que forum.telecharger.01net.com/.../securite_virus_et_assimiles/­virus/sos______gchris-395608/messages-1.html

C'est en forgeant que l'on devient forgeron ;-)

pas gchris mais un otr gars qui est sur leur site

C'est en forgeant que l'on devient forgeron ;-)

par contre une fois un programme ma detecté tout ca

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 25/03/2006 00:32:56 176709 C:\WINDOWS\tsc.exe
PECompact2 25/03/2006 00:32:56 17265523 C:\WINDOWS\VPTNFILE.283
qoologic 25/03/2006 00:32:56 17265523 C:\WINDOWS\VPTNFILE.283
SAHAgent 25/03/2006 00:32:56 17265523 C:\WINDOWS\VPTNFILE.283
UPX! 25/03/2006 00:32:56 1077328 C:\WINDOWS\vsapi32.dll
aspack 25/03/2006 00:32:56 1077328 C:\WINDOWS\vsapi32.dll

Checking %System% folder...
UPX! 28/01/2006 00:38:10 503296 C:\WINDOWS\SYSTEM32\aswBoot.exe
aspack 18/03/2005 17:19:58 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll
aspack 26/05/2005 15:34:52 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll
PEC2 02/08/2003 07:23:30 41131 C:\WINDOWS\SYSTEM32\dfrg.msc
aspack 04/08/2004 01:54:16 733184 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 04/08/2004 01:54:38 685056 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 02/08/2003 06:30:18 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
PTech 03/08/2004 23:41:38 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
04/04/2006 10:09:06 S 2048 C:\WINDOWS\bootstat.dat
25/03/2006 10:53:32 RHS 310568 C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_10.cab
31/03/2006 17:29:44 H 4212 C:\WINDOWS\system32\zllictbl.dat
04/04/2006 11:34:24 H 1024 C:\WINDOWS\system32\config\default.LOG
31/03/2006 16:48:34 H 0 C:\WINDOWS\system32\config\default_TU_43374.LOG
04/04/2006 10:09:06 H 1024 C:\WINDOWS\system32\config\SAM.LOG
31/03/2006 16:48:36 H 0 C:\WINDOWS\system32\config\SAM_TU_85643.LOG
04/04/2006 10:10:44 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG
31/03/2006 16:48:34 H 0 C:\WINDOWS\system32\config\SECURITY_TU_42581.LOG
04/04/2006 11:48:02 H 1024 C:\WINDOWS\system32\config\software.LOG
31/03/2006 16:48:34 H 0 C:\WINDOWS\system32\config\software_TU_81178.LOG
04/04/2006 11:48:46 H 1024 C:\WINDOWS\system32\config\system.LOG
31/03/2006 16:48:34 H 0 C:\WINDOWS\system32\config\system_TU_91266.LOG
30/03/2006 14:53:38 H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
23/03/2006 10:26:24 H 262144 C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
23/03/2006 10:26:24 H 1024 C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
23/03/2006 10:33:56 RHS 4266 C:\WINDOWS\system32\drivers\HP_DQ054A-ABF t329.fr_YC_Pavi_QCZB345_E34FRheBLT2_4_IA7N8X-LA_SASUSTeK Computer INC._VRev 1.xx_B3.07_T031015_W1_L40C_M768_J164_7AMD_8Athlon XP 2600+_91,91_110DE006E_N10DE0066_P_Z14F12F00_K_A10DE006A_U10DE0067_G10025961.MRK
23/03/2006 10:28:22 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\1275afed-20bc-481d-aa9a-9083ebb592fe
23/03/2006 10:28:22 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\cf9e110c-03e7-4c9c-a5d2-32f53df741c8
23/03/2006 10:28:22 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\f08bc652-9fb0-41cb-b554-3e0a91ed702e
23/03/2006 10:28:22 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
04/04/2006 10:09:08 H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 04/08/2004 01:55:04 71680 C:\WINDOWS\SYSTEM32\access.cpl
Realtek Semiconductor Corp. 27/06/2003 21:40:32 8606208 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation 04/08/2004 01:55:04 555008 C:\WINDOWS\SYSTEM32\appwiz.cpl
21/12/2005 13:10:46 69632 C:\WINDOWS\SYSTEM32\av.cpl
Microsoft Corporation 04/08/2004 01:55:04 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 04/08/2004 01:55:04 138240 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 04/08/2004 01:55:04 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 04/08/2004 01:55:04 157184 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Intel Corporation 07/04/2003 07:14:30 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Microsoft Corporation 04/08/2004 01:55:04 359936 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 04/08/2004 01:55:04 134144 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 04/08/2004 01:55:04 380928 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 04/08/2004 01:55:04 70144 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems 20/02/2003 23:42:34 229487 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 02/08/2003 08:16:22 189952 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 04/08/2004 01:55:04 626176 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 02/08/2003 10:31:58 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 04/08/2004 01:55:04 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 04/08/2004 01:55:04 261120 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 02/05/2003 23:19:00 143360 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 04/08/2004 01:55:04 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 04/08/2004 01:55:04 118272 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 04/08/2004 01:55:04 305152 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 02/08/2003 18:38:20 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 04/08/2004 01:55:04 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 04/08/2004 01:55:04 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 26/05/2005 05:16:32 175896 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 02/08/2003 08:16:22 189952 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 02/08/2003 10:31:58 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 02/08/2003 18:38:20 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
05/08/2003 13:11:26 HS 84 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini

Checking files in %ALLUSERSPROFILE%\Application Data folder...
23/03/2006 14:29:00 305 C:\Documents and Settings\All Users\Application Data\addr_file.html
05/08/2003 14:02:42 HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
27/03/2006 11:35:42 1509 C:\Documents and Settings\All Users\Application Data\hpzinstall.log

Checking files in %USERPROFILE%\Startup folder...
05/08/2003 13:11:26 HS 84 C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
05/08/2003 14:02:42 HS 62 C:\Documents and Settings\Propriétaire\Application Data\desktop.ini

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
Wanadoo 7.1 ; NaviWoo1.1 = IEAKFT
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido anti-malware\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ShellExtension
{1AC5C88A-DEA7-462b-A232-04AF5CA42E7E} = C:\Program Files\WinAntiVirus Pro 2006\WAV6COM.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Épingle du menu Démarrer = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
= C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\a2ContMenu
{AB77609F-2178-4E6F-9C4B-44AC179D937A} = C:\PROGRA~1\A-SQUA~1\A2CONT~1.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
= C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido anti-malware\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ShellExtension
{1AC5C88A-DEA7-462b-A232-04AF5CA42E7E} = C:\Program Files\WinAntiVirus Pro 2006\WAV6COM.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7D4D6379-F301-4311-BEBA-E26EB0561882}
= C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Astuce du jour = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} = :
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Liens : %SystemRoot%\system32\SHELL32.dll
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
WinAntiVirusPro2006 C:\Program Files\WinAntiVirus Pro 2006\winav.exe /min

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
msnmsgr "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
Steam "C:\Program Files\Steam\Steam.exe" -silent

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PS2
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ps2
hkey HKLM
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ps2
hkey HKLM
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Skype
hkey HKCU
command "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Skype
hkey HKCU
command "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item
hkey HKCU
command
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item
hkey HKCU
command
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WooCnxMon
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item
hkey HKCU
command
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item
hkey HKCU
command
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 2


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} =
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun •
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} =
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


<<<<<<<<<< Checking for AddOn Monitors.def information >>>>>>>>>>
Parameter line : regkey=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors;;
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors found!

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\BJ Language Monitor
Driver cnbjmon.dll


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Local Port
Driver localspl.dll


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\LPR Port
Driver lprmon.dll


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\LPR Port\Ports

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Microsoft Shared Fax Monitor
Driver FXSMON.DLL


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\PJL Language Monitor
Driver pjlmon.dll
EOJTimeout 60000


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Standard TCP/IP Port
Driver tcpmon.dll


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Standard TCP/IP Port\Ports
StatusUpdateInterval 10
StatusUpdateEnabled 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\USB Monitor
Driver usbmon.dll



<<<<<<<<<< Checking for AddOn OpenCommand.def information >>>>>>>>>>
>>>>>>>>>> Exporting Shell Open\Command entries
Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\batfile\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\batfile\shell\open\command found!
"%1" %*

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\comfile\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\comfile\shell\open\command found!
"%1" %*

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\exefile\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\exefile\shell\open\command found!
"%1" %*

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\piffile\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\piffile\shell\open\command found!
"%1" %*

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\regfile\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\regfile\shell\open\command found!
regedit.exe "%1"

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\scrfile\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\scrfile\shell\open\command found!
"%1" /S

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\vbsfile\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\vbsfile\shell\open\command found!

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\htmlfile\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\htmlfile\shell\open\command found!
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\http\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\http\shell\open\command found!
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1"

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\mp3file\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\mp3file\shell\open\command found!
"C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "%L"

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\mpegfile\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\mpegfile\shell\open\command found!
"C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:9 /Open "%L"

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\jsfile\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\jsfile\shell\open\command found!


<<<<<<<<<< Checking for AddOn Policies.def information >>>>>>>>>>

<<<<<<<<<< Checking for AddOn Qoologic.def information >>>>>>>>>>
>>>>>>>>>> Search by size and name
>>>>>>>>>> Files found by this method are not necessarily bad
>>>>>>>>>> Example PNGFILT.DLL is a windows file
Parameter line : file=%sysdir%;*.exe;150;61952;;;
File C:\WINDOWS\SYSTEM32\*.exe for today - 150 days with a size of 61952 bytes was not found!
Parameter line : file=%sysdir%;*.exe;150;7680;;;
File C:\WINDOWS\SYSTEM32\*.exe for today - 150 days with a size of 7680 bytes was not found!
Parameter line : file=%sysdir%;*.exe;150;91648;;;
File C:\WINDOWS\SYSTEM32\*.exe for today - 150 days with a size of 91648 bytes was not found!
Parameter line : file=%sysdir%;*.exe;150;81920;;;
File C:\WINDOWS\SYSTEM32\*.exe for today - 150 days with a size of 81920 bytes was not found!
Parameter line : file=%sysdir%;*.exe;150;7168;;;
File C:\WINDOWS\SYSTEM32\*.exe for today - 150 days with a size of 7168 bytes was not found!
Parameter line : file=%sysdir%;*.exe;150;65536;;;
File C:\WINDOWS\SYSTEM32\*.exe for today - 150 days with a size of 65536 bytes was not found!
Parameter line : file=%sysdir%;redit.cpl;;;;;
File C:\WINDOWS\SYSTEM32\redit.cpl was not found!
Parameter line : file=%sysdir%;conres.cpl;;;;;
File C:\WINDOWS\SYSTEM32\conres.cpl was not found!
Parameter line : file=%sysdir%;datadx.dll;;;;;
File C:\WINDOWS\SYSTEM32\datadx.dll was not found!
Parameter line : file=%sysdir%;*.dll;150;10240;;;
File C:\WINDOWS\SYSTEM32\*