Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Aide rapport combofix.

Forester

Par Forester
dans Analyses et éradication malwares

 Partager

Messages recommandés

Forester Full Patch Member

Forester

Posté(e)
Posté(e)

Bonjour à tous et bonne année 2010 pour commencer :P

 

Je suis en pleine désinfection d'un portable et j'aurais besoin d'aide pour le rapport combofix.

Je précise que les logiciels qui ne se lancaient pas avant combofix ( kaspersky et spybot) démarre à présent.

 

Le voici :

 

ComboFix 10-01-04.01 - sophie 05/01/2010 12:20:39.1.1 - x86 NETWORK

Microsoft® Windows Vista Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2037.1704 [GMT 1:00]

Lancé depuis: c:\users\sophie\Desktop\zal.exe

SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\$recycle.bin\S-1-5-21-678609302-3588580209-2036183475-500

c:\users\sophie\AppData\Roaming\inst.exe

c:\windows\system32\drivers\H8SRTptrsptetpp.sys

c:\windows\system32\H8SRTinintmsspv.dll

c:\windows\system32\H8SRTivoafocuut.dat

c:\windows\system32\H8SRTpwcmcijscp.dll

c:\windows\system32\H8SRTqbgomhbdix.dll

c:\windows\system32\muzapp.exe

c:\windows\system32\srcr.dat

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_H8SRTd.sys

-------\Legacy_H8SRTd.sys

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2009-12-05 au 2010-01-05 ))))))))))))))))))))))))))))))))))))

.

 

2010-01-05 11:27 . 2010-01-05 11:31 -------- d-----w- c:\users\sophie\AppData\Local\temp

2010-01-05 11:07 . 2010-01-05 11:06 318976 ----a-w- c:\windows\system32\CF9414.exe

2010-01-05 10:49 . 2010-01-05 10:49 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-01-05 10:46 . 2010-01-05 11:30 684256 --sha-w- c:\windows\system32\drivers\fidbox.dat

2010-01-05 10:43 . 2010-01-05 10:43 -------- d-----w- c:\program files\Spybot

2010-01-05 02:22 . 2008-07-08 13:54 148496 ----a-w- c:\windows\system32\drivers\35028542.sys

2010-01-04 22:44 . 2009-01-18 21:35 15688 ----a-w- c:\windows\system32\lsdelete.exe

2010-01-04 21:02 . 2010-01-04 21:02 -------- dc----w- c:\windows\system32\DRVSTORE

2010-01-04 21:02 . 2009-01-18 21:30 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-01-04 20:54 . 2010-01-04 20:54 -------- dc-h--w- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}

2010-01-04 20:54 . 2010-01-04 21:02 -------- d-----w- c:\programdata\Lavasoft

2010-01-04 20:54 . 2010-01-04 20:54 -------- d-----w- c:\program files\Lavasoft

2010-01-04 20:53 . 2010-01-04 20:53 94643 ----a-w- c:\windows\system32\drivers\klick.dat

2010-01-04 20:53 . 2010-01-04 20:53 105395 ----a-w- c:\windows\system32\drivers\klin.dat

2010-01-04 20:52 . 2010-01-05 10:48 -------- d-----w- c:\programdata\Kaspersky Lab

2010-01-04 20:52 . 2010-01-04 20:52 -------- d-----w- c:\program files\Kaspersky Lab

2010-01-04 20:51 . 2010-01-04 20:51 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files

2010-01-04 20:39 . 2009-03-24 15:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-01-04 20:35 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-04 20:35 . 2010-01-04 20:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-01-04 20:35 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-04 20:31 . 2010-01-05 05:17 -------- d-----w- c:\program files\a-squared Anti-Malware

2010-01-02 10:56 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll

2010-01-02 00:58 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll

2010-01-02 00:58 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll

2009-12-31 09:49 . 2010-01-05 10:47 899 ----a-w- c:\windows\system32\krl32mainweq.dll

2009-12-25 17:18 . 2010-01-01 17:01 -------- d-----w- c:\users\Public

2009-12-23 21:55 . 2009-12-23 21:55 -------- d-----w- c:\programdata\vsosdk

2009-12-23 20:18 . 2009-12-24 09:18 -------- d-----w- c:\users\sophie\AppData\Roaming\Vso

2009-12-23 20:18 . 2009-12-23 20:18 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys

2009-12-23 20:18 . 2009-09-02 20:58 65602 ----a-w- c:\windows\system32\cook3260.dll

2009-12-23 20:18 . 2009-09-02 20:58 217127 ----a-w- c:\windows\system32\drv43260.dll

2009-12-23 20:18 . 2009-09-02 20:58 208935 ----a-w- c:\windows\system32\drv33260.dll

2009-12-23 20:18 . 2009-09-02 20:58 176165 ----a-w- c:\windows\system32\drv23260.dll

2009-12-23 20:18 . 2009-09-02 20:58 102439 ----a-w- c:\windows\system32\sipr3260.dll

2009-12-23 20:18 . 2009-12-24 09:18 -------- d-----w- c:\program files\VSO

2009-12-19 12:57 . 2009-12-19 12:57 -------- d-----w- c:\program files\Windows Live SkyDrive

2009-12-19 12:47 . 2009-12-19 12:47 -------- d-----w- c:\program files\Windows Installer Clean Up

2009-12-10 09:03 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll

2009-12-10 09:03 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys

2009-12-10 09:03 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll

2009-12-09 09:25 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-05 11:33 . 2009-01-12 14:31 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2010-01-05 11:25 . 2006-11-02 15:48 668580 ----a-w- c:\windows\system32\perfh00C.dat

2010-01-05 11:25 . 2006-11-02 15:48 122972 ----a-w- c:\windows\system32\perfc00C.dat

2010-01-05 11:02 . 2010-01-05 10:46 7076 --sha-w- c:\windows\system32\drivers\fidbox.idx

2010-01-01 23:31 . 2009-04-15 22:50 -------- d-----w- c:\program files\a-squared Free

2010-01-01 08:38 . 2009-03-02 19:49 1 ----a-w- c:\users\sophie\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2009-12-25 20:29 . 2009-12-25 20:29 653560 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2009-12-24 09:18 . 2009-12-23 20:18 47360 ----a-w- c:\users\sophie\AppData\Roaming\pcouffin.sys

2009-12-24 09:18 . 2009-12-23 20:18 47360 ----a-w- c:\users\sophie\AppData\Roaming\pcouffin.sys

2009-12-23 14:22 . 2008-03-19 16:21 -------- d-----w- c:\program files\Google

2009-12-19 13:11 . 2008-03-19 17:49 -------- d-----w- c:\programdata\WLInstaller

2009-12-19 12:58 . 2008-03-19 17:49 -------- d-----w- c:\program files\Windows Live

2009-12-19 12:47 . 2009-12-19 12:47 3584 ----a-r- c:\users\sophie\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe

2009-12-19 12:47 . 2009-03-14 21:14 -------- d-----w- c:\program files\MSECACHE

2009-12-16 15:05 . 2009-12-22 19:34 471040 ----a-w- c:\users\sophie\AppData\Roaming\Mozilla\Firefox\Profiles\zqha39ch.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll

2009-12-16 15:05 . 2009-12-22 19:34 347136 ----a-w- c:\users\sophie\AppData\Roaming\Mozilla\Firefox\Profiles\zqha39ch.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll

2009-12-16 15:05 . 2009-12-22 19:34 340992 ----a-w- c:\users\sophie\AppData\Roaming\Mozilla\Firefox\Profiles\zqha39ch.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll

2009-12-16 15:05 . 2009-12-22 19:34 43008 ----a-w- c:\users\sophie\AppData\Roaming\Mozilla\Firefox\Profiles\zqha39ch.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll

2009-12-16 15:05 . 2009-12-22 19:34 1452032 ----a-w- c:\users\sophie\AppData\Roaming\Mozilla\Firefox\Profiles\zqha39ch.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

2009-12-12 18:12 . 2009-12-12 18:12 86576 ----a-w- c:\users\sophie\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe

2009-12-12 18:12 . 2009-12-12 18:12 392728 ----a-w- c:\users\sophie\AppData\Roaming\Microsoft\Services Windows Live\Services Windows Live.dll

2009-12-12 18:12 . 2009-12-12 18:12 135680 ----a-w- c:\users\sophie\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe

2009-12-12 18:12 . 2009-12-12 18:12 132672 ----a-w- c:\users\sophie\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe

2009-12-10 09:20 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2009-11-28 10:53 . 2009-11-28 10:53 -------- d-----w- c:\program files\Microsoft

2009-11-21 06:40 . 2009-12-09 09:27 916480 ----a-w- c:\windows\system32\wininet.dll

2009-11-21 06:34 . 2009-12-09 09:27 109056 ----a-w- c:\windows\system32\iesysprep.dll

2009-11-21 06:34 . 2009-12-09 09:27 71680 ----a-w- c:\windows\system32\iesetup.dll

2009-11-21 04:59 . 2009-12-09 09:27 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2009-11-18 14:26 . 2009-11-18 14:26 -------- d-----w- c:\program files\Windows Portable Devices

2009-11-18 14:26 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat

2009-11-18 14:26 . 2009-11-18 14:26 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf

2009-11-18 14:25 . 2009-11-18 14:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf

2009-11-02 19:42 . 2009-10-03 13:17 195456 ------w- c:\windows\system32\MpSigStub.exe

2009-10-29 09:17 . 2009-11-26 12:43 2048 ----a-w- c:\windows\system32\tzres.dll

2009-10-08 21:08 . 2009-11-18 14:07 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll

2009-10-08 21:08 . 2009-11-18 14:07 234496 ----a-w- c:\windows\system32\oleacc.dll

2009-10-08 21:07 . 2009-11-18 14:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]

"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]

"a-squared"="c:\program files\a-squared Anti-Malware\a2guard.exe" [2010-01-02 3280712]

"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-18 506712]

 

c:\users\sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

is-FCMU0.lnk - c:\users\sophie\Desktop\Virus Removal Tool\is-FCMU0\startup.exe [2010-1-5 65536]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\eNetHook.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(b):D1,cd,63,34,81,01,ca,01

 

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [15/12/2008 20:41 33808]

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [04/01/2010 22:02 64160]

R1 is-FCMU0drv;is-FCMU0drv;c:\windows\System32\drivers\35028542.sys [05/01/2010 03:22 148496]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [15/05/2009 18:50 21008]

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [03/12/2007 15:51 13560]

R2 a2AntiMalware;a-squared Anti-Malware Service;c:\program files\a-squared Anti-Malware\a2service.exe [04/01/2010 21:31 1858144]

R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [15/04/2009 23:50 1858144]

R2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [31/07/2007 10:58 50688]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 22:34 921936]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [31/07/2007 17:18 179712]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\System32\drivers\klmouflt.sys [16/05/2009 20:59 19472]

S2 AntiVirUpgradeService;Avira Upgrade Service; [x]

S2 gupdate1c99461e1b8a1d0;Service Google Update (gupdate1c99461e1b8a1d0);c:\program files\Google\Update\GoogleUpdate.exe [21/02/2009 21:20 133104]

S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [20/02/2009 21:36 21504]

S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [20/02/2009 19:23 28224]

S4 ASKService;ASKService; [x]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contenu du dossier 'Tâches planifiées'

 

2010-01-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 21:34]

 

2010-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-21 20:20]

 

2010-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-21 20:20]

 

2010-01-05 c:\windows\Tasks\User_Feed_Synchronization-{5F2935FD-E9A4-4EF5-B17D-7180B84D70EE}.job

- c:\windows\system32\msfeedssync.exe [2009-12-09 04:59]

.

.

------- Examen supplémentaire -------

.

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mStart Page = hxxp://fr.fr.acer.yahoo.com

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\sophie\AppData\Roaming\Mozilla\Firefox\Profiles\zqha39ch.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://www.orange.fr/

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?mkt=fr-FR&form=MIMWA5&q=

FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - component: c:\users\sophie\AppData\Roaming\Mozilla\Firefox\Profiles\zqha39ch.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll

FF - component: c:\users\sophie\AppData\Roaming\Mozilla\Firefox\Profiles\zqha39ch.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

- - - - ORPHELINS SUPPRIMES - - - -

 

URLSearchHooks-{814C76CB-2623-43F4-AAD0-58A0E5190A20} - (no file)

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)

ShellExecuteHooks-{88485281-8b4b-4f8d-9ede-82e29a064277} - c:\progra~1\MarkAny\CONTEN~1\MACSMA~1.DLL

AddRemove-Lame MP3 Codec (for the ACM) - c:\windows\IFinst26.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-05 12:30

Windows 6.0.6002 Service Pack 2 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]

"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_USERS\S-1-5-21-678609302-3588580209-2036183475-1000\Software\Microsoft\Internet Explorer\Default MHTML Editor\shell]

@DACL=(02 0000)

 

[HKEY_USERS\S-1-5-21-678609302-3588580209-2036183475-1000\Software\Microsoft\MediaPlayer\Preferences\{8cab70ed-a1ad-11dc-afd1-806e6f6e6963}]

@DACL=(02 0000)

 

[HKEY_USERS\S-1-5-21-678609302-3588580209-2036183475-1000\Software\Microsoft\Office\12.0\Common\Internet\Server Cache]

@DACL=(02 0000)

"Count"=dword:00000002

 

[HKEY_USERS\S-1-5-21-678609302-3588580209-2036183475-1000\Software\ODBC\ODBC.INI\dBASE Files\Engines]

@DACL=(02 0000)

 

[HKEY_USERS\S-1-5-21-678609302-3588580209-2036183475-1000\Software\ODBC\ODBC.INI\Excel Files\Engines]

@DACL=(02 0000)

 

[HKEY_USERS\S-1-5-21-678609302-3588580209-2036183475-1000\Software\ODBC\ODBC.INI\MS Access Database\Engines]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Classes\.pps\OpenWithProgIDs]

@DACL=(02 0000)

"OpenOffice.org.Pps"=""

 

[HKEY_LOCAL_MACHINE\software\Classes\.pps\PersistentHandler]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Classes\.ppt\OpenWithProgIDs]

@DACL=(02 0000)

"OpenOffice.org.Ppt"=""

 

[HKEY_LOCAL_MACHINE\software\Classes\.sdp\OpenWithProgIDs]

@DACL=(02 0000)

"opendocument.ImpressDocument.1"=""

 

[HKEY_LOCAL_MACHINE\software\Classes\.shtml\PersistentHandler]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Classes\AcroExch.Document\Shell]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Classes\Applications\WINWORD.EXE\TaskbarExceptionsIcons]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Classes\CID.Local\7b6aa36b-70a0-41d8-a4b9-2060d74e6974\Clsid]

@DACL=(02 0000)

@="6e7120c0-ac8f-11ce-ad01-00aa0051e4a1"

 

[HKEY_LOCAL_MACHINE\software\Classes\CID.Local\7b6aa36b-70a0-41d8-a4b9-2060d74e6974\CustomProperties]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Classes\CID.Local\7b6aa36b-70a0-41d8-a4b9-2060d74e6974\Description]

@DACL=(02 0000)

@="MSDTCUIS"

 

[HKEY_LOCAL_MACHINE\software\Classes\CID.Local\7b6aa36b-70a0-41d8-a4b9-2060d74e6974\Endpoint]

@DACL=(02 0000)

@=""

 

[HKEY_LOCAL_MACHINE\software\Classes\CID.Local\7b6aa36b-70a0-41d8-a4b9-2060d74e6974\Host]

@DACL=(02 0000)

@=""

 

[HKEY_LOCAL_MACHINE\software\Classes\CID.Local\7b6aa36b-70a0-41d8-a4b9-2060d74e6974\Protocol]

@DACL=(02 0000)

@=""

 

[HKEY_LOCAL_MACHINE\software\Classes\CID.Local\7b6aa36b-70a0-41d8-a4b9-2060d74e6974\Svcid]

@DACL=(02 0000)

@="ced2de40-bff6-11ce-9de8-00aa00a3f464"

 

[HKEY_LOCAL_MACHINE\software\Classes\CID.Local\fa40e5b9-c3cd-405e-ad87-5700da946513\Clsid]

@DACL=(02 0000)

@="4364f170-81a9-11ce-9c32-00aa0051e517"

 

[HKEY_LOCAL_MACHINE\software\Classes\CID.Local\fa40e5b9-c3cd-405e-ad87-5700da946513\CustomProperties]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Classes\CID.Local\fa40e5b9-c3cd-405e-ad87-5700da946513\Description]

@DACL=(02 0000)

@="MSDTC"

 

[HKEY_LOCAL_MACHINE\software\Classes\CID.Local\fa40e5b9-c3cd-405e-ad87-5700da946513\Endpoint]

@DACL=(02 0000)

@=""

 

[HKEY_LOCAL_MACHINE\software\Classes\CID.Local\fa40e5b9-c3cd-405e-ad87-5700da946513\Host]

@DACL=(02 0000)

@=""

 

[HKEY_LOCAL_MACHINE\software\Classes\CID.Local\fa40e5b9-c3cd-405e-ad87-5700da946513\Protocol]

@DACL=(02 0000)

@=""

 

[HKEY_LOCAL_MACHINE\software\Classes\CID.Local\fa40e5b9-c3cd-405e-ad87-5700da946513\Svcid]

@DACL=(02 0000)

@="488091f0-bff6-11ce-9de8-00aa00a3f464"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1C5221CB-C1F6-4999-8936-501C2023E4CD}\InprocServer32]

@DACL=(02 0000)

@=expand:"c:\\Windows\\System32\\fdBth.dll"

"ThreadingModel"="Free"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8066FB71-AFA1-343E-8070-44AB4F3F85C9}\InprocServer32]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{91ADC906-6722-4B05-A12B-471ADDCCE132}\InprocServer32]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{91ADC906-6722-4B05-A12B-471ADDCCE132}\ProgID]

@DACL=(02 0000)

@="Touchx.TouchBand.1"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{91ADC906-6722-4B05-A12B-471ADDCCE132}\TypeLib]

@DACL=(02 0000)

@="{CED735EE-2A19-4EB5-AA0C-8BFA8F775144}"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{91ADC906-6722-4B05-A12B-471ADDCCE132}\VersionIndependentProgID]

@DACL=(02 0000)

@="Touchx.TouchBand"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9DB6C03C-C511-11D2-A9AE-00C04F72DAEB}\LocalServer32]

@DACL=(02 0000)

@="c:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WKSCAL.EXE"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9DB6C03C-C511-11D2-A9AE-00C04F72DAEB}\ProgID]

@DACL=(02 0000)

@="MicrosoftWorks.Calendar.5"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9DB6C03C-C511-11D2-A9AE-00C04F72DAEB}\TypeLib]

@DACL=(02 0000)

@="{A26CA515-C2B6-11D2-A9AC-00C04F72DAEB}"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9DB6C03C-C511-11D2-A9AE-00C04F72DAEB}\Version]

@DACL=(02 0000)

@="6.0"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9DB6C03C-C511-11D2-A9AE-00C04F72DAEB}\VersionIndependentProgID]

@DACL=(02 0000)

@="MicrosoftWorks.Calendar"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C5599E1B-FC7B-4883-9FF4-581BBAEF8DBA}\InprocServer32]

@DACL=(02 0000)

@=expand:"c:\\Windows\\System32\\fdBthProxy.dll"

"ThreadingModel"="Both"

 

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{26F518D6-88BB-4B03-B5B3-75147D609C90}\1.0]

@DACL=(02 0000)

@="RTCOMDLL 1.0 Type Library"

 

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{46270ABA-D71B-11DA-8750-001185653D78}\1.0]

@DACL=(02 0000)

@="UserBroker library"

 

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{46295CB8-D71B-11DA-8750-001185653D78}\1.0]

@DACL=(02 0000)

@="UserBroker library"

 

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{4F53678A-A07A-4313-8DA6-8859DE59E6AB}\1.0]

@DACL=(02 0000)

@="DataStore 1.0 Type Library"

 

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{57A0E746-3863-4D20-A811-950C84F1DB9B}\1.0]

@DACL=(02 0000)

@="FlashAccessibility"

 

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{6F74E663-6237-46E5-A403-1FDED57A3845}\1.0]

@DACL=(02 0000)

@="Com_SRS_TruSurroundHD 1.0 Type Library"

 

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{7092F0B2-D28D-4095-95A7-6C37A97432A2}\1.0]

@DACL=(02 0000)

@="MaxxAudioAPODlllib"

 

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{785DCDE4-F5BE-4264-BC16-31EF48229B64}\1.0]

@DACL=(02 0000)

@="COM_SRS_MobileHD 1.0 Type Library"

 

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{910B82D6-3A8A-434E-9EF3-A05DB4852E98}\1.0]

@DACL=(02 0000)

@="RtkPgExt 1.0 Type Library"

 

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{A4D12A38-9927-4066-9DD7-CF695C734B6C}\1.0]

@DACL=(02 0000)

@="COM_SRS_WOWHD 1.0 Type Library"

 

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{AE1250CD-F527-4B55-BE4A-5CC211216C49}\1.0]

@DACL=(02 0000)

@="RtlCPAPI 1.0 Type Library"

 

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{B7DE8AC9-9CAD-4B18-A7CE-42F3362D2B97}\1.0]

@DACL=(02 0000)

@="RtkApoApi 1.0 Type Library"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IE.HKCUZoneInfo\RegBackup]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IE40.UserAgent\RegBackup]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ADDON_MANAGEMENT]

@DACL=(02 0000)

"wmplayer.exe"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HIGH_CONTRAST_BACKGROUND_IMAGES]

@DACL=(02 0000)

"sidebar.exe"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]

@DACL=(02 0000)

"wmplayer.exe"=dword:00000001

"ehExtHost.exe"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME]

@DACL=(02 0000)

"outlook.exe"=dword:00000001

"sidebar.exe"=dword:00000001

"mshta.exe"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL]

@DACL=(02 0000)

"wmplayer.exe"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SECURITYBAND]

@DACL=(02 0000)

"wmplayer.exe"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_UNC_SAVEDFILECHECK]

@DACL=(02 0000)

"wmplayer.exe"=dword:00000001

"ehExtHost.exe"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL]

@DACL=(02 0000)

"wmplayer.exe"=dword:00000001

"ehExtHost.exe"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects]

@DACL=(02 0000)

@="Layout Manager Objects"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Player]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\PlayerUpgrade]

@DACL=(02 0000)

"EnableAutoUpgrade"="no"

"PlayerVersion"="11,0,6002,18111"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Plugins]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Preferences]

@DACL=(02 0000)

"OEMServiceOverride11"=""

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Settings]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Setup]

@DACL=(02 0000)

"Install ID"="{EFCF4460-E083-484B-AE67-2E84D84B9112}"

"ResetAutoPlay"="11,0,6000,6324"

"LibraryMigrated"="yes"

"Progress_MaxDialog"=dword:00000006

"Progress_CurrentInstall"=dword:00000000

"Progress_MaxInstall"=dword:00000001

"Progress_CurrentDialog"=dword:00000000

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimDllExclusionList]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\SmartPlaylist]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{0890F930-4F80-4646-BAB1-4B6E5571FB89}]

@DACL=(02 0000)

"FriendlyName"="res://wmploc.dll/RT_STRING/#1491"

"Capabilities"=dword:00000004

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{1F32514F-1561-4922-A604-8A1F478B5A42}]

@DACL=(02 0000)

"FriendlyName"="res://wmploc.dll/RT_STRING/#1495"

"Capabilities"=dword:00000004

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{52903d79-f993-4de6-8317-20c9c176d823}]

@DACL=(02 0000)

"FriendlyName"="res://wmploc.dll/RT_STRING/#1496"

"Capabilities"=dword:00000004

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{59E7BF52-E5C9-4382-A39A-522DEE9AFDFD}]

@DACL=(02 0000)

"FriendlyName"="res://wmploc.dll/RT_STRING/#1497"

"Capabilities"=dword:00000004

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{5DF031B7-6A37-42D9-8802-E27F4F224332}]

@DACL=(02 0000)

"FriendlyName"="Viz Plug-in"

"Capabilities"=dword:00000003

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{5F4BB5C9-4652-489B-8601-EEC0C3C32E2E}]

@DACL=(02 0000)

"FriendlyName"="res://wmploc.dll/RT_STRING/#1494"

"Capabilities"=dword:00000004

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{7F2B1D6B-1357-402C-A1C8-67E59583B41D}]

@DACL=(02 0000)

"FriendlyName"="Captions plugin name"

"Description"="Captions plugin description"

"Capabilities"=dword:000000f0

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{93075F62-16B3-43EC-A53B-FFAD0E01D5E7}]

@DACL=(02 0000)

"FriendlyName"="res://wmploc.dll/RT_STRING/#209"

"Capabilities"=dword:00000003

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{9695AEF9-9D03-4671-8F2F-FF49D1BB01C4}]

@DACL=(02 0000)

"FriendlyName"="res://wmploc.dll/RT_STRING/#1407"

"Description"="Media Information description"

"Capabilities"=dword:00000005

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{976ABECA-93F7-4d81-9187-2A6137829675}]

@DACL=(02 0000)

"FriendlyName"="res://wmploc.dll/RT_STRING/#1490"

"Capabilities"=dword:00000004

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{99DB05E3-F81E-4C8A-A252-F396306AB6FE}]

@DACL=(02 0000)

"FriendlyName"="Banner plugin name"

"Description"="Banner plugin description"

"Capabilities"=dword:000000f0

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{9F9562EB-15B6-46C6-A7CB-0A66FC65130E}]

@DACL=(02 0000)

"FriendlyName"="res://wmploc.dll/RT_STRING/#1493"

"Capabilities"=dword:00000004

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{9FA014E3-076F-4865-A73C-117131B8E292}]

@DACL=(02 0000)

"FriendlyName"="res://wmploc.dll/RT_STRING/#1492"

"Capabilities"=dword:00000004

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{D5E49195-ED19-40fb-9EE0-E6625A808B77}]

@DACL=(02 0000)

"FriendlyName"="Video Plug-in"

"Capabilities"=dword:00000003

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{E641D09E-E500-4c09-8260-F1CD7B902E9C}]

@DACL=(02 0000)

"FriendlyName"="WM View plugin name"

"Description"="WM View plugin description"

"Capabilities"=dword:000000f0

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{F24A1BC2-2331-4B91-8A13-5A549DA56E9D}]

@DACL=(02 0000)

"FriendlyName"="Border Plug-in"

"Capabilities"=dword:00000003

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{FD981763-B6BB-4d51-9143-6D372A0ED56F}]

@DACL=(02 0000)

"FriendlyName"="res://wmploc.dll/RT_STRING/#5822"

"Description"="res://wmploc.dll/RT_STRING/#5823"

"Capabilities"=dword:00000003

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Search\Gather\Windows\SystemIndex\Extensions]

@DACL=(02 0000)

"IncludedExtensions"=dword:00000000

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Search\Gather\Windows\SystemIndex\Mappings]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Search\Gather\Windows\SystemIndex\Protocols]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Search\Gather\Windows\SystemIndex\Sites]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages]

@DACL=(02 0000)

"NewStartPageIdentifier"=dword:00000002

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Search\Gather\Windows\SystemIndex\StreamLog]

@DACL=(02 0000)

"CurrentStreamLog"=dword:00000079

"MaxLogs"=dword:00000005

"StreamLogCount"=dword:00000005

 

[HKEY_LOCAL_MACHINE\software\SUYIN\Acer Crystal Eye webcam]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Waves Audio\MaxxAudio]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Answer]

@DACL=(02 0000)

"1"="ATA<cr>"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\ATPUD]

@DACL=(02 0000)

"ATPUD"=hex:02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Blst]

@DACL=(02 0000)

"FLAG"=hex:00,00,00,00

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Clients]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\CSD]

@DACL=(02 0000)

"EnableKmixer"=hex:01,00,00,00

"KMixerDataInitialDelay"=hex:0d,00,00,00

"KMixerSpkpInitialDelay"=hex:0c,00,00,00

"MaxSampleValue"=hex:e8,03,00,00

"UnMuteTimerDuration"=hex:d0,07,00,00

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\DspInfo]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\EnableCallerID]

@DACL=(02 0000)

"1"="at+vcid=1<cr>"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Fax]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Hangup]

@DACL=(02 0000)

"1"="ATH<cr>"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Init]

@DACL=(02 0000)

"1"="AT<cr>"

"2"="AT&FE0V1S0=0&C1&D2+MR=2;+DR=1;+ER=1;W2<cr>"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Monitor]

@DACL=(02 0000)

"1"="ATS0=0<cr>"

"2"="None"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\OEM]

@DACL=(02 0000)

"SREGS"=hex:00,00,2b,0d,0a,08,04,32,02,06,0e,5f,32,ff,8a,00,00,00,00,00,00,34,

77,37,00,05,01,49,00,00,00,06,11,13,ff,ff,07,00,14,03,00,05

"AT+MS"=hex:5c,00,00,00,01,00,00,00,4b,00,00,00,80,bb,00,00,4b,00,00,00,c0,da,

00,00

"TONEPARAMS"=hex:4c,04,14,00,0a,00,00,00,cc,ff,cc,ff,04,00,00,00,2c,01,00,00,

2c,01,00,00,34,08,28,00,0a,00,00,00,cc,ff,cc,ff,0e,00,00,00,32,00,00,00,32,\

"CONSTTONEPARAMS"=hex:b1,08,3c,00,0a,00,00,00,cc,ff,cc,ff,02,00,00,00,32,00,00,

00,32,00,00,00,34,08,32,00,32,00,00,00,cc,ff,cc,ff,03,00,00,00,64,00,00,00,\

"V25TER"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,

00,00,00,00,00,00,00,00,01,00,00,00,01,00,00,00,c1,00,00,00,00,00,00,00,22,\

"SPKR_MUTE_DELAY"=hex:20,03

"OFF_HOOK_CONVERGENCE_DURATION"=hex:c8,00

"AT_MISC_DEF"=hex:02,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00

"VOLUME_AMPLIFICATION_PARMS"=hex:00,00,00,00,fa,ff,ff,ff,18,00,00,00

"CADENCE"=hex:01,2c,01,00,00,ee,02,00,00,d0,07,00,00,80,0c,00,00,00,00,00,00,

00,00,00,00,00,00,00,00,00,00,00,00,03,00,00,00,2c,01,00,00

"PROPERTIES"=hex:ff,ff,ff,ff

"MOD_THRESHOLD"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

"CSA_FLAGS"=hex:00,00,00,00

"SmartDAAParams"=hex:90,1a,00,00,39,03,00,00,18,00,00,00,32,02,00,00,4a,01,00,

00,96,00,00,00,4a,01,00,00,d0,07,00,00,03,0c,03,03,0a,0a,14,1d,1e,0a,0e,13,\

"SmartDAAParamsK3"=hex:90,1a,00,00,39,03,00,00,18,00,00,00,32,02,00,00,4a,01,

00,00,96,00,00,00,4a,01,00,00,d0,07,00,00,03,0c,03,03,0a,0a,14,1d,1e,0a,0e,\

"SmartDAAParamsHal"=hex:90,1a,00,00,39,03,00,00,18,00,00,00,32,02,00,00,4a,01,

00,00,96,00,00,00,4a,01,00,00,d0,07,00,00,03,0c,03,03,06,08,12,16,1e,06,0c,\

"DTMF_COMP_LEVEL"=hex:17,00,00,00,15,00,00,00,14,00,00,00,12,00,00,00,0b,00,00,

00,08,00,00,00,04,00,00,00,00,00,00,00

"DLG_PARAMS"=hex:01,00,00,00,00

"HANDSET_PARAMS"=hex:00,00,ff,ff,ff

"WOR"=hex:00,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,

ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff

"DC_CALC_PARAMS"=hex:2c,01,00,00,00,04,00,00,00,00,00,00

"CPU_FREQ_CHANGE"=hex:00,00,00,00,00,00,00,00

"CPU_FREQ_CHANGE_REVB"=hex:00,00,00,00,00,00,00,00

"FAX_PRE_LOAD_DELAY"=hex:08,00,00,00

"SOFT_RING_PARAMS"=hex:00,00,b9,0b,b8,0b,00,00,49,71,48,71,01,00,d8,59,a0,0f,

00,00,30,75,b8,0b

"HwData"=hex:00,10,00,30,01,80,11,00

"FLAGS"=hex:02,07,00,08,08,00,00,00

"DAAType"=hex:01

"CONTROLLER_THREAD_TIMER_RESOLUTION_EC_CONNECTED"=hex:0a

"JCID_RING"=hex:32,00,00,00

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Profile]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Region]

@DACL=(02 0000)

"Current"=hex:3d,00

"Previous"=hex:3d,00

"COPY_CTY"=hex:00,00,00,00

"RegionList"=hex:ff,fe,7f,fe,ff,ff,ff,7f,fb,fb,ff,df,ff,ff,ff,ff,ff,ff,dd,ff,

ff,ff,ff,ff,be,ff,ff,ff,ff,fd,bf,5f

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\SdkCapable]

@DACL=(02 0000)

"Type"=hex:00

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Settings]

@DACL=(02 0000)

"Prefix"="AT"

"Terminator"="<cr>"

"DialPrefix"="D"

"DialSuffix"=";"

"SpeakerVolume_Low"="L1"

"SpeakerVolume_Med"="L2"

"SpeakerVolume_High"="L3"

"SpeakerMode_Off"="M0"

"SpeakerMode_Dial"="M1"

"SpeakerMode_On"="M2"

"SpeakerMode_Setup"="M3"

"FlowControl_Off"="+IFC=0,0;"

"FlowControl_Hard"="+IFC=2,2;"

"FlowControl_Soft"="+IFC=1,1;"

"Pulse"="P"

"Tone"="T"

"Blind_Off"="X4"

"Blind_On"="X3"

"CallSetupFailTimer"="S7=<#>"

"ErrorControl_On"="+ES=3,0,2;"

"ErrorControl_Off"="+ES=1,0,1;"

"ErrorControl_Forced"="+ES=3,2,4;"

"Compression_On"="+DS=3;+DS44=3;"

"Compression_Off"="+DS=0;+DS44=0;"

"InactivityTimeout"="S30=<#>"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\V92]

@DACL=(02 0000)

"QC_CONF"=hex:01,01,01,01

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Answer]

@DACL=(02 0000)

"1"="ATA<cr>"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\ATPUD]

@DACL=(02 0000)

"ATPUD"=hex:02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Blst]

@DACL=(02 0000)

"FLAG"=hex:00,00,00,00

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Clients]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\CSD]

@DACL=(02 0000)

"EnableKmixer"=hex:01,00,00,00

"KMixerDataInitialDelay"=hex:0d,00,00,00

"KMixerSpkpInitialDelay"=hex:0c,00,00,00

"MaxSampleValue"=hex:e8,03,00,00

"UnMuteTimerDuration"=hex:d0,07,00,00

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\DspInfo]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\EnableCallerID]

@DACL=(02 0000)

"1"="at+vcid=1<cr>"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Fax]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Hangup]

@DACL=(02 0000)

"1"="ATH<cr>"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Init]

@DACL=(02 0000)

"1"="AT<cr>"

"2"="AT&FE0V1S0=0&C1&D2+MR=2;+DR=1;+ER=1;W2<cr>"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Monitor]

@DACL=(02 0000)

"1"="ATS0=0<cr>"

"2"="None"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\OEM]

@DACL=(02 0000)

"SREGS"=hex:00,00,2b,0d,0a,08,04,32,02,06,0e,5f,32,ff,8a,00,00,00,00,00,00,34,

77,37,00,05,01,49,00,00,00,06,11,13,ff,ff,07,00,14,03,00,05

"AT+MS"=hex:5c,00,00,00,01,00,00,00,4b,00,00,00,80,bb,00,00,4b,00,00,00,c0,da,

00,00

"TONEPARAMS"=hex:4c,04,14,00,0a,00,00,00,cc,ff,cc,ff,04,00,00,00,2c,01,00,00,

2c,01,00,00,34,08,28,00,0a,00,00,00,cc,ff,cc,ff,0e,00,00,00,32,00,00,00,32,\

"CONSTTONEPARAMS"=hex:b1,08,3c,00,0a,00,00,00,cc,ff,cc,ff,02,00,00,00,32,00,00,

00,32,00,00,00,34,08,32,00,32,00,00,00,cc,ff,cc,ff,03,00,00,00,64,00,00,00,\

"V25TER"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,

00,00,00,00,00,00,00,00,01,00,00,00,01,00,00,00,c1,00,00,00,00,00,00,00,22,\

"FLAGS"=hex:02,07,00,08,08,00,00,00

"SPKR_MUTE_DELAY"=hex:20,03

"OFF_HOOK_CONVERGENCE_DURATION"=hex:c8,00

"AT_MISC_DEF"=hex:02,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00

"VOLUME_AMPLIFICATION_PARMS"=hex:00,00,00,00,fa,ff,ff,ff,18,00,00,00

"CADENCE"=hex:01,2c,01,00,00,ee,02,00,00,d0,07,00,00,80,0c,00,00,00,00,00,00,

00,00,00,00,00,00,00,00,00,00,00,00,03,00,00,00,2c,01,00,00

"PROPERTIES"=hex:ff,ff,ff,ff

"MOD_THRESHOLD"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

"CSA_FLAGS"=hex:00,00,00,00

"DAAType"=hex:01

"SmartDAAParams"=hex:90,1a,00,00,39,03,00,00,18,00,00,00,32,02,00,00,4a,01,00,

00,96,00,00,00,4a,01,00,00,d0,07,00,00,03,0c,03,03,0a,0a,14,1d,1e,0a,0e,13,\

"SmartDAAParamsK3"=hex:90,1a,00,00,39,03,00,00,18,00,00,00,32,02,00,00,4a,01,

00,00,96,00,00,00,4a,01,00,00,d0,07,00,00,03,0c,03,03,0a,0a,14,1d,1e,0a,0e,\

"SmartDAAParamsHal"=hex:90,1a,00,00,39,03,00,00,18,00,00,00,32,02,00,00,4a,01,

00,00,96,00,00,00,4a,01,00,00,d0,07,00,00,03,0c,03,03,06,08,12,16,1e,06,0c,\

"DTMF_COMP_LEVEL"=hex:17,00,00,00,15,00,00,00,14,00,00,00,12,00,00,00,0b,00,00,

00,08,00,00,00,04,00,00,00,00,00,00,00

"HwData"=hex:00,10,00,30,01,80,11,00

"DLG_PARAMS"=hex:01,00,00,00,00

"HANDSET_PARAMS"=hex:00,00,ff,ff,ff

"WOR"=hex:00,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,

ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff

"DC_CALC_PARAMS"=hex:2c,01,00,00,00,04,00,00,00,00,00,00

"CPU_FREQ_CHANGE"=hex:00,00,00,00,00,00,00,00

"CPU_FREQ_CHANGE_REVB"=hex:00,00,00,00,00,00,00,00

"FAX_PRE_LOAD_DELAY"=hex:08,00,00,00

"CONTROLLER_THREAD_TIMER_RESOLUTION_EC_CONNECTED"=hex:0a

"SOFT_RING_PARAMS"=hex:00,00,b9,0b,b8,0b,00,00,49,71,48,71,01,00,d8,59,a0,0f,

00,00,30,75,b8,0b

"JCID_RING"=hex:32,00,00,00

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Profile]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Region]

@DACL=(02 0000)

"Current"=hex:3d,00

"Previous"=hex:3d,00

"COPY_CTY"=hex:00,00,00,00

"RegionList"=hex:ff,fe,7f,fe,ff,ff,ff,7f,fb,fb,ff,df,ff,ff,ff,ff,ff,ff,dd,ff,

ff,ff,ff,ff,be,ff,ff,ff,ff,fd,bf,5f

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\SdkCapable]

@DACL=(02 0000)

"Type"=hex:00

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Settings]

@DACL=(02 0000)

"Prefix"="AT"

"Terminator"="<cr>"

"DialPrefix"="D"

"DialSuffix"=";"

"SpeakerVolume_Low"="L1"

"SpeakerVolume_Med"="L2"

"SpeakerVolume_High"="L3"

"SpeakerMode_Off"="M0"

"SpeakerMode_Dial"="M1"

"SpeakerMode_On"="M2"

"SpeakerMode_Setup"="M3"

"FlowControl_Off"="+IFC=0,0;"

"FlowControl_Hard"="+IFC=2,2;"

"FlowControl_Soft"="+IFC=1,1;"

"Pulse"="P"

"Tone"="T"

"Blind_Off"="X4"

"Blind_On"="X3"

"CallSetupFailTimer"="S7=<#>"

"ErrorControl_On"="+ES=3,0,2;"

"ErrorControl_Off"="+ES=1,0,1;"

"ErrorControl_Forced"="+ES=3,2,4;"

"Compression_On"="+DS=3;+DS44=3;"

"Compression_Off"="+DS=0;+DS44=0;"

"InactivityTimeout"="S30=<#>"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\V92]

@DACL=(02 0000)

"QC_CONF"=hex:01,01,01,01

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\WMI\Autologger\ReadyBoot\{a319d300-015c-48be-acdb-47746e154751}]

@DACL=(02 0000)

"Enabled"=dword:00000001

"Status"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\WMI\Autologger\ReadyBoot\{b6eff605-4b16-437a-9958-543f05a4f40d}]

@DACL=(02 0000)

"EnableLevel"=dword:00000000

"Enabled"=dword:00000001

"EnableFlags"=dword:00000000

"Status"=dword:00000000

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\system32\conime.exe

c:\acer\Empowering Technology\eLock\Service\eLockServ.exe

c:\acer\Empowering Technology\eNet\eNet Service.exe

c:\progra~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\acer\Mobility Center\MobilityService.exe

c:\windows\system32\msiexec.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\windows\system32\DRIVERS\xaudio.exe

c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe

c:\acer\Empowering Technology\eSettings\Service\capuserv.exe

c:\acer\Empowering Technology\ePower\ePowerSvc.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\ehome\ehmsas.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\Spybot - Search & Destroy\SpybotSD.exe

c:\windows\servicing\TrustedInstaller.exe

.

**************************************************************************

.

Heure de fin: 2010-01-05 12:39:16 - La machine a redémarré

ComboFix-quarantined-files.txt 2010-01-05 11:39

 

Avant-CF: 14 624 272 384 octets libres

Après-CF: 14 531 358 720 octets libres

 

- - End Of File - - 9BEE5B6083149675B45C1AD641BD25D3

 

 

 

 

 

Merci d'avance !!!!

Thanos Devil Member !

Thanos

Posté(e)
Posté(e) (modifié)

salut :P

 

Continue comme ceci car il y a des restes >>

 

Branche tous les supports amovibles que tu possèdes avant de faire ce scan (clé usb/disque dur externe etc)

  • Double clique sur le raccourci Malwarebytes' Anti-Malware.exe (sur le Bureau) pour lancer le programme.
  • Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  • Sélectionne "Exécuter un examen complêt"
  • Clique sur "Rechercher"
  • L'analyse démarre, le scan est relativement long, c'est normal.
  • A la fin de l'analyse, un message s'affiche :
    L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.
    Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
    Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

Modifié par Thanos
Forester Full Patch Member

Forester

Posté(e)
  • Auteur
Posté(e)

Voici le rapport de MBAM :

 

Malwarebytes' Anti-Malware 1.43

Version de la base de données: 3458

Windows 6.0.6002 Service Pack 2 (Safe Mode)

Internet Explorer 8.0.6001.18865

 

05/01/2010 18:48:31

mbam-log-2010-01-05 (18-48-31).txt

 

Type de recherche: Examen complet (C:\|D:\|E:\|G:\|)

Eléments examinés: 244556

Temps écoulé: 47 minute(s), 38 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 0

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

(Aucun élément nuisible détecté)

 

 

 

Note : j'ai fait un premier scan qui avait détecté deux nuisibles (dont un DNS modifier ou quelque chose comme ça) mais bizarrement Malwares a du fermé au moment de la suppression suite à une erreur...ce rapport est celui du second scan en mode sans échec, apparemment rien d'anormal !

Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

re Forester/sangoku!

 

Ok pour le scan MBAM. Pour terminer poste moi ce rapport pour voir si tout est bon >>

 

Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

  • Double-clique sur RSIT.exe afin de lancer RSIT.
  • Clique Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
    ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
  • Si tu ne vois pas ces deux rapports, tu les trouveras dans le dossier C:\rsit

Passe par le Menu Démarrer > Exécuter ( pour cela utilise la combinaison de touches [Touche Windows]+[R]) > et copie/colle ceci >

 

ComboFix /uninstall (il ya un espace entre x et / si tu recopies la commande manuellement)

 

Une fenêtre va s'ouvrir et ComboFix sera désinstallé de ton pc.

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...