GROS SOUCIS AVEC IDD.TMP
Dernière réponse : dans Sécurité
Bonjour ca fait une semaine que je poste des messages sur ce forum pour faire part de mon gros soucis avec ce foutu virus italien idd.tmp
Quelqu'un pourrait 'il m'aider silvous plait. Jen ai trop marre
Je vous remerci d'avance.
Quelqu'un pourrait 'il m'aider silvous plait. Jen ai trop marre
Je vous remerci d'avance.
Autres pages sur : gros soucis idd tmp
Lassé par la pub ? Créez un compte
Bonjour,
Merci de mettre ton titre en miniscules.
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
Double-clique VundoFix.exe afin de le lancer
Clique sur le bouton Scan for Vundo
Lorsque le scan est complété, clique sur le bouton Remove Vundo
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
Merci de mettre ton titre en miniscules.
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
Cher Angel Dark, je tien tout d'abord à te remericer de t'être pencher sur mon cas.
Ensuite j'avais déja effectué un virus avec vundo et du coup il ne me détecte rien.
Je te poste donc seulement mon rapport Hikack en espérant que cela suffise à résoudre mon soucis.
Merci beaucoup
Logfile of HijackThis v1.99.1
Scan saved at 00:59:58, on 28/11/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ishost.exe
C:\WINDOWS\System32\ismini.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\f@b\Bureau\VundoFix.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\f@b\Bureau\HijackThis.exe
O2 - BHO: (no name) - {CFE9E8A8-38C0-4EF8-AEC2-5035EFE81030} - C:\WINDOWS\system32\byxuuvs.dll
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\System32\fsbxravd.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O20 - Winlogon Notify: byxuuvs - C:\WINDOWS\SYSTEM32\byxuuvs.dll
O20 - Winlogon Notify: windph32 - C:\WINDOWS\SYSTEM32\windph32.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Ensuite j'avais déja effectué un virus avec vundo et du coup il ne me détecte rien.
Je te poste donc seulement mon rapport Hikack en espérant que cela suffise à résoudre mon soucis.
Merci beaucoup
Logfile of HijackThis v1.99.1
Scan saved at 00:59:58, on 28/11/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ishost.exe
C:\WINDOWS\System32\ismini.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\f@b\Bureau\VundoFix.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\f@b\Bureau\HijackThis.exe
O2 - BHO: (no name) - {CFE9E8A8-38C0-4EF8-AEC2-5035EFE81030} - C:\WINDOWS\system32\byxuuvs.dll
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\System32\fsbxravd.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O20 - Winlogon Notify: byxuuvs - C:\WINDOWS\SYSTEM32\byxuuvs.dll
O20 - Winlogon Notify: windph32 - C:\WINDOWS\SYSTEM32\windph32.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Bonjour,
1/ Télécharge combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/combofix.exe
Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
2/ Reposte un nouveau rapport HijackThis.
1/ Télécharge combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/combofix.exe
Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
2/ Reposte un nouveau rapport HijackThis.
1) rapport combofix
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\f@b\Bureau"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\ismini.exe
C:\Program Files\winupdates
C:\WINDOWS\system32\components
((((((((((((((((((((((((((((((( Files Created from 2006-10-28 to 2006-11-28 ))))))))))))))))))))))))))))))))))
2006-11-20 19:20 <REP> d-------- C:\Documents and Settings\f@b\Application Data\AdobeUM
2006-11-20 19:02 1,492 --a------ C:\WINDOWSvundofix.reg
2006-11-20 19:02 <REP> d-------- C:\VundoFix Backups
2006-11-20 18:52 60,436 --a------ C:\WINDOWS\system32\fsbxravd.dll
2006-11-18 13:47 <REP> d-------- C:\Program Files\DkZ Update
2006-11-18 13:24 65,536 -ra------ C:\WINDOWS\system32\nvrszht.dll
2006-11-18 13:24 65,536 -ra------ C:\WINDOWS\system32\nvrszhc.dll
2006-11-18 13:24 253,952 -ra------ C:\WINDOWS\system32\nvwrspt.dll
2006-11-18 13:24 249,856 -ra------ C:\WINDOWS\system32\nvwrsru.dll
2006-11-18 13:24 249,856 -ra------ C:\WINDOWS\system32\nvwrsptb.dll
2006-11-18 13:24 249,856 -ra------ C:\WINDOWS\system32\nvwrsit.dll
2006-11-18 13:24 245,760 -ra------ C:\WINDOWS\system32\nvwrsnl.dll
2006-11-18 13:24 241,664 -ra------ C:\WINDOWS\system32\nvwrshu.dll
2006-11-18 13:24 237,568 -ra------ C:\WINDOWS\system32\nvwrstr.dll
2006-11-18 13:24 233,472 -ra------ C:\WINDOWS\system32\nvwrsno.dll
2006-11-18 13:24 229,376 -ra------ C:\WINDOWS\system32\nvwrssv.dll
2006-11-18 13:24 229,376 -ra------ C:\WINDOWS\system32\nvwrssl.dll
2006-11-18 13:24 229,376 -ra------ C:\WINDOWS\system32\nvwrssk.dll
2006-11-18 13:24 229,376 -ra------ C:\WINDOWS\system32\nvwrspl.dll
2006-11-18 13:24 163,840 -ra------ C:\WINDOWS\system32\nvwrsja.dll
2006-11-18 13:24 151,552 -ra------ C:\WINDOWS\system32\nvwrsko.dll
2006-11-18 13:24 143,360 -ra------ C:\WINDOWS\system32\nvrsko.dll
2006-11-18 13:24 143,360 -ra------ C:\WINDOWS\system32\nvrsja.dll
2006-11-18 13:24 135,168 -ra------ C:\WINDOWS\system32\nvrsit.dll
2006-11-18 13:24 131,072 -ra------ C:\WINDOWS\system32\nvwrszht.dll
2006-11-18 13:24 131,072 -ra------ C:\WINDOWS\system32\nvrsptb.dll
2006-11-18 13:24 131,072 -ra------ C:\WINDOWS\system32\nvrsnl.dll
2006-11-18 13:24 126,976 -ra------ C:\WINDOWS\system32\nvwrszhc.dll
2006-11-18 13:24 126,976 -ra------ C:\WINDOWS\system32\nvrssl.dll
2006-11-18 13:24 126,976 -ra------ C:\WINDOWS\system32\nvrsru.dll
2006-11-18 13:24 126,976 -ra------ C:\WINDOWS\system32\nvrspt.dll
2006-11-18 13:24 122,880 -ra------ C:\WINDOWS\system32\nvrstr.dll
2006-11-18 13:24 122,880 -ra------ C:\WINDOWS\system32\nvrshu.dll
2006-11-18 13:24 118,784 -ra------ C:\WINDOWS\system32\nvrssv.dll
2006-11-18 13:24 118,784 -ra------ C:\WINDOWS\system32\nvrssk.dll
2006-11-18 13:24 118,784 -ra------ C:\WINDOWS\system32\nvrspl.dll
2006-11-18 13:24 118,784 -ra------ C:\WINDOWS\system32\nvrsno.dll
2006-11-18 13:23 77,824 -ra------ C:\WINDOWS\system32\nvsvc32.exe
2006-11-18 13:23 753,664 -ra------ C:\WINDOWS\system32\nwiz.exe
2006-11-18 13:23 49,152 -ra------ C:\WINDOWS\system32\nvmctray.dll
2006-11-18 13:23 450,560 -ra------ C:\WINDOWS\system32\nvshell.dll
2006-11-18 13:23 4,323,968 -ra------ C:\WINDOWS\system32\nv4_disp.dll
2006-11-18 13:23 397,312 -ra------ C:\WINDOWS\system32\nvappbar.exe
2006-11-18 13:23 35,840 -ra------ C:\WINDOWS\system32\nvwddi.dll
2006-11-18 13:23 30,720 -ra------ C:\WINDOWS\system32\nvcodins.dll
2006-11-18 13:23 30,720 -ra------ C:\WINDOWS\system32\nvcod.dll
2006-11-18 13:23 3,551,232 -ra------ C:\WINDOWS\system32\nvoglnt.dll
2006-11-18 13:23 3,022,848 -ra------ C:\WINDOWS\system32\nvcpl.dll
2006-11-18 13:23 290,816 -ra------ C:\WINDOWS\system32\keystone.exe
2006-11-18 13:23 262,144 -ra------ C:\WINDOWS\system32\nvwrses.dll
2006-11-18 13:23 262,144 -ra------ C:\WINDOWS\system32\nvwrsel.dll
2006-11-18 13:23 253,952 -ra------ C:\WINDOWS\system32\nvwrsesm.dll
2006-11-18 13:23 249,856 -ra------ C:\WINDOWS\system32\nvwrsfr.dll
2006-11-18 13:23 241,664 -ra------ C:\WINDOWS\system32\nvwrsde.dll
2006-11-18 13:23 237,568 -ra------ C:\WINDOWS\system32\nvwrsfi.dll
2006-11-18 13:23 233,472 -ra------ C:\WINDOWS\system32\nvnt4cpl.dll
2006-11-18 13:23 229,376 -ra------ C:\WINDOWS\system32\nvwrsda.dll
2006-11-18 13:23 221,184 -ra------ C:\WINDOWS\system32\nvwrseng.dll
2006-11-18 13:23 221,184 -ra------ C:\WINDOWS\system32\nvwrsar.dll
2006-11-18 13:23 217,088 -ra------ C:\WINDOWS\system32\nvwrshe.dll
2006-11-18 13:23 217,088 -ra------ C:\WINDOWS\system32\nvwrscs.dll
2006-11-18 13:23 172,032 -ra------ C:\WINDOWS\system32\nvrsar.dll
2006-11-18 13:23 163,840 -ra------ C:\WINDOWS\system32\nvrshe.dll
2006-11-18 13:23 139,264 -ra------ C:\WINDOWS\system32\nvrsesm.dll
2006-11-18 13:23 135,168 -ra------ C:\WINDOWS\system32\nvrsfr.dll
2006-11-18 13:23 131,072 -ra------ C:\WINDOWS\system32\nvrses.dll
2006-11-18 13:23 131,072 -ra------ C:\WINDOWS\system32\nvrsel.dll
2006-11-18 13:23 131,072 -ra------ C:\WINDOWS\system32\nvrsde.dll
2006-11-18 13:23 131,072 -ra------ C:\WINDOWS\system32\nvinstnt.dll
2006-11-18 13:23 122,880 -ra------ C:\WINDOWS\system32\nvrsda.dll
2006-11-18 13:23 118,784 -ra------ C:\WINDOWS\system32\nvrseng.dll
2006-11-18 13:23 114,688 -ra------ C:\WINDOWS\system32\nvrsfi.dll
2006-11-18 13:23 114,688 -ra------ C:\WINDOWS\system32\nvrscs.dll
2006-11-18 13:23 110,592 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-11-18 13:23 1,618,939 -ra------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2006-11-18 13:23 1,474,633 -ra------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-11-18 13:23 1,175,552 -ra------ C:\WINDOWS\system32\nview.dll
2006-11-18 13:23 1,007,616 -ra------ C:\WINDOWS\system32\nviewimg.dll
2006-11-18 13:12 1,404,928 --a------ C:\WINDOWS\system\NVCPL.DLL
2006-11-16 15:00 <REP> d-------- C:\Documents and Settings\f@b\Application Data\Apple Computer
2006-11-16 12:54 126,996 --a------ C:\WINDOWS\system32\tnhqkhdk.dll
2006-11-15 22:21 <REP> d-------- C:\Program Files\Antipub
2006-11-15 14:01 <REP> d--hs---- C:\Config.Msi
2006-11-15 12:44 <REP> d-------- C:\Documents and Settings\f@b\Application Data\vlc
2006-11-15 12:44 <REP> d-------- C:\Documents and Settings\f@b\Application Data\Adobe
2006-11-15 12:37 <REP> d-------- C:\Documents and Settings\f@b\Application Data\Azureus
2006-11-15 00:40 40,973 ---hs---- C:\WINDOWS\system32\urqpmkk.dll
2006-11-15 00:26 <REP> d-------- C:\Documents and Settings\f@b\Application Data\Lavasoft
2006-11-14 23:39 <REP> d-------- C:\Documents and Settings\f@b\Application Data\BSplayer
2006-11-14 23:38 <REP> d---s---- C:\Documents and Settings\f@b\Application Data\Microsoft
2006-11-14 23:33 <REP> d-------- C:\Documents and Settings\f@b\Application Data\Macromedia
2006-11-14 23:31 <REP> d-------- C:\Documents and Settings\f@b\Application Data\Talkback
2006-11-14 23:30 <REP> d-------- C:\Documents and Settings\f@b\Application Data\Mozilla
2006-11-14 11:18 40,973 ---hs---- C:\WINDOWS\system32\gebywww.dll
2006-11-13 19:42 40,973 ---hs---- C:\WINDOWS\system32\byxuuvs.dll
2006-11-13 19:28 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2006-11-13 19:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-11-13 12:51 77,824 --a------ C:\WINDOWS\system32\cfltygd.dll
2006-11-13 12:51 60,436 --a------ C:\WINDOWS\system32\lvmabytl.dll
2006-11-13 12:51 110,612 --a------ C:\WINDOWS\system32\ghpkeubd.exe
2006-11-13 12:51 <REP> d-------- C:\Program Files\VSAdd-in
2006-11-13 12:46 40,973 ---hs---- C:\WINDOWS\system32\jkkkiih.dll
2006-11-13 12:45 15,872 --a------ C:\WINDOWS\system32\windph32.dll
2006-11-10 23:36 <REP> d-------- C:\Program Files\DkZ Studio
2006-11-02 11:40 <REP> d-------- C:\Program Files\iTunes
2006-11-02 11:40 <REP> d-------- C:\Program Files\iPod
2006-11-02 11:39 <REP> d-------- C:\Program Files\QuickTime
2006-11-02 11:38 <REP> d-------- C:\Program Files\Apple Software Update
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-11-28 11:13 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-18 13:45 737280 --a------ C:\WINDOWS\iun6002.exe
2006-11-17 16:33 -------- d-------- C:\Program Files\KONAMI
2006-11-17 16:31 103936 --ahs---- C:\Program Files\Thumbs.db
2006-11-15 22:35 -------- d-------- C:\Program Files\Wanadoo
2006-11-15 14:01 -------- d-------- C:\Program Files\Fichiers communs\Softwin
2006-11-10 14:36 -------- d-------- C:\Program Files\Fichiers communs\Microsoft Shared
2006-10-17 17:37 -------- d-------- C:\Program Files\DAEMON Tools
2006-10-17 17:28 611064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-10-11 16:19 -------- d-------- C:\Program Files\LimeWire
2006-10-11 11:46 -------- d-------- C:\Program Files\Druide
2006-10-09 17:33 -------- d-------- C:\Program Files\Fichiers communs\Macromedia
2006-10-09 17:32 -------- d-------- C:\Program Files\Macromedia
2006-10-09 17:31 -------- d-------- C:\Program Files\Fichiers communs
2006-09-19 15:43 109360 --a------ C:\WINDOWS\system32\GEARAspi.dll
2006-09-12 22:03 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-08-24 08:58 278528 --a------ C:\Program Files\Fichiers communs\FDEUnInstaller.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,20,01,00,00,00,00,00,00,80,04,00,00,66,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{CFE9E8A8-38C0-4EF8-AEC2-5035EFE81030}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:95,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"ishost.exe"="ishost.exe"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxuuvs
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\windph32
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
Completion time: 06-11-28 11:20:42.65
C:\ComboFix.txt ... 06-11-28 11:20
2) rapport hijack
Logfile of HijackThis v1.99.1
Scan saved at 11:23:35, on 28/11/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Azureus\Azureus.exe
C:\Documents and Settings\f@b\Bureau\HijackThis.exe
O2 - BHO: (no name) - {CFE9E8A8-38C0-4EF8-AEC2-5035EFE81030} - C:\WINDOWS\system32\byxuuvs.dll
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\System32\fsbxravd.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O20 - Winlogon Notify: byxuuvs - C:\WINDOWS\SYSTEM32\byxuuvs.dll
O20 - Winlogon Notify: windph32 - C:\WINDOWS\SYSTEM32\windph32.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\f@b\Bureau"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\ismini.exe
C:\Program Files\winupdates
C:\WINDOWS\system32\components
((((((((((((((((((((((((((((((( Files Created from 2006-10-28 to 2006-11-28 ))))))))))))))))))))))))))))))))))
2006-11-20 19:20 <REP> d-------- C:\Documents and Settings\f@b\Application Data\AdobeUM
2006-11-20 19:02 1,492 --a------ C:\WINDOWSvundofix.reg
2006-11-20 19:02 <REP> d-------- C:\VundoFix Backups
2006-11-20 18:52 60,436 --a------ C:\WINDOWS\system32\fsbxravd.dll
2006-11-18 13:47 <REP> d-------- C:\Program Files\DkZ Update
2006-11-18 13:24 65,536 -ra------ C:\WINDOWS\system32\nvrszht.dll
2006-11-18 13:24 65,536 -ra------ C:\WINDOWS\system32\nvrszhc.dll
2006-11-18 13:24 253,952 -ra------ C:\WINDOWS\system32\nvwrspt.dll
2006-11-18 13:24 249,856 -ra------ C:\WINDOWS\system32\nvwrsru.dll
2006-11-18 13:24 249,856 -ra------ C:\WINDOWS\system32\nvwrsptb.dll
2006-11-18 13:24 249,856 -ra------ C:\WINDOWS\system32\nvwrsit.dll
2006-11-18 13:24 245,760 -ra------ C:\WINDOWS\system32\nvwrsnl.dll
2006-11-18 13:24 241,664 -ra------ C:\WINDOWS\system32\nvwrshu.dll
2006-11-18 13:24 237,568 -ra------ C:\WINDOWS\system32\nvwrstr.dll
2006-11-18 13:24 233,472 -ra------ C:\WINDOWS\system32\nvwrsno.dll
2006-11-18 13:24 229,376 -ra------ C:\WINDOWS\system32\nvwrssv.dll
2006-11-18 13:24 229,376 -ra------ C:\WINDOWS\system32\nvwrssl.dll
2006-11-18 13:24 229,376 -ra------ C:\WINDOWS\system32\nvwrssk.dll
2006-11-18 13:24 229,376 -ra------ C:\WINDOWS\system32\nvwrspl.dll
2006-11-18 13:24 163,840 -ra------ C:\WINDOWS\system32\nvwrsja.dll
2006-11-18 13:24 151,552 -ra------ C:\WINDOWS\system32\nvwrsko.dll
2006-11-18 13:24 143,360 -ra------ C:\WINDOWS\system32\nvrsko.dll
2006-11-18 13:24 143,360 -ra------ C:\WINDOWS\system32\nvrsja.dll
2006-11-18 13:24 135,168 -ra------ C:\WINDOWS\system32\nvrsit.dll
2006-11-18 13:24 131,072 -ra------ C:\WINDOWS\system32\nvwrszht.dll
2006-11-18 13:24 131,072 -ra------ C:\WINDOWS\system32\nvrsptb.dll
2006-11-18 13:24 131,072 -ra------ C:\WINDOWS\system32\nvrsnl.dll
2006-11-18 13:24 126,976 -ra------ C:\WINDOWS\system32\nvwrszhc.dll
2006-11-18 13:24 126,976 -ra------ C:\WINDOWS\system32\nvrssl.dll
2006-11-18 13:24 126,976 -ra------ C:\WINDOWS\system32\nvrsru.dll
2006-11-18 13:24 126,976 -ra------ C:\WINDOWS\system32\nvrspt.dll
2006-11-18 13:24 122,880 -ra------ C:\WINDOWS\system32\nvrstr.dll
2006-11-18 13:24 122,880 -ra------ C:\WINDOWS\system32\nvrshu.dll
2006-11-18 13:24 118,784 -ra------ C:\WINDOWS\system32\nvrssv.dll
2006-11-18 13:24 118,784 -ra------ C:\WINDOWS\system32\nvrssk.dll
2006-11-18 13:24 118,784 -ra------ C:\WINDOWS\system32\nvrspl.dll
2006-11-18 13:24 118,784 -ra------ C:\WINDOWS\system32\nvrsno.dll
2006-11-18 13:23 77,824 -ra------ C:\WINDOWS\system32\nvsvc32.exe
2006-11-18 13:23 753,664 -ra------ C:\WINDOWS\system32\nwiz.exe
2006-11-18 13:23 49,152 -ra------ C:\WINDOWS\system32\nvmctray.dll
2006-11-18 13:23 450,560 -ra------ C:\WINDOWS\system32\nvshell.dll
2006-11-18 13:23 4,323,968 -ra------ C:\WINDOWS\system32\nv4_disp.dll
2006-11-18 13:23 397,312 -ra------ C:\WINDOWS\system32\nvappbar.exe
2006-11-18 13:23 35,840 -ra------ C:\WINDOWS\system32\nvwddi.dll
2006-11-18 13:23 30,720 -ra------ C:\WINDOWS\system32\nvcodins.dll
2006-11-18 13:23 30,720 -ra------ C:\WINDOWS\system32\nvcod.dll
2006-11-18 13:23 3,551,232 -ra------ C:\WINDOWS\system32\nvoglnt.dll
2006-11-18 13:23 3,022,848 -ra------ C:\WINDOWS\system32\nvcpl.dll
2006-11-18 13:23 290,816 -ra------ C:\WINDOWS\system32\keystone.exe
2006-11-18 13:23 262,144 -ra------ C:\WINDOWS\system32\nvwrses.dll
2006-11-18 13:23 262,144 -ra------ C:\WINDOWS\system32\nvwrsel.dll
2006-11-18 13:23 253,952 -ra------ C:\WINDOWS\system32\nvwrsesm.dll
2006-11-18 13:23 249,856 -ra------ C:\WINDOWS\system32\nvwrsfr.dll
2006-11-18 13:23 241,664 -ra------ C:\WINDOWS\system32\nvwrsde.dll
2006-11-18 13:23 237,568 -ra------ C:\WINDOWS\system32\nvwrsfi.dll
2006-11-18 13:23 233,472 -ra------ C:\WINDOWS\system32\nvnt4cpl.dll
2006-11-18 13:23 229,376 -ra------ C:\WINDOWS\system32\nvwrsda.dll
2006-11-18 13:23 221,184 -ra------ C:\WINDOWS\system32\nvwrseng.dll
2006-11-18 13:23 221,184 -ra------ C:\WINDOWS\system32\nvwrsar.dll
2006-11-18 13:23 217,088 -ra------ C:\WINDOWS\system32\nvwrshe.dll
2006-11-18 13:23 217,088 -ra------ C:\WINDOWS\system32\nvwrscs.dll
2006-11-18 13:23 172,032 -ra------ C:\WINDOWS\system32\nvrsar.dll
2006-11-18 13:23 163,840 -ra------ C:\WINDOWS\system32\nvrshe.dll
2006-11-18 13:23 139,264 -ra------ C:\WINDOWS\system32\nvrsesm.dll
2006-11-18 13:23 135,168 -ra------ C:\WINDOWS\system32\nvrsfr.dll
2006-11-18 13:23 131,072 -ra------ C:\WINDOWS\system32\nvrses.dll
2006-11-18 13:23 131,072 -ra------ C:\WINDOWS\system32\nvrsel.dll
2006-11-18 13:23 131,072 -ra------ C:\WINDOWS\system32\nvrsde.dll
2006-11-18 13:23 131,072 -ra------ C:\WINDOWS\system32\nvinstnt.dll
2006-11-18 13:23 122,880 -ra------ C:\WINDOWS\system32\nvrsda.dll
2006-11-18 13:23 118,784 -ra------ C:\WINDOWS\system32\nvrseng.dll
2006-11-18 13:23 114,688 -ra------ C:\WINDOWS\system32\nvrsfi.dll
2006-11-18 13:23 114,688 -ra------ C:\WINDOWS\system32\nvrscs.dll
2006-11-18 13:23 110,592 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-11-18 13:23 1,618,939 -ra------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2006-11-18 13:23 1,474,633 -ra------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-11-18 13:23 1,175,552 -ra------ C:\WINDOWS\system32\nview.dll
2006-11-18 13:23 1,007,616 -ra------ C:\WINDOWS\system32\nviewimg.dll
2006-11-18 13:12 1,404,928 --a------ C:\WINDOWS\system\NVCPL.DLL
2006-11-16 15:00 <REP> d-------- C:\Documents and Settings\f@b\Application Data\Apple Computer
2006-11-16 12:54 126,996 --a------ C:\WINDOWS\system32\tnhqkhdk.dll
2006-11-15 22:21 <REP> d-------- C:\Program Files\Antipub
2006-11-15 14:01 <REP> d--hs---- C:\Config.Msi
2006-11-15 12:44 <REP> d-------- C:\Documents and Settings\f@b\Application Data\vlc
2006-11-15 12:44 <REP> d-------- C:\Documents and Settings\f@b\Application Data\Adobe
2006-11-15 12:37 <REP> d-------- C:\Documents and Settings\f@b\Application Data\Azureus
2006-11-15 00:40 40,973 ---hs---- C:\WINDOWS\system32\urqpmkk.dll
2006-11-15 00:26 <REP> d-------- C:\Documents and Settings\f@b\Application Data\Lavasoft
2006-11-14 23:39 <REP> d-------- C:\Documents and Settings\f@b\Application Data\BSplayer
2006-11-14 23:38 <REP> d---s---- C:\Documents and Settings\f@b\Application Data\Microsoft
2006-11-14 23:33 <REP> d-------- C:\Documents and Settings\f@b\Application Data\Macromedia
2006-11-14 23:31 <REP> d-------- C:\Documents and Settings\f@b\Application Data\Talkback
2006-11-14 23:30 <REP> d-------- C:\Documents and Settings\f@b\Application Data\Mozilla
2006-11-14 11:18 40,973 ---hs---- C:\WINDOWS\system32\gebywww.dll
2006-11-13 19:42 40,973 ---hs---- C:\WINDOWS\system32\byxuuvs.dll
2006-11-13 19:28 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2006-11-13 19:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-11-13 12:51 77,824 --a------ C:\WINDOWS\system32\cfltygd.dll
2006-11-13 12:51 60,436 --a------ C:\WINDOWS\system32\lvmabytl.dll
2006-11-13 12:51 110,612 --a------ C:\WINDOWS\system32\ghpkeubd.exe
2006-11-13 12:51 <REP> d-------- C:\Program Files\VSAdd-in
2006-11-13 12:46 40,973 ---hs---- C:\WINDOWS\system32\jkkkiih.dll
2006-11-13 12:45 15,872 --a------ C:\WINDOWS\system32\windph32.dll
2006-11-10 23:36 <REP> d-------- C:\Program Files\DkZ Studio
2006-11-02 11:40 <REP> d-------- C:\Program Files\iTunes
2006-11-02 11:40 <REP> d-------- C:\Program Files\iPod
2006-11-02 11:39 <REP> d-------- C:\Program Files\QuickTime
2006-11-02 11:38 <REP> d-------- C:\Program Files\Apple Software Update
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-11-28 11:13 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-18 13:45 737280 --a------ C:\WINDOWS\iun6002.exe
2006-11-17 16:33 -------- d-------- C:\Program Files\KONAMI
2006-11-17 16:31 103936 --ahs---- C:\Program Files\Thumbs.db
2006-11-15 22:35 -------- d-------- C:\Program Files\Wanadoo
2006-11-15 14:01 -------- d-------- C:\Program Files\Fichiers communs\Softwin
2006-11-10 14:36 -------- d-------- C:\Program Files\Fichiers communs\Microsoft Shared
2006-10-17 17:37 -------- d-------- C:\Program Files\DAEMON Tools
2006-10-17 17:28 611064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-10-11 16:19 -------- d-------- C:\Program Files\LimeWire
2006-10-11 11:46 -------- d-------- C:\Program Files\Druide
2006-10-09 17:33 -------- d-------- C:\Program Files\Fichiers communs\Macromedia
2006-10-09 17:32 -------- d-------- C:\Program Files\Macromedia
2006-10-09 17:31 -------- d-------- C:\Program Files\Fichiers communs
2006-09-19 15:43 109360 --a------ C:\WINDOWS\system32\GEARAspi.dll
2006-09-12 22:03 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-08-24 08:58 278528 --a------ C:\Program Files\Fichiers communs\FDEUnInstaller.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,20,01,00,00,00,00,00,00,80,04,00,00,66,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{CFE9E8A8-38C0-4EF8-AEC2-5035EFE81030}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:95,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"ishost.exe"="ishost.exe"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxuuvs
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\windph32
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
Completion time: 06-11-28 11:20:42.65
C:\ComboFix.txt ... 06-11-28 11:20
2) rapport hijack
Logfile of HijackThis v1.99.1
Scan saved at 11:23:35, on 28/11/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Azureus\Azureus.exe
C:\Documents and Settings\f@b\Bureau\HijackThis.exe
O2 - BHO: (no name) - {CFE9E8A8-38C0-4EF8-AEC2-5035EFE81030} - C:\WINDOWS\system32\byxuuvs.dll
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\System32\fsbxravd.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O20 - Winlogon Notify: byxuuvs - C:\WINDOWS\SYSTEM32\byxuuvs.dll
O20 - Winlogon Notify: windph32 - C:\WINDOWS\SYSTEM32\windph32.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Re,
Rend toi sur le site de Jotti's VirusScan:
http://virusscan.jotti.org/
Fait analyser ce fichier :
C:\WINDOWS\SYSTEM32\byxuuvs.dll
A la fin de l'analyse poste le rapport.
Ensuite recommence avec ce fichier :
C:\WINDOWS\System32\fsbxravd.dll
Idem poste le rapport
Rend toi sur le site de Jotti's VirusScan:
http://virusscan.jotti.org/
Fait analyser ce fichier :
C:\WINDOWS\SYSTEM32\byxuuvs.dll
A la fin de l'analyse poste le rapport.
Ensuite recommence avec ce fichier :
C:\WINDOWS\System32\fsbxravd.dll
Idem poste le rapport
Bonjour,
Bob c'est forcément du Vundo (même si je sais que tu le sais ^^) :
O2 - BHO: (no name) - {CFE9E8A8-38C0-4EF8-AEC2-5035EFE81030} - C:\WINDOWS\system32\byxuuvs.dll
O20 - Winlogon Notify: byxuuvs - C:\WINDOWS\SYSTEM32\byxuuvs.dll
Pas besoin de scanner ce fichier par contre l'autre oui.
Clique sur le menu Démarrer puis executer et copie/colle ceci :
"%userprofile%\Bureau\combofix.exe" /v byxuuvs
puis clic sur OK.
Suis les invites.
Ne touche a rien et attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
Bob c'est forcément du Vundo (même si je sais que tu le sais ^^) :
O2 - BHO: (no name) - {CFE9E8A8-38C0-4EF8-AEC2-5035EFE81030} - C:\WINDOWS\system32\byxuuvs.dll
O20 - Winlogon Notify: byxuuvs - C:\WINDOWS\SYSTEM32\byxuuvs.dll
Pas besoin de scanner ce fichier par contre l'autre oui.
Clique sur le menu Démarrer puis executer et copie/colle ceci :
"%userprofile%\Bureau\combofix.exe" /v byxuuvs
puis clic sur OK.
Suis les invites.
Ne touche a rien et attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\f@b\Bureau"
Command switches used :: /v byxuuvs
(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\byxuuvs.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((( Files Created from 2006-10-28 to 2006-11-28 ))))))))))))))))))))))))))))))))))
2006-11-20 19:20 <REP> d-------- C:\Documents and Settings\f@b\Application Data\AdobeUM
2006-11-20 19:02 1,492 --a------ C:\WINDOWSvundofix.reg
2006-11-20 19:02 <REP> d-------- C:\VundoFix Backups
2006-11-20 18:52 60,436 --a------ C:\WINDOWS\system32\fsbxravd.dll
2006-11-18 13:47 <REP> d-------- C:\Program Files\DkZ Update
2006-11-18 13:24 65,536 -ra------ C:\WINDOWS\system32\nvrszht.dll
2006-11-18 13:24 65,536 -ra------ C:\WINDOWS\system32\nvrszhc.dll
2006-11-18 13:24 253,952 -ra------ C:\WINDOWS\system32\nvwrspt.dll
2006-11-18 13:24 249,856 -ra------ C:\WINDOWS\system32\nvwrsru.dll
2006-11-18 13:24 249,856 -ra------ C:\WINDOWS\system32\nvwrsptb.dll
2006-11-18 13:24 249,856 -ra------ C:\WINDOWS\system32\nvwrsit.dll
2006-11-18 13:24 245,760 -ra------ C:\WINDOWS\system32\nvwrsnl.dll
2006-11-18 13:24 241,664 -ra------ C:\WINDOWS\system32\nvwrshu.dll
2006-11-18 13:24 237,568 -ra------ C:\WINDOWS\system32\nvwrstr.dll
2006-11-18 13:24 233,472 -ra------ C:\WINDOWS\system32\nvwrsno.dll
2006-11-18 13:24 229,376 -ra------ C:\WINDOWS\system32\nvwrssv.dll
2006-11-18 13:24 229,376 -ra------ C:\WINDOWS\system32\nvwrssl.dll
2006-11-18 13:24 229,376 -ra------ C:\WINDOWS\system32\nvwrssk.dll
2006-11-18 13:24 229,376 -ra------ C:\WINDOWS\system32\nvwrspl.dll
2006-11-18 13:24 163,840 -ra------ C:\WINDOWS\system32\nvwrsja.dll
2006-11-18 13:24 151,552 -ra------ C:\WINDOWS\system32\nvwrsko.dll
2006-11-18 13:24 143,360 -ra------ C:\WINDOWS\system32\nvrsko.dll
2006-11-18 13:24 143,360 -ra------ C:\WINDOWS\system32\nvrsja.dll
2006-11-18 13:24 135,168 -ra------ C:\WINDOWS\system32\nvrsit.dll
2006-11-18 13:24 131,072 -ra------ C:\WINDOWS\system32\nvwrszht.dll
2006-11-18 13:24 131,072 -ra------ C:\WINDOWS\system32\nvrsptb.dll
2006-11-18 13:24 131,072 -ra------ C:\WINDOWS\system32\nvrsnl.dll
2006-11-18 13:24 126,976 -ra------ C:\WINDOWS\system32\nvwrszhc.dll
2006-11-18 13:24 126,976 -ra------ C:\WINDOWS\system32\nvrssl.dll
2006-11-18 13:24 126,976 -ra------ C:\WINDOWS\system32\nvrsru.dll
2006-11-18 13:24 126,976 -ra------ C:\WINDOWS\system32\nvrspt.dll
2006-11-18 13:24 122,880 -ra------ C:\WINDOWS\system32\nvrstr.dll
2006-11-18 13:24 122,880 -ra------ C:\WINDOWS\system32\nvrshu.dll
2006-11-18 13:24 118,784 -ra------ C:\WINDOWS\system32\nvrssv.dll
2006-11-18 13:24 118,784 -ra------ C:\WINDOWS\system32\nvrssk.dll
2006-11-18 13:24 118,784 -ra------ C:\WINDOWS\system32\nvrspl.dll
2006-11-18 13:24 118,784 -ra------ C:\WINDOWS\system32\nvrsno.dll
2006-11-18 13:23 77,824 -ra------ C:\WINDOWS\system32\nvsvc32.exe
2006-11-18 13:23 753,664 -ra------ C:\WINDOWS\system32\nwiz.exe
2006-11-18 13:23 49,152 -ra------ C:\WINDOWS\system32\nvmctray.dll
2006-11-18 13:23 450,560 -ra------ C:\WINDOWS\system32\nvshell.dll
2006-11-18 13:23 4,323,968 -ra------ C:\WINDOWS\system32\nv4_disp.dll
2006-11-18 13:23 397,312 -ra------ C:\WINDOWS\system32\nvappbar.exe
2006-11-18 13:23 35,840 -ra------ C:\WINDOWS\system32\nvwddi.dll
2006-11-18 13:23 30,720 -ra------ C:\WINDOWS\system32\nvcodins.dll
2006-11-18 13:23 30,720 -ra------ C:\WINDOWS\system32\nvcod.dll
2006-11-18 13:23 3,551,232 -ra------ C:\WINDOWS\system32\nvoglnt.dll
2006-11-18 13:23 3,022,848 -ra------ C:\WINDOWS\system32\nvcpl.dll
2006-11-18 13:23 290,816 -ra------ C:\WINDOWS\system32\keystone.exe
2006-11-18 13:23 262,144 -ra------ C:\WINDOWS\system32\nvwrses.dll
2006-11-18 13:23 262,144 -ra------ C:\WINDOWS\system32\nvwrsel.dll
2006-11-18 13:23 253,952 -ra------ C:\WINDOWS\system32\nvwrsesm.dll
2006-11-18 13:23 249,856 -ra------ C:\WINDOWS\system32\nvwrsfr.dll
2006-11-18 13:23 241,664 -ra------ C:\WINDOWS\system32\nvwrsde.dll
2006-11-18 13:23 237,568 -ra------ C:\WINDOWS\system32\nvwrsfi.dll
2006-11-18 13:23 233,472 -ra------ C:\WINDOWS\system32\nvnt4cpl.dll
2006-11-18 13:23 229,376 -ra------ C:\WINDOWS\system32\nvwrsda.dll
2006-11-18 13:23 221,184 -ra------ C:\WINDOWS\system32\nvwrseng.dll
2006-11-18 13:23 221,184 -ra------ C:\WINDOWS\system32\nvwrsar.dll
2006-11-18 13:23 217,088 -ra------ C:\WINDOWS\system32\nvwrshe.dll
2006-11-18 13:23 217,088 -ra------ C:\WINDOWS\system32\nvwrscs.dll
2006-11-18 13:23 172,032 -ra------ C:\WINDOWS\system32\nvrsar.dll
2006-11-18 13:23 163,840 -ra------ C:\WINDOWS\system32\nvrshe.dll
2006-11-18 13:23 139,264 -ra------ C:\WINDOWS\system32\nvrsesm.dll
2006-11-18 13:23 135,168 -ra------ C:\WINDOWS\system32\nvrsfr.dll
2006-11-18 13:23 131,072 -ra------ C:\WINDOWS\system32\nvrses.dll
2006-11-18 13:23 131,072 -ra------ C:\WINDOWS\system32\nvrsel.dll
2006-11-18 13:23 131,072 -ra------ C:\WINDOWS\system32\nvrsde.dll
2006-11-18 13:23 131,072 -ra------ C:\WINDOWS\system32\nvinstnt.dll
2006-11-18 13:23 122,880 -ra------ C:\WINDOWS\system32\nvrsda.dll
2006-11-18 13:23 118,784 -ra------ C:\WINDOWS\system32\nvrseng.dll
2006-11-18 13:23 114,688 -ra------ C:\WINDOWS\system32\nvrsfi.dll
2006-11-18 13:23 114,688 -ra------ C:\WINDOWS\system32\nvrscs.dll
2006-11-18 13:23 110,592 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-11-18 13:23 1,618,939 -ra------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2006-11-18 13:23 1,474,633 -ra------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-11-18 13:23 1,175,552 -ra------ C:\WINDOWS\system32\nview.dll
2006-11-18 13:23 1,007,616 -ra------ C:\WINDOWS\system32\nviewimg.dll
2006-11-18 13:12 1,404,928 --a------ C:\WINDOWS\system\NVCPL.DLL
2006-11-16 15:00 <REP> d-------- C:\Documents and Settings\f@b\Application Data\Apple Computer
2006-11-16 12:54 126,996 --a------ C:\WINDOWS\system32\tnhqkhdk.dll
2006-11-15 22:21 <REP> d-------- C:\Program Files\Antipub
2006-11-15 14:01 <REP> d--hs---- C:\Config.Msi
2006-11-15 12:44 <REP> d-------- C:\Documents and Settings\f@b\Application Data\vlc
2006-11-15 12:44 <REP> d-------- C:\Documents and Settings\f@b\Application Data\Adobe
2006-11-15 12:37 <REP> d-------- C:\Documents and Settings\f@b\Application Data\Azureus
2006-11-15 00:40 40,973 ---hs---- C:\WINDOWS\system32\urqpmkk.dll
2006-11-15 00:26 <REP> d-------- C:\Documents and Settings\f@b\Application Data\Lavasoft
2006-11-14 23:39 <REP> d-------- C:\Documents and Settings\f@b\Application Data\BSplayer
2006-11-14 23:38 <REP> d---s---- C:\Documents and Settings\f@b\Application Data\Microsoft
2006-11-14 23:33 <REP> d-------- C:\Documents and Settings\f@b\Application Data\Macromedia
2006-11-14 23:31 <REP> d-------- C:\Documents and Settings\f@b\Application Data\Talkback
2006-11-14 23:30 <REP> d-------- C:\Documents and Settings\f@b\Application Data\Mozilla
2006-11-14 11:18 40,973 ---hs---- C:\WINDOWS\system32\gebywww.dll
2006-11-13 19:28 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2006-11-13 19:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-11-13 12:51 77,824 --a------ C:\WINDOWS\system32\cfltygd.dll
2006-11-13 12:51 60,436 --a------ C:\WINDOWS\system32\lvmabytl.dll
2006-11-13 12:51 110,612 --a------ C:\WINDOWS\system32\ghpkeubd.exe
2006-11-13 12:51 <REP> d-------- C:\Program Files\VSAdd-in
2006-11-13 12:46 40,973 ---hs---- C:\WINDOWS\system32\jkkkiih.dll
2006-11-13 12:45 15,872 --a------ C:\WINDOWS\system32\windph32.dll
2006-11-10 23:36 <REP> d-------- C:\Program Files\DkZ Studio
2006-11-02 11:40 <REP> d-------- C:\Program Files\iTunes
2006-11-02 11:40 <REP> d-------- C:\Program Files\iPod
2006-11-02 11:39 <REP> d-------- C:\Program Files\QuickTime
2006-11-02 11:38 <REP> d-------- C:\Program Files\Apple Software Update
2006-11-01 12:40 235,520 --a------ C:\WINDOWS\system32\xaclceikud.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-11-28 18:42 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-18 13:45 737280 --a------ C:\WINDOWS\iun6002.exe
2006-11-17 16:33 -------- d-------- C:\Program Files\KONAMI
2006-11-17 16:31 103936 --ahs---- C:\Program Files\Thumbs.db
2006-11-15 22:35 -------- d-------- C:\Program Files\Wanadoo
2006-11-15 14:01 -------- d-------- C:\Program Files\Fichiers communs\Softwin
2006-11-10 14:36 -------- d-------- C:\Program Files\Fichiers communs\Microsoft Shared
2006-10-17 17:37 -------- d-------- C:\Program Files\DAEMON Tools
2006-10-17 17:28 611064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-10-11 16:19 -------- d-------- C:\Program Files\LimeWire
2006-10-11 11:46 -------- d-------- C:\Program Files\Druide
2006-10-09 17:33 -------- d-------- C:\Program Files\Fichiers communs\Macromedia
2006-10-09 17:32 -------- d-------- C:\Program Files\Macromedia
2006-10-09 17:31 -------- d-------- C:\Program Files\Fichiers communs
2006-09-19 15:43 109360 --a------ C:\WINDOWS\system32\GEARAspi.dll
2006-09-12 22:03 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-08-24 08:58 278528 --a------ C:\Program Files\Fichiers communs\FDEUnInstaller.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"xaclceikud"="c:\\windows\\system32\\xaclceikud.exe xaclceikud"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,20,01,00,00,00,00,00,00,80,04,00,00,66,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:95,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\windph32
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
Completion time: 06-11-28 18:48:00.32
C:\ComboFix.txt ... 06-11-28 18:48
C:\ComboFix2.txt ... 06-11-28 11:20
Command switches used :: /v byxuuvs
(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\byxuuvs.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((( Files Created from 2006-10-28 to 2006-11-28 ))))))))))))))))))))))))))))))))))
2006-11-20 19:20 <REP> d-------- C:\Documents and Settings\f@b\Application Data\AdobeUM
2006-11-20 19:02 1,492 --a------ C:\WINDOWSvundofix.reg
2006-11-20 19:02 <REP> d-------- C:\VundoFix Backups
2006-11-20 18:52 60,436 --a------ C:\WINDOWS\system32\fsbxravd.dll
2006-11-18 13:47 <REP> d-------- C:\Program Files\DkZ Update
2006-11-18 13:24 65,536 -ra------ C:\WINDOWS\system32\nvrszht.dll
2006-11-18 13:24 65,536 -ra------ C:\WINDOWS\system32\nvrszhc.dll
2006-11-18 13:24 253,952 -ra------ C:\WINDOWS\system32\nvwrspt.dll
2006-11-18 13:24 249,856 -ra------ C:\WINDOWS\system32\nvwrsru.dll
2006-11-18 13:24 249,856 -ra------ C:\WINDOWS\system32\nvwrsptb.dll
2006-11-18 13:24 249,856 -ra------ C:\WINDOWS\system32\nvwrsit.dll
2006-11-18 13:24 245,760 -ra------ C:\WINDOWS\system32\nvwrsnl.dll
2006-11-18 13:24 241,664 -ra------ C:\WINDOWS\system32\nvwrshu.dll
2006-11-18 13:24 237,568 -ra------ C:\WINDOWS\system32\nvwrstr.dll
2006-11-18 13:24 233,472 -ra------ C:\WINDOWS\system32\nvwrsno.dll
2006-11-18 13:24 229,376 -ra------ C:\WINDOWS\system32\nvwrssv.dll
2006-11-18 13:24 229,376 -ra------ C:\WINDOWS\system32\nvwrssl.dll
2006-11-18 13:24 229,376 -ra------ C:\WINDOWS\system32\nvwrssk.dll
2006-11-18 13:24 229,376 -ra------ C:\WINDOWS\system32\nvwrspl.dll
2006-11-18 13:24 163,840 -ra------ C:\WINDOWS\system32\nvwrsja.dll
2006-11-18 13:24 151,552 -ra------ C:\WINDOWS\system32\nvwrsko.dll
2006-11-18 13:24 143,360 -ra------ C:\WINDOWS\system32\nvrsko.dll
2006-11-18 13:24 143,360 -ra------ C:\WINDOWS\system32\nvrsja.dll
2006-11-18 13:24 135,168 -ra------ C:\WINDOWS\system32\nvrsit.dll
2006-11-18 13:24 131,072 -ra------ C:\WINDOWS\system32\nvwrszht.dll
2006-11-18 13:24 131,072 -ra------ C:\WINDOWS\system32\nvrsptb.dll
2006-11-18 13:24 131,072 -ra------ C:\WINDOWS\system32\nvrsnl.dll
2006-11-18 13:24 126,976 -ra------ C:\WINDOWS\system32\nvwrszhc.dll
2006-11-18 13:24 126,976 -ra------ C:\WINDOWS\system32\nvrssl.dll
2006-11-18 13:24 126,976 -ra------ C:\WINDOWS\system32\nvrsru.dll
2006-11-18 13:24 126,976 -ra------ C:\WINDOWS\system32\nvrspt.dll
2006-11-18 13:24 122,880 -ra------ C:\WINDOWS\system32\nvrstr.dll
2006-11-18 13:24 122,880 -ra------ C:\WINDOWS\system32\nvrshu.dll
2006-11-18 13:24 118,784 -ra------ C:\WINDOWS\system32\nvrssv.dll
2006-11-18 13:24 118,784 -ra------ C:\WINDOWS\system32\nvrssk.dll
2006-11-18 13:24 118,784 -ra------ C:\WINDOWS\system32\nvrspl.dll
2006-11-18 13:24 118,784 -ra------ C:\WINDOWS\system32\nvrsno.dll
2006-11-18 13:23 77,824 -ra------ C:\WINDOWS\system32\nvsvc32.exe
2006-11-18 13:23 753,664 -ra------ C:\WINDOWS\system32\nwiz.exe
2006-11-18 13:23 49,152 -ra------ C:\WINDOWS\system32\nvmctray.dll
2006-11-18 13:23 450,560 -ra------ C:\WINDOWS\system32\nvshell.dll
2006-11-18 13:23 4,323,968 -ra------ C:\WINDOWS\system32\nv4_disp.dll
2006-11-18 13:23 397,312 -ra------ C:\WINDOWS\system32\nvappbar.exe
2006-11-18 13:23 35,840 -ra------ C:\WINDOWS\system32\nvwddi.dll
2006-11-18 13:23 30,720 -ra------ C:\WINDOWS\system32\nvcodins.dll
2006-11-18 13:23 30,720 -ra------ C:\WINDOWS\system32\nvcod.dll
2006-11-18 13:23 3,551,232 -ra------ C:\WINDOWS\system32\nvoglnt.dll
2006-11-18 13:23 3,022,848 -ra------ C:\WINDOWS\system32\nvcpl.dll
2006-11-18 13:23 290,816 -ra------ C:\WINDOWS\system32\keystone.exe
2006-11-18 13:23 262,144 -ra------ C:\WINDOWS\system32\nvwrses.dll
2006-11-18 13:23 262,144 -ra------ C:\WINDOWS\system32\nvwrsel.dll
2006-11-18 13:23 253,952 -ra------ C:\WINDOWS\system32\nvwrsesm.dll
2006-11-18 13:23 249,856 -ra------ C:\WINDOWS\system32\nvwrsfr.dll
2006-11-18 13:23 241,664 -ra------ C:\WINDOWS\system32\nvwrsde.dll
2006-11-18 13:23 237,568 -ra------ C:\WINDOWS\system32\nvwrsfi.dll
2006-11-18 13:23 233,472 -ra------ C:\WINDOWS\system32\nvnt4cpl.dll
2006-11-18 13:23 229,376 -ra------ C:\WINDOWS\system32\nvwrsda.dll
2006-11-18 13:23 221,184 -ra------ C:\WINDOWS\system32\nvwrseng.dll
2006-11-18 13:23 221,184 -ra------ C:\WINDOWS\system32\nvwrsar.dll
2006-11-18 13:23 217,088 -ra------ C:\WINDOWS\system32\nvwrshe.dll
2006-11-18 13:23 217,088 -ra------ C:\WINDOWS\system32\nvwrscs.dll
2006-11-18 13:23 172,032 -ra------ C:\WINDOWS\system32\nvrsar.dll
2006-11-18 13:23 163,840 -ra------ C:\WINDOWS\system32\nvrshe.dll
2006-11-18 13:23 139,264 -ra------ C:\WINDOWS\system32\nvrsesm.dll
2006-11-18 13:23 135,168 -ra------ C:\WINDOWS\system32\nvrsfr.dll
2006-11-18 13:23 131,072 -ra------ C:\WINDOWS\system32\nvrses.dll
2006-11-18 13:23 131,072 -ra------ C:\WINDOWS\system32\nvrsel.dll
2006-11-18 13:23 131,072 -ra------ C:\WINDOWS\system32\nvrsde.dll
2006-11-18 13:23 131,072 -ra------ C:\WINDOWS\system32\nvinstnt.dll
2006-11-18 13:23 122,880 -ra------ C:\WINDOWS\system32\nvrsda.dll
2006-11-18 13:23 118,784 -ra------ C:\WINDOWS\system32\nvrseng.dll
2006-11-18 13:23 114,688 -ra------ C:\WINDOWS\system32\nvrsfi.dll
2006-11-18 13:23 114,688 -ra------ C:\WINDOWS\system32\nvrscs.dll
2006-11-18 13:23 110,592 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-11-18 13:23 1,618,939 -ra------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2006-11-18 13:23 1,474,633 -ra------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-11-18 13:23 1,175,552 -ra------ C:\WINDOWS\system32\nview.dll
2006-11-18 13:23 1,007,616 -ra------ C:\WINDOWS\system32\nviewimg.dll
2006-11-18 13:12 1,404,928 --a------ C:\WINDOWS\system\NVCPL.DLL
2006-11-16 15:00 <REP> d-------- C:\Documents and Settings\f@b\Application Data\Apple Computer
2006-11-16 12:54 126,996 --a------ C:\WINDOWS\system32\tnhqkhdk.dll
2006-11-15 22:21 <REP> d-------- C:\Program Files\Antipub
2006-11-15 14:01 <REP> d--hs---- C:\Config.Msi
2006-11-15 12:44 <REP> d-------- C:\Documents and Settings\f@b\Application Data\vlc
2006-11-15 12:44 <REP> d-------- C:\Documents and Settings\f@b\Application Data\Adobe
2006-11-15 12:37 <REP> d-------- C:\Documents and Settings\f@b\Application Data\Azureus
2006-11-15 00:40 40,973 ---hs---- C:\WINDOWS\system32\urqpmkk.dll
2006-11-15 00:26 <REP> d-------- C:\Documents and Settings\f@b\Application Data\Lavasoft
2006-11-14 23:39 <REP> d-------- C:\Documents and Settings\f@b\Application Data\BSplayer
2006-11-14 23:38 <REP> d---s---- C:\Documents and Settings\f@b\Application Data\Microsoft
2006-11-14 23:33 <REP> d-------- C:\Documents and Settings\f@b\Application Data\Macromedia
2006-11-14 23:31 <REP> d-------- C:\Documents and Settings\f@b\Application Data\Talkback
2006-11-14 23:30 <REP> d-------- C:\Documents and Settings\f@b\Application Data\Mozilla
2006-11-14 11:18 40,973 ---hs---- C:\WINDOWS\system32\gebywww.dll
2006-11-13 19:28 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2006-11-13 19:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-11-13 12:51 77,824 --a------ C:\WINDOWS\system32\cfltygd.dll
2006-11-13 12:51 60,436 --a------ C:\WINDOWS\system32\lvmabytl.dll
2006-11-13 12:51 110,612 --a------ C:\WINDOWS\system32\ghpkeubd.exe
2006-11-13 12:51 <REP> d-------- C:\Program Files\VSAdd-in
2006-11-13 12:46 40,973 ---hs---- C:\WINDOWS\system32\jkkkiih.dll
2006-11-13 12:45 15,872 --a------ C:\WINDOWS\system32\windph32.dll
2006-11-10 23:36 <REP> d-------- C:\Program Files\DkZ Studio
2006-11-02 11:40 <REP> d-------- C:\Program Files\iTunes
2006-11-02 11:40 <REP> d-------- C:\Program Files\iPod
2006-11-02 11:39 <REP> d-------- C:\Program Files\QuickTime
2006-11-02 11:38 <REP> d-------- C:\Program Files\Apple Software Update
2006-11-01 12:40 235,520 --a------ C:\WINDOWS\system32\xaclceikud.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-11-28 18:42 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-18 13:45 737280 --a------ C:\WINDOWS\iun6002.exe
2006-11-17 16:33 -------- d-------- C:\Program Files\KONAMI
2006-11-17 16:31 103936 --ahs---- C:\Program Files\Thumbs.db
2006-11-15 22:35 -------- d-------- C:\Program Files\Wanadoo
2006-11-15 14:01 -------- d-------- C:\Program Files\Fichiers communs\Softwin
2006-11-10 14:36 -------- d-------- C:\Program Files\Fichiers communs\Microsoft Shared
2006-10-17 17:37 -------- d-------- C:\Program Files\DAEMON Tools
2006-10-17 17:28 611064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-10-11 16:19 -------- d-------- C:\Program Files\LimeWire
2006-10-11 11:46 -------- d-------- C:\Program Files\Druide
2006-10-09 17:33 -------- d-------- C:\Program Files\Fichiers communs\Macromedia
2006-10-09 17:32 -------- d-------- C:\Program Files\Macromedia
2006-10-09 17:31 -------- d-------- C:\Program Files\Fichiers communs
2006-09-19 15:43 109360 --a------ C:\WINDOWS\system32\GEARAspi.dll
2006-09-12 22:03 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-08-24 08:58 278528 --a------ C:\Program Files\Fichiers communs\FDEUnInstaller.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"xaclceikud"="c:\\windows\\system32\\xaclceikud.exe xaclceikud"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,20,01,00,00,00,00,00,00,80,04,00,00,66,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:95,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\windph32
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
Completion time: 06-11-28 18:48:00.32
C:\ComboFix.txt ... 06-11-28 18:48
C:\ComboFix2.txt ... 06-11-28 11:20
AntiVir
Found Trojan/BHO.G.3
ArcaVir
Found Trojan.Bho.G
Avast
Found Win32:BHO-R
AVG Antivirus
Found Generic2.GGN
BitDefender
Found Trojan.BHO.G
ClamAV
Found nothing
Dr.Web
Found Trojan.Juan
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found Trojan.Win32.BHO.g
Fortinet
Found nothing
Kaspersky Anti-Virus
Found Trojan.Win32.BHO.g
NOD32
Found nothing
Norman Virus Control
Found W32/Smalltroj.NCG
VirusBuster
Found Trojan.BHO.BM
VBA32
Found nothing
Found Trojan/BHO.G.3
ArcaVir
Found Trojan.Bho.G
Avast
Found Win32:BHO-R
AVG Antivirus
Found Generic2.GGN
BitDefender
Found Trojan.BHO.G
ClamAV
Found nothing
Dr.Web
Found Trojan.Juan
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found Trojan.Win32.BHO.g
Fortinet
Found nothing
Kaspersky Anti-Virus
Found Trojan.Win32.BHO.g
NOD32
Found nothing
Norman Virus Control
Found W32/Smalltroj.NCG
VirusBuster
Found Trojan.BHO.BM
VBA32
Found nothing
) peut tu STP reposter un nouveau rapport HijackThis pour que l'on y voit plus clair maintenant
Logfile of HijackThis v1.99.1
Scan saved at 00:09:10, on 29/11/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\f@b\Bureau\HijackThis.exe
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\System32\fsbxravd.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O20 - Winlogon Notify: windph32 - C:\WINDOWS\SYSTEM32\windph32.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Scan saved at 00:09:10, on 29/11/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\f@b\Bureau\HijackThis.exe
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\System32\fsbxravd.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O20 - Winlogon Notify: windph32 - C:\WINDOWS\SYSTEM32\windph32.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Re,
On arrive normalement au bout de tes problemes![:)]( ":)")
La procédure est longue et en partie en mode sans échec. Attention, tu n'as pas accès à Internet dans ce mode, enregistre cette page Web (clique sur fichier/enregistrer sous/choisis « Bureau ») ou imprime ce que tu as à faire.
1/ Télécharge la version d'évaluation d'AVG Anti-Spyware 7.5
Installe-le sur ton bureau
- Démarre AVG Anti-Spyware 7.5 avec l'icône qui se trouve sur ton Bureau.
Clique sur Mise à jour.
Sous Mise à jour manuelle clique sur Commencer la mise à jour et attend la fin de cette mise à jour puis ferme le programme.
2/ Télécharge Ccleaner
Installe le dans un répertoire dédié (attention à l'installation pense à décocher l'installation de Yahoo toolbar).
3/ Redémarre en mode Sans Échec
(au démarrage, tapote immédiatement la touche F8), puis tu verras un écran avec choix de démarrages :
choisis Mode sans échec avec les flèches du clavier, puis valide avec Entrée.
Choisis ton compte usuel (et non Administrateur).
Si tu n’arrives vraiment pas à redémarrer en mode sans échec je te propose ce lien :
Redémarrer en mode sans échec
4/ Lance HijackThis
puis --> Do a system scan only
coche les lignes indiquées ci-dessous
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\System32\fsbxravd.dll
puis --> Fix checked
puis oui à la question de confirmation
5/ Assure-toi que tu as accès aux fichiers cachés.
(Démarrer->Poste de travail->Outils->Options des dossiers...->Affichage
"Afficher les fichiers et dossiers cachés" ->clique dessus
"Masquer les extensions des fichiers dont le type est connu" ->décoché
"Masquer les fichiers protégés du système d'exploitation" ->décoché
Valide les changements.
6/ Ensuite supprime les fichiers et/ou dossiers suivants si présents :
C:\WINDOWS\System32\fsbxravd.dll
7/ Lance Ccleaner
Puis clique sur le bouton « Analyse » ensuite bouton « Lancer le Nettoyage ». Ensuite fait de même sur le bouton « Erreurs » puis « chercher des erreurs » et « réparer les erreurs sélectionnées ».
8/ Lance AVG Anti-Spyware 7.5 et clique sur Analyse et ensuite clique sur Analyse complète du système.
A la fin du scan il affichera une liste des fichiers détectés.
Clique sur le bouton Appliquer toutes les actions.
Clique sur Enregistrer le rapport, puis Enregistrer le rapport sous, je te conseille de le mettre sur ton bureau.
9/ Redémarre en mode normal.
Poste le rapport AVG Anti-Spyware 7.5 dans ta prochaine réponse et poste un nouveau rapport HijackThis.
10/ As-tu encore des dysfonctionnements ?
On arrive normalement au bout de tes problemes
La procédure est longue et en partie en mode sans échec. Attention, tu n'as pas accès à Internet dans ce mode, enregistre cette page Web (clique sur fichier/enregistrer sous/choisis « Bureau ») ou imprime ce que tu as à faire.
1/ Télécharge la version d'évaluation d'AVG Anti-Spyware 7.5
Installe-le sur ton bureau
- Démarre AVG Anti-Spyware 7.5 avec l'icône qui se trouve sur ton Bureau.
Clique sur Mise à jour.
Sous Mise à jour manuelle clique sur Commencer la mise à jour et attend la fin de cette mise à jour puis ferme le programme.
2/ Télécharge Ccleaner
Installe le dans un répertoire dédié (attention à l'installation pense à décocher l'installation de Yahoo toolbar).
3/ Redémarre en mode Sans Échec
(au démarrage, tapote immédiatement la touche F8), puis tu verras un écran avec choix de démarrages :
choisis Mode sans échec avec les flèches du clavier, puis valide avec Entrée.
Choisis ton compte usuel (et non Administrateur).
Si tu n’arrives vraiment pas à redémarrer en mode sans échec je te propose ce lien :
Redémarrer en mode sans échec
4/ Lance HijackThis
puis --> Do a system scan only
coche les lignes indiquées ci-dessous
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\System32\fsbxravd.dll
puis --> Fix checked
puis oui à la question de confirmation
5/ Assure-toi que tu as accès aux fichiers cachés.
(Démarrer->Poste de travail->Outils->Options des dossiers...->Affichage
"Afficher les fichiers et dossiers cachés" ->clique dessus
"Masquer les extensions des fichiers dont le type est connu" ->décoché
"Masquer les fichiers protégés du système d'exploitation" ->décoché
Valide les changements.
6/ Ensuite supprime les fichiers et/ou dossiers suivants si présents :
C:\WINDOWS\System32\fsbxravd.dll
7/ Lance Ccleaner
Puis clique sur le bouton « Analyse » ensuite bouton « Lancer le Nettoyage ». Ensuite fait de même sur le bouton « Erreurs » puis « chercher des erreurs » et « réparer les erreurs sélectionnées ».
8/ Lance AVG Anti-Spyware 7.5 et clique sur Analyse et ensuite clique sur Analyse complète du système.
A la fin du scan il affichera une liste des fichiers détectés.
Clique sur le bouton Appliquer toutes les actions.
Clique sur Enregistrer le rapport, puis Enregistrer le rapport sous, je te conseille de le mettre sur ton bureau.
9/ Redémarre en mode normal.
Poste le rapport AVG Anti-Spyware 7.5 dans ta prochaine réponse et poste un nouveau rapport HijackThis.
10/ As-tu encore des dysfonctionnements ?
Coucou javais posté un mess hier mai apparement ca na pas marché. Du coup je né plu mon rapport avg
Je vous laisse le rapport hijack
Ca a lair daller mieu sur mon pc a part ke jai des jeux qui plantent en cours de partie! Ce probleme est il lié aux manipulations effectuées???
Meric en tt cas de mavoir débarassé de ce virus
Logfile of HijackThis v1.99.1
Scan saved at 11:58:16, on 29/11/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Azureus\Azureus.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\f@b\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3C2E2~1\888Bar.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Je vous laisse le rapport hijack
Ca a lair daller mieu sur mon pc a part ke jai des jeux qui plantent en cours de partie! Ce probleme est il lié aux manipulations effectuées???
Meric en tt cas de mavoir débarassé de ce virus
Logfile of HijackThis v1.99.1
Scan saved at 11:58:16, on 29/11/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Azureus\Azureus.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\f@b\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3C2E2~1\888Bar.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Re,
Désinstalle si possible/existe :
VSAdd-In
Toolbar888
Avg Antispyware
- Lance Hijackthis ->Do a system scan only
->Coche les lignes ci-dessous :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3C2E2~1\888Bar.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
Clique sur Fix checked (en bas à gauche)
Supprime :
C:\Program Files\VSAdd-in\<- le dossier
C:\Program Files\Fichiers Communs\{3C2E2~1\888Bar.dll
- Télécharge puis installe CounterSpy.
- Une fois installé et l'assistant de configuration executé, démarre CounterSpy afin d'effectuer une mise à jour.
Redémarre en mode sans échec
- Clique sur le bouton "Scan Now" à gauche et laisse le scan se faire.
- A l'issu du scan, tous les éléments trouvés seront positionnés sur Quarantine
- Clique sur le bouton en bas à gauche "Take Action" pour envoyer tous les éléments détectés en quarantaine.
- Clique sur "View Details, copie/colle le contenu de la fenêtre dans un fichier texte, sauvegarde le sous le nom de LogCS.
- Redémarre l'ordinateur normalement.
- Copie/colle un nouveau rapport HiJackThis et le rapport CounterSpy.
AIDE : Tuto sur CounterSpy (Malekal)
Désinstalle si possible/existe :
VSAdd-In
Toolbar888
Avg Antispyware
- Lance Hijackthis ->Do a system scan only
->Coche les lignes ci-dessous :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3C2E2~1\888Bar.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
Clique sur Fix checked (en bas à gauche)
Supprime :
C:\Program Files\VSAdd-in\<- le dossier
C:\Program Files\Fichiers Communs\{3C2E2~1\888Bar.dll
- Télécharge puis installe CounterSpy.
- Une fois installé et l'assistant de configuration executé, démarre CounterSpy afin d'effectuer une mise à jour.
Redémarre en mode sans échec
- Clique sur le bouton "Scan Now" à gauche et laisse le scan se faire.
- A l'issu du scan, tous les éléments trouvés seront positionnés sur Quarantine
- Clique sur le bouton en bas à gauche "Take Action" pour envoyer tous les éléments détectés en quarantaine.
- Clique sur "View Details, copie/colle le contenu de la fenêtre dans un fichier texte, sauvegarde le sous le nom de LogCS.
- Redémarre l'ordinateur normalement.
- Copie/colle un nouveau rapport HiJackThis et le rapport CounterSpy.
AIDE : Tuto sur CounterSpy (Malekal)
Spyware Scan Details
Start Date: 29/11/2006 14:55:30
End Date: 29/11/2006 15:40:54
Total Time: 45 mins 24 secs
Detected spyware
Messenger Plus! Adware Bundler more information...
Details: Messenger Plus! is a add-on for MSN Messenger. Messenger Plus! installs an OPTIONAL adware called C2Media which is also known as LOP.com.
Status: Ignored
Infected files detected
c:\program files\messenger plus! live\detoured.dll
c:\program files\messenger plus! live\events style sheet.xsl
c:\program files\messenger plus! live\lame_enc.dll
c:\program files\messenger plus! live\libsndfile.dll
c:\program files\messenger plus! live\log viewer.exe
c:\program files\messenger plus! live\mpscripts.dll
c:\program files\messenger plus! live\mptools.exe
c:\program files\messenger plus! live\msgpluslive.dll
c:\program files\messenger plus! live\msgplusliveres.dll
c:\program files\messenger plus! live\uninstall.exe
c:\program files\messenger plus! live\languages\lng_catalan.ini
c:\program files\messenger plus! live\languages\lng_chinesesimplified.ini
c:\program files\messenger plus! live\languages\lng_chinesetraditional.ini
c:\program files\messenger plus! live\languages\lng_danish.ini
c:\program files\messenger plus! live\languages\lng_default.ini
c:\program files\messenger plus! live\languages\lng_dutch.ini
c:\program files\messenger plus! live\languages\lng_estonian.ini
c:\program files\messenger plus! live\languages\lng_finnish.ini
c:\program files\messenger plus! live\languages\lng_french.ini
c:\program files\messenger plus! live\languages\lng_german.ini
c:\program files\messenger plus! live\languages\lng_hungarian.ini
c:\program files\messenger plus! live\languages\lng_italian.ini
c:\program files\messenger plus! live\languages\lng_japanese.ini
c:\program files\messenger plus! live\languages\lng_korean.ini
c:\program files\messenger plus! live\languages\lng_norwegian.ini
c:\program files\messenger plus! live\languages\lng_portuguese.ini
c:\program files\messenger plus! live\languages\lng_spanish.ini
c:\program files\messenger plus! live\languages\lng_thai.ini
c:\program files\messengerplus! 3\detoured.dll
c:\program files\messengerplus! 3\lame_enc.dll
c:\program files\messengerplus! 3\libsndfile.dll
c:\program files\messengerplus! 3\msgplus.exe
c:\program files\messengerplus! 3\msgplush.dll
c:\program files\messengerplus! 3\msgplusloader.dll
c:\program files\messengerplus! 3\readme.txt
c:\program files\messengerplus! 3\richedhook.dll
c:\program files\messengerplus! 3\plugins\developers.txt
c:\program files\messengerplus! 3\resources\defaultlg.dat
c:\program files\messengerplus! 3\resources\lang_arabic.ini
c:\program files\messengerplus! 3\resources\lang_catala.ini
c:\program files\messengerplus! 3\resources\lang_chinese simplified.ini
c:\program files\messengerplus! 3\resources\lang_chinese traditional.ini
c:\program files\messengerplus! 3\resources\lang_dansk.ini
c:\program files\messengerplus! 3\resources\lang_deutsch.ini
c:\program files\messengerplus! 3\resources\lang_espanol (espana).ini
c:\program files\messengerplus! 3\resources\lang_espanol (latino).ini
c:\program files\messengerplus! 3\resources\lang_estonian.ini
c:\program files\messengerplus! 3\resources\lang_francais.ini
c:\program files\messengerplus! 3\resources\lang_hebrew.ini
c:\program files\messengerplus! 3\resources\lang_hellenic.ini
c:\program files\messengerplus! 3\resources\lang_italiano.ini
c:\program files\messengerplus! 3\resources\lang_japanese.ini
c:\program files\messengerplus! 3\resources\lang_korean.ini
c:\program files\messengerplus! 3\resources\lang_magyar.ini
c:\program files\messengerplus! 3\resources\lang_nederlands.ini
c:\program files\messengerplus! 3\resources\lang_norsk (bokmal).ini
c:\program files\messengerplus! 3\resources\lang_portugues.ini
c:\program files\messengerplus! 3\resources\lang_suomeksi.ini
c:\program files\messengerplus! 3\resources\lang_svenska.ini
c:\program files\messengerplus! 3\resources\lang_thai.ini
c:\program files\messengerplus! 3\resources\lang_turkce.ini
c:\program files\messengerplus! 3\resources\msgplusres.dll
Infected registry entries detected
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Archive\@IQaOu|w]/tjG0ojepMuqlYB;4vrqmagokcS Type 2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Archive\@IQaOu|w]/tjG0ojepMuqlYB;4vrqmagokcS FilePath
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Archive\@^IQau|wO/os]e1mmdGnvsMjC4
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Archive\@^IQau|wO/os]e1mmdGnvsMjC4
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Archive LastArchiveTime 1149790088
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@!EIQsj1amkeOowplC]444GthuwdMnYqo LastSignin 1149789879
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@!EIQsj1amkeOowplC]444GthuwdMnYqo LastChat 1140108607
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@AAAAnsfA/tiAuxsijAogwAuhnDqAboiAnwoijAAAA LastSignin 1148652577
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@AAAAsj1AmkeAowplCAcosAnrdrdAetsAlAAA LastUnknownOffline 1143109339
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@AAAAsj1AmkeAowplCAcosAnrdrdAetsAlAAA LastSignin 1149790218
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@CEIQnsfa/nmOcpusk]AdyGtwtipMblYqo LastSignin 1148652578
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@CEIQnsfa/nmOcpusk]AdyGtwtipMblYqo LastUnknownOffline 1137450654
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@cSeWnsfm/nmgcpusk[A:7CarjphEsweIQaO LastSignin 1148146075
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@cSeWnsfm/nmgcpusk[A:7CarjphEsweIQaO LastUnknownOffline 1137349187
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@DGMYnsfq/nmocpuskkAuecuebjSeW LastSignin 1149789797
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@DGMYnsfq/nmocpuskkAuecuebjSeW LastChat 1139422741
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@DGMYsj1qmkeoowplCk:8icvwfjxSpheWm LastSignin 1142700920
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@DGMYsj1qmkeoowplCk:8icvwfjxSpheWm LastChat 1142360449
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@dUi_nsfK/nmUcpuskiA;7_kkdxlKiexUi_K LastSignin 1143726893
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@dUi_nsfK/nmUcpuskiA;7_kkdxlKiexUi_K LastChat 1143726919
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@eWmgnsf[/nmCcpuskEAuwIkp`eoQ`niaoO]G LastSignin 1147355611
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@eWmgnsf[/nmCcpuskEAuwIkp`eoQ`niaoO]G LastUnknownOffline 1142003812
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@FKUinsf_/pwKoCnchUmgviwd_KU LastSignin 1144413451
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@FKUinsf_/pwKoCnchUmgviwd_KU LastChat 1144413926
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@fYqosj1kmkecowplCS2aieelsfWmg LastSignin 1142525791
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@fYqosj1kmkecowplCS2aieelsfWmg LastUnknownOffline 1137406916
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@g[CEnsfI/nmQcpuskaA;![:o]( ":o")
prtof]blkGMYq LastSignin 1148145271
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@g[CEnsfI/nmQcpuskaA;![:o]( ":o")
prtof]blkGMYq LastChat 1142550998
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@h]GMnsfY/nmqcpuskoAgzkqof}qczySeW LastSignin 1148143962
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@h]GMnsfY/nmqcpuskoAgzkqof}qczySeW LastChat 1142511951
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@i_KUnsfi/nm_cpuskKAniUohumwibn_KU LastSignin 1140862171
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@i_KUnsfi/nm_cpuskKAniUohumwibn_KU LastUnknownOffline 1140862187
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@i_KUnsfi/pw_oCoeoKmc}Utufoi_K LastSignin 1145043036
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@i_KUnsfi/pw_oCoeoKmc}Utufoi_K LastUnknownOffline 1136717521
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@JSeWsj1mmkegowplC[8:1CwrompEptIQa LastSignin 1149789797
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@JSeWsj1mmkegowplC[8:1CwrompEptIQa LastUnknownOffline 1136632603
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@KUi_sj1KmkeUowplCi95v_qo`gKUi LastSignin 1149789795
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@KUi_sj1KmkeUowplCi95v_qo`gKUi LastChat 1149790296
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@leWmnsfg/pw[oC97bCvfcEcyfIQa LastSignin 1149789797
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@leWmnsfg/pw[oC97bCvfcEcyfIQa LastUnknownOffline 1137261502
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@mg[CnsfE/nmIcpuskQAxiamgoexOt]GM LastSignin 1147355611
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@mg[CnsfE/nmIcpuskQAxiamgoexOt]GM LastChat 1137361828
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@N[CEnsfI/nmQcpuskaA9
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@N[CEnsfI/nmQcpuskaA9
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@N[CEnsfI/nmQcpuskaAgvOgesie]bncGclemgMYqo LastUnknownOffline 1139083586
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@N[CEnsfI/nmQcpuskaAgvOgesie]bncGclemgMYqo LastSignin 1148146914
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@O]GMnsfY/nmqcpuskoA:7kglmmpcSeW LastSignin 1148205528
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@QaO]nsfG/nmMcpuskYA57qapbxqobhrkcicSe LastSignin 1143726411
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@QaO]nsfG/nmMcpuskYA57qapbxqobhrkcicSe LastChat 1143727036
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@QaO]nsfG/nmMcpuskYAupqcvzgloqukcS LastSignin 1148652575
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@QaO]nsfG/nmMcpuskYAupqcvzgloqukcS LastChat 1148141061
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@qokcnsfS/nmecpuskWA:7m9bsiigzey[nCEI LastUnknownOffline 1149789801
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@qokcnsfS/nmecpuskWA;:muddfdgg[CE LastSignin 1149790271
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@qokcnsfS/nmecpuskWA;:muddfdgg[CE LastUnknownOffline 1136633727
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@qokcsj1SmkeeowplCWsgtmtdixhgocn[CEI LastSignin 1149789797
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@qokcsj1SmkeeowplCWsgtmtdixhgocn[CEI LastChat 1143724189
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@RcSensfW/nmmcpuskgA{n[thwplCtEIQ LastSignin 1149790201
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@RcSensfW/nmmcpuskgA{n[thwplCtEIQ LastChat 1143727001
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@RcSesj1WmkemowplCg:8y[fibvdCieEIQ LastSignin 1144411370
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@RcSesj1WmkemowplCg:8y[fibvdCieEIQ LastChat 1143572077
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@rqoknsfc/nmScpuskeA65Whpmmg[ LastSignin 1138303488
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@rqoknsfc/nmScpuskeA65Whpmmg[ LastUnknownOffline 1138303543
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@Ui_KnsfU/nmicpusk_ApsKuepvbUtuiil_KU LastSignin 1148059227
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@Ui_KnsfU/nmicpusk_ApsKuepvbUtuiil_KU LastChat 1143565807
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@VkcSnsfe/nmWcpuskmA5qghqbym[CEI LastSignin 1147355611
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@VkcSnsfe/nmWcpuskmA5qghqbym[CEI LastChat 1143648898
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@Wmg[nsfC/nmEcpuskIAueQrlelhanO]G LastSignin 1149789891
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@Wmg[nsfC/nmEcpuskIAueQrlelhanO]G LastChat 1143548635
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@XokcnsfS/nmecpuskWAnsmtreg[C LastSignin 1149789797
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@XokcnsfS/nmecpuskWAnsmtreg[C LastChat 1148141966
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@XokcnsfS/pweoCtwrWcgpmnhceog[CE LastSignin 1143106862
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@XokcnsfS/pweoCtwrWcgpmnhceog[CE LastChat 1137348759
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@XokcnsfS/pweoCtwrWcgpmnhceog[CE Notes
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@Xokcsj1SmkeeowplCW938m4huxhgiem[dCEI LastSignin 1149789797
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@Xokcsj1SmkeeowplCW938m4huxhgiem[dCEI LastChat 1144411237
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@[CEInsfQ/nmacpuskOA:5]plbquGflMYq LastUnknownOffline 1142001486
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@^IQasj1Omke]owplCGuqgMks/ydYqok LastSignin 1141066015
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@^IQasj1Omke]owplCGuqgMks/ydYqok LastChat 1141063536
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@_KUisj1_mkeKowplCU5:eiihtrr_fnKUi LastSignin 1143571919
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@_KUisj1_mkeKowplCU5:eiihtrr_fnKUi LastChat 1143570604
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@_KUisj1_mkeKowplCU9cviwnlep_`klKurciuUbieip_KU LastSignin 1145043036
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@_KUisj1_mkeKowplCU9cviwnlep_`klKurciuUbieip_KU LastChat 1143569399
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@`MYqnsfo/nmkcpuskcA5
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@`MYqnsfo/nmkcpuskcA5
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Preferences SystemLogWndX 200
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Preferences SystemLogWndY 100
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Preferences SystemLogWndWidth 500
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Preferences SystemLogWndHeight 170
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Preferences FirstTimeWizard 0
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Preferences MigrateLevel 2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Preferences FirstLaunch 1136457960
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Preferences ToastPopupSizeW6 181
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Preferences ToastPopupSizeH6 116
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Preferences ToastPopupPos6 954
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Preferences ToastPopupResX 1152
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Preferences ToastPopupBorder6 0
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Preferences LogDirectory C:\Documents and Settings\f@b\Mes documents\Mes archives de conversations
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Archive\@VkcSu|we/tjW0ojepmuqlgB9195[`grCwrtyrEtIQa Type 2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Archive\@VkcSu|we/tjW0ojepmuqlgB9195[`grCwrtyrEtIQa FilePath
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Archive LastArchiveTime 1143372856
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Contacts\@AAAAsj1AmkeAowplCA9/7AwrmyrAmAAA LastSignin 1143372608
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Contacts\@BCEIsj1QmkeaowplCOfns]oddGMY LastSignin 1143372608
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Contacts\@CEIQnsfa/nmOcpusk]A95GvwfvxMbnYqo LastSignin 1146664958
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Contacts\@cSeWnsfm/nmgcpusk[A:7CwgjplEmcpIQaO LastSignin 1146664970
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Contacts\@cSeWsj1mmkegowplC[ucgCkyvnEIQ LastSignin 1143372609
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Contacts\@DGMYsj1qmkeoowplCkbtece1frlSmggeWmg LastSignin 1146664958
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Contacts\@dUi_sj1KmkeUowplCi95e_vvfrbKpthUpdtwhimc_KU LastSignin 1143372609
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Contacts\@eWmgnsf[/nmCcpuskEA68I;hoioQpuaO] LastSignin 1146664958
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Contacts\@IQaOnsf]/nmGcpuskMAvsYndnrlqcqvokcS LastSignin 1143372609
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Contacts\@i_KUnsfi/nm_cpuskKA:7Uwgfpoiphw_woqeoKUi_ LastSignin 1146664958
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Contacts\@KUi_nsfK/nmUcpuskiA55_cwvolKlqiUmdui_K LastSignin 1146664958
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Contacts\@LWmgnsf[/nmCcpuskEA65I:btesQdgnaO]G LastSignin 1146664958
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Contacts\@ni_Ksj1UmkeiowplC_lpmKrbzieUzgfi_KU LastSignin 1146665017
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Contacts\@ni_Ksj1UmkeiowplC_lpmKrbzieUzgfi_KU LastUnknownOffline 1146664985
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Contacts\@N[CEsj1ImkeQowplCa:8cO:6fvl]bngGMYq LastSignin 1146664958
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Contacts\@O]GMnsfY/nmqcpuskoAcfkorceycfcqSeWm LastSignin 1146664959
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Contacts\@QaO]nsfG/nmMcpuskYAgvqglmplovsvkclsxlcnkhSeWm LastSignin 1143372778
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Contacts\@QaO]sj1GmkeMowplCY355qahoejosqqkcSe LastSignin 1143372609
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Contacts\@Wmg[nsfC/nmEcpuskIA86QwrtwlasrO]G LastSignin 1143372609
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Contacts\@XokcnsfS/nmecpuskWA96mkgmeqgjt[CE LastSignin 1146664962
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Contacts\@Xokcsj1SmkeeowplCW729m4bfrxgpuy[qvCEI LastSignin 1143372609
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Contacts\@Xokcsj1SmkeeowplCW729m4bfrxgpuy[qvCEI LastChat 1143372745
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Contacts\@ZAAAsj1AmkeAowplCA95oAksbolAqcAAA LastSignin 1143372606
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Contacts\@_KUisj1_mkeKowplCUjomifvjrl_eKUi LastSignin 1146665021
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Contacts\@`MYqsj1omkekowplCcwwiShpfpfeWmg LastSignin 1146664961
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Preferences SystemLogWndX 200
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Preferences SystemLogWndY 100
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Preferences SystemLogWndWidth 500
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Preferences SystemLogWndHeight 170
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Preferences FirstTimeWizard 0
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Preferences LogDirectory C:\Documents and Settings\f@b\Mes documents\Mes archives de conversations
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Preferences MigrateLevel 2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Preferences FirstLaunch 1146664958
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Preferences ToastPopupSizeW6 181
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Preferences ToastPopupSizeH6 116
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Preferences ToastPopupPos6 954
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Preferences ToastPopupResX 1152
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Preferences ToastPopupBorder6 0
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Archive\@DGMYu|wq/osoe1owpkAuwcuhsvhSjreWm Type 2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Archive\@DGMYu|wq/osoe1owpkAuwcuhsvhSjreWm FilePath
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Archive\@jaO]u|wG/tjM0ojepYuqlqB98cdoscgkcpcSe Type 2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Archive\@jaO]u|wG/tjM0ojepYuqlqB98cdoscgkcpcSe FilePath
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Archive\@Ui_Ku|wU/tji0ojep_uqlKB;6vhUuvsir0vso_vqpKUi_ Type 2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Archive\@Ui_Ku|wU/tji0ojep_uqlKB;6vhUuvsir0vso_vqpKUi_ FilePath
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Archive\@[CEIu|wQ/osae1owpOApe]ngoeuGutiMdYqo Type 2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Archive\@[CEIu|wQ/osae1owpOApe]ngoeuGutiMdYqo FilePath
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Archive LastArchiveTime 1146749447
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@AAAAfh1AouqAB;9vhAmnmAmAAA LastSignin 1145396351
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@AAAAfh1AouqAB;9vhAmnmAmAAA LastChat 1142607442
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@AAAAnsfA/nmAcpuskAAccAcbxc|A`mAAA LastSignin 1139673340
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@AAAAnsfA/nmAcpuskAAqmAevpv|AnosAvAAA LastSignin 1142106027
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@AAAAnsfA/nmAcpuskAAwsAnlqcgApicAfrhAAA LastSignin 1148659380
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@AAAAnsfA/nmAcpuskAAwsAnlqcgApicAfrhAAA LastChat 1146760600
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@aO]GnsfM/nmYcpuskqA3;oemtwlkncSe LastSignin 1141395779
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@aO]GnsfM/nmYcpuskqA3;oemtwlkncSe LastChat 1137513860
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@BCEInsfQ/pwaoCfxdOluc]mGMY LastSignin 1147264238
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@BCEInsfQ/pwaoCfxdOluc]mGMY LastChat 1141328304
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@BCEIsj1QmkeaowplCOfns]oddGMY LastSignin 1144408921
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@BCEIsj1QmkeaowplCOfns]oddGMY LastChat 1144408951
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@bQaOnsf]/nmGcpuskMA2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@bQaOnsf]/nmGcpuskMA2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@bQaOnsf]/nmGcpuskMA2=Yaxplwqbookc LastSignin 1147114659
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@bQaOnsf]/nmGcpuskMA2=Yaxplwqbookc LastChat 1145709158
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@bQaOnsf]/nmGcpuskMAgpYnhvvbqocfondkcS LastSignin 1148659128
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@bQaOnsf]/nmGcpuskMAgpYnhvvbqocfondkcS LastUnknownOffline 1139316513
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@cSeWnsfm/nmgcpusk[Aj=C3l{{dEgIQa LastSignin 1144849412
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@cSeWnsfm/nmgcpusk[Aj=C3l{{dEgIQa LastChat 1144849412
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@cSeWsj1mmkegowplC[jurCkd`xvEfeIQa LastSignin 1147262565
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@cSeWsj1mmkegowplC[jurCkd`xvEfeIQa LastChat 1142530263
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@DGMYsj1qmkeoowplCk52ccfhfveSfveejWmg LastSignin 1146765025
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@DGMYsj1qmkeoowplCk52ccfhfveSfveejWmg LastUnknownOffline 1138800870
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@eWmgnsf[/nmCcpuskEAtnIqgoivQaO] LastSignin 1147263934
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@eWmgnsf[/nmCcpuskEAtnIqgoivQaO] LastUnknownOffline 1142083593
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@FKUinsf_/pwKoCtwvUftviglq_KU LastSignin 1147265469
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@FKUinsf_/pwKoCtwvUftviglq_KU LastChat 1147264351
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@fYqonsfk/nmccpuskSA:7ewrnmpWmg[ LastSignin 1139400631
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@fYqonsfk/nmccpuskSA:7ewrnmpWmg[ LastUnknownOffline 1138798239
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@fYqosj1kmkecowplCSsgmevupt1Wfkpmgkqsg[C LastSignin 1148657586
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@fYqosj1kmkecowplCSsgmevupt1Wfkpmgkqsg[C LastUnknownOffline 1141328603
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@GMYqnsfo/nmkcpuskcAmgScloioeWmg LastSignin 1137338967
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@GMYqnsfo/pwkoC::hcsfiSjseWm LastSignin 1146761779
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@GMYqnsfo/pwkoC::hcsfiSjseWm LastUnknownOffline 1139396644
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@GMYqsj1omkekowplCcfkzScofvueb|mWdmg[ LastSignin 1139397159
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@GMYqsj1omkekowplCcfkzScofvueb|mWdmg[ LastUnknownOffline 1138798794
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@g[CEnsfI/pwQoC::xapthOpdt]GM LastSignin 1147115244
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@g[CEnsfI/pwQoC::xapthOpdt]GM LastChat 1142890605
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@h]GMnsfY/nmqcpuskoAwskjdccpcptjSahkeWm LastSignin 1147114663
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@h]GMnsfY/nmqcpuskoAwskjdccpcptjSahkeWm LastChat 1143144098
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@IQaOsj1]mkeGowplCMffvYgymeyq`gwokofkcS LastSignin 1147262185
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@IQaOsj1]mkeGowplCMffvYgymeyq`gwokofkcS LastChat 1145633880
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@i_KUnsfi/nm_cpuskKAemUnopvwi`ti_fqp{KUi LastSignin 1147262617
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@i_KUnsfi/nm_cpuskKAemUnopvwi`ti_fqp{KUi LastUnknownOffline 1138798879
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@i_KUsj1imke_owplCKtwsUihixdihc_KU LastSignin 1147266001
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@i_KUsj1imke_owplCKtwsUihixdihc_KU LastUnknownOffline 1142531110
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@JSeWnsfm/nmgcpusk[AjlCjfueoEcIQa LastSignin 1148659086
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@JSeWnsfm/nmgcpusk[AjlCjfueoEcIQa LastUnknownOffline 1138628921
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@leWmsj1gmke[owplCC79cEcubgdInQaO LastSignin 1148297194
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@leWmsj1gmke[owplCC79cEcubgdInQaO LastChat 1146761498
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@LWmgnsf[/nmCcpuskEA2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@LWmgnsf[/nmCcpuskEA2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@LWmgnsf[/nmCcpuskEAdhIpdkikQuaO] LastSignin 1143372909
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@LWmgnsf[/nmCcpuskEAdhIpdkikQuaO] LastChat 1142091744
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@mg[CnsfE/nmIcpuskQA55agkuefOzut]GMY LastSignin 1139494889
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@mg[CnsfE/nmIcpuskQA55agkuefOzut]GMY LastChat 1139494892
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@MYqonsfk/nmccpuskSAuwegfomuWqaimjw`}pgnko[CEI LastSignin 1139396856
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@MYqonsfk/nmccpuskSAuwegfomuWqaimjw`}pgnko[CEI LastUnknownOffline 1139401733
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@MYqonsfk/pwcoCteoSftyecWmg LastSignin 1148295663
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@MYqonsfk/pwcoCteoSftyecWmg LastUnknownOffline 1137335091
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@MYqosj1kmkecowplCSfnseqpbgWmg LastSignin 1148660003
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@MYqosj1kmkecowplCSfnseqpbgWmg LastChat 1146761554
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@MYqosj1kmkecowplCSokxetdn1hWenmmjwbqg[C LastSignin 1137878939
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@N[CEnsfI/nmQcpuskaA8=O2:2su]beGMY LastSignin 1141328784
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@okcSnsfe/nmWcpuskmA6mgtwpgu[boCEI LastSignin 1147115332
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@okcSnsfe/nmWcpuskmA6mgtwpgu[boCEI LastUnknownOffline 1138798862
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@O]GMnsfY/nmqcpuskoAgrkkwjxqcboiSnneWm LastSignin 1146764955
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@O]GMnsfY/nmqcpuskoAgrkkwjxqcboiSnneWm LastChat 1142530990
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@O]GMnsfY/nmqcpuskoAneklqbvucbosSfhsjoebWmg LastSignin 1146760777
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@O]GMnsfY/nmqcpuskoAneklqbvucbosSfhsjoebWmg LastChat 1141825338
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@pmg[nsfC/nmEcpuskIAvsQiubqoafoO]G LastSignin 1146761093
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@pmg[nsfC/nmEcpuskIAvsQiubqoafoO]G LastChat 1146760837
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@qokcnsfS/nmecpuskWA4:madjplgngw[pltCEI LastSignin 1147264188
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@qokcnsfS/nmecpuskWA4:madjplgngw[pltCEI LastUnknownOffline 1137336305
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@qokcnsfS/nmecpuskWAivmwrcydg`fi[tiCEI LastSignin 1144408924
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@RcSensfW/nmmcpuskgA94[8vfrlCEIQ LastSignin 1146762936
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@RcSensfW/nmmcpuskgA94[8vfrlCEIQ LastChat 1143143989
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@RcSensfW/nmmcpuskgA:5[tlprbCmkiEnrtIQa LastSignin 1148296201
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@RcSensfW/nmmcpuskgA:5[tlprbCmkiEnrtIQa LastUnknownOffline 1148296270
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@RcSensfW/nmmcpuskgAgx[vh{eyCngpEeIQa LastSignin 1144183061
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@RcSensfW/nmmcpuskgAqp[hdvxuCjxEIQ LastSignin 1139395548
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@RcSensfW/nmmcpuskgAqp[hdvxuCjxEIQ LastUnknownOffline 1139396128
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@rqoknsfc/nmScpuskeA56Wulwegmfkpgcwbr[CE LastSignin 1147117792
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@rqoknsfc/nmScpuskeA56Wulwegmfkpgcwbr[CE LastUnknownOffline 1141746503
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@rqoknsfc/pwSoClsoeqk~Wgkumg[ LastSignin 1147265543
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@rqoknsfc/pwSoClsoeqk~Wgkumg[ LastChat 1145634300
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@Ui_KnsfU/nmicpusk_A35K:bjxlUui_K LastSignin 1148657589
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@Ui_KnsfU/nmicpusk_A35K:bjxlUui_K LastUnknownOffline 1137748322
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@VkcSnsfe/nmWcpuskmAkygnxdeu[egpCqvEIQ LastSignin 1140961677
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@VkcSnsfe/nmWcpuskmAkygnxdeu[egpCqvEIQ LastChat 1140961558
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@Wmg[nsfC/nmEcpuskIAueQrlelhanO]G LastSignin 1147117792
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@Wmg[nsfC/nmEcpuskIAueQrlelhanO]G LastChat 1147114677
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@Wmg[sj1CmkeEowplCI97vQgwussa.wsOnxpp]GM LastSignin 1148659850
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@Wmg[sj1CmkeEowplCI97vQgwussa.wsOnxpp]GM LastChat 1147114668
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@XokcnsfS/nmecpuskWAcxmpbfmugbo[CE LastSignin 1146749214
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@XokcnsfS/nmecpuskWAgmmrsjlhgukx[ksCEI LastSignin 1141328025
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@XokcnsfS/nmecpuskWAgmmrsjlhgukx[ksCEI LastUnknownOffline 1141328304
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@XokcnsfS/nmecpuskWAgvmvdigqgbnf[CEI LastSignin 1146762818
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@XokcnsfS/nmecpuskWAgvmvdigqgbnf[CEI LastChat 1142605052
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@XokcnsfS/nmecpuskWAqemwjoepg[CE LastSignin 1147184443
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@XokcnsfS/nmecpuskWAqemwjoepg[CE LastUnknownOffline 1147115059
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@Yqoksj1cmkeSowplCe9:mWohprmg[ LastSignin 1147117792
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@Yqoksj1cmkeSowplCe9:mWohprmg[ LastChat 1141330071
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@ZAAAsj1AmkeAowplCA74iAvwfrxAptmAcodAAA LastSignin 1147265979
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@ZAAAsj1AmkeAowplCA74iAvwfrxAptmAcodAAA LastUnknownOffline 1147265622
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@[CEInsfQ/nmacpuskOA9=]4htmuGfeMYq LastSignin 1147184563
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@[CEInsfQ/nmacpuskOA9=]4htmuGfeMYq LastChat 1142531242
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@[CEInsfQ/nmacpuskOAhs]vkdwGMY LastSignin 1147117790
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@]GMYnsfq/nmocpuskkAwycwrumwSeWm LastSignin 1147264676
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@]GMYnsfq/nmocpuskkAwycwrumwSeWm LastUnknownOffline 1136722195
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@]GMYnsfq/pwooCoeokepectwsieSeWm LastSignin 1148659699
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@]GMYnsfq/pwooCoeokepectwsieSeWm LastChat 1148657612
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@]GMYsj1qmkeoowplCk2/gcoSeW LastSignin 1138800763
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@]GMYsj1qmkeoowplCk2/gcoSeW LastUnknownOffline 1138798955
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@^IQansfO/nm]cpuskGA3cM|nomsYqok LastUnknownOffline 1139403019
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@^IQansfO/nm]cpuskGA:5MthwehYcaiqjwokc LastSignin 1136721994
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@_KUinsf_/nmKcpuskUAgvifqbho_jjtKUi_ LastSignin 1148659380
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@_KUinsf_/nmKcpuskUAwfikovep_KUi LastSignin 1139401368
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@`MYqnsfo/nmkcpuskcA{iSpjjegeokWmg LastSignin 1144181972
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@`MYqnsfo/nmkcpuskcA{iSpjjegeokWmg LastUnknownOffline 1144182136
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@`MYqnsfo/pwkoCprrchfeSdrixqebWmg LastSignin 1146749213
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Preferences\SoundStats #000000000023 1
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Preferences\SoundStats LastUse01 98966AACE96C
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Preferences\SoundStats #000000000039 1
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Preferences\SoundStats LastUse02 CD705B4C58BA
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Preferences\SoundStats #CD705B4C58BA 1
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Preferences\SoundStats LastUse03 000000000039
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Preferences\SoundStats #98966AACE96C 1
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Preferences\SoundStats LastUse04 000000000023
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Preferences SystemLogWndX 200
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Preferences SystemLogWndY 100
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Preferences SystemLogWndWidth 500
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Preferences SystemLogWndHeight 170
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Preferences FirstTimeWizard 0
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Preferences MigrateLevel 2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Preferences FirstLaunch 1136725855
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Preferences LogDirectory C:\Documents and Settings\f@b\Mes documents\Mes archives de conversations
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Preferences ToastPopupSizeW6 181
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Preferences ToastPopupSizeH6 116
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Preferences ToastPopupPos6 954
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Preferences ToastPopupResX 1152
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Preferences ToastPopupBorder6 0
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Preferences QuickIconAddOrigin 1
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Preferences AskForAutogroup 0
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Preferences GroupBarLocation 0
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Preferences AutoGroupChats 1
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Preferences CustomColors
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Preferences CustSoundsUsePreview 0
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Preferences FirstTimeSoundUsed 0
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lucyfer_738@hotmail.com\Archive LastArchiveTime 1149789532
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lucyfer_738@hotmail.com\Contacts\@dUi_sj1KmkeUowplCi{kw_nhqefKUi_ LastSignin 1149789270
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lucyfer_738@hotmail.com\Contacts\@dUi_sj1KmkeUowplCi{kw_nhqefKUi_ LastUnknownOffline 1149789559
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lucyfer_738@hotmail.com\Contacts\@mg[CnsfE/pwIoC9:bQokiavvnqdOs]GM LastSignin 1149789273
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lucyfer_738@hotmail.com\Contacts\@okcSnsfe/nmWcpuskmA68gpdhem[CEI LastSignin 1149789273
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lucyfer_738@hotmail.com\Contacts\@rqoknsfc/nmScpuskeAueWnrdmqmswigpjjiv[fnCEI LastSignin 1149789273
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lucyfer_738@hotmail.com\Contacts\@`MYqnsfo/pwkoCprrchfeSdrixqebWmg LastUnknownOffline 1149789311
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lucyfer_738@hotmail.com\Preferences SystemLogWndX 200
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lucyfer_738@hotmail.com\Preferences SystemLogWndY 100
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lucyfer_738@hotmail.com\Preferences SystemLogWndWidth 500
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lucyfer_738@hotmail.com\Preferences SystemLogWndHeight 170
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lucyfer_738@hotmail.com\Preferences FirstTimeWizard 0
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lucyfer_738@hotmail.com\Preferences MigrateLevel 2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lucyfer_738@hotmail.com\Preferences FirstLaunch 1149789788
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lyson1812@hotmail.fr\Archive\@QaO]u|wG/osMe1mmdYnvsqjCfplodwpkgcSe Type 2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lyson1812@hotmail.fr\Archive\@QaO]u|wG/osMe1mmdYnvsqjCfplodwpkgcSe FilePath
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lyson1812@hotmail.fr\Archive\@Tg[Cu|wE/tjI0rpldQzBeaplsfdOtvi]xlmsmGMYq Type 2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lyson1812@hotmail.fr\Archive\@Tg[Cu|wE/tjI0rpldQzBeaplsfdOtvi]xlmsmGMYq FilePath
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lyson1812@hotmail.fr\Archive LastArchiveTime 1139846535
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lyson1812@hotmail.fr\Contacts\@okcSnsfe/nmWcpuskmAcqglmd[CE LastSignin 1139851570
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lyson1812@hotmail.fr\Contacts\@QaO]nsfG/nmMcpuskYA8;qaxphloekcS LastSignin 1139902092
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lyson1812@hotmail.fr\Contacts\@QaO]nsfG/nmMcpuskYA8;qaxphloekcS LastUnknownOffline 1139852047
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lyson1812@hotmail.fr\Contacts\@qokcsj1SmkeeowplCW224m3bbqrgu[CE LastSignin 1139846270
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lyson1812@hotmail.fr\Contacts\@qokcsj1SmkeeowplCW224m3bbqrgu[CE LastChat 1139846313
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lyson1812@hotmail.fr\Contacts\@SeWmnsfg/nm[cpuskCAgpEkfvphIQaO LastSignin 1139851571
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lyson1812@hotmail.fr\Contacts\@SeWmnsfg/nm[cpuskCAgpEkfvphIQaO LastChat 1139851766
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lyson1812@hotmail.fr\Contacts\@VkcSsj1epqlWc|Aeqmjtfgcvuiy[jnsClEIQ LastSignin 1139851571
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lyson1812@hotmail.fr\Contacts\@VkcSsj1epqlWc|Aeqmjtfgcvuiy[jnsClEIQ LastChat 1139851593
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lyson1812@hotmail.fr\Preferences SystemLogWndX 200
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lyson1812@hotmail.fr\Preferences SystemLogWndY 100
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lyson1812@hotmail.fr\Preferences SystemLogWndWidth 500
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lyson1812@hotmail.fr\Preferences SystemLogWndHeight 170
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lyson1812@hotmail.fr\Preferences ToastPopupSizeW6 181
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lyson1812@hotmail.fr\Preferences ToastPopupSizeH6 116
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lyson1812@hotmail.fr\Preferences ToastPopupPos6 954
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lyson1812@hotmail.fr\Preferences ToastPopupResX 1152
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lyson1812@hotmail.fr\Preferences ToastPopupBorder6 0
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lyson1812@hotmail.fr\Preferences FirstTimeWizard 0
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lyson1812@hotmail.fr\Preferences MigrateLevel 2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lyson1812@hotmail.fr\Preferences FirstLaunch 1139848555
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lyson1812@hotmail.fr\Preferences LogDirectory C:\Documents and Settings\f@b\Mes documents\Mes archives de conversations
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Archive\@bQaOu|w]/tjG0ojepMuqlYBhgmoqgq{ocuekcS Type 2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Archive\@bQaOu|w]/tjG0ojepMuqlYBhgmoqgq{ocuekcS FilePath
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Archive\@bQaOu|w]/tjG0ojepMuqlYBqfiwqswsohbfmukvcpcSeW Type 2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Archive\@bQaOu|w]/tjG0ojepMuqlYBqfiwqswsohbfmukvcpcSeW FilePath
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Archive\@EIQau|wO/tj]0ojepGuqlMBvbkuYfqok Type 2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Archive\@EIQau|wO/tj]0ojepGuqlMBvbkuYfqok FilePath
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Archive\@GMYqu|wo/tjk0ojepcuqlSB;41hemqvWcfmg[ Type 2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Archive\@GMYqu|wo/tjk0ojepcuqlSB;41hemqvWcfmg[ FilePath
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Archive\@leWmu|wg/tj[0ojepCuqlEB6243IfkrQcqaO] Type 2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Archive\@leWmu|wg/tj[0ojepCuqlEB6243IfkrQcqaO] FilePath
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Archive\@ni_Ku|wU/osie1mmd_nvsKjC64:Uogzikjssi_owiKjwUi_ Type 2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Archive\@ni_Ku|wU/osie1mmd_nvsKjC64:Uogzikjssi_owiKjwUi_ FilePath
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Archive\@O]GMu|wY/tjq0ojepouqlkBqp}oc`ccSgomsie`grWwmg[ Type 2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Archive\@O]GMu|wY/tjq0ojepouqlkBqp}oc`ccSgomsie`grWwmg[ FilePath
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Archive\@qokcu|wS/tje0ojepWuqlmB6frlgmgg[eCEI Type 2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Archive\@qokcu|wS/tje0ojepWuqlmB6frlgmgg[eCEI FilePath
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Archive\@rqoku|wc/osSe1mmdenvsWjC:c9m`{wgult[CE Type 2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Archive\@rqoku|wc/osSe1mmdenvsWjC:c9m`{wgult[CE FilePath
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Archive\@Xokcu|wS/osee1msdWAdqmqopgwgogq[godCEI Type 2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Archive\@Xokcu|wS/osee1msdWAdqmqopgwgogq[godCEI FilePath
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Archive\@`MYqu|wo/tjk0ojepcuqlSB77:4eoqlWeqplfmg[C Type 2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Archive\@`MYqu|wo/tjk0ojepcuqlSB77:4eoqlWeqplfmg[C FilePath
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Archive LastArchiveTime 1146767518
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@!EIQnsfa/nmOcpusk]A3fGgvffhMcpsYvqok LastSignin 1146830648
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@!EIQnsfa/nmOcpusk]A3fGgvffhMcpsYvqok LastUnknownOffline 1146830646
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@!EIQsj1amkeOowplC]444GthuwdMnYqo LastSignin 1148733348
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@!EIQsj1amkeOowplC]444GthuwdMnYqo LastUnknownOffline 1146831979
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@!EIQsj1amkeOowplC]95iGphdweMpoYqo LastSignin 1143318726
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@AAAAsj1AmkeAowplCA4grAkofgfAAAA LastSignin 1146832817
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@AAAAsj1AmkeAowplCA4grAkofgfAAAA LastChat 1146831932
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@AAAAsj1AmkeAowplCA95iAdppfAAA LastSignin 1139080858
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@aO]Gsj1MmkeYowplCq954ogwuiqkjrycqsSeW LastSignin 1148740929
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@BCEInsfQ/nmacpuskOA;c]8bzwvGjuMYq LastSignin 1146833885
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@BCEInsfQ/nmacpuskOA;c]8bzwvGjuMYq LastChat 1146833823
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@BCEIsj1QmkeaowplCOfns]oddGMY LastSignin 1143318726
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@bQaOsj1]mkeGowplCM58:Y3qplfqoqloekcS LastSignin 1146832054
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@bQaOsj1]mkeGowplCM58:Y3qplfqoqloekcS LastChat 1146831001
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@cSeWsj1mmkegowplC[95rCkusekEdarIglceiQaO] LastSignin 1148735970
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@DGMYnsfq/nmocpuskkAuecuebjSeW LastSignin 1148567014
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@DGMYsj1qmkeoowplCkjimcwotwdSqeWm LastSignin 1139080975
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@DGMYsj1qmkeoowplCkjimcwotwdSqeWm LastChat 1139081296
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@dUi_sj1KmkeUowplCifhm_nip{dKsfUi_ LastSignin 1148739520
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@dUi_sj1KmkeUowplCifhm_nip{dKsfUi_ LastChat 1148737180
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@dUi_sj1KmkeUowplCiogi_vuvsiK`gmUtxbpi_K LastSignin 1148738479
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@dUi_sj1KmkeUowplCiogi_vuvsiK`gmUtxbpi_K LastChat 1148737664
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@EIQansfO/pw]oC97rGupeMYqo LastSignin 1146831026
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@EIQansfO/pw]oC97rGupeMYqo LastUnknownOffline 1146832769
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@EIQasj1Omke]owplCGzpsMpdighYokfqcvokc LastSignin 1148648461
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@eWmgnsf[/nmCcpuskEAniIfhhrdQoqxaO]G LastSignin 1146833599
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@eWmgsj1[mkeCowplCE95iIfubxrQncpaO]G LastSignin 1139081188
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@FKUinsf_/nmKcpuskUAqnifdhio_KUi LastSignin 1148134962
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@FKUisj1_mkeKowplCUlkkicp.rr_mnmKrdqUi_ LastSignin 1148733348
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@FKUisj1_mkeKowplCUlkkicp.rr_mnmKrdqUi_ LastChat 1148733413
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@FKUisj1_mkeKowplCUtgriqjeee_tumKoUi_ LastSignin 1148733781
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@FKUisj1_mkeKowplCUtgriqjeee_tumKoUi_ LastUnknownOffline 1146830317
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@GMYqnsfo/nmkcpuskcA;7S8blglenWmg LastSignin 1148733348
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@GMYqnsfo/nmkcpuskcA;7S8blglenWmg LastUnknownOffline 1148735935
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@GMYqsj1omkekowplCcmgqS/lugdeWmg LastSignin 1143318726
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@GMYqsj1omkekowplCctckStheWm LastSignin 1146767869
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@GMYqsj1omkekowplCctckStheWm LastChat 1146768048
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@h]GMsj1YmkeqowplCovpskodiwcSe LastSignin 1148733348
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@h]GMsj1YmkeqowplCovpskodiwcSe LastUnknownOffline 1148733449
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@IQaOsj1]mkeGowplCM951Ygopvdqdokc LastSignin 1148738650
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@IQaOsj1]mkeGowplCM951Ygopvdqdokc LastChat 1148741004
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@JSeWsj1mmkegowplC[8:1CwrompEptIQa LastSignin 1148733348
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@JSeWsj1mmkegowplC[8:1CwrompEptIQa LastUnknownOffline 1148739892
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@JSeWsj1mmkegowplC[lesCtbjqrEvuIQa LastSignin 1139080858
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@kcSensfW/nmmcpuskgApe[nfpkqCjjxEIQa LastSignin 1148566567
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@kcSesj1WmkemowplCgmnm[vhsmpCEIQ LastSignin 1139081213
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@kcSesj1Wpqhmcqb{Cg:22[qofCEI LastSignin 1148567014
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@kcSesj1Wpqhmcqb{Cg:22[qofCEI LastChat 1139081271
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@KUi_nsfK/nmUcpuskiAxs_nvseyKUi_ LastSignin 1148567014
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@LWmgsj1[mkeCowplCEfkrIcofqwQoksarO]G LastSignin 1139080858
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@MYqonsfk/nmccpuskSAneekwsyrWdgxmvrmvdgie[CE LastSignin 1139080858
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@MYqonsfk/nmccpuskSAneekwsyrWdgxmvrmvdgie[CE LastChat 1139081328
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@MYqosj1kmkecowplCSfnseqpbgWmg LastSignin 1148741011
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@MYqosj1kmkecowplCSfnseqpbgWmg LastChat 1148740982
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@ni_Ksj1UmkeiowplC_434K2hjrdUoi_K LastSignin 1146829513
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@ni_Ksj1UmkeiowplC_434K2hjrdUoi_K LastChat 1146767627
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@okcSnsfe/nmWcpuskmApsg{qp}b[fvmCvEIQ LastSignin 1148736723
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@okcSnsfe/nmWcpuskmApsg{qp}b[fvmCvEIQ LastChat 1148648495
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@O]GMnsfY/nmqcpuskoA94k2goeucvfrSqlsepeWmg LastSignin 1146829810
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@O]GMnsfY/nmqcpuskoA:7kglmmpcSeW LastSignin 1148740963
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@O]GMnsfY/nmqcpuskoA:7kglmmpcSeW LastChat 1148740821
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@O]GMsj1YmkeqowplCo99ck:6ppdcnSeW LastSignin 1148739541
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@O]GMsj1YmkeqowplCo99ck:6ppdcnSeW LastUnknownOffline 1148740052
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@pmg[nsfC/nmEcpuskIA74Q9qfzlahtsOhqvik]uGMY LastSignin 1148567014
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@pmg[nsfC/nmEcpuskIA74Q9qfzlahtsOhqvik]uGMY LastChat 1146833897
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@QaO]sj1GmkeMowplCY:8=q8|niyopnkcS LastSignin 1148737920
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@QaO]sj1GmkeMowplCYoq}qnbbchomnskhbfrxcSeW LastSignin 1148734974
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@QaO]sj1GmkeMowplCYoq}qnbbchomnskhbfrxcSeW LastChat 1148734605
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@qokcnsfS/nmecpuskWAommnbfrlgute[oCEI LastSignin 1139080858
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@qokcnsfS/nmecpuskWAommnbfrlgute[oCEI LastChat 1139081310
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@Tg[CnsfE/nmIcpuskQA25a85fxxOpny]qoGMY LastSignin 1148733348
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@Tg[CnsfE/nmIcpuskQA58aguveoO]GM LastSignin 1143318726
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@Tg[Csj1EmkeIowplCQtkxaulvufOm]GM LastSignin 1146767247
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@Wmg[sj1CmkeEowplCIfimQygfchasfrOc]GM LastSignin 1146829513
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@Wmg[sj1CmkeEowplCIfthQpd`ijajyhOg]GM LastSignin 1148567014
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@Yqoknsfc/nmScpuskeAfyWcsbvfmocjg[CE LastSignin 1148648461
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@Yqoknsfc/nsScC4pheuu}Wtkdmg[ LastSignin 1148567014
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@Yqoksj1cmkeSowplCebgqW{kumg[ LastSignin 1148734573
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@Yqoksj1cmkeSowplCebgqW{kumg[ LastUnknownOffline 1148734599
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@ZAAAnsfA/nmAcpuskAA{gAgkqsuAqmgAquevdAiglAvipwzApfeAjv`w|AAAA LastSignin 1148734441
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@ZAAAnsfA/nsAcCcqrAmqgAvqfqhAmeAAA LastSignin 1148734571
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@ZAAAnsfA/nsAcCcqrAmqgAvqfqhAmeAAA LastChat 1148733935
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@]GMYsj1qmkeoowplCkfvycqudyrSieeenhomwWjmmmog[C LastSignin 1148134960
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@]GMYsj1qmkeoowplCkfvycqudyrSieeenhomwWjmmmog[C LastUnknownOffline 1146767654
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@`MYqnsfo/nmkcpuskcA5
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@`MYqnsfo/nmkcpuskcA5
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@`MYqnsfo/nmkcpuskcAgxSvrmeoe`clWemg[ LastSignin 1148567014
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Preferences SystemLogWndX 200
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Preferences SystemLogWndY 100
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Preferences SystemLogWndWidth 500
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Preferences SystemLogWndHeight 170
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Preferences ToastPopupSizeW6 181
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Preferences ToastPopupSizeH6 116
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Preferences ToastPopupPos6 954
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Preferences ToastPopupResX 1152
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Preferences ToastPopupBorder6 0
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Preferences FirstTimeWizard 0
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Preferences LogDirectory C:\Documents and Settings\f@b\Mes documents\Mes archives de conversations
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Preferences AskForAutogroup 0
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Preferences AutoGroupChats 0
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Preferences MigrateLevel 2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Preferences FirstLaunch 1139081419
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Preferences QuickIconAddOrigin 1
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\melmargot@hotmail.com\Archive\@jaO]u|wG/osMe1mmdYnvsqjCfm}o{wfkawjxlcqSeW Type 2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\melmargot@hotmail.com\Archive\@jaO]u|wG/osMe1mmdYnvsqjCfm}o{wfkawjxlcqSeW FilePath
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\melmargot@hotmail.com\Archive\@RcSeu|wW/osme1mmdgnvs[jCfxrCqqsEnrqeIQa Type 2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\melmargot@hotmail.com\Archive\@RcSeu|wW/osme1mmdgnvs[jCfxrCqqsEnrqeIQa FilePath
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\melmargot@hotmail.com\Archive LastArchiveTime 1149966747
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\melmargot@hotmail.com\Contacts\@BCEInsfQ/nmacpuskOA8<]x<2}gGegxMYqo LastSignin 1144953673
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\melmargot@hotmail.com\Contacts\@BCEInsfQ/nmacpuskOA8<]x<2}gGegxMYqo LastUnknownOffline 1142104256
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\melmargot@hotmail.com\Contacts\@bQaOnsf]/nmGcpuskMAteYjevfbqbmeoayb|kcS LastSignin 1148316444
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\melmargot@hotmail.com\Contacts\@bQaOnsf]/nmGcpuskMAteYjevfbqbmeoayb|kcS LastUnknownOffline 1148316392
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\melmargot@hotmail.com\Contacts\@DGMYnsfq/pwooC956kgcvchlsSeW LastSignin 1148986728
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\melmargot@hotmail.com\Contacts\@DGMYnsfq/pwooC956kgcvchlsSeW LastChat 1148576200
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\melmargot@hotmail.com\Contacts\@EIQasj1Omke]owplCG3viMtubgvYjtlqeokc LastSignin 1148315841
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\melmargot@hotmail.com\Contacts\@EIQasj1Omke]owplCG3viMtubgvYjtlqeokc LastUnknownOffline 1148315638
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\melmargot@hotmail.com\Contacts\@FKUinsf_/nmKcpuskUApsivhhvd_cniKzdUi_ LastSignin 1148650058
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\melmargot@hotmail.com\Contacts\@FKUinsf_/nmKcpuskUApsivhhvd_cniKzdUi_ LastChat 1148314913
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\melmargot@hotmail.com\Contacts\@FKUinsf_/nmKcpuskUAumicqgtp_vqvKvkdwUi_ LastSignin 1148986727
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\melmargot@hotmail.com\Contacts\@FKUinsf_/nmKcpuskUAumicqgtp_vqvKvkdwUi_ LastUnknownOffline 1144949164
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\melmargot@hotmail.com\Contacts\@FKUinsf_/nmKcpuskUAveiwuzrx_npeKxUi_ LastSignin 1149966475
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\melmargot@hotmail.com\Contacts\@FKUinsf_/nmKcpuskUAveiwuzrx_npeKxUi_ LastUnknownOffline 1144943456
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\melmargot@hotmail.com\Contacts\@FKUisj1_mkeKowplCU:8wikubwl_sjgKUi_ LastSignin 1148316392
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\melmargot@hotmail.com\Contacts\@fYqonsfk/nmccpuskSAgleeubqbWfprmcbfmugbo[CE LastSignin 1148986988
HKEY_CURRENT_USER\Software\Patchou\Ms
Start Date: 29/11/2006 14:55:30
End Date: 29/11/2006 15:40:54
Total Time: 45 mins 24 secs
Detected spyware
Messenger Plus! Adware Bundler more information...
Details: Messenger Plus! is a add-on for MSN Messenger. Messenger Plus! installs an OPTIONAL adware called C2Media which is also known as LOP.com.
Status: Ignored
Infected files detected
c:\program files\messenger plus! live\detoured.dll
c:\program files\messenger plus! live\events style sheet.xsl
c:\program files\messenger plus! live\lame_enc.dll
c:\program files\messenger plus! live\libsndfile.dll
c:\program files\messenger plus! live\log viewer.exe
c:\program files\messenger plus! live\mpscripts.dll
c:\program files\messenger plus! live\mptools.exe
c:\program files\messenger plus! live\msgpluslive.dll
c:\program files\messenger plus! live\msgplusliveres.dll
c:\program files\messenger plus! live\uninstall.exe
c:\program files\messenger plus! live\languages\lng_catalan.ini
c:\program files\messenger plus! live\languages\lng_chinesesimplified.ini
c:\program files\messenger plus! live\languages\lng_chinesetraditional.ini
c:\program files\messenger plus! live\languages\lng_danish.ini
c:\program files\messenger plus! live\languages\lng_default.ini
c:\program files\messenger plus! live\languages\lng_dutch.ini
c:\program files\messenger plus! live\languages\lng_estonian.ini
c:\program files\messenger plus! live\languages\lng_finnish.ini
c:\program files\messenger plus! live\languages\lng_french.ini
c:\program files\messenger plus! live\languages\lng_german.ini
c:\program files\messenger plus! live\languages\lng_hungarian.ini
c:\program files\messenger plus! live\languages\lng_italian.ini
c:\program files\messenger plus! live\languages\lng_japanese.ini
c:\program files\messenger plus! live\languages\lng_korean.ini
c:\program files\messenger plus! live\languages\lng_norwegian.ini
c:\program files\messenger plus! live\languages\lng_portuguese.ini
c:\program files\messenger plus! live\languages\lng_spanish.ini
c:\program files\messenger plus! live\languages\lng_thai.ini
c:\program files\messengerplus! 3\detoured.dll
c:\program files\messengerplus! 3\lame_enc.dll
c:\program files\messengerplus! 3\libsndfile.dll
c:\program files\messengerplus! 3\msgplus.exe
c:\program files\messengerplus! 3\msgplush.dll
c:\program files\messengerplus! 3\msgplusloader.dll
c:\program files\messengerplus! 3\readme.txt
c:\program files\messengerplus! 3\richedhook.dll
c:\program files\messengerplus! 3\plugins\developers.txt
c:\program files\messengerplus! 3\resources\defaultlg.dat
c:\program files\messengerplus! 3\resources\lang_arabic.ini
c:\program files\messengerplus! 3\resources\lang_catala.ini
c:\program files\messengerplus! 3\resources\lang_chinese simplified.ini
c:\program files\messengerplus! 3\resources\lang_chinese traditional.ini
c:\program files\messengerplus! 3\resources\lang_dansk.ini
c:\program files\messengerplus! 3\resources\lang_deutsch.ini
c:\program files\messengerplus! 3\resources\lang_espanol (espana).ini
c:\program files\messengerplus! 3\resources\lang_espanol (latino).ini
c:\program files\messengerplus! 3\resources\lang_estonian.ini
c:\program files\messengerplus! 3\resources\lang_francais.ini
c:\program files\messengerplus! 3\resources\lang_hebrew.ini
c:\program files\messengerplus! 3\resources\lang_hellenic.ini
c:\program files\messengerplus! 3\resources\lang_italiano.ini
c:\program files\messengerplus! 3\resources\lang_japanese.ini
c:\program files\messengerplus! 3\resources\lang_korean.ini
c:\program files\messengerplus! 3\resources\lang_magyar.ini
c:\program files\messengerplus! 3\resources\lang_nederlands.ini
c:\program files\messengerplus! 3\resources\lang_norsk (bokmal).ini
c:\program files\messengerplus! 3\resources\lang_portugues.ini
c:\program files\messengerplus! 3\resources\lang_suomeksi.ini
c:\program files\messengerplus! 3\resources\lang_svenska.ini
c:\program files\messengerplus! 3\resources\lang_thai.ini
c:\program files\messengerplus! 3\resources\lang_turkce.ini
c:\program files\messengerplus! 3\resources\msgplusres.dll
Infected registry entries detected
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Archive\@IQaOu|w]/tjG0ojepMuqlYB;4vrqmagokcS Type 2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Archive\@IQaOu|w]/tjG0ojepMuqlYB;4vrqmagokcS FilePath
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Archive\@^IQau|wO/os]e1mmdGnvsMjC4
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Archive\@^IQau|wO/os]e1mmdGnvsMjC4
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Archive LastArchiveTime 1149790088
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@!EIQsj1amkeOowplC]444GthuwdMnYqo LastSignin 1149789879
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@!EIQsj1amkeOowplC]444GthuwdMnYqo LastChat 1140108607
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@AAAAnsfA/tiAuxsijAogwAuhnDqAboiAnwoijAAAA LastSignin 1148652577
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@AAAAsj1AmkeAowplCAcosAnrdrdAetsAlAAA LastUnknownOffline 1143109339
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@AAAAsj1AmkeAowplCAcosAnrdrdAetsAlAAA LastSignin 1149790218
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@CEIQnsfa/nmOcpusk]AdyGtwtipMblYqo LastSignin 1148652578
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@CEIQnsfa/nmOcpusk]AdyGtwtipMblYqo LastUnknownOffline 1137450654
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@cSeWnsfm/nmgcpusk[A:7CarjphEsweIQaO LastSignin 1148146075
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@cSeWnsfm/nmgcpusk[A:7CarjphEsweIQaO LastUnknownOffline 1137349187
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@DGMYnsfq/nmocpuskkAuecuebjSeW LastSignin 1149789797
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@DGMYnsfq/nmocpuskkAuecuebjSeW LastChat 1139422741
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@DGMYsj1qmkeoowplCk:8icvwfjxSpheWm LastSignin 1142700920
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@DGMYsj1qmkeoowplCk:8icvwfjxSpheWm LastChat 1142360449
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@dUi_nsfK/nmUcpuskiA;7_kkdxlKiexUi_K LastSignin 1143726893
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@dUi_nsfK/nmUcpuskiA;7_kkdxlKiexUi_K LastChat 1143726919
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@eWmgnsf[/nmCcpuskEAuwIkp`eoQ`niaoO]G LastSignin 1147355611
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@eWmgnsf[/nmCcpuskEAuwIkp`eoQ`niaoO]G LastUnknownOffline 1142003812
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@FKUinsf_/pwKoCnchUmgviwd_KU LastSignin 1144413451
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@FKUinsf_/pwKoCnchUmgviwd_KU LastChat 1144413926
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@fYqosj1kmkecowplCS2aieelsfWmg LastSignin 1142525791
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@fYqosj1kmkecowplCS2aieelsfWmg LastUnknownOffline 1137406916
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@g[CEnsfI/nmQcpuskaA;
prtof]blkGMYq LastSignin 1148145271HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@g[CEnsfI/nmQcpuskaA;
prtof]blkGMYq LastChat 1142550998HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@h]GMnsfY/nmqcpuskoAgzkqof}qczySeW LastSignin 1148143962
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@h]GMnsfY/nmqcpuskoAgzkqof}qczySeW LastChat 1142511951
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@i_KUnsfi/nm_cpuskKAniUohumwibn_KU LastSignin 1140862171
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@i_KUnsfi/nm_cpuskKAniUohumwibn_KU LastUnknownOffline 1140862187
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@i_KUnsfi/pw_oCoeoKmc}Utufoi_K LastSignin 1145043036
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@i_KUnsfi/pw_oCoeoKmc}Utufoi_K LastUnknownOffline 1136717521
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@JSeWsj1mmkegowplC[8:1CwrompEptIQa LastSignin 1149789797
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@JSeWsj1mmkegowplC[8:1CwrompEptIQa LastUnknownOffline 1136632603
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@KUi_sj1KmkeUowplCi95v_qo`gKUi LastSignin 1149789795
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@KUi_sj1KmkeUowplCi95v_qo`gKUi LastChat 1149790296
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@leWmnsfg/pw[oC97bCvfcEcyfIQa LastSignin 1149789797
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@leWmnsfg/pw[oC97bCvfcEcyfIQa LastUnknownOffline 1137261502
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@mg[CnsfE/nmIcpuskQAxiamgoexOt]GM LastSignin 1147355611
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@mg[CnsfE/nmIcpuskQAxiamgoexOt]GM LastChat 1137361828
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@N[CEnsfI/nmQcpuskaA9
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@N[CEnsfI/nmQcpuskaA9
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@N[CEnsfI/nmQcpuskaAgvOgesie]bncGclemgMYqo LastUnknownOffline 1139083586
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@N[CEnsfI/nmQcpuskaAgvOgesie]bncGclemgMYqo LastSignin 1148146914
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@O]GMnsfY/nmqcpuskoA:7kglmmpcSeW LastSignin 1148205528
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@QaO]nsfG/nmMcpuskYA57qapbxqobhrkcicSe LastSignin 1143726411
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@QaO]nsfG/nmMcpuskYA57qapbxqobhrkcicSe LastChat 1143727036
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@QaO]nsfG/nmMcpuskYAupqcvzgloqukcS LastSignin 1148652575
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@QaO]nsfG/nmMcpuskYAupqcvzgloqukcS LastChat 1148141061
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@qokcnsfS/nmecpuskWA:7m9bsiigzey[nCEI LastUnknownOffline 1149789801
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@qokcnsfS/nmecpuskWA;:muddfdgg[CE LastSignin 1149790271
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@qokcnsfS/nmecpuskWA;:muddfdgg[CE LastUnknownOffline 1136633727
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@qokcsj1SmkeeowplCWsgtmtdixhgocn[CEI LastSignin 1149789797
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@qokcsj1SmkeeowplCWsgtmtdixhgocn[CEI LastChat 1143724189
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@RcSensfW/nmmcpuskgA{n[thwplCtEIQ LastSignin 1149790201
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@RcSensfW/nmmcpuskgA{n[thwplCtEIQ LastChat 1143727001
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@RcSesj1WmkemowplCg:8y[fibvdCieEIQ LastSignin 1144411370
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@RcSesj1WmkemowplCg:8y[fibvdCieEIQ LastChat 1143572077
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@rqoknsfc/nmScpuskeA65Whpmmg[ LastSignin 1138303488
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@rqoknsfc/nmScpuskeA65Whpmmg[ LastUnknownOffline 1138303543
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@Ui_KnsfU/nmicpusk_ApsKuepvbUtuiil_KU LastSignin 1148059227
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@Ui_KnsfU/nmicpusk_ApsKuepvbUtuiil_KU LastChat 1143565807
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@VkcSnsfe/nmWcpuskmA5qghqbym[CEI LastSignin 1147355611
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@VkcSnsfe/nmWcpuskmA5qghqbym[CEI LastChat 1143648898
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@Wmg[nsfC/nmEcpuskIAueQrlelhanO]G LastSignin 1149789891
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@Wmg[nsfC/nmEcpuskIAueQrlelhanO]G LastChat 1143548635
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@XokcnsfS/nmecpuskWAnsmtreg[C LastSignin 1149789797
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@XokcnsfS/nmecpuskWAnsmtreg[C LastChat 1148141966
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@XokcnsfS/pweoCtwrWcgpmnhceog[CE LastSignin 1143106862
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@XokcnsfS/pweoCtwrWcgpmnhceog[CE LastChat 1137348759
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@XokcnsfS/pweoCtwrWcgpmnhceog[CE Notes
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@Xokcsj1SmkeeowplCW938m4huxhgiem[dCEI LastSignin 1149789797
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@Xokcsj1SmkeeowplCW938m4huxhgiem[dCEI LastChat 1144411237
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@[CEInsfQ/nmacpuskOA:5]plbquGflMYq LastUnknownOffline 1142001486
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@^IQasj1Omke]owplCGuqgMks/ydYqok LastSignin 1141066015
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@^IQasj1Omke]owplCGuqgMks/ydYqok LastChat 1141063536
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@_KUisj1_mkeKowplCU5:eiihtrr_fnKUi LastSignin 1143571919
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@_KUisj1_mkeKowplCU5:eiihtrr_fnKUi LastChat 1143570604
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@_KUisj1_mkeKowplCU9cviwnlep_`klKurciuUbieip_KU LastSignin 1145043036
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@_KUisj1_mkeKowplCU9cviwnlep_`klKurciuUbieip_KU LastChat 1143569399
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@`MYqnsfo/nmkcpuskcA5
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Contacts\@`MYqnsfo/nmkcpuskcA5
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Preferences SystemLogWndX 200
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Preferences SystemLogWndY 100
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Preferences SystemLogWndWidth 500
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Preferences SystemLogWndHeight 170
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Preferences FirstTimeWizard 0
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Preferences MigrateLevel 2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Preferences FirstLaunch 1136457960
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Preferences ToastPopupSizeW6 181
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Preferences ToastPopupSizeH6 116
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Preferences ToastPopupPos6 954
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Preferences ToastPopupResX 1152
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Preferences ToastPopupBorder6 0
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\anthobadgono@msn.com\Preferences LogDirectory C:\Documents and Settings\f@b\Mes documents\Mes archives de conversations
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Archive\@VkcSu|we/tjW0ojepmuqlgB9195[`grCwrtyrEtIQa Type 2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Archive\@VkcSu|we/tjW0ojepmuqlgB9195[`grCwrtyrEtIQa FilePath
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Archive LastArchiveTime 1143372856
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Contacts\@AAAAsj1AmkeAowplCA9/7AwrmyrAmAAA LastSignin 1143372608
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Contacts\@BCEIsj1QmkeaowplCOfns]oddGMY LastSignin 1143372608
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Contacts\@CEIQnsfa/nmOcpusk]A95GvwfvxMbnYqo LastSignin 1146664958
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Contacts\@cSeWnsfm/nmgcpusk[A:7CwgjplEmcpIQaO LastSignin 1146664970
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Contacts\@cSeWsj1mmkegowplC[ucgCkyvnEIQ LastSignin 1143372609
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Contacts\@DGMYsj1qmkeoowplCkbtece1frlSmggeWmg LastSignin 1146664958
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Contacts\@dUi_sj1KmkeUowplCi95e_vvfrbKpthUpdtwhimc_KU LastSignin 1143372609
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Contacts\@eWmgnsf[/nmCcpuskEA68I;hoioQpuaO] LastSignin 1146664958
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Contacts\@IQaOnsf]/nmGcpuskMAvsYndnrlqcqvokcS LastSignin 1143372609
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Contacts\@i_KUnsfi/nm_cpuskKA:7Uwgfpoiphw_woqeoKUi_ LastSignin 1146664958
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Contacts\@KUi_nsfK/nmUcpuskiA55_cwvolKlqiUmdui_K LastSignin 1146664958
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Contacts\@LWmgnsf[/nmCcpuskEA65I:btesQdgnaO]G LastSignin 1146664958
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Contacts\@ni_Ksj1UmkeiowplC_lpmKrbzieUzgfi_KU LastSignin 1146665017
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Contacts\@ni_Ksj1UmkeiowplC_lpmKrbzieUzgfi_KU LastUnknownOffline 1146664985
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Contacts\@N[CEsj1ImkeQowplCa:8cO:6fvl]bngGMYq LastSignin 1146664958
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Contacts\@O]GMnsfY/nmqcpuskoAcfkorceycfcqSeWm LastSignin 1146664959
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Contacts\@QaO]nsfG/nmMcpuskYAgvqglmplovsvkclsxlcnkhSeWm LastSignin 1143372778
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Contacts\@QaO]sj1GmkeMowplCY355qahoejosqqkcSe LastSignin 1143372609
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Contacts\@Wmg[nsfC/nmEcpuskIA86QwrtwlasrO]G LastSignin 1143372609
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Contacts\@XokcnsfS/nmecpuskWA96mkgmeqgjt[CE LastSignin 1146664962
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Contacts\@Xokcsj1SmkeeowplCW729m4bfrxgpuy[qvCEI LastSignin 1143372609
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Contacts\@Xokcsj1SmkeeowplCW729m4bfrxgpuy[qvCEI LastChat 1143372745
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Contacts\@ZAAAsj1AmkeAowplCA95oAksbolAqcAAA LastSignin 1143372606
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Contacts\@_KUisj1_mkeKowplCUjomifvjrl_eKUi LastSignin 1146665021
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Contacts\@`MYqsj1omkekowplCcwwiShpfpfeWmg LastSignin 1146664961
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Preferences SystemLogWndX 200
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Preferences SystemLogWndY 100
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Preferences SystemLogWndWidth 500
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Preferences SystemLogWndHeight 170
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Preferences FirstTimeWizard 0
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Preferences LogDirectory C:\Documents and Settings\f@b\Mes documents\Mes archives de conversations
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Preferences MigrateLevel 2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Preferences FirstLaunch 1146664958
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Preferences ToastPopupSizeW6 181
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Preferences ToastPopupSizeH6 116
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Preferences ToastPopupPos6 954
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Preferences ToastPopupResX 1152
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\clemvazette@hotmail.com\Preferences ToastPopupBorder6 0
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Archive\@DGMYu|wq/osoe1owpkAuwcuhsvhSjreWm Type 2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Archive\@DGMYu|wq/osoe1owpkAuwcuhsvhSjreWm FilePath
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Archive\@jaO]u|wG/tjM0ojepYuqlqB98cdoscgkcpcSe Type 2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Archive\@jaO]u|wG/tjM0ojepYuqlqB98cdoscgkcpcSe FilePath
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Archive\@Ui_Ku|wU/tji0ojep_uqlKB;6vhUuvsir0vso_vqpKUi_ Type 2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Archive\@Ui_Ku|wU/tji0ojep_uqlKB;6vhUuvsir0vso_vqpKUi_ FilePath
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Archive\@[CEIu|wQ/osae1owpOApe]ngoeuGutiMdYqo Type 2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Archive\@[CEIu|wQ/osae1owpOApe]ngoeuGutiMdYqo FilePath
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Archive LastArchiveTime 1146749447
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@AAAAfh1AouqAB;9vhAmnmAmAAA LastSignin 1145396351
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@AAAAfh1AouqAB;9vhAmnmAmAAA LastChat 1142607442
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@AAAAnsfA/nmAcpuskAAccAcbxc|A`mAAA LastSignin 1139673340
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@AAAAnsfA/nmAcpuskAAqmAevpv|AnosAvAAA LastSignin 1142106027
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@AAAAnsfA/nmAcpuskAAwsAnlqcgApicAfrhAAA LastSignin 1148659380
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@AAAAnsfA/nmAcpuskAAwsAnlqcgApicAfrhAAA LastChat 1146760600
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@aO]GnsfM/nmYcpuskqA3;oemtwlkncSe LastSignin 1141395779
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@aO]GnsfM/nmYcpuskqA3;oemtwlkncSe LastChat 1137513860
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@BCEInsfQ/pwaoCfxdOluc]mGMY LastSignin 1147264238
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@BCEInsfQ/pwaoCfxdOluc]mGMY LastChat 1141328304
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@BCEIsj1QmkeaowplCOfns]oddGMY LastSignin 1144408921
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@BCEIsj1QmkeaowplCOfns]oddGMY LastChat 1144408951
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@bQaOnsf]/nmGcpuskMA2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@bQaOnsf]/nmGcpuskMA2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@bQaOnsf]/nmGcpuskMA2=Yaxplwqbookc LastSignin 1147114659
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@bQaOnsf]/nmGcpuskMA2=Yaxplwqbookc LastChat 1145709158
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@bQaOnsf]/nmGcpuskMAgpYnhvvbqocfondkcS LastSignin 1148659128
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@bQaOnsf]/nmGcpuskMAgpYnhvvbqocfondkcS LastUnknownOffline 1139316513
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@cSeWnsfm/nmgcpusk[Aj=C3l{{dEgIQa LastSignin 1144849412
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@cSeWnsfm/nmgcpusk[Aj=C3l{{dEgIQa LastChat 1144849412
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@cSeWsj1mmkegowplC[jurCkd`xvEfeIQa LastSignin 1147262565
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@cSeWsj1mmkegowplC[jurCkd`xvEfeIQa LastChat 1142530263
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@DGMYsj1qmkeoowplCk52ccfhfveSfveejWmg LastSignin 1146765025
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@DGMYsj1qmkeoowplCk52ccfhfveSfveejWmg LastUnknownOffline 1138800870
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@eWmgnsf[/nmCcpuskEAtnIqgoivQaO] LastSignin 1147263934
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@eWmgnsf[/nmCcpuskEAtnIqgoivQaO] LastUnknownOffline 1142083593
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@FKUinsf_/pwKoCtwvUftviglq_KU LastSignin 1147265469
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@FKUinsf_/pwKoCtwvUftviglq_KU LastChat 1147264351
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@fYqonsfk/nmccpuskSA:7ewrnmpWmg[ LastSignin 1139400631
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@fYqonsfk/nmccpuskSA:7ewrnmpWmg[ LastUnknownOffline 1138798239
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@fYqosj1kmkecowplCSsgmevupt1Wfkpmgkqsg[C LastSignin 1148657586
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@fYqosj1kmkecowplCSsgmevupt1Wfkpmgkqsg[C LastUnknownOffline 1141328603
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@GMYqnsfo/nmkcpuskcAmgScloioeWmg LastSignin 1137338967
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@GMYqnsfo/pwkoC::hcsfiSjseWm LastSignin 1146761779
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@GMYqnsfo/pwkoC::hcsfiSjseWm LastUnknownOffline 1139396644
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@GMYqsj1omkekowplCcfkzScofvueb|mWdmg[ LastSignin 1139397159
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@GMYqsj1omkekowplCcfkzScofvueb|mWdmg[ LastUnknownOffline 1138798794
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@g[CEnsfI/pwQoC::xapthOpdt]GM LastSignin 1147115244
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@g[CEnsfI/pwQoC::xapthOpdt]GM LastChat 1142890605
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@h]GMnsfY/nmqcpuskoAwskjdccpcptjSahkeWm LastSignin 1147114663
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@h]GMnsfY/nmqcpuskoAwskjdccpcptjSahkeWm LastChat 1143144098
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@IQaOsj1]mkeGowplCMffvYgymeyq`gwokofkcS LastSignin 1147262185
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@IQaOsj1]mkeGowplCMffvYgymeyq`gwokofkcS LastChat 1145633880
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@i_KUnsfi/nm_cpuskKAemUnopvwi`ti_fqp{KUi LastSignin 1147262617
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@i_KUnsfi/nm_cpuskKAemUnopvwi`ti_fqp{KUi LastUnknownOffline 1138798879
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@i_KUsj1imke_owplCKtwsUihixdihc_KU LastSignin 1147266001
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@i_KUsj1imke_owplCKtwsUihixdihc_KU LastUnknownOffline 1142531110
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@JSeWnsfm/nmgcpusk[AjlCjfueoEcIQa LastSignin 1148659086
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@JSeWnsfm/nmgcpusk[AjlCjfueoEcIQa LastUnknownOffline 1138628921
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@leWmsj1gmke[owplCC79cEcubgdInQaO LastSignin 1148297194
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@leWmsj1gmke[owplCC79cEcubgdInQaO LastChat 1146761498
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@LWmgnsf[/nmCcpuskEA2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@LWmgnsf[/nmCcpuskEA2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@LWmgnsf[/nmCcpuskEAdhIpdkikQuaO] LastSignin 1143372909
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@LWmgnsf[/nmCcpuskEAdhIpdkikQuaO] LastChat 1142091744
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@mg[CnsfE/nmIcpuskQA55agkuefOzut]GMY LastSignin 1139494889
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@mg[CnsfE/nmIcpuskQA55agkuefOzut]GMY LastChat 1139494892
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@MYqonsfk/nmccpuskSAuwegfomuWqaimjw`}pgnko[CEI LastSignin 1139396856
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@MYqonsfk/nmccpuskSAuwegfomuWqaimjw`}pgnko[CEI LastUnknownOffline 1139401733
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@MYqonsfk/pwcoCteoSftyecWmg LastSignin 1148295663
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@MYqonsfk/pwcoCteoSftyecWmg LastUnknownOffline 1137335091
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@MYqosj1kmkecowplCSfnseqpbgWmg LastSignin 1148660003
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@MYqosj1kmkecowplCSfnseqpbgWmg LastChat 1146761554
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@MYqosj1kmkecowplCSokxetdn1hWenmmjwbqg[C LastSignin 1137878939
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@N[CEnsfI/nmQcpuskaA8=O2:2su]beGMY LastSignin 1141328784
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@okcSnsfe/nmWcpuskmA6mgtwpgu[boCEI LastSignin 1147115332
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@okcSnsfe/nmWcpuskmA6mgtwpgu[boCEI LastUnknownOffline 1138798862
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@O]GMnsfY/nmqcpuskoAgrkkwjxqcboiSnneWm LastSignin 1146764955
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@O]GMnsfY/nmqcpuskoAgrkkwjxqcboiSnneWm LastChat 1142530990
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@O]GMnsfY/nmqcpuskoAneklqbvucbosSfhsjoebWmg LastSignin 1146760777
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@O]GMnsfY/nmqcpuskoAneklqbvucbosSfhsjoebWmg LastChat 1141825338
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@pmg[nsfC/nmEcpuskIAvsQiubqoafoO]G LastSignin 1146761093
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@pmg[nsfC/nmEcpuskIAvsQiubqoafoO]G LastChat 1146760837
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@qokcnsfS/nmecpuskWA4:madjplgngw[pltCEI LastSignin 1147264188
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@qokcnsfS/nmecpuskWA4:madjplgngw[pltCEI LastUnknownOffline 1137336305
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@qokcnsfS/nmecpuskWAivmwrcydg`fi[tiCEI LastSignin 1144408924
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@RcSensfW/nmmcpuskgA94[8vfrlCEIQ LastSignin 1146762936
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@RcSensfW/nmmcpuskgA94[8vfrlCEIQ LastChat 1143143989
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@RcSensfW/nmmcpuskgA:5[tlprbCmkiEnrtIQa LastSignin 1148296201
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@RcSensfW/nmmcpuskgA:5[tlprbCmkiEnrtIQa LastUnknownOffline 1148296270
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@RcSensfW/nmmcpuskgAgx[vh{eyCngpEeIQa LastSignin 1144183061
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@RcSensfW/nmmcpuskgAqp[hdvxuCjxEIQ LastSignin 1139395548
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@RcSensfW/nmmcpuskgAqp[hdvxuCjxEIQ LastUnknownOffline 1139396128
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@rqoknsfc/nmScpuskeA56Wulwegmfkpgcwbr[CE LastSignin 1147117792
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@rqoknsfc/nmScpuskeA56Wulwegmfkpgcwbr[CE LastUnknownOffline 1141746503
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@rqoknsfc/pwSoClsoeqk~Wgkumg[ LastSignin 1147265543
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@rqoknsfc/pwSoClsoeqk~Wgkumg[ LastChat 1145634300
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@Ui_KnsfU/nmicpusk_A35K:bjxlUui_K LastSignin 1148657589
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@Ui_KnsfU/nmicpusk_A35K:bjxlUui_K LastUnknownOffline 1137748322
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@VkcSnsfe/nmWcpuskmAkygnxdeu[egpCqvEIQ LastSignin 1140961677
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@VkcSnsfe/nmWcpuskmAkygnxdeu[egpCqvEIQ LastChat 1140961558
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@Wmg[nsfC/nmEcpuskIAueQrlelhanO]G LastSignin 1147117792
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@Wmg[nsfC/nmEcpuskIAueQrlelhanO]G LastChat 1147114677
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@Wmg[sj1CmkeEowplCI97vQgwussa.wsOnxpp]GM LastSignin 1148659850
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@Wmg[sj1CmkeEowplCI97vQgwussa.wsOnxpp]GM LastChat 1147114668
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@XokcnsfS/nmecpuskWAcxmpbfmugbo[CE LastSignin 1146749214
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@XokcnsfS/nmecpuskWAgmmrsjlhgukx[ksCEI LastSignin 1141328025
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@XokcnsfS/nmecpuskWAgmmrsjlhgukx[ksCEI LastUnknownOffline 1141328304
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@XokcnsfS/nmecpuskWAgvmvdigqgbnf[CEI LastSignin 1146762818
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@XokcnsfS/nmecpuskWAgvmvdigqgbnf[CEI LastChat 1142605052
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@XokcnsfS/nmecpuskWAqemwjoepg[CE LastSignin 1147184443
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@XokcnsfS/nmecpuskWAqemwjoepg[CE LastUnknownOffline 1147115059
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@Yqoksj1cmkeSowplCe9:mWohprmg[ LastSignin 1147117792
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@Yqoksj1cmkeSowplCe9:mWohprmg[ LastChat 1141330071
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@ZAAAsj1AmkeAowplCA74iAvwfrxAptmAcodAAA LastSignin 1147265979
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@ZAAAsj1AmkeAowplCA74iAvwfrxAptmAcodAAA LastUnknownOffline 1147265622
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@[CEInsfQ/nmacpuskOA9=]4htmuGfeMYq LastSignin 1147184563
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@[CEInsfQ/nmacpuskOA9=]4htmuGfeMYq LastChat 1142531242
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@[CEInsfQ/nmacpuskOAhs]vkdwGMY LastSignin 1147117790
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@]GMYnsfq/nmocpuskkAwycwrumwSeWm LastSignin 1147264676
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@]GMYnsfq/nmocpuskkAwycwrumwSeWm LastUnknownOffline 1136722195
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@]GMYnsfq/pwooCoeokepectwsieSeWm LastSignin 1148659699
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@]GMYnsfq/pwooCoeokepectwsieSeWm LastChat 1148657612
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@]GMYsj1qmkeoowplCk2/gcoSeW LastSignin 1138800763
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@]GMYsj1qmkeoowplCk2/gcoSeW LastUnknownOffline 1138798955
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@^IQansfO/nm]cpuskGA3cM|nomsYqok LastUnknownOffline 1139403019
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@^IQansfO/nm]cpuskGA:5MthwehYcaiqjwokc LastSignin 1136721994
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@_KUinsf_/nmKcpuskUAgvifqbho_jjtKUi_ LastSignin 1148659380
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@_KUinsf_/nmKcpuskUAwfikovep_KUi LastSignin 1139401368
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@`MYqnsfo/nmkcpuskcA{iSpjjegeokWmg LastSignin 1144181972
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@`MYqnsfo/nmkcpuskcA{iSpjjegeokWmg LastUnknownOffline 1144182136
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Contacts\@`MYqnsfo/pwkoCprrchfeSdrixqebWmg LastSignin 1146749213
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Preferences\SoundStats #000000000023 1
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Preferences\SoundStats LastUse01 98966AACE96C
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Preferences\SoundStats #000000000039 1
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Preferences\SoundStats LastUse02 CD705B4C58BA
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Preferences\SoundStats #CD705B4C58BA 1
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Preferences\SoundStats LastUse03 000000000039
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Preferences\SoundStats #98966AACE96C 1
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Preferences\SoundStats LastUse04 000000000023
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Preferences SystemLogWndX 200
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Preferences SystemLogWndY 100
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Preferences SystemLogWndWidth 500
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Preferences SystemLogWndHeight 170
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Preferences FirstTimeWizard 0
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Preferences MigrateLevel 2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Preferences FirstLaunch 1136725855
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Preferences LogDirectory C:\Documents and Settings\f@b\Mes documents\Mes archives de conversations
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Preferences ToastPopupSizeW6 181
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Preferences ToastPopupSizeH6 116
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Preferences ToastPopupPos6 954
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Preferences ToastPopupResX 1152
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Preferences ToastPopupBorder6 0
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Preferences QuickIconAddOrigin 1
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Preferences AskForAutogroup 0
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Preferences GroupBarLocation 0
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Preferences AutoGroupChats 1
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Preferences CustomColors
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Preferences CustSoundsUsePreview 0
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\jermain18@hotmail.com\Preferences FirstTimeSoundUsed 0
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lucyfer_738@hotmail.com\Archive LastArchiveTime 1149789532
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lucyfer_738@hotmail.com\Contacts\@dUi_sj1KmkeUowplCi{kw_nhqefKUi_ LastSignin 1149789270
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lucyfer_738@hotmail.com\Contacts\@dUi_sj1KmkeUowplCi{kw_nhqefKUi_ LastUnknownOffline 1149789559
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lucyfer_738@hotmail.com\Contacts\@mg[CnsfE/pwIoC9:bQokiavvnqdOs]GM LastSignin 1149789273
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lucyfer_738@hotmail.com\Contacts\@okcSnsfe/nmWcpuskmA68gpdhem[CEI LastSignin 1149789273
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lucyfer_738@hotmail.com\Contacts\@rqoknsfc/nmScpuskeAueWnrdmqmswigpjjiv[fnCEI LastSignin 1149789273
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lucyfer_738@hotmail.com\Contacts\@`MYqnsfo/pwkoCprrchfeSdrixqebWmg LastUnknownOffline 1149789311
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lucyfer_738@hotmail.com\Preferences SystemLogWndX 200
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lucyfer_738@hotmail.com\Preferences SystemLogWndY 100
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lucyfer_738@hotmail.com\Preferences SystemLogWndWidth 500
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lucyfer_738@hotmail.com\Preferences SystemLogWndHeight 170
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lucyfer_738@hotmail.com\Preferences FirstTimeWizard 0
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lucyfer_738@hotmail.com\Preferences MigrateLevel 2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lucyfer_738@hotmail.com\Preferences FirstLaunch 1149789788
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lyson1812@hotmail.fr\Archive\@QaO]u|wG/osMe1mmdYnvsqjCfplodwpkgcSe Type 2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lyson1812@hotmail.fr\Archive\@QaO]u|wG/osMe1mmdYnvsqjCfplodwpkgcSe FilePath
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lyson1812@hotmail.fr\Archive\@Tg[Cu|wE/tjI0rpldQzBeaplsfdOtvi]xlmsmGMYq Type 2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lyson1812@hotmail.fr\Archive\@Tg[Cu|wE/tjI0rpldQzBeaplsfdOtvi]xlmsmGMYq FilePath
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lyson1812@hotmail.fr\Archive LastArchiveTime 1139846535
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lyson1812@hotmail.fr\Contacts\@okcSnsfe/nmWcpuskmAcqglmd[CE LastSignin 1139851570
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lyson1812@hotmail.fr\Contacts\@QaO]nsfG/nmMcpuskYA8;qaxphloekcS LastSignin 1139902092
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lyson1812@hotmail.fr\Contacts\@QaO]nsfG/nmMcpuskYA8;qaxphloekcS LastUnknownOffline 1139852047
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lyson1812@hotmail.fr\Contacts\@qokcsj1SmkeeowplCW224m3bbqrgu[CE LastSignin 1139846270
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lyson1812@hotmail.fr\Contacts\@qokcsj1SmkeeowplCW224m3bbqrgu[CE LastChat 1139846313
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lyson1812@hotmail.fr\Contacts\@SeWmnsfg/nm[cpuskCAgpEkfvphIQaO LastSignin 1139851571
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lyson1812@hotmail.fr\Contacts\@SeWmnsfg/nm[cpuskCAgpEkfvphIQaO LastChat 1139851766
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lyson1812@hotmail.fr\Contacts\@VkcSsj1epqlWc|Aeqmjtfgcvuiy[jnsClEIQ LastSignin 1139851571
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lyson1812@hotmail.fr\Contacts\@VkcSsj1epqlWc|Aeqmjtfgcvuiy[jnsClEIQ LastChat 1139851593
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lyson1812@hotmail.fr\Preferences SystemLogWndX 200
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lyson1812@hotmail.fr\Preferences SystemLogWndY 100
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lyson1812@hotmail.fr\Preferences SystemLogWndWidth 500
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lyson1812@hotmail.fr\Preferences SystemLogWndHeight 170
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lyson1812@hotmail.fr\Preferences ToastPopupSizeW6 181
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lyson1812@hotmail.fr\Preferences ToastPopupSizeH6 116
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lyson1812@hotmail.fr\Preferences ToastPopupPos6 954
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lyson1812@hotmail.fr\Preferences ToastPopupResX 1152
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lyson1812@hotmail.fr\Preferences ToastPopupBorder6 0
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lyson1812@hotmail.fr\Preferences FirstTimeWizard 0
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lyson1812@hotmail.fr\Preferences MigrateLevel 2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lyson1812@hotmail.fr\Preferences FirstLaunch 1139848555
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\lyson1812@hotmail.fr\Preferences LogDirectory C:\Documents and Settings\f@b\Mes documents\Mes archives de conversations
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Archive\@bQaOu|w]/tjG0ojepMuqlYBhgmoqgq{ocuekcS Type 2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Archive\@bQaOu|w]/tjG0ojepMuqlYBhgmoqgq{ocuekcS FilePath
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Archive\@bQaOu|w]/tjG0ojepMuqlYBqfiwqswsohbfmukvcpcSeW Type 2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Archive\@bQaOu|w]/tjG0ojepMuqlYBqfiwqswsohbfmukvcpcSeW FilePath
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Archive\@EIQau|wO/tj]0ojepGuqlMBvbkuYfqok Type 2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Archive\@EIQau|wO/tj]0ojepGuqlMBvbkuYfqok FilePath
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Archive\@GMYqu|wo/tjk0ojepcuqlSB;41hemqvWcfmg[ Type 2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Archive\@GMYqu|wo/tjk0ojepcuqlSB;41hemqvWcfmg[ FilePath
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Archive\@leWmu|wg/tj[0ojepCuqlEB6243IfkrQcqaO] Type 2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Archive\@leWmu|wg/tj[0ojepCuqlEB6243IfkrQcqaO] FilePath
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Archive\@ni_Ku|wU/osie1mmd_nvsKjC64:Uogzikjssi_owiKjwUi_ Type 2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Archive\@ni_Ku|wU/osie1mmd_nvsKjC64:Uogzikjssi_owiKjwUi_ FilePath
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Archive\@O]GMu|wY/tjq0ojepouqlkBqp}oc`ccSgomsie`grWwmg[ Type 2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Archive\@O]GMu|wY/tjq0ojepouqlkBqp}oc`ccSgomsie`grWwmg[ FilePath
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Archive\@qokcu|wS/tje0ojepWuqlmB6frlgmgg[eCEI Type 2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Archive\@qokcu|wS/tje0ojepWuqlmB6frlgmgg[eCEI FilePath
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Archive\@rqoku|wc/osSe1mmdenvsWjC:c9m`{wgult[CE Type 2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Archive\@rqoku|wc/osSe1mmdenvsWjC:c9m`{wgult[CE FilePath
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Archive\@Xokcu|wS/osee1msdWAdqmqopgwgogq[godCEI Type 2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Archive\@Xokcu|wS/osee1msdWAdqmqopgwgogq[godCEI FilePath
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Archive\@`MYqu|wo/tjk0ojepcuqlSB77:4eoqlWeqplfmg[C Type 2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Archive\@`MYqu|wo/tjk0ojepcuqlSB77:4eoqlWeqplfmg[C FilePath
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Archive LastArchiveTime 1146767518
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@!EIQnsfa/nmOcpusk]A3fGgvffhMcpsYvqok LastSignin 1146830648
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@!EIQnsfa/nmOcpusk]A3fGgvffhMcpsYvqok LastUnknownOffline 1146830646
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@!EIQsj1amkeOowplC]444GthuwdMnYqo LastSignin 1148733348
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@!EIQsj1amkeOowplC]444GthuwdMnYqo LastUnknownOffline 1146831979
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@!EIQsj1amkeOowplC]95iGphdweMpoYqo LastSignin 1143318726
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@AAAAsj1AmkeAowplCA4grAkofgfAAAA LastSignin 1146832817
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@AAAAsj1AmkeAowplCA4grAkofgfAAAA LastChat 1146831932
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@AAAAsj1AmkeAowplCA95iAdppfAAA LastSignin 1139080858
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@aO]Gsj1MmkeYowplCq954ogwuiqkjrycqsSeW LastSignin 1148740929
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@BCEInsfQ/nmacpuskOA;c]8bzwvGjuMYq LastSignin 1146833885
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@BCEInsfQ/nmacpuskOA;c]8bzwvGjuMYq LastChat 1146833823
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@BCEIsj1QmkeaowplCOfns]oddGMY LastSignin 1143318726
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@bQaOsj1]mkeGowplCM58:Y3qplfqoqloekcS LastSignin 1146832054
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@bQaOsj1]mkeGowplCM58:Y3qplfqoqloekcS LastChat 1146831001
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@cSeWsj1mmkegowplC[95rCkusekEdarIglceiQaO] LastSignin 1148735970
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@DGMYnsfq/nmocpuskkAuecuebjSeW LastSignin 1148567014
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@DGMYsj1qmkeoowplCkjimcwotwdSqeWm LastSignin 1139080975
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@DGMYsj1qmkeoowplCkjimcwotwdSqeWm LastChat 1139081296
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@dUi_sj1KmkeUowplCifhm_nip{dKsfUi_ LastSignin 1148739520
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@dUi_sj1KmkeUowplCifhm_nip{dKsfUi_ LastChat 1148737180
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@dUi_sj1KmkeUowplCiogi_vuvsiK`gmUtxbpi_K LastSignin 1148738479
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@dUi_sj1KmkeUowplCiogi_vuvsiK`gmUtxbpi_K LastChat 1148737664
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@EIQansfO/pw]oC97rGupeMYqo LastSignin 1146831026
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@EIQansfO/pw]oC97rGupeMYqo LastUnknownOffline 1146832769
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@EIQasj1Omke]owplCGzpsMpdighYokfqcvokc LastSignin 1148648461
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@eWmgnsf[/nmCcpuskEAniIfhhrdQoqxaO]G LastSignin 1146833599
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@eWmgsj1[mkeCowplCE95iIfubxrQncpaO]G LastSignin 1139081188
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@FKUinsf_/nmKcpuskUAqnifdhio_KUi LastSignin 1148134962
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@FKUisj1_mkeKowplCUlkkicp.rr_mnmKrdqUi_ LastSignin 1148733348
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@FKUisj1_mkeKowplCUlkkicp.rr_mnmKrdqUi_ LastChat 1148733413
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@FKUisj1_mkeKowplCUtgriqjeee_tumKoUi_ LastSignin 1148733781
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@FKUisj1_mkeKowplCUtgriqjeee_tumKoUi_ LastUnknownOffline 1146830317
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@GMYqnsfo/nmkcpuskcA;7S8blglenWmg LastSignin 1148733348
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@GMYqnsfo/nmkcpuskcA;7S8blglenWmg LastUnknownOffline 1148735935
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@GMYqsj1omkekowplCcmgqS/lugdeWmg LastSignin 1143318726
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@GMYqsj1omkekowplCctckStheWm LastSignin 1146767869
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@GMYqsj1omkekowplCctckStheWm LastChat 1146768048
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@h]GMsj1YmkeqowplCovpskodiwcSe LastSignin 1148733348
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@h]GMsj1YmkeqowplCovpskodiwcSe LastUnknownOffline 1148733449
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@IQaOsj1]mkeGowplCM951Ygopvdqdokc LastSignin 1148738650
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@IQaOsj1]mkeGowplCM951Ygopvdqdokc LastChat 1148741004
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@JSeWsj1mmkegowplC[8:1CwrompEptIQa LastSignin 1148733348
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@JSeWsj1mmkegowplC[8:1CwrompEptIQa LastUnknownOffline 1148739892
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@JSeWsj1mmkegowplC[lesCtbjqrEvuIQa LastSignin 1139080858
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@kcSensfW/nmmcpuskgApe[nfpkqCjjxEIQa LastSignin 1148566567
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@kcSesj1WmkemowplCgmnm[vhsmpCEIQ LastSignin 1139081213
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@kcSesj1Wpqhmcqb{Cg:22[qofCEI LastSignin 1148567014
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@kcSesj1Wpqhmcqb{Cg:22[qofCEI LastChat 1139081271
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@KUi_nsfK/nmUcpuskiAxs_nvseyKUi_ LastSignin 1148567014
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@LWmgsj1[mkeCowplCEfkrIcofqwQoksarO]G LastSignin 1139080858
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@MYqonsfk/nmccpuskSAneekwsyrWdgxmvrmvdgie[CE LastSignin 1139080858
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@MYqonsfk/nmccpuskSAneekwsyrWdgxmvrmvdgie[CE LastChat 1139081328
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@MYqosj1kmkecowplCSfnseqpbgWmg LastSignin 1148741011
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@MYqosj1kmkecowplCSfnseqpbgWmg LastChat 1148740982
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@ni_Ksj1UmkeiowplC_434K2hjrdUoi_K LastSignin 1146829513
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@ni_Ksj1UmkeiowplC_434K2hjrdUoi_K LastChat 1146767627
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@okcSnsfe/nmWcpuskmApsg{qp}b[fvmCvEIQ LastSignin 1148736723
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@okcSnsfe/nmWcpuskmApsg{qp}b[fvmCvEIQ LastChat 1148648495
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@O]GMnsfY/nmqcpuskoA94k2goeucvfrSqlsepeWmg LastSignin 1146829810
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@O]GMnsfY/nmqcpuskoA:7kglmmpcSeW LastSignin 1148740963
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@O]GMnsfY/nmqcpuskoA:7kglmmpcSeW LastChat 1148740821
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@O]GMsj1YmkeqowplCo99ck:6ppdcnSeW LastSignin 1148739541
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@O]GMsj1YmkeqowplCo99ck:6ppdcnSeW LastUnknownOffline 1148740052
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@pmg[nsfC/nmEcpuskIA74Q9qfzlahtsOhqvik]uGMY LastSignin 1148567014
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@pmg[nsfC/nmEcpuskIA74Q9qfzlahtsOhqvik]uGMY LastChat 1146833897
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@QaO]sj1GmkeMowplCY:8=q8|niyopnkcS LastSignin 1148737920
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@QaO]sj1GmkeMowplCYoq}qnbbchomnskhbfrxcSeW LastSignin 1148734974
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@QaO]sj1GmkeMowplCYoq}qnbbchomnskhbfrxcSeW LastChat 1148734605
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@qokcnsfS/nmecpuskWAommnbfrlgute[oCEI LastSignin 1139080858
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@qokcnsfS/nmecpuskWAommnbfrlgute[oCEI LastChat 1139081310
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@Tg[CnsfE/nmIcpuskQA25a85fxxOpny]qoGMY LastSignin 1148733348
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@Tg[CnsfE/nmIcpuskQA58aguveoO]GM LastSignin 1143318726
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@Tg[Csj1EmkeIowplCQtkxaulvufOm]GM LastSignin 1146767247
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@Wmg[sj1CmkeEowplCIfimQygfchasfrOc]GM LastSignin 1146829513
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@Wmg[sj1CmkeEowplCIfthQpd`ijajyhOg]GM LastSignin 1148567014
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@Yqoknsfc/nmScpuskeAfyWcsbvfmocjg[CE LastSignin 1148648461
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@Yqoknsfc/nsScC4pheuu}Wtkdmg[ LastSignin 1148567014
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@Yqoksj1cmkeSowplCebgqW{kumg[ LastSignin 1148734573
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@Yqoksj1cmkeSowplCebgqW{kumg[ LastUnknownOffline 1148734599
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@ZAAAnsfA/nmAcpuskAA{gAgkqsuAqmgAquevdAiglAvipwzApfeAjv`w|AAAA LastSignin 1148734441
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@ZAAAnsfA/nsAcCcqrAmqgAvqfqhAmeAAA LastSignin 1148734571
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@ZAAAnsfA/nsAcCcqrAmqgAvqfqhAmeAAA LastChat 1148733935
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@]GMYsj1qmkeoowplCkfvycqudyrSieeenhomwWjmmmog[C LastSignin 1148134960
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@]GMYsj1qmkeoowplCkfvycqudyrSieeenhomwWjmmmog[C LastUnknownOffline 1146767654
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@`MYqnsfo/nmkcpuskcA5
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@`MYqnsfo/nmkcpuskcA5
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Contacts\@`MYqnsfo/nmkcpuskcAgxSvrmeoe`clWemg[ LastSignin 1148567014
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Preferences SystemLogWndX 200
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Preferences SystemLogWndY 100
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Preferences SystemLogWndWidth 500
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Preferences SystemLogWndHeight 170
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Preferences ToastPopupSizeW6 181
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Preferences ToastPopupSizeH6 116
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Preferences ToastPopupPos6 954
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Preferences ToastPopupResX 1152
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Preferences ToastPopupBorder6 0
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Preferences FirstTimeWizard 0
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Preferences LogDirectory C:\Documents and Settings\f@b\Mes documents\Mes archives de conversations
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Preferences AskForAutogroup 0
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Preferences AutoGroupChats 0
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Preferences MigrateLevel 2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Preferences FirstLaunch 1139081419
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\mehdipas@hotmail.com\Preferences QuickIconAddOrigin 1
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\melmargot@hotmail.com\Archive\@jaO]u|wG/osMe1mmdYnvsqjCfm}o{wfkawjxlcqSeW Type 2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\melmargot@hotmail.com\Archive\@jaO]u|wG/osMe1mmdYnvsqjCfm}o{wfkawjxlcqSeW FilePath
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\melmargot@hotmail.com\Archive\@RcSeu|wW/osme1mmdgnvs[jCfxrCqqsEnrqeIQa Type 2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\melmargot@hotmail.com\Archive\@RcSeu|wW/osme1mmdgnvs[jCfxrCqqsEnrqeIQa FilePath
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\melmargot@hotmail.com\Archive LastArchiveTime 1149966747
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\melmargot@hotmail.com\Contacts\@BCEInsfQ/nmacpuskOA8<]x<2}gGegxMYqo LastSignin 1144953673
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\melmargot@hotmail.com\Contacts\@BCEInsfQ/nmacpuskOA8<]x<2}gGegxMYqo LastUnknownOffline 1142104256
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\melmargot@hotmail.com\Contacts\@bQaOnsf]/nmGcpuskMAteYjevfbqbmeoayb|kcS LastSignin 1148316444
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\melmargot@hotmail.com\Contacts\@bQaOnsf]/nmGcpuskMAteYjevfbqbmeoayb|kcS LastUnknownOffline 1148316392
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\melmargot@hotmail.com\Contacts\@DGMYnsfq/pwooC956kgcvchlsSeW LastSignin 1148986728
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\melmargot@hotmail.com\Contacts\@DGMYnsfq/pwooC956kgcvchlsSeW LastChat 1148576200
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\melmargot@hotmail.com\Contacts\@EIQasj1Omke]owplCG3viMtubgvYjtlqeokc LastSignin 1148315841
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\melmargot@hotmail.com\Contacts\@EIQasj1Omke]owplCG3viMtubgvYjtlqeokc LastUnknownOffline 1148315638
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\melmargot@hotmail.com\Contacts\@FKUinsf_/nmKcpuskUApsivhhvd_cniKzdUi_ LastSignin 1148650058
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\melmargot@hotmail.com\Contacts\@FKUinsf_/nmKcpuskUApsivhhvd_cniKzdUi_ LastChat 1148314913
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\melmargot@hotmail.com\Contacts\@FKUinsf_/nmKcpuskUAumicqgtp_vqvKvkdwUi_ LastSignin 1148986727
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\melmargot@hotmail.com\Contacts\@FKUinsf_/nmKcpuskUAumicqgtp_vqvKvkdwUi_ LastUnknownOffline 1144949164
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\melmargot@hotmail.com\Contacts\@FKUinsf_/nmKcpuskUAveiwuzrx_npeKxUi_ LastSignin 1149966475
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\melmargot@hotmail.com\Contacts\@FKUinsf_/nmKcpuskUAveiwuzrx_npeKxUi_ LastUnknownOffline 1144943456
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\melmargot@hotmail.com\Contacts\@FKUisj1_mkeKowplCU:8wikubwl_sjgKUi_ LastSignin 1148316392
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\melmargot@hotmail.com\Contacts\@fYqonsfk/nmccpuskSAgleeubqbWfprmcbfmugbo[CE LastSignin 1148986988
HKEY_CURRENT_USER\Software\Patchou\Ms
Logfile of HijackThis v1.99.1
Scan saved at 18:35:42, on 29/11/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunServer.exe
C:\Documents and Settings\f@b\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [xaclceikud] c:\windows\system32\xaclceikud.exe xaclceikud
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\RunOnce: [CounterSpyCleaner] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunASCleaner.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Scan saved at 18:35:42, on 29/11/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunServer.exe
C:\Documents and Settings\f@b\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [xaclceikud] c:\windows\system32\xaclceikud.exe xaclceikud
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\RunOnce: [CounterSpyCleaner] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunASCleaner.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Installe d'urgence un antivirus comme Antivir,
fais un scan complet puis poste le rapport :
http://www.malekal.com/tutorial_antivir.php
fais un scan complet puis poste le rapport :
http://www.malekal.com/tutorial_antivir.php
AntiVir PersonalEdition Classic
Report file date: mercredi 29 novembre 2006 19:26
Scanning for 569183 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-WURGE-0001
Platform: Windows XP
Windows version: (plain) [5.1.2600]
Username: f@b
Computer name: 64E55I5MA01FNOZ
Version information:
AVSCAN.EXE : 7.0.0.47 200744 21/08/2006 11:06:56
AVSCAN.DLL : 7.0.0.45 41000 07/09/2006 11:56:33
LUKE.DLL : 7.0.0.47 118824 07/09/2006 11:32:33
LUKERES.DLL : 7.0.0.47 9256 07/09/2006 11:56:33
ANTIVIR0.VDF : 6.35.0.1 7371264 31/05/2006 11:35:27
ANTIVIR1.VDF : 6.36.1.24 2212864 14/11/2006 18:25:55
ANTIVIR2.VDF : 6.36.1.80 161280 23/11/2006 18:25:55
ANTIVIR3.VDF : 6.36.1.105 58368 29/11/2006 18:25:55
AVEWIN32.DLL : 7.2.0.46 1925632 29/11/2006 18:25:56
AVPREF.DLL : 7.0.0.2 23592 24/07/2006 13:36:04
AVREP.DLL : 6.36.1.1 978984 29/11/2006 18:25:55
AVRPBASE.DLL : 7.0.0.0 2162728 30/03/2006 09:43:31
AVPACK32.DLL : 7.2.0.5 368680 29/11/2006 18:25:56
AVREG.DLL : 6.31.0.90 27688 28/07/2005 11:06:36
NETNT.DLL : 6.32.0.0 6696 27/09/2005 08:56:49
NETNW.DLL : 7.0.0.0 9768 24/07/2006 13:35:55
RCIMAGE.DLL : 7.0.0.74 1642536 01/08/2006 12:22:57
RCTEXT.DLL : 7.0.1.4 77864 29/11/2006 18:25:51
Configuration settings for the scan:
Jobname.......................: Windows System Directory
Configuration file............: C:\Program Files\AntiVir PersonalEdition Classic\sysdir.avp
Boot sectors..................: C
Scan memory...................: 1
Process scan..................: 1
Scan all files................: 2
Scan archives.................: 1
Recursion depth...............: 20
Smart extensions..............: 1
Macro heuristic...............: 1
File heuristic................: 0
Primary action................: 1
Secondary action..............: 0
Start of the scan: mercredi 29 novembre 2006 19:26
The scan of running processes will be started
C:\WINDOWS\TEMP\iddABC.tmp.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.25120
[INFO] The file was deleted!
12 Processes were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( 6 files ).
Starting the file scan:
C:\WINDOWS\System32\awvtr.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] The file could not be deleted!
C:\WINDOWS\System32\ghpkeubd.exe
[WARNING] The file could not be opened!
C:\WINDOWS\System32\lvmabytl.dll
[DETECTION] Is the Trojan horse TR/BHO.G.3
[INFO] The file was deleted!
C:\WINDOWS\System32\rqrsqoo.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\WINDOWS\System32\tnhqkhdk.dll
[WARNING] The file could not be opened!
C:\WINDOWS\System32\windph32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\System32\config\default
[WARNING] The file could not be opened!
C:\WINDOWS\System32\config\default.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\System32\config\SAM
[WARNING] The file could not be opened!
C:\WINDOWS\System32\config\SAM.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\System32\config\SECURITY
[WARNING] The file could not be opened!
C:\WINDOWS\System32\config\SECURITY.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\System32\config\software
[WARNING] The file could not be opened!
C:\WINDOWS\System32\config\software.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\System32\config\system
[WARNING] The file could not be opened!
C:\WINDOWS\System32\config\system.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\System32\drivers\sptd.sys
[WARNING] The file could not be opened!
End of the scan: mercredi 29 novembre 2006 19:41
Used time: 15:31 min
The scan has been done completely.
191 Scanning directories
6001 Files were scanned
5 viruses and/or unwanted programs were found
3 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
4 Archives were scanned
15 Warnings
0 Notes
Logfile of HijackThis v1.99.1
Scan saved at 21:00:47, on 29/11/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\TEMP\win508.tmp.exe
C:\WINDOWS\TEMP\winABA.tmp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\f@b\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\System32\bgwdqonc.dll
O2 - BHO: (no name) - {4DA8FFA3-C789-4002-AC23-E5893C51B455} - C:\WINDOWS\System32\awvtr.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O20 - Winlogon Notify: awvtr - C:\WINDOWS\System32\awvtr.dll
O20 - Winlogon Notify: windph32 - C:\WINDOWS\SYSTEM32\windph32.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Scan saved at 21:00:47, on 29/11/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\TEMP\win508.tmp.exe
C:\WINDOWS\TEMP\winABA.tmp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\f@b\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\System32\bgwdqonc.dll
O2 - BHO: (no name) - {4DA8FFA3-C789-4002-AC23-E5893C51B455} - C:\WINDOWS\System32\awvtr.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O20 - Winlogon Notify: awvtr - C:\WINDOWS\System32\awvtr.dll
O20 - Winlogon Notify: windph32 - C:\WINDOWS\SYSTEM32\windph32.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Tu t'es fait réinfecté ![:(]( ":(")
Supprime ta version de Vundofix.
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
Double-clique VundoFix.exe afin de le lancer
Clique sur le bouton Scan for Vundo
Lorsque le scan est complété, clique sur le bouton Remove Vundo
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
Supprime ta version de Vundofix.
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
VundoFix V6.2.13
Checking Java version...
Java version is 1.5.0.4
Java version is 1.5.0.6
Scan started at 21:36:36 29/11/2006
Listing files found while scanning....
C:\WINDOWS\System32\awvtr.dll
C:\WINDOWS\System32\rtvwa.ini
C:\WINDOWS\System32\rtvwa.bak1
Beginning removal...
Attempting to delete C:\WINDOWS\System32\awvtr.dll
C:\WINDOWS\System32\awvtr.dll Has been deleted!
Attempting to delete C:\WINDOWS\System32\rtvwa.ini
C:\WINDOWS\System32\rtvwa.ini Has been deleted!
Attempting to delete C:\WINDOWS\System32\rtvwa.bak1
C:\WINDOWS\System32\rtvwa.bak1 Has been deleted!
Performing Repairs to the registry.
Done!
Logfile of HijackThis v1.99.1
Scan saved at 21:56:18, on 29/11/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\f@b\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\System32\bgwdqonc.dll
O2 - BHO: (no name) - {4DA8FFA3-C789-4002-AC23-E5893C51B455} - C:\WINDOWS\System32\awvtr.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O20 - Winlogon Notify: windph32 - C:\WINDOWS\SYSTEM32\windph32.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Checking Java version...
Java version is 1.5.0.4
Java version is 1.5.0.6
Scan started at 21:36:36 29/11/2006
Listing files found while scanning....
C:\WINDOWS\System32\awvtr.dll
C:\WINDOWS\System32\rtvwa.ini
C:\WINDOWS\System32\rtvwa.bak1
Beginning removal...
Attempting to delete C:\WINDOWS\System32\awvtr.dll
C:\WINDOWS\System32\awvtr.dll Has been deleted!
Attempting to delete C:\WINDOWS\System32\rtvwa.ini
C:\WINDOWS\System32\rtvwa.ini Has been deleted!
Attempting to delete C:\WINDOWS\System32\rtvwa.bak1
C:\WINDOWS\System32\rtvwa.bak1 Has been deleted!
Performing Repairs to the registry.
Done!
Logfile of HijackThis v1.99.1
Scan saved at 21:56:18, on 29/11/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\f@b\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\System32\bgwdqonc.dll
O2 - BHO: (no name) - {4DA8FFA3-C789-4002-AC23-E5893C51B455} - C:\WINDOWS\System32\awvtr.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O20 - Winlogon Notify: windph32 - C:\WINDOWS\SYSTEM32\windph32.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
- Lance Hijackthis ->Do a system scan only
->Coche les lignes ci-dessous :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\System32\bgwdqonc.dll
O2 - BHO: (no name) - {4DA8FFA3-C789-4002-AC23-E5893C51B455} - C:\WINDOWS\System32\awvtr.dll (file missing)
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O20 - Winlogon Notify: windph32 - C:\WINDOWS\SYSTEM32\windph32.dll
Clique sur Fix checked (en bas à gauche)
Double-clique VundoFix.exe afin de le lancer
NE clique PAS sur le bouton Scan for Vundo
Clique Droit dans la fenêtre blanche, choisis Add more files ?
Rajoute dans la première ligne :
C:\WINDOWS\SYSTEM32\windph32.dll
Dans la deuxième :
C:\WINDOWS\System32\bgwdqonc.dll
Clique successivement sur :
- Add Files
- Close Windows
- Remove Vundo
Si l'outil te demande de redémarrer, accepte.
Copie/Colle ensuite le rapport C:\vundofix.txt
Installe un firewall comme Kerio :
http://www.malekal.com/kerio_firewall.php
->Coche les lignes ci-dessous :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\System32\bgwdqonc.dll
O2 - BHO: (no name) - {4DA8FFA3-C789-4002-AC23-E5893C51B455} - C:\WINDOWS\System32\awvtr.dll (file missing)
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O20 - Winlogon Notify: windph32 - C:\WINDOWS\SYSTEM32\windph32.dll
Clique sur Fix checked (en bas à gauche)
C:\WINDOWS\SYSTEM32\windph32.dll
Dans la deuxième :
C:\WINDOWS\System32\bgwdqonc.dll
- Add Files
- Close Windows
- Remove Vundo
Installe un firewall comme Kerio :
http://www.malekal.com/kerio_firewall.php
Logfile of HijackThis v1.99.1
Scan saved at 17:13:12, on 30/11/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\f@b\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Scan saved at 17:13:12, on 30/11/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\f@b\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Installe un firewall comme Kerio :
http://www.malekal.com/kerio_firewall.php
Fais les mises à jour avec Windows Update ->ici<-
http://www.malekal.com/kerio_firewall.php
Fais les mises à jour avec Windows Update ->ici<-
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumVirus ver msn gros soucis!!
- ForumGros soucis vista, l'explorateur windows plante en permanence...
- ForumGros soucis avec COD5 sur PS3
- ForumRetroprojecteur samsung gros soucis
- ForumGros soucis démarage diode carte mère éteinte
- ForumIpod shuffle GrOs sOucis...
- ForumMSN live messenger - Gros soucis
- Forumprobleme virus comment supprimé idd.tmp
- Forum[Résolu] Multiples virus sur mon poste: idd.tmp, outerByinfo,...
- Voir plus
