Sujet Précédent Sujet Suivant

Vérolé rapport hijackthis

robix62 Messages postés 1028 Statut Membre -  
 Utilisateur anonyme -
Bonjour,

je susi sur un poste vérolé, antivir ne veut pas démarrer, ni malware bytes

voici le rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:46:19, on 19/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.5.0\bin\jucheck.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SDFix] C:\DOCUME~1\COMPAQ~1.ORD\Bureau\SDFix\SDFix\RunThis.bat /second
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [AntiMalware] "C:\Program Files\AntiMalware\antimalware.exe" -noscan
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
A voir également:

14 réponses

Réponse 1 / 14
Utilisateur anonyme
 
Bonsoir

---> Télécharge OTM (OldTimer) sur ton Bureau :
http: http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant en gras ci-dessous :

:processes
explorer.exe

:files
c:\program files\antimalware\antimalware.exe

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AntiMalware"=-

:commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

*********************************

Fais un scan avec cet antispyware :
Malwarebytes + tutoriel

Tu l´installes; mets le a jour...(onglet mise a jour)
Click maintenant sur l´onglet recherche et coche la case :
"Executer un examen rapide".
Puis click sur "rechercher".
Laisses le scanner le pc...
A la fin du scan, clique sur Afficher les résultats
Si des elements on ete trouvés :
> click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "oui".
A la fin un rapport va s´ouvrir;
sauvegarde le de maniere a le retrouver en vue de le poster sur le forum.
Copies et colles le rapport stp.

a+

0
Réponse 2 / 14
robix62 Messages postés 1028 Statut Membre 62
 
merci pour la rapidité, n'ayant plus l'ordinateur sous la main, je le ferai en debut de semaine prochaine

je te tiens informé

a pluche
0
Réponse 3 / 14
robix62 Messages postés 1028 Statut Membre 62
 
voilà le rapport

All processes killed
Error: Unable to interpret <processes > in the current context!
Error: Unable to interpret <explorer.exe > in the current context!
========== FILES ==========
File/Folder c:\program files\antimalware\antimalware.exe not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AntiMalware deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 11540 bytes
->Temporary Internet Files folder emptied: 76898 bytes

User: All Users

User: Compaq_Propriétaire.ORDINATEUR
->Temp folder emptied: 1278697 bytes
->Temporary Internet Files folder emptied: 364260447 bytes
->Java cache emptied: 5719 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 115348 bytes
->Temporary Internet Files folder emptied: 9109456 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 39138 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 358,00 mb

OTM by OldTimer - Version 3.1.4.0 log created on 12262009_140449

Files moved on Reboot...

Registry entries deleted on Reboot...

merci

au démarrage, antivir ne veut toujours pas se lancer et mab ne veut pas se lancer non plus

0
Réponse 4 / 14
Utilisateur anonyme
 
Ok.....

la suite !

a+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 14
robix62 Messages postés 1028 Statut Membre 62
 
ni l'antivirus ni malware bytes veulent se lancer
0
Réponse 6 / 14
Utilisateur anonyme
 
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt

a+
0
Réponse 7 / 14
robix62 Messages postés 1028 Statut Membre 62
 
rhaaaa, j'ai enlevé le câble, j'ai fermé toutes les applications, combo fix ne veut pas se lancer non plus.

j'ai essayé en mode sans échec ça ne marche pas non plus

il est vraiment coriace...
0
Réponse 8 / 14
Utilisateur anonyme
 
Essayes ceci pour déloquer la situation ...

Desactives ton antivirus le temps de la manip ainsi que ton parefeu si présent

Télécharges List&Kill'em et enregistre le sur ton bureau

http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem_Install.exe

dezippes-le , (clic droit/ extraire.....)

Il ne necessite pas d'installation

double clic (clic droit "executer en tant qu'administrateur" pour Vista) pour lancer le scan

choisis la langue puis choisis l'option 1 = Mode Recherche

laisses travailler l'outil

colles le contenu dans ta prochaine réponse , un fois la fenetre refermée :

C:\List'em.txt

a+
0
Réponse 9 / 14
robix62 Messages postés 1028 Statut Membre 62
 
voilà

List'em by g3n-h@ckm@n 1.1.6.1

Thx to Chiquitine29.....& CCM team

User : Compaq_Propriétaire (Administrateurs) # ORDINATEUR
Update on 24/12/2009 by g3n-h@ckm@n ::::: 20:30
Start at: 15:05:35 | 26/12/2009
Contact : g3n-h@ckm@n sur CCM

AMD Sempron(tm) Processor 3200+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AntiMalware 1.0 [ Enabled | (!) Outdated ]
AV : AntiVir Desktop 9.0.1.32 [ (!) Disabled | (!) Outdated ]

C:\ -> Disque fixe local | 142,07 Go (111,73 Go free) [PRESARIO] | NTFS
D:\ -> Disque fixe local | 6,96 Go (3,47 Go free) [PRESARIO_RP] | FAT32
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe 444
C:\WINDOWS\system32\csrss.exe 516
C:\WINDOWS\system32\winlogon.exe 544
C:\WINDOWS\system32\services.exe 592
C:\WINDOWS\system32\lsass.exe 604
C:\WINDOWS\system32\Ati2evxx.exe 768
C:\WINDOWS\system32\svchost.exe 784
C:\WINDOWS\system32\svchost.exe 892
C:\WINDOWS\System32\svchost.exe 936
C:\WINDOWS\system32\svchost.exe 980
C:\WINDOWS\system32\svchost.exe 1048
C:\WINDOWS\system32\Ati2evxx.exe 1232
C:\WINDOWS\system32\brsvc01a.exe 1408
C:\WINDOWS\system32\spoolsv.exe 1440
C:\WINDOWS\system32\brss01a.exe 1452
C:\Program Files\Java\jre1.5.0\bin\jusched.exe 1680
C:\windows\system\hpsysdrv.exe 1700
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe 1712
C:\HP\KBD\KBD.EXE 1740
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe 1868
C:\Program Files\Brother\ControlCenter2\brctrcen.exe 1928
C:\Program Files\QuickTime\qttask.exe 1952
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe 2012
C:\WINDOWS\system32\ctfmon.exe 2032
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe 252
C:\Program Files\Internet Explorer\iexplore.exe 424
C:\WINDOWS\system32\svchost.exe 524
C:\WINDOWS\system32\Brmfrmps.exe 1140
C:\WINDOWS\System32\svchost.exe 1172
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 1328
C:\WINDOWS\system32\svchost.exe 1064
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe 1624
C:\Program Files\Internet Explorer\iexplore.exe 2616
C:\WINDOWS\System32\alg.exe 3164
C:\Program Files\Internet Explorer\Iexplore.exe 3008
C:\Program Files\Internet Explorer\Iexplore.exe 3064
C:\WINDOWS\explorer.exe 3632
C:\Program Files\List_Kill'em\List_Kill'em.exe 192
C:\WINDOWS\system32\cmd.exe 3388
C:\WINDOWS\system32\wbem\wmiprvse.exe 2004
C:\Documents and Settings\Compaq_Propriétaire.ORDINATEUR\Local Settings\Temp\16.tmp\pv.exe 1476

======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
TomTomHOME.exe REG_SZ "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SunJavaUpdateSched REG_SZ C:\Program Files\Java\jre1.5.0\bin\jusched.exe
hpsysdrv REG_SZ c:\windows\system\hpsysdrv.exe
ATIPTA REG_SZ C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
KBD REG_SZ C:\HP\KBD\KBD.EXE
Recguard REG_SZ C:\WINDOWS\SMINST\RECGUARD.EXE
PS2 REG_SZ C:\WINDOWS\system32\ps2.exe
LSBWatcher REG_SZ c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
HP Software Update REG_EXPAND_SZ C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
SSBkgdUpdate REG_SZ "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
PaperPort PTD REG_SZ C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
IndexSearch REG_SZ C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
SetDefPrt REG_SZ C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
ControlCenter2.0 REG_SZ C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
Malwarebytes Anti-Malware (reboot) REG_SZ "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 145 (0x91)

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 1 (0x1)

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ

===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\iTunes\iTunes.exe REG_SZ C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
C:\Program Files\AOL 9.0\waol.exe REG_SZ C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL France
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE REG_SZ C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
C:\Program Files\Cyanide\GameCenter\GameCenter.exe REG_SZ C:\Program Files\Cyanide\GameCenter\GameCenter.exe:*:Enabled:GameCenter
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Documents and Settings\Compaq_Propriétaire.ORDINATEUR\Local Settings\Temporary Internet Files\Content.IE5\7GHZ1VPN\IMG00098714911567251832-JPG[2].EXE REG_SZ C:\Documents and Settings\Compaq_Propriétaire.ORDINATEUR\Local Settings\Temporary Internet Files\Content.IE5\7GHZ1VPN\IMG00098714911567251832-JPG[2].EXE:*:Enabled:Microsoft Update
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Internet Explorer\iexplore.exe REG_SZ C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%ProgramFiles%\iTunes\iTunes.exe REG_SZ %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

===============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.orange.fr/portail

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3
EapHost : 0x2
SharedAccess : 0x2
wuauserv : 0x2

=========

=======
Drive :
=======

D‚fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

¤¤¤¤¤¤¤¤¤¤ Files/folders :

C:\Documents and Settings\All Users\Application Data\sysReserve.ini
C:\Program Files\Search Settings
C:\WINDOWS\Fonts\GRGAREF.TTF
C:\WINDOWS\system32\krl32mainweq.dll
C:\WINDOWS\System32\ps2.bat
C:\Documents and Settings\Compaq_Propri‚taire.ORDINATEUR\Application Data\wklnhst.dat
C:\Documents and Settings\Compaq_Propri‚taire.ORDINATEUR\Application Data\Search Settings

¤¤¤¤¤¤¤¤¤¤ Keys :

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
"HKLM\Software\Search Settings"
HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0B1AAC97-8563-41D9-AE47-58E6A222F0E1}

================
Other infections
================

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-26 15:08:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

disk error: C:\WINDOWS\system32\config\system, 1381
scanning hidden registry entries ...

disk error: C:\WINDOWS\system32\config\software, 1381
disk error: C:\Documents and Settings\Compaq_Propriétaire.ORDINATEUR\ntuser.dat, 1381
scanning hidden files ...

disk error: C:\WINDOWS\

please note that you need administrator rights to perform deep scan

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
kernel: MBR read successfully

==========
Programs
==========

Adobe
AdorageI-SAL
ATI Technologies
Avira
Brother
CCleaner
Common Files
ComPlus Applications
Crcle Developement
directx
Fichiers communs
Google
Havas Medimedia
Hewlett-Packard
Hp
InstallShield Installation Information
InstantTouch
Internet Explorer
Java
Kyodai
Learn2.com
List_Kill'em
Live-Prod
Logitech
ma-config.com
Malwarebytes' Anti-Malware
MediaInfo
Messenger
Messenger Plus! Live
Microsoft
Microsoft CAPICOM 2.1.0.2
microsoft frontpage
Microsoft Office
Microsoft Visual Studio
Microsoft Works
Microsoft.NET
Movie Maker
MSBuild
MSN
MSN Gaming Zone
MSN Messenger
MSN Toolbar Suite
MSXML 4.0
Navilog1
Nero
NetMeeting
OneMX
Outlook Express
QuickTime
ScanSoft
Search Settings
Services en ligne
SLD Codec Pack
SmartSound Software
TomTom DesktopSuite
TomTom HOME 2
TomTom International B.V
Trend Micro
Uninstall Information
VideoLAN
VirginMega
Windows Live
Windows Live SkyDrive
Windows Live Toolbar
Windows Media Connect 2
Windows Media Player
Windows NT
WindowsUpdate
WinRAR
WinZip
xerox

============
Lecteur C:
============

.rnd
AUTOEXEC.BAT
BOOT.BAK
boot.ini
Bootfont.bin
Brother
cleannavi.txt
cmdcons
cmldr
Config.Msi
CONFIG.SYS
Documents and Settings
Drivers
dxva.log
FindyKill.txt
hiberfil.sys
hp
INSTALL.LOG
IO.SYS
Kill'em
List'em.txt
MSDOS.SYS
MSOCache
NTDETECT.COM
ntldr
pagefile.sys
pmw
Program Files
Python22
rapport_clean.txt
RECYCLER
sqmdata00.sqm
sqmdata01.sqm
sqmdata02.sqm
sqmdata03.sqm
sqmdata04.sqm
sqmdata05.sqm
sqmdata06.sqm
sqmdata07.sqm
sqmdata08.sqm
sqmdata09.sqm
sqmdata10.sqm
sqmdata11.sqm
sqmdata12.sqm
sqmdata13.sqm
sqmdata14.sqm
sqmdata15.sqm
sqmdata16.sqm
sqmdata17.sqm
sqmdata18.sqm
sqmdata19.sqm
sqmnoopt00.sqm
sqmnoopt01.sqm
sqmnoopt02.sqm
sqmnoopt03.sqm
sqmnoopt04.sqm
sqmnoopt05.sqm
sqmnoopt06.sqm
sqmnoopt07.sqm
sqmnoopt08.sqm
sqmnoopt09.sqm
sqmnoopt10.sqm
sqmnoopt11.sqm
sqmnoopt12.sqm
sqmnoopt13.sqm
sqmnoopt14.sqm
sqmnoopt15.sqm
sqmnoopt16.sqm
sqmnoopt17.sqm
sqmnoopt18.sqm
sqmnoopt19.sqm
System Volume Information
system.sav
temp
UNWISE.EXE
updatedatfix.log
WINDOWS

¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials

C:\hp\bin\PE_Patch.exe
C:\hp\KBD\Install.exe
D:\I386\SYSTEM32\OwnerPatch.exe
D:\I386\Apps\APP31245\src\MSWorks\Install.exe
D:\MiniNT\system32\OwnerPatch.exe

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

0
Réponse 10 / 14
Utilisateur anonyme
 
REDEMARRE EN MODE SANS ECHEC

Relance List&Kill'em (clic droit pour vista),

mais cette fois-ci :

choisis l'option 2 = Mode Destruction
laisse travailler l'outil

apres les verifications , un rapport va s'ouvrir.

ferme-le.

un deuxieme rapport va s'ouvrir ,

colle son contenu dans ta reponse apres avoir redemarré en mode normal

a+
0
Réponse 11 / 14
robix62 Messages postés 1028 Statut Membre 62
 
bonne nouvelle, antivir s'est mis en route !

Kill'em by g3n-h@ckm@n 1.1.6.1

User : Compaq_Propriétaire () # ORDINATEUR
Update on 24/12/2009 by g3n-h@ckm@n ::::: 20:30
Start at: 15:29:13 | 26/12/2009
Contact : g3n-h@ckm@n sur CCM

AMD Sempron(tm) Processor 3200+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AntiMalware 1.0 [ Enabled | (!) Outdated ]
AV : AntiVir Desktop 9.0.1.32 [ (!) Disabled | (!) Outdated ]

C:\ -> Disque fixe local | 142,07 Go (113,15 Go free) [PRESARIO] | NTFS
D:\ -> Disque fixe local | 6,96 Go (3,47 Go free) [PRESARIO_RP] | FAT32
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe 124
C:\WINDOWS\system32\csrss.exe 188
C:\WINDOWS\system32\winlogon.exe 212
C:\WINDOWS\system32\services.exe 256
C:\WINDOWS\system32\lsass.exe 268
C:\WINDOWS\system32\svchost.exe 420
C:\WINDOWS\system32\svchost.exe 520
C:\WINDOWS\system32\svchost.exe 572
C:\WINDOWS\Explorer.EXE 992
C:\Program Files\List_Kill'em\List_Kill'em.exe 1128
C:\WINDOWS\system32\cmd.exe 1148
C:\WINDOWS\system32\wbem\wmiprvse.exe 1232
C:\Documents and Settings\Compaq_Propriétaire.ORDINATEUR\Local Settings\Temp\1.tmp\pv.exe 1300

Detections :
==========

¤¤¤¤¤¤¤¤¤¤ Files/folders :

"C:\Documents and Settings\All Users\Application Data\sysReserve.ini"
"C:\Program Files\Search Settings"
"C:\WINDOWS\Fonts\GRGAREF.TTF"
"C:\WINDOWS\system32\krl32mainweq.dll"
"C:\WINDOWS\system32\ps2.bat"
"C:\Documents and Settings\Compaq_Propri‚taire.ORDINATEUR\Application Data\Search Settings"

¤¤¤¤¤¤¤¤¤¤ Files/folders deleted :

Quarantine :

GRGAREF.TTF.Kill'em
krl32mainweq.dll.Kill'em
ps2.bat.Kill'em
Search Settings.Kill'em
sysReserve.ini.Kill'em

==============
host file OK !
==============

========
Registry
========
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe
Deleted : HKLM\Software\Search Settings
Deleted : HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0B1AAC97-8563-41D9-AE47-58E6A222F0E1}

============
Disk Cleaned
============

================
Prefetch cleaned
================

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

heuresement des gars comme toi existent

je fais une analyse antivirale et malwares bytes ?
0
Réponse 12 / 14
Utilisateur anonyme
  
heuresement des gars comme toi existent


==> Il vaut mieux remercier les créateurs des logs que je te fais utiliser !!!!

Relances COMBOFIX stp....

a+

0
Réponse 13 / 14
robix62 Messages postés 1028 Statut Membre 62
 
oui mais tu es là pour montrer aux gens comment s'en servir.

voilà le rapport

ComboFix 09-12-25.04 - Compaq_Propriétaire 26/12/2009 15:55:07.1.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1470.995 [GMT 1:00]
Lancé depuis: c:\documents and settings\Compaq_Propriétaire.ORDINATEUR\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-2487333236-1473022253-812145628-1008
c:\windows\system32\drivers\H8SRTwbiudjbpxo.sys
c:\windows\system32\H8SRTiqxmqbwukg.dat
c:\windows\system32\H8SRTskarcbrfto.dll
c:\windows\system32\krl32mainweq.dll
c:\windows\system32\srcr.dat

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_H8SRTd.sys
-------\Service_H8SRTd.sys

((((((((((((((((((((((((((((( Fichiers créés du 2009-11-26 au 2009-12-26 ))))))))))))))))))))))))))))))))))))
.

2009-12-26 14:28 . 2009-12-26 14:29 -------- d-----w- C:\Kill'em
2009-12-19 13:29 . 2009-12-19 13:29 579584 ----a-w- c:\windows\system32\dllcache\user32.dll
2009-12-19 13:24 . 2009-12-19 13:24 -------- d-----w- c:\windows\ERUNT
2009-12-19 13:13 . 2009-12-19 13:14 -------- d-----w- c:\program files\Navilog1
2009-12-19 13:12 . 2009-12-19 13:12 -------- d-----w- c:\windows\BDOSCAN8
2009-12-19 12:51 . 2009-12-19 12:51 -------- d-sh--w- c:\documents and settings\Administrateur\PrivacIE
2009-12-19 12:50 . 2009-12-19 12:50 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache
2009-12-19 12:44 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-19 12:44 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-19 12:44 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-19 12:44 . 2009-12-19 12:44 -------- d-----w- c:\program files\Avira
2009-12-19 12:44 . 2009-12-19 12:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-12-10 06:19 . 2009-12-10 06:19 -------- d-----w- c:\windows\Logs

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-26 14:36 . 2009-06-21 13:56 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-26 13:26 . 2009-10-17 13:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-19 17:02 . 2004-11-23 21:26 65602 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-19 17:02 . 2004-11-23 21:26 449740 ----a-w- c:\windows\system32\perfh00C.dat
2009-12-08 23:28 . 2008-11-23 13:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-03 15:14 . 2009-10-17 13:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 15:13 . 2009-10-17 13:40 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-22 12:13 . 2009-06-21 15:19 -------- d-----w- c:\program files\SLD Codec Pack
2009-11-22 11:46 . 2009-06-21 14:39 -------- d-----w- c:\program files\Messenger Plus! Live
2009-11-22 11:45 . 2009-06-21 14:33 -------- d-----w- c:\program files\Windows Live
2009-11-22 11:45 . 2009-11-22 11:45 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-22 11:36 . 2009-11-22 11:36 -------- d-----w- c:\program files\Trend Micro
2009-11-21 08:01 . 2005-01-01 21:29 -------- d-----w- c:\program files\Microsoft Works
2009-11-10 02:28 . 2009-11-10 02:28 -------- d-----w- c:\program files\Microsoft
2009-11-10 02:05 . 2009-11-10 02:05 -------- d-----w- c:\program files\Fichiers communs\Windows Live
2009-10-29 07:42 . 2004-08-05 18:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:39 . 2004-08-05 18:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:39 . 2004-08-05 18:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-05 18:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:33 . 2004-08-05 18:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:39 . 2004-08-05 18:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:39 . 2004-08-05 18:00 150528 ----a-w- c:\windows\system32\rastls.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-08-27 247144]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0\bin\jusched.exe" [2005-01-01 36972]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-08 344064]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-11 253952]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-03-10 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-03-10 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-01-01 98304]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Malwarebytes Anti-Malware (rootkit-scan)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-12-03 1394000]

c:\documents and settings\Compaq_Propri‚taire.ORDINATEUR\Menu D‚marrer\Programmes\D‚marrage\
Event Reminder.lnk - c:\pmw\PMREMIND.EXE [1997-11-3 254128]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package Menu.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Picture Package Menu.lnk
backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package VCD Maker.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Picture Package VCD Maker.lnk
backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^TMMonitor.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\TMMonitor.lnk
backup=c:\windows\pss\TMMonitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2004-12-14 00:23 663552 -c--a-w- c:\windows\CREATOR\Remind_XP.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [19/12/2009 13:44 108289]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [27/08/2009 16:05 92008]
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://orange.fr/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
.
- - - - ORPHELINS SUPPRIMES - - - -

MSConfigStartUp-Microsoft Update - livemessenger.com
MSConfigStartUp-PCDrProfiler - c:\program files\PC-Doctor 5 for Windows\RunProfiler.exe
MSConfigStartUp-SSC_UserPrompt - c:\program files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-26 16:01
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\EN]
@DACL=(02 0000)
"OnLineServicesDirName"="Online Services"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\FR]
@DACL=(02 0000)
"OnLineServicesDirName"="Services en ligne"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\MX]
@DACL=(02 0000)
"OnLineServicesDirName"="Servicios en línea"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\NL]
@DACL=(02 0000)
"OnLineServicesDirName"="Online Services"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\NW]
@DACL=(02 0000)
"OnLineServicesDirName"="Online tjenster"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\SP]
@DACL=(02 0000)
"OnLineServicesDirName"="Servicios en línea"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\SW]
@DACL=(02 0000)
"OnLineServicesDirName"="Online tjänster"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\UK]
@DACL=(02 0000)
"OnLineServicesDirName"="Online services"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\US]
@DACL=(02 0000)
"OnLineServicesDirName"="Online Services"

[HKEY_USERS\S-1-5-21-1398586816-982878119-291493348-1008\Software\Google\NavClient]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-1398586816-982878119-291493348-1008\Software\InterVideo\Common]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\DSP.DSP\CLSID]
@DACL=(02 0000)
@SACL=
@="{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}"

[HKEY_LOCAL_MACHINE\software\Classes\DSP.DSP\CurVer]
@DACL=(02 0000)
@SACL=
@="DSP.DSP.1"

[HKEY_LOCAL_MACHINE\software\Classes\DSP.DSPDMOProp_Chorus.1\CLSID]
@DACL=(02 0000)
@SACL=
@="{6F63B172-5543-4593-91CE-EDBA65B9FACDB}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\10.0]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Automenu]
@DACL=(02 0000)
@SACL=
"classid"="clsid:6B28F900-8D64-4B80-9963-CC52DDD1FBB4"
"visible"="false"
"tabstop"="false"
"width"="1"
"height"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\BalanceSlider]
@DACL=(02 0000)
@SACL=
"classid"="clsid:F2BF2C90-405F-11D3-BB39-00A0C93CA73A"
"toolTip"="res://wmploc.dll/RT_STRING/#1845"
"min"="-100"
"max"="100"
"value"="wmpprop:player.settings.balance"
"value_onchange"="player.settings.balance=value;"
"accName"="res://wmploc.dll/RT_STRING/#2112"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2108"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\browser]
@DACL=(02 0000)
@SACL=
"classid"="clsid:8856F961-340A-11D0-A96B-00C04FD705A2"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Button]
@DACL=(02 0000)
@SACL=
"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2114"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ButtonGroup]
@DACL=(02 0000)
@SACL=
"classid"="clsid:AE3B6831-25A9-11d3-BD41-00C04F6EA5AE"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\CloseButton]
@DACL=(02 0000)
@SACL=
"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
"upToolTip"="res://wmploc.dll/RT_STRING/#1812"
"onclick"="view.close();"
"accName"="res://wmploc.dll/RT_STRING/#2134"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2135"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\CurrentPositionText]
@DACL=(02 0000)
@SACL=
"classid"="clsid:DDDA102E-0E17-11D3-A2E2-00C04F79F88E"
"tabStop"="true"
"justification"="right"
"value"="wmpprop:player.controls.currentPositionString"
"accName"="res://wmploc.dll/RT_STRING/#2103"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\CustomSlider]
@DACL=(02 0000)
@SACL=
"classid"="clsid:95F45AA3-ED0A-11D2-BA67-0000F80855E6"
"cursor"="hand"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\DropDownPlaylist]
@DACL=(02 0000)
@SACL=
"classid"="clsid:5F9CFD93-8CAD-11d3-9A7E-00C04F8EFB70"
"playlistItemsVisible"="false"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\DurationText]
@DACL=(02 0000)
@SACL=
"classid"="clsid:DDDA102E-0E17-11D3-A2E2-00C04F79F88E"
"tabStop"="true"
"justification"="right"
"value"="wmpprop:player.currentMedia.DurationString"
"accName"="res://wmploc.dll/RT_STRING/#2104"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\EditBox]
@DACL=(02 0000)
@SACL=
"classid"="clsid:6342FCED-25EA-4033-BDDB-D049A14382D3"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Effects\Alchemy]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Effects\Ambience]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Effects\Bars]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Effects\Dotplane]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Effects\Plenoptic]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Effects\Spikes]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\EqualizerSettings]
@DACL=(02 0000)
@SACL=
"classid"="clsid:93EB32F5-87B1-45ad-ACC6-0F2483DB83BB"
"tabStop"="false"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\FFWDButton]
@DACL=(02 0000)
@SACL=
"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
"enabled"="wmpenabled:player.controls.fastforward"
"upToolTip"="res://wmploc.dll/RT_STRING/#1804"
"onclick"="player.controls.FastForward()"
"accName"="res://wmploc.dll/RT_STRING/#2120"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2121"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ImageButton]
@DACL=(02 0000)
@SACL=
"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
"cursor"="hand"
"accName"="res://wmploc.dll/RT_STRING/#2140"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ItemsPlaylist]
@DACL=(02 0000)
@SACL=
"classid"="clsid:5F9CFD93-8CAD-11d3-9A7E-00C04F8EFB70"
"backgroundcolor"="black"
"foregroundcolor"="white"
"columnsVisible"="false"
"columns"="name=Name;Duration=Time"
"dropDownVisible"="false"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\LibraryTree]
@DACL=(02 0000)
@SACL=
"classid"="clsid:D9DE732A-AEE9-4503-9D11-5605589977A8"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ListBox]
@DACL=(02 0000)
@SACL=
"classid"="clsid:FC1880CF-83B9-43A7-A066-C44CE8C82583"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\menu]
@DACL=(02 0000)
@SACL=
"classid"="clsid:BAB3768B-8883-4AEC-9F9B-E14C947913EF"
"visible"="false"
"tabstop"="false"
"width"="1"
"height"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\MinimizeButton]
@DACL=(02 0000)
@SACL=
"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
"upToolTip"="res://wmploc.dll/RT_STRING/#1811"
"onclick"="view.minimize();"
"accName"="res://wmploc.dll/RT_STRING/#2132"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2133"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\MuteButton]
@DACL=(02 0000)
@SACL=
"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
"upToolTip"="res://wmploc.dll/RT_STRING/#1807"
"downToolTip"="res://wmploc.dll/RT_STRING/#1808"
"sticky"="true"
"down"="wmpprop:player.settings.mute"
"onClick"="player.settings.mute=down;"
"accName"="res://wmploc.dll/RT_STRING/#2130"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2131"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\NextButton]
@DACL=(02 0000)
@SACL=
"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
"enabled"="wmpenabled:player.controls.next"
"upToolTip"="res://wmploc.dll/RT_STRING/#1806"
"onclick"="player.controls.Next()"
"accName"="res://wmploc.dll/RT_STRING/#2124"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2125"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\PauseButton]
@DACL=(02 0000)
@SACL=
"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
"enabled"="wmpenabled:player.controls.pause"
"upToolTip"="res://wmploc.dll/RT_STRING/#1801"
"onclick"="player.controls.pause()"
"accName"="res://wmploc.dll/RT_STRING/#2116"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2117"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\PlayButton]
@DACL=(02 0000)
@SACL=
"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
"enabled"="wmpenabled:player.controls.play"
"upToolTip"="res://wmploc.dll/RT_STRING/#1800"
"onclick"="player.controls.play()"
"accName"="res://wmploc.dll/RT_STRING/#2115"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2117"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Playlist]
@DACL=(02 0000)
@SACL=
"classid"="clsid:5F9CFD93-8CAD-11d3-9A7E-00C04F8EFB70"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\plugin]
@DACL=(02 0000)
@SACL=
"classid"="clsid:AA1AC37B-49A8-4B41-AF69-B0176C5FFC33"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\PopUp]
@DACL=(02 0000)
@SACL=
"classid"="clsid:FC1880CF-83B9-43A7-A066-C44CE8C82583"
"popup"="true"
"visible"="false"
"backgroundColor"="menu"
"foregroundColor"="menutext"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\PrevButton]
@DACL=(02 0000)
@SACL=
"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
"enabled"="wmpenabled:player.controls.previous"
"upToolTip"="res://wmploc.dll/RT_STRING/#1805"
"onclick"="player.controls.Previous()"
"accName"="res://wmploc.dll/RT_STRING/#2126"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2127"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ProgressBar]
@DACL=(02 0000)
@SACL=
"classid"="clsid:F2BF2C90-405F-11D3-BB39-00A0C93CA73A"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\RepeatButton]
@DACL=(02 0000)
@SACL=
"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
"upToolTip"="res://wmploc.dll/RT_STRING/#1816"
"downToolTip"="res://wmploc.dll/RT_STRING/#1817"
"sticky"="true"
"down"="jscript:player.settings.GetMode(\"loop\");"
"onClick"="player.settings.setMode(\"loop\", down);"
"accName"="res://wmploc.dll/RT_STRING/#2138"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2139"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ReturnButton]
@DACL=(02 0000)
@SACL=
"upToolTip"="res://wmploc.dll/RT_STRING/#1813"
"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
"onclick"="view.returnToMediaCenter();"
"accName"="res://wmploc.dll/RT_STRING/#2128"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2129"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\REWButton]
@DACL=(02 0000)
@SACL=
"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
"enabled"="wmpenabled:player.controls.fastreverse"
"upToolTip"="res://wmploc.dll/RT_STRING/#1803"
"onclick"="player.controls.FastReverse()"
"accName"="res://wmploc.dll/RT_STRING/#2122"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2123"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\SeekSlider]
@DACL=(02 0000)
@SACL=
"classid"="clsid:F2BF2C90-405F-11D3-BB39-00A0C93CA73A"
"toolTip"="res://wmploc.dll/RT_STRING/#1809"
"min"="0"
"max"="wmpprop:player.currentmedia.duration"
"value"="wmpprop:player.controls.currentposition"
"ondragend"="player.controls.currentposition=value;"
"foregroundProgress"="wmpprop:player.network.downloadProgress"
"useForegroundProgress"="true"
"accName"="res://wmploc.dll/RT_STRING/#2109"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2108"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ShuffleButton]
@DACL=(02 0000)
@SACL=
"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
"upToolTip"="res://wmploc.dll/RT_STRING/#1814"
"downToolTip"="res://wmploc.dll/RT_STRING/#1815"
"sticky"="true"
"down"="jscript:player.settings.GetMode(\"shuffle\");"
"onClick"="player.settings.setMode(\"shuffle\", down);"
"accName"="res://wmploc.dll/RT_STRING/#2136"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2137"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Slider]
@DACL=(02 0000)
@SACL=
"classid"="clsid:F2BF2C90-405F-11D3-BB39-00A0C93CA73A"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2108"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\StatusText]
@DACL=(02 0000)
@SACL=
"classid"="clsid:DDDA102E-0E17-11D3-A2E2-00C04F79F88E"
"tabStop"="true"
"value"="wmpprop:player.status"
"accName"="res://wmploc.dll/RT_STRING/#2102"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\StopButton]
@DACL=(02 0000)
@SACL=
"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
"enabled"="wmpenabled:player.controls.stop"
"upToolTip"="res://wmploc.dll/RT_STRING/#1802"
"onclick"="player.controls.stop()"
"accName"="res://wmploc.dll/RT_STRING/#2118"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2119"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\taskcenter]
@DACL=(02 0000)
@SACL=
"classid"="clsid:395BF287-6477-495f-8427-2C09A23C3248"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Text]
@DACL=(02 0000)
@SACL=
"classid"="clsid:DDDA102E-0E17-11D3-A2E2-00C04F79F88E"
"tabStop"="false"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\TrackNameText]
@DACL=(02 0000)
@SACL=
"classid"="clsid:DDDA102E-0E17-11D3-A2E2-00C04F79F88E"
"tabStop"="true"
"value"="wmpprop:player.currentmedia.name"
"accName"="res://wmploc.dll/RT_STRING/#2105"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Video]
@DACL=(02 0000)
@SACL=
"classid"="clsid:61CECF11-FC3A-11D2-A1CD-005004602752"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\VideoSettings]
@DACL=(02 0000)
@SACL=
"classid"="clsid:AE7BFAFE-DCC8-4a73-92C8-CC300CA88859"
"tabStop"="false"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\VolumeSlider]
@DACL=(02 0000)
@SACL=
"classid"="clsid:F2BF2C90-405F-11D3-BB39-00A0C93CA73A"
"min"="0"
"max"="100"
"value"="wmpprop:player.settings.volume"
"value_onchange"="if (value!=player.settings.volume){player.settings.volume=value;player.settings.mute=false;}"
"toolTip"="res://wmploc.dll/RT_STRING/#1810"
"accName"="res://wmploc.dll/RT_STRING/#2110"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2111"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\WMPEffects]
@DACL=(02 0000)
@SACL=
"classid"="clsid:47DEA830-D619-4154-B8D8-6B74845D6A2D"
"tabStop"="false"
"width"="250"
"height"="200"
"horizontalAlignment"="stretch"
"verticalAlignment"="stretch"
"currentEffectType"="wmpprop:mediacenter.effectType"
"currentPreset"="wmpprop:mediacenter.effectPreset"
"currentEffectType_onchange"="mediacenter.effectType = currentEffectType;"
"currentPreset_onchange"="mediacenter.effectPreset = currentPreset;"
"onclick"="next();"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\WMPVideo]
@DACL=(02 0000)
@SACL=
"classid"="clsid:61CECF11-FC3A-11D2-A1CD-005004602752"
"horizontalAlignment"="stretch"
"verticalAlignment"="stretch"
"zoom"="wmpprop:mediacenter.videoZoom"
"stretchToFit"="wmpprop:mediacenter.videoStretchToFit"
"backgroundColor"="black"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\services]
@DACL=(02 0000)
@SACL=
"NoServices"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Settings]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{0890F930-4F80-4646-BAB1-4B6E5571FB89}]
@DACL=(02 0000)
@SACL=
"Capabilities"=dword:00000004
"FriendlyName"="res://wmploc.dll/RT_STRING/#1491"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{1F32514F-1561-4922-A604-8A1F478B5A42}]
@DACL=(02 0000)
@SACL=
"Capabilities"=dword:00000004
"FriendlyName"="res://wmploc.dll/RT_STRING/#1495"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{52903d79-f993-4de6-8317-20c9c176d823}]
@DACL=(02 0000)
@SACL=
"Capabilities"=dword:00000004
"FriendlyName"="res://wmploc.dll/RT_STRING/#1496"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{59E7BF52-E5C9-4382-A39A-522DEE9AFDFD}]
@DACL=(02 0000)
@SACL=
"Capabilities"=dword:00000004
"FriendlyName"="res://wmploc.dll/RT_STRING/#1497"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{5DF031B7-6A37-42D9-8802-E27F4F224332}]
@DACL=(02 0000)
@SACL=
"Capabilities"=dword:00000003
"FriendlyName"="Viz Plug-in"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{5F4BB5C9-4652-489B-8601-EEC0C3C32E2E}]
@DACL=(02 0000)
@SACL=
"Capabilities"=dword:00000004
"FriendlyName"="res://wmploc.dll/RT_STRING/#1494"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{7F2B1D6B-1357-402C-A1C8-67E59583B41D}]
@DACL=(02 0000)
@SACL=
"Description"="Captions plugin description"
"Capabilities"=dword:000000f0
"FriendlyName"="Captions plugin name"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{93075F62-16B3-43EC-A53B-FFAD0E01D5E7}]
@DACL=(02 0000)
@SACL=
"Capabilities"=dword:00000003
"FriendlyName"="res://wmploc.dll/RT_STRING/#209"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{9695AEF9-9D03-4671-8F2F-FF49D1BB01C4}]
@DACL=(02 0000)
@SACL=
"Description"="Media Information description"
"Capabilities"=dword:00000005
"FriendlyName"="res://wmploc.dll/RT_STRING/#1407"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{976ABECA-93F7-4d81-9187-2A6137829675}]
@DACL=(02 0000)
@SACL=
"Capabilities"=dword:00000004
"FriendlyName"="res://wmploc.dll/RT_STRING/#1490"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{99DB05E3-F81E-4C8A-A252-F396306AB6FE}]
@DACL=(02 0000)
@SACL=
"Description"="Banner plugin description"
"Capabilities"=dword:000000f0
"FriendlyName"="Banner plugin name"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{9F9562EB-15B6-46C6-A7CB-0A66FC65130E}]
@DACL=(02 0000)
@SACL=
"Capabilities"=dword:00000004
"FriendlyName"="res://wmploc.dll/RT_STRING/#1493"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{9FA014E3-076F-4865-A73C-117131B8E292}]
@DACL=(02 0000)
@SACL=
"Capabilities"=dword:00000004
"FriendlyName"="res://wmploc.dll/RT_STRING/#1492"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{D5E49195-ED19-40fb-9EE0-E6625A808B77}]
@DACL=(02 0000)
@SACL=
"Capabilities"=dword:00000003
"FriendlyName"="Video Plug-in"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{E641D09E-E500-4c09-8260-F1CD7B902E9C}]
@DACL=(02 0000)
@SACL=
"FriendlyName"="WM View plugin name"
"Description"="WM View plugin description"
"Capabilities"=dword:000000f0

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{F24A1BC2-2331-4B91-8A13-5A549DA56E9D}]
@DACL=(02 0000)
@SACL=
"Capabilities"=dword:00000003
"FriendlyName"="Border Plug-in"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{FD981763-B6BB-4d51-9143-6D372A0ED56F}]
@DACL=(02 0000)
@SACL=
"FriendlyName"="res://wmploc.dll/RT_STRING/#5822"
"Description"="res://wmploc.dll/RT_STRING/#5823"
"Capabilities"=dword:00000003

[HKEY_LOCAL_MACHINE\software\Realtek\AlcMonitor]
@DACL=(02 0000)
@SACL=
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(548)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3468)
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\brss01a.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\Brmfrmps.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Heure de fin: 2009-12-26 16:05:47 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-12-26 15:05

Avant-CF: 119 843 999 744 octets libres
Après-CF: 120 433 590 272 octets libres

- - End Of File - - 77F241B7DAC766B5C54F81E0D1D77502
0
Réponse 14 / 14
Utilisateur anonyme
 
Ca commence à s'éclaircir.....

Fais une analyse rapide avec MBAM et colles le rapport stp...

a+
0

Discussions similaires

Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport
Utilisateur anonyme -
TomH. -

13 réponses
écrire un rapport de travail
asi -
REGINALD -

3 réponses
impossible d'afficher le tableau dynamique sur un rapport existant
Pierre -
Adrien71 -

3 réponses
Problém affichage du tableau croisé dynamique
BK -
Raymond PENTIER -

2 réponses
Theme de rapport de stage option comptabilité
sana saydou -
Raymond PENTIER -

2 réponses