Virus Msn resistant

Freak-Muah Messages postés 17 Statut Membre -  
 gen-hackman -
Bonjour,

je me permets de vous solliciter , j'ai choppé il y a quelques jours un virus via l'un de mes contacts msn.

Mon msn se déconecte seul de temps en temps, mes conversations plantes et ma webcam est inutilisable.

J'ai téléchargé Malwarebytes' Anti-Malware, et fais un scan.

Voilà le rapport:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4052

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

01/10/2010 21:29:18
mbam-log-2010-10-01 (21-29-18).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 121263
Temps écoulé: 23 minute(s), 18 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 8
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Recherche avec cherche.us (Redir.ChercheUs) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL (Hijack.StartPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL (Hijack.StartPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page_bak (Hijack.StartPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.SearchPage) -> Bad: (http://ww12.cherche.us Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.SearchPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.SearchPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.SearchPage) -> Bad: (http://www.cherche.us) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Je voudrais savoir ce que vous pensez de ce rapport car je ne m'y connais pas trop.
A priori mon msn remarche correctement mis appart les webcams, il m'est impossible d'activer ma webcam ou celle de mes contacts.
Je voudrais savoir si ça peut venir des 9 éléments infectés ou si quelque chose a été endommagé, ou encore si mon virus est toujours là.

Je vous remercie d'avance.

11 réponses

Résumé de la discussion

Une infection supposée après un contact MSN provoque des déconnexions, des plantages de conversations et une webcam inutilisable, tout en étant associée à un diagnostic Malwarebytes' Anti-Malware détectant des redirections et hijacks de navigateur. Le rapport signale des clés du registre IE modifiées (Default_Page_URL, Start Page) et des paramètres de recherche redirigeant vers cherche.us, désormais remplacés par google.com et mis en quarantaine. Pour avancer, plusieurs réponses abordent des étapes supplémentaires (partage du fichier rapport, tentative de mises à jour MBAM et vérifications complémentaires), sans consensus clair sur l'état persistant de l'infection. D'autres détails évoquent l'impossibilité d'activer la webcam et posent des questions sur l'origine des éléments détectés, mais aucune solution finale ne se dégage.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. gen-hackman
     
    bonsoir cetopic appartient à Freak-Muah , il serait bien qu'il le reste

    Merci , pour l'équité de la lecture du topic
    4
  2. gen-hackman
     
    hello pour avancer peux tu remettre le rapport more.txt sur ton bureau ?

    clique sur ce lien : http://www.cijoint.fr/

    ▶ Clique sur Parcourir et cherche le fichier ton bureau\more.txt

    ▶ Clique sur Ouvrir.

    ▶ Clique sur "Cliquez ici pour déposer le fichier".

    Un lien de cette forme :

    http://www.cijoint.fr/cjlink.php?file=265368/cijSKAP5fU.txt

    est ajouté dans la page.

    ▶ Copie ce lien dans ta réponse.
    1
    1. benurrr Messages postés 9766 Statut Contributeur sécurité 107
       
      merci gen-hackman d'etre passer

      comme tu voit ton outil a trouver des chose il manque plus que more txt je te passe la main

      freak-muah avec gen-hackman tu est entre de bonne main lui aussi c'est un contributeur sécurité est un bon
      0
    2. gen-hackman
       
      n'exagerons rien !!

      disons que je participe à la bonne marche des choses :)
      0
    3. freak-muah
       
      http://www.cijoint.fr/cjlink.php?file=cj201010/cijOyuWBFH.txt
      voilà :)

      Ouii sauvez moi !! XD
      0
    4. gen-hackman
       
      cette ligne n'existe plus dans List_Killl'em :

      ¤¤¤¤¤¤¤¤¤¤ LSA | Security Providers ¤¤¤¤¤¤¤¤¤¤

      il esxt pas a jour

      il faudrait cliquer sur update
      0
    5. Freak-Muah Messages postés 17 Statut Membre
       
      C'est a dire ? faire une mise à jour windows update ?
      0
  3. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    salut

    malwarbyte pas a jour et ta fait un scan rapide au lieu d'un scan complet qui beaucoup plus efficace
    0
  4. Freak-Muah Messages postés 17 Statut Membre
     
    Quand je cherche à faire la mise à jour ça me donne le message d'erreur suivant:

    Une erreur s'est produite. Veuillez transmettre ce code d'erreur à notre équipe de support:
    MBAM_ERROR_UPDATING(12150,0, WinHttpQueryHeaders)

    Je tente un scan complet sans la mise à jour ?
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    désinstalle ta version de malwarbyte via ajout et suppression de programme

    après va dans démarrer et après recherche tape malwarbyte et va dans l'onglet avance et coche les 3 première case et lance la recherche supprime tout se que tu trouve

    après

    télécharge

    http://www.malwarebytes.org/mbam/program/mbam-setup.exe

    a l'installation vérifie que mise a jour et lancer programme et scan complet sont bien cocher

    Une fois a jour, le programme va se lancer; clic sur l'onglet paramètre, et coche la case : "Arrêter internet explorer pendant la suppression".

    A la fin du scan clique sur Afficher les résultats

    Vérifier si tout est coché et clic Supprimer la sélection

    S'il t'es demandé de redémarrer >>> clique sur "Yes"

    Et tu poste le rapport générer
    0
  7. Freak-Muah Messages postés 17 Statut Membre
     
    J'ai suivis vos indications à la lettre, le scan est en train de se faire, j'attend.
    Mais à la fin de l'instalation ce message d'erreur a réaparu.
    0
    1. benurrr Messages postés 9766 Statut Contributeur sécurité 107
       
      quel message?
      0
  8. Freak-Muah Messages postés 17 Statut Membre
     
    Une erreur s'est produite. Veuillez transmettre ce code d'erreur à notre équipe de support:
    MBAM_ERROR_UPDATING(12150,0, WinHttpQueryHeaders)
    0
    1. benurrr Messages postés 9766 Statut Contributeur sécurité 107
       
      quelle parefeu tu utilise?
      0
    2. Freak-Muah Messages postés 17 Statut Membre
       
      sunbelt personal firewall
      0
    3. benurrr Messages postés 9766 Statut Contributeur sécurité 107
       
      sans doute le parefeu le bloque autorise mbam
      0
    4. Freak-Muah Messages postés 17 Statut Membre
       
      yep livebox
      0
    5. benurrr Messages postés 9766 Statut Contributeur sécurité 107
       
      sans doute le parefeu le bloque autorise mbam

      sa donne quoi maintenant après autorisation
      0
  9. freak-muah
     
    Bonjour,
    mon scan c'est terminé dans la nuit voilà le rapport:

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Version de la base de données: 4729

    Windows 6.0.6001 Service Pack 1
    Internet Explorer 7.0.6001.18000

    02/10/2010 02:13:05
    mbam-log-2010-10-02 (02-13-05).txt

    Type d'examen: Examen complet (C:\|E:\|F:\|H:\|)
    Elément(s) analysé(s): 304885
    Temps écoulé: 2 heure(s), 31 minute(s), 11 seconde(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 1

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\Users\MiMi\AppData\Roaming\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully.
    0
  10. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    Salut :

    DÉSACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRÉSENTS !!!!!(car il est détecte a tort comme infection)

    Télécharge ici :List_Kill'em de gen-hackman

    http://sd-4.archive-host.com/membres/up/829108531491024/Mes_Tools/List_Killem_Install.exe

    et enregistre le sur ton bureau

    si tu as XP => double clique
    si tu as Vista ou windows 7 => clic droit "exécuter en tant que...."

    sur le raccourci sur ton bureau pour lancer l'installation

    Laisse coché :

    Exécuter List_Kill'em

    une fois terminée , clic sur "terminer" et le programme se lancera seul

    Il commencera par télécharger et installer ses mises à jour , puis te donnera son menu

    choisis l'option Search

    laisse travailler l'outil

    il se peut qu'une boite de dialogue s'ouvre , dans ce cas clique sur "OK" ou "Agrée"

    à l'apparition de la fenêtre blanche , c'est un peu long , c'est normal ,c'est une recherche supplémentaire de fichiers cachés , le programme n'est pas bloqué.

    Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'écran "COMPLETED"
    0
  11. freak-muah
     
    Voilà le rapport:
    ¤¤¤¤¤¤¤¤¤¤ List'em by g3n-h@ckm@n 2.1.0.9 ¤¤¤¤¤¤¤¤¤¤

    User : MiMi (Administrateurs)
    Update on 02/10/2010 by g3n-h@ckm@n ::::: 14.00
    Start at: 16:57:24 | 02/10/2010

    Celeron(R) Dual-Core CPU T3000 @ 1.80GHz
    Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
    Internet Explorer 7.0.6002.18005
    Windows Firewall Status : Disabled
    FW : Sunbelt Personal Firewall[ Enabled ]4.6.1861 T

    C:\ -> Disque fixe local | 218,2 Go (89,25 Go free) [OS] | NTFS
    E:\ -> Disque fixe local | 14,65 Go (8,63 Go free) [RECOVERY] | NTFS
    F:\ -> Disque CD-ROM
    H:\ -> Disque CD-ROM

    Boot: Normal

    ¤¤¤¤¤¤ Processes ------- Memory(Ko) ------- Priority ------ Command ------- Signer

    C:\Windows\System32\smss.exe ---- 728 Ko ---- Normal ---- \SystemRoot\System32\smss.exe ----
    C:\Windows\system32\csrss.exe ---- 6304 Ko ---- Normal ---- C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ----
    C:\Windows\system32\wininit.exe ---- 3576 Ko ---- High ---- wininit.exe ----
    C:\Windows\system32\csrss.exe ---- 12276 Ko ---- Normal ---- C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ----
    C:\Windows\system32\services.exe ---- 5136 Ko ---- Normal ---- C:\Windows\system32\services.exe ----
    C:\Windows\system32\winlogon.exe ---- 5152 Ko ---- High ---- winlogon.exe ----
    C:\Windows\system32\lsass.exe ---- 2772 Ko ---- Normal ---- C:\Windows\system32\lsass.exe ----
    C:\Windows\system32\lsm.exe ---- 3956 Ko ---- Normal ---- C:\Windows\system32\lsm.exe ----
    C:\Windows\system32\svchost.exe ---- 6544 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k DcomLaunch ----
    C:\Windows\system32\svchost.exe ---- 6220 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k rpcss ----
    C:\Windows\System32\svchost.exe ---- 43000 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k secsvcs ----
    C:\Windows\System32\svchost.exe ---- 13108 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted ----
    C:\Windows\System32\svchost.exe ---- 76876 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted ----
    C:\Windows\system32\svchost.exe ---- 57468 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k netsvcs ----
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe ---- 5872 Ko ---- Normal ---- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe ----
    C:\Windows\system32\SLsvc.exe ---- 8828 Ko ---- Normal ---- C:\Windows\system32\SLsvc.exe ----
    C:\Windows\system32\svchost.exe ---- 11216 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k LocalService ----
    C:\Windows\system32\svchost.exe ---- 17708 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k NetworkService ----
    C:\Windows\System32\WLTRYSVC.EXE ---- 2492 Ko ---- Normal ---- C:\Windows\System32\WLTRYSVC.EXE C:\Windows\System32\bcmwltry.exe ----
    C:\Windows\System32\bcmwltry.exe ---- 19232 Ko ---- Normal ---- C:\Windows\System32\bcmwltry.exe ----
    C:\Windows\System32\spoolsv.exe ---- 8816 Ko ---- Normal ---- C:\Windows\System32\spoolsv.exe ----
    C:\Program Files\Avira\AntiVir Desktop\sched.exe ---- 1584 Ko ---- Normal ---- "C:\Program Files\Avira\AntiVir Desktop\sched.exe" ----
    C:\Windows\system32\svchost.exe ---- 15096 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork ----
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe ---- 1520 Ko ---- Normal ---- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe ----
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe ---- 17604 Ko ---- Normal ---- "C:\Program Files\Avira\AntiVir Desktop\avguard.exe" ----
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe ---- 3632 Ko ---- Normal ---- "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" ---- Apple Inc.
    C:\Program Files\Bonjour\mDNSResponder.exe ---- 4168 Ko ---- Normal ---- "C:\Program Files\Bonjour\mDNSResponder.exe" ---- Apple Inc.
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe ---- 5488 Ko ---- Normal ---- "C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe" ---- Intel Corporation
    C:\Windows\system32\svchost.exe ---- 4232 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted ----
    C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe ---- 2728 Ko ---- Normal ---- "C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe" ---- SUNBELT SOFTWARE DISTRIBUTION
    C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe ---- 23768 Ko ---- Normal ---- "C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe" ---- SUNBELT SOFTWARE DISTRIBUTION
    C:\Windows\system32\svchost.exe ---- 5616 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k imgsvc ----
    C:\Windows\System32\svchost.exe ---- 2144 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k WerSvcGroup ----
    C:\Windows\system32\SearchIndexer.exe ---- 18148 Ko ---- Normal ---- C:\Windows\system32\SearchIndexer.exe /Embedding ----
    C:\Windows\system32\RUNDLL32.EXE ---- 8200 Ko ---- Normal ---- RUNDLL32.EXE ykx32coinst,serviceStartProc ----
    C:\Windows\system32\taskeng.exe ---- 5084 Ko ---- Below Normal ---- taskeng.exe {61C9B5B1-0A0B-4509-9157-955C5B44BD9B} ----
    C:\Windows\system32\taskeng.exe ---- 9816 Ko ---- Normal ---- taskeng.exe {3C05EF1E-7933-4E51-BF61-CE9F70714D96} ----
    C:\Windows\system32\Dwm.exe ---- 49936 Ko ---- High ---- "C:\Windows\system32\Dwm.exe" ----
    C:\Windows\Explorer.EXE ---- 57528 Ko ---- Normal ---- C:\Windows\Explorer.EXE ----
    C:\Program Files\Windows Defender\MSASCui.exe ---- 14328 Ko ---- Normal ---- "C:\Program Files\Windows Defender\MSASCui.exe" -hide ---- Microsoft Windows
    C:\Program Files\DellTPad\Apoint.exe ---- 5348 Ko ---- Normal ---- "C:\Program Files\DellTPad\Apoint.exe" ----
    C:\Windows\System32\hkcmd.exe ---- 4296 Ko ---- Normal ---- "C:\Windows\System32\hkcmd.exe" ---- Intel Corporation
    C:\Windows\System32\igfxpers.exe ---- 4044 Ko ---- Normal ---- "C:\Windows\System32\igfxpers.exe" ---- Intel Corporation
    C:\Windows\System32\WLTRAY.EXE ---- 17516 Ko ---- Normal ---- "C:\Windows\System32\WLTRAY.EXE" ----
    C:\Program Files\Dell\QuickSet\quickset.exe ---- 9836 Ko ---- Normal ---- "C:\Program Files\Dell\QuickSet\quickset.exe" ---- Dell Inc.
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe ---- 5344 Ko ---- Normal ---- "C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe" ---- Intel Corporation
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe ---- 6904 Ko ---- Normal ---- "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" ---- CyberLink
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe ---- 5608 Ko ---- Normal ---- "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter ---- Dell Inc.
    C:\Program Files\iTunes\iTunesHelper.exe ---- 8200 Ko ---- Normal ---- "C:\Program Files\iTunes\iTunesHelper.exe" ---- Apple Inc.
    C:\Program Files\DellTPad\ApMsgFwd.exe ---- 3412 Ko ---- Normal ---- "C:\Program Files\DellTPad\ApMsgFwd.exe" -s{05FA8492-C047-4207-BE65-780D8591C113} ---- Alps Electric Co., LTD.
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe ---- 2252 Ko ---- Normal ---- "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min ----
    C:\Program Files\IDT\WDM\sttray.exe ---- 11804 Ko ---- Normal ---- "C:\Program Files\IDT\WDM\sttray.exe" ----
    C:\Program Files\Windows Sidebar\sidebar.exe ---- 21564 Ko ---- Normal ---- "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun ----
    C:\Program Files\DellTPad\HidFind.exe ---- 3292 Ko ---- Normal ---- "C:\Program Files\DellTPad\HidFind.exe" ----
    C:\Program Files\RocketDock\RocketDock.exe ---- 8776 Ko ---- Normal ---- "C:\Program Files\RocketDock\RocketDock.exe" ----
    C:\Windows\ehome\ehtray.exe ---- 1408 Ko ---- Normal ---- "C:\Windows\ehome\ehtray.exe" ----
    C:\Program Files\Windows Media Player\wmpnscfg.exe ---- 4572 Ko ---- Normal ---- "C:\Program Files\Windows Media Player\wmpnscfg.exe" ----
    C:\Program Files\DellTPad\Apntex.exe ---- 3772 Ko ---- Normal ---- "Apntex.exe" ----
    C:\Windows\system32\igfxsrvc.exe ---- 4976 Ko ---- Normal ---- C:\Windows\system32\igfxsrvc.exe -Embedding ---- Intel Corporation
    C:\Windows\ehome\ehmsas.exe ---- 3520 Ko ---- Normal ---- C:\Windows\ehome\ehmsas.exe -Embedding ----
    C:\Program Files\Windows Media Player\wmpnetwk.exe ---- 7768 Ko ---- Normal ---- "C:\Program Files\Windows Media Player\wmpnetwk.exe" ----
    C:\Windows\system32\wbem\wmiprvse.exe ---- 6300 Ko ---- Normal ---- C:\Windows\system32\wbem\wmiprvse.exe ----
    C:\Program Files\Windows Sidebar\sidebar.exe ---- 15996 Ko ---- Normal ---- C:\Program Files\Windows Sidebar\sidebar.exe /autoRun ----
    C:\Program Files\iPod\bin\iPodService.exe ---- 4968 Ko ---- Normal ---- "C:\Program Files\iPod\bin\iPodService.exe" ---- Apple Inc.
    C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe ---- 9532 Ko ---- Normal ---- "C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe" -g 11 ---- SUNBELT SOFTWARE DISTRIBUTION
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe ---- 5612 Ko ---- Normal ---- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe ---- Microsoft Corporation
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe ---- 436 Ko ---- Normal ---- "C:\Program Files\Dell Support Center\bin\sprtsvc.exe" /service /P DellSupportCenter ---- Dell Inc.
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE ---- 12072 Ko ---- Normal ---- "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" ---- Microsoft Corporation
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe ---- 2792 Ko ---- Normal ---- WLIDSvcM.exe 5208 ---- Microsoft Corporation
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe ---- 190232 Ko ---- Normal ---- "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" ---- Microsoft Corporation
    C:\Windows\system32\svchost.exe ---- 5300 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation ----
    C:\Program Files\Windows Live\Contacts\wlcomm.exe ---- 29788 Ko ---- Normal ---- "C:\Program Files\Windows Live\Contacts\wlcomm.exe" -Embedding ---- Microsoft Corporation
    C:\Program Files\Mozilla Firefox\firefox.exe ---- 109124 Ko ---- Normal ---- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "https://outlook.live.com/owa/" ---- Mozilla Corporation
    C:\Windows\servicing\TrustedInstaller.exe ---- 33492 Ko ---- Normal ---- C:\Windows\servicing\TrustedInstaller.exe ----
    C:\Windows\system32\taskeng.exe ---- 4012 Ko ---- Below Normal ---- taskeng.exe {61252CA7-62EF-4AE4-9395-588C01416F18} ----
    C:\Windows\system32\SearchProtocolHost.exe ---- 7948 Ko ---- Idle ---- "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe10_ Global\UsGthrCtrlFltPipeMssGthrPipe10 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" ----
    C:\Windows\system32\SearchFilterHost.exe ---- 6736 Ko ---- Idle ---- "C:\Windows\system32\SearchFilterHost.exe" 0 624 628 636 65536 632 ----
    C:\Windows\system32\conime.exe ---- 3712 Ko ---- Normal ---- C:\Windows\system32\conime.exe ----
    C:\Windows\system32\cmd.exe ---- 2500 Ko ---- Normal ---- C:\Windows\system32\cmd.exe /K List'em.bat ----
    C:\Windows\system32\DllHost.exe ---- 4384 Ko ---- Normal ---- C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} ----
    C:\Windows\system32\wbem\wmiprvse.exe ---- 8920 Ko ---- Normal ---- C:\Windows\system32\wbem\wmiprvse.exe ----
    C:\Program Files\List_Kill'em\pv.exe ---- 5888 Ko ---- Normal ---- pv -o"%f ---- %m Ko ---- %p ---- %l ---- %s" ----

    ¤¤¤¤¤¤¤¤¤¤ Keys "Run" ¤¤¤¤¤¤¤¤¤¤

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    Sidebar = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    RocketDock = "C:\Program Files\RocketDock\RocketDock.exe"
    msnmsgr = "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    ehTray.exe = C:\Windows\ehome\ehTray.exe
    WMPNSCFG = C:\Program Files\Windows Media Player\WMPNSCFG.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    Windows Defender = %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    Apoint = C:\Program Files\DellTPad\Apoint.exe
    IgfxTray = C:\Windows\system32\igfxtray.exe
    HotKeysCmds = C:\Windows\system32\hkcmd.exe
    Persistence = C:\Windows\system32\igfxpers.exe
    Broadcom Wireless Manager UI = C:\Windows\system32\WLTRAY.exe
    QuickSet = C:\Program Files\Dell\QuickSet\QuickSet.exe
    IAAnotif = C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    PDVDDXSrv = "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    Dell Webcam Central = "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    dellsupportcenter = "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
    QuickTime Task = "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
    Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    Adobe ARM = "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    avgnt = "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    SysTrayApp = %ProgramFiles%\IDT\WDM\sttray.exe

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

    ¤¤¤¤¤¤¤¤¤¤ Other System Keys ¤¤¤¤¤¤¤¤¤¤

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    BindDirectlyToPropertySetStorage = 0 (0x0)

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    AppInit_DLLS =

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    Shell = explorer.exe
    Userinit = C:\Windows\system32\userinit.exe,

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    ¤¤¤¤¤¤¤¤¤¤ ActivX | COM ¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D6F45B3-9043-443D-A792-115447494D24}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3C3901C5-3455-3E0A-A214-0B093A5070A6}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]

    ¤¤¤¤¤¤¤¤¤¤ BHO ¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

    ¤¤¤¤¤¤¤¤¤¤ DNS ¤¤¤¤¤¤¤¤¤¤

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{A8346070-0D80-4FE3-A720-5C03B10CA2AA}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{A8346070-0D80-4FE3-A720-5C03B10CA2AA}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{A8346070-0D80-4FE3-A720-5C03B10CA2AA}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

    ¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    Local Page = %SystemRoot%\system32\blank.htm
    Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    Default_Page_URL = https://www.google.com/?gws_rd=ssl
    Search Page = https://www.google.com/?gws_rd=ssl

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    Start Page = https://www.google.fr/?gws_rd=ssl
    Local Page = C:\Windows\system32\blank.htm
    Search Page = https://www.google.com/?gws_rd=ssl

    ¤¤¤¤¤ Proxy Internet Explorer

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    ProxyHttp1.1 = 1 (0x1)
    ProxyEnable = 0 (0x0)

    ¤¤¤¤¤¤¤¤¤¤ Proxy Firefox ¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤ TaskCache ¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\Apple]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\Google Software Updater]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\Launch BCM WLAN Tray]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\Microsoft]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\User_Feed_Synchronization-{8531E5CD-4425-4530-B072-CDC2DC5D96D4}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{18AEBFBD-44D3-49F0-8A88-CC8FF14E86D0}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{1B656697-3F9D-44B8-AB7A-C820017EF1B6}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{55A9D56D-88FC-4CDB-8696-A5368C0DE064}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{6121B5C2-B28A-49D3-BAE3-7F8D5627196F}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{AF8FB482-9383-4BC7-9B99-921AC2F3EF33}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{BF6DF284-AE8B-48DD-A965-D84FB1FA57CD}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{EF3B7729-D70A-44FE-A896-113109BEC7FE}]

    ¤¤¤¤¤¤¤¤¤¤ IFEO ¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AcroRd32.exe]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DllNXOptions]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IEInstal.exe]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iexplore.exe]

    ¤¤¤¤¤¤¤¤¤¤ File Protection ¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Windows File Protection]
    KnownDllList = nlhtml.dll

    ¤¤¤¤¤¤¤¤¤¤ Safemode ¤¤¤¤¤¤¤¤¤¤

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!

    ¤¤¤¤¤¤¤¤¤¤ Atapi.sys ¤¤¤¤¤¤¤¤¤¤

    [MD5.1f05b78ab91c9075565a9d8a4b880bc4] - C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
    [MD5.0d83c87a801a3dfcd1bf73893fe7518c] - C:\Windows\System32\drivers\atapi.sys
    [MD5.0d83c87a801a3dfcd1bf73893fe7518c] - C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
    [MD5.1f05b78ab91c9075565a9d8a4b880bc4] - C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
    [MD5.4f4fcb8b6ea06784fb6d475b7ec7300f] - C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
    [MD5.2d9c903dc76a66813d350a562de40ed9] - C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
    [MD5.2d9c903dc76a66813d350a562de40ed9] - C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
    [MD5.0d83c87a801a3dfcd1bf73893fe7518c] - C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
    [MD5.96dc4e1a9f90ccd489950a8935425c59] - C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
    [MD5.1f05b78ab91c9075565a9d8a4b880bc4] - C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

    ¤¤¤¤¤ Reference

    Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
    Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
    Win XP_32b : a64013e98426e1877cb653685c5c0009
    Win XP_SP1_32b : 95b858761a00e1d4f81f79a0da019aca
    Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
    Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
    Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
    Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
    Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
    Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
    Windows 7_32b : 338c86357871c167a96ab976519bf59e
    Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C

    ¤¤¤¤¤¤¤¤¤¤ Explorer ¤¤¤¤¤¤¤¤¤¤

    [MD5.d07d4c3038f3578ffce1c0237f2a1253] - C:\Windows\explorer.exe
    [MD5.d07d4c3038f3578ffce1c0237f2a1253] - C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
    [MD5.37440d09deae0b672a04dccf7abf06be] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
    [MD5.e7156b0b74762d9de0e66bdcde06e5fb] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
    [MD5.ffa764631cb70a30065c12ef8e174f9f] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
    [MD5.4f554999d7d5f05daaebba7b5ba1089d] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
    [MD5.50ba5850147410cde89c523ad3bc606e] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
    [MD5.d07d4c3038f3578ffce1c0237f2a1253] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe

    ¤¤¤¤¤¤¤¤¤¤ Winlogon ¤¤¤¤¤¤¤¤¤¤

    [MD5.898e7c06a350d4a1a64a9ea264d55452] - C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
    [MD5.898e7c06a350d4a1a64a9ea264d55452] - C:\Windows\System32\winlogon.exe
    [MD5.c2610b6bdbefc053bbdab4f1b965cb24] - C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
    [MD5.898e7c06a350d4a1a64a9ea264d55452] - C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

    ¤¤¤¤¤¤¤¤¤¤ Drive ¤¤¤¤¤¤¤¤¤¤

    D'fragmenteur de disque Windows
    Copyright (c) 2006 Microsoft Corp.

    Rapport d'analyse pour le volume C: OS

    Taille du volume = 218 Go
    Espace libre = 89.25 Go
    tendue d'espace libre la plus grande = 46.21 Go
    Pourcentage de fragmentation des fichiers = 1 %

    Remarqueÿ: sur les volumes NTFS, les fragments de fichiers de plus de 64ÿMo ne sont pas inclus dans les statistiques de fragmentation.

    Il n'est pas n'cessaire de d'fragmenter ce volume.

    ¤¤¤¤¤¤¤¤¤¤ Mountpoints2 ¤¤¤¤¤¤¤¤¤¤

    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d2a26da-6b03-11de-b9e4-806e6f6e6963}\shell\autorun
    @ = Installer or exécuter un programme
    SetWorkingDirectoryFromTarget =
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d2a26da-6b03-11de-b9e4-806e6f6e6963}\shell\autorun\command
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d2a26da-6b03-11de-b9e4-806e6f6e6963}\shell\autorun\command
    @ = F:\Install.exe
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d44c6e81-9d40-11de-9a74-0025643efa8e}\shell\autorun
    @ = Installer or exécuter un programme
    SetWorkingDirectoryFromTarget =
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d44c6e81-9d40-11de-9a74-0025643efa8e}\shell\autorun\command
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d44c6e81-9d40-11de-9a74-0025643efa8e}\shell\autorun\command
    @ = G:\LaunchU3.exe -a

    ¤¤¤¤¤¤¤¤¤¤ First Scan ¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤

    [HKEY_CURRENT_USER\software\7-Zip]
    [HKEY_CURRENT_USER\software\Adobe]
    [HKEY_CURRENT_USER\software\Alps]
    [HKEY_CURRENT_USER\software\AppDataLow]
    [HKEY_CURRENT_USER\software\Apple Computer, Inc.]
    [HKEY_CURRENT_USER\software\Avira]
    [HKEY_CURRENT_USER\software\BitTorrent]
    [HKEY_CURRENT_USER\software\Broadcom]
    [HKEY_CURRENT_USER\software\CDDB]
    [HKEY_CURRENT_USER\software\Clients]
    [HKEY_CURRENT_USER\software\Conduit]
    [HKEY_CURRENT_USER\software\CoreAAC]
    [HKEY_CURRENT_USER\software\Creative Tech]
    [HKEY_CURRENT_USER\software\CyberLink]
    [HKEY_CURRENT_USER\software\Dell]
    [HKEY_CURRENT_USER\software\DT Soft]
    [HKEY_CURRENT_USER\software\DVDVideoSoft]
    [HKEY_CURRENT_USER\software\ej-technologies]
    [HKEY_CURRENT_USER\software\G&G Software]
    [HKEY_CURRENT_USER\software\Gabest]
    [HKEY_CURRENT_USER\software\Google]
    [HKEY_CURRENT_USER\software\IDT]
    [HKEY_CURRENT_USER\software\IGA]
    [HKEY_CURRENT_USER\software\IM Providers]
    [HKEY_CURRENT_USER\software\Intel]
    [HKEY_CURRENT_USER\software\JavaSoft]
    [HKEY_CURRENT_USER\software\KMPlayer]
    [HKEY_CURRENT_USER\software\L0pht Holdings LLC]
    [HKEY_CURRENT_USER\software\Local AppWizard-Generated Applications]
    [HKEY_CURRENT_USER\software\LogMeIn]
    [HKEY_CURRENT_USER\software\Macromedia]
    [HKEY_CURRENT_USER\software\Malwarebytes' Anti-Malware]
    [HKEY_CURRENT_USER\software\Microsoft]
    [HKEY_CURRENT_USER\software\Mozilla]
    [HKEY_CURRENT_USER\software\Netscape]
    [HKEY_CURRENT_USER\software\ODBC]
    [HKEY_CURRENT_USER\software\Pinnacle Systems]
    [HKEY_CURRENT_USER\software\Policies]
    [HKEY_CURRENT_USER\software\RocketDock]
    [HKEY_CURRENT_USER\software\Samsung]
    [HKEY_CURRENT_USER\software\Samsung PC Studio]
    [HKEY_CURRENT_USER\software\Skype]
    [HKEY_CURRENT_USER\software\Softonic]
    [HKEY_CURRENT_USER\software\Software FX, Inc.]
    [HKEY_CURRENT_USER\software\Sunbelt Software]
    [HKEY_CURRENT_USER\software\SupportSoft]
    [HKEY_CURRENT_USER\software\Winamp]
    [HKEY_CURRENT_USER\software\WinRAR SFX]
    [HKEY_CURRENT_USER\software\Yahoo]
    [HKEY_CURRENT_USER\software\Zyrax Software]
    [HKEY_CURRENT_USER\software\Classes]

    [HKEY_LOCAL_MACHINE\software\7-Zip]
    [HKEY_LOCAL_MACHINE\software\781]
    [HKEY_LOCAL_MACHINE\software\A-Patch]
    [HKEY_LOCAL_MACHINE\software\Adobe]
    [HKEY_LOCAL_MACHINE\software\Alps]
    [HKEY_LOCAL_MACHINE\software\America Online]
    [HKEY_LOCAL_MACHINE\software\Apple Computer, Inc.]
    [HKEY_LOCAL_MACHINE\software\Apple Inc.]
    [HKEY_LOCAL_MACHINE\software\ATI Technologies]
    [HKEY_LOCAL_MACHINE\software\Avira]
    [HKEY_LOCAL_MACHINE\software\BcmSetup]
    [HKEY_LOCAL_MACHINE\software\Broadcom]
    [HKEY_LOCAL_MACHINE\software\CDDB]
    [HKEY_LOCAL_MACHINE\software\Citrix]
    [HKEY_LOCAL_MACHINE\software\Classes]
    [HKEY_LOCAL_MACHINE\software\Clients]
    [HKEY_LOCAL_MACHINE\software\Conduit]
    [HKEY_LOCAL_MACHINE\software\Creative]
    [HKEY_LOCAL_MACHINE\software\Creative Tech]
    [HKEY_LOCAL_MACHINE\software\CyberLink]
    [HKEY_LOCAL_MACHINE\software\Cygnus Solutions]
    [HKEY_LOCAL_MACHINE\software\Dell]
    [HKEY_LOCAL_MACHINE\software\Dell Computer Corporation]
    [HKEY_LOCAL_MACHINE\software\DT Soft]
    [HKEY_LOCAL_MACHINE\software\DVDVideoSoft]
    [HKEY_LOCAL_MACHINE\software\ej-technologies]
    [HKEY_LOCAL_MACHINE\software\GEAR Software]
    [HKEY_LOCAL_MACHINE\software\Google]
    [HKEY_LOCAL_MACHINE\software\IDT]
    [HKEY_LOCAL_MACHINE\software\InstalledOptions]
    [HKEY_LOCAL_MACHINE\software\Intel]
    [HKEY_LOCAL_MACHINE\software\InterVideo]
    [HKEY_LOCAL_MACHINE\software\JavaSoft]
    [HKEY_LOCAL_MACHINE\software\JDownloader]
    [HKEY_LOCAL_MACHINE\software\Licenses]
    [HKEY_LOCAL_MACHINE\software\Macromedia]
    [HKEY_LOCAL_MACHINE\software\Macrovision]
    [HKEY_LOCAL_MACHINE\software\magnet]
    [HKEY_LOCAL_MACHINE\software\Malwarebytes' Anti-Malware]
    [HKEY_LOCAL_MACHINE\software\McAfee.com]
    [HKEY_LOCAL_MACHINE\software\MCCI]
    [HKEY_LOCAL_MACHINE\software\MediaCoder]
    [HKEY_LOCAL_MACHINE\software\Microsoft]
    [HKEY_LOCAL_MACHINE\software\MicroVision]
    [HKEY_LOCAL_MACHINE\software\Mozilla]
    [HKEY_LOCAL_MACHINE\software\Mozilla Firefox 3.0.4]
    [HKEY_LOCAL_MACHINE\software\mozilla.org]
    [HKEY_LOCAL_MACHINE\software\MozillaPlugins]
    [HKEY_LOCAL_MACHINE\software\ODBC]
    [HKEY_LOCAL_MACHINE\software\PC-Doctor]
    [HKEY_LOCAL_MACHINE\software\PegasusImaging]
    [HKEY_LOCAL_MACHINE\software\PhotoFiltre Studio]
    [HKEY_LOCAL_MACHINE\software\Pinnacle Systems]
    [HKEY_LOCAL_MACHINE\software\PKR]
    [HKEY_LOCAL_MACHINE\software\Policies]
    [HKEY_LOCAL_MACHINE\software\RegisteredApplications]
    [HKEY_LOCAL_MACHINE\software\Roxio]
    [HKEY_LOCAL_MACHINE\software\Samsung]
    [HKEY_LOCAL_MACHINE\software\Samsung Electronics Co., Ltd.]
    [HKEY_LOCAL_MACHINE\software\Simply Super Software]
    [HKEY_LOCAL_MACHINE\software\Skype]
    [HKEY_LOCAL_MACHINE\software\Software FX, Inc.]
    [HKEY_LOCAL_MACHINE\software\Sonic]
    [HKEY_LOCAL_MACHINE\software\StepMania]
    [HKEY_LOCAL_MACHINE\software\Sunbelt Software]
    [HKEY_LOCAL_MACHINE\software\SupportSoft]
    [HKEY_LOCAL_MACHINE\software\VDownloader]
    [HKEY_LOCAL_MACHINE\software\VideoLAN]
    [HKEY_LOCAL_MACHINE\software\WinPcap]
    [HKEY_LOCAL_MACHINE\software\WOW6432Node]
    [HKEY_LOCAL_MACHINE\software\X-AVCSD]
    [HKEY_LOCAL_MACHINE\software\Yahoo]

    ¤¤¤¤¤¤¤¤¤¤ Files/folders ¤¤¤¤¤¤¤¤¤¤

    Present !! : C:\ProgramData\LauncherAccess.dt
    Present !! : C:\ProgramData\LauncherAccess.dt
    Present !! : C:\ProgramData\LauncherAccess.dt
    Present !! : C:\ProgramData\LauncherAccess.dt
    Present !! : C:\Program Files\WinPCap
    Present !! : C:\Windows\DUMP2b82.tmp
    Present !! : C:\Windows\System32\drivers\etc\hosts.msn
    Present !! : C:\Windows\Temp\DMI563A.tmp
    Present !! : C:\Windows\Temp\DMI9FA8.tmp
    Present !! : C:\Windows\Temp\DMIC11C.tmp
    Present !! : C:\Windows\Temp\HxAB7B.tmp
    Present !! : C:\Windows\Temp\si1D5A.tmp
    Present !! : C:\Windows\Temp\si3265.tmp
    Present !! : C:\Windows\Temp\si3B6A.tmp
    Present !! : C:\Windows\Temp\si6B21.tmp
    Present !! : C:\Windows\Temp\si6B84.tmp
    Present !! : C:\Windows\Temp\si8738.tmp
    Present !! : C:\Windows\Temp\si8C8F.tmp
    Present !! : C:\Windows\Temp\si8CE3.tmp
    Present !! : C:\Windows\Temp\si9D95.tmp
    Present !! : C:\Windows\Temp\siDC21.tmp
    Present !! : C:\Windows\Temp\siDC79.tmp
    Present !! : C:\Windows\Temp\siE0CC.tmp
    Present !! : C:\Windows\Temp\siF6AD.tmp
    Present !! : C:\Windows\Temp\siFB00.tmp
    Present !! : C:\Users\MiMi\AppData\Local\d3d9caps.dat
    Present !! : C:\Users\MiMi\AppData\Local\GDIPFONTCACHEV1.DAT
    Present !! : C:\Users\MiMi\Local Settings\Temp\8C7.tmp
    Present !! : C:\Users\MiMi\Local Settings\Temp\alm.log
    Present !! : C:\Users\MiMi\Local Settings\Temp\amt.log
    Present !! : C:\Users\MiMi\LOCAL Settings\Temp\FP_PL_PFS_INSTALLER.exe
    Present !! : C:\Users\MiMi\LOCAL Settings\Temp\MsgPlusUninstall.exe
    Present !! : C:\Users\MiMi\LOCAL Settings\Temp\ose00000.exe
    Present !! : C:\Users\MiMi\LOCAL Settings\Temp\Update_dabf.exe
    Present !! : C:\Users\MiMi\LOCAL Settings\Temp\wlsetup-cvr.exe

    ¤¤¤¤¤¤¤¤¤¤ Keys :

    Present !! : HKCU\Software\Conduit
    Present !! : HKLM\Software\Conduit
    Present !! : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NPF
    Present !! : HKLM\SYSTEM\CurrentControlSet\Services\NPF
    Present !! : HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_NPF
    Present !! : HKLM\SYSTEM\ControlSet001\Services\NPF
    Present !! : HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_NPF
    Present !! : HKLM\SYSTEM\ControlSet003\Services\NPF

    FEATURE_BROWSER_EMULATION | svchost :
    ====================================

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-10-02 18:13:58
    Windows 6.0.6002 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys spoc.sys hal.dll >>UNKNOWN [0x85099938]<<
    kernel: MBR read successfully
    user & kernel MBR OK

    ¤¤¤¤¤¤¤¤¤¤ Programs ¤¤¤¤¤¤¤¤¤¤

    7-Zip 4.65
    AHV content for Acrobat and Flash 1
    Adobe After Effects CS3 Presets 8
    Adobe Anchor Service CS3 1.0
    Adobe Asset Services CS3 3
    Adobe Bridge CS3 2
    Adobe Bridge Start Meeting 1.0
    Adobe BridgeTalk Plugin CS3 1.0
    Adobe CMaps 1.0
    Adobe Camera Raw 4.0 4.0
    Adobe Color - Photoshop Specific 1.0
    Adobe Color Common Settings 1.0
    Adobe Color EU Recommended Settings 1.0
    Adobe Color JA Extra Settings 1.0
    Adobe Color NA Extra Settings 1.0
    Adobe Creative Suite 3 Master Collection 1.0
    Adobe Default Language CS3 1.0
    Adobe Device Central CS3 1.0
    Adobe ExtendScript Toolkit 2 2.0
    Adobe Extension Manager CS3 1.8
    Adobe Flash Player 10 ActiveX 10.0.45.2
    Adobe Flash Player 10 Plugin 10.1.82.76
    Adobe Fonts All 1.0
    Adobe Help Viewer CS3 1
    Adobe InDesign CS3 Icon Handler 5.0
    Adobe Linguistics CS3 3.0.0
    Adobe MotionPicture Color Files 1.0
    Adobe PDF Library Files 8.0
    Adobe Photoshop CS3 10
    Adobe Reader 9.3.4 - Français 9.3.4
    Adobe SING CS3 0.1
    Adobe Setup 1.0
    Adobe Stock Photos CS3 1.5
    Adobe Type Support 1.0
    Adobe Update Manager CS3 5.1.0
    Adobe Version Cue CS3 Client 3
    Adobe Video Profiles 1.0
    Adobe WAS CS3 1.0
    Adobe WinSoft Linguistics Plugin 1.0
    Adobe XMP DVA Panels CS3 1.0
    Adobe XMP Panels CS3 1.0
    Advanced Audio FX Engine 1.12.05
    Ajouter ou supprimer Adobe Creative Suite 3 Master Collection 1.0
    Apple Mobile Device Support 2.5.2.2
    Apple Software Update 2.1.1.116
    Avira AntiVir Personal - Free Antivirus
    Bonjour 1.0.106
    Cisco EAP-FAST Module 2.1.6
    Cisco LEAP Module 1.0.12
    Cisco PEAP Module 1.0.13
    D3DX10 15.0.1166.623
    Dell Edoc Viewer 1.0.0
    Dell Getting Started Guide 1.00.0000
    Dell Support Center (Logiciel de support) 2.2.09085
    Dell Touchpad 7.4.115.101
    Dell Webcam Central 1.20.10
    Dell Wireless WLAN Card Utility 5.10.38.30
    Dell-eBay 1.00.0000
    GoToAssist 8.0.0.514
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) 1
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) 1
    Integrated Webcam Driver (1.02.01.0320) 1.02.01.0320
    Intel(R) TV Wizard
    Intel® Matrix Storage Manager
    JDownloader 0.89
    Java(TM) 6 Update 13 6.0.130
    List_Kill'em
    Live! Cam Avatar Creator 4.6.2303.1
    MSVCRT 15.4.2862.0708
    MSXML 4.0 SP2 (KB954430) 4.20.9870.0
    MSXML 4.0 SP2 (KB973688) 4.20.9876.0
    MagicPDF 2.01
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 3.5 Language Pack SP1 - fra 3.5.30729
    Microsoft .NET Framework 3.5 SP1 3.5.30729
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile 4.0.30319
    Microsoft .NET Framework 4 Client Profile 4.0.30319
    Microsoft .NET Framework 4 Client Profile FRA Language Pack 4.0.30319
    Microsoft Application Error Reporting 12.0.6012.5000
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (French) 2007 12.0.6425.1000
    Microsoft Office Excel MUI (French) 2007 12.0.6425.1000
    Microsoft Office InfoPath MUI (French) 2007 12.0.6425.1000
    Microsoft Office Outlook MUI (French) 2007 12.0.6425.1000
    Microsoft Office PowerPoint MUI (French) 2007 12.0.6425.1000
    Microsoft Office PowerPoint Viewer 2007 (French) 12.0.6425.1000
    Microsoft Office Professional Plus 2007 12.0.6425.1000
    Microsoft Office Professional Plus 2007 12.0.6425.1000
    Microsoft Office Proof (Arabic) 2007 12.0.6425.1000
    Microsoft Office Proof (Dutch) 2007 12.0.6425.1000
    Microsoft Office Proof (English) 2007 12.0.6425.1000
    Microsoft Office Proof (French) 2007 12.0.6425.1000
    Microsoft Office Proof (German) 2007 12.0.6425.1000
    Microsoft Office Proof (Spanish) 2007 12.0.6425.1000
    Microsoft Office Proofing (French) 2007 12.0.4518.1014
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (French) 2007 12.0.6425.1000
    Microsoft Office Shared MUI (French) 2007 12.0.6425.1000
    Microsoft Office Word MUI (French) 2007 12.0.6425.1000
    Microsoft Silverlight 4.0.50917.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable 8.0.56336
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 9.0.30729
    Microsoft Works 9.7.0621
    Mise à jour Microsoft Office Excel 2007 Help (KB963678)
    Mise à jour Microsoft Office Outlook 2007 Help (KB963677)
    Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)
    Mise à jour Microsoft Office Word 2007 Help (KB963665)
    Module de compatibilité pour Microsoft Office System 2007 12.0.6425.1000
    Module linguistique Microsoft .NET Framework 3.5 SP1- fra
    Module linguistique Microsoft .NET Framework 4 Client Profile FRA 4.0.30319
    Mozilla Firefox (3.6.10) 3.6.10 (fr)
    Outil de mise à jour Google 2.4.1698.5652
    PDF Settings 1.0
    PKR
    PhotoFiltre Studio
    PowerDVD DX 8.2.5024
    QuickSet 9.2.17
    QuickTime 7.62.14.0
    RocketDock 1.3.5
    Roxio Creator Audio 3.7.0
    Roxio Creator Copy 3.7.0
    Roxio Creator DE 3.7.0
    Roxio Creator DE 10.1
    Roxio Creator Data 3.7.0
    Roxio Creator Tools 3.7.0
    Roxio Express Labeler 3 3.2.1
    Roxio Update Manager 6.0.0
    SAMSUNG Mobile Composite Device Software
    SAMSUNG Mobile Modem Driver Set
    SAMSUNG Mobile USB Modem 1.0 Software
    SAMSUNG Mobile USB Modem Software
    Samsung Mobile phone USB driver Software
    Samsung PC Studio 3 3.2.2.80405
    Samsung PC Studio 3 3.0.0.80405
    Samsung PC Studio 3 USB Driver Installer 3.2.0.70701
    Security Update for 2007 Microsoft Office System (KB2277947)
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for 2007 Microsoft Office System (KB982312)
    Security Update for 2007 Microsoft Office System (KB982331)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB982308)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office Outlook 2007 (KB2288953)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office Publisher 2007 (KB982124)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2251419)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Segoe UI 15.4.2271.0615
    Skype? 4.2 4.2.163
    StepMania (remove only)
    Sunbelt Personal Firewall 4.6.1861.0
    The KMPlayer v2.9.4.1434 FR
    Uninstall 1.0.0.1
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707) 1
    Update for Outlook 2007 Junk Email Filter (kb2291599)
    VDownloader 1.0
    VDownloader 2.9.443
    VLC media player 1.1.0 1.1.0
    WinPcap 4.0.2 4.0.0.1040
    Windows Live Bêta 15.4.3001.0809
    Windows Live Bêta 15.4.3001.0809
    Windows Live Communications Platform 15.4.3001.0809
    Windows Live ID Sign-in Assistant 7.250.4204.0
    Windows Live Installer 15.4.3001.0809
    Windows Live Messenger 15.4.3002.0810
    Windows Live Messenger 15.4.3002.0810
    Windows Live OneCare safety scanner 1.0.0.0
    Windows Live OneCare safety scanner
    Windows Live PIMT Platform 15.4.3002.0810
    Windows Live Photo Common 15.4.3002.0810
    Windows Live Photo Common Beta 15.4.3002.0810
    Windows Live SOXE 15.4.3001.0809
    Windows Live SOXE Definitions 15.4.3001.0809
    Windows Live Sync 14.0.8050.1202
    Windows Live UX Platform 15.4.3001.0809
    Windows Live UX Platform Language Pack 15.4.3001.0809
    iTunes 8.2.1.6
    µTorrent 2.0.0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    cval = 1 (0x1)

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    End of scan : 18:15:15,41
    0
  12. gen-hackman
     
    si tu as XP => double clique
    si tu as Vista ou windows 7 => clic droit "executer en tant que...."


    ▶ Relance List_Kill'em,avec le raccourci sur ton bureau.

    mais cette fois-ci :

    ▶ choisis l'Option Clean

    laisse travailler l'outil.

    en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,

    ▶ colle le contenu dans ta reponse
    0
    1. Freak-Muah Messages postés 17 Statut Membre
       
      J'arrête le pare feu et l'antivirus pour faire ça ou pas ?
      0
    2. gen-hackman
       
      oui
      0
    3. Freak-Muah Messages postés 17 Statut Membre
       
      Sayé tout est désactivé le scan est lancé
      0
    4. gen-hackman
       
      ok à lire la suite :)
      0