Pb d'infection ou pas?

Résolu
corel -  
 corel -
Bonjour,

Après avoir nettoyé mon pc, je n'arrive toujours pas toujours pas à résoudre mon problème. Mon pc rame surtout sur le net quand je veux jouer sur des jeux comme sur facebook, si vous voyez le genre...

Voici un rapport hijackthis, mais rien ne me met la puce à l'oreille :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:19:21, on 08/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17091)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Apps\ActivBoard\MMKeybd.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\D-Link\Diagnostics Utility\8169Diag.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Fichiers communs\Acronis\CDP\afcdpsrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Wanadoo\Utilisateur1\Téléchargements\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [8169Diag] C:\Program Files\D-Link\Diagnostics Utility\8169Diag /hw
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SAOB Monitor] C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Service Scheduler2 Acronis] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -update activex
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/...
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ("Ma-Config.com control) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_4_6_0_1.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FFFDF6F2-F7BC-4B90-B789-CB7BBDA13AD6} (CLaunchPrint Object) - http://photosmart.hpphoto.com/Download/HPeServicesLocalPrint.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{54B07B37-1F58-4D46-98BB-1B8FDF6EF7DB}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{DEF37794-ACB3-4710-9A2A-C69037FB3B0D}: NameServer = 192.168.1.1
O23 - Service: Service Scheduler2 Acronis (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Fichiers communs\Acronis\CDP\afcdpsrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 7335 bytes

Merci d'avance de votre aide...

30 réponses

  • 1
  • 2
  1. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    salut

    regarde içi

    https://www.commentcamarche.net/informatique/windows/223-nettoyer-un-pc-devenu-lent-avec-les-outils-de-windows/

    et la

    https://www.commentcamarche.net/informatique/windows/223-nettoyer-un-pc-devenu-lent-avec-les-outils-de-windows/

    Par Manque De Curiosité On Risque De Mourir Ignorant;Tu es libre de penser que tu es C..,
    Mais C.. de penser que ­tu es libre...Merci a australe13
    0
  2. corel
     
    Re,

    Après tous les nettoyages, c'est un peu mieux mais pas encore ça...
    Que pouvez-vous me dire?

    Merci d'avance....

    Corel
    0
    1. corel
       
      P.S. : Un petit détail me revient : quand je fais démarrer, arrêter, le pc s'arrête mais le ventilo du processeur reste en fonction...Ca peut peut être aider...
      0
  3. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    salut

    télécharge

    https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/

    a l'installation vérifie que mise a jour et lancer programme et scan complet sont bien cocher

    Une fois a jour, le programme va se lancer; clic sur l'onglet paramètre, et coche la case : "Arrêter internet explorer pendant la suppression".

    A la fin du scan clique sur Afficher les résultats

    Vérifier si tout est coché et clic Supprimer la sélection

    S'il t'es demandé de redémarrer >>> clique sur "Yes"

    Et tu poste le rapport générer
    0
  4. corel
     
    Re,

    Voici le rapport :

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Version de la base de données: 5087

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.11

    10/11/2010 15:00:57
    mbam-log-2010-11-10 (15-00-57).txt

    Type d'examen: Examen complet (C:\|F:\|)
    Elément(s) analysé(s): 219195
    Temps écoulé: 1 heure(s), 10 minute(s), 57 seconde(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)

    J'attends de vos nouvelles...
    Merci d'avance...

    Corel
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    Pour de plus amples informations, fait ceci stp

    Ouvre ce lien et télécharge ZHPDiag de Nicolas Coolman :

    https://www.commentcamarche.net/telecharger/utilitaires/24803-zhpdiag/

    Une fois le téléchargement achevé, dé zippe le fichier obtenu et place ZHPDiag.exe sur ton Bureau.

    Double-clique sur l'icône pour lancer le programme. Sous Vista ou Seven clic droit « exécuter en tant que administrateur »

    Clique sur la loupe pour lancer l'analyse.

    Laisse l'outil travailler, il peut être assez long.

    Ferme ZHPDiag en fin d'analyse.

    Pour transmettre le rapport clique sur ce lien :

    http://www.cijoint.fr/index.php
    Clique sur Parcourir et cherche le répertoire où est installé ZHPDiag (en général C:\Program Files\ZHPDiag).

    Sélectionne le fichier ZHPDiag.txt.

    Clique sur "Cliquez ici pour déposer le fichier".

    Un lien de cette forme :

    http://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt

    est ajouté dans la page.

    Copie ce lien dans ta réponse.
    0
  7. corel
     
    Re,

    merci de ton aide, voici le rapport :

    http://www.cijoint.fr/cjlink.php?file=cj201011/cij2iFClYP.txt

    A bientôt
    0
  8. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    Télécharge Ad-Remover sur ton bureau:
    http://www.teamxscript.org/adremoverTelechargement.html

    Double clique sur le fichier que tu viens de télécharger, à l'écran qui apparait, clique sur "Scanner".
    Laisse travailler l'outil.
    Poste le rapport qui s'affiche à l'écran quand l'analyse est terminée.
    0
  9. corel
     
    re,

    le voici :

    ======= RAPPORT D'AD-REMOVER 2.0.0.2,B | UNIQUEMENT XP/VISTA/7 =======

    Mis à jour par TeamXscript le 09/11/10 à 22:30
    Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
    Site web: http://www.teamxscript.org

    C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 22:33:21 le 10/11/2010, Mode normal

    Microsoft Windows XP Édition familiale Service Pack 3 (X86)
    alain@MACHINEDUFOUR ( )

    ============== RECHERCHE ==============

    Dossier trouvé: C:\Program Files\Trymedia

    Clé trouvée: HKLM\Software\AskBarDis
    Clé trouvée: HKLM\Software\PopCap
    Clé trouvée: HKLM\Software\Trymedia Systems

    ============== SCAN ADDITIONNEL ==============

    ** Mozilla Firefox Version [3.6.6 (fr)] **

    -- C:\Documents and Settings\alain\Application Data\Mozilla\FireFox\Profiles\jofl07ao.default\Prefs.js --
    browser.startup.homepage_override.mstone, rv:1.9.2.6

    ========================================

    ** Internet Explorer Version [7.0.5730.11] **

    [HKCU\Software\Microsoft\Internet Explorer\Main]
    Do404Search: 0x01000000
    Enable Browser Extensions: yes
    Local Page: C:\WINDOWS\system32\blank.htm
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Show_ToolBar: yes
    Start Page: hxxp://www.orange.fr/
    Use Custom Search URL: 1
    Use Search Asst: no

    [HKLM\Software\Microsoft\Internet Explorer\Main]
    Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
    Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Delete_Temp_Files_On_Exit: yes
    Local Page: C:\WINDOWS\system32\blank.htm
    Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157

    [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
    Tabs: res://ieframe.dll/tabswelcome.htm
    Blank: res://mshtml.dll/blank.htm

    ========================================

    C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
    C:\Program Files\Ad-Remover\Backup: 1 Fichier(s)

    C:\Ad-Report-SCAN[1].txt - 10/11/2010 (608 Octet(s))

    Fin à: 22:35:10, 10/11/2010

    ============== E.O.F ==============

    Merci
    0
  10. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    Nettoyage:

    /!\ Ferme toutes tes applications ouvertes. /!\

    Double clique sur le fichier que tu viens de télécharger, à l'écran qui apparait, clique sur "Nettoyer".
    Laisse travailler l'outil.
    Poste le rapport qui s'affiche à l'écran quand l'analyse est terminée.

    0
  11. corel
     
    re,

    Voilà le rapport :

    ======= RAPPORT D'AD-REMOVER 2.0.0.2,B | UNIQUEMENT XP/VISTA/7 =======

    Mis à jour par TeamXscript le 09/11/10 à 22:30
    Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
    Site web: http://www.teamxscript.org

    C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 10:21:49 le 11/11/2010, Mode normal

    Microsoft Windows XP Édition familiale Service Pack 3 (X86)
    alain@MACHINEDUFOUR ( )

    ============== ACTION(S) ==============

    Dossier supprimé: C:\Program Files\Trymedia

    (!) -- Fichiers temporaires supprimés.

    Clé supprimée: HKLM\Software\AskBarDis
    Clé supprimée: HKLM\Software\PopCap
    Clé supprimée: HKLM\Software\Trymedia Systems

    ============== SCAN ADDITIONNEL ==============

    ** Mozilla Firefox Version [3.6.6 (fr)] **

    -- C:\Documents and Settings\alain\Application Data\Mozilla\FireFox\Profiles\jofl07ao.default\Prefs.js --
    browser.startup.homepage_override.mstone, rv:1.9.2.6

    ========================================

    ** Internet Explorer Version [7.0.5730.11] **

    [HKCU\Software\Microsoft\Internet Explorer\Main]
    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Do404Search: 0x01000000
    Enable Browser Extensions: yes
    Local Page: C:\WINDOWS\system32\blank.htm
    Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
    Show_ToolBar: yes
    Start Page: hxxp://fr.msn.com/
    Use Custom Search URL: 1
    Use Search Asst: no

    [HKLM\Software\Microsoft\Internet Explorer\Main]
    Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Delete_Temp_Files_On_Exit: yes
    Local Page: C:\WINDOWS\system32\blank.htm
    Search bar: hxxp://search.msn.com/spbasic.htm
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start Page: hxxp://fr.msn.com/

    [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
    Tabs: res://ieframe.dll/tabswelcome.htm
    Blank: res://mshtml.dll/blank.htm

    ========================================

    C:\Program Files\Ad-Remover\Quarantine: 3 Fichier(s)
    C:\Program Files\Ad-Remover\Backup: 14 Fichier(s)

    C:\Ad-Report-CLEAN[1].txt - 11/11/2010 (535 Octet(s))
    C:\Ad-Report-SCAN[1].txt - 10/11/2010 (2079 Octet(s))

    Fin à: 10:23:26, 11/11/2010

    ============== E.O.F ==============
    0
  12. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    DÉSACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRÉSENTS !!!!!(car il est détecte a tort comme infection)

    Télécharge ici :List_Kill'em de gen-hackman

    http://sd-4.archive-host.com/membres/up/829108531491024/Mes_Tools/List_Killem_Install.exe

    et enregistre le sur ton bureau

    windows 7 => clic droit "exécuter en tant que administrateur

    sur le raccourci sur ton bureau pour lancer l'installation

    Laisse coché :

    Exécuter List_Kill'em

    une fois terminée , clic sur "terminer" et le programme se lancera seul

    Il commencera par telecharger et installer ses mises à jour , puis te donnera son menu

    choisis l'option Search

    laisse travailler l'outil

    il se peut qu'une boite de dialogue s'ouvre , dans ce cas clique sur "ok" ou "Agrée"

    à l'apparition de la fenetre blanche , c'est un peu long , c'est normal ,c'est une recherche supplementaire de fichiers cachés , le programme n'est pas bloqué.

    Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
    0
  13. corel
     
    re,

    Le rapport:

    ¤¤¤¤¤¤¤¤¤¤ List'em by g3n-h@ckm@n 2.1.2.0 ¤¤¤¤¤¤¤¤¤¤

    User : alain (Administrateurs)
    Update on 10/11/2010 by g3n-h@ckm@n ::::: 21.00
    Start at: 12:38:32 | 11/11/2010

    Intel(R) Celeron(R) CPU 1.70GHz
    Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
    Internet Explorer 7.0.5730.11
    Windows Firewall Status : Disabled
    AV : avast! Antivirus 5.0.83886757 [ (!) Disabled | Updated ]

    A:\ -> Lecteur de disquettes 3 ½ pouces
    C:\ -> Disque fixe local | 36,2 Go (11,23 Go free) [HDD] | NTFS
    F:\ -> Disque fixe local | 1,95 Go (474,26 Mo free) [RESTDONE] | FAT32

    ¤¤¤¤¤ Sessions ¤¤¤¤¤

    C:\Documents and settings\alain

    Boot: Normal

    ¤¤¤¤¤¤ Processes ------- Memory(Ko) ------- Priority ------ Command ------- Signer

    C:\WINDOWS\System32\smss.exe ---- 400 Ko ---- Normal ---- \SystemRoot\System32\smss.exe ----
    C:\WINDOWS\system32\csrss.exe ---- 3920 Ko ---- Normal ---- C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ----
    C:\WINDOWS\system32\winlogon.exe ---- 5084 Ko ---- High ---- winlogon.exe ----
    C:\WINDOWS\system32\services.exe ---- 3532 Ko ---- Normal ---- C:\WINDOWS\system32\services.exe ----
    C:\WINDOWS\system32\lsass.exe ---- 2468 Ko ---- Normal ---- C:\WINDOWS\system32\lsass.exe ----
    C:\WINDOWS\system32\svchost.exe ---- 4924 Ko ---- Normal ---- C:\WINDOWS\system32\svchost -k DcomLaunch ----
    C:\WINDOWS\system32\svchost.exe ---- 4312 Ko ---- Normal ---- C:\WINDOWS\system32\svchost -k rpcss ----
    C:\WINDOWS\System32\svchost.exe ---- 21560 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k netsvcs ----
    C:\WINDOWS\System32\svchost.exe ---- 3668 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k NetworkService ----
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe ---- 30044 Ko ---- Normal ---- "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" ---- ALWIL Software
    C:\WINDOWS\Explorer.EXE ---- 29516 Ko ---- Normal ---- C:\WINDOWS\Explorer.EXE ----
    C:\Apps\ActivBoard\MMKeybd.exe ---- 3784 Ko ---- Normal ---- "C:\Apps\ActivBoard\MMKeybd.exe" ----
    C:\WINDOWS\system32\LEXBCES.EXE ---- 3412 Ko ---- Normal ---- C:\WINDOWS\system32\LEXBCES.EXE ----
    C:\Program Files\Real\RealPlayer\RealPlay.exe ---- 8060 Ko ---- Normal ---- "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER ----
    C:\WINDOWS\system32\LEXPPS.EXE ---- 3392 Ko ---- Normal ---- LEXPPS.EXE ----
    C:\WINDOWS\system32\spoolsv.exe ---- 5692 Ko ---- Normal ---- C:\WINDOWS\system32\spoolsv.exe ----
    C:\Program Files\QuickTime\qttask.exe ---- 2500 Ko ---- Normal ---- "C:\Program Files\QuickTime\qttask.exe" -atboottime ----
    C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe ---- 2572 Ko ---- Normal ---- "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" ----
    C:\Program Files\Alwil Software\Avast5\avastUI.exe ---- 5468 Ko ---- Normal ---- "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui ---- ALWIL Software
    C:\Program Files\Lexmark 1200 Series\lxczbmon.exe ---- 2348 Ko ---- Normal ---- "C:\Program Files\Lexmark 1200 Series\lxczbmon.exe" ----
    C:\Program Files\D-Link\Diagnostics Utility\8169Diag.exe ---- 4968 Ko ---- Normal ---- "C:\Program Files\D-Link\Diagnostics Utility\8169Diag.exe" /hw ----
    C:\WINDOWS\system32\RUNDLL32.EXE ---- 3692 Ko ---- Normal ---- "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit ----
    C:\WINDOWS\system32\ctfmon.exe ---- 3784 Ko ---- Normal ---- "C:\WINDOWS\system32\ctfmon.exe" ----
    C:\Apps\ActivBoard\TrayMon.exe ---- 2616 Ko ---- Normal ---- C:\Apps\ActivBoard\TrayMon.exe ----
    C:\Apps\ActivBoard\OSD.exe ---- 2764 Ko ---- Normal ---- C:\Apps\ActivBoard\OSD.exe ----
    C:\Apps\ActivBoard\nhksrv.exe ---- 1176 Ko ---- Normal ---- C:\Apps\ActivBoard\nhksrv.exe ----
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe ---- 2944 Ko ---- Normal ---- "C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe" ----
    C:\WINDOWS\system32\nvsvc32.exe ---- 4392 Ko ---- Normal ---- C:\WINDOWS\system32\nvsvc32.exe ----
    C:\WINDOWS\system32\slserv.exe ---- 1004 Ko ---- Normal ---- slserv.exe ----
    C:\WINDOWS\System32\svchost.exe ---- 4348 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k imgsvc ----
    C:\WINDOWS\System32\alg.exe ---- 3652 Ko ---- Normal ---- C:\WINDOWS\System32\alg.exe ----
    C:\Program Files\internet explorer\iexplore.exe ---- 66424 Ko ---- Normal ---- "C:\Program Files\internet explorer\iexplore.exe" ---- Microsoft Corporation
    C:\WINDOWS\system32\wscntfy.exe ---- 2392 Ko ---- Normal ---- C:\WINDOWS\system32\wscntfy.exe ----
    C:\WINDOWS\system32\cmd.exe ---- 2844 Ko ---- Normal ---- C:\WINDOWS\system32\cmd.exe /K List'em.bat ----
    C:\WINDOWS\system32\wbem\wmiprvse.exe ---- 6884 Ko ---- Normal ---- C:\WINDOWS\system32\wbem\wmiprvse.exe ----
    C:\Program Files\List_Kill'em\pv.exe ---- 3764 Ko ---- Normal ---- pv -o"%f ---- %m Ko ---- %p ---- %l ---- %s" ----

    ¤¤¤¤¤¤¤¤¤¤ Keys "Run" ¤¤¤¤¤¤¤¤¤¤

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    WMPNSCFG = C:\Program Files\Windows Media Player\WMPNSCFG.exe
    ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    EM_EXEC = C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    ACTIVBOARD = C:\Apps\ActivBoard\MMKeybd.exe
    RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
    Lexmark 1200 Series = "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
    NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    nwiz = nwiz.exe /install
    avast5 = "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    8169Diag = C:\Program Files\D-Link\Diagnostics Utility\8169Diag /hw
    NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

    ¤¤¤¤¤¤¤¤¤¤ Other System Keys ¤¤¤¤¤¤¤¤¤¤

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    NoDriveTypeAutoRun = 323 (0x143)
    NoLowDiskSpaceChecks = 1 (0x1)
    NoRecentDocsHistory = 01000000
    NoRecentDocsMenu = 01000000
    NoNetConnectDisconnect = 1 (0x1)
    NoDriveAutoRun = 67108863 (0x3ffffff)
    NoDrives = 0 (0x0)

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    HonorAutoRunSetting = 1 (0x1)
    NoDriveAutoRun = 67108863 (0x3ffffff)
    NoDriveTypeAutoRun = 323 (0x143)
    NoDrives = 0 (0x0)

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    AppInit_DLLS =

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    Shell = Explorer.exe
    Userinit = C:\WINDOWS\system32\userinit.exe,

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    {AEB6717E-7E19-11d0-97EE-00C04FD91972} =

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    %windir%\system32\sessmgr.exe = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
    C:\Program Files\Messenger\msmsgs.exe = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
    %windir%\Network Diagnostic\xpnetdiag.exe = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
    C:\WINDOWS\system32\LEXPPS.EXE = C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE
    C:\Program Files\ma-config.com\maconfservice.exe = C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    %windir%\system32\sessmgr.exe = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
    %windir%\Network Diagnostic\xpnetdiag.exe = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

    ¤¤¤¤¤¤¤¤¤¤ ActivX | COM ¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\DirectAnimation Java Classes]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\Microsoft XML Parser for Java]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{166B1BCA-3F9C-11CF-8075-444553540000}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{19E28AFC-EAE3-4CE5-AC83-2407B42F57C9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6414512B-B978-451D-A0D8-FCFDF33E833C}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{80DD2229-B8E4-4C77-B72F-F22972D723EA}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{867E13F2-7F31-44FB-AC97-CD38E0DC46EF}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{FFFDF6F2-F7BC-4B90-B789-CB7BBDA13AD6}]

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Microsoft Base Smart Card Crypto Provider Package]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{02f78298-8af6-495c-9ecb-b6ae68678186}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608555}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{166B1BCA-3F9C-11CF-8075-444553540000}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2298d453-bcae-4519-bf33-1cbf3faf1524}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{233C1507-6A77-46A4-9443-F871F945D258}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A3320D6-C805-4280-B423-B665BDE33D8F}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2eac6a2d-57a8-44d4-96f7-e32bab40ca5f}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2F6EFCE6-10DF-49F9-9E64-9AE3775B2588}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5c9ff2bf-938d-47fe-85d9-9dbab4f65018}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5f3c70b3-ac2f-432c-8f9c-1624df61f54f}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{839117ee-2132-4bae-a56a-42b50204c9b9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B508B3F1-A24A-32C0-B310-85786919EF28}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EF289A85-8E57-408d-BE47-73B55609861A}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{f5173cf0-1dfb-4978-8e50-a90169ee7ca9}]

    ¤¤¤¤¤¤¤¤¤¤ BHO ¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤ DNS ¤¤¤¤¤¤¤¤¤¤

    Description: D-Link DGE-528T Gigabit Ethernet Adapter - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 10.0.0.138
    Description: D-Link DGE-528T Gigabit Ethernet Adapter - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{54B07B37-1F58-4D46-98BB-1B8FDF6EF7DB}: NameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{C194FEAC-BEE5-48C5-8021-9BE7E05B9C11}: DhcpNameServer=10.0.0.138
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{DEF37794-ACB3-4710-9A2A-C69037FB3B0D}: NameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{54B07B37-1F58-4D46-98BB-1B8FDF6EF7DB}: NameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{C194FEAC-BEE5-48C5-8021-9BE7E05B9C11}: DhcpNameServer=10.0.0.138
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{DEF37794-ACB3-4710-9A2A-C69037FB3B0D}: NameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{54B07B37-1F58-4D46-98BB-1B8FDF6EF7DB}: NameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{C194FEAC-BEE5-48C5-8021-9BE7E05B9C11}: DhcpNameServer=10.0.0.138
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{DEF37794-ACB3-4710-9A2A-C69037FB3B0D}: NameServer=192.168.1.1

    ¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    Start Page = https://www.msn.com/fr-fr
    Local Page = %SystemRoot%\system32\blank.htm
    Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Default_Page_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    Start Page = https://www.msn.com/fr-fr
    Local Page = C:\WINDOWS\system32\blank.htm

    ¤¤¤¤¤ Proxy Internet Explorer

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    ProxyHttp1.1 = 1 (0x1)
    ProxyEnable = 0 (0x0)

    ¤¤¤¤¤¤¤¤¤¤ Safemode ¤¤¤¤¤¤¤¤¤¤

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!

    ¤¤¤¤¤¤¤¤¤¤ Atapi.sys ¤¤¤¤¤¤¤¤¤¤

    [MD5.cdfe4411a69c224bd1d11b2da92dac51] - C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
    [MD5.9f3a2f5aa6875c72bf062c712cfa2674] - C:\WINDOWS\ERDNT\cache\atapi.sys
    [MD5.9f3a2f5aa6875c72bf062c712cfa2674] - C:\WINDOWS\ServicePackFiles\i386\atapi.sys
    [MD5.9f3a2f5aa6875c72bf062c712cfa2674] - C:\WINDOWS\system32\drivers\atapi.sys
    [MD5.9f3a2f5aa6875c72bf062c712cfa2674] - C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

    ¤¤¤¤¤ Reference

    Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
    Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
    Win XP_32b : a64013e98426e1877cb653685c5c0009
    Win XP_SP1_32b : 95b858761a00e1d4f81f79a0da019aca
    Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
    Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
    Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
    Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
    Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
    Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
    Windows 7_32b : 338c86357871c167a96ab976519bf59e
    Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C

    ¤¤¤¤¤¤¤¤¤¤ Explorer ¤¤¤¤¤¤¤¤¤¤

    [MD5.f2317622d29f9ff0f88aeecd5f60f0dd] - C:\WINDOWS\explorer.exe
    [MD5.b795475444d6d57a572c14b9e1a29839] - C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
    [MD5.d0288319660edcfed07c7e74c4ea38a5] - C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
    [MD5.2a7bd330924252a2fd80344fc949bb72] - C:\WINDOWS\$NtServicePackUninstall$\explorer.exe.000
    [MD5.2a7bd330924252a2fd80344fc949bb72] - C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
    [MD5.f2317622d29f9ff0f88aeecd5f60f0dd] - C:\WINDOWS\ERDNT\cache\explorer.exe
    [MD5.f2317622d29f9ff0f88aeecd5f60f0dd] - C:\WINDOWS\ServicePackFiles\i386\explorer.exe

    ¤¤¤¤¤¤¤¤¤¤ Winlogon ¤¤¤¤¤¤¤¤¤¤

    [MD5.123eea158f74d0f67a51dcdf065d1091] - C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
    [MD5.71820bc9ee6653c8748922459dfc384d] - C:\WINDOWS\$NtUninstallKB841533$\winlogon.exe
    [MD5.dd73d6b9f6b4cb630cf35b438b540174] - C:\WINDOWS\ERDNT\cache\winlogon.exe
    [MD5.d41d8cd98f00b204e9800998ecf8427e] - C:\WINDOWS\PCHEALTH\ErrorRep\UserDumps\winlogon.exe.20061114-100226-00.mdmp
    [MD5.dd73d6b9f6b4cb630cf35b438b540174] - C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
    [MD5.dd73d6b9f6b4cb630cf35b438b540174] - C:\WINDOWS\system32\winlogon.exe

    ¤¤¤¤¤¤¤¤¤¤ Wininit ¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤ Mountpoints2 ¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤ First Scan ¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤

    [HKEY_CURRENT_USER\software\ABBYY]
    [HKEY_CURRENT_USER\software\Acronis]
    [HKEY_CURRENT_USER\software\Ad-Remover]
    [HKEY_CURRENT_USER\software\Adobe]
    [HKEY_CURRENT_USER\software\ALWIL Software]
    [HKEY_CURRENT_USER\software\AppDataLow]
    [HKEY_CURRENT_USER\software\ASProtect]
    [HKEY_CURRENT_USER\software\BBQuest]
    [HKEY_CURRENT_USER\software\BrickShooter]
    [HKEY_CURRENT_USER\software\Clients]
    [HKEY_CURRENT_USER\software\CyberLink]
    [HKEY_CURRENT_USER\software\Dolphin Dice XP 8.04 by Dragonfly Software]
    [HKEY_CURRENT_USER\software\FRANCE TELECOM]
    [HKEY_CURRENT_USER\software\FreshDevices]
    [HKEY_CURRENT_USER\software\Google]
    [HKEY_CURRENT_USER\software\HandyBits]
    [HKEY_CURRENT_USER\software\IADirectShow]
    [HKEY_CURRENT_USER\software\Intel]
    [HKEY_CURRENT_USER\software\InterActual Technologies]
    [HKEY_CURRENT_USER\software\Jetsoft]
    [HKEY_CURRENT_USER\software\Lavalys]
    [HKEY_CURRENT_USER\software\lazyware]
    [HKEY_CURRENT_USER\software\Lobstersoft]
    [HKEY_CURRENT_USER\software\Local AppWizard-Generated Applications]
    [HKEY_CURRENT_USER\software\Logitech]
    [HKEY_CURRENT_USER\software\Macromedia]
    [HKEY_CURRENT_USER\software\Malwarebytes' Anti-Malware]
    [HKEY_CURRENT_USER\software\MDO]
    [HKEY_CURRENT_USER\software\Microsoft]
    [HKEY_CURRENT_USER\software\Mindscape]
    [HKEY_CURRENT_USER\software\MozillaPlugins]
    [HKEY_CURRENT_USER\software\Nadeo]
    [HKEY_CURRENT_USER\software\Netropa]
    [HKEY_CURRENT_USER\software\Netscape]
    [HKEY_CURRENT_USER\software\NVIDIA Corporation]
    [HKEY_CURRENT_USER\software\ODBC]
    [HKEY_CURRENT_USER\software\Olivier Lapicque]
    [HKEY_CURRENT_USER\software\PCbit Software, Inc.]
    [HKEY_CURRENT_USER\software\Pellenc Software]
    [HKEY_CURRENT_USER\software\PIXELA]
    [HKEY_CURRENT_USER\software\Policies]
    [HKEY_CURRENT_USER\software\Recreasoft]
    [HKEY_CURRENT_USER\software\SecuROM]
    [HKEY_CURRENT_USER\software\Sensaura]
    [HKEY_CURRENT_USER\software\SoftAK]
    [HKEY_CURRENT_USER\software\Softonic]
    [HKEY_CURRENT_USER\software\Symantec]
    [HKEY_CURRENT_USER\software\Sysinternals]
    [HKEY_CURRENT_USER\software\Teknum Systems]
    [HKEY_CURRENT_USER\software\Wget]
    [HKEY_CURRENT_USER\software\WinRAR]
    [HKEY_CURRENT_USER\software\WinRAR SFX]
    [HKEY_CURRENT_USER\software\Yahoo]
    [HKEY_CURRENT_USER\software\Classes]

    [HKEY_LOCAL_MACHINE\software\8169Diag]
    [HKEY_LOCAL_MACHINE\software\ABBYY]
    [HKEY_LOCAL_MACHINE\software\Acronis]
    [HKEY_LOCAL_MACHINE\software\Adobe]
    [HKEY_LOCAL_MACHINE\software\Altwood Systems Ltd]
    [HKEY_LOCAL_MACHINE\software\ALWIL Software]
    [HKEY_LOCAL_MACHINE\software\Apple Computer, Inc.]
    [HKEY_LOCAL_MACHINE\software\Apps TMD]
    [HKEY_LOCAL_MACHINE\software\Audioneer]
    [HKEY_LOCAL_MACHINE\software\Avery]
    [HKEY_LOCAL_MACHINE\software\AxySoft]
    [HKEY_LOCAL_MACHINE\software\BackWeb]
    [HKEY_LOCAL_MACHINE\software\Big Fish Games]
    [HKEY_LOCAL_MACHINE\software\C07ft5Y]
    [HKEY_LOCAL_MACHINE\software\Classes]
    [HKEY_LOCAL_MACHINE\software\Clients]
    [HKEY_LOCAL_MACHINE\software\COKTEL]
    [HKEY_LOCAL_MACHINE\software\Creative]
    [HKEY_LOCAL_MACHINE\software\CyberLink]
    [HKEY_LOCAL_MACHINE\software\D-Link]
    [HKEY_LOCAL_MACHINE\software\Disney Interactive]
    [HKEY_LOCAL_MACHINE\software\Empire Interactive]
    [HKEY_LOCAL_MACHINE\software\Enigma]
    [HKEY_LOCAL_MACHINE\software\FRANCE TELECOM]
    [HKEY_LOCAL_MACHINE\software\FreshDevices]
    [HKEY_LOCAL_MACHINE\software\Gemplus]
    [HKEY_LOCAL_MACHINE\software\Gentee]
    [HKEY_LOCAL_MACHINE\software\GMixon]
    [HKEY_LOCAL_MACHINE\software\Google]
    [HKEY_LOCAL_MACHINE\software\HandyBits]
    [HKEY_LOCAL_MACHINE\software\Hexacto]
    [HKEY_LOCAL_MACHINE\software\InstallShield]
    [HKEY_LOCAL_MACHINE\software\Intel]
    [HKEY_LOCAL_MACHINE\software\InterActual Technologies]
    [HKEY_LOCAL_MACHINE\software\Lexis Products]
    [HKEY_LOCAL_MACHINE\software\Lexmark]
    [HKEY_LOCAL_MACHINE\software\Licenses]
    [HKEY_LOCAL_MACHINE\software\Logitech]
    [HKEY_LOCAL_MACHINE\software\Macromedia]
    [HKEY_LOCAL_MACHINE\software\Magnetic Fields]
    [HKEY_LOCAL_MACHINE\software\Malwarebytes' Anti-Malware]
    [HKEY_LOCAL_MACHINE\software\Microsoft]
    [HKEY_LOCAL_MACHINE\software\Mindscape]
    [HKEY_LOCAL_MACHINE\software\Mozilla]
    [HKEY_LOCAL_MACHINE\software\mozilla.org]
    [HKEY_LOCAL_MACHINE\software\MozillaPlugins]
    [HKEY_LOCAL_MACHINE\software\NADEO]
    [HKEY_LOCAL_MACHINE\software\NEC]
    [HKEY_LOCAL_MACHINE\software\NEC Computers International]
    [HKEY_LOCAL_MACHINE\software\Netropa]
    [HKEY_LOCAL_MACHINE\software\NVIDIA Corporation]
    [HKEY_LOCAL_MACHINE\software\ODBC]
    [HKEY_LOCAL_MACHINE\software\Packard Bell]
    [HKEY_LOCAL_MACHINE\software\Panda Software]
    [HKEY_LOCAL_MACHINE\software\PepiMK Software]
    [HKEY_LOCAL_MACHINE\software\PIXELA]
    [HKEY_LOCAL_MACHINE\software\Policies]
    [HKEY_LOCAL_MACHINE\software\Program Groups]
    [HKEY_LOCAL_MACHINE\software\Rage]
    [HKEY_LOCAL_MACHINE\software\Rage Software]
    [HKEY_LOCAL_MACHINE\software\Realtek]
    [HKEY_LOCAL_MACHINE\software\Realtek Semiconductor Corp.]
    [HKEY_LOCAL_MACHINE\software\RegisteredApplications]
    [HKEY_LOCAL_MACHINE\software\RTLSetup]
    [HKEY_LOCAL_MACHINE\software\Safer Networking Limited]
    [HKEY_LOCAL_MACHINE\software\SBInfo]
    [HKEY_LOCAL_MACHINE\software\Schlumberger]
    [HKEY_LOCAL_MACHINE\software\SDLL]
    [HKEY_LOCAL_MACHINE\software\Secure]
    [HKEY_LOCAL_MACHINE\software\SigmaTel]
    [HKEY_LOCAL_MACHINE\software\Silicon Integrated Systems Corp.]
    [HKEY_LOCAL_MACHINE\software\Silicon Integrated Systems Corporation]
    [HKEY_LOCAL_MACHINE\software\SmartLink]
    [HKEY_LOCAL_MACHINE\software\Sony Corporation]
    [HKEY_LOCAL_MACHINE\software\SONY PVC]
    [HKEY_LOCAL_MACHINE\software\SumatraPDF]
    [HKEY_LOCAL_MACHINE\software\Swearware]
    [HKEY_LOCAL_MACHINE\software\Symantec]
    [HKEY_LOCAL_MACHINE\software\Teknum Systems]
    [HKEY_LOCAL_MACHINE\software\The Learning Company]
    [HKEY_LOCAL_MACHINE\software\The Silicon Realms Toolworks]
    [HKEY_LOCAL_MACHINE\software\TLC-Edusoft]
    [HKEY_LOCAL_MACHINE\software\TravellersTalesToyStory2]
    [HKEY_LOCAL_MACHINE\software\Ubi Soft]
    [HKEY_LOCAL_MACHINE\software\Uniblue]
    [HKEY_LOCAL_MACHINE\software\VERITAS]
    [HKEY_LOCAL_MACHINE\software\Windows 3.1 Migration Status]
    [HKEY_LOCAL_MACHINE\software\WinRAR]
    [HKEY_LOCAL_MACHINE\software\Wise Solutions]
    [HKEY_LOCAL_MACHINE\software\WORD]
    [HKEY_LOCAL_MACHINE\software\Yahoo]
    [HKEY_LOCAL_MACHINE\software\ZAG]

    ¤¤¤¤¤¤¤¤¤¤ Files/folders ¤¤¤¤¤¤¤¤¤¤

    Present !! : \AUTOEXEC.BAT
    Present !! : \qr.dat
    Present !! : \AUDIO3D.DLL
    Present !! : \CMIDS3D.DLL
    Present !! : \CMIRMDRV.DLL
    Present !! : \CMUDA.DLL
    Present !! : \NetAgent.dll
    Present !! : \UDAPROP.DLL
    Present !! : \CMIRMDRV.EXE
    Present !! : \dumppo.exe
    Present !! : \SmWizard.exe
    Present !! : \CM5451.INF
    Present !! : \CM5455.INF
    Present !! : \CMICHX.INF
    Present !! : \CMNVDA.INF
    Present !! : \CMSIS.INF
    Present !! : \CMUDA.INF
    Present !! : \CMVIA.INF
    Present !! : C:\Documents and Settings\All Users\NTUSER.DAT
    Present !! : C:\Documents and Settings\All Users\NTUSER.DAT
    Present !! : C:\Documents and Settings\All Users\NTUSER.DAT
    Present !! : C:\Documents and Settings\All Users\NTUSER.DAT
    Present !! : C:\WINDOWS\001154_.tmp
    Present !! : C:\WINDOWS\002438_.tmp
    Present !! : C:\WINDOWS\003707_.tmp
    Present !! : C:\WINDOWS\005871_.tmp
    Present !! : C:\WINDOWS\SETC0.tmp
    Present !! : C:\WINDOWS\SETCF.tmp
    Present !! : C:\WINDOWS\aucfg.ini
    Present !! : C:\WINDOWS\inf\nt5java.inf
    Present !! : C:\WINDOWS\System32\drivers\Sonyhcp.dll

    ¤¤¤¤¤¤¤¤¤¤ Keys :

    Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {0E5CBF21-D15F-11D0-8301-00AA005B4383}
    Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
    Present !! : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
    Present !! : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d}
    Present !! : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d}
    Present !! : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}
    Present !! : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}
    Present !! : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}

    FEATURE_BROWSER_EMULATION | svchost :
    ====================================

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-11 13:35:35
    Windows 5.1.2600 Service Pack 3 FAT NTAPI

    scanning hidden processes ...

    IPC error: 2 Le fichier spécifié est introuvable.
    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys siside.sys PCIIDEX.SYS
    kernel: MBR read successfully
    user & kernel MBR OK

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    AntiVirusDisableNotify = 0 (0x0)
    FirewallDisableNotify = 0 (0x0)
    UpdatesDisableNotify = 0 (0x0)
    AntiVirusOverride = 0 (0x0)
    FirewallOverride = 0 (0x0)

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    End of scan : 13:36:52,42
    0
  14. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
    mais cette fois-ci :

    choisis l'option CLEAN

    laisse travailler l'outil.

    en fin de scan la fenêtre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau
    0
  15. corel
     
    re,

    Le voici :

    ¤¤¤¤¤¤¤¤¤¤ List'em by g3n-h@ckm@n 2.1.2.0 ¤¤¤¤¤¤¤¤¤¤

    User : alain (Administrateurs)
    Update on 10/11/2010 by g3n-h@ckm@n ::::: 21.00
    Start at: 12:38:32 | 11/11/2010

    Intel(R) Celeron(R) CPU 1.70GHz
    Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
    Internet Explorer 7.0.5730.11
    Windows Firewall Status : Disabled
    AV : avast! Antivirus 5.0.83886757 [ (!) Disabled | Updated ]

    A:\ -> Lecteur de disquettes 3 ½ pouces
    C:\ -> Disque fixe local | 36,2 Go (11,23 Go free) [HDD] | NTFS
    F:\ -> Disque fixe local | 1,95 Go (474,26 Mo free) [RESTDONE] | FAT32

    ¤¤¤¤¤ Sessions ¤¤¤¤¤

    C:\Documents and settings\alain

    Boot: Normal

    ¤¤¤¤¤¤ Processes ------- Memory(Ko) ------- Priority ------ Command ------- Signer

    C:\WINDOWS\System32\smss.exe ---- 400 Ko ---- Normal ---- \SystemRoot\System32\smss.exe ----
    C:\WINDOWS\system32\csrss.exe ---- 3920 Ko ---- Normal ---- C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ----
    C:\WINDOWS\system32\winlogon.exe ---- 5084 Ko ---- High ---- winlogon.exe ----
    C:\WINDOWS\system32\services.exe ---- 3532 Ko ---- Normal ---- C:\WINDOWS\system32\services.exe ----
    C:\WINDOWS\system32\lsass.exe ---- 2468 Ko ---- Normal ---- C:\WINDOWS\system32\lsass.exe ----
    C:\WINDOWS\system32\svchost.exe ---- 4924 Ko ---- Normal ---- C:\WINDOWS\system32\svchost -k DcomLaunch ----
    C:\WINDOWS\system32\svchost.exe ---- 4312 Ko ---- Normal ---- C:\WINDOWS\system32\svchost -k rpcss ----
    C:\WINDOWS\System32\svchost.exe ---- 21560 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k netsvcs ----
    C:\WINDOWS\System32\svchost.exe ---- 3668 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k NetworkService ----
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe ---- 30044 Ko ---- Normal ---- "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" ---- ALWIL Software
    C:\WINDOWS\Explorer.EXE ---- 29516 Ko ---- Normal ---- C:\WINDOWS\Explorer.EXE ----
    C:\Apps\ActivBoard\MMKeybd.exe ---- 3784 Ko ---- Normal ---- "C:\Apps\ActivBoard\MMKeybd.exe" ----
    C:\WINDOWS\system32\LEXBCES.EXE ---- 3412 Ko ---- Normal ---- C:\WINDOWS\system32\LEXBCES.EXE ----
    C:\Program Files\Real\RealPlayer\RealPlay.exe ---- 8060 Ko ---- Normal ---- "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER ----
    C:\WINDOWS\system32\LEXPPS.EXE ---- 3392 Ko ---- Normal ---- LEXPPS.EXE ----
    C:\WINDOWS\system32\spoolsv.exe ---- 5692 Ko ---- Normal ---- C:\WINDOWS\system32\spoolsv.exe ----
    C:\Program Files\QuickTime\qttask.exe ---- 2500 Ko ---- Normal ---- "C:\Program Files\QuickTime\qttask.exe" -atboottime ----
    C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe ---- 2572 Ko ---- Normal ---- "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" ----
    C:\Program Files\Alwil Software\Avast5\avastUI.exe ---- 5468 Ko ---- Normal ---- "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui ---- ALWIL Software
    C:\Program Files\Lexmark 1200 Series\lxczbmon.exe ---- 2348 Ko ---- Normal ---- "C:\Program Files\Lexmark 1200 Series\lxczbmon.exe" ----
    C:\Program Files\D-Link\Diagnostics Utility\8169Diag.exe ---- 4968 Ko ---- Normal ---- "C:\Program Files\D-Link\Diagnostics Utility\8169Diag.exe" /hw ----
    C:\WINDOWS\system32\RUNDLL32.EXE ---- 3692 Ko ---- Normal ---- "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit ----
    C:\WINDOWS\system32\ctfmon.exe ---- 3784 Ko ---- Normal ---- "C:\WINDOWS\system32\ctfmon.exe" ----
    C:\Apps\ActivBoard\TrayMon.exe ---- 2616 Ko ---- Normal ---- C:\Apps\ActivBoard\TrayMon.exe ----
    C:\Apps\ActivBoard\OSD.exe ---- 2764 Ko ---- Normal ---- C:\Apps\ActivBoard\OSD.exe ----
    C:\Apps\ActivBoard\nhksrv.exe ---- 1176 Ko ---- Normal ---- C:\Apps\ActivBoard\nhksrv.exe ----
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe ---- 2944 Ko ---- Normal ---- "C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe" ----
    C:\WINDOWS\system32\nvsvc32.exe ---- 4392 Ko ---- Normal ---- C:\WINDOWS\system32\nvsvc32.exe ----
    C:\WINDOWS\system32\slserv.exe ---- 1004 Ko ---- Normal ---- slserv.exe ----
    C:\WINDOWS\System32\svchost.exe ---- 4348 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k imgsvc ----
    C:\WINDOWS\System32\alg.exe ---- 3652 Ko ---- Normal ---- C:\WINDOWS\System32\alg.exe ----
    C:\Program Files\internet explorer\iexplore.exe ---- 66424 Ko ---- Normal ---- "C:\Program Files\internet explorer\iexplore.exe" ---- Microsoft Corporation
    C:\WINDOWS\system32\wscntfy.exe ---- 2392 Ko ---- Normal ---- C:\WINDOWS\system32\wscntfy.exe ----
    C:\WINDOWS\system32\cmd.exe ---- 2844 Ko ---- Normal ---- C:\WINDOWS\system32\cmd.exe /K List'em.bat ----
    C:\WINDOWS\system32\wbem\wmiprvse.exe ---- 6884 Ko ---- Normal ---- C:\WINDOWS\system32\wbem\wmiprvse.exe ----
    C:\Program Files\List_Kill'em\pv.exe ---- 3764 Ko ---- Normal ---- pv -o"%f ---- %m Ko ---- %p ---- %l ---- %s" ----

    ¤¤¤¤¤¤¤¤¤¤ Keys "Run" ¤¤¤¤¤¤¤¤¤¤

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    WMPNSCFG = C:\Program Files\Windows Media Player\WMPNSCFG.exe
    ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    EM_EXEC = C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    ACTIVBOARD = C:\Apps\ActivBoard\MMKeybd.exe
    RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
    Lexmark 1200 Series = "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
    NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    nwiz = nwiz.exe /install
    avast5 = "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    8169Diag = C:\Program Files\D-Link\Diagnostics Utility\8169Diag /hw
    NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

    ¤¤¤¤¤¤¤¤¤¤ Other System Keys ¤¤¤¤¤¤¤¤¤¤

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    NoDriveTypeAutoRun = 323 (0x143)
    NoLowDiskSpaceChecks = 1 (0x1)
    NoRecentDocsHistory = 01000000
    NoRecentDocsMenu = 01000000
    NoNetConnectDisconnect = 1 (0x1)
    NoDriveAutoRun = 67108863 (0x3ffffff)
    NoDrives = 0 (0x0)

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    HonorAutoRunSetting = 1 (0x1)
    NoDriveAutoRun = 67108863 (0x3ffffff)
    NoDriveTypeAutoRun = 323 (0x143)
    NoDrives = 0 (0x0)

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    AppInit_DLLS =

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    Shell = Explorer.exe
    Userinit = C:\WINDOWS\system32\userinit.exe,

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    {AEB6717E-7E19-11d0-97EE-00C04FD91972} =

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    %windir%\system32\sessmgr.exe = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
    C:\Program Files\Messenger\msmsgs.exe = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
    %windir%\Network Diagnostic\xpnetdiag.exe = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
    C:\WINDOWS\system32\LEXPPS.EXE = C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE
    C:\Program Files\ma-config.com\maconfservice.exe = C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    %windir%\system32\sessmgr.exe = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
    %windir%\Network Diagnostic\xpnetdiag.exe = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

    ¤¤¤¤¤¤¤¤¤¤ ActivX | COM ¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\DirectAnimation Java Classes]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\Microsoft XML Parser for Java]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{166B1BCA-3F9C-11CF-8075-444553540000}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{19E28AFC-EAE3-4CE5-AC83-2407B42F57C9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6414512B-B978-451D-A0D8-FCFDF33E833C}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{80DD2229-B8E4-4C77-B72F-F22972D723EA}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{867E13F2-7F31-44FB-AC97-CD38E0DC46EF}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{FFFDF6F2-F7BC-4B90-B789-CB7BBDA13AD6}]

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Microsoft Base Smart Card Crypto Provider Package]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{02f78298-8af6-495c-9ecb-b6ae68678186}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608555}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{166B1BCA-3F9C-11CF-8075-444553540000}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2298d453-bcae-4519-bf33-1cbf3faf1524}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{233C1507-6A77-46A4-9443-F871F945D258}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A3320D6-C805-4280-B423-B665BDE33D8F}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2eac6a2d-57a8-44d4-96f7-e32bab40ca5f}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2F6EFCE6-10DF-49F9-9E64-9AE3775B2588}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5c9ff2bf-938d-47fe-85d9-9dbab4f65018}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5f3c70b3-ac2f-432c-8f9c-1624df61f54f}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{839117ee-2132-4bae-a56a-42b50204c9b9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B508B3F1-A24A-32C0-B310-85786919EF28}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EF289A85-8E57-408d-BE47-73B55609861A}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{f5173cf0-1dfb-4978-8e50-a90169ee7ca9}]

    ¤¤¤¤¤¤¤¤¤¤ BHO ¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤ DNS ¤¤¤¤¤¤¤¤¤¤

    Description: D-Link DGE-528T Gigabit Ethernet Adapter - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 10.0.0.138
    Description: D-Link DGE-528T Gigabit Ethernet Adapter - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{54B07B37-1F58-4D46-98BB-1B8FDF6EF7DB}: NameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{C194FEAC-BEE5-48C5-8021-9BE7E05B9C11}: DhcpNameServer=10.0.0.138
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{DEF37794-ACB3-4710-9A2A-C69037FB3B0D}: NameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{54B07B37-1F58-4D46-98BB-1B8FDF6EF7DB}: NameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{C194FEAC-BEE5-48C5-8021-9BE7E05B9C11}: DhcpNameServer=10.0.0.138
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{DEF37794-ACB3-4710-9A2A-C69037FB3B0D}: NameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{54B07B37-1F58-4D46-98BB-1B8FDF6EF7DB}: NameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{C194FEAC-BEE5-48C5-8021-9BE7E05B9C11}: DhcpNameServer=10.0.0.138
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{DEF37794-ACB3-4710-9A2A-C69037FB3B0D}: NameServer=192.168.1.1

    ¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    Start Page = https://www.msn.com/fr-fr
    Local Page = %SystemRoot%\system32\blank.htm
    Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Default_Page_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    Start Page = https://www.msn.com/fr-fr
    Local Page = C:\WINDOWS\system32\blank.htm

    ¤¤¤¤¤ Proxy Internet Explorer

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    ProxyHttp1.1 = 1 (0x1)
    ProxyEnable = 0 (0x0)

    ¤¤¤¤¤¤¤¤¤¤ Safemode ¤¤¤¤¤¤¤¤¤¤

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!

    ¤¤¤¤¤¤¤¤¤¤ Atapi.sys ¤¤¤¤¤¤¤¤¤¤

    [MD5.cdfe4411a69c224bd1d11b2da92dac51] - C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
    [MD5.9f3a2f5aa6875c72bf062c712cfa2674] - C:\WINDOWS\ERDNT\cache\atapi.sys
    [MD5.9f3a2f5aa6875c72bf062c712cfa2674] - C:\WINDOWS\ServicePackFiles\i386\atapi.sys
    [MD5.9f3a2f5aa6875c72bf062c712cfa2674] - C:\WINDOWS\system32\drivers\atapi.sys
    [MD5.9f3a2f5aa6875c72bf062c712cfa2674] - C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

    ¤¤¤¤¤ Reference

    Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
    Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
    Win XP_32b : a64013e98426e1877cb653685c5c0009
    Win XP_SP1_32b : 95b858761a00e1d4f81f79a0da019aca
    Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
    Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
    Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
    Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
    Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
    Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
    Windows 7_32b : 338c86357871c167a96ab976519bf59e
    Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C

    ¤¤¤¤¤¤¤¤¤¤ Explorer ¤¤¤¤¤¤¤¤¤¤

    [MD5.f2317622d29f9ff0f88aeecd5f60f0dd] - C:\WINDOWS\explorer.exe
    [MD5.b795475444d6d57a572c14b9e1a29839] - C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
    [MD5.d0288319660edcfed07c7e74c4ea38a5] - C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
    [MD5.2a7bd330924252a2fd80344fc949bb72] - C:\WINDOWS\$NtServicePackUninstall$\explorer.exe.000
    [MD5.2a7bd330924252a2fd80344fc949bb72] - C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
    [MD5.f2317622d29f9ff0f88aeecd5f60f0dd] - C:\WINDOWS\ERDNT\cache\explorer.exe
    [MD5.f2317622d29f9ff0f88aeecd5f60f0dd] - C:\WINDOWS\ServicePackFiles\i386\explorer.exe

    ¤¤¤¤¤¤¤¤¤¤ Winlogon ¤¤¤¤¤¤¤¤¤¤

    [MD5.123eea158f74d0f67a51dcdf065d1091] - C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
    [MD5.71820bc9ee6653c8748922459dfc384d] - C:\WINDOWS\$NtUninstallKB841533$\winlogon.exe
    [MD5.dd73d6b9f6b4cb630cf35b438b540174] - C:\WINDOWS\ERDNT\cache\winlogon.exe
    [MD5.d41d8cd98f00b204e9800998ecf8427e] - C:\WINDOWS\PCHEALTH\ErrorRep\UserDumps\winlogon.exe.20061114-100226-00.mdmp
    [MD5.dd73d6b9f6b4cb630cf35b438b540174] - C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
    [MD5.dd73d6b9f6b4cb630cf35b438b540174] - C:\WINDOWS\system32\winlogon.exe

    ¤¤¤¤¤¤¤¤¤¤ Wininit ¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤ Mountpoints2 ¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤ First Scan ¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤

    [HKEY_CURRENT_USER\software\ABBYY]
    [HKEY_CURRENT_USER\software\Acronis]
    [HKEY_CURRENT_USER\software\Ad-Remover]
    [HKEY_CURRENT_USER\software\Adobe]
    [HKEY_CURRENT_USER\software\ALWIL Software]
    [HKEY_CURRENT_USER\software\AppDataLow]
    [HKEY_CURRENT_USER\software\ASProtect]
    [HKEY_CURRENT_USER\software\BBQuest]
    [HKEY_CURRENT_USER\software\BrickShooter]
    [HKEY_CURRENT_USER\software\Clients]
    [HKEY_CURRENT_USER\software\CyberLink]
    [HKEY_CURRENT_USER\software\Dolphin Dice XP 8.04 by Dragonfly Software]
    [HKEY_CURRENT_USER\software\FRANCE TELECOM]
    [HKEY_CURRENT_USER\software\FreshDevices]
    [HKEY_CURRENT_USER\software\Google]
    [HKEY_CURRENT_USER\software\HandyBits]
    [HKEY_CURRENT_USER\software\IADirectShow]
    [HKEY_CURRENT_USER\software\Intel]
    [HKEY_CURRENT_USER\software\InterActual Technologies]
    [HKEY_CURRENT_USER\software\Jetsoft]
    [HKEY_CURRENT_USER\software\Lavalys]
    [HKEY_CURRENT_USER\software\lazyware]
    [HKEY_CURRENT_USER\software\Lobstersoft]
    [HKEY_CURRENT_USER\software\Local AppWizard-Generated Applications]
    [HKEY_CURRENT_USER\software\Logitech]
    [HKEY_CURRENT_USER\software\Macromedia]
    [HKEY_CURRENT_USER\software\Malwarebytes' Anti-Malware]
    [HKEY_CURRENT_USER\software\MDO]
    [HKEY_CURRENT_USER\software\Microsoft]
    [HKEY_CURRENT_USER\software\Mindscape]
    [HKEY_CURRENT_USER\software\MozillaPlugins]
    [HKEY_CURRENT_USER\software\Nadeo]
    [HKEY_CURRENT_USER\software\Netropa]
    [HKEY_CURRENT_USER\software\Netscape]
    [HKEY_CURRENT_USER\software\NVIDIA Corporation]
    [HKEY_CURRENT_USER\software\ODBC]
    [HKEY_CURRENT_USER\software\Olivier Lapicque]
    [HKEY_CURRENT_USER\software\PCbit Software, Inc.]
    [HKEY_CURRENT_USER\software\Pellenc Software]
    [HKEY_CURRENT_USER\software\PIXELA]
    [HKEY_CURRENT_USER\software\Policies]
    [HKEY_CURRENT_USER\software\Recreasoft]
    [HKEY_CURRENT_USER\software\SecuROM]
    [HKEY_CURRENT_USER\software\Sensaura]
    [HKEY_CURRENT_USER\software\SoftAK]
    [HKEY_CURRENT_USER\software\Softonic]
    [HKEY_CURRENT_USER\software\Symantec]
    [HKEY_CURRENT_USER\software\Sysinternals]
    [HKEY_CURRENT_USER\software\Teknum Systems]
    [HKEY_CURRENT_USER\software\Wget]
    [HKEY_CURRENT_USER\software\WinRAR]
    [HKEY_CURRENT_USER\software\WinRAR SFX]
    [HKEY_CURRENT_USER\software\Yahoo]
    [HKEY_CURRENT_USER\software\Classes]

    [HKEY_LOCAL_MACHINE\software\8169Diag]
    [HKEY_LOCAL_MACHINE\software\ABBYY]
    [HKEY_LOCAL_MACHINE\software\Acronis]
    [HKEY_LOCAL_MACHINE\software\Adobe]
    [HKEY_LOCAL_MACHINE\software\Altwood Systems Ltd]
    [HKEY_LOCAL_MACHINE\software\ALWIL Software]
    [HKEY_LOCAL_MACHINE\software\Apple Computer, Inc.]
    [HKEY_LOCAL_MACHINE\software\Apps TMD]
    [HKEY_LOCAL_MACHINE\software\Audioneer]
    [HKEY_LOCAL_MACHINE\software\Avery]
    [HKEY_LOCAL_MACHINE\software\AxySoft]
    [HKEY_LOCAL_MACHINE\software\BackWeb]
    [HKEY_LOCAL_MACHINE\software\Big Fish Games]
    [HKEY_LOCAL_MACHINE\software\C07ft5Y]
    [HKEY_LOCAL_MACHINE\software\Classes]
    [HKEY_LOCAL_MACHINE\software\Clients]
    [HKEY_LOCAL_MACHINE\software\COKTEL]
    [HKEY_LOCAL_MACHINE\software\Creative]
    [HKEY_LOCAL_MACHINE\software\CyberLink]
    [HKEY_LOCAL_MACHINE\software\D-Link]
    [HKEY_LOCAL_MACHINE\software\Disney Interactive]
    [HKEY_LOCAL_MACHINE\software\Empire Interactive]
    [HKEY_LOCAL_MACHINE\software\Enigma]
    [HKEY_LOCAL_MACHINE\software\FRANCE TELECOM]
    [HKEY_LOCAL_MACHINE\software\FreshDevices]
    [HKEY_LOCAL_MACHINE\software\Gemplus]
    [HKEY_LOCAL_MACHINE\software\Gentee]
    [HKEY_LOCAL_MACHINE\software\GMixon]
    [HKEY_LOCAL_MACHINE\software\Google]
    [HKEY_LOCAL_MACHINE\software\HandyBits]
    [HKEY_LOCAL_MACHINE\software\Hexacto]
    [HKEY_LOCAL_MACHINE\software\InstallShield]
    [HKEY_LOCAL_MACHINE\software\Intel]
    [HKEY_LOCAL_MACHINE\software\InterActual Technologies]
    [HKEY_LOCAL_MACHINE\software\Lexis Products]
    [HKEY_LOCAL_MACHINE\software\Lexmark]
    [HKEY_LOCAL_MACHINE\software\Licenses]
    [HKEY_LOCAL_MACHINE\software\Logitech]
    [HKEY_LOCAL_MACHINE\software\Macromedia]
    [HKEY_LOCAL_MACHINE\software\Magnetic Fields]
    [HKEY_LOCAL_MACHINE\software\Malwarebytes' Anti-Malware]
    [HKEY_LOCAL_MACHINE\software\Microsoft]
    [HKEY_LOCAL_MACHINE\software\Mindscape]
    [HKEY_LOCAL_MACHINE\software\Mozilla]
    [HKEY_LOCAL_MACHINE\software\mozilla.org]
    [HKEY_LOCAL_MACHINE\software\MozillaPlugins]
    [HKEY_LOCAL_MACHINE\software\NADEO]
    [HKEY_LOCAL_MACHINE\software\NEC]
    [HKEY_LOCAL_MACHINE\software\NEC Computers International]
    [HKEY_LOCAL_MACHINE\software\Netropa]
    [HKEY_LOCAL_MACHINE\software\NVIDIA Corporation]
    [HKEY_LOCAL_MACHINE\software\ODBC]
    [HKEY_LOCAL_MACHINE\software\Packard Bell]
    [HKEY_LOCAL_MACHINE\software\Panda Software]
    [HKEY_LOCAL_MACHINE\software\PepiMK Software]
    [HKEY_LOCAL_MACHINE\software\PIXELA]
    [HKEY_LOCAL_MACHINE\software\Policies]
    [HKEY_LOCAL_MACHINE\software\Program Groups]
    [HKEY_LOCAL_MACHINE\software\Rage]
    [HKEY_LOCAL_MACHINE\software\Rage Software]
    [HKEY_LOCAL_MACHINE\software\Realtek]
    [HKEY_LOCAL_MACHINE\software\Realtek Semiconductor Corp.]
    [HKEY_LOCAL_MACHINE\software\RegisteredApplications]
    [HKEY_LOCAL_MACHINE\software\RTLSetup]
    [HKEY_LOCAL_MACHINE\software\Safer Networking Limited]
    [HKEY_LOCAL_MACHINE\software\SBInfo]
    [HKEY_LOCAL_MACHINE\software\Schlumberger]
    [HKEY_LOCAL_MACHINE\software\SDLL]
    [HKEY_LOCAL_MACHINE\software\Secure]
    [HKEY_LOCAL_MACHINE\software\SigmaTel]
    [HKEY_LOCAL_MACHINE\software\Silicon Integrated Systems Corp.]
    [HKEY_LOCAL_MACHINE\software\Silicon Integrated Systems Corporation]
    [HKEY_LOCAL_MACHINE\software\SmartLink]
    [HKEY_LOCAL_MACHINE\software\Sony Corporation]
    [HKEY_LOCAL_MACHINE\software\SONY PVC]
    [HKEY_LOCAL_MACHINE\software\SumatraPDF]
    [HKEY_LOCAL_MACHINE\software\Swearware]
    [HKEY_LOCAL_MACHINE\software\Symantec]
    [HKEY_LOCAL_MACHINE\software\Teknum Systems]
    [HKEY_LOCAL_MACHINE\software\The Learning Company]
    [HKEY_LOCAL_MACHINE\software\The Silicon Realms Toolworks]
    [HKEY_LOCAL_MACHINE\software\TLC-Edusoft]
    [HKEY_LOCAL_MACHINE\software\TravellersTalesToyStory2]
    [HKEY_LOCAL_MACHINE\software\Ubi Soft]
    [HKEY_LOCAL_MACHINE\software\Uniblue]
    [HKEY_LOCAL_MACHINE\software\VERITAS]
    [HKEY_LOCAL_MACHINE\software\Windows 3.1 Migration Status]
    [HKEY_LOCAL_MACHINE\software\WinRAR]
    [HKEY_LOCAL_MACHINE\software\Wise Solutions]
    [HKEY_LOCAL_MACHINE\software\WORD]
    [HKEY_LOCAL_MACHINE\software\Yahoo]
    [HKEY_LOCAL_MACHINE\software\ZAG]

    ¤¤¤¤¤¤¤¤¤¤ Files/folders ¤¤¤¤¤¤¤¤¤¤

    Present !! : \AUTOEXEC.BAT
    Present !! : \qr.dat
    Present !! : \AUDIO3D.DLL
    Present !! : \CMIDS3D.DLL
    Present !! : \CMIRMDRV.DLL
    Present !! : \CMUDA.DLL
    Present !! : \NetAgent.dll
    Present !! : \UDAPROP.DLL
    Present !! : \CMIRMDRV.EXE
    Present !! : \dumppo.exe
    Present !! : \SmWizard.exe
    Present !! : \CM5451.INF
    Present !! : \CM5455.INF
    Present !! : \CMICHX.INF
    Present !! : \CMNVDA.INF
    Present !! : \CMSIS.INF
    Present !! : \CMUDA.INF
    Present !! : \CMVIA.INF
    Present !! : C:\Documents and Settings\All Users\NTUSER.DAT
    Present !! : C:\Documents and Settings\All Users\NTUSER.DAT
    Present !! : C:\Documents and Settings\All Users\NTUSER.DAT
    Present !! : C:\Documents and Settings\All Users\NTUSER.DAT
    Present !! : C:\WINDOWS\001154_.tmp
    Present !! : C:\WINDOWS\002438_.tmp
    Present !! : C:\WINDOWS\003707_.tmp
    Present !! : C:\WINDOWS\005871_.tmp
    Present !! : C:\WINDOWS\SETC0.tmp
    Present !! : C:\WINDOWS\SETCF.tmp
    Present !! : C:\WINDOWS\aucfg.ini
    Present !! : C:\WINDOWS\inf\nt5java.inf
    Present !! : C:\WINDOWS\System32\drivers\Sonyhcp.dll

    ¤¤¤¤¤¤¤¤¤¤ Keys :

    Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {0E5CBF21-D15F-11D0-8301-00AA005B4383}
    Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
    Present !! : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
    Present !! : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d}
    Present !! : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d}
    Present !! : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}
    Present !! : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}
    Present !! : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}

    FEATURE_BROWSER_EMULATION | svchost :
    ====================================

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-11 13:35:35
    Windows 5.1.2600 Service Pack 3 FAT NTAPI

    scanning hidden processes ...

    IPC error: 2 Le fichier spécifié est introuvable.
    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys siside.sys PCIIDEX.SYS
    kernel: MBR read successfully
    user & kernel MBR OK

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    AntiVirusDisableNotify = 0 (0x0)
    FirewallDisableNotify = 0 (0x0)
    UpdatesDisableNotify = 0 (0x0)
    AntiVirusOverride = 0 (0x0)
    FirewallOverride = 0 (0x0)

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    End of scan : 13:36:52,42
    0
  16. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    c'est pas le rapport clean celui la regarde sur le bureau
    0
  17. corel
     
    oups excuse moi...

    Le voici :

    ¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.1.2.0 ¤¤¤¤¤¤¤¤¤¤

    User : alain (Administrateurs)
    Update on 10/11/2010 by g3n-h@ckm@n ::::: 21.00
    Start at: 14:39:37 | 11/11/2010

    Intel(R) Celeron(R) CPU 1.70GHz
    Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
    Internet Explorer 7.0.5730.11
    Windows Firewall Status : Enabled
    AV : avast! Antivirus 5.0.83886757 [ Enabled | Updated ]

    A:\ -> Lecteur de disquettes 3 ½ pouces
    C:\ -> Disque fixe local | 36,2 Go (11,22 Go free) [HDD] | NTFS
    F:\ -> Disque fixe local | 1,95 Go (474,26 Mo free) [RESTDONE] | FAT32

    ¤¤¤¤¤¤¤¤¤¤ Files/folders :

    Quarantined & Deleted !! : \AUTOEXEC.BAT
    Quarantined & Deleted !! : \qr.dat
    Quarantined & Deleted !! : \AUDIO3D.DLL
    Quarantined & Deleted !! : \CMIDS3D.DLL
    Quarantined & Deleted !! : \CMIRMDRV.DLL
    Quarantined & Deleted !! : \CMUDA.DLL
    Quarantined & Deleted !! : \NetAgent.dll
    Quarantined & Deleted !! : \UDAPROP.DLL
    Quarantined & Deleted !! : \CMIRMDRV.EXE
    Quarantined & Deleted !! : \dumppo.exe
    Quarantined & Deleted !! : \SmWizard.exe
    Quarantined & Deleted !! : \CM5451.INF
    Quarantined & Deleted !! : \CM5455.INF
    Quarantined & Deleted !! : \CMICHX.INF
    Quarantined & Deleted !! : \CMNVDA.INF
    Quarantined & Deleted !! : \CMSIS.INF
    Quarantined & Deleted !! : \CMUDA.INF
    Quarantined & Deleted !! : \CMVIA.INF
    Quarantined & Deleted !! : C:\Documents and Settings\All Users\NTUSER.DAT
    Quarantined & Deleted !! : C:\Documents and Settings\All Users\NTUSER.DAT
    Quarantined & Deleted !! : C:\Documents and Settings\All Users\NTUSER.DAT
    Quarantined & Deleted !! : C:\Documents and Settings\All Users\NTUSER.DAT
    Quarantined & Deleted !! : C:\WINDOWS\001154_.tmp
    Quarantined & Deleted !! : C:\WINDOWS\002438_.tmp
    Quarantined & Deleted !! : C:\WINDOWS\003707_.tmp
    Quarantined & Deleted !! : C:\WINDOWS\005871_.tmp
    Quarantined & Deleted !! : C:\WINDOWS\SETC0.tmp
    Quarantined & Deleted !! : C:\WINDOWS\SETCF.tmp
    Quarantined & Deleted !! : C:\WINDOWS\aucfg.ini
    Quarantined & Deleted !! : C:\WINDOWS\inf\nt5java.inf
    Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\Sonyhcp.dll

    ¤¤¤¤¤¤¤¤¤¤ Hosts ¤¤¤¤¤¤¤¤¤¤

    127.0.0.1 localhost

    ¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤

    Deleted : "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" : "NoDrives"
    Deleted : "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" : "NoDrives"

    ¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    Local Page = C:\WINDOWS\system32\blank.htm
    Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    Start Page = https://www.google.com/?gws_rd=ssl
    Local Page = C:\WINDOWS\system32\blank.htm
    Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

    ¤¤¤¤¤¤¤¤¤¤ Security Center ¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    AntiVirusDisableNotify = 0 (0x0)
    FirewallDisableNotify = 0 (0x0)
    UpdatesDisableNotify = 0 (0x0)
    AntiVirusOverride = 0 (0x0)
    FirewallOverride = 0 (0x0)
    FirstRunDisabled = 1 (0x1)

    ¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤

    Ndisuio : Start = 3
    EapHost : Start = 2
    Ip6Fw : Start = 2
    SharedAccess : Start = 2
    wuauserv : Start = 2
    wscsvc : Start = 2

    ¤¤¤¤¤¤¤¤¤¤ Winlogon

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    Shell = explorer.exe
    Userinit = C:\WINDOWS\System32\userinit.exe,

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    Disk Cleaned
    anti-ver blaster : OK
    Prefetch cleaned
    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    FEATURE_BROWSER_EMULATION | svchost :
    ====================================

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys siside.sys PCIIDEX.SYS
    kernel: MBR read successfully
    user & kernel MBR OK

    End of Scan : 14:43:52,60

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    0
  18. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    Télécharge DelFix sur ton bureau.

    http://sd-1.archive-host.com/membres/up/17959594961240255/DelFix.exe

    3.1 - Option Recherche

    Téléchargez DelFix sur votre bureau.
    Lancez le, tapez 1 et validez en appuyant sur [Entrée]
    Patientez quelques secondes puis copiez/collez le contenu du rapport qui s'ouvrira sur le forum qui vous prend en charge.

    Note : Le rapport est sauvegardé sous C:\DelFixSearch.txt

    -------------------------

    3.2 - Option Suppression

    Téléchargez DelFix sur votre bureau
    Lancez le, tapez 2 et validez en appuyant sur [Entrée]
    Patientez quelques secondes puis copiez/collez le contenu du rapport qui s'ouvrira sur le forum qui vous prend en charge.

    Note : Le rapport est sauvegardé sous C:\DelFixSuppr.txt

    ----------------après------

    tu va télécharger Ccleaner http://dl.commentcamarche.net/...

    ouvre "Ccleaner" vas dans l'onglet "Option" puis "Avancé" puis décoches "Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures."

    . Puis vas dans l'onglet "Nettoyeur" fais "Analyse" puis "Lancer le nettoyage".
    Puis vas dans l'onglet "Registre" puis fait "Chercher des erreurs" puis "Réparer les erreurs sélectionnée"
    . Tu refais tous ca 4-5 fois (le nettoyage et le registre).

    Puis reste dans "Ccleaner" puis va dans "Option" puis "Propriété" puis coches "Nettoyer automatiquement l'ordinateur au démarrage".

    içi mode d'emploi pour ccleaner

    https://www.malekal.com/tutoriel-ccleaner/
    0
  19. corel
     
    re,

    le premier rapport :

    ########## DelFix - Nettoyeur d'outils de désinfection ##########
    #
    # DelFix v6.2 - Rapport créé le 11/11/2010 à 21:18
    # Mis à jour le 11/11/10 à 16h00 par Xplode
    # Système d'exploitation : Microsoft Windows XP (32 bits) [version 5.1.2600] Service Pack 3
    # Navigateur : Internet Explorer [Navigateur par défaut]
    # Nom d'utilisateur : alain - MACHINEDUFOUR (Administrateur)
    # Exécuté depuis : C:\Documents and Settings\alain\Bureau\DelFix.exe

    ~~~~~~ Dossier(s) ~~~~~~

    Présent : C:\Qoobox
    Présent : C:\Kill'em
    Présent : C:\Program Files\Ad-Remover
    Présent : C:\Program Files\List_Kill'em
    Présent : C:\Program Files\ZHPDiag
    Présent : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\List_Kill'em
    Présent : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ZHP

    ~~~~~~ Fichier(s) ~~~~~~

    Présent : C:\ComboFix.txt
    Présent : C:\List'em.txt
    Présent : C:\Ad-Report-CLEAN[1].txt
    Présent : C:\Ad-Report-CLEAN[2].txt
    Présent : C:\Ad-Report-SCAN[1].txt
    Présent : C:\WINDOWS\grep.exe
    Présent : C:\WINDOWS\PEV.exe
    Présent : C:\WINDOWS\NIRCMD.exe
    Présent : C:\WINDOWS\MBR.exe
    Présent : C:\WINDOWS\sed.exe
    Présent : C:\WINDOWS\SWREG.exe
    Présent : C:\WINDOWS\SWSC.exe
    Présent : C:\WINDOWS\SWXCACLS.exe
    Présent : C:\WINDOWS\zip.exe
    Présent : C:\Documents and Settings\alain\Bureau\List_Killem_Install.exe
    Présent : C:\Documents and Settings\alain\Bureau\AD-R.lnk
    Présent : C:\Documents and Settings\alain\Bureau\ZHPDiag.exe
    Présent : C:\Documents and Settings\alain\Bureau\ZHPDiag.txt
    Présent : C:\Documents and Settings\alain\Bureau\Kill'em.txt
    Présent : C:\Documents and Settings\alain\Bureau\More.txt
    Présent : C:\Documents and Settings\All Users\Bureau\ZHPDiag.lnk
    Présent : C:\Documents and Settings\All Users\Bureau\ZHPFix.lnk
    Présent : C:\Documents and Settings\All Users\Bureau\MBRCheck.lnk

    ~~~~~~ Registre ~~~~~~

    Clé Présente : HKCU\SOFTWARE\Ad-Remover
    Clé Présente : HKLM\Software\swearware
    Clé Présente : HKLM\Software\Classes\.cfxxe
    Clé Présente : HKLM\Software\Classes\cfxxefile
    Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Remover
    Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1
    Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E88BA4E8-6B36-4D39-9499-C10B439819E1}_is1
    Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
    Clé Présente : HKCR\.cfxxe
    Clé Présente : HKCR\cfxxefile

    ########## EOF - "C:\DelFixSearch.txt" - [2599 octets] ##########
    0
  20. corel
     
    le deuxieme rapport :

    ########## DelFix - Nettoyeur d'outils de désinfection ##########
    #
    # DelFix v6.2 - Rapport créé le 11/11/2010 à 21:19
    # Mis à jour le 11/11/10 à 16h00 par Xplode
    # Système d'exploitation : Microsoft Windows XP (32 bits) [version 5.1.2600] Service Pack 3
    # Navigateur : Internet Explorer [Navigateur par défaut]
    # Nom d'utilisateur : alain - MACHINEDUFOUR (Administrateur)
    # Exécuté depuis : C:\Documents and Settings\alain\Bureau\DelFix.exe

    ~~~~~~ Dossier(s) ~~~~~~

    Supprimé : C:\Qoobox
    Supprimé : C:\Kill'em
    Supprimé : C:\Program Files\Ad-Remover
    Supprimé : C:\Program Files\List_Kill'em
    Supprimé : C:\Program Files\ZHPDiag
    Supprimé : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\List_Kill'em
    Supprimé : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ZHP

    ~~~~~~ Fichier(s) ~~~~~~

    Supprimé : C:\ComboFix.txt
    Supprimé : C:\List'em.txt
    Supprimé : C:\Ad-Report-CLEAN[1].txt
    Supprimé : C:\Ad-Report-CLEAN[2].txt
    Supprimé : C:\Ad-Report-SCAN[1].txt
    Supprimé : C:\WINDOWS\grep.exe
    Supprimé : C:\WINDOWS\PEV.exe
    Supprimé : C:\WINDOWS\NIRCMD.exe
    Supprimé : C:\WINDOWS\MBR.exe
    Supprimé : C:\WINDOWS\sed.exe
    Supprimé : C:\WINDOWS\SWREG.exe
    Supprimé : C:\WINDOWS\SWSC.exe
    Supprimé : C:\WINDOWS\SWXCACLS.exe
    Supprimé : C:\WINDOWS\zip.exe
    Supprimé : C:\Documents and Settings\alain\Bureau\List_Killem_Install.exe
    Supprimé : C:\Documents and Settings\alain\Bureau\AD-R.lnk
    Supprimé : C:\Documents and Settings\alain\Bureau\ZHPDiag.exe
    Supprimé : C:\Documents and Settings\alain\Bureau\ZHPDiag.txt
    Supprimé : C:\Documents and Settings\alain\Bureau\Kill'em.txt
    Supprimé : C:\Documents and Settings\alain\Bureau\More.txt
    Supprimé : C:\Documents and Settings\All Users\Bureau\ZHPDiag.lnk
    Supprimé : C:\Documents and Settings\All Users\Bureau\ZHPFix.lnk
    Supprimé : C:\Documents and Settings\All Users\Bureau\MBRCheck.lnk

    ~~~~~~ Registre ~~~~~~

    Clé Supprimée : HKCU\SOFTWARE\Ad-Remover
    Clé Supprimée : HKLM\Software\swearware
    Clé Supprimée : HKLM\Software\Classes\.cfxxe
    Clé Supprimée : HKLM\Software\Classes\cfxxefile
    Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Remover
    Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1
    Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E88BA4E8-6B36-4D39-9499-C10B439819E1}_is1
    Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

    ########## EOF - "C:\DelFixSuppr.txt" - [2578 octets] ##########

    Je lance ccleaner de suite...Tu veux un rapport?
    0
  • 1
  • 2