Sujet Précédent Sujet Suivant

Rapports Bitfender et Hijackthis à analyser

ancri Messages postés 108 Statut Membre -
jacques.gache Messages postés 34829 Statut Contributeur sécurité - 15 janv. 2011 à 18:55

Bonjour,

Mon PC rame et j'aimerais bien que quelqu'un m'aide à le nettoyer.

J'ai scanné avec Bitfender et Hijackthis.

Voici les rapports :

QuickScan Beta 32-bit v0.9.9.52
-------------------------------
Date de l'analyse : Sun Nov 21 19:35:31 2010
ID de la machine : 985B8739

Aucune infection détectée.
--------------------------

Processus
---------
Ad-Aware Service Application 1620 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
Ad-Aware Tray Application 3200 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
Adobe Reader and Acrobat Manager 3000 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Application Launcher 2808 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
AVG Internet Security 232 C:\Program Files\AVG\AVG8\avgcsrvx.exe
AVG Internet Security 840 C:\Program Files\AVG\AVG8\avgrsx.exe
AVG Internet Security 780 C:\PROGRA~1\AVG\AVG8\avgemc.exe
AVG Internet Security 2076 C:\PROGRA~1\AVG\AVG8\avgnsx.exe
AVG Internet Security 2756 C:\PROGRA~1\AVG\AVG8\avgtray.exe
AVG Internet Security 1884 C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
brother Industries Ltd brss01a.exe 1720 C:\WINDOWS\system32\brss01a.exe
brother Industries Ltd brsvc01a 1692 C:\WINDOWS\system32\brsvc01a.exe
CAPI_Worker Module 2372 C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
ControlCenter2 2652 C:\Program Files\Brother\ControlCenter2\brctrcen.exe
DAEMON Tools Lite 3424 C:\Program Files\DAEMON Tools Lite\DTLite.exe
Device Management 3972 C:\Program Files\Common Files\Teleca Shared\Generic.exe
eMule 3504 C:\Program Files\eMule\emule.exe
FinePixViewer 3588 C:\Program Files\FinePixViewerS\QuickDCF2.exe
Firefox 2668 C:\Program Files\Mozilla Firefox\firefox.exe
Java(TM) Platform SE 6 U14 188 C:\Program Files\Java\jre6\bin\jqs.exe
Microsoft ActiveSync 3296 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
Microsoft ActiveSync 3512 C:\PROGRA~1\MICROS~3\rapimgr.exe
Microsoft Office Live Add-In 3276 C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
Microsoft Office XP 2932 C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
Microsoft Search Enhancement Pack 272 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
Microsoft® Windows® Operating System 1292 C:\Program Files\Outlook Express\msimn.exe
Microsoft® Windows® Operating System 1216 C:\WINDOWS\explorer.exe
Microsoft® Windows® Operating System 2484 C:\WINDOWS\system32\alg.exe
Microsoft® Windows® Operating System 836 C:\WINDOWS\system32\csrss.exe
Microsoft® Windows® Operating System 3312 C:\WINDOWS\system32\ctfmon.exe
Microsoft® Windows® Operating System 916 C:\WINDOWS\system32\lsass.exe
Microsoft® Windows® Operating System 904 C:\WINDOWS\system32\services.exe
Microsoft® Windows® Operating System 748 C:\WINDOWS\system32\smss.exe
Microsoft® Windows® Operating System 1724 C:\WINDOWS\system32\spoolsv.exe
Microsoft® Windows® Operating System 516 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1912 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1220 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1800 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1316 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1164 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1124 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1060 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 2280 C:\WINDOWS\system32\wbem\unsecapp.exe
Microsoft® Windows® Operating System 2396 C:\WINDOWS\system32\wbem\wmiprvse.exe
Microsoft® Windows® Operating System 860 C:\WINDOWS\system32\winlogon.exe
NVIDIA Driver Helper Service, Version 8 248 C:\WINDOWS\system32\nvsvc32.exe
PaperPort 2584 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
QuickTime 3024 C:\Program Files\QuickTime\qttask.exe
Skype 3400 C:\Program Files\Skype\Phone\Skype.exe
Skype Extras Manager 1480 C:\Program Files\Skype\Plugin Manager\skypePM.exe
Status Monitor 3976 C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
Status Monitor 3648 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
w3dbsmgr.exe 3676 C:\PVSW\Bin\w3dbsmgr.exe
Windows Live Communications Platform 3248 C:\Program Files\Windows Live\Contacts\wlcomm.exe
Windows Live Messenger 3188 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

Activité du réseau
------------------
Processus avgnsx.exe (2076) connecté sur le port 80 (HTTP) --> 209.85.149.147
Processus avgnsx.exe (2076) connecté sur le port 80 (HTTP) --> 74.125.39.18
Processus avgnsx.exe (2076) connecté sur le port 80 (HTTP) --> 74.125.39.18
Processus avgnsx.exe (2076) connecté sur le port 80 (HTTP) --> 66.46.185.73
Processus avgnsx.exe (2076) connecté sur le port 80 (HTTP) --> 194.90.36.202
Processus avgnsx.exe (2076) connecté sur le port 80 (HTTP) --> 212.150.35.67
Processus avgnsx.exe (2076) connecté sur le port 80 (HTTP) --> 74.125.39.18
Processus avgnsx.exe (2076) connecté sur le port 80 (HTTP) --> 66.46.185.73
Processus avgnsx.exe (2076) connecté sur le port 80 (HTTP) --> 74.125.39.18
Processus avgnsx.exe (2076) connecté sur le port 80 (HTTP) --> 74.125.39.18
Processus avgnsx.exe (2076) connecté sur le port 80 (HTTP) --> 74.125.39.18
Processus avgnsx.exe (2076) connecté sur le port 80 (HTTP) --> 66.46.185.73
Processus avgnsx.exe (2076) connecté sur le port 80 (HTTP) --> 88.221.61.115
Processus avgnsx.exe (2076) connecté sur le port 80 (HTTP) --> 209.85.149.113
Processus avgnsx.exe (2076) connecté sur le port 80 (HTTP) --> 209.85.149.113
Processus firefox.exe (2668) connecté sur le port 443 (HTTP over SSL) --> 66.29.219.22
Processus firefox.exe (2668) connecté sur le port 443 (HTTP over SSL) --> 209.85.149.147
Processus firefox.exe (2668) connecté sur le port 443 (HTTP over SSL) --> 66.29.219.22
Processus firefox.exe (2668) connecté sur le port 443 (HTTP over SSL) --> 66.29.219.22
Processus firefox.exe (2668) connecté sur le port 443 (HTTP over SSL) --> 74.125.39.18
Processus msnmsgr.exe (3188) connecté sur le port 1863 (MSN) --> 64.4.44.78
Processus Skype.exe (3400) connecté sur le port 49663 --> 84.229.11.15
Processus Skype.exe (3400) connecté sur le port 49938 --> 77.125.80.12
Processus Skype.exe (3400) connecté sur le port 27918 --> 84.110.9.218
Processus emule.exe (3504) connecté sur le port 4232 --> 212.179.18.140

Processus svchost.exe (1124) écoute sur les ports: 135 (RPC)
Processus Skype.exe (3400) écoute sur les ports: 80 (HTTP), 443 (HTTP over SSL), 32925
Processus emule.exe (3504) écoute sur les ports: 29417
Processus w3dbsmgr.exe (3676) écoute sur les ports: 1583, 3351

Fichiers critiques et Autorun
-----------------------------
Ad-Aware Admin Application C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Application Launcher C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
AVG Internet Security C:\Program Files\AVG\AVG8\avgtray.exe
AVG Internet Security C:\WINDOWS\system32\avgrsstx.dll
BrStDvPt C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
ControlCenter2 C:\Program Files\Brother\ControlCenter2\brctrcen.exe
DAEMON Tools Lite C:\Program Files\DAEMON Tools Lite\DTLite.exe
eMule C:\Program Files\eMule\emule.exe
FinePixViewer C:\Program Files\FinePixViewerS\QuickDCF2.exe
Microsoft ActiveSync C:\Program Files\Microsoft ActiveSync\wcescomm.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\browseui.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\crypt32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\dimsntfy.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\dumprep.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\shell32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\wlnotify.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
NVIDIA Compatible Windows 2000 Display C:\WINDOWS\system32\NvCpl.dll
NVIDIA Media Center Library C:\WINDOWS\system32\NvMcTray.dll
PaperPort C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
PaperPort C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
QuickTime C:\Program Files\QuickTime\qttask.exe
Realtek AC97 Audio - Event Monitor C:\WINDOWS\ALCMTR.EXE
Skype C:\Program Files\Skype\\Phone\Skype.exe
SSBkgdUpdate Application C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
Status Monitor C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
w3dbsmgr.exe C:\PVSW\Bin\w3dbsmgr.exe
Windows Live Messenger C:\Program Files\Windows Live\Messenger\msnmsgr.exe
Windows® Internet Explorer C:\WINDOWS\system32\msfeedssync.exe
Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll

Plugins du navigateur
---------------------
AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
Adobe® Flash® Player ActiveX C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
AVG Internet Security c:\program files\avg\avg8\avgssie.dll
bdoscandel.exe C:\WINDOWS\bdoscandel.exe
bdscanonline C:\WINDOWS\Downloaded Program Files\oscan8.ocx
bdupd.dll C:\WINDOWS\Downloaded Program Files\bdupd.dll
BitDefender QuickScan C:\Documents and Settings\Yael\Application Data\Mozilla\Firefox\Profiles\bt7s07d1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
BitDefender QuickScan C:\Documents and Settings\Yael\Application Data\Mozilla\Firefox\Profiles\bt7s07d1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
BitDefender QuickScan C:\Documents and Settings\Yael\Application Data\Mozilla\Firefox\Profiles\bt7s07d1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll (deleted)
frozen.dll C:\Documents and Settings\Yael\Application Data\Mozilla\Firefox\Profiles\bt7s07d1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
googletoolbar-ff2.dll C:\Documents and Settings\Yael\Application Data\Mozilla\Firefox\Profiles\bt7s07d1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
googletoolbar-ff3.dll C:\Documents and Settings\Yael\Application Data\Mozilla\Firefox\Profiles\bt7s07d1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
googletoolbarloader.dll C:\Documents and Settings\Yael\Application Data\Mozilla\Firefox\Profiles\bt7s07d1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
ICQ C:\Program Files\ICQ7.2\ICQ.exe
IEAWSDC.DLL C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL
InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.dll
InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.exe
InstallShield Update Service C:\WINDOWS\Downloaded Program Files\isusweb.dll
ipsupd.dll C:\WINDOWS\Downloaded Program Files\ipsupd.dll
Java Deployment Toolkit 6.0.140.8 C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
Java(TM) Platform SE 6 U14 c:\program files\java\jre6\bin\jp2ssv.dll
Java(TM) Platform SE 6 U14 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
Messenger C:\Program Files\Messenger\msmsgs.exe
Microsoft Office Live Plug-in for Firef C:\Program Files\Microsoft\Office Live\npOLW.dll
Microsoft Search Enhancement Pack c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll
Microsoft® Windows Live Login Helper c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
Microsoft® Windows Media Player Firefox C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
Mozilla ActiveX control and plugin supp C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
nppdf32.FRA C:\Program Files\Internet Explorer\plugins\nppdf32.FRA
nppdf32.FRA C:\Program Files\Mozilla Firefox\plugins\nppdf32.FRA
NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
Picasa C:\Program Files\Picasa2\npPicasa2.dll
QuickTime Plug-in 7.0.3 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.0.3 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 7.0.3 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 7.0.3 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 7.0.3 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 7.0.3 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 7.0.3 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
QuickTime Plug-in 7.0.3 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
QuickTime Plug-in 7.0.3 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
QuickTime Plug-in 7.0.3 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
QuickTime Plug-in 7.0.3 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
QuickTime Plug-in 7.0.3 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
QuickTime Plug-in 7.0.3 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
QuickTime Plug-in 7.0.3 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
Silverlight Plug-In C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
Windows Genuine Advantage C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
Windows Live Toolbar c:\program files\windows live\toolbar\wltcore.dll
Windows Live® Photo Gallery C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
Windows Presentation Foundation C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll

Fichiers manquants
------------------
Fichier non trouvé : C:\WINDOWS\System32\appmgmts.dll
--> HKLM\System\ControlSet001\services\AppMgmt\Parameters\"ServiceDll"

Fichier non trouvé : System32\Drivers\Bulk533.sys
--> HKLM\System\ControlSet001\services\USBCamera\"ImagePath"

Fichier non trouvé : System32\Drivers\Ca533av.sys
--> HKLM\System\ControlSet001\services\Ca533av\"ImagePath"

Analyse
-------

Aucun fichier téléchargé vers le serveur.

Analyse terminée - la communication a duré 28 secondes
Trafic total - 0.11 Mo envoyés, 637.77 Ko reçus
1414 fichiers et modules analysés - 180 seconds

==============================================================================

Et l'autre :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:48:30, on 21/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\eMule\emule.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\PVSW\Bin\w3dbsmgr.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {00e71626-0bef-11dc-8314-0800200c9a66} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: ???? ?????? ?? Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Startup: Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\Bin\w3dbsmgr.exe
O4 - Global Startup: Exif Launcher S.lnk = C:\Program Files\FinePixViewerS\QuickDCF2.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: &??? ?- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://www.comsecure.co.il/OnlineScanner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Afficher la suite

A voir également:

Rapports Bitfender et Hijackthis à analyser
Hijackthis - Télécharger - Antivirus & Antimalwares
Analyser et réparer disque dur externe - Guide
Analyser clé usb - Guide
Image analyser - Télécharger - Photo & Graphisme
Analyser performance pc - Guide

62 réponses

Réponse 41 / 62

ancri Messages postés 108 Statut Membre

############################## | UsbFix 7.035 | [Deletion]

User: Yael (Administrator) # COMPUTER-XP [ ]
Updated 22/11/10 by El Desaparecido / C_XX
Started at 23:47:22 | 30/11/2010
Website: http://www.teamxscript.org
Contact: eldesaparecido@teamxscript.org

CPU: AMD Athlon(tm) 64 Processor 3500+
Microsoft Windows XP Home Edition (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 8.0.6001.18702

Windows Firewall: Enabled
Antivirus: AVG Anti-Virus Free 8.5 [Enabled | Updated]
Antivirus: Lavasoft Ad-Watch Live! Antivirus [Enabled | Updated]
RAM -> 959 Mb
C:\ (%systemdrive%) -> Fixed drive # 78 Gb (12 Mb free - 16%) [] # NTFS
D:\ -> Fixed drive # 155 Gb (117 Mb free - 76%) [] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> Removable drive # 8 Gb (7 Mb free - 99%) [A-DATA UFD] # FAT32
H:\ -> Removable drive # 4 Gb (3 Mb free - 90%) [] # FAT32

################## | Files # Infected Folders |

Deleted ! C:\Recycler\S-1-5-21-796845957-1425521274-725345543-1004
Deleted ! C:\Recycler\S-1-5-21-796845957-1425521274-725345543-1005
Deleted ! D:\Recycler\S-1-5-21-796845957-1425521274-725345543-1004
Deleted ! D:\Recycler\S-1-5-21-796845957-1425521274-725345543-1005
Not deleted ! F:\autorun.inf

################## | Registry |

Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoFind
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoRun

################## | Mountpoints2 |

Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{4600e4f2-9dc1-11de-b2cd-001485379c1c}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{77020014-167b-11df-86cc-001485379c1c}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{bb4cc7f5-ef57-11df-8735-001485379c1c}

################## | Listing |

[30/11/2010 - 22:45:33 | D ] C:\$AVG8.VAULT$
[30/11/2010 - 21:12:37 | N | 7233] C:\aaw7boot.log
[30/11/2010 - 21:10:59 | N | 3198] C:\Ad-Report-CLEAN[1].txt
[30/11/2010 - 18:56:03 | N | 3125] C:\Ad-Report-SCAN[1].txt
[08/04/2008 - 19:29:34 | N | 0] C:\AUTOEXEC.BAT
[29/06/2009 - 13:35:42 | RASHD ] C:\autorun.inf
[23/09/2009 - 08:37:48 | D ] C:\bin
[08/04/2008 - 19:24:36 | N | 211] C:\boot.ini
[20/08/2009 - 16:19:45 | D ] C:\Brother
[08/04/2008 - 19:29:34 | N | 0] C:\CONFIG.SYS
[23/09/2009 - 08:46:13 | D ] C:\Creative
[23/11/2010 - 21:23:51 | D ] C:\Documents and Settings
[23/09/2009 - 08:44:19 | D ] C:\guiboui creative
[21/11/2010 - 19:48:06 | D ] C:\Hijackthis
[08/04/2008 - 19:29:34 | N | 0] C:\IO.SYS
[28/11/2010 - 08:21:51 | D ] C:\Kill'em
[28/11/2010 - 08:43:10 | N | 39628] C:\List'em.txt
[24/11/2010 - 22:14:55 | N | 127] C:\mbam-error.txt
[09/12/2008 - 09:52:11 | D ] C:\monsite2009
[08/04/2008 - 19:29:34 | N | 0] C:\MSDOS.SYS
[02/03/2006 - 14:00:00 | N | 47564] C:\NTDETECT.COM
[03/09/2008 - 21:21:50 | N | 250048] C:\ntldr
[30/11/2010 - 21:12:37 | ASH | 1509949440] C:\pagefile.sys
[30/11/2010 - 18:53:48 | D ] C:\Program Files
[23/09/2009 - 08:37:47 | N | 306] C:\pvinst.log
[23/09/2009 - 08:50:56 | D ] C:\PVSW
[23/09/2009 - 08:50:51 | D ] C:\pvswarch
[03/03/2010 - 08:58:28 | D ] C:\rav bencheetrit
[30/11/2010 - 23:52:28 | SHD ] C:\RECYCLER
[31/08/2010 - 21:53:17 | N | 12168] C:\Rescued document 1.txt
[15/09/2010 - 21:12:59 | N | 5765] C:\Rescued document 2.txt
[15/09/2010 - 21:13:32 | N | 21446] C:\Rescued document 3.txt
[12/10/2010 - 22:55:54 | N | 7423] C:\Rescued document 4.txt
[13/10/2010 - 08:28:52 | N | 58] C:\Rescued document 5.txt
[13/10/2010 - 08:28:53 | N | 301] C:\Rescued document 6.txt
[18/11/2010 - 15:12:59 | N | 3726] C:\Rescued document 7.txt
[18/11/2010 - 15:13:06 | N | 513] C:\Rescued document 8.txt
[18/11/2010 - 15:13:07 | N | 420] C:\Rescued document 9.txt
[11/08/2010 - 08:29:15 | N | 1303] C:\Rescued document.txt
[25/11/2010 - 23:38:51 | D ] C:\rsit
[30/06/2009 - 14:39:03 | SHD ] C:\System Volume Information
[30/06/2009 - 14:34:24 | N | 0] C:\TCleaner.txt
[30/11/2010 - 23:52:28 | D ] C:\UsbFix
[30/11/2010 - 23:52:33 | A | 1429] C:\UsbFix.txt
[30/11/2010 - 15:55:51 | D ] C:\WINDOWS
[25/11/2010 - 19:31:10 | D ] C:\?????
[25/03/2009 - 18:48:08 | D ] D:\$AVG8.VAULT$
[21/08/2009 - 02:16:48 | D ] D:\0bab2b4a21f713c3ab3c490d
[30/11/2010 - 08:35:38 | D ] D:\antispywares
[29/06/2009 - 13:35:42 | RASHD ] D:\autorun.inf
[18/04/2008 - 11:36:37 | D ] D:\BAHOLYFRO
[19/12/2007 - 15:54:01 | N | 220851] D:\Computer.wab
[21/03/2009 - 21:42:45 | D ] D:\emule
[08/04/2008 - 20:35:14 | D ] D:\f17b87bb42d16768827c
[18/10/2009 - 09:17:13 | D ] D:\films
[21/11/2003 - 23:20:23 | N | 75500696] D:\flashmx2004_trial_en_win.zip
[25/12/2007 - 06:23:11 | D ] D:\Games
[25/12/2007 - 18:45:19 | N | 687536284] D:\Image1.nrg
[21/11/2003 - 23:30:10 | N | 7057] D:\Macromedia.Flash.MX.2004.Pro.v7.0.1-keygen.rar
[25/12/2007 - 06:42:41 | D ] D:\Outlook Express
[28/02/2008 - 09:33:51 | D ] D:\passages
[30/11/2010 - 23:52:28 | SHD ] D:\RECYCLER
[09/04/2008 - 06:33:59 | D ] D:\SetUp
[25/12/2007 - 06:24:47 | D ] D:\SetUp Don't Delete !!! System files !!!
[04/08/2004 - 00:56:58 | N | 28672] D:\setupSNK.exe
[25/12/2007 - 06:24:47 | D ] D:\SMRTNTKY
[16/07/2009 - 02:01:00 | SHD ] D:\System Volume Information
[21/06/2010 - 16:57:38 | D ] D:\????? ??l;jp0oo0??
[06/05/2008 - 14:26:23 | R | 309] F:\autorun.inf
[23/10/2007 - 09:45:39 | R | 1336632] F:\LaunchU3.exe
[06/05/2008 - 14:11:20 | R | 5600229] F:\LaunchPad.zip
[30/03/2008 - 11:49:08 | D ] H:\Documents
[30/03/2008 - 11:49:08 | HD ] H:\System
[23/10/2007 - 10:45:40 | N | 1336632] H:\LaunchU3.exe
[29/06/2009 - 14:35:44 | RSHD ] H:\autorun.inf
[10/05/2010 - 17:28:06 | D ] H:\.Trashes
[10/05/2010 - 17:28:06 | D ] H:\.Spotlight-V100
[10/05/2010 - 17:28:06 | D ] H:\.fseventsd
[10/10/2009 - 21:12:40 | N | 3532380] H:\???? ????? -'? ???? ???????.mp3
[10/10/2009 - 21:11:22 | N | 3637454] H:\07 - ?????? ???? ?? ???? ??? ???? ?????? - ??? ????? ????.mp3
[10/10/2009 - 21:11:18 | N | 3715168] H:\06 - ?????? ???? ?? ??? ???????, ???? ????, ????? ??? ?????? ??? - ???? ??? ????.mp3
[10/10/2009 - 21:12:38 | N | 5613493] H:\???? ????? - ??? ????.mp3
[10/10/2009 - 21:12:38 | N | 3842085] H:\???? ????? - ???? ??? ???.mp3
[10/10/2009 - 21:11:00 | N | 5761625] H:\0 Matisyahu - Jerusalem.mp3
[10/10/2009 - 21:12:04 | N | 3932719] H:\Jewish - Avraham Fried - The Baal Shem Tov's Songs - 11 - Ni.mp3
[10/10/2009 - 21:12:08 | N | 6764686] H:\Matisyahu - Dispatch The Troops.mp3
[10/10/2009 - 21:14:48 | N | 3958663] H:\???? ????? - ????? ?? ???.mp3
[10/10/2009 - 21:11:18 | N | 5819339] H:\05 Matisyahu - Indestructible.mp3
[10/10/2009 - 21:11:46 | N | 4070420] H:\Avraham Fried - k'shem.mp3
[10/10/2009 - 21:11:10 | N | 6252195] H:\03. ?????? ???? - ????? ????.mp3
[10/10/2009 - 21:12:16 | N | 4352206] H:\Mordechai Ben David - Niggun Rashi ????? ?? ??? - ???? ??''?.mp3
[10/10/2009 - 21:11:54 | N | 2311182] H:\Avraham Fried - Yerusahalayim.mp3
[10/10/2009 - 21:12:00 | N | 2311182] H:\ISRAEL-Avraham Fried - Adon.mp3
[10/10/2009 - 21:11:16 | N | 5773395] H:\05 - Matisyahu - Live at Stubbs - King Without a Crown.mp3
[10/10/2009 - 21:12:12 | N | 7274499] H:\Matisyahu - King Without A Crown.mp3
[10/10/2009 - 21:11:36 | N | 4653262] H:\15 - ?????? ???? ?? ?? ???? ?????? ??? - ??????? ?????.mp3
[10/10/2009 - 21:13:28 | N | 4720846] H:\????? ?? ??? - ?????? - ??? ????.mp3
[10/10/2009 - 21:11:44 | N | 6009496] H:\avraham fried - Dovid Melech.mp3
[10/10/2009 - 21:11:18 | N | 4837028] H:\05. ???? ????? - ?? ????.mp3
[10/10/2009 - 21:11:40 | N | 3670222] H:\Avraham Fried - atoh.mp3
[10/10/2009 - 21:11:42 | N | 4901120] H:\Avraham Fried - Baruch Haba.mp3
[10/10/2009 - 21:13:40 | N | 7637143] H:\?????? ???? - ?????.mp3
[10/10/2009 - 21:11:58 | N | 6504656] H:\Cpia de matisyahu - shake off the dust arise - king without a crown.mp3
[10/10/2009 - 21:11:54 | N | 5385460] H:\Avraham Fried - yedid nefesh.mp3
[10/10/2009 - 21:12:10 | N | 5650449] H:\Matisyahu - Got no Water.mp3
[10/10/2009 - 21:10:54 | N | 5757134] H:\ ??? ???? - ??? ??? ?????.mp3
[10/10/2009 - 21:13:26 | N | 8644388] H:\????? ?? ??? - ???.mp3
[10/10/2009 - 21:11:48 | N | 6073649] H:\Avraham Fried - Shiru lamelech.mp3
[10/10/2009 - 21:11:22 | N | 6089711] H:\06 Torah Medley Avraham Fried Avinu Malkeinu Religious 128kbps.mp3
[10/10/2009 - 21:13:24 | N | 6107512] H:\????? ?? ??? - 05 ??? ????.mp3
[10/10/2009 - 21:12:06 | N | 6107898] H:\Matisyahu - Candle.mp3
[10/10/2009 - 21:11:28 | N | 10026736] H:\09 Matisyahu - Exaltation.mp3
[10/10/2009 - 21:12:14 | N | 8467343] H:\Matisyahu - Rastaman Chant.mp3
[10/10/2009 - 21:11:50 | N | 6778550] H:\Avraham Fried - tzion.mp3
[10/10/2009 - 21:13:34 | N | 6779214] H:\??? ???? - ??????-????? ???.mp3
[10/10/2009 - 21:13:38 | N | 17206584] H:\?????? ????? - ????? ???.mp3
[10/10/2009 - 21:11:46 | N | 7340238] H:\Avraham Fried - eilu v'eilu.mp3
[10/10/2009 - 21:13:32 | N | 14765402] H:\????? ?? ???- ???? ????.mp3
[10/10/2009 - 21:11:20 | N | 3024825] H:\06 Matisyahu - What I'm Fighting For.mp3
[10/10/2009 - 21:11:22 | N | 3024825] H:\06-matisyahu-what_im_fighting_for.mp3
[10/10/2009 - 21:11:38 | N | 2489657] H:\Avraham Fried - Ani Maamin mashiah.mp3
[10/10/2009 - 21:13:24 | N | 2512318] H:\????? ?? ??? - ??? ??? ?????.mp3
[10/10/2009 - 21:11:58 | N | 3300560] H:\Avraham Fried - ????? ?? ??? - ?????.mp3
[10/10/2009 - 21:11:58 | N | 2703566] H:\Avraham Fried (Hop Sasa) - Hop Sasa.mp3
[10/10/2009 - 21:13:06 | N | 2721890] H:\????? - ????? ?? ??? - ????? ????? - ??????? ?? ??????.mp3
[10/10/2009 - 21:13:32 | N | 2879181] H:\????? ??-??? - ????-???.mp3
[10/10/2009 - 21:13:08 | N | 3021181] H:\???? ???? ????.mp3
[10/10/2009 - 21:11:16 | N | 3256526] H:\05 - ?????? ???? ?? ??? ?? ??? - ?? ????? ???????.mp3
[10/10/2009 - 21:13:36 | N | 3497061] H:\??? ????- ??? ?????.mp3

################## | Vaccin |

C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
D:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
F:\Autorun.inf -> Folder created by Panda USB Vaccine
H:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)

################## | Upload |

Please send the file: C:\UsbFix_Upload_Me_COMPUTER-XP.zip
http://www.teamxscript.org/Upload.php
Thank you for your contribution.

################## | E.O.F |

Réponse 42 / 62

Master Flex Messages postés 450 Statut Membre 36

très bien :) nos petits amis s'en vont tranquillement peux tu me refaire scan avec zhp diag stp afin de voir si il reste des couche tard :) et poster le rapport dans ta prochaine réponse.

petit rappel au cas où tu aurais oublié la marche à suivre ;)

/!\ utilisateur de vista et seven, désactiver l'UAC./!\

/!\ utilisateur de vista et seven faite clique droit et "éxécuter en temps qu'administrateur/!\

> Télécharge zhpdiag (de Nicolas Coolman)

> Laisse toi guider lors de l'installation, il se lancera automatiquement à la fin.

> /!\Utilisateur de Vista et Seven : Clique droit sur le logo de ZHPdiag, « exécuter en tant qu'Administrateur »/!\

> Clique sur la petite loupe en haut à gauche pour débuter l'analyse :

>attention, le scan peut durer un certain temps, ne touche a rien d'autre tant que le scan est en cour

> Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette

> Héberge le rapport ZHPDiag.txt sur cijoint, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum.

->tu trouveras un lien comme celui ci: http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt c'est ce lien qu'il faudra me donner.

Réponse 43 / 62

ancri Messages postés 108 Statut Membre

Salut,

Voilà le rapport : http://www.cijoint.fr/cjlink.php?file=cj201012/cijP7o5SzY.txt

Réponse 44 / 62

ancri Messages postés 108 Statut Membre

Salut,

Où avez-vous disparus ? Il est ok ce rapport ?

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 45 / 62

Utilisateur anonyme

salut,

puisque MASTER FLEX n'a pas énormément de temps en ce moment, je fais avancer:

plus d'infection visible sur le rapport mais,

1/ désinstalle:

AD-AWARE: il est obsolète et ne sert plus a rien a part prendre de la place sur le PC.

spybot: comme ad-aware, il ne sert plus a rien.

les deux peuvent être remplacer par MBAM bien plus performant.

2/ emule:

si tu utilise le P2P, tu sera toujours infecter, le P2P est un vecteur d'infection très important: lis ceci: Les dangers du P2P.

désinstalle donc emule pour mieux te protéger.

quand ceci sera fait, préviens moi.
@+++

Réponse 46 / 62

ancri Messages postés 108 Statut Membre

Salut,

Désolée, j'avais plein de boulot et j'ai pas eu le temps de te répondre. En plus, j'avais du mal à me défaire d'Emule, même si je m'en sers pas beaucoup.

J'ai bien peur que mon PC rame de plus en plus. Il se peut qu'il y ait quelque chose qu'on ait pas vu ? Ou ça vient d'autre chose ?

@ +

jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 618

bonjour, si on me permet cette intrusion , ancri tu vas passer delfix et faire un nettoyage avec ccleaner et tu me dira comment va le pc après un redémarrage

1) DelFix - Option Suppression

Télécharge DelFix (d'Xplode) sur ton bureau.

Lance le puis sélectionne Suppression

Copie/colle le contenu du rapport qui s'ouvrira à l'écran dans ton prochain message.

Note : Le rapport est également sauvegardé à la racine du disque dur ( C:\DelFixSuppr.txt )

Une fois le rapport posté sur le forum, relance DelFix en sélectionnant Désinstallation.

2) fais un nettoayage avec ccleaner et les reglages donnés

télécharges Ccleaner à partir de cette adresses

https://www.commentcamarche.net/telecharger/utilitaires/5647-ccleaner/

.enregistres le sur le bureau
.double-cliques si sous XP sinon pour vista et seven clique droit et en tant que administrateur sur le fichier pour lancer l'installation
.sur la fenêtre de l'installation langage bien choisir français et OK
.cliques sur suivant
.lis la licence et j'accepte
.cliques sur suivant
.la tu ne gardes de coché que mettre un raccourci sur le bureau et puis contrôler automatiquement les mises à jour de Ccleaner
.cliques sur intaller
.cliques sur fermer
.double-cliques sur l'icône de Ccleaner pour l'ouvrir
.une fois ouvert tu cliques sur option et puis avancé
.tu décoches effacer uniquement les fichiers, du dossier temp de windows plus vieux que 24 heures
.cliques sur nettoyeur
.cliques sur windows et dans la colonne avancé
.cochesla première case vieilles données du perfetch que celle-la
.cliques sur analyse une fois l'analyse terminé
.cliques sur lancer le nettoyage et sur la demande de confirmation OK il vas falloir que tu le refasses une autre fois une fois fini vériffis en appuiant de nouveau sur analyse pour être sur qu'il n'y est plus rien
.cliques maintenant sur registre et puis sur rechercher les erreurs
.laisses tout cochées et cliques sur réparrer les erreurs sélectionnées
.il te demande de sauvegarder OUI
.tu lui donnes un nom pour pouvoir la retrouver et enregistre
.cliques sur corriger toutes les erreurs sélectionnées et sur la demande de confirmation OK
.il supprime et fermer tu vériffis en relancant rechercher les erreurs
.tu retournes dans option et tu recoches la case effacer uniquement les fichiers, du dossier temp de windows plus vieux que 24 heures et sur nettoyeur, windows sous avancé tu décoches la première case vieilles données du perfetch
.tu peux fermer Ccleaner

pour aider si besion tutoriel: https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

Réponse 47 / 62

ancri Messages postés 108 Statut Membre

Bonjour Jacques,

Merci de ton aide. Voici le rapport de Delfix :

########## DelFix - Nettoyeur d'outils de d?sinfection ##########
#
# DelFix v6.7 - Rapport cr?? le 21/12/2010 ? 08:01
# Mis ? jour le 28/11/10 ? 13h30 par Xplode
# Syst?me d'exploitation : Microsoft Windows XP (32 bits) [Version 5.1.2600] Service Pack 3
# Nom d'utilisateur : Yael - COMPUTER-XP (Administrateur)
# Ex?cut? depuis : C:\Documents and Settings\Yael\????? ??????\DelFix.exe
# Option [Suppression]

~~~~~~ Dossier(s) ~~~~~~

Supprim? : C:\USBFix
Supprim? : C:\RSIT
Supprim? : C:\Kill'em
Supprim? : C:\Program Files\Ad-Remover
Supprim? : C:\Program Files\List_Kill'em
Supprim? : C:\Program Files\ZHPDiag
Supprim? : C:\Program Files\trend micro

~~~~~~ Fichier(s) ~~~~~~

Supprim? : C:\List'em.txt
Supprim? : C:\UsbFix.txt
Supprim? : C:\UsbFix_Upload_Me_COMPUTER-XP.zip
Supprim? : C:\Ad-Report-CLEAN[1].txt
Supprim? : C:\Ad-Report-SCAN[1].txt
Supprim? : C:\TCleaner.txt
Supprim? : C:\WINDOWS\System32\tmp.reg
Supprim? : C:\WINDOWS\System32\tmp.txt
Supprim? : C:\Documents and Settings\Yael\????? ??????\List_Killem_Install.exe
Supprim? : C:\Documents and Settings\Yael\????? ??????\UsbFix.exe
Supprim? : C:\Documents and Settings\Yael\????? ??????\AD-R.lnk
Supprim? : C:\Documents and Settings\Yael\????? ??????\ZHPDiag.Txt
Supprim? : C:\Documents and Settings\Yael\????? ??????\List_Kill'em.lnk

~~~~~~ Registre ~~~~~~

Cl? Supprim?e : HKCU\SOFTWARE\Ad-Remover
Cl? Supprim?e : HKCU\SOFTWARE\USBFix
Cl? Supprim?e : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\List_Kill'em
Cl? Supprim?e : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ZHP
Cl? Supprim?e : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\HijackThis
Cl? Supprim?e : HKLM\Software\OldTimer Tools
Cl? Supprim?e : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Remover
Cl? Supprim?e : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\USBFix

~~~~~~ Autre ~~~~~~

-> ESET Online Scanner ... D?sinstall? avec succ?s
-> BitDefender Online Scanner ... D?sinstall? avec succ?s

########## EOF - "C:\DelFixSuppr.txt" - [2251 octets] ##########

@ +

jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 618

ok as tu fais le nettoyage avec ccleaner et les reglages donnés ?? si oui comment va le pc ??

ancri Messages postés 108 Statut Membre

J'ai fait le nettoyage exactement comme tu as dis. Ca a l'air d'aller mieux. J'espère que c'est vraiment le cas.

Merci en tout cas.

jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 618

bonjour, peux tu me refaire un list&kill"em , merci

DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)

Télécharge List_Kill'em et enregistre le sur ton bureau

double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

une fois terminée , clic sur "terminer" et le programme se lancera seul

choisis l'option Search

un icone blanc et noir va s'afficher sur le bureau , il te servira à relancer le programme par la suite.
un autre rouge et noir te servira a desinstaller le prog a la fin de la desinfection.

laisse travailler l'outil

à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , , il s'auto supprimera a la fin du scan

Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"

sinon le rapport est ici : C:\List'em.txt

Réponse 48 / 62

ancri Messages postés 108 Statut Membre

Salut,

Voilà le rapport :

?????????? List'em by g3n-h@ckm@n 2.1.2.8 ??????????

User : Yael (Administrators)
Update on 22/12/2010 by g3n-h@ckm@n ::::: 22.30
Start at: 22:02:11 | 23/12/2010

AMD Athlon(tm) 64 Processor 3500+
Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : AVG Anti-Virus Free 8.5 [ Enabled | Updated ]

A:\ -> ???? ????????? ?3 1/2 ????'
C:\ -> ???? ???? ????? | 78.13 Go (8.8 Go free) | NTFS
D:\ -> ???? ???? ????? | 154.75 Go (116.84 Go free) | NTFS
E:\ -> ??????? | 699.7 Mo (0 Mo free) [Nouveau] | CDFS
F:\ -> ???? ????? ????? | 7.54 Go (7.39 Go free) [A-DATA UFD] | FAT32
G:\ -> ???? ????? ?????

????? Sessions ?????

C:\Documents and settings\Yael

Boot: Normal

?????? Processes ------- Memory(Ko) ------- Priority ------ Command ------- Signer

C:\WINDOWS\System32\smss.exe ---- 64 Ko ---- Normal ---- \SystemRoot\System32\smss.exe ----
C:\WINDOWS\system32\csrss.exe ---- 3364 Ko ---- Normal ---- C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ----
C:\WINDOWS\system32\winlogon.exe ---- 1972 Ko ---- High ---- winlogon.exe ----
C:\WINDOWS\system32\services.exe ---- 2372 Ko ---- Normal ---- C:\WINDOWS\system32\services.exe ----
C:\WINDOWS\system32\lsass.exe ---- 1976 Ko ---- Normal ---- C:\WINDOWS\system32\lsass.exe ----
C:\WINDOWS\system32\svchost.exe ---- 1884 Ko ---- Normal ---- C:\WINDOWS\system32\svchost -k DcomLaunch ----
C:\WINDOWS\system32\svchost.exe ---- 1604 Ko ---- Normal ---- C:\WINDOWS\system32\svchost -k rpcss ----
C:\WINDOWS\System32\svchost.exe ---- 24136 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k netsvcs ----
C:\WINDOWS\system32\svchost.exe ---- 2036 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k NetworkService ----
C:\WINDOWS\system32\svchost.exe ---- 1780 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k LocalService ----
C:\WINDOWS\system32\brsvc01a.exe ---- 68 Ko ---- Normal ---- C:\WINDOWS\system32\brsvc01a.exe ----
C:\WINDOWS\system32\brss01a.exe ---- 684 Ko ---- Normal ---- brss01a.exe ----
C:\WINDOWS\system32\spoolsv.exe ---- 3744 Ko ---- Normal ---- C:\WINDOWS\system32\spoolsv.exe ----
C:\WINDOWS\system32\svchost.exe ---- 568 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k LocalService ----
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe ---- 2880 Ko ---- Normal ---- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe ---- AVG Technologies
C:\WINDOWS\System32\svchost.exe ---- 188 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k eapsvcs ----
C:\Program Files\Java\jre6\bin\jqs.exe ---- 1396 Ko ---- Idle ---- C:\Program Files\Java\jre6\bin\jqs.exe -service -config C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf ---- Sun Microsystems, Inc.
C:\WINDOWS\system32\nvsvc32.exe ---- 596 Ko ---- Normal ---- C:\WINDOWS\system32\nvsvc32.exe ----
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe ---- 808 Ko ---- Normal ---- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe ---- Microsoft Corporation
C:\WINDOWS\system32\svchost.exe ---- 1624 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k imgsvc ----
C:\PROGRA~1\AVG\AVG8\avgemc.exe ---- 508 Ko ---- Normal ---- C:\PROGRA~1\AVG\AVG8\avgemc.exe ---- AVG Technologies
C:\PROGRA~1\AVG\AVG8\avgrsx.exe ---- 23012 Ko ---- Normal ---- avgrsx.exe ---- AVG Technologies
C:\Program Files\AVG\AVG8\avgcsrvx.exe ---- 2616 Ko ---- Normal ---- /pipeName=1e0866a8-bf11-455b-b3cf-4010229b9814 /coreSdkOptions=0 /binaryPath=C:\Program Files\AVG\AVG8\ ---- AVG Technologies
C:\WINDOWS\Explorer.EXE ---- 15720 Ko ---- Normal ---- C:\WINDOWS\Explorer.EXE ----
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe ---- 348 Ko ---- Normal ---- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe ----
C:\Program Files\Brother\ControlCenter2\brctrcen.exe ---- 768 Ko ---- Normal ---- C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun ----
C:\WINDOWS\System32\alg.exe ---- 136 Ko ---- Normal ---- C:\WINDOWS\System32\alg.exe ----
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ---- 708 Ko ---- Normal ---- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions ----
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe ---- 1268 Ko ---- Normal ---- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe ---- Adobe Systems, Incorporated
C:\Program Files\QuickTime\qttask.exe ---- 468 Ko ---- Normal ---- C:\Program Files\QuickTime\qttask.exe -atboottime ----
C:\WINDOWS\system32\ctfmon.exe ---- 736 Ko ---- Normal ---- C:\WINDOWS\system32\ctfmon.exe ----
C:\Program Files\DAEMON Tools Lite\DTLite.exe ---- 608 Ko ---- Normal ---- C:\Program Files\DAEMON Tools Lite\DTLite.exe -autorun ---- DT Soft Ltd
C:\Program Files\TechSmith\Jing\Jing.exe ---- 6488 Ko ---- Normal ---- C:\Program Files\TechSmith\Jing\Jing.exe ---- TechSmith Corporation
C:\PROGRA~1\MICROS~3\rapimgr.exe ---- 728 Ko ---- Normal ---- C:\PROGRA~1\MICROS~3\rapimgr.exe -Embedding ---- Microsoft Corporation
C:\Program Files\FinePixViewerS\QuickDCF2.exe ---- 804 Ko ---- Normal ---- C:\Program Files\FinePixViewerS\QuickDCF2.exe ----
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe ---- 848 Ko ---- Normal ---- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe Brother MFC-425CN /STARTUP ----
C:\PVSW\Bin\w3dbsmgr.exe ---- 2068 Ko ---- Normal ---- C:\PVSW\Bin\w3dbsmgr.exe -SRDE ----
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe ---- 716 Ko ---- Normal ---- BrMfcmon.exe USB001 Brother MFC-425CN USB Printer ----
C:\Program Files\Skype\Plugin Manager\skypePM.exe ---- 3244 Ko ---- Normal ---- C:\Program Files\Skype\Plugin Manager\skypePM.exe /SILENT ---- EasyBits Software AS
C:\Program Files\Common Files\Teleca Shared\Generic.exe ---- 764 Ko ---- Normal ---- C:\Program Files\Common Files\Teleca Shared\Generic.exe -Embedding ----
C:\Program Files\Outlook Express\msimn.exe ---- 4928 Ko ---- Normal ---- C:\Program Files\Outlook Express\msimn.exe ----
C:\WINDOWS\system32\msfeedssync.exe ---- 164 Ko ---- Normal ---- C:\WINDOWS\system32\msfeedssync.exe sync ----
C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe ---- 856 Ko ---- Normal ---- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe ---- Microsoft Corporation
C:\WINDOWS\system32\csrss.exe ---- 916 Ko ---- Normal ---- C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ----
C:\WINDOWS\system32\winlogon.exe ---- 1688 Ko ---- High ---- winlogon.exe ----
C:\WINDOWS\Explorer.EXE ---- 5312 Ko ---- Normal ---- C:\WINDOWS\Explorer.EXE ----
C:\WINDOWS\system32\RUNDLL32.EXE ---- 252 Ko ---- Normal ---- C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit ----
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe ---- 252 Ko ---- Normal ---- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe ----
C:\Program Files\Brother\ControlCenter2\brctrcen.exe ---- 484 Ko ---- Normal ---- C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun ----
C:\PROGRA~1\AVG\AVG8\avgtray.exe ---- 900 Ko ---- Normal ---- C:\PROGRA~1\AVG\AVG8\avgtray.exe ---- AVG Technologies
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ---- 288 Ko ---- Normal ---- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions ----
C:\Program Files\QuickTime\qttask.exe ---- 256 Ko ---- Normal ---- C:\Program Files\QuickTime\qttask.exe -atboottime ----
C:\WINDOWS\system32\ctfmon.exe ---- 440 Ko ---- Normal ---- C:\WINDOWS\system32\ctfmon.exe ----
C:\Program Files\FinePixViewerS\QuickDCF2.exe ---- 780 Ko ---- Normal ---- C:\Program Files\FinePixViewerS\QuickDCF2.exe ----
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe ---- 400 Ko ---- Normal ---- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe Brother MFC-425CN /STARTUP ----
C:\PROGRA~1\MICROS~3\rapimgr.exe ---- 500 Ko ---- Normal ---- C:\PROGRA~1\MICROS~3\rapimgr.exe -Embedding ---- Microsoft Corporation
C:\Program Files\Mozilla Firefox\firefox.exe ---- 72976 Ko ---- Normal ---- C:\Program Files\Mozilla Firefox\firefox.exe ---- Mozilla Corporation
C:\Program Files\Microsoft ActiveSync\wcescomm.exe ---- 928 Ko ---- Normal ---- C:\Program Files\Microsoft ActiveSync\wcescomm.exe ---- Microsoft Corporation
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE ---- 20484 Ko ---- Normal ---- C:\Program Files\Microsoft Office\Office10\WINWORD.EXE /n /dde ---- Microsoft Corporation
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe ---- 864 Ko ---- Normal ---- C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe Object -Embedding ---- Microsoft Corporation
C:\Program Files\Mozilla Firefox\firefox.exe ---- 165028 Ko ---- Normal ---- C:\Program Files\Mozilla Firefox\firefox.exe -requestPending -osint -url http://www.le-rsi.fr/action_sanitaire_et_sociale/invalides_retraites/aide_maintien_domicile/garde_a_domicile.php ---- Mozilla Corporation
C:\Program Files\Windows Media Player\wmplayer.exe ---- 35176 Ko ---- Normal ---- C:\Program Files\Windows Media Player\wmplayer.exe /SHELLHLP_V9 Play /DataObject:NEFEPEHFBAAAAAAAOABAAAAAAAAAAAAAAMAAAAAAAAAAAAGEAAAAAAAAFAAAAAAAABDIBNPDPCMFNJCFHJGCNOGOKACPKMLBJBEDAAAAINFAELGBCJKNLMIOGGFMACOKAAAAAAAA ----
C:\PROGRA~1\AVG\AVG8\avgnsx.exe ---- 4616 Ko ---- Normal ---- avgnsx.exe ---- AVG Technologies
C:\WINDOWS\system32\rundll32.exe ---- 6804 Ko ---- Normal ---- C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\shell32.dll,Control_RunDLL C:\WINDOWS\system32\wscui.cpl ----
C:\WINDOWS\system32\wscntfy.exe ---- 2604 Ko ---- Normal ---- C:\WINDOWS\system32\wscntfy.exe ----
C:\WINDOWS\system32\wscntfy.exe ---- 2620 Ko ---- Normal ---- C:\WINDOWS\system32\wscntfy.exe ----
C:\WINDOWS\system32\cmd.exe ---- 2980 Ko ---- Normal ---- C:\WINDOWS\system32\cmd.exe /K List'em.bat ----
C:\WINDOWS\system32\wbem\wmiprvse.exe ---- 7012 Ko ---- Normal ---- C:\WINDOWS\system32\wbem\wmiprvse.exe ----
C:\Program Files\List_Kill'em\pv.L_K ---- 2916 Ko ---- Normal ---- pv.L_K -o%f ---- %m Ko ---- %p ---- %l ---- %s ----

?????????? Keys Run ??????????

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MsnMsgr = C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe /background
H/PC Connection Agent = C:\Program Files\Microsoft ActiveSync\wcescomm.exe
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
DAEMON Tools Lite = C:\Program Files\DAEMON Tools Lite\DTLite.exe -autorun
Jing = C:\Program Files\TechSmith\Jing\Jing.exe
Skype = C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
Alcmtr = ALCMTR.EXE
SSBkgdUpdate = C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
PaperPort PTD = C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
IndexSearch = C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
SetDefPrt = C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
ControlCenter2.0 = C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
AVG8_TRAY = C:\PROGRA~1\AVG\AVG8\avgtray.exe
Sony Ericsson PC Suite = C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions
Adobe Reader Speed Launcher = C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
Adobe ARM = C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
QuickTime Task = C:\Program Files\QuickTime\qttask.exe -atboottime
UserFaultCheck = %systemroot%\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

?????????? Other System Keys ??????????

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun = 0 (0x0)
NoDriveAutoRun = 3 (0x3)

???????????????

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting = 1 (0x1)
NoDriveAutoRun = 3 (0x3)
NoDriveTypeAutoRun = 0 (0x0)

???????????????

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS =

???????????????

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
Shell = Explorer.exe
Userinit = C:\WINDOWS\system32\Userinit.exe,

???????????????

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

???????????????

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} =

???????????????

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Grisoft\AVG7\avginet.exe = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe
C:\Program Files\Messenger\msmsgs.exe = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\Program Files\eMule\emule.exe = C:\Program Files\eMule\emule.exe:*:Enabled:eMule
C:\PVSW\Bin\w3dbsmgr.exe = C:\PVSW\Bin\w3dbsmgr.exe:*:Enabled:Database Service Manager
C:\Program Files\AVG\AVG8\avgupd.exe = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
C:\Program Files\AVG\AVG8\avgemc.exe = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
C:\Program Files\ICQ6\ICQ.exe = C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6
C:\Program Files\Mozilla Firefox\firefox.exe = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
C:\Program Files\ICQ6.5\ICQ.exe = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6
C:\Program Files\Windows Live\Messenger\wlcsdk.exe = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Microsoft ActiveSync\rapimgr.exe = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
C:\Program Files\Microsoft ActiveSync\wcescomm.exe = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
C:\Program Files\Windows Live\Messenger\msnmsgr.exe = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
C:\Program Files\Skype\Plugin Manager\skypePM.exe = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
C:\Program Files\ICQ7.2\ICQ.exe = C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2
C:\Program Files\ICQ7.2\aolload.exe = C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe
C:\Program Files\Skype\Phone\Skype.exe = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Windows Live\Messenger\wlcsdk.exe = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Microsoft ActiveSync\rapimgr.exe = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
C:\Program Files\Microsoft ActiveSync\wcescomm.exe = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
C:\Program Files\Windows Live\Messenger\msnmsgr.exe = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
C:\Program Files\ICQ7.2\ICQ.exe = C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2
C:\Program Files\ICQ7.2\aolload.exe = C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe

?????????? ActivX | COM ??????????

[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{02BCC737-B171-4746-94C9-0D8A0B2C0089}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{7530BFB8-7293-4D34-9923-61A11451AFC5}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]

???????????????

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Microsoft Base Smart Card Crypto Provider Package]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2755948A-38EE-4B76-A42B-4A2BF463DD6F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B508B3F1-A24A-32C0-B310-85786919EF28}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ECD292A0-0347-4244-8C24-5DBCE990FB40}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EF289A85-8E57-408d-BE47-73B55609861A}]

?????????? BHO ??????????

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00e71626-0bef-11dc-8314-0800200c9a66}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

?????????? DNS ??????????

Description: Gigabyte GN-WB01GS USB WLAN Card #3 - ????-????? ?? ????? ????
DNS Server Search Order: 10.0.0.138
Description: Gigabyte GN-WB01GS USB WLAN Card #3 - ????-????? ?? ????? ????
DNS Server Search Order: 10.0.0.138
HKLM\SYSTEM\CCS\Services\Tcpip\..\{23F59AC1-5FAB-483F-9601-71D24BBE3611}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CCS\Services\Tcpip\..\{88E04EEF-23FA-42FF-BB09-2E6A4C48B754}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B282434E-4BC0-4005-8464-046C9796A4F1}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS1\Services\Tcpip\..\{23F59AC1-5FAB-483F-9601-71D24BBE3611}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS1\Services\Tcpip\..\{88E04EEF-23FA-42FF-BB09-2E6A4C48B754}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B282434E-4BC0-4005-8464-046C9796A4F1}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS3\Services\Tcpip\..\{23F59AC1-5FAB-483F-9601-71D24BBE3611}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS3\Services\Tcpip\..\{88E04EEF-23FA-42FF-BB09-2E6A4C48B754}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS3\Services\Tcpip\..\{B282434E-4BC0-4005-8464-046C9796A4F1}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.138

?????????? Internet Explorer ??????????

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr
Local Page = C:\windows\system32\blank.htm
Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.inn.co.il/
Local Page = C:\windows\system32\blank.htm
Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

????? Proxy Internet Explorer

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
ProxyEnable = 0 (0x0)

?????????? Safemode ??????????

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!

?????????? Atapi.sys ??????????

[MD5.cdfe4411a69c224bd1d11b2da92dac51] - C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[MD5.9f3a2f5aa6875c72bf062c712cfa2674] - C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[MD5.9f3a2f5aa6875c72bf062c712cfa2674] - C:\WINDOWS\system32\drivers\atapi.sys
[MD5.cdfe4411a69c224bd1d11b2da92dac51] - C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
[MD5.cdfe4411a69c224bd1d11b2da92dac51] - C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys

????? Reference

Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP3 : 7A62A6C8303C9D026DD926F397B2FB57
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP1_32b : 95b858761a00e1d4f81f79a0da019aca
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Win XP_64 : 72C77044943340964FA513B92D6D6874
Win XP_64_SP2 : 7A1814D0D112F50F828E25557A1ED29F
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 338c86357871c167a96ab976519bf59e
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C

?????????? Explorer ??????????

[MD5.468d2a8b5f62e25f81c3150263d8e558] - C:\WINDOWS\explorer.exe
[MD5.1fb3ee7c4d70aace3063a1e1e0ff7fcf] - C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[MD5.7c66ce267edd66607b2275fe44235a31] - C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[MD5.a275bb2b4cf43625b9f38ad312f5c5a6] - C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[MD5.468d2a8b5f62e25f81c3150263d8e558] - C:\WINDOWS\ServicePackFiles\i386\explorer.exe

?????????? Winlogon ??????????

[MD5.e589065c107815a4f5db393973a2b9b0] - C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[MD5.9dc7d2c3a0956a9ff82c4dd5596613a8] - C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[MD5.9dc7d2c3a0956a9ff82c4dd5596613a8] - C:\WINDOWS\system32\winlogon.exe

?????????? Wininit ??????????

?????????? SVC | svchost ??????????

?????????? IFEO | debugger ??????????

?????????? Mountpoints2 ??????????

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{178a50f2-0ce9-11e0-875a-001485379c1c}\shell
@ = None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{178a50f2-0ce9-11e0-875a-001485379c1c}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{366c862a-0894-11de-b287-001485379c1c}\shell
@ = None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{366c862a-0894-11de-b287-001485379c1c}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b51843fb-2648-11dd-b206-001485379c1c}\shell
@ = None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b51843fb-2648-11dd-b206-001485379c1c}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b742caec-fc51-11df-8753-001485379c1c}\shell
@ = None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b742caec-fc51-11df-8753-001485379c1c}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8910409-08bb-11df-86c8-001485379c1c}\shell
@ = None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8910409-08bb-11df-86c8-001485379c1c}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d50a1067-0c99-11dd-b1f9-001485379c1c}\shell
@ = None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d50a1067-0c99-11dd-b1f9-001485379c1c}\shell\Autoplay

?????????? Services ??????????

? Ndisuio => Start : 3 ( OK = 3 )
? EapHost => Start : 2 ( OK = 2 )
? Ip6Fw => Start : 2 ( OK = 2 )
? SharedAccess => Start : 2 ( OK = 2 )
? wuauserv => Start : 2 ( OK = 2 )
? wscsvc => Start : 2 ( OK = 2 )

?????????? First Scan ??????????

?????????? Registry ??????????

[@ = ]
[HKEY_CURRENT_USER\software\AC3filter]
[HKEY_CURRENT_USER\software\Adobe]
[HKEY_CURRENT_USER\software\Ahead]
[HKEY_CURRENT_USER\software\America Online]
[HKEY_CURRENT_USER\software\AppDataLow]
[HKEY_CURRENT_USER\software\Avg]
[HKEY_CURRENT_USER\software\BitDefender]
[HKEY_CURRENT_USER\software\Brother]
[HKEY_CURRENT_USER\software\Clients]
[HKEY_CURRENT_USER\software\CoreVorbis]
[HKEY_CURRENT_USER\software\Cyberlink]
[HKEY_CURRENT_USER\software\Cygnus Solutions]
[HKEY_CURRENT_USER\software\DivXNetworks]
[HKEY_CURRENT_USER\software\DownloadCenter]
[HKEY_CURRENT_USER\software\Druide informatique inc.]
[HKEY_CURRENT_USER\software\DT Soft]
[HKEY_CURRENT_USER\software\FUJIFILM]
[HKEY_CURRENT_USER\software\Gabest]
[HKEY_CURRENT_USER\software\GNU]
[HKEY_CURRENT_USER\software\Google]
[HKEY_CURRENT_USER\software\GSpot Appliance Corp]
[HKEY_CURRENT_USER\software\Haali]
[HKEY_CURRENT_USER\software\ICQToolbar]
[HKEY_CURRENT_USER\software\IM Providers]
[HKEY_CURRENT_USER\software\Intel]
[HKEY_CURRENT_USER\software\JavaSoft]
[HKEY_CURRENT_USER\software\Local AppWizard-Generated Applications]
[HKEY_CURRENT_USER\software\Macromedia]
[HKEY_CURRENT_USER\software\Malwarebytes' Anti-Malware]
[HKEY_CURRENT_USER\software\Microsoft]
[HKEY_CURRENT_USER\software\Mozilla]
[HKEY_CURRENT_USER\software\MozillaPlugins]
[HKEY_CURRENT_USER\software\Netscape]
[HKEY_CURRENT_USER\software\NVIDIA Corporation]
[HKEY_CURRENT_USER\software\ODBC]
[HKEY_CURRENT_USER\software\Paint.NET]
[HKEY_CURRENT_USER\software\Philipp Winterberg]
[HKEY_CURRENT_USER\software\Piriform]
[HKEY_CURRENT_USER\software\Policies]
[HKEY_CURRENT_USER\software\Praxisoft]
[HKEY_CURRENT_USER\software\Realtek]
[HKEY_CURRENT_USER\software\Samsung]
[HKEY_CURRENT_USER\software\Samsung PC Studio]
[HKEY_CURRENT_USER\software\ScanSoft]
[HKEY_CURRENT_USER\software\Skype]
[HKEY_CURRENT_USER\software\SkypeApps]
[HKEY_CURRENT_USER\software\smarttip]
[HKEY_CURRENT_USER\software\Sony Ericsson]
[HKEY_CURRENT_USER\software\Sysinternals]
[HKEY_CURRENT_USER\software\TechSmith]
[HKEY_CURRENT_USER\software\Teleca]
[HKEY_CURRENT_USER\software\VB and VBA Program Settings]
[HKEY_CURRENT_USER\software\Windows Live]
[HKEY_CURRENT_USER\software\Windows Live Writer]
[HKEY_CURRENT_USER\software\XTTB00001]
[HKEY_CURRENT_USER\software\YahooPartnerToolbar]
[HKEY_CURRENT_USER\software\?? ?? ???? ????? ??? ?? ????]
[HKEY_CURRENT_USER\software\Classes]

[HKEY_LOCAL_MACHINE\software\14919ea49a8f3b4aa3cf1058d9a64cec]
[HKEY_LOCAL_MACHINE\software\781]
[HKEY_LOCAL_MACHINE\software\Adobe]
[HKEY_LOCAL_MACHINE\software\Ahead]
[HKEY_LOCAL_MACHINE\software\AMD]
[HKEY_LOCAL_MACHINE\software\Apple Computer, Inc.]
[HKEY_LOCAL_MACHINE\software\AVG]
[HKEY_LOCAL_MACHINE\software\Brother]
[HKEY_LOCAL_MACHINE\software\C07ft5Y]
[HKEY_LOCAL_MACHINE\software\CDDB]
[HKEY_LOCAL_MACHINE\software\Classes]
[HKEY_LOCAL_MACHINE\software\Clever Age]
[HKEY_LOCAL_MACHINE\software\Clients]
[HKEY_LOCAL_MACHINE\software\Codec Tweak Tool]
[HKEY_LOCAL_MACHINE\software\Creative Software]
[HKEY_LOCAL_MACHINE\software\Cyberlink]
[HKEY_LOCAL_MACHINE\software\Cygnus Solutions]
[HKEY_LOCAL_MACHINE\software\DivXNetworks]
[HKEY_LOCAL_MACHINE\software\Druide informatique inc.]
[HKEY_LOCAL_MACHINE\software\DT Soft]
[HKEY_LOCAL_MACHINE\software\Ericsson]
[HKEY_LOCAL_MACHINE\software\fce]
[HKEY_LOCAL_MACHINE\software\ffffffff]
[HKEY_LOCAL_MACHINE\software\FolderIcon XP]
[HKEY_LOCAL_MACHINE\software\FUJI PHOTO FILM CO.,LTD.]
[HKEY_LOCAL_MACHINE\software\FullCircle]
[HKEY_LOCAL_MACHINE\software\Gabest]
[HKEY_LOCAL_MACHINE\software\Gemplus]
[HKEY_LOCAL_MACHINE\software\GNU]
[HKEY_LOCAL_MACHINE\software\Google]
[HKEY_LOCAL_MACHINE\software\HaaliMkx]
[HKEY_LOCAL_MACHINE\software\HmLmbd]
[HKEY_LOCAL_MACHINE\software\ICQ]
[HKEY_LOCAL_MACHINE\software\InstallShield]
[HKEY_LOCAL_MACHINE\software\Intel]
[HKEY_LOCAL_MACHINE\software\InterVideo]
[HKEY_LOCAL_MACHINE\software\JavaSoft]
[HKEY_LOCAL_MACHINE\software\KLCodecPack]
[HKEY_LOCAL_MACHINE\software\Macromedia]
[HKEY_LOCAL_MACHINE\software\Malwarebytes' Anti-Malware]
[HKEY_LOCAL_MACHINE\software\MCCI]
[HKEY_LOCAL_MACHINE\software\MeaningData.com]
[HKEY_LOCAL_MACHINE\software\Microsoft]
[HKEY_LOCAL_MACHINE\software\MimarSinan]
[HKEY_LOCAL_MACHINE\software\Mirabilis]
[HKEY_LOCAL_MACHINE\software\MobiPocket.com]
[HKEY_LOCAL_MACHINE\software\Mozilla]
[HKEY_LOCAL_MACHINE\software\mozilla.org]
[HKEY_LOCAL_MACHINE\software\MozillaPlugins]
[HKEY_LOCAL_MACHINE\software\NVIDIA Corporation]
[HKEY_LOCAL_MACHINE\software\ODBC]
[HKEY_LOCAL_MACHINE\software\Paint.NET]
[HKEY_LOCAL_MACHINE\software\Pervasive Software]
[HKEY_LOCAL_MACHINE\software\Philipp Winterberg]
[HKEY_LOCAL_MACHINE\software\Phonemonitor]
[HKEY_LOCAL_MACHINE\software\Piriform]
[HKEY_LOCAL_MACHINE\software\Policies]
[HKEY_LOCAL_MACHINE\software\Program Groups]
[HKEY_LOCAL_MACHINE\software\Realtek]
[HKEY_LOCAL_MACHINE\software\Realtek Semiconductor Corp.]
[HKEY_LOCAL_MACHINE\software\RegisteredApplications]
[HKEY_LOCAL_MACHINE\software\S3R521]
[HKEY_LOCAL_MACHINE\software\Safer Networking Limited]
[HKEY_LOCAL_MACHINE\software\Samsung]
[HKEY_LOCAL_MACHINE\software\Samsung Electronics Co., Ltd.]
[HKEY_LOCAL_MACHINE\software\ScanSoft]
[HKEY_LOCAL_MACHINE\software\Schlumberger]
[HKEY_LOCAL_MACHINE\software\Secure]
[HKEY_LOCAL_MACHINE\software\Skype]
[HKEY_LOCAL_MACHINE\software\Sony Ericsson]
[HKEY_LOCAL_MACHINE\software\TechSmith]
[HKEY_LOCAL_MACHINE\software\Teleca]
[HKEY_LOCAL_MACHINE\software\Visioneer]
[HKEY_LOCAL_MACHINE\software\WebUpdate]
[HKEY_LOCAL_MACHINE\software\Windows]
[HKEY_LOCAL_MACHINE\software\Windows 3.1 Migration Status]
[HKEY_LOCAL_MACHINE\software\Wise Solutions]
[HKEY_LOCAL_MACHINE\software\Zeon]

?????????? Files/folders ??????????

Present !! : C:\Documents and Settings\Yael\Temp
Present !! : \AUTOEXEC.BAT
Present !! : \SFen-6.6.2r3(HDR).exe
Present !! : C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
Present !! : C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
Present !! : C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
Present !! : C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
Present !! : C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
Present !! : C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
Present !! : C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
Present !! : C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

?????????? Keys :

Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59

FEATURE_BROWSER_EMULATION | svchost :
====================================

???????????????

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-23 22:18:23
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD2500JS-55NCB1 rev.10.02E01 -> Harddisk0\DR0 -> \Device\00000063

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8616D1F8]<<
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x860B9AB8]
3 CLASSPNP[0xF759CFD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\00000064[0x8614FAF0]
5 ACPI[0xF7308620] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\00000063[0x860B9030]
\Driver\nvata[0x8610EA30] -> IRP_MJ_CREATE -> 0x8616D1F8
kernel: MBR read successfully
user & kernel MBR OK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled = 1 (0x1)
AntiVirusDisableNotify = 0 (0x0)
FirewallDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
AntiVirusOverride = 0 (0x0)
FirewallOverride = 0 (0x0)

?????????????????( EOF )???????????????????????

End of scan : 22:21:24.21

jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 618

ok tu vas faire le nettoyage avec list&kill"em pour supprimer ce qu'il a trouvé , merci

Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :

choisis l'Option Clean

ton PC va redemarrer,

laisse travailler l'outil.

en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,

colle le contenu dans ta reponse

Réponse 49 / 62

ancri Messages postés 108 Statut Membre

Salut,

Il n'a pas généré de rapport sur le bureau. J'ai regardé dans C et j'ai rien vu là-bas non plus.

Que faire ?

jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 618

bonjour, pas de rapport ?? bon tu le relances en option Search et si rapport postes le comme ceal si le nettoyage à bien été fais je ne devrais pas retrouver les chose dans celui ci !! merci

Réponse 50 / 62

ancri Messages postés 108 Statut Membre

Bonjour,

Excuse-moi de réagir si longtemps après. J'étais occupée par des tonnes de boulot.
Voici le rapport :

?????????? List'em by g3n-h@ckm@n 2.1.2.8 ??????????

User : Yael (Administrators)
Update on 22/12/2010 by g3n-h@ckm@n ::::: 22.30
Start at: 20:57:57 | 03/01/2011

AMD Athlon(tm) 64 Processor 3500+
Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AVG Anti-Virus Free 8.5 [ Enabled | Updated ]

A:\ -> ???? ????????? ?3 1/2 ????'
C:\ -> ???? ???? ????? | 78.13 Go (9.07 Go free) | NTFS
D:\ -> ???? ???? ????? | 154.75 Go (116.84 Go free) | NTFS
E:\ -> ??????? | 699.7 Mo (0 Mo free) [Nouveau] | CDFS
K:\ -> ???? ????? ?????

????? Sessions ?????

C:\Documents and settings\Yael

Boot: Normal

?????? Processes ------- Memory(Ko) ------- Priority ------ Command ------- Signer

C:\WINDOWS\System32\smss.exe ---- 200 Ko ---- Normal ---- \SystemRoot\System32\smss.exe ----
C:\WINDOWS\system32\csrss.exe ---- 3352 Ko ---- Normal ---- C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ----
C:\WINDOWS\system32\winlogon.exe ---- 2584 Ko ---- High ---- winlogon.exe ----
C:\WINDOWS\system32\services.exe ---- 1648 Ko ---- Normal ---- C:\WINDOWS\system32\services.exe ----
C:\WINDOWS\system32\lsass.exe ---- 2788 Ko ---- Normal ---- C:\WINDOWS\system32\lsass.exe ----
C:\WINDOWS\system32\svchost.exe ---- 2088 Ko ---- Normal ---- C:\WINDOWS\system32\svchost -k DcomLaunch ----
C:\WINDOWS\system32\svchost.exe ---- 1768 Ko ---- Normal ---- C:\WINDOWS\system32\svchost -k rpcss ----
C:\WINDOWS\System32\svchost.exe ---- 18808 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k netsvcs ----
C:\WINDOWS\system32\svchost.exe ---- 1804 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k NetworkService ----
C:\WINDOWS\system32\svchost.exe ---- 876 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k LocalService ----
C:\WINDOWS\system32\brsvc01a.exe ---- 72 Ko ---- Normal ---- C:\WINDOWS\system32\brsvc01a.exe ----
C:\WINDOWS\system32\brss01a.exe ---- 700 Ko ---- Normal ---- brss01a.exe ----
C:\WINDOWS\system32\spoolsv.exe ---- 1892 Ko ---- Normal ---- C:\WINDOWS\system32\spoolsv.exe ----
C:\WINDOWS\system32\svchost.exe ---- 256 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k LocalService ----
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe ---- 2632 Ko ---- Normal ---- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe ---- AVG Technologies
C:\WINDOWS\System32\svchost.exe ---- 188 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k eapsvcs ----
C:\Program Files\Java\jre6\bin\jqs.exe ---- 1404 Ko ---- Idle ---- C:\Program Files\Java\jre6\bin\jqs.exe -service -config C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf ---- Sun Microsystems, Inc.
C:\WINDOWS\system32\nvsvc32.exe ---- 1888 Ko ---- Normal ---- C:\WINDOWS\system32\nvsvc32.exe ----
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe ---- 200 Ko ---- Normal ---- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe ---- Microsoft Corporation
C:\WINDOWS\system32\svchost.exe ---- 964 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k imgsvc ----
C:\PROGRA~1\AVG\AVG8\avgrsx.exe ---- 24932 Ko ---- Normal ---- avgrsx.exe ---- AVG Technologies
C:\PROGRA~1\AVG\AVG8\avgemc.exe ---- 500 Ko ---- Normal ---- C:\PROGRA~1\AVG\AVG8\avgemc.exe ---- AVG Technologies
C:\Program Files\AVG\AVG8\avgcsrvx.exe ---- 3488 Ko ---- Normal ---- /pipeName=cca4b239-4140-4006-804d-2702ebb9e21d /coreSdkOptions=0 /binaryPath=C:\Program Files\AVG\AVG8\ ---- AVG Technologies
C:\WINDOWS\System32\alg.exe ---- 152 Ko ---- Normal ---- C:\WINDOWS\System32\alg.exe ----
C:\WINDOWS\Explorer.EXE ---- 13796 Ko ---- Normal ---- C:\WINDOWS\Explorer.EXE ----
C:\WINDOWS\system32\ctfmon.exe ---- 924 Ko ---- Normal ---- C:\WINDOWS\system32\ctfmon.exe ----
C:\Program Files\Common Files\Teleca Shared\Generic.exe ---- 1240 Ko ---- Normal ---- C:\Program Files\Common Files\Teleca Shared\Generic.exe -Embedding ----
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe ---- 792 Ko ---- Normal ---- C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe -Embedding ----
C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe ---- 748 Ko ---- Normal ---- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe ---- Microsoft Corporation
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe ---- 1412 Ko ---- Normal ---- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe /PRODUCT:Reader /VERSION:9.0 /MODE:2 ---- Adobe Systems, Incorporated
C:\Program Files\Brother\Brmfcmon\brmfcwnd.exe ---- 1284 Ko ---- Normal ---- C:\Program Files\Brother\Brmfcmon\brmfcwnd.exe Brother MFC-425CN USB Printer on USB001 ----
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe ---- 596 Ko ---- Normal ---- BrMfcmon.exe USB001 Brother MFC-425CN USB Printer ----
C:\Program Files\Skype\Phone\Skype.exe ---- 43392 Ko ---- Normal ---- C:\Program Files\Skype\Phone\Skype.exe ---- Skype Technologies SA
C:\Program Files\Skype\Plugin Manager\skypePM.exe ---- 3012 Ko ---- Normal ---- C:\Program Files\Skype\Plugin Manager\skypePM.exe /SILENT ---- EasyBits Software AS
C:\Program Files\Outlook Express\msimn.exe ---- 12676 Ko ---- Normal ---- C:\Program Files\Outlook Express\msimn.exe ----
C:\WINDOWS\system32\msfeedssync.exe ---- 200 Ko ---- Normal ---- C:\WINDOWS\system32\msfeedssync.exe sync ----
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe ---- 6556 Ko ---- Normal ---- C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe F:\g?rer les situations d'urgence\cn-33-sms.pdf ---- Adobe Systems, Incorporated
C:\WINDOWS\system32\csrss.exe ---- 388 Ko ---- Normal ---- C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ----
C:\WINDOWS\system32\winlogon.exe ---- 2156 Ko ---- High ---- winlogon.exe ----
C:\WINDOWS\Explorer.EXE ---- 4760 Ko ---- Normal ---- C:\WINDOWS\Explorer.EXE ----
C:\WINDOWS\system32\RUNDLL32.EXE ---- 360 Ko ---- Normal ---- C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit ----
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe ---- 340 Ko ---- Normal ---- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe ----
C:\Program Files\Brother\ControlCenter2\brctrcen.exe ---- 840 Ko ---- Normal ---- C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun ----
C:\PROGRA~1\AVG\AVG8\avgtray.exe ---- 616 Ko ---- Normal ---- C:\PROGRA~1\AVG\AVG8\avgtray.exe ---- AVG Technologies
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ---- 908 Ko ---- Normal ---- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions ----
C:\Program Files\QuickTime\qttask.exe ---- 332 Ko ---- Normal ---- C:\Program Files\QuickTime\qttask.exe -atboottime ----
C:\WINDOWS\system32\ctfmon.exe ---- 560 Ko ---- Normal ---- C:\WINDOWS\system32\ctfmon.exe ----
C:\Program Files\FinePixViewerS\QuickDCF2.exe ---- 836 Ko ---- Normal ---- C:\Program Files\FinePixViewerS\QuickDCF2.exe ----
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe ---- 464 Ko ---- Normal ---- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe Brother MFC-425CN /STARTUP ----
C:\PROGRA~1\MICROS~3\rapimgr.exe ---- 1676 Ko ---- Normal ---- C:\PROGRA~1\MICROS~3\rapimgr.exe -Embedding ---- Microsoft Corporation
C:\PROGRA~1\AVG\AVG8\avgnsx.exe ---- 1168 Ko ---- Normal ---- avgnsx.exe ---- AVG Technologies
C:\Program Files\Mozilla Firefox\firefox.exe ---- 74180 Ko ---- Normal ---- C:\Program Files\Mozilla Firefox\firefox.exe ---- Mozilla Corporation
C:\WINDOWS\system32\cmd.exe ---- 3000 Ko ---- Normal ---- C:\WINDOWS\system32\cmd.exe /K List'em.bat ----
C:\WINDOWS\system32\wbem\wmiprvse.exe ---- 7224 Ko ---- Normal ---- C:\WINDOWS\system32\wbem\wmiprvse.exe ----
C:\Program Files\List_Kill'em\pv.L_K ---- 2904 Ko ---- Normal ---- pv.L_K -o%f ---- %m Ko ---- %p ---- %l ---- %s ----

?????????? Keys Run ??????????

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MsnMsgr = C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe /background
H/PC Connection Agent = C:\Program Files\Microsoft ActiveSync\wcescomm.exe
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
DAEMON Tools Lite = C:\Program Files\DAEMON Tools Lite\DTLite.exe -autorun
Jing = C:\Program Files\TechSmith\Jing\Jing.exe
Skype = C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
Alcmtr = ALCMTR.EXE
SSBkgdUpdate = C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
PaperPort PTD = C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
IndexSearch = C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
SetDefPrt = C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
ControlCenter2.0 = C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
AVG8_TRAY = C:\PROGRA~1\AVG\AVG8\avgtray.exe
Sony Ericsson PC Suite = C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions
Adobe Reader Speed Launcher = C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
Adobe ARM = C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
QuickTime Task = C:\Program Files\QuickTime\qttask.exe -atboottime
UserFaultCheck = %systemroot%\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

?????????? Other System Keys ??????????

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun = 0 (0x0)
NoDriveAutoRun = 3 (0x3)

???????????????

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting = 1 (0x1)
NoDriveAutoRun = 3 (0x3)
NoDriveTypeAutoRun = 0 (0x0)

???????????????

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS =

???????????????

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
Shell = explorer.exe
Userinit = C:\WINDOWS\System32\userinit.exe,

???????????????

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

???????????????

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} =

???????????????

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Grisoft\AVG7\avginet.exe = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe
C:\Program Files\Messenger\msmsgs.exe = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\Program Files\eMule\emule.exe = C:\Program Files\eMule\emule.exe:*:Enabled:eMule
C:\PVSW\Bin\w3dbsmgr.exe = C:\PVSW\Bin\w3dbsmgr.exe:*:Enabled:Database Service Manager
C:\Program Files\AVG\AVG8\avgupd.exe = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
C:\Program Files\AVG\AVG8\avgemc.exe = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
C:\Program Files\ICQ6\ICQ.exe = C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6
C:\Program Files\Mozilla Firefox\firefox.exe = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
C:\Program Files\ICQ6.5\ICQ.exe = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6
C:\Program Files\Windows Live\Messenger\wlcsdk.exe = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Microsoft ActiveSync\rapimgr.exe = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
C:\Program Files\Microsoft ActiveSync\wcescomm.exe = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
C:\Program Files\Windows Live\Messenger\msnmsgr.exe = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
C:\Program Files\Skype\Plugin Manager\skypePM.exe = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
C:\Program Files\ICQ7.2\ICQ.exe = C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2
C:\Program Files\ICQ7.2\aolload.exe = C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe
C:\Program Files\Skype\Phone\Skype.exe = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Windows Live\Messenger\wlcsdk.exe = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Microsoft ActiveSync\rapimgr.exe = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
C:\Program Files\Microsoft ActiveSync\wcescomm.exe = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
C:\Program Files\Windows Live\Messenger\msnmsgr.exe = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
C:\Program Files\ICQ7.2\ICQ.exe = C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2
C:\Program Files\ICQ7.2\aolload.exe = C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe

?????????? ActivX | COM ??????????

[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{02BCC737-B171-4746-94C9-0D8A0B2C0089}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{7530BFB8-7293-4D34-9923-61A11451AFC5}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]

???????????????

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Microsoft Base Smart Card Crypto Provider Package]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2755948A-38EE-4B76-A42B-4A2BF463DD6F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B508B3F1-A24A-32C0-B310-85786919EF28}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ECD292A0-0347-4244-8C24-5DBCE990FB40}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EF289A85-8E57-408d-BE47-73B55609861A}]

?????????? BHO ??????????

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00e71626-0bef-11dc-8314-0800200c9a66}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

?????????? DNS ??????????

Description: Gigabyte GN-WB01GS USB WLAN Card #3 - ????-????? ?? ????? ????
DNS Server Search Order: 10.0.0.138
Description: Gigabyte GN-WB01GS USB WLAN Card #3 - ????-????? ?? ????? ????
DNS Server Search Order: 10.0.0.138
HKLM\SYSTEM\CCS\Services\Tcpip\..\{23F59AC1-5FAB-483F-9601-71D24BBE3611}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CCS\Services\Tcpip\..\{88E04EEF-23FA-42FF-BB09-2E6A4C48B754}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B282434E-4BC0-4005-8464-046C9796A4F1}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS1\Services\Tcpip\..\{23F59AC1-5FAB-483F-9601-71D24BBE3611}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS1\Services\Tcpip\..\{88E04EEF-23FA-42FF-BB09-2E6A4C48B754}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B282434E-4BC0-4005-8464-046C9796A4F1}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS3\Services\Tcpip\..\{23F59AC1-5FAB-483F-9601-71D24BBE3611}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS3\Services\Tcpip\..\{88E04EEF-23FA-42FF-BB09-2E6A4C48B754}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS3\Services\Tcpip\..\{B282434E-4BC0-4005-8464-046C9796A4F1}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.138

?????????? Internet Explorer ??????????

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr/?ocid=iehp
Local Page = C:\WINDOWS\system32\blank.htm
Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.google.com/?gws_rd=ssl
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

????? Proxy Internet Explorer

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
ProxyEnable = 0 (0x0)

?????????? Safemode ??????????

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!

?????????? Atapi.sys ??????????

[MD5.cdfe4411a69c224bd1d11b2da92dac51] - C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[MD5.9f3a2f5aa6875c72bf062c712cfa2674] - C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[MD5.9f3a2f5aa6875c72bf062c712cfa2674] - C:\WINDOWS\system32\drivers\atapi.sys
[MD5.cdfe4411a69c224bd1d11b2da92dac51] - C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
[MD5.cdfe4411a69c224bd1d11b2da92dac51] - C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys

????? Reference

Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP3 : 7A62A6C8303C9D026DD926F397B2FB57
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP1_32b : 95b858761a00e1d4f81f79a0da019aca
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Win XP_64 : 72C77044943340964FA513B92D6D6874
Win XP_64_SP2 : 7A1814D0D112F50F828E25557A1ED29F
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 338c86357871c167a96ab976519bf59e
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C

?????????? Explorer ??????????

[MD5.468d2a8b5f62e25f81c3150263d8e558] - C:\WINDOWS\explorer.exe
[MD5.1fb3ee7c4d70aace3063a1e1e0ff7fcf] - C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[MD5.7c66ce267edd66607b2275fe44235a31] - C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[MD5.a275bb2b4cf43625b9f38ad312f5c5a6] - C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[MD5.468d2a8b5f62e25f81c3150263d8e558] - C:\WINDOWS\ServicePackFiles\i386\explorer.exe

?????????? Winlogon ??????????

[MD5.e589065c107815a4f5db393973a2b9b0] - C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[MD5.9dc7d2c3a0956a9ff82c4dd5596613a8] - C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[MD5.9dc7d2c3a0956a9ff82c4dd5596613a8] - C:\WINDOWS\system32\winlogon.exe

?????????? Wininit ??????????

?????????? SVC | svchost ??????????

?????????? IFEO | debugger ??????????

?????????? Mountpoints2 ??????????

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{366c862a-0894-11de-b287-001485379c1c}\shell
@ = None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{366c862a-0894-11de-b287-001485379c1c}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aebbb0d9-0659-11dd-b1f3-001485379c1c}\shell
@ = None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aebbb0d9-0659-11dd-b1f3-001485379c1c}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b51843fb-2648-11dd-b206-001485379c1c}\shell
@ = None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b51843fb-2648-11dd-b206-001485379c1c}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b742caec-fc51-11df-8753-001485379c1c}\shell
@ = None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b742caec-fc51-11df-8753-001485379c1c}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8910409-08bb-11df-86c8-001485379c1c}\shell
@ = None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8910409-08bb-11df-86c8-001485379c1c}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d50a1067-0c99-11dd-b1f9-001485379c1c}\shell
@ = None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d50a1067-0c99-11dd-b1f9-001485379c1c}\shell\Autoplay

?????????? Services ??????????

? Ndisuio => Start : 3 ( OK = 3 )
? EapHost => Start : 2 ( OK = 2 )
? Ip6Fw => Start : 2 ( OK = 2 )
? SharedAccess => Start : 2 ( OK = 2 )
? wuauserv => Start : 2 ( OK = 2 )
? wscsvc => Start : 2 ( OK = 2 )

?????????? First Scan ??????????

?????????? Registry ??????????

[@ = ]
[HKEY_CURRENT_USER\software\AC3filter]
[HKEY_CURRENT_USER\software\Adobe]
[HKEY_CURRENT_USER\software\Ahead]
[HKEY_CURRENT_USER\software\America Online]
[HKEY_CURRENT_USER\software\AppDataLow]
[HKEY_CURRENT_USER\software\Avg]
[HKEY_CURRENT_USER\software\BitDefender]
[HKEY_CURRENT_USER\software\Brother]
[HKEY_CURRENT_USER\software\Clients]
[HKEY_CURRENT_USER\software\CoreVorbis]
[HKEY_CURRENT_USER\software\Cyberlink]
[HKEY_CURRENT_USER\software\Cygnus Solutions]
[HKEY_CURRENT_USER\software\DivXNetworks]
[HKEY_CURRENT_USER\software\DownloadCenter]
[HKEY_CURRENT_USER\software\Druide informatique inc.]
[HKEY_CURRENT_USER\software\DT Soft]
[HKEY_CURRENT_USER\software\FUJIFILM]
[HKEY_CURRENT_USER\software\Gabest]
[HKEY_CURRENT_USER\software\GNU]
[HKEY_CURRENT_USER\software\Google]
[HKEY_CURRENT_USER\software\GSpot Appliance Corp]
[HKEY_CURRENT_USER\software\Haali]
[HKEY_CURRENT_USER\software\ICQToolbar]
[HKEY_CURRENT_USER\software\IM Providers]
[HKEY_CURRENT_USER\software\Intel]
[HKEY_CURRENT_USER\software\JavaSoft]
[HKEY_CURRENT_USER\software\Local AppWizard-Generated Applications]
[HKEY_CURRENT_USER\software\Macromedia]
[HKEY_CURRENT_USER\software\Malwarebytes' Anti-Malware]
[HKEY_CURRENT_USER\software\Microsoft]
[HKEY_CURRENT_USER\software\Mozilla]
[HKEY_CURRENT_USER\software\MozillaPlugins]
[HKEY_CURRENT_USER\software\Netscape]
[HKEY_CURRENT_USER\software\NVIDIA Corporation]
[HKEY_CURRENT_USER\software\ODBC]
[HKEY_CURRENT_USER\software\Paint.NET]
[HKEY_CURRENT_USER\software\Philipp Winterberg]
[HKEY_CURRENT_USER\software\Piriform]
[HKEY_CURRENT_USER\software\Policies]
[HKEY_CURRENT_USER\software\Praxisoft]
[HKEY_CURRENT_USER\software\Realtek]
[HKEY_CURRENT_USER\software\Samsung]
[HKEY_CURRENT_USER\software\Samsung PC Studio]
[HKEY_CURRENT_USER\software\ScanSoft]
[HKEY_CURRENT_USER\software\Skype]
[HKEY_CURRENT_USER\software\SkypeApps]
[HKEY_CURRENT_USER\software\smarttip]
[HKEY_CURRENT_USER\software\Sony Ericsson]
[HKEY_CURRENT_USER\software\Sysinternals]
[HKEY_CURRENT_USER\software\TechSmith]
[HKEY_CURRENT_USER\software\Teleca]
[HKEY_CURRENT_USER\software\VB and VBA Program Settings]
[HKEY_CURRENT_USER\software\Windows Live]
[HKEY_CURRENT_USER\software\Windows Live Writer]
[HKEY_CURRENT_USER\software\XTTB00001]
[HKEY_CURRENT_USER\software\YahooPartnerToolbar]
[HKEY_CURRENT_USER\software\?? ?? ???? ????? ??? ?? ????]
[HKEY_CURRENT_USER\software\Classes]

[HKEY_LOCAL_MACHINE\software\14919ea49a8f3b4aa3cf1058d9a64cec]
[HKEY_LOCAL_MACHINE\software\781]
[HKEY_LOCAL_MACHINE\software\Adobe]
[HKEY_LOCAL_MACHINE\software\Ahead]
[HKEY_LOCAL_MACHINE\software\AMD]
[HKEY_LOCAL_MACHINE\software\Apple Computer, Inc.]
[HKEY_LOCAL_MACHINE\software\AVG]
[HKEY_LOCAL_MACHINE\software\Brother]
[HKEY_LOCAL_MACHINE\software\C07ft5Y]
[HKEY_LOCAL_MACHINE\software\CDDB]
[HKEY_LOCAL_MACHINE\software\Classes]
[HKEY_LOCAL_MACHINE\software\Clever Age]
[HKEY_LOCAL_MACHINE\software\Clients]
[HKEY_LOCAL_MACHINE\software\Codec Tweak Tool]
[HKEY_LOCAL_MACHINE\software\Creative Software]
[HKEY_LOCAL_MACHINE\software\Cyberlink]
[HKEY_LOCAL_MACHINE\software\Cygnus Solutions]
[HKEY_LOCAL_MACHINE\software\DivXNetworks]
[HKEY_LOCAL_MACHINE\software\Druide informatique inc.]
[HKEY_LOCAL_MACHINE\software\DT Soft]
[HKEY_LOCAL_MACHINE\software\Ericsson]
[HKEY_LOCAL_MACHINE\software\fce]
[HKEY_LOCAL_MACHINE\software\ffffffff]
[HKEY_LOCAL_MACHINE\software\FolderIcon XP]
[HKEY_LOCAL_MACHINE\software\FUJI PHOTO FILM CO.,LTD.]
[HKEY_LOCAL_MACHINE\software\FullCircle]
[HKEY_LOCAL_MACHINE\software\Gabest]
[HKEY_LOCAL_MACHINE\software\Gemplus]
[HKEY_LOCAL_MACHINE\software\GNU]
[HKEY_LOCAL_MACHINE\software\Google]
[HKEY_LOCAL_MACHINE\software\HaaliMkx]
[HKEY_LOCAL_MACHINE\software\HmLmbd]
[HKEY_LOCAL_MACHINE\software\ICQ]
[HKEY_LOCAL_MACHINE\software\InstallShield]
[HKEY_LOCAL_MACHINE\software\Intel]
[HKEY_LOCAL_MACHINE\software\InterVideo]
[HKEY_LOCAL_MACHINE\software\JavaSoft]
[HKEY_LOCAL_MACHINE\software\KLCodecPack]
[HKEY_LOCAL_MACHINE\software\Macromedia]
[HKEY_LOCAL_MACHINE\software\Malwarebytes' Anti-Malware]
[HKEY_LOCAL_MACHINE\software\MCCI]
[HKEY_LOCAL_MACHINE\software\MeaningData.com]
[HKEY_LOCAL_MACHINE\software\Microsoft]
[HKEY_LOCAL_MACHINE\software\MimarSinan]
[HKEY_LOCAL_MACHINE\software\Mirabilis]
[HKEY_LOCAL_MACHINE\software\MobiPocket.com]
[HKEY_LOCAL_MACHINE\software\Mozilla]
[HKEY_LOCAL_MACHINE\software\mozilla.org]
[HKEY_LOCAL_MACHINE\software\MozillaPlugins]
[HKEY_LOCAL_MACHINE\software\NVIDIA Corporation]
[HKEY_LOCAL_MACHINE\software\ODBC]
[HKEY_LOCAL_MACHINE\software\Paint.NET]
[HKEY_LOCAL_MACHINE\software\Pervasive Software]
[HKEY_LOCAL_MACHINE\software\Philipp Winterberg]
[HKEY_LOCAL_MACHINE\software\Phonemonitor]
[HKEY_LOCAL_MACHINE\software\Piriform]
[HKEY_LOCAL_MACHINE\software\Policies]
[HKEY_LOCAL_MACHINE\software\Program Groups]
[HKEY_LOCAL_MACHINE\software\Realtek]
[HKEY_LOCAL_MACHINE\software\Realtek Semiconductor Corp.]
[HKEY_LOCAL_MACHINE\software\RegisteredApplications]
[HKEY_LOCAL_MACHINE\software\S3R521]
[HKEY_LOCAL_MACHINE\software\Safer Networking Limited]
[HKEY_LOCAL_MACHINE\software\Samsung]
[HKEY_LOCAL_MACHINE\software\Samsung Electronics Co., Ltd.]
[HKEY_LOCAL_MACHINE\software\ScanSoft]
[HKEY_LOCAL_MACHINE\software\Schlumberger]
[HKEY_LOCAL_MACHINE\software\Secure]
[HKEY_LOCAL_MACHINE\software\Skype]
[HKEY_LOCAL_MACHINE\software\Sony Ericsson]
[HKEY_LOCAL_MACHINE\software\TechSmith]
[HKEY_LOCAL_MACHINE\software\Teleca]
[HKEY_LOCAL_MACHINE\software\Visioneer]
[HKEY_LOCAL_MACHINE\software\WebUpdate]
[HKEY_LOCAL_MACHINE\software\Windows]
[HKEY_LOCAL_MACHINE\software\Windows 3.1 Migration Status]
[HKEY_LOCAL_MACHINE\software\Wise Solutions]
[HKEY_LOCAL_MACHINE\software\Zeon]

?????????? Files/folders ??????????

?????????? Keys :

FEATURE_BROWSER_EMULATION | svchost :
====================================

???????????????

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-03 21:14:26
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD2500JS-55NCB1 rev.10.02E01 -> Harddisk0\DR0 -> \Device\00000063

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8616D1F8]<<
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x860B9AB8]
3 CLASSPNP[0xF759CFD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\00000064[0x8614FAF0]
5 ACPI[0xF7308620] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\00000063[0x860B9030]
\Driver\nvata[0x8610EA30] -> IRP_MJ_CREATE -> 0x8616D1F8
kernel: MBR read successfully
user & kernel MBR OK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled = 1 (0x1)
AntiVirusDisableNotify = 0 (0x0)
FirewallDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
AntiVirusOverride = 0 (0x0)
FirewallOverride = 0 (0x0)

?????????????????( EOF )???????????????????????

End of scan : 21:16:11.68

jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 618

ok il avait fais la supprezssion car plus rien sur celui ci ?? comment vont tes problèmes ??

Réponse 51 / 62

ancri Messages postés 108 Statut Membre

Je trouve qu'il rame encore un peu. Peut-être qu'il se fait vieux ?

Réponse 52 / 62

Utilisateur anonyme

salut juste une question :

tu es sur de ne pas avoir Kill'em.txt (le ".txt" peut ne pas apparaitre ) quelque part ?

dans C:_ ou sur le bureau ?

Réponse 53 / 62

ancri Messages postés 108 Statut Membre

Non, même après une recherche avec le toutou de windows je ne trouve rien.

Réponse 54 / 62

Utilisateur anonyme

ok c'est normal en faite il a rien fait car tu n'as pas suivi la consigne de desactiver tes protections pendant son utilisation :)

Réponse 55 / 62

ancri Messages postés 108 Statut Membre

Je croyais les avoir désactivées, je ne vois pas avg dans la barre des tâches.

Faut que je recommence le Search ou le CLean ?

Réponse 56 / 62

Utilisateur anonyme

si ne vois pas AVG dans la barre des taches , redemarre il va reapparaitre et tu pourras le stopper

le Clean

Réponse 57 / 62

ancri Messages postés 108 Statut Membre

Salut Jacques et gen-hackman

J'avais effectivement pas du tout désactivé AVG la première fois, mais seulement fermé le Icon-tray ! C'est futé ça !

Voici donc le rapport tant convoité :

########## DelFix - Nettoyeur d'outils de d?sinfection ##########
#
# DelFix v6.7 - Rapport cr?? le 21/12/2010 ? 08:01
# Mis ? jour le 28/11/10 ? 13h30 par Xplode
# Syst?me d'exploitation : Microsoft Windows XP (32 bits) [Version 5.1.2600] Service Pack 3
# Nom d'utilisateur : Yael - COMPUTER-XP (Administrateur)
# Ex?cut? depuis : C:\Documents and Settings\Yael\????? ??????\DelFix.exe
# Option [Suppression]

~~~~~~ Dossier(s) ~~~~~~

Supprim? : C:\USBFix
Supprim? : C:\RSIT
Supprim? : C:\Kill'em
Supprim? : C:\Program Files\Ad-Remover
Supprim? : C:\Program Files\List_Kill'em
Supprim? : C:\Program Files\ZHPDiag
Supprim? : C:\Program Files\trend micro

~~~~~~ Fichier(s) ~~~~~~

Supprim? : C:\List'em.txt
Supprim? : C:\UsbFix.txt
Supprim? : C:\UsbFix_Upload_Me_COMPUTER-XP.zip
Supprim? : C:\Ad-Report-CLEAN[1].txt
Supprim? : C:\Ad-Report-SCAN[1].txt
Supprim? : C:\TCleaner.txt
Supprim? : C:\WINDOWS\System32\tmp.reg
Supprim? : C:\WINDOWS\System32\tmp.txt
Supprim? : C:\Documents and Settings\Yael\????? ??????\List_Killem_Install.exe
Supprim? : C:\Documents and Settings\Yael\????? ??????\UsbFix.exe
Supprim? : C:\Documents and Settings\Yael\????? ??????\AD-R.lnk
Supprim? : C:\Documents and Settings\Yael\????? ??????\ZHPDiag.Txt
Supprim? : C:\Documents and Settings\Yael\????? ??????\List_Kill'em.lnk

~~~~~~ Registre ~~~~~~

Cl? Supprim?e : HKCU\SOFTWARE\Ad-Remover
Cl? Supprim?e : HKCU\SOFTWARE\USBFix
Cl? Supprim?e : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\List_Kill'em
Cl? Supprim?e : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ZHP
Cl? Supprim?e : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\HijackThis
Cl? Supprim?e : HKLM\Software\OldTimer Tools
Cl? Supprim?e : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Remover
Cl? Supprim?e : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\USBFix

~~~~~~ Autre ~~~~~~

-> ESET Online Scanner ... D?sinstall? avec succ?s
-> BitDefender Online Scanner ... D?sinstall? avec succ?s

########## EOF - "C:\DelFixSuppr.txt" - [2251 octets] ##########

jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 618

salut ancri , gen que je salues au passage ne t'a pas demander de passer delfix pas plus que moi ???

Réponse 58 / 62

ancri Messages postés 108 Statut Membre

Quel imbé... je fait. J'ai pas lancé Delfix, j'ai juste cru que c'était le rapport, tellement j'étais contente de voir un rapport .txt sur le bureau !

Mais en tout cas, y a toujours pas de rapport Killem.

Il s'arrête subitement et disparaît sans laisser de rapport.

jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 618

que tu ne trouve toujours pas le rapport de list&kill"em après delfix normal car Supprim? : C:\List'em.txt il a fait son travail en nettoyant les traces des outils ?,

dans ce cas tu retélécharges list&kill"em et tu suis bien la procédure !!

passes lis&kill"em option Search

DESACTIVE TON ANTIVIRUS , ANTI-SPYWARE ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)

Télécharge List_Kill'em et enregistre le sur ton bureau

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."

sur le raccourci sur ton bureau pour lancer l'installation

Laisse coché :

Executer List_Kill'em

une fois terminée , clic sur "terminer"

lance-le via le raccourci apparu sur ton bureau comme précité au debut

choisis l'option Search

laisse travailler l'outil

il se peut qu'une boite de dialogue s'ouvre , dans ce cas clique sur "ok" ou "Agree"

à l'apparition de la fenetre blanche , c'est un peu long , c'est normal ,c'est une recherche supplementaire de fichiers cachés , le programme n'est pas bloqué.

Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"

NE LE POSTE PAS SUR LE FORUM

Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

Clique sur Parcourir et cherche le fichier C:\List'em.txt

Clique sur Ouvrir.

Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=265368/cijSKAP5fU.txt

est ajouté dans la page.

Copie ce lien dans ta réponse.

Fais de même avec more.txt qui se trouve sur ton bureau

Réponse 59 / 62

ancri Messages postés 108 Statut Membre

Je suis pas sûre que je t'ai compris là.
J'ai pas lancé Delfix. J'ai seulement posté le rapport par erreur. Delfix, je l'ai lancé y a dix jours et son rapport était encore sur le bureau. Du coup, je l'ai posté par erreur.
Donc Listkillem il est toujours installé. Et il est censé avoir fait son boulot de Clean. Mais il n'a pas généré de rapport.

jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 618

ok !! le 21/12/2010 ? 08:01 j'avais pas vériffié la date ??
essais de voir pour refaire le scan de list&kill "em en recherche , déactive bien avg et si problème désinstalles le et tu le réinstallera après !!

ou aide toi de cela : https://www.luanagames.com/index.fr.html

= Ouvrir AVG 
= Clic droit sur l'icône Pare-Feu ==> Ouvrir 
= Dans la fenêtre qui s'ouvre ==> Cocher la case Pare-Feu désactivé 
= Enregistrer les modifications puis valider 
= Clic droit sur l'icône Bouclier résident ==> Ouvrir 
= Décocher Bouclier résident Actif 
= Faire l'inverse pour réactiver les protections

Réponse 60 / 62

ancri Messages postés 108 Statut Membre

Voilà, j'espère que c'est bon cette fois

?????????? List'em by g3n-h@ckm@n 2.1.2.8 ??????????

User : Yael (Administrators)
Update on 22/12/2010 by g3n-h@ckm@n ::::: 22.30
Start at: 07:14:12 | 06/01/2011

AMD Athlon(tm) 64 Processor 3500+
Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : AVG Anti-Virus Free 8.5 [ (!) Disabled | Updated ]

A:\ -> ???? ????????? ?3 1/2 ????'
C:\ -> ???? ???? ????? | 78.13 Go (9.21 Go free) | NTFS
D:\ -> ???? ???? ????? | 154.75 Go (116.84 Go free) | NTFS
E:\ -> ??????? | 699.7 Mo (0 Mo free) [Nouveau] | CDFS

????? Sessions ?????

C:\Documents and settings\Yael

Boot: Normal

?????? Processes ------- Memory(Ko) ------- Priority ------ Command ------- Signer

C:\WINDOWS\System32\smss.exe ---- 416 Ko ---- Normal ---- \SystemRoot\System32\smss.exe ----
C:\WINDOWS\system32\csrss.exe ---- 5008 Ko ---- Normal ---- C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ----
C:\WINDOWS\system32\winlogon.exe ---- 1524 Ko ---- High ---- winlogon.exe ----
C:\WINDOWS\system32\services.exe ---- 3704 Ko ---- Normal ---- C:\WINDOWS\system32\services.exe ----
C:\WINDOWS\system32\lsass.exe ---- 1908 Ko ---- Normal ---- C:\WINDOWS\system32\lsass.exe ----
C:\WINDOWS\system32\svchost.exe ---- 5404 Ko ---- Normal ---- C:\WINDOWS\system32\svchost -k DcomLaunch ----
C:\WINDOWS\system32\svchost.exe ---- 4548 Ko ---- Normal ---- C:\WINDOWS\system32\svchost -k rpcss ----
C:\WINDOWS\System32\svchost.exe ---- 29296 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k netsvcs ----
C:\WINDOWS\system32\svchost.exe ---- 3960 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k NetworkService ----
C:\WINDOWS\system32\svchost.exe ---- 6128 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k LocalService ----
C:\WINDOWS\system32\brsvc01a.exe ---- 1480 Ko ---- Normal ---- C:\WINDOWS\system32\brsvc01a.exe ----
C:\WINDOWS\system32\brss01a.exe ---- 2228 Ko ---- Normal ---- brss01a.exe ----
C:\WINDOWS\system32\spoolsv.exe ---- 5292 Ko ---- Normal ---- C:\WINDOWS\system32\spoolsv.exe ----
C:\WINDOWS\system32\svchost.exe ---- 3912 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k LocalService ----
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe ---- 1972 Ko ---- Normal ---- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe ---- AVG Technologies
C:\WINDOWS\System32\svchost.exe ---- 3892 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k eapsvcs ----
C:\Program Files\Java\jre6\bin\jqs.exe ---- 1552 Ko ---- Idle ---- C:\Program Files\Java\jre6\bin\jqs.exe -service -config C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf ---- Sun Microsystems, Inc.
C:\WINDOWS\system32\nvsvc32.exe ---- 3620 Ko ---- Normal ---- C:\WINDOWS\system32\nvsvc32.exe ----
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe ---- 8276 Ko ---- Normal ---- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe ---- Microsoft Corporation
C:\WINDOWS\system32\svchost.exe ---- 4600 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k imgsvc ----
C:\PROGRA~1\AVG\AVG8\avgemc.exe ---- 576 Ko ---- Normal ---- C:\PROGRA~1\AVG\AVG8\avgemc.exe ---- AVG Technologies
C:\PROGRA~1\AVG\AVG8\avgrsx.exe ---- 220 Ko ---- Normal ---- avgrsx.exe ---- AVG Technologies
C:\Program Files\AVG\AVG8\avgcsrvx.exe ---- 10532 Ko ---- Normal ---- /pipeName=8b7a6c07-d3c6-432c-9141-88de4ddd03c3 /coreSdkOptions=0 /binaryPath=C:\Program Files\AVG\AVG8\ ---- AVG Technologies
C:\WINDOWS\System32\alg.exe ---- 3768 Ko ---- Normal ---- C:\WINDOWS\System32\alg.exe ----
C:\PROGRA~1\AVG\AVG8\avgnsx.exe ---- 3260 Ko ---- Normal ---- avgnsx.exe ---- AVG Technologies
C:\WINDOWS\Explorer.EXE ---- 31136 Ko ---- Normal ---- C:\WINDOWS\Explorer.EXE ----
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe ---- 2956 Ko ---- Normal ---- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe ----
C:\Program Files\Brother\ControlCenter2\brctrcen.exe ---- 7520 Ko ---- Normal ---- C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun ----
C:\PROGRA~1\AVG\AVG8\avgtray.exe ---- 1004 Ko ---- Normal ---- C:\PROGRA~1\AVG\AVG8\avgtray.exe ---- AVG Technologies
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ---- 5624 Ko ---- Normal ---- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions ----
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe ---- 8600 Ko ---- Normal ---- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe ---- Adobe Systems, Incorporated
C:\Program Files\QuickTime\qttask.exe ---- 2580 Ko ---- Normal ---- C:\Program Files\QuickTime\qttask.exe -atboottime ----
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe ---- 53180 Ko ---- Normal ---- C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe /background ---- Microsoft Corporation
C:\Program Files\Microsoft ActiveSync\wcescomm.exe ---- 4904 Ko ---- Normal ---- C:\Program Files\Microsoft ActiveSync\wcescomm.exe ---- Microsoft Corporation
C:\WINDOWS\system32\ctfmon.exe ---- 3504 Ko ---- Normal ---- C:\WINDOWS\system32\ctfmon.exe ----
C:\Program Files\DAEMON Tools Lite\DTLite.exe ---- 9236 Ko ---- Normal ---- C:\Program Files\DAEMON Tools Lite\DTLite.exe -autorun ---- DT Soft Ltd
C:\Program Files\TechSmith\Jing\Jing.exe ---- 37336 Ko ---- Normal ---- C:\Program Files\TechSmith\Jing\Jing.exe ---- TechSmith Corporation
C:\Program Files\Skype\Phone\Skype.exe ---- 96404 Ko ---- Normal ---- C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized ---- Skype Technologies SA
C:\PROGRA~1\MICROS~3\rapimgr.exe ---- 4836 Ko ---- Normal ---- C:\PROGRA~1\MICROS~3\rapimgr.exe -Embedding ---- Microsoft Corporation
C:\Program Files\FinePixViewerS\QuickDCF2.exe ---- 4240 Ko ---- Normal ---- C:\Program Files\FinePixViewerS\QuickDCF2.exe ----
C:\PVSW\Bin\w3dbsmgr.exe ---- 11516 Ko ---- Normal ---- C:\PVSW\Bin\w3dbsmgr.exe -SRDE ----
C:\Program Files\Skype\Plugin Manager\skypePM.exe ---- 20492 Ko ---- Normal ---- C:\Program Files\Skype\Plugin Manager\skypePM.exe /SILENT ---- EasyBits Software AS
C:\Program Files\Windows Live\Contacts\wlcomm.exe ---- 25340 Ko ---- Normal ---- C:\Program Files\Windows Live\Contacts\wlcomm.exe -Embedding ---- Microsoft Corporation
C:\Program Files\Mozilla Firefox\firefox.exe ---- 226620 Ko ---- Normal ---- C:\Program Files\Mozilla Firefox\firefox.exe ---- Mozilla Corporation
C:\Program Files\Outlook Express\msimn.exe ---- 12008 Ko ---- Normal ---- C:\Program Files\Outlook Express\msimn.exe ----
C:\Program Files\Common Files\Teleca Shared\Generic.exe ---- 9004 Ko ---- Normal ---- C:\Program Files\Common Files\Teleca Shared\Generic.exe -Embedding ----
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe ---- 7080 Ko ---- Normal ---- C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe -Embedding ----
C:\Program Files\AVG\AVG8\avgui.exe ---- 4684 Ko ---- Normal ---- C:\Program Files\AVG\AVG8\avgui.exe ---- AVG Technologies
C:\WINDOWS\system32\wscntfy.exe ---- 2820 Ko ---- Normal ---- C:\WINDOWS\system32\wscntfy.exe ----
C:\WINDOWS\system32\rundll32.exe ---- 6700 Ko ---- Normal ---- C:\WINDOWS\system32\rundll32.exe Shell32.dll,Control_RunDLL wscui.cpl ----
C:\WINDOWS\System32\svchost.exe ---- 3620 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k HTTPFilter ----
C:\WINDOWS\system32\cmd.exe ---- 2992 Ko ---- Normal ---- C:\WINDOWS\system32\cmd.exe /K List'em.bat ----
C:\WINDOWS\system32\wbem\wmiprvse.exe ---- 6964 Ko ---- Normal ---- C:\WINDOWS\system32\wbem\wmiprvse.exe ----
C:\Program Files\List_Kill'em\pv.L_K ---- 2896 Ko ---- Normal ---- pv.L_K -o%f ---- %m Ko ---- %p ---- %l ---- %s ----

?????????? Keys Run ??????????

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MsnMsgr = C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe /background
H/PC Connection Agent = C:\Program Files\Microsoft ActiveSync\wcescomm.exe
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
DAEMON Tools Lite = C:\Program Files\DAEMON Tools Lite\DTLite.exe -autorun
Jing = C:\Program Files\TechSmith\Jing\Jing.exe
Skype = C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
Alcmtr = ALCMTR.EXE
SSBkgdUpdate = C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
PaperPort PTD = C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
IndexSearch = C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
SetDefPrt = C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
ControlCenter2.0 = C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
AVG8_TRAY = C:\PROGRA~1\AVG\AVG8\avgtray.exe
Sony Ericsson PC Suite = C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions
Adobe Reader Speed Launcher = C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
Adobe ARM = C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
QuickTime Task = C:\Program Files\QuickTime\qttask.exe -atboottime
UserFaultCheck = %systemroot%\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

?????????? Other System Keys ??????????

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun = 0 (0x0)
NoDriveAutoRun = 3 (0x3)

???????????????

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting = 1 (0x1)
NoDriveAutoRun = 3 (0x3)
NoDriveTypeAutoRun = 0 (0x0)

???????????????

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS =

???????????????

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
Shell = explorer.exe
Userinit = C:\WINDOWS\System32\userinit.exe,

???????????????

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

???????????????

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} =

???????????????

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Messenger\msmsgs.exe = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\Program Files\eMule\emule.exe = C:\Program Files\eMule\emule.exe:*:Enabled:eMule
C:\PVSW\Bin\w3dbsmgr.exe = C:\PVSW\Bin\w3dbsmgr.exe:*:Enabled:Database Service Manager
C:\Program Files\ICQ6\ICQ.exe = C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6
C:\Program Files\Mozilla Firefox\firefox.exe = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
C:\Program Files\ICQ6.5\ICQ.exe = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6
C:\Program Files\Windows Live\Messenger\wlcsdk.exe = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Microsoft ActiveSync\rapimgr.exe = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
C:\Program Files\Microsoft ActiveSync\wcescomm.exe = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
C:\Program Files\Windows Live\Messenger\msnmsgr.exe = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
C:\Program Files\Skype\Plugin Manager\skypePM.exe = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
C:\Program Files\ICQ7.2\ICQ.exe = C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2
C:\Program Files\ICQ7.2\aolload.exe = C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe
C:\Program Files\Skype\Phone\Skype.exe = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
C:\Program Files\Grisoft\AVG7\avgamsvr.exe = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe
C:\Program Files\AVG\AVG8\avgemc.exe = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
C:\Program Files\Grisoft\AVG7\avginet.exe = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe
C:\Program Files\AVG\AVG8\avgupd.exe = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Windows Live\Messenger\wlcsdk.exe = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Microsoft ActiveSync\rapimgr.exe = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
C:\Program Files\Microsoft ActiveSync\wcescomm.exe = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
C:\Program Files\Windows Live\Messenger\msnmsgr.exe = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
C:\Program Files\ICQ7.2\ICQ.exe = C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2
C:\Program Files\ICQ7.2\aolload.exe = C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe

?????????? ActivX | COM ??????????

[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{02BCC737-B171-4746-94C9-0D8A0B2C0089}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{7530BFB8-7293-4D34-9923-61A11451AFC5}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]

???????????????

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Microsoft Base Smart Card Crypto Provider Package]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2755948A-38EE-4B76-A42B-4A2BF463DD6F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B508B3F1-A24A-32C0-B310-85786919EF28}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ECD292A0-0347-4244-8C24-5DBCE990FB40}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EF289A85-8E57-408d-BE47-73B55609861A}]

?????????? BHO ??????????

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00e71626-0bef-11dc-8314-0800200c9a66}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

?????????? DNS ??????????

Description: Gigabyte GN-WB01GS USB WLAN Card #3 - ????-????? ?? ????? ????
DNS Server Search Order: 10.0.0.138
Description: Gigabyte GN-WB01GS USB WLAN Card #3 - ????-????? ?? ????? ????
DNS Server Search Order: 10.0.0.138
HKLM\SYSTEM\CCS\Services\Tcpip\..\{23F59AC1-5FAB-483F-9601-71D24BBE3611}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CCS\Services\Tcpip\..\{88E04EEF-23FA-42FF-BB09-2E6A4C48B754}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B282434E-4BC0-4005-8464-046C9796A4F1}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS1\Services\Tcpip\..\{23F59AC1-5FAB-483F-9601-71D24BBE3611}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS1\Services\Tcpip\..\{88E04EEF-23FA-42FF-BB09-2E6A4C48B754}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B282434E-4BC0-4005-8464-046C9796A4F1}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS3\Services\Tcpip\..\{23F59AC1-5FAB-483F-9601-71D24BBE3611}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS3\Services\Tcpip\..\{88E04EEF-23FA-42FF-BB09-2E6A4C48B754}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS3\Services\Tcpip\..\{B282434E-4BC0-4005-8464-046C9796A4F1}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.138

?????????? Internet Explorer ??????????

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr/?ocid=iehp
Local Page = C:\WINDOWS\system32\blank.htm
Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.google.com/?gws_rd=ssl
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

????? Proxy Internet Explorer

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
ProxyEnable = 0 (0x0)

?????????? Safemode ??????????

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!

?????????? Atapi.sys ??????????

[MD5.cdfe4411a69c224bd1d11b2da92dac51] - C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[MD5.9f3a2f5aa6875c72bf062c712cfa2674] - C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[MD5.9f3a2f5aa6875c72bf062c712cfa2674] - C:\WINDOWS\system32\drivers\atapi.sys
[MD5.cdfe4411a69c224bd1d11b2da92dac51] - C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
[MD5.cdfe4411a69c224bd1d11b2da92dac51] - C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys

????? Reference

Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP3 : 7A62A6C8303C9D026DD926F397B2FB57
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP1_32b : 95b858761a00e1d4f81f79a0da019aca
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Win XP_64 : 72C77044943340964FA513B92D6D6874
Win XP_64_SP2 : 7A1814D0D112F50F828E25557A1ED29F
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 338c86357871c167a96ab976519bf59e
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C

?????????? Explorer ??????????

[MD5.468d2a8b5f62e25f81c3150263d8e558] - C:\WINDOWS\explorer.exe
[MD5.1fb3ee7c4d70aace3063a1e1e0ff7fcf] - C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[MD5.7c66ce267edd66607b2275fe44235a31] - C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[MD5.a275bb2b4cf43625b9f38ad312f5c5a6] - C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[MD5.468d2a8b5f62e25f81c3150263d8e558] - C:\WINDOWS\ServicePackFiles\i386\explorer.exe

?????????? Winlogon ??????????

[MD5.e589065c107815a4f5db393973a2b9b0] - C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[MD5.9dc7d2c3a0956a9ff82c4dd5596613a8] - C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[MD5.9dc7d2c3a0956a9ff82c4dd5596613a8] - C:\WINDOWS\system32\winlogon.exe

?????????? Wininit ??????????

?????????? SVC | svchost ??????????

?????????? IFEO | debugger ??????????

?????????? Mountpoints2 ??????????

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{366c862a-0894-11de-b287-001485379c1c}\shell
@ = None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{366c862a-0894-11de-b287-001485379c1c}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{766a9a81-676a-11dd-b237-001485379c1c}\shell
@ = None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{766a9a81-676a-11dd-b237-001485379c1c}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aebbb0d9-0659-11dd-b1f3-001485379c1c}\shell
@ = None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aebbb0d9-0659-11dd-b1f3-001485379c1c}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b51843fb-2648-11dd-b206-001485379c1c}\shell
@ = None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b51843fb-2648-11dd-b206-001485379c1c}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8910409-08bb-11df-86c8-001485379c1c}\shell
@ = None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8910409-08bb-11df-86c8-001485379c1c}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d50a1067-0c99-11dd-b1f9-001485379c1c}\shell
@ = None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d50a1067-0c99-11dd-b1f9-001485379c1c}\shell\Autoplay

?????????? Services ??????????

? Ndisuio => Start : 3 ( OK = 3 )
? EapHost => Start : 2 ( OK = 2 )
? Ip6Fw => Start : 2 ( OK = 2 )
? SharedAccess => Start : 2 ( OK = 2 )
? wuauserv => Start : 2 ( OK = 2 )
? wscsvc => Start : 2 ( OK = 2 )

?????????? First Scan ??????????

?????????? Registry ??????????

[@ = ]
[HKEY_CURRENT_USER\software\AC3filter]
[HKEY_CURRENT_USER\software\Adobe]
[HKEY_CURRENT_USER\software\Ahead]
[HKEY_CURRENT_USER\software\America Online]
[HKEY_CURRENT_USER\software\AppDataLow]
[HKEY_CURRENT_USER\software\Avg]
[HKEY_CURRENT_USER\software\BitDefender]
[HKEY_CURRENT_USER\software\Brother]
[HKEY_CURRENT_USER\software\Clients]
[HKEY_CURRENT_USER\software\CoreVorbis]
[HKEY_CURRENT_USER\software\Cyberlink]
[HKEY_CURRENT_USER\software\Cygnus Solutions]
[HKEY_CURRENT_USER\software\DivXNetworks]
[HKEY_CURRENT_USER\software\DownloadCenter]
[HKEY_CURRENT_USER\software\Druide informatique inc.]
[HKEY_CURRENT_USER\software\DT Soft]
[HKEY_CURRENT_USER\software\FUJIFILM]
[HKEY_CURRENT_USER\software\Gabest]
[HKEY_CURRENT_USER\software\GNU]
[HKEY_CURRENT_USER\software\Google]
[HKEY_CURRENT_USER\software\GSpot Appliance Corp]
[HKEY_CURRENT_USER\software\Haali]
[HKEY_CURRENT_USER\software\ICQToolbar]
[HKEY_CURRENT_USER\software\IM Providers]
[HKEY_CURRENT_USER\software\Intel]
[HKEY_CURRENT_USER\software\JavaSoft]
[HKEY_CURRENT_USER\software\Local AppWizard-Generated Applications]
[HKEY_CURRENT_USER\software\Macromedia]
[HKEY_CURRENT_USER\software\Malwarebytes' Anti-Malware]
[HKEY_CURRENT_USER\software\Microsoft]
[HKEY_CURRENT_USER\software\Mozilla]
[HKEY_CURRENT_USER\software\MozillaPlugins]
[HKEY_CURRENT_USER\software\Netscape]
[HKEY_CURRENT_USER\software\NVIDIA Corporation]
[HKEY_CURRENT_USER\software\ODBC]
[HKEY_CURRENT_USER\software\Paint.NET]
[HKEY_CURRENT_USER\software\Philipp Winterberg]
[HKEY_CURRENT_USER\software\Piriform]
[HKEY_CURRENT_USER\software\Policies]
[HKEY_CURRENT_USER\software\Praxisoft]
[HKEY_CURRENT_USER\software\Realtek]
[HKEY_CURRENT_USER\software\Samsung]
[HKEY_CURRENT_USER\software\Samsung PC Studio]
[HKEY_CURRENT_USER\software\ScanSoft]
[HKEY_CURRENT_USER\software\Skype]
[HKEY_CURRENT_USER\software\SkypeApps]
[HKEY_CURRENT_USER\software\smarttip]
[HKEY_CURRENT_USER\software\Sony Ericsson]
[HKEY_CURRENT_USER\software\Sysinternals]
[HKEY_CURRENT_USER\software\TechSmith]
[HKEY_CURRENT_USER\software\Teleca]
[HKEY_CURRENT_USER\software\VB and VBA Program Settings]
[HKEY_CURRENT_USER\software\Windows Live]
[HKEY_CURRENT_USER\software\Windows Live Writer]
[HKEY_CURRENT_USER\software\XTTB00001]
[HKEY_CURRENT_USER\software\YahooPartnerToolbar]
[HKEY_CURRENT_USER\software\?? ?? ???? ????? ??? ?? ????]
[HKEY_CURRENT_USER\software\Classes]

[HKEY_LOCAL_MACHINE\software\14919ea49a8f3b4aa3cf1058d9a64cec]
[HKEY_LOCAL_MACHINE\software\781]
[HKEY_LOCAL_MACHINE\software\Adobe]
[HKEY_LOCAL_MACHINE\software\Ahead]
[HKEY_LOCAL_MACHINE\software\AMD]
[HKEY_LOCAL_MACHINE\software\Apple Computer, Inc.]
[HKEY_LOCAL_MACHINE\software\AVG]
[HKEY_LOCAL_MACHINE\software\Brother]
[HKEY_LOCAL_MACHINE\software\C07ft5Y]
[HKEY_LOCAL_MACHINE\software\CDDB]
[HKEY_LOCAL_MACHINE\software\Classes]
[HKEY_LOCAL_MACHINE\software\Clever Age]
[HKEY_LOCAL_MACHINE\software\Clients]
[HKEY_LOCAL_MACHINE\software\Codec Tweak Tool]
[HKEY_LOCAL_MACHINE\software\Creative Software]
[HKEY_LOCAL_MACHINE\software\Cyberlink]
[HKEY_LOCAL_MACHINE\software\Cygnus Solutions]
[HKEY_LOCAL_MACHINE\software\DivXNetworks]
[HKEY_LOCAL_MACHINE\software\Druide informatique inc.]
[HKEY_LOCAL_MACHINE\software\DT Soft]
[HKEY_LOCAL_MACHINE\software\Ericsson]
[HKEY_LOCAL_MACHINE\software\fce]
[HKEY_LOCAL_MACHINE\software\ffffffff]
[HKEY_LOCAL_MACHINE\software\FolderIcon XP]
[HKEY_LOCAL_MACHINE\software\FUJI PHOTO FILM CO.,LTD.]
[HKEY_LOCAL_MACHINE\software\FullCircle]
[HKEY_LOCAL_MACHINE\software\Gabest]
[HKEY_LOCAL_MACHINE\software\Gemplus]
[HKEY_LOCAL_MACHINE\software\GNU]
[HKEY_LOCAL_MACHINE\software\Google]
[HKEY_LOCAL_MACHINE\software\HaaliMkx]
[HKEY_LOCAL_MACHINE\software\HmLmbd]
[HKEY_LOCAL_MACHINE\software\ICQ]
[HKEY_LOCAL_MACHINE\software\InstallShield]
[HKEY_LOCAL_MACHINE\software\Intel]
[HKEY_LOCAL_MACHINE\software\InterVideo]
[HKEY_LOCAL_MACHINE\software\JavaSoft]
[HKEY_LOCAL_MACHINE\software\KLCodecPack]
[HKEY_LOCAL_MACHINE\software\Macromedia]
[HKEY_LOCAL_MACHINE\software\Malwarebytes' Anti-Malware]
[HKEY_LOCAL_MACHINE\software\MCCI]
[HKEY_LOCAL_MACHINE\software\MeaningData.com]
[HKEY_LOCAL_MACHINE\software\Microsoft]
[HKEY_LOCAL_MACHINE\software\MimarSinan]
[HKEY_LOCAL_MACHINE\software\Mirabilis]
[HKEY_LOCAL_MACHINE\software\MobiPocket.com]
[HKEY_LOCAL_MACHINE\software\Mozilla]
[HKEY_LOCAL_MACHINE\software\mozilla.org]
[HKEY_LOCAL_MACHINE\software\MozillaPlugins]
[HKEY_LOCAL_MACHINE\software\NVIDIA Corporation]
[HKEY_LOCAL_MACHINE\software\ODBC]
[HKEY_LOCAL_MACHINE\software\Paint.NET]
[HKEY_LOCAL_MACHINE\software\Pervasive Software]
[HKEY_LOCAL_MACHINE\software\Philipp Winterberg]
[HKEY_LOCAL_MACHINE\software\Phonemonitor]
[HKEY_LOCAL_MACHINE\software\Piriform]
[HKEY_LOCAL_MACHINE\software\Policies]
[HKEY_LOCAL_MACHINE\software\Program Groups]
[HKEY_LOCAL_MACHINE\software\Realtek]
[HKEY_LOCAL_MACHINE\software\Realtek Semiconductor Corp.]
[HKEY_LOCAL_MACHINE\software\RegisteredApplications]
[HKEY_LOCAL_MACHINE\software\S3R521]
[HKEY_LOCAL_MACHINE\software\Safer Networking Limited]
[HKEY_LOCAL_MACHINE\software\Samsung]
[HKEY_LOCAL_MACHINE\software\Samsung Electronics Co., Ltd.]
[HKEY_LOCAL_MACHINE\software\ScanSoft]
[HKEY_LOCAL_MACHINE\software\Schlumberger]
[HKEY_LOCAL_MACHINE\software\Secure]
[HKEY_LOCAL_MACHINE\software\Skype]
[HKEY_LOCAL_MACHINE\software\Sony Ericsson]
[HKEY_LOCAL_MACHINE\software\TechSmith]
[HKEY_LOCAL_MACHINE\software\Teleca]
[HKEY_LOCAL_MACHINE\software\Visioneer]
[HKEY_LOCAL_MACHINE\software\WebUpdate]
[HKEY_LOCAL_MACHINE\software\Windows]
[HKEY_LOCAL_MACHINE\software\Windows 3.1 Migration Status]
[HKEY_LOCAL_MACHINE\software\Wise Solutions]
[HKEY_LOCAL_MACHINE\software\Zeon]

?????????? Files/folders ??????????

?????????? Keys :

FEATURE_BROWSER_EMULATION | svchost :
====================================

???????????????

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-06 07:28:55
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD2500JS-55NCB1 rev.10.02E01 -> Harddisk0\DR0 -> \Device\00000063

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8616D1F8]<<
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x860B9AB8]
3 CLASSPNP[0xF759CFD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\00000064[0x8614FAF0]
5 ACPI[0xF7308620] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\00000063[0x860B9030]
\Driver\nvata[0x8610EA30] -> IRP_MJ_CREATE -> 0x8616D1F8
kernel: MBR read successfully
user & kernel MBR OK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled = 1 (0x1)
AntiVirusDisableNotify = 0 (0x0)
FirewallDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
AntiVirusOverride = 0 (0x0)
FirewallOverride = 0 (0x0)

?????????????????( EOF )???????????????????????

End of scan : 7:30:05.50

jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 618

bonjour, pour moi c'est bon list&kill"em ne montre rien de méchant !! comment va le pc !!!

Discussions similaires

Probleme bogue

Analyse et réparation du lecteur C

Probleme bug mi

Desactivation rapport de bogue

''Analyse et réparation du disque C:''

Rapports Bitfender et Hijackthis à analyser

62 réponses

Votre réponse

Discussions similaires

Newsletters