Sujet Précédent Sujet Suivant

WIN 32

Résolu/Fermé
jumbo - 15 janv. 2011 à 14:59
 Utilisateur anonyme - 29 janv. 2011 à 15:02
Bonjour,

j'essaie de télécharger sur 01net, Windows live Messenger
et à chaque fois j'ai :
local settings\temporary Internet Files\Content.IE5\
wlsetup-web[1].exe n'est pas une application Win 32 valide

Que faire ?
Merci

A voir également:

64 réponses

Précédent
Réponse 41 / 64
Utilisateur anonyme
27 janv. 2011 à 18:41
Bonsoir

Une dernière chose avant:

> DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!! </gras>

(Car ils sont détectés a tort comme infection)
Télécharge List_Killem ici
http://sd-4.archive-host.com/membres/up/829108531491024/Mes_Tools/List_Killem_Install.exe
et enregistre le sur ton bureau


si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."

sur le raccourci sur ton bureau pour lancer l'installation

Laisse coché :

? Executer Shortcut
? Executer List_Kill'em

une fois terminée , clic sur "terminer" et le programme se lancera seul

choisis l' option Search

- laisse travailler l'outil

il se peut qu'une boite de dialogue s'ouvre , dans ce cas clique sur ok

à l'apparition de la fenetre blanche , c'est un peu long , c'est normal ,c'est une recherche supplementaire de fichiers cachés , le programme n'est pas bloqué.

Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"


@+
0
Réponse 42 / 64
jumbo
27 janv. 2011 à 19:21
¤¤¤¤¤¤¤¤¤¤ List'em by g3n-h@ckm@n 2.1.3.2 ¤¤¤¤¤¤¤¤¤¤

User : michel (Administrateurs)
Update on 22/01/2011 by g3n-h@ckm@n ::::: 09.30
Start at: 19:09:31 | 27/01/2011

Intel(R) Pentium(R) 4 CPU 3.20GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : avast! Antivirus 5.0.83952505 [ (!) Disabled | Updated ]

C:\ -> Disque fixe local | 228,18 Go (197,67 Go free) | NTFS
D:\ -> Disque amovible
E:\ -> Disque amovible
F:\ -> Disque amovible
G:\ -> Disque amovible
I:\ -> Disque CD-ROM
J:\ -> Disque amovible

¤¤¤¤¤ Sessions ¤¤¤¤¤

C:\Documents and settings\michel

Boot: Normal

¤¤¤¤¤¤ Processes ------- Memory(Ko) ------- Priority ------ Command ------- Signer

C:\windows\System32\smss.exe ---- 416 Ko ---- Normal ---- \SystemRoot\System32\smss.exe ----
C:\windows\system32\csrss.exe ---- 4776 Ko ---- Normal ---- C:\windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ----
C:\windows\system32\winlogon.exe ---- 4736 Ko ---- High ---- winlogon.exe ----
C:\windows\system32\services.exe ---- 3956 Ko ---- Normal ---- C:\windows\system32\services.exe ----
C:\windows\system32\lsass.exe ---- 1916 Ko ---- Normal ---- C:\windows\system32\lsass.exe ----
C:\windows\system32\svchost.exe ---- 5784 Ko ---- Normal ---- C:\windows\system32\svchost -k DcomLaunch ----
C:\windows\system32\svchost.exe ---- 5048 Ko ---- Normal ---- C:\windows\system32\svchost -k rpcss ----
C:\windows\System32\svchost.exe ---- 33428 Ko ---- Normal ---- C:\windows\System32\svchost.exe -k netsvcs ----
C:\windows\system32\svchost.exe ---- 4056 Ko ---- Normal ---- C:\windows\system32\svchost.exe -k NetworkService ----
C:\windows\system32\svchost.exe ---- 9752 Ko ---- Normal ---- C:\windows\system32\svchost.exe -k LocalService ----
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe ---- 5232 Ko ---- Normal ---- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe ---- ALWIL Software
C:\windows\Explorer.EXE ---- 17076 Ko ---- Normal ---- C:\windows\Explorer.EXE ----
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe ---- 3064 Ko ---- Normal ---- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe ----
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe ---- 18260 Ko ---- Normal ---- C:\Program Files\Brother\ControlCenter3\brccMCtl.exe /autorun ----
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe ---- 1620 Ko ---- Normal ---- C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe -start ----
C:\windows\stsystra.exe ---- 4384 Ko ---- Normal ---- C:\windows\stsystra.exe ----
C:\Program Files\Alwil Software\Avast5\avastUI.exe ---- 7812 Ko ---- Normal ---- C:\Program Files\Alwil Software\Avast5\avastUI.exe /nogui ---- ALWIL Software
C:\windows\emMON.exe ---- 4076 Ko ---- Normal ---- C:\windows\emMON.exe ----
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe ---- 10608 Ko ---- Normal ---- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide ---- Logitech Inc
C:\windows\system32\ctfmon.exe ---- 3676 Ko ---- Normal ---- C:\windows\system32\ctfmon.exe ----
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe ---- 4896 Ko ---- Normal ---- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe ---- TomTom International BV
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe ---- 20348 Ko ---- Normal ---- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe /hide ---- Logitech Inc
C:\Program Files\Skype\Phone\Skype.exe ---- 36308 Ko ---- Normal ---- C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized ---- Skype Technologies SA
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe ---- 5276 Ko ---- Normal ---- C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe -Embedding ---- Logitech Inc
C:\Program Files\Logitech\Vid HD\Vid.exe ---- 58000 Ko ---- Normal ---- C:\Program Files\Logitech\Vid HD\Vid.exe -bootmode ---- Logitech Inc
C:\Program Files\Windows Live\Messenger\msnmsgr.exe ---- 16696 Ko ---- Normal ---- C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background ---- Microsoft Corporation
C:\windows\system32\spoolsv.exe ---- 5952 Ko ---- Normal ---- C:\windows\system32\spoolsv.exe ----
C:\Program Files\Skype\Plugin Manager\skypePM.exe ---- 16940 Ko ---- Normal ---- C:\Program Files\Skype\Plugin Manager\skypePM.exe /SILENT ---- EasyBits Software AS
C:\windows\system32\svchost.exe ---- 4240 Ko ---- Normal ---- C:\windows\system32\svchost.exe -k LocalService ----
C:\WINDOWS\system32\dlcccoms.exe ---- 3120 Ko ---- High ---- C:\WINDOWS\system32\dlcccoms.exe -service ---- Dell Inc.
C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcSrv.exe ---- 2772 Ko ---- Normal ---- C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcSrv.exe ---- Logitech Inc
C:\Program Files\CyberLink\Shared files\RichVideo.exe ---- 2944 Ko ---- Normal ---- C:\Program Files\CyberLink\Shared files\RichVideo.exe ---- CyberLink
C:\windows\system32\svchost.exe ---- 5344 Ko ---- Normal ---- C:\windows\system32\svchost.exe -k imgsvc ----
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe ---- 1740 Ko ---- Normal ---- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe ---- TomTom International BV
C:\windows\System32\alg.exe ---- 3956 Ko ---- Normal ---- C:\windows\System32\alg.exe ----
C:\windows\System32\svchost.exe ---- 3868 Ko ---- Normal ---- C:\windows\System32\svchost.exe -k HTTPFilter ----
C:\Program Files\Windows Live\Contacts\wlcomm.exe ---- 26240 Ko ---- Normal ---- C:\Program Files\Windows Live\Contacts\wlcomm.exe -Embedding ---- Microsoft Corporation
C:\windows\system32\wuauclt.exe ---- 4624 Ko ---- Normal ---- C:\windows\system32\wuauclt.exe ---- Microsoft Windows Component Publisher
C:\Program Files\Outlook Express\msimn.exe ---- 21032 Ko ---- Normal ---- C:\Program Files\Outlook Express\msimn.exe ----
C:\windows\system32\wscntfy.exe ---- 2728 Ko ---- Normal ---- C:\windows\system32\wscntfy.exe ----
C:\windows\system32\cmd.exe ---- 2084 Ko ---- Normal ---- cmd /c C:\PROGRA~1\List_Kill'em\List'em.bat ----
C:\WINDOWS\system32\wbem\wmiprvse.exe ---- 7288 Ko ---- Normal ---- C:\WINDOWS\system32\wbem\wmiprvse.exe ----
C:\PROGRA~1\List_Kill'em\pv.exe ---- 3064 Ko ---- Normal ---- pv.exe -o%f ---- %m Ko ---- %p ---- %l ---- %s ----


¤¤¤¤¤¤¤¤¤¤ Keys Run ¤¤¤¤¤¤¤¤¤¤

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE = C:\windows\system32\ctfmon.exe
TomTomHOME.exe = C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
swg = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Skype = C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized
Logitech Vid = C:\Program Files\Logitech\Vid HD\Vid.exe -bootmode
msnmsgr = C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SSBkgdUpdate = C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
PaperPort PTD = C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
IndexSearch = C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
BrMfcWnd = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
SetDefPrt = C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
ControlCenter3 = C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
DLADiag = C:\windows\DLADiag.EXE
IDTSysTrayApp = sttray.exe
ISUSPM Startup = C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
ISUSScheduler = C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe -start
SigmatelSysTrayApp = stsystra.exe
dlccmon.exe = C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
avast5 = C:\Program Files\Alwil Software\Avast5\avastUI.exe /nogui
UpdatePDRShortCut = C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe C:\Program Files\CyberLink\PowerDirector UpdateWithCreateOnce Software\CyberLink\PowerDirector\7.0
Adobe Reader Speed Launcher = C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
Adobe ARM = C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
emMON = emMON.exe
LWS = C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
KernelFaultCheck = %systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Policies\explorer

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun = 145 (0x91)

¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting = 1 (0x1)
NoCDBurning = 0 (0x0)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ AppInit_DLLS

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS =

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Winlogon

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell = 0 (0x0)
Shell = Explorer.exe
Userinit = C:\WINDOWS\system32\userinit.exe,
System =

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Winlogon\Notify

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Explorer\ShellExecuteHooks

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} =

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ firewallpolicy

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\eChanblard\emule.exe = C:\Program Files\eChanblard\emule.exe:*:Enabled:eMule
C:\Program Files\ma-config.com\maconfservice.exe = C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice
%windir%\Network Diagnostic\xpnetdiag.exe = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\VideoLAN\VLC\vlc.exe = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player
C:\WINDOWS\system32\dlcccoms.exe = C:\WINDOWS\system32\dlcccoms.exe:*:Enabled:Dell 924 Server
C:\Program Files\IncrediMail\Bin\IncMail.exe = C:\Program Files\IncrediMail\Bin\IncMail.exe:*:Enabled:IncrediMail
C:\Program Files\IncrediMail\Bin\ImApp.exe = C:\Program Files\IncrediMail\Bin\ImApp.exe:*:Enabled:IncrediMail
C:\Program Files\IncrediMail\Bin\ImpCnt.exe = C:\Program Files\IncrediMail\Bin\ImpCnt.exe:*:Enabled:IncrediMail
C:\Program Files\Roxio\Creator Classic 9\Creator9.exe = C:\Program Files\Roxio\Creator Classic 9\Creator9.exe:*:Enabled:Creator9
C:\Program Files\Google\Google Earth\client\googleearth.exe = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Disabled:Google Earth
C:\Program Files\Skype\Plugin Manager\skypePM.exe = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
C:\Program Files\Messenger\msmsgs.exe = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\Program Files\Logitech\Vid HD\Vid.exe = C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD
C:\Program Files\Skype\Phone\Skype.exe = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
C:\Program Files\Windows Live\Messenger\wlcsdk.exe = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

¤¤¤¤¤

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Windows Live\Messenger\wlcsdk.exe = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

¤¤¤¤¤¤¤¤¤¤ ActivX

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{72AD53CC-CCC0-3757-8480-9EE176866A7C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]

¤¤¤¤¤¤¤¤¤¤ BHO

[@ = ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

¤¤¤¤¤¤¤¤¤¤ DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{64573EBD-BF50-43DB-8B6F-29DB8A22C98F}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{64573EBD-BF50-43DB-8B6F-29DB8A22C98F}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{64573EBD-BF50-43DB-8B6F-29DB8A22C98F}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{64573EBD-BF50-43DB-8B6F-29DB8A22C98F}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1


¤¤¤¤¤¤¤¤¤¤ Internet Explorer

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr
Local Page = C:\windows\system32\blank.htm
Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_Page_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.google.fr/?gws_rd=ssl
Local Page = C:\windows\system32\blank.htm

¤¤¤¤¤ Proxy

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
ProxyEnable = 0 (0x0)

¤¤¤¤¤¤¤¤¤¤ Safemode

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!

¤¤¤¤¤¤¤¤¤¤ SVC | svchost


¤¤¤¤¤¤¤¤¤¤ IFEO | debugger


¤¤¤¤¤¤¤¤¤¤ Mountpoints2

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{051e2319-c2fc-11df-a739-00123fc210b8}\shell
@ = None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{051e2319-c2fc-11df-a739-00123fc210b8}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b98af54-9707-11de-a55f-91763918f128}\shell
@ = None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b98af54-9707-11de-a55f-91763918f128}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f286474-6d95-11df-a6ac-00123fc210b8}\shell
@ = Open
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f286474-6d95-11df-a6ac-00123fc210b8}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f286474-6d95-11df-a6ac-00123fc210b8}\shell\AutoRun
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9bbb8758-cc78-11de-a5b7-00123fc210b8}\shell
@ = None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9bbb8758-cc78-11de-a5b7-00123fc210b8}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce9ee3ba-c7dc-11df-a73f-00123fc210b8}\shell
@ = Shell00
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce9ee3ba-c7dc-11df-a73f-00123fc210b8}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce9ee3ba-c7dc-11df-a73f-00123fc210b8}\shell\Shell00
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce9ee3bb-c7dc-11df-a73f-00123fc210b8}\shell
@ = None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce9ee3bb-c7dc-11df-a73f-00123fc210b8}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8618670-9799-11de-a564-00123fc210b8}\shell
@ = None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8618670-9799-11de-a564-00123fc210b8}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8618671-9799-11de-a564-00123fc210b8}\shell
@ = None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8618671-9799-11de-a564-00123fc210b8}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8618672-9799-11de-a564-00123fc210b8}\shell
@ = None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8618672-9799-11de-a564-00123fc210b8}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8618673-9799-11de-a564-00123fc210b8}\shell
@ = None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8618673-9799-11de-a564-00123fc210b8}\shell\Autoplay


¤¤¤¤¤¤¤¤¤¤ Services

¤ Ndisuio => Start : 3 ( OK = 3 )
¤ EapHost => Start : 3 ( OK = 2 )
¤ Ip6Fw => Start : 3 ( OK = 2 )
¤ SharedAccess => Start : 2 ( OK = 2 )
¤ wuauserv => Start : 2 ( OK = 2 )
¤ wscsvc => Start : 2 ( OK = 2 )

¤¤¤¤¤¤¤¤¤¤ First Scan



¤¤¤¤¤¤¤¤¤¤ HKCU | HKLM

[HKEY_CURRENT_USER\software\AC3filter]
[HKEY_CURRENT_USER\software\addtoustart]
[HKEY_CURRENT_USER\software\Adobe]
[HKEY_CURRENT_USER\software\ALWIL Software]
[HKEY_CURRENT_USER\software\AppDataLow]
[HKEY_CURRENT_USER\software\Brother]
[HKEY_CURRENT_USER\software\Canneverbe Limited]
[HKEY_CURRENT_USER\software\Clients]
[HKEY_CURRENT_USER\software\CoreVorbis]
[HKEY_CURRENT_USER\software\CyberLink]
[HKEY_CURRENT_USER\software\DivX]
[HKEY_CURRENT_USER\software\DivXNetworks]
[HKEY_CURRENT_USER\software\eChanblard]
[HKEY_CURRENT_USER\software\ej-technologies]
[HKEY_CURRENT_USER\software\Gabest]
[HKEY_CURRENT_USER\software\GNU]
[HKEY_CURRENT_USER\software\Google]
[HKEY_CURRENT_USER\software\Haali]
[HKEY_CURRENT_USER\software\HookNetwork]
[HKEY_CURRENT_USER\software\IM Providers]
[HKEY_CURRENT_USER\software\IncrediMail]
[HKEY_CURRENT_USER\software\InstallShield]
[HKEY_CURRENT_USER\software\Intel]
[HKEY_CURRENT_USER\software\keyhole.com]
[HKEY_CURRENT_USER\software\Leadertech]
[HKEY_CURRENT_USER\software\LogiShrd]
[HKEY_CURRENT_USER\software\Logitech]
[HKEY_CURRENT_USER\software\Macromedia]
[HKEY_CURRENT_USER\software\madFlac]
[HKEY_CURRENT_USER\software\Malwarebytes' Anti-Malware]
[HKEY_CURRENT_USER\software\Microsoft]
[HKEY_CURRENT_USER\software\MozillaPlugins]
[HKEY_CURRENT_USER\software\Netscape]
[HKEY_CURRENT_USER\software\Piriform]
[HKEY_CURRENT_USER\software\Policies]
[HKEY_CURRENT_USER\software\RealNetworks]
[HKEY_CURRENT_USER\software\RegDokFR]
[HKEY_CURRENT_USER\software\RegisteredApplications]
[HKEY_CURRENT_USER\software\Roxio]
[HKEY_CURRENT_USER\software\ScanSoft]
[HKEY_CURRENT_USER\software\Skype]
[HKEY_CURRENT_USER\software\SkypeApps]
[HKEY_CURRENT_USER\software\Softonic]
[HKEY_CURRENT_USER\software\Sonic]
[HKEY_CURRENT_USER\software\Sysinternals]
[HKEY_CURRENT_USER\software\TomTom]
[HKEY_CURRENT_USER\software\toolbar]
[HKEY_CURRENT_USER\software\Trolltech]
[HKEY_CURRENT_USER\software\Windows Live Writer]
[HKEY_CURRENT_USER\software\WinRAR SFX]
[HKEY_CURRENT_USER\software\Classes]

[@ = ]
[HKEY_LOCAL_MACHINE\software\Adobe]
[HKEY_LOCAL_MACHINE\software\ALWIL Software]
[HKEY_LOCAL_MACHINE\software\America Online]
[HKEY_LOCAL_MACHINE\software\Brother]
[HKEY_LOCAL_MACHINE\software\Brother Industries, Ltd.]
[HKEY_LOCAL_MACHINE\software\C07ft5Y]
[HKEY_LOCAL_MACHINE\software\CCleaner]
[HKEY_LOCAL_MACHINE\software\Classes]
[HKEY_LOCAL_MACHINE\software\Clients]
[HKEY_LOCAL_MACHINE\software\Conexant]
[HKEY_LOCAL_MACHINE\software\CyberLink]
[HKEY_LOCAL_MACHINE\software\Data Fellows]
[HKEY_LOCAL_MACHINE\software\Debug]
[HKEY_LOCAL_MACHINE\software\Dell]
[HKEY_LOCAL_MACHINE\software\DellInkJet]
[HKEY_LOCAL_MACHINE\software\DivX]
[HKEY_LOCAL_MACHINE\software\DivXNetworks]
[HKEY_LOCAL_MACHINE\software\FRANCE TELECOM]
[HKEY_LOCAL_MACHINE\software\Gemplus]
[HKEY_LOCAL_MACHINE\software\GNU]
[HKEY_LOCAL_MACHINE\software\Google]
[HKEY_LOCAL_MACHINE\software\HaaliMkx]
[HKEY_LOCAL_MACHINE\software\IDT]
[HKEY_LOCAL_MACHINE\software\InstalledOptions]
[HKEY_LOCAL_MACHINE\software\InstallShield]
[HKEY_LOCAL_MACHINE\software\Intel]
[HKEY_LOCAL_MACHINE\software\logishrd]
[HKEY_LOCAL_MACHINE\software\Logitech]
[HKEY_LOCAL_MACHINE\software\Macromedia]
[HKEY_LOCAL_MACHINE\software\MAGIX]
[HKEY_LOCAL_MACHINE\software\Malwarebytes' Anti-Malware]
[HKEY_LOCAL_MACHINE\software\Microsoft]
[HKEY_LOCAL_MACHINE\software\MimarSinan]
[HKEY_LOCAL_MACHINE\software\Mozilla]
[HKEY_LOCAL_MACHINE\software\mozilla.org]
[HKEY_LOCAL_MACHINE\software\MozillaPlugins]
[HKEY_LOCAL_MACHINE\software\ODBC]
[HKEY_LOCAL_MACHINE\software\Policies]
[HKEY_LOCAL_MACHINE\software\Productivity_2.2]
[HKEY_LOCAL_MACHINE\software\Program Groups]
[HKEY_LOCAL_MACHINE\software\RealNetworks]
[HKEY_LOCAL_MACHINE\software\RegisteredApplications]
[HKEY_LOCAL_MACHINE\software\Roxio]
[HKEY_LOCAL_MACHINE\software\S3R521]
[HKEY_LOCAL_MACHINE\software\Sagem]
[HKEY_LOCAL_MACHINE\software\ScanSoft]
[HKEY_LOCAL_MACHINE\software\Schlumberger]
[HKEY_LOCAL_MACHINE\software\Secure]
[HKEY_LOCAL_MACHINE\software\SECURITOO]
[HKEY_LOCAL_MACHINE\software\Sensible Vision]
[HKEY_LOCAL_MACHINE\software\SigmaTel]
[HKEY_LOCAL_MACHINE\software\Skype]
[HKEY_LOCAL_MACHINE\software\Sonic]
[HKEY_LOCAL_MACHINE\software\Symantec]
[HKEY_LOCAL_MACHINE\software\Thomson]
[HKEY_LOCAL_MACHINE\software\TomTom]
[HKEY_LOCAL_MACHINE\software\Trolltech]
[HKEY_LOCAL_MACHINE\software\Uniblue]
[HKEY_LOCAL_MACHINE\software\USB2800]
[HKEY_LOCAL_MACHINE\software\VideoLAN]
[HKEY_LOCAL_MACHINE\software\Visioneer]
[HKEY_LOCAL_MACHINE\software\WebUpdate]
[HKEY_LOCAL_MACHINE\software\Windows 3.1 Migration Status]
[HKEY_LOCAL_MACHINE\software\Zeon]
[HKEY_LOCAL_MACHINE\software\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}]

¤¤¤¤¤¤¤¤¤¤ Files/folders ¤¤¤¤¤¤¤¤¤¤

Present !! : \R90698.EXE
Present !! : \uTorrent.exe
Present !! : C:\windows\002897_.tmp
Present !! : C:\windows\SET25.tmp
Present !! : C:\windows\SET26.tmp
Present !! : C:\windows\SET3.tmp
Present !! : C:\windows\SET4.tmp
Present !! : C:\windows\SET8.tmp

¤¤¤¤¤¤¤¤¤¤ Keys :

Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System : DisableRegistryTools

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-27 19:15:18
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Maxtor_7V250F0 rev.VA131610 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8676EAB8]
3 CLASSPNP[0xF7665FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Ide\IdeDeviceP2T0L0-e[0x867C8B00]
kernel: MBR read successfully
user & kernel MBR OK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled = 1 (0x1)
AntiVirusDisableNotify = 0 (0x0)
FirewallDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
AntiVirusOverride = 0 (0x0)
FirewallOverride = 0 (0x0)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

End of scan : 19:16:20


Je pense que c'est ce que tu voulais .Je remets en route
Pare feu et Anti Virus
@ +
0
Réponse 43 / 64
Utilisateur anonyme
27 janv. 2011 à 20:33
Re

Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :

Choisis l' Option Clean
-ton PC va redemarrer,

laisse travailler l'outil.

En fin de scan la fenêtre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,

colle le contenu dans ta réponse
En fin de scan la fenêtre se ferme, et tu as un rapport du nom de Kill'em.txt sur ton bureau,

Colle le contenu dans ta réponse


@+
0
Réponse 44 / 64
jumbo
27 janv. 2011 à 20:53
bonsoir

¤¤¤¤¤¤¤¤¤¤ List'em by g3n-h@ckm@n 2.1.3.2 ¤¤¤¤¤¤¤¤¤¤

User : michel (Administrateurs)
Update on 22/01/2011 by g3n-h@ckm@n ::::: 09.30
Start at: 19:09:31 | 27/01/2011

Intel(R) Pentium(R) 4 CPU 3.20GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : avast! Antivirus 5.0.83952505 [ (!) Disabled | Updated ]

C:\ -> Disque fixe local | 228,18 Go (197,67 Go free) | NTFS
D:\ -> Disque amovible
E:\ -> Disque amovible
F:\ -> Disque amovible
G:\ -> Disque amovible
I:\ -> Disque CD-ROM
J:\ -> Disque amovible

¤¤¤¤¤ Sessions ¤¤¤¤¤

C:\Documents and settings\michel

Boot: Normal

¤¤¤¤¤¤ Processes ------- Memory(Ko) ------- Priority ------ Command ------- Signer

C:\windows\System32\smss.exe ---- 416 Ko ---- Normal ---- \SystemRoot\System32\smss.exe ----
C:\windows\system32\csrss.exe ---- 4776 Ko ---- Normal ---- C:\windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ----
C:\windows\system32\winlogon.exe ---- 4736 Ko ---- High ---- winlogon.exe ----
C:\windows\system32\services.exe ---- 3956 Ko ---- Normal ---- C:\windows\system32\services.exe ----
C:\windows\system32\lsass.exe ---- 1916 Ko ---- Normal ---- C:\windows\system32\lsass.exe ----
C:\windows\system32\svchost.exe ---- 5784 Ko ---- Normal ---- C:\windows\system32\svchost -k DcomLaunch ----
C:\windows\system32\svchost.exe ---- 5048 Ko ---- Normal ---- C:\windows\system32\svchost -k rpcss ----
C:\windows\System32\svchost.exe ---- 33428 Ko ---- Normal ---- C:\windows\System32\svchost.exe -k netsvcs ----
C:\windows\system32\svchost.exe ---- 4056 Ko ---- Normal ---- C:\windows\system32\svchost.exe -k NetworkService ----
C:\windows\system32\svchost.exe ---- 9752 Ko ---- Normal ---- C:\windows\system32\svchost.exe -k LocalService ----
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe ---- 5232 Ko ---- Normal ---- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe ---- ALWIL Software
C:\windows\Explorer.EXE ---- 17076 Ko ---- Normal ---- C:\windows\Explorer.EXE ----
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe ---- 3064 Ko ---- Normal ---- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe ----
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe ---- 18260 Ko ---- Normal ---- C:\Program Files\Brother\ControlCenter3\brccMCtl.exe /autorun ----
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe ---- 1620 Ko ---- Normal ---- C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe -start ----
C:\windows\stsystra.exe ---- 4384 Ko ---- Normal ---- C:\windows\stsystra.exe ----
C:\Program Files\Alwil Software\Avast5\avastUI.exe ---- 7812 Ko ---- Normal ---- C:\Program Files\Alwil Software\Avast5\avastUI.exe /nogui ---- ALWIL Software
C:\windows\emMON.exe ---- 4076 Ko ---- Normal ---- C:\windows\emMON.exe ----
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe ---- 10608 Ko ---- Normal ---- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide ---- Logitech Inc
C:\windows\system32\ctfmon.exe ---- 3676 Ko ---- Normal ---- C:\windows\system32\ctfmon.exe ----
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe ---- 4896 Ko ---- Normal ---- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe ---- TomTom International BV
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe ---- 20348 Ko ---- Normal ---- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe /hide ---- Logitech Inc
C:\Program Files\Skype\Phone\Skype.exe ---- 36308 Ko ---- Normal ---- C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized ---- Skype Technologies SA
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe ---- 5276 Ko ---- Normal ---- C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe -Embedding ---- Logitech Inc
C:\Program Files\Logitech\Vid HD\Vid.exe ---- 58000 Ko ---- Normal ---- C:\Program Files\Logitech\Vid HD\Vid.exe -bootmode ---- Logitech Inc
C:\Program Files\Windows Live\Messenger\msnmsgr.exe ---- 16696 Ko ---- Normal ---- C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background ---- Microsoft Corporation
C:\windows\system32\spoolsv.exe ---- 5952 Ko ---- Normal ---- C:\windows\system32\spoolsv.exe ----
C:\Program Files\Skype\Plugin Manager\skypePM.exe ---- 16940 Ko ---- Normal ---- C:\Program Files\Skype\Plugin Manager\skypePM.exe /SILENT ---- EasyBits Software AS
C:\windows\system32\svchost.exe ---- 4240 Ko ---- Normal ---- C:\windows\system32\svchost.exe -k LocalService ----
C:\WINDOWS\system32\dlcccoms.exe ---- 3120 Ko ---- High ---- C:\WINDOWS\system32\dlcccoms.exe -service ---- Dell Inc.
C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcSrv.exe ---- 2772 Ko ---- Normal ---- C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcSrv.exe ---- Logitech Inc
C:\Program Files\CyberLink\Shared files\RichVideo.exe ---- 2944 Ko ---- Normal ---- C:\Program Files\CyberLink\Shared files\RichVideo.exe ---- CyberLink
C:\windows\system32\svchost.exe ---- 5344 Ko ---- Normal ---- C:\windows\system32\svchost.exe -k imgsvc ----
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe ---- 1740 Ko ---- Normal ---- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe ---- TomTom International BV
C:\windows\System32\alg.exe ---- 3956 Ko ---- Normal ---- C:\windows\System32\alg.exe ----
C:\windows\System32\svchost.exe ---- 3868 Ko ---- Normal ---- C:\windows\System32\svchost.exe -k HTTPFilter ----
C:\Program Files\Windows Live\Contacts\wlcomm.exe ---- 26240 Ko ---- Normal ---- C:\Program Files\Windows Live\Contacts\wlcomm.exe -Embedding ---- Microsoft Corporation
C:\windows\system32\wuauclt.exe ---- 4624 Ko ---- Normal ---- C:\windows\system32\wuauclt.exe ---- Microsoft Windows Component Publisher
C:\Program Files\Outlook Express\msimn.exe ---- 21032 Ko ---- Normal ---- C:\Program Files\Outlook Express\msimn.exe ----
C:\windows\system32\wscntfy.exe ---- 2728 Ko ---- Normal ---- C:\windows\system32\wscntfy.exe ----
C:\windows\system32\cmd.exe ---- 2084 Ko ---- Normal ---- cmd /c C:\PROGRA~1\List_Kill'em\List'em.bat ----
C:\WINDOWS\system32\wbem\wmiprvse.exe ---- 7288 Ko ---- Normal ---- C:\WINDOWS\system32\wbem\wmiprvse.exe ----
C:\PROGRA~1\List_Kill'em\pv.exe ---- 3064 Ko ---- Normal ---- pv.exe -o%f ---- %m Ko ---- %p ---- %l ---- %s ----


¤¤¤¤¤¤¤¤¤¤ Keys Run ¤¤¤¤¤¤¤¤¤¤

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE = C:\windows\system32\ctfmon.exe
TomTomHOME.exe = C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
swg = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Skype = C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized
Logitech Vid = C:\Program Files\Logitech\Vid HD\Vid.exe -bootmode
msnmsgr = C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SSBkgdUpdate = C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
PaperPort PTD = C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
IndexSearch = C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
BrMfcWnd = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
SetDefPrt = C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
ControlCenter3 = C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
DLADiag = C:\windows\DLADiag.EXE
IDTSysTrayApp = sttray.exe
ISUSPM Startup = C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
ISUSScheduler = C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe -start
SigmatelSysTrayApp = stsystra.exe
dlccmon.exe = C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
avast5 = C:\Program Files\Alwil Software\Avast5\avastUI.exe /nogui
UpdatePDRShortCut = C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe C:\Program Files\CyberLink\PowerDirector UpdateWithCreateOnce Software\CyberLink\PowerDirector\7.0
Adobe Reader Speed Launcher = C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
Adobe ARM = C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
emMON = emMON.exe
LWS = C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
KernelFaultCheck = %systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Policies\explorer

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun = 145 (0x91)

¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting = 1 (0x1)
NoCDBurning = 0 (0x0)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ AppInit_DLLS

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS =

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Winlogon

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell = 0 (0x0)
Shell = Explorer.exe
Userinit = C:\WINDOWS\system32\userinit.exe,
System =

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Winlogon\Notify

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Explorer\ShellExecuteHooks

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} =

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ firewallpolicy

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\eChanblard\emule.exe = C:\Program Files\eChanblard\emule.exe:*:Enabled:eMule
C:\Program Files\ma-config.com\maconfservice.exe = C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice
%windir%\Network Diagnostic\xpnetdiag.exe = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\VideoLAN\VLC\vlc.exe = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player
C:\WINDOWS\system32\dlcccoms.exe = C:\WINDOWS\system32\dlcccoms.exe:*:Enabled:Dell 924 Server
C:\Program Files\IncrediMail\Bin\IncMail.exe = C:\Program Files\IncrediMail\Bin\IncMail.exe:*:Enabled:IncrediMail
C:\Program Files\IncrediMail\Bin\ImApp.exe = C:\Program Files\IncrediMail\Bin\ImApp.exe:*:Enabled:IncrediMail
C:\Program Files\IncrediMail\Bin\ImpCnt.exe = C:\Program Files\IncrediMail\Bin\ImpCnt.exe:*:Enabled:IncrediMail
C:\Program Files\Roxio\Creator Classic 9\Creator9.exe = C:\Program Files\Roxio\Creator Classic 9\Creator9.exe:*:Enabled:Creator9
C:\Program Files\Google\Google Earth\client\googleearth.exe = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Disabled:Google Earth
C:\Program Files\Skype\Plugin Manager\skypePM.exe = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
C:\Program Files\Messenger\msmsgs.exe = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\Program Files\Logitech\Vid HD\Vid.exe = C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD
C:\Program Files\Skype\Phone\Skype.exe = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
C:\Program Files\Windows Live\Messenger\wlcsdk.exe = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

¤¤¤¤¤

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Windows Live\Messenger\wlcsdk.exe = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

¤¤¤¤¤¤¤¤¤¤ ActivX

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{72AD53CC-CCC0-3757-8480-9EE176866A7C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]

¤¤¤¤¤¤¤¤¤¤ BHO

[@ = ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

¤¤¤¤¤¤¤¤¤¤ DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{64573EBD-BF50-43DB-8B6F-29DB8A22C98F}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{64573EBD-BF50-43DB-8B6F-29DB8A22C98F}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{64573EBD-BF50-43DB-8B6F-29DB8A22C98F}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{64573EBD-BF50-43DB-8B6F-29DB8A22C98F}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1


¤¤¤¤¤¤¤¤¤¤ Internet Explorer

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr
Local Page = C:\windows\system32\blank.htm
Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_Page_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.google.fr/?gws_rd=ssl
Local Page = C:\windows\system32\blank.htm

¤¤¤¤¤ Proxy

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
ProxyEnable = 0 (0x0)

¤¤¤¤¤¤¤¤¤¤ Safemode

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!

¤¤¤¤¤¤¤¤¤¤ SVC | svchost


¤¤¤¤¤¤¤¤¤¤ IFEO | debugger


¤¤¤¤¤¤¤¤¤¤ Mountpoints2

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{051e2319-c2fc-11df-a739-00123fc210b8}\shell
@ = None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{051e2319-c2fc-11df-a739-00123fc210b8}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b98af54-9707-11de-a55f-91763918f128}\shell
@ = None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b98af54-9707-11de-a55f-91763918f128}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f286474-6d95-11df-a6ac-00123fc210b8}\shell
@ = Open
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f286474-6d95-11df-a6ac-00123fc210b8}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f286474-6d95-11df-a6ac-00123fc210b8}\shell\AutoRun
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9bbb8758-cc78-11de-a5b7-00123fc210b8}\shell
@ = None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9bbb8758-cc78-11de-a5b7-00123fc210b8}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce9ee3ba-c7dc-11df-a73f-00123fc210b8}\shell
@ = Shell00
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce9ee3ba-c7dc-11df-a73f-00123fc210b8}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce9ee3ba-c7dc-11df-a73f-00123fc210b8}\shell\Shell00
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce9ee3bb-c7dc-11df-a73f-00123fc210b8}\shell
@ = None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce9ee3bb-c7dc-11df-a73f-00123fc210b8}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8618670-9799-11de-a564-00123fc210b8}\shell
@ = None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8618670-9799-11de-a564-00123fc210b8}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8618671-9799-11de-a564-00123fc210b8}\shell
@ = None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8618671-9799-11de-a564-00123fc210b8}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8618672-9799-11de-a564-00123fc210b8}\shell
@ = None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8618672-9799-11de-a564-00123fc210b8}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8618673-9799-11de-a564-00123fc210b8}\shell
@ = None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8618673-9799-11de-a564-00123fc210b8}\shell\Autoplay


¤¤¤¤¤¤¤¤¤¤ Services

¤ Ndisuio => Start : 3 ( OK = 3 )
¤ EapHost => Start : 3 ( OK = 2 )
¤ Ip6Fw => Start : 3 ( OK = 2 )
¤ SharedAccess => Start : 2 ( OK = 2 )
¤ wuauserv => Start : 2 ( OK = 2 )
¤ wscsvc => Start : 2 ( OK = 2 )

¤¤¤¤¤¤¤¤¤¤ First Scan



¤¤¤¤¤¤¤¤¤¤ HKCU | HKLM

[HKEY_CURRENT_USER\software\AC3filter]
[HKEY_CURRENT_USER\software\addtoustart]
[HKEY_CURRENT_USER\software\Adobe]
[HKEY_CURRENT_USER\software\ALWIL Software]
[HKEY_CURRENT_USER\software\AppDataLow]
[HKEY_CURRENT_USER\software\Brother]
[HKEY_CURRENT_USER\software\Canneverbe Limited]
[HKEY_CURRENT_USER\software\Clients]
[HKEY_CURRENT_USER\software\CoreVorbis]
[HKEY_CURRENT_USER\software\CyberLink]
[HKEY_CURRENT_USER\software\DivX]
[HKEY_CURRENT_USER\software\DivXNetworks]
[HKEY_CURRENT_USER\software\eChanblard]
[HKEY_CURRENT_USER\software\ej-technologies]
[HKEY_CURRENT_USER\software\Gabest]
[HKEY_CURRENT_USER\software\GNU]
[HKEY_CURRENT_USER\software\Google]
[HKEY_CURRENT_USER\software\Haali]
[HKEY_CURRENT_USER\software\HookNetwork]
[HKEY_CURRENT_USER\software\IM Providers]
[HKEY_CURRENT_USER\software\IncrediMail]
[HKEY_CURRENT_USER\software\InstallShield]
[HKEY_CURRENT_USER\software\Intel]
[HKEY_CURRENT_USER\software\keyhole.com]
[HKEY_CURRENT_USER\software\Leadertech]
[HKEY_CURRENT_USER\software\LogiShrd]
[HKEY_CURRENT_USER\software\Logitech]
[HKEY_CURRENT_USER\software\Macromedia]
[HKEY_CURRENT_USER\software\madFlac]
[HKEY_CURRENT_USER\software\Malwarebytes' Anti-Malware]
[HKEY_CURRENT_USER\software\Microsoft]
[HKEY_CURRENT_USER\software\MozillaPlugins]
[HKEY_CURRENT_USER\software\Netscape]
[HKEY_CURRENT_USER\software\Piriform]
[HKEY_CURRENT_USER\software\Policies]
[HKEY_CURRENT_USER\software\RealNetworks]
[HKEY_CURRENT_USER\software\RegDokFR]
[HKEY_CURRENT_USER\software\RegisteredApplications]
[HKEY_CURRENT_USER\software\Roxio]
[HKEY_CURRENT_USER\software\ScanSoft]
[HKEY_CURRENT_USER\software\Skype]
[HKEY_CURRENT_USER\software\SkypeApps]
[HKEY_CURRENT_USER\software\Softonic]
[HKEY_CURRENT_USER\software\Sonic]
[HKEY_CURRENT_USER\software\Sysinternals]
[HKEY_CURRENT_USER\software\TomTom]
[HKEY_CURRENT_USER\software\toolbar]
[HKEY_CURRENT_USER\software\Trolltech]
[HKEY_CURRENT_USER\software\Windows Live Writer]
[HKEY_CURRENT_USER\software\WinRAR SFX]
[HKEY_CURRENT_USER\software\Classes]

[@ = ]
[HKEY_LOCAL_MACHINE\software\Adobe]
[HKEY_LOCAL_MACHINE\software\ALWIL Software]
[HKEY_LOCAL_MACHINE\software\America Online]
[HKEY_LOCAL_MACHINE\software\Brother]
[HKEY_LOCAL_MACHINE\software\Brother Industries, Ltd.]
[HKEY_LOCAL_MACHINE\software\C07ft5Y]
[HKEY_LOCAL_MACHINE\software\CCleaner]
[HKEY_LOCAL_MACHINE\software\Classes]
[HKEY_LOCAL_MACHINE\software\Clients]
[HKEY_LOCAL_MACHINE\software\Conexant]
[HKEY_LOCAL_MACHINE\software\CyberLink]
[HKEY_LOCAL_MACHINE\software\Data Fellows]
[HKEY_LOCAL_MACHINE\software\Debug]
[HKEY_LOCAL_MACHINE\software\Dell]
[HKEY_LOCAL_MACHINE\software\DellInkJet]
[HKEY_LOCAL_MACHINE\software\DivX]
[HKEY_LOCAL_MACHINE\software\DivXNetworks]
[HKEY_LOCAL_MACHINE\software\FRANCE TELECOM]
[HKEY_LOCAL_MACHINE\software\Gemplus]
[HKEY_LOCAL_MACHINE\software\GNU]
[HKEY_LOCAL_MACHINE\software\Google]
[HKEY_LOCAL_MACHINE\software\HaaliMkx]
[HKEY_LOCAL_MACHINE\software\IDT]
[HKEY_LOCAL_MACHINE\software\InstalledOptions]
[HKEY_LOCAL_MACHINE\software\InstallShield]
[HKEY_LOCAL_MACHINE\software\Intel]
[HKEY_LOCAL_MACHINE\software\logishrd]
[HKEY_LOCAL_MACHINE\software\Logitech]
[HKEY_LOCAL_MACHINE\software\Macromedia]
[HKEY_LOCAL_MACHINE\software\MAGIX]
[HKEY_LOCAL_MACHINE\software\Malwarebytes' Anti-Malware]
[HKEY_LOCAL_MACHINE\software\Microsoft]
[HKEY_LOCAL_MACHINE\software\MimarSinan]
[HKEY_LOCAL_MACHINE\software\Mozilla]
[HKEY_LOCAL_MACHINE\software\mozilla.org]
[HKEY_LOCAL_MACHINE\software\MozillaPlugins]
[HKEY_LOCAL_MACHINE\software\ODBC]
[HKEY_LOCAL_MACHINE\software\Policies]
[HKEY_LOCAL_MACHINE\software\Productivity_2.2]
[HKEY_LOCAL_MACHINE\software\Program Groups]
[HKEY_LOCAL_MACHINE\software\RealNetworks]
[HKEY_LOCAL_MACHINE\software\RegisteredApplications]
[HKEY_LOCAL_MACHINE\software\Roxio]
[HKEY_LOCAL_MACHINE\software\S3R521]
[HKEY_LOCAL_MACHINE\software\Sagem]
[HKEY_LOCAL_MACHINE\software\ScanSoft]
[HKEY_LOCAL_MACHINE\software\Schlumberger]
[HKEY_LOCAL_MACHINE\software\Secure]
[HKEY_LOCAL_MACHINE\software\SECURITOO]
[HKEY_LOCAL_MACHINE\software\Sensible Vision]
[HKEY_LOCAL_MACHINE\software\SigmaTel]
[HKEY_LOCAL_MACHINE\software\Skype]
[HKEY_LOCAL_MACHINE\software\Sonic]
[HKEY_LOCAL_MACHINE\software\Symantec]
[HKEY_LOCAL_MACHINE\software\Thomson]
[HKEY_LOCAL_MACHINE\software\TomTom]
[HKEY_LOCAL_MACHINE\software\Trolltech]
[HKEY_LOCAL_MACHINE\software\Uniblue]
[HKEY_LOCAL_MACHINE\software\USB2800]
[HKEY_LOCAL_MACHINE\software\VideoLAN]
[HKEY_LOCAL_MACHINE\software\Visioneer]
[HKEY_LOCAL_MACHINE\software\WebUpdate]
[HKEY_LOCAL_MACHINE\software\Windows 3.1 Migration Status]
[HKEY_LOCAL_MACHINE\software\Zeon]
[HKEY_LOCAL_MACHINE\software\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}]

¤¤¤¤¤¤¤¤¤¤ Files/folders ¤¤¤¤¤¤¤¤¤¤

Present !! : \R90698.EXE
Present !! : \uTorrent.exe
Present !! : C:\windows\002897_.tmp
Present !! : C:\windows\SET25.tmp
Present !! : C:\windows\SET26.tmp
Present !! : C:\windows\SET3.tmp
Present !! : C:\windows\SET4.tmp
Present !! : C:\windows\SET8.tmp

¤¤¤¤¤¤¤¤¤¤ Keys :

Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System : DisableRegistryTools

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-27 19:15:18
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Maxtor_7V250F0 rev.VA131610 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8676EAB8]
3 CLASSPNP[0xF7665FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Ide\IdeDeviceP2T0L0-e[0x867C8B00]
kernel: MBR read successfully
user & kernel MBR OK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled = 1 (0x1)
AntiVirusDisableNotify = 0 (0x0)
FirewallDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
AntiVirusOverride = 0 (0x0)
FirewallOverride = 0 (0x0)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

End of scan : 19:16:20
¤¤¤¤¤¤¤¤¤¤ List'em by g3n-h@ckm@n 2.1.3.2 ¤¤¤¤¤¤¤¤¤¤

User : michel (Administrateurs)
Update on 22/01/2011 by g3n-h@ckm@n ::::: 09.30
Start at: 19:09:31 | 27/01/2011

Intel(R) Pentium(R) 4 CPU 3.20GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : avast! Antivirus 5.0.83952505 [ (!) Disabled | Updated ]

C:\ -> Disque fixe local | 228,18 Go (197,67 Go free) | NTFS
D:\ -> Disque amovible
E:\ -> Disque amovible
F:\ -> Disque amovible
G:\ -> Disque amovible
I:\ -> Disque CD-ROM
J:\ -> Disque amovible

¤¤¤¤¤ Sessions ¤¤¤¤¤

C:\Documents and settings\michel

Boot: Normal

¤¤¤¤¤¤ Processes ------- Memory(Ko) ------- Priority ------ Command ------- Signer

C:\windows\System32\smss.exe ---- 416 Ko ---- Normal ---- \SystemRoot\System32\smss.exe ----
C:\windows\system32\csrss.exe ---- 4776 Ko ---- Normal ---- C:\windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ----
C:\windows\system32\winlogon.exe ---- 4736 Ko ---- High ---- winlogon.exe ----
C:\windows\system32\services.exe ---- 3956 Ko ---- Normal ---- C:\windows\system32\services.exe ----
C:\windows\system32\lsass.exe ---- 1916 Ko ---- Normal ---- C:\windows\system32\lsass.exe ----
C:\windows\system32\svchost.exe ---- 5784 Ko ---- Normal ---- C:\windows\system32\svchost -k DcomLaunch ----
C:\windows\system32\svchost.exe ---- 5048 Ko ---- Normal ---- C:\windows\system32\svchost -k rpcss ----
C:\windows\System32\svchost.exe ---- 33428 Ko ---- Normal ---- C:\windows\System32\svchost.exe -k netsvcs ----
C:\windows\system32\svchost.exe ---- 4056 Ko ---- Normal ---- C:\windows\system32\svchost.exe -k NetworkService ----
C:\windows\system32\svchost.exe ---- 9752 Ko ---- Normal ---- C:\windows\system32\svchost.exe -k LocalService ----
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe ---- 5232 Ko ---- Normal ---- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe ---- ALWIL Software
C:\windows\Explorer.EXE ---- 17076 Ko ---- Normal ---- C:\windows\Explorer.EXE ----
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe ---- 3064 Ko ---- Normal ---- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe ----
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe ---- 18260 Ko ---- Normal ---- C:\Program Files\Brother\ControlCenter3\brccMCtl.exe /autorun ----
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe ---- 1620 Ko ---- Normal ---- C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe -start ----
C:\windows\stsystra.exe ---- 4384 Ko ---- Normal ---- C:\windows\stsystra.exe ----
C:\Program Files\Alwil Software\Avast5\avastUI.exe ---- 7812 Ko ---- Normal ---- C:\Program Files\Alwil Software\Avast5\avastUI.exe /nogui ---- ALWIL Software
C:\windows\emMON.exe ---- 4076 Ko ---- Normal ---- C:\windows\emMON.exe ----
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe ---- 10608 Ko ---- Normal ---- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide ---- Logitech Inc
C:\windows\system32\ctfmon.exe ---- 3676 Ko ---- Normal ---- C:\windows\system32\ctfmon.exe ----
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe ---- 4896 Ko ---- Normal ---- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe ---- TomTom International BV
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe ---- 20348 Ko ---- Normal ---- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe /hide ---- Logitech Inc
C:\Program Files\Skype\Phone\Skype.exe ---- 36308 Ko ---- Normal ---- C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized ---- Skype Technologies SA
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe ---- 5276 Ko ---- Normal ---- C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe -Embedding ---- Logitech Inc
C:\Program Files\Logitech\Vid HD\Vid.exe ---- 58000 Ko ---- Normal ---- C:\Program Files\Logitech\Vid HD\Vid.exe -bootmode ---- Logitech Inc
C:\Program Files\Windows Live\Messenger\msnmsgr.exe ---- 16696 Ko ---- Normal ---- C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background ---- Microsoft Corporation
C:\windows\system32\spoolsv.exe ---- 5952 Ko ---- Normal ---- C:\windows\system32\spoolsv.exe ----
C:\Program Files\Skype\Plugin Manager\skypePM.exe ---- 16940 Ko ---- Normal ---- C:\Program Files\Skype\Plugin Manager\skypePM.exe /SILENT ---- EasyBits Software AS
C:\windows\system32\svchost.exe ---- 4240 Ko ---- Normal ---- C:\windows\system32\svchost.exe -k LocalService ----
C:\WINDOWS\system32\dlcccoms.exe ---- 3120 Ko ---- High ---- C:\WINDOWS\system32\dlcccoms.exe -service ---- Dell Inc.
C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcSrv.exe ---- 2772 Ko ---- Normal ---- C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcSrv.exe ---- Logitech Inc
C:\Program Files\CyberLink\Shared files\RichVideo.exe ---- 2944 Ko ---- Normal ---- C:\Program Files\CyberLink\Shared files\RichVideo.exe ---- CyberLink
C:\windows\system32\svchost.exe ---- 5344 Ko ---- Normal ---- C:\windows\system32\svchost.exe -k imgsvc ----
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe ---- 1740 Ko ---- Normal ---- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe ---- TomTom International BV
C:\windows\System32\alg.exe ---- 3956 Ko ---- Normal ---- C:\windows\System32\alg.exe ----
C:\windows\System32\svchost.exe ---- 3868 Ko ---- Normal ---- C:\windows\System32\svchost.exe -k HTTPFilter ----
C:\Program Files\Windows Live\Contacts\wlcomm.exe ---- 26240 Ko ---- Normal ---- C:\Program Files\Windows Live\Contacts\wlcomm.exe -Embedding ---- Microsoft Corporation
C:\windows\system32\wuauclt.exe ---- 4624 Ko ---- Normal ---- C:\windows\system32\wuauclt.exe ---- Microsoft Windows Component Publisher
C:\Program Files\Outlook Express\msimn.exe ---- 21032 Ko ---- Normal ---- C:\Program Files\Outlook Express\msimn.exe ----
C:\windows\system32\wscntfy.exe ---- 2728 Ko ---- Normal ---- C:\windows\system32\wscntfy.exe ----
C:\windows\system32\cmd.exe ---- 2084 Ko ---- Normal ---- cmd /c C:\PROGRA~1\List_Kill'em\List'em.bat ----
C:\WINDOWS\system32\wbem\wmiprvse.exe ---- 7288 Ko ---- Normal ---- C:\WINDOWS\system32\wbem\wmiprvse.exe ----
C:\PROGRA~1\List_Kill'em\pv.exe ---- 3064 Ko ---- Normal ---- pv.exe -o%f ---- %m Ko ---- %p ---- %l ---- %s ----


¤¤¤¤¤¤¤¤¤¤ Keys Run ¤¤¤¤¤¤¤¤¤¤

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE = C:\windows\system32\ctfmon.exe
TomTomHOME.exe = C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
swg = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Skype = C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized
Logitech Vid = C:\Program Files\Logitech\Vid HD\Vid.exe -bootmode
msnmsgr = C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SSBkgdUpdate = C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
PaperPort PTD = C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
IndexSearch = C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
BrMfcWnd = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
SetDefPrt = C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
ControlCenter3 = C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
DLADiag = C:\windows\DLADiag.EXE
IDTSysTrayApp = sttray.exe
ISUSPM Startup = C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
ISUSScheduler = C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe -start
SigmatelSysTrayApp = stsystra.exe
dlccmon.exe = C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
avast5 = C:\Program Files\Alwil Software\Avast5\avastUI.exe /nogui
UpdatePDRShortCut = C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe C:\Program Files\CyberLink\PowerDirector UpdateWithCreateOnce Software\CyberLink\PowerDirector\7.0
Adobe Reader Speed Launcher = C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
Adobe ARM = C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
emMON = emMON.exe
LWS = C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
KernelFaultCheck = %systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Policies\explorer

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun = 145 (0x91)

¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting = 1 (0x1)
NoCDBurning = 0 (0x0)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ AppInit_DLLS

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS =

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Winlogon

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell = 0 (0x0)
Shell = Explorer.exe
Userinit = C:\WINDOWS\system32\userinit.exe,
System =

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Winlogon\Notify

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Explorer\ShellExecuteHooks

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} =

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ firewallpolicy

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\eChanblard\emule.exe = C:\Program Files\eChanblard\emule.exe:*:Enabled:eMule
C:\Program Files\ma-config.com\maconfservice.exe = C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice
%windir%\Network Diagnostic\xpnetdiag.exe = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\VideoLAN\VLC\vlc.exe = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player
C:\WINDOWS\system32\dlcccoms.exe = C:\WINDOWS\system32\dlcccoms.exe:*:Enabled:Dell 924 Server
C:\Program Files\IncrediMail\Bin\IncMail.exe = C:\Program Files\IncrediMail\Bin\IncMail.exe:*:Enabled:IncrediMail
C:\Program Files\IncrediMail\Bin\ImApp.exe = C:\Program Files\IncrediMail\Bin\ImApp.exe:*:Enabled:IncrediMail
C:\Program Files\IncrediMail\Bin\ImpCnt.exe = C:\Program Files\IncrediMail\Bin\ImpCnt.exe:*:Enabled:IncrediMail
C:\Program Files\Roxio\Creator Classic 9\Creator9.exe = C:\Program Files\Roxio\Creator Classic 9\Creator9.exe:*:Enabled:Creator9
C:\Program Files\Google\Google Earth\client\googleearth.exe = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Disabled:Google Earth
C:\Program Files\Skype\Plugin Manager\skypePM.exe = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
C:\Program Files\Messenger\msmsgs.exe = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\Program Files\Logitech\Vid HD\Vid.exe = C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD
C:\Program Files\Skype\Phone\Skype.exe = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
C:\Program Files\Windows Live\Messenger\wlcsdk.exe = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

¤¤¤¤¤

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Windows Live\Messenger\wlcsdk.exe = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

¤¤¤¤¤¤¤¤¤¤ ActivX

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{72AD53CC-CCC0-3757-8480-9EE176866A7C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]

¤¤¤¤¤¤¤¤¤¤ BHO

[@ = ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

¤¤¤¤¤¤¤¤¤¤ DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{64573EBD-BF50-43DB-8B6F-29DB8A22C98F}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{64573EBD-BF50-43DB-8B6F-29DB8A22C98F}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{64573EBD-BF50-43DB-8B6F-29DB8A22C98F}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{64573EBD-BF50-43DB-8B6F-29DB8A22C98F}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1


¤¤¤¤¤¤¤¤¤¤ Internet Explorer

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr
Local Page = C:\windows\system32\blank.htm
Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_Page_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.google.fr/?gws_rd=ssl
Local Page = C:\windows\system32\blank.htm

¤¤¤¤¤ Proxy

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
ProxyEnable = 0 (0x0)

¤¤¤¤¤¤¤¤¤¤ Safemode

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!

¤¤¤¤¤¤¤¤¤¤ SVC | svchost


¤¤¤¤¤¤¤¤¤¤ IFEO | debugger


¤¤¤¤¤¤¤¤¤¤ Mountpoints2

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{051e2319-c2fc-11df-a739-00123fc210b8}\shell
@ = None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{051e2319-c2fc-11df-a739-00123fc210b8}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b98af54-9707-11de-a55f-91763918f128}\shell
@ = None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b98af54-9707-11de-a55f-91763918f128}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f286474-6d95-11df-a6ac-00123fc210b8}\shell
@ = Open
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f286474-6d95-11df-a6ac-00123fc210b8}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f286474-6d95-11df-a6ac-00123fc210b8}\shell\AutoRun
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9bbb8758-cc78-11de-a5b7-00123fc210b8}\shell
@ = None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9bbb8758-cc78-11de-a5b7-00123fc210b8}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce9ee3ba-c7dc-11df-a73f-00123fc210b8}\shell
@ = Shell00
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce9ee3ba-c7dc-11df-a73f-00123fc210b8}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce9ee3ba-c7dc-11df-a73f-00123fc210b8}\shell\Shell00
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce9ee3bb-c7dc-11df-a73f-00123fc210b8}\shell
@ = None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce9ee3bb-c7dc-11df-a73f-00123fc210b8}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8618670-9799-11de-a564-00123fc210b8}\shell
@ = None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8618670-9799-11de-a564-00123fc210b8}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8618671-9799-11de-a564-00123fc210b8}\shell
@ = None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8618671-9799-11de-a564-00123fc210b8}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8618672-9799-11de-a564-00123fc210b8}\shell
@ = None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8618672-9799-11de-a564-00123fc210b8}\shell\Autoplay
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8618673-9799-11de-a564-00123fc210b8}\shell
@ = None
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8618673-9799-11de-a564-00123fc210b8}\shell\Autoplay


¤¤¤¤¤¤¤¤¤¤ Services

¤ Ndisuio => Start : 3 ( OK = 3 )
¤ EapHost => Start : 3 ( OK = 2 )
¤ Ip6Fw => Start : 3 ( OK = 2 )
¤ SharedAccess => Start : 2 ( OK = 2 )
¤ wuauserv => Start : 2 ( OK = 2 )
¤ wscsvc => Start : 2 ( OK = 2 )

¤¤¤¤¤¤¤¤¤¤ First Scan



¤¤¤¤¤¤¤¤¤¤ HKCU | HKLM

[HKEY_CURRENT_USER\software\AC3filter]
[HKEY_CURRENT_USER\software\addtoustart]
[HKEY_CURRENT_USER\software\Adobe]
[HKEY_CURRENT_USER\software\ALWIL Software]
[HKEY_CURRENT_USER\software\AppDataLow]
[HKEY_CURRENT_USER\software\Brother]
[HKEY_CURRENT_USER\software\Canneverbe Limited]
[HKEY_CURRENT_USER\software\Clients]
[HKEY_CURRENT_USER\software\CoreVorbis]
[HKEY_CURRENT_USER\software\CyberLink]
[HKEY_CURRENT_USER\software\DivX]
[HKEY_CURRENT_USER\software\DivXNetworks]
[HKEY_CURRENT_USER\software\eChanblard]
[HKEY_CURRENT_USER\software\ej-technologies]
[HKEY_CURRENT_USER\software\Gabest]
[HKEY_CURRENT_USER\software\GNU]
[HKEY_CURRENT_USER\software\Google]
[HKEY_CURRENT_USER\software\Haali]
[HKEY_CURRENT_USER\software\HookNetwork]
[HKEY_CURRENT_USER\software\IM Providers]
[HKEY_CURRENT_USER\software\IncrediMail]
[HKEY_CURRENT_USER\software\InstallShield]
[HKEY_CURRENT_USER\software\Intel]
[HKEY_CURRENT_USER\software\keyhole.com]
[HKEY_CURRENT_USER\software\Leadertech]
[HKEY_CURRENT_USER\software\LogiShrd]
[HKEY_CURRENT_USER\software\Logitech]
[HKEY_CURRENT_USER\software\Macromedia]
[HKEY_CURRENT_USER\software\madFlac]
[HKEY_CURRENT_USER\software\Malwarebytes' Anti-Malware]
[HKEY_CURRENT_USER\software\Microsoft]
[HKEY_CURRENT_USER\software\MozillaPlugins]
[HKEY_CURRENT_USER\software\Netscape]
[HKEY_CURRENT_USER\software\Piriform]
[HKEY_CURRENT_USER\software\Policies]
[HKEY_CURRENT_USER\software\RealNetworks]
[HKEY_CURRENT_USER\software\RegDokFR]
[HKEY_CURRENT_USER\software\RegisteredApplications]
[HKEY_CURRENT_USER\software\Roxio]
[HKEY_CURRENT_USER\software\ScanSoft]
[HKEY_CURRENT_USER\software\Skype]
[HKEY_CURRENT_USER\software\SkypeApps]
[HKEY_CURRENT_USER\software\Softonic]
[HKEY_CURRENT_USER\software\Sonic]
[HKEY_CURRENT_USER\software\Sysinternals]
[HKEY_CURRENT_USER\software\TomTom]
[HKEY_CURRENT_USER\software\toolbar]
[HKEY_CURRENT_USER\software\Trolltech]
[HKEY_CURRENT_USER\software\Windows Live Writer]
[HKEY_CURRENT_USER\software\WinRAR SFX]
[HKEY_CURRENT_USER\software\Classes]

[@ = ]
[HKEY_LOCAL_MACHINE\software\Adobe]
[HKEY_LOCAL_MACHINE\software\ALWIL Software]
[HKEY_LOCAL_MACHINE\software\America Online]
[HKEY_LOCAL_MACHINE\software\Brother]
[HKEY_LOCAL_MACHINE\software\Brother Industries, Ltd.]
[HKEY_LOCAL_MACHINE\software\C07ft5Y]
[HKEY_LOCAL_MACHINE\software\CCleaner]
[HKEY_LOCAL_MACHINE\software\Classes]
[HKEY_LOCAL_MACHINE\software\Clients]
[HKEY_LOCAL_MACHINE\software\Conexant]
[HKEY_LOCAL_MACHINE\software\CyberLink]
[HKEY_LOCAL_MACHINE\software\Data Fellows]
[HKEY_LOCAL_MACHINE\software\Debug]
[HKEY_LOCAL_MACHINE\software\Dell]
[HKEY_LOCAL_MACHINE\software\DellInkJet]
[HKEY_LOCAL_MACHINE\soft
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 45 / 64
Utilisateur anonyme
27 janv. 2011 à 21:15
Re

Ce n'est pas le bon rapport.
0
Réponse 46 / 64
jumbo
27 janv. 2011 à 21:20
Bonsoir,


¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.1.3.2 ¤¤¤¤¤¤¤¤¤¤

User : michel (Administrateurs)
Update on 22/01/2011 by g3n-h@ckm@n ::::: 09.30
Start at: 20:43:40 | 27/01/2011

Intel(R) Pentium(R) 4 CPU 3.20GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : avast! Antivirus 5.0.83952505 [ (!) Disabled | Updated ]

C:\ -> Disque fixe local | 228,18 Go (197,67 Go free) | NTFS
D:\ -> Disque amovible
E:\ -> Disque amovible
F:\ -> Disque amovible
G:\ -> Disque amovible
I:\ -> Disque CD-ROM
J:\ -> Disque amovibleEAA

Killed : PID 232 'Msnmsgr.exe'
Killed : PID 232 'Msnmsgr.exe'
Killed : PID 1548 'explorer.exe'
Killed : PID 1548 'explorer.exe'
Killed : PID 1548 'explorer.exe'


¤¤¤¤¤¤¤¤¤¤ Files/folders :

Quarantined & Deleted !! : \R90698.EXE
Quarantined & Deleted !! : \uTorrent.exe
Quarantined & Deleted !! : C:\windows\002897_.tmp
Quarantined & Deleted !! : C:\windows\SET25.tmp
Quarantined & Deleted !! : C:\windows\SET26.tmp
Quarantined & Deleted !! : C:\windows\SET3.tmp
Quarantined & Deleted !! : C:\windows\SET4.tmp
Quarantined & Deleted !! : C:\windows\SET8.tmp

¤¤¤¤¤¤¤¤¤¤ Hosts ¤¤¤¤¤¤¤¤¤¤

127.0.0.1 localhost

¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤

Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System : DisableRegistryTools

¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
Local Page = C:\WINDOWS\system32\blank.htm
Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.google.com/?gws_rd=ssl
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

¤¤¤¤¤¤¤¤¤¤ Security Center ¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled = 1 (0x1)
AntiVirusDisableNotify = 0 (0x0)
FirewallDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
AntiVirusOverride = 0 (0x0)
FirewallOverride = 0 (0x0)

¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤

Ndisuio : Start = 3
EapHost : Start = 2
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2

¤¤¤¤¤¤¤¤¤¤ Winlogon

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell = 1 (0x1)
Shell = explorer.exe
Userinit = C:\windows\System32\userinit.exe,
System =

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Disk Cleaned
Prefetch cleaned
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

FEATURE_BROWSER_EMULATION | svchost :
====================================


Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Maxtor_7V250F0 rev.VA131610 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8676EAB8]
3 CLASSPNP[0xF7665FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Ide\IdeDeviceP2T0L0-e[0x867C8B00]
kernel: MBR read successfully
user & kernel MBR OK


End of Scan : 20:46:47




¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Réponse 47 / 64
Utilisateur anonyme
27 janv. 2011 à 21:26
Re

Procède à un essai d'installation.

@+
0
Réponse 48 / 64
jumbo
27 janv. 2011 à 22:12
Rebonsoir,
J'ai reessayé, hélas rebelotte WIN 32

@ +
0
Réponse 49 / 64
Utilisateur anonyme
28 janv. 2011 à 13:06
Bonjour

Regarde cette astuce ;hormis la rubrique virus (Bagle)

https://www.commentcamarche.net/faq/6845-exe-n-est-pas-une-application-win32-valide

@+
0
Réponse 50 / 64
jumbo
28 janv. 2011 à 15:19
Bonjour,
Bien reçu, j'ai immédiatement essayé d'y remédier à notre foutu virus...!
J'ai fait
1 / Contrôleur IDE mal paramétré Sans Résultat
2 / Fichier système corrompu Sans Résultat
3 / Problème de Configuration ..... Sans Résultat
4 / Dossier non enregistré Réponse donnée :
DIIRegister Server and DII Install
dans SHELL32.DLL réussi

Virus/Spyware, comme demandé je n'y suis pas allé.

J'ai à la suite de tout cea réessayé le Téléchargement 01 net WLM, est j'ai
.............wlsetup web [1 ).exe n'est pas une application win 32 valide

Voila je laisse à ton verdict toutes ces données

@ +
0
Réponse 51 / 64
Utilisateur anonyme
28 janv. 2011 à 15:32
Re

Viens tu de télécharger cette version?

0
Réponse 52 / 64
jumbo
28 janv. 2011 à 18:12
RE
Je n'ai rien téléchargé, j'ai essayé d'y accéder, mais j'ai eu
la même réponse en cours d'exécution
C:\Documents and Settings\michel\local settings\temporary Internet Files\Content.IES\FLMPI77C\wlsetup web [1 ].exe......
0
Réponse 53 / 64
Utilisateur anonyme
28 janv. 2011 à 20:10
Re

Essaie avec un autre navigateur:Chrome par exemple

@+
0
Réponse 54 / 64
jumbo
28 janv. 2011 à 21:04
J'ai essayé avec Google Chrome, je n'ai eu aucun problème
Est ce bon ?
@+
0
Réponse 55 / 64
Utilisateur anonyme
28 janv. 2011 à 21:11
Re


Oui installe WLM;le problème vient du navigateur.

Essayons de régler ce problème si tu veux bien.
Désinstalle IE 8 et télécharge le à nouveau .

https://www.commentcamarche.net/telecharger/web-internet/12481-internet-explorer-9/

Tiens moi au courant

0
Réponse 56 / 64
jumbo
28 janv. 2011 à 21:38
Re
J'ai désinstallé Windows Internet Explorer OK
Je suis allé sur le lien, j'ai téléchargé Vista,
il m'annonce téléchargement terminé, mais il
n'apparaît nulle part ?
Je suis allé sur le panneau de config Ajouter Supprimer =
Pas de trace de Vista ?
Que se passe t-il ?

@ +
0
Utilisateur anonyme
28 janv. 2011 à 21:47
Tu l'as téléchargé et non installé...

Tes téléchargements s'enregistrent ou?

@+
0
Réponse 57 / 64
jumbo
28 janv. 2011 à 21:54
Re

Bonne pioche, j'ai cherché ou il pouvait être, j'avoue
que je ne sais pas. D'habitude quand je télécharge, il s'installe seul
Que faire ?
0
Utilisateur anonyme
Modifié par Guillaume5188 le 28/01/2011 à 22:02
Une fenêtre s'est ouverte pour te demander ou l'enregistrer?

Ou alors dans le options de Chrome si tu as proceder avec...

Essaye de télécharger ceci:https://www.java.com/fr/
et regarde ou il s'enregistre
0
Hip
Modifié par Hip le 28/01/2011 à 22:29
ici = dans :

"C:\Users\michel\Downloads"
=
"C:\Users\\michel\Téléchargements"

salut à+ ;-)
0
Réponse 58 / 64
jumbo
28 janv. 2011 à 22:23
Re Guillaume,

j'ai téléchargé Java, apparement il s'enregistre sur " Dowloads "
mais je n'ai toujours pas trouvé Vista ?

@ +
0
Utilisateur anonyme
28 janv. 2011 à 22:25
Dans ce dossier Dowloads;IE8 n'y est pas?

Procède alors via Windows update

@+
0
Réponse 59 / 64
jumbo
29 janv. 2011 à 10:18
Bonjour,
J'ai essayé et j'ai fait chou blanc, impossible
de retrouver IE8.
Pour d'autres raisons, je suis allé sur Facebook,
il me signale que ma version Internet Explorer est
trop ancienne, et me propose de cliquer sur IE8 pour l'installer ?

Que faire ?

@ +
0
Utilisateur anonyme
29 janv. 2011 à 10:19
Bonjour

Et bien installe là.
0
Réponse 60 / 64
jumbo
29 janv. 2011 à 12:01
Re
WIE8 est installé, il m'a simplement signalé :
n'a pas pu installer la mise à jour pour :

sécurité pour Microsoft Office System 2007 ( KB 972581 )
( KB 981715 )
( KB 982312 )

Qu'en penses tu ?

Autrement tout marche, j'ai réussi à mettre WLM avec un lien
qu'un ami m'a envoyé

@ +
0

Discussions similaires

svp 32Gb est il egal a 32Go??
William Fernand -
nemrod18 -

3 réponses
Problème de décodeur TV Bouygues Telecom
Massi119 -
Turone37 -

188 réponses