Virus aidez moi svp
Fermé
eizo
-
2 oct. 2009 à 12:21
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 2 oct. 2009 à 14:34
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 2 oct. 2009 à 14:34
A voir également:
- Virus aidez moi svp
- Svchost.exe virus - Guide
- Lien virus à envoyer - Forum Virus
- Faux message virus iphone - Forum iPhone
- Vérificateur de lien virus - Guide
- Operagxsetup virus ✓ - Forum Virus
17 réponses
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
2 oct. 2009 à 12:23
2 oct. 2009 à 12:23
Salut,
Reglooks de Marcvn va me permettre d´établir un diagnostique de la machine en vu de la désinfecter.
Téléchargement : http://sd-1.archive-host.com/membres/up/1366464061/reglooks.exe
Une fois enregistré sur le bureau; double click sur la loupe pour lancer l´analyse.
Dés l´analyse terminé, un rapport va apparaitre; copie et colle son contenu sur le forum merci`
@+
Reglooks de Marcvn va me permettre d´établir un diagnostique de la machine en vu de la désinfecter.
Téléchargement : http://sd-1.archive-host.com/membres/up/1366464061/reglooks.exe
Une fois enregistré sur le bureau; double click sur la loupe pour lancer l´analyse.
Dés l´analyse terminé, un rapport va apparaitre; copie et colle son contenu sur le forum merci`
@+
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
2 oct. 2009 à 12:29
2 oct. 2009 à 12:29
c´est stipulé au dessus...
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
REGLOOKS logfile - version 0.982
Scan started: 02/10/2009 12:30:33,43
--- INFORMATION ---
Operating System: Microsoft Windows XP Édition familiale - version 5.1.2600 - Service Pack 3
Bootmode: Normal boot
User: HP_Administrator (Administrator account)
Total RAM: 1015 MB (free 619 MB - 60%)
Internet Explorer Version: 8.0.6001.18702
Antivirus Program: avast! antivirus 4.8.1356 [VPS 091001-0] 4.8.1356 [Enabled - Updated]
--- SIGCHECK ---
C:\WINDOWS\explorer.exe -- sigcheck OK
C:\WINDOWS\system32\ctfmon.exe -- sigcheck OK
C:\WINDOWS\system32\lsass.exe -- sigcheck OK
C:\WINDOWS\system32\ntkrnlpa.exe -- sigcheck OK
C:\WINDOWS\system32\ntoskrnl.exe -- sigcheck OK
C:\WINDOWS\system32\services.exe -- sigcheck OK
C:\WINDOWS\system32\sfcfiles.dll -- sigcheck OK
C:\WINDOWS\system32\spoolsv.exe -- sigcheck OK
C:\WINDOWS\system32\svchost.exe -- sigcheck OK
C:\WINDOWS\system32\termsrv.dll -- sigcheck OK
C:\WINDOWS\system32\user32.dll -- sigcheck OK
C:\WINDOWS\system32\userinit.exe -- sigcheck OK
C:\WINDOWS\system32\wininet.dll -- sigcheck OK
C:\WINDOWS\system32\winlogon.exe -- sigcheck OK
C:\WINDOWS\system32\ws2_32.dll -- sigcheck OK
C:\WINDOWS\system32\wuauclt.exe -- sigcheck OK
C:\WINDOWS\system32\drivers\ip6fw.sys -- sigcheck OK
C:\WINDOWS\system32\drivers\ndis.sys -- sigcheck OK
C:\WINDOWS\system32\drivers\tcpip.sys -- sigcheck OK
--- SSODL regkeys ---
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" -- File: %SystemRoot%\system32\SHELL32.dll -- [?]
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" -- File: %SystemRoot%\system32\SHELL32.dll -- [?]
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" -- File: C:\WINDOWS\system32\webcheck.dll -- [281600] -- [14/04/2008 14:00]
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" -- File: C:\WINDOWS\system32\stobject.dll -- [122368] -- [14/04/2008 14:00]
--- STS regkeys ---
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" -- File: %SystemRoot%\system32\browseui.dll -- [?]
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" -- File: %SystemRoot%\system32\browseui.dll -- [?]
--- USERINIT regkey ---
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
File: C:\WINDOWS\system32\userinit.exe -- [26624] -- [14/04/2008 14:00]
--- SHELL regkey ---
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe"
File: C:\WINDOWS\Explorer.exe -- [1037824] -- [14/04/2008 14:00]
--- SYSTEM regkey ---
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
--- APPINIT_DLLS regkey ---
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
--- NOTIFY regkey ---
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
-- File: C:\WINDOWS\system32\crypt32.dll -- [606208] -- [14/04/2008 14:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
-- File: C:\WINDOWS\system32\cryptnet.dll -- [64512] -- [14/04/2008 14:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
-- File: C:\WINDOWS\system32\cscdll.dll -- [102912] -- [14/04/2008 14:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
-- File: %SystemRoot%\System32\dimsntfy.dll -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
-- File: C:\WINDOWS\system32\igfxdev.dll -- [208896] -- [26/10/2008 23:48]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
-- File: C:\WINDOWS\system32\wlnotify.dll -- [94208] -- [14/04/2008 14:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
-- File: C:\WINDOWS\system32\wlnotify.dll -- [94208] -- [14/04/2008 14:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
-- File: C:\WINDOWS\system32\sclgntfy.dll -- [22016] -- [14/04/2008 14:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
-- File: C:\WINDOWS\system32\WlNotify.dll -- [94208] -- [14/04/2008 14:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
-- File: C:\WINDOWS\system32\wlnotify.dll -- [94208] -- [14/04/2008 14:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
-- File: C:\WINDOWS\system32\wlnotify.dll -- [94208] -- [14/04/2008 14:00]
--- RUN / LOAD regkeys ---
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"load"=""
--- SHELLEXECUTEHOOKS regkey ---
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" -- File: shell32.dll -- [?]
--- HKLM AUTORUN regkeys ---
[HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor]
"AutoRun"=""
--- HKCU AUTORUN regkeys ---
[HKEY_CURRENT_USER\Software\Microsoft\Command Processor]
no AutoRun regkey found
--- HKLM\RUN regkey ---
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL" -- File: RTHDCPL.EXE -- [?]
"IgfxTray" -- File C:\WINDOWS\system32\igfxtray.exe -- [141848] -- [26/10/2008 23:48]
"HotKeysCmds" -- File C:\WINDOWS\system32\hkcmd.exe -- [166424] -- [26/10/2008 23:48]
"Persistence" -- File C:\WINDOWS\system32\igfxpers.exe -- [137752] -- [26/10/2008 23:48]
"UpdateP2GoShortCut" -- File -- "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" -- [X]
"Adobe Reader Speed Launcher" -- File "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" -- [39792] -- [11/01/2008 22:16]
"hpsysdrv" -- File c:\windows\system\hpsysdrv.exe -- [52736] -- [07/05/1998 09:04]
"MDS_Menu" -- File -- "C:\Program Files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1" -- [X]
"Reminder" -- File C:\WINDOWS\SMINST\Reminder.exe -- [1963304] -- [18/03/2009 21:18]
"HP Software Update" -- File C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe -- [54576] -- [08/12/2008 15:50]
"<NO NAME>" -- no file defined
"avast!" -- File C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe -- [81000] -- [15/09/2009 12:56]
--- HKLM\RUNONCE regkey ---
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"BrandClearStubs" -- File: RUNDLL32 IEDKCS32.DLL,BrandCleanInstallStubs >{DFB17AA8-042A-429D-987C-26CE244A4189} -- [?]
"NoIE4StubProcessing" -- File: C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f -- [?]
--- HKLM\RUNONCEEX regkey ---
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
no runonceex values found
--- HKLM\RUNSERVICES regkey ---
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
key not found
--- HKLM\RUNSERVICESONCE regkey ---
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
key not found
--- HKCU\RUN regkey ---
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe" -- File C:\WINDOWS\system32\ctfmon.exe -- [15360] -- [14/04/2008 14:00]
--- HKCU\RUNONCE regkey ---
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
no runonce values found
--- HKCU\RUNONCEEX regkey ---
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
key not found
--- HKCU\RUNSERVICES regkey ---
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
key not found
--- HKCU\RUNSERVICESONCE regkey ---
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
key not found
--- HKU\.DEFAULT\Run regkeys - Default user ---
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
no run values found
--- HKU\S-1-5-18\Run regkeys - user SYSTEM ---
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
no run values found
--- HKU\S-1-5-19\Run regkeys - User Lokale service ---
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
no run values found
--- HKU\S-1-5-20\Run regkeys - User Lokale service ---
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
no run values found
--- HKLM\Explorer\Run regkeys ---
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
key not found
--- HKCU\Explorer\Run regkeys ---
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
key not found
--- Image File Execution regkeys ---
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
no debuggers found
--- BROWSER HELPER OBJECTS regkeys ---
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
-- File: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll -- [62080] -- [22/10/2006 23:08]
--- TOOLBAR regkeys ---
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
key not found
--- HKLM\URLSEARCHHOOKS regkeys ---
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]
key not found
--- HKCU\URLSEARCHHOOKS regkeys ---
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} -- File: C:\WINDOWS\system32\ieframe.dll -- [11063808] -- [08/03/2009 04:39]
--- SRCEENSAVER regkey ---
[HKEY_CURRENT_USER\Control Panel\Desktop]
"SCRNSAVE.EXE" -- File C:\WINDOWS\System32\logon.scr -- [221696] -- [14/04/2008 14:00]
--- ALTERNATESHELL regkey ---
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
File: C:\WINDOWS\system32\cmd.exe -- [401408] -- [14/04/2008 14:00]
--- SECURITYPROVIDERS regkey ---
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
File: C:\WINDOWS\system32\msapsspc.dll -- [86016] -- [14/04/2008 14:00]
File: C:\WINDOWS\system32\schannel.dll -- [144384] -- [14/04/2008 14:00]
File: C:\WINDOWS\system32\digest.dll -- [68608] -- [14/04/2008 14:00]
File: C:\WINDOWS\system32\msnsspc.dll -- [290816] -- [14/04/2008 14:00]
--- Active Setup\Installed Components regkey ---
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
-- File: C:\WINDOWS\system32\ieudinit.exe -- [36864] -- [08/03/2009 04:32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
-- File: C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
-- File: "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
-- File: %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{DFB17AA8-042A-429D-987C-26CE244A4189}]
-- File: RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
-- File: %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3F7924B9-D148-3141-87B1-68F36043A940}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
-- File: "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
-- File: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
-- File: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
-- File: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
-- File: regsvr32.exe /s /n /i:U shell32.dll -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
-- File: C:\WINDOWS\system32\ie4uinit.exe -BaseSettings -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
-- File: C:\WINDOWS\system32\ie4uinit.exe -BaseSettings -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
-- File: C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -- [?]
--- Services regkey ---
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aswFsBlk]
-- File: system32\DRIVERS\aswFsBlk.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aswSP]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BHDrvx86]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IDSxpx86]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetTcpPortSharing]
-- File: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" -- [122880] -- [11/10/2007 09:55]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Norton Internet Security]
-- File: "C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RT80x86]
-- File: system32\DRIVERS\RT2860.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RTLE8023xp]
-- File: system32\DRIVERS\Rtenicxp.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spupdsvc]
-- File: C:\WINDOWS\system32\spupdsvc.exe -- [26144] -- [07/01/2009 18:21]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SymEFA]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{42414C87-367A-4C7D-A796-EFA10BFAD887}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{ABA2AD30-A67A-421A-A467-0980FF49EF94}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{D9BC9240-3564-4448-86A5-96E5DB46D038}]
-- filepath not found
--- SAFEBOOT MINIMAL SERVICES ---
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
no unknown services found
--- SAFEBOOT Network SERVICES ---
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network
DnsCache
--- BOOTEXECUTE regkey ---
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
"BootExecute"= autocheck autochk *\0\0
--- PENDINGFILERENAMEOPERATIONS regkey ---
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations"= \??\C:\WINDOWS\system32\DllCache\SET15.tmp\0!\??\C:\WINDOWS\system32\DllCache\admparse.dll\0\??\C:\WINDOWS\system32\DllCache\SET16.tmp\0!\??\C:\WINDOWS\system32\DllCache\advpack.dll\0\??\C:\WINDOWS\system32\DllCache\SET17.tmp\0!\??\C:\WINDOWS\system32\DllCache\corpol.dll\0\??\C:\WINDOWS\system32\DllCache\SET18.tmp\0!\??\C:\WINDOWS\system32\DllCache\dxtmsft.dll\0\??\C:\WINDOWS\system32\DllCache\SET19.tmp\0!\??\C:\WINDOWS\system32\DllCache\dxtrans.dll\0\??\C:\WINDOWS\system32\DllCache\SET1A.tmp\0!\??\C:\WINDOWS\system32\DllCache\hmmapi.dll\0\??\C:\WINDOWS\system32\DllCache\SET1B.tmp\0!\??\C:\WINDOWS\system32\DllCache\ie4uinit.exe\0\??\C:\WINDOWS\system32\DllCache\SET1C.tmp\0!\??\C:\WINDOWS\system32\DllCache\ieakeng.dll\0\??\C:\WINDOWS\system32\DllCache\SET1D.tmp\0!\??\C:\WINDOWS\system32\DllCache\ieaksie.dll\0\??\C:\WINDOWS\system32\DllCache\SET1E.tmp\0!\??\C:\WINDOWS\system32\DllCache\ieakui.dll\0\??\C:\WINDOWS\system32\DllCache\SET1F.tmp\0!\??\C:\WINDOWS\system32\DllCache\iedkcs32.dll\0\??\C:\WINDOWS\system32\DllCache\SET20.tmp\0!\??\C:\WINDOWS\system32\DllCache\iepeers.dll\0\??\C:\WINDOWS\system32\DllCache\SET21.tmp\0!\??\C:\WINDOWS\system32\DllCache\iernonce.dll\0\??\C:\WINDOWS\system32\DllCache\SET22.tmp\0!\??\C:\WINDOWS\system32\DllCache\iesetup.dll\0\??\C:\WINDOWS\system32\DllCache\SET23.tmp\0!\??\C:\WINDOWS\system32\DllCache\iexplore.exe\0\??\C:\WINDOWS\system32\DllCache\SET24.tmp\0!\??\C:\WINDOWS\system32\DllCache\imgutil.dll\0\??\C:\WINDOWS\system32\DllCache\SET25.tmp\0!\??\C:\WINDOWS\system32\DllCache\inetcpl.cpl\0\??\C:\WINDOWS\system32\DllCache\SET26.tmp\0!\??\C:\WINDOWS\system32\DllCache\inseng.dll\0\??\C:\WINDOWS\system32\DllCache\SET27.tmp\0!\??\C:\WINDOWS\system32\DllCache\jscript.dll\0\??\C:\WINDOWS\system32\DllCache\SET28.tmp\0!\??\C:\WINDOWS\system32\DllCache\jsproxy.dll\0\??\C:\WINDOWS\system32\DllCache\SET29.tmp\0!\??\C:\WINDOWS\system32\DllCache\licmgr10.dll\0\??\C:\WINDOWS\system32\DllCache\SET2A.tmp\0!\??\C:\WINDOWS\system32\DllCache\mshta.exe\0\??\C:\WINDOWS\system32\DllCache\SET2B.tmp\0!\??\C:\WINDOWS\system32\DllCache\mshtml.dll\0\??\C:\WINDOWS\system32\DllCache\SET2C.tmp\0!\??\C:\WINDOWS\system32\DllCache\mshtml.tlb\0\??\C:\WINDOWS\system32\DllCache\SET2D.tmp\0!\??\C:\WINDOWS\system32\DllCache\mshtmled.dll\0\??\C:\WINDOWS\system32\DllCache\SET2E.tmp\0!\??\C:\WINDOWS\system32\DllCache\mshtmler.dll\0\??\C:\WINDOWS\system32\DllCache\SET2F.tmp\0!\??\C:\WINDOWS\system32\DllCache\msls31.dll\0\??\C:\WINDOWS\system32\DllCache\SET30.tmp\0!\??\C:\WINDOWS\system32\DllCache\msrating.dll\0\??\C:\WINDOWS\system32\DllCache\SET31.tmp\0!\??\C:\WINDOWS\system32\DllCache\mstime.dll\0\??\C:\WINDOWS\system32\DllCache\SET32.tmp\0!\??\C:\WINDOWS\system32\DllCache\occache.dll\0\??\C:\WINDOWS\system32\DllCache\SET33.tmp\0!\??\C:\WINDOWS\system32\DllCache\pngfilt.dll\0\??\C:\WINDOWS\system32\DllCache\SET35.tmp\0!\??\C:\WINDOWS\system32\DllCache\tdc.ocx\0\??\C:\WINDOWS\system32\DllCache\SET36.tmp\0!\??\C:\WINDOWS\system32\DllCache\url.dll\0\??\C:\WINDOWS\system32\DllCache\SET37.tmp\0!\??\C:\WINDOWS\system32\DllCache\urlmon.dll\0\??\C:\WINDOWS\system32\DllCache\SET38.tmp\0!\??\C:\WINDOWS\system32\DllCache\vbscript.dll\0\??\C:\WINDOWS\system32\DllCache\SET39.tmp\0!\??\C:\WINDOWS\system32\DllCache\VGX.dll\0\??\C:\WINDOWS\system32\DllCache\SET3A.tmp\0!\??\C:\WINDOWS\system32\DllCache\webcheck.dll\0\??\C:\WINDOWS\system32\DllCache\SET3B.tmp\0!\??\C:\WINDOWS\system32\DllCache\wininet.dll\0\??\C:\WINDOWS\help\SET3D.tmp\0!\??\C:\WINDOWS\help\ieeula.chm\0\??\C:\WINDOWS\help\SET3E.tmp\0!\??\C:\WINDOWS\help\iesupp.chm\0\??\C:\WINDOWS\help\SET3F.tmp\0!\??\C:\WINDOWS\help\iexplore.chm\0\??\C:\Program Files\Internet Explorer\SET44.tmp\0!\??\C:\Program Files\Internet Explorer\hmmapi.dll\0\??\C:\Program Files\Internet Explorer\SET49.tmp\0!\??\C:\Program Files\Internet Explorer\iexplore.exe\0\??\C:\Program Files\Internet Explorer\SIGNUP\SET59.tmp\0!\??\C:\Program Files\Internet Explorer\SIGNUP\install.ins\0\??\C:\Program Files\Fichiers communs\Microsoft Shared\VGX\SET5E.tmp\0!\??\C:\Program Files\Fichiers communs\Microsoft Shared\VGX\VGX.dll\0\??\C:\WINDOWS\system32\SET5F.tmp\0!\??\C:\WINDOWS\system32\admparse.dll\0\??\C:\WINDOWS\system32\SET60.tmp\0!\??\C:\WINDOWS\system32\advpack.dll\0\??\C:\WINDOWS\system32\SET62.tmp\0!\??\C:\WINDOWS\system32\corpol.dll\0\??\C:\WINDOWS\system32\SET63.tmp\0!\??\C:\WINDOWS\system32\dxtmsft.dll\0\??\C:\WINDOWS\system32\SET64.tmp\0!\??\C:\WINDOWS\system32\dxtrans.dll\0\??\C:\WINDOWS\system32\SET65.tmp\0!\??\C:\WINDOWS\system32\html.iec\0\??\C:\WINDOWS\system32\SET67.tmp\0!\??\C:\WINDOWS\system32\ie4uinit.exe\0\??\C:\WINDOWS\system32\SET6A.tmp\0!\??\C:\WINDOWS\system32\ieakeng.dll\0\??\C:\WINDOWS\system32\SET6B.tmp\0!\??\C:\WINDOWS\system32\ieaksie.dll\0\??\C:\WINDOWS\system32\SET6C.tmp\0!\??\C:\WINDOWS\system32\ieakui.dll\0\??\C:\WINDOWS\system32\SET6F.tmp\0!\??\C:\WINDOWS\system32\iedkcs32.dll\0\??\C:\WINDOWS\system32\SET73.tmp\0!\??\C:\WINDOWS\system32\iepeers.dll\0\??\C:\WINDOWS\system32\SET74.tmp\0!\??\C:\WINDOWS\system32\iernonce.dll\0\??\C:\WINDOWS\system32\SET76.tmp\0!\??\C:\WINDOWS\system32\iesetup.dll\0\??\C:\WINDOWS\system32\SET78.tmp\0!\??\C:\WINDOWS\system32\ieuinit.inf\0\??\C:\WINDOWS\system32\SET79.tmp\0!\??\C:\WINDOWS\system32\imgutil.dll\0\??\C:\WINDOWS\system32\SET7A.tmp\0!\??\C:\WINDOWS\system32\inetcpl.cpl\0\??\C:\WINDOWS\system32\SET7B.tmp\0!\??\C:\WINDOWS\system32\inseng.dll\0\??\C:\WINDOWS\system32\SET7C.tmp\0!\??\C:\WINDOWS\system32\jscript.dll\0\??\C:\WINDOWS\system32\SET7D.tmp\0!\??\C:\WINDOWS\system32\jsproxy.dll\0\??\C:\WINDOWS\system32\SET7E.tmp\0!\??\C:\WINDOWS\system32\licmgr10.dll\0\??\C:\WINDOWS\system32\SET82.tmp\0!\??\C:\WINDOWS\system32\mshta.exe\0\??\C:\WINDOWS\system32\SET84.tmp\0!\??\C:\WINDOWS\system32\mshtml.dll\0\??\C:\WINDOWS\system32\SET85.tmp\0!\??\C:\WINDOWS\system32\mshtml.tlb\0\??\C:\WINDOWS\system32\SET86.tmp\0!\??\C:\WINDOWS\system32\mshtmled.dll\0\??\C:\WINDOWS\system32\SET87.tmp\0!\??\C:\WINDOWS\system32\mshtmler.dll\0\??\C:\WINDOWS\system32\SET88.tmp\0!\??\C:\WINDOWS\system32\msls31.dll\0\??\C:\WINDOWS\system32\SET89.tmp\0!\??\C:\WINDOWS\system32\msrating.dll\0\??\C:\WINDOWS\system32\SET8B.tmp\0!\??\C:\WINDOWS\system32\mstime.dll\0\??\C:\WINDOWS\system32\SET8C.tmp\0!\??\C:\WINDOWS\system32\occache.dll\0\??\C:\WINDOWS\system32\SET8D.tmp\0!\??\C:\WINDOWS\system32\pngfilt.dll\0\??\C:\WINDOWS\system32\SET8E.tmp\0!\??\C:\WINDOWS\system32\tdc.ocx\0\??\C:\WINDOWS\system32\SET90.tmp\0!\??\C:\WINDOWS\system32\url.dll\0\??\C:\WINDOWS\system32\SET91.tmp\0!\??\C:\WINDOWS\system32\urlmon.dll\0\??\C:\WINDOWS\system32\SET92.tmp\0!\??\C:\WINDOWS\system32\vbscript.dll\0\??\C:\WINDOWS\system32\SET93.tmp\0!\??\C:\WINDOWS\system32\webcheck.dll\0\??\C:\WINDOWS\system32\SET95.tmp\0!\??\C:\WINDOWS\system32\wininet.dll\0\??\C:\WINDOWS\system32\fr-FR\SETA6.tmp\0!\??\C:\WINDOWS\system32\fr-FR\jscript.dll.mui\0\??\C:\WINDOWS\system32\fr-FR\SETAF.tmp\0!\??\C:\WINDOWS\system32\fr-FR\vbscript.dll.mui\0\??\C:\Program Files\Internet Explorer\Signup\ieak.install.ins\0!\??\C:\Program Files\Internet Explorer\Signup\install.ins\0\0
--- WOW-CMDLINE regkeys ---
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW]
"cmdline" = %SystemRoot%\system32\ntvdm.exe
"cmdline" = %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386
--- NETSVCS regkey ---
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] -- NETSVCS
0WmdmPmSN
--- DNS SERVER regkeys ---
no "NameServer" values found
--- File associations ---
.BAT files: ("%1" %*)
.COM files: ("%1" %*)
.EXE files: ("%1" %*)
.HLP files: (%SystemRoot%\System32\winhlp32.exe %1)
.INF files: (%SystemRoot%\System32\NOTEPAD.EXE %1)
.INI files: (%SystemRoot%\System32\NOTEPAD.EXE %1)
.JS files: (%SystemRoot%\System32\WScript.exe "%1" %*)
.PIF files: ("%1" %*)
.REG files: (regedit.exe "%1")
.SCR files: ("%1" /S)
.TXT files: (%SystemRoot%\system32\NOTEPAD.EXE %1)
.VBS files: (%SystemRoot%\System32\WScript.exe "%1" %*)
--- STARTUP FOLDERS ---
--- TASK SCHEDULER JOBS ---
no .job files found
Scan completed: 02/10/2009 12:31:09,48
FINISHED
Scan started: 02/10/2009 12:30:33,43
--- INFORMATION ---
Operating System: Microsoft Windows XP Édition familiale - version 5.1.2600 - Service Pack 3
Bootmode: Normal boot
User: HP_Administrator (Administrator account)
Total RAM: 1015 MB (free 619 MB - 60%)
Internet Explorer Version: 8.0.6001.18702
Antivirus Program: avast! antivirus 4.8.1356 [VPS 091001-0] 4.8.1356 [Enabled - Updated]
--- SIGCHECK ---
C:\WINDOWS\explorer.exe -- sigcheck OK
C:\WINDOWS\system32\ctfmon.exe -- sigcheck OK
C:\WINDOWS\system32\lsass.exe -- sigcheck OK
C:\WINDOWS\system32\ntkrnlpa.exe -- sigcheck OK
C:\WINDOWS\system32\ntoskrnl.exe -- sigcheck OK
C:\WINDOWS\system32\services.exe -- sigcheck OK
C:\WINDOWS\system32\sfcfiles.dll -- sigcheck OK
C:\WINDOWS\system32\spoolsv.exe -- sigcheck OK
C:\WINDOWS\system32\svchost.exe -- sigcheck OK
C:\WINDOWS\system32\termsrv.dll -- sigcheck OK
C:\WINDOWS\system32\user32.dll -- sigcheck OK
C:\WINDOWS\system32\userinit.exe -- sigcheck OK
C:\WINDOWS\system32\wininet.dll -- sigcheck OK
C:\WINDOWS\system32\winlogon.exe -- sigcheck OK
C:\WINDOWS\system32\ws2_32.dll -- sigcheck OK
C:\WINDOWS\system32\wuauclt.exe -- sigcheck OK
C:\WINDOWS\system32\drivers\ip6fw.sys -- sigcheck OK
C:\WINDOWS\system32\drivers\ndis.sys -- sigcheck OK
C:\WINDOWS\system32\drivers\tcpip.sys -- sigcheck OK
--- SSODL regkeys ---
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" -- File: %SystemRoot%\system32\SHELL32.dll -- [?]
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" -- File: %SystemRoot%\system32\SHELL32.dll -- [?]
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" -- File: C:\WINDOWS\system32\webcheck.dll -- [281600] -- [14/04/2008 14:00]
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" -- File: C:\WINDOWS\system32\stobject.dll -- [122368] -- [14/04/2008 14:00]
--- STS regkeys ---
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" -- File: %SystemRoot%\system32\browseui.dll -- [?]
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" -- File: %SystemRoot%\system32\browseui.dll -- [?]
--- USERINIT regkey ---
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
File: C:\WINDOWS\system32\userinit.exe -- [26624] -- [14/04/2008 14:00]
--- SHELL regkey ---
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe"
File: C:\WINDOWS\Explorer.exe -- [1037824] -- [14/04/2008 14:00]
--- SYSTEM regkey ---
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
--- APPINIT_DLLS regkey ---
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
--- NOTIFY regkey ---
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
-- File: C:\WINDOWS\system32\crypt32.dll -- [606208] -- [14/04/2008 14:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
-- File: C:\WINDOWS\system32\cryptnet.dll -- [64512] -- [14/04/2008 14:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
-- File: C:\WINDOWS\system32\cscdll.dll -- [102912] -- [14/04/2008 14:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
-- File: %SystemRoot%\System32\dimsntfy.dll -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
-- File: C:\WINDOWS\system32\igfxdev.dll -- [208896] -- [26/10/2008 23:48]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
-- File: C:\WINDOWS\system32\wlnotify.dll -- [94208] -- [14/04/2008 14:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
-- File: C:\WINDOWS\system32\wlnotify.dll -- [94208] -- [14/04/2008 14:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
-- File: C:\WINDOWS\system32\sclgntfy.dll -- [22016] -- [14/04/2008 14:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
-- File: C:\WINDOWS\system32\WlNotify.dll -- [94208] -- [14/04/2008 14:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
-- File: C:\WINDOWS\system32\wlnotify.dll -- [94208] -- [14/04/2008 14:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
-- File: C:\WINDOWS\system32\wlnotify.dll -- [94208] -- [14/04/2008 14:00]
--- RUN / LOAD regkeys ---
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"load"=""
--- SHELLEXECUTEHOOKS regkey ---
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" -- File: shell32.dll -- [?]
--- HKLM AUTORUN regkeys ---
[HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor]
"AutoRun"=""
--- HKCU AUTORUN regkeys ---
[HKEY_CURRENT_USER\Software\Microsoft\Command Processor]
no AutoRun regkey found
--- HKLM\RUN regkey ---
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL" -- File: RTHDCPL.EXE -- [?]
"IgfxTray" -- File C:\WINDOWS\system32\igfxtray.exe -- [141848] -- [26/10/2008 23:48]
"HotKeysCmds" -- File C:\WINDOWS\system32\hkcmd.exe -- [166424] -- [26/10/2008 23:48]
"Persistence" -- File C:\WINDOWS\system32\igfxpers.exe -- [137752] -- [26/10/2008 23:48]
"UpdateP2GoShortCut" -- File -- "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" -- [X]
"Adobe Reader Speed Launcher" -- File "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" -- [39792] -- [11/01/2008 22:16]
"hpsysdrv" -- File c:\windows\system\hpsysdrv.exe -- [52736] -- [07/05/1998 09:04]
"MDS_Menu" -- File -- "C:\Program Files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1" -- [X]
"Reminder" -- File C:\WINDOWS\SMINST\Reminder.exe -- [1963304] -- [18/03/2009 21:18]
"HP Software Update" -- File C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe -- [54576] -- [08/12/2008 15:50]
"<NO NAME>" -- no file defined
"avast!" -- File C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe -- [81000] -- [15/09/2009 12:56]
--- HKLM\RUNONCE regkey ---
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"BrandClearStubs" -- File: RUNDLL32 IEDKCS32.DLL,BrandCleanInstallStubs >{DFB17AA8-042A-429D-987C-26CE244A4189} -- [?]
"NoIE4StubProcessing" -- File: C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f -- [?]
--- HKLM\RUNONCEEX regkey ---
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
no runonceex values found
--- HKLM\RUNSERVICES regkey ---
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
key not found
--- HKLM\RUNSERVICESONCE regkey ---
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
key not found
--- HKCU\RUN regkey ---
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe" -- File C:\WINDOWS\system32\ctfmon.exe -- [15360] -- [14/04/2008 14:00]
--- HKCU\RUNONCE regkey ---
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
no runonce values found
--- HKCU\RUNONCEEX regkey ---
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
key not found
--- HKCU\RUNSERVICES regkey ---
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
key not found
--- HKCU\RUNSERVICESONCE regkey ---
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
key not found
--- HKU\.DEFAULT\Run regkeys - Default user ---
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
no run values found
--- HKU\S-1-5-18\Run regkeys - user SYSTEM ---
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
no run values found
--- HKU\S-1-5-19\Run regkeys - User Lokale service ---
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
no run values found
--- HKU\S-1-5-20\Run regkeys - User Lokale service ---
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
no run values found
--- HKLM\Explorer\Run regkeys ---
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
key not found
--- HKCU\Explorer\Run regkeys ---
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
key not found
--- Image File Execution regkeys ---
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
no debuggers found
--- BROWSER HELPER OBJECTS regkeys ---
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
-- File: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll -- [62080] -- [22/10/2006 23:08]
--- TOOLBAR regkeys ---
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
key not found
--- HKLM\URLSEARCHHOOKS regkeys ---
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]
key not found
--- HKCU\URLSEARCHHOOKS regkeys ---
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} -- File: C:\WINDOWS\system32\ieframe.dll -- [11063808] -- [08/03/2009 04:39]
--- SRCEENSAVER regkey ---
[HKEY_CURRENT_USER\Control Panel\Desktop]
"SCRNSAVE.EXE" -- File C:\WINDOWS\System32\logon.scr -- [221696] -- [14/04/2008 14:00]
--- ALTERNATESHELL regkey ---
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
File: C:\WINDOWS\system32\cmd.exe -- [401408] -- [14/04/2008 14:00]
--- SECURITYPROVIDERS regkey ---
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
File: C:\WINDOWS\system32\msapsspc.dll -- [86016] -- [14/04/2008 14:00]
File: C:\WINDOWS\system32\schannel.dll -- [144384] -- [14/04/2008 14:00]
File: C:\WINDOWS\system32\digest.dll -- [68608] -- [14/04/2008 14:00]
File: C:\WINDOWS\system32\msnsspc.dll -- [290816] -- [14/04/2008 14:00]
--- Active Setup\Installed Components regkey ---
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
-- File: C:\WINDOWS\system32\ieudinit.exe -- [36864] -- [08/03/2009 04:32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
-- File: C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
-- File: "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
-- File: %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{DFB17AA8-042A-429D-987C-26CE244A4189}]
-- File: RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
-- File: %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3F7924B9-D148-3141-87B1-68F36043A940}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
-- File: "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
-- File: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
-- File: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
-- File: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
-- File: regsvr32.exe /s /n /i:U shell32.dll -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
-- File: C:\WINDOWS\system32\ie4uinit.exe -BaseSettings -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
-- File: C:\WINDOWS\system32\ie4uinit.exe -BaseSettings -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
-- File: C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -- [?]
--- Services regkey ---
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aswFsBlk]
-- File: system32\DRIVERS\aswFsBlk.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aswSP]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BHDrvx86]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IDSxpx86]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetTcpPortSharing]
-- File: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" -- [122880] -- [11/10/2007 09:55]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Norton Internet Security]
-- File: "C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RT80x86]
-- File: system32\DRIVERS\RT2860.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RTLE8023xp]
-- File: system32\DRIVERS\Rtenicxp.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spupdsvc]
-- File: C:\WINDOWS\system32\spupdsvc.exe -- [26144] -- [07/01/2009 18:21]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SymEFA]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{42414C87-367A-4C7D-A796-EFA10BFAD887}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{ABA2AD30-A67A-421A-A467-0980FF49EF94}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{D9BC9240-3564-4448-86A5-96E5DB46D038}]
-- filepath not found
--- SAFEBOOT MINIMAL SERVICES ---
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
no unknown services found
--- SAFEBOOT Network SERVICES ---
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network
DnsCache
--- BOOTEXECUTE regkey ---
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
"BootExecute"= autocheck autochk *\0\0
--- PENDINGFILERENAMEOPERATIONS regkey ---
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations"= \??\C:\WINDOWS\system32\DllCache\SET15.tmp\0!\??\C:\WINDOWS\system32\DllCache\admparse.dll\0\??\C:\WINDOWS\system32\DllCache\SET16.tmp\0!\??\C:\WINDOWS\system32\DllCache\advpack.dll\0\??\C:\WINDOWS\system32\DllCache\SET17.tmp\0!\??\C:\WINDOWS\system32\DllCache\corpol.dll\0\??\C:\WINDOWS\system32\DllCache\SET18.tmp\0!\??\C:\WINDOWS\system32\DllCache\dxtmsft.dll\0\??\C:\WINDOWS\system32\DllCache\SET19.tmp\0!\??\C:\WINDOWS\system32\DllCache\dxtrans.dll\0\??\C:\WINDOWS\system32\DllCache\SET1A.tmp\0!\??\C:\WINDOWS\system32\DllCache\hmmapi.dll\0\??\C:\WINDOWS\system32\DllCache\SET1B.tmp\0!\??\C:\WINDOWS\system32\DllCache\ie4uinit.exe\0\??\C:\WINDOWS\system32\DllCache\SET1C.tmp\0!\??\C:\WINDOWS\system32\DllCache\ieakeng.dll\0\??\C:\WINDOWS\system32\DllCache\SET1D.tmp\0!\??\C:\WINDOWS\system32\DllCache\ieaksie.dll\0\??\C:\WINDOWS\system32\DllCache\SET1E.tmp\0!\??\C:\WINDOWS\system32\DllCache\ieakui.dll\0\??\C:\WINDOWS\system32\DllCache\SET1F.tmp\0!\??\C:\WINDOWS\system32\DllCache\iedkcs32.dll\0\??\C:\WINDOWS\system32\DllCache\SET20.tmp\0!\??\C:\WINDOWS\system32\DllCache\iepeers.dll\0\??\C:\WINDOWS\system32\DllCache\SET21.tmp\0!\??\C:\WINDOWS\system32\DllCache\iernonce.dll\0\??\C:\WINDOWS\system32\DllCache\SET22.tmp\0!\??\C:\WINDOWS\system32\DllCache\iesetup.dll\0\??\C:\WINDOWS\system32\DllCache\SET23.tmp\0!\??\C:\WINDOWS\system32\DllCache\iexplore.exe\0\??\C:\WINDOWS\system32\DllCache\SET24.tmp\0!\??\C:\WINDOWS\system32\DllCache\imgutil.dll\0\??\C:\WINDOWS\system32\DllCache\SET25.tmp\0!\??\C:\WINDOWS\system32\DllCache\inetcpl.cpl\0\??\C:\WINDOWS\system32\DllCache\SET26.tmp\0!\??\C:\WINDOWS\system32\DllCache\inseng.dll\0\??\C:\WINDOWS\system32\DllCache\SET27.tmp\0!\??\C:\WINDOWS\system32\DllCache\jscript.dll\0\??\C:\WINDOWS\system32\DllCache\SET28.tmp\0!\??\C:\WINDOWS\system32\DllCache\jsproxy.dll\0\??\C:\WINDOWS\system32\DllCache\SET29.tmp\0!\??\C:\WINDOWS\system32\DllCache\licmgr10.dll\0\??\C:\WINDOWS\system32\DllCache\SET2A.tmp\0!\??\C:\WINDOWS\system32\DllCache\mshta.exe\0\??\C:\WINDOWS\system32\DllCache\SET2B.tmp\0!\??\C:\WINDOWS\system32\DllCache\mshtml.dll\0\??\C:\WINDOWS\system32\DllCache\SET2C.tmp\0!\??\C:\WINDOWS\system32\DllCache\mshtml.tlb\0\??\C:\WINDOWS\system32\DllCache\SET2D.tmp\0!\??\C:\WINDOWS\system32\DllCache\mshtmled.dll\0\??\C:\WINDOWS\system32\DllCache\SET2E.tmp\0!\??\C:\WINDOWS\system32\DllCache\mshtmler.dll\0\??\C:\WINDOWS\system32\DllCache\SET2F.tmp\0!\??\C:\WINDOWS\system32\DllCache\msls31.dll\0\??\C:\WINDOWS\system32\DllCache\SET30.tmp\0!\??\C:\WINDOWS\system32\DllCache\msrating.dll\0\??\C:\WINDOWS\system32\DllCache\SET31.tmp\0!\??\C:\WINDOWS\system32\DllCache\mstime.dll\0\??\C:\WINDOWS\system32\DllCache\SET32.tmp\0!\??\C:\WINDOWS\system32\DllCache\occache.dll\0\??\C:\WINDOWS\system32\DllCache\SET33.tmp\0!\??\C:\WINDOWS\system32\DllCache\pngfilt.dll\0\??\C:\WINDOWS\system32\DllCache\SET35.tmp\0!\??\C:\WINDOWS\system32\DllCache\tdc.ocx\0\??\C:\WINDOWS\system32\DllCache\SET36.tmp\0!\??\C:\WINDOWS\system32\DllCache\url.dll\0\??\C:\WINDOWS\system32\DllCache\SET37.tmp\0!\??\C:\WINDOWS\system32\DllCache\urlmon.dll\0\??\C:\WINDOWS\system32\DllCache\SET38.tmp\0!\??\C:\WINDOWS\system32\DllCache\vbscript.dll\0\??\C:\WINDOWS\system32\DllCache\SET39.tmp\0!\??\C:\WINDOWS\system32\DllCache\VGX.dll\0\??\C:\WINDOWS\system32\DllCache\SET3A.tmp\0!\??\C:\WINDOWS\system32\DllCache\webcheck.dll\0\??\C:\WINDOWS\system32\DllCache\SET3B.tmp\0!\??\C:\WINDOWS\system32\DllCache\wininet.dll\0\??\C:\WINDOWS\help\SET3D.tmp\0!\??\C:\WINDOWS\help\ieeula.chm\0\??\C:\WINDOWS\help\SET3E.tmp\0!\??\C:\WINDOWS\help\iesupp.chm\0\??\C:\WINDOWS\help\SET3F.tmp\0!\??\C:\WINDOWS\help\iexplore.chm\0\??\C:\Program Files\Internet Explorer\SET44.tmp\0!\??\C:\Program Files\Internet Explorer\hmmapi.dll\0\??\C:\Program Files\Internet Explorer\SET49.tmp\0!\??\C:\Program Files\Internet Explorer\iexplore.exe\0\??\C:\Program Files\Internet Explorer\SIGNUP\SET59.tmp\0!\??\C:\Program Files\Internet Explorer\SIGNUP\install.ins\0\??\C:\Program Files\Fichiers communs\Microsoft Shared\VGX\SET5E.tmp\0!\??\C:\Program Files\Fichiers communs\Microsoft Shared\VGX\VGX.dll\0\??\C:\WINDOWS\system32\SET5F.tmp\0!\??\C:\WINDOWS\system32\admparse.dll\0\??\C:\WINDOWS\system32\SET60.tmp\0!\??\C:\WINDOWS\system32\advpack.dll\0\??\C:\WINDOWS\system32\SET62.tmp\0!\??\C:\WINDOWS\system32\corpol.dll\0\??\C:\WINDOWS\system32\SET63.tmp\0!\??\C:\WINDOWS\system32\dxtmsft.dll\0\??\C:\WINDOWS\system32\SET64.tmp\0!\??\C:\WINDOWS\system32\dxtrans.dll\0\??\C:\WINDOWS\system32\SET65.tmp\0!\??\C:\WINDOWS\system32\html.iec\0\??\C:\WINDOWS\system32\SET67.tmp\0!\??\C:\WINDOWS\system32\ie4uinit.exe\0\??\C:\WINDOWS\system32\SET6A.tmp\0!\??\C:\WINDOWS\system32\ieakeng.dll\0\??\C:\WINDOWS\system32\SET6B.tmp\0!\??\C:\WINDOWS\system32\ieaksie.dll\0\??\C:\WINDOWS\system32\SET6C.tmp\0!\??\C:\WINDOWS\system32\ieakui.dll\0\??\C:\WINDOWS\system32\SET6F.tmp\0!\??\C:\WINDOWS\system32\iedkcs32.dll\0\??\C:\WINDOWS\system32\SET73.tmp\0!\??\C:\WINDOWS\system32\iepeers.dll\0\??\C:\WINDOWS\system32\SET74.tmp\0!\??\C:\WINDOWS\system32\iernonce.dll\0\??\C:\WINDOWS\system32\SET76.tmp\0!\??\C:\WINDOWS\system32\iesetup.dll\0\??\C:\WINDOWS\system32\SET78.tmp\0!\??\C:\WINDOWS\system32\ieuinit.inf\0\??\C:\WINDOWS\system32\SET79.tmp\0!\??\C:\WINDOWS\system32\imgutil.dll\0\??\C:\WINDOWS\system32\SET7A.tmp\0!\??\C:\WINDOWS\system32\inetcpl.cpl\0\??\C:\WINDOWS\system32\SET7B.tmp\0!\??\C:\WINDOWS\system32\inseng.dll\0\??\C:\WINDOWS\system32\SET7C.tmp\0!\??\C:\WINDOWS\system32\jscript.dll\0\??\C:\WINDOWS\system32\SET7D.tmp\0!\??\C:\WINDOWS\system32\jsproxy.dll\0\??\C:\WINDOWS\system32\SET7E.tmp\0!\??\C:\WINDOWS\system32\licmgr10.dll\0\??\C:\WINDOWS\system32\SET82.tmp\0!\??\C:\WINDOWS\system32\mshta.exe\0\??\C:\WINDOWS\system32\SET84.tmp\0!\??\C:\WINDOWS\system32\mshtml.dll\0\??\C:\WINDOWS\system32\SET85.tmp\0!\??\C:\WINDOWS\system32\mshtml.tlb\0\??\C:\WINDOWS\system32\SET86.tmp\0!\??\C:\WINDOWS\system32\mshtmled.dll\0\??\C:\WINDOWS\system32\SET87.tmp\0!\??\C:\WINDOWS\system32\mshtmler.dll\0\??\C:\WINDOWS\system32\SET88.tmp\0!\??\C:\WINDOWS\system32\msls31.dll\0\??\C:\WINDOWS\system32\SET89.tmp\0!\??\C:\WINDOWS\system32\msrating.dll\0\??\C:\WINDOWS\system32\SET8B.tmp\0!\??\C:\WINDOWS\system32\mstime.dll\0\??\C:\WINDOWS\system32\SET8C.tmp\0!\??\C:\WINDOWS\system32\occache.dll\0\??\C:\WINDOWS\system32\SET8D.tmp\0!\??\C:\WINDOWS\system32\pngfilt.dll\0\??\C:\WINDOWS\system32\SET8E.tmp\0!\??\C:\WINDOWS\system32\tdc.ocx\0\??\C:\WINDOWS\system32\SET90.tmp\0!\??\C:\WINDOWS\system32\url.dll\0\??\C:\WINDOWS\system32\SET91.tmp\0!\??\C:\WINDOWS\system32\urlmon.dll\0\??\C:\WINDOWS\system32\SET92.tmp\0!\??\C:\WINDOWS\system32\vbscript.dll\0\??\C:\WINDOWS\system32\SET93.tmp\0!\??\C:\WINDOWS\system32\webcheck.dll\0\??\C:\WINDOWS\system32\SET95.tmp\0!\??\C:\WINDOWS\system32\wininet.dll\0\??\C:\WINDOWS\system32\fr-FR\SETA6.tmp\0!\??\C:\WINDOWS\system32\fr-FR\jscript.dll.mui\0\??\C:\WINDOWS\system32\fr-FR\SETAF.tmp\0!\??\C:\WINDOWS\system32\fr-FR\vbscript.dll.mui\0\??\C:\Program Files\Internet Explorer\Signup\ieak.install.ins\0!\??\C:\Program Files\Internet Explorer\Signup\install.ins\0\0
--- WOW-CMDLINE regkeys ---
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW]
"cmdline" = %SystemRoot%\system32\ntvdm.exe
"cmdline" = %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386
--- NETSVCS regkey ---
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] -- NETSVCS
0WmdmPmSN
--- DNS SERVER regkeys ---
no "NameServer" values found
--- File associations ---
.BAT files: ("%1" %*)
.COM files: ("%1" %*)
.EXE files: ("%1" %*)
.HLP files: (%SystemRoot%\System32\winhlp32.exe %1)
.INF files: (%SystemRoot%\System32\NOTEPAD.EXE %1)
.INI files: (%SystemRoot%\System32\NOTEPAD.EXE %1)
.JS files: (%SystemRoot%\System32\WScript.exe "%1" %*)
.PIF files: ("%1" %*)
.REG files: (regedit.exe "%1")
.SCR files: ("%1" /S)
.TXT files: (%SystemRoot%\system32\NOTEPAD.EXE %1)
.VBS files: (%SystemRoot%\System32\WScript.exe "%1" %*)
--- STARTUP FOLDERS ---
--- TASK SCHEDULER JOBS ---
no .job files found
Scan completed: 02/10/2009 12:31:09,48
FINISHED
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
2 oct. 2009 à 12:34
2 oct. 2009 à 12:34
J´suis là pour t´aider, pas t´enfoncer...
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
2 oct. 2009 à 12:51
2 oct. 2009 à 12:51
peux tu me montrer encore ce rapport stp
Télécharge HijackThis ici :
-> https://www.commentcamarche.net/telecharger/securite/11747-hijackthis/
Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)
-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
Post le rapport généré ici stp...
Télécharge HijackThis ici :
-> https://www.commentcamarche.net/telecharger/securite/11747-hijackthis/
Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)
-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
Post le rapport généré ici stp...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:02:27, on 02/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\setup.exe
E:\setup.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://welcome.hp.com/country/fr/fr/welcome.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [MDS_Menu] "C:\Program Files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\SMINST\Reminder.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
Scan saved at 13:02:27, on 02/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\setup.exe
E:\setup.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://welcome.hp.com/country/fr/fr/welcome.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [MDS_Menu] "C:\Program Files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\SMINST\Reminder.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
2 oct. 2009 à 13:07
2 oct. 2009 à 13:07
ok
qu´a trouvé avast ?
nom du fichier.
qu´a trouvé avast ?
nom du fichier.
A0000418.exe. c:\system volume information\_restore{59f1419e-3e98-47a3-9938-d066f1548199]\rp1
virus : win32:trojan-gen {other}
c:\hp\bin\setupport.exe
virus : win32 :trojan-gen {other}
et merci pr l'aide
virus : win32:trojan-gen {other}
c:\hp\bin\setupport.exe
virus : win32 :trojan-gen {other}
et merci pr l'aide
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
2 oct. 2009 à 13:27
2 oct. 2009 à 13:27
d´accord, les rapports sont propres alors on va vérifier avec cet antyspyware
Fais un scan avec cet antispyware :
Telecharge malwarebytes + tutoriel :
-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Tu l´instale; le programme va se mettre automatiquement a jour.
Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examun rapide".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
Au vu du rapport on déterminera la marche a suivre...
Fais un scan avec cet antispyware :
Telecharge malwarebytes + tutoriel :
-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Tu l´instale; le programme va se mettre automatiquement a jour.
Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examun rapide".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
Au vu du rapport on déterminera la marche a suivre...
Malwarebytes' Anti-Malware 1.41
Version de la base de données: 2892
Windows 5.1.2600 Service Pack 3
02/10/2009 14:08:33
mbam-log-2009-10-02 (14-08-33).txt
Type de recherche: Examen rapide
Eléments examinés: 87356
Temps écoulé: 6 minute(s), 12 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Version de la base de données: 2892
Windows 5.1.2600 Service Pack 3
02/10/2009 14:08:33
mbam-log-2009-10-02 (14-08-33).txt
Type de recherche: Examen rapide
Eléments examinés: 87356
Temps écoulé: 6 minute(s), 12 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
2 oct. 2009 à 14:27
2 oct. 2009 à 14:27
d´accord,
les rapports sont bons malwarebyte ne détecte rien...
pour éviter ce genre de soucis à l´avenir > attaque de ports; installe un par feu...
tutoriel : https://www.malekal.com/tutoriel-zonealarm-firewall/
puis pour une ultime vérification effectue ce scan en ligne et post son rapport :
https://forum.pcastuces.com/default.asp
@+
les rapports sont bons malwarebyte ne détecte rien...
pour éviter ce genre de soucis à l´avenir > attaque de ports; installe un par feu...
tutoriel : https://www.malekal.com/tutoriel-zonealarm-firewall/
puis pour une ultime vérification effectue ce scan en ligne et post son rapport :
https://forum.pcastuces.com/default.asp
@+
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
2 oct. 2009 à 14:34
2 oct. 2009 à 14:34
exactement mais passe tout de même le scan de eset pour nous assurer que tout est ok car le scan de malwarebyte était très rapide...
