retour de manip

[dave36]

fais la manip,tjrs pareil(fais 3 fois au cas ou.........)

 

????????????,

[Thanos]

C'est bien la première fois que je rencontre ce souci Un détail important : est ce que tu parviens à accéder au registre en faisant ceci=>

 

-vas dans le menu démarrer executer et tu tapes :regedit . Est ce que tu as l'éditeur de registre qui s'ouvre?

Modifié le 6 avril 2006 par charles ingals

[dave36]

effectivement,impossible d'acceder a regedit et ce depuis tres longtemps!!!

[Thanos]

ok dave36 ! on va essayer de débloquer ca! =>

 

Fais un clic droit avec ta souris sur le lien suivant => UnHookExec.inf

* Dans la liste qui vient de s'ouvrir, choisis "Enregistrer la cible sous".

* Enregistre le fichier UnHookExec.inf sur le bureau.

* Fais un clic droit sur le fichier que tu viens de télécharger, et choisis "Installer"

* Il n'y aura aucun avertissement, c'est normal!

 

Redémarre le pc pour que les modifications soient prises en compte!

 

Réessaie apres ca d'ouvrir le registre stp et dis moi si ca marche

 

-Télécharge WinPFind.zip sur le bureau.

http://www.bleepingcomputer.com/files/winpfind.php

Extraire vers C:\ ou disque dur local©. Ceci va créer un dossier WinPFind à la racine du disque.

 

Ouvre le dossier C:\WinPFind et double-clique sur WinPFind.exe.

Clique sur Configure Scan Options.

Enlève toutes les cases à cocher du coté gauche sous Folder Options en cliquant sur Remove All, décocher Run Addon's et clique sur Apply.

Clique sur Start Scan et attend que le programme ait fini.

 

Les resultats seront disponible dans C:\WinPFind\WinPFind.txt.

 

Poste le rapport ici.

 

et bon courage si tu par bosser !

Modifié le 6 avril 2006 par charles ingals

[dave36]

pas moyen d'avoir regedit,je te poste le rapport suivant:

 

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

 

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

 

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600

Internet Explorer Version: 6.0.2900.2180

 

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

 

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

 

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

SV1 =

iebar =

acc=username =

(none) =

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

 

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\avast

{472083B0-C522-11CF-8763-00608CC02F24} =

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\IZArcCM

{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5} = C:\PROGRA~1\IZArc\IZArcCM.dll

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Kaspersky Anti-Virus

{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files

{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With

{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu

{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Shell Extension for Malware scanning

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}

Épingle du menu Démarrer = %SystemRoot%\system32\SHELL32.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\avast

{472083B0-C522-11CF-8763-00608CC02F24} =

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BitDefender Antivirus v8

{D653647D-D607-4DF6-A5B8-48D2BA195F7B} =

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Kaspersky Anti-Virus

{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Shell Extension for Malware scanning

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu

{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\IZArcCM

{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5} = C:\PROGRA~1\IZArc\IZArcCM.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files

{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing

{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}

= %SystemRoot%\system32\SHELL32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}

= %SystemRoot%\system32\SHELL32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}

= %SystemRoot%\system32\SHELL32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}

= %SystemRoot%\system32\SHELL32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}

= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

 

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}

= C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}

Google Toolbar Helper = c:\program files\google\googletoolbar2.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}

&Astuce du jour = %SystemRoot%\System32\shdocvw.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}

MenuText = Console Java (Sun) : C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}

ButtonText = Messager Wanadoo : C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{0494D0DE-F8E0-41AD-92A3-14154ECE70AC}

=

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}

Bande de recherche = %SystemRoot%\System32\browseui.dll

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}

=

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}

Bandeau de recherche de l'Explorateur = %SystemRoot%\system32\SHELL32.dll

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}

Favorites Band = %SystemRoot%\System32\shdocvw.dll

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}

History Band = %SystemRoot%\System32\shdocvw.dll

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser

{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} = :

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :

{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} = :

{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = MSN : C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll

{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser

{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} = :

{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Liens : %SystemRoot%\system32\SHELL32.dll

{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :

{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = MSN : C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll

{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll

{EF99BD32-C1FB-11D2-892F-0090271D4F88} = :

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

HPHmon05 C:\WINDOWS\System32\hphmon05.exe

PS2 C:\WINDOWS\system32\ps2.exe

Recguard C:\WINDOWS\SMINST\RECGUARD.EXE

SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

Microsoft Works Update Detection C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

hpsysdrv c:\windows\system\hpsysdrv.exe

ATIPTA C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

WOOWATCH C:\PROGRA~1\Wanadoo\Watch.exe

avgnt "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

IMAIL Installed = 1

MAPI Installed = 1

MSFS Installed = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

Acme.PCHButton C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk

path C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk

backup C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

location Common Startup

command C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe

item HP Digital Imaging Monitor

path C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk

backup C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

location Common Startup

command C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe

item HP Digital Imaging Monitor

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk

path C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk

backup C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

location Common Startup

command C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe /start

item Logitech Desktop Messenger

path C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk

backup C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

location Common Startup

command C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe /start

item Logitech Desktop Messenger

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AlcxMonitor

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item ALCXMNTR

hkey HKLM

command ALCXMNTR.EXE

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item ALCXMNTR

hkey HKLM

command ALCXMNTR.EXE

inimapping 0

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\avast!

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item ashDisp

hkey HKLM

command C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item ashDisp

hkey HKLM

command C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

inimapping 0

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BackupNotify

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item backupnotify

hkey HKCU

command c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item backupnotify

hkey HKCU

command c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe

inimapping 0

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BoontyBox

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item BoontyBox

hkey HKCU

command "C:\Program Files\Boonty\BoontyBox\BoontyBox.exe" /boot

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item BoontyBox

hkey HKCU

command "C:\Program Files\Boonty\BoontyBox\BoontyBox.exe" /boot

inimapping 0

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Internet Optimizer

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item optimize

hkey HKLM

command "C:\Program Files\Internet Optimizer\optimize.exe"

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item optimize

hkey HKLM

command "C:\Program Files\Internet Optimizer\optimize.exe"

inimapping 0

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LDM

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item BackWeb-8876480

hkey HKCU

command C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item BackWeb-8876480

hkey HKCU

command C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

inimapping 0

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogitechVideoRepair

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item ISStart

hkey HKLM

command C:\Program Files\Logitech\Video\ISStart.exe

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item ISStart

hkey HKLM

command C:\Program Files\Logitech\Video\ISStart.exe

inimapping 0

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogitechVideoTray

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item LogiTray

hkey HKLM

command C:\Program Files\Logitech\Video\LogiTray.exe

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item LogiTray

hkey HKLM

command C:\Program Files\Logitech\Video\LogiTray.exe

inimapping 0

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LVCOMSX

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item LVCOMSX

hkey HKLM

command C:\WINDOWS\system32\LVCOMSX.EXE

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item LVCOMSX

hkey HKLM

command C:\WINDOWS\system32\LVCOMSX.EXE

inimapping 0

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\nwiz

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item nwiz

hkey HKLM

command nwiz.exe /installquiet /keeploaded /nodetect

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item nwiz

hkey HKLM

command nwiz.exe /installquiet /keeploaded /nodetect

inimapping 0

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\System service79

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item pokapoka79

hkey HKLM

command C:\WINDOWS\etb\pokapoka79.exe

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item pokapoka79

hkey HKLM

command C:\WINDOWS\etb\pokapoka79.exe

inimapping 0

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state

system.ini 0

win.ini 0

bootini 0

services 0

startup 2

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\FICHIE~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =

{0DF44EAA-FF21-4412-828E-260A8728E7F1} =

 

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system

dontdisplaylastusername 0

legalnoticecaption

legalnoticetext

shutdownwithoutlogon 1

undockwithoutlogon 1

 

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

NoDriveTypeAutoRun •

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll

CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll

WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll

SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,

Shell = Explorer.exe

System =

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent

= Ati2evxx.dll

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain

= crypt32.dll

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet

= cryptnet.dll

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll

= cscdll.dll

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui

= igfxsrvc.dll

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp

= wlnotify.dll

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule

= wlnotify.dll

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy

= sclgntfy.dll

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn

= WlNotify.dll

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv

= wlnotify.dll

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon

= wlnotify.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path

Debugger = ntsd -d

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

AppInit_DLLs

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.

Scan completed on 07/04/2006 07:03:19

 

 

 

---------------------------

a plus tard........

[dave36]

autre pb,mais est ce une surprise:

-lorsque je lance windows media player j'ai le message :"erreur d'application" et donc impossible de le lancer!!!

media player classic fct!

[Thanos]

salut dave36

 

Désolé de pas te répondre plus tôt (je fais les 3 X 8 ). Je pense à ce problème de fichier reg et ca me turlupine pas mal

 

1)-Il est fort possible que l'extension .reg ne soit plus accessible, et il faut s'en assurer(c'est rapide!).

 

Lance l'Explorateur( touches Windows +E )

 

* Vas dans le menu "Outils" / "Options des dossiers" (ou Affichage / Options...)

* Dans la fenêtre qui s'ouvre,vas dans l'onglet "Types de fichiers".

* Choisis "Inscription dans le registre"ou "Rubriques du registre"(=>clique sur la flèche pour faire défiler).

* Clique sur le bouton "Avancé".(et pas "modifier"!)

* Dans Actions, sélectionne "Fusionner" en cliquant dessus, puis clique sur le bouton "Modifier".

* Dans le champs "Application utilisée pour effectuer cette action" assure toi que c'est cette valeur qui figure=>

regedit.exe "%1" Si ce n'est pas le cas, copie colle l'instruction à la place et clique sur "OK" deux fois, puis "Fermer".

 

Dis moi si la valeur en question a été modifiée stp

 

2)-Ton précédent rapport hijackthis montre la présence d'un spyware : elite toolbar.

 

- Télécharge Elite toolbar remover de Simplytech

- Dézippe le programme dans un dossier et clique sur "Check for updates" pour mettre le programme à jour.

 

*Redémarre le PC, impérativement en mode sans échec,(au démarrage, tapoter immédiatement la touche F8,puis apparaitra un écran avec choix de démarrages : choisir "Mode sans échec" avec les flèches du clavier, puis valider avec "Entrée".

Choisir le compte usuel (et non Administrateur).

n'ayant pas accès à Internet, tu as préalablement copié ces instructions dans un fichier texte)

 

*Assure toi d'avoir accès à tous les fichiers,certains fichiers/dossiers sont cachés!!

 

Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :

Cocher la case : Afficher les fichiers et dossiers cachés

Décocher la case : Masquer les extensions des fichiers dont le type est connu

Décocher la case : Masquer les fichiers protégés du système d'exploitation

cliquer sur "Appliquer"

cliquer sur le bouton "Appliquer à tous les dossiers" / OK

 

*Supprime le dossier en gras dans C:\WINDOWS:

 

C:\WINDOWS\etb

 

*Supprime le fichier en gras dans C:\WINDOWS:

 

C:\WINDOWS\ALCXMNTR.EXE => spyware lié à Logitech!

 

-Vide la corbeille.

 

* Lance Elite toolbar remover.

- Clique sur le bouton "Kill Elite Toolbar" et patiente.

- Si une fenêtre apparait, et qu'un message te demande ta permission pour effacer certains fichiers

temporaires;accepte!

- Clique sur le bouton "Save Reg. Log".Un rapport sera généré , sauvegarde le sur ton bureau.

 

* Lance ATF-Cleaner:Double-clique sur ATF-Cleaner.exe

Coche ceci :

Windows Temp

Current User Temp

All Users Temp

Cookies

Temporary Internet Files

Prefetch

Java Cache

Recycle Bin

 

Clique sur Empty Selected et au message "Done Cleaning" sur Ok

 

* Redémarre normalement et relance WinPFind , poste le rapport .

 

A + tard collègue de nuit!

[dave36]

manip effectuee hormis fichier etb ss windows non trouvé.

question :qu'est ce que WinPFIND? pas trouvé!

 

je te poste les rapports.

 

Registry Log file generated by *** ETRemover - V.2.1.2 ***

08/04/2006 - 13:46:28

 

System info:

 

System running in: Safe Mode

OS Platform: Microsoft Windows 2000

OS Version: 5.01.2600

OS Update: Service Pack 2

CPU Maker: GenuineIntel

CPU Model: x86 Family 15 Model 2 Stepping 9

CPU Speed: 2600 MHz

 

 

Running processes:

 

[system process] [sYSTEM]

system [sYSTEM]

smss.exe [\SystemRoot\System32\smss.exe]

csrss.exe [sYSTEM]

winlogon.exe [\??\C:\WINDOWS\system32\winlogon.exe]

services.exe [C:\WINDOWS\system32\services.exe]

lsass.exe [C:\WINDOWS\system32\lsass.exe]

svchost.exe [C:\WINDOWS\system32\svchost.exe]

svchost.exe [sYSTEM]

svchost.exe [C:\WINDOWS\system32\svchost.exe]

explorer.exe [C:\WINDOWS\Explorer.EXE]

winword.exe [C:\Program Files\Microsoft Office\Office10\WINWORD.EXE]

wkdstore.exe [C:\Program Files\Microsoft Works\WkDStore.exe]

etremover_v212.exe [C:\Documents and Settings\Propriétaire\Bureau\ETRemover_v212\ETRemover_v212.exe]

 

 

------------------------------------------

HKLM -> UserInit in NT:

 

 

DWORD: AutoRestartShell = 1

 

DefaultDomainName = LAURE-DAVID

 

DefaultUserName = Propriétaire

 

LegalNoticeCaption =

 

LegalNoticeText =

 

PowerdownAfterShutdown = 0

 

ReportBootOk = 1

 

Shell = Explorer.exe

 

ShutdownWithoutLogon = 0

 

System =

 

Userinit = C:\WINDOWS\system32\userinit.exe,

 

VmApplet = rundll32 shell32,Control_RunDLL "sysdm.cpl"

 

DWORD: SfcQuota = -1

 

allocatecdroms = 0

 

allocatedasd = 0

 

allocatefloppies = 0

 

cachedlogonscount = 10

 

DWORD: forceunlocklogon = 0

 

DWORD: passwordexpirywarning = 14

 

scremoveoption = 0

 

DWORD: AllowMultipleTSSessions = 1

 

DWORD: LogonType = 1

 

Background = 0 0 0

 

DebugServerCommand = no

 

DWORD: SFCDisable = 0

 

WinStationsDisabled = 0

 

DWORD: HibernationPreviouslyEnabled = 1

 

DWORD: ShowLogonOptions = 0

 

AltDefaultUserName = Propriétaire

 

AltDefaultDomainName = LAURE-DAVID

 

 

 

------------------------------------------

HKCU -> UserInit in NT:

 

 

ParseAutoexec = 1

 

ExcludeProfileDirs = Local Settings;Temporary Internet Files;Historique;Temp

 

DWORD: BuildNumber = 2600

 

 

 

------------------------------------------

HKLM -> UserInit:

 

* Registry key not found *

 

------------------------------------------

HKCU -> UserInit in NT:

 

* Registry key not found *

 

------------------------------------------

Running processes in NT / HKLM -> RUN (Autorun entries from Registry):

 

* Registry key not found *

 

------------------------------------------

Running processes in HKLM -> RUN (Autorun entries from Registry):

 

 

HPHmon05 = C:\WINDOWS\System32\hphmon05.exe

 

PS2 = C:\WINDOWS\system32\ps2.exe

 

Recguard = C:\WINDOWS\SMINST\RECGUARD.EXE

 

SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

 

Microsoft Works Update Detection = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

 

hpsysdrv = c:\windows\system\hpsysdrv.exe

 

ATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

 

WOOWATCH = C:\PROGRA~1\Wanadoo\Watch.exe

 

avgnt = "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

 

 

 

------------------------------------------

Running processes in HKLM -> RUNONCE (Autorun entries from Registry):

 

* No values found *

 

------------------------------------------

Running processes in HKLM -> RUNONCEEX (Autorun entries from Registry):

 

* No values found *

 

------------------------------------------

Running processes in HKLM -> RUNSERVICES (Autorun entries from Registry):

 

* Registry key not found *

 

------------------------------------------

Running processes in HKLM -> RUNSERVICESONCE (Autorun entries from Registry):

 

* Registry key not found *

 

------------------------------------------

Running processes in NT / HKCU -> RUN (Autorun entries from Registry):

 

* Registry key not found *

 

------------------------------------------

Running processes in HKCU -> RUN (Autorun entries from Registry):

 

 

Acme.PCHButton = C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe

 

 

 

------------------------------------------

Running processes in HKCU -> RUNONCE (Autorun entries from Registry):

 

* No values found *

 

------------------------------------------

Running processes in HKCU -> RUNONCEEX (Autorun entries from Registry):

 

* Registry key not found *

 

------------------------------------------

Running processes in HKCU -> RUNSERVICES (Autorun entries from Registry):

 

* Registry key not found *

 

------------------------------------------

Running processes in HKCU -> RUNSERVICESONCE (Autorun entries from Registry):

 

* Registry key not found *

 

------------------------------------------

Running processes in HKLM -> Browser Helper Objects:

 

{53707962-6F74-2D53-2644-206D7942484F}

* No values in SubKey *

 

{AA58ED58-01DD-4d91-8333-CF10577473F7}

* No values in SubKey *

 

------------------------------------------

Programs in HKLM -> Common Startup:

 

Microsoft Office.lnk

 

------------------------------------------

et un hidj. au cas ou:

 

Logfile of HijackThis v1.99.1

Scan saved at 13:57:30, on 08/04/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Inventel\Gateway\wlancfg.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\hphmon05.exe

C:\WINDOWS\system32\ps2.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

C:\windows\system\hpsysdrv.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Installations programmes\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Download using Download &Express - file://C:\Program Files\Download Express\Add_Url.htm

O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe

O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone (HKLM)

O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone (HKLM)

O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone (HKLM)

O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)

O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone (HKLM)

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

 

-----------------------------MERCI A +----------------------------------------------------------------------------

[dave36]

autant pour moi,pas vu winpfind avt:voici le rapport:

 

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600

Internet Explorer Version: 6.0.2900.2180

 

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

 

Checking %SystemDrive% folder...

qoologic 07/04/2006 07:00:50 204131 C:\WinPFind.zip

 

Checking %ProgramFilesDir% folder...

 

Checking %WinDir% folder...

UPX! 19/03/2006 21:49:34 14848 C:\WINDOWS\ccqtkld.exe

UPX! 20/03/2006 19:23:24 14848 C:\WINDOWS\jpjlcwpj.exe

 

Checking %System% folder...

UPX! 09/07/2005 12:03:06 433152 C:\WINDOWS\SYSTEM32\aswBoot.exe

UPX! 09/07/2004 10:47:04 167936 C:\WINDOWS\SYSTEM32\CoreAAC.ax

PEC2 20/09/2003 21:08:00 41131 C:\WINDOWS\SYSTEM32\dfrg.msc

PTech 29/07/2005 11:37:02 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll

PEC2 13/09/2002 16:09:24 343999 C:\WINDOWS\SYSTEM32\libpostproc.dll

UPX! 20/11/2003 15:42:36 74240 C:\WINDOWS\SYSTEM32\MACDec.dll

UPX! 06/01/2004 23:02:06 183296 C:\WINDOWS\SYSTEM32\MonkeySource.ax

PECompact2 02/11/2005 07:34:44 2376032 C:\WINDOWS\SYSTEM32\MRT.exe

aspack 02/11/2005 07:34:44 2376032 C:\WINDOWS\SYSTEM32\MRT.exe

aspack 20/08/2004 01:09:14 733184 C:\WINDOWS\SYSTEM32\ntdll.dll

Umonitor 20/08/2004 01:09:40 685056 C:\WINDOWS\SYSTEM32\rasdlg.dll

UPX! 08/11/2003 12:34:00 36864 C:\WINDOWS\SYSTEM32\RLMPCDec.ax

UPX! 26/05/2002 21:31:34 74240 C:\WINDOWS\SYSTEM32\unrar.dll

winsync 20/09/2003 19:38:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

 

Checking %System%\Drivers folder and sub-folders...

PTech 04/08/2004 07:41:38 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

 

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts

 

 

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...

08/04/2006 13:49:58 S 2048 C:\WINDOWS\bootstat.dat

27/02/2006 00:07:52 HS 7680 C:\WINDOWS\Thumbs.db

08/04/2006 13:51:00 H 1024 C:\WINDOWS\system32\config\default.LOG

08/04/2006 13:50:12 H 1024 C:\WINDOWS\system32\config\SAM.LOG

08/04/2006 13:51:00 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG

08/04/2006 15:48:18 H 1024 C:\WINDOWS\system32\config\software.LOG

08/04/2006 15:47:26 H 1024 C:\WINDOWS\system32\config\system.LOG

08/04/2006 13:50:06 H 6 C:\WINDOWS\Tasks\SA.DAT

 

Checking for CPL files...

19/08/2003 09:20:04 180224 C:\WINDOWS\SYSTEM32\ac3filter.cpl

Microsoft Corporation 20/08/2004 01:10:06 71680 C:\WINDOWS\SYSTEM32\access.cpl

Realtek Semiconductor Corp. 17/02/2004 06:49:14 14193152 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL

Microsoft Corporation 20/08/2004 01:10:06 555008 C:\WINDOWS\SYSTEM32\appwiz.cpl

Microsoft Corporation 20/08/2004 01:10:06 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl

Logitech Inc. 25/02/2004 17:05:08 274432 C:\WINDOWS\SYSTEM32\CamCpl.cpl

Microsoft Corporation 20/08/2004 01:10:06 138240 C:\WINDOWS\SYSTEM32\desk.cpl

Microsoft Corporation 20/08/2004 01:10:06 80384 C:\WINDOWS\SYSTEM32\firewall.cpl

Microsoft Corporation 20/08/2004 01:10:06 157184 C:\WINDOWS\SYSTEM32\hdwwiz.cpl

Intel Corporation 07/04/2003 08:14:30 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl

Microsoft Corporation 20/08/2004 01:10:06 359936 C:\WINDOWS\SYSTEM32\inetcpl.cpl

Microsoft Corporation 20/08/2004 01:10:06 134144 C:\WINDOWS\SYSTEM32\intl.cpl

Microsoft Corporation 20/08/2004 01:10:06 380928 C:\WINDOWS\SYSTEM32\irprops.cpl

Microsoft Corporation 20/08/2004 01:10:06 70144 C:\WINDOWS\SYSTEM32\joy.cpl

Sun Microsystems, Inc. 10/11/2005 14:03:50 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl

Microsoft Corporation 22/09/2003 02:14:00 189952 C:\WINDOWS\SYSTEM32\main.cpl

Microsoft Corporation 20/08/2004 01:10:06 626176 C:\WINDOWS\SYSTEM32\mmsys.cpl

Microsoft Corporation 23/09/2003 12:48:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl

Microsoft Corporation 20/08/2004 01:10:06 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl

Microsoft Corporation 20/08/2004 01:10:06 261120 C:\WINDOWS\SYSTEM32\nusrmgr.cpl

NVIDIA Corporation 19/08/2003 03:56:00 143360 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl

Microsoft Corporation 20/08/2004 01:10:06 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl

Microsoft Corporation 20/08/2004 01:10:06 118272 C:\WINDOWS\SYSTEM32\powercfg.cpl

Apple Computer, Inc. 26/08/1996 02:12:00 R 341504 C:\WINDOWS\SYSTEM32\QTW32.CPL

Microsoft Corporation 20/08/2004 01:10:06 305152 C:\WINDOWS\SYSTEM32\sysdm.cpl

Microsoft Corporation 20/09/2003 18:41:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl

Microsoft Corporation 20/08/2004 01:10:06 94208 C:\WINDOWS\SYSTEM32\timedate.cpl

Microsoft Corporation 20/08/2004 01:10:06 148480 C:\WINDOWS\SYSTEM32\wscui.cpl

Microsoft Corporation 26/05/2005 04:16:32 175896 C:\WINDOWS\SYSTEM32\wuaucpl.cpl

Microsoft Corporation 20/08/2004 01:10:06 71680 C:\WINDOWS\SYSTEM32\dllcache\access.cpl

Microsoft Corporation 20/08/2004 01:10:06 555008 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl

Microsoft Corporation 20/08/2004 01:10:06 110592 C:\WINDOWS\SYSTEM32\dllcache\bthprops.cpl

Microsoft Corporation 20/08/2004 01:10:06 138240 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl

Microsoft Corporation 20/08/2004 01:10:06 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl

Microsoft Corporation 20/08/2004 01:10:06 157184 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl

Microsoft Corporation 20/08/2004 01:10:06 359936 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl

Microsoft Corporation 20/08/2004 01:10:06 134144 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl

Microsoft Corporation 20/08/2004 01:10:06 380928 C:\WINDOWS\SYSTEM32\dllcache\irprops.cpl

Microsoft Corporation 20/08/2004 01:10:06 70144 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl

Microsoft Corporation 22/09/2003 02:14:00 189952 C:\WINDOWS\SYSTEM32\dllcache\main.cpl

Microsoft Corporation 20/08/2004 01:10:06 626176 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl

Microsoft Corporation 23/09/2003 12:48:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl

Microsoft Corporation 20/08/2004 01:10:06 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl

Microsoft Corporation 20/08/2004 01:10:06 261120 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl

Microsoft Corporation 20/08/2004 01:10:06 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl

Microsoft Corporation 20/08/2004 01:10:06 118272 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl

Microsoft Corporation 20/08/2004 01:10:06 159744 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl

Microsoft Corporation 20/08/2004 01:10:06 305152 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl

Microsoft Corporation 20/09/2003 18:41:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl

Microsoft Corporation 20/08/2004 01:10:06 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl

Microsoft Corporation 20/08/2004 01:10:06 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl

Microsoft Corporation 26/05/2005 04:16:32 175896 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

Realtek Semiconductor Corp. 17/02/2004 06:49:14 14193152 C:\WINDOWS\SYSTEM32\DRVSTORE\Alcxwdm_cfb7d3fc0ab7f7a3133a6c25509eaf3479108975\ALSNDMGR.CPL

Intel Corporation 07/04/2003 08:14:30 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0003\DriverFiles\igfxcpl.cpl

Realtek Semiconductor Corp. 13/09/2003 03:24:20 10435584 C:\WINDOWS\SYSTEM32\ReinstallBackups\0014\DriverFiles\ALSNDMGR.CPL

 

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

 

Checking files in %ALLUSERSPROFILE%\Startup folder...

01/01/2003 17:39:48 HS 84 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini

26/03/2004 20:03:28 1751 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk

 

Checking files in %ALLUSERSPROFILE%\Application Data folder...

01/04/2006 00:11:56 305 C:\Documents and Settings\All Users\Application Data\addr_file.html

01/01/2003 17:33:16 HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini

01/01/2003 19:22:16 868 C:\Documents and Settings\All Users\Application Data\hpzinstall.log

 

Checking files in %USERPROFILE%\Startup folder...

01/01/2003 17:39:48 HS 84 C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\desktop.ini

 

Checking files in %USERPROFILE%\Application Data folder...

01/01/2003 17:33:16 HS 62 C:\Documents and Settings\Propriétaire\Application Data\desktop.ini

20/03/2006 21:24:16 63144 C:\Documents and Settings\Propriétaire\Application Data\GDIPFONTCACHEV1.DAT

08/04/2006 13:38:20 11768 C:\Documents and Settings\Propriétaire\Application Data\wklnhst.dat

 

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

SV1 =

iebar =

acc=username =

(none) =

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

 

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\avast

{472083B0-C522-11CF-8763-00608CC02F24} =

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\IZArcCM

{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5} = C:\PROGRA~1\IZArc\IZArcCM.dll

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Kaspersky Anti-Virus

{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files

{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With

{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu

{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Shell Extension for Malware scanning

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}

Épingle du menu Démarrer = %SystemRoot%\system32\SHELL32.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\avast

{472083B0-C522-11CF-8763-00608CC02F24} =

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BitDefender Antivirus v8

{D653647D-D607-4DF6-A5B8-48D2BA195F7B} =

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Kaspersky Anti-Virus

{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Shell Extension for Malware scanning

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu

{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\IZArcCM

{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5} = C:\PROGRA~1\IZArc\IZArcCM.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files

{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing

{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}

= %SystemRoot%\system32\SHELL32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}

= %SystemRoot%\system32\SHELL32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}

= %SystemRoot%\system32\SHELL32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}

= %SystemRoot%\system32\SHELL32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}

= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

 

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}

= C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}

Google Toolbar Helper = c:\program files\google\googletoolbar2.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}

&Astuce du jour = %SystemRoot%\System32\shdocvw.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}

MenuText = Console Java (Sun) : C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}

ButtonText = Messager Wanadoo : C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{0494D0DE-F8E0-41AD-92A3-14154ECE70AC}

=

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}

Bande de recherche = %SystemRoot%\System32\browseui.dll

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}

=

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}

Bandeau de recherche de l'Explorateur = %SystemRoot%\system32\SHELL32.dll

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}

Favorites Band = %SystemRoot%\System32\shdocvw.dll

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}

History Band = %SystemRoot%\System32\shdocvw.dll

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser

{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} = :

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :

{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} = :

{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = MSN : C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll

{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser

{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} = :

{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Liens : %SystemRoot%\system32\SHELL32.dll

{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :

{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = MSN : C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll

{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll

{EF99BD32-C1FB-11D2-892F-0090271D4F88} = :

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

HPHmon05 C:\WINDOWS\System32\hphmon05.exe

PS2 C:\WINDOWS\system32\ps2.exe

Recguard C:\WINDOWS\SMINST\RECGUARD.EXE

SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

Microsoft Works Update Detection C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

hpsysdrv c:\windows\system\hpsysdrv.exe

ATIPTA C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

WOOWATCH C:\PROGRA~1\Wanadoo\Watch.exe

avgnt "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

IMAIL Installed = 1

MAPI Installed = 1

MSFS Installed = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

Acme.PCHButton C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk

path C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk

backup C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

location Common Startup

command C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe

item HP Digital Imaging Monitor

path C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk

backup C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

location Common Startup

command C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe

item HP Digital Imaging Monitor

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk

path C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk

backup C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

location Common Startup

command C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe /start

item Logitech Desktop Messenger

path C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk

backup C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

location Common Startup

command C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe /start

item Logitech Desktop Messenger

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AlcxMonitor

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item ALCXMNTR

hkey HKLM

command ALCXMNTR.EXE

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item ALCXMNTR

hkey HKLM

command ALCXMNTR.EXE

inimapping 0

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\avast!

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item ashDisp

hkey HKLM

command C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item ashDisp

hkey HKLM

command C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

inimapping 0

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BackupNotify

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item backupnotify

hkey HKCU

command c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item backupnotify

hkey HKCU

command c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe

inimapping 0

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BoontyBox

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item BoontyBox

hkey HKCU

command "C:\Program Files\Boonty\BoontyBox\BoontyBox.exe" /boot

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item BoontyBox

hkey HKCU

command "C:\Program Files\Boonty\BoontyBox\BoontyBox.exe" /boot

inimapping 0

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Internet Optimizer

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item optimize

hkey HKLM

command "C:\Program Files\Internet Optimizer\optimize.exe"

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item optimize

hkey HKLM

command "C:\Program Files\Internet Optimizer\optimize.exe"

inimapping 0

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LDM

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item BackWeb-8876480

hkey HKCU

command C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item BackWeb-8876480

hkey HKCU

command C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

inimapping 0

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogitechVideoRepair

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item ISStart

hkey HKLM

command C:\Program Files\Logitech\Video\ISStart.exe

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item ISStart

hkey HKLM

command C:\Program Files\Logitech\Video\ISStart.exe

inimapping 0

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogitechVideoTray

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item LogiTray

hkey HKLM

command C:\Program Files\Logitech\Video\LogiTray.exe

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item LogiTray

hkey HKLM

command C:\Program Files\Logitech\Video\LogiTray.exe

inimapping 0

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LVCOMSX

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item LVCOMSX

hkey HKLM

command C:\WINDOWS\system32\LVCOMSX.EXE

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item LVCOMSX

hkey HKLM

command C:\WINDOWS\system32\LVCOMSX.EXE

inimapping 0

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\nwiz

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item nwiz

hkey HKLM

command nwiz.exe /installquiet /keeploaded /nodetect

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item nwiz

hkey HKLM

command nwiz.exe /installquiet /keeploaded /nodetect

inimapping 0

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\System service79

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item pokapoka79

hkey HKLM

command C:\WINDOWS\etb\pokapoka79.exe

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item pokapoka79

hkey HKLM

command C:\WINDOWS\etb\pokapoka79.exe

inimapping 0

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state

system.ini 0

win.ini 0

bootini 0

services 0

startup 2

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\FICHIE~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =

{0DF44EAA-FF21-4412-828E-260A8728E7F1} =

 

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system

dontdisplaylastusername 0

legalnoticecaption

legalnoticetext

shutdownwithoutlogon 1

undockwithoutlogon 1

 

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

NoDriveTypeAutoRun •

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll

CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll

WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} =

SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,

Shell = Explorer.exe

System =

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent

= Ati2evxx.dll

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain

= crypt32.dll

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet

= cryptnet.dll

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll

= cscdll.dll

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui

= igfxsrvc.dll

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp

= wlnotify.dll

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule

= wlnotify.dll

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy

= sclgntfy.dll

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn

= WlNotify.dll

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv

= wlnotify.dll

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon

= wlnotify.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path

Debugger = ntsd -d

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

AppInit_DLLs

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.

Scan completed on 08/04/2006 15:53:17

[Thanos]

Salut dave36

 

Deux questions importantes pour commencer =>

 

-Que se passe t'il exactement , lorsque tu fais ceci=> Démarrer\Exécuter et que tu tapes regedit (ou regedit.exe) ? Est ce que tu reçois un message d'erreur de Windows??(fichier manquant? corrompu etc...)

 

- Dis moi ce que cette manipulation a donné stp=>

1)-Il est fort possible que l'extension .reg ne soit plus accessible, et il faut s'en assurer(c'est rapide!).

 

Lance l'Explorateur( touches Windows +E )

 

* Vas dans le menu "Outils" / "Options des dossiers" (ou Affichage / Options...)

* Dans la fenêtre qui s'ouvre,vas dans l'onglet "Types de fichiers".

* Choisis "Inscription dans le registre"ou "Rubriques du registre"(=>clique sur la flèche pour faire défiler).

* Clique sur le bouton "Avancé".(et pas "modifier"!)

* Dans Actions, sélectionne "Fusionner" en cliquant dessus, puis clique sur le bouton "Modifier".

* Dans le champs "Action" ,ceci doit apparaitre=> &Fusionner

* Dans le champs "Application utilisée pour effectuer cette action" assure toi que c'est cette valeur qui figure=>

regedit.exe "%1" Si ce n'est pas le cas, copie colle l'instruction à la place et clique sur "OK" deux fois, puis "Fermer".

 

Dis moi si la valeur en question a été modifiée stp

 

1) * Supprime les fichiers en gras dans C:\WINDOWS:

 

C:\WINDOWS\ccqtkld.exe

C:\WINDOWS\jpjlcwpj.exe

 

Vide la corbeille.

 

 

2) Créé un fichier Bloc Notes avec le texte qui se trouve dans l'espace "code" ci-dessous (copie/colle, sans le mot "Code" ) :

 

@ECHO OFF
chcp 1250
dir %Windir%\regedit* /s > files.txt
notepad files.txt
del /q files.txt

-Aller en haut de page et cliquer sur le menu"Fichier" : une liste apparait=>

-Choisis "Enregistrer sous" et choisis"Bureau"

-Dans le champs "Nom du fichier" en bas de page donne le nom suivant: findfiles.bat

-Dans le champs"Type" en bas de page ,choisis: tous les fichiers

-ensuite cliquer sur le bouton "Enregistrer" (à droite du champs "nom du fichier")

-quitter le Bloc Notes.

 

* Double clique sur le fichier findfiles.bat que tu viens de créer: l'invite de commande va s'ouvrir, puis un fichier au format texte va apparaitre. Poste le contenu du fichier dans ta prochaine réponse stp (ca va nous permettre de voir regedit.exe!)

Modifié le 9 avril 2006 par charles ingals