Unite centrale chauffe
pepere860
Messages postés
138
Statut
Membre
-
David cass Messages postés 490 Statut Membre -
David cass Messages postés 490 Statut Membre -
Bonjour,
Qui peut me donner de bons conseils, je trouve que mon ventilo tourne beaucoup plus que d'habitude et ne s'arrête presque pas, j'ai l'impression que l'unité centrale chauffe. Merci de m'aider. CRDLT.
Qui peut me donner de bons conseils, je trouve que mon ventilo tourne beaucoup plus que d'habitude et ne s'arrête presque pas, j'ai l'impression que l'unité centrale chauffe. Merci de m'aider. CRDLT.
A voir également:
- Unite centrale chauffe
- Xiaomi 14t pro chauffe - Accueil - Téléphones
- Pile qui chauffe que faire - Forum Mobile
- Chauffe-eau - Guide
- Unité centrale s'allume mais pas l'écran /souris/clavier ✓ - Forum Clavier
- Mon unité centrale s'allume, mais pas le clavier/écran/souris ✓ - Forum Matériel & Système
12 réponses
tiens les habitués reviennent ^^
bonjour
faudrait voir le poussière à l'interieur , et sinon on peut voir si tu n'as pas de processus "bizarres" qui pompent toutes les ressources
DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)
▶ Télécharge ici :List_Kill'em
et enregistre le sur ton bureau
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur le raccourci sur ton bureau pour lancer l'installation
Laisse coché :
♦ Executer List_Kill'em
une fois terminée , clic sur "terminer" et le programme se lancera seul
choisis l'option Search
▶ laisse travailler l'outil
il se peut qu'une boite de dialogue s'ouvre , dans ce cas clique sur "ok" ou "Agree"
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal ,c'est une recherche supplementaire de fichiers cachés , le programme n'est pas bloqué.
▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
▶▶▶ NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier C:\List'em.txt
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=265368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
▶ Fais de même avec more.txt qui se trouve sur ton bureau
bonjour
faudrait voir le poussière à l'interieur , et sinon on peut voir si tu n'as pas de processus "bizarres" qui pompent toutes les ressources
DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)
▶ Télécharge ici :List_Kill'em
et enregistre le sur ton bureau
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur le raccourci sur ton bureau pour lancer l'installation
Laisse coché :
♦ Executer List_Kill'em
une fois terminée , clic sur "terminer" et le programme se lancera seul
choisis l'option Search
▶ laisse travailler l'outil
il se peut qu'une boite de dialogue s'ouvre , dans ce cas clique sur "ok" ou "Agree"
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal ,c'est une recherche supplementaire de fichiers cachés , le programme n'est pas bloqué.
▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
▶▶▶ NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier C:\List'em.txt
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=265368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
▶ Fais de même avec more.txt qui se trouve sur ton bureau
pepere860
Messages postés
138
Statut
Membre
Re, toujours fidèle au poste. J'ai Online Armor + le pare feu Windooz et j'ai AVG, je ne sais pas comment on les désactive, dis m'en plus STP merci.
ok
online armor : clic droit sur le bouclier bleu dans ta barre des taches puis decoche parefeu et celui du dessus (surveillance des progs il me semble)
parefeu windows => panneau de configuration>>parefeu >>desactiver
AVG : https://support.avg.com/answers#!/feedtype=RECENT_REPLY&dc=All&criteria=ALLQUESTIONS
online armor : clic droit sur le bouclier bleu dans ta barre des taches puis decoche parefeu et celui du dessus (surveillance des progs il me semble)
parefeu windows => panneau de configuration>>parefeu >>desactiver
AVG : https://support.avg.com/answers#!/feedtype=RECENT_REPLY&dc=All&criteria=ALLQUESTIONS
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
oui c'est le mieux
en dessous , ce n'est pas une adresse , c'est ma signature :)
en dessous , ce n'est pas une adresse , c'est ma signature :)
¤¤¤¤¤¤¤¤¤¤ List'em by g3n-h@ckm@n 2.1.0.3 ¤¤¤¤¤¤¤¤¤¤
User : propriétaire (Administrateurs)
Update on 03/09/2010 by g3n-h@ckm@n ::::: 14.30
Start at: 12:14:49 | 04/09/2010
AMD Athlon(tm) 64 X2 Dual Core Processor 4200+
Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18943
Windows Firewall Status : Enabled
AV : AVG Anti-Virus Free 8.0 [ Enabled | Updated ]
C:\ -> Disque fixe local | 145,8 Go (90,16 Go free) [ACER] | NTFS
D:\ -> Disque fixe local | 145,46 Go (145,22 Go free) [DATA] | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible
Boot: Normal
¤¤¤¤¤¤ Processes ------- Memory(Ko) ------- Priority ------ Command ------- Signer
C:\Windows\System32\smss.exe ---- 52 Ko ---- Normal ---- \SystemRoot\System32\smss.exe ----
C:\Windows\system32\csrss.exe ---- 1560 Ko ---- Normal ---- C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ----
C:\Windows\system32\wininit.exe ---- 68 Ko ---- High ---- wininit.exe ----
C:\Windows\system32\csrss.exe ---- 4396 Ko ---- Normal ---- C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ----
C:\Windows\system32\services.exe ---- 1496 Ko ---- Normal ---- C:\Windows\system32\services.exe ----
C:\Windows\system32\lsass.exe ---- 2416 Ko ---- Normal ---- C:\Windows\system32\lsass.exe ----
C:\Windows\system32\lsm.exe ---- 996 Ko ---- Normal ---- C:\Windows\system32\lsm.exe ----
C:\Windows\system32\winlogon.exe ---- 908 Ko ---- High ---- winlogon.exe ----
C:\Windows\system32\svchost.exe ---- 2428 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k DcomLaunch ----
C:\Windows\system32\nvvsvc.exe ---- 68 Ko ---- Normal ---- C:\Windows\system32\nvvsvc.exe ----
C:\Windows\system32\svchost.exe ---- 2760 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k rpcss ----
C:\Windows\System32\svchost.exe ---- 24928 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k secsvcs ----
C:\Windows\System32\svchost.exe ---- 3656 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted ----
C:\Windows\System32\svchost.exe ---- 33040 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted ----
C:\Windows\system32\svchost.exe ---- 10788 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k netsvcs ----
C:\Windows\system32\svchost.exe ---- 672 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k GPSvcGroup ----
C:\Windows\system32\SLsvc.exe ---- 100 Ko ---- Normal ---- C:\Windows\system32\SLsvc.exe ----
C:\Windows\system32\svchost.exe ---- 1428 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k LocalService ----
C:\Windows\system32\rundll32.exe ---- 360 Ko ---- Normal ---- C:\Windows\system32\rundll32.exe C:\Windows\system32\NVSVC.DLL,nvsvcInitialize ----
C:\Windows\system32\svchost.exe ---- 5024 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k NetworkService ----
C:\Program Files\Tall Emu\Online Armor\OAcat.exe ---- 512 Ko ---- Normal ---- "C:\Program Files\Tall Emu\Online Armor\OAcat.exe" ---- Tall Emu
C:\Program Files\Tall Emu\Online Armor\oasrv.exe ---- 8088 Ko ---- High ---- "C:\Program Files\Tall Emu\Online Armor\oasrv.exe" ---- Tall Emu
C:\Windows\System32\spoolsv.exe ---- 2916 Ko ---- Normal ---- C:\Windows\System32\spoolsv.exe ----
C:\Windows\system32\svchost.exe ---- 2080 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork ----
C:\Program Files\Tall Emu\Online Armor\OAreg.exe ---- 60 Ko ---- Normal ---- OAreg.exe fw /on ---- Tall Emu
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ---- 928 Ko ---- Normal ---- "C:\Acer\Empowering Technology\ePerformance\MemCheck.exe" ----
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe ---- 540 Ko ---- Normal ---- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe ---- AVG Technologies
C:\Windows\system32\svchost.exe ---- 64 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k hpdevmgmt ----
C:\Program Files\Common Files\LightScribe\LSSrvc.exe ---- 64 Ko ---- Normal ---- "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" ----
C:\Windows\system32\svchost.exe ---- 64 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted ----
C:\Program Files\CyberLink\Shared Files\RichVideo.exe ---- 60 Ko ---- Normal ---- "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" ----
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe ---- 692 Ko ---- Normal ---- "C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" ---- Microsoft Corporation
C:\PROGRA~1\AVG\AVG8\avgrsx.exe ---- 28928 Ko ---- Normal ---- avgrsx.exe ---- AVG Technologies
C:\Windows\system32\svchost.exe ---- 68 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k imgsvc ----
C:\Windows\System32\svchost.exe ---- 120 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k WerSvcGroup ----
C:\Windows\system32\SearchIndexer.exe ---- 8656 Ko ---- Normal ---- C:\Windows\system32\SearchIndexer.exe /Embedding ----
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe ---- 1292 Ko ---- Normal ---- "C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe" ----
C:\Windows\system32\taskeng.exe ---- 148 Ko ---- Below Normal ---- taskeng.exe {5F1ECD91-5D8E-4E92-B152-175528C121BF} ----
C:\Windows\system32\taskeng.exe ---- 3568 Ko ---- Normal ---- taskeng.exe {E2C8FDA7-FFDB-4B2B-80FF-AC6A70ABDF88} ----
C:\Windows\system32\Dwm.exe ---- 69348 Ko ---- High ---- "C:\Windows\system32\Dwm.exe" ----
C:\Windows\Explorer.EXE ---- 19784 Ko ---- Normal ---- C:\Windows\Explorer.EXE ----
C:\Windows\PixArt\Pac7302\Monitor.exe ---- 276 Ko ---- Normal ---- "C:\Windows\PixArt\Pac7302\Monitor.exe" ----
C:\Program Files\QuickTime\qttask.exe ---- 88 Ko ---- Normal ---- "C:\Program Files\QuickTime\qttask.exe" -atboottime ----
C:\Program Files\AVG\AVG8\avgtray.exe ---- 292 Ko ---- Normal ---- "C:\Program Files\AVG\AVG8\avgtray.exe" ---- AVG Technologies
C:\Windows\System32\rundll32.exe ---- 84 Ko ---- Normal ---- "C:\Windows\System32\rundll32.exe" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit ----
C:\Program Files\Windows Media Player\wmpnscfg.exe ---- 188 Ko ---- Normal ---- "C:\Program Files\Windows Media Player\wmpnscfg.exe" ----
C:\Windows\WindowsMobile\wmdSync.exe ---- 88 Ko ---- Normal ---- "C:\Windows\WindowsMobile\wmdSync.exe" ----
C:\Program Files\Tall Emu\Online Armor\oaui.exe ---- 5768 Ko ---- Normal ---- "C:\Program Files\Tall Emu\Online Armor\oaui.exe" ---- Tall Emu
C:\Program Files\Windows Media Player\wmpnetwk.exe ---- 544 Ko ---- Normal ---- "C:\Program Files\Windows Media Player\wmpnetwk.exe" ----
C:\Program Files\Common Files\Java\Java Update\jusched.exe ---- 60 Ko ---- Normal ---- "C:\Program Files\Common Files\Java\Java Update\jusched.exe" ---- Sun Microsystems, Inc.
C:\Program Files\Windows Live\Messenger\msnmsgr.exe ---- 4664 Ko ---- Normal ---- "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background ---- Microsoft Corporation
C:\Windows\ehome\ehtray.exe ---- 308 Ko ---- Normal ---- "C:\Windows\ehome\ehtray.exe" ----
C:\Users\propriétaire\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe ---- 92 Ko ---- Normal ---- "C:\Users\propriétaire\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe" ----
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe ---- 952 Ko ---- Normal ---- "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" ---- Hewlett Packard
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe ---- 640 Ko ---- Normal ---- "C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe" ----
C:\Windows\ehome\ehmsas.exe ---- 68 Ko ---- Normal ---- C:\Windows\ehome\ehmsas.exe -Embedding ----
C:\Windows\system32\svchost.exe ---- 72 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k WindowsMobile ----
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe ---- 1024 Ko ---- Normal ---- "C:\Program Files\Tall Emu\Online Armor\OAhlp.exe" ---- Tall Emu
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe ---- 124 Ko ---- Normal ---- "C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe" -CtxID "#Hewlett-Packard#HP Officejet J6400 series#1241019570" -Startup ----
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe ---- 92 Ko ---- Normal ---- "C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe" -Embedding ----
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe ---- 100 Ko ---- Normal ---- "C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" -Embedding ----
C:\Program Files\Windows Live\Contacts\wlcomm.exe ---- 2952 Ko ---- Normal ---- "C:\Program Files\Windows Live\Contacts\wlcomm.exe" -Embedding ---- Microsoft Corporation
C:\Windows\system32\taskeng.exe ---- 888 Ko ---- Normal ---- taskeng.exe {CF6A1910-EB6C-4AE3-BCF6-BBF57D44B382} ----
C:\PROGRA~1\AVG\AVG8\avgnsx.exe ---- 416 Ko ---- Normal ---- avgnsx.exe ---- AVG Technologies
C:\Windows\system32\conime.exe ---- 1428 Ko ---- Normal ---- C:\Windows\system32\conime.exe ----
C:\Windows\system32\msfeedssync.exe ---- 188 Ko ---- Normal ---- C:\Windows\system32\msfeedssync.exe sync ----
C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe ---- 172 Ko ---- Normal ---- C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe -Embedding ---- Adobe Systems Incorporated
C:\Windows\System32\svchost.exe ---- 88 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k HPZ12 ----
C:\Program Files\Internet Explorer\iexplore.exe ---- 16240 Ko ---- Normal ---- "C:\Program Files\Internet Explorer\iexplore.exe" ---- Microsoft Corporation
C:\Program Files\Internet Explorer\iexplore.exe ---- 36344 Ko ---- Normal ---- "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2080 CREDAT:71937 ---- Microsoft Corporation
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe ---- 1564 Ko ---- Normal ---- "C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe" ---- Google Inc
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe ---- 332 Ko ---- Normal ---- "C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe" -Embedding ---- Microsoft Corporation
C:\Program Files\Windows Live\Toolbar\wltuser.exe ---- 1564 Ko ---- Normal ---- "C:\Program Files\Windows Live\Toolbar\wltuser.exe" -Embedding ---- Microsoft Corporation
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe ---- 1248 Ko ---- Normal ---- "C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe" -Embedding ---- Hewlett-Packard Company
C:\Windows\system32\WUDFHost.exe ---- 72 Ko ---- Normal ---- "C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-01ea2424-c649-435e-88ce-7b829f19cbd8 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-4b1d744d-0f83-4a77-8ee3-398439179e6a -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-b2427881-6829-495c-9129-1fce9d321702 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:7b57bc99-ecf3-4d46-b671-cf56a5a27b15 ----
C:\Program Files\Tall Emu\Online Armor\OAreg.exe ---- 120 Ko ---- Normal ---- OAreg.exe fw /off /1 ---- Tall Emu
C:\Users\propriétaire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PEYS973A\List_Killem_Install[1].exe ---- 200 Ko ---- Normal ---- "C:\Users\propriétaire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PEYS973A\List_Killem_Install[1].exe" ----
C:\Windows\system32\cmd.exe ---- 5408 Ko ---- Normal ---- C:\Windows\system32\cmd.exe /K List'em.bat ----
C:\Windows\system32\SearchProtocolHost.exe ---- 7940 Ko ---- Idle ---- "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe61_ Global\UsGthrCtrlFltPipeMssGthrPipe61 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" ----
C:\Windows\system32\SearchFilterHost.exe ---- 6712 Ko ---- Idle ---- "C:\Windows\system32\SearchFilterHost.exe" 0 620 624 632 65536 628 ----
C:\Windows\system32\wbem\wmiprvse.exe ---- 8740 Ko ---- Normal ---- C:\Windows\system32\wbem\wmiprvse.exe ----
C:\Program Files\List_Kill'em\pv.exe ---- 8168 Ko ---- Normal ---- pv -o"%f ---- %m Ko ---- %p ---- %l ---- %s" ----
¤¤¤¤¤¤¤¤¤¤ Keys "Run" ¤¤¤¤¤¤¤¤¤¤
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
????r =
msnmsgr = "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
ehTray.exe = C:\Windows\ehome\ehTray.exe
swg = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
ISUSPM Startup = "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
Skype = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
orangeinside = C:\Users\propriétaire\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe
WMPNSCFG = C:\Program Files\Windows Media Player\WMPNSCFG.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
PAC7302_Monitor = C:\Windows\PixArt\PAC7302\Monitor.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
AVG8_TRAY = C:\PROGRA~1\AVG\AVG8\avgtray.exe
fssui = "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
NvCplDaemon = RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter = RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
snpstd3 = C:\Windows\vsnpstd3.exe
Windows Mobile-based device management = %windir%\WindowsMobile\wmdSync.exe
@OnlineArmor GUI = "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Adobe ARM = "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
SunJavaUpdateSched = "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
¤¤¤¤¤¤¤¤¤¤ Other System Keys ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
ConsentPromptBehaviorAdmin = 2 (0x2)
ConsentPromptBehaviorUser = 1 (0x1)
EnableInstallerDetection = 1 (0x1)
EnableLUA = 1 (0x1)
EnableSecureUIAPaths = 1 (0x1)
EnableVirtualization = 1 (0x1)
PromptOnSecureDesktop = 1 (0x1)
ValidateAdminCodeSignatures = 0 (0x0)
dontdisplaylastusername = 0 (0x0)
legalnoticecaption =
legalnoticetext =
scforceoption = 0 (0x0)
shutdownwithoutlogon = 1 (0x1)
undockwithoutlogon = 1 (0x1)
FilterAdministratorToken = 0 (0x0)
EnableUIADesktopToggle = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveAutoRun = 0 (0x0)
NoDriveTypeAutoRun = 0 (0x0)
HonorAutoRunSetting = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
BindDirectlyToPropertySetStorage = 0 (0x0)
NoDriveAutoRun = 0 (0x0)
NoDriveTypeAutoRun = 0 (0x0)
HonorAutoRunSetting = 0 (0x0)
EnableShellExecuteHooks = 1 (0x1)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS =
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
ReportBootOk = 1
Shell = Explorer.exe
Userinit = C:\Windows\system32\Userinit.exe,
VmApplet = rundll32 shell32,Control_RunDLL "sysdm.cpl"
AutoRestartShell = 1 (0x1)
LegalNoticeCaption =
LegalNoticeText =
PowerdownAfterShutdown = 0
ShutdownWithoutLogon = 0
cachedlogonscount = 10
forceunlocklogon = 0 (0x0)
passwordexpirywarning = 14 (0xe)
Background = 0 0 0
DebugServerCommand = no
WinStationsDisabled = 0
DisableCAD = 1 (0x1)
scremoveoption = 0
ShutdownFlags = 43 (0x2b)
AutoLogonCount = 999 (0x3e7)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{4F07DA45-8170-4859-9B5F-037EF2970034} = OA Shell Helper
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe = C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
C:\Acer\Empowering Technology\eDataSecurity\encryption.exe = C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
C:\Acer\Empowering Technology\eDataSecurity\decryption.exe = C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
¤¤¤¤¤¤¤¤¤¤ ActivX | COM ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{8AA6CB35-67D7-45A2-B1F4-C87EC19E4522}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\D27CDB6E-AE6D-11CF-96B8-444553540000]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0291E591-EA41-4c82-8106-3DC6CE7F7664}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{38031F86-3772-4507-AB75-B4D698F8C8BA}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3C3901C5-3455-3E0A-A214-0B093A5070A6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61DD0354-E63A-4BA0-8364-1A3BF468C6E0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
¤¤¤¤¤¤¤¤¤¤ BHO ¤¤¤¤¤¤¤¤¤¤
[@ = ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0347C33E-8762-4905-BF09-768834316C61}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{33727f97-486d-4d19-97c3-23f432ef93fc}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
¤¤¤¤¤¤¤¤¤¤ DNS ¤¤¤¤¤¤¤¤¤¤
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F02C6852-4A8E-4995-9A62-AA6655A76234}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F02C6852-4A8E-4995-9A62-AA6655A76234}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{F02C6852-4A8E-4995-9A62-AA6655A76234}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = http://mywwwsites.com
Local Page = C:\Windows\System32\blank.htm
Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_Page_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Search Page = http://mywwwsites.com
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.orange.fr/portail
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
¤¤¤¤¤ Proxy Internet Explorer
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
ProxyHttp1.1 = 0 (0x0)
ProxyEnable = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤ Proxy Firefox ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ TaskCache ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\AppleSoftwareUpdate]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\CreateChoiceProcessTask]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\GoogleUpdateTaskMachineCore]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\GoogleUpdateTaskMachineUA]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\Microsoft]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\Registry Reviver-propriétaire-Startup]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\User_Feed_Synchronization-{5977F9C3-525F-48EC-9368-AC7782D753FD}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\User_Feed_Synchronization-{787A6253-673D-4E1C-86A8-68D6D0B5B449}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{2F165E9D-D88F-41E2-B0DC-37F17E658F61}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{332B41BB-7D81-482A-AA0F-3D17DE39D128}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{6B203277-F915-40A8-BB18-E3F7028313F1}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{A8810207-648E-4ACA-9047-DEFC8D13BB31}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{B13986AC-1462-4071-A4E1-FF093E7478CA}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{C5786E1A-2737-4DE7-B211-F00107547B2E}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{CCFD4825-8185-4591-B2E0-9D2DEC55D0B9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{E1546D03-27FE-4765-80C0-0A8A23B58B8A}]
¤¤¤¤¤¤¤¤¤¤ IFEO ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AcroRd32.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DllNXOptions]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IEInstal.exe]
¤¤¤¤¤¤¤¤¤¤ File Protection ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Windows File Protection]
KnownDllList = nlhtml.dll
¤¤¤¤¤¤¤¤¤¤ Safemode ¤¤¤¤¤¤¤¤¤¤
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!
¤¤¤¤¤¤¤¤¤¤ Atapi.sys ¤¤¤¤¤¤¤¤¤¤
C:\Windows\System32\drivers\atapi.sys :
[MD5.1f05b78ab91c9075565a9d8a4b880bc4]
[SHA256.737be9f9376dab0ccdfed93ea6d67f0c432367ea63cd772a453485be769af3bd]
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys :
[MD5.b35cfcef838382ab6490b321c87edf17]
[SHA256.a13985b87b5918d123072c7128e12dc28b0fcfd68383afa6e1da72a25bd781e0]
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys :
[MD5.1f05b78ab91c9075565a9d8a4b880bc4]
[SHA256.737be9f9376dab0ccdfed93ea6d67f0c432367ea63cd772a453485be769af3bd]
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys :
[MD5.4f4fcb8b6ea06784fb6d475b7ec7300f]
[SHA256.6202d85c9a75e3f01f5f94f069c4cd8a2b9295a182301eae5940ec3bc2c1d896]
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys :
[MD5.2d9c903dc76a66813d350a562de40ed9]
[SHA256.82609f01a08c6842e4c17c077bb641c1429c0e6657964b7f2d114035e1bdcbf3]
C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys :
[MD5.b35cfcef838382ab6490b321c87edf17]
[SHA256.a13985b87b5918d123072c7128e12dc28b0fcfd68383afa6e1da72a25bd781e0]
C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys :
[MD5.e03e8c99d15d0381e02743c36afc7c6f]
[SHA256.8217348674fc4d0c6d567ffc95b14dfd507f47c5a4728c2ba93d72c412e8527b]
C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys :
[MD5.2d9c903dc76a66813d350a562de40ed9]
[SHA256.82609f01a08c6842e4c17c077bb641c1429c0e6657964b7f2d114035e1bdcbf3]
C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys :
[MD5.1f05b78ab91c9075565a9d8a4b880bc4]
[SHA256.737be9f9376dab0ccdfed93ea6d67f0c432367ea63cd772a453485be769af3bd]
¤¤¤¤¤ Reference
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP1_32b : 95b858761a00e1d4f81f79a0da019aca
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 338c86357871c167a96ab976519bf59e
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
¤¤¤¤¤¤¤¤¤¤ Drive ¤¤¤¤¤¤¤¤¤¤
D'fragmenteur de disque Windows
Copyright (c) 2006 Microsoft Corp.
Rapport d'analyse pour le volume C: ACER
Taille du volume = 146 Go
Espace libre = 90.13 Go
tendue d'espace libre la plus grande = 61.05 Go
Pourcentage de fragmentation des fichiers = 1 %
Remarqueÿ: sur les volumes NTFS, les fragments de fichiers de plus de 64ÿMo ne sont pas inclus dans les statistiques de fragmentation.
Il n'est pas n'cessaire de d'fragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Mountpoints2 ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Rogues Infections ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Files/folders ¤¤¤¤¤¤¤¤¤¤
Present !! : C:\ProgramData\hpzinstall.log
Present !! : C:\ProgramData\hpzinstall.log
Present !! : C:\ProgramData\hpzinstall.log
Present !! : C:\ProgramData\hpzinstall.log
Present !! : C:\Users\propri'taire\AppData\Local\GDIPFONTCACHEV1.DAT
Present !! : C:\Users\propri'taire\Local Settings\Temp\25D.tmp
¤¤¤¤¤¤¤¤¤¤ Keys :
FEATURE_BROWSER_EMULATION | svchost :
====================================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-04 13:50:33
Windows 6.0.6002 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor.sys
kernel: MBR read successfully
user & kernel MBR OK
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval = 1 (0x1)
UacDisableNotify = 0 (0x0)
InternetSettingsDisableNotify = 0 (0x0)
AutoUpdateDisableNotify = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 13:52:42,91
User : propriétaire (Administrateurs)
Update on 03/09/2010 by g3n-h@ckm@n ::::: 14.30
Start at: 12:14:49 | 04/09/2010
AMD Athlon(tm) 64 X2 Dual Core Processor 4200+
Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18943
Windows Firewall Status : Enabled
AV : AVG Anti-Virus Free 8.0 [ Enabled | Updated ]
C:\ -> Disque fixe local | 145,8 Go (90,16 Go free) [ACER] | NTFS
D:\ -> Disque fixe local | 145,46 Go (145,22 Go free) [DATA] | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible
Boot: Normal
¤¤¤¤¤¤ Processes ------- Memory(Ko) ------- Priority ------ Command ------- Signer
C:\Windows\System32\smss.exe ---- 52 Ko ---- Normal ---- \SystemRoot\System32\smss.exe ----
C:\Windows\system32\csrss.exe ---- 1560 Ko ---- Normal ---- C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ----
C:\Windows\system32\wininit.exe ---- 68 Ko ---- High ---- wininit.exe ----
C:\Windows\system32\csrss.exe ---- 4396 Ko ---- Normal ---- C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ----
C:\Windows\system32\services.exe ---- 1496 Ko ---- Normal ---- C:\Windows\system32\services.exe ----
C:\Windows\system32\lsass.exe ---- 2416 Ko ---- Normal ---- C:\Windows\system32\lsass.exe ----
C:\Windows\system32\lsm.exe ---- 996 Ko ---- Normal ---- C:\Windows\system32\lsm.exe ----
C:\Windows\system32\winlogon.exe ---- 908 Ko ---- High ---- winlogon.exe ----
C:\Windows\system32\svchost.exe ---- 2428 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k DcomLaunch ----
C:\Windows\system32\nvvsvc.exe ---- 68 Ko ---- Normal ---- C:\Windows\system32\nvvsvc.exe ----
C:\Windows\system32\svchost.exe ---- 2760 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k rpcss ----
C:\Windows\System32\svchost.exe ---- 24928 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k secsvcs ----
C:\Windows\System32\svchost.exe ---- 3656 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted ----
C:\Windows\System32\svchost.exe ---- 33040 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted ----
C:\Windows\system32\svchost.exe ---- 10788 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k netsvcs ----
C:\Windows\system32\svchost.exe ---- 672 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k GPSvcGroup ----
C:\Windows\system32\SLsvc.exe ---- 100 Ko ---- Normal ---- C:\Windows\system32\SLsvc.exe ----
C:\Windows\system32\svchost.exe ---- 1428 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k LocalService ----
C:\Windows\system32\rundll32.exe ---- 360 Ko ---- Normal ---- C:\Windows\system32\rundll32.exe C:\Windows\system32\NVSVC.DLL,nvsvcInitialize ----
C:\Windows\system32\svchost.exe ---- 5024 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k NetworkService ----
C:\Program Files\Tall Emu\Online Armor\OAcat.exe ---- 512 Ko ---- Normal ---- "C:\Program Files\Tall Emu\Online Armor\OAcat.exe" ---- Tall Emu
C:\Program Files\Tall Emu\Online Armor\oasrv.exe ---- 8088 Ko ---- High ---- "C:\Program Files\Tall Emu\Online Armor\oasrv.exe" ---- Tall Emu
C:\Windows\System32\spoolsv.exe ---- 2916 Ko ---- Normal ---- C:\Windows\System32\spoolsv.exe ----
C:\Windows\system32\svchost.exe ---- 2080 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork ----
C:\Program Files\Tall Emu\Online Armor\OAreg.exe ---- 60 Ko ---- Normal ---- OAreg.exe fw /on ---- Tall Emu
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ---- 928 Ko ---- Normal ---- "C:\Acer\Empowering Technology\ePerformance\MemCheck.exe" ----
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe ---- 540 Ko ---- Normal ---- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe ---- AVG Technologies
C:\Windows\system32\svchost.exe ---- 64 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k hpdevmgmt ----
C:\Program Files\Common Files\LightScribe\LSSrvc.exe ---- 64 Ko ---- Normal ---- "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" ----
C:\Windows\system32\svchost.exe ---- 64 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted ----
C:\Program Files\CyberLink\Shared Files\RichVideo.exe ---- 60 Ko ---- Normal ---- "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" ----
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe ---- 692 Ko ---- Normal ---- "C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" ---- Microsoft Corporation
C:\PROGRA~1\AVG\AVG8\avgrsx.exe ---- 28928 Ko ---- Normal ---- avgrsx.exe ---- AVG Technologies
C:\Windows\system32\svchost.exe ---- 68 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k imgsvc ----
C:\Windows\System32\svchost.exe ---- 120 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k WerSvcGroup ----
C:\Windows\system32\SearchIndexer.exe ---- 8656 Ko ---- Normal ---- C:\Windows\system32\SearchIndexer.exe /Embedding ----
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe ---- 1292 Ko ---- Normal ---- "C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe" ----
C:\Windows\system32\taskeng.exe ---- 148 Ko ---- Below Normal ---- taskeng.exe {5F1ECD91-5D8E-4E92-B152-175528C121BF} ----
C:\Windows\system32\taskeng.exe ---- 3568 Ko ---- Normal ---- taskeng.exe {E2C8FDA7-FFDB-4B2B-80FF-AC6A70ABDF88} ----
C:\Windows\system32\Dwm.exe ---- 69348 Ko ---- High ---- "C:\Windows\system32\Dwm.exe" ----
C:\Windows\Explorer.EXE ---- 19784 Ko ---- Normal ---- C:\Windows\Explorer.EXE ----
C:\Windows\PixArt\Pac7302\Monitor.exe ---- 276 Ko ---- Normal ---- "C:\Windows\PixArt\Pac7302\Monitor.exe" ----
C:\Program Files\QuickTime\qttask.exe ---- 88 Ko ---- Normal ---- "C:\Program Files\QuickTime\qttask.exe" -atboottime ----
C:\Program Files\AVG\AVG8\avgtray.exe ---- 292 Ko ---- Normal ---- "C:\Program Files\AVG\AVG8\avgtray.exe" ---- AVG Technologies
C:\Windows\System32\rundll32.exe ---- 84 Ko ---- Normal ---- "C:\Windows\System32\rundll32.exe" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit ----
C:\Program Files\Windows Media Player\wmpnscfg.exe ---- 188 Ko ---- Normal ---- "C:\Program Files\Windows Media Player\wmpnscfg.exe" ----
C:\Windows\WindowsMobile\wmdSync.exe ---- 88 Ko ---- Normal ---- "C:\Windows\WindowsMobile\wmdSync.exe" ----
C:\Program Files\Tall Emu\Online Armor\oaui.exe ---- 5768 Ko ---- Normal ---- "C:\Program Files\Tall Emu\Online Armor\oaui.exe" ---- Tall Emu
C:\Program Files\Windows Media Player\wmpnetwk.exe ---- 544 Ko ---- Normal ---- "C:\Program Files\Windows Media Player\wmpnetwk.exe" ----
C:\Program Files\Common Files\Java\Java Update\jusched.exe ---- 60 Ko ---- Normal ---- "C:\Program Files\Common Files\Java\Java Update\jusched.exe" ---- Sun Microsystems, Inc.
C:\Program Files\Windows Live\Messenger\msnmsgr.exe ---- 4664 Ko ---- Normal ---- "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background ---- Microsoft Corporation
C:\Windows\ehome\ehtray.exe ---- 308 Ko ---- Normal ---- "C:\Windows\ehome\ehtray.exe" ----
C:\Users\propriétaire\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe ---- 92 Ko ---- Normal ---- "C:\Users\propriétaire\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe" ----
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe ---- 952 Ko ---- Normal ---- "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" ---- Hewlett Packard
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe ---- 640 Ko ---- Normal ---- "C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe" ----
C:\Windows\ehome\ehmsas.exe ---- 68 Ko ---- Normal ---- C:\Windows\ehome\ehmsas.exe -Embedding ----
C:\Windows\system32\svchost.exe ---- 72 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k WindowsMobile ----
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe ---- 1024 Ko ---- Normal ---- "C:\Program Files\Tall Emu\Online Armor\OAhlp.exe" ---- Tall Emu
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe ---- 124 Ko ---- Normal ---- "C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe" -CtxID "#Hewlett-Packard#HP Officejet J6400 series#1241019570" -Startup ----
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe ---- 92 Ko ---- Normal ---- "C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe" -Embedding ----
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe ---- 100 Ko ---- Normal ---- "C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" -Embedding ----
C:\Program Files\Windows Live\Contacts\wlcomm.exe ---- 2952 Ko ---- Normal ---- "C:\Program Files\Windows Live\Contacts\wlcomm.exe" -Embedding ---- Microsoft Corporation
C:\Windows\system32\taskeng.exe ---- 888 Ko ---- Normal ---- taskeng.exe {CF6A1910-EB6C-4AE3-BCF6-BBF57D44B382} ----
C:\PROGRA~1\AVG\AVG8\avgnsx.exe ---- 416 Ko ---- Normal ---- avgnsx.exe ---- AVG Technologies
C:\Windows\system32\conime.exe ---- 1428 Ko ---- Normal ---- C:\Windows\system32\conime.exe ----
C:\Windows\system32\msfeedssync.exe ---- 188 Ko ---- Normal ---- C:\Windows\system32\msfeedssync.exe sync ----
C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe ---- 172 Ko ---- Normal ---- C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe -Embedding ---- Adobe Systems Incorporated
C:\Windows\System32\svchost.exe ---- 88 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k HPZ12 ----
C:\Program Files\Internet Explorer\iexplore.exe ---- 16240 Ko ---- Normal ---- "C:\Program Files\Internet Explorer\iexplore.exe" ---- Microsoft Corporation
C:\Program Files\Internet Explorer\iexplore.exe ---- 36344 Ko ---- Normal ---- "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2080 CREDAT:71937 ---- Microsoft Corporation
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe ---- 1564 Ko ---- Normal ---- "C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe" ---- Google Inc
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe ---- 332 Ko ---- Normal ---- "C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe" -Embedding ---- Microsoft Corporation
C:\Program Files\Windows Live\Toolbar\wltuser.exe ---- 1564 Ko ---- Normal ---- "C:\Program Files\Windows Live\Toolbar\wltuser.exe" -Embedding ---- Microsoft Corporation
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe ---- 1248 Ko ---- Normal ---- "C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe" -Embedding ---- Hewlett-Packard Company
C:\Windows\system32\WUDFHost.exe ---- 72 Ko ---- Normal ---- "C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-01ea2424-c649-435e-88ce-7b829f19cbd8 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-4b1d744d-0f83-4a77-8ee3-398439179e6a -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-b2427881-6829-495c-9129-1fce9d321702 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:7b57bc99-ecf3-4d46-b671-cf56a5a27b15 ----
C:\Program Files\Tall Emu\Online Armor\OAreg.exe ---- 120 Ko ---- Normal ---- OAreg.exe fw /off /1 ---- Tall Emu
C:\Users\propriétaire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PEYS973A\List_Killem_Install[1].exe ---- 200 Ko ---- Normal ---- "C:\Users\propriétaire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PEYS973A\List_Killem_Install[1].exe" ----
C:\Windows\system32\cmd.exe ---- 5408 Ko ---- Normal ---- C:\Windows\system32\cmd.exe /K List'em.bat ----
C:\Windows\system32\SearchProtocolHost.exe ---- 7940 Ko ---- Idle ---- "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe61_ Global\UsGthrCtrlFltPipeMssGthrPipe61 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" ----
C:\Windows\system32\SearchFilterHost.exe ---- 6712 Ko ---- Idle ---- "C:\Windows\system32\SearchFilterHost.exe" 0 620 624 632 65536 628 ----
C:\Windows\system32\wbem\wmiprvse.exe ---- 8740 Ko ---- Normal ---- C:\Windows\system32\wbem\wmiprvse.exe ----
C:\Program Files\List_Kill'em\pv.exe ---- 8168 Ko ---- Normal ---- pv -o"%f ---- %m Ko ---- %p ---- %l ---- %s" ----
¤¤¤¤¤¤¤¤¤¤ Keys "Run" ¤¤¤¤¤¤¤¤¤¤
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
????r =
msnmsgr = "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
ehTray.exe = C:\Windows\ehome\ehTray.exe
swg = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
ISUSPM Startup = "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
Skype = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
orangeinside = C:\Users\propriétaire\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe
WMPNSCFG = C:\Program Files\Windows Media Player\WMPNSCFG.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
PAC7302_Monitor = C:\Windows\PixArt\PAC7302\Monitor.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
AVG8_TRAY = C:\PROGRA~1\AVG\AVG8\avgtray.exe
fssui = "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
NvCplDaemon = RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter = RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
snpstd3 = C:\Windows\vsnpstd3.exe
Windows Mobile-based device management = %windir%\WindowsMobile\wmdSync.exe
@OnlineArmor GUI = "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Adobe ARM = "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
SunJavaUpdateSched = "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
¤¤¤¤¤¤¤¤¤¤ Other System Keys ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
ConsentPromptBehaviorAdmin = 2 (0x2)
ConsentPromptBehaviorUser = 1 (0x1)
EnableInstallerDetection = 1 (0x1)
EnableLUA = 1 (0x1)
EnableSecureUIAPaths = 1 (0x1)
EnableVirtualization = 1 (0x1)
PromptOnSecureDesktop = 1 (0x1)
ValidateAdminCodeSignatures = 0 (0x0)
dontdisplaylastusername = 0 (0x0)
legalnoticecaption =
legalnoticetext =
scforceoption = 0 (0x0)
shutdownwithoutlogon = 1 (0x1)
undockwithoutlogon = 1 (0x1)
FilterAdministratorToken = 0 (0x0)
EnableUIADesktopToggle = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveAutoRun = 0 (0x0)
NoDriveTypeAutoRun = 0 (0x0)
HonorAutoRunSetting = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
BindDirectlyToPropertySetStorage = 0 (0x0)
NoDriveAutoRun = 0 (0x0)
NoDriveTypeAutoRun = 0 (0x0)
HonorAutoRunSetting = 0 (0x0)
EnableShellExecuteHooks = 1 (0x1)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS =
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
ReportBootOk = 1
Shell = Explorer.exe
Userinit = C:\Windows\system32\Userinit.exe,
VmApplet = rundll32 shell32,Control_RunDLL "sysdm.cpl"
AutoRestartShell = 1 (0x1)
LegalNoticeCaption =
LegalNoticeText =
PowerdownAfterShutdown = 0
ShutdownWithoutLogon = 0
cachedlogonscount = 10
forceunlocklogon = 0 (0x0)
passwordexpirywarning = 14 (0xe)
Background = 0 0 0
DebugServerCommand = no
WinStationsDisabled = 0
DisableCAD = 1 (0x1)
scremoveoption = 0
ShutdownFlags = 43 (0x2b)
AutoLogonCount = 999 (0x3e7)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{4F07DA45-8170-4859-9B5F-037EF2970034} = OA Shell Helper
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe = C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
C:\Acer\Empowering Technology\eDataSecurity\encryption.exe = C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
C:\Acer\Empowering Technology\eDataSecurity\decryption.exe = C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
¤¤¤¤¤¤¤¤¤¤ ActivX | COM ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{8AA6CB35-67D7-45A2-B1F4-C87EC19E4522}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\D27CDB6E-AE6D-11CF-96B8-444553540000]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0291E591-EA41-4c82-8106-3DC6CE7F7664}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{38031F86-3772-4507-AB75-B4D698F8C8BA}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3C3901C5-3455-3E0A-A214-0B093A5070A6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61DD0354-E63A-4BA0-8364-1A3BF468C6E0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
¤¤¤¤¤¤¤¤¤¤ BHO ¤¤¤¤¤¤¤¤¤¤
[@ = ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0347C33E-8762-4905-BF09-768834316C61}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{33727f97-486d-4d19-97c3-23f432ef93fc}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
¤¤¤¤¤¤¤¤¤¤ DNS ¤¤¤¤¤¤¤¤¤¤
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F02C6852-4A8E-4995-9A62-AA6655A76234}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F02C6852-4A8E-4995-9A62-AA6655A76234}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{F02C6852-4A8E-4995-9A62-AA6655A76234}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = http://mywwwsites.com
Local Page = C:\Windows\System32\blank.htm
Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_Page_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Search Page = http://mywwwsites.com
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.orange.fr/portail
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
¤¤¤¤¤ Proxy Internet Explorer
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
ProxyHttp1.1 = 0 (0x0)
ProxyEnable = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤ Proxy Firefox ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ TaskCache ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\AppleSoftwareUpdate]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\CreateChoiceProcessTask]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\GoogleUpdateTaskMachineCore]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\GoogleUpdateTaskMachineUA]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\Microsoft]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\Registry Reviver-propriétaire-Startup]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\User_Feed_Synchronization-{5977F9C3-525F-48EC-9368-AC7782D753FD}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\User_Feed_Synchronization-{787A6253-673D-4E1C-86A8-68D6D0B5B449}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{2F165E9D-D88F-41E2-B0DC-37F17E658F61}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{332B41BB-7D81-482A-AA0F-3D17DE39D128}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{6B203277-F915-40A8-BB18-E3F7028313F1}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{A8810207-648E-4ACA-9047-DEFC8D13BB31}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{B13986AC-1462-4071-A4E1-FF093E7478CA}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{C5786E1A-2737-4DE7-B211-F00107547B2E}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{CCFD4825-8185-4591-B2E0-9D2DEC55D0B9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{E1546D03-27FE-4765-80C0-0A8A23B58B8A}]
¤¤¤¤¤¤¤¤¤¤ IFEO ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AcroRd32.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DllNXOptions]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IEInstal.exe]
¤¤¤¤¤¤¤¤¤¤ File Protection ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Windows File Protection]
KnownDllList = nlhtml.dll
¤¤¤¤¤¤¤¤¤¤ Safemode ¤¤¤¤¤¤¤¤¤¤
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!
¤¤¤¤¤¤¤¤¤¤ Atapi.sys ¤¤¤¤¤¤¤¤¤¤
C:\Windows\System32\drivers\atapi.sys :
[MD5.1f05b78ab91c9075565a9d8a4b880bc4]
[SHA256.737be9f9376dab0ccdfed93ea6d67f0c432367ea63cd772a453485be769af3bd]
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys :
[MD5.b35cfcef838382ab6490b321c87edf17]
[SHA256.a13985b87b5918d123072c7128e12dc28b0fcfd68383afa6e1da72a25bd781e0]
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys :
[MD5.1f05b78ab91c9075565a9d8a4b880bc4]
[SHA256.737be9f9376dab0ccdfed93ea6d67f0c432367ea63cd772a453485be769af3bd]
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys :
[MD5.4f4fcb8b6ea06784fb6d475b7ec7300f]
[SHA256.6202d85c9a75e3f01f5f94f069c4cd8a2b9295a182301eae5940ec3bc2c1d896]
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys :
[MD5.2d9c903dc76a66813d350a562de40ed9]
[SHA256.82609f01a08c6842e4c17c077bb641c1429c0e6657964b7f2d114035e1bdcbf3]
C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys :
[MD5.b35cfcef838382ab6490b321c87edf17]
[SHA256.a13985b87b5918d123072c7128e12dc28b0fcfd68383afa6e1da72a25bd781e0]
C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys :
[MD5.e03e8c99d15d0381e02743c36afc7c6f]
[SHA256.8217348674fc4d0c6d567ffc95b14dfd507f47c5a4728c2ba93d72c412e8527b]
C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys :
[MD5.2d9c903dc76a66813d350a562de40ed9]
[SHA256.82609f01a08c6842e4c17c077bb641c1429c0e6657964b7f2d114035e1bdcbf3]
C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys :
[MD5.1f05b78ab91c9075565a9d8a4b880bc4]
[SHA256.737be9f9376dab0ccdfed93ea6d67f0c432367ea63cd772a453485be769af3bd]
¤¤¤¤¤ Reference
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP1_32b : 95b858761a00e1d4f81f79a0da019aca
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 338c86357871c167a96ab976519bf59e
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
¤¤¤¤¤¤¤¤¤¤ Drive ¤¤¤¤¤¤¤¤¤¤
D'fragmenteur de disque Windows
Copyright (c) 2006 Microsoft Corp.
Rapport d'analyse pour le volume C: ACER
Taille du volume = 146 Go
Espace libre = 90.13 Go
tendue d'espace libre la plus grande = 61.05 Go
Pourcentage de fragmentation des fichiers = 1 %
Remarqueÿ: sur les volumes NTFS, les fragments de fichiers de plus de 64ÿMo ne sont pas inclus dans les statistiques de fragmentation.
Il n'est pas n'cessaire de d'fragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Mountpoints2 ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Rogues Infections ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Files/folders ¤¤¤¤¤¤¤¤¤¤
Present !! : C:\ProgramData\hpzinstall.log
Present !! : C:\ProgramData\hpzinstall.log
Present !! : C:\ProgramData\hpzinstall.log
Present !! : C:\ProgramData\hpzinstall.log
Present !! : C:\Users\propri'taire\AppData\Local\GDIPFONTCACHEV1.DAT
Present !! : C:\Users\propri'taire\Local Settings\Temp\25D.tmp
¤¤¤¤¤¤¤¤¤¤ Keys :
FEATURE_BROWSER_EMULATION | svchost :
====================================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-04 13:50:33
Windows 6.0.6002 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor.sys
kernel: MBR read successfully
user & kernel MBR OK
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval = 1 (0x1)
UacDisableNotify = 0 (0x0)
InternetSettingsDisableNotify = 0 (0x0)
AutoUpdateDisableNotify = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 13:52:42,91
desinstalle :
mywebsites.pro-FR Toolbar => mywebsites.pro-FR Toolbar
znet_work Toolbar
ensuite :
desactive l'uac
https://www.google.fr/search?q=desactiver+l+uac&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:fr:official&client=firefox-a&gws_rd=ssl
ensuite , une fois ton pc redemarré :
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
▶ Relance List&Kill'em,avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'option Script
une fenêtre noire va s'ouvrir brievement , et List_Kill'em va se fermer
observe ton bureau une icône "Script" s'est rajouté sur ton bureau
▶ crée un nouveau document texte sur ton bureau et copie/colle ce en gras si dessous :
FILE:C:\Users\propriétaire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PEYS973A\List_Killem_Install[1].exe
REM:"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "????r"
REM:"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "QuickTime Task"
REM:"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Adobe Reader Speed Launcher"
ADD:"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer" /v "NoDriveTypeAutoRun" /t REG_DWORD /d "145"
ADD:"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer" /v "HonorAutoRunSetting" /t REG_DWORD /d "1"
REM:"HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{33727f97-486d-4d19-97c3-23f432ef93fc}"
▶ enregistre le document texte avec l'onglet fichier (enregistrer) de ce dernier , puis ferme-le
▶ effectue un glisser/deposer de ce fichier sur l'icone "Script"
laisse travailler l'outil
▶ poste le resultat
▶ Ferme List_Kill'em
Note : le rapport est aussi ici : ?:\Script_.txt
ensuite :
Fais analyser le(s) fichier(s) suivants sur Virustotal :
Virus Total
* * Colle directement le chemin des fichiers , un par un , dans l'espace "Parcourir" apres chaque analyse :
C:\Windows\System32\ERUpdateHidden.EXE
C:\Windows\System32\oopmdisp.exe
C:\Windows\System32\progress.exe
C:\Windows\System32\ADMIN_CLASS_LIB.dll
C:\Windows\System32\APISlice.dll
C:\Windows\System32\DsrSleep.dll
C:\Windows\System32\MSNSpook.dll
C:\Windows\System32\notexp50.dll
C:\Windows\System32\xqviewer.dll
* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée colle le lien de(s)( la) page(s) dans ta prochaine réponse.
ensuite :
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
▶ Relance List_Kill'em,avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'Option Clean
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
▶ colle le contenu dans ta reponse
¤¤¤¤¤¤?G3?-?@¢??@?(TM)©®?¤¤¤¤¤¤
mywebsites.pro-FR Toolbar => mywebsites.pro-FR Toolbar
znet_work Toolbar
ensuite :
desactive l'uac
https://www.google.fr/search?q=desactiver+l+uac&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:fr:official&client=firefox-a&gws_rd=ssl
ensuite , une fois ton pc redemarré :
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
▶ Relance List&Kill'em,avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'option Script
une fenêtre noire va s'ouvrir brievement , et List_Kill'em va se fermer
observe ton bureau une icône "Script" s'est rajouté sur ton bureau
▶ crée un nouveau document texte sur ton bureau et copie/colle ce en gras si dessous :
FILE:C:\Users\propriétaire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PEYS973A\List_Killem_Install[1].exe
REM:"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "????r"
REM:"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "QuickTime Task"
REM:"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Adobe Reader Speed Launcher"
ADD:"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer" /v "NoDriveTypeAutoRun" /t REG_DWORD /d "145"
ADD:"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer" /v "HonorAutoRunSetting" /t REG_DWORD /d "1"
REM:"HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{33727f97-486d-4d19-97c3-23f432ef93fc}"
▶ enregistre le document texte avec l'onglet fichier (enregistrer) de ce dernier , puis ferme-le
▶ effectue un glisser/deposer de ce fichier sur l'icone "Script"
laisse travailler l'outil
▶ poste le resultat
▶ Ferme List_Kill'em
Note : le rapport est aussi ici : ?:\Script_.txt
ensuite :
Fais analyser le(s) fichier(s) suivants sur Virustotal :
Virus Total
* * Colle directement le chemin des fichiers , un par un , dans l'espace "Parcourir" apres chaque analyse :
C:\Windows\System32\ERUpdateHidden.EXE
C:\Windows\System32\oopmdisp.exe
C:\Windows\System32\progress.exe
C:\Windows\System32\ADMIN_CLASS_LIB.dll
C:\Windows\System32\APISlice.dll
C:\Windows\System32\DsrSleep.dll
C:\Windows\System32\MSNSpook.dll
C:\Windows\System32\notexp50.dll
C:\Windows\System32\xqviewer.dll
* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée colle le lien de(s)( la) page(s) dans ta prochaine réponse.
ensuite :
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
▶ Relance List_Kill'em,avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'Option Clean
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
▶ colle le contenu dans ta reponse
¤¤¤¤¤¤?G3?-?@¢??@?(TM)©®?¤¤¤¤¤¤
reponds avec le bouton vert stp
dans programmes et fonctionnalités dans le panneau de configuration
¤¤¤¤¤¤?G3?-?@¢??@?(TM)©®?¤¤¤¤¤¤
dans programmes et fonctionnalités dans le panneau de configuration
¤¤¤¤¤¤?G3?-?@¢??@?(TM)©®?¤¤¤¤¤¤
Tiens bizarre, tu ne m'as jamais dis qu'il fallait te répondre avec le bouton vert. Mais dis moi, ( je te fais entièrement confiance ) mais je ne risque rien à désinstaller les deux " mywebsites.... " car c'est un PC professionnel, je ne voudrais pas avoir de soucis. Merci pour ton aide.
