Rapport nettoyage AD-R merci
erwanlescanff
Messages postés
6
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
voici le rapport de nettoyage
mon PC marche sous XP;
merci
======= RAPPORT D'AD-REMOVER 2.0.0.1,D | UNIQUEMENT XP/VISTA/7 =======
Mis à jour par C_XX le 26/07/10 à 12:00
Contact: AdRemover.contact[AT]gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 12:20:01 le 28/08/2010, Mode normal
Microsoft Windows XP Édition familiale Service Pack 3 (X86)
erwan@WAWAN ( )
============== ACTION(S) ==============
0,Dossier supprimé: C:\Documents and Settings\erwan\Application Data\EoRezo
0,Dossier supprimé: C:\Documents and Settings\erwan\Local Settings\Application Data\EoRezo
0,Dossier supprimé: C:\Program Files\EoRezo
(!) -- Fichiers temporaires supprimés.
-- Fichier ouvert: C:\Documents and Settings\erwan\Application Data\Mozilla\FireFox\Profiles\7c7bem75.default\Prefs.js --
Ligne supprimée: user_pref("browser.startup.homepage", "hxxp://y.lo.st");
-- Fichier Fermé --
1,Clé supprimée: HKLM\Software\Classes\CLSID\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}
1,Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}
1,Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}
1,Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}
1,Clé supprimée: HKLM\Software\Classes\Interface\{DF76E9B7-35EC-46FC-AF56-5B79DED9D64F}
1,Clé supprimée: HKLM\Software\Classes\TypeLib\{18AF7201-4F14-4BCF-93FE-45617CF259FF}
0,Clé supprimée: HKLM\Software\Classes\EoEngineBHO.EOBHO
0,Clé supprimée: HKLM\Software\Classes\EoEngineBHO.EOBHO.1
0,Clé supprimée: HKLM\Software\Classes\AppID\EoEngineBHO.DLL
1,Clé supprimée: HKLM\Software\Classes\AppID\{AFBB7970-789A-4264-BA70-E8127DECE400}
0,Clé supprimée: HKLM\Software\EoRezo
0,Clé supprimée: HKCU\Software\EoRezo
0,Clé supprimée: HKCU\Software\Winsudate
0,Clé supprimée: HKU\.DEFAULT\Software\EoRezo
0,Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\EoRezo_is1
0,Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
0,Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Eorezo
0,Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Softwarehelper
0,Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Run|winusr
============== SCAN ADDITIONNEL ==============
** Mozilla Firefox Version [3.5.10 (fr)] **
-- C:\Documents and Settings\erwan\Application Data\Mozilla\FireFox\Profiles\7c7bem75.default\Prefs.js --
browser.download.lastDir, C:\\Documents and Settings\\erwan\\Mes documents
browser.startup.homepage_override.mstone, rv:1.9.1.10
keyword.URL, hxxp://www.wibeez.com/meteo?search&q=
========================================
** Internet Explorer Version [8.0.6001.18702] **
[HKCU\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
[HKLM\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
========================================
C:\Program Files\Ad-Remover\Quarantine: 163 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 16 Fichier(s)
C:\Ad-Report-CLEAN[1].txt - 28/08/2010 (932 Octet(s))
C:\Ad-Report-SCAN[1].txt - 28/08/2010 (3978 Octet(s))
Fin à: 12:22:26, 28/08/2010
============== E.O.F ==============
voici le rapport de nettoyage
mon PC marche sous XP;
merci
======= RAPPORT D'AD-REMOVER 2.0.0.1,D | UNIQUEMENT XP/VISTA/7 =======
Mis à jour par C_XX le 26/07/10 à 12:00
Contact: AdRemover.contact[AT]gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 12:20:01 le 28/08/2010, Mode normal
Microsoft Windows XP Édition familiale Service Pack 3 (X86)
erwan@WAWAN ( )
============== ACTION(S) ==============
0,Dossier supprimé: C:\Documents and Settings\erwan\Application Data\EoRezo
0,Dossier supprimé: C:\Documents and Settings\erwan\Local Settings\Application Data\EoRezo
0,Dossier supprimé: C:\Program Files\EoRezo
(!) -- Fichiers temporaires supprimés.
-- Fichier ouvert: C:\Documents and Settings\erwan\Application Data\Mozilla\FireFox\Profiles\7c7bem75.default\Prefs.js --
Ligne supprimée: user_pref("browser.startup.homepage", "hxxp://y.lo.st");
-- Fichier Fermé --
1,Clé supprimée: HKLM\Software\Classes\CLSID\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}
1,Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}
1,Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}
1,Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}
1,Clé supprimée: HKLM\Software\Classes\Interface\{DF76E9B7-35EC-46FC-AF56-5B79DED9D64F}
1,Clé supprimée: HKLM\Software\Classes\TypeLib\{18AF7201-4F14-4BCF-93FE-45617CF259FF}
0,Clé supprimée: HKLM\Software\Classes\EoEngineBHO.EOBHO
0,Clé supprimée: HKLM\Software\Classes\EoEngineBHO.EOBHO.1
0,Clé supprimée: HKLM\Software\Classes\AppID\EoEngineBHO.DLL
1,Clé supprimée: HKLM\Software\Classes\AppID\{AFBB7970-789A-4264-BA70-E8127DECE400}
0,Clé supprimée: HKLM\Software\EoRezo
0,Clé supprimée: HKCU\Software\EoRezo
0,Clé supprimée: HKCU\Software\Winsudate
0,Clé supprimée: HKU\.DEFAULT\Software\EoRezo
0,Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\EoRezo_is1
0,Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
0,Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Eorezo
0,Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Softwarehelper
0,Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Run|winusr
============== SCAN ADDITIONNEL ==============
** Mozilla Firefox Version [3.5.10 (fr)] **
-- C:\Documents and Settings\erwan\Application Data\Mozilla\FireFox\Profiles\7c7bem75.default\Prefs.js --
browser.download.lastDir, C:\\Documents and Settings\\erwan\\Mes documents
browser.startup.homepage_override.mstone, rv:1.9.1.10
keyword.URL, hxxp://www.wibeez.com/meteo?search&q=
========================================
** Internet Explorer Version [8.0.6001.18702] **
[HKCU\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
[HKLM\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
========================================
C:\Program Files\Ad-Remover\Quarantine: 163 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 16 Fichier(s)
C:\Ad-Report-CLEAN[1].txt - 28/08/2010 (932 Octet(s))
C:\Ad-Report-SCAN[1].txt - 28/08/2010 (3978 Octet(s))
Fin à: 12:22:26, 28/08/2010
============== E.O.F ==============
A voir également:
- Rapport nettoyage AD-R merci
- Nettoyage pc lent - Guide
- Nettoyage - Guide
- Nettoyage mac - Guide
- Nettoyage de disque - Guide
- R a l'envers - Forum Windows
8 réponses
salut :
DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)
▶ Télécharge ici :List_Kill'em
et enregistre le sur ton bureau
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur le raccourci sur ton bureau pour lancer l'installation
Laisse coché :
♦ Executer List_Kill'em
une fois terminée , clic sur "terminer" et le programme se lancera seul
choisis l'option Search
▶ laisse travailler l'outil
il se peut qu'une boite de dialogue s'ouvre , dans ce cas clique sur "ok" ou "Agree"
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal ,c'est une recherche supplementaire de fichiers cachés , le programme n'est pas bloqué.
▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
▶▶▶ NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier C:\List'em.txt
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=265368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
▶ Fais de même avec more.txt qui se trouve sur ton bureau
DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)
▶ Télécharge ici :List_Kill'em
et enregistre le sur ton bureau
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur le raccourci sur ton bureau pour lancer l'installation
Laisse coché :
♦ Executer List_Kill'em
une fois terminée , clic sur "terminer" et le programme se lancera seul
choisis l'option Search
▶ laisse travailler l'outil
il se peut qu'une boite de dialogue s'ouvre , dans ce cas clique sur "ok" ou "Agree"
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal ,c'est une recherche supplementaire de fichiers cachés , le programme n'est pas bloqué.
▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
▶▶▶ NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier C:\List'em.txt
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=265368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
▶ Fais de même avec more.txt qui se trouve sur ton bureau
bonjour,
cijoint.fr ne fonctionne pas je me permet de poster le rapport sur le forum
merci d'vance
erwan
¤¤¤¤¤¤¤¤¤¤ List'em by g3n-h@ckm@n 2.1.0.1 ¤¤¤¤¤¤¤¤¤¤
User : erwan (Administrateurs)
Update on 27/08/2010 by g3n-h@ckm@n ::::: 01.55
Start at: 12:41:06 | 28/08/2010
mobile AMD Athlon(tm) XP-M 2500+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : ESET NOD32 Antivirus 4.0 4.0 [ (!) Disabled | Updated ]
C:\ -> Disque fixe local | 36,13 Go (7,5 Go free) | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque fixe local | 38,42 Go (6,41 Go free) [Disque local] | NTFS
Boot: Normal
¤¤¤¤¤¤ Processes ------- Memory(Ko) ------- Priority ------ Command ------- Signer
C:\WINDOWS\System32\smss.exe ---- 156 Ko ---- Normal ---- \SystemRoot\System32\smss.exe ----
C:\WINDOWS\system32\csrss.exe ---- 2924 Ko ---- Normal ---- C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ----
C:\WINDOWS\system32\winlogon.exe ---- 2064 Ko ---- High ---- winlogon.exe ----
C:\WINDOWS\system32\services.exe ---- 1796 Ko ---- Normal ---- C:\WINDOWS\system32\services.exe ----
C:\WINDOWS\system32\lsass.exe ---- 3364 Ko ---- Normal ---- C:\WINDOWS\system32\lsass.exe ----
C:\WINDOWS\system32\svchost.exe ---- 2660 Ko ---- Normal ---- C:\WINDOWS\system32\svchost -k DcomLaunch ----
C:\WINDOWS\system32\svchost.exe ---- 2180 Ko ---- Normal ---- C:\WINDOWS\system32\svchost -k rpcss ----
C:\WINDOWS\System32\svchost.exe ---- 17236 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k netsvcs ----
C:\WINDOWS\system32\svchost.exe ---- 1320 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup ----
C:\WINDOWS\system32\S24EvMon.exe ---- 1372 Ko ---- Normal ---- C:\WINDOWS\system32\S24EvMon.exe ----
C:\WINDOWS\system32\ZCfgSvc.exe ---- 2692 Ko ---- Normal ---- ZCfgSvc.exe ----
C:\WINDOWS\system32\svchost.exe ---- 3784 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k NetworkService ----
C:\WINDOWS\system32\svchost.exe ---- 5088 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k LocalService ----
C:\WINDOWS\Explorer.EXE ---- 24872 Ko ---- Normal ---- C:\WINDOWS\Explorer.EXE ----
C:\WINDOWS\system32\spoolsv.exe ---- 2404 Ko ---- Normal ---- C:\WINDOWS\system32\spoolsv.exe ----
C:\WINDOWS\system32\svchost.exe ---- 1476 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k LocalService ----
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe ---- 40820 Ko ---- Normal ---- "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe" ---- ESET, spol. s r.o.
C:\WINDOWS\System32\wudfhost.exe ---- 1512 Ko ---- Normal ---- "C:\WINDOWS\System32\wudfhost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-8dc2e345-9254-4ff5-bef7-c911556949d4 -SystemEventPortName:HostProcess-1b1b6513-6604-4e8f-a618-222959a03633 -IoCancelEventPortName:HostProcess-641016a7-e6fb-45f1-ab4f-0cd52c62d98e -ServiceSID:S-1-5-18 -LifetimeId:853413b1-4664-4deb-b1cf-6f2141fe4763 ----
C:\WINDOWS\System32\svchost.exe ---- 1300 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k HTTPFilter ----
C:\Program Files\Java\jre6\bin\jqs.exe ---- 1840 Ko ---- Idle ---- "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" ---- Sun Microsystems, Inc.
C:\WINDOWS\system32\1XConfig.exe ---- 2908 Ko ---- Normal ---- C:\WINDOWS\system32\1XConfig.exe -Embedding ----
C:\WINDOWS\system32\RegSrvc.exe ---- 1420 Ko ---- Normal ---- C:\WINDOWS\system32\RegSrvc.exe ----
C:\WINDOWS\system32\svchost.exe ---- 1868 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k imgsvc ----
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE ---- 3340 Ko ---- Normal ---- "C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE" ---- Microsoft Corporation
C:\WINDOWS\system32\SearchIndexer.exe ---- 12160 Ko ---- Normal ---- C:\WINDOWS\system32\SearchIndexer.exe /Embedding ----
C:\Program Files\Windows Media Player\WMPNetwk.exe ---- 12444 Ko ---- Normal ---- "C:\Program Files\Windows Media Player\WMPNetwk.exe" ----
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSvcM.exe ---- 708 Ko ---- Normal ---- WLIDSvcM.exe 768 ---- Microsoft Corporation
C:\WINDOWS\System32\alg.exe ---- 1604 Ko ---- Normal ---- C:\WINDOWS\System32\alg.exe ----
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe ---- 3688 Ko ---- Normal ---- "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice ---- ESET, spol. s r.o.
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe ---- 192 Ko ---- Normal ---- "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot ---- RealNetworks, Inc.
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe ---- 1316 Ko ---- Normal ---- "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" ---- Sun Microsystems, Inc.
C:\WINDOWS\system32\ctfmon.exe ---- 1568 Ko ---- Normal ---- "C:\WINDOWS\system32\ctfmon.exe" ----
C:\Program Files\Skype\Phone\Skype.exe ---- 31124 Ko ---- Normal ---- "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized ---- Skype Technologies SA
C:\Program Files\Windows Desktop Search\WindowsSearch.exe ---- 3700 Ko ---- Normal ---- "C:\Program Files\Windows Desktop Search\WindowsSearch.exe" /startup ----
C:\WINDOWS\system32\wbem\wmiapsrv.exe ---- 1988 Ko ---- Normal ---- C:\WINDOWS\system32\wbem\wmiapsrv.exe ----
C:\Program Files\Skype\Plugin Manager\skypePM.exe ---- 15944 Ko ---- Normal ---- "C:\Program Files\Skype\Plugin Manager\skypePM.exe" /SILENT ---- EasyBits Software AS
C:\Documents and Settings\erwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe ---- 13500 Ko ---- Normal ---- "C:\Documents and Settings\erwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" ---- Google Inc
C:\Documents and Settings\erwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe ---- 26336 Ko ---- Normal ---- "C:\Documents and Settings\erwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --type=renderer --lang=fr --force-fieldtest="CacheSize/CacheSizeGroup_0/DnsImpact/_max_2 concurrent_prefetch/GlobalSdch/_global_enable_sdch/IPv6_Probe/_IPv6_probe_done/" --channel=3900.0A9F7900.1198576777 ---- Google Inc
C:\WINDOWS\system32\wscntfy.exe ---- 2456 Ko ---- Normal ---- C:\WINDOWS\system32\wscntfy.exe ----
C:\WINDOWS\system32\SearchProtocolHost.exe ---- 5608 Ko ---- Below Normal ---- "C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot) " "C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" ----
C:\WINDOWS\system32\SearchFilterHost.exe ---- 5104 Ko ---- Below Normal ---- "C:\WINDOWS\system32\SearchFilterHost.exe" 0 580 584 592 65536 588 ----
C:\WINDOWS\system32\cmd.exe ---- 2788 Ko ---- Normal ---- C:\WINDOWS\system32\cmd.exe /K List'em.bat ----
C:\WINDOWS\system32\wbem\wmiprvse.exe ---- 6884 Ko ---- Normal ---- C:\WINDOWS\system32\wbem\wmiprvse.exe ----
C:\Program Files\List_Kill'em\pv.exe ---- 2752 Ko ---- Normal ---- pv -o"%f ---- %m Ko ---- %p ---- %l ---- %s" ----
¤¤¤¤¤¤¤¤¤¤ Keys "Run" ¤¤¤¤¤¤¤¤¤¤
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
Skype = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
Google Update = "C:\Documents and Settings\erwan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
egui = "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
ZCfgSvc.exe = C:\WINDOWS\system32\ZCfgSvc.exe
TkBellExe = "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
SunJavaUpdateSched = "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
¤¤¤¤¤¤¤¤¤¤ Other System Keys ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername = 0 (0x0)
legalnoticecaption =
legalnoticetext =
shutdownwithoutlogon = 1 (0x1)
undockwithoutlogon = 1 (0x1)
DisableRegistryTools = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun = 323 (0x143)
NoDriveAutoRun = 67108863 (0x3ffffff)
NoDrives = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting = 1 (0x1)
NoDriveAutoRun = 67108863 (0x3ffffff)
NoDriveTypeAutoRun = 323 (0x143)
NoDrives = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS =
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell = 1 (0x1)
DefaultDomainName = WAWAN
DefaultUserName = erwan
LegalNoticeCaption =
LegalNoticeText =
PowerdownAfterShutdown = 0
ReportBootOk = 1
Shell = Explorer.exe
ShutdownWithoutLogon = 0
System =
Userinit = C:\WINDOWS\system32\userinit.exe,
VmApplet = rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota = -1 (0xffffffff)
allocatecdroms = 0
allocatedasd = 0
allocatefloppies = 0
cachedlogonscount = 10
forceunlocklogon = 0 (0x0)
passwordexpirywarning = 14 (0xe)
scremoveoption = 0
AllowMultipleTSSessions = 1 (0x1)
UIHost = logonui.exe
LogonType = 1 (0x1)
Background = 0 0 0
DebugServerCommand = no
SFCDisable = 0 (0x0)
WinStationsDisabled = 0
HibernationPreviouslyEnabled = 1 (0x1)
ShowLogonOptions = 0 (0x0)
AltDefaultUserName = erwan
AltDefaultDomainName = WAWAN
ChangePasswordUseKerberos = 1 (0x1)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} =
{56F9679E-7826-4C84-81F3-532071A8BCC5} =
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\ma-config.com\maconfservice.exe = C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice
C:\Program Files\Skype\Plugin Manager\skypePM.exe = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
C:\Program Files\Norcontrol\Neptune\Bin\Simulator.exe = C:\Program Files\Norcontrol\Neptune\Bin\Simulator.exe:*:Enabled:Neptune Simulator
C:\Program Files\Norcontrol\Neptune\Bin\Ess.exe = C:\Program Files\Norcontrol\Neptune\Bin\Ess.exe:*:Enabled:Ess
C:\Program Files\Skype\Phone\Skype.exe = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
¤¤¤¤¤¤¤¤¤¤ ActivX | COM ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Microsoft Base Smart Card Crypto Provider Package]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A3320D6-C805-4280-B423-B665BDE33D8F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5056b317-8d4c-43ee-8543-b9d1e234b8f4}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}]
¤¤¤¤¤¤¤¤¤¤ BHO ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{53707962-6F74-2D53-2644-206D7942484F}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
¤¤¤¤¤¤¤¤¤¤ DNS ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr
Local Page = C:\WINDOWS\system32\blank.htm
Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_Page_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr
Local Page = C:\WINDOWS\system32\blank.htm
¤¤¤¤¤ Proxy Internet Explorer
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
ProxyEnable = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤ Proxy Firefox ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ TaskCache ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ IFEO ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\apitrap.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ASSTE.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVSTE.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Cleanup.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cqw32.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\divx.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\divxdec.ax]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DJSMAR00.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DRMINST.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\enc98.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EncodeDivXExt.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EncryptPatchVer.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\front.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fullsoft.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GBROWSER.DLL]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\htmlmarq.ocx]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\htmlmm.ocx]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\install.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ishscan.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ISSTE.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\javai.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\jvm.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\jvm_g.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\main123w.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mngreg32.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msci_uno.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mscoree.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mscorsvr.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mscorwks.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msjava.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mso.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVOPTRF.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NeVideoFX.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NPMLIC.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NSWSTE.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\photohse.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PMSTE.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ppw32hlp.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\printhse.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\prwin8.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ps80.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\psdmt.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\qfinder.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\qpw.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\salwrap.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\setup.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\setup32.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sevinst.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\symlcnet.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tcore_ebook.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TFDTCTT8.DLL]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ua80.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\udtapi.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ums.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vb40032.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbe6.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wpwin8.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\xlmlEN.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\xwsetup.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Your Image File Name Here without a path]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\_INSTPGM.EXE]
¤¤¤¤¤¤¤¤¤¤ File Protection ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Windows File Protection]
SFCDisable = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤ Safemode ¤¤¤¤¤¤¤¤¤¤
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!
¤¤¤¤¤¤¤¤¤¤ Atapi.sys ¤¤¤¤¤¤¤¤¤¤
C:\WINDOWS\$NtServicePackUninstall$\atapi.sys :
[MD5.cdfe4411a69c224bd1d11b2da92dac51]
[SHA256.0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d]
C:\WINDOWS\ServicePackFiles\i386\atapi.sys :
[MD5.9f3a2f5aa6875c72bf062c712cfa2674]
[SHA256.b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]
C:\WINDOWS\system32\drivers\atapi.sys :
[MD5.9f3a2f5aa6875c72bf062c712cfa2674]
[SHA256.b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]
¤¤¤¤¤ Reference
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP1_32b : 95b858761a00e1d4f81f79a0da019aca
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 338c86357871c167a96ab976519bf59e
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
¤¤¤¤¤¤¤¤¤¤ Drive ¤¤¤¤¤¤¤¤¤¤
D'fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.
Rapport d'analyse
36,13 Go total, 7,51 Go libre (20%), 20% fragment' (fragmentation du fichier 39%)
Vous devriez d'fragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Mountpoints2 ¤¤¤¤¤¤¤¤¤¤
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{adf68e82-b76a-11de-82f0-0004234fd12c}\shell\autorun
@ = &Exécution automatique
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{adf68e82-b76a-11de-82f0-0004234fd12c}\shell\autorun\command
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{adf68e82-b76a-11de-82f0-0004234fd12c}\shell\autorun\command
@ = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL QeIOyi.EXE
¤¤¤¤¤¤¤¤¤¤ Rogues Infections ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Files/folders ¤¤¤¤¤¤¤¤¤¤
Present !! : C:\WINDOWS\002524_.tmp
Present !! : C:\WINDOWS\SET3.tmp
Present !! : C:\WINDOWS\SET4.tmp
Present !! : C:\WINDOWS\SET8.tmp
Present !! : C:\WINDOWS\System32\SET961.tmp
Present !! : C:\WINDOWS\System32\SET96D.tmp
Present !! : C:\Documents and Settings\erwan\Application Data\GDIPFONTCACHEV1.DAT
Present !! : C:\Documents and Settings\erwan\LOCAL Settings\Temp\Perflib_Perfdata_564.dat
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {0E5CBF21-D15F-11D0-8301-00AA005B4383}
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
Present !! : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c7b76b90-3455-4ae6-a752-eac4d19689e5}
FEATURE_BROWSER_EMULATION | svchost :
====================================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-28 12:57:36
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled = 1 (0x1)
AntiVirusDisableNotify = 0 (0x0)
FirewallDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
AntiVirusOverride = 0 (0x0)
FirewallOverride = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 13:00:24,40
cijoint.fr ne fonctionne pas je me permet de poster le rapport sur le forum
merci d'vance
erwan
¤¤¤¤¤¤¤¤¤¤ List'em by g3n-h@ckm@n 2.1.0.1 ¤¤¤¤¤¤¤¤¤¤
User : erwan (Administrateurs)
Update on 27/08/2010 by g3n-h@ckm@n ::::: 01.55
Start at: 12:41:06 | 28/08/2010
mobile AMD Athlon(tm) XP-M 2500+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : ESET NOD32 Antivirus 4.0 4.0 [ (!) Disabled | Updated ]
C:\ -> Disque fixe local | 36,13 Go (7,5 Go free) | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque fixe local | 38,42 Go (6,41 Go free) [Disque local] | NTFS
Boot: Normal
¤¤¤¤¤¤ Processes ------- Memory(Ko) ------- Priority ------ Command ------- Signer
C:\WINDOWS\System32\smss.exe ---- 156 Ko ---- Normal ---- \SystemRoot\System32\smss.exe ----
C:\WINDOWS\system32\csrss.exe ---- 2924 Ko ---- Normal ---- C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ----
C:\WINDOWS\system32\winlogon.exe ---- 2064 Ko ---- High ---- winlogon.exe ----
C:\WINDOWS\system32\services.exe ---- 1796 Ko ---- Normal ---- C:\WINDOWS\system32\services.exe ----
C:\WINDOWS\system32\lsass.exe ---- 3364 Ko ---- Normal ---- C:\WINDOWS\system32\lsass.exe ----
C:\WINDOWS\system32\svchost.exe ---- 2660 Ko ---- Normal ---- C:\WINDOWS\system32\svchost -k DcomLaunch ----
C:\WINDOWS\system32\svchost.exe ---- 2180 Ko ---- Normal ---- C:\WINDOWS\system32\svchost -k rpcss ----
C:\WINDOWS\System32\svchost.exe ---- 17236 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k netsvcs ----
C:\WINDOWS\system32\svchost.exe ---- 1320 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup ----
C:\WINDOWS\system32\S24EvMon.exe ---- 1372 Ko ---- Normal ---- C:\WINDOWS\system32\S24EvMon.exe ----
C:\WINDOWS\system32\ZCfgSvc.exe ---- 2692 Ko ---- Normal ---- ZCfgSvc.exe ----
C:\WINDOWS\system32\svchost.exe ---- 3784 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k NetworkService ----
C:\WINDOWS\system32\svchost.exe ---- 5088 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k LocalService ----
C:\WINDOWS\Explorer.EXE ---- 24872 Ko ---- Normal ---- C:\WINDOWS\Explorer.EXE ----
C:\WINDOWS\system32\spoolsv.exe ---- 2404 Ko ---- Normal ---- C:\WINDOWS\system32\spoolsv.exe ----
C:\WINDOWS\system32\svchost.exe ---- 1476 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k LocalService ----
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe ---- 40820 Ko ---- Normal ---- "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe" ---- ESET, spol. s r.o.
C:\WINDOWS\System32\wudfhost.exe ---- 1512 Ko ---- Normal ---- "C:\WINDOWS\System32\wudfhost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-8dc2e345-9254-4ff5-bef7-c911556949d4 -SystemEventPortName:HostProcess-1b1b6513-6604-4e8f-a618-222959a03633 -IoCancelEventPortName:HostProcess-641016a7-e6fb-45f1-ab4f-0cd52c62d98e -ServiceSID:S-1-5-18 -LifetimeId:853413b1-4664-4deb-b1cf-6f2141fe4763 ----
C:\WINDOWS\System32\svchost.exe ---- 1300 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k HTTPFilter ----
C:\Program Files\Java\jre6\bin\jqs.exe ---- 1840 Ko ---- Idle ---- "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" ---- Sun Microsystems, Inc.
C:\WINDOWS\system32\1XConfig.exe ---- 2908 Ko ---- Normal ---- C:\WINDOWS\system32\1XConfig.exe -Embedding ----
C:\WINDOWS\system32\RegSrvc.exe ---- 1420 Ko ---- Normal ---- C:\WINDOWS\system32\RegSrvc.exe ----
C:\WINDOWS\system32\svchost.exe ---- 1868 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k imgsvc ----
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE ---- 3340 Ko ---- Normal ---- "C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE" ---- Microsoft Corporation
C:\WINDOWS\system32\SearchIndexer.exe ---- 12160 Ko ---- Normal ---- C:\WINDOWS\system32\SearchIndexer.exe /Embedding ----
C:\Program Files\Windows Media Player\WMPNetwk.exe ---- 12444 Ko ---- Normal ---- "C:\Program Files\Windows Media Player\WMPNetwk.exe" ----
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSvcM.exe ---- 708 Ko ---- Normal ---- WLIDSvcM.exe 768 ---- Microsoft Corporation
C:\WINDOWS\System32\alg.exe ---- 1604 Ko ---- Normal ---- C:\WINDOWS\System32\alg.exe ----
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe ---- 3688 Ko ---- Normal ---- "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice ---- ESET, spol. s r.o.
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe ---- 192 Ko ---- Normal ---- "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot ---- RealNetworks, Inc.
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe ---- 1316 Ko ---- Normal ---- "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" ---- Sun Microsystems, Inc.
C:\WINDOWS\system32\ctfmon.exe ---- 1568 Ko ---- Normal ---- "C:\WINDOWS\system32\ctfmon.exe" ----
C:\Program Files\Skype\Phone\Skype.exe ---- 31124 Ko ---- Normal ---- "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized ---- Skype Technologies SA
C:\Program Files\Windows Desktop Search\WindowsSearch.exe ---- 3700 Ko ---- Normal ---- "C:\Program Files\Windows Desktop Search\WindowsSearch.exe" /startup ----
C:\WINDOWS\system32\wbem\wmiapsrv.exe ---- 1988 Ko ---- Normal ---- C:\WINDOWS\system32\wbem\wmiapsrv.exe ----
C:\Program Files\Skype\Plugin Manager\skypePM.exe ---- 15944 Ko ---- Normal ---- "C:\Program Files\Skype\Plugin Manager\skypePM.exe" /SILENT ---- EasyBits Software AS
C:\Documents and Settings\erwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe ---- 13500 Ko ---- Normal ---- "C:\Documents and Settings\erwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" ---- Google Inc
C:\Documents and Settings\erwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe ---- 26336 Ko ---- Normal ---- "C:\Documents and Settings\erwan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --type=renderer --lang=fr --force-fieldtest="CacheSize/CacheSizeGroup_0/DnsImpact/_max_2 concurrent_prefetch/GlobalSdch/_global_enable_sdch/IPv6_Probe/_IPv6_probe_done/" --channel=3900.0A9F7900.1198576777 ---- Google Inc
C:\WINDOWS\system32\wscntfy.exe ---- 2456 Ko ---- Normal ---- C:\WINDOWS\system32\wscntfy.exe ----
C:\WINDOWS\system32\SearchProtocolHost.exe ---- 5608 Ko ---- Below Normal ---- "C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot) " "C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" ----
C:\WINDOWS\system32\SearchFilterHost.exe ---- 5104 Ko ---- Below Normal ---- "C:\WINDOWS\system32\SearchFilterHost.exe" 0 580 584 592 65536 588 ----
C:\WINDOWS\system32\cmd.exe ---- 2788 Ko ---- Normal ---- C:\WINDOWS\system32\cmd.exe /K List'em.bat ----
C:\WINDOWS\system32\wbem\wmiprvse.exe ---- 6884 Ko ---- Normal ---- C:\WINDOWS\system32\wbem\wmiprvse.exe ----
C:\Program Files\List_Kill'em\pv.exe ---- 2752 Ko ---- Normal ---- pv -o"%f ---- %m Ko ---- %p ---- %l ---- %s" ----
¤¤¤¤¤¤¤¤¤¤ Keys "Run" ¤¤¤¤¤¤¤¤¤¤
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
Skype = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
Google Update = "C:\Documents and Settings\erwan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
egui = "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
ZCfgSvc.exe = C:\WINDOWS\system32\ZCfgSvc.exe
TkBellExe = "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
SunJavaUpdateSched = "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
¤¤¤¤¤¤¤¤¤¤ Other System Keys ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername = 0 (0x0)
legalnoticecaption =
legalnoticetext =
shutdownwithoutlogon = 1 (0x1)
undockwithoutlogon = 1 (0x1)
DisableRegistryTools = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun = 323 (0x143)
NoDriveAutoRun = 67108863 (0x3ffffff)
NoDrives = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting = 1 (0x1)
NoDriveAutoRun = 67108863 (0x3ffffff)
NoDriveTypeAutoRun = 323 (0x143)
NoDrives = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS =
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell = 1 (0x1)
DefaultDomainName = WAWAN
DefaultUserName = erwan
LegalNoticeCaption =
LegalNoticeText =
PowerdownAfterShutdown = 0
ReportBootOk = 1
Shell = Explorer.exe
ShutdownWithoutLogon = 0
System =
Userinit = C:\WINDOWS\system32\userinit.exe,
VmApplet = rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota = -1 (0xffffffff)
allocatecdroms = 0
allocatedasd = 0
allocatefloppies = 0
cachedlogonscount = 10
forceunlocklogon = 0 (0x0)
passwordexpirywarning = 14 (0xe)
scremoveoption = 0
AllowMultipleTSSessions = 1 (0x1)
UIHost = logonui.exe
LogonType = 1 (0x1)
Background = 0 0 0
DebugServerCommand = no
SFCDisable = 0 (0x0)
WinStationsDisabled = 0
HibernationPreviouslyEnabled = 1 (0x1)
ShowLogonOptions = 0 (0x0)
AltDefaultUserName = erwan
AltDefaultDomainName = WAWAN
ChangePasswordUseKerberos = 1 (0x1)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} =
{56F9679E-7826-4C84-81F3-532071A8BCC5} =
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\ma-config.com\maconfservice.exe = C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice
C:\Program Files\Skype\Plugin Manager\skypePM.exe = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
C:\Program Files\Norcontrol\Neptune\Bin\Simulator.exe = C:\Program Files\Norcontrol\Neptune\Bin\Simulator.exe:*:Enabled:Neptune Simulator
C:\Program Files\Norcontrol\Neptune\Bin\Ess.exe = C:\Program Files\Norcontrol\Neptune\Bin\Ess.exe:*:Enabled:Ess
C:\Program Files\Skype\Phone\Skype.exe = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
¤¤¤¤¤¤¤¤¤¤ ActivX | COM ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Microsoft Base Smart Card Crypto Provider Package]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A3320D6-C805-4280-B423-B665BDE33D8F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5056b317-8d4c-43ee-8543-b9d1e234b8f4}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}]
¤¤¤¤¤¤¤¤¤¤ BHO ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{53707962-6F74-2D53-2644-206D7942484F}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
¤¤¤¤¤¤¤¤¤¤ DNS ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr
Local Page = C:\WINDOWS\system32\blank.htm
Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_Page_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr
Local Page = C:\WINDOWS\system32\blank.htm
¤¤¤¤¤ Proxy Internet Explorer
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
ProxyEnable = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤ Proxy Firefox ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ TaskCache ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ IFEO ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\apitrap.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ASSTE.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVSTE.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Cleanup.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cqw32.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\divx.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\divxdec.ax]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DJSMAR00.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DRMINST.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\enc98.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EncodeDivXExt.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EncryptPatchVer.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\front.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fullsoft.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GBROWSER.DLL]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\htmlmarq.ocx]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\htmlmm.ocx]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\install.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ishscan.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ISSTE.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\javai.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\jvm.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\jvm_g.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\main123w.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mngreg32.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msci_uno.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mscoree.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mscorsvr.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mscorwks.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msjava.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mso.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVOPTRF.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NeVideoFX.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NPMLIC.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NSWSTE.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\photohse.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PMSTE.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ppw32hlp.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\printhse.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\prwin8.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ps80.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\psdmt.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\qfinder.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\qpw.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\salwrap.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\setup.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\setup32.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sevinst.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\symlcnet.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tcore_ebook.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TFDTCTT8.DLL]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ua80.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\udtapi.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ums.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vb40032.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbe6.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wpwin8.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\xlmlEN.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\xwsetup.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Your Image File Name Here without a path]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\_INSTPGM.EXE]
¤¤¤¤¤¤¤¤¤¤ File Protection ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Windows File Protection]
SFCDisable = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤ Safemode ¤¤¤¤¤¤¤¤¤¤
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!
¤¤¤¤¤¤¤¤¤¤ Atapi.sys ¤¤¤¤¤¤¤¤¤¤
C:\WINDOWS\$NtServicePackUninstall$\atapi.sys :
[MD5.cdfe4411a69c224bd1d11b2da92dac51]
[SHA256.0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d]
C:\WINDOWS\ServicePackFiles\i386\atapi.sys :
[MD5.9f3a2f5aa6875c72bf062c712cfa2674]
[SHA256.b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]
C:\WINDOWS\system32\drivers\atapi.sys :
[MD5.9f3a2f5aa6875c72bf062c712cfa2674]
[SHA256.b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]
¤¤¤¤¤ Reference
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP1_32b : 95b858761a00e1d4f81f79a0da019aca
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 338c86357871c167a96ab976519bf59e
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
¤¤¤¤¤¤¤¤¤¤ Drive ¤¤¤¤¤¤¤¤¤¤
D'fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.
Rapport d'analyse
36,13 Go total, 7,51 Go libre (20%), 20% fragment' (fragmentation du fichier 39%)
Vous devriez d'fragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Mountpoints2 ¤¤¤¤¤¤¤¤¤¤
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{adf68e82-b76a-11de-82f0-0004234fd12c}\shell\autorun
@ = &Exécution automatique
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{adf68e82-b76a-11de-82f0-0004234fd12c}\shell\autorun\command
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{adf68e82-b76a-11de-82f0-0004234fd12c}\shell\autorun\command
@ = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL QeIOyi.EXE
¤¤¤¤¤¤¤¤¤¤ Rogues Infections ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Files/folders ¤¤¤¤¤¤¤¤¤¤
Present !! : C:\WINDOWS\002524_.tmp
Present !! : C:\WINDOWS\SET3.tmp
Present !! : C:\WINDOWS\SET4.tmp
Present !! : C:\WINDOWS\SET8.tmp
Present !! : C:\WINDOWS\System32\SET961.tmp
Present !! : C:\WINDOWS\System32\SET96D.tmp
Present !! : C:\Documents and Settings\erwan\Application Data\GDIPFONTCACHEV1.DAT
Present !! : C:\Documents and Settings\erwan\LOCAL Settings\Temp\Perflib_Perfdata_564.dat
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {0E5CBF21-D15F-11D0-8301-00AA005B4383}
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
Present !! : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c7b76b90-3455-4ae6-a752-eac4d19689e5}
FEATURE_BROWSER_EMULATION | svchost :
====================================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-28 12:57:36
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled = 1 (0x1)
AntiVirusDisableNotify = 0 (0x0)
FirewallDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
AntiVirusOverride = 0 (0x0)
FirewallOverride = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 13:00:24,40
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
▶ Relance List_Kill'em,avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'Option Clean
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
▶ colle le contenu dans ta reponse
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
▶ Relance List_Kill'em,avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'Option Clean
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
▶ colle le contenu dans ta reponse
voici le lien du nettoyage de kill'em
http://www.cijoint.fr/cjlink.php?file=cj201008/cij2woXI1N.txt
merci beaucoup
erwan
http://www.cijoint.fr/cjlink.php?file=cj201008/cij2woXI1N.txt
merci beaucoup
erwan
Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.
▶ Télécharge ici :
Malwarebytes
ou :
Malwarebytes
▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX
▶ Potasses le Tuto pour te familiariser avec le prg :
( cela dit, il est très simple d'utilisation ).
relance malwarebytes en suivant scrupuleusement ces consignes :
! Déconnecte toi et ferme toutes applications en cours !
▶ Lance Malwarebyte's .
Fais un examen dit "Complet" .
▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
▶ Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .
▶ Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
▶ Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
▶ Télécharge ici :
Malwarebytes
ou :
Malwarebytes
▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX
▶ Potasses le Tuto pour te familiariser avec le prg :
( cela dit, il est très simple d'utilisation ).
relance malwarebytes en suivant scrupuleusement ces consignes :
! Déconnecte toi et ferme toutes applications en cours !
▶ Lance Malwarebyte's .
Fais un examen dit "Complet" .
▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
▶ Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .
▶ Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
▶ Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
