i,fevtion rootkit

Question

Bonjour, 

pc ram bug je pensse que je suis veroler meme malwar ne trouve rien rootkit possible que fair svp je suis novice

gen-hackman · Answer

salut :

Télécharge ici :OTL

&#9654 enregistre le sur ton Bureau.

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...." 

sur OTL.exe pour le lancer.

&#9654 Coche les 2 cases Lop et Purity

&#9654 Coche la case devant tous les utilisateurs

&#9654 règle age du fichier sur "60 jours"

&#9654 dans la moitié gauche , mets tout sur "tous"

ne modifie pas ceci : 

"fichiers créés" et "fichiers Modifiés" 

&#9654Clic sur Analyse.

A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)

&#9654&#9654&#9654 NE LE POSTE PAS SUR LE FORUM

Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

&#9654 Clique sur Parcourir et cherche le fichier ci-dessus.

&#9654 Clique sur Ouvrir.

&#9654 Clique sur "Cliquez ici pour déposer le fichier".

juste au niveau du bouton , en fin de chargement du fichier , Un lien de cette forme apparaitra :

http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

&#9654 Copie ce lien dans ta réponse.

&#9654&#9654 Tu feras la meme chose avec le "Extra.txt" qui logiquement sera aussi sur ton bureau.

denver · Answer

voila je vous les envoyer l avait vous ?

gen-hackman · Answer

non il faut coller le lien obtenu en echange du fichier texte fourni par cijoint.fr

denver · Answer

http://www.cijoint.fr/cjlink.php?file=cj201010/cijtSxunlU.txt

gen-hackman · Answer

1/.....

desinstalle spybot il vaut plus rien

=============

2/....


&#9654 Télécharge ici : Ad-remover sur ton bureau : 


&#9654 Déconnecte toi et ferme toutes applications en cours ! 

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...." 

&#9654 sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut . 

&#9654 clique le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .
 
&#9654 Au menu principal choisis "option Nettoyer" et tape sur [entrée] .

&#9654 Laisse travailler l'outil et ne touche à rien ... 

&#9654 Poste le rapport qui apparait à la fin , sur le forum ...

( Le rapport est sauvegardé aussi sous C:\Ad-report.log ) 
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller ) 

&#9654 Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. 
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. 
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.     

======================

3/.....

&#9654 Télécharge ici : USBFIX sur ton bureau 

branche tous tes periphériques sans les ouvrir

/!\ Désactive provisoirement et seulement le temps de l'utilisation d'USBFIX, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...." 

sur l'icône Usbfix située sur ton Bureau.
Sur la page, clique sur le bouton :

&#9654 choisi l option Suppression

&#9654 UsbFix scannera ton pc , laisse travailler l outil.

&#9654 Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

&#9654 Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller ) 

======================

4/........

DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!! (car l'outil est detecté a tort comme infection contenant un module qui sert à arrêter des processus , et un autre servant à prendre des droits dans le registre pour effectuer des suppressions)

&#9654 Télécharge ici :List_Kill'em

 et enregistre le sur ton bureau 

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...." 

sur le raccourci sur ton bureau pour lancer l'installation

Laisse coché :

&#9830 Executer List_Kill'em

une fois terminée , clic sur "terminer" et le programme se lancera seul

Il commencera par telecharger et installer ses mises à jour , puis te donnera son menu

choisis l'option Search

&#9654 laisse travailler l'outil

il se peut qu'une boite de dialogue s'ouvre , dans ce cas clique sur "ok" ou "Agree"

à l'apparition de la fenetre blanche , c'est un peu long , c'est normal ,c'est une recherche supplementaire de fichiers cachés , le programme n'est pas bloqué.

&#9654 Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"

&#9654&#9654&#9654 NE LE POSTE PAS SUR LE FORUM 

Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/ 

&#9654 Clique sur Parcourir et cherche le fichier C:\List'em.txt 

&#9654 Clique sur Ouvrir. 

&#9654 Clique sur "Cliquez ici pour déposer le fichier". 

Un lien de cette forme : 

http://www.cijoint.fr/cjlink.php?file=265368/cijSKAP5fU.txt 

est ajouté dans la page. 

&#9654 Copie ce lien dans ta réponse. 

&#9654 Fais de même avec more.txt qui se trouve sur ton bureau

denver · Answer

ses bon ?

denver · Answer

OK jsuis infecter ou pas ? et jai pas de cles usbfx

gen-hackman · Answer

oui on a ecrit en meme temps ^^

je t'ai mis des petits devoirs au dessus :)

denver · Answer

ok merci pour votre aide jvais fair ceux que vous dit en esperanr de suprimer ces menace  et ses quoi en gros ceux que j ai desoler pour ma curiositer

gen-hackman · Answer

dans l'ordre :

on desinfecte tes navigateurs
on vaccine le pc contre d'eventuelles infections par ports usb
on fait un autre diagnostic d'autres points sensibles , et on supprimera ce qu'il aura detecté

denver · Answer

voila le rapport 

======= RAPPORT D'AD-REMOVER 2.0.0.1,F | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par C_XX le 16/09/10 à 13:30
Contact: AdRemover.contact[AT]gmail.com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 11:58:19 le 15/10/2010, Mode normal

Microsoft Windows XP Professionnel Service Pack 3 (X86) 
$@OEM-2B7087C8C3D ( ) 
 
============== ACTION(S) ==============



(!) -- Fichiers temporaires supprimés.


-- Fichier ouvert: C:\Documents and Settings\$\Application Data\Mozilla\FireFox\Profiles\swtbzr4m.default\Prefs.js --
Ligne supprimée: user_pref("CT2102473.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT210... 
Ligne supprimée: user_pref("CT2102473.myStuffSearchUrl", "hxxp://search.conduit.com/Results.aspx?q=SEARCH_TERM&ctid=E... 
Ligne supprimée: user_pref("browser.search.defaultengine", "Ask.com"); 
Ligne supprimée: user_pref("browser.search.defaultthis.engineName", "PHPNukeFR Customized Web Search"); 
Ligne supprimée: user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2102473&Sea... 
Ligne supprimée: user_pref("browser.search.order.1", "Ask.com"); 
-- Fichier Fermé --
 


============== SCAN ADDITIONNEL ==============

** Mozilla Firefox Version [3.6.2pre (fr)] **

-- C:\Documents and Settings\$\Application Data\Mozilla\FireFox\Profiles\swtbzr4m.default\User.js --
keyword.URL, hxxp://redirecterror.sfr.fr/?q=

-- C:\Documents and Settings\$\Application Data\Mozilla\FireFox\Profiles\swtbzr4m.default\Prefs.js --
browser.download.lastDir, C:\Documents and Settings\$\Bureau
browser.search.defaultenginename, Rechercher MyStart
browser.search.selectedEngine, Rechercher MyStart
browser.startup.homepage, hxxp://www.google.fr/firefox?client=firefox-a&rls=org.mozilla:fr:official
browser.startup.homepage_override.mstone, rv:1.9.2.2
keyword.URL, hxxp://redirecterror.sfr.fr/?q=

========================================

** Internet Explorer Version [8.0.6001.18702] **

[HKCU\Software\Microsoft\Internet Explorer\Main] 
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/

[HKLM\Software\Microsoft\Internet Explorer\Main] 
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] 
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 13 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 15/10/2010 (1229 Octet(s)) 

Fin à: 12:01:22, 15/10/2010 
 
============== E.O.F ==============

gen-hackman · Answer

vu => la suite :) 

tu as bien desinstallé spybot ?
¤¤¤¤¤¤?G3?-?@¢??@?(TM)©®?¤¤¤¤¤&#164

denver · Answer

oui je les desinstaller voila l etape suivante 


############################## | UsbFix 7.030 | [Suppression]

Utilisateur: $ (Administrateur) # OEM-2B7087C8C3D [ ]
Mis à jour le 10/10/10 par El Desaparecido / C_XX
Lancé à 12:07:31 | 15/10/2010
Site Web: http://www.teamxscript.org
Contact: eldesaparecido@arx-services.com

CPU:  Intel(R) Pentium(R) D CPU 3.00GHz
CPU 2:  Intel(R) Pentium(R) D CPU 3.00GHz
Microsoft Windows XP Professionnel (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 8.0.6001.18702

Pare-feu Windows: Activé
RAM -> 2046 Mo 
C:\ (%systemdrive%) -> Disque fixe # 115 Go (72 Go libre(s) - 63%) [BOOT] # NTFS
D:\ -> Disque fixe # 112 Go (110 Go libre(s) - 99%) [BACKUP] # NTFS
E:\ -> Disque fixe # 6 Go (4 Go libre(s) - 61%) [RECOVER] # FAT32
F:\ -> CD-ROM
J:\ -> CD-ROM

################## | Éléments infectieux |


Supprimé! C:\Documents and Settings\$\Application Data\SQLite3.dll
Supprimé! C:\Recycler\S-1-5-21-619478507-2902194733-1154510819-1005
Supprimé! D:\Recycler\S-1-5-21-619478507-2902194733-1154510819-1005

################## | Registre |


################## | Mountpoints2 |

Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{4b9bd5da-8365-11df-be39-0016175c9a93}

################## | Listing |

[15/10/2010 - 12:01:23 | N | 3280] 	C:\Ad-Report-CLEAN[1].txt
[28/04/2006 - 09:29:47 | N | 0] 	C:\AUTOEXEC.BAT
[08/02/2010 - 18:01:39 | N | 223] 	C:\boot.ini
[10/08/2004 - 14:00:00 | N | 4952] 	C:\Bootfont.bin
[11/10/2010 - 13:23:46 | D ] 	C:\Config.Msi
[28/04/2006 - 09:29:47 | N | 0] 	C:\CONFIG.SYS
[18/12/2009 - 20:37:34 | D ] 	C:\Documents and Settings
[15/10/2010 - 12:02:15 | ASH | 2145898496] 	C:\hiberfil.sys
[28/04/2006 - 09:29:47 | N | 0] 	C:\IO.SYS
[11/10/2010 - 15:34:50 | D ] 	C:\Kill'em
[11/10/2010 - 15:53:00 | N | 47880] 	C:\List'em.txt
[28/04/2006 - 09:29:47 | N | 0] 	C:\MSDOS.SYS
[10/08/2004 - 14:00:00 | N | 47564] 	C:\NTDETECT.COM
[18/12/2009 - 20:59:40 | N | 252240] 	C:
tldr
[15/10/2010 - 12:02:11 | ASH | 2145386496] 	C:\pagefile.sys
[15/10/2010 - 11:58:18 | D ] 	C:\Program Files
[15/10/2010 - 12:10:00 | SHD ] 	C:\RECYCLER
[31/07/2010 - 14:01:18 | SHD ] 	C:\System Volume Information
[15/10/2010 - 12:10:00 | D ] 	C:\UsbFix
[15/10/2010 - 12:10:00 | A | 1059] 	C:\UsbFix.txt
[15/10/2010 - 12:02:29 | D ] 	C:\WINDOWS
[15/12/2009 - 22:41:33 | D ] 	D:\4fb7b67c08946a7a18541367963c37f6
[01/06/2009 - 18:20:13 | D ] 	D:\5a01e5e4a7ed7e6cd70f20
[22/12/2009 - 13:28:55 | D ] 	D:\63774576dd99d98ac3cac865
[24/11/2009 - 12:21:24 | RASHD ] 	D:\autorun.inf
[04/02/2009 - 17:35:15 | D ] 	D:\b4e1dc656e630cba22472a4627
[06/10/2005 - 20:36:12 | N | 92216] 	D:\bass.dll
[18/12/2009 - 22:15:36 | D ] 	D:\Config.Msi
[22/09/2009 - 12:04:50 | D ] 	D:\data
[09/11/2009 - 13:33:08 | D ] 	D:\Docs
[14/10/2009 - 08:28:31 | D ] 	D:\Documents and Settings
[10/09/2009 - 19:47:11 | D ] 	D:\DOCUME~1
[18/09/2009 - 11:56:41 | D ] 	D:\eMule
[16/04/2009 - 11:19:02 | D ] 	D:\Folding@Home
[19/11/2009 - 21:47:20 | D ] 	D:\Images
[01/12/2009 - 14:06:50 | D ] 	D:\msdownld.tmp
[17/09/2005 - 05:17:30 | N | 386048] 	D:\Mss32.dll
[09/11/2009 - 13:33:08 | D ] 	D:\pb
[10/09/2009 - 20:03:03 | D ] 	D:\PcwBak
[15/10/2010 - 12:10:00 | SHD ] 	D:\RECYCLER
[13/04/2008 - 19:34:30 | N | 28672] 	D:\setupSNK.exe
[28/07/2009 - 11:50:00 | D ] 	D:\SMRTNTKY
[18/12/2009 - 22:14:34 | D ] 	D:\SXS
[18/12/2009 - 20:37:42 | SHD ] 	D:\System Volume Information
[18/09/2009 - 13:55:11 | D ] 	D:\VLC
[02/05/2006 - 15:02:48 | N | 24] 	E:\SWCONF.DAT
[02/05/2006 - 09:57:02 | D ] 	E:\Recover
[03/10/2006 - 06:53:24 | D ] 	E:\FOUND.000
[06/06/2007 - 17:23:42 | D ] 	E:\FOUND.001
[29/05/2006 - 18:17:12 | N | 26] 	E:\EST.ERR
[02/01/2009 - 23:27:56 | N | 2048] 	E:\Backup.bkf
[29/05/2006 - 17:17:12 | N | 49] 	E:\PASS.RPT
[28/07/2009 - 11:50:28 | D ] 	E:\SMRTNTKY
[24/11/2009 - 11:21:26 | RASHD ] 	E:\autorun.inf
[13/04/2008 - 19:34:30 | N | 28672] 	E:\setupSNK.exe
[21/09/2006 - 15:31:44 | SHD ] 	E:\System Volume Information
[12/01/2010 - 17:15:02 | D ] 	E:\ViViOutput
[21/09/2006 - 18:41:38 | SHD ] 	E:\Recycled

################## | Vaccin |

C:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)
D:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)
E:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)

################## | Upload |

Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_OEM-2B7087C8C3D.zip
https://www.ionos.fr/?affiliate_id=77097
Merci de votre contribution.

################## | E.O.F |

denver · Answer

la derniere etape avec liste killem reste bloquer a 90 % bug ensuitte sinon esque mon pc et desinfester ?

gen-hackman · Answer

ok poste C:\List'em.txt via cijoint.fr comme indiqué

denver · Answer

jai pat de rapport avec liste kilem sa bug a 90 % obliger de rebooter enssuitte

denver · Answer

desoler voila le raport de liste lem ¤¤¤¤¤¤¤¤¤¤ List'em by g3n-h@ckm@n 2.1.1.0 ¤¤¤¤¤¤¤¤¤¤ User : $ (Administrateurs) Update on 13/10/2010 by g3n-h@ckm@n ::::: 19.00 Start at: 12:13:44 | 15/10/2010 Intel(R) Pentium(R) D CPU 3.00GHz Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3 Internet Explorer 8.0.6001.18702 Windows Firewall Status : Enabled C:\ -> Disque fixe local | 115,14 Go (72,02 Go free) [BOOT] | NTFS D:\ -> Disque fixe local | 111,74 Go (110,15 Go free) [BACKUP] | NTFS E:\ -> Disque fixe local | 5,99 Go (3,64 Go free) [RECOVER] | FAT32 F:\ -> Disque CD-ROM H:\ -> Disque amovible I:\ -> Disque amovible J:\ -> Disque CD-ROM K:\ -> Disque amovible Boot: Normal ¤¤¤¤¤¤ Processes ------- Memory(Ko) ------- Priority ------ Command ------- Signer C:\WINDOWS\System32\smss.exe ---- 428 Ko ---- Normal ---- \SystemRoot\System32\smss.exe ---- C:\WINDOWS\system32\csrss.exe ---- 4472 Ko ---- Normal ---- C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ---- C:\WINDOWS\system32\winlogon.exe ---- 5140 Ko ---- High ---- winlogon.exe ---- C:\WINDOWS\system32\services.exe ---- 3596 Ko ---- Normal ---- C:\WINDOWS\system32\services.exe ---- C:\WINDOWS\system32\lsass.exe ---- 6052 Ko ---- Normal ---- C:\WINDOWS\system32\lsass.exe ---- C:\WINDOWS\system32\svchost.exe ---- 5580 Ko ---- Normal ---- C:\WINDOWS\system32\svchost -k DcomLaunch ---- C:\WINDOWS\system32\svchost.exe ---- 4716 Ko ---- Normal ---- C:\WINDOWS\system32\svchost -k rpcss ---- C:\WINDOWS\System32\svchost.exe ---- 24684 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k netsvcs ---- C:\WINDOWS\system32\svchost.exe ---- 7348 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k NetworkService ---- C:\WINDOWS\system32\svchost.exe ---- 3888 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k LocalService ---- C:\WINDOWS\system32\svchost.exe ---- 4832 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k imgsvc ---- C:\WINDOWS\system32\wscntfy.exe ---- 2412 Ko ---- Normal ---- C:\WINDOWS\system32\wscntfy.exe ---- C:\WINDOWS\system32\wbem\wmiprvse.exe ---- 4944 Ko ---- Normal ---- C:\WINDOWS\system32\wbem\wmiprvse.exe ---- C:\WINDOWS\system32\dllhost.exe ---- 6368 Ko ---- Normal ---- C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} ---- C:\WINDOWS\explorer.exe ---- 23660 Ko ---- Normal ---- C:\WINDOWS\explorer.exe ---- C:\WINDOWS\ehome\mcrdsvc.exe ---- 3116 Ko ---- Normal ---- C:\WINDOWS\ehome\mcrdsvc.exe ---- C:\WINDOWS\eHome\ehRecvr.exe ---- 15844 Ko ---- Above Normal ---- C:\WINDOWS\eHome\ehRecvr.exe ---- C:\WINDOWS\system32\spoolsv.exe ---- 4916 Ko ---- Normal ---- C:\WINDOWS\system32\spoolsv.exe ---- C:\WINDOWS\system32\ctfmon.exe ---- 3308 Ko ---- Normal ---- ctfmon.exe ---- C:\Program Files\Windows Live\Messenger\msnmsgr.exe ---- 3844 Ko ---- Normal ---- "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" ---- Microsoft Corporation C:\Program Files\Windows Live\Contacts\wlcomm.exe ---- 31372 Ko ---- Normal ---- "C:\Program Files\Windows Live\Contacts\wlcomm.exe" -Embedding ---- Microsoft Corporation C:\WINDOWS\system32\cmd.exe ---- 2808 Ko ---- Normal ---- C:\WINDOWS\system32\cmd.exe /K List'em.bat ---- C:\WINDOWS\system32\wbem\wmiprvse.exe ---- 6920 Ko ---- Normal ---- C:\WINDOWS\system32\wbem\wmiprvse.exe ---- C:\Program Files\List_Kill'em\pv.exe ---- 3784 Ko ---- Normal ---- pv -o"%f ---- %m Ko ---- %p ---- %l ---- %s" ---- ¤¤¤¤¤¤¤¤¤¤ Keys "Run" ¤¤¤¤¤¤¤¤¤¤ [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe Connexion SFR 9props.exe REG_SZ "C:\Program Files\SFR\Kit\9props.exe" /trayicon AutoStartNPSAgent REG_SZ C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe uTorrent REG_SZ "C:\Program Files\uTorrent\uTorrent.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] IAAnotif REG_SZ C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe Cmaudio REG_SZ RunDll32 cmicnfg.cpl,CMICtrlWnd KernelFaultCheck REG_EXPAND_SZ %systemroot%\system32\dumprep 0 -k TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" -osboot NPSStartup REG_SZ [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] REG_SZ ¤¤¤¤¤¤¤¤¤¤ Other System Keys ¤¤¤¤¤¤¤¤¤¤ [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] NoDriveTypeAutoRun REG_DWORD 0 (0x0) NoDriveAutoRun REG_DWORD 3 (0x3) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] HonorAutoRunSetting REG_DWORD 1 (0x1) NoDriveAutoRun REG_DWORD 3 (0x3) NoDriveTypeAutoRun REG_DWORD 0 (0x0) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] AppInit_DLLS REG_SZ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell REG_SZ Explorer.exe Userinit REG_SZ C:\WINDOWS\system32\Userinit.exe, ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\AtiExtEvent] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\crypt32chain] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\cryptnet] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\cscdll] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\dimsntfy] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\ScCertProp] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\Schedule] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\sclgntfy] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\SensLogn] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify ermsrv] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\wlballoon] ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] {AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] C:\WINDOWS\system32\sessmgr.exe REG_SZ C:\WINDOWS\system32\sessmgr.exe:*:enabled:Assistance à distance C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:enabled:Windows Messenger C:\WINDOWS\system32\fxsclnt.exe REG_SZ C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax C:\Program Files\NetMeeting\Conf.exe REG_SZ C:\Program Files\NetMeeting\Conf.exe:*:enabled:NetMeeting %windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 %windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 C:\Program Files\Steam\Steam.exe REG_SZ C:\Program Files\Steam\Steam.exe:*:Enabled:Steam C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger C:\WINDOWS\system32\PnkBstrA.exe REG_SZ C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA C:\WINDOWS\system32\PnkBstrB.exe REG_SZ C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB C:\Program Files\Electronic Arts\Battlefield Bad Company 2 - BETA\BFBC2BetaUpdater.exe REG_SZ C:\Program Files\Electronic Arts\Battlefield Bad Company 2 - BETA\BFBC2BetaUpdater.exe:*:Enabled:Battlefield Bad Company 2 - BETA C:\chatserv\chatserv.exe REG_SZ C:\chatserv\chatserv.exe:*:Enabled:chatserv C:\chat.DENVER\chat.exe REG_SZ C:\chat.DENVER\chat.exe:*:Enabled:chat C:\Program Files\TeamViewer\Version5\TeamViewer.exe REG_SZ C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe REG_SZ C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company(TM) 2 C:\Program Files\Real\RealPlayer ealplay.exe REG_SZ C:\Program Files\Real\RealPlayer ealplay.exe:*:Enabled:RealPlayer C:\Program Files\Counter-Strike Source\hl2.exe REG_SZ C:\Program Files\Counter-Strike Source\hl2.exe:*:Enabled:hl2 C:\Program Files\GameSpy Arcade\Aphex.exe REG_SZ C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade C:\Program Files\VALVe\Counter-Strike Source\hl2.exe REG_SZ C:\Program Files\VALVe\Counter-Strike Source\hl2.exe:*:Enabled:hl2 C:\Program Files\Steam\steamapps\common\shattered_horizon\client_exe\shattered_horizon.exe REG_SZ C:\Program Files\Steam\steamapps\common\shattered_horizon\client_exe\shattered_horizon.exe:*:Enabled:Shattered Horizon C:\Program Files\eMule\emule.exe REG_SZ C:\Program Files\eMule\emule.exe:*:Disabled:eMule C:\Program Files\uTorrent\uTorrent.exe REG_SZ C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent C:\Program Files\Steam\steamapps adir936\condition zero\hl.exe REG_SZ C:\Program Files\Steam\steamapps adir936\condition zero\hl.exe:*:Enabled:Counter-Strike: Condition Zero C:\Program Files\Samsung\Samsung New PC Studio psasvr.exe REG_SZ C:\Program Files\Samsung\Samsung New PC Studio psasvr.exe:*:Enabled:KTF MUSIC AoD Server C:\Program Files\Samsung\Samsung New PC Studio psvsvr.exe REG_SZ C:\Program Files\Samsung\Samsung New PC Studio psvsvr.exe:*:Enabled:KTF MUSIC VoD Server C:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe REG_SZ C:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server C:\Program Files\Steam\steamapps adir936\day of defeat source\hl2.exe REG_SZ C:\Program Files\Steam\steamapps adir936\day of defeat source\hl2.exe:*:Enabled:Day of Defeat: Source C:\Program Files\AVG\AVG10\avgmfapx.exe REG_SZ C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:Programme d'installation AVG C:\Program Files\Steam\steamapps adir936\counter-strike\hl.exe REG_SZ C:\Program Files\Steam\steamapps adir936\counter-strike\hl.exe:*:Enabled:Counter-Strike C:\Program Files\Steam\steamapps adir936\counter-strike source\hl2.exe REG_SZ C:\Program Files\Steam\steamapps adir936\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] C:\WINDOWS\system32\sessmgr.exe REG_SZ C:\WINDOWS\system32\sessmgr.exe:*:enabled:Assistance à distance C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:enabled:Windows Messenger C:\Program Files\AOL 9.0\AOL.exe REG_SZ C:\Program Files\AOL 9.0\AOL.exe:*:enabled:AOL 9.0 C:\Program Files\AOL 9.0\WAOL.exe REG_SZ C:\Program Files\AOL 9.0\WAOL.exe:*:enabled:AOL 9.0 C:\Program Files\Fichiers communs\AOL\ACS\AOLACSD.exe REG_SZ C:\Program Files\Fichiers communs\AOL\ACS\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service) C:\Program Files\Fichiers communs\AOL\ACS\AOLDIAL.exe REG_SZ C:\Program Files\Fichiers communs\AOL\ACS\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer) C:\WINDOWS\system32\fxsclnt.exe REG_SZ C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax C:\Program Files\NetMeeting\Conf.exe REG_SZ C:\Program Files\NetMeeting\Conf.exe:*:enabled:NetMeeting C:\Program Files\Ahead\Nero MediaHome\NeroMediaHome.exe REG_SZ C:\Program Files\Ahead\Nero MediaHome\NeroMediaHome.exe:*:enabled:Nero MediaHome %windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 %windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger ¤¤¤¤¤¤¤¤¤¤ ActivX | COM ¤¤¤¤¤¤¤¤¤¤ [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{166B1BCA-3F9C-11CF-8075-444553540000}] [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{20A60F0D-9AFA-4515-A0FD-83BD84642501}] [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6414512B-B978-451D-A0D8-FCFDF33E833C}] [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}] [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}] [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}] [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}] [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}] [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}] [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E77F23EB-E7AB-4502-8F37-247DBAF1A147}] ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{DA74DE13-84ED-4456-96DE-95872C5E37C2}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\KB910393] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Microsoft Base Smart Card Crypto Provider Package] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{233C1507-6A77-46A4-9443-F871F945D258}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A3320D6-C805-4280-B423-B665BDE33D8F}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{407408d4-94ed-4d86-ab69-a7f649d112ee}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8b15971b-5355-4c82-8c07-7e181ea07608}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{94de52c8-2d59-4f1b-883e-79663d2d9a8c}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E8EA5BD6-D931-4001-ABF6-81BAA500360A}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EA29D410-CE41-4953-A862-2DE706A1DAD7}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FDC11A6F-17D1-48f9-9EA3-9051954BAA24}] ¤¤¤¤¤¤¤¤¤¤ BHO ¤¤¤¤¤¤¤¤¤¤ [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] ¤¤¤¤¤¤¤¤¤¤ DNS ¤¤¤¤¤¤¤¤¤¤ HKLM\SYSTEM\CCS\Services\Tcpip\..\{3469AB44-3DA1-4A59-A32B-E08DB3F2964C}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{3469AB44-3DA1-4A59-A32B-E08DB3F2964C}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{3469AB44-3DA1-4A59-A32B-E08DB3F2964C}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 ¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤ [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] Start Page REG_SZ https://www.msn.com/fr-fr Local Page REG_SZ C:\WINDOWS\system32\blank.htm Default_Search_URL REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Default_Page_URL REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] Start Page REG_SZ https://www.msn.com/fr-fr ¤¤¤¤¤ Proxy Internet Explorer [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings] ProxyHttp1.1 REG_DWORD 0 (0x0) ProxyEnable REG_DWORD 0 (0x0) ¤¤¤¤¤¤¤¤¤¤ Proxy Firefox ¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤ TaskCache ¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤ IFEO ¤¤¤¤¤¤¤¤¤¤ [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\apitrap.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Arrakis3.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ASSTE.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVSTE.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdagent.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdmconlite.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdreinit.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdsubwiz.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdtkexec.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdwizreg.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Cleanup.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cqw32.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\divx.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\divxdec.ax] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DJSMAR00.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DRMINST.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\enc98.EXE] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EncodeDivXExt.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EncryptPatchVer.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\front.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fullsoft.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GBROWSER.DLL] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\htmlmarq.ocx] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\htmlmm.ocx] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\install.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ishscan.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ISSTE.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\javai.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\jvm.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\jvm_g.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\LIVESRV.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\main123w.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mngreg32.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msci_uno.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mscoree.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mscorsvr.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mscorwks.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msjava.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mso.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVOPTRF.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NeVideoFX.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options oviceui.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NPMLIC.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NSWSTE.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\photohse.EXE] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PMSTE.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ppw32hlp.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\printhse.EXE] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\prwin8.EXE] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ps80.EXE] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\psdmt.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\qfinder.EXE] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\qpw.EXE] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\salwrap.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\seccenter.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\setup.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\setup32.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sevinst.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\symlcnet.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options core_ebook.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TFDTCTT8.DLL] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ua80.EXE] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\udtapi.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\uiscan.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ums.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\upgrepl.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vb40032.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbe6.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vsserv.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wpwin8.EXE] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\xlmlEN.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\xwsetup.EXE] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Your Image File Name Here without a path] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\_INSTPGM.EXE] ¤¤¤¤¤¤¤¤¤¤ File Protection ¤¤¤¤¤¤¤¤¤¤ [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Windows File Protection] ¤¤¤¤¤¤¤¤¤¤ Safemode ¤¤¤¤¤¤¤¤¤¤ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !! ¤¤¤¤¤¤¤¤¤¤ Atapi.sys ¤¤¤¤¤¤¤¤¤¤ [MD5.9f3a2f5aa6875c72bf062c712cfa2674] - C:\WINDOWS\ServicePackFiles\i386\atapi.sys [MD5.9f3a2f5aa6875c72bf062c712cfa2674] - C:\WINDOWS\system32\drivers\atapi.sys [MD5.cdfe4411a69c224bd1d11b2da92dac51] - C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys ¤¤¤¤¤ Reference Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867 Win XP_32b : a64013e98426e1877cb653685c5c0009 Win XP_SP1_32b : 95b858761a00e1d4f81f79a0da019aca Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51 Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674 Vista_32b : e03e8c99d15d0381e02743c36afc7c6f Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9 Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4 Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC Windows 7_32b : 338c86357871c167a96ab976519bf59e Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C ¤¤¤¤¤¤¤¤¤¤ Explorer ¤¤¤¤¤¤¤¤¤¤ [MD5.f2317622d29f9ff0f88aeecd5f60f0dd] - C:\WINDOWS\explorer.exe [MD5.f2317622d29f9ff0f88aeecd5f60f0dd] - C:\WINDOWS\ServicePackFiles\i386\explorer.exe ¤¤¤¤¤¤¤¤¤¤ Winlogon ¤¤¤¤¤¤¤¤¤¤ [MD5.dd73d6b9f6b4cb630cf35b438b540174] - C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [MD5.dd73d6b9f6b4cb630cf35b438b540174] - C:\WINDOWS\system32\winlogon.exe ¤¤¤¤¤¤¤¤¤¤ Drive ¤¤¤¤¤¤¤¤¤¤ D'fragmenteur de disque Windows Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc. Rapport d'analyse 115 Go total, 72,04 Go libre (62%), 7% fragment' (fragmentation du fichier 15%) Il ne vous est pas n'cessaire de d'fragmenter ce volume. ¤¤¤¤¤¤¤¤¤¤ Mountpoints2 ¤¤¤¤¤¤¤¤¤¤ HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ed882c4-2ced-11df-bd69-0016175c9a93}\shell\autorun REG_SZ &Exécution automatique HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ed882c4-2ced-11df-bd69-0016175c9a93}\shell\autorun\command HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ed882c4-2ced-11df-bd69-0016175c9a93}\shell\autorun\command ¤¤¤¤¤¤¤¤¤¤ First Scan ¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤ [HKEY_CURRENT_USER\software\111209] [HKEY_CURRENT_USER\software\Ad-Remover] [HKEY_CURRENT_USER\software\Adobe] [HKEY_CURRENT_USER\software\Ahead] [HKEY_CURRENT_USER\software\ALWIL Software] [HKEY_CURRENT_USER\software\America Online] [HKEY_CURRENT_USER\software\AOLToolbar] [HKEY_CURRENT_USER\software\Apple Computer, Inc.] [HKEY_CURRENT_USER\software\Apple Inc.] [HKEY_CURRENT_USER\software\ASProtect] [HKEY_CURRENT_USER\software\Astonsoft] [HKEY_CURRENT_USER\software\ATI] [HKEY_CURRENT_USER\software\AusLogics] [HKEY_CURRENT_USER\software\Avg] [HKEY_CURRENT_USER\software\AVG Security Toolbar] [HKEY_CURRENT_USER\software\AVS4YOU] [HKEY_CURRENT_USER\software\BitTorrent] [HKEY_CURRENT_USER\software\BitTorrent Acceleration Tool] [HKEY_CURRENT_USER\software\BlueRippleSound] [HKEY_CURRENT_USER\software\Camfrog] [HKEY_CURRENT_USER\software\Canneverbe Limited] [HKEY_CURRENT_USER\software\CDBurnerXP] [HKEY_CURRENT_USER\software\CDDB] [HKEY_CURRENT_USER\software\Clients] [HKEY_CURRENT_USER\software\Counter-Strike Source] [HKEY_CURRENT_USER\software\Cyberlink] [HKEY_CURRENT_USER\software\Digital River] [HKEY_CURRENT_USER\software\DT Soft] [HKEY_CURRENT_USER\software\eMule] [HKEY_CURRENT_USER\software\ESET] [HKEY_CURRENT_USER\software\Gabest] [HKEY_CURRENT_USER\software\GameSpy] [HKEY_CURRENT_USER\software\Genesis Digital Innovations] [HKEY_CURRENT_USER\software\HookNetwork] [HKEY_CURRENT_USER\software\IGA] [HKEY_CURRENT_USER\software\IM Providers] [HKEY_CURRENT_USER\software\ImInstaller] [HKEY_CURRENT_USER\software\ImTOO] [HKEY_CURRENT_USER\software\Intel] [HKEY_CURRENT_USER\software\JavaSoft] [HKEY_CURRENT_USER\software\JEDI-VCL] [HKEY_CURRENT_USER\software\Labtec] [HKEY_CURRENT_USER\software\Lake] [HKEY_CURRENT_USER\software\Lavalys] [HKEY_CURRENT_USER\software\Leadertech] [HKEY_CURRENT_USER\software\LG Media Player] [HKEY_CURRENT_USER\software\Logitech] [HKEY_CURRENT_USER\software\LowRegistry] [HKEY_CURRENT_USER\software\Macromedia] [HKEY_CURRENT_USER\software\Malwarebytes' Anti-Malware] [HKEY_CURRENT_USER\software\ManyCam 2.4] [HKEY_CURRENT_USER\software\Microsoft] [HKEY_CURRENT_USER\software\Mobileleader] [HKEY_CURRENT_USER\software\Mozilla] [HKEY_CURRENT_USER\software\Netscape] [HKEY_CURRENT_USER\software\Neuf] [HKEY_CURRENT_USER\software\Patchou] [HKEY_CURRENT_USER\software\Piriform] [HKEY_CURRENT_USER\software\PMU] [HKEY_CURRENT_USER\software\Policies] [HKEY_CURRENT_USER\software\Raxco] [HKEY_CURRENT_USER\software\RealNetworks] [HKEY_CURRENT_USER\software\Safer Networking Limited] [HKEY_CURRENT_USER\software\Samsung] [HKEY_CURRENT_USER\software\SecuROM] [HKEY_CURRENT_USER\software\Sensaura] [HKEY_CURRENT_USER\software\SOCID] [HKEY_CURRENT_USER\software\SoftVTU] [HKEY_CURRENT_USER\software\TeamViewer] [HKEY_CURRENT_USER\software\Trolltech] [HKEY_CURRENT_USER\software\TuneUp] [HKEY_CURRENT_USER\software\Ubisoft] [HKEY_CURRENT_USER\software\Usbfix] [HKEY_CURRENT_USER\software\Valve] [HKEY_CURRENT_USER\software\VB and VBA Program Settings] [HKEY_CURRENT_USER\software\VHLD] [HKEY_CURRENT_USER\software\Victime Emule 0.4] [HKEY_CURRENT_USER\software\VSO] [HKEY_CURRENT_USER\software\WinRAR] [HKEY_CURRENT_USER\software\WinRAR SFX] [HKEY_CURRENT_USER\software\X10] [HKEY_CURRENT_USER\software\YahooPartnerToolbar] [HKEY_CURRENT_USER\software\ZjSoft] [HKEY_CURRENT_USER\software\Classes] [ REG_SZ ] [HKEY_LOCAL_MACHINE\software\14919ea49a8f3b4aa3cf1058d9a64cec] [HKEY_LOCAL_MACHINE\software\Adobe] [HKEY_LOCAL_MACHINE\software\AGEIA Technologies] [HKEY_LOCAL_MACHINE\software\Ahead] [HKEY_LOCAL_MACHINE\software\ALWIL Software] [HKEY_LOCAL_MACHINE\software\America Online] [HKEY_LOCAL_MACHINE\software\Apple Computer, Inc.] [HKEY_LOCAL_MACHINE\software\Apple Inc.] [HKEY_LOCAL_MACHINE\software\ATI] [HKEY_LOCAL_MACHINE\software\ATI Technologies] [HKEY_LOCAL_MACHINE\software\ATI Technologies Inc.] [HKEY_LOCAL_MACHINE\software\Aureal] [HKEY_LOCAL_MACHINE\software\AVG] [HKEY_LOCAL_MACHINE\software\AVS4YOU] [HKEY_LOCAL_MACHINE\software\BitTorrent Acceleration Tool] [HKEY_LOCAL_MACHINE\software\BlueRippleSound] [HKEY_LOCAL_MACHINE\software\Bohemia Interactive] [HKEY_LOCAL_MACHINE\software\Bohemia Interactive Studio] [HKEY_LOCAL_MACHINE\software\BrowserChoice] [HKEY_LOCAL_MACHINE\software\C07ft5Y] [HKEY_LOCAL_MACHINE\software\Caphyon] [HKEY_LOCAL_MACHINE\software\CCleaner] [HKEY_LOCAL_MACHINE\software\CDDB] [HKEY_LOCAL_MACHINE\software\Classes] [HKEY_LOCAL_MACHINE\software\Clients] [HKEY_LOCAL_MACHINE\software\Codemasters] [HKEY_LOCAL_MACHINE\software\Common Toolkit Suite] [HKEY_LOCAL_MACHINE\software\ComputerAssociates] [HKEY_LOCAL_MACHINE\software\CyberLink] [HKEY_LOCAL_MACHINE\software\DICE] [HKEY_LOCAL_MACHINE\software\Digital River] [HKEY_LOCAL_MACHINE\software\DIOC] [HKEY_LOCAL_MACHINE\software\DT Soft] [HKEY_LOCAL_MACHINE\software\EA Games] [HKEY_LOCAL_MACHINE\software\Electronic Arts] [HKEY_LOCAL_MACHINE\software\ESET] [HKEY_LOCAL_MACHINE\software\Futuremark] [HKEY_LOCAL_MACHINE\software\GEAR Software] [HKEY_LOCAL_MACHINE\software\Gemplus] [HKEY_LOCAL_MACHINE\software\Google] [HKEY_LOCAL_MACHINE\software\ICSI] [HKEY_LOCAL_MACHINE\software\Illusion Softworks] [HKEY_LOCAL_MACHINE\software\ImInstaller] [HKEY_LOCAL_MACHINE\software\InstallShield] [HKEY_LOCAL_MACHINE\software\Intel] [HKEY_LOCAL_MACHINE\software\JavaSoft] [HKEY_LOCAL_MACHINE\software\JreMetrics] [HKEY_LOCAL_MACHINE\software\KasperskyLab] [HKEY_LOCAL_MACHINE\software\Lake] [HKEY_LOCAL_MACHINE\software\Lavasoft] [HKEY_LOCAL_MACHINE\software\Licenses] [HKEY_LOCAL_MACHINE\software\Logitech] [HKEY_LOCAL_MACHINE\software\Macromedia] [HKEY_LOCAL_MACHINE\software\Malwarebytes' Anti-Malware] [HKEY_LOCAL_MACHINE\software\ManyCam] [HKEY_LOCAL_MACHINE\software\MarkAny] [HKEY_LOCAL_MACHINE\software\MCCI] [HKEY_LOCAL_MACHINE\software\Microsoft] [HKEY_LOCAL_MACHINE\software\MidasHeurScanner] [HKEY_LOCAL_MACHINE\software\MimarSinan] [HKEY_LOCAL_MACHINE\software\Mozilla] [HKEY_LOCAL_MACHINE\software\mozilla.org] [HKEY_LOCAL_MACHINE\software\MozillaPlugins] [HKEY_LOCAL_MACHINE\software\Nero] [HKEY_LOCAL_MACHINE\software\Neuf] [HKEY_LOCAL_MACHINE\software\Norton] [HKEY_LOCAL_MACHINE\software\Notepad] [HKEY_LOCAL_MACHINE\software\Nsc] [HKEY_LOCAL_MACHINE\software\Nullsoft] [HKEY_LOCAL_MACHINE\software\ODBC] [HKEY_LOCAL_MACHINE\software\OldTimer Tools] [HKEY_LOCAL_MACHINE\software\OpenAL] [HKEY_LOCAL_MACHINE\software\Patchou] [HKEY_LOCAL_MACHINE\software\Paul Gerhart Software] [HKEY_LOCAL_MACHINE\software\PC Connectivity Solution] [HKEY_LOCAL_MACHINE\software\PCSuite] [HKEY_LOCAL_MACHINE\software\PKR] [HKEY_LOCAL_MACHINE\software\Policies] [HKEY_LOCAL_MACHINE\software\Program Groups] [HKEY_LOCAL_MACHINE\software\RealNetworks] [HKEY_LOCAL_MACHINE\software\RegisteredApplications] [HKEY_LOCAL_MACHINE\software\RichFX] [HKEY_LOCAL_MACHINE\software\Safer Networking Limited] [HKEY_LOCAL_MACHINE\software\Samsung] [HKEY_LOCAL_MACHINE\software\Schlumberger] [HKEY_LOCAL_MACHINE\software\Secure] [HKEY_LOCAL_MACHINE\software\Sonic] [HKEY_LOCAL_MACHINE\software\Symantec] [HKEY_LOCAL_MACHINE\software\TeamViewer] [HKEY_LOCAL_MACHINE\software\TechCity] [HKEY_LOCAL_MACHINE\software\Trad-FR] [HKEY_LOCAL_MACHINE\software\TuneUp] [HKEY_LOCAL_MACHINE\software\Uniblue] [HKEY_LOCAL_MACHINE\software\uTorrent Turbo Booster] [HKEY_LOCAL_MACHINE\software\Valve] [HKEY_LOCAL_MACHINE\software\VideoLAN] [HKEY_LOCAL_MACHINE\software\VSO] [HKEY_LOCAL_MACHINE\software\Windows] [HKEY_LOCAL_MACHINE\software\Windows 3.1 Migration Status] [HKEY_LOCAL_MACHINE\software\WinRAR] [HKEY_LOCAL_MACHINE\software\Xing Technology Corp.] [HKEY_LOCAL_MACHINE\software\ZSMC] ¤¤¤¤¤¤¤¤¤¤ Files/folders ¤¤¤¤¤¤¤¤¤¤ Present !! : C:\WINDOWS\003037_.tmp Present !! : C:\WINDOWS\SET3.tmp Present !! : C:\WINDOWS\SET4.tmp Present !! : C:\WINDOWS\SET8.tmp Present !! : C:\WINDOWS\_delis32.ini Present !! : C:\WINDOWS\System32\drivers\etc\hosts.msn Present !! : C:\WINDOWS\System32\pc_drugs.dat Present !! : C:\WINDOWS\System32\pc_gambling.dat Present !! : C:\WINDOWS\System32\pc_games.dat Present !! : C:\WINDOWS\System32\pc_hate.dat Present !! : C:\WINDOWS\System32\pc_illegal.dat Present !! : C:\WINDOWS\System32\pc_im.dat Present !! : C:\WINDOWS\System32\pc_news.dat Present !! : C:\WINDOWS\System32\pc_onlinedating.dat Present !! : C:\WINDOWS\System32\pc_onlinepay.dat Present !! : C:\WINDOWS\System32\pc_onlineshop.dat Present !! : C:\WINDOWS\System32\pc_pornography.dat Present !! : C:\WINDOWS\System32\pc_regionaltlds.dat Present !! : C:\WINDOWS\System32\pc_searchengines.dat Present !! : C:\WINDOWS\System32\pc_socialnetworks.dat Present !! : C:\WINDOWS\System32\pc_tabloids.dat Present !! : C:\WINDOWS\System32\pc_video.dat Present !! : C:\WINDOWS\System32\pc_webproxy.dat Present !! : C:\WINDOWS\System32\SET144.tmp Present !! : C:\WINDOWS\System32\SET23.tmp Present !! : C:\Documents and Settings\$\Application data\inst.exe Present !! : C:\Documents and Settings\$\Application Data\pcouffin.inf Present !! : C:\Documents and Settings\$\Application Data\pcouffin.log Present !! : C:\Documents and Settings\$\Application Data\inst.exe ¤¤¤¤¤¤¤¤¤¤ Keys : Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {0E5CBF21-D15F-11D0-8301-00AA005B4383} Present !! : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d} Present !! : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d} Present !! : HKCR\ImageOle.GifAnimator Present !! : HKCR\ImageOle.GifAnimator.1 Present !! : HKCR\interface\{0C1CF2DF-05A3-4FEF-8CD4-F5CFC4355A16} Present !! : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d} Present !! : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d} Present !! : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d} Present !! : HKCR\Typelib\{710993A2-4F87-41D7-B6FE-F5A20368465F} Present !! : HKLM\SOFTWARE\Classes\CLSID\{06ADA938-0FB0-4BC0-B19B-0A38AB17F182} Present !! : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS Present !! : HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHNAS Present !! : HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHNAS FEATURE_BROWSER_EMULATION | svchost : ==================================== ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

gen-hackman · Answer

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...." 

&#9654 Relance List_Kill'em,avec le raccourci sur ton bureau.

mais cette fois-ci :

&#9654 choisis l'Option Clean

laisse travailler l'outil.

en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,

&#9654 colle le contenu dans ta reponse

denver · Answer

¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.1.1.0 ¤¤¤¤¤¤¤¤¤¤ User : $ (Administrateurs) Update on 13/10/2010 by g3n-h@ckm@n ::::: 19.00 Start at: 13:33:56 | 15/10/2010 Intel(R) Pentium(R) D CPU 3.00GHz Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3 Internet Explorer 8.0.6001.18702 Windows Firewall Status : Disabled C:\ -> Disque fixe local | 115,14 Go (72,01 Go free) [BOOT] | NTFS D:\ -> Disque fixe local | 111,74 Go (110,15 Go free) [BACKUP] | NTFS E:\ -> Disque fixe local | 5,99 Go (3,64 Go free) [RECOVER] | FAT32 F:\ -> Disque CD-ROM H:\ -> Disque amovible I:\ -> Disque amovible J:\ -> Disque CD-ROM K:\ -> Disque amovible ¤¤¤¤¤¤¤¤¤¤ Files/folders : Quarantined & Deleted !! : C:\WINDOWS\003037_.tmp Quarantined & Deleted !! : C:\WINDOWS\SET3.tmp Quarantined & Deleted !! : C:\WINDOWS\SET4.tmp Quarantined & Deleted !! : C:\WINDOWS\SET8.tmp Quarantined & Deleted !! : C:\WINDOWS\_delis32.ini Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\etc\hosts.msn Quarantined & Deleted !! : C:\WINDOWS\System32\pc_drugs.dat Quarantined & Deleted !! : C:\WINDOWS\System32\pc_gambling.dat Quarantined & Deleted !! : C:\WINDOWS\System32\pc_games.dat Quarantined & Deleted !! : C:\WINDOWS\System32\pc_hate.dat Quarantined & Deleted !! : C:\WINDOWS\System32\pc_illegal.dat Quarantined & Deleted !! : C:\WINDOWS\System32\pc_im.dat Quarantined & Deleted !! : C:\WINDOWS\System32\pc_news.dat Quarantined & Deleted !! : C:\WINDOWS\System32\pc_onlinedating.dat Quarantined & Deleted !! : C:\WINDOWS\System32\pc_onlinepay.dat Quarantined & Deleted !! : C:\WINDOWS\System32\pc_onlineshop.dat Quarantined & Deleted !! : C:\WINDOWS\System32\pc_pornography.dat Quarantined & Deleted !! : C:\WINDOWS\System32\pc_regionaltlds.dat Quarantined & Deleted !! : C:\WINDOWS\System32\pc_searchengines.dat Quarantined & Deleted !! : C:\WINDOWS\System32\pc_socialnetworks.dat Quarantined & Deleted !! : C:\WINDOWS\System32\pc_tabloids.dat Quarantined & Deleted !! : C:\WINDOWS\System32\pc_video.dat Quarantined & Deleted !! : C:\WINDOWS\System32\pc_webproxy.dat Quarantined & Deleted !! : C:\WINDOWS\System32\SET144.tmp Quarantined & Deleted !! : C:\WINDOWS\System32\SET23.tmp Quarantined & Deleted !! : C:\Documents and Settings\$\Application data\inst.exe Quarantined & Deleted !! : C:\Documents and Settings\$\Application Data\pcouffin.inf Quarantined & Deleted !! : C:\Documents and Settings\$\Application Data\pcouffin.log Quarantined & Deleted !! : C:\Documents and Settings\$\LOCAL Settings\Temp\catchme.dll ¤¤¤¤¤¤¤¤¤¤ Hosts ¤¤¤¤¤¤¤¤¤¤ 127.0.0.1 localhost ¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤ Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {0E5CBF21-D15F-11D0-8301-00AA005B4383} Deleted : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d} Deleted : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d} Deleted : HKCR\ImageOle.GifAnimator Deleted : HKCR\ImageOle.GifAnimator.1 Deleted : HKCR\interface\{0C1CF2DF-05A3-4FEF-8CD4-F5CFC4355A16} Deleted : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d} Deleted : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d} Deleted : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d} Deleted : HKCR\Typelib\{710993A2-4F87-41D7-B6FE-F5A20368465F} Deleted : HKLM\SOFTWARE\Classes\CLSID\{06ADA938-0FB0-4BC0-B19B-0A38AB17F182} Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS Deleted : HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHNAS ¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤ [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] Start Page = https://www.msn.com/fr-fr/?ocid=iehp Local Page = C:\WINDOWS\system32\blank.htm Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] Start Page = https://www.google.com/?gws_rd=ssl Local Page = C:\WINDOWS\system32\blank.htm Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ¤¤¤¤¤¤¤¤¤¤ Security Center ¤¤¤¤¤¤¤¤¤¤ [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] FirstRunDisabled = 1 () AntiVirusDisableNotify = 0 (0x0) FirewallDisableNotify = 0 (0x0) UpdatesDisableNotify = 0 (0x0) AntiVirusOverride = 0 (0x0) FirewallOverride = 0 (0x0) ¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤ Ndisuio : Start = 3 EapHost : Start = 2 Ip6Fw : Start = 2 SharedAccess : Start = 2 wuauserv : Start = 2 wscsvc : Start = 2 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Disk Cleaned anti-ver blaster : OK Prefetch cleaned ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ FEATURE_BROWSER_EMULATION | svchost : ==================================== Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys spce.sys hal.dll >>UNKNOWN [0x89E03938]<< kernel: MBR read successfully user & kernel MBR OK ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

gen-hackman · Answer

refais un scan OTL stp comme au debut

denver · Answer

OTL logfile created on: 15/10/2010 13:53:27 - Run 3
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\$\Bureau
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 77,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 92,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 115,14 Gb Total Space | 71,96 Gb Free Space | 62,50% Space Free | Partition Type: NTFS
Drive D: | 111,74 Gb Total Space | 110,15 Gb Free Space | 98,58% Space Free | Partition Type: NTFS
Drive E: | 5,99 Gb Total Space | 3,64 Gb Free Space | 60,79% Space Free | Partition Type: FAT32

Computer Name: OEM-2B7087C8C3D | User Name: $ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010/10/15 11:35:03 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\$\Bureau\OTL.exe
PRC - [2010/07/11 23:22:34 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
PRC - [2010/03/04 23:38:02 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/10/15 10:53:54 | 000,959,808 | ---- | M] (SFR) -- C:\Program Files\SFR\Kit\9props.exe
PRC - [2009/09/30 20:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/04/02 18:05:22 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2009/03/31 09:39:36 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/12/13 10:45:34 | 000,176,128 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
PRC - [2005/10/12 13:30:42 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2005/10/12 13:30:24 | 000,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2001/11/12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe

[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010/10/15 11:35:03 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\$\Bureau\OTL.exe
MOD - [2008/04/14 04:32:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2010/03/04 23:38:02 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/03/31 09:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2005/12/13 10:45:34 | 000,176,128 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe -- (ELService)
SRV - [2005/10/12 13:30:24 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel(R)
SRV - [2005/10/06 18:12:44 | 000,856,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2005/04/04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2001/11/12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys -- (USBModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\lgusbbus.sys -- (usbbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\lgvmodem.sys -- (LGVMODEM)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\lgbtbus.sys -- (lgbusenum)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\lgbtport.sys -- (LgBttPort)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\$\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\avfsfilter.sys -- (AVFSFilter)
DRV - [2010/10/10 15:17:53 | 000,013,440 | ---- | M] (ICSI Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBCRFT.SYS -- (CardReaderFilter)
DRV - [2010/09/13 16:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2009/12/19 13:12:39 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/03/31 09:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/03/20 10:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009/03/20 10:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009/03/20 10:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2008/05/06 08:01:50 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2008/04/13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/13 20:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Pilote USB audio (WDM)
DRV - [2008/04/13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/14 12:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007/10/25 17:26:10 | 000,005,632 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2006/03/17 17:24:10 | 001,520,640 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/12/13 10:45:20 | 000,007,808 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ELacpi.sys -- (ELacpi)
DRV - [2005/12/13 10:45:18 | 000,007,040 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELmon.sys -- (ELmon)
DRV - [2005/12/13 10:45:00 | 000,006,912 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELkbd.sys -- (ELkbd)
DRV - [2005/12/13 10:44:58 | 000,006,528 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELmou.sys -- (ELmou)
DRV - [2005/12/13 10:44:56 | 000,010,112 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELhid.sys -- (ELhid)
DRV - [2005/12/06 12:16:20 | 000,826,752 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2005/10/12 13:07:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iastor)
DRV - [2005/06/13 11:50:38 | 000,007,040 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\x10hid.sys -- (X10Hid)
DRV - [2005/05/12 14:39:56 | 001,287,296 | ---- | M] (C-Media Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmudax.sys -- (cmudax)
DRV - [2004/03/17 16:10:40 | 000,113,664 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/01/21 03:14:46 | 000,005,915 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2004/01/21 03:14:42 | 000,271,360 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0) Labtec WebCam Pro(PID_08A0)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-619478507-2902194733-1154510819-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-619478507-2902194733-1154510819-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-619478507-2902194733-1154510819-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
IE - HKU\S-1-5-21-619478507-2902194733-1154510819-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-619478507-2902194733-1154510819-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "Rechercher MyStart"
FF - prefs.js..browser.search.param.yahoooe÷-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.search.selectedEngine: "Rechercher MyStart"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.fr/?client=firefox-a&rls=org.mozilla:fr:official&gws_rd=ssl"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: radiobar@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.0.232
FF - prefs.js..keyword.URL: "http://redirecterror.sfr.fr/?q="

FF - user.js..keyword.URL: "http://redirecterror.sfr.fr/?q="

FF - HKLM\software\mozilla\Firefox\extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/20 16:54:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/11 23:23:59 | 000,000,000 | ---D | M]

[2009/12/18 21:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\$\Application Data\Mozilla\Extensions
[2010/10/14 19:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\$\Application Data\Mozilla\Firefox\Profiles\swtbzr4m.default\extensions
[2010/01/04 12:08:01 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\$\Application Data\Mozilla\Firefox\Profiles\swtbzr4m.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/05/02 11:05:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\$\Application Data\Mozilla\Firefox\Profiles\swtbzr4m.default\extensions\radiobar@toolbar
[2010/06/09 10:23:59 | 000,002,650 | ---- | M] () -- C:\Documents and Settings\$\Application Data\Mozilla\Firefox\Profiles\swtbzr4m.default\searchplugins\bing.xml
[2010/08/02 00:24:19 | 000,002,139 | ---- | M] () -- C:\Documents and Settings\$\Application Data\Mozilla\Firefox\Profiles\swtbzr4m.default\searchplugins\MyStart Search.xml
[2010/10/14 19:49:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/12 18:23:17 | 000,000,000 | ---D | M] (PHPNukeFR Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{1c491116-c175-45e1-a570-6fb14fea8b7b}
[2010/07/31 13:37:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010/03/15 12:24:33 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/03/15 12:24:33 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/03/15 12:24:33 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/03/15 12:24:33 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/03/25 01:17:32 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2010/10/15 13:34:39 | 000,000,794 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Objet d'aide à la navigation SFR) - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll (SFR)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-619478507-2902194733-1154510819-1005\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-619478507-2902194733-1154510819-1005\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\S-1-5-21-619478507-2902194733-1154510819-1005\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [Cmaudio] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-619478507-2902194733-1154510819-1005..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-619478507-2902194733-1154510819-1005..\Run: [Connexion SFR 9props.exe] C:\Program Files\SFR\Kit\9props.exe (SFR)
O4 - HKU\S-1-5-21-619478507-2902194733-1154510819-1005..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-619478507-2902194733-1154510819-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-619478507-2902194733-1154510819-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O9 - Extra Button: PMU Poker - {06568ceb-5721-47d4-9d93-7e604fcbaeab} - C:\Program Files\PMU\PMUPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PMU Poker - {06568ceb-5721-47d4-9d93-7e604fcbaeab} - C:\Program Files\PMU\PMUPoker\RunApp.exe File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/... (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/... (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\$\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\$\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/15 13:48:54 | 000,000,004 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/10/15 12:10:07 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/10/15 12:10:07 | 000,000,000 | RHSD | M] - D:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/10/15 12:10:08 | 000,000,000 | RHSD | M] - E:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{1ed882c4-2ced-11df-bd69-0016175c9a93}\Shell - "" = AutoRun
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 90 Days ==========[/color]

[2010/10/15 12:13:42 | 000,000,000 | ---D | C] -- C:\Kill'em
[2010/10/15 12:10:07 | 000,000,000 | RHSD | C] -- C:\Autorun.inf
[2010/10/15 12:07:11 | 000,000,000 | ---D | C] -- C:\UsbFix
[2010/10/15 11:58:18 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover
[2010/10/15 11:35:03 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\$\Bureau\OTL.exe
[2010/10/12 13:13:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\$\Recent
[2010/10/11 15:34:25 | 000,000,000 | ---D | C] -- C:\Program Files\List_Kill'em
[2010/10/11 15:31:51 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys
[2010/10/10 19:17:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\$\Local Settings\Application Data\AVG Security Toolbar
[2010/10/10 15:16:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\$\Application Data\AVG10
[2010/10/10 15:15:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/10/10 15:14:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/10 15:13:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/10/08 22:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\$\Mes documents\Nouveau dossier (2)
[2010/10/08 22:27:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2010/10/08 22:27:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\$\Application Data\AVS4YOU
[2010/10/08 22:27:22 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\AVSMedia
[2010/10/08 22:27:21 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2010/10/08 18:56:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\$\Bureau\Nouveau dossier
[2010/09/29 19:59:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\$\Mes documents\My Art
[2010/09/27 18:12:01 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/09/25 18:22:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\$\Local Settings\Application Data\WinAVI
[2010/09/25 18:14:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\$\Mes documents\PcSetup
[2010/09/24 13:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\clp
[2010/09/24 13:46:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\$\Application Data\Fighters
[2010/09/24 13:46:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\$\Local Settings\Application Data\PackageAware
[2010/09/18 13:13:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\$\Mes documents\NPS
[2010/09/13 16:27:24 | 000,025,680 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSEH.sys
[2010/09/13 11:51:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\$\Mes documents\Téléchargements
[2010/09/12 16:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\$\Mes documents\Nouveau dossier
[2010/09/11 13:14:33 | 000,000,000 | ---D | C] -- C:\Program Files\dpp
[2010/09/11 13:11:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\$\Application Data\Auslogics
[2010/09/04 20:41:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ESET
[2010/09/04 18:36:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\$\Local Settings\Application Data\ESET
[2010/08/21 02:07:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TrackMania
[2010/08/13 20:20:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\$\Application Data\SecuROM
[2010/08/08 01:26:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\$\Application Data\Lavasoft
[2010/08/01 17:58:43 | 000,000,000 | ---D | C] -- C:\Program Files\PMU
[2010/07/26 15:25:17 | 000,000,000 | ---D | C] -- C:\Program Files\Xenocode
[2010/07/26 15:25:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\$\Local Settings\Application Data\Xenocode
[2010/07/25 14:15:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\$\Application Data\PhotoFiltre
[2010/07/22 16:17:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/07/22 16:17:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\$\Application Data\PC Suite
[2010/07/22 16:15:00 | 000,090,624 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll
[2010/07/22 16:14:58 | 000,021,632 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2010/07/22 16:14:48 | 000,121,856 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bmdm.sys
[2010/07/22 16:14:48 | 000,090,112 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\ss_bbus.sys
[2010/07/22 16:14:48 | 000,014,976 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bmdfl.sys
[2010/07/22 16:14:48 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bcmnt.sys
[2010/07/22 16:14:48 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bcm.sys
[2010/07/22 16:14:47 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bwhnt.sys
[2010/07/22 16:14:47 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bwh.sys
[2010/07/22 16:12:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Samsung_USB_Drivers
[2010/07/22 16:12:55 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/07/22 16:12:15 | 000,233,472 | ---- | C] (Teruten) -- C:\WINDOWS\System32\FsUsbExService.Exe
[2010/07/22 16:12:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\$\Application Data\Samsung
[2010/07/22 16:11:50 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2010/07/22 16:11:48 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010/07/22 16:11:17 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2010/07/22 14:50:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS
[2010/07/22 14:50:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS\0207030.022
[2010/07/17 16:56:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/07/17 16:56:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/07/17 16:56:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/07/17 16:26:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\$\Application Data\Camfrog
[2010/07/17 16:26:17 | 000,000,000 | ---D | C] -- C:\Program Files\Camfrog
[2009/12/19 13:39:59 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\$\Application Data\pcouffin.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 90 Days ==========[/color]

[2010/10/15 13:49:53 | 000,505,356 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/10/15 13:49:53 | 000,436,180 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/15 13:49:53 | 000,082,646 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/10/15 13:49:53 | 000,069,500 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/15 13:48:54 | 000,000,004 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/10/15 13:34:39 | 000,000,794 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/15 12:49:55 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-619478507-2902194733-1154510819-1005.job
[2010/10/15 12:49:51 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/15 12:49:48 | 2145,898,496 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/15 12:13:42 | 000,001,624 | ---- | M] () -- C:\Documents and Settings\$\Bureau\List_Kill'em.lnk
[2010/10/15 12:10:07 | 000,014,426 | ---- | M] () -- C:\UsbFix_Upload_Me_OEM-2B7087C8C3D.zip
[2010/10/15 11:58:18 | 000,001,558 | ---- | M] () -- C:\Documents and Settings\$\Bureau\AD-R.lnk
[2010/10/15 11:35:03 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\$\Bureau\OTL.exe
[2010/10/15 11:08:51 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\$\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/11 15:31:53 | 000,000,771 | ---- | M] () -- C:\Documents and Settings\$\Bureau\EVEREST Home Edition.lnk
[2010/10/10 16:38:01 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-619478507-2902194733-1154510819-1005.job
[2010/10/10 15:17:53 | 000,013,440 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\System32\drivers\USBCRFT.SYS
[2010/10/10 15:11:15 | 000,003,072 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/10/09 10:56:47 | 000,000,768 | ---- | M] () -- C:\Documents and Settings\$\Application Data\Microsoft\Internet Explorer\Quick Launch\DeepBurner.lnk
[2010/10/09 10:56:47 | 000,000,750 | ---- | M] () -- C:\Documents and Settings\$\Bureau\DeepBurner.lnk
[2010/10/09 10:55:29 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\$\Application Data\pcouffin.sys
[2010/10/09 10:55:29 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\$\Application Data\pcouffin.cat
[2010/10/05 17:36:00 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/10/02 13:47:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/09/30 12:20:35 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/13 16:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSEH.sys
[2010/09/06 12:23:04 | 000,417,917 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100927-181935.backup
[2010/09/03 19:43:48 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\$\Local Settings\Application Data\housecall.guid.cache
[2010/08/28 17:00:41 | 000,417,006 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100906-122304.backup
[2010/08/13 14:15:55 | 000,101,440 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/22 16:15:11 | 000,001,805 | ---- | M] () -- C:\Documents and Settings\$\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung New PC Studio.lnk
[2010/07/22 16:12:05 | 000,002,528 | ---- | M] () -- C:\Documents and Settings\$\Application Data\$_hpcst$.hpc
[2010/07/22 14:05:27 | 000,000,052 | ---- | M] () -- C:\WINDOWS\System32\ashttpstats.csv
[2010/07/22 13:57:41 | 000,000,376 | ---- | M] () -- C:\Documents and Settings\$\Application Dataprivacy.xml
[2010/07/17 16:56:32 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NSS\0207030.022\isolate.ini
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010/10/15 12:13:42 | 000,001,624 | ---- | C] () -- C:\Documents and Settings\$\Bureau\List_Kill'em.lnk
[2010/10/15 12:10:07 | 000,014,426 | ---- | C] () -- C:\UsbFix_Upload_Me_OEM-2B7087C8C3D.zip
[2010/10/15 11:58:18 | 000,001,558 | ---- | C] () -- C:\Documents and Settings\$\Bureau\AD-R.lnk
[2010/10/11 15:31:52 | 000,000,771 | ---- | C] () -- C:\Documents and Settings\$\Bureau\EVEREST Home Edition.lnk
[2010/10/09 10:56:47 | 000,000,768 | ---- | C] () -- C:\Documents and Settings\$\Application Data\Microsoft\Internet Explorer\Quick Launch\DeepBurner.lnk
[2010/10/09 10:56:47 | 000,000,750 | ---- | C] () -- C:\Documents and Settings\$\Bureau\DeepBurner.lnk
[2010/09/03 19:43:48 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\$\Local Settings\Application Data\housecall.guid.cache
[2010/08/28 16:20:52 | 2145,898,496 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/22 16:15:11 | 000,001,805 | ---- | C] () -- C:\Documents and Settings\$\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung New PC Studio.lnk
[2010/07/22 16:12:15 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/07/22 16:12:15 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/07/22 16:12:05 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\$\Application Data\$_hpcst$.hpc
[2010/07/17 16:56:32 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NSS\0207030.022\isolate.ini
[2010/06/13 17:32:21 | 000,000,025 | ---- | C] () -- C:\Documents and Settings\$\Application Data\bdfvconp.ini
[2010/04/20 16:14:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CleanUp.INI
[2009/12/20 20:43:59 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\$\Application Data\PnkBstrK.sys
[2009/12/20 02:04:07 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\$\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/19 13:40:11 | 000,001,041 | ---- | C] () -- C:\Documents and Settings\$\Application Data\vso_ts_preview.xml
[2009/12/19 13:39:59 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\$\Application Data\pcouffin.cat
[2009/12/19 13:12:38 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/12/18 22:14:24 | 000,017,191 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/12/18 21:33:51 | 000,000,266 | ---- | C] () -- C:\WINDOWS\Dit.INI
[2009/12/18 20:42:17 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/12/18 20:37:35 | 000,000,124 | ---- | C] () -- C:\Documents and Settings\$\Local Settings\Application Data\fusioncache.dat
[2009/11/12 14:48:58 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\StarOpen.sys
[2009/08/03 00:21:54 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2006/05/02 14:50:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/02 13:37:15 | 000,003,712 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/05/02 13:18:16 | 000,000,821 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/05/02 09:52:34 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2006/05/02 09:37:12 | 000,000,734 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/04/28 11:18:51 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/12/21 16:05:13 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2005/08/05 15:38:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010/09/11 13:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\$\Application Data\Auslogics
[2010/10/10 15:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\$\Application Data\AVG10
[2010/07/17 16:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\$\Application Data\Camfrog
[2010/02/25 20:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\$\Application Data\Canneverbe Limited
[2010/03/14 15:01:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\$\Application Data\Capturino
[2010/02/13 16:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\$\Application Data\CopyTransPhoto
[2009/12/20 17:18:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\$\Application Data\DAEMON Tools Lite
[2010/01/20 19:38:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\$\Application Data\DeepBurner
[2010/09/25 18:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\$\Application Data\Fighters
[2010/01/12 18:07:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\$\Application Data\FreeAudioPack
[2010/05/05 19:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\$\Application Data\GetRightToGo
[2009/12/23 22:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\$\Application Data\Leadertech
[2009/12/21 14:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\$\Application Data\ManyCam
[2010/07/22 16:17:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\$\Application Data\PC Suite
[2010/07/25 15:47:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\$\Application Data\PhotoFiltre
[2010/07/22 16:12:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\$\Application Data\Samsung
[2010/03/19 02:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\$\Application Data\TeamViewer
[2010/01/02 14:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\$\Application Data\TuneUp Software
[2010/03/28 04:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\$\Application Data\Uniblue
[2010/10/15 12:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\$\Application Data\uTorrent
[2010/10/09 10:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\$\Application Data\Vso
[2010/02/13 16:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\$\Application Data\WindSolutions
[2010/10/10 15:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/10/11 13:22:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/07/22 14:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2010/02/25 20:10:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/09/25 10:31:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\clp
[2010/10/10 15:15:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/12/19 13:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/03/28 01:52:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2010/10/10 15:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/07/22 16:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/06/14 12:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/21 18:12:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrackMania
[2010/02/08 17:54:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/06/14 12:02:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2009/12/23 14:47:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/02/13 16:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2010/02/08 17:59:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2010/01/15 21:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/01/02 14:46:01 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010/01/04 14:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\TuneUp Software
[2006/05/02 10:51:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\X10 Commander
[2010/10/05 17:36:00 | 000,000,492 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 165 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:663565B1
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >

gen-hackman · Answer

tu n'as pas resuivi les instructions correctement

denver · Answer

comment sa ? jai refait un scan comme tu ma dit et je te lais envoyer

gen-hackman · Answer

non 

tu as cliqué sur quick scan j'avais demandé analyse
tu as selectionné 90j j'en avais demandé 60
tu as posté ici et non sur cijoint.fr comme demandé

ce n'est pas ce qui etait demandé

I,fevtion rootkit

24 réponses

Votre réponse

Discussions similaires

Newsletters