Pb d'infection ou pas?
Résolu/Fermé
A voir également:
- Pb d'infection ou pas?
- L'ordinateur de samantha a été infecté par un virus répertorié récemment. son anti-virus ne l'a pas détecté. qu'a-t-il pu se passer ? - Forum Virus
- L'ordinateur de mustapha a été infecté par un virus répertorié récemment. son anti-virus ne l'a pas détecté. qu'a-t-il pu se passer ? - Forum Windows
- L'ordinateur de simon a été infecté par un virus répertorié récemment. son anti-virus ne l'a pas détecté. qu'a-t-il pu se passer ? - Forum Cinéma / Télé
- [Infecté] ✓ - Forum Virus
- Simon - Forum Jeux vidéo
30 réponses
benurrr
Messages postés
9643
Date d'inscription
samedi 24 mai 2008
Statut
Contributeur sécurité
Dernière intervention
11 janvier 2012
107
Modifié par benurrr le 8/11/2010 à 17:05
Modifié par benurrr le 8/11/2010 à 17:05
salut
regarde içi
https://www.commentcamarche.net/informatique/windows/223-nettoyer-un-pc-devenu-lent-avec-les-outils-de-windows/
et la
https://www.commentcamarche.net/informatique/windows/223-nettoyer-un-pc-devenu-lent-avec-les-outils-de-windows/
Par Manque De Curiosité On Risque De Mourir Ignorant;Tu es libre de penser que tu es C..,
Mais C.. de penser que tu es libre...Merci a australe13
regarde içi
https://www.commentcamarche.net/informatique/windows/223-nettoyer-un-pc-devenu-lent-avec-les-outils-de-windows/
et la
https://www.commentcamarche.net/informatique/windows/223-nettoyer-un-pc-devenu-lent-avec-les-outils-de-windows/
Par Manque De Curiosité On Risque De Mourir Ignorant;Tu es libre de penser que tu es C..,
Mais C.. de penser que tu es libre...Merci a australe13
Re,
Après tous les nettoyages, c'est un peu mieux mais pas encore ça...
Que pouvez-vous me dire?
Merci d'avance....
Corel
Après tous les nettoyages, c'est un peu mieux mais pas encore ça...
Que pouvez-vous me dire?
Merci d'avance....
Corel
benurrr
Messages postés
9643
Date d'inscription
samedi 24 mai 2008
Statut
Contributeur sécurité
Dernière intervention
11 janvier 2012
107
9 nov. 2010 à 16:45
9 nov. 2010 à 16:45
salut
télécharge
https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/
a l'installation vérifie que mise a jour et lancer programme et scan complet sont bien cocher
Une fois a jour, le programme va se lancer; clic sur l'onglet paramètre, et coche la case : "Arrêter internet explorer pendant la suppression".
A la fin du scan clique sur Afficher les résultats
Vérifier si tout est coché et clic Supprimer la sélection
S'il t'es demandé de redémarrer >>> clique sur "Yes"
Et tu poste le rapport générer
télécharge
https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/
a l'installation vérifie que mise a jour et lancer programme et scan complet sont bien cocher
Une fois a jour, le programme va se lancer; clic sur l'onglet paramètre, et coche la case : "Arrêter internet explorer pendant la suppression".
A la fin du scan clique sur Afficher les résultats
Vérifier si tout est coché et clic Supprimer la sélection
S'il t'es demandé de redémarrer >>> clique sur "Yes"
Et tu poste le rapport générer
Re,
Voici le rapport :
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Version de la base de données: 5087
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11
10/11/2010 15:00:57
mbam-log-2010-11-10 (15-00-57).txt
Type d'examen: Examen complet (C:\|F:\|)
Elément(s) analysé(s): 219195
Temps écoulé: 1 heure(s), 10 minute(s), 57 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
J'attends de vos nouvelles...
Merci d'avance...
Corel
Voici le rapport :
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Version de la base de données: 5087
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11
10/11/2010 15:00:57
mbam-log-2010-11-10 (15-00-57).txt
Type d'examen: Examen complet (C:\|F:\|)
Elément(s) analysé(s): 219195
Temps écoulé: 1 heure(s), 10 minute(s), 57 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
J'attends de vos nouvelles...
Merci d'avance...
Corel
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
benurrr
Messages postés
9643
Date d'inscription
samedi 24 mai 2008
Statut
Contributeur sécurité
Dernière intervention
11 janvier 2012
107
10 nov. 2010 à 15:13
10 nov. 2010 à 15:13
Pour de plus amples informations, fait ceci stp
Ouvre ce lien et télécharge ZHPDiag de Nicolas Coolman :
https://www.commentcamarche.net/telecharger/utilitaires/24803-zhpdiag/
Une fois le téléchargement achevé, dé zippe le fichier obtenu et place ZHPDiag.exe sur ton Bureau.
Double-clique sur l'icône pour lancer le programme. Sous Vista ou Seven clic droit « exécuter en tant que administrateur »
Clique sur la loupe pour lancer l'analyse.
Laisse l'outil travailler, il peut être assez long.
Ferme ZHPDiag en fin d'analyse.
Pour transmettre le rapport clique sur ce lien :
http://www.cijoint.fr/index.php
Clique sur Parcourir et cherche le répertoire où est installé ZHPDiag (en général C:\Program Files\ZHPDiag).
Sélectionne le fichier ZHPDiag.txt.
Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt
est ajouté dans la page.
Copie ce lien dans ta réponse.
Ouvre ce lien et télécharge ZHPDiag de Nicolas Coolman :
https://www.commentcamarche.net/telecharger/utilitaires/24803-zhpdiag/
Une fois le téléchargement achevé, dé zippe le fichier obtenu et place ZHPDiag.exe sur ton Bureau.
Double-clique sur l'icône pour lancer le programme. Sous Vista ou Seven clic droit « exécuter en tant que administrateur »
Clique sur la loupe pour lancer l'analyse.
Laisse l'outil travailler, il peut être assez long.
Ferme ZHPDiag en fin d'analyse.
Pour transmettre le rapport clique sur ce lien :
http://www.cijoint.fr/index.php
Clique sur Parcourir et cherche le répertoire où est installé ZHPDiag (en général C:\Program Files\ZHPDiag).
Sélectionne le fichier ZHPDiag.txt.
Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt
est ajouté dans la page.
Copie ce lien dans ta réponse.
Re,
merci de ton aide, voici le rapport :
http://www.cijoint.fr/cjlink.php?file=cj201011/cij2iFClYP.txt
A bientôt
merci de ton aide, voici le rapport :
http://www.cijoint.fr/cjlink.php?file=cj201011/cij2iFClYP.txt
A bientôt
benurrr
Messages postés
9643
Date d'inscription
samedi 24 mai 2008
Statut
Contributeur sécurité
Dernière intervention
11 janvier 2012
107
10 nov. 2010 à 22:06
10 nov. 2010 à 22:06
Télécharge Ad-Remover sur ton bureau:
http://www.teamxscript.org/adremoverTelechargement.html
Double clique sur le fichier que tu viens de télécharger, à l'écran qui apparait, clique sur "Scanner".
Laisse travailler l'outil.
Poste le rapport qui s'affiche à l'écran quand l'analyse est terminée.
http://www.teamxscript.org/adremoverTelechargement.html
Double clique sur le fichier que tu viens de télécharger, à l'écran qui apparait, clique sur "Scanner".
Laisse travailler l'outil.
Poste le rapport qui s'affiche à l'écran quand l'analyse est terminée.
re,
le voici :
======= RAPPORT D'AD-REMOVER 2.0.0.2,B | UNIQUEMENT XP/VISTA/7 =======
Mis à jour par TeamXscript le 09/11/10 à 22:30
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 22:33:21 le 10/11/2010, Mode normal
Microsoft Windows XP Édition familiale Service Pack 3 (X86)
alain@MACHINEDUFOUR ( )
============== RECHERCHE ==============
Dossier trouvé: C:\Program Files\Trymedia
Clé trouvée: HKLM\Software\AskBarDis
Clé trouvée: HKLM\Software\PopCap
Clé trouvée: HKLM\Software\Trymedia Systems
============== SCAN ADDITIONNEL ==============
** Mozilla Firefox Version [3.6.6 (fr)] **
-- C:\Documents and Settings\alain\Application Data\Mozilla\FireFox\Profiles\jofl07ao.default\Prefs.js --
browser.startup.homepage_override.mstone, rv:1.9.2.6
========================================
** Internet Explorer Version [7.0.5730.11] **
[HKCU\Software\Microsoft\Internet Explorer\Main]
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Show_ToolBar: yes
Start Page: hxxp://www.orange.fr/
Use Custom Search URL: 1
Use Search Asst: no
[HKLM\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
========================================
C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 1 Fichier(s)
C:\Ad-Report-SCAN[1].txt - 10/11/2010 (608 Octet(s))
Fin à: 22:35:10, 10/11/2010
============== E.O.F ==============
Merci
le voici :
======= RAPPORT D'AD-REMOVER 2.0.0.2,B | UNIQUEMENT XP/VISTA/7 =======
Mis à jour par TeamXscript le 09/11/10 à 22:30
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 22:33:21 le 10/11/2010, Mode normal
Microsoft Windows XP Édition familiale Service Pack 3 (X86)
alain@MACHINEDUFOUR ( )
============== RECHERCHE ==============
Dossier trouvé: C:\Program Files\Trymedia
Clé trouvée: HKLM\Software\AskBarDis
Clé trouvée: HKLM\Software\PopCap
Clé trouvée: HKLM\Software\Trymedia Systems
============== SCAN ADDITIONNEL ==============
** Mozilla Firefox Version [3.6.6 (fr)] **
-- C:\Documents and Settings\alain\Application Data\Mozilla\FireFox\Profiles\jofl07ao.default\Prefs.js --
browser.startup.homepage_override.mstone, rv:1.9.2.6
========================================
** Internet Explorer Version [7.0.5730.11] **
[HKCU\Software\Microsoft\Internet Explorer\Main]
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Show_ToolBar: yes
Start Page: hxxp://www.orange.fr/
Use Custom Search URL: 1
Use Search Asst: no
[HKLM\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
========================================
C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 1 Fichier(s)
C:\Ad-Report-SCAN[1].txt - 10/11/2010 (608 Octet(s))
Fin à: 22:35:10, 10/11/2010
============== E.O.F ==============
Merci
benurrr
Messages postés
9643
Date d'inscription
samedi 24 mai 2008
Statut
Contributeur sécurité
Dernière intervention
11 janvier 2012
107
11 nov. 2010 à 10:15
11 nov. 2010 à 10:15
Nettoyage:
/!\ Ferme toutes tes applications ouvertes. /!\
Double clique sur le fichier que tu viens de télécharger, à l'écran qui apparait, clique sur "Nettoyer".
Laisse travailler l'outil.
Poste le rapport qui s'affiche à l'écran quand l'analyse est terminée.
/!\ Ferme toutes tes applications ouvertes. /!\
Double clique sur le fichier que tu viens de télécharger, à l'écran qui apparait, clique sur "Nettoyer".
Laisse travailler l'outil.
Poste le rapport qui s'affiche à l'écran quand l'analyse est terminée.
re,
Voilà le rapport :
======= RAPPORT D'AD-REMOVER 2.0.0.2,B | UNIQUEMENT XP/VISTA/7 =======
Mis à jour par TeamXscript le 09/11/10 à 22:30
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 10:21:49 le 11/11/2010, Mode normal
Microsoft Windows XP Édition familiale Service Pack 3 (X86)
alain@MACHINEDUFOUR ( )
============== ACTION(S) ==============
Dossier supprimé: C:\Program Files\Trymedia
(!) -- Fichiers temporaires supprimés.
Clé supprimée: HKLM\Software\AskBarDis
Clé supprimée: HKLM\Software\PopCap
Clé supprimée: HKLM\Software\Trymedia Systems
============== SCAN ADDITIONNEL ==============
** Mozilla Firefox Version [3.6.6 (fr)] **
-- C:\Documents and Settings\alain\Application Data\Mozilla\FireFox\Profiles\jofl07ao.default\Prefs.js --
browser.startup.homepage_override.mstone, rv:1.9.2.6
========================================
** Internet Explorer Version [7.0.5730.11] **
[HKCU\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Custom Search URL: 1
Use Search Asst: no
[HKLM\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
========================================
C:\Program Files\Ad-Remover\Quarantine: 3 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 14 Fichier(s)
C:\Ad-Report-CLEAN[1].txt - 11/11/2010 (535 Octet(s))
C:\Ad-Report-SCAN[1].txt - 10/11/2010 (2079 Octet(s))
Fin à: 10:23:26, 11/11/2010
============== E.O.F ==============
Voilà le rapport :
======= RAPPORT D'AD-REMOVER 2.0.0.2,B | UNIQUEMENT XP/VISTA/7 =======
Mis à jour par TeamXscript le 09/11/10 à 22:30
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 10:21:49 le 11/11/2010, Mode normal
Microsoft Windows XP Édition familiale Service Pack 3 (X86)
alain@MACHINEDUFOUR ( )
============== ACTION(S) ==============
Dossier supprimé: C:\Program Files\Trymedia
(!) -- Fichiers temporaires supprimés.
Clé supprimée: HKLM\Software\AskBarDis
Clé supprimée: HKLM\Software\PopCap
Clé supprimée: HKLM\Software\Trymedia Systems
============== SCAN ADDITIONNEL ==============
** Mozilla Firefox Version [3.6.6 (fr)] **
-- C:\Documents and Settings\alain\Application Data\Mozilla\FireFox\Profiles\jofl07ao.default\Prefs.js --
browser.startup.homepage_override.mstone, rv:1.9.2.6
========================================
** Internet Explorer Version [7.0.5730.11] **
[HKCU\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Custom Search URL: 1
Use Search Asst: no
[HKLM\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
========================================
C:\Program Files\Ad-Remover\Quarantine: 3 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 14 Fichier(s)
C:\Ad-Report-CLEAN[1].txt - 11/11/2010 (535 Octet(s))
C:\Ad-Report-SCAN[1].txt - 10/11/2010 (2079 Octet(s))
Fin à: 10:23:26, 11/11/2010
============== E.O.F ==============
benurrr
Messages postés
9643
Date d'inscription
samedi 24 mai 2008
Statut
Contributeur sécurité
Dernière intervention
11 janvier 2012
107
11 nov. 2010 à 12:21
11 nov. 2010 à 12:21
DÉSACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRÉSENTS !!!!!(car il est détecte a tort comme infection)
Télécharge ici :List_Kill'em de gen-hackman
http://sd-4.archive-host.com/membres/up/829108531491024/Mes_Tools/List_Killem_Install.exe
et enregistre le sur ton bureau
windows 7 => clic droit "exécuter en tant que administrateur
sur le raccourci sur ton bureau pour lancer l'installation
Laisse coché :
Exécuter List_Kill'em
une fois terminée , clic sur "terminer" et le programme se lancera seul
Il commencera par telecharger et installer ses mises à jour , puis te donnera son menu
choisis l'option Search
laisse travailler l'outil
il se peut qu'une boite de dialogue s'ouvre , dans ce cas clique sur "ok" ou "Agrée"
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal ,c'est une recherche supplementaire de fichiers cachés , le programme n'est pas bloqué.
Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
Télécharge ici :List_Kill'em de gen-hackman
http://sd-4.archive-host.com/membres/up/829108531491024/Mes_Tools/List_Killem_Install.exe
et enregistre le sur ton bureau
windows 7 => clic droit "exécuter en tant que administrateur
sur le raccourci sur ton bureau pour lancer l'installation
Laisse coché :
Exécuter List_Kill'em
une fois terminée , clic sur "terminer" et le programme se lancera seul
Il commencera par telecharger et installer ses mises à jour , puis te donnera son menu
choisis l'option Search
laisse travailler l'outil
il se peut qu'une boite de dialogue s'ouvre , dans ce cas clique sur "ok" ou "Agrée"
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal ,c'est une recherche supplementaire de fichiers cachés , le programme n'est pas bloqué.
Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
re,
Le rapport:
¤¤¤¤¤¤¤¤¤¤ List'em by g3n-h@ckm@n 2.1.2.0 ¤¤¤¤¤¤¤¤¤¤
User : alain (Administrateurs)
Update on 10/11/2010 by g3n-h@ckm@n ::::: 21.00
Start at: 12:38:32 | 11/11/2010
Intel(R) Celeron(R) CPU 1.70GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.11
Windows Firewall Status : Disabled
AV : avast! Antivirus 5.0.83886757 [ (!) Disabled | Updated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 36,2 Go (11,23 Go free) [HDD] | NTFS
F:\ -> Disque fixe local | 1,95 Go (474,26 Mo free) [RESTDONE] | FAT32
¤¤¤¤¤ Sessions ¤¤¤¤¤
C:\Documents and settings\alain
Boot: Normal
¤¤¤¤¤¤ Processes ------- Memory(Ko) ------- Priority ------ Command ------- Signer
C:\WINDOWS\System32\smss.exe ---- 400 Ko ---- Normal ---- \SystemRoot\System32\smss.exe ----
C:\WINDOWS\system32\csrss.exe ---- 3920 Ko ---- Normal ---- C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ----
C:\WINDOWS\system32\winlogon.exe ---- 5084 Ko ---- High ---- winlogon.exe ----
C:\WINDOWS\system32\services.exe ---- 3532 Ko ---- Normal ---- C:\WINDOWS\system32\services.exe ----
C:\WINDOWS\system32\lsass.exe ---- 2468 Ko ---- Normal ---- C:\WINDOWS\system32\lsass.exe ----
C:\WINDOWS\system32\svchost.exe ---- 4924 Ko ---- Normal ---- C:\WINDOWS\system32\svchost -k DcomLaunch ----
C:\WINDOWS\system32\svchost.exe ---- 4312 Ko ---- Normal ---- C:\WINDOWS\system32\svchost -k rpcss ----
C:\WINDOWS\System32\svchost.exe ---- 21560 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k netsvcs ----
C:\WINDOWS\System32\svchost.exe ---- 3668 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k NetworkService ----
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe ---- 30044 Ko ---- Normal ---- "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" ---- ALWIL Software
C:\WINDOWS\Explorer.EXE ---- 29516 Ko ---- Normal ---- C:\WINDOWS\Explorer.EXE ----
C:\Apps\ActivBoard\MMKeybd.exe ---- 3784 Ko ---- Normal ---- "C:\Apps\ActivBoard\MMKeybd.exe" ----
C:\WINDOWS\system32\LEXBCES.EXE ---- 3412 Ko ---- Normal ---- C:\WINDOWS\system32\LEXBCES.EXE ----
C:\Program Files\Real\RealPlayer\RealPlay.exe ---- 8060 Ko ---- Normal ---- "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER ----
C:\WINDOWS\system32\LEXPPS.EXE ---- 3392 Ko ---- Normal ---- LEXPPS.EXE ----
C:\WINDOWS\system32\spoolsv.exe ---- 5692 Ko ---- Normal ---- C:\WINDOWS\system32\spoolsv.exe ----
C:\Program Files\QuickTime\qttask.exe ---- 2500 Ko ---- Normal ---- "C:\Program Files\QuickTime\qttask.exe" -atboottime ----
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe ---- 2572 Ko ---- Normal ---- "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" ----
C:\Program Files\Alwil Software\Avast5\avastUI.exe ---- 5468 Ko ---- Normal ---- "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui ---- ALWIL Software
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe ---- 2348 Ko ---- Normal ---- "C:\Program Files\Lexmark 1200 Series\lxczbmon.exe" ----
C:\Program Files\D-Link\Diagnostics Utility\8169Diag.exe ---- 4968 Ko ---- Normal ---- "C:\Program Files\D-Link\Diagnostics Utility\8169Diag.exe" /hw ----
C:\WINDOWS\system32\RUNDLL32.EXE ---- 3692 Ko ---- Normal ---- "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit ----
C:\WINDOWS\system32\ctfmon.exe ---- 3784 Ko ---- Normal ---- "C:\WINDOWS\system32\ctfmon.exe" ----
C:\Apps\ActivBoard\TrayMon.exe ---- 2616 Ko ---- Normal ---- C:\Apps\ActivBoard\TrayMon.exe ----
C:\Apps\ActivBoard\OSD.exe ---- 2764 Ko ---- Normal ---- C:\Apps\ActivBoard\OSD.exe ----
C:\Apps\ActivBoard\nhksrv.exe ---- 1176 Ko ---- Normal ---- C:\Apps\ActivBoard\nhksrv.exe ----
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe ---- 2944 Ko ---- Normal ---- "C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe" ----
C:\WINDOWS\system32\nvsvc32.exe ---- 4392 Ko ---- Normal ---- C:\WINDOWS\system32\nvsvc32.exe ----
C:\WINDOWS\system32\slserv.exe ---- 1004 Ko ---- Normal ---- slserv.exe ----
C:\WINDOWS\System32\svchost.exe ---- 4348 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k imgsvc ----
C:\WINDOWS\System32\alg.exe ---- 3652 Ko ---- Normal ---- C:\WINDOWS\System32\alg.exe ----
C:\Program Files\internet explorer\iexplore.exe ---- 66424 Ko ---- Normal ---- "C:\Program Files\internet explorer\iexplore.exe" ---- Microsoft Corporation
C:\WINDOWS\system32\wscntfy.exe ---- 2392 Ko ---- Normal ---- C:\WINDOWS\system32\wscntfy.exe ----
C:\WINDOWS\system32\cmd.exe ---- 2844 Ko ---- Normal ---- C:\WINDOWS\system32\cmd.exe /K List'em.bat ----
C:\WINDOWS\system32\wbem\wmiprvse.exe ---- 6884 Ko ---- Normal ---- C:\WINDOWS\system32\wbem\wmiprvse.exe ----
C:\Program Files\List_Kill'em\pv.exe ---- 3764 Ko ---- Normal ---- pv -o"%f ---- %m Ko ---- %p ---- %l ---- %s" ----
¤¤¤¤¤¤¤¤¤¤ Keys "Run" ¤¤¤¤¤¤¤¤¤¤
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
WMPNSCFG = C:\Program Files\Windows Media Player\WMPNSCFG.exe
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
EM_EXEC = C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
ACTIVBOARD = C:\Apps\ActivBoard\MMKeybd.exe
RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
Lexmark 1200 Series = "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
avast5 = "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
8169Diag = C:\Program Files\D-Link\Diagnostics Utility\8169Diag /hw
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
¤¤¤¤¤¤¤¤¤¤ Other System Keys ¤¤¤¤¤¤¤¤¤¤
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun = 323 (0x143)
NoLowDiskSpaceChecks = 1 (0x1)
NoRecentDocsHistory = 01000000
NoRecentDocsMenu = 01000000
NoNetConnectDisconnect = 1 (0x1)
NoDriveAutoRun = 67108863 (0x3ffffff)
NoDrives = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting = 1 (0x1)
NoDriveAutoRun = 67108863 (0x3ffffff)
NoDriveTypeAutoRun = 323 (0x143)
NoDrives = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS =
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
Shell = Explorer.exe
Userinit = C:\WINDOWS\system32\userinit.exe,
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} =
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Messenger\msmsgs.exe = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
%windir%\Network Diagnostic\xpnetdiag.exe = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\WINDOWS\system32\LEXPPS.EXE = C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE
C:\Program Files\ma-config.com\maconfservice.exe = C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
¤¤¤¤¤¤¤¤¤¤ ActivX | COM ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\DirectAnimation Java Classes]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\Microsoft XML Parser for Java]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{166B1BCA-3F9C-11CF-8075-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{19E28AFC-EAE3-4CE5-AC83-2407B42F57C9}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6414512B-B978-451D-A0D8-FCFDF33E833C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{80DD2229-B8E4-4C77-B72F-F22972D723EA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{867E13F2-7F31-44FB-AC97-CD38E0DC46EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{FFFDF6F2-F7BC-4B90-B789-CB7BBDA13AD6}]
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Microsoft Base Smart Card Crypto Provider Package]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{02f78298-8af6-495c-9ecb-b6ae68678186}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608555}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{166B1BCA-3F9C-11CF-8075-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2298d453-bcae-4519-bf33-1cbf3faf1524}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{233C1507-6A77-46A4-9443-F871F945D258}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A3320D6-C805-4280-B423-B665BDE33D8F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2eac6a2d-57a8-44d4-96f7-e32bab40ca5f}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2F6EFCE6-10DF-49F9-9E64-9AE3775B2588}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5c9ff2bf-938d-47fe-85d9-9dbab4f65018}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5f3c70b3-ac2f-432c-8f9c-1624df61f54f}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{839117ee-2132-4bae-a56a-42b50204c9b9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B508B3F1-A24A-32C0-B310-85786919EF28}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EF289A85-8E57-408d-BE47-73B55609861A}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{f5173cf0-1dfb-4978-8e50-a90169ee7ca9}]
¤¤¤¤¤¤¤¤¤¤ BHO ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ DNS ¤¤¤¤¤¤¤¤¤¤
Description: D-Link DGE-528T Gigabit Ethernet Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 10.0.0.138
Description: D-Link DGE-528T Gigabit Ethernet Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{54B07B37-1F58-4D46-98BB-1B8FDF6EF7DB}: NameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C194FEAC-BEE5-48C5-8021-9BE7E05B9C11}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DEF37794-ACB3-4710-9A2A-C69037FB3B0D}: NameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{54B07B37-1F58-4D46-98BB-1B8FDF6EF7DB}: NameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C194FEAC-BEE5-48C5-8021-9BE7E05B9C11}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DEF37794-ACB3-4710-9A2A-C69037FB3B0D}: NameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{54B07B37-1F58-4D46-98BB-1B8FDF6EF7DB}: NameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C194FEAC-BEE5-48C5-8021-9BE7E05B9C11}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DEF37794-ACB3-4710-9A2A-C69037FB3B0D}: NameServer=192.168.1.1
¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr
Local Page = %SystemRoot%\system32\blank.htm
Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_Page_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr
Local Page = C:\WINDOWS\system32\blank.htm
¤¤¤¤¤ Proxy Internet Explorer
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
ProxyHttp1.1 = 1 (0x1)
ProxyEnable = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤ Safemode ¤¤¤¤¤¤¤¤¤¤
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!
¤¤¤¤¤¤¤¤¤¤ Atapi.sys ¤¤¤¤¤¤¤¤¤¤
[MD5.cdfe4411a69c224bd1d11b2da92dac51] - C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[MD5.9f3a2f5aa6875c72bf062c712cfa2674] - C:\WINDOWS\ERDNT\cache\atapi.sys
[MD5.9f3a2f5aa6875c72bf062c712cfa2674] - C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[MD5.9f3a2f5aa6875c72bf062c712cfa2674] - C:\WINDOWS\system32\drivers\atapi.sys
[MD5.9f3a2f5aa6875c72bf062c712cfa2674] - C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
¤¤¤¤¤ Reference
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP1_32b : 95b858761a00e1d4f81f79a0da019aca
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 338c86357871c167a96ab976519bf59e
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
¤¤¤¤¤¤¤¤¤¤ Explorer ¤¤¤¤¤¤¤¤¤¤
[MD5.f2317622d29f9ff0f88aeecd5f60f0dd] - C:\WINDOWS\explorer.exe
[MD5.b795475444d6d57a572c14b9e1a29839] - C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[MD5.d0288319660edcfed07c7e74c4ea38a5] - C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[MD5.2a7bd330924252a2fd80344fc949bb72] - C:\WINDOWS\$NtServicePackUninstall$\explorer.exe.000
[MD5.2a7bd330924252a2fd80344fc949bb72] - C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[MD5.f2317622d29f9ff0f88aeecd5f60f0dd] - C:\WINDOWS\ERDNT\cache\explorer.exe
[MD5.f2317622d29f9ff0f88aeecd5f60f0dd] - C:\WINDOWS\ServicePackFiles\i386\explorer.exe
¤¤¤¤¤¤¤¤¤¤ Winlogon ¤¤¤¤¤¤¤¤¤¤
[MD5.123eea158f74d0f67a51dcdf065d1091] - C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[MD5.71820bc9ee6653c8748922459dfc384d] - C:\WINDOWS\$NtUninstallKB841533$\winlogon.exe
[MD5.dd73d6b9f6b4cb630cf35b438b540174] - C:\WINDOWS\ERDNT\cache\winlogon.exe
[MD5.d41d8cd98f00b204e9800998ecf8427e] - C:\WINDOWS\PCHEALTH\ErrorRep\UserDumps\winlogon.exe.20061114-100226-00.mdmp
[MD5.dd73d6b9f6b4cb630cf35b438b540174] - C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[MD5.dd73d6b9f6b4cb630cf35b438b540174] - C:\WINDOWS\system32\winlogon.exe
¤¤¤¤¤¤¤¤¤¤ Wininit ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Mountpoints2 ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ First Scan ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤
[HKEY_CURRENT_USER\software\ABBYY]
[HKEY_CURRENT_USER\software\Acronis]
[HKEY_CURRENT_USER\software\Ad-Remover]
[HKEY_CURRENT_USER\software\Adobe]
[HKEY_CURRENT_USER\software\ALWIL Software]
[HKEY_CURRENT_USER\software\AppDataLow]
[HKEY_CURRENT_USER\software\ASProtect]
[HKEY_CURRENT_USER\software\BBQuest]
[HKEY_CURRENT_USER\software\BrickShooter]
[HKEY_CURRENT_USER\software\Clients]
[HKEY_CURRENT_USER\software\CyberLink]
[HKEY_CURRENT_USER\software\Dolphin Dice XP 8.04 by Dragonfly Software]
[HKEY_CURRENT_USER\software\FRANCE TELECOM]
[HKEY_CURRENT_USER\software\FreshDevices]
[HKEY_CURRENT_USER\software\Google]
[HKEY_CURRENT_USER\software\HandyBits]
[HKEY_CURRENT_USER\software\IADirectShow]
[HKEY_CURRENT_USER\software\Intel]
[HKEY_CURRENT_USER\software\InterActual Technologies]
[HKEY_CURRENT_USER\software\Jetsoft]
[HKEY_CURRENT_USER\software\Lavalys]
[HKEY_CURRENT_USER\software\lazyware]
[HKEY_CURRENT_USER\software\Lobstersoft]
[HKEY_CURRENT_USER\software\Local AppWizard-Generated Applications]
[HKEY_CURRENT_USER\software\Logitech]
[HKEY_CURRENT_USER\software\Macromedia]
[HKEY_CURRENT_USER\software\Malwarebytes' Anti-Malware]
[HKEY_CURRENT_USER\software\MDO]
[HKEY_CURRENT_USER\software\Microsoft]
[HKEY_CURRENT_USER\software\Mindscape]
[HKEY_CURRENT_USER\software\MozillaPlugins]
[HKEY_CURRENT_USER\software\Nadeo]
[HKEY_CURRENT_USER\software\Netropa]
[HKEY_CURRENT_USER\software\Netscape]
[HKEY_CURRENT_USER\software\NVIDIA Corporation]
[HKEY_CURRENT_USER\software\ODBC]
[HKEY_CURRENT_USER\software\Olivier Lapicque]
[HKEY_CURRENT_USER\software\PCbit Software, Inc.]
[HKEY_CURRENT_USER\software\Pellenc Software]
[HKEY_CURRENT_USER\software\PIXELA]
[HKEY_CURRENT_USER\software\Policies]
[HKEY_CURRENT_USER\software\Recreasoft]
[HKEY_CURRENT_USER\software\SecuROM]
[HKEY_CURRENT_USER\software\Sensaura]
[HKEY_CURRENT_USER\software\SoftAK]
[HKEY_CURRENT_USER\software\Softonic]
[HKEY_CURRENT_USER\software\Symantec]
[HKEY_CURRENT_USER\software\Sysinternals]
[HKEY_CURRENT_USER\software\Teknum Systems]
[HKEY_CURRENT_USER\software\Wget]
[HKEY_CURRENT_USER\software\WinRAR]
[HKEY_CURRENT_USER\software\WinRAR SFX]
[HKEY_CURRENT_USER\software\Yahoo]
[HKEY_CURRENT_USER\software\Classes]
[HKEY_LOCAL_MACHINE\software\8169Diag]
[HKEY_LOCAL_MACHINE\software\ABBYY]
[HKEY_LOCAL_MACHINE\software\Acronis]
[HKEY_LOCAL_MACHINE\software\Adobe]
[HKEY_LOCAL_MACHINE\software\Altwood Systems Ltd]
[HKEY_LOCAL_MACHINE\software\ALWIL Software]
[HKEY_LOCAL_MACHINE\software\Apple Computer, Inc.]
[HKEY_LOCAL_MACHINE\software\Apps TMD]
[HKEY_LOCAL_MACHINE\software\Audioneer]
[HKEY_LOCAL_MACHINE\software\Avery]
[HKEY_LOCAL_MACHINE\software\AxySoft]
[HKEY_LOCAL_MACHINE\software\BackWeb]
[HKEY_LOCAL_MACHINE\software\Big Fish Games]
[HKEY_LOCAL_MACHINE\software\C07ft5Y]
[HKEY_LOCAL_MACHINE\software\Classes]
[HKEY_LOCAL_MACHINE\software\Clients]
[HKEY_LOCAL_MACHINE\software\COKTEL]
[HKEY_LOCAL_MACHINE\software\Creative]
[HKEY_LOCAL_MACHINE\software\CyberLink]
[HKEY_LOCAL_MACHINE\software\D-Link]
[HKEY_LOCAL_MACHINE\software\Disney Interactive]
[HKEY_LOCAL_MACHINE\software\Empire Interactive]
[HKEY_LOCAL_MACHINE\software\Enigma]
[HKEY_LOCAL_MACHINE\software\FRANCE TELECOM]
[HKEY_LOCAL_MACHINE\software\FreshDevices]
[HKEY_LOCAL_MACHINE\software\Gemplus]
[HKEY_LOCAL_MACHINE\software\Gentee]
[HKEY_LOCAL_MACHINE\software\GMixon]
[HKEY_LOCAL_MACHINE\software\Google]
[HKEY_LOCAL_MACHINE\software\HandyBits]
[HKEY_LOCAL_MACHINE\software\Hexacto]
[HKEY_LOCAL_MACHINE\software\InstallShield]
[HKEY_LOCAL_MACHINE\software\Intel]
[HKEY_LOCAL_MACHINE\software\InterActual Technologies]
[HKEY_LOCAL_MACHINE\software\Lexis Products]
[HKEY_LOCAL_MACHINE\software\Lexmark]
[HKEY_LOCAL_MACHINE\software\Licenses]
[HKEY_LOCAL_MACHINE\software\Logitech]
[HKEY_LOCAL_MACHINE\software\Macromedia]
[HKEY_LOCAL_MACHINE\software\Magnetic Fields]
[HKEY_LOCAL_MACHINE\software\Malwarebytes' Anti-Malware]
[HKEY_LOCAL_MACHINE\software\Microsoft]
[HKEY_LOCAL_MACHINE\software\Mindscape]
[HKEY_LOCAL_MACHINE\software\Mozilla]
[HKEY_LOCAL_MACHINE\software\mozilla.org]
[HKEY_LOCAL_MACHINE\software\MozillaPlugins]
[HKEY_LOCAL_MACHINE\software\NADEO]
[HKEY_LOCAL_MACHINE\software\NEC]
[HKEY_LOCAL_MACHINE\software\NEC Computers International]
[HKEY_LOCAL_MACHINE\software\Netropa]
[HKEY_LOCAL_MACHINE\software\NVIDIA Corporation]
[HKEY_LOCAL_MACHINE\software\ODBC]
[HKEY_LOCAL_MACHINE\software\Packard Bell]
[HKEY_LOCAL_MACHINE\software\Panda Software]
[HKEY_LOCAL_MACHINE\software\PepiMK Software]
[HKEY_LOCAL_MACHINE\software\PIXELA]
[HKEY_LOCAL_MACHINE\software\Policies]
[HKEY_LOCAL_MACHINE\software\Program Groups]
[HKEY_LOCAL_MACHINE\software\Rage]
[HKEY_LOCAL_MACHINE\software\Rage Software]
[HKEY_LOCAL_MACHINE\software\Realtek]
[HKEY_LOCAL_MACHINE\software\Realtek Semiconductor Corp.]
[HKEY_LOCAL_MACHINE\software\RegisteredApplications]
[HKEY_LOCAL_MACHINE\software\RTLSetup]
[HKEY_LOCAL_MACHINE\software\Safer Networking Limited]
[HKEY_LOCAL_MACHINE\software\SBInfo]
[HKEY_LOCAL_MACHINE\software\Schlumberger]
[HKEY_LOCAL_MACHINE\software\SDLL]
[HKEY_LOCAL_MACHINE\software\Secure]
[HKEY_LOCAL_MACHINE\software\SigmaTel]
[HKEY_LOCAL_MACHINE\software\Silicon Integrated Systems Corp.]
[HKEY_LOCAL_MACHINE\software\Silicon Integrated Systems Corporation]
[HKEY_LOCAL_MACHINE\software\SmartLink]
[HKEY_LOCAL_MACHINE\software\Sony Corporation]
[HKEY_LOCAL_MACHINE\software\SONY PVC]
[HKEY_LOCAL_MACHINE\software\SumatraPDF]
[HKEY_LOCAL_MACHINE\software\Swearware]
[HKEY_LOCAL_MACHINE\software\Symantec]
[HKEY_LOCAL_MACHINE\software\Teknum Systems]
[HKEY_LOCAL_MACHINE\software\The Learning Company]
[HKEY_LOCAL_MACHINE\software\The Silicon Realms Toolworks]
[HKEY_LOCAL_MACHINE\software\TLC-Edusoft]
[HKEY_LOCAL_MACHINE\software\TravellersTalesToyStory2]
[HKEY_LOCAL_MACHINE\software\Ubi Soft]
[HKEY_LOCAL_MACHINE\software\Uniblue]
[HKEY_LOCAL_MACHINE\software\VERITAS]
[HKEY_LOCAL_MACHINE\software\Windows 3.1 Migration Status]
[HKEY_LOCAL_MACHINE\software\WinRAR]
[HKEY_LOCAL_MACHINE\software\Wise Solutions]
[HKEY_LOCAL_MACHINE\software\WORD]
[HKEY_LOCAL_MACHINE\software\Yahoo]
[HKEY_LOCAL_MACHINE\software\ZAG]
¤¤¤¤¤¤¤¤¤¤ Files/folders ¤¤¤¤¤¤¤¤¤¤
Present !! : \AUTOEXEC.BAT
Present !! : \qr.dat
Present !! : \AUDIO3D.DLL
Present !! : \CMIDS3D.DLL
Present !! : \CMIRMDRV.DLL
Present !! : \CMUDA.DLL
Present !! : \NetAgent.dll
Present !! : \UDAPROP.DLL
Present !! : \CMIRMDRV.EXE
Present !! : \dumppo.exe
Present !! : \SmWizard.exe
Present !! : \CM5451.INF
Present !! : \CM5455.INF
Present !! : \CMICHX.INF
Present !! : \CMNVDA.INF
Present !! : \CMSIS.INF
Present !! : \CMUDA.INF
Present !! : \CMVIA.INF
Present !! : C:\Documents and Settings\All Users\NTUSER.DAT
Present !! : C:\Documents and Settings\All Users\NTUSER.DAT
Present !! : C:\Documents and Settings\All Users\NTUSER.DAT
Present !! : C:\Documents and Settings\All Users\NTUSER.DAT
Present !! : C:\WINDOWS\001154_.tmp
Present !! : C:\WINDOWS\002438_.tmp
Present !! : C:\WINDOWS\003707_.tmp
Present !! : C:\WINDOWS\005871_.tmp
Present !! : C:\WINDOWS\SETC0.tmp
Present !! : C:\WINDOWS\SETCF.tmp
Present !! : C:\WINDOWS\aucfg.ini
Present !! : C:\WINDOWS\inf\nt5java.inf
Present !! : C:\WINDOWS\System32\drivers\Sonyhcp.dll
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {0E5CBF21-D15F-11D0-8301-00AA005B4383}
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
Present !! : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
Present !! : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}
FEATURE_BROWSER_EMULATION | svchost :
====================================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-11 13:35:35
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
IPC error: 2 Le fichier spécifié est introuvable.
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys siside.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
AntiVirusDisableNotify = 0 (0x0)
FirewallDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
AntiVirusOverride = 0 (0x0)
FirewallOverride = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 13:36:52,42
Le rapport:
¤¤¤¤¤¤¤¤¤¤ List'em by g3n-h@ckm@n 2.1.2.0 ¤¤¤¤¤¤¤¤¤¤
User : alain (Administrateurs)
Update on 10/11/2010 by g3n-h@ckm@n ::::: 21.00
Start at: 12:38:32 | 11/11/2010
Intel(R) Celeron(R) CPU 1.70GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.11
Windows Firewall Status : Disabled
AV : avast! Antivirus 5.0.83886757 [ (!) Disabled | Updated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 36,2 Go (11,23 Go free) [HDD] | NTFS
F:\ -> Disque fixe local | 1,95 Go (474,26 Mo free) [RESTDONE] | FAT32
¤¤¤¤¤ Sessions ¤¤¤¤¤
C:\Documents and settings\alain
Boot: Normal
¤¤¤¤¤¤ Processes ------- Memory(Ko) ------- Priority ------ Command ------- Signer
C:\WINDOWS\System32\smss.exe ---- 400 Ko ---- Normal ---- \SystemRoot\System32\smss.exe ----
C:\WINDOWS\system32\csrss.exe ---- 3920 Ko ---- Normal ---- C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ----
C:\WINDOWS\system32\winlogon.exe ---- 5084 Ko ---- High ---- winlogon.exe ----
C:\WINDOWS\system32\services.exe ---- 3532 Ko ---- Normal ---- C:\WINDOWS\system32\services.exe ----
C:\WINDOWS\system32\lsass.exe ---- 2468 Ko ---- Normal ---- C:\WINDOWS\system32\lsass.exe ----
C:\WINDOWS\system32\svchost.exe ---- 4924 Ko ---- Normal ---- C:\WINDOWS\system32\svchost -k DcomLaunch ----
C:\WINDOWS\system32\svchost.exe ---- 4312 Ko ---- Normal ---- C:\WINDOWS\system32\svchost -k rpcss ----
C:\WINDOWS\System32\svchost.exe ---- 21560 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k netsvcs ----
C:\WINDOWS\System32\svchost.exe ---- 3668 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k NetworkService ----
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe ---- 30044 Ko ---- Normal ---- "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" ---- ALWIL Software
C:\WINDOWS\Explorer.EXE ---- 29516 Ko ---- Normal ---- C:\WINDOWS\Explorer.EXE ----
C:\Apps\ActivBoard\MMKeybd.exe ---- 3784 Ko ---- Normal ---- "C:\Apps\ActivBoard\MMKeybd.exe" ----
C:\WINDOWS\system32\LEXBCES.EXE ---- 3412 Ko ---- Normal ---- C:\WINDOWS\system32\LEXBCES.EXE ----
C:\Program Files\Real\RealPlayer\RealPlay.exe ---- 8060 Ko ---- Normal ---- "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER ----
C:\WINDOWS\system32\LEXPPS.EXE ---- 3392 Ko ---- Normal ---- LEXPPS.EXE ----
C:\WINDOWS\system32\spoolsv.exe ---- 5692 Ko ---- Normal ---- C:\WINDOWS\system32\spoolsv.exe ----
C:\Program Files\QuickTime\qttask.exe ---- 2500 Ko ---- Normal ---- "C:\Program Files\QuickTime\qttask.exe" -atboottime ----
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe ---- 2572 Ko ---- Normal ---- "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" ----
C:\Program Files\Alwil Software\Avast5\avastUI.exe ---- 5468 Ko ---- Normal ---- "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui ---- ALWIL Software
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe ---- 2348 Ko ---- Normal ---- "C:\Program Files\Lexmark 1200 Series\lxczbmon.exe" ----
C:\Program Files\D-Link\Diagnostics Utility\8169Diag.exe ---- 4968 Ko ---- Normal ---- "C:\Program Files\D-Link\Diagnostics Utility\8169Diag.exe" /hw ----
C:\WINDOWS\system32\RUNDLL32.EXE ---- 3692 Ko ---- Normal ---- "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit ----
C:\WINDOWS\system32\ctfmon.exe ---- 3784 Ko ---- Normal ---- "C:\WINDOWS\system32\ctfmon.exe" ----
C:\Apps\ActivBoard\TrayMon.exe ---- 2616 Ko ---- Normal ---- C:\Apps\ActivBoard\TrayMon.exe ----
C:\Apps\ActivBoard\OSD.exe ---- 2764 Ko ---- Normal ---- C:\Apps\ActivBoard\OSD.exe ----
C:\Apps\ActivBoard\nhksrv.exe ---- 1176 Ko ---- Normal ---- C:\Apps\ActivBoard\nhksrv.exe ----
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe ---- 2944 Ko ---- Normal ---- "C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe" ----
C:\WINDOWS\system32\nvsvc32.exe ---- 4392 Ko ---- Normal ---- C:\WINDOWS\system32\nvsvc32.exe ----
C:\WINDOWS\system32\slserv.exe ---- 1004 Ko ---- Normal ---- slserv.exe ----
C:\WINDOWS\System32\svchost.exe ---- 4348 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k imgsvc ----
C:\WINDOWS\System32\alg.exe ---- 3652 Ko ---- Normal ---- C:\WINDOWS\System32\alg.exe ----
C:\Program Files\internet explorer\iexplore.exe ---- 66424 Ko ---- Normal ---- "C:\Program Files\internet explorer\iexplore.exe" ---- Microsoft Corporation
C:\WINDOWS\system32\wscntfy.exe ---- 2392 Ko ---- Normal ---- C:\WINDOWS\system32\wscntfy.exe ----
C:\WINDOWS\system32\cmd.exe ---- 2844 Ko ---- Normal ---- C:\WINDOWS\system32\cmd.exe /K List'em.bat ----
C:\WINDOWS\system32\wbem\wmiprvse.exe ---- 6884 Ko ---- Normal ---- C:\WINDOWS\system32\wbem\wmiprvse.exe ----
C:\Program Files\List_Kill'em\pv.exe ---- 3764 Ko ---- Normal ---- pv -o"%f ---- %m Ko ---- %p ---- %l ---- %s" ----
¤¤¤¤¤¤¤¤¤¤ Keys "Run" ¤¤¤¤¤¤¤¤¤¤
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
WMPNSCFG = C:\Program Files\Windows Media Player\WMPNSCFG.exe
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
EM_EXEC = C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
ACTIVBOARD = C:\Apps\ActivBoard\MMKeybd.exe
RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
Lexmark 1200 Series = "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
avast5 = "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
8169Diag = C:\Program Files\D-Link\Diagnostics Utility\8169Diag /hw
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
¤¤¤¤¤¤¤¤¤¤ Other System Keys ¤¤¤¤¤¤¤¤¤¤
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun = 323 (0x143)
NoLowDiskSpaceChecks = 1 (0x1)
NoRecentDocsHistory = 01000000
NoRecentDocsMenu = 01000000
NoNetConnectDisconnect = 1 (0x1)
NoDriveAutoRun = 67108863 (0x3ffffff)
NoDrives = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting = 1 (0x1)
NoDriveAutoRun = 67108863 (0x3ffffff)
NoDriveTypeAutoRun = 323 (0x143)
NoDrives = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS =
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
Shell = Explorer.exe
Userinit = C:\WINDOWS\system32\userinit.exe,
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} =
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Messenger\msmsgs.exe = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
%windir%\Network Diagnostic\xpnetdiag.exe = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\WINDOWS\system32\LEXPPS.EXE = C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE
C:\Program Files\ma-config.com\maconfservice.exe = C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
¤¤¤¤¤¤¤¤¤¤ ActivX | COM ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\DirectAnimation Java Classes]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\Microsoft XML Parser for Java]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{166B1BCA-3F9C-11CF-8075-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{19E28AFC-EAE3-4CE5-AC83-2407B42F57C9}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6414512B-B978-451D-A0D8-FCFDF33E833C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{80DD2229-B8E4-4C77-B72F-F22972D723EA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{867E13F2-7F31-44FB-AC97-CD38E0DC46EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{FFFDF6F2-F7BC-4B90-B789-CB7BBDA13AD6}]
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Microsoft Base Smart Card Crypto Provider Package]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{02f78298-8af6-495c-9ecb-b6ae68678186}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608555}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{166B1BCA-3F9C-11CF-8075-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2298d453-bcae-4519-bf33-1cbf3faf1524}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{233C1507-6A77-46A4-9443-F871F945D258}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A3320D6-C805-4280-B423-B665BDE33D8F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2eac6a2d-57a8-44d4-96f7-e32bab40ca5f}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2F6EFCE6-10DF-49F9-9E64-9AE3775B2588}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5c9ff2bf-938d-47fe-85d9-9dbab4f65018}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5f3c70b3-ac2f-432c-8f9c-1624df61f54f}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{839117ee-2132-4bae-a56a-42b50204c9b9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B508B3F1-A24A-32C0-B310-85786919EF28}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EF289A85-8E57-408d-BE47-73B55609861A}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{f5173cf0-1dfb-4978-8e50-a90169ee7ca9}]
¤¤¤¤¤¤¤¤¤¤ BHO ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ DNS ¤¤¤¤¤¤¤¤¤¤
Description: D-Link DGE-528T Gigabit Ethernet Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 10.0.0.138
Description: D-Link DGE-528T Gigabit Ethernet Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{54B07B37-1F58-4D46-98BB-1B8FDF6EF7DB}: NameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C194FEAC-BEE5-48C5-8021-9BE7E05B9C11}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DEF37794-ACB3-4710-9A2A-C69037FB3B0D}: NameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{54B07B37-1F58-4D46-98BB-1B8FDF6EF7DB}: NameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C194FEAC-BEE5-48C5-8021-9BE7E05B9C11}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DEF37794-ACB3-4710-9A2A-C69037FB3B0D}: NameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{54B07B37-1F58-4D46-98BB-1B8FDF6EF7DB}: NameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C194FEAC-BEE5-48C5-8021-9BE7E05B9C11}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DEF37794-ACB3-4710-9A2A-C69037FB3B0D}: NameServer=192.168.1.1
¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr
Local Page = %SystemRoot%\system32\blank.htm
Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_Page_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr
Local Page = C:\WINDOWS\system32\blank.htm
¤¤¤¤¤ Proxy Internet Explorer
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
ProxyHttp1.1 = 1 (0x1)
ProxyEnable = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤ Safemode ¤¤¤¤¤¤¤¤¤¤
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!
¤¤¤¤¤¤¤¤¤¤ Atapi.sys ¤¤¤¤¤¤¤¤¤¤
[MD5.cdfe4411a69c224bd1d11b2da92dac51] - C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[MD5.9f3a2f5aa6875c72bf062c712cfa2674] - C:\WINDOWS\ERDNT\cache\atapi.sys
[MD5.9f3a2f5aa6875c72bf062c712cfa2674] - C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[MD5.9f3a2f5aa6875c72bf062c712cfa2674] - C:\WINDOWS\system32\drivers\atapi.sys
[MD5.9f3a2f5aa6875c72bf062c712cfa2674] - C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
¤¤¤¤¤ Reference
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP1_32b : 95b858761a00e1d4f81f79a0da019aca
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 338c86357871c167a96ab976519bf59e
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
¤¤¤¤¤¤¤¤¤¤ Explorer ¤¤¤¤¤¤¤¤¤¤
[MD5.f2317622d29f9ff0f88aeecd5f60f0dd] - C:\WINDOWS\explorer.exe
[MD5.b795475444d6d57a572c14b9e1a29839] - C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[MD5.d0288319660edcfed07c7e74c4ea38a5] - C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[MD5.2a7bd330924252a2fd80344fc949bb72] - C:\WINDOWS\$NtServicePackUninstall$\explorer.exe.000
[MD5.2a7bd330924252a2fd80344fc949bb72] - C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[MD5.f2317622d29f9ff0f88aeecd5f60f0dd] - C:\WINDOWS\ERDNT\cache\explorer.exe
[MD5.f2317622d29f9ff0f88aeecd5f60f0dd] - C:\WINDOWS\ServicePackFiles\i386\explorer.exe
¤¤¤¤¤¤¤¤¤¤ Winlogon ¤¤¤¤¤¤¤¤¤¤
[MD5.123eea158f74d0f67a51dcdf065d1091] - C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[MD5.71820bc9ee6653c8748922459dfc384d] - C:\WINDOWS\$NtUninstallKB841533$\winlogon.exe
[MD5.dd73d6b9f6b4cb630cf35b438b540174] - C:\WINDOWS\ERDNT\cache\winlogon.exe
[MD5.d41d8cd98f00b204e9800998ecf8427e] - C:\WINDOWS\PCHEALTH\ErrorRep\UserDumps\winlogon.exe.20061114-100226-00.mdmp
[MD5.dd73d6b9f6b4cb630cf35b438b540174] - C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[MD5.dd73d6b9f6b4cb630cf35b438b540174] - C:\WINDOWS\system32\winlogon.exe
¤¤¤¤¤¤¤¤¤¤ Wininit ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Mountpoints2 ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ First Scan ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤
[HKEY_CURRENT_USER\software\ABBYY]
[HKEY_CURRENT_USER\software\Acronis]
[HKEY_CURRENT_USER\software\Ad-Remover]
[HKEY_CURRENT_USER\software\Adobe]
[HKEY_CURRENT_USER\software\ALWIL Software]
[HKEY_CURRENT_USER\software\AppDataLow]
[HKEY_CURRENT_USER\software\ASProtect]
[HKEY_CURRENT_USER\software\BBQuest]
[HKEY_CURRENT_USER\software\BrickShooter]
[HKEY_CURRENT_USER\software\Clients]
[HKEY_CURRENT_USER\software\CyberLink]
[HKEY_CURRENT_USER\software\Dolphin Dice XP 8.04 by Dragonfly Software]
[HKEY_CURRENT_USER\software\FRANCE TELECOM]
[HKEY_CURRENT_USER\software\FreshDevices]
[HKEY_CURRENT_USER\software\Google]
[HKEY_CURRENT_USER\software\HandyBits]
[HKEY_CURRENT_USER\software\IADirectShow]
[HKEY_CURRENT_USER\software\Intel]
[HKEY_CURRENT_USER\software\InterActual Technologies]
[HKEY_CURRENT_USER\software\Jetsoft]
[HKEY_CURRENT_USER\software\Lavalys]
[HKEY_CURRENT_USER\software\lazyware]
[HKEY_CURRENT_USER\software\Lobstersoft]
[HKEY_CURRENT_USER\software\Local AppWizard-Generated Applications]
[HKEY_CURRENT_USER\software\Logitech]
[HKEY_CURRENT_USER\software\Macromedia]
[HKEY_CURRENT_USER\software\Malwarebytes' Anti-Malware]
[HKEY_CURRENT_USER\software\MDO]
[HKEY_CURRENT_USER\software\Microsoft]
[HKEY_CURRENT_USER\software\Mindscape]
[HKEY_CURRENT_USER\software\MozillaPlugins]
[HKEY_CURRENT_USER\software\Nadeo]
[HKEY_CURRENT_USER\software\Netropa]
[HKEY_CURRENT_USER\software\Netscape]
[HKEY_CURRENT_USER\software\NVIDIA Corporation]
[HKEY_CURRENT_USER\software\ODBC]
[HKEY_CURRENT_USER\software\Olivier Lapicque]
[HKEY_CURRENT_USER\software\PCbit Software, Inc.]
[HKEY_CURRENT_USER\software\Pellenc Software]
[HKEY_CURRENT_USER\software\PIXELA]
[HKEY_CURRENT_USER\software\Policies]
[HKEY_CURRENT_USER\software\Recreasoft]
[HKEY_CURRENT_USER\software\SecuROM]
[HKEY_CURRENT_USER\software\Sensaura]
[HKEY_CURRENT_USER\software\SoftAK]
[HKEY_CURRENT_USER\software\Softonic]
[HKEY_CURRENT_USER\software\Symantec]
[HKEY_CURRENT_USER\software\Sysinternals]
[HKEY_CURRENT_USER\software\Teknum Systems]
[HKEY_CURRENT_USER\software\Wget]
[HKEY_CURRENT_USER\software\WinRAR]
[HKEY_CURRENT_USER\software\WinRAR SFX]
[HKEY_CURRENT_USER\software\Yahoo]
[HKEY_CURRENT_USER\software\Classes]
[HKEY_LOCAL_MACHINE\software\8169Diag]
[HKEY_LOCAL_MACHINE\software\ABBYY]
[HKEY_LOCAL_MACHINE\software\Acronis]
[HKEY_LOCAL_MACHINE\software\Adobe]
[HKEY_LOCAL_MACHINE\software\Altwood Systems Ltd]
[HKEY_LOCAL_MACHINE\software\ALWIL Software]
[HKEY_LOCAL_MACHINE\software\Apple Computer, Inc.]
[HKEY_LOCAL_MACHINE\software\Apps TMD]
[HKEY_LOCAL_MACHINE\software\Audioneer]
[HKEY_LOCAL_MACHINE\software\Avery]
[HKEY_LOCAL_MACHINE\software\AxySoft]
[HKEY_LOCAL_MACHINE\software\BackWeb]
[HKEY_LOCAL_MACHINE\software\Big Fish Games]
[HKEY_LOCAL_MACHINE\software\C07ft5Y]
[HKEY_LOCAL_MACHINE\software\Classes]
[HKEY_LOCAL_MACHINE\software\Clients]
[HKEY_LOCAL_MACHINE\software\COKTEL]
[HKEY_LOCAL_MACHINE\software\Creative]
[HKEY_LOCAL_MACHINE\software\CyberLink]
[HKEY_LOCAL_MACHINE\software\D-Link]
[HKEY_LOCAL_MACHINE\software\Disney Interactive]
[HKEY_LOCAL_MACHINE\software\Empire Interactive]
[HKEY_LOCAL_MACHINE\software\Enigma]
[HKEY_LOCAL_MACHINE\software\FRANCE TELECOM]
[HKEY_LOCAL_MACHINE\software\FreshDevices]
[HKEY_LOCAL_MACHINE\software\Gemplus]
[HKEY_LOCAL_MACHINE\software\Gentee]
[HKEY_LOCAL_MACHINE\software\GMixon]
[HKEY_LOCAL_MACHINE\software\Google]
[HKEY_LOCAL_MACHINE\software\HandyBits]
[HKEY_LOCAL_MACHINE\software\Hexacto]
[HKEY_LOCAL_MACHINE\software\InstallShield]
[HKEY_LOCAL_MACHINE\software\Intel]
[HKEY_LOCAL_MACHINE\software\InterActual Technologies]
[HKEY_LOCAL_MACHINE\software\Lexis Products]
[HKEY_LOCAL_MACHINE\software\Lexmark]
[HKEY_LOCAL_MACHINE\software\Licenses]
[HKEY_LOCAL_MACHINE\software\Logitech]
[HKEY_LOCAL_MACHINE\software\Macromedia]
[HKEY_LOCAL_MACHINE\software\Magnetic Fields]
[HKEY_LOCAL_MACHINE\software\Malwarebytes' Anti-Malware]
[HKEY_LOCAL_MACHINE\software\Microsoft]
[HKEY_LOCAL_MACHINE\software\Mindscape]
[HKEY_LOCAL_MACHINE\software\Mozilla]
[HKEY_LOCAL_MACHINE\software\mozilla.org]
[HKEY_LOCAL_MACHINE\software\MozillaPlugins]
[HKEY_LOCAL_MACHINE\software\NADEO]
[HKEY_LOCAL_MACHINE\software\NEC]
[HKEY_LOCAL_MACHINE\software\NEC Computers International]
[HKEY_LOCAL_MACHINE\software\Netropa]
[HKEY_LOCAL_MACHINE\software\NVIDIA Corporation]
[HKEY_LOCAL_MACHINE\software\ODBC]
[HKEY_LOCAL_MACHINE\software\Packard Bell]
[HKEY_LOCAL_MACHINE\software\Panda Software]
[HKEY_LOCAL_MACHINE\software\PepiMK Software]
[HKEY_LOCAL_MACHINE\software\PIXELA]
[HKEY_LOCAL_MACHINE\software\Policies]
[HKEY_LOCAL_MACHINE\software\Program Groups]
[HKEY_LOCAL_MACHINE\software\Rage]
[HKEY_LOCAL_MACHINE\software\Rage Software]
[HKEY_LOCAL_MACHINE\software\Realtek]
[HKEY_LOCAL_MACHINE\software\Realtek Semiconductor Corp.]
[HKEY_LOCAL_MACHINE\software\RegisteredApplications]
[HKEY_LOCAL_MACHINE\software\RTLSetup]
[HKEY_LOCAL_MACHINE\software\Safer Networking Limited]
[HKEY_LOCAL_MACHINE\software\SBInfo]
[HKEY_LOCAL_MACHINE\software\Schlumberger]
[HKEY_LOCAL_MACHINE\software\SDLL]
[HKEY_LOCAL_MACHINE\software\Secure]
[HKEY_LOCAL_MACHINE\software\SigmaTel]
[HKEY_LOCAL_MACHINE\software\Silicon Integrated Systems Corp.]
[HKEY_LOCAL_MACHINE\software\Silicon Integrated Systems Corporation]
[HKEY_LOCAL_MACHINE\software\SmartLink]
[HKEY_LOCAL_MACHINE\software\Sony Corporation]
[HKEY_LOCAL_MACHINE\software\SONY PVC]
[HKEY_LOCAL_MACHINE\software\SumatraPDF]
[HKEY_LOCAL_MACHINE\software\Swearware]
[HKEY_LOCAL_MACHINE\software\Symantec]
[HKEY_LOCAL_MACHINE\software\Teknum Systems]
[HKEY_LOCAL_MACHINE\software\The Learning Company]
[HKEY_LOCAL_MACHINE\software\The Silicon Realms Toolworks]
[HKEY_LOCAL_MACHINE\software\TLC-Edusoft]
[HKEY_LOCAL_MACHINE\software\TravellersTalesToyStory2]
[HKEY_LOCAL_MACHINE\software\Ubi Soft]
[HKEY_LOCAL_MACHINE\software\Uniblue]
[HKEY_LOCAL_MACHINE\software\VERITAS]
[HKEY_LOCAL_MACHINE\software\Windows 3.1 Migration Status]
[HKEY_LOCAL_MACHINE\software\WinRAR]
[HKEY_LOCAL_MACHINE\software\Wise Solutions]
[HKEY_LOCAL_MACHINE\software\WORD]
[HKEY_LOCAL_MACHINE\software\Yahoo]
[HKEY_LOCAL_MACHINE\software\ZAG]
¤¤¤¤¤¤¤¤¤¤ Files/folders ¤¤¤¤¤¤¤¤¤¤
Present !! : \AUTOEXEC.BAT
Present !! : \qr.dat
Present !! : \AUDIO3D.DLL
Present !! : \CMIDS3D.DLL
Present !! : \CMIRMDRV.DLL
Present !! : \CMUDA.DLL
Present !! : \NetAgent.dll
Present !! : \UDAPROP.DLL
Present !! : \CMIRMDRV.EXE
Present !! : \dumppo.exe
Present !! : \SmWizard.exe
Present !! : \CM5451.INF
Present !! : \CM5455.INF
Present !! : \CMICHX.INF
Present !! : \CMNVDA.INF
Present !! : \CMSIS.INF
Present !! : \CMUDA.INF
Present !! : \CMVIA.INF
Present !! : C:\Documents and Settings\All Users\NTUSER.DAT
Present !! : C:\Documents and Settings\All Users\NTUSER.DAT
Present !! : C:\Documents and Settings\All Users\NTUSER.DAT
Present !! : C:\Documents and Settings\All Users\NTUSER.DAT
Present !! : C:\WINDOWS\001154_.tmp
Present !! : C:\WINDOWS\002438_.tmp
Present !! : C:\WINDOWS\003707_.tmp
Present !! : C:\WINDOWS\005871_.tmp
Present !! : C:\WINDOWS\SETC0.tmp
Present !! : C:\WINDOWS\SETCF.tmp
Present !! : C:\WINDOWS\aucfg.ini
Present !! : C:\WINDOWS\inf\nt5java.inf
Present !! : C:\WINDOWS\System32\drivers\Sonyhcp.dll
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {0E5CBF21-D15F-11D0-8301-00AA005B4383}
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
Present !! : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
Present !! : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}
FEATURE_BROWSER_EMULATION | svchost :
====================================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-11 13:35:35
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
IPC error: 2 Le fichier spécifié est introuvable.
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys siside.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
AntiVirusDisableNotify = 0 (0x0)
FirewallDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
AntiVirusOverride = 0 (0x0)
FirewallOverride = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 13:36:52,42
benurrr
Messages postés
9643
Date d'inscription
samedi 24 mai 2008
Statut
Contributeur sécurité
Dernière intervention
11 janvier 2012
107
11 nov. 2010 à 14:38
11 nov. 2010 à 14:38
Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :
choisis l'option CLEAN
laisse travailler l'outil.
en fin de scan la fenêtre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau
mais cette fois-ci :
choisis l'option CLEAN
laisse travailler l'outil.
en fin de scan la fenêtre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau
re,
Le voici :
¤¤¤¤¤¤¤¤¤¤ List'em by g3n-h@ckm@n 2.1.2.0 ¤¤¤¤¤¤¤¤¤¤
User : alain (Administrateurs)
Update on 10/11/2010 by g3n-h@ckm@n ::::: 21.00
Start at: 12:38:32 | 11/11/2010
Intel(R) Celeron(R) CPU 1.70GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.11
Windows Firewall Status : Disabled
AV : avast! Antivirus 5.0.83886757 [ (!) Disabled | Updated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 36,2 Go (11,23 Go free) [HDD] | NTFS
F:\ -> Disque fixe local | 1,95 Go (474,26 Mo free) [RESTDONE] | FAT32
¤¤¤¤¤ Sessions ¤¤¤¤¤
C:\Documents and settings\alain
Boot: Normal
¤¤¤¤¤¤ Processes ------- Memory(Ko) ------- Priority ------ Command ------- Signer
C:\WINDOWS\System32\smss.exe ---- 400 Ko ---- Normal ---- \SystemRoot\System32\smss.exe ----
C:\WINDOWS\system32\csrss.exe ---- 3920 Ko ---- Normal ---- C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ----
C:\WINDOWS\system32\winlogon.exe ---- 5084 Ko ---- High ---- winlogon.exe ----
C:\WINDOWS\system32\services.exe ---- 3532 Ko ---- Normal ---- C:\WINDOWS\system32\services.exe ----
C:\WINDOWS\system32\lsass.exe ---- 2468 Ko ---- Normal ---- C:\WINDOWS\system32\lsass.exe ----
C:\WINDOWS\system32\svchost.exe ---- 4924 Ko ---- Normal ---- C:\WINDOWS\system32\svchost -k DcomLaunch ----
C:\WINDOWS\system32\svchost.exe ---- 4312 Ko ---- Normal ---- C:\WINDOWS\system32\svchost -k rpcss ----
C:\WINDOWS\System32\svchost.exe ---- 21560 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k netsvcs ----
C:\WINDOWS\System32\svchost.exe ---- 3668 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k NetworkService ----
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe ---- 30044 Ko ---- Normal ---- "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" ---- ALWIL Software
C:\WINDOWS\Explorer.EXE ---- 29516 Ko ---- Normal ---- C:\WINDOWS\Explorer.EXE ----
C:\Apps\ActivBoard\MMKeybd.exe ---- 3784 Ko ---- Normal ---- "C:\Apps\ActivBoard\MMKeybd.exe" ----
C:\WINDOWS\system32\LEXBCES.EXE ---- 3412 Ko ---- Normal ---- C:\WINDOWS\system32\LEXBCES.EXE ----
C:\Program Files\Real\RealPlayer\RealPlay.exe ---- 8060 Ko ---- Normal ---- "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER ----
C:\WINDOWS\system32\LEXPPS.EXE ---- 3392 Ko ---- Normal ---- LEXPPS.EXE ----
C:\WINDOWS\system32\spoolsv.exe ---- 5692 Ko ---- Normal ---- C:\WINDOWS\system32\spoolsv.exe ----
C:\Program Files\QuickTime\qttask.exe ---- 2500 Ko ---- Normal ---- "C:\Program Files\QuickTime\qttask.exe" -atboottime ----
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe ---- 2572 Ko ---- Normal ---- "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" ----
C:\Program Files\Alwil Software\Avast5\avastUI.exe ---- 5468 Ko ---- Normal ---- "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui ---- ALWIL Software
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe ---- 2348 Ko ---- Normal ---- "C:\Program Files\Lexmark 1200 Series\lxczbmon.exe" ----
C:\Program Files\D-Link\Diagnostics Utility\8169Diag.exe ---- 4968 Ko ---- Normal ---- "C:\Program Files\D-Link\Diagnostics Utility\8169Diag.exe" /hw ----
C:\WINDOWS\system32\RUNDLL32.EXE ---- 3692 Ko ---- Normal ---- "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit ----
C:\WINDOWS\system32\ctfmon.exe ---- 3784 Ko ---- Normal ---- "C:\WINDOWS\system32\ctfmon.exe" ----
C:\Apps\ActivBoard\TrayMon.exe ---- 2616 Ko ---- Normal ---- C:\Apps\ActivBoard\TrayMon.exe ----
C:\Apps\ActivBoard\OSD.exe ---- 2764 Ko ---- Normal ---- C:\Apps\ActivBoard\OSD.exe ----
C:\Apps\ActivBoard\nhksrv.exe ---- 1176 Ko ---- Normal ---- C:\Apps\ActivBoard\nhksrv.exe ----
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe ---- 2944 Ko ---- Normal ---- "C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe" ----
C:\WINDOWS\system32\nvsvc32.exe ---- 4392 Ko ---- Normal ---- C:\WINDOWS\system32\nvsvc32.exe ----
C:\WINDOWS\system32\slserv.exe ---- 1004 Ko ---- Normal ---- slserv.exe ----
C:\WINDOWS\System32\svchost.exe ---- 4348 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k imgsvc ----
C:\WINDOWS\System32\alg.exe ---- 3652 Ko ---- Normal ---- C:\WINDOWS\System32\alg.exe ----
C:\Program Files\internet explorer\iexplore.exe ---- 66424 Ko ---- Normal ---- "C:\Program Files\internet explorer\iexplore.exe" ---- Microsoft Corporation
C:\WINDOWS\system32\wscntfy.exe ---- 2392 Ko ---- Normal ---- C:\WINDOWS\system32\wscntfy.exe ----
C:\WINDOWS\system32\cmd.exe ---- 2844 Ko ---- Normal ---- C:\WINDOWS\system32\cmd.exe /K List'em.bat ----
C:\WINDOWS\system32\wbem\wmiprvse.exe ---- 6884 Ko ---- Normal ---- C:\WINDOWS\system32\wbem\wmiprvse.exe ----
C:\Program Files\List_Kill'em\pv.exe ---- 3764 Ko ---- Normal ---- pv -o"%f ---- %m Ko ---- %p ---- %l ---- %s" ----
¤¤¤¤¤¤¤¤¤¤ Keys "Run" ¤¤¤¤¤¤¤¤¤¤
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
WMPNSCFG = C:\Program Files\Windows Media Player\WMPNSCFG.exe
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
EM_EXEC = C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
ACTIVBOARD = C:\Apps\ActivBoard\MMKeybd.exe
RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
Lexmark 1200 Series = "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
avast5 = "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
8169Diag = C:\Program Files\D-Link\Diagnostics Utility\8169Diag /hw
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
¤¤¤¤¤¤¤¤¤¤ Other System Keys ¤¤¤¤¤¤¤¤¤¤
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun = 323 (0x143)
NoLowDiskSpaceChecks = 1 (0x1)
NoRecentDocsHistory = 01000000
NoRecentDocsMenu = 01000000
NoNetConnectDisconnect = 1 (0x1)
NoDriveAutoRun = 67108863 (0x3ffffff)
NoDrives = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting = 1 (0x1)
NoDriveAutoRun = 67108863 (0x3ffffff)
NoDriveTypeAutoRun = 323 (0x143)
NoDrives = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS =
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
Shell = Explorer.exe
Userinit = C:\WINDOWS\system32\userinit.exe,
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} =
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Messenger\msmsgs.exe = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
%windir%\Network Diagnostic\xpnetdiag.exe = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\WINDOWS\system32\LEXPPS.EXE = C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE
C:\Program Files\ma-config.com\maconfservice.exe = C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
¤¤¤¤¤¤¤¤¤¤ ActivX | COM ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\DirectAnimation Java Classes]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\Microsoft XML Parser for Java]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{166B1BCA-3F9C-11CF-8075-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{19E28AFC-EAE3-4CE5-AC83-2407B42F57C9}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6414512B-B978-451D-A0D8-FCFDF33E833C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{80DD2229-B8E4-4C77-B72F-F22972D723EA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{867E13F2-7F31-44FB-AC97-CD38E0DC46EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{FFFDF6F2-F7BC-4B90-B789-CB7BBDA13AD6}]
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Microsoft Base Smart Card Crypto Provider Package]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{02f78298-8af6-495c-9ecb-b6ae68678186}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608555}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{166B1BCA-3F9C-11CF-8075-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2298d453-bcae-4519-bf33-1cbf3faf1524}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{233C1507-6A77-46A4-9443-F871F945D258}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A3320D6-C805-4280-B423-B665BDE33D8F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2eac6a2d-57a8-44d4-96f7-e32bab40ca5f}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2F6EFCE6-10DF-49F9-9E64-9AE3775B2588}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5c9ff2bf-938d-47fe-85d9-9dbab4f65018}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5f3c70b3-ac2f-432c-8f9c-1624df61f54f}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{839117ee-2132-4bae-a56a-42b50204c9b9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B508B3F1-A24A-32C0-B310-85786919EF28}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EF289A85-8E57-408d-BE47-73B55609861A}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{f5173cf0-1dfb-4978-8e50-a90169ee7ca9}]
¤¤¤¤¤¤¤¤¤¤ BHO ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ DNS ¤¤¤¤¤¤¤¤¤¤
Description: D-Link DGE-528T Gigabit Ethernet Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 10.0.0.138
Description: D-Link DGE-528T Gigabit Ethernet Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{54B07B37-1F58-4D46-98BB-1B8FDF6EF7DB}: NameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C194FEAC-BEE5-48C5-8021-9BE7E05B9C11}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DEF37794-ACB3-4710-9A2A-C69037FB3B0D}: NameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{54B07B37-1F58-4D46-98BB-1B8FDF6EF7DB}: NameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C194FEAC-BEE5-48C5-8021-9BE7E05B9C11}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DEF37794-ACB3-4710-9A2A-C69037FB3B0D}: NameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{54B07B37-1F58-4D46-98BB-1B8FDF6EF7DB}: NameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C194FEAC-BEE5-48C5-8021-9BE7E05B9C11}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DEF37794-ACB3-4710-9A2A-C69037FB3B0D}: NameServer=192.168.1.1
¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr
Local Page = %SystemRoot%\system32\blank.htm
Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_Page_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr
Local Page = C:\WINDOWS\system32\blank.htm
¤¤¤¤¤ Proxy Internet Explorer
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
ProxyHttp1.1 = 1 (0x1)
ProxyEnable = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤ Safemode ¤¤¤¤¤¤¤¤¤¤
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!
¤¤¤¤¤¤¤¤¤¤ Atapi.sys ¤¤¤¤¤¤¤¤¤¤
[MD5.cdfe4411a69c224bd1d11b2da92dac51] - C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[MD5.9f3a2f5aa6875c72bf062c712cfa2674] - C:\WINDOWS\ERDNT\cache\atapi.sys
[MD5.9f3a2f5aa6875c72bf062c712cfa2674] - C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[MD5.9f3a2f5aa6875c72bf062c712cfa2674] - C:\WINDOWS\system32\drivers\atapi.sys
[MD5.9f3a2f5aa6875c72bf062c712cfa2674] - C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
¤¤¤¤¤ Reference
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP1_32b : 95b858761a00e1d4f81f79a0da019aca
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 338c86357871c167a96ab976519bf59e
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
¤¤¤¤¤¤¤¤¤¤ Explorer ¤¤¤¤¤¤¤¤¤¤
[MD5.f2317622d29f9ff0f88aeecd5f60f0dd] - C:\WINDOWS\explorer.exe
[MD5.b795475444d6d57a572c14b9e1a29839] - C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[MD5.d0288319660edcfed07c7e74c4ea38a5] - C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[MD5.2a7bd330924252a2fd80344fc949bb72] - C:\WINDOWS\$NtServicePackUninstall$\explorer.exe.000
[MD5.2a7bd330924252a2fd80344fc949bb72] - C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[MD5.f2317622d29f9ff0f88aeecd5f60f0dd] - C:\WINDOWS\ERDNT\cache\explorer.exe
[MD5.f2317622d29f9ff0f88aeecd5f60f0dd] - C:\WINDOWS\ServicePackFiles\i386\explorer.exe
¤¤¤¤¤¤¤¤¤¤ Winlogon ¤¤¤¤¤¤¤¤¤¤
[MD5.123eea158f74d0f67a51dcdf065d1091] - C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[MD5.71820bc9ee6653c8748922459dfc384d] - C:\WINDOWS\$NtUninstallKB841533$\winlogon.exe
[MD5.dd73d6b9f6b4cb630cf35b438b540174] - C:\WINDOWS\ERDNT\cache\winlogon.exe
[MD5.d41d8cd98f00b204e9800998ecf8427e] - C:\WINDOWS\PCHEALTH\ErrorRep\UserDumps\winlogon.exe.20061114-100226-00.mdmp
[MD5.dd73d6b9f6b4cb630cf35b438b540174] - C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[MD5.dd73d6b9f6b4cb630cf35b438b540174] - C:\WINDOWS\system32\winlogon.exe
¤¤¤¤¤¤¤¤¤¤ Wininit ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Mountpoints2 ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ First Scan ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤
[HKEY_CURRENT_USER\software\ABBYY]
[HKEY_CURRENT_USER\software\Acronis]
[HKEY_CURRENT_USER\software\Ad-Remover]
[HKEY_CURRENT_USER\software\Adobe]
[HKEY_CURRENT_USER\software\ALWIL Software]
[HKEY_CURRENT_USER\software\AppDataLow]
[HKEY_CURRENT_USER\software\ASProtect]
[HKEY_CURRENT_USER\software\BBQuest]
[HKEY_CURRENT_USER\software\BrickShooter]
[HKEY_CURRENT_USER\software\Clients]
[HKEY_CURRENT_USER\software\CyberLink]
[HKEY_CURRENT_USER\software\Dolphin Dice XP 8.04 by Dragonfly Software]
[HKEY_CURRENT_USER\software\FRANCE TELECOM]
[HKEY_CURRENT_USER\software\FreshDevices]
[HKEY_CURRENT_USER\software\Google]
[HKEY_CURRENT_USER\software\HandyBits]
[HKEY_CURRENT_USER\software\IADirectShow]
[HKEY_CURRENT_USER\software\Intel]
[HKEY_CURRENT_USER\software\InterActual Technologies]
[HKEY_CURRENT_USER\software\Jetsoft]
[HKEY_CURRENT_USER\software\Lavalys]
[HKEY_CURRENT_USER\software\lazyware]
[HKEY_CURRENT_USER\software\Lobstersoft]
[HKEY_CURRENT_USER\software\Local AppWizard-Generated Applications]
[HKEY_CURRENT_USER\software\Logitech]
[HKEY_CURRENT_USER\software\Macromedia]
[HKEY_CURRENT_USER\software\Malwarebytes' Anti-Malware]
[HKEY_CURRENT_USER\software\MDO]
[HKEY_CURRENT_USER\software\Microsoft]
[HKEY_CURRENT_USER\software\Mindscape]
[HKEY_CURRENT_USER\software\MozillaPlugins]
[HKEY_CURRENT_USER\software\Nadeo]
[HKEY_CURRENT_USER\software\Netropa]
[HKEY_CURRENT_USER\software\Netscape]
[HKEY_CURRENT_USER\software\NVIDIA Corporation]
[HKEY_CURRENT_USER\software\ODBC]
[HKEY_CURRENT_USER\software\Olivier Lapicque]
[HKEY_CURRENT_USER\software\PCbit Software, Inc.]
[HKEY_CURRENT_USER\software\Pellenc Software]
[HKEY_CURRENT_USER\software\PIXELA]
[HKEY_CURRENT_USER\software\Policies]
[HKEY_CURRENT_USER\software\Recreasoft]
[HKEY_CURRENT_USER\software\SecuROM]
[HKEY_CURRENT_USER\software\Sensaura]
[HKEY_CURRENT_USER\software\SoftAK]
[HKEY_CURRENT_USER\software\Softonic]
[HKEY_CURRENT_USER\software\Symantec]
[HKEY_CURRENT_USER\software\Sysinternals]
[HKEY_CURRENT_USER\software\Teknum Systems]
[HKEY_CURRENT_USER\software\Wget]
[HKEY_CURRENT_USER\software\WinRAR]
[HKEY_CURRENT_USER\software\WinRAR SFX]
[HKEY_CURRENT_USER\software\Yahoo]
[HKEY_CURRENT_USER\software\Classes]
[HKEY_LOCAL_MACHINE\software\8169Diag]
[HKEY_LOCAL_MACHINE\software\ABBYY]
[HKEY_LOCAL_MACHINE\software\Acronis]
[HKEY_LOCAL_MACHINE\software\Adobe]
[HKEY_LOCAL_MACHINE\software\Altwood Systems Ltd]
[HKEY_LOCAL_MACHINE\software\ALWIL Software]
[HKEY_LOCAL_MACHINE\software\Apple Computer, Inc.]
[HKEY_LOCAL_MACHINE\software\Apps TMD]
[HKEY_LOCAL_MACHINE\software\Audioneer]
[HKEY_LOCAL_MACHINE\software\Avery]
[HKEY_LOCAL_MACHINE\software\AxySoft]
[HKEY_LOCAL_MACHINE\software\BackWeb]
[HKEY_LOCAL_MACHINE\software\Big Fish Games]
[HKEY_LOCAL_MACHINE\software\C07ft5Y]
[HKEY_LOCAL_MACHINE\software\Classes]
[HKEY_LOCAL_MACHINE\software\Clients]
[HKEY_LOCAL_MACHINE\software\COKTEL]
[HKEY_LOCAL_MACHINE\software\Creative]
[HKEY_LOCAL_MACHINE\software\CyberLink]
[HKEY_LOCAL_MACHINE\software\D-Link]
[HKEY_LOCAL_MACHINE\software\Disney Interactive]
[HKEY_LOCAL_MACHINE\software\Empire Interactive]
[HKEY_LOCAL_MACHINE\software\Enigma]
[HKEY_LOCAL_MACHINE\software\FRANCE TELECOM]
[HKEY_LOCAL_MACHINE\software\FreshDevices]
[HKEY_LOCAL_MACHINE\software\Gemplus]
[HKEY_LOCAL_MACHINE\software\Gentee]
[HKEY_LOCAL_MACHINE\software\GMixon]
[HKEY_LOCAL_MACHINE\software\Google]
[HKEY_LOCAL_MACHINE\software\HandyBits]
[HKEY_LOCAL_MACHINE\software\Hexacto]
[HKEY_LOCAL_MACHINE\software\InstallShield]
[HKEY_LOCAL_MACHINE\software\Intel]
[HKEY_LOCAL_MACHINE\software\InterActual Technologies]
[HKEY_LOCAL_MACHINE\software\Lexis Products]
[HKEY_LOCAL_MACHINE\software\Lexmark]
[HKEY_LOCAL_MACHINE\software\Licenses]
[HKEY_LOCAL_MACHINE\software\Logitech]
[HKEY_LOCAL_MACHINE\software\Macromedia]
[HKEY_LOCAL_MACHINE\software\Magnetic Fields]
[HKEY_LOCAL_MACHINE\software\Malwarebytes' Anti-Malware]
[HKEY_LOCAL_MACHINE\software\Microsoft]
[HKEY_LOCAL_MACHINE\software\Mindscape]
[HKEY_LOCAL_MACHINE\software\Mozilla]
[HKEY_LOCAL_MACHINE\software\mozilla.org]
[HKEY_LOCAL_MACHINE\software\MozillaPlugins]
[HKEY_LOCAL_MACHINE\software\NADEO]
[HKEY_LOCAL_MACHINE\software\NEC]
[HKEY_LOCAL_MACHINE\software\NEC Computers International]
[HKEY_LOCAL_MACHINE\software\Netropa]
[HKEY_LOCAL_MACHINE\software\NVIDIA Corporation]
[HKEY_LOCAL_MACHINE\software\ODBC]
[HKEY_LOCAL_MACHINE\software\Packard Bell]
[HKEY_LOCAL_MACHINE\software\Panda Software]
[HKEY_LOCAL_MACHINE\software\PepiMK Software]
[HKEY_LOCAL_MACHINE\software\PIXELA]
[HKEY_LOCAL_MACHINE\software\Policies]
[HKEY_LOCAL_MACHINE\software\Program Groups]
[HKEY_LOCAL_MACHINE\software\Rage]
[HKEY_LOCAL_MACHINE\software\Rage Software]
[HKEY_LOCAL_MACHINE\software\Realtek]
[HKEY_LOCAL_MACHINE\software\Realtek Semiconductor Corp.]
[HKEY_LOCAL_MACHINE\software\RegisteredApplications]
[HKEY_LOCAL_MACHINE\software\RTLSetup]
[HKEY_LOCAL_MACHINE\software\Safer Networking Limited]
[HKEY_LOCAL_MACHINE\software\SBInfo]
[HKEY_LOCAL_MACHINE\software\Schlumberger]
[HKEY_LOCAL_MACHINE\software\SDLL]
[HKEY_LOCAL_MACHINE\software\Secure]
[HKEY_LOCAL_MACHINE\software\SigmaTel]
[HKEY_LOCAL_MACHINE\software\Silicon Integrated Systems Corp.]
[HKEY_LOCAL_MACHINE\software\Silicon Integrated Systems Corporation]
[HKEY_LOCAL_MACHINE\software\SmartLink]
[HKEY_LOCAL_MACHINE\software\Sony Corporation]
[HKEY_LOCAL_MACHINE\software\SONY PVC]
[HKEY_LOCAL_MACHINE\software\SumatraPDF]
[HKEY_LOCAL_MACHINE\software\Swearware]
[HKEY_LOCAL_MACHINE\software\Symantec]
[HKEY_LOCAL_MACHINE\software\Teknum Systems]
[HKEY_LOCAL_MACHINE\software\The Learning Company]
[HKEY_LOCAL_MACHINE\software\The Silicon Realms Toolworks]
[HKEY_LOCAL_MACHINE\software\TLC-Edusoft]
[HKEY_LOCAL_MACHINE\software\TravellersTalesToyStory2]
[HKEY_LOCAL_MACHINE\software\Ubi Soft]
[HKEY_LOCAL_MACHINE\software\Uniblue]
[HKEY_LOCAL_MACHINE\software\VERITAS]
[HKEY_LOCAL_MACHINE\software\Windows 3.1 Migration Status]
[HKEY_LOCAL_MACHINE\software\WinRAR]
[HKEY_LOCAL_MACHINE\software\Wise Solutions]
[HKEY_LOCAL_MACHINE\software\WORD]
[HKEY_LOCAL_MACHINE\software\Yahoo]
[HKEY_LOCAL_MACHINE\software\ZAG]
¤¤¤¤¤¤¤¤¤¤ Files/folders ¤¤¤¤¤¤¤¤¤¤
Present !! : \AUTOEXEC.BAT
Present !! : \qr.dat
Present !! : \AUDIO3D.DLL
Present !! : \CMIDS3D.DLL
Present !! : \CMIRMDRV.DLL
Present !! : \CMUDA.DLL
Present !! : \NetAgent.dll
Present !! : \UDAPROP.DLL
Present !! : \CMIRMDRV.EXE
Present !! : \dumppo.exe
Present !! : \SmWizard.exe
Present !! : \CM5451.INF
Present !! : \CM5455.INF
Present !! : \CMICHX.INF
Present !! : \CMNVDA.INF
Present !! : \CMSIS.INF
Present !! : \CMUDA.INF
Present !! : \CMVIA.INF
Present !! : C:\Documents and Settings\All Users\NTUSER.DAT
Present !! : C:\Documents and Settings\All Users\NTUSER.DAT
Present !! : C:\Documents and Settings\All Users\NTUSER.DAT
Present !! : C:\Documents and Settings\All Users\NTUSER.DAT
Present !! : C:\WINDOWS\001154_.tmp
Present !! : C:\WINDOWS\002438_.tmp
Present !! : C:\WINDOWS\003707_.tmp
Present !! : C:\WINDOWS\005871_.tmp
Present !! : C:\WINDOWS\SETC0.tmp
Present !! : C:\WINDOWS\SETCF.tmp
Present !! : C:\WINDOWS\aucfg.ini
Present !! : C:\WINDOWS\inf\nt5java.inf
Present !! : C:\WINDOWS\System32\drivers\Sonyhcp.dll
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {0E5CBF21-D15F-11D0-8301-00AA005B4383}
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
Present !! : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
Present !! : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}
FEATURE_BROWSER_EMULATION | svchost :
====================================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-11 13:35:35
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
IPC error: 2 Le fichier spécifié est introuvable.
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys siside.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
AntiVirusDisableNotify = 0 (0x0)
FirewallDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
AntiVirusOverride = 0 (0x0)
FirewallOverride = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 13:36:52,42
Le voici :
¤¤¤¤¤¤¤¤¤¤ List'em by g3n-h@ckm@n 2.1.2.0 ¤¤¤¤¤¤¤¤¤¤
User : alain (Administrateurs)
Update on 10/11/2010 by g3n-h@ckm@n ::::: 21.00
Start at: 12:38:32 | 11/11/2010
Intel(R) Celeron(R) CPU 1.70GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.11
Windows Firewall Status : Disabled
AV : avast! Antivirus 5.0.83886757 [ (!) Disabled | Updated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 36,2 Go (11,23 Go free) [HDD] | NTFS
F:\ -> Disque fixe local | 1,95 Go (474,26 Mo free) [RESTDONE] | FAT32
¤¤¤¤¤ Sessions ¤¤¤¤¤
C:\Documents and settings\alain
Boot: Normal
¤¤¤¤¤¤ Processes ------- Memory(Ko) ------- Priority ------ Command ------- Signer
C:\WINDOWS\System32\smss.exe ---- 400 Ko ---- Normal ---- \SystemRoot\System32\smss.exe ----
C:\WINDOWS\system32\csrss.exe ---- 3920 Ko ---- Normal ---- C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ----
C:\WINDOWS\system32\winlogon.exe ---- 5084 Ko ---- High ---- winlogon.exe ----
C:\WINDOWS\system32\services.exe ---- 3532 Ko ---- Normal ---- C:\WINDOWS\system32\services.exe ----
C:\WINDOWS\system32\lsass.exe ---- 2468 Ko ---- Normal ---- C:\WINDOWS\system32\lsass.exe ----
C:\WINDOWS\system32\svchost.exe ---- 4924 Ko ---- Normal ---- C:\WINDOWS\system32\svchost -k DcomLaunch ----
C:\WINDOWS\system32\svchost.exe ---- 4312 Ko ---- Normal ---- C:\WINDOWS\system32\svchost -k rpcss ----
C:\WINDOWS\System32\svchost.exe ---- 21560 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k netsvcs ----
C:\WINDOWS\System32\svchost.exe ---- 3668 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k NetworkService ----
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe ---- 30044 Ko ---- Normal ---- "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" ---- ALWIL Software
C:\WINDOWS\Explorer.EXE ---- 29516 Ko ---- Normal ---- C:\WINDOWS\Explorer.EXE ----
C:\Apps\ActivBoard\MMKeybd.exe ---- 3784 Ko ---- Normal ---- "C:\Apps\ActivBoard\MMKeybd.exe" ----
C:\WINDOWS\system32\LEXBCES.EXE ---- 3412 Ko ---- Normal ---- C:\WINDOWS\system32\LEXBCES.EXE ----
C:\Program Files\Real\RealPlayer\RealPlay.exe ---- 8060 Ko ---- Normal ---- "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER ----
C:\WINDOWS\system32\LEXPPS.EXE ---- 3392 Ko ---- Normal ---- LEXPPS.EXE ----
C:\WINDOWS\system32\spoolsv.exe ---- 5692 Ko ---- Normal ---- C:\WINDOWS\system32\spoolsv.exe ----
C:\Program Files\QuickTime\qttask.exe ---- 2500 Ko ---- Normal ---- "C:\Program Files\QuickTime\qttask.exe" -atboottime ----
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe ---- 2572 Ko ---- Normal ---- "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" ----
C:\Program Files\Alwil Software\Avast5\avastUI.exe ---- 5468 Ko ---- Normal ---- "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui ---- ALWIL Software
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe ---- 2348 Ko ---- Normal ---- "C:\Program Files\Lexmark 1200 Series\lxczbmon.exe" ----
C:\Program Files\D-Link\Diagnostics Utility\8169Diag.exe ---- 4968 Ko ---- Normal ---- "C:\Program Files\D-Link\Diagnostics Utility\8169Diag.exe" /hw ----
C:\WINDOWS\system32\RUNDLL32.EXE ---- 3692 Ko ---- Normal ---- "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit ----
C:\WINDOWS\system32\ctfmon.exe ---- 3784 Ko ---- Normal ---- "C:\WINDOWS\system32\ctfmon.exe" ----
C:\Apps\ActivBoard\TrayMon.exe ---- 2616 Ko ---- Normal ---- C:\Apps\ActivBoard\TrayMon.exe ----
C:\Apps\ActivBoard\OSD.exe ---- 2764 Ko ---- Normal ---- C:\Apps\ActivBoard\OSD.exe ----
C:\Apps\ActivBoard\nhksrv.exe ---- 1176 Ko ---- Normal ---- C:\Apps\ActivBoard\nhksrv.exe ----
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe ---- 2944 Ko ---- Normal ---- "C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe" ----
C:\WINDOWS\system32\nvsvc32.exe ---- 4392 Ko ---- Normal ---- C:\WINDOWS\system32\nvsvc32.exe ----
C:\WINDOWS\system32\slserv.exe ---- 1004 Ko ---- Normal ---- slserv.exe ----
C:\WINDOWS\System32\svchost.exe ---- 4348 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k imgsvc ----
C:\WINDOWS\System32\alg.exe ---- 3652 Ko ---- Normal ---- C:\WINDOWS\System32\alg.exe ----
C:\Program Files\internet explorer\iexplore.exe ---- 66424 Ko ---- Normal ---- "C:\Program Files\internet explorer\iexplore.exe" ---- Microsoft Corporation
C:\WINDOWS\system32\wscntfy.exe ---- 2392 Ko ---- Normal ---- C:\WINDOWS\system32\wscntfy.exe ----
C:\WINDOWS\system32\cmd.exe ---- 2844 Ko ---- Normal ---- C:\WINDOWS\system32\cmd.exe /K List'em.bat ----
C:\WINDOWS\system32\wbem\wmiprvse.exe ---- 6884 Ko ---- Normal ---- C:\WINDOWS\system32\wbem\wmiprvse.exe ----
C:\Program Files\List_Kill'em\pv.exe ---- 3764 Ko ---- Normal ---- pv -o"%f ---- %m Ko ---- %p ---- %l ---- %s" ----
¤¤¤¤¤¤¤¤¤¤ Keys "Run" ¤¤¤¤¤¤¤¤¤¤
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
WMPNSCFG = C:\Program Files\Windows Media Player\WMPNSCFG.exe
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
EM_EXEC = C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
ACTIVBOARD = C:\Apps\ActivBoard\MMKeybd.exe
RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
Lexmark 1200 Series = "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
avast5 = "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
8169Diag = C:\Program Files\D-Link\Diagnostics Utility\8169Diag /hw
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
¤¤¤¤¤¤¤¤¤¤ Other System Keys ¤¤¤¤¤¤¤¤¤¤
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun = 323 (0x143)
NoLowDiskSpaceChecks = 1 (0x1)
NoRecentDocsHistory = 01000000
NoRecentDocsMenu = 01000000
NoNetConnectDisconnect = 1 (0x1)
NoDriveAutoRun = 67108863 (0x3ffffff)
NoDrives = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting = 1 (0x1)
NoDriveAutoRun = 67108863 (0x3ffffff)
NoDriveTypeAutoRun = 323 (0x143)
NoDrives = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS =
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
Shell = Explorer.exe
Userinit = C:\WINDOWS\system32\userinit.exe,
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} =
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Messenger\msmsgs.exe = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
%windir%\Network Diagnostic\xpnetdiag.exe = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\WINDOWS\system32\LEXPPS.EXE = C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE
C:\Program Files\ma-config.com\maconfservice.exe = C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
¤¤¤¤¤¤¤¤¤¤ ActivX | COM ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\DirectAnimation Java Classes]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\Microsoft XML Parser for Java]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{166B1BCA-3F9C-11CF-8075-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{19E28AFC-EAE3-4CE5-AC83-2407B42F57C9}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6414512B-B978-451D-A0D8-FCFDF33E833C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{80DD2229-B8E4-4C77-B72F-F22972D723EA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{867E13F2-7F31-44FB-AC97-CD38E0DC46EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{FFFDF6F2-F7BC-4B90-B789-CB7BBDA13AD6}]
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Microsoft Base Smart Card Crypto Provider Package]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{02f78298-8af6-495c-9ecb-b6ae68678186}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608555}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{166B1BCA-3F9C-11CF-8075-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2298d453-bcae-4519-bf33-1cbf3faf1524}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{233C1507-6A77-46A4-9443-F871F945D258}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A3320D6-C805-4280-B423-B665BDE33D8F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2eac6a2d-57a8-44d4-96f7-e32bab40ca5f}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2F6EFCE6-10DF-49F9-9E64-9AE3775B2588}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5c9ff2bf-938d-47fe-85d9-9dbab4f65018}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5f3c70b3-ac2f-432c-8f9c-1624df61f54f}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{839117ee-2132-4bae-a56a-42b50204c9b9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B508B3F1-A24A-32C0-B310-85786919EF28}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EF289A85-8E57-408d-BE47-73B55609861A}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{f5173cf0-1dfb-4978-8e50-a90169ee7ca9}]
¤¤¤¤¤¤¤¤¤¤ BHO ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ DNS ¤¤¤¤¤¤¤¤¤¤
Description: D-Link DGE-528T Gigabit Ethernet Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 10.0.0.138
Description: D-Link DGE-528T Gigabit Ethernet Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{54B07B37-1F58-4D46-98BB-1B8FDF6EF7DB}: NameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C194FEAC-BEE5-48C5-8021-9BE7E05B9C11}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DEF37794-ACB3-4710-9A2A-C69037FB3B0D}: NameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{54B07B37-1F58-4D46-98BB-1B8FDF6EF7DB}: NameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C194FEAC-BEE5-48C5-8021-9BE7E05B9C11}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DEF37794-ACB3-4710-9A2A-C69037FB3B0D}: NameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{54B07B37-1F58-4D46-98BB-1B8FDF6EF7DB}: NameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C194FEAC-BEE5-48C5-8021-9BE7E05B9C11}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DEF37794-ACB3-4710-9A2A-C69037FB3B0D}: NameServer=192.168.1.1
¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr
Local Page = %SystemRoot%\system32\blank.htm
Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_Page_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr
Local Page = C:\WINDOWS\system32\blank.htm
¤¤¤¤¤ Proxy Internet Explorer
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
ProxyHttp1.1 = 1 (0x1)
ProxyEnable = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤ Safemode ¤¤¤¤¤¤¤¤¤¤
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!
¤¤¤¤¤¤¤¤¤¤ Atapi.sys ¤¤¤¤¤¤¤¤¤¤
[MD5.cdfe4411a69c224bd1d11b2da92dac51] - C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[MD5.9f3a2f5aa6875c72bf062c712cfa2674] - C:\WINDOWS\ERDNT\cache\atapi.sys
[MD5.9f3a2f5aa6875c72bf062c712cfa2674] - C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[MD5.9f3a2f5aa6875c72bf062c712cfa2674] - C:\WINDOWS\system32\drivers\atapi.sys
[MD5.9f3a2f5aa6875c72bf062c712cfa2674] - C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
¤¤¤¤¤ Reference
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP1_32b : 95b858761a00e1d4f81f79a0da019aca
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 338c86357871c167a96ab976519bf59e
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
¤¤¤¤¤¤¤¤¤¤ Explorer ¤¤¤¤¤¤¤¤¤¤
[MD5.f2317622d29f9ff0f88aeecd5f60f0dd] - C:\WINDOWS\explorer.exe
[MD5.b795475444d6d57a572c14b9e1a29839] - C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[MD5.d0288319660edcfed07c7e74c4ea38a5] - C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[MD5.2a7bd330924252a2fd80344fc949bb72] - C:\WINDOWS\$NtServicePackUninstall$\explorer.exe.000
[MD5.2a7bd330924252a2fd80344fc949bb72] - C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[MD5.f2317622d29f9ff0f88aeecd5f60f0dd] - C:\WINDOWS\ERDNT\cache\explorer.exe
[MD5.f2317622d29f9ff0f88aeecd5f60f0dd] - C:\WINDOWS\ServicePackFiles\i386\explorer.exe
¤¤¤¤¤¤¤¤¤¤ Winlogon ¤¤¤¤¤¤¤¤¤¤
[MD5.123eea158f74d0f67a51dcdf065d1091] - C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[MD5.71820bc9ee6653c8748922459dfc384d] - C:\WINDOWS\$NtUninstallKB841533$\winlogon.exe
[MD5.dd73d6b9f6b4cb630cf35b438b540174] - C:\WINDOWS\ERDNT\cache\winlogon.exe
[MD5.d41d8cd98f00b204e9800998ecf8427e] - C:\WINDOWS\PCHEALTH\ErrorRep\UserDumps\winlogon.exe.20061114-100226-00.mdmp
[MD5.dd73d6b9f6b4cb630cf35b438b540174] - C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[MD5.dd73d6b9f6b4cb630cf35b438b540174] - C:\WINDOWS\system32\winlogon.exe
¤¤¤¤¤¤¤¤¤¤ Wininit ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Mountpoints2 ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ First Scan ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤
[HKEY_CURRENT_USER\software\ABBYY]
[HKEY_CURRENT_USER\software\Acronis]
[HKEY_CURRENT_USER\software\Ad-Remover]
[HKEY_CURRENT_USER\software\Adobe]
[HKEY_CURRENT_USER\software\ALWIL Software]
[HKEY_CURRENT_USER\software\AppDataLow]
[HKEY_CURRENT_USER\software\ASProtect]
[HKEY_CURRENT_USER\software\BBQuest]
[HKEY_CURRENT_USER\software\BrickShooter]
[HKEY_CURRENT_USER\software\Clients]
[HKEY_CURRENT_USER\software\CyberLink]
[HKEY_CURRENT_USER\software\Dolphin Dice XP 8.04 by Dragonfly Software]
[HKEY_CURRENT_USER\software\FRANCE TELECOM]
[HKEY_CURRENT_USER\software\FreshDevices]
[HKEY_CURRENT_USER\software\Google]
[HKEY_CURRENT_USER\software\HandyBits]
[HKEY_CURRENT_USER\software\IADirectShow]
[HKEY_CURRENT_USER\software\Intel]
[HKEY_CURRENT_USER\software\InterActual Technologies]
[HKEY_CURRENT_USER\software\Jetsoft]
[HKEY_CURRENT_USER\software\Lavalys]
[HKEY_CURRENT_USER\software\lazyware]
[HKEY_CURRENT_USER\software\Lobstersoft]
[HKEY_CURRENT_USER\software\Local AppWizard-Generated Applications]
[HKEY_CURRENT_USER\software\Logitech]
[HKEY_CURRENT_USER\software\Macromedia]
[HKEY_CURRENT_USER\software\Malwarebytes' Anti-Malware]
[HKEY_CURRENT_USER\software\MDO]
[HKEY_CURRENT_USER\software\Microsoft]
[HKEY_CURRENT_USER\software\Mindscape]
[HKEY_CURRENT_USER\software\MozillaPlugins]
[HKEY_CURRENT_USER\software\Nadeo]
[HKEY_CURRENT_USER\software\Netropa]
[HKEY_CURRENT_USER\software\Netscape]
[HKEY_CURRENT_USER\software\NVIDIA Corporation]
[HKEY_CURRENT_USER\software\ODBC]
[HKEY_CURRENT_USER\software\Olivier Lapicque]
[HKEY_CURRENT_USER\software\PCbit Software, Inc.]
[HKEY_CURRENT_USER\software\Pellenc Software]
[HKEY_CURRENT_USER\software\PIXELA]
[HKEY_CURRENT_USER\software\Policies]
[HKEY_CURRENT_USER\software\Recreasoft]
[HKEY_CURRENT_USER\software\SecuROM]
[HKEY_CURRENT_USER\software\Sensaura]
[HKEY_CURRENT_USER\software\SoftAK]
[HKEY_CURRENT_USER\software\Softonic]
[HKEY_CURRENT_USER\software\Symantec]
[HKEY_CURRENT_USER\software\Sysinternals]
[HKEY_CURRENT_USER\software\Teknum Systems]
[HKEY_CURRENT_USER\software\Wget]
[HKEY_CURRENT_USER\software\WinRAR]
[HKEY_CURRENT_USER\software\WinRAR SFX]
[HKEY_CURRENT_USER\software\Yahoo]
[HKEY_CURRENT_USER\software\Classes]
[HKEY_LOCAL_MACHINE\software\8169Diag]
[HKEY_LOCAL_MACHINE\software\ABBYY]
[HKEY_LOCAL_MACHINE\software\Acronis]
[HKEY_LOCAL_MACHINE\software\Adobe]
[HKEY_LOCAL_MACHINE\software\Altwood Systems Ltd]
[HKEY_LOCAL_MACHINE\software\ALWIL Software]
[HKEY_LOCAL_MACHINE\software\Apple Computer, Inc.]
[HKEY_LOCAL_MACHINE\software\Apps TMD]
[HKEY_LOCAL_MACHINE\software\Audioneer]
[HKEY_LOCAL_MACHINE\software\Avery]
[HKEY_LOCAL_MACHINE\software\AxySoft]
[HKEY_LOCAL_MACHINE\software\BackWeb]
[HKEY_LOCAL_MACHINE\software\Big Fish Games]
[HKEY_LOCAL_MACHINE\software\C07ft5Y]
[HKEY_LOCAL_MACHINE\software\Classes]
[HKEY_LOCAL_MACHINE\software\Clients]
[HKEY_LOCAL_MACHINE\software\COKTEL]
[HKEY_LOCAL_MACHINE\software\Creative]
[HKEY_LOCAL_MACHINE\software\CyberLink]
[HKEY_LOCAL_MACHINE\software\D-Link]
[HKEY_LOCAL_MACHINE\software\Disney Interactive]
[HKEY_LOCAL_MACHINE\software\Empire Interactive]
[HKEY_LOCAL_MACHINE\software\Enigma]
[HKEY_LOCAL_MACHINE\software\FRANCE TELECOM]
[HKEY_LOCAL_MACHINE\software\FreshDevices]
[HKEY_LOCAL_MACHINE\software\Gemplus]
[HKEY_LOCAL_MACHINE\software\Gentee]
[HKEY_LOCAL_MACHINE\software\GMixon]
[HKEY_LOCAL_MACHINE\software\Google]
[HKEY_LOCAL_MACHINE\software\HandyBits]
[HKEY_LOCAL_MACHINE\software\Hexacto]
[HKEY_LOCAL_MACHINE\software\InstallShield]
[HKEY_LOCAL_MACHINE\software\Intel]
[HKEY_LOCAL_MACHINE\software\InterActual Technologies]
[HKEY_LOCAL_MACHINE\software\Lexis Products]
[HKEY_LOCAL_MACHINE\software\Lexmark]
[HKEY_LOCAL_MACHINE\software\Licenses]
[HKEY_LOCAL_MACHINE\software\Logitech]
[HKEY_LOCAL_MACHINE\software\Macromedia]
[HKEY_LOCAL_MACHINE\software\Magnetic Fields]
[HKEY_LOCAL_MACHINE\software\Malwarebytes' Anti-Malware]
[HKEY_LOCAL_MACHINE\software\Microsoft]
[HKEY_LOCAL_MACHINE\software\Mindscape]
[HKEY_LOCAL_MACHINE\software\Mozilla]
[HKEY_LOCAL_MACHINE\software\mozilla.org]
[HKEY_LOCAL_MACHINE\software\MozillaPlugins]
[HKEY_LOCAL_MACHINE\software\NADEO]
[HKEY_LOCAL_MACHINE\software\NEC]
[HKEY_LOCAL_MACHINE\software\NEC Computers International]
[HKEY_LOCAL_MACHINE\software\Netropa]
[HKEY_LOCAL_MACHINE\software\NVIDIA Corporation]
[HKEY_LOCAL_MACHINE\software\ODBC]
[HKEY_LOCAL_MACHINE\software\Packard Bell]
[HKEY_LOCAL_MACHINE\software\Panda Software]
[HKEY_LOCAL_MACHINE\software\PepiMK Software]
[HKEY_LOCAL_MACHINE\software\PIXELA]
[HKEY_LOCAL_MACHINE\software\Policies]
[HKEY_LOCAL_MACHINE\software\Program Groups]
[HKEY_LOCAL_MACHINE\software\Rage]
[HKEY_LOCAL_MACHINE\software\Rage Software]
[HKEY_LOCAL_MACHINE\software\Realtek]
[HKEY_LOCAL_MACHINE\software\Realtek Semiconductor Corp.]
[HKEY_LOCAL_MACHINE\software\RegisteredApplications]
[HKEY_LOCAL_MACHINE\software\RTLSetup]
[HKEY_LOCAL_MACHINE\software\Safer Networking Limited]
[HKEY_LOCAL_MACHINE\software\SBInfo]
[HKEY_LOCAL_MACHINE\software\Schlumberger]
[HKEY_LOCAL_MACHINE\software\SDLL]
[HKEY_LOCAL_MACHINE\software\Secure]
[HKEY_LOCAL_MACHINE\software\SigmaTel]
[HKEY_LOCAL_MACHINE\software\Silicon Integrated Systems Corp.]
[HKEY_LOCAL_MACHINE\software\Silicon Integrated Systems Corporation]
[HKEY_LOCAL_MACHINE\software\SmartLink]
[HKEY_LOCAL_MACHINE\software\Sony Corporation]
[HKEY_LOCAL_MACHINE\software\SONY PVC]
[HKEY_LOCAL_MACHINE\software\SumatraPDF]
[HKEY_LOCAL_MACHINE\software\Swearware]
[HKEY_LOCAL_MACHINE\software\Symantec]
[HKEY_LOCAL_MACHINE\software\Teknum Systems]
[HKEY_LOCAL_MACHINE\software\The Learning Company]
[HKEY_LOCAL_MACHINE\software\The Silicon Realms Toolworks]
[HKEY_LOCAL_MACHINE\software\TLC-Edusoft]
[HKEY_LOCAL_MACHINE\software\TravellersTalesToyStory2]
[HKEY_LOCAL_MACHINE\software\Ubi Soft]
[HKEY_LOCAL_MACHINE\software\Uniblue]
[HKEY_LOCAL_MACHINE\software\VERITAS]
[HKEY_LOCAL_MACHINE\software\Windows 3.1 Migration Status]
[HKEY_LOCAL_MACHINE\software\WinRAR]
[HKEY_LOCAL_MACHINE\software\Wise Solutions]
[HKEY_LOCAL_MACHINE\software\WORD]
[HKEY_LOCAL_MACHINE\software\Yahoo]
[HKEY_LOCAL_MACHINE\software\ZAG]
¤¤¤¤¤¤¤¤¤¤ Files/folders ¤¤¤¤¤¤¤¤¤¤
Present !! : \AUTOEXEC.BAT
Present !! : \qr.dat
Present !! : \AUDIO3D.DLL
Present !! : \CMIDS3D.DLL
Present !! : \CMIRMDRV.DLL
Present !! : \CMUDA.DLL
Present !! : \NetAgent.dll
Present !! : \UDAPROP.DLL
Present !! : \CMIRMDRV.EXE
Present !! : \dumppo.exe
Present !! : \SmWizard.exe
Present !! : \CM5451.INF
Present !! : \CM5455.INF
Present !! : \CMICHX.INF
Present !! : \CMNVDA.INF
Present !! : \CMSIS.INF
Present !! : \CMUDA.INF
Present !! : \CMVIA.INF
Present !! : C:\Documents and Settings\All Users\NTUSER.DAT
Present !! : C:\Documents and Settings\All Users\NTUSER.DAT
Present !! : C:\Documents and Settings\All Users\NTUSER.DAT
Present !! : C:\Documents and Settings\All Users\NTUSER.DAT
Present !! : C:\WINDOWS\001154_.tmp
Present !! : C:\WINDOWS\002438_.tmp
Present !! : C:\WINDOWS\003707_.tmp
Present !! : C:\WINDOWS\005871_.tmp
Present !! : C:\WINDOWS\SETC0.tmp
Present !! : C:\WINDOWS\SETCF.tmp
Present !! : C:\WINDOWS\aucfg.ini
Present !! : C:\WINDOWS\inf\nt5java.inf
Present !! : C:\WINDOWS\System32\drivers\Sonyhcp.dll
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {0E5CBF21-D15F-11D0-8301-00AA005B4383}
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
Present !! : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
Present !! : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}
FEATURE_BROWSER_EMULATION | svchost :
====================================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-11 13:35:35
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
IPC error: 2 Le fichier spécifié est introuvable.
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys siside.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
AntiVirusDisableNotify = 0 (0x0)
FirewallDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
AntiVirusOverride = 0 (0x0)
FirewallOverride = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 13:36:52,42
benurrr
Messages postés
9643
Date d'inscription
samedi 24 mai 2008
Statut
Contributeur sécurité
Dernière intervention
11 janvier 2012
107
11 nov. 2010 à 19:36
11 nov. 2010 à 19:36
c'est pas le rapport clean celui la regarde sur le bureau
oups excuse moi...
Le voici :
¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.1.2.0 ¤¤¤¤¤¤¤¤¤¤
User : alain (Administrateurs)
Update on 10/11/2010 by g3n-h@ckm@n ::::: 21.00
Start at: 14:39:37 | 11/11/2010
Intel(R) Celeron(R) CPU 1.70GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.11
Windows Firewall Status : Enabled
AV : avast! Antivirus 5.0.83886757 [ Enabled | Updated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 36,2 Go (11,22 Go free) [HDD] | NTFS
F:\ -> Disque fixe local | 1,95 Go (474,26 Mo free) [RESTDONE] | FAT32
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : \AUTOEXEC.BAT
Quarantined & Deleted !! : \qr.dat
Quarantined & Deleted !! : \AUDIO3D.DLL
Quarantined & Deleted !! : \CMIDS3D.DLL
Quarantined & Deleted !! : \CMIRMDRV.DLL
Quarantined & Deleted !! : \CMUDA.DLL
Quarantined & Deleted !! : \NetAgent.dll
Quarantined & Deleted !! : \UDAPROP.DLL
Quarantined & Deleted !! : \CMIRMDRV.EXE
Quarantined & Deleted !! : \dumppo.exe
Quarantined & Deleted !! : \SmWizard.exe
Quarantined & Deleted !! : \CM5451.INF
Quarantined & Deleted !! : \CM5455.INF
Quarantined & Deleted !! : \CMICHX.INF
Quarantined & Deleted !! : \CMNVDA.INF
Quarantined & Deleted !! : \CMSIS.INF
Quarantined & Deleted !! : \CMUDA.INF
Quarantined & Deleted !! : \CMVIA.INF
Quarantined & Deleted !! : C:\Documents and Settings\All Users\NTUSER.DAT
Quarantined & Deleted !! : C:\Documents and Settings\All Users\NTUSER.DAT
Quarantined & Deleted !! : C:\Documents and Settings\All Users\NTUSER.DAT
Quarantined & Deleted !! : C:\Documents and Settings\All Users\NTUSER.DAT
Quarantined & Deleted !! : C:\WINDOWS\001154_.tmp
Quarantined & Deleted !! : C:\WINDOWS\002438_.tmp
Quarantined & Deleted !! : C:\WINDOWS\003707_.tmp
Quarantined & Deleted !! : C:\WINDOWS\005871_.tmp
Quarantined & Deleted !! : C:\WINDOWS\SETC0.tmp
Quarantined & Deleted !! : C:\WINDOWS\SETCF.tmp
Quarantined & Deleted !! : C:\WINDOWS\aucfg.ini
Quarantined & Deleted !! : C:\WINDOWS\inf\nt5java.inf
Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\Sonyhcp.dll
¤¤¤¤¤¤¤¤¤¤ Hosts ¤¤¤¤¤¤¤¤¤¤
127.0.0.1 localhost
¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤
Deleted : "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" : "NoDrives"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" : "NoDrives"
¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr/?ocid=iehp
Local Page = C:\WINDOWS\system32\blank.htm
Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.google.com/?gws_rd=ssl
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
¤¤¤¤¤¤¤¤¤¤ Security Center ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
AntiVirusDisableNotify = 0 (0x0)
FirewallDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
AntiVirusOverride = 0 (0x0)
FirewallOverride = 0 (0x0)
FirstRunDisabled = 1 (0x1)
¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤
Ndisuio : Start = 3
EapHost : Start = 2
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2
¤¤¤¤¤¤¤¤¤¤ Winlogon
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
Shell = explorer.exe
Userinit = C:\WINDOWS\System32\userinit.exe,
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Disk Cleaned
anti-ver blaster : OK
Prefetch cleaned
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
FEATURE_BROWSER_EMULATION | svchost :
====================================
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys siside.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
End of Scan : 14:43:52,60
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Le voici :
¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.1.2.0 ¤¤¤¤¤¤¤¤¤¤
User : alain (Administrateurs)
Update on 10/11/2010 by g3n-h@ckm@n ::::: 21.00
Start at: 14:39:37 | 11/11/2010
Intel(R) Celeron(R) CPU 1.70GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.11
Windows Firewall Status : Enabled
AV : avast! Antivirus 5.0.83886757 [ Enabled | Updated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 36,2 Go (11,22 Go free) [HDD] | NTFS
F:\ -> Disque fixe local | 1,95 Go (474,26 Mo free) [RESTDONE] | FAT32
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : \AUTOEXEC.BAT
Quarantined & Deleted !! : \qr.dat
Quarantined & Deleted !! : \AUDIO3D.DLL
Quarantined & Deleted !! : \CMIDS3D.DLL
Quarantined & Deleted !! : \CMIRMDRV.DLL
Quarantined & Deleted !! : \CMUDA.DLL
Quarantined & Deleted !! : \NetAgent.dll
Quarantined & Deleted !! : \UDAPROP.DLL
Quarantined & Deleted !! : \CMIRMDRV.EXE
Quarantined & Deleted !! : \dumppo.exe
Quarantined & Deleted !! : \SmWizard.exe
Quarantined & Deleted !! : \CM5451.INF
Quarantined & Deleted !! : \CM5455.INF
Quarantined & Deleted !! : \CMICHX.INF
Quarantined & Deleted !! : \CMNVDA.INF
Quarantined & Deleted !! : \CMSIS.INF
Quarantined & Deleted !! : \CMUDA.INF
Quarantined & Deleted !! : \CMVIA.INF
Quarantined & Deleted !! : C:\Documents and Settings\All Users\NTUSER.DAT
Quarantined & Deleted !! : C:\Documents and Settings\All Users\NTUSER.DAT
Quarantined & Deleted !! : C:\Documents and Settings\All Users\NTUSER.DAT
Quarantined & Deleted !! : C:\Documents and Settings\All Users\NTUSER.DAT
Quarantined & Deleted !! : C:\WINDOWS\001154_.tmp
Quarantined & Deleted !! : C:\WINDOWS\002438_.tmp
Quarantined & Deleted !! : C:\WINDOWS\003707_.tmp
Quarantined & Deleted !! : C:\WINDOWS\005871_.tmp
Quarantined & Deleted !! : C:\WINDOWS\SETC0.tmp
Quarantined & Deleted !! : C:\WINDOWS\SETCF.tmp
Quarantined & Deleted !! : C:\WINDOWS\aucfg.ini
Quarantined & Deleted !! : C:\WINDOWS\inf\nt5java.inf
Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\Sonyhcp.dll
¤¤¤¤¤¤¤¤¤¤ Hosts ¤¤¤¤¤¤¤¤¤¤
127.0.0.1 localhost
¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤
Deleted : "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" : "NoDrives"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" : "NoDrives"
¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr/?ocid=iehp
Local Page = C:\WINDOWS\system32\blank.htm
Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.google.com/?gws_rd=ssl
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
¤¤¤¤¤¤¤¤¤¤ Security Center ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
AntiVirusDisableNotify = 0 (0x0)
FirewallDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
AntiVirusOverride = 0 (0x0)
FirewallOverride = 0 (0x0)
FirstRunDisabled = 1 (0x1)
¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤
Ndisuio : Start = 3
EapHost : Start = 2
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2
¤¤¤¤¤¤¤¤¤¤ Winlogon
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
Shell = explorer.exe
Userinit = C:\WINDOWS\System32\userinit.exe,
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Disk Cleaned
anti-ver blaster : OK
Prefetch cleaned
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
FEATURE_BROWSER_EMULATION | svchost :
====================================
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys siside.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
End of Scan : 14:43:52,60
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
benurrr
Messages postés
9643
Date d'inscription
samedi 24 mai 2008
Statut
Contributeur sécurité
Dernière intervention
11 janvier 2012
107
11 nov. 2010 à 20:48
11 nov. 2010 à 20:48
Télécharge DelFix sur ton bureau.
http://sd-1.archive-host.com/membres/up/17959594961240255/DelFix.exe
3.1 - Option Recherche
Téléchargez DelFix sur votre bureau.
Lancez le, tapez 1 et validez en appuyant sur [Entrée]
Patientez quelques secondes puis copiez/collez le contenu du rapport qui s'ouvrira sur le forum qui vous prend en charge.
Note : Le rapport est sauvegardé sous C:\DelFixSearch.txt
-------------------------
3.2 - Option Suppression
Téléchargez DelFix sur votre bureau
Lancez le, tapez 2 et validez en appuyant sur [Entrée]
Patientez quelques secondes puis copiez/collez le contenu du rapport qui s'ouvrira sur le forum qui vous prend en charge.
Note : Le rapport est sauvegardé sous C:\DelFixSuppr.txt
----------------après------
tu va télécharger Ccleaner http://dl.commentcamarche.net/...
ouvre "Ccleaner" vas dans l'onglet "Option" puis "Avancé" puis décoches "Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures."
. Puis vas dans l'onglet "Nettoyeur" fais "Analyse" puis "Lancer le nettoyage".
Puis vas dans l'onglet "Registre" puis fait "Chercher des erreurs" puis "Réparer les erreurs sélectionnée"
. Tu refais tous ca 4-5 fois (le nettoyage et le registre).
Puis reste dans "Ccleaner" puis va dans "Option" puis "Propriété" puis coches "Nettoyer automatiquement l'ordinateur au démarrage".
içi mode d'emploi pour ccleaner
https://www.malekal.com/tutoriel-ccleaner/
http://sd-1.archive-host.com/membres/up/17959594961240255/DelFix.exe
3.1 - Option Recherche
Téléchargez DelFix sur votre bureau.
Lancez le, tapez 1 et validez en appuyant sur [Entrée]
Patientez quelques secondes puis copiez/collez le contenu du rapport qui s'ouvrira sur le forum qui vous prend en charge.
Note : Le rapport est sauvegardé sous C:\DelFixSearch.txt
-------------------------
3.2 - Option Suppression
Téléchargez DelFix sur votre bureau
Lancez le, tapez 2 et validez en appuyant sur [Entrée]
Patientez quelques secondes puis copiez/collez le contenu du rapport qui s'ouvrira sur le forum qui vous prend en charge.
Note : Le rapport est sauvegardé sous C:\DelFixSuppr.txt
----------------après------
tu va télécharger Ccleaner http://dl.commentcamarche.net/...
ouvre "Ccleaner" vas dans l'onglet "Option" puis "Avancé" puis décoches "Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures."
. Puis vas dans l'onglet "Nettoyeur" fais "Analyse" puis "Lancer le nettoyage".
Puis vas dans l'onglet "Registre" puis fait "Chercher des erreurs" puis "Réparer les erreurs sélectionnée"
. Tu refais tous ca 4-5 fois (le nettoyage et le registre).
Puis reste dans "Ccleaner" puis va dans "Option" puis "Propriété" puis coches "Nettoyer automatiquement l'ordinateur au démarrage".
içi mode d'emploi pour ccleaner
https://www.malekal.com/tutoriel-ccleaner/
re,
le premier rapport :
########## DelFix - Nettoyeur d'outils de désinfection ##########
#
# DelFix v6.2 - Rapport créé le 11/11/2010 à 21:18
# Mis à jour le 11/11/10 à 16h00 par Xplode
# Système d'exploitation : Microsoft Windows XP (32 bits) [version 5.1.2600] Service Pack 3
# Navigateur : Internet Explorer [Navigateur par défaut]
# Nom d'utilisateur : alain - MACHINEDUFOUR (Administrateur)
# Exécuté depuis : C:\Documents and Settings\alain\Bureau\DelFix.exe
~~~~~~ Dossier(s) ~~~~~~
Présent : C:\Qoobox
Présent : C:\Kill'em
Présent : C:\Program Files\Ad-Remover
Présent : C:\Program Files\List_Kill'em
Présent : C:\Program Files\ZHPDiag
Présent : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\List_Kill'em
Présent : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ZHP
~~~~~~ Fichier(s) ~~~~~~
Présent : C:\ComboFix.txt
Présent : C:\List'em.txt
Présent : C:\Ad-Report-CLEAN[1].txt
Présent : C:\Ad-Report-CLEAN[2].txt
Présent : C:\Ad-Report-SCAN[1].txt
Présent : C:\WINDOWS\grep.exe
Présent : C:\WINDOWS\PEV.exe
Présent : C:\WINDOWS\NIRCMD.exe
Présent : C:\WINDOWS\MBR.exe
Présent : C:\WINDOWS\sed.exe
Présent : C:\WINDOWS\SWREG.exe
Présent : C:\WINDOWS\SWSC.exe
Présent : C:\WINDOWS\SWXCACLS.exe
Présent : C:\WINDOWS\zip.exe
Présent : C:\Documents and Settings\alain\Bureau\List_Killem_Install.exe
Présent : C:\Documents and Settings\alain\Bureau\AD-R.lnk
Présent : C:\Documents and Settings\alain\Bureau\ZHPDiag.exe
Présent : C:\Documents and Settings\alain\Bureau\ZHPDiag.txt
Présent : C:\Documents and Settings\alain\Bureau\Kill'em.txt
Présent : C:\Documents and Settings\alain\Bureau\More.txt
Présent : C:\Documents and Settings\All Users\Bureau\ZHPDiag.lnk
Présent : C:\Documents and Settings\All Users\Bureau\ZHPFix.lnk
Présent : C:\Documents and Settings\All Users\Bureau\MBRCheck.lnk
~~~~~~ Registre ~~~~~~
Clé Présente : HKCU\SOFTWARE\Ad-Remover
Clé Présente : HKLM\Software\swearware
Clé Présente : HKLM\Software\Classes\.cfxxe
Clé Présente : HKLM\Software\Classes\cfxxefile
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Remover
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E88BA4E8-6B36-4D39-9499-C10B439819E1}_is1
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
Clé Présente : HKCR\.cfxxe
Clé Présente : HKCR\cfxxefile
########## EOF - "C:\DelFixSearch.txt" - [2599 octets] ##########
le premier rapport :
########## DelFix - Nettoyeur d'outils de désinfection ##########
#
# DelFix v6.2 - Rapport créé le 11/11/2010 à 21:18
# Mis à jour le 11/11/10 à 16h00 par Xplode
# Système d'exploitation : Microsoft Windows XP (32 bits) [version 5.1.2600] Service Pack 3
# Navigateur : Internet Explorer [Navigateur par défaut]
# Nom d'utilisateur : alain - MACHINEDUFOUR (Administrateur)
# Exécuté depuis : C:\Documents and Settings\alain\Bureau\DelFix.exe
~~~~~~ Dossier(s) ~~~~~~
Présent : C:\Qoobox
Présent : C:\Kill'em
Présent : C:\Program Files\Ad-Remover
Présent : C:\Program Files\List_Kill'em
Présent : C:\Program Files\ZHPDiag
Présent : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\List_Kill'em
Présent : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ZHP
~~~~~~ Fichier(s) ~~~~~~
Présent : C:\ComboFix.txt
Présent : C:\List'em.txt
Présent : C:\Ad-Report-CLEAN[1].txt
Présent : C:\Ad-Report-CLEAN[2].txt
Présent : C:\Ad-Report-SCAN[1].txt
Présent : C:\WINDOWS\grep.exe
Présent : C:\WINDOWS\PEV.exe
Présent : C:\WINDOWS\NIRCMD.exe
Présent : C:\WINDOWS\MBR.exe
Présent : C:\WINDOWS\sed.exe
Présent : C:\WINDOWS\SWREG.exe
Présent : C:\WINDOWS\SWSC.exe
Présent : C:\WINDOWS\SWXCACLS.exe
Présent : C:\WINDOWS\zip.exe
Présent : C:\Documents and Settings\alain\Bureau\List_Killem_Install.exe
Présent : C:\Documents and Settings\alain\Bureau\AD-R.lnk
Présent : C:\Documents and Settings\alain\Bureau\ZHPDiag.exe
Présent : C:\Documents and Settings\alain\Bureau\ZHPDiag.txt
Présent : C:\Documents and Settings\alain\Bureau\Kill'em.txt
Présent : C:\Documents and Settings\alain\Bureau\More.txt
Présent : C:\Documents and Settings\All Users\Bureau\ZHPDiag.lnk
Présent : C:\Documents and Settings\All Users\Bureau\ZHPFix.lnk
Présent : C:\Documents and Settings\All Users\Bureau\MBRCheck.lnk
~~~~~~ Registre ~~~~~~
Clé Présente : HKCU\SOFTWARE\Ad-Remover
Clé Présente : HKLM\Software\swearware
Clé Présente : HKLM\Software\Classes\.cfxxe
Clé Présente : HKLM\Software\Classes\cfxxefile
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Remover
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E88BA4E8-6B36-4D39-9499-C10B439819E1}_is1
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
Clé Présente : HKCR\.cfxxe
Clé Présente : HKCR\cfxxefile
########## EOF - "C:\DelFixSearch.txt" - [2599 octets] ##########
le deuxieme rapport :
########## DelFix - Nettoyeur d'outils de désinfection ##########
#
# DelFix v6.2 - Rapport créé le 11/11/2010 à 21:19
# Mis à jour le 11/11/10 à 16h00 par Xplode
# Système d'exploitation : Microsoft Windows XP (32 bits) [version 5.1.2600] Service Pack 3
# Navigateur : Internet Explorer [Navigateur par défaut]
# Nom d'utilisateur : alain - MACHINEDUFOUR (Administrateur)
# Exécuté depuis : C:\Documents and Settings\alain\Bureau\DelFix.exe
~~~~~~ Dossier(s) ~~~~~~
Supprimé : C:\Qoobox
Supprimé : C:\Kill'em
Supprimé : C:\Program Files\Ad-Remover
Supprimé : C:\Program Files\List_Kill'em
Supprimé : C:\Program Files\ZHPDiag
Supprimé : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\List_Kill'em
Supprimé : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ZHP
~~~~~~ Fichier(s) ~~~~~~
Supprimé : C:\ComboFix.txt
Supprimé : C:\List'em.txt
Supprimé : C:\Ad-Report-CLEAN[1].txt
Supprimé : C:\Ad-Report-CLEAN[2].txt
Supprimé : C:\Ad-Report-SCAN[1].txt
Supprimé : C:\WINDOWS\grep.exe
Supprimé : C:\WINDOWS\PEV.exe
Supprimé : C:\WINDOWS\NIRCMD.exe
Supprimé : C:\WINDOWS\MBR.exe
Supprimé : C:\WINDOWS\sed.exe
Supprimé : C:\WINDOWS\SWREG.exe
Supprimé : C:\WINDOWS\SWSC.exe
Supprimé : C:\WINDOWS\SWXCACLS.exe
Supprimé : C:\WINDOWS\zip.exe
Supprimé : C:\Documents and Settings\alain\Bureau\List_Killem_Install.exe
Supprimé : C:\Documents and Settings\alain\Bureau\AD-R.lnk
Supprimé : C:\Documents and Settings\alain\Bureau\ZHPDiag.exe
Supprimé : C:\Documents and Settings\alain\Bureau\ZHPDiag.txt
Supprimé : C:\Documents and Settings\alain\Bureau\Kill'em.txt
Supprimé : C:\Documents and Settings\alain\Bureau\More.txt
Supprimé : C:\Documents and Settings\All Users\Bureau\ZHPDiag.lnk
Supprimé : C:\Documents and Settings\All Users\Bureau\ZHPFix.lnk
Supprimé : C:\Documents and Settings\All Users\Bureau\MBRCheck.lnk
~~~~~~ Registre ~~~~~~
Clé Supprimée : HKCU\SOFTWARE\Ad-Remover
Clé Supprimée : HKLM\Software\swearware
Clé Supprimée : HKLM\Software\Classes\.cfxxe
Clé Supprimée : HKLM\Software\Classes\cfxxefile
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Remover
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E88BA4E8-6B36-4D39-9499-C10B439819E1}_is1
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
########## EOF - "C:\DelFixSuppr.txt" - [2578 octets] ##########
Je lance ccleaner de suite...Tu veux un rapport?
########## DelFix - Nettoyeur d'outils de désinfection ##########
#
# DelFix v6.2 - Rapport créé le 11/11/2010 à 21:19
# Mis à jour le 11/11/10 à 16h00 par Xplode
# Système d'exploitation : Microsoft Windows XP (32 bits) [version 5.1.2600] Service Pack 3
# Navigateur : Internet Explorer [Navigateur par défaut]
# Nom d'utilisateur : alain - MACHINEDUFOUR (Administrateur)
# Exécuté depuis : C:\Documents and Settings\alain\Bureau\DelFix.exe
~~~~~~ Dossier(s) ~~~~~~
Supprimé : C:\Qoobox
Supprimé : C:\Kill'em
Supprimé : C:\Program Files\Ad-Remover
Supprimé : C:\Program Files\List_Kill'em
Supprimé : C:\Program Files\ZHPDiag
Supprimé : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\List_Kill'em
Supprimé : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ZHP
~~~~~~ Fichier(s) ~~~~~~
Supprimé : C:\ComboFix.txt
Supprimé : C:\List'em.txt
Supprimé : C:\Ad-Report-CLEAN[1].txt
Supprimé : C:\Ad-Report-CLEAN[2].txt
Supprimé : C:\Ad-Report-SCAN[1].txt
Supprimé : C:\WINDOWS\grep.exe
Supprimé : C:\WINDOWS\PEV.exe
Supprimé : C:\WINDOWS\NIRCMD.exe
Supprimé : C:\WINDOWS\MBR.exe
Supprimé : C:\WINDOWS\sed.exe
Supprimé : C:\WINDOWS\SWREG.exe
Supprimé : C:\WINDOWS\SWSC.exe
Supprimé : C:\WINDOWS\SWXCACLS.exe
Supprimé : C:\WINDOWS\zip.exe
Supprimé : C:\Documents and Settings\alain\Bureau\List_Killem_Install.exe
Supprimé : C:\Documents and Settings\alain\Bureau\AD-R.lnk
Supprimé : C:\Documents and Settings\alain\Bureau\ZHPDiag.exe
Supprimé : C:\Documents and Settings\alain\Bureau\ZHPDiag.txt
Supprimé : C:\Documents and Settings\alain\Bureau\Kill'em.txt
Supprimé : C:\Documents and Settings\alain\Bureau\More.txt
Supprimé : C:\Documents and Settings\All Users\Bureau\ZHPDiag.lnk
Supprimé : C:\Documents and Settings\All Users\Bureau\ZHPFix.lnk
Supprimé : C:\Documents and Settings\All Users\Bureau\MBRCheck.lnk
~~~~~~ Registre ~~~~~~
Clé Supprimée : HKCU\SOFTWARE\Ad-Remover
Clé Supprimée : HKLM\Software\swearware
Clé Supprimée : HKLM\Software\Classes\.cfxxe
Clé Supprimée : HKLM\Software\Classes\cfxxefile
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Remover
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E88BA4E8-6B36-4D39-9499-C10B439819E1}_is1
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
########## EOF - "C:\DelFixSuppr.txt" - [2578 octets] ##########
Je lance ccleaner de suite...Tu veux un rapport?
