Ordi rame, application aussi

Byakuya -  
jacques.gache Messages postés 34829 Statut Contributeur sécurité -
Bonjour,

Voilà depuis un certain temps, je ne saurais dire exactement (entre 1 et 3 mois) mon ordinateur semble avoir quelques difficultés avec des applications tels qu'internet, des jeux PC ou des jeux en ligne.
J'ai vraiment remarquer ce changement quand j'ai voulu rejouer à un jeu acheté y'a plus d'un an. A l'époque je l'avais installé et fait tourner en qualité normale sans soucis, mais aujourd'hui, même avec les qualités les plus faibles c'est injouable.
Pareil quand je suis sur le web.

Alors je me demandais si il n'y avait pas un soucis sur mon ordinateur, un virus ou un truc dans le genre qu'Avira, Spybot, Malwarebytes, CCleaner et Zonealarm n'aurait pas sur s'occuper.

Merci d'avance

6 réponses

  1. jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 645
     
    bonjour, peux tu poster un zhpdiag pour faire un diagnostique de ton pc , merci

    Ouvre ce lien et télécharge ZHPDiag :

    https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html

    cliques sur télécharger "celui du bas"

    ou directement ici: https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html

    et si problème : http://www.premiumorange.com/zeb-help-process/zhpdiag.html

    tu vas en bas de la page et tu télécharges le premier tu et tu dézippes

    ou lien direct http://www.moncompteur.com/compteurclick.php?idLink=18026

    tu décompresses et tu lances !!

    Enregistres le sur ton Bureau.

    Une fois le téléchargement achevé

    pour XP, double-clique sur ZHPDiag

    pour Vista,et seven tu fais un clic droit sur l'icône et exécute en tant qu'administrateur.

    N'oublies pas de cocher la case qui permet de mettre un raccourci sur le Bureau.

    /|\ l'outil a créé 2 icônes ZHPDiag et ZHPFix.

    Double cliques sur le raccourci ZHPDiag sur ton Bureau pour XP sinon clique droit et en tant que administrateur !!

    Cliques sur la loupe pour lancer l'analyse.

    si tu as un message te demandant la validation pour SIGCHECK acceptes avec OK cela est pour nous faire un rapport plus complet et pouvoir en faire une lecture plus approfondis

    Laisses l'outil travailler, il peut être assez long

    A la fin de l'analyse,clique sur l'appareil photo et enregistre le rapport sur ton Bureau.

    Fermes ZHPDiag en fin d'analyse.

    Pour me le transmettre clique sur ce lien :

    http://www.cijoint.fr/index.php

    Clique sur Parcourir et cherche le fichier C:\Documents and settings\le_nom_de_ta_session\bureau\.ZHPDiag.txt

    ou directement en choisissant bureau et ZHPDiag.txt clique dessus

    Clique sur Ouvrir.

    Clique sur "Cliquez ici pour déposer le fichier".

    Un lien de cette forme :

    http://www.cijoint.fr/cjlink.php?file=cj200905/cib7SU.txt

    est ajouté dans la page.

    Copie ce lien dans ta réponse.

    et si problème passe par celui ci : http://cjoint.com/
    0
  2. Byakuya
     
    http://www.cijoint.fr/cjlink.php?file=cj201012/cijG4vArmR.txt

    Merci encore
    0
    1. jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 645
       
      bonjour, pas grand chose de visible côté infection tu vas fixer ccela avec zhpfix , tu passeras adr-remover , et tu feras un nettoyage avec ccleaner que tu as sur ton pc mais avec les réglages donnés , et puis tu me posteras un list&kill"em pour voir si lui il trouve des choses

      si non perso je te conseillerais de supprimer spybot qui ne sert plus à grand chose sauf ralentir le pc !! et si tu installes la version 10 de antivir il te demandera de déactiver windows défender pour éviter les poblème car antivir a un anti_spyware intégré !!

      si tu ne le déinstalles pas tous de suite déactive le pour pas qu'il géne le nettoyage

      déactives la protection résidente de spybot pour pas qu'il nous bloque le fixe
      quand tu le réactiveras possible qu'il te demande d'accepter ou pas les modifications il faudra les accepter toutes
      pour t'aider au cas ou : http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924


      1) fixe cela avec zhpfix comme expliqué

      . Copie les lignes suivantes en GRAS


      O69 - SBI: SearchScopes [HKCU] {3359ec06-762c-4be8-a358-4e806a130981} - (Searcheo) - http://www.searcheo.fr
      MBRFix



      . Lance ZHPFix de Nicolas Coolman qui se trouve sur ton bureau
      . Pour XP, double-clique sur ZHPFix
      . pour Vista et seven, faire un clic droit sur l'icône et exécute en tant qu'administrateur.
      . Clique sur l'icone représentant la lettre H (« coller les lignes Helper »)

      Dans l'encadré principal tu verras donc les lignes que tu as copié précédemment apparaitrent .

      Vérifie que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre.

      . cliques sur OK
      . Clique sur « Tous », puis sur « Nettoyer »
      . Copie/colle la totalité du rapport dans ta prochaine réponse
      tu le trouveras dans le dossier de zhpdiag dans program files sous le nom de ZHPFixReport


      2) passes ad-remover mode nettoyage

      Déactives ton anti-virus et anti-spyware le temps du scan

      Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
      Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
      Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.


      Télécharge Ad-Remover sur ton bureau:
      http://www.teamxscript.org/adremoverTelechargement.html
      ou:
      https://www.androidworld.fr/

      /!\ Ferme toutes tes applications ouvertes. /!\

      Double clique sur le fichier que tu viens de télécharger, à l'écran qui apparait, clique sur "Nettoyer".
      Laisse travailler l'outil.
      Poste le rapport qui s'affiche à l'écran quand l'analyse est terminée.



      ( Le rapport est sauvegardé sous C:\Ad-report-clean.log )





      3) fais un nettoyage avec ccleaner et les réglages donnés

      je ne te donne pas l'installation mais jsute les réglages

      .double-cliques sur l'icône de Ccleaner pour l'ouvrir
      .une fois ouvert tu cliques sur option et puis avancé
      .tu décoches effacer uniquement les fichiers, du dossier temp de windows plus vieux que 24 heures
      .cliques sur nettoyeur
      .cliques sur windows et dans la colonne avancé
      .cochesla première case vieilles données du perfetch que celle-la
      .cliques sur analyse une fois l'analyse terminé
      .cliques sur lancer le nettoyage et sur la demande de confirmation OK il vas falloir que tu le refasses une autre fois une fois fini vériffis en appuiant de nouveau sur analyse pour être sur qu'il n'y est plus rien
      .cliques maintenant sur registre et puis sur rechercher les erreurs
      .laisses tout cochées et cliques sur réparrer les erreurs sélectionnées
      .il te demande de sauvegarder OUI
      .tu lui donnes un nom pour pouvoir la retrouver et enregistre
      .cliques sur corriger toutes les erreurs sélectionnées et sur la demande de confirmation OK
      .il supprime et fermer tu vériffis en relancant rechercher les erreurs
      .tu retournes dans option et tu recoches la case effacer uniquement les fichiers, du dossier temp de windows plus vieux que 24 heures et sur nettoyeur, windows sous avancé tu décoches la première case vieilles données du perfetch
      .tu peux fermer Ccleaner



      4) postes un list&kill"em

      DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)

      Télécharge List_Kill'em et enregistre le sur ton bureau

      double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

      une fois terminée , clic sur "terminer" et le programme se lancera seul

      choisis l'option Search

      un icone blanc et noir va s'afficher sur le bureau , il te servira à relancer le programme par la suite.
      un autre rouge et noir te servira a desinstaller le prog a la fin de la desinfection.

      laisse travailler l'outil

      à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

      un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , , il s'auto supprimera a la fin du scan

      Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"

      sinon le rapport est ici : C:\List'em.txt
      0
  3. Byakuya
     
    Rapport de ZHPFix 6.12.3226 par Nicolas Coolman, Update du 06/12/2010
    Fichier d'export Registre :
    Run by Nenuph at 12/12/2010 01:52:58
    Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
    Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
    Contact : nicolascoolman@yahoo.fr

    ========== Elément(s) de donnée du Registre ==========
    O69 - SBI: SearchScopes [HKCU] {3359ec06-762c-4be8-a358-4e806a130981} - (Searcheo) - => Donnée remplacée avec succès

    ========== Master Boot Record ==========
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.1 by Gmer, http://www.gmer.net
    Windows 6.0.6002 Disk: ST350083 rev.3.AA -> \Device\0000005d

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll sfsync02.sys storport.sys nvstor32.sys
    C:\Windows\System32\drivers\sfsync02.sys Protection Technology StarForce Protection System
    C:\Windows\system32\drivers\nvstor32.sys NVIDIA Corporation NVIDIA nForce(TM) SATA Driver
    1 ntkrnlpa!IofCallDriver[0x8248B962] -> \Device\Harddisk0\DR0[0x866550F0]
    3 CLASSPNP[0x807BB8B3] -> ntkrnlpa!IofCallDriver[0x8248B962] -> [0x859BFB68]
    5 acpi[0x8069A6BC] -> ntkrnlpa!IofCallDriver[0x8248B962] -> \Device\0000005d[0x859BFC90]
    kernel: MBR read successfully
    user & kernel MBR OK

    Resultat après le fix :
    Master Boot Record non infecté

    ========== Récapitulatif ==========
    1 : Elément(s) de donnée du Registre
    1 : Master Boot Record

    End of the scan
    0
  4. Byakuya
     
    ======= RAPPORT D'AD-REMOVER 2.0.0.2,C | UNIQUEMENT XP/VISTA/7 =======

    Mis à jour par TeamXscript le 08/12/10 à 10:40
    Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
    Site web: http://www.teamxscript.org

    C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 01:56:21 le 12/12/2010, Mode normal

    Microsoft® Windows Vista(TM) Édition Familiale Premium Service Pack 2 (X86)
    Nenuph@PC-DE-NENUPH (Packard Bell BV PACKARD BELL IMAX X9520)

    ============== ACTION(S) ==============

    Dossier supprimé: C:\Users\Nenuph\AppData\LocalLow\Conduit

    (!) -- Fichiers temporaires supprimés.

    Clé supprimée: HKLM\Software\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
    Clé supprimée: HKLM\Software\Classes\Toolbar.CT2542115
    Clé supprimée: HKLM\Software\Classes\Toolbar.CT2645238
    Clé supprimée: HKLM\Software\Conduit
    Clé supprimée: HKCU\Software\AppDataLow\Toolbar
    Clé supprimée: HKCU\Software\AppDataLow\Software\Conduit
    Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
    Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

    ============== SCAN ADDITIONNEL ==============

    ** Mozilla Firefox Version [3.6.13 (fr)] **

    -- C:\Users\Nenuph\AppData\Roaming\Mozilla\FireFox\Profiles\dsorl46a.default\Prefs.js --
    browser.search.defaultenginename, Google
    browser.startup.homepage_override.mstone, rv:1.9.2.13
    keyword.URL, hxxp://www.google.com/search?sourceid=navclient&hl=fr&q=

    -- C:\Users\Administrateur\AppData\Roaming\Mozilla\FireFox\Profiles\m7fjaubo.default\Prefs.js --
    browser.download.dir, C:\\Users\\Administrateur\\Downloads
    browser.download.lastDir, C:\\Users\\Administrateur\\Documents
    browser.startup.homepage_override.mstone, rv:1.9.2.13

    ========================================

    ** Internet Explorer Version [7.0.6002.18005] **

    [HKCU\Software\Microsoft\Internet Explorer\Main]
    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Do404Search: 0x01000000
    Enable Browser Extensions: yes
    Local Page: C:\WINDOWS\system32\blank.htm
    Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
    Show_ToolBar: yes
    Start Page: hxxp://fr.msn.com/
    Use Search Asst: no

    [HKLM\Software\Microsoft\Internet Explorer\Main]
    AutoHide: yes
    Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Delete_Temp_Files_On_Exit: yes
    Enable Browser Extensions: yes
    Local Page: C:\WINDOWS\system32\blank.htm
    Search bar: hxxp://search.msn.com/spbasic.htm
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start Page: hxxp://fr.msn.com/
    Use Search Asst: no

    [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
    Tabs: res://ieframe.dll/tabswelcome.htm
    Blank: res://mshtml.dll/blank.htm

    ========================================

    C:\Program Files\Ad-Remover\Quarantine: 2 Fichier(s)
    C:\Program Files\Ad-Remover\Backup: 15 Fichier(s)

    C:\Ad-Report-CLEAN[1].txt - 12/12/2010 (3132 Octet(s))

    Fin à: 01:57:37, 12/12/2010

    ============== E.O.F ==============
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Byakuya
     
    List kill'em ne fonctionne pas, il ne se lance pas tout seul
    Et quand je le lance manuellement il met "accès refusé"
    0
    1. jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 645
       
      bonjour, tu le lance bien avec un clique droit et en tant que administrateur
      essais de le lacer depuis son dossier d'installation normalement C: program files tu ouvre le dossier list_kill"em et puis tu lance avec un clique droit et en tant que administrateur list"em celui avec un engrenage !! regarde sur la capture d'écran
      http://sd-1.archive-host.com/...
      0
    2. Byakuya
       
      ¤¤¤¤¤¤¤¤¤¤ List'em by g3n-h@ckm@n 2.1.2.7 ¤¤¤¤¤¤¤¤¤¤

      User : Nenuph (Administrateurs)
      Update on 08/12/2010 by g3n-h@ckm@n ::::: 19.00
      Start at: 11:40:20 | 12/12/2010

      Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
      Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
      Internet Explorer 7.0.6002.18005
      Windows Firewall Status : Disabled

      C:\ -> Disque fixe local | 457,76 Go (256,61 Go free) [HDD] | NTFS
      D:\ -> Disque CD-ROM
      F:\ -> Disque amovible
      G:\ -> Disque amovible
      H:\ -> Disque amovible
      K:\ -> Disque amovible

      ¤¤¤¤¤ Sessions ¤¤¤¤¤

      C:\Users\Nenuph
      C:\Users\Public
      C:\Users\Default

      Boot: Normal

      ¤¤¤¤¤¤ Processes ------- Memory(Ko) ------- Priority ------ Command ------- Signer

      C:\Windows\System32\smss.exe ---- 0 Ko ---- Normal ---- \SystemRoot\System32\smss.exe ----
      C:\Windows\system32\csrss.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ----
      C:\Windows\system32\wininit.exe ---- 0 Ko ---- High ---- wininit.exe ----
      C:\Windows\system32\csrss.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ----
      C:\Windows\system32\services.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\services.exe ----
      C:\Windows\system32\lsass.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\lsass.exe ----
      C:\Windows\system32\lsm.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\lsm.exe ----
      C:\Windows\system32\winlogon.exe ---- 0 Ko ---- High ---- winlogon.exe ----
      C:\Windows\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k DcomLaunch ----
      C:\Windows\system32\nvvsvc.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\nvvsvc.exe ---- NVIDIA Corporation
      C:\Windows\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k rpcss ----
      C:\Windows\System32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted ----
      C:\Windows\System32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted ----
      C:\Windows\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k netsvcs ----
      C:\Windows\system32\SLsvc.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\SLsvc.exe ----
      C:\Windows\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k LocalService ----
      C:\Windows\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k NetworkService ----
      C:\Windows\System32\ZoneLabs\vsmon.exe ---- 0 Ko ---- Normal ---- C:\Windows\System32\ZoneLabs\vsmon.exe -service ---- Check Point Software Technologies Ltd.
      C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe ---- 0 Ko ---- Normal ---- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe ---- NVIDIA Corporation
      C:\Windows\system32\nvvsvc.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\nvvsvc.exe -session -first ---- NVIDIA Corporation
      C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe ---- 0 Ko ---- Normal ---- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe ---- Check Point Software Technologies Ltd.
      C:\Windows\System32\spoolsv.exe ---- 0 Ko ---- Normal ---- C:\Windows\System32\spoolsv.exe ----
      C:\Program Files\Avira\AntiVir Desktop\sched.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Avira\AntiVir Desktop\sched.exe ---- Avira GmbH
      C:\Windows\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork ----
      C:\Windows\system32\Dwm.exe ---- 0 Ko ---- High ---- C:\Windows\system32\Dwm.exe ----
      C:\Windows\Explorer.EXE ---- 0 Ko ---- Normal ---- C:\Windows\Explorer.EXE ----
      C:\Windows\system32\taskeng.exe ---- 0 Ko ---- Below Normal ---- taskeng.exe {5DB7006F-FAAD-488B-B768-C7739A4AA60D} ----
      C:\Windows\system32\taskeng.exe ---- 0 Ko ---- Normal ---- taskeng.exe {A7F4AD0A-C210-4C05-89CC-6D4818E9C62B} ----
      C:\Program Files\Avira\AntiVir Desktop\avguard.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Avira\AntiVir Desktop\avguard.exe ---- Avira GmbH
      C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE ---- 0 Ko ---- Normal ---- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE ----
      C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE ---- 0 Ko ---- Normal ---- C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE ---- Packard Bell B.V.
      C:\Windows\system32\PnkBstrA.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\PnkBstrA.exe ---- Even Balance, Inc.
      C:\Windows\system32\PnkBstrB.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\PnkBstrB.exe ---- Even Balance, Inc.
      C:\Program Files\Avira\AntiVir Desktop\avshadow.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe avshadowcontrol0_000009b4 ---- Avira GmbH
      C:\Windows\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted ----
      C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe ---- Microsoft Corporation
      C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe ---- 0 Ko ---- Normal ---- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe ---- NVIDIA Corporation
      C:\Windows\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k imgsvc ----
      C:\Windows\System32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k WerSvcGroup ----
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE ---- 0 Ko ---- Normal ---- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE ---- Microsoft Corporation
      C:\Windows\system32\SearchIndexer.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\SearchIndexer.exe /Embedding ----
      C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe ---- 0 Ko ---- Normal ---- C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe ----
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe ---- 0 Ko ---- Normal ---- WLIDSvcM.exe 3028 ---- Microsoft Corporation
      C:\Program Files\Canon\CAL\CALMAIN.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Canon\CAL\CALMAIN.exe ----
      C:\Windows\system32\WUDFHost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\WUDFHost.exe -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-7a178fb5-34b4-44e5-9d0c-8fd4daeb1865 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-781624af-cc49-4837-bcaa-e3c6bb3acdf2 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-feedc7b4-4bdc-43fa-9a54-0a8f15ddd912 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:21808448-6277-4e80-8b3d-db696b3bd94e ----
      C:\Program Files\Windows Media Player\wmpnscfg.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Windows Media Player\wmpnscfg.exe ----
      C:\Program Files\OrangeHSS\Systray\SystrayApp.exe ---- 0 Ko ---- Normal ---- C:\Program Files\OrangeHSS\Systray\SystrayApp.exe ----
      C:\Windows\RtHDVCpl.exe ---- 0 Ko ---- Normal ---- C:\Windows\RtHDVCpl.exe ----
      C:\Windows\System32\rundll32.exe ---- 0 Ko ---- Normal ---- C:\Windows\System32\rundll32.exe P0620Pin.dll,RunDLL32EP 513 ----
      C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe ---- Microsoft Corporation
      C:\Program Files\Common Files\Java\Java Update\jusched.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Common Files\Java\Java Update\jusched.exe ---- Sun Microsystems, Inc.
      C:\Program Files\DivX\DivX Update\DivXUpdate.exe ---- 0 Ko ---- Normal ---- C:\Program Files\DivX\DivX Update\DivXUpdate.exe /CHECKNOW ---- DivX, Inc.
      C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe ---- Check Point Software Technologies Ltd.
      C:\Windows\System32\ALERTM~1\ALERTM~1.EXE ---- 0 Ko ---- Normal ---- C:\Windows\System32\ALERTM~1\ALERTM~1.EXE -Embedding ----
      C:\Program Files\Avira\AntiVir Desktop\avgnt.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe /min ---- Avira GmbH
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background ---- Microsoft Corporation
      C:\Windows\ehome\ehtray.exe ---- 0 Ko ---- Normal ---- C:\Windows\ehome\ehtray.exe ----
      C:\Windows\ehome\ehmsas.exe ---- 0 Ko ---- Normal ---- C:\Windows\ehome\ehmsas.exe -Embedding ----
      C:\Program Files\Windows Media Player\wmpnetwk.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Windows Media Player\wmpnetwk.exe ----
      C:\Windows\System32\mobsync.exe ---- 0 Ko ---- Normal ---- C:\Windows\System32\mobsync.exe -Embedding ----
      C:\Windows\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation ----
      C:\Program Files\CheckPoint\ZAForceField\ForceField.exe ---- 0 Ko ---- Normal ---- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /set_event=FFAPI_StartEvent_fec_1932a /icon=hidden ---- Check Point Software Technologies Ltd.
      C:\Program Files\Windows Live\Contacts\wlcomm.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Windows Live\Contacts\wlcomm.exe -Embedding ---- Microsoft Corporation
      C:\Program Files\Mozilla Firefox\firefox.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Mozilla Firefox\firefox.exe ---- Mozilla Corporation
      C:\Windows\System32\cmd.exe ---- 0 Ko ---- Normal ---- C:\Windows\System32\cmd.exe /C C:\Program Files\List_Kill'em\List'em.bat ----
      C:\Windows\system32\conime.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\conime.exe ----
      C:\Windows\system32\wbem\wmiprvse.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\wbem\wmiprvse.exe ----
      C:\Windows\system32\SearchProtocolHost.exe ---- 0 Ko ---- Idle ---- C:\Windows\system32\SearchProtocolHost.exe Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 Software\Microsoft\Windows Search Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot) C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc DownLevelDaemon ----
      C:\Windows\system32\SearchFilterHost.exe ---- 0 Ko ---- Idle ---- C:\Windows\system32\SearchFilterHost.exe 0 692 696 704 65536 700 ----
      C:\Program Files\List_Kill'em\pv.L_K ---- 0 Ko ---- Normal ---- pv.L_K -o%f ---- %m Ko ---- %p ---- %l ---- %s ----

      ¤¤¤¤¤¤¤¤¤¤ Keys Run ¤¤¤¤¤¤¤¤¤¤

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      msnmsgr = C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background
      WMPNSCFG = C:\Program Files\Windows Media Player\WMPNSCFG.exe
      ehTray.exe = C:\Windows\ehome\ehTray.exe
      ccleaner = C:\Program Files\CCleaner\CCleaner.exe /AUTO

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      Windows Defender = %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      SystrayORAHSS = C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
      RtHDVCpl = RtHDVCpl.exe
      PD0620 STISvc = RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
      GrooveMonitor = C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
      SunJavaUpdateSched = C:\Program Files\Common Files\Java\Java Update\jusched.exe
      DivXUpdate = C:\Program Files\DivX\DivX Update\DivXUpdate.exe /CHECKNOW
      QuickTime Task = C:\Program Files\QuickTime\QTTask.exe -atboottime
      ZoneAlarm Client = C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
      ISW = C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon=hidden
      avgnt = C:\Program Files\Avira\AntiVir Desktop\avgnt.exe /min

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

      ¤¤¤¤¤¤¤¤¤¤ Other System Keys ¤¤¤¤¤¤¤¤¤¤

      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
      NoDriveTypeAutoRun = 0 (0x0)
      NoDriveAutoRun = 3 (0x3)
      HonorAutoRunSetting = 0 (0x0)

      ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
      BindDirectlyToPropertySetStorage = 0 (0x0)
      NoDriveAutoRun = 3 (0x3)
      NoDriveTypeAutoRun = 0 (0x0)
      HonorAutoRunSetting = 0 (0x0)

      ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
      AppInit_DLLS =

      ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
      Shell = Explorer.exe
      Userinit = C:\Windows\system32\Userinit.exe,

      ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤


      ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
      {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook
      {AEB6717E-7E19-11d0-97EE-00C04FD91972} =

      ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

      ¤¤¤¤¤¤¤¤¤¤ ActivX | COM ¤¤¤¤¤¤¤¤¤¤

      [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
      [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}]
      [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]

      ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{166B1BCA-3F9C-11CF-8075-444553540000}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3C3901C5-3455-3E0A-A214-0B093A5070A6}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]

      ¤¤¤¤¤¤¤¤¤¤ BHO ¤¤¤¤¤¤¤¤¤¤

      [@ = ]
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

      ¤¤¤¤¤¤¤¤¤¤ DNS ¤¤¤¤¤¤¤¤¤¤

      HKLM\SYSTEM\CCS\Services\Tcpip\..\{CFDA6C08-424F-4F4E-ADCA-A9508B2BAE7B}: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{CFDA6C08-424F-4F4E-ADCA-A9508B2BAE7B}: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


      ¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
      Start Page = https://www.msn.com/fr-fr
      Local Page = C:\WINDOWS\system32\blank.htm
      Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      Default_Page_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      Start Page = https://www.msn.com/fr-fr
      Local Page = C:\WINDOWS\system32\blank.htm

      ¤¤¤¤¤ Proxy Internet Explorer

      [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
      ProxyEnable = 0 (0x0)

      ¤¤¤¤¤¤¤¤¤¤ Safemode ¤¤¤¤¤¤¤¤¤¤

      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!

      ¤¤¤¤¤¤¤¤¤¤ Atapi.sys ¤¤¤¤¤¤¤¤¤¤

      [MD5.1f05b78ab91c9075565a9d8a4b880bc4] - C:\Windows\ERDNT\cache\atapi.sys
      [MD5.1f05b78ab91c9075565a9d8a4b880bc4] - C:\Windows\System32\drivers\atapi.sys
      [MD5.b35cfcef838382ab6490b321c87edf17] - C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
      [MD5.1f05b78ab91c9075565a9d8a4b880bc4] - C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
      [MD5.4f4fcb8b6ea06784fb6d475b7ec7300f] - C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
      [MD5.2d9c903dc76a66813d350a562de40ed9] - C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
      [MD5.b35cfcef838382ab6490b321c87edf17] - C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
      [MD5.e03e8c99d15d0381e02743c36afc7c6f] - C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
      [MD5.2d9c903dc76a66813d350a562de40ed9] - C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
      [MD5.1f05b78ab91c9075565a9d8a4b880bc4] - C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

      ¤¤¤¤¤ Reference

      Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
      Win 2000_SP3 : 7A62A6C8303C9D026DD926F397B2FB57
      Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
      Win XP_32b : a64013e98426e1877cb653685c5c0009
      Win XP_SP1_32b : 95b858761a00e1d4f81f79a0da019aca
      Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
      Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
      Win XP_64 : 72C77044943340964FA513B92D6D6874
      Win XP_64_SP2 : 7A1814D0D112F50F828E25557A1ED29F
      Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
      Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
      Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
      Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
      Windows 7_32b : 338c86357871c167a96ab976519bf59e
      Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C

      ¤¤¤¤¤¤¤¤¤¤ Explorer ¤¤¤¤¤¤¤¤¤¤

      [MD5.d07d4c3038f3578ffce1c0237f2a1253] - C:\Windows\explorer.exe
      [MD5.d07d4c3038f3578ffce1c0237f2a1253] - C:\Windows\ERDNT\cache\explorer.exe
      [MD5.fd8c53fb002217f6f888bcf6f5d7084d] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
      [MD5.6d06cd98d954fe87fb2db8108793b399] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
      [MD5.37440d09deae0b672a04dccf7abf06be] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
      [MD5.bd06f0bf753bc704b653c3a50f89d362] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
      [MD5.e7156b0b74762d9de0e66bdcde06e5fb] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
      [MD5.ffa764631cb70a30065c12ef8e174f9f] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
      [MD5.4f554999d7d5f05daaebba7b5ba1089d] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
      [MD5.50ba5850147410cde89c523ad3bc606e] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
      [MD5.d07d4c3038f3578ffce1c0237f2a1253] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe

      ¤¤¤¤¤¤¤¤¤¤ Winlogon ¤¤¤¤¤¤¤¤¤¤

      [MD5.898e7c06a350d4a1a64a9ea264d55452] - C:\Windows\ERDNT\cache\winlogon.exe
      [MD5.898e7c06a350d4a1a64a9ea264d55452] - C:\Windows\System32\winlogon.exe
      [MD5.9f75392b9128a91abafb044ea350baad] - C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
      [MD5.c2610b6bdbefc053bbdab4f1b965cb24] - C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
      [MD5.898e7c06a350d4a1a64a9ea264d55452] - C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

      ¤¤¤¤¤¤¤¤¤¤ Wininit ¤¤¤¤¤¤¤¤¤¤

      [MD5.101ba3ea053480bb5d957ef37c06b5ed] - C:\Windows\ERDNT\cache\wininit.exe
      [MD5.101ba3ea053480bb5d957ef37c06b5ed] - C:\Windows\System32\wininit.exe
      [MD5.d4385b03e8cccee6f0ee249f827c1f3e] - C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
      [MD5.101ba3ea053480bb5d957ef37c06b5ed] - C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

      ¤¤¤¤¤¤¤¤¤¤ SVC | svchost ¤¤¤¤¤¤¤¤¤¤

      svchost.exe 832 DcomLaunch, PlugPlay
      svchost.exe 940 RpcSs
      svchost.exe 1036 Audiosrv, Dhcp, Eventlog, lmhosts, wscsvc
      svchost.exe 1064 AudioEndpointBuilder, EMDMgmt, hidserv,
      Netman, PcaSvc, SysMain,
      TabletInputService, TrkWks, UxSms,
      WdiSystemHost, Wlansvc, WPDBusEnum, wudfsvc
      svchost.exe 1080 AeLookupSvc, Appinfo, BITS, Browser,
      EapHost, gpsvc, IKEEXT, iphlpsvc,
      LanmanServer, MMCSS, ProfSvc, RasMan,
      Schedule, seclogon, SENS, ShellHWDetection,
      Themes, Winmgmt, wuauserv
      svchost.exe 1284 EventSystem, fdPHost, FDResPub,
      LanmanWorkstation, netprofm, nsi, SSDPSRV,
      SstpSvc, upnphost, W32Time, WebClient
      svchost.exe 1412 CryptSvc, Dnscache, KtmRm, NlaSvc, TapiSrv,
      TermService
      svchost.exe 444 BFE, DPS, MpsSvc
      svchost.exe 2724 PolicyAgent
      svchost.exe 2924 stisvc
      svchost.exe 2960 WerSvc
      svchost.exe 4632 FontCache

      ¤¤¤¤¤¤¤¤¤¤ IFEO | debugger ¤¤¤¤¤¤¤¤¤¤


      ¤¤¤¤¤¤¤¤¤¤ Mountpoints2 ¤¤¤¤¤¤¤¤¤¤


      ¤¤¤¤¤¤¤¤¤¤ First Scan ¤¤¤¤¤¤¤¤¤¤



      ¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤

      [HKEY_CURRENT_USER\software\AC3filter]
      [HKEY_CURRENT_USER\software\Ad-Remover]
      [HKEY_CURRENT_USER\software\Adobe]
      [HKEY_CURRENT_USER\software\AhnLab]
      [HKEY_CURRENT_USER\software\Alcohol Soft]
      [HKEY_CURRENT_USER\software\AppDataLow]
      [HKEY_CURRENT_USER\software\Apple Computer, Inc.]
      [HKEY_CURRENT_USER\software\Applications locales générées par AppWizard]
      [HKEY_CURRENT_USER\software\ArchiverDLL]
      [HKEY_CURRENT_USER\software\ArenaNet]
      [HKEY_CURRENT_USER\software\Avira]
      [HKEY_CURRENT_USER\software\Battle.net]
      [HKEY_CURRENT_USER\software\BitTorrent]
      [HKEY_CURRENT_USER\software\Blizzard Entertainment]
      [HKEY_CURRENT_USER\software\Bugsplat]
      [HKEY_CURRENT_USER\software\Canon]
      [HKEY_CURRENT_USER\software\CheckPoint]
      [HKEY_CURRENT_USER\software\CISRA]
      [HKEY_CURRENT_USER\software\ClassesB]
      [HKEY_CURRENT_USER\software\Clients]
      [HKEY_CURRENT_USER\software\CurseClient]
      [HKEY_CURRENT_USER\software\Cyanide]
      [HKEY_CURRENT_USER\software\cybelsoft]
      [HKEY_CURRENT_USER\software\DivX]
      [HKEY_CURRENT_USER\software\DivXNetworks]
      [HKEY_CURRENT_USER\software\DT Soft]
      [HKEY_CURRENT_USER\software\DTP]
      [HKEY_CURRENT_USER\software\ej-technologies]
      [HKEY_CURRENT_USER\software\Emulators]
      [HKEY_CURRENT_USER\software\EPSON]
      [HKEY_CURRENT_USER\software\FRANCE TELECOM]
      [HKEY_CURRENT_USER\software\Gabest]
      [HKEY_CURRENT_USER\software\GNU]
      [HKEY_CURRENT_USER\software\Google]
      [HKEY_CURRENT_USER\software\GSpot Appliance Corp]
      [HKEY_CURRENT_USER\software\Haali]
      [HKEY_CURRENT_USER\software\IM Providers]
      [HKEY_CURRENT_USER\software\INCAInternet]
      [HKEY_CURRENT_USER\software\JavaSoft]
      [HKEY_CURRENT_USER\software\JEDI-VCL]
      [HKEY_CURRENT_USER\software\Lavasoft]
      [HKEY_CURRENT_USER\software\Local AppWizard-Generated Applications]
      [HKEY_CURRENT_USER\software\Macromedia]
      [HKEY_CURRENT_USER\software\Malwarebytes' Anti-Malware]
      [HKEY_CURRENT_USER\software\MediaInfo]
      [HKEY_CURRENT_USER\software\Microsoft]
      [HKEY_CURRENT_USER\software\Mozilla]
      [HKEY_CURRENT_USER\software\MozillaPlugins]
      [HKEY_CURRENT_USER\software\Mumble]
      [HKEY_CURRENT_USER\software\Netscape]
      [HKEY_CURRENT_USER\software\Nival Online]
      [HKEY_CURRENT_USER\software\Northcode Inc]
      [HKEY_CURRENT_USER\software\NVIDIA Corporation]
      [HKEY_CURRENT_USER\software\ODBC]
      [HKEY_CURRENT_USER\software\Packard Bell]
      [HKEY_CURRENT_USER\software\Pando Networks]
      [HKEY_CURRENT_USER\software\Piriform]
      [HKEY_CURRENT_USER\software\Policies]
      [HKEY_CURRENT_USER\software\RealNetworks]
      [HKEY_CURRENT_USER\software\Realtek]
      [HKEY_CURRENT_USER\software\SecuROM]
      [HKEY_CURRENT_USER\software\SEIKO EPSON]
      [HKEY_CURRENT_USER\software\Skype]
      [HKEY_CURRENT_USER\software\Softonic]
      [HKEY_CURRENT_USER\software\stevengould.org]
      [HKEY_CURRENT_USER\software\Sun Microsystems]
      [HKEY_CURRENT_USER\software\Sysinternals]
      [HKEY_CURRENT_USER\software\TimeGate Studios]
      [HKEY_CURRENT_USER\software\Trolltech]
      [HKEY_CURRENT_USER\software\Usbfix]
      [HKEY_CURRENT_USER\software\Valve]
      [HKEY_CURRENT_USER\software\VB and VBA Program Settings]
      [HKEY_CURRENT_USER\software\Veoh]
      [HKEY_CURRENT_USER\software\WinRAR]
      [HKEY_CURRENT_USER\software\WinRAR SFX]
      [HKEY_CURRENT_USER\software\YahooPartnerToolbar]
      [HKEY_CURRENT_USER\software\Zone Labs]
      [HKEY_CURRENT_USER\software\Classes]

      [HKEY_LOCAL_MACHINE\software\Adobe]
      [HKEY_LOCAL_MACHINE\software\AeriaGames]
      [HKEY_LOCAL_MACHINE\software\AGEIA Technologies]
      [HKEY_LOCAL_MACHINE\software\Alcohol Soft]
      [HKEY_LOCAL_MACHINE\software\Ankama]
      [HKEY_LOCAL_MACHINE\software\Apple Computer, Inc.]
      [HKEY_LOCAL_MACHINE\software\Apple Inc.]
      [HKEY_LOCAL_MACHINE\software\ArenaNet]
      [HKEY_LOCAL_MACHINE\software\Avira]
      [HKEY_LOCAL_MACHINE\software\Blizzard Entertainment]
      [HKEY_LOCAL_MACHINE\software\C07ft5Y]
      [HKEY_LOCAL_MACHINE\software\Canon]
      [HKEY_LOCAL_MACHINE\software\CheckPoint]
      [HKEY_LOCAL_MACHINE\software\CISRA]
      [HKEY_LOCAL_MACHINE\software\Classes]
      [HKEY_LOCAL_MACHINE\software\Clients]
      [HKEY_LOCAL_MACHINE\software\Codec Tweak Tool]
      [HKEY_LOCAL_MACHINE\software\Creative Tech]
      [HKEY_LOCAL_MACHINE\software\Cyanide]
      [HKEY_LOCAL_MACHINE\software\cybelsoft]
      [HKEY_LOCAL_MACHINE\software\CyberLink]
      [HKEY_LOCAL_MACHINE\software\DivX]
      [HKEY_LOCAL_MACHINE\software\DivXNetworks]
      [HKEY_LOCAL_MACHINE\software\Dofus 2]
      [HKEY_LOCAL_MACHINE\software\DT Soft]
      [HKEY_LOCAL_MACHINE\software\EPSON]
      [HKEY_LOCAL_MACHINE\software\FRANCE TELECOM]
      [HKEY_LOCAL_MACHINE\software\Gabest]
      [HKEY_LOCAL_MACHINE\software\Garena]
      [HKEY_LOCAL_MACHINE\software\GNU]
      [HKEY_LOCAL_MACHINE\software\Google]
      [HKEY_LOCAL_MACHINE\software\HaaliMkx]
      [HKEY_LOCAL_MACHINE\software\InstallShield]
      [HKEY_LOCAL_MACHINE\software\Intel]
      [HKEY_LOCAL_MACHINE\software\InterVideo]
      [HKEY_LOCAL_MACHINE\software\JavaSoft]
      [HKEY_LOCAL_MACHINE\software\JreMetrics]
      [HKEY_LOCAL_MACHINE\software\Khronos]
      [HKEY_LOCAL_MACHINE\software\KLCodecPack]
      [HKEY_LOCAL_MACHINE\software\Larian Studios]
      [HKEY_LOCAL_MACHINE\software\Lavasoft]
      [HKEY_LOCAL_MACHINE\software\Licenses]
      [HKEY_LOCAL_MACHINE\software\Macromedia]
      [HKEY_LOCAL_MACHINE\software\Malwarebytes' Anti-Malware]
      [HKEY_LOCAL_MACHINE\software\Microsoft]
      [HKEY_LOCAL_MACHINE\software\MimarSinan]
      [HKEY_LOCAL_MACHINE\software\Mozilla]
      [HKEY_LOCAL_MACHINE\software\mozilla.org]
      [HKEY_LOCAL_MACHINE\software\MozillaPlugins]
      [HKEY_LOCAL_MACHINE\software\Mumble]
      [HKEY_LOCAL_MACHINE\software\NCSoft]
      [HKEY_LOCAL_MACHINE\software\Netts]
      [HKEY_LOCAL_MACHINE\software\NiProD_StargateAtlantisSimulation]
      [HKEY_LOCAL_MACHINE\software\NVIDIA Corporation]
      [HKEY_LOCAL_MACHINE\software\Ocean Global Holding]
      [HKEY_LOCAL_MACHINE\software\ODBC]
      [HKEY_LOCAL_MACHINE\software\OldTimer Tools]
      [HKEY_LOCAL_MACHINE\software\Pando Networks]
      [HKEY_LOCAL_MACHINE\software\PB_EBAY]
      [HKEY_LOCAL_MACHINE\software\PB_FIRSTCHOICE]
      [HKEY_LOCAL_MACHINE\software\PB_KODAK]
      [HKEY_LOCAL_MACHINE\software\PB_METABOLI]
      [HKEY_LOCAL_MACHINE\software\Piriform]
      [HKEY_LOCAL_MACHINE\software\PocketSoft]
      [HKEY_LOCAL_MACHINE\software\Policies]
      [HKEY_LOCAL_MACHINE\software\RealNetworks]
      [HKEY_LOCAL_MACHINE\software\Realtek]
      [HKEY_LOCAL_MACHINE\software\Realtek Semiconductor Corp.]
      [HKEY_LOCAL_MACHINE\software\RegisteredApplications]
      [HKEY_LOCAL_MACHINE\software\RichFX]
      [HKEY_LOCAL_MACHINE\software\Riot Games]
      [HKEY_LOCAL_MACHINE\software\S3R521]
      [HKEY_LOCAL_MACHINE\software\Safer Networking Limited]
      [HKEY_LOCAL_MACHINE\software\Sagem]
      [HKEY_LOCAL_MACHINE\software\SECURITOO]
      [HKEY_LOCAL_MACHINE\software\Skype]
      [HKEY_LOCAL_MACHINE\software\SolidStateNetworks]
      [HKEY_LOCAL_MACHINE\software\Sonic]
      [HKEY_LOCAL_MACHINE\software\SONOV]
      [HKEY_LOCAL_MACHINE\software\SpywareBlaster]
      [HKEY_LOCAL_MACHINE\software\SRS Labs]
      [HKEY_LOCAL_MACHINE\software\Sun Microsystems]
      [HKEY_LOCAL_MACHINE\software\Symantec]
      [HKEY_LOCAL_MACHINE\software\SymNRT]
      [HKEY_LOCAL_MACHINE\software\Team17 Software Ltd.]
      [HKEY_LOCAL_MACHINE\software\THQ]
      [HKEY_LOCAL_MACHINE\software\TrendMicro]
      [HKEY_LOCAL_MACHINE\software\Valve]
      [HKEY_LOCAL_MACHINE\software\VertigoGames]
      [HKEY_LOCAL_MACHINE\software\VideoLAN]
      [HKEY_LOCAL_MACHINE\software\Waves Audio]
      [HKEY_LOCAL_MACHINE\software\WholeSecurity]
      [HKEY_LOCAL_MACHINE\software\Windows]
      [HKEY_LOCAL_MACHINE\software\X-AVCSD]
      [HKEY_LOCAL_MACHINE\software\Xerox]
      [HKEY_LOCAL_MACHINE\software\Xing Technology Corp.]
      [HKEY_LOCAL_MACHINE\software\Zone Labs]
      [HKEY_LOCAL_MACHINE\software\ZoneAlarm_Security]
      [HKEY_LOCAL_MACHINE\software\Even Balance]

      ¤¤¤¤¤¤¤¤¤¤ Files/folders ¤¤¤¤¤¤¤¤¤¤

      Present !! : C:\Users\Nenuph\AppData\Roaming\app
      Present !! : C:\Users\Nenuph\AppData\Local\d3d9caps.dat
      Present !! : C:\Users\Nenuph\AppData\Local\GDIPFONTCACHEV1.DAT
      Present !! : C:\Windows\Temp\CabB6B1.tmp
      Present !! : C:\Windows\Temp\TarB6B2.tmp
      Present !! : C:\Windows\Temp\ZLT017e0.TMP

      ¤¤¤¤¤¤¤¤¤¤ Keys :


      FEATURE_BROWSER_EMULATION | svchost :
      ====================================


      ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

      catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2010-12-12 11:46:07
      Windows 6.0.6002 Service Pack 2 FAT NTAPI

      scanning hidden processes ...

      scanning hidden services ...

      scanning hidden autostart entries ...

      scanning hidden files ...

      scan completed successfully
      hidden processes: 0
      hidden services: 0
      hidden files: 0


      Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
      Windows 6.0.6002 Disk: ST350083 rev.3.AA -> Harddisk0\DR0 -> \Device\0000005d

      device: opened successfully
      user: MBR read successfully

      Disk trace:
      called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll sfsync02.sys storport.sys nvstor32.sys tcpip.sys NETIO.SYS
      C:\Windows\System32\drivers\sfsync02.sys Protection Technology StarForce Protection System
      C:\Windows\system32\drivers\nvstor32.sys NVIDIA Corporation NVIDIA nForce(TM) SATA Driver
      1 ntkrnlpa!IofCallDriver[0x82492962] -> \Device\Harddisk0\DR0[0x86830AC8]
      3 CLASSPNP[0x807B88B3] -> ntkrnlpa!IofCallDriver[0x82492962] -> [0x85E3B700]
      5 acpi[0x806976BC] -> ntkrnlpa!IofCallDriver[0x82492962] -> \Device\0000005d[0x859CB8F0]
      kernel: MBR read successfully
      user & kernel MBR OK

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
      cval = 1 (0x1)
      FirstRunDisabled = 1 (0x1)
      AntiVirusDisableNotify = 0 (0x0)
      FirewallDisableNotify = 0 (0x0)
      UpdatesDisableNotify = 0 (0x0)
      AntiVirusOverride = 0 (0x0)
      FirewallOverride = 0 (0x0)

      ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

      End of scan : 11:47:38,46
      0
  7. Byakuya
     
    Trouvé :)

    ¤¤¤¤¤¤¤¤¤¤ List'em by g3n-h@ckm@n 2.1.2.7 ¤¤¤¤¤¤¤¤¤¤

    User : Nenuph (Administrateurs)
    Update on 08/12/2010 by g3n-h@ckm@n ::::: 19.00
    Start at: 11:40:20 | 12/12/2010

    Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
    Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
    Internet Explorer 7.0.6002.18005
    Windows Firewall Status : Disabled

    C:\ -> Disque fixe local | 457,76 Go (256,61 Go free) [HDD] | NTFS
    D:\ -> Disque CD-ROM
    F:\ -> Disque amovible
    G:\ -> Disque amovible
    H:\ -> Disque amovible
    K:\ -> Disque amovible

    ¤¤¤¤¤ Sessions ¤¤¤¤¤

    C:\Users\Nenuph
    C:\Users\Public
    C:\Users\Default

    Boot: Normal

    ¤¤¤¤¤¤ Processes ------- Memory(Ko) ------- Priority ------ Command ------- Signer

    C:\Windows\System32\smss.exe ---- 0 Ko ---- Normal ---- \SystemRoot\System32\smss.exe ----
    C:\Windows\system32\csrss.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ----
    C:\Windows\system32\wininit.exe ---- 0 Ko ---- High ---- wininit.exe ----
    C:\Windows\system32\csrss.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ----
    C:\Windows\system32\services.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\services.exe ----
    C:\Windows\system32\lsass.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\lsass.exe ----
    C:\Windows\system32\lsm.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\lsm.exe ----
    C:\Windows\system32\winlogon.exe ---- 0 Ko ---- High ---- winlogon.exe ----
    C:\Windows\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k DcomLaunch ----
    C:\Windows\system32\nvvsvc.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\nvvsvc.exe ---- NVIDIA Corporation
    C:\Windows\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k rpcss ----
    C:\Windows\System32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted ----
    C:\Windows\System32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted ----
    C:\Windows\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k netsvcs ----
    C:\Windows\system32\SLsvc.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\SLsvc.exe ----
    C:\Windows\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k LocalService ----
    C:\Windows\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k NetworkService ----
    C:\Windows\System32\ZoneLabs\vsmon.exe ---- 0 Ko ---- Normal ---- C:\Windows\System32\ZoneLabs\vsmon.exe -service ---- Check Point Software Technologies Ltd.
    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe ---- 0 Ko ---- Normal ---- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe ---- NVIDIA Corporation
    C:\Windows\system32\nvvsvc.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\nvvsvc.exe -session -first ---- NVIDIA Corporation
    C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe ---- 0 Ko ---- Normal ---- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe ---- Check Point Software Technologies Ltd.
    C:\Windows\System32\spoolsv.exe ---- 0 Ko ---- Normal ---- C:\Windows\System32\spoolsv.exe ----
    C:\Program Files\Avira\AntiVir Desktop\sched.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Avira\AntiVir Desktop\sched.exe ---- Avira GmbH
    C:\Windows\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork ----
    C:\Windows\system32\Dwm.exe ---- 0 Ko ---- High ---- C:\Windows\system32\Dwm.exe ----
    C:\Windows\Explorer.EXE ---- 0 Ko ---- Normal ---- C:\Windows\Explorer.EXE ----
    C:\Windows\system32\taskeng.exe ---- 0 Ko ---- Below Normal ---- taskeng.exe {5DB7006F-FAAD-488B-B768-C7739A4AA60D} ----
    C:\Windows\system32\taskeng.exe ---- 0 Ko ---- Normal ---- taskeng.exe {A7F4AD0A-C210-4C05-89CC-6D4818E9C62B} ----
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Avira\AntiVir Desktop\avguard.exe ---- Avira GmbH
    C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE ---- 0 Ko ---- Normal ---- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE ----
    C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE ---- 0 Ko ---- Normal ---- C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE ---- Packard Bell B.V.
    C:\Windows\system32\PnkBstrA.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\PnkBstrA.exe ---- Even Balance, Inc.
    C:\Windows\system32\PnkBstrB.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\PnkBstrB.exe ---- Even Balance, Inc.
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe avshadowcontrol0_000009b4 ---- Avira GmbH
    C:\Windows\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted ----
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe ---- Microsoft Corporation
    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe ---- 0 Ko ---- Normal ---- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe ---- NVIDIA Corporation
    C:\Windows\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k imgsvc ----
    C:\Windows\System32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k WerSvcGroup ----
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE ---- 0 Ko ---- Normal ---- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE ---- Microsoft Corporation
    C:\Windows\system32\SearchIndexer.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\SearchIndexer.exe /Embedding ----
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe ---- 0 Ko ---- Normal ---- C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe ----
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe ---- 0 Ko ---- Normal ---- WLIDSvcM.exe 3028 ---- Microsoft Corporation
    C:\Program Files\Canon\CAL\CALMAIN.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Canon\CAL\CALMAIN.exe ----
    C:\Windows\system32\WUDFHost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\WUDFHost.exe -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-7a178fb5-34b4-44e5-9d0c-8fd4daeb1865 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-781624af-cc49-4837-bcaa-e3c6bb3acdf2 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-feedc7b4-4bdc-43fa-9a54-0a8f15ddd912 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:21808448-6277-4e80-8b3d-db696b3bd94e ----
    C:\Program Files\Windows Media Player\wmpnscfg.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Windows Media Player\wmpnscfg.exe ----
    C:\Program Files\OrangeHSS\Systray\SystrayApp.exe ---- 0 Ko ---- Normal ---- C:\Program Files\OrangeHSS\Systray\SystrayApp.exe ----
    C:\Windows\RtHDVCpl.exe ---- 0 Ko ---- Normal ---- C:\Windows\RtHDVCpl.exe ----
    C:\Windows\System32\rundll32.exe ---- 0 Ko ---- Normal ---- C:\Windows\System32\rundll32.exe P0620Pin.dll,RunDLL32EP 513 ----
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe ---- Microsoft Corporation
    C:\Program Files\Common Files\Java\Java Update\jusched.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Common Files\Java\Java Update\jusched.exe ---- Sun Microsystems, Inc.
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe ---- 0 Ko ---- Normal ---- C:\Program Files\DivX\DivX Update\DivXUpdate.exe /CHECKNOW ---- DivX, Inc.
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe ---- Check Point Software Technologies Ltd.
    C:\Windows\System32\ALERTM~1\ALERTM~1.EXE ---- 0 Ko ---- Normal ---- C:\Windows\System32\ALERTM~1\ALERTM~1.EXE -Embedding ----
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe /min ---- Avira GmbH
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background ---- Microsoft Corporation
    C:\Windows\ehome\ehtray.exe ---- 0 Ko ---- Normal ---- C:\Windows\ehome\ehtray.exe ----
    C:\Windows\ehome\ehmsas.exe ---- 0 Ko ---- Normal ---- C:\Windows\ehome\ehmsas.exe -Embedding ----
    C:\Program Files\Windows Media Player\wmpnetwk.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Windows Media Player\wmpnetwk.exe ----
    C:\Windows\System32\mobsync.exe ---- 0 Ko ---- Normal ---- C:\Windows\System32\mobsync.exe -Embedding ----
    C:\Windows\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation ----
    C:\Program Files\CheckPoint\ZAForceField\ForceField.exe ---- 0 Ko ---- Normal ---- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /set_event=FFAPI_StartEvent_fec_1932a /icon=hidden ---- Check Point Software Technologies Ltd.
    C:\Program Files\Windows Live\Contacts\wlcomm.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Windows Live\Contacts\wlcomm.exe -Embedding ---- Microsoft Corporation
    C:\Program Files\Mozilla Firefox\firefox.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Mozilla Firefox\firefox.exe ---- Mozilla Corporation
    C:\Windows\System32\cmd.exe ---- 0 Ko ---- Normal ---- C:\Windows\System32\cmd.exe /C C:\Program Files\List_Kill'em\List'em.bat ----
    C:\Windows\system32\conime.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\conime.exe ----
    C:\Windows\system32\wbem\wmiprvse.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\wbem\wmiprvse.exe ----
    C:\Windows\system32\SearchProtocolHost.exe ---- 0 Ko ---- Idle ---- C:\Windows\system32\SearchProtocolHost.exe Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 Software\Microsoft\Windows Search Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot) C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc DownLevelDaemon ----
    C:\Windows\system32\SearchFilterHost.exe ---- 0 Ko ---- Idle ---- C:\Windows\system32\SearchFilterHost.exe 0 692 696 704 65536 700 ----
    C:\Program Files\List_Kill'em\pv.L_K ---- 0 Ko ---- Normal ---- pv.L_K -o%f ---- %m Ko ---- %p ---- %l ---- %s ----

    ¤¤¤¤¤¤¤¤¤¤ Keys Run ¤¤¤¤¤¤¤¤¤¤

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    msnmsgr = C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background
    WMPNSCFG = C:\Program Files\Windows Media Player\WMPNSCFG.exe
    ehTray.exe = C:\Windows\ehome\ehTray.exe
    ccleaner = C:\Program Files\CCleaner\CCleaner.exe /AUTO

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    Windows Defender = %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    SystrayORAHSS = C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
    RtHDVCpl = RtHDVCpl.exe
    PD0620 STISvc = RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
    GrooveMonitor = C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    SunJavaUpdateSched = C:\Program Files\Common Files\Java\Java Update\jusched.exe
    DivXUpdate = C:\Program Files\DivX\DivX Update\DivXUpdate.exe /CHECKNOW
    QuickTime Task = C:\Program Files\QuickTime\QTTask.exe -atboottime
    ZoneAlarm Client = C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    ISW = C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon=hidden
    avgnt = C:\Program Files\Avira\AntiVir Desktop\avgnt.exe /min

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

    ¤¤¤¤¤¤¤¤¤¤ Other System Keys ¤¤¤¤¤¤¤¤¤¤

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    NoDriveTypeAutoRun = 0 (0x0)
    NoDriveAutoRun = 3 (0x3)
    HonorAutoRunSetting = 0 (0x0)

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    BindDirectlyToPropertySetStorage = 0 (0x0)
    NoDriveAutoRun = 3 (0x3)
    NoDriveTypeAutoRun = 0 (0x0)
    HonorAutoRunSetting = 0 (0x0)

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    AppInit_DLLS =

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    Shell = Explorer.exe
    Userinit = C:\Windows\system32\Userinit.exe,

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook
    {AEB6717E-7E19-11d0-97EE-00C04FD91972} =

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    ¤¤¤¤¤¤¤¤¤¤ ActivX | COM ¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{166B1BCA-3F9C-11CF-8075-444553540000}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3C3901C5-3455-3E0A-A214-0B093A5070A6}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]

    ¤¤¤¤¤¤¤¤¤¤ BHO ¤¤¤¤¤¤¤¤¤¤

    [@ = ]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

    ¤¤¤¤¤¤¤¤¤¤ DNS ¤¤¤¤¤¤¤¤¤¤

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{CFDA6C08-424F-4F4E-ADCA-A9508B2BAE7B}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{CFDA6C08-424F-4F4E-ADCA-A9508B2BAE7B}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

    ¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    Start Page = https://www.msn.com/fr-fr
    Local Page = C:\WINDOWS\system32\blank.htm
    Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Default_Page_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    Start Page = https://www.msn.com/fr-fr
    Local Page = C:\WINDOWS\system32\blank.htm

    ¤¤¤¤¤ Proxy Internet Explorer

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    ProxyEnable = 0 (0x0)

    ¤¤¤¤¤¤¤¤¤¤ Safemode ¤¤¤¤¤¤¤¤¤¤

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!

    ¤¤¤¤¤¤¤¤¤¤ Atapi.sys ¤¤¤¤¤¤¤¤¤¤

    [MD5.1f05b78ab91c9075565a9d8a4b880bc4] - C:\Windows\ERDNT\cache\atapi.sys
    [MD5.1f05b78ab91c9075565a9d8a4b880bc4] - C:\Windows\System32\drivers\atapi.sys
    [MD5.b35cfcef838382ab6490b321c87edf17] - C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
    [MD5.1f05b78ab91c9075565a9d8a4b880bc4] - C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
    [MD5.4f4fcb8b6ea06784fb6d475b7ec7300f] - C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
    [MD5.2d9c903dc76a66813d350a562de40ed9] - C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
    [MD5.b35cfcef838382ab6490b321c87edf17] - C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
    [MD5.e03e8c99d15d0381e02743c36afc7c6f] - C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
    [MD5.2d9c903dc76a66813d350a562de40ed9] - C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
    [MD5.1f05b78ab91c9075565a9d8a4b880bc4] - C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

    ¤¤¤¤¤ Reference

    Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
    Win 2000_SP3 : 7A62A6C8303C9D026DD926F397B2FB57
    Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
    Win XP_32b : a64013e98426e1877cb653685c5c0009
    Win XP_SP1_32b : 95b858761a00e1d4f81f79a0da019aca
    Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
    Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
    Win XP_64 : 72C77044943340964FA513B92D6D6874
    Win XP_64_SP2 : 7A1814D0D112F50F828E25557A1ED29F
    Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
    Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
    Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
    Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
    Windows 7_32b : 338c86357871c167a96ab976519bf59e
    Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C

    ¤¤¤¤¤¤¤¤¤¤ Explorer ¤¤¤¤¤¤¤¤¤¤

    [MD5.d07d4c3038f3578ffce1c0237f2a1253] - C:\Windows\explorer.exe
    [MD5.d07d4c3038f3578ffce1c0237f2a1253] - C:\Windows\ERDNT\cache\explorer.exe
    [MD5.fd8c53fb002217f6f888bcf6f5d7084d] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
    [MD5.6d06cd98d954fe87fb2db8108793b399] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
    [MD5.37440d09deae0b672a04dccf7abf06be] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
    [MD5.bd06f0bf753bc704b653c3a50f89d362] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
    [MD5.e7156b0b74762d9de0e66bdcde06e5fb] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
    [MD5.ffa764631cb70a30065c12ef8e174f9f] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
    [MD5.4f554999d7d5f05daaebba7b5ba1089d] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
    [MD5.50ba5850147410cde89c523ad3bc606e] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
    [MD5.d07d4c3038f3578ffce1c0237f2a1253] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe

    ¤¤¤¤¤¤¤¤¤¤ Winlogon ¤¤¤¤¤¤¤¤¤¤

    [MD5.898e7c06a350d4a1a64a9ea264d55452] - C:\Windows\ERDNT\cache\winlogon.exe
    [MD5.898e7c06a350d4a1a64a9ea264d55452] - C:\Windows\System32\winlogon.exe
    [MD5.9f75392b9128a91abafb044ea350baad] - C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
    [MD5.c2610b6bdbefc053bbdab4f1b965cb24] - C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
    [MD5.898e7c06a350d4a1a64a9ea264d55452] - C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

    ¤¤¤¤¤¤¤¤¤¤ Wininit ¤¤¤¤¤¤¤¤¤¤

    [MD5.101ba3ea053480bb5d957ef37c06b5ed] - C:\Windows\ERDNT\cache\wininit.exe
    [MD5.101ba3ea053480bb5d957ef37c06b5ed] - C:\Windows\System32\wininit.exe
    [MD5.d4385b03e8cccee6f0ee249f827c1f3e] - C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
    [MD5.101ba3ea053480bb5d957ef37c06b5ed] - C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

    ¤¤¤¤¤¤¤¤¤¤ SVC | svchost ¤¤¤¤¤¤¤¤¤¤

    svchost.exe 832 DcomLaunch, PlugPlay
    svchost.exe 940 RpcSs
    svchost.exe 1036 Audiosrv, Dhcp, Eventlog, lmhosts, wscsvc
    svchost.exe 1064 AudioEndpointBuilder, EMDMgmt, hidserv,
    Netman, PcaSvc, SysMain,
    TabletInputService, TrkWks, UxSms,
    WdiSystemHost, Wlansvc, WPDBusEnum, wudfsvc
    svchost.exe 1080 AeLookupSvc, Appinfo, BITS, Browser,
    EapHost, gpsvc, IKEEXT, iphlpsvc,
    LanmanServer, MMCSS, ProfSvc, RasMan,
    Schedule, seclogon, SENS, ShellHWDetection,
    Themes, Winmgmt, wuauserv
    svchost.exe 1284 EventSystem, fdPHost, FDResPub,
    LanmanWorkstation, netprofm, nsi, SSDPSRV,
    SstpSvc, upnphost, W32Time, WebClient
    svchost.exe 1412 CryptSvc, Dnscache, KtmRm, NlaSvc, TapiSrv,
    TermService
    svchost.exe 444 BFE, DPS, MpsSvc
    svchost.exe 2724 PolicyAgent
    svchost.exe 2924 stisvc
    svchost.exe 2960 WerSvc
    svchost.exe 4632 FontCache

    ¤¤¤¤¤¤¤¤¤¤ IFEO | debugger ¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤ Mountpoints2 ¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤ First Scan ¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤

    [HKEY_CURRENT_USER\software\AC3filter]
    [HKEY_CURRENT_USER\software\Ad-Remover]
    [HKEY_CURRENT_USER\software\Adobe]
    [HKEY_CURRENT_USER\software\AhnLab]
    [HKEY_CURRENT_USER\software\Alcohol Soft]
    [HKEY_CURRENT_USER\software\AppDataLow]
    [HKEY_CURRENT_USER\software\Apple Computer, Inc.]
    [HKEY_CURRENT_USER\software\Applications locales générées par AppWizard]
    [HKEY_CURRENT_USER\software\ArchiverDLL]
    [HKEY_CURRENT_USER\software\ArenaNet]
    [HKEY_CURRENT_USER\software\Avira]
    [HKEY_CURRENT_USER\software\Battle.net]
    [HKEY_CURRENT_USER\software\BitTorrent]
    [HKEY_CURRENT_USER\software\Blizzard Entertainment]
    [HKEY_CURRENT_USER\software\Bugsplat]
    [HKEY_CURRENT_USER\software\Canon]
    [HKEY_CURRENT_USER\software\CheckPoint]
    [HKEY_CURRENT_USER\software\CISRA]
    [HKEY_CURRENT_USER\software\ClassesB]
    [HKEY_CURRENT_USER\software\Clients]
    [HKEY_CURRENT_USER\software\CurseClient]
    [HKEY_CURRENT_USER\software\Cyanide]
    [HKEY_CURRENT_USER\software\cybelsoft]
    [HKEY_CURRENT_USER\software\DivX]
    [HKEY_CURRENT_USER\software\DivXNetworks]
    [HKEY_CURRENT_USER\software\DT Soft]
    [HKEY_CURRENT_USER\software\DTP]
    [HKEY_CURRENT_USER\software\ej-technologies]
    [HKEY_CURRENT_USER\software\Emulators]
    [HKEY_CURRENT_USER\software\EPSON]
    [HKEY_CURRENT_USER\software\FRANCE TELECOM]
    [HKEY_CURRENT_USER\software\Gabest]
    [HKEY_CURRENT_USER\software\GNU]
    [HKEY_CURRENT_USER\software\Google]
    [HKEY_CURRENT_USER\software\GSpot Appliance Corp]
    [HKEY_CURRENT_USER\software\Haali]
    [HKEY_CURRENT_USER\software\IM Providers]
    [HKEY_CURRENT_USER\software\INCAInternet]
    [HKEY_CURRENT_USER\software\JavaSoft]
    [HKEY_CURRENT_USER\software\JEDI-VCL]
    [HKEY_CURRENT_USER\software\Lavasoft]
    [HKEY_CURRENT_USER\software\Local AppWizard-Generated Applications]
    [HKEY_CURRENT_USER\software\Macromedia]
    [HKEY_CURRENT_USER\software\Malwarebytes' Anti-Malware]
    [HKEY_CURRENT_USER\software\MediaInfo]
    [HKEY_CURRENT_USER\software\Microsoft]
    [HKEY_CURRENT_USER\software\Mozilla]
    [HKEY_CURRENT_USER\software\MozillaPlugins]
    [HKEY_CURRENT_USER\software\Mumble]
    [HKEY_CURRENT_USER\software\Netscape]
    [HKEY_CURRENT_USER\software\Nival Online]
    [HKEY_CURRENT_USER\software\Northcode Inc]
    [HKEY_CURRENT_USER\software\NVIDIA Corporation]
    [HKEY_CURRENT_USER\software\ODBC]
    [HKEY_CURRENT_USER\software\Packard Bell]
    [HKEY_CURRENT_USER\software\Pando Networks]
    [HKEY_CURRENT_USER\software\Piriform]
    [HKEY_CURRENT_USER\software\Policies]
    [HKEY_CURRENT_USER\software\RealNetworks]
    [HKEY_CURRENT_USER\software\Realtek]
    [HKEY_CURRENT_USER\software\SecuROM]
    [HKEY_CURRENT_USER\software\SEIKO EPSON]
    [HKEY_CURRENT_USER\software\Skype]
    [HKEY_CURRENT_USER\software\Softonic]
    [HKEY_CURRENT_USER\software\stevengould.org]
    [HKEY_CURRENT_USER\software\Sun Microsystems]
    [HKEY_CURRENT_USER\software\Sysinternals]
    [HKEY_CURRENT_USER\software\TimeGate Studios]
    [HKEY_CURRENT_USER\software\Trolltech]
    [HKEY_CURRENT_USER\software\Usbfix]
    [HKEY_CURRENT_USER\software\Valve]
    [HKEY_CURRENT_USER\software\VB and VBA Program Settings]
    [HKEY_CURRENT_USER\software\Veoh]
    [HKEY_CURRENT_USER\software\WinRAR]
    [HKEY_CURRENT_USER\software\WinRAR SFX]
    [HKEY_CURRENT_USER\software\YahooPartnerToolbar]
    [HKEY_CURRENT_USER\software\Zone Labs]
    [HKEY_CURRENT_USER\software\Classes]

    [HKEY_LOCAL_MACHINE\software\Adobe]
    [HKEY_LOCAL_MACHINE\software\AeriaGames]
    [HKEY_LOCAL_MACHINE\software\AGEIA Technologies]
    [HKEY_LOCAL_MACHINE\software\Alcohol Soft]
    [HKEY_LOCAL_MACHINE\software\Ankama]
    [HKEY_LOCAL_MACHINE\software\Apple Computer, Inc.]
    [HKEY_LOCAL_MACHINE\software\Apple Inc.]
    [HKEY_LOCAL_MACHINE\software\ArenaNet]
    [HKEY_LOCAL_MACHINE\software\Avira]
    [HKEY_LOCAL_MACHINE\software\Blizzard Entertainment]
    [HKEY_LOCAL_MACHINE\software\C07ft5Y]
    [HKEY_LOCAL_MACHINE\software\Canon]
    [HKEY_LOCAL_MACHINE\software\CheckPoint]
    [HKEY_LOCAL_MACHINE\software\CISRA]
    [HKEY_LOCAL_MACHINE\software\Classes]
    [HKEY_LOCAL_MACHINE\software\Clients]
    [HKEY_LOCAL_MACHINE\software\Codec Tweak Tool]
    [HKEY_LOCAL_MACHINE\software\Creative Tech]
    [HKEY_LOCAL_MACHINE\software\Cyanide]
    [HKEY_LOCAL_MACHINE\software\cybelsoft]
    [HKEY_LOCAL_MACHINE\software\CyberLink]
    [HKEY_LOCAL_MACHINE\software\DivX]
    [HKEY_LOCAL_MACHINE\software\DivXNetworks]
    [HKEY_LOCAL_MACHINE\software\Dofus 2]
    [HKEY_LOCAL_MACHINE\software\DT Soft]
    [HKEY_LOCAL_MACHINE\software\EPSON]
    [HKEY_LOCAL_MACHINE\software\FRANCE TELECOM]
    [HKEY_LOCAL_MACHINE\software\Gabest]
    [HKEY_LOCAL_MACHINE\software\Garena]
    [HKEY_LOCAL_MACHINE\software\GNU]
    [HKEY_LOCAL_MACHINE\software\Google]
    [HKEY_LOCAL_MACHINE\software\HaaliMkx]
    [HKEY_LOCAL_MACHINE\software\InstallShield]
    [HKEY_LOCAL_MACHINE\software\Intel]
    [HKEY_LOCAL_MACHINE\software\InterVideo]
    [HKEY_LOCAL_MACHINE\software\JavaSoft]
    [HKEY_LOCAL_MACHINE\software\JreMetrics]
    [HKEY_LOCAL_MACHINE\software\Khronos]
    [HKEY_LOCAL_MACHINE\software\KLCodecPack]
    [HKEY_LOCAL_MACHINE\software\Larian Studios]
    [HKEY_LOCAL_MACHINE\software\Lavasoft]
    [HKEY_LOCAL_MACHINE\software\Licenses]
    [HKEY_LOCAL_MACHINE\software\Macromedia]
    [HKEY_LOCAL_MACHINE\software\Malwarebytes' Anti-Malware]
    [HKEY_LOCAL_MACHINE\software\Microsoft]
    [HKEY_LOCAL_MACHINE\software\MimarSinan]
    [HKEY_LOCAL_MACHINE\software\Mozilla]
    [HKEY_LOCAL_MACHINE\software\mozilla.org]
    [HKEY_LOCAL_MACHINE\software\MozillaPlugins]
    [HKEY_LOCAL_MACHINE\software\Mumble]
    [HKEY_LOCAL_MACHINE\software\NCSoft]
    [HKEY_LOCAL_MACHINE\software\Netts]
    [HKEY_LOCAL_MACHINE\software\NiProD_StargateAtlantisSimulation]
    [HKEY_LOCAL_MACHINE\software\NVIDIA Corporation]
    [HKEY_LOCAL_MACHINE\software\Ocean Global Holding]
    [HKEY_LOCAL_MACHINE\software\ODBC]
    [HKEY_LOCAL_MACHINE\software\OldTimer Tools]
    [HKEY_LOCAL_MACHINE\software\Pando Networks]
    [HKEY_LOCAL_MACHINE\software\PB_EBAY]
    [HKEY_LOCAL_MACHINE\software\PB_FIRSTCHOICE]
    [HKEY_LOCAL_MACHINE\software\PB_KODAK]
    [HKEY_LOCAL_MACHINE\software\PB_METABOLI]
    [HKEY_LOCAL_MACHINE\software\Piriform]
    [HKEY_LOCAL_MACHINE\software\PocketSoft]
    [HKEY_LOCAL_MACHINE\software\Policies]
    [HKEY_LOCAL_MACHINE\software\RealNetworks]
    [HKEY_LOCAL_MACHINE\software\Realtek]
    [HKEY_LOCAL_MACHINE\software\Realtek Semiconductor Corp.]
    [HKEY_LOCAL_MACHINE\software\RegisteredApplications]
    [HKEY_LOCAL_MACHINE\software\RichFX]
    [HKEY_LOCAL_MACHINE\software\Riot Games]
    [HKEY_LOCAL_MACHINE\software\S3R521]
    [HKEY_LOCAL_MACHINE\software\Safer Networking Limited]
    [HKEY_LOCAL_MACHINE\software\Sagem]
    [HKEY_LOCAL_MACHINE\software\SECURITOO]
    [HKEY_LOCAL_MACHINE\software\Skype]
    [HKEY_LOCAL_MACHINE\software\SolidStateNetworks]
    [HKEY_LOCAL_MACHINE\software\Sonic]
    [HKEY_LOCAL_MACHINE\software\SONOV]
    [HKEY_LOCAL_MACHINE\software\SpywareBlaster]
    [HKEY_LOCAL_MACHINE\software\SRS Labs]
    [HKEY_LOCAL_MACHINE\software\Sun Microsystems]
    [HKEY_LOCAL_MACHINE\software\Symantec]
    [HKEY_LOCAL_MACHINE\software\SymNRT]
    [HKEY_LOCAL_MACHINE\software\Team17 Software Ltd.]
    [HKEY_LOCAL_MACHINE\software\THQ]
    [HKEY_LOCAL_MACHINE\software\TrendMicro]
    [HKEY_LOCAL_MACHINE\software\Valve]
    [HKEY_LOCAL_MACHINE\software\VertigoGames]
    [HKEY_LOCAL_MACHINE\software\VideoLAN]
    [HKEY_LOCAL_MACHINE\software\Waves Audio]
    [HKEY_LOCAL_MACHINE\software\WholeSecurity]
    [HKEY_LOCAL_MACHINE\software\Windows]
    [HKEY_LOCAL_MACHINE\software\X-AVCSD]
    [HKEY_LOCAL_MACHINE\software\Xerox]
    [HKEY_LOCAL_MACHINE\software\Xing Technology Corp.]
    [HKEY_LOCAL_MACHINE\software\Zone Labs]
    [HKEY_LOCAL_MACHINE\software\ZoneAlarm_Security]
    [HKEY_LOCAL_MACHINE\software\Even Balance]

    ¤¤¤¤¤¤¤¤¤¤ Files/folders ¤¤¤¤¤¤¤¤¤¤

    Present !! : C:\Users\Nenuph\AppData\Roaming\app
    Present !! : C:\Users\Nenuph\AppData\Local\d3d9caps.dat
    Present !! : C:\Users\Nenuph\AppData\Local\GDIPFONTCACHEV1.DAT
    Present !! : C:\Windows\Temp\CabB6B1.tmp
    Present !! : C:\Windows\Temp\TarB6B2.tmp
    Present !! : C:\Windows\Temp\ZLT017e0.TMP

    ¤¤¤¤¤¤¤¤¤¤ Keys :

    FEATURE_BROWSER_EMULATION | svchost :
    ====================================

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-12 11:46:07
    Windows 6.0.6002 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.0.6002 Disk: ST350083 rev.3.AA -> Harddisk0\DR0 -> \Device\0000005d

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll sfsync02.sys storport.sys nvstor32.sys tcpip.sys NETIO.SYS
    C:\Windows\System32\drivers\sfsync02.sys Protection Technology StarForce Protection System
    C:\Windows\system32\drivers\nvstor32.sys NVIDIA Corporation NVIDIA nForce(TM) SATA Driver
    1 ntkrnlpa!IofCallDriver[0x82492962] -> \Device\Harddisk0\DR0[0x86830AC8]
    3 CLASSPNP[0x807B88B3] -> ntkrnlpa!IofCallDriver[0x82492962] -> [0x85E3B700]
    5 acpi[0x806976BC] -> ntkrnlpa!IofCallDriver[0x82492962] -> \Device\0000005d[0x859CB8F0]
    kernel: MBR read successfully
    user & kernel MBR OK

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    cval = 1 (0x1)
    FirstRunDisabled = 1 (0x1)
    AntiVirusDisableNotify = 0 (0x0)
    FirewallDisableNotify = 0 (0x0)
    UpdatesDisableNotify = 0 (0x0)
    AntiVirusOverride = 0 (0x0)
    FirewallOverride = 0 (0x0)

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    End of scan : 11:47:38,46
    0
    1. jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 645
       
      ok tu le relances et tu fais le nettoyage avec l'option clean , et si problème tu le lance depuis le dossier d'installation avec del_reg !!

      Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
      mais cette fois-ci :

      choisis l'Option Clean

      ton PC va redemarrer,

      laisse travailler l'outil.

      en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,

      colle le contenu dans ta reponse
      0
    2. Byakuya
       
      Il y a un problème quand je lance del_reg. La fenetre bleu s'ouvre avec qqchose d'écrit
      [...]
      Accès refusé.

      Ensuite le programme me demande si je veux nettoyer le disque je répond oui.
      Et là y'a un message d'erreur où je doit demander si je continue avec le ficher "XXX" (je sais plus le nom).
      Que je mette oui ou non plusieurs fois me fait apparaitre un petit truc, comme un page quia été réduite, en bas de l'écran avec comme nom un genre de mbr_lk
      Donc je n'ai pas de fichier à la fin.
      0
    3. jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 645
       
      tu lance bien del_reg avec un clique droit et en tant que administrateur ??
      0
    4. Byakuya
       
      oui
      0
    5. Byakuya
       
      Là ca a marché, c'est bizarre.

      ¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.1.2.7 ¤¤¤¤¤¤¤¤¤¤

      User : Nenuph (Administrateurs)
      Update on 08/12/2010 by g3n-h@ckm@n ::::: 19.00
      Start at: 17:07:06 | 12/12/2010

      Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
      Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
      Internet Explorer 7.0.6002.18005
      Windows Firewall Status : Enabled

      C:\ -> Disque fixe local | 457,76 Go (256,6 Go free) [HDD] | NTFS
      D:\ -> Disque CD-ROM
      F:\ -> Disque amovible
      G:\ -> Disque amovible
      H:\ -> Disque amovible
      K:\ -> Disque amovible


      ¤¤¤¤¤¤¤¤¤¤ Files/folders :

      Quarantined & Deleted !! : C:\Windows\Temp\CabB6B1.tmp
      Quarantined & Deleted !! : C:\Windows\Temp\TarB6B2.tmp

      ¤¤¤¤¤¤¤¤¤¤ Hosts ¤¤¤¤¤¤¤¤¤¤

      127.0.0.1 localhost

      ¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤


      ¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
      Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      Local Page = C:\WINDOWS\system32\blank.htm
      Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      Start Page = https://www.google.com/?gws_rd=ssl
      Local Page = C:\WINDOWS\system32\blank.htm
      Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

      ¤¤¤¤¤¤¤¤¤¤ Security Center ¤¤¤¤¤¤¤¤¤¤

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
      cval = 1 (0x1)
      FirstRunDisabled = 1 (0x1)
      AntiVirusDisableNotify = 0 (0x0)
      FirewallDisableNotify = 0 (0x0)
      UpdatesDisableNotify = 0 (0x0)
      AntiVirusOverride = 0 (0x0)
      FirewallOverride = 0 (0x0)

      ¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤

      Ndisuio : Start = 3
      EapHost : Start = 2
      Wlansvc : Start = 2
      SharedAccess : Start = 2
      windefend : Start = 2
      wuauserv : Start = 2
      wscsvc : Start = 2

      ¤¤¤¤¤¤¤¤¤¤ Winlogon

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
      Shell = explorer.exe
      Userinit = C:\Windows\System32\userinit.exe,

      ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
      Disk Cleaned
      Prefetch cleaned
      ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

      FEATURE_BROWSER_EMULATION | svchost :
      ====================================


      Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
      Windows 6.0.6002 Disk: ST350083 rev.3.AA -> Harddisk0\DR0 -> \Device\0000005d

      device: opened successfully
      user: MBR read successfully

      Disk trace:
      called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll sfsync02.sys storport.sys nvstor32.sys
      C:\Windows\System32\drivers\sfsync02.sys Protection Technology StarForce Protection System
      C:\Windows\system32\drivers\nvstor32.sys NVIDIA Corporation NVIDIA nForce(TM) SATA Driver
      1 ntkrnlpa!IofCallDriver[0x82492962] -> \Device\Harddisk0\DR0[0x86830AC8]
      3 CLASSPNP[0x807B88B3] -> ntkrnlpa!IofCallDriver[0x82492962] -> [0x85E3B700]
      5 acpi[0x806976BC] -> ntkrnlpa!IofCallDriver[0x82492962] -> \Device\0000005d[0x859CB8F0]
      kernel: MBR read successfully
      user & kernel MBR OK



      End of Scan : 17:07:19,17




      ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
      0