Ordi rame, application aussi
Byakuya
-
jacques.gache Messages postés 34829 Statut Contributeur sécurité -
jacques.gache Messages postés 34829 Statut Contributeur sécurité -
Bonjour,
Voilà depuis un certain temps, je ne saurais dire exactement (entre 1 et 3 mois) mon ordinateur semble avoir quelques difficultés avec des applications tels qu'internet, des jeux PC ou des jeux en ligne.
J'ai vraiment remarquer ce changement quand j'ai voulu rejouer à un jeu acheté y'a plus d'un an. A l'époque je l'avais installé et fait tourner en qualité normale sans soucis, mais aujourd'hui, même avec les qualités les plus faibles c'est injouable.
Pareil quand je suis sur le web.
Alors je me demandais si il n'y avait pas un soucis sur mon ordinateur, un virus ou un truc dans le genre qu'Avira, Spybot, Malwarebytes, CCleaner et Zonealarm n'aurait pas sur s'occuper.
Merci d'avance
Voilà depuis un certain temps, je ne saurais dire exactement (entre 1 et 3 mois) mon ordinateur semble avoir quelques difficultés avec des applications tels qu'internet, des jeux PC ou des jeux en ligne.
J'ai vraiment remarquer ce changement quand j'ai voulu rejouer à un jeu acheté y'a plus d'un an. A l'époque je l'avais installé et fait tourner en qualité normale sans soucis, mais aujourd'hui, même avec les qualités les plus faibles c'est injouable.
Pareil quand je suis sur le web.
Alors je me demandais si il n'y avait pas un soucis sur mon ordinateur, un virus ou un truc dans le genre qu'Avira, Spybot, Malwarebytes, CCleaner et Zonealarm n'aurait pas sur s'occuper.
Merci d'avance
A voir également:
- Ordi rame, application aussi
- Ordi qui rame - Guide
- Comment reinitialiser un ordi - Guide
- Nommez une application d'appel vidéo ou de visioconférence - Guide
- Desinstaller application windows - Guide
- Application word et excel gratuit - Guide
6 réponses
bonjour, peux tu poster un zhpdiag pour faire un diagnostique de ton pc , merci
Ouvre ce lien et télécharge ZHPDiag :
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
cliques sur télécharger "celui du bas"
ou directement ici: https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
et si problème : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
tu vas en bas de la page et tu télécharges le premier tu et tu dézippes
ou lien direct http://www.moncompteur.com/compteurclick.php?idLink=18026
tu décompresses et tu lances !!
Enregistres le sur ton Bureau.
Une fois le téléchargement achevé
pour XP, double-clique sur ZHPDiag
pour Vista,et seven tu fais un clic droit sur l'icône et exécute en tant qu'administrateur.
N'oublies pas de cocher la case qui permet de mettre un raccourci sur le Bureau.
/|\ l'outil a créé 2 icônes ZHPDiag et ZHPFix.
Double cliques sur le raccourci ZHPDiag sur ton Bureau pour XP sinon clique droit et en tant que administrateur !!
Cliques sur la loupe pour lancer l'analyse.
si tu as un message te demandant la validation pour SIGCHECK acceptes avec OK cela est pour nous faire un rapport plus complet et pouvoir en faire une lecture plus approfondis
Laisses l'outil travailler, il peut être assez long
A la fin de l'analyse,clique sur l'appareil photo et enregistre le rapport sur ton Bureau.
Fermes ZHPDiag en fin d'analyse.
Pour me le transmettre clique sur ce lien :
http://www.cijoint.fr/index.php
Clique sur Parcourir et cherche le fichier C:\Documents and settings\le_nom_de_ta_session\bureau\.ZHPDiag.txt
ou directement en choisissant bureau et ZHPDiag.txt clique dessus
Clique sur Ouvrir.
Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cj200905/cib7SU.txt
est ajouté dans la page.
Copie ce lien dans ta réponse.
et si problème passe par celui ci : http://cjoint.com/
Ouvre ce lien et télécharge ZHPDiag :
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
cliques sur télécharger "celui du bas"
ou directement ici: https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
et si problème : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
tu vas en bas de la page et tu télécharges le premier tu et tu dézippes
ou lien direct http://www.moncompteur.com/compteurclick.php?idLink=18026
tu décompresses et tu lances !!
Enregistres le sur ton Bureau.
Une fois le téléchargement achevé
pour XP, double-clique sur ZHPDiag
pour Vista,et seven tu fais un clic droit sur l'icône et exécute en tant qu'administrateur.
N'oublies pas de cocher la case qui permet de mettre un raccourci sur le Bureau.
/|\ l'outil a créé 2 icônes ZHPDiag et ZHPFix.
Double cliques sur le raccourci ZHPDiag sur ton Bureau pour XP sinon clique droit et en tant que administrateur !!
Cliques sur la loupe pour lancer l'analyse.
si tu as un message te demandant la validation pour SIGCHECK acceptes avec OK cela est pour nous faire un rapport plus complet et pouvoir en faire une lecture plus approfondis
Laisses l'outil travailler, il peut être assez long
A la fin de l'analyse,clique sur l'appareil photo et enregistre le rapport sur ton Bureau.
Fermes ZHPDiag en fin d'analyse.
Pour me le transmettre clique sur ce lien :
http://www.cijoint.fr/index.php
Clique sur Parcourir et cherche le fichier C:\Documents and settings\le_nom_de_ta_session\bureau\.ZHPDiag.txt
ou directement en choisissant bureau et ZHPDiag.txt clique dessus
Clique sur Ouvrir.
Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cj200905/cib7SU.txt
est ajouté dans la page.
Copie ce lien dans ta réponse.
et si problème passe par celui ci : http://cjoint.com/
bonjour, pas grand chose de visible côté infection tu vas fixer ccela avec zhpfix , tu passeras adr-remover , et tu feras un nettoyage avec ccleaner que tu as sur ton pc mais avec les réglages donnés , et puis tu me posteras un list&kill"em pour voir si lui il trouve des choses
si non perso je te conseillerais de supprimer spybot qui ne sert plus à grand chose sauf ralentir le pc !! et si tu installes la version 10 de antivir il te demandera de déactiver windows défender pour éviter les poblème car antivir a un anti_spyware intégré !!
si tu ne le déinstalles pas tous de suite déactive le pour pas qu'il géne le nettoyage
déactives la protection résidente de spybot pour pas qu'il nous bloque le fixe
quand tu le réactiveras possible qu'il te demande d'accepter ou pas les modifications il faudra les accepter toutes
pour t'aider au cas ou : http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924
1) fixe cela avec zhpfix comme expliqué
. Copie les lignes suivantes en GRAS
O69 - SBI: SearchScopes [HKCU] {3359ec06-762c-4be8-a358-4e806a130981} - (Searcheo) - http://www.searcheo.fr
MBRFix
. Lance ZHPFix de Nicolas Coolman qui se trouve sur ton bureau
. Pour XP, double-clique sur ZHPFix
. pour Vista et seven, faire un clic droit sur l'icône et exécute en tant qu'administrateur.
. Clique sur l'icone représentant la lettre H (« coller les lignes Helper »)
Dans l'encadré principal tu verras donc les lignes que tu as copié précédemment apparaitrent .
Vérifie que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre.
. cliques sur OK
. Clique sur « Tous », puis sur « Nettoyer »
. Copie/colle la totalité du rapport dans ta prochaine réponse
tu le trouveras dans le dossier de zhpdiag dans program files sous le nom de ZHPFixReport
2) passes ad-remover mode nettoyage
Déactives ton anti-virus et anti-spyware le temps du scan
Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Télécharge Ad-Remover sur ton bureau:
http://www.teamxscript.org/adremoverTelechargement.html
ou:
https://www.androidworld.fr/
/!\ Ferme toutes tes applications ouvertes. /!\
Double clique sur le fichier que tu viens de télécharger, à l'écran qui apparait, clique sur "Nettoyer".
Laisse travailler l'outil.
Poste le rapport qui s'affiche à l'écran quand l'analyse est terminée.
( Le rapport est sauvegardé sous C:\Ad-report-clean.log )
3) fais un nettoyage avec ccleaner et les réglages donnés
je ne te donne pas l'installation mais jsute les réglages
.double-cliques sur l'icône de Ccleaner pour l'ouvrir
.une fois ouvert tu cliques sur option et puis avancé
.tu décoches effacer uniquement les fichiers, du dossier temp de windows plus vieux que 24 heures
.cliques sur nettoyeur
.cliques sur windows et dans la colonne avancé
.cochesla première case vieilles données du perfetch que celle-la
.cliques sur analyse une fois l'analyse terminé
.cliques sur lancer le nettoyage et sur la demande de confirmation OK il vas falloir que tu le refasses une autre fois une fois fini vériffis en appuiant de nouveau sur analyse pour être sur qu'il n'y est plus rien
.cliques maintenant sur registre et puis sur rechercher les erreurs
.laisses tout cochées et cliques sur réparrer les erreurs sélectionnées
.il te demande de sauvegarder OUI
.tu lui donnes un nom pour pouvoir la retrouver et enregistre
.cliques sur corriger toutes les erreurs sélectionnées et sur la demande de confirmation OK
.il supprime et fermer tu vériffis en relancant rechercher les erreurs
.tu retournes dans option et tu recoches la case effacer uniquement les fichiers, du dossier temp de windows plus vieux que 24 heures et sur nettoyeur, windows sous avancé tu décoches la première case vieilles données du perfetch
.tu peux fermer Ccleaner
4) postes un list&kill"em
DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)
Télécharge List_Kill'em et enregistre le sur ton bureau
double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation
une fois terminée , clic sur "terminer" et le programme se lancera seul
choisis l'option Search
un icone blanc et noir va s'afficher sur le bureau , il te servira à relancer le programme par la suite.
un autre rouge et noir te servira a desinstaller le prog a la fin de la desinfection.
laisse travailler l'outil
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.
un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , , il s'auto supprimera a la fin du scan
Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
sinon le rapport est ici : C:\List'em.txt
si non perso je te conseillerais de supprimer spybot qui ne sert plus à grand chose sauf ralentir le pc !! et si tu installes la version 10 de antivir il te demandera de déactiver windows défender pour éviter les poblème car antivir a un anti_spyware intégré !!
si tu ne le déinstalles pas tous de suite déactive le pour pas qu'il géne le nettoyage
déactives la protection résidente de spybot pour pas qu'il nous bloque le fixe
quand tu le réactiveras possible qu'il te demande d'accepter ou pas les modifications il faudra les accepter toutes
pour t'aider au cas ou : http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924
1) fixe cela avec zhpfix comme expliqué
. Copie les lignes suivantes en GRAS
O69 - SBI: SearchScopes [HKCU] {3359ec06-762c-4be8-a358-4e806a130981} - (Searcheo) - http://www.searcheo.fr
MBRFix
. Lance ZHPFix de Nicolas Coolman qui se trouve sur ton bureau
. Pour XP, double-clique sur ZHPFix
. pour Vista et seven, faire un clic droit sur l'icône et exécute en tant qu'administrateur.
. Clique sur l'icone représentant la lettre H (« coller les lignes Helper »)
Dans l'encadré principal tu verras donc les lignes que tu as copié précédemment apparaitrent .
Vérifie que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre.
. cliques sur OK
. Clique sur « Tous », puis sur « Nettoyer »
. Copie/colle la totalité du rapport dans ta prochaine réponse
tu le trouveras dans le dossier de zhpdiag dans program files sous le nom de ZHPFixReport
2) passes ad-remover mode nettoyage
Déactives ton anti-virus et anti-spyware le temps du scan
Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Télécharge Ad-Remover sur ton bureau:
http://www.teamxscript.org/adremoverTelechargement.html
ou:
https://www.androidworld.fr/
/!\ Ferme toutes tes applications ouvertes. /!\
Double clique sur le fichier que tu viens de télécharger, à l'écran qui apparait, clique sur "Nettoyer".
Laisse travailler l'outil.
Poste le rapport qui s'affiche à l'écran quand l'analyse est terminée.
( Le rapport est sauvegardé sous C:\Ad-report-clean.log )
3) fais un nettoyage avec ccleaner et les réglages donnés
je ne te donne pas l'installation mais jsute les réglages
.double-cliques sur l'icône de Ccleaner pour l'ouvrir
.une fois ouvert tu cliques sur option et puis avancé
.tu décoches effacer uniquement les fichiers, du dossier temp de windows plus vieux que 24 heures
.cliques sur nettoyeur
.cliques sur windows et dans la colonne avancé
.cochesla première case vieilles données du perfetch que celle-la
.cliques sur analyse une fois l'analyse terminé
.cliques sur lancer le nettoyage et sur la demande de confirmation OK il vas falloir que tu le refasses une autre fois une fois fini vériffis en appuiant de nouveau sur analyse pour être sur qu'il n'y est plus rien
.cliques maintenant sur registre et puis sur rechercher les erreurs
.laisses tout cochées et cliques sur réparrer les erreurs sélectionnées
.il te demande de sauvegarder OUI
.tu lui donnes un nom pour pouvoir la retrouver et enregistre
.cliques sur corriger toutes les erreurs sélectionnées et sur la demande de confirmation OK
.il supprime et fermer tu vériffis en relancant rechercher les erreurs
.tu retournes dans option et tu recoches la case effacer uniquement les fichiers, du dossier temp de windows plus vieux que 24 heures et sur nettoyeur, windows sous avancé tu décoches la première case vieilles données du perfetch
.tu peux fermer Ccleaner
4) postes un list&kill"em
DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)
Télécharge List_Kill'em et enregistre le sur ton bureau
double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation
une fois terminée , clic sur "terminer" et le programme se lancera seul
choisis l'option Search
un icone blanc et noir va s'afficher sur le bureau , il te servira à relancer le programme par la suite.
un autre rouge et noir te servira a desinstaller le prog a la fin de la desinfection.
laisse travailler l'outil
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.
un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , , il s'auto supprimera a la fin du scan
Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
sinon le rapport est ici : C:\List'em.txt
Rapport de ZHPFix 6.12.3226 par Nicolas Coolman, Update du 06/12/2010
Fichier d'export Registre :
Run by Nenuph at 12/12/2010 01:52:58
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
Contact : nicolascoolman@yahoo.fr
========== Elément(s) de donnée du Registre ==========
O69 - SBI: SearchScopes [HKCU] {3359ec06-762c-4be8-a358-4e806a130981} - (Searcheo) - => Donnée remplacée avec succès
========== Master Boot Record ==========
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.1 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: ST350083 rev.3.AA -> \Device\0000005d
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll sfsync02.sys storport.sys nvstor32.sys
C:\Windows\System32\drivers\sfsync02.sys Protection Technology StarForce Protection System
C:\Windows\system32\drivers\nvstor32.sys NVIDIA Corporation NVIDIA nForce(TM) SATA Driver
1 ntkrnlpa!IofCallDriver[0x8248B962] -> \Device\Harddisk0\DR0[0x866550F0]
3 CLASSPNP[0x807BB8B3] -> ntkrnlpa!IofCallDriver[0x8248B962] -> [0x859BFB68]
5 acpi[0x8069A6BC] -> ntkrnlpa!IofCallDriver[0x8248B962] -> \Device\0000005d[0x859BFC90]
kernel: MBR read successfully
user & kernel MBR OK
Resultat après le fix :
Master Boot Record non infecté
========== Récapitulatif ==========
1 : Elément(s) de donnée du Registre
1 : Master Boot Record
End of the scan
Fichier d'export Registre :
Run by Nenuph at 12/12/2010 01:52:58
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
Contact : nicolascoolman@yahoo.fr
========== Elément(s) de donnée du Registre ==========
O69 - SBI: SearchScopes [HKCU] {3359ec06-762c-4be8-a358-4e806a130981} - (Searcheo) - => Donnée remplacée avec succès
========== Master Boot Record ==========
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.1 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: ST350083 rev.3.AA -> \Device\0000005d
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll sfsync02.sys storport.sys nvstor32.sys
C:\Windows\System32\drivers\sfsync02.sys Protection Technology StarForce Protection System
C:\Windows\system32\drivers\nvstor32.sys NVIDIA Corporation NVIDIA nForce(TM) SATA Driver
1 ntkrnlpa!IofCallDriver[0x8248B962] -> \Device\Harddisk0\DR0[0x866550F0]
3 CLASSPNP[0x807BB8B3] -> ntkrnlpa!IofCallDriver[0x8248B962] -> [0x859BFB68]
5 acpi[0x8069A6BC] -> ntkrnlpa!IofCallDriver[0x8248B962] -> \Device\0000005d[0x859BFC90]
kernel: MBR read successfully
user & kernel MBR OK
Resultat après le fix :
Master Boot Record non infecté
========== Récapitulatif ==========
1 : Elément(s) de donnée du Registre
1 : Master Boot Record
End of the scan
======= RAPPORT D'AD-REMOVER 2.0.0.2,C | UNIQUEMENT XP/VISTA/7 =======
Mis à jour par TeamXscript le 08/12/10 à 10:40
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 01:56:21 le 12/12/2010, Mode normal
Microsoft® Windows Vista(TM) Édition Familiale Premium Service Pack 2 (X86)
Nenuph@PC-DE-NENUPH (Packard Bell BV PACKARD BELL IMAX X9520)
============== ACTION(S) ==============
Dossier supprimé: C:\Users\Nenuph\AppData\LocalLow\Conduit
(!) -- Fichiers temporaires supprimés.
Clé supprimée: HKLM\Software\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Clé supprimée: HKLM\Software\Classes\Toolbar.CT2542115
Clé supprimée: HKLM\Software\Classes\Toolbar.CT2645238
Clé supprimée: HKLM\Software\Conduit
Clé supprimée: HKCU\Software\AppDataLow\Toolbar
Clé supprimée: HKCU\Software\AppDataLow\Software\Conduit
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
============== SCAN ADDITIONNEL ==============
** Mozilla Firefox Version [3.6.13 (fr)] **
-- C:\Users\Nenuph\AppData\Roaming\Mozilla\FireFox\Profiles\dsorl46a.default\Prefs.js --
browser.search.defaultenginename, Google
browser.startup.homepage_override.mstone, rv:1.9.2.13
keyword.URL, hxxp://www.google.com/search?sourceid=navclient&hl=fr&q=
-- C:\Users\Administrateur\AppData\Roaming\Mozilla\FireFox\Profiles\m7fjaubo.default\Prefs.js --
browser.download.dir, C:\\Users\\Administrateur\\Downloads
browser.download.lastDir, C:\\Users\\Administrateur\\Documents
browser.startup.homepage_override.mstone, rv:1.9.2.13
========================================
** Internet Explorer Version [7.0.6002.18005] **
[HKCU\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Search Asst: no
[HKLM\Software\Microsoft\Internet Explorer\Main]
AutoHide: yes
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
Use Search Asst: no
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
========================================
C:\Program Files\Ad-Remover\Quarantine: 2 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 15 Fichier(s)
C:\Ad-Report-CLEAN[1].txt - 12/12/2010 (3132 Octet(s))
Fin à: 01:57:37, 12/12/2010
============== E.O.F ==============
Mis à jour par TeamXscript le 08/12/10 à 10:40
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 01:56:21 le 12/12/2010, Mode normal
Microsoft® Windows Vista(TM) Édition Familiale Premium Service Pack 2 (X86)
Nenuph@PC-DE-NENUPH (Packard Bell BV PACKARD BELL IMAX X9520)
============== ACTION(S) ==============
Dossier supprimé: C:\Users\Nenuph\AppData\LocalLow\Conduit
(!) -- Fichiers temporaires supprimés.
Clé supprimée: HKLM\Software\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Clé supprimée: HKLM\Software\Classes\Toolbar.CT2542115
Clé supprimée: HKLM\Software\Classes\Toolbar.CT2645238
Clé supprimée: HKLM\Software\Conduit
Clé supprimée: HKCU\Software\AppDataLow\Toolbar
Clé supprimée: HKCU\Software\AppDataLow\Software\Conduit
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
============== SCAN ADDITIONNEL ==============
** Mozilla Firefox Version [3.6.13 (fr)] **
-- C:\Users\Nenuph\AppData\Roaming\Mozilla\FireFox\Profiles\dsorl46a.default\Prefs.js --
browser.search.defaultenginename, Google
browser.startup.homepage_override.mstone, rv:1.9.2.13
keyword.URL, hxxp://www.google.com/search?sourceid=navclient&hl=fr&q=
-- C:\Users\Administrateur\AppData\Roaming\Mozilla\FireFox\Profiles\m7fjaubo.default\Prefs.js --
browser.download.dir, C:\\Users\\Administrateur\\Downloads
browser.download.lastDir, C:\\Users\\Administrateur\\Documents
browser.startup.homepage_override.mstone, rv:1.9.2.13
========================================
** Internet Explorer Version [7.0.6002.18005] **
[HKCU\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Search Asst: no
[HKLM\Software\Microsoft\Internet Explorer\Main]
AutoHide: yes
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
Use Search Asst: no
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
========================================
C:\Program Files\Ad-Remover\Quarantine: 2 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 15 Fichier(s)
C:\Ad-Report-CLEAN[1].txt - 12/12/2010 (3132 Octet(s))
Fin à: 01:57:37, 12/12/2010
============== E.O.F ==============
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
List kill'em ne fonctionne pas, il ne se lance pas tout seul
Et quand je le lance manuellement il met "accès refusé"
Et quand je le lance manuellement il met "accès refusé"
bonjour, tu le lance bien avec un clique droit et en tant que administrateur
essais de le lacer depuis son dossier d'installation normalement C: program files tu ouvre le dossier list_kill"em et puis tu lance avec un clique droit et en tant que administrateur list"em celui avec un engrenage !! regarde sur la capture d'écran
http://sd-1.archive-host.com/...
essais de le lacer depuis son dossier d'installation normalement C: program files tu ouvre le dossier list_kill"em et puis tu lance avec un clique droit et en tant que administrateur list"em celui avec un engrenage !! regarde sur la capture d'écran
http://sd-1.archive-host.com/...
¤¤¤¤¤¤¤¤¤¤ List'em by g3n-h@ckm@n 2.1.2.7 ¤¤¤¤¤¤¤¤¤¤
User : Nenuph (Administrateurs)
Update on 08/12/2010 by g3n-h@ckm@n ::::: 19.00
Start at: 11:40:20 | 12/12/2010
Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 7.0.6002.18005
Windows Firewall Status : Disabled
C:\ -> Disque fixe local | 457,76 Go (256,61 Go free) [HDD] | NTFS
D:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
K:\ -> Disque amovible
¤¤¤¤¤ Sessions ¤¤¤¤¤
C:\Users\Nenuph
C:\Users\Public
C:\Users\Default
Boot: Normal
¤¤¤¤¤¤ Processes ------- Memory(Ko) ------- Priority ------ Command ------- Signer
C:\Windows\System32\smss.exe ---- 0 Ko ---- Normal ---- \SystemRoot\System32\smss.exe ----
C:\Windows\system32\csrss.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ----
C:\Windows\system32\wininit.exe ---- 0 Ko ---- High ---- wininit.exe ----
C:\Windows\system32\csrss.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ----
C:\Windows\system32\services.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\services.exe ----
C:\Windows\system32\lsass.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\lsass.exe ----
C:\Windows\system32\lsm.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\lsm.exe ----
C:\Windows\system32\winlogon.exe ---- 0 Ko ---- High ---- winlogon.exe ----
C:\Windows\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k DcomLaunch ----
C:\Windows\system32\nvvsvc.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\nvvsvc.exe ---- NVIDIA Corporation
C:\Windows\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k rpcss ----
C:\Windows\System32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted ----
C:\Windows\System32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted ----
C:\Windows\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k netsvcs ----
C:\Windows\system32\SLsvc.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\SLsvc.exe ----
C:\Windows\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k LocalService ----
C:\Windows\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k NetworkService ----
C:\Windows\System32\ZoneLabs\vsmon.exe ---- 0 Ko ---- Normal ---- C:\Windows\System32\ZoneLabs\vsmon.exe -service ---- Check Point Software Technologies Ltd.
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe ---- 0 Ko ---- Normal ---- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe ---- NVIDIA Corporation
C:\Windows\system32\nvvsvc.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\nvvsvc.exe -session -first ---- NVIDIA Corporation
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe ---- 0 Ko ---- Normal ---- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe ---- Check Point Software Technologies Ltd.
C:\Windows\System32\spoolsv.exe ---- 0 Ko ---- Normal ---- C:\Windows\System32\spoolsv.exe ----
C:\Program Files\Avira\AntiVir Desktop\sched.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Avira\AntiVir Desktop\sched.exe ---- Avira GmbH
C:\Windows\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork ----
C:\Windows\system32\Dwm.exe ---- 0 Ko ---- High ---- C:\Windows\system32\Dwm.exe ----
C:\Windows\Explorer.EXE ---- 0 Ko ---- Normal ---- C:\Windows\Explorer.EXE ----
C:\Windows\system32\taskeng.exe ---- 0 Ko ---- Below Normal ---- taskeng.exe {5DB7006F-FAAD-488B-B768-C7739A4AA60D} ----
C:\Windows\system32\taskeng.exe ---- 0 Ko ---- Normal ---- taskeng.exe {A7F4AD0A-C210-4C05-89CC-6D4818E9C62B} ----
C:\Program Files\Avira\AntiVir Desktop\avguard.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Avira\AntiVir Desktop\avguard.exe ---- Avira GmbH
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE ---- 0 Ko ---- Normal ---- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE ----
C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE ---- 0 Ko ---- Normal ---- C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE ---- Packard Bell B.V.
C:\Windows\system32\PnkBstrA.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\PnkBstrA.exe ---- Even Balance, Inc.
C:\Windows\system32\PnkBstrB.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\PnkBstrB.exe ---- Even Balance, Inc.
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe avshadowcontrol0_000009b4 ---- Avira GmbH
C:\Windows\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted ----
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe ---- Microsoft Corporation
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe ---- 0 Ko ---- Normal ---- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe ---- NVIDIA Corporation
C:\Windows\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k imgsvc ----
C:\Windows\System32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k WerSvcGroup ----
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE ---- 0 Ko ---- Normal ---- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE ---- Microsoft Corporation
C:\Windows\system32\SearchIndexer.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\SearchIndexer.exe /Embedding ----
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe ---- 0 Ko ---- Normal ---- C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe ----
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe ---- 0 Ko ---- Normal ---- WLIDSvcM.exe 3028 ---- Microsoft Corporation
C:\Program Files\Canon\CAL\CALMAIN.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Canon\CAL\CALMAIN.exe ----
C:\Windows\system32\WUDFHost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\WUDFHost.exe -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-7a178fb5-34b4-44e5-9d0c-8fd4daeb1865 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-781624af-cc49-4837-bcaa-e3c6bb3acdf2 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-feedc7b4-4bdc-43fa-9a54-0a8f15ddd912 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:21808448-6277-4e80-8b3d-db696b3bd94e ----
C:\Program Files\Windows Media Player\wmpnscfg.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Windows Media Player\wmpnscfg.exe ----
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe ---- 0 Ko ---- Normal ---- C:\Program Files\OrangeHSS\Systray\SystrayApp.exe ----
C:\Windows\RtHDVCpl.exe ---- 0 Ko ---- Normal ---- C:\Windows\RtHDVCpl.exe ----
C:\Windows\System32\rundll32.exe ---- 0 Ko ---- Normal ---- C:\Windows\System32\rundll32.exe P0620Pin.dll,RunDLL32EP 513 ----
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe ---- Microsoft Corporation
C:\Program Files\Common Files\Java\Java Update\jusched.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Common Files\Java\Java Update\jusched.exe ---- Sun Microsystems, Inc.
C:\Program Files\DivX\DivX Update\DivXUpdate.exe ---- 0 Ko ---- Normal ---- C:\Program Files\DivX\DivX Update\DivXUpdate.exe /CHECKNOW ---- DivX, Inc.
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe ---- Check Point Software Technologies Ltd.
C:\Windows\System32\ALERTM~1\ALERTM~1.EXE ---- 0 Ko ---- Normal ---- C:\Windows\System32\ALERTM~1\ALERTM~1.EXE -Embedding ----
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe /min ---- Avira GmbH
C:\Program Files\Windows Live\Messenger\msnmsgr.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background ---- Microsoft Corporation
C:\Windows\ehome\ehtray.exe ---- 0 Ko ---- Normal ---- C:\Windows\ehome\ehtray.exe ----
C:\Windows\ehome\ehmsas.exe ---- 0 Ko ---- Normal ---- C:\Windows\ehome\ehmsas.exe -Embedding ----
C:\Program Files\Windows Media Player\wmpnetwk.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Windows Media Player\wmpnetwk.exe ----
C:\Windows\System32\mobsync.exe ---- 0 Ko ---- Normal ---- C:\Windows\System32\mobsync.exe -Embedding ----
C:\Windows\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation ----
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe ---- 0 Ko ---- Normal ---- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /set_event=FFAPI_StartEvent_fec_1932a /icon=hidden ---- Check Point Software Technologies Ltd.
C:\Program Files\Windows Live\Contacts\wlcomm.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Windows Live\Contacts\wlcomm.exe -Embedding ---- Microsoft Corporation
C:\Program Files\Mozilla Firefox\firefox.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Mozilla Firefox\firefox.exe ---- Mozilla Corporation
C:\Windows\System32\cmd.exe ---- 0 Ko ---- Normal ---- C:\Windows\System32\cmd.exe /C C:\Program Files\List_Kill'em\List'em.bat ----
C:\Windows\system32\conime.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\conime.exe ----
C:\Windows\system32\wbem\wmiprvse.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\wbem\wmiprvse.exe ----
C:\Windows\system32\SearchProtocolHost.exe ---- 0 Ko ---- Idle ---- C:\Windows\system32\SearchProtocolHost.exe Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 Software\Microsoft\Windows Search Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot) C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc DownLevelDaemon ----
C:\Windows\system32\SearchFilterHost.exe ---- 0 Ko ---- Idle ---- C:\Windows\system32\SearchFilterHost.exe 0 692 696 704 65536 700 ----
C:\Program Files\List_Kill'em\pv.L_K ---- 0 Ko ---- Normal ---- pv.L_K -o%f ---- %m Ko ---- %p ---- %l ---- %s ----
¤¤¤¤¤¤¤¤¤¤ Keys Run ¤¤¤¤¤¤¤¤¤¤
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
msnmsgr = C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background
WMPNSCFG = C:\Program Files\Windows Media Player\WMPNSCFG.exe
ehTray.exe = C:\Windows\ehome\ehTray.exe
ccleaner = C:\Program Files\CCleaner\CCleaner.exe /AUTO
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Windows Defender = %ProgramFiles%\Windows Defender\MSASCui.exe -hide
SystrayORAHSS = C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
RtHDVCpl = RtHDVCpl.exe
PD0620 STISvc = RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
GrooveMonitor = C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
SunJavaUpdateSched = C:\Program Files\Common Files\Java\Java Update\jusched.exe
DivXUpdate = C:\Program Files\DivX\DivX Update\DivXUpdate.exe /CHECKNOW
QuickTime Task = C:\Program Files\QuickTime\QTTask.exe -atboottime
ZoneAlarm Client = C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
ISW = C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon=hidden
avgnt = C:\Program Files\Avira\AntiVir Desktop\avgnt.exe /min
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
¤¤¤¤¤¤¤¤¤¤ Other System Keys ¤¤¤¤¤¤¤¤¤¤
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun = 0 (0x0)
NoDriveAutoRun = 3 (0x3)
HonorAutoRunSetting = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
BindDirectlyToPropertySetStorage = 0 (0x0)
NoDriveAutoRun = 3 (0x3)
NoDriveTypeAutoRun = 0 (0x0)
HonorAutoRunSetting = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS =
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
Shell = Explorer.exe
Userinit = C:\Windows\system32\Userinit.exe,
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook
{AEB6717E-7E19-11d0-97EE-00C04FD91972} =
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
¤¤¤¤¤¤¤¤¤¤ ActivX | COM ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{166B1BCA-3F9C-11CF-8075-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3C3901C5-3455-3E0A-A214-0B093A5070A6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
¤¤¤¤¤¤¤¤¤¤ BHO ¤¤¤¤¤¤¤¤¤¤
[@ = ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
¤¤¤¤¤¤¤¤¤¤ DNS ¤¤¤¤¤¤¤¤¤¤
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CFDA6C08-424F-4F4E-ADCA-A9508B2BAE7B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CFDA6C08-424F-4F4E-ADCA-A9508B2BAE7B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr
Local Page = C:\WINDOWS\system32\blank.htm
Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_Page_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr
Local Page = C:\WINDOWS\system32\blank.htm
¤¤¤¤¤ Proxy Internet Explorer
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
ProxyEnable = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤ Safemode ¤¤¤¤¤¤¤¤¤¤
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!
¤¤¤¤¤¤¤¤¤¤ Atapi.sys ¤¤¤¤¤¤¤¤¤¤
[MD5.1f05b78ab91c9075565a9d8a4b880bc4] - C:\Windows\ERDNT\cache\atapi.sys
[MD5.1f05b78ab91c9075565a9d8a4b880bc4] - C:\Windows\System32\drivers\atapi.sys
[MD5.b35cfcef838382ab6490b321c87edf17] - C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[MD5.1f05b78ab91c9075565a9d8a4b880bc4] - C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[MD5.4f4fcb8b6ea06784fb6d475b7ec7300f] - C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[MD5.2d9c903dc76a66813d350a562de40ed9] - C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[MD5.b35cfcef838382ab6490b321c87edf17] - C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[MD5.e03e8c99d15d0381e02743c36afc7c6f] - C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
[MD5.2d9c903dc76a66813d350a562de40ed9] - C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[MD5.1f05b78ab91c9075565a9d8a4b880bc4] - C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
¤¤¤¤¤ Reference
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP3 : 7A62A6C8303C9D026DD926F397B2FB57
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP1_32b : 95b858761a00e1d4f81f79a0da019aca
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Win XP_64 : 72C77044943340964FA513B92D6D6874
Win XP_64_SP2 : 7A1814D0D112F50F828E25557A1ED29F
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 338c86357871c167a96ab976519bf59e
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
¤¤¤¤¤¤¤¤¤¤ Explorer ¤¤¤¤¤¤¤¤¤¤
[MD5.d07d4c3038f3578ffce1c0237f2a1253] - C:\Windows\explorer.exe
[MD5.d07d4c3038f3578ffce1c0237f2a1253] - C:\Windows\ERDNT\cache\explorer.exe
[MD5.fd8c53fb002217f6f888bcf6f5d7084d] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[MD5.6d06cd98d954fe87fb2db8108793b399] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[MD5.37440d09deae0b672a04dccf7abf06be] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[MD5.bd06f0bf753bc704b653c3a50f89d362] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[MD5.e7156b0b74762d9de0e66bdcde06e5fb] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[MD5.ffa764631cb70a30065c12ef8e174f9f] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
[MD5.4f554999d7d5f05daaebba7b5ba1089d] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[MD5.50ba5850147410cde89c523ad3bc606e] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[MD5.d07d4c3038f3578ffce1c0237f2a1253] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
¤¤¤¤¤¤¤¤¤¤ Winlogon ¤¤¤¤¤¤¤¤¤¤
[MD5.898e7c06a350d4a1a64a9ea264d55452] - C:\Windows\ERDNT\cache\winlogon.exe
[MD5.898e7c06a350d4a1a64a9ea264d55452] - C:\Windows\System32\winlogon.exe
[MD5.9f75392b9128a91abafb044ea350baad] - C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[MD5.c2610b6bdbefc053bbdab4f1b965cb24] - C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[MD5.898e7c06a350d4a1a64a9ea264d55452] - C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
¤¤¤¤¤¤¤¤¤¤ Wininit ¤¤¤¤¤¤¤¤¤¤
[MD5.101ba3ea053480bb5d957ef37c06b5ed] - C:\Windows\ERDNT\cache\wininit.exe
[MD5.101ba3ea053480bb5d957ef37c06b5ed] - C:\Windows\System32\wininit.exe
[MD5.d4385b03e8cccee6f0ee249f827c1f3e] - C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
[MD5.101ba3ea053480bb5d957ef37c06b5ed] - C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
¤¤¤¤¤¤¤¤¤¤ SVC | svchost ¤¤¤¤¤¤¤¤¤¤
svchost.exe 832 DcomLaunch, PlugPlay
svchost.exe 940 RpcSs
svchost.exe 1036 Audiosrv, Dhcp, Eventlog, lmhosts, wscsvc
svchost.exe 1064 AudioEndpointBuilder, EMDMgmt, hidserv,
Netman, PcaSvc, SysMain,
TabletInputService, TrkWks, UxSms,
WdiSystemHost, Wlansvc, WPDBusEnum, wudfsvc
svchost.exe 1080 AeLookupSvc, Appinfo, BITS, Browser,
EapHost, gpsvc, IKEEXT, iphlpsvc,
LanmanServer, MMCSS, ProfSvc, RasMan,
Schedule, seclogon, SENS, ShellHWDetection,
Themes, Winmgmt, wuauserv
svchost.exe 1284 EventSystem, fdPHost, FDResPub,
LanmanWorkstation, netprofm, nsi, SSDPSRV,
SstpSvc, upnphost, W32Time, WebClient
svchost.exe 1412 CryptSvc, Dnscache, KtmRm, NlaSvc, TapiSrv,
TermService
svchost.exe 444 BFE, DPS, MpsSvc
svchost.exe 2724 PolicyAgent
svchost.exe 2924 stisvc
svchost.exe 2960 WerSvc
svchost.exe 4632 FontCache
¤¤¤¤¤¤¤¤¤¤ IFEO | debugger ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Mountpoints2 ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ First Scan ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤
[HKEY_CURRENT_USER\software\AC3filter]
[HKEY_CURRENT_USER\software\Ad-Remover]
[HKEY_CURRENT_USER\software\Adobe]
[HKEY_CURRENT_USER\software\AhnLab]
[HKEY_CURRENT_USER\software\Alcohol Soft]
[HKEY_CURRENT_USER\software\AppDataLow]
[HKEY_CURRENT_USER\software\Apple Computer, Inc.]
[HKEY_CURRENT_USER\software\Applications locales générées par AppWizard]
[HKEY_CURRENT_USER\software\ArchiverDLL]
[HKEY_CURRENT_USER\software\ArenaNet]
[HKEY_CURRENT_USER\software\Avira]
[HKEY_CURRENT_USER\software\Battle.net]
[HKEY_CURRENT_USER\software\BitTorrent]
[HKEY_CURRENT_USER\software\Blizzard Entertainment]
[HKEY_CURRENT_USER\software\Bugsplat]
[HKEY_CURRENT_USER\software\Canon]
[HKEY_CURRENT_USER\software\CheckPoint]
[HKEY_CURRENT_USER\software\CISRA]
[HKEY_CURRENT_USER\software\ClassesB]
[HKEY_CURRENT_USER\software\Clients]
[HKEY_CURRENT_USER\software\CurseClient]
[HKEY_CURRENT_USER\software\Cyanide]
[HKEY_CURRENT_USER\software\cybelsoft]
[HKEY_CURRENT_USER\software\DivX]
[HKEY_CURRENT_USER\software\DivXNetworks]
[HKEY_CURRENT_USER\software\DT Soft]
[HKEY_CURRENT_USER\software\DTP]
[HKEY_CURRENT_USER\software\ej-technologies]
[HKEY_CURRENT_USER\software\Emulators]
[HKEY_CURRENT_USER\software\EPSON]
[HKEY_CURRENT_USER\software\FRANCE TELECOM]
[HKEY_CURRENT_USER\software\Gabest]
[HKEY_CURRENT_USER\software\GNU]
[HKEY_CURRENT_USER\software\Google]
[HKEY_CURRENT_USER\software\GSpot Appliance Corp]
[HKEY_CURRENT_USER\software\Haali]
[HKEY_CURRENT_USER\software\IM Providers]
[HKEY_CURRENT_USER\software\INCAInternet]
[HKEY_CURRENT_USER\software\JavaSoft]
[HKEY_CURRENT_USER\software\JEDI-VCL]
[HKEY_CURRENT_USER\software\Lavasoft]
[HKEY_CURRENT_USER\software\Local AppWizard-Generated Applications]
[HKEY_CURRENT_USER\software\Macromedia]
[HKEY_CURRENT_USER\software\Malwarebytes' Anti-Malware]
[HKEY_CURRENT_USER\software\MediaInfo]
[HKEY_CURRENT_USER\software\Microsoft]
[HKEY_CURRENT_USER\software\Mozilla]
[HKEY_CURRENT_USER\software\MozillaPlugins]
[HKEY_CURRENT_USER\software\Mumble]
[HKEY_CURRENT_USER\software\Netscape]
[HKEY_CURRENT_USER\software\Nival Online]
[HKEY_CURRENT_USER\software\Northcode Inc]
[HKEY_CURRENT_USER\software\NVIDIA Corporation]
[HKEY_CURRENT_USER\software\ODBC]
[HKEY_CURRENT_USER\software\Packard Bell]
[HKEY_CURRENT_USER\software\Pando Networks]
[HKEY_CURRENT_USER\software\Piriform]
[HKEY_CURRENT_USER\software\Policies]
[HKEY_CURRENT_USER\software\RealNetworks]
[HKEY_CURRENT_USER\software\Realtek]
[HKEY_CURRENT_USER\software\SecuROM]
[HKEY_CURRENT_USER\software\SEIKO EPSON]
[HKEY_CURRENT_USER\software\Skype]
[HKEY_CURRENT_USER\software\Softonic]
[HKEY_CURRENT_USER\software\stevengould.org]
[HKEY_CURRENT_USER\software\Sun Microsystems]
[HKEY_CURRENT_USER\software\Sysinternals]
[HKEY_CURRENT_USER\software\TimeGate Studios]
[HKEY_CURRENT_USER\software\Trolltech]
[HKEY_CURRENT_USER\software\Usbfix]
[HKEY_CURRENT_USER\software\Valve]
[HKEY_CURRENT_USER\software\VB and VBA Program Settings]
[HKEY_CURRENT_USER\software\Veoh]
[HKEY_CURRENT_USER\software\WinRAR]
[HKEY_CURRENT_USER\software\WinRAR SFX]
[HKEY_CURRENT_USER\software\YahooPartnerToolbar]
[HKEY_CURRENT_USER\software\Zone Labs]
[HKEY_CURRENT_USER\software\Classes]
[HKEY_LOCAL_MACHINE\software\Adobe]
[HKEY_LOCAL_MACHINE\software\AeriaGames]
[HKEY_LOCAL_MACHINE\software\AGEIA Technologies]
[HKEY_LOCAL_MACHINE\software\Alcohol Soft]
[HKEY_LOCAL_MACHINE\software\Ankama]
[HKEY_LOCAL_MACHINE\software\Apple Computer, Inc.]
[HKEY_LOCAL_MACHINE\software\Apple Inc.]
[HKEY_LOCAL_MACHINE\software\ArenaNet]
[HKEY_LOCAL_MACHINE\software\Avira]
[HKEY_LOCAL_MACHINE\software\Blizzard Entertainment]
[HKEY_LOCAL_MACHINE\software\C07ft5Y]
[HKEY_LOCAL_MACHINE\software\Canon]
[HKEY_LOCAL_MACHINE\software\CheckPoint]
[HKEY_LOCAL_MACHINE\software\CISRA]
[HKEY_LOCAL_MACHINE\software\Classes]
[HKEY_LOCAL_MACHINE\software\Clients]
[HKEY_LOCAL_MACHINE\software\Codec Tweak Tool]
[HKEY_LOCAL_MACHINE\software\Creative Tech]
[HKEY_LOCAL_MACHINE\software\Cyanide]
[HKEY_LOCAL_MACHINE\software\cybelsoft]
[HKEY_LOCAL_MACHINE\software\CyberLink]
[HKEY_LOCAL_MACHINE\software\DivX]
[HKEY_LOCAL_MACHINE\software\DivXNetworks]
[HKEY_LOCAL_MACHINE\software\Dofus 2]
[HKEY_LOCAL_MACHINE\software\DT Soft]
[HKEY_LOCAL_MACHINE\software\EPSON]
[HKEY_LOCAL_MACHINE\software\FRANCE TELECOM]
[HKEY_LOCAL_MACHINE\software\Gabest]
[HKEY_LOCAL_MACHINE\software\Garena]
[HKEY_LOCAL_MACHINE\software\GNU]
[HKEY_LOCAL_MACHINE\software\Google]
[HKEY_LOCAL_MACHINE\software\HaaliMkx]
[HKEY_LOCAL_MACHINE\software\InstallShield]
[HKEY_LOCAL_MACHINE\software\Intel]
[HKEY_LOCAL_MACHINE\software\InterVideo]
[HKEY_LOCAL_MACHINE\software\JavaSoft]
[HKEY_LOCAL_MACHINE\software\JreMetrics]
[HKEY_LOCAL_MACHINE\software\Khronos]
[HKEY_LOCAL_MACHINE\software\KLCodecPack]
[HKEY_LOCAL_MACHINE\software\Larian Studios]
[HKEY_LOCAL_MACHINE\software\Lavasoft]
[HKEY_LOCAL_MACHINE\software\Licenses]
[HKEY_LOCAL_MACHINE\software\Macromedia]
[HKEY_LOCAL_MACHINE\software\Malwarebytes' Anti-Malware]
[HKEY_LOCAL_MACHINE\software\Microsoft]
[HKEY_LOCAL_MACHINE\software\MimarSinan]
[HKEY_LOCAL_MACHINE\software\Mozilla]
[HKEY_LOCAL_MACHINE\software\mozilla.org]
[HKEY_LOCAL_MACHINE\software\MozillaPlugins]
[HKEY_LOCAL_MACHINE\software\Mumble]
[HKEY_LOCAL_MACHINE\software\NCSoft]
[HKEY_LOCAL_MACHINE\software\Netts]
[HKEY_LOCAL_MACHINE\software\NiProD_StargateAtlantisSimulation]
[HKEY_LOCAL_MACHINE\software\NVIDIA Corporation]
[HKEY_LOCAL_MACHINE\software\Ocean Global Holding]
[HKEY_LOCAL_MACHINE\software\ODBC]
[HKEY_LOCAL_MACHINE\software\OldTimer Tools]
[HKEY_LOCAL_MACHINE\software\Pando Networks]
[HKEY_LOCAL_MACHINE\software\PB_EBAY]
[HKEY_LOCAL_MACHINE\software\PB_FIRSTCHOICE]
[HKEY_LOCAL_MACHINE\software\PB_KODAK]
[HKEY_LOCAL_MACHINE\software\PB_METABOLI]
[HKEY_LOCAL_MACHINE\software\Piriform]
[HKEY_LOCAL_MACHINE\software\PocketSoft]
[HKEY_LOCAL_MACHINE\software\Policies]
[HKEY_LOCAL_MACHINE\software\RealNetworks]
[HKEY_LOCAL_MACHINE\software\Realtek]
[HKEY_LOCAL_MACHINE\software\Realtek Semiconductor Corp.]
[HKEY_LOCAL_MACHINE\software\RegisteredApplications]
[HKEY_LOCAL_MACHINE\software\RichFX]
[HKEY_LOCAL_MACHINE\software\Riot Games]
[HKEY_LOCAL_MACHINE\software\S3R521]
[HKEY_LOCAL_MACHINE\software\Safer Networking Limited]
[HKEY_LOCAL_MACHINE\software\Sagem]
[HKEY_LOCAL_MACHINE\software\SECURITOO]
[HKEY_LOCAL_MACHINE\software\Skype]
[HKEY_LOCAL_MACHINE\software\SolidStateNetworks]
[HKEY_LOCAL_MACHINE\software\Sonic]
[HKEY_LOCAL_MACHINE\software\SONOV]
[HKEY_LOCAL_MACHINE\software\SpywareBlaster]
[HKEY_LOCAL_MACHINE\software\SRS Labs]
[HKEY_LOCAL_MACHINE\software\Sun Microsystems]
[HKEY_LOCAL_MACHINE\software\Symantec]
[HKEY_LOCAL_MACHINE\software\SymNRT]
[HKEY_LOCAL_MACHINE\software\Team17 Software Ltd.]
[HKEY_LOCAL_MACHINE\software\THQ]
[HKEY_LOCAL_MACHINE\software\TrendMicro]
[HKEY_LOCAL_MACHINE\software\Valve]
[HKEY_LOCAL_MACHINE\software\VertigoGames]
[HKEY_LOCAL_MACHINE\software\VideoLAN]
[HKEY_LOCAL_MACHINE\software\Waves Audio]
[HKEY_LOCAL_MACHINE\software\WholeSecurity]
[HKEY_LOCAL_MACHINE\software\Windows]
[HKEY_LOCAL_MACHINE\software\X-AVCSD]
[HKEY_LOCAL_MACHINE\software\Xerox]
[HKEY_LOCAL_MACHINE\software\Xing Technology Corp.]
[HKEY_LOCAL_MACHINE\software\Zone Labs]
[HKEY_LOCAL_MACHINE\software\ZoneAlarm_Security]
[HKEY_LOCAL_MACHINE\software\Even Balance]
¤¤¤¤¤¤¤¤¤¤ Files/folders ¤¤¤¤¤¤¤¤¤¤
Present !! : C:\Users\Nenuph\AppData\Roaming\app
Present !! : C:\Users\Nenuph\AppData\Local\d3d9caps.dat
Present !! : C:\Users\Nenuph\AppData\Local\GDIPFONTCACHEV1.DAT
Present !! : C:\Windows\Temp\CabB6B1.tmp
Present !! : C:\Windows\Temp\TarB6B2.tmp
Present !! : C:\Windows\Temp\ZLT017e0.TMP
¤¤¤¤¤¤¤¤¤¤ Keys :
FEATURE_BROWSER_EMULATION | svchost :
====================================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-12 11:46:07
Windows 6.0.6002 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: ST350083 rev.3.AA -> Harddisk0\DR0 -> \Device\0000005d
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll sfsync02.sys storport.sys nvstor32.sys tcpip.sys NETIO.SYS
C:\Windows\System32\drivers\sfsync02.sys Protection Technology StarForce Protection System
C:\Windows\system32\drivers\nvstor32.sys NVIDIA Corporation NVIDIA nForce(TM) SATA Driver
1 ntkrnlpa!IofCallDriver[0x82492962] -> \Device\Harddisk0\DR0[0x86830AC8]
3 CLASSPNP[0x807B88B3] -> ntkrnlpa!IofCallDriver[0x82492962] -> [0x85E3B700]
5 acpi[0x806976BC] -> ntkrnlpa!IofCallDriver[0x82492962] -> \Device\0000005d[0x859CB8F0]
kernel: MBR read successfully
user & kernel MBR OK
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval = 1 (0x1)
FirstRunDisabled = 1 (0x1)
AntiVirusDisableNotify = 0 (0x0)
FirewallDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
AntiVirusOverride = 0 (0x0)
FirewallOverride = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 11:47:38,46
User : Nenuph (Administrateurs)
Update on 08/12/2010 by g3n-h@ckm@n ::::: 19.00
Start at: 11:40:20 | 12/12/2010
Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 7.0.6002.18005
Windows Firewall Status : Disabled
C:\ -> Disque fixe local | 457,76 Go (256,61 Go free) [HDD] | NTFS
D:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
K:\ -> Disque amovible
¤¤¤¤¤ Sessions ¤¤¤¤¤
C:\Users\Nenuph
C:\Users\Public
C:\Users\Default
Boot: Normal
¤¤¤¤¤¤ Processes ------- Memory(Ko) ------- Priority ------ Command ------- Signer
C:\Windows\System32\smss.exe ---- 0 Ko ---- Normal ---- \SystemRoot\System32\smss.exe ----
C:\Windows\system32\csrss.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ----
C:\Windows\system32\wininit.exe ---- 0 Ko ---- High ---- wininit.exe ----
C:\Windows\system32\csrss.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ----
C:\Windows\system32\services.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\services.exe ----
C:\Windows\system32\lsass.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\lsass.exe ----
C:\Windows\system32\lsm.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\lsm.exe ----
C:\Windows\system32\winlogon.exe ---- 0 Ko ---- High ---- winlogon.exe ----
C:\Windows\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k DcomLaunch ----
C:\Windows\system32\nvvsvc.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\nvvsvc.exe ---- NVIDIA Corporation
C:\Windows\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k rpcss ----
C:\Windows\System32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted ----
C:\Windows\System32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted ----
C:\Windows\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k netsvcs ----
C:\Windows\system32\SLsvc.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\SLsvc.exe ----
C:\Windows\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k LocalService ----
C:\Windows\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k NetworkService ----
C:\Windows\System32\ZoneLabs\vsmon.exe ---- 0 Ko ---- Normal ---- C:\Windows\System32\ZoneLabs\vsmon.exe -service ---- Check Point Software Technologies Ltd.
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe ---- 0 Ko ---- Normal ---- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe ---- NVIDIA Corporation
C:\Windows\system32\nvvsvc.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\nvvsvc.exe -session -first ---- NVIDIA Corporation
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe ---- 0 Ko ---- Normal ---- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe ---- Check Point Software Technologies Ltd.
C:\Windows\System32\spoolsv.exe ---- 0 Ko ---- Normal ---- C:\Windows\System32\spoolsv.exe ----
C:\Program Files\Avira\AntiVir Desktop\sched.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Avira\AntiVir Desktop\sched.exe ---- Avira GmbH
C:\Windows\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork ----
C:\Windows\system32\Dwm.exe ---- 0 Ko ---- High ---- C:\Windows\system32\Dwm.exe ----
C:\Windows\Explorer.EXE ---- 0 Ko ---- Normal ---- C:\Windows\Explorer.EXE ----
C:\Windows\system32\taskeng.exe ---- 0 Ko ---- Below Normal ---- taskeng.exe {5DB7006F-FAAD-488B-B768-C7739A4AA60D} ----
C:\Windows\system32\taskeng.exe ---- 0 Ko ---- Normal ---- taskeng.exe {A7F4AD0A-C210-4C05-89CC-6D4818E9C62B} ----
C:\Program Files\Avira\AntiVir Desktop\avguard.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Avira\AntiVir Desktop\avguard.exe ---- Avira GmbH
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE ---- 0 Ko ---- Normal ---- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE ----
C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE ---- 0 Ko ---- Normal ---- C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE ---- Packard Bell B.V.
C:\Windows\system32\PnkBstrA.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\PnkBstrA.exe ---- Even Balance, Inc.
C:\Windows\system32\PnkBstrB.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\PnkBstrB.exe ---- Even Balance, Inc.
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe avshadowcontrol0_000009b4 ---- Avira GmbH
C:\Windows\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted ----
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe ---- Microsoft Corporation
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe ---- 0 Ko ---- Normal ---- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe ---- NVIDIA Corporation
C:\Windows\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k imgsvc ----
C:\Windows\System32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k WerSvcGroup ----
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE ---- 0 Ko ---- Normal ---- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE ---- Microsoft Corporation
C:\Windows\system32\SearchIndexer.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\SearchIndexer.exe /Embedding ----
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe ---- 0 Ko ---- Normal ---- C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe ----
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe ---- 0 Ko ---- Normal ---- WLIDSvcM.exe 3028 ---- Microsoft Corporation
C:\Program Files\Canon\CAL\CALMAIN.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Canon\CAL\CALMAIN.exe ----
C:\Windows\system32\WUDFHost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\WUDFHost.exe -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-7a178fb5-34b4-44e5-9d0c-8fd4daeb1865 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-781624af-cc49-4837-bcaa-e3c6bb3acdf2 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-feedc7b4-4bdc-43fa-9a54-0a8f15ddd912 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:21808448-6277-4e80-8b3d-db696b3bd94e ----
C:\Program Files\Windows Media Player\wmpnscfg.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Windows Media Player\wmpnscfg.exe ----
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe ---- 0 Ko ---- Normal ---- C:\Program Files\OrangeHSS\Systray\SystrayApp.exe ----
C:\Windows\RtHDVCpl.exe ---- 0 Ko ---- Normal ---- C:\Windows\RtHDVCpl.exe ----
C:\Windows\System32\rundll32.exe ---- 0 Ko ---- Normal ---- C:\Windows\System32\rundll32.exe P0620Pin.dll,RunDLL32EP 513 ----
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe ---- Microsoft Corporation
C:\Program Files\Common Files\Java\Java Update\jusched.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Common Files\Java\Java Update\jusched.exe ---- Sun Microsystems, Inc.
C:\Program Files\DivX\DivX Update\DivXUpdate.exe ---- 0 Ko ---- Normal ---- C:\Program Files\DivX\DivX Update\DivXUpdate.exe /CHECKNOW ---- DivX, Inc.
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe ---- Check Point Software Technologies Ltd.
C:\Windows\System32\ALERTM~1\ALERTM~1.EXE ---- 0 Ko ---- Normal ---- C:\Windows\System32\ALERTM~1\ALERTM~1.EXE -Embedding ----
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe /min ---- Avira GmbH
C:\Program Files\Windows Live\Messenger\msnmsgr.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background ---- Microsoft Corporation
C:\Windows\ehome\ehtray.exe ---- 0 Ko ---- Normal ---- C:\Windows\ehome\ehtray.exe ----
C:\Windows\ehome\ehmsas.exe ---- 0 Ko ---- Normal ---- C:\Windows\ehome\ehmsas.exe -Embedding ----
C:\Program Files\Windows Media Player\wmpnetwk.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Windows Media Player\wmpnetwk.exe ----
C:\Windows\System32\mobsync.exe ---- 0 Ko ---- Normal ---- C:\Windows\System32\mobsync.exe -Embedding ----
C:\Windows\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation ----
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe ---- 0 Ko ---- Normal ---- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /set_event=FFAPI_StartEvent_fec_1932a /icon=hidden ---- Check Point Software Technologies Ltd.
C:\Program Files\Windows Live\Contacts\wlcomm.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Windows Live\Contacts\wlcomm.exe -Embedding ---- Microsoft Corporation
C:\Program Files\Mozilla Firefox\firefox.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Mozilla Firefox\firefox.exe ---- Mozilla Corporation
C:\Windows\System32\cmd.exe ---- 0 Ko ---- Normal ---- C:\Windows\System32\cmd.exe /C C:\Program Files\List_Kill'em\List'em.bat ----
C:\Windows\system32\conime.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\conime.exe ----
C:\Windows\system32\wbem\wmiprvse.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\wbem\wmiprvse.exe ----
C:\Windows\system32\SearchProtocolHost.exe ---- 0 Ko ---- Idle ---- C:\Windows\system32\SearchProtocolHost.exe Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 Software\Microsoft\Windows Search Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot) C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc DownLevelDaemon ----
C:\Windows\system32\SearchFilterHost.exe ---- 0 Ko ---- Idle ---- C:\Windows\system32\SearchFilterHost.exe 0 692 696 704 65536 700 ----
C:\Program Files\List_Kill'em\pv.L_K ---- 0 Ko ---- Normal ---- pv.L_K -o%f ---- %m Ko ---- %p ---- %l ---- %s ----
¤¤¤¤¤¤¤¤¤¤ Keys Run ¤¤¤¤¤¤¤¤¤¤
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
msnmsgr = C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background
WMPNSCFG = C:\Program Files\Windows Media Player\WMPNSCFG.exe
ehTray.exe = C:\Windows\ehome\ehTray.exe
ccleaner = C:\Program Files\CCleaner\CCleaner.exe /AUTO
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Windows Defender = %ProgramFiles%\Windows Defender\MSASCui.exe -hide
SystrayORAHSS = C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
RtHDVCpl = RtHDVCpl.exe
PD0620 STISvc = RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
GrooveMonitor = C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
SunJavaUpdateSched = C:\Program Files\Common Files\Java\Java Update\jusched.exe
DivXUpdate = C:\Program Files\DivX\DivX Update\DivXUpdate.exe /CHECKNOW
QuickTime Task = C:\Program Files\QuickTime\QTTask.exe -atboottime
ZoneAlarm Client = C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
ISW = C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon=hidden
avgnt = C:\Program Files\Avira\AntiVir Desktop\avgnt.exe /min
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
¤¤¤¤¤¤¤¤¤¤ Other System Keys ¤¤¤¤¤¤¤¤¤¤
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun = 0 (0x0)
NoDriveAutoRun = 3 (0x3)
HonorAutoRunSetting = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
BindDirectlyToPropertySetStorage = 0 (0x0)
NoDriveAutoRun = 3 (0x3)
NoDriveTypeAutoRun = 0 (0x0)
HonorAutoRunSetting = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS =
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
Shell = Explorer.exe
Userinit = C:\Windows\system32\Userinit.exe,
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook
{AEB6717E-7E19-11d0-97EE-00C04FD91972} =
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
¤¤¤¤¤¤¤¤¤¤ ActivX | COM ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{166B1BCA-3F9C-11CF-8075-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3C3901C5-3455-3E0A-A214-0B093A5070A6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
¤¤¤¤¤¤¤¤¤¤ BHO ¤¤¤¤¤¤¤¤¤¤
[@ = ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
¤¤¤¤¤¤¤¤¤¤ DNS ¤¤¤¤¤¤¤¤¤¤
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CFDA6C08-424F-4F4E-ADCA-A9508B2BAE7B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CFDA6C08-424F-4F4E-ADCA-A9508B2BAE7B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr
Local Page = C:\WINDOWS\system32\blank.htm
Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_Page_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr
Local Page = C:\WINDOWS\system32\blank.htm
¤¤¤¤¤ Proxy Internet Explorer
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
ProxyEnable = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤ Safemode ¤¤¤¤¤¤¤¤¤¤
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!
¤¤¤¤¤¤¤¤¤¤ Atapi.sys ¤¤¤¤¤¤¤¤¤¤
[MD5.1f05b78ab91c9075565a9d8a4b880bc4] - C:\Windows\ERDNT\cache\atapi.sys
[MD5.1f05b78ab91c9075565a9d8a4b880bc4] - C:\Windows\System32\drivers\atapi.sys
[MD5.b35cfcef838382ab6490b321c87edf17] - C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[MD5.1f05b78ab91c9075565a9d8a4b880bc4] - C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[MD5.4f4fcb8b6ea06784fb6d475b7ec7300f] - C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[MD5.2d9c903dc76a66813d350a562de40ed9] - C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[MD5.b35cfcef838382ab6490b321c87edf17] - C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[MD5.e03e8c99d15d0381e02743c36afc7c6f] - C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
[MD5.2d9c903dc76a66813d350a562de40ed9] - C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[MD5.1f05b78ab91c9075565a9d8a4b880bc4] - C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
¤¤¤¤¤ Reference
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP3 : 7A62A6C8303C9D026DD926F397B2FB57
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP1_32b : 95b858761a00e1d4f81f79a0da019aca
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Win XP_64 : 72C77044943340964FA513B92D6D6874
Win XP_64_SP2 : 7A1814D0D112F50F828E25557A1ED29F
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 338c86357871c167a96ab976519bf59e
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
¤¤¤¤¤¤¤¤¤¤ Explorer ¤¤¤¤¤¤¤¤¤¤
[MD5.d07d4c3038f3578ffce1c0237f2a1253] - C:\Windows\explorer.exe
[MD5.d07d4c3038f3578ffce1c0237f2a1253] - C:\Windows\ERDNT\cache\explorer.exe
[MD5.fd8c53fb002217f6f888bcf6f5d7084d] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[MD5.6d06cd98d954fe87fb2db8108793b399] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[MD5.37440d09deae0b672a04dccf7abf06be] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[MD5.bd06f0bf753bc704b653c3a50f89d362] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[MD5.e7156b0b74762d9de0e66bdcde06e5fb] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[MD5.ffa764631cb70a30065c12ef8e174f9f] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
[MD5.4f554999d7d5f05daaebba7b5ba1089d] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[MD5.50ba5850147410cde89c523ad3bc606e] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[MD5.d07d4c3038f3578ffce1c0237f2a1253] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
¤¤¤¤¤¤¤¤¤¤ Winlogon ¤¤¤¤¤¤¤¤¤¤
[MD5.898e7c06a350d4a1a64a9ea264d55452] - C:\Windows\ERDNT\cache\winlogon.exe
[MD5.898e7c06a350d4a1a64a9ea264d55452] - C:\Windows\System32\winlogon.exe
[MD5.9f75392b9128a91abafb044ea350baad] - C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[MD5.c2610b6bdbefc053bbdab4f1b965cb24] - C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[MD5.898e7c06a350d4a1a64a9ea264d55452] - C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
¤¤¤¤¤¤¤¤¤¤ Wininit ¤¤¤¤¤¤¤¤¤¤
[MD5.101ba3ea053480bb5d957ef37c06b5ed] - C:\Windows\ERDNT\cache\wininit.exe
[MD5.101ba3ea053480bb5d957ef37c06b5ed] - C:\Windows\System32\wininit.exe
[MD5.d4385b03e8cccee6f0ee249f827c1f3e] - C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
[MD5.101ba3ea053480bb5d957ef37c06b5ed] - C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
¤¤¤¤¤¤¤¤¤¤ SVC | svchost ¤¤¤¤¤¤¤¤¤¤
svchost.exe 832 DcomLaunch, PlugPlay
svchost.exe 940 RpcSs
svchost.exe 1036 Audiosrv, Dhcp, Eventlog, lmhosts, wscsvc
svchost.exe 1064 AudioEndpointBuilder, EMDMgmt, hidserv,
Netman, PcaSvc, SysMain,
TabletInputService, TrkWks, UxSms,
WdiSystemHost, Wlansvc, WPDBusEnum, wudfsvc
svchost.exe 1080 AeLookupSvc, Appinfo, BITS, Browser,
EapHost, gpsvc, IKEEXT, iphlpsvc,
LanmanServer, MMCSS, ProfSvc, RasMan,
Schedule, seclogon, SENS, ShellHWDetection,
Themes, Winmgmt, wuauserv
svchost.exe 1284 EventSystem, fdPHost, FDResPub,
LanmanWorkstation, netprofm, nsi, SSDPSRV,
SstpSvc, upnphost, W32Time, WebClient
svchost.exe 1412 CryptSvc, Dnscache, KtmRm, NlaSvc, TapiSrv,
TermService
svchost.exe 444 BFE, DPS, MpsSvc
svchost.exe 2724 PolicyAgent
svchost.exe 2924 stisvc
svchost.exe 2960 WerSvc
svchost.exe 4632 FontCache
¤¤¤¤¤¤¤¤¤¤ IFEO | debugger ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Mountpoints2 ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ First Scan ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤
[HKEY_CURRENT_USER\software\AC3filter]
[HKEY_CURRENT_USER\software\Ad-Remover]
[HKEY_CURRENT_USER\software\Adobe]
[HKEY_CURRENT_USER\software\AhnLab]
[HKEY_CURRENT_USER\software\Alcohol Soft]
[HKEY_CURRENT_USER\software\AppDataLow]
[HKEY_CURRENT_USER\software\Apple Computer, Inc.]
[HKEY_CURRENT_USER\software\Applications locales générées par AppWizard]
[HKEY_CURRENT_USER\software\ArchiverDLL]
[HKEY_CURRENT_USER\software\ArenaNet]
[HKEY_CURRENT_USER\software\Avira]
[HKEY_CURRENT_USER\software\Battle.net]
[HKEY_CURRENT_USER\software\BitTorrent]
[HKEY_CURRENT_USER\software\Blizzard Entertainment]
[HKEY_CURRENT_USER\software\Bugsplat]
[HKEY_CURRENT_USER\software\Canon]
[HKEY_CURRENT_USER\software\CheckPoint]
[HKEY_CURRENT_USER\software\CISRA]
[HKEY_CURRENT_USER\software\ClassesB]
[HKEY_CURRENT_USER\software\Clients]
[HKEY_CURRENT_USER\software\CurseClient]
[HKEY_CURRENT_USER\software\Cyanide]
[HKEY_CURRENT_USER\software\cybelsoft]
[HKEY_CURRENT_USER\software\DivX]
[HKEY_CURRENT_USER\software\DivXNetworks]
[HKEY_CURRENT_USER\software\DT Soft]
[HKEY_CURRENT_USER\software\DTP]
[HKEY_CURRENT_USER\software\ej-technologies]
[HKEY_CURRENT_USER\software\Emulators]
[HKEY_CURRENT_USER\software\EPSON]
[HKEY_CURRENT_USER\software\FRANCE TELECOM]
[HKEY_CURRENT_USER\software\Gabest]
[HKEY_CURRENT_USER\software\GNU]
[HKEY_CURRENT_USER\software\Google]
[HKEY_CURRENT_USER\software\GSpot Appliance Corp]
[HKEY_CURRENT_USER\software\Haali]
[HKEY_CURRENT_USER\software\IM Providers]
[HKEY_CURRENT_USER\software\INCAInternet]
[HKEY_CURRENT_USER\software\JavaSoft]
[HKEY_CURRENT_USER\software\JEDI-VCL]
[HKEY_CURRENT_USER\software\Lavasoft]
[HKEY_CURRENT_USER\software\Local AppWizard-Generated Applications]
[HKEY_CURRENT_USER\software\Macromedia]
[HKEY_CURRENT_USER\software\Malwarebytes' Anti-Malware]
[HKEY_CURRENT_USER\software\MediaInfo]
[HKEY_CURRENT_USER\software\Microsoft]
[HKEY_CURRENT_USER\software\Mozilla]
[HKEY_CURRENT_USER\software\MozillaPlugins]
[HKEY_CURRENT_USER\software\Mumble]
[HKEY_CURRENT_USER\software\Netscape]
[HKEY_CURRENT_USER\software\Nival Online]
[HKEY_CURRENT_USER\software\Northcode Inc]
[HKEY_CURRENT_USER\software\NVIDIA Corporation]
[HKEY_CURRENT_USER\software\ODBC]
[HKEY_CURRENT_USER\software\Packard Bell]
[HKEY_CURRENT_USER\software\Pando Networks]
[HKEY_CURRENT_USER\software\Piriform]
[HKEY_CURRENT_USER\software\Policies]
[HKEY_CURRENT_USER\software\RealNetworks]
[HKEY_CURRENT_USER\software\Realtek]
[HKEY_CURRENT_USER\software\SecuROM]
[HKEY_CURRENT_USER\software\SEIKO EPSON]
[HKEY_CURRENT_USER\software\Skype]
[HKEY_CURRENT_USER\software\Softonic]
[HKEY_CURRENT_USER\software\stevengould.org]
[HKEY_CURRENT_USER\software\Sun Microsystems]
[HKEY_CURRENT_USER\software\Sysinternals]
[HKEY_CURRENT_USER\software\TimeGate Studios]
[HKEY_CURRENT_USER\software\Trolltech]
[HKEY_CURRENT_USER\software\Usbfix]
[HKEY_CURRENT_USER\software\Valve]
[HKEY_CURRENT_USER\software\VB and VBA Program Settings]
[HKEY_CURRENT_USER\software\Veoh]
[HKEY_CURRENT_USER\software\WinRAR]
[HKEY_CURRENT_USER\software\WinRAR SFX]
[HKEY_CURRENT_USER\software\YahooPartnerToolbar]
[HKEY_CURRENT_USER\software\Zone Labs]
[HKEY_CURRENT_USER\software\Classes]
[HKEY_LOCAL_MACHINE\software\Adobe]
[HKEY_LOCAL_MACHINE\software\AeriaGames]
[HKEY_LOCAL_MACHINE\software\AGEIA Technologies]
[HKEY_LOCAL_MACHINE\software\Alcohol Soft]
[HKEY_LOCAL_MACHINE\software\Ankama]
[HKEY_LOCAL_MACHINE\software\Apple Computer, Inc.]
[HKEY_LOCAL_MACHINE\software\Apple Inc.]
[HKEY_LOCAL_MACHINE\software\ArenaNet]
[HKEY_LOCAL_MACHINE\software\Avira]
[HKEY_LOCAL_MACHINE\software\Blizzard Entertainment]
[HKEY_LOCAL_MACHINE\software\C07ft5Y]
[HKEY_LOCAL_MACHINE\software\Canon]
[HKEY_LOCAL_MACHINE\software\CheckPoint]
[HKEY_LOCAL_MACHINE\software\CISRA]
[HKEY_LOCAL_MACHINE\software\Classes]
[HKEY_LOCAL_MACHINE\software\Clients]
[HKEY_LOCAL_MACHINE\software\Codec Tweak Tool]
[HKEY_LOCAL_MACHINE\software\Creative Tech]
[HKEY_LOCAL_MACHINE\software\Cyanide]
[HKEY_LOCAL_MACHINE\software\cybelsoft]
[HKEY_LOCAL_MACHINE\software\CyberLink]
[HKEY_LOCAL_MACHINE\software\DivX]
[HKEY_LOCAL_MACHINE\software\DivXNetworks]
[HKEY_LOCAL_MACHINE\software\Dofus 2]
[HKEY_LOCAL_MACHINE\software\DT Soft]
[HKEY_LOCAL_MACHINE\software\EPSON]
[HKEY_LOCAL_MACHINE\software\FRANCE TELECOM]
[HKEY_LOCAL_MACHINE\software\Gabest]
[HKEY_LOCAL_MACHINE\software\Garena]
[HKEY_LOCAL_MACHINE\software\GNU]
[HKEY_LOCAL_MACHINE\software\Google]
[HKEY_LOCAL_MACHINE\software\HaaliMkx]
[HKEY_LOCAL_MACHINE\software\InstallShield]
[HKEY_LOCAL_MACHINE\software\Intel]
[HKEY_LOCAL_MACHINE\software\InterVideo]
[HKEY_LOCAL_MACHINE\software\JavaSoft]
[HKEY_LOCAL_MACHINE\software\JreMetrics]
[HKEY_LOCAL_MACHINE\software\Khronos]
[HKEY_LOCAL_MACHINE\software\KLCodecPack]
[HKEY_LOCAL_MACHINE\software\Larian Studios]
[HKEY_LOCAL_MACHINE\software\Lavasoft]
[HKEY_LOCAL_MACHINE\software\Licenses]
[HKEY_LOCAL_MACHINE\software\Macromedia]
[HKEY_LOCAL_MACHINE\software\Malwarebytes' Anti-Malware]
[HKEY_LOCAL_MACHINE\software\Microsoft]
[HKEY_LOCAL_MACHINE\software\MimarSinan]
[HKEY_LOCAL_MACHINE\software\Mozilla]
[HKEY_LOCAL_MACHINE\software\mozilla.org]
[HKEY_LOCAL_MACHINE\software\MozillaPlugins]
[HKEY_LOCAL_MACHINE\software\Mumble]
[HKEY_LOCAL_MACHINE\software\NCSoft]
[HKEY_LOCAL_MACHINE\software\Netts]
[HKEY_LOCAL_MACHINE\software\NiProD_StargateAtlantisSimulation]
[HKEY_LOCAL_MACHINE\software\NVIDIA Corporation]
[HKEY_LOCAL_MACHINE\software\Ocean Global Holding]
[HKEY_LOCAL_MACHINE\software\ODBC]
[HKEY_LOCAL_MACHINE\software\OldTimer Tools]
[HKEY_LOCAL_MACHINE\software\Pando Networks]
[HKEY_LOCAL_MACHINE\software\PB_EBAY]
[HKEY_LOCAL_MACHINE\software\PB_FIRSTCHOICE]
[HKEY_LOCAL_MACHINE\software\PB_KODAK]
[HKEY_LOCAL_MACHINE\software\PB_METABOLI]
[HKEY_LOCAL_MACHINE\software\Piriform]
[HKEY_LOCAL_MACHINE\software\PocketSoft]
[HKEY_LOCAL_MACHINE\software\Policies]
[HKEY_LOCAL_MACHINE\software\RealNetworks]
[HKEY_LOCAL_MACHINE\software\Realtek]
[HKEY_LOCAL_MACHINE\software\Realtek Semiconductor Corp.]
[HKEY_LOCAL_MACHINE\software\RegisteredApplications]
[HKEY_LOCAL_MACHINE\software\RichFX]
[HKEY_LOCAL_MACHINE\software\Riot Games]
[HKEY_LOCAL_MACHINE\software\S3R521]
[HKEY_LOCAL_MACHINE\software\Safer Networking Limited]
[HKEY_LOCAL_MACHINE\software\Sagem]
[HKEY_LOCAL_MACHINE\software\SECURITOO]
[HKEY_LOCAL_MACHINE\software\Skype]
[HKEY_LOCAL_MACHINE\software\SolidStateNetworks]
[HKEY_LOCAL_MACHINE\software\Sonic]
[HKEY_LOCAL_MACHINE\software\SONOV]
[HKEY_LOCAL_MACHINE\software\SpywareBlaster]
[HKEY_LOCAL_MACHINE\software\SRS Labs]
[HKEY_LOCAL_MACHINE\software\Sun Microsystems]
[HKEY_LOCAL_MACHINE\software\Symantec]
[HKEY_LOCAL_MACHINE\software\SymNRT]
[HKEY_LOCAL_MACHINE\software\Team17 Software Ltd.]
[HKEY_LOCAL_MACHINE\software\THQ]
[HKEY_LOCAL_MACHINE\software\TrendMicro]
[HKEY_LOCAL_MACHINE\software\Valve]
[HKEY_LOCAL_MACHINE\software\VertigoGames]
[HKEY_LOCAL_MACHINE\software\VideoLAN]
[HKEY_LOCAL_MACHINE\software\Waves Audio]
[HKEY_LOCAL_MACHINE\software\WholeSecurity]
[HKEY_LOCAL_MACHINE\software\Windows]
[HKEY_LOCAL_MACHINE\software\X-AVCSD]
[HKEY_LOCAL_MACHINE\software\Xerox]
[HKEY_LOCAL_MACHINE\software\Xing Technology Corp.]
[HKEY_LOCAL_MACHINE\software\Zone Labs]
[HKEY_LOCAL_MACHINE\software\ZoneAlarm_Security]
[HKEY_LOCAL_MACHINE\software\Even Balance]
¤¤¤¤¤¤¤¤¤¤ Files/folders ¤¤¤¤¤¤¤¤¤¤
Present !! : C:\Users\Nenuph\AppData\Roaming\app
Present !! : C:\Users\Nenuph\AppData\Local\d3d9caps.dat
Present !! : C:\Users\Nenuph\AppData\Local\GDIPFONTCACHEV1.DAT
Present !! : C:\Windows\Temp\CabB6B1.tmp
Present !! : C:\Windows\Temp\TarB6B2.tmp
Present !! : C:\Windows\Temp\ZLT017e0.TMP
¤¤¤¤¤¤¤¤¤¤ Keys :
FEATURE_BROWSER_EMULATION | svchost :
====================================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-12 11:46:07
Windows 6.0.6002 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: ST350083 rev.3.AA -> Harddisk0\DR0 -> \Device\0000005d
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll sfsync02.sys storport.sys nvstor32.sys tcpip.sys NETIO.SYS
C:\Windows\System32\drivers\sfsync02.sys Protection Technology StarForce Protection System
C:\Windows\system32\drivers\nvstor32.sys NVIDIA Corporation NVIDIA nForce(TM) SATA Driver
1 ntkrnlpa!IofCallDriver[0x82492962] -> \Device\Harddisk0\DR0[0x86830AC8]
3 CLASSPNP[0x807B88B3] -> ntkrnlpa!IofCallDriver[0x82492962] -> [0x85E3B700]
5 acpi[0x806976BC] -> ntkrnlpa!IofCallDriver[0x82492962] -> \Device\0000005d[0x859CB8F0]
kernel: MBR read successfully
user & kernel MBR OK
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval = 1 (0x1)
FirstRunDisabled = 1 (0x1)
AntiVirusDisableNotify = 0 (0x0)
FirewallDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
AntiVirusOverride = 0 (0x0)
FirewallOverride = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 11:47:38,46
Trouvé :)
¤¤¤¤¤¤¤¤¤¤ List'em by g3n-h@ckm@n 2.1.2.7 ¤¤¤¤¤¤¤¤¤¤
User : Nenuph (Administrateurs)
Update on 08/12/2010 by g3n-h@ckm@n ::::: 19.00
Start at: 11:40:20 | 12/12/2010
Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 7.0.6002.18005
Windows Firewall Status : Disabled
C:\ -> Disque fixe local | 457,76 Go (256,61 Go free) [HDD] | NTFS
D:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
K:\ -> Disque amovible
¤¤¤¤¤ Sessions ¤¤¤¤¤
C:\Users\Nenuph
C:\Users\Public
C:\Users\Default
Boot: Normal
¤¤¤¤¤¤ Processes ------- Memory(Ko) ------- Priority ------ Command ------- Signer
C:\Windows\System32\smss.exe ---- 0 Ko ---- Normal ---- \SystemRoot\System32\smss.exe ----
C:\Windows\system32\csrss.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ----
C:\Windows\system32\wininit.exe ---- 0 Ko ---- High ---- wininit.exe ----
C:\Windows\system32\csrss.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ----
C:\Windows\system32\services.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\services.exe ----
C:\Windows\system32\lsass.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\lsass.exe ----
C:\Windows\system32\lsm.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\lsm.exe ----
C:\Windows\system32\winlogon.exe ---- 0 Ko ---- High ---- winlogon.exe ----
C:\Windows\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k DcomLaunch ----
C:\Windows\system32\nvvsvc.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\nvvsvc.exe ---- NVIDIA Corporation
C:\Windows\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k rpcss ----
C:\Windows\System32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted ----
C:\Windows\System32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted ----
C:\Windows\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k netsvcs ----
C:\Windows\system32\SLsvc.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\SLsvc.exe ----
C:\Windows\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k LocalService ----
C:\Windows\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k NetworkService ----
C:\Windows\System32\ZoneLabs\vsmon.exe ---- 0 Ko ---- Normal ---- C:\Windows\System32\ZoneLabs\vsmon.exe -service ---- Check Point Software Technologies Ltd.
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe ---- 0 Ko ---- Normal ---- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe ---- NVIDIA Corporation
C:\Windows\system32\nvvsvc.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\nvvsvc.exe -session -first ---- NVIDIA Corporation
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe ---- 0 Ko ---- Normal ---- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe ---- Check Point Software Technologies Ltd.
C:\Windows\System32\spoolsv.exe ---- 0 Ko ---- Normal ---- C:\Windows\System32\spoolsv.exe ----
C:\Program Files\Avira\AntiVir Desktop\sched.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Avira\AntiVir Desktop\sched.exe ---- Avira GmbH
C:\Windows\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork ----
C:\Windows\system32\Dwm.exe ---- 0 Ko ---- High ---- C:\Windows\system32\Dwm.exe ----
C:\Windows\Explorer.EXE ---- 0 Ko ---- Normal ---- C:\Windows\Explorer.EXE ----
C:\Windows\system32\taskeng.exe ---- 0 Ko ---- Below Normal ---- taskeng.exe {5DB7006F-FAAD-488B-B768-C7739A4AA60D} ----
C:\Windows\system32\taskeng.exe ---- 0 Ko ---- Normal ---- taskeng.exe {A7F4AD0A-C210-4C05-89CC-6D4818E9C62B} ----
C:\Program Files\Avira\AntiVir Desktop\avguard.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Avira\AntiVir Desktop\avguard.exe ---- Avira GmbH
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE ---- 0 Ko ---- Normal ---- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE ----
C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE ---- 0 Ko ---- Normal ---- C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE ---- Packard Bell B.V.
C:\Windows\system32\PnkBstrA.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\PnkBstrA.exe ---- Even Balance, Inc.
C:\Windows\system32\PnkBstrB.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\PnkBstrB.exe ---- Even Balance, Inc.
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe avshadowcontrol0_000009b4 ---- Avira GmbH
C:\Windows\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted ----
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe ---- Microsoft Corporation
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe ---- 0 Ko ---- Normal ---- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe ---- NVIDIA Corporation
C:\Windows\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k imgsvc ----
C:\Windows\System32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k WerSvcGroup ----
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE ---- 0 Ko ---- Normal ---- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE ---- Microsoft Corporation
C:\Windows\system32\SearchIndexer.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\SearchIndexer.exe /Embedding ----
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe ---- 0 Ko ---- Normal ---- C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe ----
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe ---- 0 Ko ---- Normal ---- WLIDSvcM.exe 3028 ---- Microsoft Corporation
C:\Program Files\Canon\CAL\CALMAIN.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Canon\CAL\CALMAIN.exe ----
C:\Windows\system32\WUDFHost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\WUDFHost.exe -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-7a178fb5-34b4-44e5-9d0c-8fd4daeb1865 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-781624af-cc49-4837-bcaa-e3c6bb3acdf2 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-feedc7b4-4bdc-43fa-9a54-0a8f15ddd912 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:21808448-6277-4e80-8b3d-db696b3bd94e ----
C:\Program Files\Windows Media Player\wmpnscfg.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Windows Media Player\wmpnscfg.exe ----
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe ---- 0 Ko ---- Normal ---- C:\Program Files\OrangeHSS\Systray\SystrayApp.exe ----
C:\Windows\RtHDVCpl.exe ---- 0 Ko ---- Normal ---- C:\Windows\RtHDVCpl.exe ----
C:\Windows\System32\rundll32.exe ---- 0 Ko ---- Normal ---- C:\Windows\System32\rundll32.exe P0620Pin.dll,RunDLL32EP 513 ----
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe ---- Microsoft Corporation
C:\Program Files\Common Files\Java\Java Update\jusched.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Common Files\Java\Java Update\jusched.exe ---- Sun Microsystems, Inc.
C:\Program Files\DivX\DivX Update\DivXUpdate.exe ---- 0 Ko ---- Normal ---- C:\Program Files\DivX\DivX Update\DivXUpdate.exe /CHECKNOW ---- DivX, Inc.
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe ---- Check Point Software Technologies Ltd.
C:\Windows\System32\ALERTM~1\ALERTM~1.EXE ---- 0 Ko ---- Normal ---- C:\Windows\System32\ALERTM~1\ALERTM~1.EXE -Embedding ----
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe /min ---- Avira GmbH
C:\Program Files\Windows Live\Messenger\msnmsgr.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background ---- Microsoft Corporation
C:\Windows\ehome\ehtray.exe ---- 0 Ko ---- Normal ---- C:\Windows\ehome\ehtray.exe ----
C:\Windows\ehome\ehmsas.exe ---- 0 Ko ---- Normal ---- C:\Windows\ehome\ehmsas.exe -Embedding ----
C:\Program Files\Windows Media Player\wmpnetwk.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Windows Media Player\wmpnetwk.exe ----
C:\Windows\System32\mobsync.exe ---- 0 Ko ---- Normal ---- C:\Windows\System32\mobsync.exe -Embedding ----
C:\Windows\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation ----
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe ---- 0 Ko ---- Normal ---- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /set_event=FFAPI_StartEvent_fec_1932a /icon=hidden ---- Check Point Software Technologies Ltd.
C:\Program Files\Windows Live\Contacts\wlcomm.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Windows Live\Contacts\wlcomm.exe -Embedding ---- Microsoft Corporation
C:\Program Files\Mozilla Firefox\firefox.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Mozilla Firefox\firefox.exe ---- Mozilla Corporation
C:\Windows\System32\cmd.exe ---- 0 Ko ---- Normal ---- C:\Windows\System32\cmd.exe /C C:\Program Files\List_Kill'em\List'em.bat ----
C:\Windows\system32\conime.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\conime.exe ----
C:\Windows\system32\wbem\wmiprvse.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\wbem\wmiprvse.exe ----
C:\Windows\system32\SearchProtocolHost.exe ---- 0 Ko ---- Idle ---- C:\Windows\system32\SearchProtocolHost.exe Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 Software\Microsoft\Windows Search Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot) C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc DownLevelDaemon ----
C:\Windows\system32\SearchFilterHost.exe ---- 0 Ko ---- Idle ---- C:\Windows\system32\SearchFilterHost.exe 0 692 696 704 65536 700 ----
C:\Program Files\List_Kill'em\pv.L_K ---- 0 Ko ---- Normal ---- pv.L_K -o%f ---- %m Ko ---- %p ---- %l ---- %s ----
¤¤¤¤¤¤¤¤¤¤ Keys Run ¤¤¤¤¤¤¤¤¤¤
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
msnmsgr = C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background
WMPNSCFG = C:\Program Files\Windows Media Player\WMPNSCFG.exe
ehTray.exe = C:\Windows\ehome\ehTray.exe
ccleaner = C:\Program Files\CCleaner\CCleaner.exe /AUTO
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Windows Defender = %ProgramFiles%\Windows Defender\MSASCui.exe -hide
SystrayORAHSS = C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
RtHDVCpl = RtHDVCpl.exe
PD0620 STISvc = RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
GrooveMonitor = C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
SunJavaUpdateSched = C:\Program Files\Common Files\Java\Java Update\jusched.exe
DivXUpdate = C:\Program Files\DivX\DivX Update\DivXUpdate.exe /CHECKNOW
QuickTime Task = C:\Program Files\QuickTime\QTTask.exe -atboottime
ZoneAlarm Client = C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
ISW = C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon=hidden
avgnt = C:\Program Files\Avira\AntiVir Desktop\avgnt.exe /min
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
¤¤¤¤¤¤¤¤¤¤ Other System Keys ¤¤¤¤¤¤¤¤¤¤
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun = 0 (0x0)
NoDriveAutoRun = 3 (0x3)
HonorAutoRunSetting = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
BindDirectlyToPropertySetStorage = 0 (0x0)
NoDriveAutoRun = 3 (0x3)
NoDriveTypeAutoRun = 0 (0x0)
HonorAutoRunSetting = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS =
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
Shell = Explorer.exe
Userinit = C:\Windows\system32\Userinit.exe,
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook
{AEB6717E-7E19-11d0-97EE-00C04FD91972} =
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
¤¤¤¤¤¤¤¤¤¤ ActivX | COM ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{166B1BCA-3F9C-11CF-8075-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3C3901C5-3455-3E0A-A214-0B093A5070A6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
¤¤¤¤¤¤¤¤¤¤ BHO ¤¤¤¤¤¤¤¤¤¤
[@ = ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
¤¤¤¤¤¤¤¤¤¤ DNS ¤¤¤¤¤¤¤¤¤¤
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CFDA6C08-424F-4F4E-ADCA-A9508B2BAE7B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CFDA6C08-424F-4F4E-ADCA-A9508B2BAE7B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr
Local Page = C:\WINDOWS\system32\blank.htm
Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_Page_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr
Local Page = C:\WINDOWS\system32\blank.htm
¤¤¤¤¤ Proxy Internet Explorer
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
ProxyEnable = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤ Safemode ¤¤¤¤¤¤¤¤¤¤
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!
¤¤¤¤¤¤¤¤¤¤ Atapi.sys ¤¤¤¤¤¤¤¤¤¤
[MD5.1f05b78ab91c9075565a9d8a4b880bc4] - C:\Windows\ERDNT\cache\atapi.sys
[MD5.1f05b78ab91c9075565a9d8a4b880bc4] - C:\Windows\System32\drivers\atapi.sys
[MD5.b35cfcef838382ab6490b321c87edf17] - C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[MD5.1f05b78ab91c9075565a9d8a4b880bc4] - C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[MD5.4f4fcb8b6ea06784fb6d475b7ec7300f] - C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[MD5.2d9c903dc76a66813d350a562de40ed9] - C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[MD5.b35cfcef838382ab6490b321c87edf17] - C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[MD5.e03e8c99d15d0381e02743c36afc7c6f] - C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
[MD5.2d9c903dc76a66813d350a562de40ed9] - C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[MD5.1f05b78ab91c9075565a9d8a4b880bc4] - C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
¤¤¤¤¤ Reference
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP3 : 7A62A6C8303C9D026DD926F397B2FB57
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP1_32b : 95b858761a00e1d4f81f79a0da019aca
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Win XP_64 : 72C77044943340964FA513B92D6D6874
Win XP_64_SP2 : 7A1814D0D112F50F828E25557A1ED29F
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 338c86357871c167a96ab976519bf59e
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
¤¤¤¤¤¤¤¤¤¤ Explorer ¤¤¤¤¤¤¤¤¤¤
[MD5.d07d4c3038f3578ffce1c0237f2a1253] - C:\Windows\explorer.exe
[MD5.d07d4c3038f3578ffce1c0237f2a1253] - C:\Windows\ERDNT\cache\explorer.exe
[MD5.fd8c53fb002217f6f888bcf6f5d7084d] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[MD5.6d06cd98d954fe87fb2db8108793b399] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[MD5.37440d09deae0b672a04dccf7abf06be] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[MD5.bd06f0bf753bc704b653c3a50f89d362] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[MD5.e7156b0b74762d9de0e66bdcde06e5fb] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[MD5.ffa764631cb70a30065c12ef8e174f9f] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
[MD5.4f554999d7d5f05daaebba7b5ba1089d] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[MD5.50ba5850147410cde89c523ad3bc606e] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[MD5.d07d4c3038f3578ffce1c0237f2a1253] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
¤¤¤¤¤¤¤¤¤¤ Winlogon ¤¤¤¤¤¤¤¤¤¤
[MD5.898e7c06a350d4a1a64a9ea264d55452] - C:\Windows\ERDNT\cache\winlogon.exe
[MD5.898e7c06a350d4a1a64a9ea264d55452] - C:\Windows\System32\winlogon.exe
[MD5.9f75392b9128a91abafb044ea350baad] - C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[MD5.c2610b6bdbefc053bbdab4f1b965cb24] - C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[MD5.898e7c06a350d4a1a64a9ea264d55452] - C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
¤¤¤¤¤¤¤¤¤¤ Wininit ¤¤¤¤¤¤¤¤¤¤
[MD5.101ba3ea053480bb5d957ef37c06b5ed] - C:\Windows\ERDNT\cache\wininit.exe
[MD5.101ba3ea053480bb5d957ef37c06b5ed] - C:\Windows\System32\wininit.exe
[MD5.d4385b03e8cccee6f0ee249f827c1f3e] - C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
[MD5.101ba3ea053480bb5d957ef37c06b5ed] - C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
¤¤¤¤¤¤¤¤¤¤ SVC | svchost ¤¤¤¤¤¤¤¤¤¤
svchost.exe 832 DcomLaunch, PlugPlay
svchost.exe 940 RpcSs
svchost.exe 1036 Audiosrv, Dhcp, Eventlog, lmhosts, wscsvc
svchost.exe 1064 AudioEndpointBuilder, EMDMgmt, hidserv,
Netman, PcaSvc, SysMain,
TabletInputService, TrkWks, UxSms,
WdiSystemHost, Wlansvc, WPDBusEnum, wudfsvc
svchost.exe 1080 AeLookupSvc, Appinfo, BITS, Browser,
EapHost, gpsvc, IKEEXT, iphlpsvc,
LanmanServer, MMCSS, ProfSvc, RasMan,
Schedule, seclogon, SENS, ShellHWDetection,
Themes, Winmgmt, wuauserv
svchost.exe 1284 EventSystem, fdPHost, FDResPub,
LanmanWorkstation, netprofm, nsi, SSDPSRV,
SstpSvc, upnphost, W32Time, WebClient
svchost.exe 1412 CryptSvc, Dnscache, KtmRm, NlaSvc, TapiSrv,
TermService
svchost.exe 444 BFE, DPS, MpsSvc
svchost.exe 2724 PolicyAgent
svchost.exe 2924 stisvc
svchost.exe 2960 WerSvc
svchost.exe 4632 FontCache
¤¤¤¤¤¤¤¤¤¤ IFEO | debugger ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Mountpoints2 ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ First Scan ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤
[HKEY_CURRENT_USER\software\AC3filter]
[HKEY_CURRENT_USER\software\Ad-Remover]
[HKEY_CURRENT_USER\software\Adobe]
[HKEY_CURRENT_USER\software\AhnLab]
[HKEY_CURRENT_USER\software\Alcohol Soft]
[HKEY_CURRENT_USER\software\AppDataLow]
[HKEY_CURRENT_USER\software\Apple Computer, Inc.]
[HKEY_CURRENT_USER\software\Applications locales générées par AppWizard]
[HKEY_CURRENT_USER\software\ArchiverDLL]
[HKEY_CURRENT_USER\software\ArenaNet]
[HKEY_CURRENT_USER\software\Avira]
[HKEY_CURRENT_USER\software\Battle.net]
[HKEY_CURRENT_USER\software\BitTorrent]
[HKEY_CURRENT_USER\software\Blizzard Entertainment]
[HKEY_CURRENT_USER\software\Bugsplat]
[HKEY_CURRENT_USER\software\Canon]
[HKEY_CURRENT_USER\software\CheckPoint]
[HKEY_CURRENT_USER\software\CISRA]
[HKEY_CURRENT_USER\software\ClassesB]
[HKEY_CURRENT_USER\software\Clients]
[HKEY_CURRENT_USER\software\CurseClient]
[HKEY_CURRENT_USER\software\Cyanide]
[HKEY_CURRENT_USER\software\cybelsoft]
[HKEY_CURRENT_USER\software\DivX]
[HKEY_CURRENT_USER\software\DivXNetworks]
[HKEY_CURRENT_USER\software\DT Soft]
[HKEY_CURRENT_USER\software\DTP]
[HKEY_CURRENT_USER\software\ej-technologies]
[HKEY_CURRENT_USER\software\Emulators]
[HKEY_CURRENT_USER\software\EPSON]
[HKEY_CURRENT_USER\software\FRANCE TELECOM]
[HKEY_CURRENT_USER\software\Gabest]
[HKEY_CURRENT_USER\software\GNU]
[HKEY_CURRENT_USER\software\Google]
[HKEY_CURRENT_USER\software\GSpot Appliance Corp]
[HKEY_CURRENT_USER\software\Haali]
[HKEY_CURRENT_USER\software\IM Providers]
[HKEY_CURRENT_USER\software\INCAInternet]
[HKEY_CURRENT_USER\software\JavaSoft]
[HKEY_CURRENT_USER\software\JEDI-VCL]
[HKEY_CURRENT_USER\software\Lavasoft]
[HKEY_CURRENT_USER\software\Local AppWizard-Generated Applications]
[HKEY_CURRENT_USER\software\Macromedia]
[HKEY_CURRENT_USER\software\Malwarebytes' Anti-Malware]
[HKEY_CURRENT_USER\software\MediaInfo]
[HKEY_CURRENT_USER\software\Microsoft]
[HKEY_CURRENT_USER\software\Mozilla]
[HKEY_CURRENT_USER\software\MozillaPlugins]
[HKEY_CURRENT_USER\software\Mumble]
[HKEY_CURRENT_USER\software\Netscape]
[HKEY_CURRENT_USER\software\Nival Online]
[HKEY_CURRENT_USER\software\Northcode Inc]
[HKEY_CURRENT_USER\software\NVIDIA Corporation]
[HKEY_CURRENT_USER\software\ODBC]
[HKEY_CURRENT_USER\software\Packard Bell]
[HKEY_CURRENT_USER\software\Pando Networks]
[HKEY_CURRENT_USER\software\Piriform]
[HKEY_CURRENT_USER\software\Policies]
[HKEY_CURRENT_USER\software\RealNetworks]
[HKEY_CURRENT_USER\software\Realtek]
[HKEY_CURRENT_USER\software\SecuROM]
[HKEY_CURRENT_USER\software\SEIKO EPSON]
[HKEY_CURRENT_USER\software\Skype]
[HKEY_CURRENT_USER\software\Softonic]
[HKEY_CURRENT_USER\software\stevengould.org]
[HKEY_CURRENT_USER\software\Sun Microsystems]
[HKEY_CURRENT_USER\software\Sysinternals]
[HKEY_CURRENT_USER\software\TimeGate Studios]
[HKEY_CURRENT_USER\software\Trolltech]
[HKEY_CURRENT_USER\software\Usbfix]
[HKEY_CURRENT_USER\software\Valve]
[HKEY_CURRENT_USER\software\VB and VBA Program Settings]
[HKEY_CURRENT_USER\software\Veoh]
[HKEY_CURRENT_USER\software\WinRAR]
[HKEY_CURRENT_USER\software\WinRAR SFX]
[HKEY_CURRENT_USER\software\YahooPartnerToolbar]
[HKEY_CURRENT_USER\software\Zone Labs]
[HKEY_CURRENT_USER\software\Classes]
[HKEY_LOCAL_MACHINE\software\Adobe]
[HKEY_LOCAL_MACHINE\software\AeriaGames]
[HKEY_LOCAL_MACHINE\software\AGEIA Technologies]
[HKEY_LOCAL_MACHINE\software\Alcohol Soft]
[HKEY_LOCAL_MACHINE\software\Ankama]
[HKEY_LOCAL_MACHINE\software\Apple Computer, Inc.]
[HKEY_LOCAL_MACHINE\software\Apple Inc.]
[HKEY_LOCAL_MACHINE\software\ArenaNet]
[HKEY_LOCAL_MACHINE\software\Avira]
[HKEY_LOCAL_MACHINE\software\Blizzard Entertainment]
[HKEY_LOCAL_MACHINE\software\C07ft5Y]
[HKEY_LOCAL_MACHINE\software\Canon]
[HKEY_LOCAL_MACHINE\software\CheckPoint]
[HKEY_LOCAL_MACHINE\software\CISRA]
[HKEY_LOCAL_MACHINE\software\Classes]
[HKEY_LOCAL_MACHINE\software\Clients]
[HKEY_LOCAL_MACHINE\software\Codec Tweak Tool]
[HKEY_LOCAL_MACHINE\software\Creative Tech]
[HKEY_LOCAL_MACHINE\software\Cyanide]
[HKEY_LOCAL_MACHINE\software\cybelsoft]
[HKEY_LOCAL_MACHINE\software\CyberLink]
[HKEY_LOCAL_MACHINE\software\DivX]
[HKEY_LOCAL_MACHINE\software\DivXNetworks]
[HKEY_LOCAL_MACHINE\software\Dofus 2]
[HKEY_LOCAL_MACHINE\software\DT Soft]
[HKEY_LOCAL_MACHINE\software\EPSON]
[HKEY_LOCAL_MACHINE\software\FRANCE TELECOM]
[HKEY_LOCAL_MACHINE\software\Gabest]
[HKEY_LOCAL_MACHINE\software\Garena]
[HKEY_LOCAL_MACHINE\software\GNU]
[HKEY_LOCAL_MACHINE\software\Google]
[HKEY_LOCAL_MACHINE\software\HaaliMkx]
[HKEY_LOCAL_MACHINE\software\InstallShield]
[HKEY_LOCAL_MACHINE\software\Intel]
[HKEY_LOCAL_MACHINE\software\InterVideo]
[HKEY_LOCAL_MACHINE\software\JavaSoft]
[HKEY_LOCAL_MACHINE\software\JreMetrics]
[HKEY_LOCAL_MACHINE\software\Khronos]
[HKEY_LOCAL_MACHINE\software\KLCodecPack]
[HKEY_LOCAL_MACHINE\software\Larian Studios]
[HKEY_LOCAL_MACHINE\software\Lavasoft]
[HKEY_LOCAL_MACHINE\software\Licenses]
[HKEY_LOCAL_MACHINE\software\Macromedia]
[HKEY_LOCAL_MACHINE\software\Malwarebytes' Anti-Malware]
[HKEY_LOCAL_MACHINE\software\Microsoft]
[HKEY_LOCAL_MACHINE\software\MimarSinan]
[HKEY_LOCAL_MACHINE\software\Mozilla]
[HKEY_LOCAL_MACHINE\software\mozilla.org]
[HKEY_LOCAL_MACHINE\software\MozillaPlugins]
[HKEY_LOCAL_MACHINE\software\Mumble]
[HKEY_LOCAL_MACHINE\software\NCSoft]
[HKEY_LOCAL_MACHINE\software\Netts]
[HKEY_LOCAL_MACHINE\software\NiProD_StargateAtlantisSimulation]
[HKEY_LOCAL_MACHINE\software\NVIDIA Corporation]
[HKEY_LOCAL_MACHINE\software\Ocean Global Holding]
[HKEY_LOCAL_MACHINE\software\ODBC]
[HKEY_LOCAL_MACHINE\software\OldTimer Tools]
[HKEY_LOCAL_MACHINE\software\Pando Networks]
[HKEY_LOCAL_MACHINE\software\PB_EBAY]
[HKEY_LOCAL_MACHINE\software\PB_FIRSTCHOICE]
[HKEY_LOCAL_MACHINE\software\PB_KODAK]
[HKEY_LOCAL_MACHINE\software\PB_METABOLI]
[HKEY_LOCAL_MACHINE\software\Piriform]
[HKEY_LOCAL_MACHINE\software\PocketSoft]
[HKEY_LOCAL_MACHINE\software\Policies]
[HKEY_LOCAL_MACHINE\software\RealNetworks]
[HKEY_LOCAL_MACHINE\software\Realtek]
[HKEY_LOCAL_MACHINE\software\Realtek Semiconductor Corp.]
[HKEY_LOCAL_MACHINE\software\RegisteredApplications]
[HKEY_LOCAL_MACHINE\software\RichFX]
[HKEY_LOCAL_MACHINE\software\Riot Games]
[HKEY_LOCAL_MACHINE\software\S3R521]
[HKEY_LOCAL_MACHINE\software\Safer Networking Limited]
[HKEY_LOCAL_MACHINE\software\Sagem]
[HKEY_LOCAL_MACHINE\software\SECURITOO]
[HKEY_LOCAL_MACHINE\software\Skype]
[HKEY_LOCAL_MACHINE\software\SolidStateNetworks]
[HKEY_LOCAL_MACHINE\software\Sonic]
[HKEY_LOCAL_MACHINE\software\SONOV]
[HKEY_LOCAL_MACHINE\software\SpywareBlaster]
[HKEY_LOCAL_MACHINE\software\SRS Labs]
[HKEY_LOCAL_MACHINE\software\Sun Microsystems]
[HKEY_LOCAL_MACHINE\software\Symantec]
[HKEY_LOCAL_MACHINE\software\SymNRT]
[HKEY_LOCAL_MACHINE\software\Team17 Software Ltd.]
[HKEY_LOCAL_MACHINE\software\THQ]
[HKEY_LOCAL_MACHINE\software\TrendMicro]
[HKEY_LOCAL_MACHINE\software\Valve]
[HKEY_LOCAL_MACHINE\software\VertigoGames]
[HKEY_LOCAL_MACHINE\software\VideoLAN]
[HKEY_LOCAL_MACHINE\software\Waves Audio]
[HKEY_LOCAL_MACHINE\software\WholeSecurity]
[HKEY_LOCAL_MACHINE\software\Windows]
[HKEY_LOCAL_MACHINE\software\X-AVCSD]
[HKEY_LOCAL_MACHINE\software\Xerox]
[HKEY_LOCAL_MACHINE\software\Xing Technology Corp.]
[HKEY_LOCAL_MACHINE\software\Zone Labs]
[HKEY_LOCAL_MACHINE\software\ZoneAlarm_Security]
[HKEY_LOCAL_MACHINE\software\Even Balance]
¤¤¤¤¤¤¤¤¤¤ Files/folders ¤¤¤¤¤¤¤¤¤¤
Present !! : C:\Users\Nenuph\AppData\Roaming\app
Present !! : C:\Users\Nenuph\AppData\Local\d3d9caps.dat
Present !! : C:\Users\Nenuph\AppData\Local\GDIPFONTCACHEV1.DAT
Present !! : C:\Windows\Temp\CabB6B1.tmp
Present !! : C:\Windows\Temp\TarB6B2.tmp
Present !! : C:\Windows\Temp\ZLT017e0.TMP
¤¤¤¤¤¤¤¤¤¤ Keys :
FEATURE_BROWSER_EMULATION | svchost :
====================================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-12 11:46:07
Windows 6.0.6002 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: ST350083 rev.3.AA -> Harddisk0\DR0 -> \Device\0000005d
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll sfsync02.sys storport.sys nvstor32.sys tcpip.sys NETIO.SYS
C:\Windows\System32\drivers\sfsync02.sys Protection Technology StarForce Protection System
C:\Windows\system32\drivers\nvstor32.sys NVIDIA Corporation NVIDIA nForce(TM) SATA Driver
1 ntkrnlpa!IofCallDriver[0x82492962] -> \Device\Harddisk0\DR0[0x86830AC8]
3 CLASSPNP[0x807B88B3] -> ntkrnlpa!IofCallDriver[0x82492962] -> [0x85E3B700]
5 acpi[0x806976BC] -> ntkrnlpa!IofCallDriver[0x82492962] -> \Device\0000005d[0x859CB8F0]
kernel: MBR read successfully
user & kernel MBR OK
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval = 1 (0x1)
FirstRunDisabled = 1 (0x1)
AntiVirusDisableNotify = 0 (0x0)
FirewallDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
AntiVirusOverride = 0 (0x0)
FirewallOverride = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 11:47:38,46
¤¤¤¤¤¤¤¤¤¤ List'em by g3n-h@ckm@n 2.1.2.7 ¤¤¤¤¤¤¤¤¤¤
User : Nenuph (Administrateurs)
Update on 08/12/2010 by g3n-h@ckm@n ::::: 19.00
Start at: 11:40:20 | 12/12/2010
Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 7.0.6002.18005
Windows Firewall Status : Disabled
C:\ -> Disque fixe local | 457,76 Go (256,61 Go free) [HDD] | NTFS
D:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
K:\ -> Disque amovible
¤¤¤¤¤ Sessions ¤¤¤¤¤
C:\Users\Nenuph
C:\Users\Public
C:\Users\Default
Boot: Normal
¤¤¤¤¤¤ Processes ------- Memory(Ko) ------- Priority ------ Command ------- Signer
C:\Windows\System32\smss.exe ---- 0 Ko ---- Normal ---- \SystemRoot\System32\smss.exe ----
C:\Windows\system32\csrss.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ----
C:\Windows\system32\wininit.exe ---- 0 Ko ---- High ---- wininit.exe ----
C:\Windows\system32\csrss.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ----
C:\Windows\system32\services.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\services.exe ----
C:\Windows\system32\lsass.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\lsass.exe ----
C:\Windows\system32\lsm.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\lsm.exe ----
C:\Windows\system32\winlogon.exe ---- 0 Ko ---- High ---- winlogon.exe ----
C:\Windows\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k DcomLaunch ----
C:\Windows\system32\nvvsvc.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\nvvsvc.exe ---- NVIDIA Corporation
C:\Windows\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k rpcss ----
C:\Windows\System32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted ----
C:\Windows\System32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted ----
C:\Windows\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k netsvcs ----
C:\Windows\system32\SLsvc.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\SLsvc.exe ----
C:\Windows\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k LocalService ----
C:\Windows\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k NetworkService ----
C:\Windows\System32\ZoneLabs\vsmon.exe ---- 0 Ko ---- Normal ---- C:\Windows\System32\ZoneLabs\vsmon.exe -service ---- Check Point Software Technologies Ltd.
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe ---- 0 Ko ---- Normal ---- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe ---- NVIDIA Corporation
C:\Windows\system32\nvvsvc.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\nvvsvc.exe -session -first ---- NVIDIA Corporation
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe ---- 0 Ko ---- Normal ---- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe ---- Check Point Software Technologies Ltd.
C:\Windows\System32\spoolsv.exe ---- 0 Ko ---- Normal ---- C:\Windows\System32\spoolsv.exe ----
C:\Program Files\Avira\AntiVir Desktop\sched.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Avira\AntiVir Desktop\sched.exe ---- Avira GmbH
C:\Windows\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork ----
C:\Windows\system32\Dwm.exe ---- 0 Ko ---- High ---- C:\Windows\system32\Dwm.exe ----
C:\Windows\Explorer.EXE ---- 0 Ko ---- Normal ---- C:\Windows\Explorer.EXE ----
C:\Windows\system32\taskeng.exe ---- 0 Ko ---- Below Normal ---- taskeng.exe {5DB7006F-FAAD-488B-B768-C7739A4AA60D} ----
C:\Windows\system32\taskeng.exe ---- 0 Ko ---- Normal ---- taskeng.exe {A7F4AD0A-C210-4C05-89CC-6D4818E9C62B} ----
C:\Program Files\Avira\AntiVir Desktop\avguard.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Avira\AntiVir Desktop\avguard.exe ---- Avira GmbH
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE ---- 0 Ko ---- Normal ---- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE ----
C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE ---- 0 Ko ---- Normal ---- C:\Program Files\Packard bell\SAXO27\HIDSERVICE.EXE ---- Packard Bell B.V.
C:\Windows\system32\PnkBstrA.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\PnkBstrA.exe ---- Even Balance, Inc.
C:\Windows\system32\PnkBstrB.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\PnkBstrB.exe ---- Even Balance, Inc.
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe avshadowcontrol0_000009b4 ---- Avira GmbH
C:\Windows\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted ----
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe ---- Microsoft Corporation
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe ---- 0 Ko ---- Normal ---- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe ---- NVIDIA Corporation
C:\Windows\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k imgsvc ----
C:\Windows\System32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k WerSvcGroup ----
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE ---- 0 Ko ---- Normal ---- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE ---- Microsoft Corporation
C:\Windows\system32\SearchIndexer.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\SearchIndexer.exe /Embedding ----
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe ---- 0 Ko ---- Normal ---- C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe ----
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe ---- 0 Ko ---- Normal ---- WLIDSvcM.exe 3028 ---- Microsoft Corporation
C:\Program Files\Canon\CAL\CALMAIN.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Canon\CAL\CALMAIN.exe ----
C:\Windows\system32\WUDFHost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\WUDFHost.exe -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-7a178fb5-34b4-44e5-9d0c-8fd4daeb1865 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-781624af-cc49-4837-bcaa-e3c6bb3acdf2 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-feedc7b4-4bdc-43fa-9a54-0a8f15ddd912 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:21808448-6277-4e80-8b3d-db696b3bd94e ----
C:\Program Files\Windows Media Player\wmpnscfg.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Windows Media Player\wmpnscfg.exe ----
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe ---- 0 Ko ---- Normal ---- C:\Program Files\OrangeHSS\Systray\SystrayApp.exe ----
C:\Windows\RtHDVCpl.exe ---- 0 Ko ---- Normal ---- C:\Windows\RtHDVCpl.exe ----
C:\Windows\System32\rundll32.exe ---- 0 Ko ---- Normal ---- C:\Windows\System32\rundll32.exe P0620Pin.dll,RunDLL32EP 513 ----
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe ---- Microsoft Corporation
C:\Program Files\Common Files\Java\Java Update\jusched.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Common Files\Java\Java Update\jusched.exe ---- Sun Microsystems, Inc.
C:\Program Files\DivX\DivX Update\DivXUpdate.exe ---- 0 Ko ---- Normal ---- C:\Program Files\DivX\DivX Update\DivXUpdate.exe /CHECKNOW ---- DivX, Inc.
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe ---- Check Point Software Technologies Ltd.
C:\Windows\System32\ALERTM~1\ALERTM~1.EXE ---- 0 Ko ---- Normal ---- C:\Windows\System32\ALERTM~1\ALERTM~1.EXE -Embedding ----
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe /min ---- Avira GmbH
C:\Program Files\Windows Live\Messenger\msnmsgr.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background ---- Microsoft Corporation
C:\Windows\ehome\ehtray.exe ---- 0 Ko ---- Normal ---- C:\Windows\ehome\ehtray.exe ----
C:\Windows\ehome\ehmsas.exe ---- 0 Ko ---- Normal ---- C:\Windows\ehome\ehmsas.exe -Embedding ----
C:\Program Files\Windows Media Player\wmpnetwk.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Windows Media Player\wmpnetwk.exe ----
C:\Windows\System32\mobsync.exe ---- 0 Ko ---- Normal ---- C:\Windows\System32\mobsync.exe -Embedding ----
C:\Windows\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation ----
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe ---- 0 Ko ---- Normal ---- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /set_event=FFAPI_StartEvent_fec_1932a /icon=hidden ---- Check Point Software Technologies Ltd.
C:\Program Files\Windows Live\Contacts\wlcomm.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Windows Live\Contacts\wlcomm.exe -Embedding ---- Microsoft Corporation
C:\Program Files\Mozilla Firefox\firefox.exe ---- 0 Ko ---- Normal ---- C:\Program Files\Mozilla Firefox\firefox.exe ---- Mozilla Corporation
C:\Windows\System32\cmd.exe ---- 0 Ko ---- Normal ---- C:\Windows\System32\cmd.exe /C C:\Program Files\List_Kill'em\List'em.bat ----
C:\Windows\system32\conime.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\conime.exe ----
C:\Windows\system32\wbem\wmiprvse.exe ---- 0 Ko ---- Normal ---- C:\Windows\system32\wbem\wmiprvse.exe ----
C:\Windows\system32\SearchProtocolHost.exe ---- 0 Ko ---- Idle ---- C:\Windows\system32\SearchProtocolHost.exe Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 Software\Microsoft\Windows Search Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot) C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc DownLevelDaemon ----
C:\Windows\system32\SearchFilterHost.exe ---- 0 Ko ---- Idle ---- C:\Windows\system32\SearchFilterHost.exe 0 692 696 704 65536 700 ----
C:\Program Files\List_Kill'em\pv.L_K ---- 0 Ko ---- Normal ---- pv.L_K -o%f ---- %m Ko ---- %p ---- %l ---- %s ----
¤¤¤¤¤¤¤¤¤¤ Keys Run ¤¤¤¤¤¤¤¤¤¤
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
msnmsgr = C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background
WMPNSCFG = C:\Program Files\Windows Media Player\WMPNSCFG.exe
ehTray.exe = C:\Windows\ehome\ehTray.exe
ccleaner = C:\Program Files\CCleaner\CCleaner.exe /AUTO
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Windows Defender = %ProgramFiles%\Windows Defender\MSASCui.exe -hide
SystrayORAHSS = C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
RtHDVCpl = RtHDVCpl.exe
PD0620 STISvc = RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
GrooveMonitor = C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
SunJavaUpdateSched = C:\Program Files\Common Files\Java\Java Update\jusched.exe
DivXUpdate = C:\Program Files\DivX\DivX Update\DivXUpdate.exe /CHECKNOW
QuickTime Task = C:\Program Files\QuickTime\QTTask.exe -atboottime
ZoneAlarm Client = C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
ISW = C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon=hidden
avgnt = C:\Program Files\Avira\AntiVir Desktop\avgnt.exe /min
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
¤¤¤¤¤¤¤¤¤¤ Other System Keys ¤¤¤¤¤¤¤¤¤¤
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun = 0 (0x0)
NoDriveAutoRun = 3 (0x3)
HonorAutoRunSetting = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
BindDirectlyToPropertySetStorage = 0 (0x0)
NoDriveAutoRun = 3 (0x3)
NoDriveTypeAutoRun = 0 (0x0)
HonorAutoRunSetting = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS =
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
Shell = Explorer.exe
Userinit = C:\Windows\system32\Userinit.exe,
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook
{AEB6717E-7E19-11d0-97EE-00C04FD91972} =
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
¤¤¤¤¤¤¤¤¤¤ ActivX | COM ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{166B1BCA-3F9C-11CF-8075-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3C3901C5-3455-3E0A-A214-0B093A5070A6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
¤¤¤¤¤¤¤¤¤¤ BHO ¤¤¤¤¤¤¤¤¤¤
[@ = ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
¤¤¤¤¤¤¤¤¤¤ DNS ¤¤¤¤¤¤¤¤¤¤
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CFDA6C08-424F-4F4E-ADCA-A9508B2BAE7B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CFDA6C08-424F-4F4E-ADCA-A9508B2BAE7B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr
Local Page = C:\WINDOWS\system32\blank.htm
Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_Page_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr
Local Page = C:\WINDOWS\system32\blank.htm
¤¤¤¤¤ Proxy Internet Explorer
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
ProxyEnable = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤ Safemode ¤¤¤¤¤¤¤¤¤¤
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!
¤¤¤¤¤¤¤¤¤¤ Atapi.sys ¤¤¤¤¤¤¤¤¤¤
[MD5.1f05b78ab91c9075565a9d8a4b880bc4] - C:\Windows\ERDNT\cache\atapi.sys
[MD5.1f05b78ab91c9075565a9d8a4b880bc4] - C:\Windows\System32\drivers\atapi.sys
[MD5.b35cfcef838382ab6490b321c87edf17] - C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[MD5.1f05b78ab91c9075565a9d8a4b880bc4] - C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[MD5.4f4fcb8b6ea06784fb6d475b7ec7300f] - C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[MD5.2d9c903dc76a66813d350a562de40ed9] - C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[MD5.b35cfcef838382ab6490b321c87edf17] - C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[MD5.e03e8c99d15d0381e02743c36afc7c6f] - C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
[MD5.2d9c903dc76a66813d350a562de40ed9] - C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[MD5.1f05b78ab91c9075565a9d8a4b880bc4] - C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
¤¤¤¤¤ Reference
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP3 : 7A62A6C8303C9D026DD926F397B2FB57
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP1_32b : 95b858761a00e1d4f81f79a0da019aca
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Win XP_64 : 72C77044943340964FA513B92D6D6874
Win XP_64_SP2 : 7A1814D0D112F50F828E25557A1ED29F
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 338c86357871c167a96ab976519bf59e
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
¤¤¤¤¤¤¤¤¤¤ Explorer ¤¤¤¤¤¤¤¤¤¤
[MD5.d07d4c3038f3578ffce1c0237f2a1253] - C:\Windows\explorer.exe
[MD5.d07d4c3038f3578ffce1c0237f2a1253] - C:\Windows\ERDNT\cache\explorer.exe
[MD5.fd8c53fb002217f6f888bcf6f5d7084d] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[MD5.6d06cd98d954fe87fb2db8108793b399] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[MD5.37440d09deae0b672a04dccf7abf06be] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[MD5.bd06f0bf753bc704b653c3a50f89d362] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[MD5.e7156b0b74762d9de0e66bdcde06e5fb] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[MD5.ffa764631cb70a30065c12ef8e174f9f] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
[MD5.4f554999d7d5f05daaebba7b5ba1089d] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[MD5.50ba5850147410cde89c523ad3bc606e] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[MD5.d07d4c3038f3578ffce1c0237f2a1253] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
¤¤¤¤¤¤¤¤¤¤ Winlogon ¤¤¤¤¤¤¤¤¤¤
[MD5.898e7c06a350d4a1a64a9ea264d55452] - C:\Windows\ERDNT\cache\winlogon.exe
[MD5.898e7c06a350d4a1a64a9ea264d55452] - C:\Windows\System32\winlogon.exe
[MD5.9f75392b9128a91abafb044ea350baad] - C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[MD5.c2610b6bdbefc053bbdab4f1b965cb24] - C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[MD5.898e7c06a350d4a1a64a9ea264d55452] - C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
¤¤¤¤¤¤¤¤¤¤ Wininit ¤¤¤¤¤¤¤¤¤¤
[MD5.101ba3ea053480bb5d957ef37c06b5ed] - C:\Windows\ERDNT\cache\wininit.exe
[MD5.101ba3ea053480bb5d957ef37c06b5ed] - C:\Windows\System32\wininit.exe
[MD5.d4385b03e8cccee6f0ee249f827c1f3e] - C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
[MD5.101ba3ea053480bb5d957ef37c06b5ed] - C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
¤¤¤¤¤¤¤¤¤¤ SVC | svchost ¤¤¤¤¤¤¤¤¤¤
svchost.exe 832 DcomLaunch, PlugPlay
svchost.exe 940 RpcSs
svchost.exe 1036 Audiosrv, Dhcp, Eventlog, lmhosts, wscsvc
svchost.exe 1064 AudioEndpointBuilder, EMDMgmt, hidserv,
Netman, PcaSvc, SysMain,
TabletInputService, TrkWks, UxSms,
WdiSystemHost, Wlansvc, WPDBusEnum, wudfsvc
svchost.exe 1080 AeLookupSvc, Appinfo, BITS, Browser,
EapHost, gpsvc, IKEEXT, iphlpsvc,
LanmanServer, MMCSS, ProfSvc, RasMan,
Schedule, seclogon, SENS, ShellHWDetection,
Themes, Winmgmt, wuauserv
svchost.exe 1284 EventSystem, fdPHost, FDResPub,
LanmanWorkstation, netprofm, nsi, SSDPSRV,
SstpSvc, upnphost, W32Time, WebClient
svchost.exe 1412 CryptSvc, Dnscache, KtmRm, NlaSvc, TapiSrv,
TermService
svchost.exe 444 BFE, DPS, MpsSvc
svchost.exe 2724 PolicyAgent
svchost.exe 2924 stisvc
svchost.exe 2960 WerSvc
svchost.exe 4632 FontCache
¤¤¤¤¤¤¤¤¤¤ IFEO | debugger ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Mountpoints2 ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ First Scan ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤
[HKEY_CURRENT_USER\software\AC3filter]
[HKEY_CURRENT_USER\software\Ad-Remover]
[HKEY_CURRENT_USER\software\Adobe]
[HKEY_CURRENT_USER\software\AhnLab]
[HKEY_CURRENT_USER\software\Alcohol Soft]
[HKEY_CURRENT_USER\software\AppDataLow]
[HKEY_CURRENT_USER\software\Apple Computer, Inc.]
[HKEY_CURRENT_USER\software\Applications locales générées par AppWizard]
[HKEY_CURRENT_USER\software\ArchiverDLL]
[HKEY_CURRENT_USER\software\ArenaNet]
[HKEY_CURRENT_USER\software\Avira]
[HKEY_CURRENT_USER\software\Battle.net]
[HKEY_CURRENT_USER\software\BitTorrent]
[HKEY_CURRENT_USER\software\Blizzard Entertainment]
[HKEY_CURRENT_USER\software\Bugsplat]
[HKEY_CURRENT_USER\software\Canon]
[HKEY_CURRENT_USER\software\CheckPoint]
[HKEY_CURRENT_USER\software\CISRA]
[HKEY_CURRENT_USER\software\ClassesB]
[HKEY_CURRENT_USER\software\Clients]
[HKEY_CURRENT_USER\software\CurseClient]
[HKEY_CURRENT_USER\software\Cyanide]
[HKEY_CURRENT_USER\software\cybelsoft]
[HKEY_CURRENT_USER\software\DivX]
[HKEY_CURRENT_USER\software\DivXNetworks]
[HKEY_CURRENT_USER\software\DT Soft]
[HKEY_CURRENT_USER\software\DTP]
[HKEY_CURRENT_USER\software\ej-technologies]
[HKEY_CURRENT_USER\software\Emulators]
[HKEY_CURRENT_USER\software\EPSON]
[HKEY_CURRENT_USER\software\FRANCE TELECOM]
[HKEY_CURRENT_USER\software\Gabest]
[HKEY_CURRENT_USER\software\GNU]
[HKEY_CURRENT_USER\software\Google]
[HKEY_CURRENT_USER\software\GSpot Appliance Corp]
[HKEY_CURRENT_USER\software\Haali]
[HKEY_CURRENT_USER\software\IM Providers]
[HKEY_CURRENT_USER\software\INCAInternet]
[HKEY_CURRENT_USER\software\JavaSoft]
[HKEY_CURRENT_USER\software\JEDI-VCL]
[HKEY_CURRENT_USER\software\Lavasoft]
[HKEY_CURRENT_USER\software\Local AppWizard-Generated Applications]
[HKEY_CURRENT_USER\software\Macromedia]
[HKEY_CURRENT_USER\software\Malwarebytes' Anti-Malware]
[HKEY_CURRENT_USER\software\MediaInfo]
[HKEY_CURRENT_USER\software\Microsoft]
[HKEY_CURRENT_USER\software\Mozilla]
[HKEY_CURRENT_USER\software\MozillaPlugins]
[HKEY_CURRENT_USER\software\Mumble]
[HKEY_CURRENT_USER\software\Netscape]
[HKEY_CURRENT_USER\software\Nival Online]
[HKEY_CURRENT_USER\software\Northcode Inc]
[HKEY_CURRENT_USER\software\NVIDIA Corporation]
[HKEY_CURRENT_USER\software\ODBC]
[HKEY_CURRENT_USER\software\Packard Bell]
[HKEY_CURRENT_USER\software\Pando Networks]
[HKEY_CURRENT_USER\software\Piriform]
[HKEY_CURRENT_USER\software\Policies]
[HKEY_CURRENT_USER\software\RealNetworks]
[HKEY_CURRENT_USER\software\Realtek]
[HKEY_CURRENT_USER\software\SecuROM]
[HKEY_CURRENT_USER\software\SEIKO EPSON]
[HKEY_CURRENT_USER\software\Skype]
[HKEY_CURRENT_USER\software\Softonic]
[HKEY_CURRENT_USER\software\stevengould.org]
[HKEY_CURRENT_USER\software\Sun Microsystems]
[HKEY_CURRENT_USER\software\Sysinternals]
[HKEY_CURRENT_USER\software\TimeGate Studios]
[HKEY_CURRENT_USER\software\Trolltech]
[HKEY_CURRENT_USER\software\Usbfix]
[HKEY_CURRENT_USER\software\Valve]
[HKEY_CURRENT_USER\software\VB and VBA Program Settings]
[HKEY_CURRENT_USER\software\Veoh]
[HKEY_CURRENT_USER\software\WinRAR]
[HKEY_CURRENT_USER\software\WinRAR SFX]
[HKEY_CURRENT_USER\software\YahooPartnerToolbar]
[HKEY_CURRENT_USER\software\Zone Labs]
[HKEY_CURRENT_USER\software\Classes]
[HKEY_LOCAL_MACHINE\software\Adobe]
[HKEY_LOCAL_MACHINE\software\AeriaGames]
[HKEY_LOCAL_MACHINE\software\AGEIA Technologies]
[HKEY_LOCAL_MACHINE\software\Alcohol Soft]
[HKEY_LOCAL_MACHINE\software\Ankama]
[HKEY_LOCAL_MACHINE\software\Apple Computer, Inc.]
[HKEY_LOCAL_MACHINE\software\Apple Inc.]
[HKEY_LOCAL_MACHINE\software\ArenaNet]
[HKEY_LOCAL_MACHINE\software\Avira]
[HKEY_LOCAL_MACHINE\software\Blizzard Entertainment]
[HKEY_LOCAL_MACHINE\software\C07ft5Y]
[HKEY_LOCAL_MACHINE\software\Canon]
[HKEY_LOCAL_MACHINE\software\CheckPoint]
[HKEY_LOCAL_MACHINE\software\CISRA]
[HKEY_LOCAL_MACHINE\software\Classes]
[HKEY_LOCAL_MACHINE\software\Clients]
[HKEY_LOCAL_MACHINE\software\Codec Tweak Tool]
[HKEY_LOCAL_MACHINE\software\Creative Tech]
[HKEY_LOCAL_MACHINE\software\Cyanide]
[HKEY_LOCAL_MACHINE\software\cybelsoft]
[HKEY_LOCAL_MACHINE\software\CyberLink]
[HKEY_LOCAL_MACHINE\software\DivX]
[HKEY_LOCAL_MACHINE\software\DivXNetworks]
[HKEY_LOCAL_MACHINE\software\Dofus 2]
[HKEY_LOCAL_MACHINE\software\DT Soft]
[HKEY_LOCAL_MACHINE\software\EPSON]
[HKEY_LOCAL_MACHINE\software\FRANCE TELECOM]
[HKEY_LOCAL_MACHINE\software\Gabest]
[HKEY_LOCAL_MACHINE\software\Garena]
[HKEY_LOCAL_MACHINE\software\GNU]
[HKEY_LOCAL_MACHINE\software\Google]
[HKEY_LOCAL_MACHINE\software\HaaliMkx]
[HKEY_LOCAL_MACHINE\software\InstallShield]
[HKEY_LOCAL_MACHINE\software\Intel]
[HKEY_LOCAL_MACHINE\software\InterVideo]
[HKEY_LOCAL_MACHINE\software\JavaSoft]
[HKEY_LOCAL_MACHINE\software\JreMetrics]
[HKEY_LOCAL_MACHINE\software\Khronos]
[HKEY_LOCAL_MACHINE\software\KLCodecPack]
[HKEY_LOCAL_MACHINE\software\Larian Studios]
[HKEY_LOCAL_MACHINE\software\Lavasoft]
[HKEY_LOCAL_MACHINE\software\Licenses]
[HKEY_LOCAL_MACHINE\software\Macromedia]
[HKEY_LOCAL_MACHINE\software\Malwarebytes' Anti-Malware]
[HKEY_LOCAL_MACHINE\software\Microsoft]
[HKEY_LOCAL_MACHINE\software\MimarSinan]
[HKEY_LOCAL_MACHINE\software\Mozilla]
[HKEY_LOCAL_MACHINE\software\mozilla.org]
[HKEY_LOCAL_MACHINE\software\MozillaPlugins]
[HKEY_LOCAL_MACHINE\software\Mumble]
[HKEY_LOCAL_MACHINE\software\NCSoft]
[HKEY_LOCAL_MACHINE\software\Netts]
[HKEY_LOCAL_MACHINE\software\NiProD_StargateAtlantisSimulation]
[HKEY_LOCAL_MACHINE\software\NVIDIA Corporation]
[HKEY_LOCAL_MACHINE\software\Ocean Global Holding]
[HKEY_LOCAL_MACHINE\software\ODBC]
[HKEY_LOCAL_MACHINE\software\OldTimer Tools]
[HKEY_LOCAL_MACHINE\software\Pando Networks]
[HKEY_LOCAL_MACHINE\software\PB_EBAY]
[HKEY_LOCAL_MACHINE\software\PB_FIRSTCHOICE]
[HKEY_LOCAL_MACHINE\software\PB_KODAK]
[HKEY_LOCAL_MACHINE\software\PB_METABOLI]
[HKEY_LOCAL_MACHINE\software\Piriform]
[HKEY_LOCAL_MACHINE\software\PocketSoft]
[HKEY_LOCAL_MACHINE\software\Policies]
[HKEY_LOCAL_MACHINE\software\RealNetworks]
[HKEY_LOCAL_MACHINE\software\Realtek]
[HKEY_LOCAL_MACHINE\software\Realtek Semiconductor Corp.]
[HKEY_LOCAL_MACHINE\software\RegisteredApplications]
[HKEY_LOCAL_MACHINE\software\RichFX]
[HKEY_LOCAL_MACHINE\software\Riot Games]
[HKEY_LOCAL_MACHINE\software\S3R521]
[HKEY_LOCAL_MACHINE\software\Safer Networking Limited]
[HKEY_LOCAL_MACHINE\software\Sagem]
[HKEY_LOCAL_MACHINE\software\SECURITOO]
[HKEY_LOCAL_MACHINE\software\Skype]
[HKEY_LOCAL_MACHINE\software\SolidStateNetworks]
[HKEY_LOCAL_MACHINE\software\Sonic]
[HKEY_LOCAL_MACHINE\software\SONOV]
[HKEY_LOCAL_MACHINE\software\SpywareBlaster]
[HKEY_LOCAL_MACHINE\software\SRS Labs]
[HKEY_LOCAL_MACHINE\software\Sun Microsystems]
[HKEY_LOCAL_MACHINE\software\Symantec]
[HKEY_LOCAL_MACHINE\software\SymNRT]
[HKEY_LOCAL_MACHINE\software\Team17 Software Ltd.]
[HKEY_LOCAL_MACHINE\software\THQ]
[HKEY_LOCAL_MACHINE\software\TrendMicro]
[HKEY_LOCAL_MACHINE\software\Valve]
[HKEY_LOCAL_MACHINE\software\VertigoGames]
[HKEY_LOCAL_MACHINE\software\VideoLAN]
[HKEY_LOCAL_MACHINE\software\Waves Audio]
[HKEY_LOCAL_MACHINE\software\WholeSecurity]
[HKEY_LOCAL_MACHINE\software\Windows]
[HKEY_LOCAL_MACHINE\software\X-AVCSD]
[HKEY_LOCAL_MACHINE\software\Xerox]
[HKEY_LOCAL_MACHINE\software\Xing Technology Corp.]
[HKEY_LOCAL_MACHINE\software\Zone Labs]
[HKEY_LOCAL_MACHINE\software\ZoneAlarm_Security]
[HKEY_LOCAL_MACHINE\software\Even Balance]
¤¤¤¤¤¤¤¤¤¤ Files/folders ¤¤¤¤¤¤¤¤¤¤
Present !! : C:\Users\Nenuph\AppData\Roaming\app
Present !! : C:\Users\Nenuph\AppData\Local\d3d9caps.dat
Present !! : C:\Users\Nenuph\AppData\Local\GDIPFONTCACHEV1.DAT
Present !! : C:\Windows\Temp\CabB6B1.tmp
Present !! : C:\Windows\Temp\TarB6B2.tmp
Present !! : C:\Windows\Temp\ZLT017e0.TMP
¤¤¤¤¤¤¤¤¤¤ Keys :
FEATURE_BROWSER_EMULATION | svchost :
====================================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-12 11:46:07
Windows 6.0.6002 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: ST350083 rev.3.AA -> Harddisk0\DR0 -> \Device\0000005d
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll sfsync02.sys storport.sys nvstor32.sys tcpip.sys NETIO.SYS
C:\Windows\System32\drivers\sfsync02.sys Protection Technology StarForce Protection System
C:\Windows\system32\drivers\nvstor32.sys NVIDIA Corporation NVIDIA nForce(TM) SATA Driver
1 ntkrnlpa!IofCallDriver[0x82492962] -> \Device\Harddisk0\DR0[0x86830AC8]
3 CLASSPNP[0x807B88B3] -> ntkrnlpa!IofCallDriver[0x82492962] -> [0x85E3B700]
5 acpi[0x806976BC] -> ntkrnlpa!IofCallDriver[0x82492962] -> \Device\0000005d[0x859CB8F0]
kernel: MBR read successfully
user & kernel MBR OK
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval = 1 (0x1)
FirstRunDisabled = 1 (0x1)
AntiVirusDisableNotify = 0 (0x0)
FirewallDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
AntiVirusOverride = 0 (0x0)
FirewallOverride = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 11:47:38,46
ok tu le relances et tu fais le nettoyage avec l'option clean , et si problème tu le lance depuis le dossier d'installation avec del_reg !!
Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :
choisis l'Option Clean
ton PC va redemarrer,
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
colle le contenu dans ta reponse
Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :
choisis l'Option Clean
ton PC va redemarrer,
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
colle le contenu dans ta reponse
Il y a un problème quand je lance del_reg. La fenetre bleu s'ouvre avec qqchose d'écrit
[...]
Accès refusé.
Ensuite le programme me demande si je veux nettoyer le disque je répond oui.
Et là y'a un message d'erreur où je doit demander si je continue avec le ficher "XXX" (je sais plus le nom).
Que je mette oui ou non plusieurs fois me fait apparaitre un petit truc, comme un page quia été réduite, en bas de l'écran avec comme nom un genre de mbr_lk
Donc je n'ai pas de fichier à la fin.
[...]
Accès refusé.
Ensuite le programme me demande si je veux nettoyer le disque je répond oui.
Et là y'a un message d'erreur où je doit demander si je continue avec le ficher "XXX" (je sais plus le nom).
Que je mette oui ou non plusieurs fois me fait apparaitre un petit truc, comme un page quia été réduite, en bas de l'écran avec comme nom un genre de mbr_lk
Donc je n'ai pas de fichier à la fin.
Là ca a marché, c'est bizarre.
¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.1.2.7 ¤¤¤¤¤¤¤¤¤¤
User : Nenuph (Administrateurs)
Update on 08/12/2010 by g3n-h@ckm@n ::::: 19.00
Start at: 17:07:06 | 12/12/2010
Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 7.0.6002.18005
Windows Firewall Status : Enabled
C:\ -> Disque fixe local | 457,76 Go (256,6 Go free) [HDD] | NTFS
D:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
K:\ -> Disque amovible
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\Windows\Temp\CabB6B1.tmp
Quarantined & Deleted !! : C:\Windows\Temp\TarB6B2.tmp
¤¤¤¤¤¤¤¤¤¤ Hosts ¤¤¤¤¤¤¤¤¤¤
127.0.0.1 localhost
¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
Local Page = C:\WINDOWS\system32\blank.htm
Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.google.com/?gws_rd=ssl
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
¤¤¤¤¤¤¤¤¤¤ Security Center ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval = 1 (0x1)
FirstRunDisabled = 1 (0x1)
AntiVirusDisableNotify = 0 (0x0)
FirewallDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
AntiVirusOverride = 0 (0x0)
FirewallOverride = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤
Ndisuio : Start = 3
EapHost : Start = 2
Wlansvc : Start = 2
SharedAccess : Start = 2
windefend : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2
¤¤¤¤¤¤¤¤¤¤ Winlogon
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
Shell = explorer.exe
Userinit = C:\Windows\System32\userinit.exe,
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Disk Cleaned
Prefetch cleaned
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
FEATURE_BROWSER_EMULATION | svchost :
====================================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: ST350083 rev.3.AA -> Harddisk0\DR0 -> \Device\0000005d
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll sfsync02.sys storport.sys nvstor32.sys
C:\Windows\System32\drivers\sfsync02.sys Protection Technology StarForce Protection System
C:\Windows\system32\drivers\nvstor32.sys NVIDIA Corporation NVIDIA nForce(TM) SATA Driver
1 ntkrnlpa!IofCallDriver[0x82492962] -> \Device\Harddisk0\DR0[0x86830AC8]
3 CLASSPNP[0x807B88B3] -> ntkrnlpa!IofCallDriver[0x82492962] -> [0x85E3B700]
5 acpi[0x806976BC] -> ntkrnlpa!IofCallDriver[0x82492962] -> \Device\0000005d[0x859CB8F0]
kernel: MBR read successfully
user & kernel MBR OK
End of Scan : 17:07:19,17
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.1.2.7 ¤¤¤¤¤¤¤¤¤¤
User : Nenuph (Administrateurs)
Update on 08/12/2010 by g3n-h@ckm@n ::::: 19.00
Start at: 17:07:06 | 12/12/2010
Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 7.0.6002.18005
Windows Firewall Status : Enabled
C:\ -> Disque fixe local | 457,76 Go (256,6 Go free) [HDD] | NTFS
D:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
K:\ -> Disque amovible
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\Windows\Temp\CabB6B1.tmp
Quarantined & Deleted !! : C:\Windows\Temp\TarB6B2.tmp
¤¤¤¤¤¤¤¤¤¤ Hosts ¤¤¤¤¤¤¤¤¤¤
127.0.0.1 localhost
¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
Local Page = C:\WINDOWS\system32\blank.htm
Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.google.com/?gws_rd=ssl
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
¤¤¤¤¤¤¤¤¤¤ Security Center ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval = 1 (0x1)
FirstRunDisabled = 1 (0x1)
AntiVirusDisableNotify = 0 (0x0)
FirewallDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
AntiVirusOverride = 0 (0x0)
FirewallOverride = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤
Ndisuio : Start = 3
EapHost : Start = 2
Wlansvc : Start = 2
SharedAccess : Start = 2
windefend : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2
¤¤¤¤¤¤¤¤¤¤ Winlogon
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
Shell = explorer.exe
Userinit = C:\Windows\System32\userinit.exe,
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Disk Cleaned
Prefetch cleaned
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
FEATURE_BROWSER_EMULATION | svchost :
====================================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: ST350083 rev.3.AA -> Harddisk0\DR0 -> \Device\0000005d
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll sfsync02.sys storport.sys nvstor32.sys
C:\Windows\System32\drivers\sfsync02.sys Protection Technology StarForce Protection System
C:\Windows\system32\drivers\nvstor32.sys NVIDIA Corporation NVIDIA nForce(TM) SATA Driver
1 ntkrnlpa!IofCallDriver[0x82492962] -> \Device\Harddisk0\DR0[0x86830AC8]
3 CLASSPNP[0x807B88B3] -> ntkrnlpa!IofCallDriver[0x82492962] -> [0x85E3B700]
5 acpi[0x806976BC] -> ntkrnlpa!IofCallDriver[0x82492962] -> \Device\0000005d[0x859CB8F0]
kernel: MBR read successfully
user & kernel MBR OK
End of Scan : 17:07:19,17
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
