Probleme de rootkit ou autre?
bsp91
Messages postés
181
Statut
Membre
-
bsp91 Messages postés 181 Statut Membre -
bsp91 Messages postés 181 Statut Membre -
Bonjour,
j'ai un soucis avec mon pc et explorer.exe il plante quand j'essaye de vider la corbeille avec clique droit.
Et au démarrage j'ai l'écran tout noir il faut que je fasse ctrl+alt+suppr ouvrir le gestionnaire de tâches et terminer explorer.exe et le relancer, et là, j'ai mon fond d'écran qui arrive et mes icônes... Mais le tout reste instable !
là j'ai fait plusieur analyses mais rien de mieux
j'ai un rapport "ZHPdiag"
Rapport de ZHPDiag v1.32.25 par Nicolas Coolman, Update du 16/12/2012
Run by mouths91 at 18/12/2012 13:38:32
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
State : Version à jour.
UAC :
Boot mode: Normal (Normal boot)
Logged in as Administrator
---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 15.0.1 v15.0.1 (Defaut)
GCIE: Google Chrome v23.0.1271.97
---\\ Processus lancés
[MD5.7DE7C0D83661C574F72D59B6B153BAF9] - (.NVIDIA - NVIDIA nTune Command.) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [133736] [PID.2740]
[MD5.D610CDEDF1F702EB0A86B0FBD9BB49E5] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [1820520] [PID.3784]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.3672]
[MD5.0C968E011268429C1D218169233C06F7] - (...) -- C:\Program Files\VideoLAN\VLC\vlc.exe [108544] [PID.1512]
[MD5.0721E04731625BD80221DDB4CFDE7885] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [3788288] [PID.7664]
[MD5.9C376F42BDE37F18D0A39AF7415D9BE6] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [917984] [PID.7420]
[MD5.7F6EC840E0954055D58CD57B6ACA9D92] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [16864] [PID.6496]
[MD5.EB5A13F9139F20AD71ADF4BF79C3AA29] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 306.9.) -- C:\Windows\system32\nvvsvc.exe [645992] [PID.]
[MD5.F0359F7CE712D69ACEF0886BDB4792ED] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [382824] [PID.]
[MD5.E077FCA2A7E79FB9BF67D3E30B5CE593] - (.Microsoft Corporation - Antimalware Service Executable.) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe [20472] [PID.]
[MD5.995D0B52870C7A5CAF3EA165FD674A35] - (.Logitech Inc. - Logitech LVPrcSrv Module..) -- c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [109344] [PID.]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.]
[MD5.C71F2B4D0151CFEDE5D405C5D60B6FCE] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [864616] [PID.]
[MD5.D19C4EE2AC7C47B8F5F84FFF1A789D8A] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [63960] [PID.]
[MD5.55FED228FE147ECB9C47A1C55388896E] - (.Seagate Technology LLC - Sync Windows Services.) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe [124280] [PID.]
[MD5.11A220EB53F1D42B8AF0AD1210B8241D] - (.Intel Corporation - RAID Monitor.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [354840] [PID.]
[MD5.6E5DAC168D1FF9843E84A59D51D31107] - (.Hewlett-Packard Company - Pas de description.) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440] [PID.]
[MD5.167633C51E1119CA49047A484E365DFA] - (.NVIDIA - NVIDIA Performance Service.) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [191080] [PID.]
[MD5.47C0CC7E9466A1D1897D83CFACA0A507] - (.NVIDIA - NVIDIA Update Center Service.) -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe [195176] [PID.]
[MD5.F41B4726BE452724737ECFE1FB17E4E7] - (...) -- C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJATH\WpsSupplicant.exe [61440] [PID.]
[MD5.0629259E3AF6BB0534FCECA208973404] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1258856] [PID.]
~ Scan Processes Running in 00mn 00s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\mouths91\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] None
~ Scan Google Browser in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\mouths91\AppData\Roaming\Mozilla\Firefox\Profiles\a301q9i1.default\prefs.js
M3 - MFPP: Plugins - [mouths91] -- C:\Program Files\Mozilla FireFox\searchplugins\amazon-france.xml
M3 - MFPP: Plugins - [mouths91] -- C:\Program Files\Mozilla FireFox\searchplugins\bing.xml
M3 - MFPP: Plugins - [mouths91] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml
M3 - MFPP: Plugins - [mouths91] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-france.xml
M3 - MFPP: Plugins - [mouths91] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml
M3 - MFPP: Plugins - [mouths91] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml
M3 - MFPP: Plugins - [mouths91] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-france.xml
M3 - MFPP: Plugins - [mouths91] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo.xml
M0 - MFSP: prefs.js [mouths91 - a301q9i1.default] https://www.google.fr/?gws_rd=ssl
M2 - MFEP: prefs.js [mouths91 - a301q9i1.default\jid1-yZwVFzbsyfMrqQ@jetpack] [] Lavasoft Search Plugin v0.6 (.Lavasoft.)
M2 - MFEP: prefs.js [mouths91 - a301q9i1.default\{20a82645-c095-46ed-80e3-08825760534b}] [MicrosoftCG] Microsoft .NET Framework Assistant v1.2.1 (.Microsoft.)
M2 - MFEP: prefs.js [mouths91 - a301q9i1.default\{3112ca9c-de6d-4884-a869-9855de68056c}] [] Google Toolbar for Firefox v7.1.20110512W (.Google Inc..)
P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - Office Plugin for Netscape Navigator.) -- C:\Program Files\Mozilla Firefox\Plugins\NPOFF12.DLL
P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.4.) -- C:\Program Files\Mozilla Firefox\Plugins\nppdf32.dll
P2 - FPN:Firefox Plugin Navigator . (.RealNetworks, Inc. - RealPlayer(tm) LiveConnect-Enabled Plug-In.) -- C:\Program Files\Mozilla Firefox\Plugins\nppl3260.dll
P2 - FPN:Firefox Plugin Navigator . (.RealNetworks, Inc. - RealJukebox Netscape Plugin.) -- C:\Program Files\Mozilla Firefox\Plugins\nprjplug.dll
P2 - FPN:Firefox Plugin Navigator . (.RealPlayer - RealPlayer Download Plugin.) -- C:\Program Files\Mozilla Firefox\Plugins\nprpplugin.dll
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
P2 - FPN: [HKLM] [@divx.com/DivX Browser Plugin,version=1.0.0] - (.DivX, LLC - DivX Plus Web Player version 2.2.0.52.) -- C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
P2 - FPN: [HKLM] [@divx.com/DivX VOD Helper,version=1.0.0] - (.DivX, LLC. - DivX VOD Helper Plug-in.) -- C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
P2 - FPN: [HKLM] [@google.com/npPicasa3,version=3.0.0] - (.Google, Inc. - Picasa plugin.) -- C:\Program Files\Google\Picasa3\npPicasa3.dll
P2 - FPN: [HKLM] [@java.com/DTPlugin,version=10.7.2] - (.Oracle Corporation - NPRuntime Script Plug-in Library for Java(TM) Deploy.) -- C:\Windows\system32\npDeployJava1.dll
P2 - FPN: [HKLM] [@java.com/JavaPlugin,version=10.9.2] - (.Oracle Corporation - Next Generation Java Plug-in 10.9.2 for Mozilla browsers.) -- C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.1.10329.0.) -- C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=14.0.8117.0416] - (.Microsoft Corporation - NPWLPG.) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=15.4.3502.0922] - (.Microsoft Corporation - NPWLPG.) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
P2 - FPN: [HKLM] [@nvidia.com/3DVision] - (.NVIDIA Corporation - NVIDIA 3D Vision plugin for Mozilla browsers.) -- C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
P2 - FPN: [HKLM] [@nvidia.com/3DVisionStreaming] - (.NVIDIA Corporation - NVIDIA 3D Vision Streaming plugin for Mozilla browsers.) -- C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
P2 - FPN: [HKLM] [@pack.google.com/Google Updater;version=14] - (.Google - Google Updater plugin<br><a href="http://pack.google.com/">http://pack.) -- C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
P2 - FPN: [HKLM] [@playstation.com/PsndlCheck,version=1.00] - (.Sony Computer Entertainment Inc. - PlayStation(R)Network Downloader Check Plug-in.) -- C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll
P2 - FPN: [HKLM] [@real.com/nppl3260;version=15.0.4.53] - (.RealNetworks, Inc. - RealPlayer(tm) LiveConnect-Enabled Plug-In.) -- c:\program files\real\realplayer\Netscape6\nppl3260.dll
P2 - FPN: [HKLM] [@real.com/nprjplug;version=15.0.4.53] - (.RealNetworks, Inc. - RealJukebox Netscape Plugin.) -- c:\program files\real\realplayer\Netscape6\nprjplug.dll
P2 - FPN: [HKLM] [@real.com/nprpchromebrowserrecordext;version=15.0.4.53] - (.RealNetworks, Inc. - RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In.) -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrec
P2 - FPN: [HKLM] [@real.com/nprphtml5videoshim;version=15.0.4.53] - (.RealNetworks, Inc. - RealPlayer(tm) HTML5VideoShim Plug-In.) -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
P2 - FPN: [HKLM] [@real.com/nprpplugin;version=15.0.4.53] - (.RealPlayer - RealPlayer Download Plugin.) -- c:\program files\real\realplayer\Netscape6\nprpplugin.dll
P2 - FPN: [HKLM] [@RIM.com/WebSLLauncher,version=1.0] - (...) -- C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
P2 - FPN: [HKLM] [@videolan.org/vlc,version=1.1.0] - (.VideoLAN - VLC media player Web Plugin 2.0.2.) -- C:\Program Files\VideoLAN\VLC\npvlc.dll
P2 - FPN: [HKLM] [@videolan.org/vlc,version=2.0.3] - (.VideoLAN - VLC media player Web Plugin 2.0.2.) -- C:\Program Files\VideoLAN\VLC\npvlc.dll
P2 - FPN: [HKLM] [Adobe Reader] - (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.4.) -- C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
~ Scan Firefox Browser in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/?gws_rd=ssl
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.com/?gws_rd=ssl
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.google.com/?gws_rd=ssl
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.4.) (No version) -- (.not file.)
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 0
~ Scan IE Browser in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Scan Proxy management in 00mn 00s
---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Scan Keys in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} Clé orpheline
~ Scan Toolbar in 00mn 00s
---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [hpsysdrv] . (.Hewlett-Packard Company - hpsysdrv.) -- c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\WINDOWS\RtHDVCpl.exe
O4 - HKLM\..\Run: [basicsmssmenu] . (.Maxtor Corporation - Maxtor Status Icon.) -- C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
O4 - HKLM\..\Run: [FightMouse Advanced] . (...) -- C:\Program Files\Revoltec\FightMouse\Panel.exe
O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] . (.Google Inc. - Gmail Notifier.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- c:\program files\real\realplayer\Update\realsched.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\RunOnce: [Launcher] . (.soft thinks - Launcher.) -- C:\WINDOWS\SMINST\launcher.exe
O4 - HKLM\..\RunOnce: [List_Kill'em] . (...) -- C:\Program Files\List_Kill'em\del_reg.bat
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-21-3088393738-1579665052-972719567-1006-3088393738-1579665052-972719567-1001\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
~ Scan Application in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Users\mouths91\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\mouths91\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Mail\WinMail.exe
O4 - Global Startup: C:\Users\mouths91\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\adsl TV.lnk . (.adsl TV / FM.) -- C:\Program Files\adslTV\adsltv.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\Centre de solutions HP.lnk . (.Hewlett-Packard Company.) -- C:\Program Files\HP\Digital Imaging\bin\hpqdirec.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\Counter-Strike Global Offensive.url . (...) -- C:\Users\mouths91\Desktop\Counter-Strike Global Offensive.url
O4 - Global Startup: C:\Users\mouths91\Desktop\Counter-Strike Source.lnk . (.Valve Corporation.) -- C:\Program Files\Steam\Steam.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\Defraggler.lnk . (.Piriform Ltd.) -- C:\Program Files\Defraggler\Defraggler.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\DivX Movies.lnk . (...) -- C:\Users\mouths91\Videos\DivX Movies
O4 - Global Startup: C:\Users\mouths91\Desktop\film - Raccourci.lnk . (...) -- F:\mouths91\film
O4 - Global Startup: C:\Users\mouths91\Desktop\Free FLV Converter.lnk . (.Koyote Soft.) -- C:\Program Files\Free FLV Converter\FreeFLVConverter.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\Free Video Converter.lnk . (.Koyote Soft.) -- C:\Program Files\Free Video Converter\FreeVideoConverter.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\gta-vc - Raccourci.lnk . (...) -- C:\Program Files\Rockstar Games\Grand Theft Auto Vice City\gta-vc.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\gta3 - Raccourci.lnk . (...) -- C:\Program Files\Rockstar Games\GTAIII\gta3.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\gta_sa.lnk . (...) -- C:\Program Files\Rockstar Games\GTA San Andreas\gta_sa.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\List_Kill'em.lnk . (...) -- C:\Program Files\List_Kill'em\List_Kill'em.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\Metro 2033.url . (...) -- C:\Users\mouths91\Desktop\Metro 2033.url
O4 - Global Startup: C:\Users\mouths91\Desktop\mIRC.lnk . (.mIRC Co. Ltd..) -- C:\Program Files\mIRC\mirc.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\NCR - Raccourci.lnk . (.Macromedia, Inc..) -- C:\Users\mouths91\Documents\code de la route\code de la route\NCR.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\Notepad++.lnk . (.Don HO don.h@free.fr.) -- C:\Program Files\Notepad++\notepad++.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\Rap Contenders.lnk . (...) -- C:\Users\mouths91\Music\rap contenders
O4 - Global Startup: C:\Users\mouths91\Desktop\SixaxisDriver .lnk . (...) -- C:\Program Files\SixaxisDriver\DriverLoader.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\sony ericsson x10 - Raccourci.lnk . (...) -- C:\Users\mouths91\sony ericsson x10.vbs
O4 - Global Startup: C:\Users\mouths91\Desktop\SpeedFan.lnk . (.Almico Software (www.almico.com).) -- C:\Program Files\SpeedFan\speedfan.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\Spybot - Search & Destroy.lnk . (.Safer Networking Limited.) -- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\Temp - Raccourci.lnk . (...) -- C:\Users\mouths91\AppData\Local\Temp
O4 - Global Startup: C:\Users\mouths91\Desktop\Undelete 360.lnk . (.File Recovery Ltd..) -- C:\Program Files\File Recovery\undelete360\undelete-360.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\Update Service Pro.lnk . (...) -- C:\Program Files\Sony Ericsson\Update Service Pro\USP.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\Update Service.lnk . (...) -- C:\Program Files\Sony Ericsson\Update Service\Update Service.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\Windows Movie Maker.lnk . (.Microsoft Corporation.) -- C:\Program Files\Movie Maker\MOVIEMK.exe
O4 - Global Startup: C:\Users\mouths91\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk . (.Google Inc..) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - Global Startup: C:\Users\mouths91\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Inkscape.lnk . (.inkscape.org.) -- C:\Program Files\Inkscape\inkscape.exe
O4 - Global Startup: C:\Users\mouths91\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\mouths91\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - Global Startup: C:\Users\mouths91\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk . (.Google Inc..) -- C:\Program Files\Google\Picasa3\Picasa3.exe
O4 - Global Startup: C:\Users\mouths91\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Skype.lnk . (...) -- C:\Windows\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeIcon.exe
O4 - Global Startup: C:\Users\mouths91\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk . (.Safer Networking Limited.) -- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
O4 - Global Startup: C:\Users\mouths91\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - Global Startup: C:\Users\IUSR_NMPR\Desktop\HijackThis.lnk . (.Trend Micro Inc..) -- C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O4 - Global Startup: C:\Users\IUSR_NMPR\Desktop\SpeedFan.lnk . (.Almico Software (www.almico.com).) -- C:\Program Files\SpeedFan\speedfan.exe
O4 - Global Startup: C:\Users\IUSR_NMPR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk . (.Google Inc..) -- C:\Program Files\Google\Picasa3\Picasa3.exe
O4 - Global Startup: C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Badoo Desktop.lnk . (.Badoo.) -- C:\ProgramData\Badoo\Badoo Desktop\1.5.3.949\Badoo.Desktop.exe
O4 - Global Startup: C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Mail\WinMail.exe
O4 - Global Startup: C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - Global Startup: C:\Users\Amy\Desktop\Continue FoxTab Video Converter Installation.lnk . (...) -- C:\Users\mouths91\AppData\Local\Temp\ICReinstall_VideoConverterSetup.exe (.not file.)
O4 - Global Startup: C:\Users\Amy\Desktop\FoxTab Video Converter.lnk . (...) -- C:\Program Files\FoxTabVideoConverter\VideoConverter.exe (.not file.)
O4 - Global Startup: C:\Users\Amy\Desktop\HijackThis.lnk . (.Trend Micro Inc..) -- C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O4 - Global Startup: C:\Users\Amy\Desktop\Microsoft Works.LNK . (.Microsoft® Corporation.) -- C:\Program Files\Microsoft Works\MSWorks.exe
O4 - Global Startup: C:\Users\Amy\Desktop\SpeedFan.lnk . (.Almico Software (www.almico.com).) -- C:\Program Files\SpeedFan\speedfan.exe
O4 - Global Startup: C:\Users\Amy\Desktop\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - Global Startup: C:\Users\Amy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\Amy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Musique - Raccourci.lnk . (...) -- C:\Users\mouths91\Music
O4 - Global Startup: C:\Users\Amy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Media Player (2).lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - Global Startup: C:\Users\Adji\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Mail\WinMail.exe
O4 - Global Startup: C:\Users\Adji\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - Global Startup: C:\Users\Adji\Desktop\HijackThis.lnk . (.Trend Micro Inc..) -- C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O4 - Global Startup: C:\Users\Adji\Desktop\SpeedFan.lnk . (.Almico Software (www.almico.com).) -- C:\Program Files\SpeedFan\speedfan.exe
~ Scan Global Startup in 03mn 58s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -- Clé orpheline
~ Scan IE Extra Buttons in 00mn 00s
---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d'affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll
O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corporation - Windows Sockets Helper DLL.) -- C:\Windows\system32\wshbth.dll
~ Scan Winsock in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{6B00034F-16C0-47E7-B62E-167EDEF18B20}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{6B00034F-16C0-47E7-B62E-167EDEF18B20}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS3\Services\Tcpip\..\{6B00034F-16C0-47E7-B62E-167EDEF18B20}: DhcpNameServer = 212.27.40.240 212.27.40.241
~ Scan Domain in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll
O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\msvidctl.dll
O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\WINDOWS\System32\itss.dll
O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll
O18 - Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll
O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll
O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\WINDOWS\system32\inetcomm.dll
O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) -- C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\WINDOWS\System32\itss.dll
O18 - Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll
O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll
O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\msvidctl.dll
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll
O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\System32\mscoree.dll
O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\System32\mscoree.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\System32\mscoree.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll
~ Scan Protocole Additionnel in 00mn 00s
---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Contrôleur de site Web.) -- C:\Windows\System32\webcheck.dll
~ Scan SSODL in 00mn 00s
---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - (.not file.)
~ Scan STS/SSO in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Basics Service (Basics Service) . (.Seagate Technology LLC - Sync Windows Services.) - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Service Google Update (gupdate) (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) . (.Google - gusvc.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) . (.Intel Corporation - RAID Monitor.) - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) . (.Intel(R) Corporation - Intel(R) Factory Mode Service.) - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: LightScribeService Direct Disc Labeling (LightScribeService) . (.Hewlett-Packard Company - Pas de description.) - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) . (.Logitech Inc. - Logitech LVPrcSrv Module..) - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher (LVSrvLauncher) . (.Logitech Inc. - LogitechService Launcher.) - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Performance Service (nTuneService) . (.NVIDIA - NVIDIA Performance Service.) - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 306.9.) - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) . (.NVIDIA Corporation - NVIDIA Settings Update Manager.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) . (.Safer Networking Ltd. - Spybot-S&D Security Center integration.) - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) . (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Update Center Service (UpdateCenterService) . (.NVIDIA - NVIDIA Update Center Service.) - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
O23 - Service: WpsSupplicant (WpsSupplicant) . (...) - C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJATH\WpsSupplicant.exe
~ Scan Services in 00mn 00s
---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) - (.not file.)
~ Scan Desktop Component in 00mn 00s
End of the scan (316 lines in 04mn 05s)(0)
j'ai un soucis avec mon pc et explorer.exe il plante quand j'essaye de vider la corbeille avec clique droit.
Et au démarrage j'ai l'écran tout noir il faut que je fasse ctrl+alt+suppr ouvrir le gestionnaire de tâches et terminer explorer.exe et le relancer, et là, j'ai mon fond d'écran qui arrive et mes icônes... Mais le tout reste instable !
là j'ai fait plusieur analyses mais rien de mieux
j'ai un rapport "ZHPdiag"
Rapport de ZHPDiag v1.32.25 par Nicolas Coolman, Update du 16/12/2012
Run by mouths91 at 18/12/2012 13:38:32
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
State : Version à jour.
UAC :
Boot mode: Normal (Normal boot)
Logged in as Administrator
---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 15.0.1 v15.0.1 (Defaut)
GCIE: Google Chrome v23.0.1271.97
---\\ Processus lancés
[MD5.7DE7C0D83661C574F72D59B6B153BAF9] - (.NVIDIA - NVIDIA nTune Command.) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [133736] [PID.2740]
[MD5.D610CDEDF1F702EB0A86B0FBD9BB49E5] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [1820520] [PID.3784]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.3672]
[MD5.0C968E011268429C1D218169233C06F7] - (...) -- C:\Program Files\VideoLAN\VLC\vlc.exe [108544] [PID.1512]
[MD5.0721E04731625BD80221DDB4CFDE7885] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [3788288] [PID.7664]
[MD5.9C376F42BDE37F18D0A39AF7415D9BE6] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [917984] [PID.7420]
[MD5.7F6EC840E0954055D58CD57B6ACA9D92] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [16864] [PID.6496]
[MD5.EB5A13F9139F20AD71ADF4BF79C3AA29] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 306.9.) -- C:\Windows\system32\nvvsvc.exe [645992] [PID.]
[MD5.F0359F7CE712D69ACEF0886BDB4792ED] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [382824] [PID.]
[MD5.E077FCA2A7E79FB9BF67D3E30B5CE593] - (.Microsoft Corporation - Antimalware Service Executable.) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe [20472] [PID.]
[MD5.995D0B52870C7A5CAF3EA165FD674A35] - (.Logitech Inc. - Logitech LVPrcSrv Module..) -- c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [109344] [PID.]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.]
[MD5.C71F2B4D0151CFEDE5D405C5D60B6FCE] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [864616] [PID.]
[MD5.D19C4EE2AC7C47B8F5F84FFF1A789D8A] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [63960] [PID.]
[MD5.55FED228FE147ECB9C47A1C55388896E] - (.Seagate Technology LLC - Sync Windows Services.) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe [124280] [PID.]
[MD5.11A220EB53F1D42B8AF0AD1210B8241D] - (.Intel Corporation - RAID Monitor.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [354840] [PID.]
[MD5.6E5DAC168D1FF9843E84A59D51D31107] - (.Hewlett-Packard Company - Pas de description.) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440] [PID.]
[MD5.167633C51E1119CA49047A484E365DFA] - (.NVIDIA - NVIDIA Performance Service.) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [191080] [PID.]
[MD5.47C0CC7E9466A1D1897D83CFACA0A507] - (.NVIDIA - NVIDIA Update Center Service.) -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe [195176] [PID.]
[MD5.F41B4726BE452724737ECFE1FB17E4E7] - (...) -- C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJATH\WpsSupplicant.exe [61440] [PID.]
[MD5.0629259E3AF6BB0534FCECA208973404] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1258856] [PID.]
~ Scan Processes Running in 00mn 00s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\mouths91\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] None
~ Scan Google Browser in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\mouths91\AppData\Roaming\Mozilla\Firefox\Profiles\a301q9i1.default\prefs.js
M3 - MFPP: Plugins - [mouths91] -- C:\Program Files\Mozilla FireFox\searchplugins\amazon-france.xml
M3 - MFPP: Plugins - [mouths91] -- C:\Program Files\Mozilla FireFox\searchplugins\bing.xml
M3 - MFPP: Plugins - [mouths91] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml
M3 - MFPP: Plugins - [mouths91] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-france.xml
M3 - MFPP: Plugins - [mouths91] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml
M3 - MFPP: Plugins - [mouths91] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml
M3 - MFPP: Plugins - [mouths91] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-france.xml
M3 - MFPP: Plugins - [mouths91] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo.xml
M0 - MFSP: prefs.js [mouths91 - a301q9i1.default] https://www.google.fr/?gws_rd=ssl
M2 - MFEP: prefs.js [mouths91 - a301q9i1.default\jid1-yZwVFzbsyfMrqQ@jetpack] [] Lavasoft Search Plugin v0.6 (.Lavasoft.)
M2 - MFEP: prefs.js [mouths91 - a301q9i1.default\{20a82645-c095-46ed-80e3-08825760534b}] [MicrosoftCG] Microsoft .NET Framework Assistant v1.2.1 (.Microsoft.)
M2 - MFEP: prefs.js [mouths91 - a301q9i1.default\{3112ca9c-de6d-4884-a869-9855de68056c}] [] Google Toolbar for Firefox v7.1.20110512W (.Google Inc..)
P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - Office Plugin for Netscape Navigator.) -- C:\Program Files\Mozilla Firefox\Plugins\NPOFF12.DLL
P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.4.) -- C:\Program Files\Mozilla Firefox\Plugins\nppdf32.dll
P2 - FPN:Firefox Plugin Navigator . (.RealNetworks, Inc. - RealPlayer(tm) LiveConnect-Enabled Plug-In.) -- C:\Program Files\Mozilla Firefox\Plugins\nppl3260.dll
P2 - FPN:Firefox Plugin Navigator . (.RealNetworks, Inc. - RealJukebox Netscape Plugin.) -- C:\Program Files\Mozilla Firefox\Plugins\nprjplug.dll
P2 - FPN:Firefox Plugin Navigator . (.RealPlayer - RealPlayer Download Plugin.) -- C:\Program Files\Mozilla Firefox\Plugins\nprpplugin.dll
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
P2 - FPN: [HKLM] [@divx.com/DivX Browser Plugin,version=1.0.0] - (.DivX, LLC - DivX Plus Web Player version 2.2.0.52.) -- C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
P2 - FPN: [HKLM] [@divx.com/DivX VOD Helper,version=1.0.0] - (.DivX, LLC. - DivX VOD Helper Plug-in.) -- C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
P2 - FPN: [HKLM] [@google.com/npPicasa3,version=3.0.0] - (.Google, Inc. - Picasa plugin.) -- C:\Program Files\Google\Picasa3\npPicasa3.dll
P2 - FPN: [HKLM] [@java.com/DTPlugin,version=10.7.2] - (.Oracle Corporation - NPRuntime Script Plug-in Library for Java(TM) Deploy.) -- C:\Windows\system32\npDeployJava1.dll
P2 - FPN: [HKLM] [@java.com/JavaPlugin,version=10.9.2] - (.Oracle Corporation - Next Generation Java Plug-in 10.9.2 for Mozilla browsers.) -- C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.1.10329.0.) -- C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=14.0.8117.0416] - (.Microsoft Corporation - NPWLPG.) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=15.4.3502.0922] - (.Microsoft Corporation - NPWLPG.) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
P2 - FPN: [HKLM] [@nvidia.com/3DVision] - (.NVIDIA Corporation - NVIDIA 3D Vision plugin for Mozilla browsers.) -- C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
P2 - FPN: [HKLM] [@nvidia.com/3DVisionStreaming] - (.NVIDIA Corporation - NVIDIA 3D Vision Streaming plugin for Mozilla browsers.) -- C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
P2 - FPN: [HKLM] [@pack.google.com/Google Updater;version=14] - (.Google - Google Updater plugin<br><a href="http://pack.google.com/">http://pack.) -- C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
P2 - FPN: [HKLM] [@playstation.com/PsndlCheck,version=1.00] - (.Sony Computer Entertainment Inc. - PlayStation(R)Network Downloader Check Plug-in.) -- C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll
P2 - FPN: [HKLM] [@real.com/nppl3260;version=15.0.4.53] - (.RealNetworks, Inc. - RealPlayer(tm) LiveConnect-Enabled Plug-In.) -- c:\program files\real\realplayer\Netscape6\nppl3260.dll
P2 - FPN: [HKLM] [@real.com/nprjplug;version=15.0.4.53] - (.RealNetworks, Inc. - RealJukebox Netscape Plugin.) -- c:\program files\real\realplayer\Netscape6\nprjplug.dll
P2 - FPN: [HKLM] [@real.com/nprpchromebrowserrecordext;version=15.0.4.53] - (.RealNetworks, Inc. - RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In.) -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrec
P2 - FPN: [HKLM] [@real.com/nprphtml5videoshim;version=15.0.4.53] - (.RealNetworks, Inc. - RealPlayer(tm) HTML5VideoShim Plug-In.) -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
P2 - FPN: [HKLM] [@real.com/nprpplugin;version=15.0.4.53] - (.RealPlayer - RealPlayer Download Plugin.) -- c:\program files\real\realplayer\Netscape6\nprpplugin.dll
P2 - FPN: [HKLM] [@RIM.com/WebSLLauncher,version=1.0] - (...) -- C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
P2 - FPN: [HKLM] [@videolan.org/vlc,version=1.1.0] - (.VideoLAN - VLC media player Web Plugin 2.0.2.) -- C:\Program Files\VideoLAN\VLC\npvlc.dll
P2 - FPN: [HKLM] [@videolan.org/vlc,version=2.0.3] - (.VideoLAN - VLC media player Web Plugin 2.0.2.) -- C:\Program Files\VideoLAN\VLC\npvlc.dll
P2 - FPN: [HKLM] [Adobe Reader] - (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.4.) -- C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
~ Scan Firefox Browser in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/?gws_rd=ssl
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.com/?gws_rd=ssl
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.google.com/?gws_rd=ssl
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.4.) (No version) -- (.not file.)
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 0
~ Scan IE Browser in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Scan Proxy management in 00mn 00s
---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Scan Keys in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} Clé orpheline
~ Scan Toolbar in 00mn 00s
---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [hpsysdrv] . (.Hewlett-Packard Company - hpsysdrv.) -- c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\WINDOWS\RtHDVCpl.exe
O4 - HKLM\..\Run: [basicsmssmenu] . (.Maxtor Corporation - Maxtor Status Icon.) -- C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
O4 - HKLM\..\Run: [FightMouse Advanced] . (...) -- C:\Program Files\Revoltec\FightMouse\Panel.exe
O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] . (.Google Inc. - Gmail Notifier.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- c:\program files\real\realplayer\Update\realsched.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\RunOnce: [Launcher] . (.soft thinks - Launcher.) -- C:\WINDOWS\SMINST\launcher.exe
O4 - HKLM\..\RunOnce: [List_Kill'em] . (...) -- C:\Program Files\List_Kill'em\del_reg.bat
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-21-3088393738-1579665052-972719567-1006-3088393738-1579665052-972719567-1001\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
~ Scan Application in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Users\mouths91\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\mouths91\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Mail\WinMail.exe
O4 - Global Startup: C:\Users\mouths91\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\adsl TV.lnk . (.adsl TV / FM.) -- C:\Program Files\adslTV\adsltv.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\Centre de solutions HP.lnk . (.Hewlett-Packard Company.) -- C:\Program Files\HP\Digital Imaging\bin\hpqdirec.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\Counter-Strike Global Offensive.url . (...) -- C:\Users\mouths91\Desktop\Counter-Strike Global Offensive.url
O4 - Global Startup: C:\Users\mouths91\Desktop\Counter-Strike Source.lnk . (.Valve Corporation.) -- C:\Program Files\Steam\Steam.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\Defraggler.lnk . (.Piriform Ltd.) -- C:\Program Files\Defraggler\Defraggler.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\DivX Movies.lnk . (...) -- C:\Users\mouths91\Videos\DivX Movies
O4 - Global Startup: C:\Users\mouths91\Desktop\film - Raccourci.lnk . (...) -- F:\mouths91\film
O4 - Global Startup: C:\Users\mouths91\Desktop\Free FLV Converter.lnk . (.Koyote Soft.) -- C:\Program Files\Free FLV Converter\FreeFLVConverter.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\Free Video Converter.lnk . (.Koyote Soft.) -- C:\Program Files\Free Video Converter\FreeVideoConverter.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\gta-vc - Raccourci.lnk . (...) -- C:\Program Files\Rockstar Games\Grand Theft Auto Vice City\gta-vc.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\gta3 - Raccourci.lnk . (...) -- C:\Program Files\Rockstar Games\GTAIII\gta3.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\gta_sa.lnk . (...) -- C:\Program Files\Rockstar Games\GTA San Andreas\gta_sa.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\List_Kill'em.lnk . (...) -- C:\Program Files\List_Kill'em\List_Kill'em.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\Metro 2033.url . (...) -- C:\Users\mouths91\Desktop\Metro 2033.url
O4 - Global Startup: C:\Users\mouths91\Desktop\mIRC.lnk . (.mIRC Co. Ltd..) -- C:\Program Files\mIRC\mirc.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\NCR - Raccourci.lnk . (.Macromedia, Inc..) -- C:\Users\mouths91\Documents\code de la route\code de la route\NCR.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\Notepad++.lnk . (.Don HO don.h@free.fr.) -- C:\Program Files\Notepad++\notepad++.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\Rap Contenders.lnk . (...) -- C:\Users\mouths91\Music\rap contenders
O4 - Global Startup: C:\Users\mouths91\Desktop\SixaxisDriver .lnk . (...) -- C:\Program Files\SixaxisDriver\DriverLoader.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\sony ericsson x10 - Raccourci.lnk . (...) -- C:\Users\mouths91\sony ericsson x10.vbs
O4 - Global Startup: C:\Users\mouths91\Desktop\SpeedFan.lnk . (.Almico Software (www.almico.com).) -- C:\Program Files\SpeedFan\speedfan.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\Spybot - Search & Destroy.lnk . (.Safer Networking Limited.) -- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\Temp - Raccourci.lnk . (...) -- C:\Users\mouths91\AppData\Local\Temp
O4 - Global Startup: C:\Users\mouths91\Desktop\Undelete 360.lnk . (.File Recovery Ltd..) -- C:\Program Files\File Recovery\undelete360\undelete-360.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\Update Service Pro.lnk . (...) -- C:\Program Files\Sony Ericsson\Update Service Pro\USP.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\Update Service.lnk . (...) -- C:\Program Files\Sony Ericsson\Update Service\Update Service.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\Windows Movie Maker.lnk . (.Microsoft Corporation.) -- C:\Program Files\Movie Maker\MOVIEMK.exe
O4 - Global Startup: C:\Users\mouths91\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk . (.Google Inc..) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - Global Startup: C:\Users\mouths91\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Inkscape.lnk . (.inkscape.org.) -- C:\Program Files\Inkscape\inkscape.exe
O4 - Global Startup: C:\Users\mouths91\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\mouths91\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - Global Startup: C:\Users\mouths91\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk . (.Google Inc..) -- C:\Program Files\Google\Picasa3\Picasa3.exe
O4 - Global Startup: C:\Users\mouths91\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Skype.lnk . (...) -- C:\Windows\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeIcon.exe
O4 - Global Startup: C:\Users\mouths91\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk . (.Safer Networking Limited.) -- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
O4 - Global Startup: C:\Users\mouths91\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - Global Startup: C:\Users\IUSR_NMPR\Desktop\HijackThis.lnk . (.Trend Micro Inc..) -- C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O4 - Global Startup: C:\Users\IUSR_NMPR\Desktop\SpeedFan.lnk . (.Almico Software (www.almico.com).) -- C:\Program Files\SpeedFan\speedfan.exe
O4 - Global Startup: C:\Users\IUSR_NMPR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk . (.Google Inc..) -- C:\Program Files\Google\Picasa3\Picasa3.exe
O4 - Global Startup: C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Badoo Desktop.lnk . (.Badoo.) -- C:\ProgramData\Badoo\Badoo Desktop\1.5.3.949\Badoo.Desktop.exe
O4 - Global Startup: C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Mail\WinMail.exe
O4 - Global Startup: C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - Global Startup: C:\Users\Amy\Desktop\Continue FoxTab Video Converter Installation.lnk . (...) -- C:\Users\mouths91\AppData\Local\Temp\ICReinstall_VideoConverterSetup.exe (.not file.)
O4 - Global Startup: C:\Users\Amy\Desktop\FoxTab Video Converter.lnk . (...) -- C:\Program Files\FoxTabVideoConverter\VideoConverter.exe (.not file.)
O4 - Global Startup: C:\Users\Amy\Desktop\HijackThis.lnk . (.Trend Micro Inc..) -- C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O4 - Global Startup: C:\Users\Amy\Desktop\Microsoft Works.LNK . (.Microsoft® Corporation.) -- C:\Program Files\Microsoft Works\MSWorks.exe
O4 - Global Startup: C:\Users\Amy\Desktop\SpeedFan.lnk . (.Almico Software (www.almico.com).) -- C:\Program Files\SpeedFan\speedfan.exe
O4 - Global Startup: C:\Users\Amy\Desktop\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - Global Startup: C:\Users\Amy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\Amy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Musique - Raccourci.lnk . (...) -- C:\Users\mouths91\Music
O4 - Global Startup: C:\Users\Amy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Media Player (2).lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - Global Startup: C:\Users\Adji\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Mail\WinMail.exe
O4 - Global Startup: C:\Users\Adji\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - Global Startup: C:\Users\Adji\Desktop\HijackThis.lnk . (.Trend Micro Inc..) -- C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O4 - Global Startup: C:\Users\Adji\Desktop\SpeedFan.lnk . (.Almico Software (www.almico.com).) -- C:\Program Files\SpeedFan\speedfan.exe
~ Scan Global Startup in 03mn 58s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -- Clé orpheline
~ Scan IE Extra Buttons in 00mn 00s
---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d'affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll
O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corporation - Windows Sockets Helper DLL.) -- C:\Windows\system32\wshbth.dll
~ Scan Winsock in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{6B00034F-16C0-47E7-B62E-167EDEF18B20}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{6B00034F-16C0-47E7-B62E-167EDEF18B20}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS3\Services\Tcpip\..\{6B00034F-16C0-47E7-B62E-167EDEF18B20}: DhcpNameServer = 212.27.40.240 212.27.40.241
~ Scan Domain in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll
O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\msvidctl.dll
O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\WINDOWS\System32\itss.dll
O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll
O18 - Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll
O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll
O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\WINDOWS\system32\inetcomm.dll
O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) -- C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\WINDOWS\System32\itss.dll
O18 - Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll
O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll
O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\msvidctl.dll
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll
O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\System32\mscoree.dll
O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\System32\mscoree.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\System32\mscoree.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll
~ Scan Protocole Additionnel in 00mn 00s
---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Contrôleur de site Web.) -- C:\Windows\System32\webcheck.dll
~ Scan SSODL in 00mn 00s
---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - (.not file.)
~ Scan STS/SSO in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Basics Service (Basics Service) . (.Seagate Technology LLC - Sync Windows Services.) - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Service Google Update (gupdate) (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) . (.Google - gusvc.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) . (.Intel Corporation - RAID Monitor.) - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) . (.Intel(R) Corporation - Intel(R) Factory Mode Service.) - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: LightScribeService Direct Disc Labeling (LightScribeService) . (.Hewlett-Packard Company - Pas de description.) - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) . (.Logitech Inc. - Logitech LVPrcSrv Module..) - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher (LVSrvLauncher) . (.Logitech Inc. - LogitechService Launcher.) - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Performance Service (nTuneService) . (.NVIDIA - NVIDIA Performance Service.) - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 306.9.) - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) . (.NVIDIA Corporation - NVIDIA Settings Update Manager.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) . (.Safer Networking Ltd. - Spybot-S&D Security Center integration.) - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) . (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Update Center Service (UpdateCenterService) . (.NVIDIA - NVIDIA Update Center Service.) - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
O23 - Service: WpsSupplicant (WpsSupplicant) . (...) - C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJATH\WpsSupplicant.exe
~ Scan Services in 00mn 00s
---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) - (.not file.)
~ Scan Desktop Component in 00mn 00s
End of the scan (316 lines in 04mn 05s)(0)
A voir également:
- Probleme de rootkit ou autre?
- Rootkit - Télécharger - Antivirus & Antimalwares
- Rootkit hunter - Télécharger - Antivirus & Antimalwares
- Sophos anti rootkit - Télécharger - Antivirus & Antimalwares
- Avg anti rootkit - Télécharger - Antivirus & Antimalwares
- Panda anti-rootkit - Télécharger - Antivirus & Antimalwares
5 réponses
voilà ce que ça donne :
RogueKiller V8.4.0 [Dec 15 2012] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : https://www.luanagames.com/index.fr.html
Site Web : https://www.luanagames.com/index.fr.html
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur : mouths91 [Droits d'admin]
Mode : Recherche -- Date : 18/12/2012 15:36:52
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [CHARGE] ¤¤¤
IRP[IRP_MJ_CREATE] : \SystemRoot\system32\drivers\iastor.sys -> HOOKED ([MAJOR] Unknown @ 0x862231F8)
IRP[IRP_MJ_CLOSE] : \SystemRoot\system32\drivers\iastor.sys -> HOOKED ([MAJOR] Unknown @ 0x862231F8)
IRP[IRP_MJ_DEVICE_CONTROL] : \SystemRoot\system32\drivers\iastor.sys -> HOOKED ([MAJOR] Unknown @ 0x862231F8)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : \SystemRoot\system32\drivers\iastor.sys -> HOOKED ([MAJOR] Unknown @ 0x862231F8)
IRP[IRP_MJ_POWER] : \SystemRoot\system32\drivers\iastor.sys -> HOOKED ([MAJOR] Unknown @ 0x862231F8)
IRP[IRP_MJ_SYSTEM_CONTROL] : \SystemRoot\system32\drivers\iastor.sys -> HOOKED ([MAJOR] Unknown @ 0x862231F8)
IRP[IRP_MJ_PNP] : \SystemRoot\system32\drivers\iastor.sys -> HOOKED ([MAJOR] Unknown @ 0x862231F8)
¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: SAMSUNG SP2504C +++++
--- User ---
[MBR] 66edd87ac8bcbf80d433b97a54e29838
[BSP] d9ffb2b1eafa1bca486e894476c70d64 : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 233065 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 477319168 | Size: 5407 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: Seagate FreeAgentDesktop USB Device +++++
--- User ---
[MBR] efaae474bf56cd39e5d0462ccb81c6e6
[BSP] 5cab7fac78b6fe5301595cea6da44b25 : MBR Code unknown
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Termine : << RKreport[1]_S_18122012_153652.txt >>
RKreport[1]_S_18122012_153652.txt
RogueKiller V8.4.0 [Dec 15 2012] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : https://www.luanagames.com/index.fr.html
Site Web : https://www.luanagames.com/index.fr.html
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur : mouths91 [Droits d'admin]
Mode : Recherche -- Date : 18/12/2012 15:36:52
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [CHARGE] ¤¤¤
IRP[IRP_MJ_CREATE] : \SystemRoot\system32\drivers\iastor.sys -> HOOKED ([MAJOR] Unknown @ 0x862231F8)
IRP[IRP_MJ_CLOSE] : \SystemRoot\system32\drivers\iastor.sys -> HOOKED ([MAJOR] Unknown @ 0x862231F8)
IRP[IRP_MJ_DEVICE_CONTROL] : \SystemRoot\system32\drivers\iastor.sys -> HOOKED ([MAJOR] Unknown @ 0x862231F8)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : \SystemRoot\system32\drivers\iastor.sys -> HOOKED ([MAJOR] Unknown @ 0x862231F8)
IRP[IRP_MJ_POWER] : \SystemRoot\system32\drivers\iastor.sys -> HOOKED ([MAJOR] Unknown @ 0x862231F8)
IRP[IRP_MJ_SYSTEM_CONTROL] : \SystemRoot\system32\drivers\iastor.sys -> HOOKED ([MAJOR] Unknown @ 0x862231F8)
IRP[IRP_MJ_PNP] : \SystemRoot\system32\drivers\iastor.sys -> HOOKED ([MAJOR] Unknown @ 0x862231F8)
¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: SAMSUNG SP2504C +++++
--- User ---
[MBR] 66edd87ac8bcbf80d433b97a54e29838
[BSP] d9ffb2b1eafa1bca486e894476c70d64 : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 233065 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 477319168 | Size: 5407 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: Seagate FreeAgentDesktop USB Device +++++
--- User ---
[MBR] efaae474bf56cd39e5d0462ccb81c6e6
[BSP] 5cab7fac78b6fe5301595cea6da44b25 : MBR Code unknown
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Termine : << RKreport[1]_S_18122012_153652.txt >>
RKreport[1]_S_18122012_153652.txt
et pour kill' em
¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.0.0.4 ¤¤¤¤¤¤¤¤¤¤
User : mouths91 (Administrateurs)
Update on 23/05/2010 by g3n-h@ckm@n ::::: 15.00
Start at: 14:20:19 | 18/12/2012
Intel(R) Core(TM)2 CPU 4300 @ 1.80GHz
Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 9.0.8112.16421
Windows Firewall Status : Enabled
C:\ -> Disque fixe local | 227,6 Go (52,37 Go free) [HP] | NTFS
D:\ -> Disque fixe local | 5,28 Go (897,08 Mo free) [RECOVERY] | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque fixe local
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
K:\ -> Disque CD-ROM
L:\ -> Disque amovible
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\explorer.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJATH\WpsSupplicant.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\ERUNT.EXE
C:\Program Files\List_Kill'em\pv.exe
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\ProgramData\hpzinstall.log
Quarantined & Deleted !! : C:\Windows\System32\avs.dll
Quarantined & Deleted !! : C:\Windows\System32\drivers\etc\hosts.msn
Quarantined & Deleted !! : C:\Windows\System32\mmfinfo.dll
Quarantined & Deleted !! : C:\Windows\system32\MSWINSCK.OCX
Quarantined & Deleted !! : C:\Users\mouths91\AppData\Local\d3d9caps.dat
Quarantined & Deleted !! : C:\Users\mouths91\AppData\Local\GDIPFONTCACHEV1.DAT
Quarantined & Deleted !! : C:\Users\mouths91\LOCAL Settings\Temp\54ca8b5f-d80f-4a85-b3e0-cb4e2cccdcf0.exe
Quarantined & Deleted !! : C:\Users\mouths91\LOCAL Settings\Temp\676342f2-0d1b-48b1-987a-e09000c63f6f.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$I2LRBEW.lnk
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$I3KDZ2Z.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$I96ANGI
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$I9C07VK.txt
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$IE509HU.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$IGAH7LK.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$IIOI45A.txt
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$IKIZXEV.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$ILSN9DJ.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$IQWTL33.lnk
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$ISUZMZB.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$R2LRBEW.lnk
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$R3KDZ2Z.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$R9C07VK.txt
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$RE509HU.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$RGAH7LK.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$RIOI45A.txt
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$RKIZXEV.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$RLSN9DJ.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$RQWTL33.lnk
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$RSUZMZB.exe
=======
Hosts :
=======
127.0.0.1 localhost
========
Registry
========
Deleted : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCU\Software\Conduit
Deleted : HKLM\Software\Classes\Interface\{DB885111-F39F-4D88-9EE5-C88460B6DF7B}
Deleted : HKLM\Software\Conduit
=================
Internet Explorer
=================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.com/?gws_rd=ssl
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
===============
Security Center
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval REG_DWORD 1 (0x1)
FirstRunDisabled REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
AntiVirusOverride REG_DWORD 1 (0x1)
FirewallOverride REG_DWORD 1 (0x1)
========
Services
=========
Ndisuio : Start = 3
EapHost : Start = 2
Wlansvc : Start = 2
SharedAccess : Start = 2
windefend : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2
============
Disk Cleaned
anti-ver blaster : OK
Prefetch cleaned
================
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys spnm.sys hal.dll >>UNKNOWN [0x861D8938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x862231f8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.0.0.4 ¤¤¤¤¤¤¤¤¤¤
User : mouths91 (Administrateurs)
Update on 23/05/2010 by g3n-h@ckm@n ::::: 15.00
Start at: 14:20:19 | 18/12/2012
Intel(R) Core(TM)2 CPU 4300 @ 1.80GHz
Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 9.0.8112.16421
Windows Firewall Status : Enabled
C:\ -> Disque fixe local | 227,6 Go (52,37 Go free) [HP] | NTFS
D:\ -> Disque fixe local | 5,28 Go (897,08 Mo free) [RECOVERY] | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque fixe local
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
K:\ -> Disque CD-ROM
L:\ -> Disque amovible
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\explorer.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJATH\WpsSupplicant.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\ERUNT.EXE
C:\Program Files\List_Kill'em\pv.exe
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\ProgramData\hpzinstall.log
Quarantined & Deleted !! : C:\Windows\System32\avs.dll
Quarantined & Deleted !! : C:\Windows\System32\drivers\etc\hosts.msn
Quarantined & Deleted !! : C:\Windows\System32\mmfinfo.dll
Quarantined & Deleted !! : C:\Windows\system32\MSWINSCK.OCX
Quarantined & Deleted !! : C:\Users\mouths91\AppData\Local\d3d9caps.dat
Quarantined & Deleted !! : C:\Users\mouths91\AppData\Local\GDIPFONTCACHEV1.DAT
Quarantined & Deleted !! : C:\Users\mouths91\LOCAL Settings\Temp\54ca8b5f-d80f-4a85-b3e0-cb4e2cccdcf0.exe
Quarantined & Deleted !! : C:\Users\mouths91\LOCAL Settings\Temp\676342f2-0d1b-48b1-987a-e09000c63f6f.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$I2LRBEW.lnk
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$I3KDZ2Z.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$I96ANGI
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$I9C07VK.txt
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$IE509HU.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$IGAH7LK.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$IIOI45A.txt
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$IKIZXEV.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$ILSN9DJ.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$IQWTL33.lnk
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$ISUZMZB.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$R2LRBEW.lnk
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$R3KDZ2Z.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$R9C07VK.txt
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$RE509HU.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$RGAH7LK.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$RIOI45A.txt
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$RKIZXEV.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$RLSN9DJ.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$RQWTL33.lnk
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$RSUZMZB.exe
=======
Hosts :
=======
127.0.0.1 localhost
========
Registry
========
Deleted : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCU\Software\Conduit
Deleted : HKLM\Software\Classes\Interface\{DB885111-F39F-4D88-9EE5-C88460B6DF7B}
Deleted : HKLM\Software\Conduit
=================
Internet Explorer
=================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.com/?gws_rd=ssl
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
===============
Security Center
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval REG_DWORD 1 (0x1)
FirstRunDisabled REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
AntiVirusOverride REG_DWORD 1 (0x1)
FirewallOverride REG_DWORD 1 (0x1)
========
Services
=========
Ndisuio : Start = 3
EapHost : Start = 2
Wlansvc : Start = 2
SharedAccess : Start = 2
windefend : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2
============
Disk Cleaned
anti-ver blaster : OK
Prefetch cleaned
================
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys spnm.sys hal.dll >>UNKNOWN [0x861D8938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x862231f8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question