A voir également:
- Desinfection 2eme pc scaphandros ICI
- Reinitialiser pc - Guide
- Pc lent - Guide
- Test performance pc - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
- 2eme ecran pc - Guide
29 réponses
Bon, OK, voici le rapport ==>
SUPERAntiSpyware Scan Log
https://www.superantispyware.com/
Generated 12/28/2009 at 08:12 PM
Application Version : 4.32.1000
Core Rules Database Version : 4416
Trace Rules Database Version: 2243
Scan type : Complete Scan
Total Scan Time : 01:57:07
Memory items scanned : 448
Memory threats detected : 0
Registry items scanned : 4530
Registry threats detected : 56
File items scanned : 15192
File threats detected : 14
Trojan.Agent/Gen
HKLM\Software\Classes\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}
HKCR\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}
HKCR\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}
HKCR\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}\InprocServer32
HKCR\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}\InprocServer32#ThreadingModel
HKCR\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}\ProgID
HKCR\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}\Programmable
HKCR\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}\TypeLib
HKCR\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}\VersionIndependentProgID
HKCR\SearchHook.SrchHook.1
HKCR\SearchHook.SrchHook.1\CLSID
HKCR\SearchHook.SrchHook
HKCR\SearchHook.SrchHook\CLSID
HKCR\SearchHook.SrchHook\CurVer
HKCR\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}
HKCR\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}\1.0
HKCR\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}\1.0\0
HKCR\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}\1.0\0\win32
HKCR\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}\1.0\FLAGS
HKCR\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}\1.0\HELPDIR
C:\PROGRA~1\DAP\SBSEARCH.DLL
HKU\S-1-5-21-507921405-813497703-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks#{F4F10C1D-87C7-404A-B4B3-000000000000}
HKCR\Interface\{02FE50FA-9953-4B3E-98B1-0F1AF2577660}
HKCR\Interface\{02FE50FA-9953-4B3E-98B1-0F1AF2577660}\ProxyStubClsid
HKCR\Interface\{02FE50FA-9953-4B3E-98B1-0F1AF2577660}\ProxyStubClsid32
HKCR\Interface\{02FE50FA-9953-4B3E-98B1-0F1AF2577660}\TypeLib
HKCR\Interface\{02FE50FA-9953-4B3E-98B1-0F1AF2577660}\TypeLib#Version
Unclassified.Oreans32
HKLM\System\ControlSet001\Services\oreans32
C:\WINDOWS\SYSTEM32\DRIVERS\OREANS32.SYS
HKLM\System\ControlSet001\Enum\Root\LEGACY_oreans32
HKLM\System\ControlSet002\Services\oreans32
HKLM\System\ControlSet002\Enum\Root\LEGACY_oreans32
HKLM\System\CurrentControlSet\Services\oreans32
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_oreans32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Capabilities
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Driver
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\LogConf
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control#ActiveService
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Type
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Start
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#NextInstance
Adware.Tracking Cookie
C:\Documents and Settings\Admin\Cookies\admin@tacoda[2].txt
C:\Documents and Settings\Admin\Cookies\admin@ie8audience.solution.weborama[2].txt
C:\Documents and Settings\Admin\Cookies\admin@xiti[1].txt
C:\Documents and Settings\Admin\Cookies\admin@ads.eorezo[2].txt
C:\Documents and Settings\Admin\Cookies\admin@bouyguestelecom.solution.weborama[2].txt
C:\Documents and Settings\Admin\Cookies\admin@at.atwola[2].txt
C:\Documents and Settings\Admin\Cookies\admin@windowslivemessenger.solution.weborama[1].txt
C:\Documents and Settings\Admin\Cookies\admin@weborama[2].txt
C:\Documents and Settings\Admin\Cookies\admin@consolidationwindowsfrie8.solution.weborama[2].txt
C:\Documents and Settings\Admin\Cookies\admin@tribalfusion[1].txt
C:\Documents and Settings\Admin\Cookies\admin@msnportal.112.2o7[1].txt
Adware.Vundo/Variant-MSFake
C:\PROGRAM FILES\NAVILOG1\REG.EXE
SUPERAntiSpyware Scan Log
https://www.superantispyware.com/
Generated 12/28/2009 at 08:12 PM
Application Version : 4.32.1000
Core Rules Database Version : 4416
Trace Rules Database Version: 2243
Scan type : Complete Scan
Total Scan Time : 01:57:07
Memory items scanned : 448
Memory threats detected : 0
Registry items scanned : 4530
Registry threats detected : 56
File items scanned : 15192
File threats detected : 14
Trojan.Agent/Gen
HKLM\Software\Classes\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}
HKCR\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}
HKCR\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}
HKCR\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}\InprocServer32
HKCR\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}\InprocServer32#ThreadingModel
HKCR\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}\ProgID
HKCR\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}\Programmable
HKCR\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}\TypeLib
HKCR\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}\VersionIndependentProgID
HKCR\SearchHook.SrchHook.1
HKCR\SearchHook.SrchHook.1\CLSID
HKCR\SearchHook.SrchHook
HKCR\SearchHook.SrchHook\CLSID
HKCR\SearchHook.SrchHook\CurVer
HKCR\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}
HKCR\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}\1.0
HKCR\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}\1.0\0
HKCR\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}\1.0\0\win32
HKCR\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}\1.0\FLAGS
HKCR\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}\1.0\HELPDIR
C:\PROGRA~1\DAP\SBSEARCH.DLL
HKU\S-1-5-21-507921405-813497703-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks#{F4F10C1D-87C7-404A-B4B3-000000000000}
HKCR\Interface\{02FE50FA-9953-4B3E-98B1-0F1AF2577660}
HKCR\Interface\{02FE50FA-9953-4B3E-98B1-0F1AF2577660}\ProxyStubClsid
HKCR\Interface\{02FE50FA-9953-4B3E-98B1-0F1AF2577660}\ProxyStubClsid32
HKCR\Interface\{02FE50FA-9953-4B3E-98B1-0F1AF2577660}\TypeLib
HKCR\Interface\{02FE50FA-9953-4B3E-98B1-0F1AF2577660}\TypeLib#Version
Unclassified.Oreans32
HKLM\System\ControlSet001\Services\oreans32
C:\WINDOWS\SYSTEM32\DRIVERS\OREANS32.SYS
HKLM\System\ControlSet001\Enum\Root\LEGACY_oreans32
HKLM\System\ControlSet002\Services\oreans32
HKLM\System\ControlSet002\Enum\Root\LEGACY_oreans32
HKLM\System\CurrentControlSet\Services\oreans32
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_oreans32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Capabilities
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Driver
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\LogConf
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control#ActiveService
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Type
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Start
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#NextInstance
Adware.Tracking Cookie
C:\Documents and Settings\Admin\Cookies\admin@tacoda[2].txt
C:\Documents and Settings\Admin\Cookies\admin@ie8audience.solution.weborama[2].txt
C:\Documents and Settings\Admin\Cookies\admin@xiti[1].txt
C:\Documents and Settings\Admin\Cookies\admin@ads.eorezo[2].txt
C:\Documents and Settings\Admin\Cookies\admin@bouyguestelecom.solution.weborama[2].txt
C:\Documents and Settings\Admin\Cookies\admin@at.atwola[2].txt
C:\Documents and Settings\Admin\Cookies\admin@windowslivemessenger.solution.weborama[1].txt
C:\Documents and Settings\Admin\Cookies\admin@weborama[2].txt
C:\Documents and Settings\Admin\Cookies\admin@consolidationwindowsfrie8.solution.weborama[2].txt
C:\Documents and Settings\Admin\Cookies\admin@tribalfusion[1].txt
C:\Documents and Settings\Admin\Cookies\admin@msnportal.112.2o7[1].txt
Adware.Vundo/Variant-MSFake
C:\PROGRAM FILES\NAVILOG1\REG.EXE
Ok, :
/!\ Desactive ton antivirus le temps de la manip ainsi que ton parefeu et antispyware si présent /!\
> Télécharge List&Kill'em et enregistre le sur ton bureau ici :
http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem.zip
> dezippe-le , (clic droit/ extraire.....)
Il ne necessite pas d'installation
>double clic (clic droit "executer en tant qu'administrateur" pour Vista) pour lancer le scan
choisis la langue puis choisis l'option 1 = Mode Recherche
>laisse travailler l'outil
>Poste le contenu du rapport qui s'ouvre
/!\ Desactive ton antivirus le temps de la manip ainsi que ton parefeu et antispyware si présent /!\
> Télécharge List&Kill'em et enregistre le sur ton bureau ici :
http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem.zip
> dezippe-le , (clic droit/ extraire.....)
Il ne necessite pas d'installation
>double clic (clic droit "executer en tant qu'administrateur" pour Vista) pour lancer le scan
choisis la langue puis choisis l'option 1 = Mode Recherche
>laisse travailler l'outil
>Poste le contenu du rapport qui s'ouvre
--Bonjour, voici le rapport ==>
List'em by g3n-h@ckm@n 1.1.7.0
Thx to Chiquitine29.....& CCM team
User : Admin (Utilisateurs) # SERVEUR
Update on 30/12/2009 by g3n-h@ckm@n ::::: 23:45
Start at: 16:23:19 | 31/12/2009
Contact : g3n-h@ckm@n sur CCM
Processeur Intel Celeron
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Disabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
AV : Trend Micro PC-cillin Internet Security 12 12.0.1414 [ (!) Disabled | Updated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 19,1 Go (8,78 Go free) [SERVEUR] | NTFS
D:\ -> Disque CD-ROM | 370,46 Mo (0 Mo free) [CASIO] | CDFS
E:\ -> Disque CD-ROM
F:\ -> Disque fixe local | 76,33 Go (49,26 Go free) [Stockage] | NTFS
G:\ -> Disque CD-ROM
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBAgent.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\E_S00RP2.EXE
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Labtec\Mouse\2.1\moffice.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Labtec\Mouse\2.1\MOUSE32A.EXE
C:\Program Files\DAP\DAP.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Admin\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\DOCUME~1\Admin\LOCALS~1\Temp\Répertoire temporaire 1 pour List_Killem.zip\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Admin\Local Settings\Temp\16.tmp\pv.exe
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
DownloadAccelerator REG_SZ "C:\Program Files\DAP\DAP.EXE" /STARTUP
SpeedBitVideoAccelerator REG_SZ C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
SUPERAntiSpyware REG_SZ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
FLMOFFICE4DMOUSE REG_SZ C:\Program Files\Labtec\Mouse\2.1\moffice.exe
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 128 (0x80)
NoCDBurning REG_DWORD 1 (0x1)
NoLowDiskSpaceChecks REG_DWORD 1 (0x1)
NoStartBanner REG_BINARY 01000000
MemCheckBoxInRunDlg REG_DWORD 1 (0x1)
NoSMBalloonTip REG_DWORD 1 (0x1)
NoDesktopCleanupWizard REG_DWORD 1 (0x1)
NoWelcomeScreen REG_DWORD 1 (0x1)
NoAutoUpdate REG_DWORD 1 (0x1)
NoDriveAutoRun REG_DWORD 128 (0x80)
HonorAutoRunSetting REG_DWORD 0 (0x0)
NoSMHelp REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoCDBurning REG_DWORD 1 (0x1)
NoDriveAutoRun REG_DWORD 128 (0x80)
NoDriveTypeAutoRun REG_DWORD 128 (0x80)
HonorAutoRunSetting REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ
===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} REG_SZ
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Java\j2re1.4.1_03\BIN\javaw.exe REG_SZ C:\Program Files\Java\j2re1.4.1_03\BIN\javaw.exe:*:Enabled:javaw
C:\Program Files\Mozilla Firefox\FIREFOX.EXE REG_SZ C:\Program Files\Mozilla Firefox\FIREFOX.EXE:*:Enabled:Firefox
C:\Program Files\Real\RealPlayer\RealPlay.exe REG_SZ C:\Program Files\Real\RealPlayer\RealPlay.exe:*:Enabled:RealPlayer
C:\Program Files\DAP\DAP.exe REG_SZ C:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)
C:\Program Files\eMule\emule.exe REG_SZ C:\Program Files\eMule\emule.exe:LocalSubNet:Enabled:eMule
C:\Program Files\Trillian\trillian.exe REG_SZ C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian
C:\Program Files\SyllabiK\mirc.exe REG_SZ C:\Program Files\SyllabiK\mirc.exe:*:Enabled:mIRC
C:\Program Files\BitDownload\BitDownload.exe REG_SZ C:\Program Files\BitDownload\BitDownload.exe:*:Enabled:Torrent P2P application
C:\Program Files\mozilla thunderbird\thunderbird.exe REG_SZ C:\Program Files\mozilla thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird
C:\Program Files\Google\Google Talk\googletalk.exe REG_SZ C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk
\\Sndc11700076\Stockage (D)\program files\eMule\emule.exe REG_SZ \\Sndc11700076\Stockage (D)\program files\eMule\emule.exe:*:Enabled:emule.exe
C:\Program Files\BitTorrent\bittorrent.exe REG_SZ C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\SAGENT4.EXE REG_SZ C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\SAGENT4.EXE:*:Enabled:SAgent4
C:\Torrents\BitComet\BitComet.exe REG_SZ C:\Torrents\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client
C:\Program Files\BitTorrent_DNA\dna.exe REG_SZ C:\Program Files\BitTorrent_DNA\dna.exe:*:Enabled:DNA
C:\Program Files\SSI\Silent Hunter II\Shell\SH2.exe REG_SZ C:\Program Files\SSI\Silent Hunter II\Shell\SH2.exe:*:Disabled:SH2
C:\Program Files\MSN Messenger\livecall.exe REG_SZ C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
C:\Program Files\Azureus\Azureus.exe REG_SZ C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\MSN Messenger\livecall.exe REG_SZ C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
===============
ActivX controls
===============
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{17492023-C23A-453E-A040-C7C580BBF700}
===============
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\D27CDB6E-AE6D-11CF-96B8-444553540000
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0291E591-EA41-4c82-8106-3DC6CE7F7664}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}
==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3
SharedAccess : 0x2
wuauserv : 0x2
=========
=======
Drive :
=======
D‚fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.
Rapport d'analyse
19,10 Go total, 8,79 Go libre (45%), 8% fragment‚ (fragmentation du fichier 17%)
Il ne vous est pas n‚cessaire de d‚fragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Files/folders :
C:\Documents and Settings\All Users\Application Data\118300.34
C:\WINDOWS\SlantAdj.dll
C:\WINDOWS\System32\t.txt
C:\WINDOWS\System32\SET4E.tmp
C:\WINDOWS\System32\SET53.tmp
C:\WINDOWS\System32\SET5A.tmp
C:\WINDOWS\System32\SET63.tmp
C:\WINDOWS\System32\SET64.tmp
C:\WINDOWS\System32\SET65.tmp
C:\WINDOWS\System32\SET68.tmp
C:\WINDOWS\System32\SET75.tmp
C:\WINDOWS\System32\SET7E.tmp
¤¤¤¤¤¤¤¤¤¤ Keys :
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
================
Other infections
================
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-31 16:31:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
==========
Programs
==========
Accessoires
Ad-Remover
Adobe
Ahead
Aug2005_d3dx9_27_x64.cab
Aug2005_d3dx9_27_x86.cab
Avira
Axon Data
BDA.cab
BDANT.cab
BDAXP.cab
binkw32.dll
C-Media
ccleaner
DAP
dbghelp.dll
desktop.ini
DirectX
DirectX.cab
DSETUP.dll
dsetup32.dll
dxdllreg_x86.cab
dxnt.cab
dxupdate.cab
eMule
EPSON
Fichiers communs
folder.htt
Google
granny2.dll
Grf.dll
ijl15.dll
InstallShield Installation Information
Internet Explorer
Java
K-Lite Codec Pack
Labtec
Lavalys
Lavasoft
licence.txt
Linksys Wireless-G PCI Wireless Network Monitor
Malwarebytes' Anti-Malware
Microsoft
microsoft frontpage
Microsoft Games
Microsoft Office
Microsoft Visual Studio
movie maker
Mozilla Firefox
Mp3dec.asi
msn gaming zone
Mss32.dll
msvcp60.dll
MSXML 4.0
Navilog1
NetMeeting
NPCHK.DLL
NPCIPHER.DLL
npkcrypt.dll
npkeysdk.dll
npkpdb.dll
NPPSK.DLL
npupdate.dll
NPUPDATE0.DLL
NPX.DLL
Oct2005_MDX_x86.cab
Oct2005_xinput_x64.cab
Oct2005_xinput_x86.cab
OfficeUpdate11
Ontrack
Outlook Express
patches.txt
PrintKey 2000 Fr
RegCleaner
RngInterstitial.dll
R‚cup‚ration
Satsuki Decoder Pack
Satsuki.Decoder.Quicktime.Module.exe
slicence.txt
SpeedBit Video Accelerator
Spybot - Search & Destroy
SSI
SUPERAntiSpyware
Uninstall Information
Windows Live
Windows Live SkyDrive
Windows Media Connect 2
Windows Media Player
Windows NT
WindowsUpdate
WinRAR
xerox
zlib1.dll
============
Lecteur C:
============
#1 Free Solitaire.lnk
.rnd
Ad-Report-CLEAN[1].log
AUTOEXEC.BAT
autorun.inf
boot.ini
Bootfont.bin
BOOTLOG.PRV
BOOTLOG.TXT
bootsect.dos
cleannavi.txt
Codecs
COMMAND.COM
Config.Msi
CONFIG.SYS
copying
DETLOG.TXT
Documents and Settings
Downloads
DRIVERS
EPSON
gmer.txt
IbmEgath.XML
IBMTOOLS
INSTALL
install03992.log
IO.SYS
JANUS.ERR
Kill'em
List'em.txt
Lop SD
lopR.txt
lopS&D.txt
manuel ibm
Mes documents
MSDOS.---
MSDOS.SYS
MSOCache
NETLOG.TXT
Nouveau dossier
NTDETECT.COM
ntldr
orange.bmp
pagefile.sys
piŠces jointes
plugins
Program Files
QUARANTINE
RECYCLED
RECYCLER
rsit
SCANDISK.LOG
SETUPLOG.TXT
SUHDLOG.DAT
syhcophante exit
System Volume Information
SYSTEM.1ST
TB.txt
ToolBar SD
UsbFix
UsbFix 2.txt
UsbFix.txt
vdicmdrv.dll
vdremote.dll
vdsvrlnk.dll
VIDEOROM.BIN
VirtualDub.chm
VirtualDub.vdi
WINDOWS
¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials
F:\Labo informatique\crack Diskeeper 10.0.593 Professional Premier Edition
F:\Labo informatique\crack Diskeeper 10.0.593 Professional Premier Edition\readme.txt
F:\Labo informatique\Symantec Partition Magic v8.05 + Serial.rar
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Cordialement , Skaphandreos ...
List'em by g3n-h@ckm@n 1.1.7.0
Thx to Chiquitine29.....& CCM team
User : Admin (Utilisateurs) # SERVEUR
Update on 30/12/2009 by g3n-h@ckm@n ::::: 23:45
Start at: 16:23:19 | 31/12/2009
Contact : g3n-h@ckm@n sur CCM
Processeur Intel Celeron
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Disabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
AV : Trend Micro PC-cillin Internet Security 12 12.0.1414 [ (!) Disabled | Updated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 19,1 Go (8,78 Go free) [SERVEUR] | NTFS
D:\ -> Disque CD-ROM | 370,46 Mo (0 Mo free) [CASIO] | CDFS
E:\ -> Disque CD-ROM
F:\ -> Disque fixe local | 76,33 Go (49,26 Go free) [Stockage] | NTFS
G:\ -> Disque CD-ROM
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBAgent.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\E_S00RP2.EXE
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Labtec\Mouse\2.1\moffice.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Labtec\Mouse\2.1\MOUSE32A.EXE
C:\Program Files\DAP\DAP.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Admin\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\DOCUME~1\Admin\LOCALS~1\Temp\Répertoire temporaire 1 pour List_Killem.zip\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Admin\Local Settings\Temp\16.tmp\pv.exe
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
DownloadAccelerator REG_SZ "C:\Program Files\DAP\DAP.EXE" /STARTUP
SpeedBitVideoAccelerator REG_SZ C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
SUPERAntiSpyware REG_SZ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
FLMOFFICE4DMOUSE REG_SZ C:\Program Files\Labtec\Mouse\2.1\moffice.exe
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 128 (0x80)
NoCDBurning REG_DWORD 1 (0x1)
NoLowDiskSpaceChecks REG_DWORD 1 (0x1)
NoStartBanner REG_BINARY 01000000
MemCheckBoxInRunDlg REG_DWORD 1 (0x1)
NoSMBalloonTip REG_DWORD 1 (0x1)
NoDesktopCleanupWizard REG_DWORD 1 (0x1)
NoWelcomeScreen REG_DWORD 1 (0x1)
NoAutoUpdate REG_DWORD 1 (0x1)
NoDriveAutoRun REG_DWORD 128 (0x80)
HonorAutoRunSetting REG_DWORD 0 (0x0)
NoSMHelp REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoCDBurning REG_DWORD 1 (0x1)
NoDriveAutoRun REG_DWORD 128 (0x80)
NoDriveTypeAutoRun REG_DWORD 128 (0x80)
HonorAutoRunSetting REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ
===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} REG_SZ
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Java\j2re1.4.1_03\BIN\javaw.exe REG_SZ C:\Program Files\Java\j2re1.4.1_03\BIN\javaw.exe:*:Enabled:javaw
C:\Program Files\Mozilla Firefox\FIREFOX.EXE REG_SZ C:\Program Files\Mozilla Firefox\FIREFOX.EXE:*:Enabled:Firefox
C:\Program Files\Real\RealPlayer\RealPlay.exe REG_SZ C:\Program Files\Real\RealPlayer\RealPlay.exe:*:Enabled:RealPlayer
C:\Program Files\DAP\DAP.exe REG_SZ C:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)
C:\Program Files\eMule\emule.exe REG_SZ C:\Program Files\eMule\emule.exe:LocalSubNet:Enabled:eMule
C:\Program Files\Trillian\trillian.exe REG_SZ C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian
C:\Program Files\SyllabiK\mirc.exe REG_SZ C:\Program Files\SyllabiK\mirc.exe:*:Enabled:mIRC
C:\Program Files\BitDownload\BitDownload.exe REG_SZ C:\Program Files\BitDownload\BitDownload.exe:*:Enabled:Torrent P2P application
C:\Program Files\mozilla thunderbird\thunderbird.exe REG_SZ C:\Program Files\mozilla thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird
C:\Program Files\Google\Google Talk\googletalk.exe REG_SZ C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk
\\Sndc11700076\Stockage (D)\program files\eMule\emule.exe REG_SZ \\Sndc11700076\Stockage (D)\program files\eMule\emule.exe:*:Enabled:emule.exe
C:\Program Files\BitTorrent\bittorrent.exe REG_SZ C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\SAGENT4.EXE REG_SZ C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\SAGENT4.EXE:*:Enabled:SAgent4
C:\Torrents\BitComet\BitComet.exe REG_SZ C:\Torrents\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client
C:\Program Files\BitTorrent_DNA\dna.exe REG_SZ C:\Program Files\BitTorrent_DNA\dna.exe:*:Enabled:DNA
C:\Program Files\SSI\Silent Hunter II\Shell\SH2.exe REG_SZ C:\Program Files\SSI\Silent Hunter II\Shell\SH2.exe:*:Disabled:SH2
C:\Program Files\MSN Messenger\livecall.exe REG_SZ C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
C:\Program Files\Azureus\Azureus.exe REG_SZ C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\MSN Messenger\livecall.exe REG_SZ C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
===============
ActivX controls
===============
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{17492023-C23A-453E-A040-C7C580BBF700}
===============
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\D27CDB6E-AE6D-11CF-96B8-444553540000
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0291E591-EA41-4c82-8106-3DC6CE7F7664}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}
==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3
SharedAccess : 0x2
wuauserv : 0x2
=========
=======
Drive :
=======
D‚fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.
Rapport d'analyse
19,10 Go total, 8,79 Go libre (45%), 8% fragment‚ (fragmentation du fichier 17%)
Il ne vous est pas n‚cessaire de d‚fragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Files/folders :
C:\Documents and Settings\All Users\Application Data\118300.34
C:\WINDOWS\SlantAdj.dll
C:\WINDOWS\System32\t.txt
C:\WINDOWS\System32\SET4E.tmp
C:\WINDOWS\System32\SET53.tmp
C:\WINDOWS\System32\SET5A.tmp
C:\WINDOWS\System32\SET63.tmp
C:\WINDOWS\System32\SET64.tmp
C:\WINDOWS\System32\SET65.tmp
C:\WINDOWS\System32\SET68.tmp
C:\WINDOWS\System32\SET75.tmp
C:\WINDOWS\System32\SET7E.tmp
¤¤¤¤¤¤¤¤¤¤ Keys :
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
================
Other infections
================
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-31 16:31:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
==========
Programs
==========
Accessoires
Ad-Remover
Adobe
Ahead
Aug2005_d3dx9_27_x64.cab
Aug2005_d3dx9_27_x86.cab
Avira
Axon Data
BDA.cab
BDANT.cab
BDAXP.cab
binkw32.dll
C-Media
ccleaner
DAP
dbghelp.dll
desktop.ini
DirectX
DirectX.cab
DSETUP.dll
dsetup32.dll
dxdllreg_x86.cab
dxnt.cab
dxupdate.cab
eMule
EPSON
Fichiers communs
folder.htt
granny2.dll
Grf.dll
ijl15.dll
InstallShield Installation Information
Internet Explorer
Java
K-Lite Codec Pack
Labtec
Lavalys
Lavasoft
licence.txt
Linksys Wireless-G PCI Wireless Network Monitor
Malwarebytes' Anti-Malware
Microsoft
microsoft frontpage
Microsoft Games
Microsoft Office
Microsoft Visual Studio
movie maker
Mozilla Firefox
Mp3dec.asi
msn gaming zone
Mss32.dll
msvcp60.dll
MSXML 4.0
Navilog1
NetMeeting
NPCHK.DLL
NPCIPHER.DLL
npkcrypt.dll
npkeysdk.dll
npkpdb.dll
NPPSK.DLL
npupdate.dll
NPUPDATE0.DLL
NPX.DLL
Oct2005_MDX_x86.cab
Oct2005_xinput_x64.cab
Oct2005_xinput_x86.cab
OfficeUpdate11
Ontrack
Outlook Express
patches.txt
PrintKey 2000 Fr
RegCleaner
RngInterstitial.dll
R‚cup‚ration
Satsuki Decoder Pack
Satsuki.Decoder.Quicktime.Module.exe
slicence.txt
SpeedBit Video Accelerator
Spybot - Search & Destroy
SSI
SUPERAntiSpyware
Uninstall Information
Windows Live
Windows Live SkyDrive
Windows Media Connect 2
Windows Media Player
Windows NT
WindowsUpdate
WinRAR
xerox
zlib1.dll
============
Lecteur C:
============
#1 Free Solitaire.lnk
.rnd
Ad-Report-CLEAN[1].log
AUTOEXEC.BAT
autorun.inf
boot.ini
Bootfont.bin
BOOTLOG.PRV
BOOTLOG.TXT
bootsect.dos
cleannavi.txt
Codecs
COMMAND.COM
Config.Msi
CONFIG.SYS
copying
DETLOG.TXT
Documents and Settings
Downloads
DRIVERS
EPSON
gmer.txt
IbmEgath.XML
IBMTOOLS
INSTALL
install03992.log
IO.SYS
JANUS.ERR
Kill'em
List'em.txt
Lop SD
lopR.txt
lopS&D.txt
manuel ibm
Mes documents
MSDOS.---
MSDOS.SYS
MSOCache
NETLOG.TXT
Nouveau dossier
NTDETECT.COM
ntldr
orange.bmp
pagefile.sys
piŠces jointes
plugins
Program Files
QUARANTINE
RECYCLED
RECYCLER
rsit
SCANDISK.LOG
SETUPLOG.TXT
SUHDLOG.DAT
syhcophante exit
System Volume Information
SYSTEM.1ST
TB.txt
ToolBar SD
UsbFix
UsbFix 2.txt
UsbFix.txt
vdicmdrv.dll
vdremote.dll
vdsvrlnk.dll
VIDEOROM.BIN
VirtualDub.chm
VirtualDub.vdi
WINDOWS
¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials
F:\Labo informatique\crack Diskeeper 10.0.593 Professional Premier Edition
F:\Labo informatique\crack Diskeeper 10.0.593 Professional Premier Edition\readme.txt
F:\Labo informatique\Symantec Partition Magic v8.05 + Serial.rar
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Cordialement , Skaphandreos ...
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Bonjour et Bonne Année !
RSIT ==>
Logfile of random's system information tool 1.06 (written by random/random)
Run by Admin at 2010-01-01 16:05:51
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 9 GB (46%) free of 20 GB
Total RAM: 254 MB (42% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:06:20, on 01/01/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBAgent.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\E_S00RP2.EXE
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Labtec\Mouse\2.1\moffice.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Labtec\Mouse\2.1\MOUSE32A.EXE
C:\Program Files\DAP\DAP.EXE
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Admin\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Program Files\PrintKey 2000 Fr\Printkey 2000 Fr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Admin\Mes documents\My Completed Downloads\RSIT.exe
C:\Program Files\trend micro\Admin.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers
communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program
Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program
Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Mouse\2.1\moffice.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [SpeedBitVideoAccelerator] C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll"
"%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Startup: ashDisp.lnk = C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - Startup: Notification de cadeaux MSN.lnk = Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O4 - Startup: PrintKey 2000 Fr.lnk = C:\Program Files\PrintKey 2000 Fr\Printkey 2000 Fr.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DCAF210-DF0C-4BD5-A24D-D5FA2639B0B4}: NameServer = 192.168.1.1
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: .NETSecurity - Unknown owner - C:\WINDOWS\system32\netsecurity.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir
Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner -
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: EpsonBidirectionalAgent - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBAgent.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers
communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: EPSON V3 Service2(02) (EPSON_PM_RPCV2_02) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP2.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Admin/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
RSIT ==>
Logfile of random's system information tool 1.06 (written by random/random)
Run by Admin at 2010-01-01 16:05:51
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 9 GB (46%) free of 20 GB
Total RAM: 254 MB (42% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:06:20, on 01/01/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBAgent.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\E_S00RP2.EXE
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Labtec\Mouse\2.1\moffice.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Labtec\Mouse\2.1\MOUSE32A.EXE
C:\Program Files\DAP\DAP.EXE
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Admin\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Program Files\PrintKey 2000 Fr\Printkey 2000 Fr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Admin\Mes documents\My Completed Downloads\RSIT.exe
C:\Program Files\trend micro\Admin.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers
communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program
Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program
Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Mouse\2.1\moffice.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [SpeedBitVideoAccelerator] C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll"
"%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Startup: ashDisp.lnk = C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - Startup: Notification de cadeaux MSN.lnk = Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O4 - Startup: PrintKey 2000 Fr.lnk = C:\Program Files\PrintKey 2000 Fr\Printkey 2000 Fr.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DCAF210-DF0C-4BD5-A24D-D5FA2639B0B4}: NameServer = 192.168.1.1
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: .NETSecurity - Unknown owner - C:\WINDOWS\system32\netsecurity.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir
Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner -
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: EpsonBidirectionalAgent - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBAgent.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers
communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: EPSON V3 Service2(02) (EPSON_PM_RPCV2_02) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP2.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Admin/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
Bonne Année à toi aussi :)
Télécharge Hijackthis et fait ceci :
- Ferme toutes tes applications ( navigateur compris ) et déconnecte toi .
Lance Hijackthis mais click sur " Do a scan only "
Tu vois donc apparaitre le résultat du scan : une multitudes de lignes ,chacunes précédées d'un carré vide .
Tu vas cliquer sur les carrés des lignes suivantes :
O23 - Service: .NETSecurity - Unknown owner - C:\WINDOWS\system32\netsecurity.exe (file missing)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - Startup: PrintKey 2000 Fr.lnk = C:\Program Files\PrintKey 2000 Fr\Printkey 2000 Fr.exe
Tu cliques en bas sur le bouton FIX CHECKED et valides.
Puis :
Supprime ces fichier :
C:\Program Files\BitDownload\BitDownload.exe
F:\Labo informatique\crack Diskeeper 10.0.593 Professional Premier Edition
F:\Labo informatique\crack Diskeeper 10.0.593 Professional Premier Edition\readme.txt
F:\Labo informatique\Symantec Partition Magic v8.05 + Serial.rar
As-tu une idée de ce que cela peut-etre :
QUARANTINE
Il est Présent dans C:/
Si tu ne sais pas, vire-le.
Puis :
>Relance List&Kill"em
/!\ Desactive ton antivirus le temps de la manip ainsi que ton parefeu et antispyware si présent /!\
>double clic (clic droit "executer en tant qu'administrateur" pour Vista) pour lancer le scan
choisis la langue puis choisis l'option 2 = Mode Destruction
>laisse travailler l'outil
>Poste le contenu du rapport qui s'ouvre
Télécharge Hijackthis et fait ceci :
- Ferme toutes tes applications ( navigateur compris ) et déconnecte toi .
Lance Hijackthis mais click sur " Do a scan only "
Tu vois donc apparaitre le résultat du scan : une multitudes de lignes ,chacunes précédées d'un carré vide .
Tu vas cliquer sur les carrés des lignes suivantes :
O23 - Service: .NETSecurity - Unknown owner - C:\WINDOWS\system32\netsecurity.exe (file missing)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - Startup: PrintKey 2000 Fr.lnk = C:\Program Files\PrintKey 2000 Fr\Printkey 2000 Fr.exe
Tu cliques en bas sur le bouton FIX CHECKED et valides.
Puis :
Supprime ces fichier :
C:\Program Files\BitDownload\BitDownload.exe
F:\Labo informatique\crack Diskeeper 10.0.593 Professional Premier Edition
F:\Labo informatique\crack Diskeeper 10.0.593 Professional Premier Edition\readme.txt
F:\Labo informatique\Symantec Partition Magic v8.05 + Serial.rar
As-tu une idée de ce que cela peut-etre :
QUARANTINE
Il est Présent dans C:/
Si tu ne sais pas, vire-le.
Puis :
>Relance List&Kill"em
/!\ Desactive ton antivirus le temps de la manip ainsi que ton parefeu et antispyware si présent /!\
>double clic (clic droit "executer en tant qu'administrateur" pour Vista) pour lancer le scan
choisis la langue puis choisis l'option 2 = Mode Destruction
>laisse travailler l'outil
>Poste le contenu du rapport qui s'ouvre
Je n'ai pas trouvé le fichier C:\BitDwnload\Bitdownload.exe
Voici le rapport demandé ==>
Kill'em by g3n-h@ckm@n 1.1.7.0
User : Admin (Utilisateurs) # SERVEUR
Update on 30/12/2009 by g3n-h@ckm@n ::::: 23:45
Start at: 19:45:08 | 01/01/2010
Contact : g3n-h@ckm@n sur CCM
Processeur Intel Celeron
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Disabled
AV : AntiVir Desktop 9.0.1.32 [ (!) Disabled | Updated ]
AV : Trend Micro PC-cillin Internet Security 12 12.0.1414 [ (!) Disabled | Updated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 19,1 Go (8,74 Go free) [SERVEUR] | NTFS
D:\ -> Disque CD-ROM | 370,46 Mo (0 Mo free) [CASIO] | CDFS
E:\ -> Disque CD-ROM
F:\ -> Disque fixe local | 76,33 Go (49,41 Go free) [Stockage] | NTFS
G:\ -> Disque CD-ROM
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBAgent.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\E_S00RP2.EXE
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Labtec\Mouse\2.1\moffice.exe
C:\Program Files\Labtec\Mouse\2.1\MOUSE32A.EXE
C:\Documents and Settings\Admin\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\WINDOWS\system32\uWDF.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\DOCUME~1\Admin\LOCALS~1\Temp\Répertoire temporaire 2 pour List_Killem.zip\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Admin\Local Settings\Temp\5.tmp\pv.exe
Detections :
==========
¤¤¤¤¤¤¤¤¤¤ Files/folders :
C:\Documents and Settings\All Users\Application Data\118300.34
"C:\WINDOWS\SlantAdj.dll"
C:\WINDOWS\System32\t.txt
C:\WINDOWS\System32\SET4E.tmp
C:\WINDOWS\System32\SET53.tmp
C:\WINDOWS\System32\SET5A.tmp
C:\WINDOWS\System32\SET63.tmp
C:\WINDOWS\System32\SET64.tmp
C:\WINDOWS\System32\SET65.tmp
C:\WINDOWS\System32\SET68.tmp
C:\WINDOWS\System32\SET75.tmp
C:\WINDOWS\System32\SET7E.tmp
¤¤¤¤¤¤¤¤¤¤ Files/folders deleted :
Quarantine :
118300.34.Kill'em
SET4E.tmp.Kill'em
SET53.tmp.Kill'em
SET5A.tmp.Kill'em
SET63.tmp.Kill'em
SET64.tmp.Kill'em
SET65.tmp.Kill'em
SET68.tmp.Kill'em
SET75.tmp.Kill'em
SET7E.tmp.Kill'em
SlantAdj.dll.Kill'em
t.txt.Kill'em
==============
host file OK !
==============
========
Registry
========
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe
Voici le rapport demandé ==>
Kill'em by g3n-h@ckm@n 1.1.7.0
User : Admin (Utilisateurs) # SERVEUR
Update on 30/12/2009 by g3n-h@ckm@n ::::: 23:45
Start at: 19:45:08 | 01/01/2010
Contact : g3n-h@ckm@n sur CCM
Processeur Intel Celeron
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Disabled
AV : AntiVir Desktop 9.0.1.32 [ (!) Disabled | Updated ]
AV : Trend Micro PC-cillin Internet Security 12 12.0.1414 [ (!) Disabled | Updated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 19,1 Go (8,74 Go free) [SERVEUR] | NTFS
D:\ -> Disque CD-ROM | 370,46 Mo (0 Mo free) [CASIO] | CDFS
E:\ -> Disque CD-ROM
F:\ -> Disque fixe local | 76,33 Go (49,41 Go free) [Stockage] | NTFS
G:\ -> Disque CD-ROM
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBAgent.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\E_S00RP2.EXE
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Labtec\Mouse\2.1\moffice.exe
C:\Program Files\Labtec\Mouse\2.1\MOUSE32A.EXE
C:\Documents and Settings\Admin\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\WINDOWS\system32\uWDF.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\DOCUME~1\Admin\LOCALS~1\Temp\Répertoire temporaire 2 pour List_Killem.zip\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Admin\Local Settings\Temp\5.tmp\pv.exe
Detections :
==========
¤¤¤¤¤¤¤¤¤¤ Files/folders :
C:\Documents and Settings\All Users\Application Data\118300.34
"C:\WINDOWS\SlantAdj.dll"
C:\WINDOWS\System32\t.txt
C:\WINDOWS\System32\SET4E.tmp
C:\WINDOWS\System32\SET53.tmp
C:\WINDOWS\System32\SET5A.tmp
C:\WINDOWS\System32\SET63.tmp
C:\WINDOWS\System32\SET64.tmp
C:\WINDOWS\System32\SET65.tmp
C:\WINDOWS\System32\SET68.tmp
C:\WINDOWS\System32\SET75.tmp
C:\WINDOWS\System32\SET7E.tmp
¤¤¤¤¤¤¤¤¤¤ Files/folders deleted :
Quarantine :
118300.34.Kill'em
SET4E.tmp.Kill'em
SET53.tmp.Kill'em
SET5A.tmp.Kill'em
SET63.tmp.Kill'em
SET64.tmp.Kill'em
SET65.tmp.Kill'em
SET68.tmp.Kill'em
SET75.tmp.Kill'em
SET7E.tmp.Kill'em
SlantAdj.dll.Kill'em
t.txt.Kill'em
==============
host file OK !
==============
========
Registry
========
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe
Ben, je viens de le recopier, mais je n'ai que ça dans le bloc notes ==>
Kill'em by g3n-h@ckm@n 1.1.7.0
User : Admin (Utilisateurs) # SERVEUR
Update on 30/12/2009 by g3n-h@ckm@n ::::: 23:45
Start at: 19:45:08 | 01/01/2010
Contact : g3n-h@ckm@n sur CCM
Processeur Intel Celeron
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Disabled
AV : AntiVir Desktop 9.0.1.32 [ (!) Disabled | Updated ]
AV : Trend Micro PC-cillin Internet Security 12 12.0.1414 [ (!) Disabled | Updated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 19,1 Go (8,74 Go free) [SERVEUR] | NTFS
D:\ -> Disque CD-ROM | 370,46 Mo (0 Mo free) [CASIO] | CDFS
E:\ -> Disque CD-ROM
F:\ -> Disque fixe local | 76,33 Go (49,41 Go free) [Stockage] | NTFS
G:\ -> Disque CD-ROM
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBAgent.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\E_S00RP2.EXE
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Labtec\Mouse\2.1\moffice.exe
C:\Program Files\Labtec\Mouse\2.1\MOUSE32A.EXE
C:\Documents and Settings\Admin\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\WINDOWS\system32\uWDF.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\DOCUME~1\Admin\LOCALS~1\Temp\Répertoire temporaire 2 pour List_Killem.zip\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Admin\Local Settings\Temp\5.tmp\pv.exe
Detections :
==========
¤¤¤¤¤¤¤¤¤¤ Files/folders :
C:\Documents and Settings\All Users\Application Data\118300.34
"C:\WINDOWS\SlantAdj.dll"
C:\WINDOWS\System32\t.txt
C:\WINDOWS\System32\SET4E.tmp
C:\WINDOWS\System32\SET53.tmp
C:\WINDOWS\System32\SET5A.tmp
C:\WINDOWS\System32\SET63.tmp
C:\WINDOWS\System32\SET64.tmp
C:\WINDOWS\System32\SET65.tmp
C:\WINDOWS\System32\SET68.tmp
C:\WINDOWS\System32\SET75.tmp
C:\WINDOWS\System32\SET7E.tmp
¤¤¤¤¤¤¤¤¤¤ Files/folders deleted :
Quarantine :
118300.34.Kill'em
SET4E.tmp.Kill'em
SET53.tmp.Kill'em
SET5A.tmp.Kill'em
SET63.tmp.Kill'em
SET64.tmp.Kill'em
SET65.tmp.Kill'em
SET68.tmp.Kill'em
SET75.tmp.Kill'em
SET7E.tmp.Kill'em
SlantAdj.dll.Kill'em
t.txt.Kill'em
==============
host file OK !
==============
========
Registry
========
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe
Kill'em by g3n-h@ckm@n 1.1.7.0
User : Admin (Utilisateurs) # SERVEUR
Update on 30/12/2009 by g3n-h@ckm@n ::::: 23:45
Start at: 19:45:08 | 01/01/2010
Contact : g3n-h@ckm@n sur CCM
Processeur Intel Celeron
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Disabled
AV : AntiVir Desktop 9.0.1.32 [ (!) Disabled | Updated ]
AV : Trend Micro PC-cillin Internet Security 12 12.0.1414 [ (!) Disabled | Updated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 19,1 Go (8,74 Go free) [SERVEUR] | NTFS
D:\ -> Disque CD-ROM | 370,46 Mo (0 Mo free) [CASIO] | CDFS
E:\ -> Disque CD-ROM
F:\ -> Disque fixe local | 76,33 Go (49,41 Go free) [Stockage] | NTFS
G:\ -> Disque CD-ROM
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBAgent.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\E_S00RP2.EXE
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Labtec\Mouse\2.1\moffice.exe
C:\Program Files\Labtec\Mouse\2.1\MOUSE32A.EXE
C:\Documents and Settings\Admin\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\WINDOWS\system32\uWDF.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\DOCUME~1\Admin\LOCALS~1\Temp\Répertoire temporaire 2 pour List_Killem.zip\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Admin\Local Settings\Temp\5.tmp\pv.exe
Detections :
==========
¤¤¤¤¤¤¤¤¤¤ Files/folders :
C:\Documents and Settings\All Users\Application Data\118300.34
"C:\WINDOWS\SlantAdj.dll"
C:\WINDOWS\System32\t.txt
C:\WINDOWS\System32\SET4E.tmp
C:\WINDOWS\System32\SET53.tmp
C:\WINDOWS\System32\SET5A.tmp
C:\WINDOWS\System32\SET63.tmp
C:\WINDOWS\System32\SET64.tmp
C:\WINDOWS\System32\SET65.tmp
C:\WINDOWS\System32\SET68.tmp
C:\WINDOWS\System32\SET75.tmp
C:\WINDOWS\System32\SET7E.tmp
¤¤¤¤¤¤¤¤¤¤ Files/folders deleted :
Quarantine :
118300.34.Kill'em
SET4E.tmp.Kill'em
SET53.tmp.Kill'em
SET5A.tmp.Kill'em
SET63.tmp.Kill'em
SET64.tmp.Kill'em
SET65.tmp.Kill'em
SET68.tmp.Kill'em
SET75.tmp.Kill'em
SET7E.tmp.Kill'em
SlantAdj.dll.Kill'em
t.txt.Kill'em
==============
host file OK !
==============
========
Registry
========
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe
