Sujet Précédent Sujet Suivant

Problème plusieurs processus "iexplore.exe&qu

redcode Messages postés 27 Statut Membre -  
benurrr Messages postés 9766 Statut Contributeur sécurité -
Bonjour,

J'ai recouvert que j'ai un problème avec mon PC il est a plusieurs processus "iexplore.exe" dans le gestionnaire des tâche, et il continuant a ce multiplier.

J'ai fait un scanne avec HijackThis v2.0.2.

le résultat et :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:49:09, on 19/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Belaali\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\wamp\wampmanager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\FRONTPG.EXE
C:\Program Files\TopStyle 4\TopStyle4.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - (no file)
O2 - BHO: D - {74308155-4088-30F5-BF90-60522794B687} - C:\WINDOWS\system32\xwr68005.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [avp] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Belaali\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1229272821-1123561945-1177238915-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-1229272821-1123561945-1177238915-1003 Startup: WampServer.lnk = C:\wamp\wampmanager.exe (User '?')
O4 - Startup: WampServer.lnk = C:\wamp\wampmanager.exe
O8 - Extra context menu item: Ajouter à l'Anti-bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C6A03519-BA6F-438E-AF3A-878F11521CA5} (JpgView Control) - http://www.icv99.net/JpgView.cab
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} (CAScanner Control) - http://cainternetsecurity.net/scanner/cascanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{94856C81-3FCA-41C5-991B-8D4B6EAAE074}: NameServer = 192.168.1.254
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.33\bin\mysqld.exe

5 réponses

Réponse 1 / 5
benurrr Messages postés 9766 Statut Contributeur sécurité 107
 
Salut :

Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection)

▶ Télécharge et installe List&Kill'em et enregistre le sur ton bureau

http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem_Install.exe

▶ Branche clés usb , disques durs externes , mp3 , mp4 , etc..

double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

coche la case "creer une icone sur le bureau"

une fois terminée , clic sur "terminer" et le programme se lancera seul

choisis la langue puis choisis l'option 1 = Mode Recherche

▶ laisse travailler l'outil

à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.

▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"

tu peux supprimer le rapport catchme.log de ton bureau maintenant.
0
Réponse 2 / 5
redcode Messages postés 27 Statut Membre
 
Bonsoir,

Voila le rapport --> List'em.txt

List'em by g3n-h@ckm@n 1.2.0.0

thx to CCM team.....
User : Belaali ()
Update on 19/01/2010 by g3n-h@ckm@n ::::: 15:30
Start at: 21:57:01 | 19/01/2010
Contact : g3n-h@ckm@n sur CCM

Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : Kaspersky Internet Security 9.0.0.463 [ (!) Disabled | Updated ]
FW : Kaspersky Internet Security[ (!) Disabled ]9.0.0.463

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\ctfmon.exe
C:\wamp\wampmanager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
C:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
c:\wamp\bin\mysql\mysql5.1.33\bin\mysqld.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\List_Killem\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\Belaali\Local Settings\Temp\391.tmp\pv.exe

======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
Google Update REG_SZ "C:\Documents and Settings\Belaali\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
OODefragTray REG_SZ C:\WINDOWS\system32\oodtray.exe
avp REG_SZ "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
Malwarebytes' Anti-Malware REG_SZ "C:\Program Files\Anti-Malware\mbamgui.exe" /starttray

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
ConsentPromptBehaviorAdmin REG_DWORD 2 (0x2)

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 145 (0x91)
LinkResolveIgnoreLinkInfo REG_DWORD 0 (0x0)

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 1 (0x1)
LinkResolveIgnoreLinkInfo REG_DWORD 0 (0x0)
NoResolveSearch REG_DWORD 1 (0x1)

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll

===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\klogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
{56F9679E-7826-4C84-81F3-532071A8BCC5} REG_SZ

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\uTorrent\uTorrent.exe REG_SZ C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
C:\WINDOWS\system32\ftp.exe REG_SZ C:\WINDOWS\system32\ftp.exe:*:Enabled:UDP
C:\WINDOWS\explorer.exe REG_SZ C:\WINDOWS\explorer.exe:*:Enabled:TCP
G:\SetupWizard\stInstall.exe REG_SZ G:\SetupWizard\stInstall.exe:*:Enabled:Assistant d'installation domotique de SpeedTouch
G:\UpgradeWizard\upgradeST.exe REG_SZ G:\UpgradeWizard\upgradeST.exe:*:Enabled:SpeedTouch Upgrade Wizard
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
C:\Documents and Settings\Belaali\Local Settings\Temp\WZSE0.TMP\UpgradeWizard\upgradeST.exe REG_SZ C:\Documents and Settings\Belaali\Local Settings\Temp\WZSE0.TMP\UpgradeWizard\upgradeST.exe:*:Enabled:SpeedTouch Upgrade Wizard
C:\Program Files\Opera\opera.exe REG_SZ C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

===============
ActivX controls
===============
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{17492023-C23A-453E-A040-C7C580BBF700}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{644E432F-49D3-41A1-8DD5-E099162EEEC5}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{C6A03519-BA6F-438E-AF3A-878F11521CA5}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E6BB2089-163F-466B-812A-748096614DFD}

===============
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{CB58DED6-4AF3-4080-9DF1-DEE72075169F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Microsoft Base Smart Card Crypto Provider Package
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5056b317-8d4c-43ee-8543-b9d1e234b8f4}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{72AD53CC-CCC0-3757-8480-9EE176866A7C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EF289A85-8E57-408d-BE47-73B55609861A}

==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ about:blank

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3
EapHost : 0x3
SharedAccess : 0x2
wuauserv : 0x2

=========
Atapi.sys
=========
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Documents and Settings\Belaali\Local Settings\Temp\391.tmp
## C:\> hashdeep C:\WINDOWS\System32\Drivers\atapi.sys
##
96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\System32\Drivers\atapi.sys

%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Documents and Settings\Belaali\Local Settings\Temp\391.tmp
## C:\> hashdeep C:\WINDOWS\System32\DllCache\atapi.sys
##
96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\System32\DllCache\atapi.sys

I:\Autorun.inf :
----------------
[AutoRun]
open=LaunchU3.exe -a
icon=LaunchU3.exe,0
action=Run U3 Launchpad

[Definitions]
Launchpad=LaunchPad.exe
Vtype=2

[CopyFiles]
FileNumber=1
File1=LaunchPad.zip

[Update]
URL=http://u3.sandisk.com/download/lp_installer.asp?custom=1.6.1.2&brand=PelicanBFG

[Comment]
brand=PelicanBFG
=======
Drive :
=======

D‚fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

Rapport d'analyse
74,52 Go total, 32,10 Go libre (43%), 0% fragment‚ (fragmentation du fichier 1%)

Il ne vous est pas n‚cessaire de d‚fragmenter ce volume.

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Present !! : C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
Present !! : C:\cmd.exe
Present !! : C:\WINDOWS\System32\1.reg
Present !! : C:\WINDOWS\System32\tmp.reg
Present !! : C:\Documents and Settings\Belaali\Application Data\.#

¤¤¤¤¤¤¤¤¤¤ Keys :

"HKCU\Software\Grand Virtual"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"

================
Other infections
================

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-19 22:15:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00134605a1be]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:5d,cc,ca,3b,65,98,a2,26,07,32,13,11,23,6c,16,fd,8c,91,4a,c2,2b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00134605a1be]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:5d,cc,ca,3b,65,98,a2,26,07,32,13,11,23,6c,16,fd,8c,91,4a,c2,2b,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG10.00.00.01WORKSTATION"="1C5A35F7BA07724D808792C559DDF5CB8E4E332C5244C0A1E004A54BEEE89E5C7994CC8FA1566146B5ABD8D399A13E520F7406983438F715A8EA373F2C33E0CD30B656E4A63E9F82111C88BC0D8C532BF1F8370831627AEA0954DD18C9A9315B37FCB6DDB81840E6FA37A60EA468F533377A0755E09CD31AB6413A97A4D70BB796698CC597C34B01F59E6DBC2685DAEFF1DA6EBA2CC70641F9759EE2EBCFDCB7EE4128C95820BA7C9339499F2D34A80ACB4396DAD447869FB2F8130424A40655728C0D7DE3147DAF7AB0DC70A44EFBCB811D5FB8EA823D9BCF1852E625705FAFE598F4577789770FE6737C51502BE52661985A3CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808A2D97226D213B555A2D97226D213B555274C57FC4A488DE287A210425526BC1E076BCBFBCEE60846D0B73130D32AB4A147B69A052DD44809A36B802C954EC91F5BF0985EC4D2DA0B5A51DB61D4CE15520AEECF2969CF473728F9227ABE0072ACF273952F6DB6A1D7A0C8BE760F978F24A5769237333E1865CF40BDF4190100072C77584F433B8555C4D2DA8857AC48C8A15270A2516BFC6D26358F86005E71D2BA85E9C3D74CDF903FA9A6D5927C17D55B0C6D021FE4EA0F1053C6406565799724A74836D11B43FADC888A40BAB88A46833280918B7C8A6FC09A09D44CAAFE42C36EE271E91A70E93C2FE7CDDDD4E0789ED6942E1BC93B93438BEC1D4D851CA4C8ED9FE7ED826017D0640DA89F8B10AE060E09DBE2258DE8F4AEFD15948F9E70B53B582FBD50BD9F64EFC21D35D83F0FE5F230C1102E463D080D3DDBE1288A406175D8FECE446905901E419E68FECCA43FA152AA60C5E04501B61F358B73958F753AE1B32CE174ACC54037439882C7DC673DA804291309183C3E8A8A77592A3E732E2ACFF0712960C7A9C74338ACF48B866AE3E2CF7FA0AF64395CE5238367122BF75977D0FE82CC2FB4077ECC894EE61953257D51B93E6D7DC264F81F609E3245C38CF10F5AAE05E6BC00F4EFEC7E87EF26062E3B34AA145B7A66950FA5582CBA41552F859812FBAEA331CED1E8676DB19390F2B024E2CA2A019AB5AA48CC6FDC24B7BE2111C30D1B4D0CD333591C7BD4D042F0EA05989CE57FAD74BE046CD0CB23AED4646010F393227673EB5866F6261A10EDB31332F9E19E3E91AD595888807B254BE267F554D38ECABE64CA428948A960D5EB52C835C28D61EF6788E7B2C4EC7D9E4748A8B1EA0556EB9A5360442E440DB58487AA87027F1E19F71BA5D1B7398B704EEB10753E77DCD4A3DAA517A1AD674186BD57896DAAF1B87A5CCFC6CBA99984C980C7ED04E112F6A310A9D83F2FB04F8B4306BC28C94C9E1EDAD95C478864C39EF29FCCC73E22F4"
"OODEFRAG11.00.00.01WORKSTATION"="6E1D8B32760A51D467930068D91FF84AEE5EBF6C93F8C2112150E7AA850150B5FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98089DB7CE019D40AA5C9DB7CE019D40AA5CB9D49B414BCEEF08117FDF24B293B1918D2B9B3697483997F688B56CA6D20FD520EEA6D4493A6948BA70CC9D17396EEDF4748F29A76BBCA7EA6B56A927F9CCA06887CAD8BBEB984BF78D6F3BC2751A6844B581ED58631724C495308F2C0FC04046A21FAAAEE31D4DB3BC3B408778C0F6B95462D45D35635C390C5095EF85B47C8206EC0A00A68CAF6A265956077867B3AAF7568E40E331420F9AF9178154E24178BEB41CE3BB6F782E35240CBAAB01DC7B1036B2DDF902EDA04E2155C2F47B1F991A28685F2E444EA31AAAD1ED51F9D3A5CC8DB96705CD1A5F79F07067E623C869ACADDACF8EFAFE83C8B0FC4029AE1EB8239E84E09780A4CCB14472FAACF19600CC5F46E070787C9BF9AEC7A476F1E656CCDC54A2C5779180522FC45BCCF3058A160C5C976A96D9CDA9CFCEE3030AFB35C57150DA2A07862679F6B8B95129B4C7683637C81821520F977393991CB0CD1F50B88109E1F550FC0892001B4A84670E6515D2A19A5A4068492DFBB59194F2727242D6038F7E5B58A5B2B35A496F8544F4938E1F15F6A67605C3D17C38D5A6A2F2D2A271D7503D9EBB37CD2665461DE6C1CD30142E9F296B5833C005E80CC4B4DF649B4FE40EABCB7836AEFDB9D6DA063C98DFA89271910D92ABDA3A80C1D0C10B225D70E4CF016FCC791938E3E6954796792AD671FDCAB3481097DCDEF2EE7B89EC637708A0BCACF07DB48087AFC360C72C7E6C7E4868CC51F7CC016893EA2134D9135D847D81BADEF30D524AD980A08A9DB10E714D1E5A4AAF3B0E0788320B2830B0EF955B16E353431102D7088D665F70FC3106F5C47093B50240272D56A1476DE7CDF5A0E588518414B2DE4D4E2609FB7BA0FC265AB850BDA7A5B8CD0D63B5C247EE6AA77F1C9E064E5E1132C9670ECA2FFB97317DF0E9309524B0ADAFE4DB13BF99B6C095A546475AD4A4B22CC83A1BFAB49F60746A8A26197287823ECAE877286B24AE7F4016803936D53EC5781CDE27145FF12889A4F2631DBA75D84E4D3C3C550228399A1F98CB79E2B88ABB873E62B12795A6C8EA178803CAA5453FBD63199A21575FF9382FDB678DFA12EA9312B97E4A701EB4564B04D73BA56E7FB320C157565CB633FC94921E1ED019F11B6925BCA01DE56EA1FAB32594F9E185EBDB1CF4FC4B2433484E818E5DF9FDD13D87798286A6F42C4FC5D644659DD05A6832F2367128B47740951A011B2B459CDCE1763C5A8EE935227E93663D7D131EED73752F957095164859B50CAA8B97FD21A33AA600CA84E9A12DF38FB07D20"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

==========
Programs
==========

Adobe
AIMP2
Alcohol Soft
Anti-Malware
CCleaner
CuteFTP 8 Pro
DLink
Error Repair Professional
Fichiers communs
FileZilla
Foobar
Foxit Software
IKEA HomePlanner
Image Resizer
InstallShield Installation Information
Internet Explorer
Java
K-Lite Codec Pack
Kaspersky Lab
Light PHP Edit
LimeWire
List_Killem
Logitech
ma-config.com
Messenger Plus! Live
Microsoft
Microsoft CAPICOM 2.1.0.2
Microsoft Expression
microsoft frontpage
Microsoft Office
Microsoft Silverlight
Microsoft Visual Studio
Microsoft Visual Studio 8
Microsoft Works
Microsoft.NET
Movie Maker
Mozilla Firefox
Mozilla Thunderbird
MSBuild
MSECache
MSN Gaming Zone
MSN Messenger
Nero
NetMeeting
Nokia
Notepad++
OO Software
OpenOffice.org 3
OpenWithView
Opera
Outlook Express
Paint.NET
PC Connectivity Solution
PixResize
ProcessExplorer
QuickTime
Real
Realtek
Reference Assemblies
RegCleaner
Registry Mechanic
SigmaTel
StuffPlug3
TagRename
TcpView.zip
TomTom HOME 2
TomTom International B.V
TopStyle 4
TortoiseSVN
Trend Micro
Trojan Remover
Tweak_UI
Unlocker
uTorrent
VideoLAN
Winamp
Winamp Detect
Windows Desktop Search
Windows Live
Windows Media Player
Windows NT
WinRAR
WinZip
xerox
Yahoo!
Your Uninstaller 2008

============
Lecteur C:
============

AUTOEXEC.BAT
BJPrinter
boot.ini
Bootfont.bin
Cd ISO
cmd.exe
Config.Msi
CONFIG.SYS
Documents and Settings
DownLoads
FormationPHP
Glary Utilities Portable
IO.SYS
Kill'em
List'em.txt
MSDOS.SYS
MSOCache
NTDETECT.COM
ntldr
Office 2003
pagefile.sys
Pcpratique.Be
Program Files
RECYCLER
resultat.txt
Search
System Volume Information
temp
upload_moi_FREE-HACKING.tar.gz
USB BOOT
wamp
Winbooks
WINDOWS
XOOPS_SVN
XUUPS

¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials

C:\Documents and Settings\Belaali\Bureau\DownLoads\Patch editeurs pour news.zip
C:\Documents and Settings\Belaali\Mes documents\CMS\protector\library\HTMLPurifier\DefinitionCache\Serializer
C:\Documents and Settings\Belaali\Mes documents\CMS\protector\library\HTMLPurifier\DefinitionCache\Serializer.php
C:\Documents and Settings\Belaali\Mes documents\CMS\protector\library\HTMLPurifier\DefinitionCache\Serializer\CSS
C:\Documents and Settings\Belaali\Mes documents\CMS\protector\library\HTMLPurifier\DefinitionCache\Serializer\HTML
C:\Documents and Settings\Belaali\Mes documents\CMS\protector\library\HTMLPurifier\DefinitionCache\Serializer\Test
C:\Documents and Settings\Belaali\Mes documents\CMS\protector\library\HTMLPurifier\DefinitionCache\Serializer\URI
C:\Documents and Settings\Belaali\Mes documents\CMS\Protector 3.41\xoops_trust_path\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer
C:\Documents and Settings\Belaali\Mes documents\CMS\Protector 3.41\xoops_trust_path\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer.php
C:\Documents and Settings\Belaali\Mes documents\CMS\Protector 3.41\xoops_trust_path\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer\CSS
C:\Documents and Settings\Belaali\Mes documents\CMS\Protector 3.41\xoops_trust_path\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer\HTML
C:\Documents and Settings\Belaali\Mes documents\CMS\Protector 3.41\xoops_trust_path\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer\README
C:\Documents and Settings\Belaali\Mes documents\CMS\Protector 3.41\xoops_trust_path\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer\Test
C:\Documents and Settings\Belaali\Mes documents\CMS\Protector 3.41\xoops_trust_path\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer\URI
C:\Documents and Settings\Belaali\Mes documents\CMS\XOOPS_2.4.3_Fr\htdocs\xoops_lib\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer
C:\Documents and Settings\Belaali\Mes documents\CMS\XOOPS_2.4.3_Fr\htdocs\xoops_lib\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer.php
C:\Documents and Settings\Belaali\Mes documents\CMS\XOOPS_2.4.3_Fr\htdocs\xoops_lib\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer\CSS
C:\Documents and Settings\Belaali\Mes documents\CMS\XOOPS_2.4.3_Fr\htdocs\xoops_lib\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer\HTML
C:\Documents and Settings\Belaali\Mes documents\CMS\XOOPS_2.4.3_Fr\htdocs\xoops_lib\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer\index.html
C:\Documents and Settings\Belaali\Mes documents\CMS\XOOPS_2.4.3_Fr\htdocs\xoops_lib\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer\README
C:\Documents and Settings\Belaali\Mes documents\CMS\XOOPS_2.4.3_Fr\htdocs\xoops_lib\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer\Test
C:\Documents and Settings\Belaali\Mes documents\CMS\XOOPS_2.4.3_Fr\htdocs\xoops_lib\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer\URI
C:\Documents and Settings\Belaali\Mes documents\CMS\XOOPS_2.4.3_Fr\htdocs\xoops_lib\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer\CSS\index.html
C:\Documents and Settings\Belaali\Mes documents\CMS\XOOPS_2.4.3_Fr\htdocs\xoops_lib\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer\HTML\index.html
C:\Documents and Settings\Belaali\Mes documents\CMS\XOOPS_2.4.3_Fr\htdocs\xoops_lib\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer\Test\index.html
C:\Documents and Settings\Belaali\Mes documents\CMS\XOOPS_2.4.3_Fr\htdocs\xoops_lib\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer\URI\index.html
C:\wamp\secure\xps_lib\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer
C:\wamp\secure\xps_lib\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer.php
C:\wamp\secure\xps_lib\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer\CSS
C:\wamp\secure\xps_lib\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer\HTML
C:\wamp\secure\xps_lib\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer\index.html
C:\wamp\secure\xps_lib\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer\README
C:\wamp\secure\xps_lib\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer\Test
C:\wamp\secure\xps_lib\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer\URI
C:\wamp\secure\xps_lib\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer\CSS\index.html
C:\wamp\secure\xps_lib\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer\HTML\index.html
C:\wamp\secure\xps_lib\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer\Test\index.html
C:\wamp\secure\xps_lib\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer\URI\index.html

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Réponse 3 / 5
benurrr Messages postés 9766 Statut Contributeur sécurité 107
 
▶ Relance List&Kill'em,avec le raccourci sur ton bureau.
mais cette fois-ci :

choisis l'option 2 = Mode Suppression

laisse travailler l'outil.

en fin de scan un rapport s'ouvre

▶ colle le contenu dans ta réponse
0
Réponse 4 / 5
redcode Messages postés 27 Statut Membre
 
Bonjour,

Merci pour votre aide, j'ai suivis la procédure et voila le rapport :

Kill'em by g3n-h@ckm@n 1.2.0.0

User : Belaali ()
Update on 19/01/2010 by g3n-h@ckm@n ::::: 15:30
Start at: 0:28:08 | 20/01/2010
Contact : g3n-h@ckm@n sur CCM

Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : Kaspersky Internet Security 9.0.0.463 [ (!) Disabled | Updated ]
FW : Kaspersky Internet Security[ (!) Disabled ]9.0.0.463

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\ctfmon.exe
C:\wamp\wampmanager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\FRONTPG.EXE
C:\Program Files\Notepad++\notepad++.exe
C:\Program Files\List_Killem\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Belaali\Local Settings\Temp\87F.tmp\pv.exe

Detections :
==========

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Quarantined & Deleted !! : C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
Quarantined & Deleted !! : C:\cmd.exe

Quarantined & Deleted !! : C:\WINDOWS\System32\1.reg
Quarantined & Deleted !! : C:\WINDOWS\system32\tmp.reg
Quarantined & Deleted !! : C:\Documents and Settings\Belaali\Application Data\.#

==============
host file OK !
==============

========
Registry
========
Deleted : HKCU\Software\Grand Virtual
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe

============
Disk Cleaned
============

================
Prefetch cleaned
================

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 5
benurrr Messages postés 9766 Statut Contributeur sécurité 107
 
telecharge

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

a l'installation vérifie que mise a jour et lancer programme et scan complet sont bien cocher

Une fois a jour, le programme va se lancer; clic sur l´onglet paramètre, et coche la case : "Arrêter internet explorer pendant la suppression".

A la fin du scan clique sur Afficher les résultats

Vérifier si tout est coché et clic Supprimer la sélection

S'il t'es demandé de redémarrer >>> clique sur "Yes"

Et tu poste le rapport générer
0

Discussions similaires

processus inactif du systeme
edsurf64 -
mick8 -

29 réponses
Uc à 100 %, processus inactif a 99 %
nono22461 -
nono22461 -

6 réponses
C'est quoi le processus inactif du system ?
siltex -
Utilisateur anonyme -

5 réponses
Manque de mémoire pour imprimer ?
peggys2 -
peggys2 -

6 réponses
Processus de la déclaration TVA
comptabilit -
rgsr5 -

3 réponses