Problème plusieurs processus "iexplore.exe&qu

redcode Messages postés 27 Statut Membre -  
benurrr Messages postés 9766 Statut Contributeur sécurité -
Bonjour,

J'ai recouvert que j'ai un problème avec mon PC il est a plusieurs processus "iexplore.exe" dans le gestionnaire des tâche, et il continuant a ce multiplier.

J'ai fait un scanne avec HijackThis v2.0.2.

le résultat et :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:49:09, on 19/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Belaali\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\wamp\wampmanager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\FRONTPG.EXE
C:\Program Files\TopStyle 4\TopStyle4.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - (no file)
O2 - BHO: D - {74308155-4088-30F5-BF90-60522794B687} - C:\WINDOWS\system32\xwr68005.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [avp] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Belaali\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1229272821-1123561945-1177238915-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-1229272821-1123561945-1177238915-1003 Startup: WampServer.lnk = C:\wamp\wampmanager.exe (User '?')
O4 - Startup: WampServer.lnk = C:\wamp\wampmanager.exe
O8 - Extra context menu item: Ajouter à l'Anti-bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C6A03519-BA6F-438E-AF3A-878F11521CA5} (JpgView Control) - http://www.icv99.net/JpgView.cab
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} (CAScanner Control) - http://cainternetsecurity.net/scanner/cascanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{94856C81-3FCA-41C5-991B-8D4B6EAAE074}: NameServer = 192.168.1.254
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.33\bin\mysqld.exe

--
End of file - 9145 bytes

Merci de votre aide
Configuration: Windows XP  SP3
Firefox 3.0.1
Kaspersky Internet Security

5 réponses

  1. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    Salut :

    Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection)

    ▶ Télécharge et installe List&Kill'em et enregistre le sur ton bureau

    http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem_Install.exe

    ▶ Branche clés usb , disques durs externes , mp3 , mp4 , etc..

    double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

    coche la case "creer une icone sur le bureau"

    une fois terminée , clic sur "terminer" et le programme se lancera seul

    choisis la langue puis choisis l'option 1 = Mode Recherche

    ▶ laisse travailler l'outil

    à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

    un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.

    ▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"

    tu peux supprimer le rapport catchme.log de ton bureau maintenant.
    0
  2. redcode Messages postés 27 Statut Membre
     
    Bonsoir,

    Voila le rapport --> List'em.txt

    List'em by g3n-h@ckm@n 1.2.0.0

    thx to CCM team.....
    User : Belaali ()
    Update on 19/01/2010 by g3n-h@ckm@n ::::: 15:30
    Start at: 21:57:01 | 19/01/2010
    Contact : g3n-h@ckm@n sur CCM

    Internet Explorer 8.0.6001.18702
    Windows Firewall Status : Enabled
    AV : Kaspersky Internet Security 9.0.0.463 [ (!) Disabled | Updated ]
    FW : Kaspersky Internet Security[ (!) Disabled ]9.0.0.463

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\wamp\wampmanager.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Anti-Malware\mbamservice.exe
    C:\WINDOWS\system32\nvsvc32.exe
    c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
    C:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
    c:\wamp\bin\mysql\mysql5.1.33\bin\mysqld.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\List_Killem\List_Kill'em.exe
    C:\WINDOWS\system32\cmd.exe
    C:\Documents and Settings\Belaali\Local Settings\Temp\391.tmp\pv.exe

    ======================
    Keys "Run"
    ======================
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
    Google Update REG_SZ "C:\Documents and Settings\Belaali\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    OODefragTray REG_SZ C:\WINDOWS\system32\oodtray.exe
    avp REG_SZ "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
    Malwarebytes' Anti-Malware REG_SZ "C:\Program Files\Anti-Malware\mbamgui.exe" /starttray

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2

    =====================
    Other Keys
    =====================
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    dontdisplaylastusername REG_DWORD 0 (0x0)
    legalnoticecaption REG_SZ
    legalnoticetext REG_SZ
    shutdownwithoutlogon REG_DWORD 1 (0x1)
    undockwithoutlogon REG_DWORD 1 (0x1)
    ConsentPromptBehaviorAdmin REG_DWORD 2 (0x2)

    ===============
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    NoDriveTypeAutoRun REG_DWORD 145 (0x91)
    LinkResolveIgnoreLinkInfo REG_DWORD 0 (0x0)

    ===============
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    HonorAutoRunSetting REG_DWORD 1 (0x1)
    LinkResolveIgnoreLinkInfo REG_DWORD 0 (0x0)
    NoResolveSearch REG_DWORD 1 (0x1)

    ===============
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    AppInit_DLLS REG_SZ C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll

    ===============
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\klogon]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

    ===============
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    {AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
    {56F9679E-7826-4C84-81F3-532071A8BCC5} REG_SZ

    ===============
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    %windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
    %windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
    C:\Program Files\uTorrent\uTorrent.exe REG_SZ C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
    C:\WINDOWS\system32\ftp.exe REG_SZ C:\WINDOWS\system32\ftp.exe:*:Enabled:UDP
    C:\WINDOWS\explorer.exe REG_SZ C:\WINDOWS\explorer.exe:*:Enabled:TCP
    G:\SetupWizard\stInstall.exe REG_SZ G:\SetupWizard\stInstall.exe:*:Enabled:Assistant d'installation domotique de SpeedTouch
    G:\UpgradeWizard\upgradeST.exe REG_SZ G:\UpgradeWizard\upgradeST.exe:*:Enabled:SpeedTouch Upgrade Wizard
    C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
    C:\Documents and Settings\Belaali\Local Settings\Temp\WZSE0.TMP\UpgradeWizard\upgradeST.exe REG_SZ C:\Documents and Settings\Belaali\Local Settings\Temp\WZSE0.TMP\UpgradeWizard\upgradeST.exe:*:Enabled:SpeedTouch Upgrade Wizard
    C:\Program Files\Opera\opera.exe REG_SZ C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    %windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
    %windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
    C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

    ===============
    ActivX controls
    ===============
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{17492023-C23A-453E-A040-C7C580BBF700}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{644E432F-49D3-41A1-8DD5-E099162EEEC5}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{C6A03519-BA6F-438E-AF3A-878F11521CA5}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E6BB2089-163F-466B-812A-748096614DFD}

    ===============
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{CB58DED6-4AF3-4080-9DF1-DEE72075169F}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Microsoft Base Smart Card Crypto Provider Package
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5056b317-8d4c-43ee-8543-b9d1e234b8f4}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{72AD53CC-CCC0-3757-8480-9EE176866A7C}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EF289A85-8E57-408d-BE47-73B55609861A}

    ==============
    BHO :
    ======
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

    ================
    Internet Explorer :
    ================
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    Start Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    Start Page REG_SZ about:blank

    ========
    Services
    ========
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

    Ndisuio : 0x3
    EapHost : 0x3
    SharedAccess : 0x2
    wuauserv : 0x2

    =========
    Atapi.sys
    =========
    %%%% HASHDEEP-1.0
    %%%% size,md5,sha256,filename
    ## Invoked from: C:\Documents and Settings\Belaali\Local Settings\Temp\391.tmp
    ## C:\> hashdeep C:\WINDOWS\System32\Drivers\atapi.sys
    ##
    96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\System32\Drivers\atapi.sys

    %%%% HASHDEEP-1.0
    %%%% size,md5,sha256,filename
    ## Invoked from: C:\Documents and Settings\Belaali\Local Settings\Temp\391.tmp
    ## C:\> hashdeep C:\WINDOWS\System32\DllCache\atapi.sys
    ##
    96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\System32\DllCache\atapi.sys

    I:\Autorun.inf :
    ----------------
    [AutoRun]
    open=LaunchU3.exe -a
    icon=LaunchU3.exe,0
    action=Run U3 Launchpad

    [Definitions]
    Launchpad=LaunchPad.exe
    Vtype=2

    [CopyFiles]
    FileNumber=1
    File1=LaunchPad.zip

    [Update]
    URL=http://u3.sandisk.com/download/lp_installer.asp?custom=1.6.1.2&brand=PelicanBFG

    [Comment]
    brand=PelicanBFG
    =======
    Drive :
    =======

    D‚fragmenteur de disque Windows
    Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

    Rapport d'analyse
    74,52 Go total, 32,10 Go libre (43%), 0% fragment‚ (fragmentation du fichier 1%)

    Il ne vous est pas n‚cessaire de d‚fragmenter ce volume.

    ¤¤¤¤¤¤¤¤¤¤ Files/folders :

    Present !! : C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    Present !! : C:\cmd.exe
    Present !! : C:\WINDOWS\System32\1.reg
    Present !! : C:\WINDOWS\System32\tmp.reg
    Present !! : C:\Documents and Settings\Belaali\Application Data\.#

    ¤¤¤¤¤¤¤¤¤¤ Keys :

    "HKCU\Software\Grand Virtual"
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"

    ================
    Other infections
    ================

    catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-01-19 22:15:45
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00134605a1be]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s1"=dword:2df9c43f
    "s2"=dword:110480d0
    "h0"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
    "h0"=dword:00000000
    "ujdew"=hex:5d,cc,ca,3b,65,98,a2,26,07,32,13,11,23,6c,16,fd,8c,91,4a,c2,2b,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00134605a1be]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
    "h0"=dword:00000000
    "ujdew"=hex:5d,cc,ca,3b,65,98,a2,26,07,32,13,11,23,6c,16,fd,8c,91,4a,c2,2b,..

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
    "OODEFRAG10.00.00.01WORKSTATION"="1C5A35F7BA07724D808792C559DDF5CB8E4E332C5244C0A1E004A54BEEE89E5C7994CC8FA1566146B5ABD8D399A13E520F7406983438F715A8EA373F2C33E0CD30B656E4A63E9F82111C88BC0D8C532BF1F8370831627AEA0954DD18C9A9315B37FCB6DDB81840E6FA37A60EA468F533377A0755E09CD31AB6413A97A4D70BB796698CC597C34B01F59E6DBC2685DAEFF1DA6EBA2CC70641F9759EE2EBCFDCB7EE4128C95820BA7C9339499F2D34A80ACB4396DAD447869FB2F8130424A40655728C0D7DE3147DAF7AB0DC70A44EFBCB811D5FB8EA823D9BCF1852E625705FAFE598F4577789770FE6737C51502BE52661985A3CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808A2D97226D213B555A2D97226D213B555274C57FC4A488DE287A210425526BC1E076BCBFBCEE60846D0B73130D32AB4A147B69A052DD44809A36B802C954EC91F5BF0985EC4D2DA0B5A51DB61D4CE15520AEECF2969CF473728F9227ABE0072ACF273952F6DB6A1D7A0C8BE760F978F24A5769237333E1865CF40BDF4190100072C77584F433B8555C4D2DA8857AC48C8A15270A2516BFC6D26358F86005E71D2BA85E9C3D74CDF903FA9A6D5927C17D55B0C6D021FE4EA0F1053C6406565799724A74836D11B43FADC888A40BAB88A46833280918B7C8A6FC09A09D44CAAFE42C36EE271E91A70E93C2FE7CDDDD4E0789ED6942E1BC93B93438BEC1D4D851CA4C8ED9FE7ED826017D0640DA89F8B10AE060E09DBE2258DE8F4AEFD15948F9E70B53B582FBD50BD9F64EFC21D35D83F0FE5F230C1102E463D080D3DDBE1288A406175D8FECE446905901E419E68FECCA43FA152AA60C5E04501B61F358B73958F753AE1B32CE174ACC54037439882C7DC673DA804291309183C3E8A8A77592A3E732E2ACFF0712960C7A9C74338ACF48B866AE3E2CF7FA0AF64395CE5238367122BF75977D0FE82CC2FB4077ECC894EE61953257D51B93E6D7DC264F81F609E3245C38CF10F5AAE05E6BC00F4EFEC7E87EF26062E3B34AA145B7A66950FA5582CBA41552F859812FBAEA331CED1E8676DB19390F2B024E2CA2A019AB5AA48CC6FDC24B7BE2111C30D1B4D0CD333591C7BD4D042F0EA05989CE57FAD74BE046CD0CB23AED4646010F393227673EB5866F6261A10EDB31332F9E19E3E91AD595888807B254BE267F554D38ECABE64CA428948A960D5EB52C835C28D61EF6788E7B2C4EC7D9E4748A8B1EA0556EB9A5360442E440DB58487AA87027F1E19F71BA5D1B7398B704EEB10753E77DCD4A3DAA517A1AD674186BD57896DAAF1B87A5CCFC6CBA99984C980C7ED04E112F6A310A9D83F2FB04F8B4306BC28C94C9E1EDAD95C478864C39EF29FCCC73E22F4"
    "OODEFRAG11.00.00.01WORKSTATION"="6E1D8B32760A51D467930068D91FF84AEE5EBF6C93F8C2112150E7AA850150B5FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98089DB7CE019D40AA5C9DB7CE019D40AA5CB9D49B414BCEEF08117FDF24B293B1918D2B9B3697483997F688B56CA6D20FD520EEA6D4493A6948BA70CC9D17396EEDF4748F29A76BBCA7EA6B56A927F9CCA06887CAD8BBEB984BF78D6F3BC2751A6844B581ED58631724C495308F2C0FC04046A21FAAAEE31D4DB3BC3B408778C0F6B95462D45D35635C390C5095EF85B47C8206EC0A00A68CAF6A265956077867B3AAF7568E40E331420F9AF9178154E24178BEB41CE3BB6F782E35240CBAAB01DC7B1036B2DDF902EDA04E2155C2F47B1F991A28685F2E444EA31AAAD1ED51F9D3A5CC8DB96705CD1A5F79F07067E623C869ACADDACF8EFAFE83C8B0FC4029AE1EB8239E84E09780A4CCB14472FAACF19600CC5F46E070787C9BF9AEC7A476F1E656CCDC54A2C5779180522FC45BCCF3058A160C5C976A96D9CDA9CFCEE3030AFB35C57150DA2A07862679F6B8B95129B4C7683637C81821520F977393991CB0CD1F50B88109E1F550FC0892001B4A84670E6515D2A19A5A4068492DFBB59194F2727242D6038F7E5B58A5B2B35A496F8544F4938E1F15F6A67605C3D17C38D5A6A2F2D2A271D7503D9EBB37CD2665461DE6C1CD30142E9F296B5833C005E80CC4B4DF649B4FE40EABCB7836AEFDB9D6DA063C98DFA89271910D92ABDA3A80C1D0C10B225D70E4CF016FCC791938E3E6954796792AD671FDCAB3481097DCDEF2EE7B89EC637708A0BCACF07DB48087AFC360C72C7E6C7E4868CC51F7CC016893EA2134D9135D847D81BADEF30D524AD980A08A9DB10E714D1E5A4AAF3B0E0788320B2830B0EF955B16E353431102D7088D665F70FC3106F5C47093B50240272D56A1476DE7CDF5A0E588518414B2DE4D4E2609FB7BA0FC265AB850BDA7A5B8CD0D63B5C247EE6AA77F1C9E064E5E1132C9670ECA2FFB97317DF0E9309524B0ADAFE4DB13BF99B6C095A546475AD4A4B22CC83A1BFAB49F60746A8A26197287823ECAE877286B24AE7F4016803936D53EC5781CDE27145FF12889A4F2631DBA75D84E4D3C3C550228399A1F98CB79E2B88ABB873E62B12795A6C8EA178803CAA5453FBD63199A21575FF9382FDB678DFA12EA9312B97E4A701EB4564B04D73BA56E7FB320C157565CB633FC94921E1ED019F11B6925BCA01DE56EA1FAB32594F9E185EBDB1CF4FC4B2433484E818E5DF9FDD13D87798286A6F42C4FC5D644659DD05A6832F2367128B47740951A011B2B459CDCE1763C5A8EE935227E93663D7D131EED73752F957095164859B50CAA8B97FD21A33AA600CA84E9A12DF38FB07D20"

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    kernel: MBR read successfully
    user & kernel MBR OK

    ==========
    Programs
    ==========

    Adobe
    AIMP2
    Alcohol Soft
    Anti-Malware
    CCleaner
    CuteFTP 8 Pro
    DLink
    Error Repair Professional
    Fichiers communs
    FileZilla
    Foobar
    Foxit Software
    IKEA HomePlanner
    Image Resizer
    InstallShield Installation Information
    Internet Explorer
    Java
    K-Lite Codec Pack
    Kaspersky Lab
    Light PHP Edit
    LimeWire
    List_Killem
    Logitech
    ma-config.com
    Messenger Plus! Live
    Microsoft
    Microsoft CAPICOM 2.1.0.2
    Microsoft Expression
    microsoft frontpage
    Microsoft Office
    Microsoft Silverlight
    Microsoft Visual Studio
    Microsoft Visual Studio 8
    Microsoft Works
    Microsoft.NET
    Movie Maker
    Mozilla Firefox
    Mozilla Thunderbird
    MSBuild
    MSECache
    MSN Gaming Zone
    MSN Messenger
    Nero
    NetMeeting
    Nokia
    Notepad++
    OO Software
    OpenOffice.org 3
    OpenWithView
    Opera
    Outlook Express
    Paint.NET
    PC Connectivity Solution
    PixResize
    ProcessExplorer
    QuickTime
    Real
    Realtek
    Reference Assemblies
    RegCleaner
    Registry Mechanic
    SigmaTel
    StuffPlug3
    TagRename
    TcpView.zip
    TomTom HOME 2
    TomTom International B.V
    TopStyle 4
    TortoiseSVN
    Trend Micro
    Trojan Remover
    Tweak_UI
    Unlocker
    uTorrent
    VideoLAN
    Winamp
    Winamp Detect
    Windows Desktop Search
    Windows Live
    Windows Media Player
    Windows NT
    WinRAR
    WinZip
    xerox
    Yahoo!
    Your Uninstaller 2008

    ============
    Lecteur C:
    ============

    AUTOEXEC.BAT
    BJPrinter
    boot.ini
    Bootfont.bin
    Cd ISO
    cmd.exe
    Config.Msi
    CONFIG.SYS
    Documents and Settings
    DownLoads
    FormationPHP
    Glary Utilities Portable
    IO.SYS
    Kill'em
    List'em.txt
    MSDOS.SYS
    MSOCache
    NTDETECT.COM
    ntldr
    Office 2003
    pagefile.sys
    Pcpratique.Be
    Program Files
    RECYCLER
    resultat.txt
    Search
    System Volume Information
    temp
    upload_moi_FREE-HACKING.tar.gz
    USB BOOT
    wamp
    Winbooks
    WINDOWS
    XOOPS_SVN
    XUUPS

    ¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials

    C:\Documents and Settings\Belaali\Bureau\DownLoads\Patch editeurs pour news.zip
    C:\Documents and Settings\Belaali\Mes documents\CMS\protector\library\HTMLPurifier\DefinitionCache\Serializer
    C:\Documents and Settings\Belaali\Mes documents\CMS\protector\library\HTMLPurifier\DefinitionCache\Serializer.php
    C:\Documents and Settings\Belaali\Mes documents\CMS\protector\library\HTMLPurifier\DefinitionCache\Serializer\CSS
    C:\Documents and Settings\Belaali\Mes documents\CMS\protector\library\HTMLPurifier\DefinitionCache\Serializer\HTML
    C:\Documents and Settings\Belaali\Mes documents\CMS\protector\library\HTMLPurifier\DefinitionCache\Serializer\Test
    C:\Documents and Settings\Belaali\Mes documents\CMS\protector\library\HTMLPurifier\DefinitionCache\Serializer\URI
    C:\Documents and Settings\Belaali\Mes documents\CMS\Protector 3.41\xoops_trust_path\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer
    C:\Documents and Settings\Belaali\Mes documents\CMS\Protector 3.41\xoops_trust_path\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer.php
    C:\Documents and Settings\Belaali\Mes documents\CMS\Protector 3.41\xoops_trust_path\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer\CSS
    C:\Documents and Settings\Belaali\Mes documents\CMS\Protector 3.41\xoops_trust_path\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer\HTML
    C:\Documents and Settings\Belaali\Mes documents\CMS\Protector 3.41\xoops_trust_path\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer\README
    C:\Documents and Settings\Belaali\Mes documents\CMS\Protector 3.41\xoops_trust_path\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer\Test
    C:\Documents and Settings\Belaali\Mes documents\CMS\Protector 3.41\xoops_trust_path\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer\URI
    C:\Documents and Settings\Belaali\Mes documents\CMS\XOOPS_2.4.3_Fr\htdocs\xoops_lib\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer
    C:\Documents and Settings\Belaali\Mes documents\CMS\XOOPS_2.4.3_Fr\htdocs\xoops_lib\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer.php
    C:\Documents and Settings\Belaali\Mes documents\CMS\XOOPS_2.4.3_Fr\htdocs\xoops_lib\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer\CSS
    C:\Documents and Settings\Belaali\Mes documents\CMS\XOOPS_2.4.3_Fr\htdocs\xoops_lib\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer\HTML
    C:\Documents and Settings\Belaali\Mes documents\CMS\XOOPS_2.4.3_Fr\htdocs\xoops_lib\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer\index.html
    C:\Documents and Settings\Belaali\Mes documents\CMS\XOOPS_2.4.3_Fr\htdocs\xoops_lib\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer\README
    C:\Documents and Settings\Belaali\Mes documents\CMS\XOOPS_2.4.3_Fr\htdocs\xoops_lib\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer\Test
    C:\Documents and Settings\Belaali\Mes documents\CMS\XOOPS_2.4.3_Fr\htdocs\xoops_lib\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer\URI
    C:\Documents and Settings\Belaali\Mes documents\CMS\XOOPS_2.4.3_Fr\htdocs\xoops_lib\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer\CSS\index.html
    C:\Documents and Settings\Belaali\Mes documents\CMS\XOOPS_2.4.3_Fr\htdocs\xoops_lib\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer\HTML\index.html
    C:\Documents and Settings\Belaali\Mes documents\CMS\XOOPS_2.4.3_Fr\htdocs\xoops_lib\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer\Test\index.html
    C:\Documents and Settings\Belaali\Mes documents\CMS\XOOPS_2.4.3_Fr\htdocs\xoops_lib\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer\URI\index.html
    C:\wamp\secure\xps_lib\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer
    C:\wamp\secure\xps_lib\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer.php
    C:\wamp\secure\xps_lib\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer\CSS
    C:\wamp\secure\xps_lib\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer\HTML
    C:\wamp\secure\xps_lib\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer\index.html
    C:\wamp\secure\xps_lib\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer\README
    C:\wamp\secure\xps_lib\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer\Test
    C:\wamp\secure\xps_lib\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer\URI
    C:\wamp\secure\xps_lib\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer\CSS\index.html
    C:\wamp\secure\xps_lib\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer\HTML\index.html
    C:\wamp\secure\xps_lib\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer\Test\index.html
    C:\wamp\secure\xps_lib\modules\protector\library\HTMLPurifier\DefinitionCache\Serializer\URI\index.html

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    0
  3. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    ▶ Relance List&Kill'em,avec le raccourci sur ton bureau.
    mais cette fois-ci :

    choisis l'option 2 = Mode Suppression

    laisse travailler l'outil.

    en fin de scan un rapport s'ouvre

    ▶ colle le contenu dans ta réponse
    0
  4. redcode Messages postés 27 Statut Membre
     
    Bonjour,

    Merci pour votre aide, j'ai suivis la procédure et voila le rapport :

    Kill'em by g3n-h@ckm@n 1.2.0.0

    User : Belaali ()
    Update on 19/01/2010 by g3n-h@ckm@n ::::: 15:30
    Start at: 0:28:08 | 20/01/2010
    Contact : g3n-h@ckm@n sur CCM

    Internet Explorer 8.0.6001.18702
    Windows Firewall Status : Enabled
    AV : Kaspersky Internet Security 9.0.0.463 [ (!) Disabled | Updated ]
    FW : Kaspersky Internet Security[ (!) Disabled ]9.0.0.463

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\wamp\wampmanager.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Anti-Malware\mbamservice.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Opera\opera.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Microsoft Office\OFFICE11\FRONTPG.EXE
    C:\Program Files\Notepad++\notepad++.exe
    C:\Program Files\List_Killem\List_Kill'em.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\Belaali\Local Settings\Temp\87F.tmp\pv.exe

    Detections :
    ==========

    ¤¤¤¤¤¤¤¤¤¤ Files/folders :

    Quarantined & Deleted !! : C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    Quarantined & Deleted !! : C:\cmd.exe

    Quarantined & Deleted !! : C:\WINDOWS\System32\1.reg
    Quarantined & Deleted !! : C:\WINDOWS\system32\tmp.reg
    Quarantined & Deleted !! : C:\Documents and Settings\Belaali\Application Data\.#

    ==============
    host file OK !
    ==============

    ========
    Registry
    ========
    Deleted : HKCU\Software\Grand Virtual
    Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe
    Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe

    ============
    Disk Cleaned
    ============

    ================
    Prefetch cleaned
    ================

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    telecharge

    http://www.malwarebytes.org/mbam/program/mbam-setup.exe

    a l'installation vérifie que mise a jour et lancer programme et scan complet sont bien cocher

    Une fois a jour, le programme va se lancer; clic sur l´onglet paramètre, et coche la case : "Arrêter internet explorer pendant la suppression".

    A la fin du scan clique sur Afficher les résultats


    Vérifier si tout est coché et clic Supprimer la sélection

    S'il t'es demandé de redémarrer >>> clique sur "Yes"

    Et tu poste le rapport générer
    0