Malware virus xp pro
tournemine
Messages postés
53
Statut
Membre
-
tournemine22 -
tournemine22 -
bonjour,
j'ai un soucis avec mon portable.
j'ai essayé de revenir a une version anterieure cad dernire bonne config reconnu mais j'ai toujours le meme probleme.
XP internet secutité alert
stealth threat
spyware intusion detected
severe system damage.
trojan spy html.bankfrad.
avant de poster j ai telecharger malwarebyte's.
il m'a trouvé des infections qui'il a corrifé .
cependant il m'a dit qu'il ne pouvait pas tout vire .
apre le reboot j ai tjs les messages.
voici le log
je ne sais plus vraiment quoi faire .apparemment cela semble etre arrivé a d autres
sauriez vous que faire de +.
merci
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3510
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
21/03/2010 21:16:06
mbam-log-2010-03-21 (21-16-06).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 233368
Temps écoulé: 52 minute(s), 41 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (Adware.MyWebSearch) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\TypeLib\{4d25f920-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4d25f923-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d25f921-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d25f921-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4d25f921-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d25f924-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\MyWaySA (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> Delete on reboot.
Fichier(s) infecté(s):
C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (Adware.MyWebSearch) -> Delete on reboot.
j'ai un soucis avec mon portable.
j'ai essayé de revenir a une version anterieure cad dernire bonne config reconnu mais j'ai toujours le meme probleme.
XP internet secutité alert
stealth threat
spyware intusion detected
severe system damage.
trojan spy html.bankfrad.
avant de poster j ai telecharger malwarebyte's.
il m'a trouvé des infections qui'il a corrifé .
cependant il m'a dit qu'il ne pouvait pas tout vire .
apre le reboot j ai tjs les messages.
voici le log
je ne sais plus vraiment quoi faire .apparemment cela semble etre arrivé a d autres
sauriez vous que faire de +.
merci
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3510
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
21/03/2010 21:16:06
mbam-log-2010-03-21 (21-16-06).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 233368
Temps écoulé: 52 minute(s), 41 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (Adware.MyWebSearch) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\TypeLib\{4d25f920-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4d25f923-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d25f921-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d25f921-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4d25f921-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d25f924-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\MyWaySA (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> Delete on reboot.
Fichier(s) infecté(s):
C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (Adware.MyWebSearch) -> Delete on reboot.
A voir également:
- Crdrvctrl.exe
- Cle windows xp - Guide
- Malwarebytes anti-malware - Télécharger - Antivirus & Antimalwares
- Ccleaner pro gratuit - Télécharger - Optimisation
- Virus mcafee - Accueil - Piratage
- Cool edit pro - Télécharger - Édition & Montage
112 réponses
voici le log
C:\Documents and Settings\YDerrien\Cookies\yderrien@adv.bewebmedia[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@3426148[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@tacoda[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@laredoute.solution.weborama[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@tracking.publicidees[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@888[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@m1.webstats.motigo[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@lorealparis.solution.weborama[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@oboulogroupe.solution.weborama[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@118218.solution.weborama[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@himedia.individuad[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@intermarche2009.solution.weborama[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@socialmedia[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@scout-sex-sun.skyrock[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@videoegg.adbureau[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@t.bbtrack[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@toplist[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@pmu[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@buggy.solution.weborama[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@notrefamille.112.2o7[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@click-fr[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@sexionofficiel.skyrock[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@banquepopulaire.solution.weborama[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@media.photobucket[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@cacharel2010.solution.weborama[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@invitemedia[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@cdn5.specificclick[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@trackstar-sound.skyrock[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@ttbdurex.solution.weborama[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@mediadico[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@track.webgains[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@movitex.122.2o7[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@lamediatheque[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@clickintext[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@caf2009.solution.weborama[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@ww57.smartadserver[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@asteclick[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@eurosportfr[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@media-convert[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@virginmobile.solution.weborama[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@fl01.ct2.comclick[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@ads.blogg[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@www.elite-auto[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@garnier2009.solution.weborama[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@www.belstat[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@gemey2009.solution.weborama[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@pixel[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@iv2.bluestreak[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@baseco.solution.weborama[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@interflora2.solution.weborama[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@publishers.bewebmedia[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@www.belstat[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@ads.128b[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@adserver.futura-sciences[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@weboramapromotions.solution.weborama[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@sexiion-musiic.skyrock[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@ads.songlyrics[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@specificmedia[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@zanox[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@x-sexion-dassaut-x.skyrock[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@smeno[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@xxx-f4shion-muziik-xxx.skyrock[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@bouyguestelecom.solution.weborama[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@www.lamediatheque[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@metroleap.rotator.hadj7.adjuggler[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@gwada-mixxx.skyrock[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@xxx-3min3m-xxx.skyrock[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@fr[4].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@xxx-dj-walid-zik-xxx.skyrock[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@hotchicksoundtrack.skyrock[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@valueclick[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@servlet[3].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@ads.glispa[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@cdn4.specificclick[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@xxxx-ice-cream-xxxx.skyrock[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@aem.solution.weborama[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@sexion-offishal.skyrock[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@premiere.solution.weborama[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@www3.smartadserver[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@sexiondassaut-3emepro.skyrock[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@ads.ad4game[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@stat.blogorama[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@date.ventivmedia[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@renault-fr[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@aodfrance.solution.weborama[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@1070193650[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@trackers.1st-affiliation[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@ads.bootcampmedia[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@adserver.wconception[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@eurosport[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@lyceens[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@armani2010.solution.weborama[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@phoneandphone.122.2o7[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@www.aina-media[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@simyofr.112.2o7[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@account.yusho[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@lolitalempickasaintvalentin2008.solution.weborama[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@espaceinfirmier[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@jibjab.112.2o7[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@xxx-7-loic-7-xxx.skyrock[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@xbirthdaaysex.skyrock[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@ads.networldmedia[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@mmedia.t134[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@xxxjeremychapronxxx.skyrock[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@earlyexp[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@mediatraffic[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@rts.pgmediaserve[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@partyaccount[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@trunitybe2.122.2o7[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@fr.partypoker[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@www.smartadserver[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@biothermaquapower.solution.weborama[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@renault-group[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@adserving.favorit-network[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@track.right-ads[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@wkfr[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@CM[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@ak[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@pro-market[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@data.coremetrics[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@ads.outcamp[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@networldmedia[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@stat.dealtime[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@adserver.adreactor[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@homairvacances.solution.weborama[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@cewecolor.solution.weborama[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@xm.xtendmedia[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@canoe.112.2o7[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@carrefourfr.solution.weborama[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@99counters[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@courchevelgroupe.solution.weborama[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@advertise[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@vitamine.networldmedia[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@ads.clicmanager[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@uk.at.atwola[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@ads.easyad[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@tracking.veille-referencement[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@conforamalancementsite.solution.weborama[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@pmu-fr[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@decitre[3].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@1063334938[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@ad.ieurop[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@adecn[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@sfr.122.2o7[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@aco.solution.weborama[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@toyota2.solution.weborama[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@canalplus-fr[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@simyofr.122.2o7[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@laredoute.solution.weborama[2].txt
C:\Documents and Settings\Administrateur\Cookies\administrateur@maxserving[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@boursoramabanque.solution.weborama[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@fastclick[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@adbrite[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@weborama[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@tracking.lsfinteractive[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@tradedoubler[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@zanox[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@burstnet[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@track.bestbuy[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@tracker.affistats[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@lfstmedia[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@content.yieldmanager[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@247realmedia[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@bs.serving-sys[3].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@stats.canalblog[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@lagarderefrance.solution.weborama[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@trafficmp[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@ads.sports[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@bs.serving-sys[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@advertising[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@ad.zanox[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@nestle.solution.weborama[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@doubleclick[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@track.effiliation[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@clickintext[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@adserver.aol[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@ad.caradisiac[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@e-2dj6wjkyuocpgeo.stats.esomniture[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@windowsmedia[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@stats.sports[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@statcounter[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@ad.yieldmanager[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@adrevolver[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@adrevolver[3].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@msnaccountservices.112.2o7[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@questionmarket[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@as1.falkag[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@stats1.reliablestats[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@specificclick[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@fr.winantivirus[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@statse.webtrendslive[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@ttbpgsm.solution.weborama[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@msnportal.112.2o7[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@atdmt[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@bnpparibasnet.solution.weborama[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@ehg-lexmark.hitbox[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@interclick[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@xiti[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@adtech[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@eas.apm.emediate[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@media.adrevolver[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@ouestfrance-multimedia[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@ads.motogp[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@casalemedia[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@apmebf[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@indexstats[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@cdiscount[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@www.winantivirus[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@fr.classic.clickintext[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@yourmedia[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@overture[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@adviva[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@smartadserver[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@adv.surinter[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@server.iad.liveperson[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@winantivirus[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@mediaplex[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@himedia.individuad[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@weba.cdiscount[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@admarketplace[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@kontera[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@interhome.solution.weborama[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@adv.bewebmedia[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@ads.adbrite[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@sonyeurope.112.2o7[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@ads.pixicast[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@ad.proxad[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@bluestreak[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@ads.ratiatum[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@m1.webstats.motigo[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@tracking.publicidees[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@windowslivemessenger.solution.weborama[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@revenue[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@elle.solution.weborama[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@dynamic.media.adrevolver[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@serving-sys[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@aimfar.solution.weborama[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@cnam.solution.weborama[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@cetelem.solution.weborama[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@valueclick[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@2o7[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@click.mediadome[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@maxserving[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@media6degrees[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@realmedia[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@bs.serving-sys[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@account[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@stats[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@atdmt[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@atdmt[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@serving-sys[2].txt
C:\Documents and Settings\YDerrien\Local Settings\Temp\Cookies\yderrien@weborama[1].txt
C:\Documents and Settings\YDerrien\Local Settings\Temp\Cookies\yderrien@boursoramabanque.solution.weborama[2].txt
C:\Documents and Settings\YDerrien\Local Settings\Temp\Cookies\yderrien@tradedoubler[1].txt
C:\Documents and Settings\YDerrien\Local Settings\Temp\Cookies\yderrien@content.yieldmanager[2].txt
C:\Documents and Settings\YDerrien\Local Settings\Temp\Cookies\yderrien@content.yieldmanager.edgesuite[2].txt
C:\Documents and Settings\YDerrien\Local Settings\Temp\Cookies\yderrien@bs.serving-sys[1].txt
C:\Documents and Settings\YDerrien\Local Settings\Temp\Cookies\yderrien@doubleclick[2].txt
C:\Documents and Settings\YDerrien\Local Settings\Temp\Cookies\yderrien@ad.yieldmanager[2].txt
C:\Documents and Settings\YDerrien\Local Settings\Temp\Cookies\yderrien@msnportal.112.2o7[1].txt
C:\Documents and Settings\YDerrien\Local Settings\Temp\Cookies\yderrien@atdmt[2].txt
C:\Documents and Settings\YDerrien\Local Settings\Temp\Cookies\yderrien@xiti[1].txt
C:\Documents and Settings\YDerrien\Local Settings\Temp\Cookies\yderrien@toyota2.solution.weborama[2].txt
C:\Documents and Settings\YDerrien\Local Settings\Temp\Cookies\yderrien@bluestreak[2].txt
C:\Documents and Settings\YDerrien\Local Settings\Temp\Cookies\yderrien@tracking.publicidees[2].txt
C:\Documents and Settings\YDerrien\Local Settings\Temp\Cookies\yderrien@serving-sys[2].txt
C:\Documents and Settings\YDerrien\Local Settings\Temp\Cookies\yderrien@adtech[1].txt
C:\UsbFix\Quarantine\C\RECYCLER\S-1-5-21-2128635536-4166032182-1258186530-500.UsbFix\Dc3\Cookies\acoquel@xiti[1].txt
C:\UsbFix\Quarantine\C\RECYCLER\S-1-5-21-2128635536-4166032182-1258186530-500.UsbFix\Dc3\Cookies\acoquel@ads.tiscali[1].txt
C:\UsbFix\Quarantine\C\RECYCLER\S-1-5-21-2128635536-4166032182-1258186530-500.UsbFix\Dc3\Cookies\acoquel@as-eu.falkag[1].txt
C:\UsbFix\Quarantine\C\RECYCLER\S-1-5-21-2128635536-4166032182-1258186530-500.UsbFix\Dc3\Cookies\acoquel@tracker.roitesting[1].txt
C:\UsbFix\Quarantine\C\RECYCLER\S-1-5-21-2128635536-4166032182-1258186530-500.UsbFix\Dc3\Cookies\acoquel@bluestreak[2].txt
C:\UsbFix\Quarantine\C\RECYCLER\S-1-5-21-2128635536-4166032182-1258186530-500.UsbFix\Dc3\Cookies\acoquel@adv.surinter[2].txt
C:\UsbFix\Quarantine\C\RECYCLER\S-1-5-21-2128635536-4166032182-1258186530-500.UsbFix\Dc3\Cookies\acoquel@mediaplex[1].txt
C:\UsbFix\Quarantine\C\RECYCLER\S-1-5-21-2128635536-4166032182-1258186530-500.UsbFix\Dc3\Cookies\acoquel@www.smartadserver[2].txt
C:\UsbFix\Quarantine\C\RECYCLER\S-1-5-21-2128635536-4166032182-1258186530-500.UsbFix\Dc3\Cookies\acoquel@doubleclick[1].txt
C:\UsbFix\Quarantine\C\RECYCLER\S-1-5-21-2128635536-4166032182-1258186530-500.UsbFix\Dc3\Cookies\acoquel@maxserving[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@adv.bewebmedia[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@3426148[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@tacoda[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@laredoute.solution.weborama[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@tracking.publicidees[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@888[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@m1.webstats.motigo[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@lorealparis.solution.weborama[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@oboulogroupe.solution.weborama[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@118218.solution.weborama[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@himedia.individuad[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@intermarche2009.solution.weborama[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@socialmedia[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@scout-sex-sun.skyrock[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@videoegg.adbureau[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@t.bbtrack[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@toplist[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@pmu[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@buggy.solution.weborama[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@notrefamille.112.2o7[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@click-fr[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@sexionofficiel.skyrock[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@banquepopulaire.solution.weborama[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@media.photobucket[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@cacharel2010.solution.weborama[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@invitemedia[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@cdn5.specificclick[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@trackstar-sound.skyrock[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@ttbdurex.solution.weborama[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@mediadico[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@track.webgains[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@movitex.122.2o7[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@lamediatheque[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@clickintext[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@caf2009.solution.weborama[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@ww57.smartadserver[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@asteclick[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@eurosportfr[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@media-convert[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@virginmobile.solution.weborama[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@fl01.ct2.comclick[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@ads.blogg[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@www.elite-auto[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@garnier2009.solution.weborama[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@www.belstat[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@gemey2009.solution.weborama[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@pixel[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@iv2.bluestreak[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@baseco.solution.weborama[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@interflora2.solution.weborama[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@publishers.bewebmedia[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@www.belstat[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@ads.128b[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@adserver.futura-sciences[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@weboramapromotions.solution.weborama[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@sexiion-musiic.skyrock[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@ads.songlyrics[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@specificmedia[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@zanox[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@x-sexion-dassaut-x.skyrock[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@smeno[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@xxx-f4shion-muziik-xxx.skyrock[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@bouyguestelecom.solution.weborama[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@www.lamediatheque[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@metroleap.rotator.hadj7.adjuggler[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@gwada-mixxx.skyrock[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@xxx-3min3m-xxx.skyrock[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@fr[4].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@xxx-dj-walid-zik-xxx.skyrock[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@hotchicksoundtrack.skyrock[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@valueclick[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@servlet[3].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@ads.glispa[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@cdn4.specificclick[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@xxxx-ice-cream-xxxx.skyrock[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@aem.solution.weborama[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@sexion-offishal.skyrock[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@premiere.solution.weborama[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@www3.smartadserver[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@sexiondassaut-3emepro.skyrock[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@ads.ad4game[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@stat.blogorama[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@date.ventivmedia[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@renault-fr[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@aodfrance.solution.weborama[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@1070193650[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@trackers.1st-affiliation[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@ads.bootcampmedia[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@adserver.wconception[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@eurosport[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@lyceens[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@armani2010.solution.weborama[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@phoneandphone.122.2o7[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@www.aina-media[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@simyofr.112.2o7[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@account.yusho[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@lolitalempickasaintvalentin2008.solution.weborama[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@espaceinfirmier[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@jibjab.112.2o7[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@xxx-7-loic-7-xxx.skyrock[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@xbirthdaaysex.skyrock[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@ads.networldmedia[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@mmedia.t134[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@xxxjeremychapronxxx.skyrock[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@earlyexp[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@mediatraffic[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@rts.pgmediaserve[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@partyaccount[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@trunitybe2.122.2o7[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@fr.partypoker[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@www.smartadserver[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@biothermaquapower.solution.weborama[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@renault-group[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@adserving.favorit-network[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@track.right-ads[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@wkfr[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@CM[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@ak[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@pro-market[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@data.coremetrics[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@ads.outcamp[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@networldmedia[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@stat.dealtime[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@adserver.adreactor[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@homairvacances.solution.weborama[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@cewecolor.solution.weborama[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@xm.xtendmedia[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@canoe.112.2o7[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@carrefourfr.solution.weborama[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@99counters[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@courchevelgroupe.solution.weborama[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@advertise[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@vitamine.networldmedia[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@ads.clicmanager[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@uk.at.atwola[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@ads.easyad[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@tracking.veille-referencement[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@conforamalancementsite.solution.weborama[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@pmu-fr[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@decitre[3].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@1063334938[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@ad.ieurop[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@adecn[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@sfr.122.2o7[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@aco.solution.weborama[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@toyota2.solution.weborama[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@canalplus-fr[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@simyofr.122.2o7[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@laredoute.solution.weborama[2].txt
C:\Documents and Settings\Administrateur\Cookies\administrateur@maxserving[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@boursoramabanque.solution.weborama[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@fastclick[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@adbrite[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@weborama[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@tracking.lsfinteractive[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@tradedoubler[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@zanox[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@burstnet[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@track.bestbuy[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@tracker.affistats[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@lfstmedia[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@content.yieldmanager[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@247realmedia[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@bs.serving-sys[3].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@stats.canalblog[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@lagarderefrance.solution.weborama[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@trafficmp[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@ads.sports[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@bs.serving-sys[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@advertising[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@ad.zanox[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@nestle.solution.weborama[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@doubleclick[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@track.effiliation[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@clickintext[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@adserver.aol[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@ad.caradisiac[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@e-2dj6wjkyuocpgeo.stats.esomniture[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@windowsmedia[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@stats.sports[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@statcounter[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@ad.yieldmanager[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@adrevolver[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@adrevolver[3].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@msnaccountservices.112.2o7[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@questionmarket[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@as1.falkag[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@stats1.reliablestats[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@specificclick[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@fr.winantivirus[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@statse.webtrendslive[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@ttbpgsm.solution.weborama[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@msnportal.112.2o7[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@atdmt[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@bnpparibasnet.solution.weborama[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@ehg-lexmark.hitbox[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@interclick[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@xiti[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@adtech[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@eas.apm.emediate[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@media.adrevolver[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@ouestfrance-multimedia[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@ads.motogp[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@casalemedia[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@apmebf[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@indexstats[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@cdiscount[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@www.winantivirus[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@fr.classic.clickintext[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@yourmedia[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@overture[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@adviva[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@smartadserver[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@adv.surinter[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@server.iad.liveperson[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@winantivirus[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@mediaplex[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@himedia.individuad[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@weba.cdiscount[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@admarketplace[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@kontera[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@interhome.solution.weborama[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@adv.bewebmedia[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@ads.adbrite[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@sonyeurope.112.2o7[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@ads.pixicast[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@ad.proxad[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@bluestreak[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@ads.ratiatum[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@m1.webstats.motigo[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@tracking.publicidees[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@windowslivemessenger.solution.weborama[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@revenue[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@elle.solution.weborama[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@dynamic.media.adrevolver[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@serving-sys[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@aimfar.solution.weborama[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@cnam.solution.weborama[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@cetelem.solution.weborama[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@valueclick[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@2o7[1].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@click.mediadome[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@maxserving[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@media6degrees[2].txt
C:\Documents and Settings\Administrateur\Cookies\yderrien@realmedia[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@bs.serving-sys[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@account[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@stats[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@atdmt[1].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@atdmt[2].txt
C:\Documents and Settings\YDerrien\Cookies\yderrien@serving-sys[2].txt
C:\Documents and Settings\YDerrien\Local Settings\Temp\Cookies\yderrien@weborama[1].txt
C:\Documents and Settings\YDerrien\Local Settings\Temp\Cookies\yderrien@boursoramabanque.solution.weborama[2].txt
C:\Documents and Settings\YDerrien\Local Settings\Temp\Cookies\yderrien@tradedoubler[1].txt
C:\Documents and Settings\YDerrien\Local Settings\Temp\Cookies\yderrien@content.yieldmanager[2].txt
C:\Documents and Settings\YDerrien\Local Settings\Temp\Cookies\yderrien@content.yieldmanager.edgesuite[2].txt
C:\Documents and Settings\YDerrien\Local Settings\Temp\Cookies\yderrien@bs.serving-sys[1].txt
C:\Documents and Settings\YDerrien\Local Settings\Temp\Cookies\yderrien@doubleclick[2].txt
C:\Documents and Settings\YDerrien\Local Settings\Temp\Cookies\yderrien@ad.yieldmanager[2].txt
C:\Documents and Settings\YDerrien\Local Settings\Temp\Cookies\yderrien@msnportal.112.2o7[1].txt
C:\Documents and Settings\YDerrien\Local Settings\Temp\Cookies\yderrien@atdmt[2].txt
C:\Documents and Settings\YDerrien\Local Settings\Temp\Cookies\yderrien@xiti[1].txt
C:\Documents and Settings\YDerrien\Local Settings\Temp\Cookies\yderrien@toyota2.solution.weborama[2].txt
C:\Documents and Settings\YDerrien\Local Settings\Temp\Cookies\yderrien@bluestreak[2].txt
C:\Documents and Settings\YDerrien\Local Settings\Temp\Cookies\yderrien@tracking.publicidees[2].txt
C:\Documents and Settings\YDerrien\Local Settings\Temp\Cookies\yderrien@serving-sys[2].txt
C:\Documents and Settings\YDerrien\Local Settings\Temp\Cookies\yderrien@adtech[1].txt
C:\UsbFix\Quarantine\C\RECYCLER\S-1-5-21-2128635536-4166032182-1258186530-500.UsbFix\Dc3\Cookies\acoquel@xiti[1].txt
C:\UsbFix\Quarantine\C\RECYCLER\S-1-5-21-2128635536-4166032182-1258186530-500.UsbFix\Dc3\Cookies\acoquel@ads.tiscali[1].txt
C:\UsbFix\Quarantine\C\RECYCLER\S-1-5-21-2128635536-4166032182-1258186530-500.UsbFix\Dc3\Cookies\acoquel@as-eu.falkag[1].txt
C:\UsbFix\Quarantine\C\RECYCLER\S-1-5-21-2128635536-4166032182-1258186530-500.UsbFix\Dc3\Cookies\acoquel@tracker.roitesting[1].txt
C:\UsbFix\Quarantine\C\RECYCLER\S-1-5-21-2128635536-4166032182-1258186530-500.UsbFix\Dc3\Cookies\acoquel@bluestreak[2].txt
C:\UsbFix\Quarantine\C\RECYCLER\S-1-5-21-2128635536-4166032182-1258186530-500.UsbFix\Dc3\Cookies\acoquel@adv.surinter[2].txt
C:\UsbFix\Quarantine\C\RECYCLER\S-1-5-21-2128635536-4166032182-1258186530-500.UsbFix\Dc3\Cookies\acoquel@mediaplex[1].txt
C:\UsbFix\Quarantine\C\RECYCLER\S-1-5-21-2128635536-4166032182-1258186530-500.UsbFix\Dc3\Cookies\acoquel@www.smartadserver[2].txt
C:\UsbFix\Quarantine\C\RECYCLER\S-1-5-21-2128635536-4166032182-1258186530-500.UsbFix\Dc3\Cookies\acoquel@doubleclick[1].txt
C:\UsbFix\Quarantine\C\RECYCLER\S-1-5-21-2128635536-4166032182-1258186530-500.UsbFix\Dc3\Cookies\acoquel@maxserving[2].txt
c est bien ce que je crois , il doit en manquer un bout mais il n est pas dans
le journal.
le pc a du s eteindre hier soir je sais pas trop comment d ailleurs .
y a til un moyen de le relancer ou de le retoruver ?
le journal.
le pc a du s eteindre hier soir je sais pas trop comment d ailleurs .
y a til un moyen de le relancer ou de le retoruver ?
en fait il y a deux logs :
le 1er est celui que j'aiposté mais qui est imcomplet suite a mon avis un arret
intempestif du pc
le second d'aujourdhui avecle rapport ci dessous :
UPERAntiSpyware Scan Log
https://www.superantispyware.com/
Generated 03/27/2010 at 02:11 PM
Application Version : 4.34.1000
Core Rules Database Version : 4596
Trace Rules Database Version: 1978
Scan type : Complete Scan
Total Scan Time : 00:54:37
Memory items scanned : 599
Memory threats detected : 0
Registry items scanned : 7165
Registry threats detected : 0
File items scanned : 22244
File threats detected : 1
Adware.Tracking Cookie
C:\Documents and Settings\YDerrien\Cookies\yderrien@atdmt[2].txt
le 1er est celui que j'aiposté mais qui est imcomplet suite a mon avis un arret
intempestif du pc
le second d'aujourdhui avecle rapport ci dessous :
UPERAntiSpyware Scan Log
https://www.superantispyware.com/
Generated 03/27/2010 at 02:11 PM
Application Version : 4.34.1000
Core Rules Database Version : 4596
Trace Rules Database Version: 1978
Scan type : Complete Scan
Total Scan Time : 00:54:37
Memory items scanned : 599
Memory threats detected : 0
Registry items scanned : 7165
Registry threats detected : 0
File items scanned : 22244
File threats detected : 1
Adware.Tracking Cookie
C:\Documents and Settings\YDerrien\Cookies\yderrien@atdmt[2].txt
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
ok tu peux vider la quarantaine, ensuite
DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)
▶ Télécharge List_Kill'em et enregistre le sur ton bureau
▶ Double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation
▶ une fois terminée , clic sur "terminer" et le programme se lancera seul
▶ Choisis choisis l'option Search
▶ Un icône blanc et noir va s'afficher sur le bureau , il te servira à relancer le programme par la suite.
▶ laisse travailler l'outil
▶ A l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.
▶ Un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , , il s'auto supprimera a la fin du scan
▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
Ensuite héberger le rapport :
▶ Rendez-vous à cette adresse d'hébergement gratuit : http://www.cijoint.fr/
▶ Cliquez sur parcourir, chercher le rapport .txt puis cliquez sur ici pour déposer le fichier
▶ Une fois le lien crée, faite un clique droit dessus et copier l'adresse du lien pour venir le coller dans votre réponse
DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)
▶ Télécharge List_Kill'em et enregistre le sur ton bureau
▶ Double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation
▶ une fois terminée , clic sur "terminer" et le programme se lancera seul
▶ Choisis choisis l'option Search
▶ Un icône blanc et noir va s'afficher sur le bureau , il te servira à relancer le programme par la suite.
▶ laisse travailler l'outil
▶ A l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.
▶ Un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , , il s'auto supprimera a la fin du scan
▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
Ensuite héberger le rapport :
▶ Rendez-vous à cette adresse d'hébergement gratuit : http://www.cijoint.fr/
▶ Cliquez sur parcourir, chercher le rapport .txt puis cliquez sur ici pour déposer le fichier
▶ Une fois le lien crée, faite un clique droit dessus et copier l'adresse du lien pour venir le coller dans votre réponse
la fenetre est planté a 30%
j ai du arreterle pc dans le fichier a la racine il y a ceic i:
List'em by g3n-h@ckm@n 1.6.0.6
User : YDerrien ()
Update on 27/03/2010 by g3n-h@ckm@n ::::: 14.50
Start at: 11:24:48 | 28/03/2010
Intel(R) Pentium(R) M processor 1.73GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Disabled
AV : LANDesk Antivirus client 8.70.7.17 [ (!) Disabled | Updated ]
AV : AntiVir Desktop 9.0.1.26 [ (!) Disabled | (!) Outdated ]
C:\ -> Disque fixe local | 55,78 Go (6,57 Go free) [g] | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM
G:\ -> Disque amovible | 507,23 Mo (462,89 Mo free) | FAT32
X:\ -> Connexion réseau
Boot: Normal
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nslsvice.exe
C:\WINDOWS\system32\nsl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\PROGRA~1\LANDesk\LDClient\issuser.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\StreamServe\4.1.2\Server\bin\ptserv32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\LANDesk\LDClient\softmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\LANDesk\LDClient\rcgui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\dlbxcoms.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe
C:\Program Files\LANDesk\LDClient\antivirus\LDav.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\LANDesk\LDClient\vulScan.exe
C:\WINDOWS\system32\wuauclt.exe
G:\List_Killem_Install.exe
C:\DOCUME~1\YDerrien\LOCALS~1\Temp\is-EG8EH.tmp\List_Killem_Install.tmp
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\pv.exe
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
SUPERAntiSpyware REG_SZ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Apoint REG_SZ C:\Program Files\Apoint\Apoint.exe
igfxtray REG_SZ C:\WINDOWS\system32\igfxtray.exe
igfxhkcmd REG_SZ C:\WINDOWS\system32\hkcmd.exe
igfxpers REG_SZ C:\WINDOWS\system32\igfxpers.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
<NO NAME> REG_SZ
IntelWireless REG_SZ C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
Dell QuickSet REG_SZ C:\Program Files\Dell\QuickSet\quickset.exe
dlbxmon.exe REG_SZ "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
DAEMON Tools REG_SZ "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
Client Access Service REG_SZ "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
Client Access Help Update REG_SZ "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
Client Access Check Version REG_SZ "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
Client Access Express Welcome REG_SZ "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
RemoteControl REG_SZ "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
IntelAPMClient REG_SZ "C:\Program Files\LANDesk\LDClient\amclient.exe" /apm /s /ro /Retry=2 /Tspan=60 /Rstart
SDClientMonitor REG_SZ "C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe"
LANDesk Antivirus REG_SZ "C:\Program Files\LANDesk\LDClient\antivirus\LDav.exe" /systray
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
LVCOMSX REG_SZ C:\WINDOWS\system32\LVCOMSX.EXE
avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 255 (0xff)
NoDriveAutoRun REG_DWORD 255 (0xff)
HonorAutoRunSetting REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveAutoRun REG_DWORD 255 (0xff)
NoDriveTypeAutoRun REG_DWORD 255 (0xff)
HonorAutoRunSetting REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultUserName REG_SZ yderrien
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 0 (0x0)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 0 (0x0)
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 1 (0x1)
AltDefaultUserName REG_SZ yderrien
AltDefaultDomainName REG_SZ GFI-AEROSPACE
DefaultDomainName REG_SZ GFI-AEROSPACE
DisableCAD REG_DWORD 0 (0x0)
AutoAdminLogon REG_SZ 0
CachePrimaryDomain REG_SZ GFI-AEROSPACE
DCacheUpdate REG_BINARY e6b2dcec57ceca01
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\DomainCache
===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} REG_SZ
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\WINDOWS\system32\cba\pds.exe REG_SZ C:\WINDOWS\system32\cba\pds.exe:*:Enabled:Agent à base commune (CBA)
C:\LDClient\Wuser32.exe REG_SZ C:\LDClient\Wuser32.exe:*:Enabled:Contrôle distant
C:\LDClient\tmcsvc.exe REG_SZ C:\LDClient\tmcsvc.exe:*:Enabled:Multicast ciblé
C:\WINDOWS\system32\dlbxcoms.exe REG_SZ C:\WINDOWS\system32\dlbxcoms.exe:*:Disabled:Dell 962 Server
C:\Program Files\Numara Software\Remote\Guest\ngstw32.exe REG_SZ C:\Program Files\Numara Software\Remote\Guest\ngstw32.exe:*:Enabled:NetOp Guest
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\Program Files\Bonjour\mDNSResponder.exe REG_SZ C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
C:\Program Files\iTunes\iTunes.exe REG_SZ C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe REG_SZ C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
C:\Program Files\LimeWire\LimeWire.exe REG_SZ C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
C:\Program Files\LANDesk\Shared Files\residentagent.exe REG_SZ C:\Program Files\LANDesk\Shared Files\residentagent.exe:*:Enabled:LANDesk(R) Management Agent
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Numara Software\Remote\Guest\ngstw32.exe REG_SZ C:\Program Files\Numara Software\Remote\Guest\ngstw32.exe:*:Enabled:NetOp Guest
C:\WINDOWS\system32\cba\pds.exe REG_SZ C:\WINDOWS\system32\cba\pds.exe:*:Enabled:LANDesk Ping Discovery Service
C:\WINDOWS\system32\msgsys.exe REG_SZ C:\WINDOWS\system32\msgsys.exe:*:Enabled:LANDesk Message Service
C:\Program Files\LANDesk\LDClient\issuser.exe REG_SZ C:\Program Files\LANDesk\LDClient\issuser.exe:*:Enabled:LANDesk Remote Control Agent
C:\Program Files\LANDesk\LDClient\tmcsvc.exe REG_SZ C:\Program Files\LANDesk\LDClient\tmcsvc.exe:*:Enabled:LANDesk Targeted Multicast
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE REG_SZ C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
C:\Program Files\LANDesk\Shared Files\residentagent.exe REG_SZ C:\Program Files\LANDesk\Shared Files\residentagent.exe:*:Enabled:LANDesk(R) Management Agent
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
===============
ActivX controls
===============
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{0CDC8A43-059E-47CD-A3D0-FA46E01F6496}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{17492023-C23A-453E-A040-C7C580BBF700}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{1C7CF466-F149-478F-B232-BC6F72638D28}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{B8C681FD-D629-4CCE-90CD-89493F1F2799}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8056AC9E-49C5-4375-9ADE-B2F862C9DF51}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8D1D0E9A-C799-4D28-9E29-0061D1E66E43}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{94de52c8-2d59-4f1b-883e-79663d2d9a8c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
===
DNS
===
HKLM\SYSTEM\CCS\Services\Tcpip\..\{6DD7AF65-D06A-45B9-B0F0-4D25C240CF41}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6DD7AF65-D06A-45B9-B0F0-4D25C240CF41}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS2\Services\Tcpip\..\{6DD7AF65-D06A-45B9-B0F0-4D25C240CF41}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS3\Services\Tcpip\..\{6DD7AF65-D06A-45B9-B0F0-4D25C240CF41}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3 ( OK = 3 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
=========
Atapi.sys
=========
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\i386\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\i386\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\system32\dllcache\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\system32\dllcache\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\system32\drivers\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\system32\drivers\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
Référence :
==========
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e
=======
Drive :
=======
D'fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.
Rapport d'analyse
55,78 Go total, 6,57 Go libre (11%), 10% fragment' (fragmentation du fichier 20%)
Il ne vous est pas n'cessaire de d'fragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Present !! : C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
Present !! : C:\WINDOWS\_delis32.ini
Present !! : C:\WINDOWS\jestertb.dll
Present !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Present !! : C:\Documents and Settings\YDerrien\application data\ccpopack
Present !! : C:\Documents and Settings\YDerrien\Local Settings\Temp\dw.log
Present !! : C:\Documents and Settings\YDerrien\Local Settings\Temp\MOD.cml
Present !! : C:\Documents and Settings\YDerrien\Local Settings\Temp\MOD.fcn
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\B33C11F5-3A11-4f1e-85E4-C3CABE52C369.exe
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\FP_PL_MSI_INSTALLER.exe
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\jnPg.exe
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\jre-6u15-windows-i586-iftw_17a8e122.exe
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\jre-6u3-windows-i586-p-iftw_2cd32978.exe
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\ose00000.exe
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\ose00002.exe
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\setup_wm.exe
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\SSUPDATE.EXE
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\parcce.dat
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\Perflib_Perfdata_13cc.dat
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\Perflib_Perfdata_1bc.dat
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\Perflib_Perfdata_83c.dat
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp1113.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp12B7.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp13B2.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp13B3.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp13B5.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp13B6.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp151B.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp1622.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp20C.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp210.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp232.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp237.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp296.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp2AC.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp2D.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp2DE.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp2DF.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp2E0.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp2E1.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp2E2.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp2E3.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp2E4.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp2E5.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp2E6.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp2E7.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp357.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp35B.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp3C8.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp3C9.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp3CA.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp3CD.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp3D.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp3D3.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp3EB.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp3EC.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp3ED.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp3EE.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp4419.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp441A.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp441B.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp448B.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp45E.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp4A0E.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp507.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp508.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp509.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp510.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp511.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp512.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp522.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp523.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp528.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp536.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp543.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp55E.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp60.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp61.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp611.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp63.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp6F.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp79E.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp7E6.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp7E7.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp7E8.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp7E9.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp7EA.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp7EB.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp7EC.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp7ED.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp7EE.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp80E.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp85F.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp863.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp8CD.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp95C.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9E0.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9E1.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9E2.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9E3.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9E4.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9E5.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9E6.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9E7.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9E8.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9E9.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9EA.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9EB.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9EC.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9ED.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9EE.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9EF.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9F0.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9F1.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpAC.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpAEF.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpB6A.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpB6E.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpB70.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpB71.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpB73.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpB74.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpBFA.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpBFB.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpBFC.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpBFD.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpBFE.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpC0E.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpC92.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpC93.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpC94.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpD04.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpD1.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpD86.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpE5F.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpE82.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpE83.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpE84.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpE85.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpE86.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpE97.tmp
¤¤¤¤¤¤¤¤¤¤ Keys :
j ai du arreterle pc dans le fichier a la racine il y a ceic i:
List'em by g3n-h@ckm@n 1.6.0.6
User : YDerrien ()
Update on 27/03/2010 by g3n-h@ckm@n ::::: 14.50
Start at: 11:24:48 | 28/03/2010
Intel(R) Pentium(R) M processor 1.73GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Disabled
AV : LANDesk Antivirus client 8.70.7.17 [ (!) Disabled | Updated ]
AV : AntiVir Desktop 9.0.1.26 [ (!) Disabled | (!) Outdated ]
C:\ -> Disque fixe local | 55,78 Go (6,57 Go free) [g] | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM
G:\ -> Disque amovible | 507,23 Mo (462,89 Mo free) | FAT32
X:\ -> Connexion réseau
Boot: Normal
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nslsvice.exe
C:\WINDOWS\system32\nsl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\PROGRA~1\LANDesk\LDClient\issuser.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\StreamServe\4.1.2\Server\bin\ptserv32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\LANDesk\LDClient\softmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\LANDesk\LDClient\rcgui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\dlbxcoms.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe
C:\Program Files\LANDesk\LDClient\antivirus\LDav.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\LANDesk\LDClient\vulScan.exe
C:\WINDOWS\system32\wuauclt.exe
G:\List_Killem_Install.exe
C:\DOCUME~1\YDerrien\LOCALS~1\Temp\is-EG8EH.tmp\List_Killem_Install.tmp
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\pv.exe
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
SUPERAntiSpyware REG_SZ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Apoint REG_SZ C:\Program Files\Apoint\Apoint.exe
igfxtray REG_SZ C:\WINDOWS\system32\igfxtray.exe
igfxhkcmd REG_SZ C:\WINDOWS\system32\hkcmd.exe
igfxpers REG_SZ C:\WINDOWS\system32\igfxpers.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
<NO NAME> REG_SZ
IntelWireless REG_SZ C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
Dell QuickSet REG_SZ C:\Program Files\Dell\QuickSet\quickset.exe
dlbxmon.exe REG_SZ "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
DAEMON Tools REG_SZ "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
Client Access Service REG_SZ "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
Client Access Help Update REG_SZ "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
Client Access Check Version REG_SZ "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
Client Access Express Welcome REG_SZ "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
RemoteControl REG_SZ "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
IntelAPMClient REG_SZ "C:\Program Files\LANDesk\LDClient\amclient.exe" /apm /s /ro /Retry=2 /Tspan=60 /Rstart
SDClientMonitor REG_SZ "C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe"
LANDesk Antivirus REG_SZ "C:\Program Files\LANDesk\LDClient\antivirus\LDav.exe" /systray
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
LVCOMSX REG_SZ C:\WINDOWS\system32\LVCOMSX.EXE
avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 255 (0xff)
NoDriveAutoRun REG_DWORD 255 (0xff)
HonorAutoRunSetting REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveAutoRun REG_DWORD 255 (0xff)
NoDriveTypeAutoRun REG_DWORD 255 (0xff)
HonorAutoRunSetting REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultUserName REG_SZ yderrien
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 0 (0x0)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 0 (0x0)
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 1 (0x1)
AltDefaultUserName REG_SZ yderrien
AltDefaultDomainName REG_SZ GFI-AEROSPACE
DefaultDomainName REG_SZ GFI-AEROSPACE
DisableCAD REG_DWORD 0 (0x0)
AutoAdminLogon REG_SZ 0
CachePrimaryDomain REG_SZ GFI-AEROSPACE
DCacheUpdate REG_BINARY e6b2dcec57ceca01
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\DomainCache
===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} REG_SZ
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\WINDOWS\system32\cba\pds.exe REG_SZ C:\WINDOWS\system32\cba\pds.exe:*:Enabled:Agent à base commune (CBA)
C:\LDClient\Wuser32.exe REG_SZ C:\LDClient\Wuser32.exe:*:Enabled:Contrôle distant
C:\LDClient\tmcsvc.exe REG_SZ C:\LDClient\tmcsvc.exe:*:Enabled:Multicast ciblé
C:\WINDOWS\system32\dlbxcoms.exe REG_SZ C:\WINDOWS\system32\dlbxcoms.exe:*:Disabled:Dell 962 Server
C:\Program Files\Numara Software\Remote\Guest\ngstw32.exe REG_SZ C:\Program Files\Numara Software\Remote\Guest\ngstw32.exe:*:Enabled:NetOp Guest
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\Program Files\Bonjour\mDNSResponder.exe REG_SZ C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
C:\Program Files\iTunes\iTunes.exe REG_SZ C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe REG_SZ C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
C:\Program Files\LimeWire\LimeWire.exe REG_SZ C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
C:\Program Files\LANDesk\Shared Files\residentagent.exe REG_SZ C:\Program Files\LANDesk\Shared Files\residentagent.exe:*:Enabled:LANDesk(R) Management Agent
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Numara Software\Remote\Guest\ngstw32.exe REG_SZ C:\Program Files\Numara Software\Remote\Guest\ngstw32.exe:*:Enabled:NetOp Guest
C:\WINDOWS\system32\cba\pds.exe REG_SZ C:\WINDOWS\system32\cba\pds.exe:*:Enabled:LANDesk Ping Discovery Service
C:\WINDOWS\system32\msgsys.exe REG_SZ C:\WINDOWS\system32\msgsys.exe:*:Enabled:LANDesk Message Service
C:\Program Files\LANDesk\LDClient\issuser.exe REG_SZ C:\Program Files\LANDesk\LDClient\issuser.exe:*:Enabled:LANDesk Remote Control Agent
C:\Program Files\LANDesk\LDClient\tmcsvc.exe REG_SZ C:\Program Files\LANDesk\LDClient\tmcsvc.exe:*:Enabled:LANDesk Targeted Multicast
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE REG_SZ C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
C:\Program Files\LANDesk\Shared Files\residentagent.exe REG_SZ C:\Program Files\LANDesk\Shared Files\residentagent.exe:*:Enabled:LANDesk(R) Management Agent
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
===============
ActivX controls
===============
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{0CDC8A43-059E-47CD-A3D0-FA46E01F6496}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{17492023-C23A-453E-A040-C7C580BBF700}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{1C7CF466-F149-478F-B232-BC6F72638D28}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{B8C681FD-D629-4CCE-90CD-89493F1F2799}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8056AC9E-49C5-4375-9ADE-B2F862C9DF51}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8D1D0E9A-C799-4D28-9E29-0061D1E66E43}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{94de52c8-2d59-4f1b-883e-79663d2d9a8c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
===
DNS
===
HKLM\SYSTEM\CCS\Services\Tcpip\..\{6DD7AF65-D06A-45B9-B0F0-4D25C240CF41}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6DD7AF65-D06A-45B9-B0F0-4D25C240CF41}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS2\Services\Tcpip\..\{6DD7AF65-D06A-45B9-B0F0-4D25C240CF41}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS3\Services\Tcpip\..\{6DD7AF65-D06A-45B9-B0F0-4D25C240CF41}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3 ( OK = 3 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
=========
Atapi.sys
=========
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\i386\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\i386\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\system32\dllcache\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\system32\dllcache\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\system32\drivers\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\system32\drivers\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
Référence :
==========
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e
=======
Drive :
=======
D'fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.
Rapport d'analyse
55,78 Go total, 6,57 Go libre (11%), 10% fragment' (fragmentation du fichier 20%)
Il ne vous est pas n'cessaire de d'fragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Present !! : C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
Present !! : C:\WINDOWS\_delis32.ini
Present !! : C:\WINDOWS\jestertb.dll
Present !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Present !! : C:\Documents and Settings\YDerrien\application data\ccpopack
Present !! : C:\Documents and Settings\YDerrien\Local Settings\Temp\dw.log
Present !! : C:\Documents and Settings\YDerrien\Local Settings\Temp\MOD.cml
Present !! : C:\Documents and Settings\YDerrien\Local Settings\Temp\MOD.fcn
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\B33C11F5-3A11-4f1e-85E4-C3CABE52C369.exe
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\FP_PL_MSI_INSTALLER.exe
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\jnPg.exe
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\jre-6u15-windows-i586-iftw_17a8e122.exe
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\jre-6u3-windows-i586-p-iftw_2cd32978.exe
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\ose00000.exe
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\ose00002.exe
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\setup_wm.exe
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\SSUPDATE.EXE
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\parcce.dat
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\Perflib_Perfdata_13cc.dat
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\Perflib_Perfdata_1bc.dat
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\Perflib_Perfdata_83c.dat
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp1113.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp12B7.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp13B2.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp13B3.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp13B5.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp13B6.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp151B.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp1622.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp20C.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp210.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp232.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp237.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp296.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp2AC.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp2D.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp2DE.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp2DF.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp2E0.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp2E1.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp2E2.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp2E3.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp2E4.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp2E5.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp2E6.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp2E7.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp357.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp35B.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp3C8.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp3C9.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp3CA.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp3CD.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp3D.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp3D3.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp3EB.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp3EC.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp3ED.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp3EE.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp4419.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp441A.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp441B.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp448B.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp45E.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp4A0E.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp507.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp508.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp509.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp510.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp511.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp512.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp522.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp523.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp528.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp536.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp543.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp55E.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp60.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp61.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp611.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp63.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp6F.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp79E.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp7E6.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp7E7.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp7E8.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp7E9.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp7EA.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp7EB.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp7EC.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp7ED.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp7EE.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp80E.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp85F.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp863.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp8CD.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp95C.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9E0.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9E1.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9E2.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9E3.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9E4.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9E5.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9E6.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9E7.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9E8.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9E9.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9EA.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9EB.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9EC.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9ED.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9EE.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9EF.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9F0.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9F1.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpAC.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpAEF.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpB6A.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpB6E.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpB70.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpB71.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpB73.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpB74.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpBFA.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpBFB.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpBFC.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpBFD.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpBFE.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpC0E.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpC92.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpC93.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpC94.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpD04.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpD1.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpD86.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpE5F.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpE82.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpE83.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpE84.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpE85.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpE86.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpE97.tmp
¤¤¤¤¤¤¤¤¤¤ Keys :
Bonsoir,
Et ba dite donc y en à des choses, tu peux réessayer le scan en mode sans échec STP :
* Redémarrer ton PC en mode sans échec manuellement
* Tapez sur la touche F8 avant de voir apparaître la barre de progression, avant l'écran de logo Windows
* Sélectionnez alors le mode sans échec sans prise en charge réseau et appuyez sur la touche entrée de votre clavier.
Et ba dite donc y en à des choses, tu peux réessayer le scan en mode sans échec STP :
* Redémarrer ton PC en mode sans échec manuellement
* Tapez sur la touche F8 avant de voir apparaître la barre de progression, avant l'écran de logo Windows
* Sélectionnez alors le mode sans échec sans prise en charge réseau et appuyez sur la touche entrée de votre clavier.
en mode sans echec c est mieux & + rapide:
voici le log
List'em by g3n-h@ckm@n 1.6.0.6
User : YDerrien ()
Update on 27/03/2010 by g3n-h@ckm@n ::::: 14.50
Start at: 19:56:30 | 28/03/2010
Intel(R) Pentium(R) M processor 1.73GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Enabled
AV : LANDesk Antivirus client 8.70.7.17 [ (!) Disabled | Updated ]
AV : AntiVir Desktop 9.0.1.26 [ (!) Disabled | (!) Outdated ]
C:\ -> Disque fixe local | 55,78 Go (6,94 Go free) [g] | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM
X:\ -> Connexion réseau
Boot: Safeboot
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\List_Kill'em\pv.exe
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
SUPERAntiSpyware REG_SZ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Apoint REG_SZ C:\Program Files\Apoint\Apoint.exe
igfxtray REG_SZ C:\WINDOWS\system32\igfxtray.exe
igfxhkcmd REG_SZ C:\WINDOWS\system32\hkcmd.exe
igfxpers REG_SZ C:\WINDOWS\system32\igfxpers.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
<NO NAME> REG_SZ
IntelWireless REG_SZ C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
Dell QuickSet REG_SZ C:\Program Files\Dell\QuickSet\quickset.exe
dlbxmon.exe REG_SZ "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
DAEMON Tools REG_SZ "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
Client Access Service REG_SZ "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
Client Access Help Update REG_SZ "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
Client Access Check Version REG_SZ "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
Client Access Express Welcome REG_SZ "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
RemoteControl REG_SZ "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
IntelAPMClient REG_SZ "C:\Program Files\LANDesk\LDClient\amclient.exe" /apm /s /ro /Retry=2 /Tspan=60 /Rstart
SDClientMonitor REG_SZ "C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe"
LANDesk Antivirus REG_SZ "C:\Program Files\LANDesk\LDClient\antivirus\LDav.exe" /systray
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
LVCOMSX REG_SZ C:\WINDOWS\system32\LVCOMSX.EXE
avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 255 (0xff)
NoDriveAutoRun REG_DWORD 255 (0xff)
HonorAutoRunSetting REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveAutoRun REG_DWORD 255 (0xff)
NoDriveTypeAutoRun REG_DWORD 255 (0xff)
HonorAutoRunSetting REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultUserName REG_SZ yderrien
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 0 (0x0)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 0 (0x0)
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 1 (0x1)
AltDefaultUserName REG_SZ yderrien
AltDefaultDomainName REG_SZ GFI-AEROSPACE
DefaultDomainName REG_SZ GFI-AEROSPACE
DisableCAD REG_DWORD 0 (0x0)
AutoAdminLogon REG_SZ 0
CachePrimaryDomain REG_SZ GFI-AEROSPACE
DCacheUpdate REG_BINARY 520692598aceca01
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\DomainCache
===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} REG_SZ
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\WINDOWS\system32\cba\pds.exe REG_SZ C:\WINDOWS\system32\cba\pds.exe:*:Enabled:Agent à base commune (CBA)
C:\LDClient\Wuser32.exe REG_SZ C:\LDClient\Wuser32.exe:*:Enabled:Contrôle distant
C:\LDClient\tmcsvc.exe REG_SZ C:\LDClient\tmcsvc.exe:*:Enabled:Multicast ciblé
C:\WINDOWS\system32\dlbxcoms.exe REG_SZ C:\WINDOWS\system32\dlbxcoms.exe:*:Disabled:Dell 962 Server
C:\Program Files\Numara Software\Remote\Guest\ngstw32.exe REG_SZ C:\Program Files\Numara Software\Remote\Guest\ngstw32.exe:*:Enabled:NetOp Guest
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\Program Files\Bonjour\mDNSResponder.exe REG_SZ C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
C:\Program Files\iTunes\iTunes.exe REG_SZ C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe REG_SZ C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
C:\Program Files\LimeWire\LimeWire.exe REG_SZ C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
C:\Program Files\LANDesk\Shared Files\residentagent.exe REG_SZ C:\Program Files\LANDesk\Shared Files\residentagent.exe:*:Enabled:LANDesk(R) Management Agent
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Numara Software\Remote\Guest\ngstw32.exe REG_SZ C:\Program Files\Numara Software\Remote\Guest\ngstw32.exe:*:Enabled:NetOp Guest
C:\WINDOWS\system32\cba\pds.exe REG_SZ C:\WINDOWS\system32\cba\pds.exe:*:Enabled:LANDesk Ping Discovery Service
C:\WINDOWS\system32\msgsys.exe REG_SZ C:\WINDOWS\system32\msgsys.exe:*:Enabled:LANDesk Message Service
C:\Program Files\LANDesk\LDClient\issuser.exe REG_SZ C:\Program Files\LANDesk\LDClient\issuser.exe:*:Enabled:LANDesk Remote Control Agent
C:\Program Files\LANDesk\LDClient\tmcsvc.exe REG_SZ C:\Program Files\LANDesk\LDClient\tmcsvc.exe:*:Enabled:LANDesk Targeted Multicast
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE REG_SZ C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
C:\Program Files\LANDesk\Shared Files\residentagent.exe REG_SZ C:\Program Files\LANDesk\Shared Files\residentagent.exe:*:Enabled:LANDesk(R) Management Agent
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
===============
ActivX controls
===============
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{0CDC8A43-059E-47CD-A3D0-FA46E01F6496}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{17492023-C23A-453E-A040-C7C580BBF700}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{1C7CF466-F149-478F-B232-BC6F72638D28}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{B8C681FD-D629-4CCE-90CD-89493F1F2799}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8056AC9E-49C5-4375-9ADE-B2F862C9DF51}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8D1D0E9A-C799-4D28-9E29-0061D1E66E43}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{94de52c8-2d59-4f1b-883e-79663d2d9a8c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
===
DNS
===
HKLM\SYSTEM\CCS\Services\Tcpip\..\{6DD7AF65-D06A-45B9-B0F0-4D25C240CF41}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6DD7AF65-D06A-45B9-B0F0-4D25C240CF41}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS2\Services\Tcpip\..\{6DD7AF65-D06A-45B9-B0F0-4D25C240CF41}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS3\Services\Tcpip\..\{6DD7AF65-D06A-45B9-B0F0-4D25C240CF41}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3 ( OK = 3 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
=========
Atapi.sys
=========
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\i386\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\i386\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\system32\dllcache\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\system32\dllcache\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\system32\drivers\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\system32\drivers\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
Référence :
==========
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e
=======
Drive :
=======
D'fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.
Rapport d'analyse
55,78 Go total, 6,94 Go libre (12%), 10% fragment' (fragmentation du fichier 20%)
Il ne vous est pas n'cessaire de d'fragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Present !! : C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
Present !! : C:\WINDOWS\_delis32.ini
Present !! : C:\WINDOWS\jestertb.dll
Present !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Present !! : C:\Documents and Settings\YDerrien\application data\ccpopack
Present !! : C:\Documents and Settings\YDerrien\Local Settings\Temp\dw.log
Present !! : C:\Documents and Settings\YDerrien\Local Settings\Temp\MOD.cml
Present !! : C:\Documents and Settings\YDerrien\Local Settings\Temp\MOD.fcn
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\B33C11F5-3A11-4f1e-85E4-C3CABE52C369.exe
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\FP_PL_MSI_INSTALLER.exe
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\jnPg.exe
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\jre-6u15-windows-i586-iftw_17a8e122.exe
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\jre-6u3-windows-i586-p-iftw_2cd32978.exe
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\ose00000.exe
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\ose00002.exe
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\setup_wm.exe
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\SSUPDATE.EXE
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\parcce.dat
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\Perflib_Perfdata_13cc.dat
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\Perflib_Perfdata_1bc.dat
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\Perflib_Perfdata_83c.dat
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp1113.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp12B7.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp13B2.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp13B3.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp13B5.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp13B6.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp151B.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp1622.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp20C.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp210.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp232.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp237.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp296.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp2AC.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp2D.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp2DE.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp2DF.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp2E0.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp2E1.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp2E2.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp2E3.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp2E4.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp2E5.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp2E6.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp2E7.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp357.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp35B.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp3C8.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp3C9.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp3CA.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp3CD.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp3D.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp3D3.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp3EB.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp3EC.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp3ED.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp3EE.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp4419.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp441A.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp441B.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp448B.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp45E.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp4A0E.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp507.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp508.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp509.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp510.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp511.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp512.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp522.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp523.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp528.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp536.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp543.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp55E.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp60.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp61.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp611.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp63.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp6F.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp79E.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp7E6.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp7E7.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp7E8.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp7E9.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp7EA.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp7EB.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp7EC.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp7ED.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp7EE.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp80E.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp85F.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp863.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp8CD.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp95C.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9E0.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9E1.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9E2.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9E3.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9E4.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9E5.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9E6.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9E7.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9E8.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9E9.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9EA.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9EB.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9EC.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9ED.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9EE.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9EF.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9F0.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9F1.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpAC.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpAEF.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpB6A.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpB6E.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpB70.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpB71.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpB73.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpB74.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpBFA.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpBFB.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpBFC.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpBFD.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpBFE.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpC0E.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpC92.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpC93.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpC94.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpD04.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpD1.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpD86.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpE5F.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpE82.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpE83.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpE84.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpE85.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpE86.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpE97.tmp
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Present !! : HKCR\secfile
============
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-28 20:04:29
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x833D81D8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x833d81d8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 20:04:30,65
voici le log
List'em by g3n-h@ckm@n 1.6.0.6
User : YDerrien ()
Update on 27/03/2010 by g3n-h@ckm@n ::::: 14.50
Start at: 19:56:30 | 28/03/2010
Intel(R) Pentium(R) M processor 1.73GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Enabled
AV : LANDesk Antivirus client 8.70.7.17 [ (!) Disabled | Updated ]
AV : AntiVir Desktop 9.0.1.26 [ (!) Disabled | (!) Outdated ]
C:\ -> Disque fixe local | 55,78 Go (6,94 Go free) [g] | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM
X:\ -> Connexion réseau
Boot: Safeboot
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\List_Kill'em\pv.exe
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
SUPERAntiSpyware REG_SZ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Apoint REG_SZ C:\Program Files\Apoint\Apoint.exe
igfxtray REG_SZ C:\WINDOWS\system32\igfxtray.exe
igfxhkcmd REG_SZ C:\WINDOWS\system32\hkcmd.exe
igfxpers REG_SZ C:\WINDOWS\system32\igfxpers.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
<NO NAME> REG_SZ
IntelWireless REG_SZ C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
Dell QuickSet REG_SZ C:\Program Files\Dell\QuickSet\quickset.exe
dlbxmon.exe REG_SZ "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
DAEMON Tools REG_SZ "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
Client Access Service REG_SZ "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
Client Access Help Update REG_SZ "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
Client Access Check Version REG_SZ "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
Client Access Express Welcome REG_SZ "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
RemoteControl REG_SZ "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
IntelAPMClient REG_SZ "C:\Program Files\LANDesk\LDClient\amclient.exe" /apm /s /ro /Retry=2 /Tspan=60 /Rstart
SDClientMonitor REG_SZ "C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe"
LANDesk Antivirus REG_SZ "C:\Program Files\LANDesk\LDClient\antivirus\LDav.exe" /systray
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
LVCOMSX REG_SZ C:\WINDOWS\system32\LVCOMSX.EXE
avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 255 (0xff)
NoDriveAutoRun REG_DWORD 255 (0xff)
HonorAutoRunSetting REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveAutoRun REG_DWORD 255 (0xff)
NoDriveTypeAutoRun REG_DWORD 255 (0xff)
HonorAutoRunSetting REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultUserName REG_SZ yderrien
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 0 (0x0)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 0 (0x0)
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 1 (0x1)
AltDefaultUserName REG_SZ yderrien
AltDefaultDomainName REG_SZ GFI-AEROSPACE
DefaultDomainName REG_SZ GFI-AEROSPACE
DisableCAD REG_DWORD 0 (0x0)
AutoAdminLogon REG_SZ 0
CachePrimaryDomain REG_SZ GFI-AEROSPACE
DCacheUpdate REG_BINARY 520692598aceca01
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\DomainCache
===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} REG_SZ
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\WINDOWS\system32\cba\pds.exe REG_SZ C:\WINDOWS\system32\cba\pds.exe:*:Enabled:Agent à base commune (CBA)
C:\LDClient\Wuser32.exe REG_SZ C:\LDClient\Wuser32.exe:*:Enabled:Contrôle distant
C:\LDClient\tmcsvc.exe REG_SZ C:\LDClient\tmcsvc.exe:*:Enabled:Multicast ciblé
C:\WINDOWS\system32\dlbxcoms.exe REG_SZ C:\WINDOWS\system32\dlbxcoms.exe:*:Disabled:Dell 962 Server
C:\Program Files\Numara Software\Remote\Guest\ngstw32.exe REG_SZ C:\Program Files\Numara Software\Remote\Guest\ngstw32.exe:*:Enabled:NetOp Guest
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\Program Files\Bonjour\mDNSResponder.exe REG_SZ C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
C:\Program Files\iTunes\iTunes.exe REG_SZ C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe REG_SZ C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
C:\Program Files\LimeWire\LimeWire.exe REG_SZ C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
C:\Program Files\LANDesk\Shared Files\residentagent.exe REG_SZ C:\Program Files\LANDesk\Shared Files\residentagent.exe:*:Enabled:LANDesk(R) Management Agent
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Numara Software\Remote\Guest\ngstw32.exe REG_SZ C:\Program Files\Numara Software\Remote\Guest\ngstw32.exe:*:Enabled:NetOp Guest
C:\WINDOWS\system32\cba\pds.exe REG_SZ C:\WINDOWS\system32\cba\pds.exe:*:Enabled:LANDesk Ping Discovery Service
C:\WINDOWS\system32\msgsys.exe REG_SZ C:\WINDOWS\system32\msgsys.exe:*:Enabled:LANDesk Message Service
C:\Program Files\LANDesk\LDClient\issuser.exe REG_SZ C:\Program Files\LANDesk\LDClient\issuser.exe:*:Enabled:LANDesk Remote Control Agent
C:\Program Files\LANDesk\LDClient\tmcsvc.exe REG_SZ C:\Program Files\LANDesk\LDClient\tmcsvc.exe:*:Enabled:LANDesk Targeted Multicast
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE REG_SZ C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
C:\Program Files\LANDesk\Shared Files\residentagent.exe REG_SZ C:\Program Files\LANDesk\Shared Files\residentagent.exe:*:Enabled:LANDesk(R) Management Agent
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
===============
ActivX controls
===============
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{0CDC8A43-059E-47CD-A3D0-FA46E01F6496}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{17492023-C23A-453E-A040-C7C580BBF700}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{1C7CF466-F149-478F-B232-BC6F72638D28}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{B8C681FD-D629-4CCE-90CD-89493F1F2799}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8056AC9E-49C5-4375-9ADE-B2F862C9DF51}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8D1D0E9A-C799-4D28-9E29-0061D1E66E43}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{94de52c8-2d59-4f1b-883e-79663d2d9a8c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
===
DNS
===
HKLM\SYSTEM\CCS\Services\Tcpip\..\{6DD7AF65-D06A-45B9-B0F0-4D25C240CF41}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6DD7AF65-D06A-45B9-B0F0-4D25C240CF41}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS2\Services\Tcpip\..\{6DD7AF65-D06A-45B9-B0F0-4D25C240CF41}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS3\Services\Tcpip\..\{6DD7AF65-D06A-45B9-B0F0-4D25C240CF41}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3 ( OK = 3 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
=========
Atapi.sys
=========
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\i386\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\i386\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\system32\dllcache\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\system32\dllcache\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\system32\drivers\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\system32\drivers\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
Référence :
==========
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e
=======
Drive :
=======
D'fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.
Rapport d'analyse
55,78 Go total, 6,94 Go libre (12%), 10% fragment' (fragmentation du fichier 20%)
Il ne vous est pas n'cessaire de d'fragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Present !! : C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
Present !! : C:\WINDOWS\_delis32.ini
Present !! : C:\WINDOWS\jestertb.dll
Present !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Present !! : C:\Documents and Settings\YDerrien\application data\ccpopack
Present !! : C:\Documents and Settings\YDerrien\Local Settings\Temp\dw.log
Present !! : C:\Documents and Settings\YDerrien\Local Settings\Temp\MOD.cml
Present !! : C:\Documents and Settings\YDerrien\Local Settings\Temp\MOD.fcn
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\B33C11F5-3A11-4f1e-85E4-C3CABE52C369.exe
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\FP_PL_MSI_INSTALLER.exe
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\jnPg.exe
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\jre-6u15-windows-i586-iftw_17a8e122.exe
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\jre-6u3-windows-i586-p-iftw_2cd32978.exe
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\ose00000.exe
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\ose00002.exe
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\setup_wm.exe
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\SSUPDATE.EXE
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\parcce.dat
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\Perflib_Perfdata_13cc.dat
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\Perflib_Perfdata_1bc.dat
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\Perflib_Perfdata_83c.dat
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp1113.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp12B7.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp13B2.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp13B3.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp13B5.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp13B6.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp151B.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp1622.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp20C.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp210.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp232.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp237.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp296.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp2AC.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp2D.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp2DE.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp2DF.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp2E0.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp2E1.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp2E2.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp2E3.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp2E4.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp2E5.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp2E6.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp2E7.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp357.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp35B.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp3C8.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp3C9.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp3CA.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp3CD.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp3D.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp3D3.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp3EB.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp3EC.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp3ED.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp3EE.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp4419.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp441A.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp441B.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp448B.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp45E.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp4A0E.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp507.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp508.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp509.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp510.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp511.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp512.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp522.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp523.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp528.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp536.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp543.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp55E.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp60.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp61.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp611.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp63.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp6F.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp79E.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp7E6.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp7E7.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp7E8.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp7E9.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp7EA.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp7EB.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp7EC.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp7ED.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp7EE.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp80E.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp85F.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp863.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp8CD.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp95C.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9E0.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9E1.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9E2.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9E3.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9E4.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9E5.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9E6.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9E7.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9E8.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9E9.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9EA.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9EB.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9EC.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9ED.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9EE.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9EF.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9F0.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmp9F1.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpAC.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpAEF.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpB6A.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpB6E.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpB70.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpB71.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpB73.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpB74.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpBFA.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpBFB.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpBFC.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpBFD.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpBFE.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpC0E.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpC92.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpC93.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpC94.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpD04.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpD1.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpD86.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpE5F.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpE82.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpE83.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpE84.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpE85.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpE86.tmp
Present !! : C:\Documents and Settings\YDerrien\LOCAL Settings\Temp\tmpE97.tmp
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Present !! : HKCR\secfile
============
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-28 20:04:29
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x833D81D8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x833d81d8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 20:04:30,65
Y en a des choses à supprimer en plus tu as chopé un rootkit :
detected MBR rootkit hooks:
\Driver\atapi -> 0x833d81d8
Warning: possible MBR rootkit infection
Nettoyage :
! Déconnecte toi ferme toutes tes applications en cours !
* Redémarrer ton PC en mode sans échec manuellement
* Tapez sur la touche F8 avant de voir apparaître la barre de progression, avant l'écran de logo Windows
* Sélectionnez alors le mode sans échec sans prise en charge réseau et appuyez sur la touche entrée de votre clavier.
? Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :
? choisis l'option clean
ton PC va redemarrer,
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
? colle le contenu dans ta reponse
detected MBR rootkit hooks:
\Driver\atapi -> 0x833d81d8
Warning: possible MBR rootkit infection
Nettoyage :
! Déconnecte toi ferme toutes tes applications en cours !
* Redémarrer ton PC en mode sans échec manuellement
* Tapez sur la touche F8 avant de voir apparaître la barre de progression, avant l'écran de logo Windows
* Sélectionnez alors le mode sans échec sans prise en charge réseau et appuyez sur la touche entrée de votre clavier.
? Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :
? choisis l'option clean
ton PC va redemarrer,
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
? colle le contenu dans ta reponse
j ai le meme probleme pour l'execution en mode sans echec que les 1ers
jours.
1-je le lance en mode sans echec.
2-il doit rebooter puis s'executer sans ce meme mode .
mais comme je passe par f6 pour le forcer il ne se lance pas .
3-par contre en mode normal il execute le nettoyage.
Mais je crains qu'il soit a nouvo planter il est sur 60% depuis quelques temps et le nom du fichier ne change pas .
jours.
1-je le lance en mode sans echec.
2-il doit rebooter puis s'executer sans ce meme mode .
mais comme je passe par f6 pour le forcer il ne se lance pas .
3-par contre en mode normal il execute le nettoyage.
Mais je crains qu'il soit a nouvo planter il est sur 60% depuis quelques temps et le nom du fichier ne change pas .
salut,
en mode safemode clean , il reste planté à 60%
j ai desactivé l antivirus ainsi que le parefeu.
en mode safemode clean , il reste planté à 60%
j ai desactivé l antivirus ainsi que le parefeu.
Et ça ne marche toujours pas?
Fais donc le mode restore MBR pour le rootkit c'est ça qui doit bloquer.
Fais donc le mode restore MBR pour le rootkit c'est ça qui doit bloquer.
salut,
en fait je crois que oui l y a un probleme au nivo du restore MBR.
car lorsque j ai fait l avant dernier mail disant que c etait planté
j ai laissé tourné quand mm et a mon reout il y avait 3 fenetres ouverte
avec un fichier txt vide me disant mbr inexistant.
j ai du arreter le portable vu que j avais plus la main dessus.
en lancer restore MBR seul il s 'arrete au mm moment avec un fichier txt vide .
en fait je crois que oui l y a un probleme au nivo du restore MBR.
car lorsque j ai fait l avant dernier mail disant que c etait planté
j ai laissé tourné quand mm et a mon reout il y avait 3 fenetres ouverte
avec un fichier txt vide me disant mbr inexistant.
j ai du arreter le portable vu que j avais plus la main dessus.
en lancer restore MBR seul il s 'arrete au mm moment avec un fichier txt vide .
Bon attention on va passer à combofix pour le rootkit :
Attention cette procédure ne convient pas à tout les PC.
Attention bien respecter cette procédure :
* Sous Vista : ▶ Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
▶ Clique sur Démarrer puis sur panneau de configuration
▶ Double Clique sur l'icône "Comptes d'utilisateurs"
▶ Clique ensuite sur désactiver et valide.
▶ Redémarre le PC
▶ Télécharge Combofix de sUBs
▶ et enregistre le sur le Bureau.
▶ désactive tes protections et ferme toutes tes applications(antivirus, parefeu, garde en temps réel de l'antispyware)
Voici le tutoriel officiel de Bleeping Computer pour savoir l utiliser :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
▶ Je te conseille d'installer la console de récupération !!
ensuite envois le rapport stp
si combofix n'a pas installé la console de récupération, suivre ceci pour l'installe et relance combofix ensuite : http://www.zebulon.fr/dossiers/61-2-installation-console-recuperation-disque.html
Attention cette procédure ne convient pas à tout les PC.
Attention bien respecter cette procédure :
* Sous Vista : ▶ Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
▶ Clique sur Démarrer puis sur panneau de configuration
▶ Double Clique sur l'icône "Comptes d'utilisateurs"
▶ Clique ensuite sur désactiver et valide.
▶ Redémarre le PC
▶ Télécharge Combofix de sUBs
▶ et enregistre le sur le Bureau.
▶ désactive tes protections et ferme toutes tes applications(antivirus, parefeu, garde en temps réel de l'antispyware)
Voici le tutoriel officiel de Bleeping Computer pour savoir l utiliser :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
▶ Je te conseille d'installer la console de récupération !!
ensuite envois le rapport stp
si combofix n'a pas installé la console de récupération, suivre ceci pour l'installe et relance combofix ensuite : http://www.zebulon.fr/dossiers/61-2-installation-console-recuperation-disque.html
voici le rapport :
ComboFix 10-03-28.03 - YDerrien 29/03/2010 19:14:38.2.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.503.153 [GMT 2:00]
Lancé depuis: c:\antivir_malw\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: LANDesk Antivirus client *On-access scanning disabled* (Updated) {C386CD1A-44E8-4B9D-885E-4751A79CE5BD}
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
Les fichiers ci-dessous ont été désactivés pendant l'exécution:
c:\program files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll
/wow section - STAGE 1
/wow section non terminée
/wow section non terminée
((((((((((((((((((((((((((((( Fichiers créés du 2010-02-28 au 2010-03-29 ))))))))))))))))))))))))))))))))))))
.
2010-03-28 17:56 . 2010-03-29 06:10 -------- d-----w- C:\Kill'em
2010-03-28 09:22 . 2010-03-29 13:11 -------- d-----w- c:\program files\List_Kill'em
2010-03-26 19:25 . 2010-03-29 16:56 -------- d-----w- C:\antivir_malw
2010-03-26 19:17 . 2010-03-26 19:17 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-03-26 19:16 . 2010-03-26 19:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-03-26 19:16 . 2010-03-26 19:16 -------- d-----w- c:\documents and settings\YDerrien\Application Data\SUPERAntiSpyware.com
2010-03-26 19:16 . 2010-03-26 19:10 7757856 ----a-w- C:\SUPERAntiSpyware.exe
2010-03-26 17:02 . 2010-03-26 17:07 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-03-26 17:02 . 2009-03-30 09:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-03-26 17:02 . 2009-02-13 11:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-03-26 17:02 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-03-26 17:02 . 2010-03-26 17:02 -------- d-----w- c:\program files\Avira
2010-03-26 17:02 . 2010-03-26 17:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-03-26 13:27 . 2010-03-26 13:28 -------- d-----w- C:\UsbFix_Upload_Me
2010-03-26 12:29 . 2010-03-26 13:26 -------- d-----w- C:\UsbFix
2010-03-26 07:23 . 2010-03-26 07:35 -------- d-----w- C:\Ad-Remover
2010-03-22 16:20 . 2010-03-24 17:29 -------- d-----w- C:\FyK
2010-03-22 11:42 . 2010-03-22 11:44 -------- d-----w- c:\program files\trend micro
2010-03-22 08:01 . 2010-03-22 08:01 -------- dc----w- c:\documents and settings\All Users\Application Data\{88078557-37D5-402B-8B75-49F162ECEDBD}
2010-03-22 08:01 . 2010-03-22 08:01 -------- d-----w- c:\documents and settings\YDerrien\Application Data\Fighters
2010-03-22 08:01 . 2010-03-22 08:01 -------- d-----w- c:\documents and settings\YDerrien\Local Settings\Application Data\PackageAware
2010-03-21 19:21 . 2010-03-21 19:21 -------- d-----w- c:\documents and settings\YDerrien\Application Data\Malwarebytes
2010-03-21 19:21 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-21 19:21 . 2010-03-26 15:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-21 19:21 . 2010-03-21 19:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-21 19:21 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-04 08:29 . 2010-03-04 08:29 -------- d-----w- c:\program files\Freeplayer
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-29 16:59 . 2008-01-22 10:25 -------- d-----w- c:\documents and settings\All Users\Application Data\vulScan
2010-03-28 18:12 . 2004-08-19 13:03 76922 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-28 18:12 . 2004-08-19 13:03 470610 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-26 19:17 . 2010-03-26 19:17 52224 ----a-w- c:\documents and settings\YDerrien\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-03-26 19:17 . 2010-03-26 19:17 117760 ----a-w- c:\documents and settings\YDerrien\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-26 19:16 . 2006-03-21 08:15 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2010-03-26 17:32 . 2010-01-06 19:00 -------- d-----w- c:\documents and settings\YDerrien\Application Data\LimeWire
2010-03-06 15:44 . 2009-04-05 08:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2010-03-06 15:43 . 2009-04-04 12:06 -------- d-----w- c:\program files\Messenger Plus! Live
2010-03-04 09:25 . 2007-06-01 16:31 -------- d-----w- c:\documents and settings\YDerrien\Application Data\vlc
2010-01-06 18:18 . 2010-01-06 18:18 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-06 18:17 . 2010-01-06 18:17 152576 ----a-w- c:\documents and settings\YDerrien\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2008-05-25 18:04 . 2008-01-22 10:31 2256160 --sha-w- c:\windows\system32\drivers\fidbox.dat
2008-05-25 18:04 . 2008-01-22 10:31 158752 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-18 2012912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-06 149280]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-09-01 684032]
"dlbxmon.exe"="c:\program files\Dell Photo AIO Printer 962\dlbxmon.exe" [2004-08-27 417792]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe" [2002-05-07 20530]
"Client Access Help Update"="c:\program files\IBM\Client Access\cwbinhlp.exe" [2002-05-07 24626]
"Client Access Check Version"="c:\program files\IBM\Client Access\cwbckver.exe" [2002-05-07 45056]
"Client Access Express Welcome"="c:\program files\IBM\Client Access\cwbwlwiz.exe" [2002-05-07 20530]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"IntelAPMClient"="c:\program files\LANDesk\LDClient\amclient.exe" [2007-08-07 331776]
"SDClientMonitor"="c:\program files\LANDesk\LDClient\webportal\sdclientmonitor.exe" [2006-11-01 258048]
"LANDesk Antivirus"="c:\program files\LANDesk\LDClient\antivirus\LDav.exe" [2007-06-21 823296]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-3-3 24576]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= P:\informatique
FriendlyName=
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
Source= p:\informatique\MOVEX M3
FriendlyName=
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 16:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-21973435-1843860885-618671499-1274\Scripts\Logon\0\0]
"Script"=\\gfi-aerospace.com\netlogon\netform.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-21973435-1843860885-618671499-1276\Scripts\Logon\0\0]
"Script"=netform.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-21973435-1843860885-618671499-1276\Scripts\Logon\1\0]
"Script"=\\srv102fs01\sysvol\GFI-AEROSPACE.COM\scripts\GPO\102\impr102_60.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-21973435-1843860885-618671499-1276\Scripts\Logon\1\1]
"Script"=\\srv102fs01\sysvol\GFI-AEROSPACE.COM\scripts\GPO\102\impr102_20.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-21973435-1843860885-618671499-1276\Scripts\Logon\1\2]
"Script"=\\srv102fs01\sysvol\GFI-AEROSPACE.COM\scripts\GPO\102\impr102_21.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-21973435-1843860885-618671499-1736\Scripts\Logon\0\0]
"Script"=\\gfi-aerospace.com\netlogon\netform.bat
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\cba\\pds.exe"=
"c:\\WINDOWS\\system32\\dlbxcoms.exe"=
"c:\\Program Files\\Numara Software\\Remote\\Guest\\ngstw32.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\LANDesk\\Shared Files\\residentagent.exe"=
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 11:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 11:15 66632]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [26/03/2010 19:02 108289]
R2 CBA8;LANDesk(R) Management Agent;c:\program files\LANDesk\Shared Files\residentAgent.exe [09/01/2007 12:03 122880]
R2 Repository Server;StreamServe Repository Server;c:\program files\StreamServe\4.1.2\Server\bin\ptserv32.exe -config "c:\program files\StreamServe\4.1.2\Common\bin\ptserver.cfg" --> c:\program files\StreamServe\4.1.2\Server\bin\ptserv32.exe -config c:\program files\StreamServe\4.1.2\Common\bin\ptserver.cfg [?]
R2 Softmon;LANDesk(R) Software Monitoring Service;c:\program files\LANDesk\LDClient\SoftMon.exe [22/01/2008 12:25 266240]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [03/03/2006 13:37 87936]
R3 ldblank;Screen Blanking driver for Remote Control;c:\windows\system32\drivers\ldblank.sys [22/01/2008 12:25 11904]
R3 ldmirror;ldmirror;c:\windows\system32\drivers\ldmirror.sys [22/01/2008 12:25 3328]
R3 mirrorflt;Mirror Filter Driver for Uninstall;c:\windows\system32\drivers\mirrorflt.sys [22/01/2008 12:25 3712]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 11:15 12872]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [04/04/2007 13:25 639224]
S2 LDAVService;LANDesk(R) Antivirus;c:\program files\LANDesk\LDClient\Antivirus\AVService.exe [22/01/2008 12:25 344128]
S3 Intel Remote Control Helper;Intel Remote Control Helper;c:\windows\system32\drivers\rch.sys [13/03/2006 11:26 49972]
S3 Reporter;StreamServe Reporter;c:\program files\StreamServe\4.1.2\Reporter\bin\bootloader.exe [05/06/2006 09:14 11776]
S3 ServiceBroker;ServiceBroker;c:\program files\StreamServe\4.1.2\Server\ServiceBroker.exe [05/06/2006 09:14 1753088]
S3 StreamServe2;StreamServe MVXOUT_V4;c:\program files\StreamServe\4.1.2\Server\strsvc.exe [05/06/2006 09:14 9863168]
.
Contenu du dossier 'Tâches planifiées'
2010-03-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {0CDC8A43-059E-47CD-A3D0-FA46E01F6496} - hxxp://tellus.intentia.com/Tellus/Misc/TellusExportAx.CAB
DPF: {1C7CF466-F149-478F-B232-BC6F72638D28} - hxxp://tellus.intentia.com/Tellus/Misc/TellusList.CAB
DPF: {B8C681FD-D629-4CCE-90CD-89493F1F2799} - hxxp://172.20.32.191/mwp/ieui/IEMod.cab
.
.
------- Associations de fichier -------
.
txtfile\shell\satsukidecoder\command=c:\program files\Satsuki Decoder Pack\mpc\mplayerc.exe "%1"
.
- - - - ORPHELINS SUPPRIMES - - - -
AddRemove-StreamServe Communication Server 3.0.0 - c:\docume~1\YDerrien\LOCALS~1\Temp\{625D4DC1-75A6-406C-A772-1A68217E8526}\sysid.exe
AddRemove-StreamServe Tools 3.0.0 - c:\docume~1\YDerrien\LOCALS~1\Temp\{8D77A0AC-9805-48F9-A895-3040496EE663}\sys.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-29 19:15
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(1432)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
- - - - - - - > 'explorer.exe'(3636)
c:\docume~1\YDerrien\LOCALS~1\Temp\catchme.dll
.
Heure de fin: 2010-03-29 19:21:44
ComboFix-quarantined-files.txt 2010-03-29 17:21
Avant-CF: 6 714 568 704 octets libres
Après-CF: 6 674 882 560 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
- - End Of File - - B626C4CEA46C22504076B6B380E5E0F3
ComboFix 10-03-28.03 - YDerrien 29/03/2010 19:14:38.2.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.503.153 [GMT 2:00]
Lancé depuis: c:\antivir_malw\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: LANDesk Antivirus client *On-access scanning disabled* (Updated) {C386CD1A-44E8-4B9D-885E-4751A79CE5BD}
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
Les fichiers ci-dessous ont été désactivés pendant l'exécution:
c:\program files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll
/wow section - STAGE 1
/wow section non terminée
/wow section non terminée
((((((((((((((((((((((((((((( Fichiers créés du 2010-02-28 au 2010-03-29 ))))))))))))))))))))))))))))))))))))
.
2010-03-28 17:56 . 2010-03-29 06:10 -------- d-----w- C:\Kill'em
2010-03-28 09:22 . 2010-03-29 13:11 -------- d-----w- c:\program files\List_Kill'em
2010-03-26 19:25 . 2010-03-29 16:56 -------- d-----w- C:\antivir_malw
2010-03-26 19:17 . 2010-03-26 19:17 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-03-26 19:16 . 2010-03-26 19:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-03-26 19:16 . 2010-03-26 19:16 -------- d-----w- c:\documents and settings\YDerrien\Application Data\SUPERAntiSpyware.com
2010-03-26 19:16 . 2010-03-26 19:10 7757856 ----a-w- C:\SUPERAntiSpyware.exe
2010-03-26 17:02 . 2010-03-26 17:07 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-03-26 17:02 . 2009-03-30 09:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-03-26 17:02 . 2009-02-13 11:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-03-26 17:02 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-03-26 17:02 . 2010-03-26 17:02 -------- d-----w- c:\program files\Avira
2010-03-26 17:02 . 2010-03-26 17:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-03-26 13:27 . 2010-03-26 13:28 -------- d-----w- C:\UsbFix_Upload_Me
2010-03-26 12:29 . 2010-03-26 13:26 -------- d-----w- C:\UsbFix
2010-03-26 07:23 . 2010-03-26 07:35 -------- d-----w- C:\Ad-Remover
2010-03-22 16:20 . 2010-03-24 17:29 -------- d-----w- C:\FyK
2010-03-22 11:42 . 2010-03-22 11:44 -------- d-----w- c:\program files\trend micro
2010-03-22 08:01 . 2010-03-22 08:01 -------- dc----w- c:\documents and settings\All Users\Application Data\{88078557-37D5-402B-8B75-49F162ECEDBD}
2010-03-22 08:01 . 2010-03-22 08:01 -------- d-----w- c:\documents and settings\YDerrien\Application Data\Fighters
2010-03-22 08:01 . 2010-03-22 08:01 -------- d-----w- c:\documents and settings\YDerrien\Local Settings\Application Data\PackageAware
2010-03-21 19:21 . 2010-03-21 19:21 -------- d-----w- c:\documents and settings\YDerrien\Application Data\Malwarebytes
2010-03-21 19:21 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-21 19:21 . 2010-03-26 15:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-21 19:21 . 2010-03-21 19:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-21 19:21 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-04 08:29 . 2010-03-04 08:29 -------- d-----w- c:\program files\Freeplayer
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-29 16:59 . 2008-01-22 10:25 -------- d-----w- c:\documents and settings\All Users\Application Data\vulScan
2010-03-28 18:12 . 2004-08-19 13:03 76922 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-28 18:12 . 2004-08-19 13:03 470610 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-26 19:17 . 2010-03-26 19:17 52224 ----a-w- c:\documents and settings\YDerrien\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-03-26 19:17 . 2010-03-26 19:17 117760 ----a-w- c:\documents and settings\YDerrien\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-26 19:16 . 2006-03-21 08:15 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2010-03-26 17:32 . 2010-01-06 19:00 -------- d-----w- c:\documents and settings\YDerrien\Application Data\LimeWire
2010-03-06 15:44 . 2009-04-05 08:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2010-03-06 15:43 . 2009-04-04 12:06 -------- d-----w- c:\program files\Messenger Plus! Live
2010-03-04 09:25 . 2007-06-01 16:31 -------- d-----w- c:\documents and settings\YDerrien\Application Data\vlc
2010-01-06 18:18 . 2010-01-06 18:18 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-06 18:17 . 2010-01-06 18:17 152576 ----a-w- c:\documents and settings\YDerrien\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2008-05-25 18:04 . 2008-01-22 10:31 2256160 --sha-w- c:\windows\system32\drivers\fidbox.dat
2008-05-25 18:04 . 2008-01-22 10:31 158752 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-18 2012912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-06 149280]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-09-01 684032]
"dlbxmon.exe"="c:\program files\Dell Photo AIO Printer 962\dlbxmon.exe" [2004-08-27 417792]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe" [2002-05-07 20530]
"Client Access Help Update"="c:\program files\IBM\Client Access\cwbinhlp.exe" [2002-05-07 24626]
"Client Access Check Version"="c:\program files\IBM\Client Access\cwbckver.exe" [2002-05-07 45056]
"Client Access Express Welcome"="c:\program files\IBM\Client Access\cwbwlwiz.exe" [2002-05-07 20530]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"IntelAPMClient"="c:\program files\LANDesk\LDClient\amclient.exe" [2007-08-07 331776]
"SDClientMonitor"="c:\program files\LANDesk\LDClient\webportal\sdclientmonitor.exe" [2006-11-01 258048]
"LANDesk Antivirus"="c:\program files\LANDesk\LDClient\antivirus\LDav.exe" [2007-06-21 823296]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-3-3 24576]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= P:\informatique
FriendlyName=
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
Source= p:\informatique\MOVEX M3
FriendlyName=
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 16:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-21973435-1843860885-618671499-1274\Scripts\Logon\0\0]
"Script"=\\gfi-aerospace.com\netlogon\netform.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-21973435-1843860885-618671499-1276\Scripts\Logon\0\0]
"Script"=netform.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-21973435-1843860885-618671499-1276\Scripts\Logon\1\0]
"Script"=\\srv102fs01\sysvol\GFI-AEROSPACE.COM\scripts\GPO\102\impr102_60.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-21973435-1843860885-618671499-1276\Scripts\Logon\1\1]
"Script"=\\srv102fs01\sysvol\GFI-AEROSPACE.COM\scripts\GPO\102\impr102_20.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-21973435-1843860885-618671499-1276\Scripts\Logon\1\2]
"Script"=\\srv102fs01\sysvol\GFI-AEROSPACE.COM\scripts\GPO\102\impr102_21.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-21973435-1843860885-618671499-1736\Scripts\Logon\0\0]
"Script"=\\gfi-aerospace.com\netlogon\netform.bat
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\cba\\pds.exe"=
"c:\\WINDOWS\\system32\\dlbxcoms.exe"=
"c:\\Program Files\\Numara Software\\Remote\\Guest\\ngstw32.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\LANDesk\\Shared Files\\residentagent.exe"=
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 11:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 11:15 66632]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [26/03/2010 19:02 108289]
R2 CBA8;LANDesk(R) Management Agent;c:\program files\LANDesk\Shared Files\residentAgent.exe [09/01/2007 12:03 122880]
R2 Repository Server;StreamServe Repository Server;c:\program files\StreamServe\4.1.2\Server\bin\ptserv32.exe -config "c:\program files\StreamServe\4.1.2\Common\bin\ptserver.cfg" --> c:\program files\StreamServe\4.1.2\Server\bin\ptserv32.exe -config c:\program files\StreamServe\4.1.2\Common\bin\ptserver.cfg [?]
R2 Softmon;LANDesk(R) Software Monitoring Service;c:\program files\LANDesk\LDClient\SoftMon.exe [22/01/2008 12:25 266240]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [03/03/2006 13:37 87936]
R3 ldblank;Screen Blanking driver for Remote Control;c:\windows\system32\drivers\ldblank.sys [22/01/2008 12:25 11904]
R3 ldmirror;ldmirror;c:\windows\system32\drivers\ldmirror.sys [22/01/2008 12:25 3328]
R3 mirrorflt;Mirror Filter Driver for Uninstall;c:\windows\system32\drivers\mirrorflt.sys [22/01/2008 12:25 3712]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 11:15 12872]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [04/04/2007 13:25 639224]
S2 LDAVService;LANDesk(R) Antivirus;c:\program files\LANDesk\LDClient\Antivirus\AVService.exe [22/01/2008 12:25 344128]
S3 Intel Remote Control Helper;Intel Remote Control Helper;c:\windows\system32\drivers\rch.sys [13/03/2006 11:26 49972]
S3 Reporter;StreamServe Reporter;c:\program files\StreamServe\4.1.2\Reporter\bin\bootloader.exe [05/06/2006 09:14 11776]
S3 ServiceBroker;ServiceBroker;c:\program files\StreamServe\4.1.2\Server\ServiceBroker.exe [05/06/2006 09:14 1753088]
S3 StreamServe2;StreamServe MVXOUT_V4;c:\program files\StreamServe\4.1.2\Server\strsvc.exe [05/06/2006 09:14 9863168]
.
Contenu du dossier 'Tâches planifiées'
2010-03-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {0CDC8A43-059E-47CD-A3D0-FA46E01F6496} - hxxp://tellus.intentia.com/Tellus/Misc/TellusExportAx.CAB
DPF: {1C7CF466-F149-478F-B232-BC6F72638D28} - hxxp://tellus.intentia.com/Tellus/Misc/TellusList.CAB
DPF: {B8C681FD-D629-4CCE-90CD-89493F1F2799} - hxxp://172.20.32.191/mwp/ieui/IEMod.cab
.
.
------- Associations de fichier -------
.
txtfile\shell\satsukidecoder\command=c:\program files\Satsuki Decoder Pack\mpc\mplayerc.exe "%1"
.
- - - - ORPHELINS SUPPRIMES - - - -
AddRemove-StreamServe Communication Server 3.0.0 - c:\docume~1\YDerrien\LOCALS~1\Temp\{625D4DC1-75A6-406C-A772-1A68217E8526}\sysid.exe
AddRemove-StreamServe Tools 3.0.0 - c:\docume~1\YDerrien\LOCALS~1\Temp\{8D77A0AC-9805-48F9-A895-3040496EE663}\sys.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-29 19:15
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(1432)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
- - - - - - - > 'explorer.exe'(3636)
c:\docume~1\YDerrien\LOCALS~1\Temp\catchme.dll
.
Heure de fin: 2010-03-29 19:21:44
ComboFix-quarantined-files.txt 2010-03-29 17:21
Avant-CF: 6 714 568 704 octets libres
Après-CF: 6 674 882 560 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
- - End Of File - - B626C4CEA46C22504076B6B380E5E0F3
bonsoir,
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
Maintenant peux tu réessayer l'option clean et MBR de List&Killem?
En formation pour éradiquer les méchants virus.
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
Maintenant peux tu réessayer l'option clean et MBR de List&Killem?
En formation pour éradiquer les méchants virus.
oui c estok voici le log:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
