Infecté par des virus popup
Résolu/Fermé
A voir également:
- Infecté par des virus popup
- Youtu.be virus - Accueil - Guide virus
- Svchost.exe virus - Guide
- Operagxsetup virus ✓ - Forum Virus
- L'ordinateur d'arthur a été infecté par un virus répertorié récemment. son anti-virus ne l'a pas détecté. qu'a-t-il pu se passer ? - Forum Virus
- L'ordinateur de mustapha a été infecté par un virus répertorié récemment. son anti-virus ne l'a pas détecté. qu'a-t-il pu se passer ? - Forum Windows
16 réponses
Utilisateur anonyme
24 mars 2010 à 01:17
24 mars 2010 à 01:17
salut ;
DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)
▶ Télécharge List_Kill'em et enregistre le sur ton bureau
double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation
une fois terminée , clic sur "terminer" et le programme se lancera seul
choisis l'option Search
un icone blanc et noir va s'afficher sur le bureau , il te servira à relancer le programme par la suite.
un autre rouge et noir te servira a desinstaller le prog a la fin de la desinfection.
▶ laisse travailler l'outil
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.
un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , , il s'auto supprimera a la fin du scan
▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)
▶ Télécharge List_Kill'em et enregistre le sur ton bureau
double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation
une fois terminée , clic sur "terminer" et le programme se lancera seul
choisis l'option Search
un icone blanc et noir va s'afficher sur le bureau , il te servira à relancer le programme par la suite.
un autre rouge et noir te servira a desinstaller le prog a la fin de la desinfection.
▶ laisse travailler l'outil
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.
un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , , il s'auto supprimera a la fin du scan
▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
Utilisateur anonyme
24 mars 2010 à 05:45
24 mars 2010 à 05:45
▶ Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'Option Clean
ton PC va redemarrer,
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
▶ colle le contenu dans ta reponse
mais cette fois-ci :
▶ choisis l'Option Clean
ton PC va redemarrer,
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
▶ colle le contenu dans ta reponse
Utilisateur anonyme
25 mars 2010 à 00:15
25 mars 2010 à 00:15
Kill'em by g3n-h@ckm@n 1.6.0.4
User : Administrateur (Administrateurs)
Update on 23/03/2010 by g3n-h@ckm@n ::::: 19.30
Start at: 18:02:25 | 2010-03-24
Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : McAfee VirusScan Enterprise 8.5.0.781 [ Enabled | Updated ]
C:\ -> Disque fixe local | 68,36 Go (42,48 Go free) | NTFS
D:\ -> Disque fixe local | 29,29 Go (28,89 Go free) [DONNEES] | NTFS
E:\ -> Disque fixe local | 14,13 Go (14,07 Go free) [GHOST] | NTFS
F:\ -> Disque CD-ROM
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe
C:\WINDOWS\system32\lxdxcoms.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SMINST\PCAngel.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\ERUNT.EXE
C:\Program Files\List_Kill'em\pv.exe
Detections :
==========
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\Program Files\Mozilla FireFox\Components\AskHPRFF.js
Quarantined & Deleted !! : C:\WINDOWS\002718_.tmp
Quarantined & Deleted !! : C:\WINDOWS\bk23567.dat
Quarantined & Deleted !! : C:\WINDOWS\fdgg34353edfgdfdf
Quarantined & Deleted !! : C:\WINDOWS\lgo
Quarantined & Deleted !! : C:\WINDOWS\System32\_003083_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\x64
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269296700.exe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269302825.exe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269383250.exe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269388273.exe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269467594.exe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269467926.exe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\010112010146111103.xxe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\010112010146114101.xxe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\01011201014650115.xxe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\Local Settings\Temp\all.cpr
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\Local Settings\Temp\dw.log
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\FP_PL_MSI_INSTALLER.exe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\haroldshills_install.exe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\icytower14.exe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\ReimagePackage.exe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\Toolbarfr.exe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\isconfig.dat
==============
host file OK !
==============
========
Registry
========
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sysfbtray
Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
========
Services
=========
Ndisuio : Start = 3
EapHost : Start = 2
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2
============
Disk Cleaned
============
=================
anti-ver blaster : OK !!
=================
================
Prefetch cleaned
================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
User : Administrateur (Administrateurs)
Update on 23/03/2010 by g3n-h@ckm@n ::::: 19.30
Start at: 18:02:25 | 2010-03-24
Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : McAfee VirusScan Enterprise 8.5.0.781 [ Enabled | Updated ]
C:\ -> Disque fixe local | 68,36 Go (42,48 Go free) | NTFS
D:\ -> Disque fixe local | 29,29 Go (28,89 Go free) [DONNEES] | NTFS
E:\ -> Disque fixe local | 14,13 Go (14,07 Go free) [GHOST] | NTFS
F:\ -> Disque CD-ROM
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe
C:\WINDOWS\system32\lxdxcoms.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SMINST\PCAngel.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\ERUNT.EXE
C:\Program Files\List_Kill'em\pv.exe
Detections :
==========
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\Program Files\Mozilla FireFox\Components\AskHPRFF.js
Quarantined & Deleted !! : C:\WINDOWS\002718_.tmp
Quarantined & Deleted !! : C:\WINDOWS\bk23567.dat
Quarantined & Deleted !! : C:\WINDOWS\fdgg34353edfgdfdf
Quarantined & Deleted !! : C:\WINDOWS\lgo
Quarantined & Deleted !! : C:\WINDOWS\System32\_003083_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\x64
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269296700.exe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269302825.exe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269383250.exe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269388273.exe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269467594.exe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269467926.exe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\010112010146111103.xxe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\010112010146114101.xxe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\01011201014650115.xxe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\Local Settings\Temp\all.cpr
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\Local Settings\Temp\dw.log
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\FP_PL_MSI_INSTALLER.exe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\haroldshills_install.exe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\icytower14.exe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\ReimagePackage.exe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\Toolbarfr.exe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\isconfig.dat
==============
host file OK !
==============
========
Registry
========
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sysfbtray
Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
========
Services
=========
Ndisuio : Start = 3
EapHost : Start = 2
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2
============
Disk Cleaned
============
=================
anti-ver blaster : OK !!
=================
================
Prefetch cleaned
================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Utilisateur anonyme
25 mars 2010 à 00:33
25 mars 2010 à 00:33
Télécharge OTL de OLDTimer
▶ enregistre le sur ton Bureau.
▶ Double clic ( pour vista / 7 => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.
▶ Coche les 2 cases Lop et Purity
▶ Coche la case devant scan all users
▶ règle-le sur "60 Days"
▶ dans la colonne de gauche , mets tout sur "all"
ne modifie pas ceci :
"files created whithin" et "files modified whithin"
▶Clic sur Run Scan.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)
▶▶▶ NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier ci-dessus.
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
▶▶ Tu feras la meme chose avec le "Extra.txt" qui logiquement sera aussi sur ton bureau.
▶ enregistre le sur ton Bureau.
▶ Double clic ( pour vista / 7 => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.
▶ Coche les 2 cases Lop et Purity
▶ Coche la case devant scan all users
▶ règle-le sur "60 Days"
▶ dans la colonne de gauche , mets tout sur "all"
ne modifie pas ceci :
"files created whithin" et "files modified whithin"
▶Clic sur Run Scan.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)
▶▶▶ NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier ci-dessus.
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
▶▶ Tu feras la meme chose avec le "Extra.txt" qui logiquement sera aussi sur ton bureau.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Utilisateur anonyme
25 mars 2010 à 02:18
25 mars 2010 à 02:18
Bonjour,
Votre lien de Oldtimer ne fonctionne pas,
ci vous ;e pouvez, il serait gentil de le réparer
Votre lien de Oldtimer ne fonctionne pas,
ci vous ;e pouvez, il serait gentil de le réparer
Utilisateur anonyme
26 mars 2010 à 00:47
26 mars 2010 à 00:47
Bonjour,
voici mes liens:
OTL.txt: http://www.cijoint.fr/cjlink.php?file=cj201003/cijsJ8Z1O6.txt
Extras.txt: http://www.cijoint.fr/cjlink.php?file=cj201003/cijsxwouar.txt
voici mes liens:
OTL.txt: http://www.cijoint.fr/cjlink.php?file=cj201003/cijsJ8Z1O6.txt
Extras.txt: http://www.cijoint.fr/cjlink.php?file=cj201003/cijsxwouar.txt
Utilisateur anonyme
26 mars 2010 à 00:59
26 mars 2010 à 00:59
Bonjour,
Voici eux de ma session administrateur:
Otl: http://www.cijoint.fr/cjlink.php?file=cj201003/cijntQjt2p.txt
Extras: http://www.cijoint.fr/cjlink.php?file=cj201003/cijzipIS1q.txt
Voici eux de ma session administrateur:
Otl: http://www.cijoint.fr/cjlink.php?file=cj201003/cijntQjt2p.txt
Extras: http://www.cijoint.fr/cjlink.php?file=cj201003/cijzipIS1q.txt
Utilisateur anonyme
26 mars 2010 à 11:12
26 mars 2010 à 11:12
▶ Télécharge UsbFix
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
▶ Double clic sur le raccourci UsbFix présent sur ton bureau .
▶ Au menu principal choisis l'option " F " pour français et tape sur [entrée] .
▶ Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]
▶ Laisse travailler l'outil.
▶ Ensuite post le rapport UsbFix.txt qui apparaitra.
Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
▶ Double clic sur le raccourci UsbFix présent sur ton bureau .
▶ Au menu principal choisis l'option " F " pour français et tape sur [entrée] .
▶ Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]
▶ Laisse travailler l'outil.
▶ Ensuite post le rapport UsbFix.txt qui apparaitra.
Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Utilisateur anonyme
26 mars 2010 à 22:54
26 mars 2010 à 22:54
############################## | UsbFix V6.100 |
User : Administrateur (Administrateurs) # MARTINEAUJ
Update on 18/03/2010 by El Desaparecido , C_XX & Chimay8
Start at: 17:52:02 | 2010-03-26
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : McAfee VirusScan Enterprise 8.5.0.781 [ Enabled | Updated ]
C:\ -> Disque fixe local # 68,36 Go (42,37 Go free) # NTFS
D:\ -> Disque fixe local # 29,29 Go (28,89 Go free) [DONNEES] # NTFS
E:\ -> Disque fixe local # 14,13 Go (14,07 Go free) [GHOST] # NTFS
F:\ -> Disque CD-ROM
G:\ -> Disque amovible # 1,88 Go (1,85 Go free) # FAT
################## | Elements infectieux |
G:\autorun.inf
################## | Registre |
################## | Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{4434c580-0a30-11dd-9d5d-806d6172696f}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
################## | Vaccin |
################## | ! Fin du rapport # UsbFix V6.100 ! |
User : Administrateur (Administrateurs) # MARTINEAUJ
Update on 18/03/2010 by El Desaparecido , C_XX & Chimay8
Start at: 17:52:02 | 2010-03-26
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : McAfee VirusScan Enterprise 8.5.0.781 [ Enabled | Updated ]
C:\ -> Disque fixe local # 68,36 Go (42,37 Go free) # NTFS
D:\ -> Disque fixe local # 29,29 Go (28,89 Go free) [DONNEES] # NTFS
E:\ -> Disque fixe local # 14,13 Go (14,07 Go free) [GHOST] # NTFS
F:\ -> Disque CD-ROM
G:\ -> Disque amovible # 1,88 Go (1,85 Go free) # FAT
################## | Elements infectieux |
G:\autorun.inf
################## | Registre |
################## | Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{4434c580-0a30-11dd-9d5d-806d6172696f}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
################## | Vaccin |
################## | ! Fin du rapport # UsbFix V6.100 ! |
Utilisateur anonyme
26 mars 2010 à 23:56
26 mars 2010 à 23:56
Je pense que ce virus n'est plus dans mon ordinateur. Aujourd'hui, je n'ai remarqué aucun acte de virus
Utilisateur anonyme
27 mars 2010 à 00:09
27 mars 2010 à 00:09
et ca c'est quoi ?
HKCU\..\..\Explorer\MountPoints2\{4434c580-0a30-11dd-9d5d-806d6172696f}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
HKCU\..\..\Explorer\MountPoints2\{4434c580-0a30-11dd-9d5d-806d6172696f}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
Utilisateur anonyme
31 mars 2010 à 23:40
31 mars 2010 à 23:40
J'ai trouvé le nom du virus qui est dans mon ordinateur
il s'agit de Xp defender pro
il s'agit de Xp defender pro
Utilisateur anonyme
1 avril 2010 à 00:10
1 avril 2010 à 00:10
Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.
▶ Télécharge :
Malwarebytes
ou :
Malwarebytes
▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX
▶ Potasses le Tuto pour te familiariser avec le prg :
( cela dit, il est très simple d'utilisation ).
relance malwarebytes en suivant scrupuleusement ces consignes :
! Déconnecte toi et ferme toutes applications en cours !
▶ Lance Malwarebyte's .
Fais un examen dit "Complet" .
▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
▶ Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .
▶ Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
▶ Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
▶ Télécharge :
Malwarebytes
ou :
Malwarebytes
▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX
▶ Potasses le Tuto pour te familiariser avec le prg :
( cela dit, il est très simple d'utilisation ).
relance malwarebytes en suivant scrupuleusement ces consignes :
! Déconnecte toi et ferme toutes applications en cours !
▶ Lance Malwarebyte's .
Fais un examen dit "Complet" .
▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
▶ Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .
▶ Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
▶ Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
Utilisateur anonyme
1 avril 2010 à 02:58
1 avril 2010 à 02:58
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Version de la base de données: 3939
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
2010-03-31 20:50:20
mbam-log-2010-03-31 (20-50-20).txt
Type d'examen: Examen complet (C:\|D:\|E:\|)
Elément(s) analysé(s): 250479
Temps écoulé: 1 heure(s), 19 minute(s), 26 seconde(s)
Processus mémoire infecté(s): 3
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 11
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 61
Processus mémoire infecté(s):
C:\Documents and Settings\Administrateur\Local Settings\Temp\Hpr.exe (Trojan.FraudPack) -> Unloaded process successfully.
C:\WINDOWS\Hhesya.exe (Trojan.FraudPack) -> Unloaded process successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
c:\WINDOWS\system32\clbcoko.dll (Worm.KoobFace) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\swoko (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ql600oko (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QL600OKO (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SWOKO (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\WEK9EMDHI9 (Trojan.Agent) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yvibbbha8c (Trojan.FraudPack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvc (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Administrateur\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Administrateur\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Administrateur\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (secfile) Good: (exefile) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.164.15,93.188.161.145 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{751e7fd4-53ae-449e-a0d3-8e614bfc2124}\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.164.15,93.188.161.145 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{751e7fd4-53ae-449e-a0d3-8e614bfc2124}\NameServer (Trojan.DNSChanger) -> Data: 93.188.164.15,93.188.161.145 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d46908fb-4d97-4c4d-8d00-02d665cf8b7e}\NameServer (Trojan.DNSChanger) -> Data: 93.188.164.15,93.188.161.145 -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
c:\WINDOWS\system32\clbcoko.dll (Worm.KoobFace) -> Delete on reboot.
C:\Documents and Settings\Administrateur\Local Settings\Temp\Hpr.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.
C:\WINDOWS\Hhesya.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\Hpq.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\00004baa (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\DQPU513E\Setup_312s2[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\IF9OETQO\p[1].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\LHZ99H29\p[2].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269302769.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269308610.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269352672.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269363783.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269364268.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269383009.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269436294.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Temporary Internet Files\Content.IE5\F5SCEZCJ\p[1].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Temporary Internet Files\Content.IE5\IRVYPZAD\p[1].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Temporary Internet Files\Content.IE5\IRVYPZAD\p[2].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Temporary Internet Files\Content.IE5\IRVYPZAD\p[3].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Temporary Internet Files\Content.IE5\IRVYPZAD\p[4].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Temporary Internet Files\Content.IE5\K1TJ8MEF\go[1].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Temporary Internet Files\Content.IE5\QWO0QKUX\p[1].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Temporary Internet Files\Content.IE5\QWO0QKUX\Setup_312s1[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Temporary Internet Files\Content.IE5\UMSPI9ON\p[1].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Temporary Internet Files\Content.IE5\ZR6NXQ3E\go[1].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Mes documents\setup.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Kill'em\Quarantine\rdr_1269296700.exe.Kill'em (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Kill'em\Quarantine\rdr_1269302825.exe.Kill'em (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Kill'em\Quarantine\rdr_1269383250.exe.Kill'em (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Kill'em\Quarantine\rdr_1269388273.exe.Kill'em (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Kill'em\Quarantine\rdr_1269467594.exe.Kill'em (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Kill'em\Quarantine\rdr_1269467926.exe.Kill'em (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP142\A0096703.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP142\A0096704.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP142\A0096705.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP142\A0096706.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP142\A0096707.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP142\A0096708.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\bill104.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\mrxoko.sys (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\00004c8e.tmp (Rogue.Multiple) -> Delete on reboot.
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Temp\zpskon_1269458438.exe (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Temp\zpskon_1269466737.exe (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\010112010146111103.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\010112010146114101.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\01011201014650115.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269300841.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269301142.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269301143.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269301144.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269301149.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269301150.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269352977.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269352979.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269352981.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269352983.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269364570.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269364571.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
www.malwarebytes.org
Version de la base de données: 3939
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
2010-03-31 20:50:20
mbam-log-2010-03-31 (20-50-20).txt
Type d'examen: Examen complet (C:\|D:\|E:\|)
Elément(s) analysé(s): 250479
Temps écoulé: 1 heure(s), 19 minute(s), 26 seconde(s)
Processus mémoire infecté(s): 3
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 11
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 61
Processus mémoire infecté(s):
C:\Documents and Settings\Administrateur\Local Settings\Temp\Hpr.exe (Trojan.FraudPack) -> Unloaded process successfully.
C:\WINDOWS\Hhesya.exe (Trojan.FraudPack) -> Unloaded process successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
c:\WINDOWS\system32\clbcoko.dll (Worm.KoobFace) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\swoko (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ql600oko (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QL600OKO (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SWOKO (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\WEK9EMDHI9 (Trojan.Agent) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yvibbbha8c (Trojan.FraudPack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvc (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Administrateur\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Administrateur\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Administrateur\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (secfile) Good: (exefile) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.164.15,93.188.161.145 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{751e7fd4-53ae-449e-a0d3-8e614bfc2124}\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.164.15,93.188.161.145 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{751e7fd4-53ae-449e-a0d3-8e614bfc2124}\NameServer (Trojan.DNSChanger) -> Data: 93.188.164.15,93.188.161.145 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d46908fb-4d97-4c4d-8d00-02d665cf8b7e}\NameServer (Trojan.DNSChanger) -> Data: 93.188.164.15,93.188.161.145 -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
c:\WINDOWS\system32\clbcoko.dll (Worm.KoobFace) -> Delete on reboot.
C:\Documents and Settings\Administrateur\Local Settings\Temp\Hpr.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.
C:\WINDOWS\Hhesya.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\Hpq.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\00004baa (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\DQPU513E\Setup_312s2[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\IF9OETQO\p[1].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\LHZ99H29\p[2].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269302769.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269308610.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269352672.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269363783.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269364268.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269383009.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269436294.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Temporary Internet Files\Content.IE5\F5SCEZCJ\p[1].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Temporary Internet Files\Content.IE5\IRVYPZAD\p[1].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Temporary Internet Files\Content.IE5\IRVYPZAD\p[2].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Temporary Internet Files\Content.IE5\IRVYPZAD\p[3].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Temporary Internet Files\Content.IE5\IRVYPZAD\p[4].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Temporary Internet Files\Content.IE5\K1TJ8MEF\go[1].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Temporary Internet Files\Content.IE5\QWO0QKUX\p[1].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Temporary Internet Files\Content.IE5\QWO0QKUX\Setup_312s1[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Temporary Internet Files\Content.IE5\UMSPI9ON\p[1].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Temporary Internet Files\Content.IE5\ZR6NXQ3E\go[1].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Mes documents\setup.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Kill'em\Quarantine\rdr_1269296700.exe.Kill'em (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Kill'em\Quarantine\rdr_1269302825.exe.Kill'em (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Kill'em\Quarantine\rdr_1269383250.exe.Kill'em (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Kill'em\Quarantine\rdr_1269388273.exe.Kill'em (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Kill'em\Quarantine\rdr_1269467594.exe.Kill'em (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Kill'em\Quarantine\rdr_1269467926.exe.Kill'em (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP142\A0096703.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP142\A0096704.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP142\A0096705.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP142\A0096706.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP142\A0096707.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{36D576C6-D89E-469E-9FBC-ABF0712A416E}\RP142\A0096708.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\bill104.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\mrxoko.sys (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\00004c8e.tmp (Rogue.Multiple) -> Delete on reboot.
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Temp\zpskon_1269458438.exe (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Temp\zpskon_1269466737.exe (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\010112010146111103.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\010112010146114101.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\01011201014650115.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269300841.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269301142.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269301143.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269301144.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269301149.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269301150.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269352977.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269352979.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269352981.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269352983.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269364570.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\martineauj\Local Settings\Application Data\rdr_1269364571.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
24 mars 2010 à 02:06
User : Administrateur (Administrateurs)
Update on 23/03/2010 by g3n-h@ckm@n ::::: 19.30
Start at: 20:25:33 | 2010-03-23
Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : McAfee VirusScan Enterprise 8.5.0.781 [ Enabled | Updated ]
C:\ -> Disque fixe local | 68,36 Go (42,46 Go free) | NTFS
D:\ -> Disque fixe local | 29,29 Go (28,89 Go free) [DONNEES] | NTFS
E:\ -> Disque fixe local | 14,13 Go (14,07 Go free) [GHOST] | NTFS
F:\ -> Disque CD-ROM
Boot: Normal
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe
C:\WINDOWS\system32\lxdxcoms.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\windows\bill104.exe
C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Safari\Safari.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOST.EXE
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\findstr.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\List_Kill'em\pv.exe
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
LightScribe Control Panel REG_SZ C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
feedreader.exe REG_SZ "C:\Program Files\FeedReader30\feedreader.exe"
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
Gestionnaire Antidote.exe REG_SZ C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MsmqIntCert REG_SZ regsvr32 /s mqrt.dll
SoundMAXPnP REG_SZ C:\Program Files\Analog Devices\Core\smax4pnp.exe
SoundMAX REG_SZ C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
PDF Complete REG_SZ "C:\Program Files\PDF Complete\pdfsty.exe"
PTHOSTTR REG_SZ C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
IgfxTray REG_SZ C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds REG_SZ C:\WINDOWS\system32\hkcmd.exe
Persistence REG_SZ C:\WINDOWS\system32\igfxpers.exe
hpWirelessAssistant REG_EXPAND_SZ %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
QlbCtrl REG_EXPAND_SZ %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
CognizanceTS REG_SZ rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
Recguard REG_SZ C:\WINDOWS\Sminst\Recguard.exe
Reminder REG_SZ C:\WINDOWS\Creator\Remind_XP.exe
Scheduler REG_SZ C:\WINDOWS\SMINST\Scheduler.exe
Cpqset REG_SZ C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
WatchDog REG_SZ C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
AccelerometerSysTrayApplet REG_SZ C:\WINDOWS\system32\AccelerometerSt.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
ShStatEXE REG_SZ "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
McAfeeUpdaterUI REG_SZ "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
HP Software Update REG_SZ C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
<NO NAME> REG_SZ
lxdxmon.exe REG_SZ "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"
lxdxamon REG_SZ "C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe"
FaxCenterServer REG_SZ "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
sysfbtray REG_SZ C:\windows\bill104.exe
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 145 (0x91)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 1 (0x1)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ APSHook.dll,wbsys.dll
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultUserName REG_SZ administrateur
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 0 (0x0)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 0 (0x0)
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 1 (0x1)
AltDefaultUserName REG_SZ administrateur
AltDefaultDomainName REG_SZ MARTINEAUJ
DefaultDomainName REG_SZ MARTINEAUJ
ChangePasswordUseKerberos REG_DWORD 1 (0x1)
DisableCAD REG_DWORD 0 (0x0)
AutoAdminLogon REG_SZ 0
CachePrimaryDomain REG_SZ PROTIC
DCacheUpdate REG_BINARY aebcef61e3caca01
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\DomainCache
===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\WINDOWS\system32\mqsvc.exe REG_SZ C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing
C:\WINDOWS\SMINST\Scheduler.exe REG_SZ C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\McAfee\Common Framework\FrameworkService.exe REG_SZ C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE REG_SZ C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
C:\WINDOWS\system32\lxdxcoms.exe REG_SZ C:\WINDOWS\system32\lxdxcoms.exe:*:Enabled:3600-4600 Series Server
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe REG_SZ C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe:*:Enabled:Printer Device Monitor
C:\WINDOWS\system32\lxdxcfg.exe REG_SZ C:\WINDOWS\system32\lxdxcfg.exe:*:Enabled:Printer Communication System
C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxpswx.exe REG_SZ C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxpswx.exe:*:Enabled:Printer Status Window Interface
C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxtime.exe REG_SZ C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxtime.exe:*:Enabled:Lexmark Connect Time Executable
C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxjswx.exe REG_SZ C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxjswx.exe:*:Enabled:Job Status Window Interface
C:\Program Files\Pando Networks\Media Booster\PMB.exe REG_SZ C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Disabled:Pando Media Booster
C:\Program Files\LimeWire\LimeWire.exe REG_SZ C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
C:\Documents and Settings\Administrateur\Local Settings\Temp\7zS21.tmp\SymNRT.exe REG_SZ C:\Documents and Settings\Administrateur\Local Settings\Temp\7zS21.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool
C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxwbgw.exe REG_SZ C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxwbgw.exe:*:Enabled:Lexmark Web Gateway
C:\Program Files\Lexmark 3600-4600 Series\lxdxlscn.exe REG_SZ C:\Program Files\Lexmark 3600-4600 Series\lxdxlscn.exe:*:Enabled:
C:\Program Files\Armagetron Advanced\armagetronad.exe REG_SZ C:\Program Files\Armagetron Advanced\armagetronad.exe:*:Enabled:armagetronad
C:\Program Files\Safari\Safari.exe REG_SZ C:\Program Files\Safari\Safari.exe:*:Enabled:Safari
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\WINDOWS\system32\mqsvc.exe REG_SZ C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Pando Networks\Media Booster\PMB.exe REG_SZ C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Disabled:Pando Media Booster
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe REG_SZ C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe:*:Disabled:Printer Device Monitor
C:\Program Files\uTorrent\uTorrent.exe REG_SZ C:\Program Files\uTorrent\uTorrent.exe:*:Disabled:µTorrent
===============
ActivX controls
===============
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{166B1BCA-3F9C-11CF-8075-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]
===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{233C1507-6A77-46A4-9443-F871F945D258}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5056b317-8d4c-43ee-8543-b9d1e234b8f4}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EF289A85-8E57-408d-BE47-73B55609861A}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}]
==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
===
DNS
===
DNS Server Search Order: 24.200.243.189
Description: Intel(R) PRO/Wireless 3945ABG Network Connection - Miniport d'ordonnancement de paquets
DNS Server Search Order: 24.200.241.37
DNS Server Search Order: 24.201.245.77
DNS Server Search Order: 24.200.243.189
HKLM\SYSTEM\CCS\Services\Tcpip\..\{2B46446A-5F45-4EAF-B08C-1DFB24D9C2E5}: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D46908FB-4D97-4C4D-8D00-02D665CF8B7E}: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2B46446A-5F45-4EAF-B08C-1DFB24D9C2E5}: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D46908FB-4D97-4C4D-8D00-02D665CF8B7E}: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CS3\Services\Tcpip\..\{2B46446A-5F45-4EAF-B08C-1DFB24D9C2E5}: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CS3\Services\Tcpip\..\{D46908FB-4D97-4C4D-8D00-02D665CF8B7E}: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www8.hp.com/fr/fr/home.html
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
=========
Atapi.sys
=========
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\ServicePackFiles\i386\atapi.sys
##
96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\ServicePackFiles\i386\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\system32\drivers\atapi.sys
##
96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\system32\drivers\atapi.sys
Référence :
==========
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e
=======
Drive :
=======
D'fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.
Rapport d'analyse
68,36 Go total, 42,46 Go libre (62%), 12% fragment' (fragmentation du fichier 25%)
Vous devriez d'fragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Present !! : C:\Program Files\Mozilla FireFox\Components\AskHPRFF.js
Present !! : C:\WINDOWS\002718_.tmp
Present !! : C:\WINDOWS\bk23567.dat
Present !! : C:\WINDOWS\fdgg34353edfgdfdf
Present !! : C:\WINDOWS\lgo
Present !! : C:\WINDOWS\ligh
Present !! : C:\WINDOWS\System32\_*.dll
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269296700.exe
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269302825.exe
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269383250.exe
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269388273.exe
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269296700.exe
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269302825.exe
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269383250.exe
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269388273.exe
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Temp\all.cpr
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Temp\dw.log
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\FP_PL_MSI_INSTALLER.exe
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\haroldshills_install.exe
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\icytower14.exe
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\ReimagePackage.exe
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\Toolbarfr.exe
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\isconfig.dat
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : C:\WINDOWS\System32\x64
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269296700.exe
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269302825.exe
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269383250.exe
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269388273.exe
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269296700.exe
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269302825.exe
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269383250.exe
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Application Data\rdr_1269388273.exe
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Temp\all.cpr
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Temp\dw.log
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\FP_PL_MSI_INSTALLER.exe
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\haroldshills_install.exe
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\icytower14.exe
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\ReimagePackage.exe
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\Toolbarfr.exe
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\isconfig.dat
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sysfbtray
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sysfbtray
Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
============
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-23 21:02:48
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????T??????????????|?M?|?????M?|&?@
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll ACPI.sys iaStor.sys
kernel: MBR read successfully
user & kernel MBR OK
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 21:02:49,56