A voir également:
- Gros ralentissements
- Gros ralentissement pc - Guide
- Problème ralentissements Svchost.exe ✓ - Forum Processeur
- Gros ralentissements périodiques en jeu avec une voix robotique sur Discord - Forum Jeux vidéo
- Ou placer gros aimant ralentir compteur edf - Forum Réseau
- [PC - windows 10] Ralentissements/saccades - Forum Windows
24 réponses
salut
la plupart des ressource de l'uc est "boufé" par "processus inactif du système")
ca , c'est normal
Télécharge OTL de OLDTimer
▶ enregistre le sur ton Bureau.
▶ Double clic ( pour vista / 7 => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.
▶ Coche les 2 cases Lop et Purity
▶ Coche la case devant scan all users
▶ règle-le sur "60 Days"
▶ dans la moitié gauche , mets tout sur "all"
ne modifie pas ceci :
"files created whithin" et "files modified whithin"
▶Clic sur Run Scan.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)
▶▶▶ NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier ci-dessus.
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
▶▶ Tu feras la meme chose avec le "Extra.txt" qui logiquement sera aussi sur ton bureau.
la plupart des ressource de l'uc est "boufé" par "processus inactif du système")
ca , c'est normal
Télécharge OTL de OLDTimer
▶ enregistre le sur ton Bureau.
▶ Double clic ( pour vista / 7 => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.
▶ Coche les 2 cases Lop et Purity
▶ Coche la case devant scan all users
▶ règle-le sur "60 Days"
▶ dans la moitié gauche , mets tout sur "all"
ne modifie pas ceci :
"files created whithin" et "files modified whithin"
▶Clic sur Run Scan.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)
▶▶▶ NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier ci-dessus.
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
▶▶ Tu feras la meme chose avec le "Extra.txt" qui logiquement sera aussi sur ton bureau.
Les opérations sont effectués, voici les rapports (les bons...):
http://www.cijoint.fr/cjlink.php?file=cj201003/cijV04eW73.txt
http://www.cijoint.fr/cjlink.php?file=cj201003/cijPl5Cohu.txt
http://www.cijoint.fr/cjlink.php?file=cj201003/cijV04eW73.txt
http://www.cijoint.fr/cjlink.php?file=cj201003/cijPl5Cohu.txt
salut non je n'ai pas eu d'alerte comme quoi tu avais repondu ca marche un coup sur deux... !!!....:S
▶ télécharge LOP S&D sur ton Bureau.
▶ Double-clique dessus pour lancer l'installation
▶ Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
▶ Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
▶ Patiente jusqu'à la fin du scan
▶ Poste le rapport généré (C:\lopR.txt)
▶ télécharge LOP S&D sur ton Bureau.
▶ Double-clique dessus pour lancer l'installation
▶ Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
▶ Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
▶ Patiente jusqu'à la fin du scan
▶ Poste le rapport généré (C:\lopR.txt)
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
voila le rapport de lop :
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.70GHz )
BIOS : Phoenix NoteBIOS 4.0 Release 6.0
USER : Utilisateur ( Administrator )
BOOT : Normal boot
Antivirus : AntiVir Desktop 9.0.1.32 (Activated)
C:\ (Local Disk) - NTFS - Total:33 Go (Free:1 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 01/04/2010|16:39 )
--------------------\\ Listing des dossiers dans APPLIC~1
[04/12/2007|02:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[11/07/2006|17:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
[10/03/2010|21:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[04/12/2007|02:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Brother
[11/07/2006|17:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[04/12/2007|19:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[04/12/2007|02:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[04/12/2007|02:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[04/12/2007|02:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[01/12/2007|10:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
[15/07/2009|09:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[11/07/2006|17:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Network Associates
[14/07/2009|18:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Norton
[14/07/2009|18:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NortonInstaller
[11/07/2006|17:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[09/02/2010|23:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
[16/08/2004|18:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[14/07/2009|18:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[14/07/2009|18:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[11/07/2006|17:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
[01/12/2007|10:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[04/12/2007|02:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[04/04/2009|03:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\wmp
[16/08/2004|18:19] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[10/01/2010|21:37] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[16/08/2004|17:54] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[11/07/2006|17:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
[11/07/2006|17:45] C:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver
[01/12/2007|12:47] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[04/12/2007|02:19] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[16/08/2004|18:19] C:\DOCUME~1\postgres\APPLIC~1\Identities
[16/08/2004|17:54] C:\DOCUME~1\postgres\APPLIC~1\Microsoft
[11/07/2006|17:36] C:\DOCUME~1\postgres\APPLIC~1\Sun
[11/07/2006|17:45] C:\DOCUME~1\postgres\APPLIC~1\You've Got Pictures Screensaver
[11/03/2010|13:04] C:\DOCUME~1\PROPRI~1\APPLIC~1\You've Got Pictures Screensaver
[04/12/2007|02:49] C:\DOCUME~1\UTILIS~1\APPLIC~1\Adobe
[04/12/2007|19:41] C:\DOCUME~1\UTILIS~1\APPLIC~1\AdobeUM
[04/12/2007|19:46] C:\DOCUME~1\UTILIS~1\APPLIC~1\Apple Computer
[01/04/2010|16:38] C:\DOCUME~1\UTILIS~1\APPLIC~1\BitTorrent
[01/12/2007|12:52] C:\DOCUME~1\UTILIS~1\APPLIC~1\CyberLink
[04/12/2007|02:30] C:\DOCUME~1\UTILIS~1\APPLIC~1\DAEMON Tools
[15/07/2009|09:11] C:\DOCUME~1\UTILIS~1\APPLIC~1\Desktopicon
[04/04/2009|02:22] C:\DOCUME~1\UTILIS~1\APPLIC~1\DNA
[04/04/2009|02:22] C:\DOCUME~1\UTILIS~1\APPLIC~1\dvdcss
[15/07/2009|09:04] C:\DOCUME~1\UTILIS~1\APPLIC~1\FastStone
[11/03/2010|19:57] C:\DOCUME~1\UTILIS~1\APPLIC~1\foobar2000
[04/12/2007|19:02] C:\DOCUME~1\UTILIS~1\APPLIC~1\Google
[04/04/2009|02:30] C:\DOCUME~1\UTILIS~1\APPLIC~1\gtk-2.0
[04/12/2007|02:35] C:\DOCUME~1\UTILIS~1\APPLIC~1\Identities
[04/04/2009|03:07] C:\DOCUME~1\UTILIS~1\APPLIC~1\Inkscape
[15/07/2009|09:08] C:\DOCUME~1\UTILIS~1\APPLIC~1\InstallShield
[11/03/2010|20:54] C:\DOCUME~1\UTILIS~1\APPLIC~1\Leadertech
[04/12/2007|19:07] C:\DOCUME~1\UTILIS~1\APPLIC~1\Macromedia
[04/12/2007|02:04] C:\DOCUME~1\UTILIS~1\APPLIC~1\Malwarebytes
[01/12/2007|10:49] C:\DOCUME~1\UTILIS~1\APPLIC~1\McAfee
[04/12/2007|02:41] C:\DOCUME~1\UTILIS~1\APPLIC~1\Microsoft
[13/03/2009|11:04] C:\DOCUME~1\UTILIS~1\APPLIC~1\Mozilla
[15/07/2009|09:50] C:\DOCUME~1\UTILIS~1\APPLIC~1\Partouche
[09/02/2010|23:26] C:\DOCUME~1\UTILIS~1\APPLIC~1\Real
[11/03/2010|20:54] C:\DOCUME~1\UTILIS~1\APPLIC~1\Sonic
[11/07/2006|17:36] C:\DOCUME~1\UTILIS~1\APPLIC~1\Sun
[04/12/2007|23:55] C:\DOCUME~1\UTILIS~1\APPLIC~1\vlc
[04/12/2007|19:19] C:\DOCUME~1\UTILIS~1\APPLIC~1\WinRAR
[14/07/2009|18:43] C:\DOCUME~1\UTILIS~1\APPLIC~1\YoudaGames
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[01/04/2010 02:02][--a------] C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3831125673-1184176582-443450714-1006.job
[09/02/2010 23:18][--a------] C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3831125673-1184176582-443450714-1006.job
[01/04/2010 16:25][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[01/04/2010 02:02][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[01/04/2010 02:14][--ah-----] C:\WINDOWS\tasks\MP Scheduled Scan.job
[01/04/2010 02:02][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Program Files
[04/12/2007|02:23] C:\Program Files\Adobe
[04/12/2007|02:47] C:\Program Files\Ad-remover
[11/07/2006|17:45] C:\Program Files\AOL 9.0
[11/07/2006|17:45] C:\Program Files\AOL Compagnon
[11/07/2006|17:16] C:\Program Files\Apoint2K
[10/03/2010|21:22] C:\Program Files\Avira
[04/12/2007|02:35] C:\Program Files\BitTorrent
[13/03/2009|10:59] C:\Program Files\CCleaner
[16/08/2004|18:05] C:\Program Files\ComPlus Applications
[11/07/2006|17:31] C:\Program Files\CONEXANT
[11/07/2006|17:42] C:\Program Files\CyberLink
[04/12/2007|02:01] C:\Program Files\DAEMON Tools Lite
[01/12/2007|13:17] C:\Program Files\directx
[14/07/2009|18:46] C:\Program Files\DivX
[04/04/2009|02:19] C:\Program Files\DNA
[09/02/2010|23:23] C:\Program Files\Fichiers communs
[15/07/2009|08:59] C:\Program Files\Free Audio Pack
[10/03/2010|22:24] C:\Program Files\Google
[09/02/2010|23:33] C:\Program Files\InstallShield Installation Information
[01/04/2010|02:21] C:\Program Files\Internet Explorer
[10/03/2010|21:33] C:\Program Files\Java
[17/01/2010|16:02] C:\Program Files\Malwarebytes' Anti-Malware
[13/03/2009|10:32] C:\Program Files\Messenger
[15/07/2009|09:44] C:\Program Files\Microsoft
[16/08/2004|18:11] C:\Program Files\microsoft frontpage
[04/12/2007|19:16] C:\Program Files\Microsoft Office
[23/01/2010|00:28] C:\Program Files\Microsoft Silverlight
[15/07/2009|09:43] C:\Program Files\Microsoft SQL Server Compact Edition
[01/12/2007|13:07] C:\Program Files\Microsoft Works
[11/03/2010|10:18] C:\Program Files\Movie Maker
[04/12/2007|02:34] C:\Program Files\Mozilla Firefox
[01/04/2010|16:30] C:\Program Files\Mozilla Firefox 3 Beta 1
[01/12/2007|12:54] C:\Program Files\MSBuild
[04/12/2007|19:09] C:\Program Files\MSN
[16/08/2004|18:03] C:\Program Files\MSN Gaming Zone
[11/01/2010|14:16] C:\Program Files\MSXML 4.0
[15/07/2009|09:12] C:\Program Files\MyDSC2
[13/03/2009|10:29] C:\Program Files\NetMeeting
[14/07/2009|18:54] C:\Program Files\Norton Security Scan
[04/12/2007|02:36] C:\Program Files\Orange
[14/07/2009|16:55] C:\Program Files\OrangeHSS
[15/07/2009|09:02] C:\Program Files\Outlook Express
[17/01/2010|15:26] C:\Program Files\PokerTracker 3
[15/07/2009|09:14] C:\Program Files\PostgreSQL
[09/02/2010|23:23] C:\Program Files\real
[01/12/2007|12:51] C:\Program Files\Reference Assemblies
[04/12/2007|02:01] C:\Program Files\ScanSoft
[16/08/2004|18:07] C:\Program Files\Services en ligne
[11/07/2006|17:43] C:\Program Files\Sonic
[16/08/2004|18:19] C:\Program Files\Uninstall Information
[14/07/2009|16:50] C:\Program Files\Unlocker
[04/12/2007|23:54] C:\Program Files\VideoLAN
[11/07/2006|17:45] C:\Program Files\Viewpoint
[04/12/2007|01:58] C:\Program Files\Windows Defender
[15/07/2009|09:44] C:\Program Files\Windows Live
[15/07/2009|09:36] C:\Program Files\Windows Live SkyDrive
[01/12/2007|10:52] C:\Program Files\Windows Media Connect 2
[13/03/2009|10:29] C:\Program Files\Windows Media Player
[13/03/2009|10:29] C:\Program Files\Windows NT
[16/08/2004|18:07] C:\Program Files\WindowsUpdate
[04/12/2007|19:00] C:\Program Files\WinRAR
[16/08/2004|18:11] C:\Program Files\xerox
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[04/12/2007|02:23] C:\Program Files\Fichiers communs\Adobe
[11/07/2006|17:45] C:\Program Files\Fichiers communs\AOL
[11/07/2006|17:45] C:\Program Files\Fichiers communs\aolshare
[01/12/2007|10:46] C:\Program Files\Fichiers communs\Designer
[14/07/2009|16:52] C:\Program Files\Fichiers communs\France Telecom
[04/12/2007|02:02] C:\Program Files\Fichiers communs\InstallShield
[10/03/2010|22:10] C:\Program Files\Fichiers communs\Microsoft Shared
[16/08/2004|18:06] C:\Program Files\Fichiers communs\MSSoap
[11/07/2006|17:45] C:\Program Files\Fichiers communs\Nullsoft
[16/08/2004|17:57] C:\Program Files\Fichiers communs\ODBC
[09/02/2010|23:23] C:\Program Files\Fichiers communs\Real
[16/08/2004|18:06] C:\Program Files\Fichiers communs\Services
[16/08/2004|17:56] C:\Program Files\Fichiers communs\SpeechEngines
[11/07/2006|17:43] C:\Program Files\Fichiers communs\SureThing Shared
[14/07/2009|18:56] C:\Program Files\Fichiers communs\Symantec Shared
[13/03/2009|10:29] C:\Program Files\Fichiers communs\System
[04/12/2007|02:13] C:\Program Files\Fichiers communs\Windows Live
[04/12/2007|23:38] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[09/02/2010|23:23] C:\Program Files\Fichiers communs\xing shared
--------------------\\ Process
( 44 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-01 16:40:21
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 25
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:34][D:10]-> C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp
[F:18][D:0]-> C:\DOCUME~1\UTILIS~1\Cookies
[F:33][D:5]-> C:\DOCUME~1\UTILIS~1\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 01/04/2010|16:41 - Option : [1]
--------------------\\ Fin du rapport a 16:41:35
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.70GHz )
BIOS : Phoenix NoteBIOS 4.0 Release 6.0
USER : Utilisateur ( Administrator )
BOOT : Normal boot
Antivirus : AntiVir Desktop 9.0.1.32 (Activated)
C:\ (Local Disk) - NTFS - Total:33 Go (Free:1 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 01/04/2010|16:39 )
--------------------\\ Listing des dossiers dans APPLIC~1
[04/12/2007|02:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[11/07/2006|17:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
[10/03/2010|21:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[04/12/2007|02:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Brother
[11/07/2006|17:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[04/12/2007|19:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[04/12/2007|02:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[04/12/2007|02:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[04/12/2007|02:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[01/12/2007|10:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
[15/07/2009|09:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[11/07/2006|17:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Network Associates
[14/07/2009|18:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Norton
[14/07/2009|18:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NortonInstaller
[11/07/2006|17:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[09/02/2010|23:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
[16/08/2004|18:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[14/07/2009|18:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[14/07/2009|18:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[11/07/2006|17:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
[01/12/2007|10:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[04/12/2007|02:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[04/04/2009|03:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\wmp
[16/08/2004|18:19] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[10/01/2010|21:37] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[16/08/2004|17:54] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[11/07/2006|17:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
[11/07/2006|17:45] C:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver
[01/12/2007|12:47] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[04/12/2007|02:19] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[16/08/2004|18:19] C:\DOCUME~1\postgres\APPLIC~1\Identities
[16/08/2004|17:54] C:\DOCUME~1\postgres\APPLIC~1\Microsoft
[11/07/2006|17:36] C:\DOCUME~1\postgres\APPLIC~1\Sun
[11/07/2006|17:45] C:\DOCUME~1\postgres\APPLIC~1\You've Got Pictures Screensaver
[11/03/2010|13:04] C:\DOCUME~1\PROPRI~1\APPLIC~1\You've Got Pictures Screensaver
[04/12/2007|02:49] C:\DOCUME~1\UTILIS~1\APPLIC~1\Adobe
[04/12/2007|19:41] C:\DOCUME~1\UTILIS~1\APPLIC~1\AdobeUM
[04/12/2007|19:46] C:\DOCUME~1\UTILIS~1\APPLIC~1\Apple Computer
[01/04/2010|16:38] C:\DOCUME~1\UTILIS~1\APPLIC~1\BitTorrent
[01/12/2007|12:52] C:\DOCUME~1\UTILIS~1\APPLIC~1\CyberLink
[04/12/2007|02:30] C:\DOCUME~1\UTILIS~1\APPLIC~1\DAEMON Tools
[15/07/2009|09:11] C:\DOCUME~1\UTILIS~1\APPLIC~1\Desktopicon
[04/04/2009|02:22] C:\DOCUME~1\UTILIS~1\APPLIC~1\DNA
[04/04/2009|02:22] C:\DOCUME~1\UTILIS~1\APPLIC~1\dvdcss
[15/07/2009|09:04] C:\DOCUME~1\UTILIS~1\APPLIC~1\FastStone
[11/03/2010|19:57] C:\DOCUME~1\UTILIS~1\APPLIC~1\foobar2000
[04/12/2007|19:02] C:\DOCUME~1\UTILIS~1\APPLIC~1\Google
[04/04/2009|02:30] C:\DOCUME~1\UTILIS~1\APPLIC~1\gtk-2.0
[04/12/2007|02:35] C:\DOCUME~1\UTILIS~1\APPLIC~1\Identities
[04/04/2009|03:07] C:\DOCUME~1\UTILIS~1\APPLIC~1\Inkscape
[15/07/2009|09:08] C:\DOCUME~1\UTILIS~1\APPLIC~1\InstallShield
[11/03/2010|20:54] C:\DOCUME~1\UTILIS~1\APPLIC~1\Leadertech
[04/12/2007|19:07] C:\DOCUME~1\UTILIS~1\APPLIC~1\Macromedia
[04/12/2007|02:04] C:\DOCUME~1\UTILIS~1\APPLIC~1\Malwarebytes
[01/12/2007|10:49] C:\DOCUME~1\UTILIS~1\APPLIC~1\McAfee
[04/12/2007|02:41] C:\DOCUME~1\UTILIS~1\APPLIC~1\Microsoft
[13/03/2009|11:04] C:\DOCUME~1\UTILIS~1\APPLIC~1\Mozilla
[15/07/2009|09:50] C:\DOCUME~1\UTILIS~1\APPLIC~1\Partouche
[09/02/2010|23:26] C:\DOCUME~1\UTILIS~1\APPLIC~1\Real
[11/03/2010|20:54] C:\DOCUME~1\UTILIS~1\APPLIC~1\Sonic
[11/07/2006|17:36] C:\DOCUME~1\UTILIS~1\APPLIC~1\Sun
[04/12/2007|23:55] C:\DOCUME~1\UTILIS~1\APPLIC~1\vlc
[04/12/2007|19:19] C:\DOCUME~1\UTILIS~1\APPLIC~1\WinRAR
[14/07/2009|18:43] C:\DOCUME~1\UTILIS~1\APPLIC~1\YoudaGames
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[01/04/2010 02:02][--a------] C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3831125673-1184176582-443450714-1006.job
[09/02/2010 23:18][--a------] C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3831125673-1184176582-443450714-1006.job
[01/04/2010 16:25][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[01/04/2010 02:02][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[01/04/2010 02:14][--ah-----] C:\WINDOWS\tasks\MP Scheduled Scan.job
[01/04/2010 02:02][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Program Files
[04/12/2007|02:23] C:\Program Files\Adobe
[04/12/2007|02:47] C:\Program Files\Ad-remover
[11/07/2006|17:45] C:\Program Files\AOL 9.0
[11/07/2006|17:45] C:\Program Files\AOL Compagnon
[11/07/2006|17:16] C:\Program Files\Apoint2K
[10/03/2010|21:22] C:\Program Files\Avira
[04/12/2007|02:35] C:\Program Files\BitTorrent
[13/03/2009|10:59] C:\Program Files\CCleaner
[16/08/2004|18:05] C:\Program Files\ComPlus Applications
[11/07/2006|17:31] C:\Program Files\CONEXANT
[11/07/2006|17:42] C:\Program Files\CyberLink
[04/12/2007|02:01] C:\Program Files\DAEMON Tools Lite
[01/12/2007|13:17] C:\Program Files\directx
[14/07/2009|18:46] C:\Program Files\DivX
[04/04/2009|02:19] C:\Program Files\DNA
[09/02/2010|23:23] C:\Program Files\Fichiers communs
[15/07/2009|08:59] C:\Program Files\Free Audio Pack
[10/03/2010|22:24] C:\Program Files\Google
[09/02/2010|23:33] C:\Program Files\InstallShield Installation Information
[01/04/2010|02:21] C:\Program Files\Internet Explorer
[10/03/2010|21:33] C:\Program Files\Java
[17/01/2010|16:02] C:\Program Files\Malwarebytes' Anti-Malware
[13/03/2009|10:32] C:\Program Files\Messenger
[15/07/2009|09:44] C:\Program Files\Microsoft
[16/08/2004|18:11] C:\Program Files\microsoft frontpage
[04/12/2007|19:16] C:\Program Files\Microsoft Office
[23/01/2010|00:28] C:\Program Files\Microsoft Silverlight
[15/07/2009|09:43] C:\Program Files\Microsoft SQL Server Compact Edition
[01/12/2007|13:07] C:\Program Files\Microsoft Works
[11/03/2010|10:18] C:\Program Files\Movie Maker
[04/12/2007|02:34] C:\Program Files\Mozilla Firefox
[01/04/2010|16:30] C:\Program Files\Mozilla Firefox 3 Beta 1
[01/12/2007|12:54] C:\Program Files\MSBuild
[04/12/2007|19:09] C:\Program Files\MSN
[16/08/2004|18:03] C:\Program Files\MSN Gaming Zone
[11/01/2010|14:16] C:\Program Files\MSXML 4.0
[15/07/2009|09:12] C:\Program Files\MyDSC2
[13/03/2009|10:29] C:\Program Files\NetMeeting
[14/07/2009|18:54] C:\Program Files\Norton Security Scan
[04/12/2007|02:36] C:\Program Files\Orange
[14/07/2009|16:55] C:\Program Files\OrangeHSS
[15/07/2009|09:02] C:\Program Files\Outlook Express
[17/01/2010|15:26] C:\Program Files\PokerTracker 3
[15/07/2009|09:14] C:\Program Files\PostgreSQL
[09/02/2010|23:23] C:\Program Files\real
[01/12/2007|12:51] C:\Program Files\Reference Assemblies
[04/12/2007|02:01] C:\Program Files\ScanSoft
[16/08/2004|18:07] C:\Program Files\Services en ligne
[11/07/2006|17:43] C:\Program Files\Sonic
[16/08/2004|18:19] C:\Program Files\Uninstall Information
[14/07/2009|16:50] C:\Program Files\Unlocker
[04/12/2007|23:54] C:\Program Files\VideoLAN
[11/07/2006|17:45] C:\Program Files\Viewpoint
[04/12/2007|01:58] C:\Program Files\Windows Defender
[15/07/2009|09:44] C:\Program Files\Windows Live
[15/07/2009|09:36] C:\Program Files\Windows Live SkyDrive
[01/12/2007|10:52] C:\Program Files\Windows Media Connect 2
[13/03/2009|10:29] C:\Program Files\Windows Media Player
[13/03/2009|10:29] C:\Program Files\Windows NT
[16/08/2004|18:07] C:\Program Files\WindowsUpdate
[04/12/2007|19:00] C:\Program Files\WinRAR
[16/08/2004|18:11] C:\Program Files\xerox
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[04/12/2007|02:23] C:\Program Files\Fichiers communs\Adobe
[11/07/2006|17:45] C:\Program Files\Fichiers communs\AOL
[11/07/2006|17:45] C:\Program Files\Fichiers communs\aolshare
[01/12/2007|10:46] C:\Program Files\Fichiers communs\Designer
[14/07/2009|16:52] C:\Program Files\Fichiers communs\France Telecom
[04/12/2007|02:02] C:\Program Files\Fichiers communs\InstallShield
[10/03/2010|22:10] C:\Program Files\Fichiers communs\Microsoft Shared
[16/08/2004|18:06] C:\Program Files\Fichiers communs\MSSoap
[11/07/2006|17:45] C:\Program Files\Fichiers communs\Nullsoft
[16/08/2004|17:57] C:\Program Files\Fichiers communs\ODBC
[09/02/2010|23:23] C:\Program Files\Fichiers communs\Real
[16/08/2004|18:06] C:\Program Files\Fichiers communs\Services
[16/08/2004|17:56] C:\Program Files\Fichiers communs\SpeechEngines
[11/07/2006|17:43] C:\Program Files\Fichiers communs\SureThing Shared
[14/07/2009|18:56] C:\Program Files\Fichiers communs\Symantec Shared
[13/03/2009|10:29] C:\Program Files\Fichiers communs\System
[04/12/2007|02:13] C:\Program Files\Fichiers communs\Windows Live
[04/12/2007|23:38] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[09/02/2010|23:23] C:\Program Files\Fichiers communs\xing shared
--------------------\\ Process
( 44 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-01 16:40:21
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 25
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:34][D:10]-> C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp
[F:18][D:0]-> C:\DOCUME~1\UTILIS~1\Cookies
[F:33][D:5]-> C:\DOCUME~1\UTILIS~1\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 01/04/2010|16:41 - Option : [1]
--------------------\\ Fin du rapport a 16:41:35
le rapport de lop :
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.70GHz )
BIOS : Phoenix NoteBIOS 4.0 Release 6.0
USER : Utilisateur ( Administrator )
BOOT : Normal boot
Antivirus : AntiVir Desktop 9.0.1.32 (Activated)
C:\ (Local Disk) - NTFS - Total:33 Go (Free:1 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 01/04/2010|16:39 )
--------------------\\ Listing des dossiers dans APPLIC~1
[04/12/2007|02:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[11/07/2006|17:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
[10/03/2010|21:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[04/12/2007|02:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Brother
[11/07/2006|17:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[04/12/2007|19:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[04/12/2007|02:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[04/12/2007|02:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[04/12/2007|02:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[01/12/2007|10:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
[15/07/2009|09:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[11/07/2006|17:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Network Associates
[14/07/2009|18:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Norton
[14/07/2009|18:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NortonInstaller
[11/07/2006|17:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[09/02/2010|23:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
[16/08/2004|18:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[14/07/2009|18:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[14/07/2009|18:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[11/07/2006|17:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
[01/12/2007|10:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[04/12/2007|02:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[04/04/2009|03:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\wmp
[16/08/2004|18:19] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[10/01/2010|21:37] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[16/08/2004|17:54] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[11/07/2006|17:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
[11/07/2006|17:45] C:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver
[01/12/2007|12:47] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[04/12/2007|02:19] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[16/08/2004|18:19] C:\DOCUME~1\postgres\APPLIC~1\Identities
[16/08/2004|17:54] C:\DOCUME~1\postgres\APPLIC~1\Microsoft
[11/07/2006|17:36] C:\DOCUME~1\postgres\APPLIC~1\Sun
[11/07/2006|17:45] C:\DOCUME~1\postgres\APPLIC~1\You've Got Pictures Screensaver
[11/03/2010|13:04] C:\DOCUME~1\PROPRI~1\APPLIC~1\You've Got Pictures Screensaver
[04/12/2007|02:49] C:\DOCUME~1\UTILIS~1\APPLIC~1\Adobe
[04/12/2007|19:41] C:\DOCUME~1\UTILIS~1\APPLIC~1\AdobeUM
[04/12/2007|19:46] C:\DOCUME~1\UTILIS~1\APPLIC~1\Apple Computer
[01/04/2010|16:38] C:\DOCUME~1\UTILIS~1\APPLIC~1\BitTorrent
[01/12/2007|12:52] C:\DOCUME~1\UTILIS~1\APPLIC~1\CyberLink
[04/12/2007|02:30] C:\DOCUME~1\UTILIS~1\APPLIC~1\DAEMON Tools
[15/07/2009|09:11] C:\DOCUME~1\UTILIS~1\APPLIC~1\Desktopicon
[04/04/2009|02:22] C:\DOCUME~1\UTILIS~1\APPLIC~1\DNA
[04/04/2009|02:22] C:\DOCUME~1\UTILIS~1\APPLIC~1\dvdcss
[15/07/2009|09:04] C:\DOCUME~1\UTILIS~1\APPLIC~1\FastStone
[11/03/2010|19:57] C:\DOCUME~1\UTILIS~1\APPLIC~1\foobar2000
[04/12/2007|19:02] C:\DOCUME~1\UTILIS~1\APPLIC~1\Google
[04/04/2009|02:30] C:\DOCUME~1\UTILIS~1\APPLIC~1\gtk-2.0
[04/12/2007|02:35] C:\DOCUME~1\UTILIS~1\APPLIC~1\Identities
[04/04/2009|03:07] C:\DOCUME~1\UTILIS~1\APPLIC~1\Inkscape
[15/07/2009|09:08] C:\DOCUME~1\UTILIS~1\APPLIC~1\InstallShield
[11/03/2010|20:54] C:\DOCUME~1\UTILIS~1\APPLIC~1\Leadertech
[04/12/2007|19:07] C:\DOCUME~1\UTILIS~1\APPLIC~1\Macromedia
[04/12/2007|02:04] C:\DOCUME~1\UTILIS~1\APPLIC~1\Malwarebytes
[01/12/2007|10:49] C:\DOCUME~1\UTILIS~1\APPLIC~1\McAfee
[04/12/2007|02:41] C:\DOCUME~1\UTILIS~1\APPLIC~1\Microsoft
[13/03/2009|11:04] C:\DOCUME~1\UTILIS~1\APPLIC~1\Mozilla
[15/07/2009|09:50] C:\DOCUME~1\UTILIS~1\APPLIC~1\Partouche
[09/02/2010|23:26] C:\DOCUME~1\UTILIS~1\APPLIC~1\Real
[11/03/2010|20:54] C:\DOCUME~1\UTILIS~1\APPLIC~1\Sonic
[11/07/2006|17:36] C:\DOCUME~1\UTILIS~1\APPLIC~1\Sun
[04/12/2007|23:55] C:\DOCUME~1\UTILIS~1\APPLIC~1\vlc
[04/12/2007|19:19] C:\DOCUME~1\UTILIS~1\APPLIC~1\WinRAR
[14/07/2009|18:43] C:\DOCUME~1\UTILIS~1\APPLIC~1\YoudaGames
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[01/04/2010 02:02][--a------] C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3831125673-1184176582-443450714-1006.job
[09/02/2010 23:18][--a------] C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3831125673-1184176582-443450714-1006.job
[01/04/2010 16:25][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[01/04/2010 02:02][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[01/04/2010 02:14][--ah-----] C:\WINDOWS\tasks\MP Scheduled Scan.job
[01/04/2010 02:02][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Program Files
[04/12/2007|02:23] C:\Program Files\Adobe
[04/12/2007|02:47] C:\Program Files\Ad-remover
[11/07/2006|17:45] C:\Program Files\AOL 9.0
[11/07/2006|17:45] C:\Program Files\AOL Compagnon
[11/07/2006|17:16] C:\Program Files\Apoint2K
[10/03/2010|21:22] C:\Program Files\Avira
[04/12/2007|02:35] C:\Program Files\BitTorrent
[13/03/2009|10:59] C:\Program Files\CCleaner
[16/08/2004|18:05] C:\Program Files\ComPlus Applications
[11/07/2006|17:31] C:\Program Files\CONEXANT
[11/07/2006|17:42] C:\Program Files\CyberLink
[04/12/2007|02:01] C:\Program Files\DAEMON Tools Lite
[01/12/2007|13:17] C:\Program Files\directx
[14/07/2009|18:46] C:\Program Files\DivX
[04/04/2009|02:19] C:\Program Files\DNA
[09/02/2010|23:23] C:\Program Files\Fichiers communs
[15/07/2009|08:59] C:\Program Files\Free Audio Pack
[10/03/2010|22:24] C:\Program Files\Google
[09/02/2010|23:33] C:\Program Files\InstallShield Installation Information
[01/04/2010|02:21] C:\Program Files\Internet Explorer
[10/03/2010|21:33] C:\Program Files\Java
[17/01/2010|16:02] C:\Program Files\Malwarebytes' Anti-Malware
[13/03/2009|10:32] C:\Program Files\Messenger
[15/07/2009|09:44] C:\Program Files\Microsoft
[16/08/2004|18:11] C:\Program Files\microsoft frontpage
[04/12/2007|19:16] C:\Program Files\Microsoft Office
[23/01/2010|00:28] C:\Program Files\Microsoft Silverlight
[15/07/2009|09:43] C:\Program Files\Microsoft SQL Server Compact Edition
[01/12/2007|13:07] C:\Program Files\Microsoft Works
[11/03/2010|10:18] C:\Program Files\Movie Maker
[04/12/2007|02:34] C:\Program Files\Mozilla Firefox
[01/04/2010|16:30] C:\Program Files\Mozilla Firefox 3 Beta 1
[01/12/2007|12:54] C:\Program Files\MSBuild
[04/12/2007|19:09] C:\Program Files\MSN
[16/08/2004|18:03] C:\Program Files\MSN Gaming Zone
[11/01/2010|14:16] C:\Program Files\MSXML 4.0
[15/07/2009|09:12] C:\Program Files\MyDSC2
[13/03/2009|10:29] C:\Program Files\NetMeeting
[14/07/2009|18:54] C:\Program Files\Norton Security Scan
[04/12/2007|02:36] C:\Program Files\Orange
[14/07/2009|16:55] C:\Program Files\OrangeHSS
[15/07/2009|09:02] C:\Program Files\Outlook Express
[17/01/2010|15:26] C:\Program Files\PokerTracker 3
[15/07/2009|09:14] C:\Program Files\PostgreSQL
[09/02/2010|23:23] C:\Program Files\real
[01/12/2007|12:51] C:\Program Files\Reference Assemblies
[04/12/2007|02:01] C:\Program Files\ScanSoft
[16/08/2004|18:07] C:\Program Files\Services en ligne
[11/07/2006|17:43] C:\Program Files\Sonic
[16/08/2004|18:19] C:\Program Files\Uninstall Information
[14/07/2009|16:50] C:\Program Files\Unlocker
[04/12/2007|23:54] C:\Program Files\VideoLAN
[11/07/2006|17:45] C:\Program Files\Viewpoint
[04/12/2007|01:58] C:\Program Files\Windows Defender
[15/07/2009|09:44] C:\Program Files\Windows Live
[15/07/2009|09:36] C:\Program Files\Windows Live SkyDrive
[01/12/2007|10:52] C:\Program Files\Windows Media Connect 2
[13/03/2009|10:29] C:\Program Files\Windows Media Player
[13/03/2009|10:29] C:\Program Files\Windows NT
[16/08/2004|18:07] C:\Program Files\WindowsUpdate
[04/12/2007|19:00] C:\Program Files\WinRAR
[16/08/2004|18:11] C:\Program Files\xerox
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[04/12/2007|02:23] C:\Program Files\Fichiers communs\Adobe
[11/07/2006|17:45] C:\Program Files\Fichiers communs\AOL
[11/07/2006|17:45] C:\Program Files\Fichiers communs\aolshare
[01/12/2007|10:46] C:\Program Files\Fichiers communs\Designer
[14/07/2009|16:52] C:\Program Files\Fichiers communs\France Telecom
[04/12/2007|02:02] C:\Program Files\Fichiers communs\InstallShield
[10/03/2010|22:10] C:\Program Files\Fichiers communs\Microsoft Shared
[16/08/2004|18:06] C:\Program Files\Fichiers communs\MSSoap
[11/07/2006|17:45] C:\Program Files\Fichiers communs\Nullsoft
[16/08/2004|17:57] C:\Program Files\Fichiers communs\ODBC
[09/02/2010|23:23] C:\Program Files\Fichiers communs\Real
[16/08/2004|18:06] C:\Program Files\Fichiers communs\Services
[16/08/2004|17:56] C:\Program Files\Fichiers communs\SpeechEngines
[11/07/2006|17:43] C:\Program Files\Fichiers communs\SureThing Shared
[14/07/2009|18:56] C:\Program Files\Fichiers communs\Symantec Shared
[13/03/2009|10:29] C:\Program Files\Fichiers communs\System
[04/12/2007|02:13] C:\Program Files\Fichiers communs\Windows Live
[04/12/2007|23:38] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[09/02/2010|23:23] C:\Program Files\Fichiers communs\xing shared
--------------------\\ Process
( 44 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-01 16:40:21
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 25
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:34][D:10]-> C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp
[F:18][D:0]-> C:\DOCUME~1\UTILIS~1\Cookies
[F:33][D:5]-> C:\DOCUME~1\UTILIS~1\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 01/04/2010|16:41 - Option : [1]
--------------------\\ Fin du rapport a 16:41:35
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.70GHz )
BIOS : Phoenix NoteBIOS 4.0 Release 6.0
USER : Utilisateur ( Administrator )
BOOT : Normal boot
Antivirus : AntiVir Desktop 9.0.1.32 (Activated)
C:\ (Local Disk) - NTFS - Total:33 Go (Free:1 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 01/04/2010|16:39 )
--------------------\\ Listing des dossiers dans APPLIC~1
[04/12/2007|02:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[11/07/2006|17:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
[10/03/2010|21:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[04/12/2007|02:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Brother
[11/07/2006|17:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[04/12/2007|19:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[04/12/2007|02:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[04/12/2007|02:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[04/12/2007|02:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[01/12/2007|10:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
[15/07/2009|09:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[11/07/2006|17:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Network Associates
[14/07/2009|18:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Norton
[14/07/2009|18:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NortonInstaller
[11/07/2006|17:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[09/02/2010|23:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
[16/08/2004|18:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[14/07/2009|18:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[14/07/2009|18:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[11/07/2006|17:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
[01/12/2007|10:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[04/12/2007|02:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[04/04/2009|03:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\wmp
[16/08/2004|18:19] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[10/01/2010|21:37] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[16/08/2004|17:54] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[11/07/2006|17:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
[11/07/2006|17:45] C:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver
[01/12/2007|12:47] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[04/12/2007|02:19] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[16/08/2004|18:19] C:\DOCUME~1\postgres\APPLIC~1\Identities
[16/08/2004|17:54] C:\DOCUME~1\postgres\APPLIC~1\Microsoft
[11/07/2006|17:36] C:\DOCUME~1\postgres\APPLIC~1\Sun
[11/07/2006|17:45] C:\DOCUME~1\postgres\APPLIC~1\You've Got Pictures Screensaver
[11/03/2010|13:04] C:\DOCUME~1\PROPRI~1\APPLIC~1\You've Got Pictures Screensaver
[04/12/2007|02:49] C:\DOCUME~1\UTILIS~1\APPLIC~1\Adobe
[04/12/2007|19:41] C:\DOCUME~1\UTILIS~1\APPLIC~1\AdobeUM
[04/12/2007|19:46] C:\DOCUME~1\UTILIS~1\APPLIC~1\Apple Computer
[01/04/2010|16:38] C:\DOCUME~1\UTILIS~1\APPLIC~1\BitTorrent
[01/12/2007|12:52] C:\DOCUME~1\UTILIS~1\APPLIC~1\CyberLink
[04/12/2007|02:30] C:\DOCUME~1\UTILIS~1\APPLIC~1\DAEMON Tools
[15/07/2009|09:11] C:\DOCUME~1\UTILIS~1\APPLIC~1\Desktopicon
[04/04/2009|02:22] C:\DOCUME~1\UTILIS~1\APPLIC~1\DNA
[04/04/2009|02:22] C:\DOCUME~1\UTILIS~1\APPLIC~1\dvdcss
[15/07/2009|09:04] C:\DOCUME~1\UTILIS~1\APPLIC~1\FastStone
[11/03/2010|19:57] C:\DOCUME~1\UTILIS~1\APPLIC~1\foobar2000
[04/12/2007|19:02] C:\DOCUME~1\UTILIS~1\APPLIC~1\Google
[04/04/2009|02:30] C:\DOCUME~1\UTILIS~1\APPLIC~1\gtk-2.0
[04/12/2007|02:35] C:\DOCUME~1\UTILIS~1\APPLIC~1\Identities
[04/04/2009|03:07] C:\DOCUME~1\UTILIS~1\APPLIC~1\Inkscape
[15/07/2009|09:08] C:\DOCUME~1\UTILIS~1\APPLIC~1\InstallShield
[11/03/2010|20:54] C:\DOCUME~1\UTILIS~1\APPLIC~1\Leadertech
[04/12/2007|19:07] C:\DOCUME~1\UTILIS~1\APPLIC~1\Macromedia
[04/12/2007|02:04] C:\DOCUME~1\UTILIS~1\APPLIC~1\Malwarebytes
[01/12/2007|10:49] C:\DOCUME~1\UTILIS~1\APPLIC~1\McAfee
[04/12/2007|02:41] C:\DOCUME~1\UTILIS~1\APPLIC~1\Microsoft
[13/03/2009|11:04] C:\DOCUME~1\UTILIS~1\APPLIC~1\Mozilla
[15/07/2009|09:50] C:\DOCUME~1\UTILIS~1\APPLIC~1\Partouche
[09/02/2010|23:26] C:\DOCUME~1\UTILIS~1\APPLIC~1\Real
[11/03/2010|20:54] C:\DOCUME~1\UTILIS~1\APPLIC~1\Sonic
[11/07/2006|17:36] C:\DOCUME~1\UTILIS~1\APPLIC~1\Sun
[04/12/2007|23:55] C:\DOCUME~1\UTILIS~1\APPLIC~1\vlc
[04/12/2007|19:19] C:\DOCUME~1\UTILIS~1\APPLIC~1\WinRAR
[14/07/2009|18:43] C:\DOCUME~1\UTILIS~1\APPLIC~1\YoudaGames
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[01/04/2010 02:02][--a------] C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3831125673-1184176582-443450714-1006.job
[09/02/2010 23:18][--a------] C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3831125673-1184176582-443450714-1006.job
[01/04/2010 16:25][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[01/04/2010 02:02][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[01/04/2010 02:14][--ah-----] C:\WINDOWS\tasks\MP Scheduled Scan.job
[01/04/2010 02:02][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Program Files
[04/12/2007|02:23] C:\Program Files\Adobe
[04/12/2007|02:47] C:\Program Files\Ad-remover
[11/07/2006|17:45] C:\Program Files\AOL 9.0
[11/07/2006|17:45] C:\Program Files\AOL Compagnon
[11/07/2006|17:16] C:\Program Files\Apoint2K
[10/03/2010|21:22] C:\Program Files\Avira
[04/12/2007|02:35] C:\Program Files\BitTorrent
[13/03/2009|10:59] C:\Program Files\CCleaner
[16/08/2004|18:05] C:\Program Files\ComPlus Applications
[11/07/2006|17:31] C:\Program Files\CONEXANT
[11/07/2006|17:42] C:\Program Files\CyberLink
[04/12/2007|02:01] C:\Program Files\DAEMON Tools Lite
[01/12/2007|13:17] C:\Program Files\directx
[14/07/2009|18:46] C:\Program Files\DivX
[04/04/2009|02:19] C:\Program Files\DNA
[09/02/2010|23:23] C:\Program Files\Fichiers communs
[15/07/2009|08:59] C:\Program Files\Free Audio Pack
[10/03/2010|22:24] C:\Program Files\Google
[09/02/2010|23:33] C:\Program Files\InstallShield Installation Information
[01/04/2010|02:21] C:\Program Files\Internet Explorer
[10/03/2010|21:33] C:\Program Files\Java
[17/01/2010|16:02] C:\Program Files\Malwarebytes' Anti-Malware
[13/03/2009|10:32] C:\Program Files\Messenger
[15/07/2009|09:44] C:\Program Files\Microsoft
[16/08/2004|18:11] C:\Program Files\microsoft frontpage
[04/12/2007|19:16] C:\Program Files\Microsoft Office
[23/01/2010|00:28] C:\Program Files\Microsoft Silverlight
[15/07/2009|09:43] C:\Program Files\Microsoft SQL Server Compact Edition
[01/12/2007|13:07] C:\Program Files\Microsoft Works
[11/03/2010|10:18] C:\Program Files\Movie Maker
[04/12/2007|02:34] C:\Program Files\Mozilla Firefox
[01/04/2010|16:30] C:\Program Files\Mozilla Firefox 3 Beta 1
[01/12/2007|12:54] C:\Program Files\MSBuild
[04/12/2007|19:09] C:\Program Files\MSN
[16/08/2004|18:03] C:\Program Files\MSN Gaming Zone
[11/01/2010|14:16] C:\Program Files\MSXML 4.0
[15/07/2009|09:12] C:\Program Files\MyDSC2
[13/03/2009|10:29] C:\Program Files\NetMeeting
[14/07/2009|18:54] C:\Program Files\Norton Security Scan
[04/12/2007|02:36] C:\Program Files\Orange
[14/07/2009|16:55] C:\Program Files\OrangeHSS
[15/07/2009|09:02] C:\Program Files\Outlook Express
[17/01/2010|15:26] C:\Program Files\PokerTracker 3
[15/07/2009|09:14] C:\Program Files\PostgreSQL
[09/02/2010|23:23] C:\Program Files\real
[01/12/2007|12:51] C:\Program Files\Reference Assemblies
[04/12/2007|02:01] C:\Program Files\ScanSoft
[16/08/2004|18:07] C:\Program Files\Services en ligne
[11/07/2006|17:43] C:\Program Files\Sonic
[16/08/2004|18:19] C:\Program Files\Uninstall Information
[14/07/2009|16:50] C:\Program Files\Unlocker
[04/12/2007|23:54] C:\Program Files\VideoLAN
[11/07/2006|17:45] C:\Program Files\Viewpoint
[04/12/2007|01:58] C:\Program Files\Windows Defender
[15/07/2009|09:44] C:\Program Files\Windows Live
[15/07/2009|09:36] C:\Program Files\Windows Live SkyDrive
[01/12/2007|10:52] C:\Program Files\Windows Media Connect 2
[13/03/2009|10:29] C:\Program Files\Windows Media Player
[13/03/2009|10:29] C:\Program Files\Windows NT
[16/08/2004|18:07] C:\Program Files\WindowsUpdate
[04/12/2007|19:00] C:\Program Files\WinRAR
[16/08/2004|18:11] C:\Program Files\xerox
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[04/12/2007|02:23] C:\Program Files\Fichiers communs\Adobe
[11/07/2006|17:45] C:\Program Files\Fichiers communs\AOL
[11/07/2006|17:45] C:\Program Files\Fichiers communs\aolshare
[01/12/2007|10:46] C:\Program Files\Fichiers communs\Designer
[14/07/2009|16:52] C:\Program Files\Fichiers communs\France Telecom
[04/12/2007|02:02] C:\Program Files\Fichiers communs\InstallShield
[10/03/2010|22:10] C:\Program Files\Fichiers communs\Microsoft Shared
[16/08/2004|18:06] C:\Program Files\Fichiers communs\MSSoap
[11/07/2006|17:45] C:\Program Files\Fichiers communs\Nullsoft
[16/08/2004|17:57] C:\Program Files\Fichiers communs\ODBC
[09/02/2010|23:23] C:\Program Files\Fichiers communs\Real
[16/08/2004|18:06] C:\Program Files\Fichiers communs\Services
[16/08/2004|17:56] C:\Program Files\Fichiers communs\SpeechEngines
[11/07/2006|17:43] C:\Program Files\Fichiers communs\SureThing Shared
[14/07/2009|18:56] C:\Program Files\Fichiers communs\Symantec Shared
[13/03/2009|10:29] C:\Program Files\Fichiers communs\System
[04/12/2007|02:13] C:\Program Files\Fichiers communs\Windows Live
[04/12/2007|23:38] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[09/02/2010|23:23] C:\Program Files\Fichiers communs\xing shared
--------------------\\ Process
( 44 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-01 16:40:21
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 25
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:34][D:10]-> C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp
[F:18][D:0]-> C:\DOCUME~1\UTILIS~1\Cookies
[F:33][D:5]-> C:\DOCUME~1\UTILIS~1\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 01/04/2010|16:41 - Option : [1]
--------------------\\ Fin du rapport a 16:41:35
bizarre ce truc :
FICHIER Host Propre.....????????????????
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 gromozon.com
O1 - Hosts: 127.0.0.1 xearl.com
O1 - Hosts: 127.0.0.1 td8eau9td.com
O1 - Hosts: 127.0.0.1 mioctad.com
O1 - Hosts: 127.0.0.1 mufxggfi.com
O1 - Hosts: 127.0.0.1 uv97vqm3.com
O1 - Hosts: 127.0.0.1 coeds.com*
O1 - Hosts: 127.0.0.1 lah3bum9.com*
O1 - Hosts: 127.0.0.1 cvoesdjd.com*
FICHIER Host Propre.....????????????????
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 gromozon.com
O1 - Hosts: 127.0.0.1 xearl.com
O1 - Hosts: 127.0.0.1 td8eau9td.com
O1 - Hosts: 127.0.0.1 mioctad.com
O1 - Hosts: 127.0.0.1 mufxggfi.com
O1 - Hosts: 127.0.0.1 uv97vqm3.com
O1 - Hosts: 127.0.0.1 coeds.com*
O1 - Hosts: 127.0.0.1 lah3bum9.com*
O1 - Hosts: 127.0.0.1 cvoesdjd.com*
DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)
▶ Télécharge List_Kill'em et enregistre le sur ton bureau
double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation
une fois terminée , clic sur "terminer" et le programme se lancera seul
choisis l'option Search
un icone blanc et noir va s'afficher sur le bureau , il te servira à relancer le programme par la suite.
un autre rouge et noir te servira a desinstaller le prog a la fin de la desinfection.
▶ laisse travailler l'outil
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.
un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , , il s'auto supprimera a la fin du scan
▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
▶ Télécharge List_Kill'em et enregistre le sur ton bureau
double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation
une fois terminée , clic sur "terminer" et le programme se lancera seul
choisis l'option Search
un icone blanc et noir va s'afficher sur le bureau , il te servira à relancer le programme par la suite.
un autre rouge et noir te servira a desinstaller le prog a la fin de la desinfection.
▶ laisse travailler l'outil
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.
un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , , il s'auto supprimera a la fin du scan
▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
rapport de list kill em :
List'em by g3n-h@ckm@n 1.7.0.1
User : Utilisateur (Administrateurs)
Update on 30/03/2010 by g3n-h@ckm@n ::::: 19.50
Start at: 18:36:53 | 01/04/2010
Intel(R) Pentium(R) M processor 1.70GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.32 [ (!) Disabled | Updated ]
C:\ -> Disque fixe local | 33,25 Go (2,86 Go free) [HDD] | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM
Boot: Normal
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox 3 Beta 1\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\pv.exe
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
DAEMON Tools Lite REG_SZ "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ORAHSSSessionManager REG_SZ C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 145 (0x91)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 1 (0x1)
NoCDBurning REG_DWORD 1 (0x1)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultDomainName REG_SZ PC-UTILIS
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 1 (0x1)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 1 (0x1)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 0 (0x0)
AltDefaultUserName REG_SZ Utilisateur
AltDefaultDomainName REG_SZ PC-UTILIS
DefaultUserName REG_SZ Utilisateur
ChangePasswordUseKerberos REG_DWORD 1 (0x1)
===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
===============
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} REG_SZ Microsoft AntiMalware ShellExecuteHook
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe REG_SZ C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe REG_SZ C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL
C:\Program Files\AOL 9.0\waol.exe REG_SZ C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\Program Files\eMule\emule.exe REG_SZ C:\Program Files\eMule\emule.exe:*:Enabled:eMule
C:\Program Files\aMSN\bin\wish.exe REG_SZ C:\Program Files\aMSN\bin\wish.exe:*:Disabled:Wish Application
C:\Program Files\DNA\btdna.exe REG_SZ C:\Program Files\DNA\btdna.exe:*:Enabled:DNA
C:\Program Files\BitTorrent\bittorrent.exe REG_SZ C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
C:\APPS\Powercinema\PowerCinema.exe REG_SZ C:\APPS\Powercinema\PowerCinema.exe:*:Disabled:PowerCinema
C:\Program Files\Real\RealPlayer\realplay.exe REG_SZ C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer
C:\Team17\Worms2\frontend.exe REG_SZ C:\Team17\Worms2\frontend.exe:*:Disabled:Worms 2 Frontend
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe REG_SZ C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS
C:\Program Files\LucasArts\Star Wars Galactic Battlegrounds\Game\Battlegrounds.exe REG_SZ C:\Program Files\LucasArts\Star Wars Galactic Battlegrounds\Game\Battlegrounds.exe:*:Disabled:Star Wars Galactic Battlegrounds
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe REG_SZ C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe REG_SZ C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL
C:\Program Files\AOL 9.0\waol.exe REG_SZ C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe REG_SZ C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:McAfee Managed Services Agent
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
===============
ActivX controls
===============
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{00000055-9980-0010-8000-00AA00389B71}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{20A60F0D-9AFA-4515-A0FD-83BD84642501}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6414512B-B978-451D-A0D8-FCFDF33E833C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\D27CDB6E-AE6D-11CF-96B8-444553540000]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Microsoft Base Smart Card Crypto Provider Package]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{03F998B2-0E00-11D3-A498-00104B6EB52E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{166B1BCA-3F9C-11CF-8075-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{233C1507-6A77-46A4-9443-F871F945D258}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{72AD53CC-CCC0-3757-8480-9EE176866A7C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EF289A85-8E57-408d-BE47-73B55609861A}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}]
==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
===
DNS
===
HKLM\SYSTEM\CCS\Services\Tcpip\..\{A327E83F-EC8A-4640-82A6-3DA6A12403EB}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A327E83F-EC8A-4640-82A6-3DA6A12403EB}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{A327E83F-EC8A-4640-82A6-3DA6A12403EB}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
SharedAccess : 0x2 ( OK = 2 )
windefend : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
=========
Atapi.sys
=========
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\ServicePackFiles\i386\atapi.sys
##
96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\ServicePackFiles\i386\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\system32\drivers\atapi.sys
##
96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\system32\drivers\atapi.sys
Référence :
==========
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e
=======
Drive :
=======
D'fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.
Rapport d'analyse
33,25 Go total, 2,86 Go libre (8%), 19% fragment' (fragmentation du fichier 35%)
Vous devriez d'fragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Present !! : C:\Documents and Settings\All Users\Application Data\ojvzdisj.xda
Present !! : C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
Present !! : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
Present !! : C:\WINDOWS\003032_.tmp
Present !! : C:\WINDOWS\System32\_*.dll
Present !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Present !! : C:\Documents and Settings\Utilisateur\Application Data\GDIPFONTCACHEV1.DAT
Present !! : C:\Documents and Settings\Utilisateur\Application Data\wklnhst.dat
Present !! : C:\Documents and Settings\Utilisateur\Application Data\GDIPFONTCACHEV1.DAT
Present !! : C:\Documents and Settings\Utilisateur\Application Data\wklnhst.dat
Present !! : C:\Documents and Settings\Utilisateur\Application Data\Desktopicon
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Present !! : "HKCU\Software\Grand Virtual"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Present !! : HKCU\Software\Lanconfig
Present !! : HKLM\SYSTEM\ControlSet001\Enum\Root\Legacy_BHDRVX86
Present !! : HKLM\SYSTEM\ControlSet002\Enum\Root\Legacy_BHDRVX86
Present !! : HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_BHDRVX86
============
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-01 18:48:15
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spaj.sys >>UNKNOWN [0x86D87938]<<
kernel: MBR read successfully
user & kernel MBR OK
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 18:48:17,00
List'em by g3n-h@ckm@n 1.7.0.1
User : Utilisateur (Administrateurs)
Update on 30/03/2010 by g3n-h@ckm@n ::::: 19.50
Start at: 18:36:53 | 01/04/2010
Intel(R) Pentium(R) M processor 1.70GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.32 [ (!) Disabled | Updated ]
C:\ -> Disque fixe local | 33,25 Go (2,86 Go free) [HDD] | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM
Boot: Normal
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox 3 Beta 1\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\pv.exe
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
DAEMON Tools Lite REG_SZ "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ORAHSSSessionManager REG_SZ C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 145 (0x91)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 1 (0x1)
NoCDBurning REG_DWORD 1 (0x1)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultDomainName REG_SZ PC-UTILIS
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 1 (0x1)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 1 (0x1)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 0 (0x0)
AltDefaultUserName REG_SZ Utilisateur
AltDefaultDomainName REG_SZ PC-UTILIS
DefaultUserName REG_SZ Utilisateur
ChangePasswordUseKerberos REG_DWORD 1 (0x1)
===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
===============
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} REG_SZ Microsoft AntiMalware ShellExecuteHook
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe REG_SZ C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe REG_SZ C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL
C:\Program Files\AOL 9.0\waol.exe REG_SZ C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\Program Files\eMule\emule.exe REG_SZ C:\Program Files\eMule\emule.exe:*:Enabled:eMule
C:\Program Files\aMSN\bin\wish.exe REG_SZ C:\Program Files\aMSN\bin\wish.exe:*:Disabled:Wish Application
C:\Program Files\DNA\btdna.exe REG_SZ C:\Program Files\DNA\btdna.exe:*:Enabled:DNA
C:\Program Files\BitTorrent\bittorrent.exe REG_SZ C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
C:\APPS\Powercinema\PowerCinema.exe REG_SZ C:\APPS\Powercinema\PowerCinema.exe:*:Disabled:PowerCinema
C:\Program Files\Real\RealPlayer\realplay.exe REG_SZ C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer
C:\Team17\Worms2\frontend.exe REG_SZ C:\Team17\Worms2\frontend.exe:*:Disabled:Worms 2 Frontend
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe REG_SZ C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS
C:\Program Files\LucasArts\Star Wars Galactic Battlegrounds\Game\Battlegrounds.exe REG_SZ C:\Program Files\LucasArts\Star Wars Galactic Battlegrounds\Game\Battlegrounds.exe:*:Disabled:Star Wars Galactic Battlegrounds
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe REG_SZ C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe REG_SZ C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL
C:\Program Files\AOL 9.0\waol.exe REG_SZ C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe REG_SZ C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:McAfee Managed Services Agent
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
===============
ActivX controls
===============
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{00000055-9980-0010-8000-00AA00389B71}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{20A60F0D-9AFA-4515-A0FD-83BD84642501}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6414512B-B978-451D-A0D8-FCFDF33E833C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\D27CDB6E-AE6D-11CF-96B8-444553540000]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Microsoft Base Smart Card Crypto Provider Package]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{03F998B2-0E00-11D3-A498-00104B6EB52E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{166B1BCA-3F9C-11CF-8075-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{233C1507-6A77-46A4-9443-F871F945D258}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{72AD53CC-CCC0-3757-8480-9EE176866A7C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EF289A85-8E57-408d-BE47-73B55609861A}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}]
==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
===
DNS
===
HKLM\SYSTEM\CCS\Services\Tcpip\..\{A327E83F-EC8A-4640-82A6-3DA6A12403EB}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A327E83F-EC8A-4640-82A6-3DA6A12403EB}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{A327E83F-EC8A-4640-82A6-3DA6A12403EB}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
SharedAccess : 0x2 ( OK = 2 )
windefend : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
=========
Atapi.sys
=========
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\ServicePackFiles\i386\atapi.sys
##
96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\ServicePackFiles\i386\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\system32\drivers\atapi.sys
##
96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\system32\drivers\atapi.sys
Référence :
==========
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e
=======
Drive :
=======
D'fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.
Rapport d'analyse
33,25 Go total, 2,86 Go libre (8%), 19% fragment' (fragmentation du fichier 35%)
Vous devriez d'fragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Present !! : C:\Documents and Settings\All Users\Application Data\ojvzdisj.xda
Present !! : C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
Present !! : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
Present !! : C:\WINDOWS\003032_.tmp
Present !! : C:\WINDOWS\System32\_*.dll
Present !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Present !! : C:\Documents and Settings\Utilisateur\Application Data\GDIPFONTCACHEV1.DAT
Present !! : C:\Documents and Settings\Utilisateur\Application Data\wklnhst.dat
Present !! : C:\Documents and Settings\Utilisateur\Application Data\GDIPFONTCACHEV1.DAT
Present !! : C:\Documents and Settings\Utilisateur\Application Data\wklnhst.dat
Present !! : C:\Documents and Settings\Utilisateur\Application Data\Desktopicon
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Present !! : "HKCU\Software\Grand Virtual"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Present !! : HKCU\Software\Lanconfig
Present !! : HKLM\SYSTEM\ControlSet001\Enum\Root\Legacy_BHDRVX86
Present !! : HKLM\SYSTEM\ControlSet002\Enum\Root\Legacy_BHDRVX86
Present !! : HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_BHDRVX86
============
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-01 18:48:15
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spaj.sys >>UNKNOWN [0x86D87938]<<
kernel: MBR read successfully
user & kernel MBR OK
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 18:48:17,00
▶ Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'Option Clean
ton PC va redemarrer,
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
▶ colle le contenu dans ta reponse
mais cette fois-ci :
▶ choisis l'Option Clean
ton PC va redemarrer,
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
▶ colle le contenu dans ta reponse
rapport :
Kill'em by g3n-h@ckm@n 1.7.0.1
User : Utilisateur (Administrateurs)
Update on 30/03/2010 by g3n-h@ckm@n ::::: 19.50
Start at: 19:36:08 | 01/04/2010
Intel(R) Pentium(R) M processor 1.70GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.32 [ (!) Disabled | Updated ]
C:\ -> Disque fixe local | 33,25 Go (3,21 Go free) [HDD] | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\List_Kill'em\ERUNT.EXE
C:\Program Files\List_Kill'em\pv.exe
Detections :
==========
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\Documents and Settings\All Users\Application Data\ojvzdisj.xda
Quarantined & Deleted !! : C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
Quarantined & Deleted !! : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
Quarantined & Deleted !! : C:\WINDOWS\003032_.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\_psisdecd.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Quarantined & Deleted !! : C:\Documents and Settings\Utilisateur\Application Data\GDIPFONTCACHEV1.DAT
Quarantined & Deleted !! : C:\Documents and Settings\Utilisateur\Application Data\wklnhst.dat
Quarantined & Deleted !! : C:\Documents and Settings\Utilisateur\Application Data\Desktopicon
==============
host file OK !
==============
========
Registry
========
Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Deleted : "HKCU\Software\Grand Virtual"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Deleted : HKCU\Software\Lanconfig
Deleted : HKLM\SYSTEM\ControlSet001\Enum\Root\Legacy_BHDRVX86
Deleted : HKLM\SYSTEM\ControlSet002\Enum\Root\Legacy_BHDRVX86
========
Services
=========
Ndisuio : Start = 3
EapHost : Start = 2
Ip6Fw : Start = 2
SharedAccess : Start = 2
windefend : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2
============
Disk Cleaned
============
=================
anti-ver blaster : OK !!
=================
================
Prefetch cleaned
================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Kill'em by g3n-h@ckm@n 1.7.0.1
User : Utilisateur (Administrateurs)
Update on 30/03/2010 by g3n-h@ckm@n ::::: 19.50
Start at: 19:36:08 | 01/04/2010
Intel(R) Pentium(R) M processor 1.70GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.32 [ (!) Disabled | Updated ]
C:\ -> Disque fixe local | 33,25 Go (3,21 Go free) [HDD] | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\List_Kill'em\ERUNT.EXE
C:\Program Files\List_Kill'em\pv.exe
Detections :
==========
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\Documents and Settings\All Users\Application Data\ojvzdisj.xda
Quarantined & Deleted !! : C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
Quarantined & Deleted !! : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
Quarantined & Deleted !! : C:\WINDOWS\003032_.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\_psisdecd.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Quarantined & Deleted !! : C:\Documents and Settings\Utilisateur\Application Data\GDIPFONTCACHEV1.DAT
Quarantined & Deleted !! : C:\Documents and Settings\Utilisateur\Application Data\wklnhst.dat
Quarantined & Deleted !! : C:\Documents and Settings\Utilisateur\Application Data\Desktopicon
==============
host file OK !
==============
========
Registry
========
Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Deleted : "HKCU\Software\Grand Virtual"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Deleted : HKCU\Software\Lanconfig
Deleted : HKLM\SYSTEM\ControlSet001\Enum\Root\Legacy_BHDRVX86
Deleted : HKLM\SYSTEM\ControlSet002\Enum\Root\Legacy_BHDRVX86
========
Services
=========
Ndisuio : Start = 3
EapHost : Start = 2
Ip6Fw : Start = 2
SharedAccess : Start = 2
windefend : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2
============
Disk Cleaned
============
=================
anti-ver blaster : OK !!
=================
================
Prefetch cleaned
================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
rapports otl :
http://www.cijoint.fr/cjlink.php?file=cj201004/cijWBtby9F.txt
http://www.cijoint.fr/cjlink.php?file=cj201004/cijtOH8kGr.txt
http://www.cijoint.fr/cjlink.php?file=cj201004/cijWBtby9F.txt
http://www.cijoint.fr/cjlink.php?file=cj201004/cijtOH8kGr.txt
salut c'est bon pour les hosts...
▶ Télécharge Ad-remover ( de C_XX ) sur ton bureau :
▶ Déconnecte toi et ferme toutes applications en cours !
▶ Double clique sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .
▶ Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .
▶ Au menu principal choisis "option clean " et tape sur [entrée] .
▶ Laisse travailler l'outil et ne touche à rien ...
▶ Poste le rapport qui apparait à la fin , sur le forum ...
( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
▶ Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
▶ Télécharge Ad-remover ( de C_XX ) sur ton bureau :
▶ Déconnecte toi et ferme toutes applications en cours !
▶ Double clique sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .
▶ Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .
▶ Au menu principal choisis "option clean " et tape sur [entrée] .
▶ Laisse travailler l'outil et ne touche à rien ...
▶ Poste le rapport qui apparait à la fin , sur le forum ...
( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
▶ Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
rapport :
.
======= RAPPORT D'AD-REMOVER 2.0.0.0,B | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 31/03/10 à 21:30
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 17:26:18 le 02/04/2010 | Mode normal | Option: CLEAN
Exécuté de: C:\Ad-Remover\ADR.exe
SE: Microsoft® Windows XP(TM) Service Pack 3 - X86
Nom du PC: PC-UTILIS | Utilisateur actuel: Utilisateur (Administrateur)
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\Utilisateur\Application Data\Mozilla\FireFox\Profiles\yq9y6dw0.default\searchplugins\ask.xml
C:\Program Files\Viewpoint
(!) -- Fichiers temporaires supprimés.
.
HKLM\Software\AskBarDis
HKLM\Software\Classes\AxMetaStream.MetaStreamCtl
HKLM\Software\Classes\AxMetaStream.MetaStreamCtl.1
HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary
HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary.1
HKLM\Software\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
HKLM\Software\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
HKLM\Software\MetaStream
HKLM\Software\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
HKLM\Software\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
HKLM\Software\Viewpoint
.
(Orpheline) BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} (CLSID manquant)
.
============== SCAN ADDITIONNEL ==============
.
* Mozilla FireFox Version 3.5.9 (fr) *
.
C:\Documents and Settings\Utilisateur\..\yq9y6dw0.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\Utilisateur\\Mes documents\\Mes images\\avatar
C:\Documents and Settings\Utilisateur\..\yq9y6dw0.default\prefs.js - browser.search.defaultenginename: Google
C:\Documents and Settings\Utilisateur\..\yq9y6dw0.default\prefs.js - browser.startup.homepage: hxxp://www.google.fr
C:\Documents and Settings\Utilisateur\..\yq9y6dw0.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.1.9
C:\Documents and Settings\Utilisateur\..\yq9y6dw0.default\prefs.js - keyword.URL: hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
C:\Documents and Settings\Utilisateur\..\yq9y6dw0.default\prefs.js - privacy.popups.showBrowserMessage, false
.
EFFACÉ: C:\Documents and Settings\Utilisateur\..\yq9y6dw0.default\prefs.js - user_pref("extensions.snipit.chromeURL", "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q={searchTerms}&crm=1");
EFFACÉ: C:\Documents and Settings\Utilisateur\..\yq9y6dw0.default\prefs.js - user_pref("keyword.URL", "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=");
.
* Internet Explorer Version 7.0.5730.13 *
.
[HKCU\Software\Microsoft\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Search Asst: no
.
[HKLM\Software\Microsoft\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: %SystemRoot%\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
.
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
.
========================================
.
C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp: 2 Fichier(s), 11 Dossier(s)
C:\WINDOWS\temp: 2 Fichier(s), 0 Dossier(s)
Temporary Internet Files: 2 Fichier(s), 6 Dossier(s)
.
C:\Ad-Remover\Quarantine: 1 Fichier(s)
C:\Ad-Remover\Backup: 13 Fichier(s)
.
C:\Ad-Report-CLEAN[1].txt - 4198 Octet(s)
.
Fin à: 17:31:22, 02/04/2010
.
============== E.O.F - CLEAN[1] ==============
.
======= RAPPORT D'AD-REMOVER 2.0.0.0,B | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 31/03/10 à 21:30
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 17:26:18 le 02/04/2010 | Mode normal | Option: CLEAN
Exécuté de: C:\Ad-Remover\ADR.exe
SE: Microsoft® Windows XP(TM) Service Pack 3 - X86
Nom du PC: PC-UTILIS | Utilisateur actuel: Utilisateur (Administrateur)
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\Utilisateur\Application Data\Mozilla\FireFox\Profiles\yq9y6dw0.default\searchplugins\ask.xml
C:\Program Files\Viewpoint
(!) -- Fichiers temporaires supprimés.
.
HKLM\Software\AskBarDis
HKLM\Software\Classes\AxMetaStream.MetaStreamCtl
HKLM\Software\Classes\AxMetaStream.MetaStreamCtl.1
HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary
HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary.1
HKLM\Software\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
HKLM\Software\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
HKLM\Software\MetaStream
HKLM\Software\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
HKLM\Software\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
HKLM\Software\Viewpoint
.
(Orpheline) BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} (CLSID manquant)
.
============== SCAN ADDITIONNEL ==============
.
* Mozilla FireFox Version 3.5.9 (fr) *
.
C:\Documents and Settings\Utilisateur\..\yq9y6dw0.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\Utilisateur\\Mes documents\\Mes images\\avatar
C:\Documents and Settings\Utilisateur\..\yq9y6dw0.default\prefs.js - browser.search.defaultenginename: Google
C:\Documents and Settings\Utilisateur\..\yq9y6dw0.default\prefs.js - browser.startup.homepage: hxxp://www.google.fr
C:\Documents and Settings\Utilisateur\..\yq9y6dw0.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.1.9
C:\Documents and Settings\Utilisateur\..\yq9y6dw0.default\prefs.js - keyword.URL: hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
C:\Documents and Settings\Utilisateur\..\yq9y6dw0.default\prefs.js - privacy.popups.showBrowserMessage, false
.
EFFACÉ: C:\Documents and Settings\Utilisateur\..\yq9y6dw0.default\prefs.js - user_pref("extensions.snipit.chromeURL", "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q={searchTerms}&crm=1");
EFFACÉ: C:\Documents and Settings\Utilisateur\..\yq9y6dw0.default\prefs.js - user_pref("keyword.URL", "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=");
.
* Internet Explorer Version 7.0.5730.13 *
.
[HKCU\Software\Microsoft\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Search Asst: no
.
[HKLM\Software\Microsoft\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: %SystemRoot%\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
.
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
.
========================================
.
C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp: 2 Fichier(s), 11 Dossier(s)
C:\WINDOWS\temp: 2 Fichier(s), 0 Dossier(s)
Temporary Internet Files: 2 Fichier(s), 6 Dossier(s)
.
C:\Ad-Remover\Quarantine: 1 Fichier(s)
C:\Ad-Remover\Backup: 13 Fichier(s)
.
C:\Ad-Report-CLEAN[1].txt - 4198 Octet(s)
.
Fin à: 17:31:22, 02/04/2010
.
============== E.O.F - CLEAN[1] ==============