A voir également:
- Virus ?
- Virus mcafee - Accueil - Piratage
- Virus informatique - Guide
- Virus facebook demande d'amis - Accueil - Facebook
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
44 réponses
Comment se comporte le pc depuis ?
*Télécharge AHK_NavScan de Batch_Man sur ton bureau
http://batchdhelus.open-web.fr/programme/AHK_NavScan.exe
*Lance le puis clique sur Scan et valide par Entrée
*Poste le dans ta prochaine réponse
a+
........
*Télécharge AHK_NavScan de Batch_Man sur ton bureau
http://batchdhelus.open-web.fr/programme/AHK_NavScan.exe
*Lance le puis clique sur Scan et valide par Entrée
*Poste le dans ta prochaine réponse
a+
........
Toujours pareil
===============================================
Rapport AHK_NavScan 1.0 [4] - 10/04/2010 à 19:34,28
Windows Vista (TM) Home Premium - Mode Normal
Navigateur: Internet Explorer [Navigateur par défaut]
Utilisateur: jes - Public
Lancement: C:\Users\jes\Desktop\AHK_NavScan.exe
===========================================================================
Informations principales:
-------------------------
Dossier d'installation: C:\Program Files\Mozilla Firefox
Dossier » paramètres: C:\Users\jes\AppData\Roaming\Mozilla\Firefox\Profiles\eckmpq5t.default
===========================================================================
Paramètres principaux:
----------------------
prefs.js --> "browser.migration.version" = 1
prefs.js --> "browser.search.defaulturl" = "http://search.conduit.com/ResultsExt.aspx?ctid=CT2032792&SearchSource=3&q={searchTerms}"
prefs.js --> "browser.startup.homepage" = "https://www.google.fr/?gws_rd=ssl"
prefs.js --> "extensions.update.notifyUser" = false
Searchplugins trouvés:
-----------------------
[C:\Users\jes\AppData\Roaming\Mozilla\Firefox\Profiles\eckmpq5t.default\searchplugins]
conduit.xml --> http://search.conduit.com/ResultsExt.aspx?ctid=CT2032792&SearchSource=3&q=
[C:\Program Files\Mozilla Firefox\searchplugins]
amazon-france.xml --> https://www.amazon.fr/
cnrtl-tlfi-fr.xml --> https://www.cnrtl.fr/lexicographie/
eBay-france.xml --> http://search.ebay.fr/
google.xml --> https://www.google.com/
wikipedia-fr.xml --> https://fr.wikipedia.org/wiki/Sp%C3%A9cial:Recherche
yahoo-france.xml --> https://fr.search.yahoo.com/
Extensions actives:
-------------------
Plugins trouvés:
----------------
[HKLM\SOFTWARE\MozillaPlugins\@veoh.com/VeohWebPlayer]
Version = 1.0.0
Vendor = Veoh Networks
ProductName = Veoh Web Player Video Plugin
Path = C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
Description = Veoh Web Player Video Plugin
[HKLM\SOFTWARE\MozillaPlugins\@veoh.com/VeohTVPlugin]
Version = 1.0.0
Vendor = Veoh Networks
ProductName = Veoh Web Player Plugin
Path = C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
Description = Veoh Web Player Plugin
[HKLM\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=8]
Version = 8
Vendor = Google
ProductName = Google Update
Description = Google Update
Path = C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
[HKLM\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
XPTPath = C:\Program Files\Real\RealPlayer\Netscape6\nsJSRealPlayerPlugin.xpt
[HKLM\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69]
Vendor = RealNetworks
Description = 6.0.12.69
Version = 6.0.12.69
Product = RealPlayer
Path = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
[HKLM\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69]
Vendor = RealNetworks
Description = RealJukebox Netscape Plugin
Version = 1.0.3.69
Product = RealPlayer
Path = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
[HKLM\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69]
XPTPath = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.xpt
Vendor = RealNetworks
Description = RealPlayer(tm) LiveConnect-Enabled Plug-In
Version = 6.0.12.69
Product = RealPlayer
Path = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
[HKLM\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
Version = 3.5
Vendor = Microsoft Corp.
ProductName = Windows Presentation Foundation
Path = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
GeckoVersion = 1.7.2
Description = Windows Presentation Foundation plug-in for Mozilla browsers
[HKLM\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709]
Vendor = Microsoft
Version = 14.0.8081.0709
ProductName = Windows Live Photo Gallery
GeckoVersion = 1.0
Description = WLPG Install MIME type
Path = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
[HKLM\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3]
ProductName = Microsoft Office Live Plug-in for Firefox
Description = Office Live Update v1.3
Vendor = Microsoft
Version = 1.3
Path = C:\Program Files\Microsoft\Office Live\npOLW.dll
[HKLM\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
Version = 3.0
Vendor = Microsoft
ProductName = Ag Player
Path = c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll
GeckoVersion = 1.7.5
Description = Ag Player Plugin
[HKLM\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
Path = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
EarthVersion = 5.2.0.5860
Version = 1.0.0.0
ProductName = Google Earth Plug-in
Description = Google Earth in your browser
Vendor = Google Inc.
[HKLM\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
Version = 11.0.3.472
Vendor = Adobe Systems Inc
ProductName = Adobe Shockwave Player
Path = C:\Windows\system32\Adobe\Director\np32dsw.dll
Description = Adobe Shockwave Player
[HKLM\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
Version = 10.0.45.2
Description = Adobe® Flash® Player 10
Vendor = Adobe Systems Incorporated
ProductName = Adobe® Flash® Player Plugin
XPTPath = C:\Windows\system32\Macromed\Flash\flashplayer.xpt
Path = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
Plugins bloqués par blocklist.xml
---------------------------------
fdm_ffext@freedownloadmanager.org
langpack-vi-VN@firefox.mozilla.org
masterfiler@gmail.com
mozilla_cc@internetdownloadmanager.com
support@daemon-tools.cc
yslow@yahoo-inc.com
{2224e955-00e9-4613-a844-ce69fccaae91}
{3f963a5b-e555-4543-90e2-c3908898db71}
{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
{8CE11043-9A15-4207-A565-0C94C42D590D}
{B13721C7-F507-4982-B2E5-502A71474FED}
Liste *.dll de dossiers importants:
-----------------------------------
[13/09/2009 11:36:12|A] C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[05/04/2010 16:23:38|A] C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[21/12/2009 19:34:06|A] C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[05/04/2010 16:23:38|A] C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[05/04/2010 16:23:38|A] C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
===========================================================================
Internet Explorer 7.0.6002.18005
===========================================================================
Paramètres principaux:
----------------------
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main]
Window Title =
Use Search Asst = no
Enable Browser Extensions = yes
Search bar = http://www.bing.com/spresults.aspx
Secondary Start Pages =
Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Placeholder_Height = 1A000000
Placeholder_Width = 1A000000
Use_Async_DNS = yes
Anchor_Visitation_Horizon = 01000000
Local Page = %SystemRoot%\system32\blank.htm
Delete_Temp_Files_On_Exit = yes
Cache_Percent_of_Disk = 0A000000
Enable_Disk_Cache = yes
Security Risk Page = about:SecurityRisk
Extensions Off Page = about:NoAdd-ons
Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Secondary_Page_URL =
Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
AutoHide = yes
Start Page = https://www.msn.com/fr-fr/
[HKCU\SOFTWARE\Microsoft\Internet Explorer\Main]
StartPageCache = 1
Use Custom Search URL = 1
Use Search Asst = no
Default_search_url = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
NotifyDownloadComplete = no
Use FormSuggest = yes
Enable Browser Extensions = yes
AlwaysShowMenus = 1
Check_Associations = no
ShowedCheckBrowser = Yes
RunOnceComplete = 1
RunOnceHasShown = 1
Window_Placement = 2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF320100000900000007060000AB030000
FullScreen = no
CompatibilityFlags = 0
Start Page = https://www.google.fr/?gws_rd=ssl
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchMigrated = 0
UseClearType = yes
NoUpdateCheck = 1
XMLHTTP = 1
Use_DlgBox_Colors = yes
Show_URLToolBar = yes
Show_URLinStatusBar = yes
Show_ToolBar = yes
Show_StatusBar = yes
Show_FullURL = no
Save_Session_History_On_Exit = no
Local Page = C:\Windows\system32\blank.htm
Do404Search = 01000000
Display Inline Images = yes
Cache_Update_Frequency = Once_Per_Session
Anchor Underline = yes
Disable Script Debugger = yes
AboutURLs:
----------
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
PostNotCached = res://ieframe.dll/repost.htm
blank = res://mshtml.dll/blank.htm
Home = 270
OfflineInformation = res://ieframe.dll/offcancl.htm
NavigationCanceled = res://ieframe.dll/navcancl.htm
DesktopItemNavigationFailure = res://ieframe.dll/navcancl.htm
NavigationFailure = res://ieframe.dll/navcancl.htm
Tabs = res://ieframe.dll/tabswelcome.htm
SecurityRisk = res://ieframe.dll/securityatrisk.htm
NoAdd-onsInfo = res://ieframe.dll/noaddoninfo.htm
NoAdd-ons = res://ieframe.dll/noaddon.htm
SearchScopes:
-------------
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\Version]
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2032792
DisplayName = IMBooster4web-en Customized Web Search
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}]
URL = https://www.google.com/webhp?gws_rd=ssl{searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
DisplayName = Search Google
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
URL = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}
DisplayName = @ieframe.dll,-12512
[HKEY_USERS\S-1-5-21-4007347698-596265779-3101119184-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\Version]
[HKEY_USERS\S-1-5-21-4007347698-596265779-3101119184-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2032792
DisplayName = IMBooster4web-en Customized Web Search
[HKEY_USERS\S-1-5-21-4007347698-596265779-3101119184-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}]
URL = https://www.google.com/webhp?gws_rd=ssl{searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7GGLL_fr
DisplayName = Google
[HKEY_USERS\S-1-5-21-4007347698-596265779-3101119184-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
URL = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}
DisplayName = @ieframe.dll,-12512
[HKEY_USERS\S-1-5-21-4007347698-596265779-3101119184-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\${searchCLSID}]
URL = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}
DisplayName = @ieframe.dll,-12512
@ = Live Search
Search:
-------
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search]
SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
Extensions:
----------
Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
Research - -
Mon Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
Envoyer à OneNote - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
Ajout Direct - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
Console Java (Sun) - {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC} - C:\Program Files\Java\jre6\bin\ssv.dll
Autres:
-------
[HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]
==========================
Fin du rapport - 19:34,29
==========================
===============================================
Rapport AHK_NavScan 1.0 [4] - 10/04/2010 à 19:34,28
Windows Vista (TM) Home Premium - Mode Normal
Navigateur: Internet Explorer [Navigateur par défaut]
Utilisateur: jes - Public
Lancement: C:\Users\jes\Desktop\AHK_NavScan.exe
===========================================================================
Informations principales:
-------------------------
Dossier d'installation: C:\Program Files\Mozilla Firefox
Dossier » paramètres: C:\Users\jes\AppData\Roaming\Mozilla\Firefox\Profiles\eckmpq5t.default
===========================================================================
Paramètres principaux:
----------------------
prefs.js --> "browser.migration.version" = 1
prefs.js --> "browser.search.defaulturl" = "http://search.conduit.com/ResultsExt.aspx?ctid=CT2032792&SearchSource=3&q={searchTerms}"
prefs.js --> "browser.startup.homepage" = "https://www.google.fr/?gws_rd=ssl"
prefs.js --> "extensions.update.notifyUser" = false
Searchplugins trouvés:
-----------------------
[C:\Users\jes\AppData\Roaming\Mozilla\Firefox\Profiles\eckmpq5t.default\searchplugins]
conduit.xml --> http://search.conduit.com/ResultsExt.aspx?ctid=CT2032792&SearchSource=3&q=
[C:\Program Files\Mozilla Firefox\searchplugins]
amazon-france.xml --> https://www.amazon.fr/
cnrtl-tlfi-fr.xml --> https://www.cnrtl.fr/lexicographie/
eBay-france.xml --> http://search.ebay.fr/
google.xml --> https://www.google.com/
wikipedia-fr.xml --> https://fr.wikipedia.org/wiki/Sp%C3%A9cial:Recherche
yahoo-france.xml --> https://fr.search.yahoo.com/
Extensions actives:
-------------------
Plugins trouvés:
----------------
[HKLM\SOFTWARE\MozillaPlugins\@veoh.com/VeohWebPlayer]
Version = 1.0.0
Vendor = Veoh Networks
ProductName = Veoh Web Player Video Plugin
Path = C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
Description = Veoh Web Player Video Plugin
[HKLM\SOFTWARE\MozillaPlugins\@veoh.com/VeohTVPlugin]
Version = 1.0.0
Vendor = Veoh Networks
ProductName = Veoh Web Player Plugin
Path = C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
Description = Veoh Web Player Plugin
[HKLM\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=8]
Version = 8
Vendor = Google
ProductName = Google Update
Description = Google Update
Path = C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
[HKLM\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
XPTPath = C:\Program Files\Real\RealPlayer\Netscape6\nsJSRealPlayerPlugin.xpt
[HKLM\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69]
Vendor = RealNetworks
Description = 6.0.12.69
Version = 6.0.12.69
Product = RealPlayer
Path = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
[HKLM\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69]
Vendor = RealNetworks
Description = RealJukebox Netscape Plugin
Version = 1.0.3.69
Product = RealPlayer
Path = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
[HKLM\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69]
XPTPath = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.xpt
Vendor = RealNetworks
Description = RealPlayer(tm) LiveConnect-Enabled Plug-In
Version = 6.0.12.69
Product = RealPlayer
Path = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
[HKLM\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
Version = 3.5
Vendor = Microsoft Corp.
ProductName = Windows Presentation Foundation
Path = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
GeckoVersion = 1.7.2
Description = Windows Presentation Foundation plug-in for Mozilla browsers
[HKLM\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709]
Vendor = Microsoft
Version = 14.0.8081.0709
ProductName = Windows Live Photo Gallery
GeckoVersion = 1.0
Description = WLPG Install MIME type
Path = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
[HKLM\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3]
ProductName = Microsoft Office Live Plug-in for Firefox
Description = Office Live Update v1.3
Vendor = Microsoft
Version = 1.3
Path = C:\Program Files\Microsoft\Office Live\npOLW.dll
[HKLM\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
Version = 3.0
Vendor = Microsoft
ProductName = Ag Player
Path = c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll
GeckoVersion = 1.7.5
Description = Ag Player Plugin
[HKLM\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
Path = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
EarthVersion = 5.2.0.5860
Version = 1.0.0.0
ProductName = Google Earth Plug-in
Description = Google Earth in your browser
Vendor = Google Inc.
[HKLM\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
Version = 11.0.3.472
Vendor = Adobe Systems Inc
ProductName = Adobe Shockwave Player
Path = C:\Windows\system32\Adobe\Director\np32dsw.dll
Description = Adobe Shockwave Player
[HKLM\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
Version = 10.0.45.2
Description = Adobe® Flash® Player 10
Vendor = Adobe Systems Incorporated
ProductName = Adobe® Flash® Player Plugin
XPTPath = C:\Windows\system32\Macromed\Flash\flashplayer.xpt
Path = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
Plugins bloqués par blocklist.xml
---------------------------------
fdm_ffext@freedownloadmanager.org
langpack-vi-VN@firefox.mozilla.org
masterfiler@gmail.com
mozilla_cc@internetdownloadmanager.com
support@daemon-tools.cc
yslow@yahoo-inc.com
{2224e955-00e9-4613-a844-ce69fccaae91}
{3f963a5b-e555-4543-90e2-c3908898db71}
{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
{8CE11043-9A15-4207-A565-0C94C42D590D}
{B13721C7-F507-4982-B2E5-502A71474FED}
Liste *.dll de dossiers importants:
-----------------------------------
[13/09/2009 11:36:12|A] C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[05/04/2010 16:23:38|A] C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[21/12/2009 19:34:06|A] C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[05/04/2010 16:23:38|A] C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[05/04/2010 16:23:38|A] C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
===========================================================================
Internet Explorer 7.0.6002.18005
===========================================================================
Paramètres principaux:
----------------------
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main]
Window Title =
Use Search Asst = no
Enable Browser Extensions = yes
Search bar = http://www.bing.com/spresults.aspx
Secondary Start Pages =
Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Placeholder_Height = 1A000000
Placeholder_Width = 1A000000
Use_Async_DNS = yes
Anchor_Visitation_Horizon = 01000000
Local Page = %SystemRoot%\system32\blank.htm
Delete_Temp_Files_On_Exit = yes
Cache_Percent_of_Disk = 0A000000
Enable_Disk_Cache = yes
Security Risk Page = about:SecurityRisk
Extensions Off Page = about:NoAdd-ons
Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Secondary_Page_URL =
Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
AutoHide = yes
Start Page = https://www.msn.com/fr-fr/
[HKCU\SOFTWARE\Microsoft\Internet Explorer\Main]
StartPageCache = 1
Use Custom Search URL = 1
Use Search Asst = no
Default_search_url = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
NotifyDownloadComplete = no
Use FormSuggest = yes
Enable Browser Extensions = yes
AlwaysShowMenus = 1
Check_Associations = no
ShowedCheckBrowser = Yes
RunOnceComplete = 1
RunOnceHasShown = 1
Window_Placement = 2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF320100000900000007060000AB030000
FullScreen = no
CompatibilityFlags = 0
Start Page = https://www.google.fr/?gws_rd=ssl
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchMigrated = 0
UseClearType = yes
NoUpdateCheck = 1
XMLHTTP = 1
Use_DlgBox_Colors = yes
Show_URLToolBar = yes
Show_URLinStatusBar = yes
Show_ToolBar = yes
Show_StatusBar = yes
Show_FullURL = no
Save_Session_History_On_Exit = no
Local Page = C:\Windows\system32\blank.htm
Do404Search = 01000000
Display Inline Images = yes
Cache_Update_Frequency = Once_Per_Session
Anchor Underline = yes
Disable Script Debugger = yes
AboutURLs:
----------
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
PostNotCached = res://ieframe.dll/repost.htm
blank = res://mshtml.dll/blank.htm
Home = 270
OfflineInformation = res://ieframe.dll/offcancl.htm
NavigationCanceled = res://ieframe.dll/navcancl.htm
DesktopItemNavigationFailure = res://ieframe.dll/navcancl.htm
NavigationFailure = res://ieframe.dll/navcancl.htm
Tabs = res://ieframe.dll/tabswelcome.htm
SecurityRisk = res://ieframe.dll/securityatrisk.htm
NoAdd-onsInfo = res://ieframe.dll/noaddoninfo.htm
NoAdd-ons = res://ieframe.dll/noaddon.htm
SearchScopes:
-------------
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\Version]
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2032792
DisplayName = IMBooster4web-en Customized Web Search
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}]
URL = https://www.google.com/webhp?gws_rd=ssl{searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
DisplayName = Search Google
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
URL = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}
DisplayName = @ieframe.dll,-12512
[HKEY_USERS\S-1-5-21-4007347698-596265779-3101119184-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\Version]
[HKEY_USERS\S-1-5-21-4007347698-596265779-3101119184-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2032792
DisplayName = IMBooster4web-en Customized Web Search
[HKEY_USERS\S-1-5-21-4007347698-596265779-3101119184-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}]
URL = https://www.google.com/webhp?gws_rd=ssl{searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7GGLL_fr
DisplayName = Google
[HKEY_USERS\S-1-5-21-4007347698-596265779-3101119184-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
URL = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}
DisplayName = @ieframe.dll,-12512
[HKEY_USERS\S-1-5-21-4007347698-596265779-3101119184-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\${searchCLSID}]
URL = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}
DisplayName = @ieframe.dll,-12512
@ = Live Search
Search:
-------
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search]
SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
Extensions:
----------
Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
Research - -
Mon Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
Envoyer à OneNote - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
Ajout Direct - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
Console Java (Sun) - {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC} - C:\Program Files\Java\jre6\bin\ssv.dll
Autres:
-------
[HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]
==========================
Fin du rapport - 19:34,29
==========================
Desactives ton antivirus le temps de la manip ainsi que ton parefeu si présent
Télécharges List&Kill'em et enregistre le sur ton bureau
http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem_Install.exe
dezippes-le , (clic droit/ extraire.....)
Il ne necessite pas d'installation
double clic (clic droit "executer en tant qu'administrateur" pour Vista) pour lancer le scan
choisis la langue puis choisis l'option 1 = Mode Recherche
laisses travailler l'outil
colles le contenu dans ta prochaine réponse , un fois la fenetre refermée :
C:\List'em.txt
a+
Télécharges List&Kill'em et enregistre le sur ton bureau
http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem_Install.exe
dezippes-le , (clic droit/ extraire.....)
Il ne necessite pas d'installation
double clic (clic droit "executer en tant qu'administrateur" pour Vista) pour lancer le scan
choisis la langue puis choisis l'option 1 = Mode Recherche
laisses travailler l'outil
colles le contenu dans ta prochaine réponse , un fois la fenetre refermée :
C:\List'em.txt
a+
Apres avoir choisi en francais ya ca :
http://nsa14.casimages.com/img/2010/04/12/100412103809572089.jpg
http://nsa14.casimages.com/img/2010/04/12/100412103809572089.jpg
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
oki ^^ ya ca qui reste affiché c normal ? : http://nsa14.casimages.com/img/2010/04/13/100413103505190690.jpg
List'em by g3n-h@ckm@n 1.7.0.5
User : jes (Administrateurs)
Update on 12/04/2010 by g3n-h@ckm@n ::::: 06.20
Start at: 09:51:18 | 13/04/2010
AMD Phenom(tm) 9100e Quad-Core Processor
Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 7.0.6002.18005
Windows Firewall Status : Disabled
C:\ -> Disque fixe local | 286,09 Go (199,74 Go free) [HDD] | NTFS
D:\ -> Disque amovible
E:\ -> Disque amovible
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque CD-ROM
Boot: Normal
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Packard Bell\FIJI\ABoard.exe
C:\Program Files\Packard Bell\FIJI\AOSD.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtblfs.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\pv.exe
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SmpcSys REG_SZ C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
ehTray.exe REG_SZ C:\Windows\ehome\ehTray.exe
Sidebar REG_SZ C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
VeohPlugin REG_SZ "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Windows Defender REG_EXPAND_SZ %ProgramFiles%\Windows Defender\MSASCui.exe -hide
RtHDVCpl REG_SZ RtHDVCpl.exe
Google Desktop Search REG_SZ "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
toolbar_eula_launcher REG_SZ C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
ACTIVBOARD REG_SZ C:\Program Files\Packard Bell\FIJI\aboard.exe
ORAHSSSessionManager REG_SZ C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
NvCplDaemon REG_SZ RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter REG_SZ RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Adobe ARM REG_SZ "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
AVP REG_SZ "C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
ConsentPromptBehaviorAdmin REG_DWORD 2 (0x2)
ConsentPromptBehaviorUser REG_DWORD 1 (0x1)
EnableInstallerDetection REG_DWORD 1 (0x1)
EnableLUA REG_DWORD 1 (0x1)
EnableSecureUIAPaths REG_DWORD 1 (0x1)
EnableVirtualization REG_DWORD 1 (0x1)
PromptOnSecureDesktop REG_DWORD 1 (0x1)
ValidateAdminCodeSignatures REG_DWORD 0 (0x0)
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
scforceoption REG_DWORD 0 (0x0)
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
FilterAdministratorToken REG_DWORD 1 (0x1)
EnableUIADesktopToggle REG_DWORD 0 (0x0)
DisableRegistryTools REG_DWORD 0 (0x0)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDrives REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
BindDirectlyToPropertySetStorage REG_DWORD 0 (0x0)
NoDrives REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ C:\PROGRA~1\Google\GOOGLE~4\GoogleDesktopNetwork3.dll C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
Userinit REG_SZ C:\Windows\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
AutoRestartShell REG_DWORD 1 (0x1)
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ShutdownWithoutLogon REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
WinStationsDisabled REG_SZ 0
DisableCAD REG_DWORD 1 (0x1)
scremoveoption REG_SZ 0
ShutdownFlags REG_DWORD 43 (0x2b)
Windows Shell (ezShellStart) REG_SZ C:\Windows\system32\userinit.exe,
System REG_SZ
SFCDisable REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\klogon]
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{E54729E8-BB3D-4270-9D49-7389EA579090} REG_SZ EasyBits Security Shield Hook - prevents launching insecure programs by kids
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe REG_SZ C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
===============
ActivX controls
===============
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{233C1507-6A77-46A4-9443-F871F945D258}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
==============
BHO :
======
[<NO NAME> REG_SZ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{346de098-61f9-4b42-89da-6dfba7091bb6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
===
DNS
===
HKLM\SYSTEM\CCS\Services\Tcpip\..\{3277018D-B9F7-4BB5-BB04-63FD1EC325B3}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3277018D-B9F7-4BB5-BB04-63FD1EC325B3}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{3277018D-B9F7-4BB5-BB04-63FD1EC325B3}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/
Local Page REG_EXPAND_SZ %SystemRoot%\system32\blank.htm
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.fr/?gws_rd=ssl
Local Page REG_SZ C:\Windows\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
Wlansvc : 0x3 ( OK = 2 )
SharedAccess : 0x2 ( OK = 2 )
windefend : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
wscsvc : 0x2 ( OK = 2 )
========
Safemode
========
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot" : OK !!
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal" : OK !!
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network" : OK !!
=========
Atapi.sys
=========
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\Windows\ERDNT\cache\atapi.sys
##
19944,1f05b78ab91c9075565a9d8a4b880bc4,737be9f9376dab0ccdfed93ea6d67f0c432367ea63cd772a453485be769af3bd,C:\Windows\ERDNT\cache\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\Windows\System32\drivers\atapi.sys
##
19944,1f05b78ab91c9075565a9d8a4b880bc4,737be9f9376dab0ccdfed93ea6d67f0c432367ea63cd772a453485be769af3bd,C:\Windows\System32\drivers\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
##
19944,1f05b78ab91c9075565a9d8a4b880bc4,737be9f9376dab0ccdfed93ea6d67f0c432367ea63cd772a453485be769af3bd,C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
##
19048,4f4fcb8b6ea06784fb6d475b7ec7300f,6202d85c9a75e3f01f5f94f069c4cd8a2b9295a182301eae5940ec3bc2c1d896,C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
##
21560,2d9c903dc76a66813d350a562de40ed9,82609f01a08c6842e4c17c077bb641c1429c0e6657964b7f2d114035e1bdcbf3,C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
##
21560,2d9c903dc76a66813d350a562de40ed9,82609f01a08c6842e4c17c077bb641c1429c0e6657964b7f2d114035e1bdcbf3,C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
##
19944,1f05b78ab91c9075565a9d8a4b880bc4,737be9f9376dab0ccdfed93ea6d67f0c432367ea63cd772a453485be769af3bd,C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
Référence :
==========
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e
=======
Drive :
=======
D'fragmenteur de disque Windows
Copyright (c) 2006 Microsoft Corp.
Rapport d'analyse pour le volume C: HDD
Taille du volume = 286 Go
Espace libre = 200 Go
tendue d'espace libre la plus grande = 99.05 Go
Pourcentage de fragmentation des fichiers = 1 %
Remarqueÿ: sur les volumes NTFS, les fragments de fichiers de plus de 64ÿMo ne sont pas inclus dans les statistiques de fragmentation.
Il n'est pas n'cessaire de d'fragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Present !! : C:\Windows\Installer\{E1B94435-241E-4519-B1C3-C4DD9EB352A2}
Present !! : C:\Windows\System32\???????????????????????????????????????????????????????????????????????.vbs
Present !! : C:\Windows\System32\drivers\etc\hosts.msn
Present !! : C:\Windows\System32\EZUPBH~1.DLL"
Present !! : C:\Users\jes\AppData\Local\d3d9caps.dat
Present !! : C:\Users\jes\AppData\Local\GDIPFONTCACHEV1.DAT
Present !! : C:\Users\jes\Local Settings\Temp\jes.bmp
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Present !! : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Present !! : HKEY_USERS\S-1-5-21-4007347698-596265779-3101119184-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
List'em by g3n-h@ckm@n 1.7.0.5
User : jes (Administrateurs)
Update on 12/04/2010 by g3n-h@ckm@n ::::: 06.20
Start at: 09:51:18 | 13/04/2010
AMD Phenom(tm) 9100e Quad-Core Processor
Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 7.0.6002.18005
Windows Firewall Status : Disabled
C:\ -> Disque fixe local | 286,09 Go (199,74 Go free) [HDD] | NTFS
D:\ -> Disque amovible
E:\ -> Disque amovible
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque CD-ROM
Boot: Normal
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Packard Bell\FIJI\ABoard.exe
C:\Program Files\Packard Bell\FIJI\AOSD.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtblfs.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\pv.exe
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SmpcSys REG_SZ C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
ehTray.exe REG_SZ C:\Windows\ehome\ehTray.exe
Sidebar REG_SZ C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
VeohPlugin REG_SZ "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Windows Defender REG_EXPAND_SZ %ProgramFiles%\Windows Defender\MSASCui.exe -hide
RtHDVCpl REG_SZ RtHDVCpl.exe
Google Desktop Search REG_SZ "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
toolbar_eula_launcher REG_SZ C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
ACTIVBOARD REG_SZ C:\Program Files\Packard Bell\FIJI\aboard.exe
ORAHSSSessionManager REG_SZ C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
NvCplDaemon REG_SZ RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter REG_SZ RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Adobe ARM REG_SZ "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
AVP REG_SZ "C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
ConsentPromptBehaviorAdmin REG_DWORD 2 (0x2)
ConsentPromptBehaviorUser REG_DWORD 1 (0x1)
EnableInstallerDetection REG_DWORD 1 (0x1)
EnableLUA REG_DWORD 1 (0x1)
EnableSecureUIAPaths REG_DWORD 1 (0x1)
EnableVirtualization REG_DWORD 1 (0x1)
PromptOnSecureDesktop REG_DWORD 1 (0x1)
ValidateAdminCodeSignatures REG_DWORD 0 (0x0)
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
scforceoption REG_DWORD 0 (0x0)
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
FilterAdministratorToken REG_DWORD 1 (0x1)
EnableUIADesktopToggle REG_DWORD 0 (0x0)
DisableRegistryTools REG_DWORD 0 (0x0)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDrives REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
BindDirectlyToPropertySetStorage REG_DWORD 0 (0x0)
NoDrives REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ C:\PROGRA~1\Google\GOOGLE~4\GoogleDesktopNetwork3.dll C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
Userinit REG_SZ C:\Windows\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
AutoRestartShell REG_DWORD 1 (0x1)
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ShutdownWithoutLogon REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
WinStationsDisabled REG_SZ 0
DisableCAD REG_DWORD 1 (0x1)
scremoveoption REG_SZ 0
ShutdownFlags REG_DWORD 43 (0x2b)
Windows Shell (ezShellStart) REG_SZ C:\Windows\system32\userinit.exe,
System REG_SZ
SFCDisable REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\klogon]
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{E54729E8-BB3D-4270-9D49-7389EA579090} REG_SZ EasyBits Security Shield Hook - prevents launching insecure programs by kids
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe REG_SZ C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
===============
ActivX controls
===============
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{233C1507-6A77-46A4-9443-F871F945D258}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
==============
BHO :
======
[<NO NAME> REG_SZ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{346de098-61f9-4b42-89da-6dfba7091bb6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
===
DNS
===
HKLM\SYSTEM\CCS\Services\Tcpip\..\{3277018D-B9F7-4BB5-BB04-63FD1EC325B3}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3277018D-B9F7-4BB5-BB04-63FD1EC325B3}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{3277018D-B9F7-4BB5-BB04-63FD1EC325B3}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/
Local Page REG_EXPAND_SZ %SystemRoot%\system32\blank.htm
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.fr/?gws_rd=ssl
Local Page REG_SZ C:\Windows\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
Wlansvc : 0x3 ( OK = 2 )
SharedAccess : 0x2 ( OK = 2 )
windefend : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
wscsvc : 0x2 ( OK = 2 )
========
Safemode
========
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot" : OK !!
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal" : OK !!
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network" : OK !!
=========
Atapi.sys
=========
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\Windows\ERDNT\cache\atapi.sys
##
19944,1f05b78ab91c9075565a9d8a4b880bc4,737be9f9376dab0ccdfed93ea6d67f0c432367ea63cd772a453485be769af3bd,C:\Windows\ERDNT\cache\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\Windows\System32\drivers\atapi.sys
##
19944,1f05b78ab91c9075565a9d8a4b880bc4,737be9f9376dab0ccdfed93ea6d67f0c432367ea63cd772a453485be769af3bd,C:\Windows\System32\drivers\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
##
19944,1f05b78ab91c9075565a9d8a4b880bc4,737be9f9376dab0ccdfed93ea6d67f0c432367ea63cd772a453485be769af3bd,C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
##
19048,4f4fcb8b6ea06784fb6d475b7ec7300f,6202d85c9a75e3f01f5f94f069c4cd8a2b9295a182301eae5940ec3bc2c1d896,C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
##
21560,2d9c903dc76a66813d350a562de40ed9,82609f01a08c6842e4c17c077bb641c1429c0e6657964b7f2d114035e1bdcbf3,C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
##
21560,2d9c903dc76a66813d350a562de40ed9,82609f01a08c6842e4c17c077bb641c1429c0e6657964b7f2d114035e1bdcbf3,C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
##
19944,1f05b78ab91c9075565a9d8a4b880bc4,737be9f9376dab0ccdfed93ea6d67f0c432367ea63cd772a453485be769af3bd,C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
Référence :
==========
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e
=======
Drive :
=======
D'fragmenteur de disque Windows
Copyright (c) 2006 Microsoft Corp.
Rapport d'analyse pour le volume C: HDD
Taille du volume = 286 Go
Espace libre = 200 Go
tendue d'espace libre la plus grande = 99.05 Go
Pourcentage de fragmentation des fichiers = 1 %
Remarqueÿ: sur les volumes NTFS, les fragments de fichiers de plus de 64ÿMo ne sont pas inclus dans les statistiques de fragmentation.
Il n'est pas n'cessaire de d'fragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Present !! : C:\Windows\Installer\{E1B94435-241E-4519-B1C3-C4DD9EB352A2}
Present !! : C:\Windows\System32\???????????????????????????????????????????????????????????????????????.vbs
Present !! : C:\Windows\System32\drivers\etc\hosts.msn
Present !! : C:\Windows\System32\EZUPBH~1.DLL"
Present !! : C:\Users\jes\AppData\Local\d3d9caps.dat
Present !! : C:\Users\jes\AppData\Local\GDIPFONTCACHEV1.DAT
Present !! : C:\Users\jes\Local Settings\Temp\jes.bmp
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Present !! : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Present !! : HKEY_USERS\S-1-5-21-4007347698-596265779-3101119184-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :
choisis l'option clean
ton PC va redemarrer,
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
colle le contenu dans ta reponse
a+
mais cette fois-ci :
choisis l'option clean
ton PC va redemarrer,
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
colle le contenu dans ta reponse
a+
Kill'em by g3n-h@ckm@n 1.7.0.5
User : jes (Administrateurs)
Update on 12/04/2010 by g3n-h@ckm@n ::::: 06.20
Start at: 20:11:17 | 13/04/2010
AMD Phenom(tm) 9100e Quad-Core Processor
Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 7.0.6002.18005
Windows Firewall Status : Enabled
C:\ -> Disque fixe local | 286,09 Go (198,78 Go free) [HDD] | NTFS
D:\ -> Disque amovible
E:\ -> Disque amovible
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque CD-ROM
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\Windows\Installer\{E1B94435-241E-4519-B1C3-C4DD9EB352A2}
Quarantined & Deleted !! : C:\Windows\System32\gatherWiredInfo.vbs
Quarantined & Deleted !! : C:\Windows\System32\gatherWirelessInfo.vbs
Quarantined & Deleted !! : C:\Windows\System32\slmgr.vbs
Quarantined & Deleted !! : C:\Windows\System32\winrm.vbs
Quarantined & Deleted !! : C:\Windows\System32\drivers\etc\hosts.msn
Quarantined & Deleted !! : C:\Windows\System32\EZUPBH~1.DLL
Quarantined & Deleted !! : C:\Users\jes\AppData\Local\d3d9caps.dat
Quarantined & Deleted !! : C:\Users\jes\AppData\Local\GDIPFONTCACHEV1.DAT
Quarantined & Deleted !! : C:\Users\jes\Local Settings\Temp\jes.bmp
Deleted !! : C:\$Recycle.bin\S-1-5-21-4007347698-596265779-3101119184-1000\$IFBL00Y
==============
host file OK !
==============
========
Registry
========
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Deleted : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Deleted : "HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}"
Deleted : "HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}"
Deleted : HKCR\ezUPBHook.ShellObj
Deleted : HKCR\ezUPBHook.ShellObj.1
Deleted : HKCR\TypeLib\{478CAB91-9E28-11D4-97FF-0050047D51FB}
Deleted : HKCU\software\Iminent
Deleted : HKLM\Software\Classes\Interface\{01009AEC-AFAA-4982-9F2B-6411C5C27E77}
Deleted : HKLM\software\Iminent
=================
Internet Explorer
=================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.com/?gws_rd=ssl
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
===============
Security Center
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval REG_DWORD 1 (0x1)
FirewallDisableNotify REG_DWORD 0 (0x0)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
FirstRunDisabled REG_DWORD 1 (0x1)
AntiVirusOverride REG_DWORD 1 (0x1)
FirewallOverride REG_DWORD 1 (0x1)
========
Services
=========
Ndisuio : Start = 3
EapHost : Start = 2
Wlansvc : Start = 2
SharedAccess : Start = 2
windefend : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2
============
Disk Cleaned
============
=================
anti-ver blaster : OK !!
=================
================
Prefetch cleaned
================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
User : jes (Administrateurs)
Update on 12/04/2010 by g3n-h@ckm@n ::::: 06.20
Start at: 20:11:17 | 13/04/2010
AMD Phenom(tm) 9100e Quad-Core Processor
Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 7.0.6002.18005
Windows Firewall Status : Enabled
C:\ -> Disque fixe local | 286,09 Go (198,78 Go free) [HDD] | NTFS
D:\ -> Disque amovible
E:\ -> Disque amovible
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque CD-ROM
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\Windows\Installer\{E1B94435-241E-4519-B1C3-C4DD9EB352A2}
Quarantined & Deleted !! : C:\Windows\System32\gatherWiredInfo.vbs
Quarantined & Deleted !! : C:\Windows\System32\gatherWirelessInfo.vbs
Quarantined & Deleted !! : C:\Windows\System32\slmgr.vbs
Quarantined & Deleted !! : C:\Windows\System32\winrm.vbs
Quarantined & Deleted !! : C:\Windows\System32\drivers\etc\hosts.msn
Quarantined & Deleted !! : C:\Windows\System32\EZUPBH~1.DLL
Quarantined & Deleted !! : C:\Users\jes\AppData\Local\d3d9caps.dat
Quarantined & Deleted !! : C:\Users\jes\AppData\Local\GDIPFONTCACHEV1.DAT
Quarantined & Deleted !! : C:\Users\jes\Local Settings\Temp\jes.bmp
Deleted !! : C:\$Recycle.bin\S-1-5-21-4007347698-596265779-3101119184-1000\$IFBL00Y
==============
host file OK !
==============
========
Registry
========
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Deleted : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Deleted : "HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}"
Deleted : "HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}"
Deleted : HKCR\ezUPBHook.ShellObj
Deleted : HKCR\ezUPBHook.ShellObj.1
Deleted : HKCR\TypeLib\{478CAB91-9E28-11D4-97FF-0050047D51FB}
Deleted : HKCU\software\Iminent
Deleted : HKLM\Software\Classes\Interface\{01009AEC-AFAA-4982-9F2B-6411C5C27E77}
Deleted : HKLM\software\Iminent
=================
Internet Explorer
=================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.com/?gws_rd=ssl
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
===============
Security Center
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval REG_DWORD 1 (0x1)
FirewallDisableNotify REG_DWORD 0 (0x0)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
FirstRunDisabled REG_DWORD 1 (0x1)
AntiVirusOverride REG_DWORD 1 (0x1)
FirewallOverride REG_DWORD 1 (0x1)
========
Services
=========
Ndisuio : Start = 3
EapHost : Start = 2
Wlansvc : Start = 2
SharedAccess : Start = 2
windefend : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2
============
Disk Cleaned
============
=================
anti-ver blaster : OK !!
=================
================
Prefetch cleaned
================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Non c'est pareil, pi ya meme Windows qui a mit un message avant hier ca disait : Windows a cessé de fonctionner, pi ca a redémarré après ché pas si ya un rapport avec
Va ds "demarrer"->" rechercher"
Ds cete fenètre copie : c:\program files\Mozilla Firefox
Tu derais y trouver un dossier "uninstall" --> double cic dessus et procède à
la desinstallation....
Fini ensuite se désinstaller firefox (si tu le trouves) via le panneau de config.
==> Réinstalles firefox, et dis si du mieux.
a+
Ds cete fenètre copie : c:\program files\Mozilla Firefox
Tu derais y trouver un dossier "uninstall" --> double cic dessus et procède à
la desinstallation....
Fini ensuite se désinstaller firefox (si tu le trouves) via le panneau de config.
==> Réinstalles firefox, et dis si du mieux.
a+
Télécharge SEAF.exe de C_XX .
Lien de téléchargement : http://pagesperso-orange.fr/NosTools/C_XX/SEAF.exe
Miroir : https://www.androidworld.fr/
*Double clique sur SEAF.exe ("éxécuter en tant qu'administrateur pour vista) .
*Une fenetre Cmd va s'ouvrir .
*Tape "entrée" .
mozilla firefox
*Patiente pendant la recherche .
*Une fenetre avec un log .txt va s'afficher .
*Copie/colle ce rapport dans ta prochaine réponse .
a+
Lien de téléchargement : http://pagesperso-orange.fr/NosTools/C_XX/SEAF.exe
Miroir : https://www.androidworld.fr/
*Double clique sur SEAF.exe ("éxécuter en tant qu'administrateur pour vista) .
*Une fenetre Cmd va s'ouvrir .
*Tape "entrée" .
mozilla firefox
*Patiente pendant la recherche .
*Une fenetre avec un log .txt va s'afficher .
*Copie/colle ce rapport dans ta prochaine réponse .
a+
Je comprend pas ca veux pas y mettre quand je valide
j'ai essayé de collé un résulta précèdent ca marche alors pourquoi ce lui la ca marche pas ?
j'ai essayé de collé un résulta précèdent ca marche alors pourquoi ce lui la ca marche pas ?
Essaye ceci :
*Double clique sur SEAF.exe ("éxécuter en tant qu'administrateur pour vista) .
*Une fenetre Cmd va s'ouvrir .
*Tape "entrée" .
firefox
*Patiente pendant la recherche .
*Une fenetre avec un log .txt va s'afficher .
*Copie/colle ce rapport dans ta prochaine réponse .
a+
*Double clique sur SEAF.exe ("éxécuter en tant qu'administrateur pour vista) .
*Une fenetre Cmd va s'ouvrir .
*Tape "entrée" .
firefox
*Patiente pendant la recherche .
*Une fenetre avec un log .txt va s'afficher .
*Copie/colle ce rapport dans ta prochaine réponse .
a+
Normal, il doit etre trop long....
Héberge le sur http://www.cijoint.fr/ et colle moi le lien qui sera généré .
a demain, je coupe ce soir...
Héberge le sur http://www.cijoint.fr/ et colle moi le lien qui sera généré .
a demain, je coupe ce soir...
