A voir également:
- Virus tenace même après formatage
- Formatage pc - Guide
- Formatage - Guide
- Youtu.be virus - Accueil - Guide virus
- Formatage conditionnel excel - Guide
- Svchost.exe virus - Guide
35 réponses
fercink
Messages postés
236
Date d'inscription
jeudi 10 mai 2007
Statut
Membre
Dernière intervention
18 mai 2012
13
Modifié par fercink le 9/04/2010 à 16:25
Modifié par fercink le 9/04/2010 à 16:25
Salut même après formatage ils se peut qu'un virus resiste! Par exemple en ayant un port ouvert sur ta box donc jete un coup d'oeil
Utilisateur anonyme
9 avril 2010 à 16:42
9 avril 2010 à 16:42
salut
▶ Télécharge UsbFix
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
▶ Double clic sur le raccourci UsbFix présent sur ton bureau .
▶ Au menu principal choisis l'option " F " pour français et tape sur [entrée] .
▶ Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]
▶ Laisse travailler l'outil.
▶ Ensuite post le rapport UsbFix.txt qui apparaitra.
Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
▶ Télécharge UsbFix
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
▶ Double clic sur le raccourci UsbFix présent sur ton bureau .
▶ Au menu principal choisis l'option " F " pour français et tape sur [entrée] .
▶ Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]
▶ Laisse travailler l'outil.
▶ Ensuite post le rapport UsbFix.txt qui apparaitra.
Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Voilà le rapport usbfix:
############################## | UsbFix V6.101 |
User : Administrateur (Administrateurs) # TAHIR-E69ED44F5
Update on 08/04/2010 by El Desaparecido , C_XX & Chimay8
Start at: 16:54:49 | 09/04/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Enabled
AV : Kaspersky Anti-Virus 9.0.0.736 [ (!) Disabled | Updated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
B:\ -> Lecteur de disquettes 3 ½ pouces # 1,39 Mo (0,92 Mo free) # FAT
C:\ -> Disque fixe local # 19,53 Go (19,4 Go free) [Disque local] # NTFS
D:\ -> Disque fixe local # 24,41 Go (20,27 Go free) # NTFS
E:\ -> Disque fixe local # 232,88 Go (60,75 Go free) [Série Film Dev Perso] # NTFS
F:\ -> Disque fixe local # 17,73 Go (2,78 Go free) [DONNÉES] # FAT32
G:\ -> Disque fixe local # 308,08 Go (85,37 Go free) [Film] # NTFS
H:\ -> Disque fixe local # 263,68 Go (27,36 Go free) [Série, Dev Perso] # NTFS
I:\ -> Disque CD-ROM # 2,01 Mo (0 Mo free) [Pop key] # CDFS
J:\ -> Disque amovible # 3,7 Go (1,62 Go free) [PUBLIC] # FAT32
U:\ -> Disque amovible # 1,93 Go (1,35 Go free) [USB DISK] # NTFS
################## | Elements infectieux |
D:\WINDOWS\System32\w.exe
I:\autorun.inf
J:\autorun.inf
J:\RunDll32.exe
J:\svchost.exe
J:\Temp002\key.exe
J:\Temp002
U:\autorun.inf
U:\ctfmon.exe
U:\explorer.exe
U:\svchost.exe
U:\userinit.exe
U:\HJTInstall.exe
D:\WINDOWS\system32\userinit.exe
U:\ATI2EVXX.EXE
U:\CTFMON.EXE
U:\EXPLORER.EXE
U:\SPIDER.EXE
################## | Registre |
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "Regedit32"
################## | Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{853bf66e-43e1-11df-a110-001d7dd0d75e}
Shell\AutoRun\command =J:\RUNDLL32.exe .EXE
HKCU\..\..\Explorer\MountPoints2\{babd46b3-43d3-11df-bb57-806d6172696f}
Shell\AutoRun\command =U:\ATI2EVXX.EXE
################## | Vaccin |
################## | ! Fin du rapport # UsbFix V6.101 ! |
Merci ;)
############################## | UsbFix V6.101 |
User : Administrateur (Administrateurs) # TAHIR-E69ED44F5
Update on 08/04/2010 by El Desaparecido , C_XX & Chimay8
Start at: 16:54:49 | 09/04/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Enabled
AV : Kaspersky Anti-Virus 9.0.0.736 [ (!) Disabled | Updated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
B:\ -> Lecteur de disquettes 3 ½ pouces # 1,39 Mo (0,92 Mo free) # FAT
C:\ -> Disque fixe local # 19,53 Go (19,4 Go free) [Disque local] # NTFS
D:\ -> Disque fixe local # 24,41 Go (20,27 Go free) # NTFS
E:\ -> Disque fixe local # 232,88 Go (60,75 Go free) [Série Film Dev Perso] # NTFS
F:\ -> Disque fixe local # 17,73 Go (2,78 Go free) [DONNÉES] # FAT32
G:\ -> Disque fixe local # 308,08 Go (85,37 Go free) [Film] # NTFS
H:\ -> Disque fixe local # 263,68 Go (27,36 Go free) [Série, Dev Perso] # NTFS
I:\ -> Disque CD-ROM # 2,01 Mo (0 Mo free) [Pop key] # CDFS
J:\ -> Disque amovible # 3,7 Go (1,62 Go free) [PUBLIC] # FAT32
U:\ -> Disque amovible # 1,93 Go (1,35 Go free) [USB DISK] # NTFS
################## | Elements infectieux |
D:\WINDOWS\System32\w.exe
I:\autorun.inf
J:\autorun.inf
J:\RunDll32.exe
J:\svchost.exe
J:\Temp002\key.exe
J:\Temp002
U:\autorun.inf
U:\ctfmon.exe
U:\explorer.exe
U:\svchost.exe
U:\userinit.exe
U:\HJTInstall.exe
D:\WINDOWS\system32\userinit.exe
U:\ATI2EVXX.EXE
U:\CTFMON.EXE
U:\EXPLORER.EXE
U:\SPIDER.EXE
################## | Registre |
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "Regedit32"
################## | Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{853bf66e-43e1-11df-a110-001d7dd0d75e}
Shell\AutoRun\command =J:\RUNDLL32.exe .EXE
HKCU\..\..\Explorer\MountPoints2\{babd46b3-43d3-11df-bb57-806d6172696f}
Shell\AutoRun\command =U:\ATI2EVXX.EXE
################## | Vaccin |
################## | ! Fin du rapport # UsbFix V6.101 ! |
Merci ;)
Utilisateur anonyme
9 avril 2010 à 17:14
9 avril 2010 à 17:14
internet explorer n'est pas à jour...
▶ (!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir
▶ Double clic (clic droit "en tant qu'administrateur" pour Vista)sur le raccourci UsbFix présent sur ton bureau
▶ Au menu principal choisis l'option " F " pour français et tape sur [entrée] .
▶ Au second menu Choisis l'option " 2 " ( Suppression ) et tape sur [entrée]
▶ Ton bureau disparaitra et le pc redémarrera .
▶ Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.
▶ Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .
Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
▶ (!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir
▶ Double clic (clic droit "en tant qu'administrateur" pour Vista)sur le raccourci UsbFix présent sur ton bureau
▶ Au menu principal choisis l'option " F " pour français et tape sur [entrée] .
▶ Au second menu Choisis l'option " 2 " ( Suppression ) et tape sur [entrée]
▶ Ton bureau disparaitra et le pc redémarrera .
▶ Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.
▶ Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .
Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Voilà le nouveau rapport après "travail" d'usbfix:
############################## | UsbFix V6.101 |
User : Administrateur (Administrateurs) # TAHIR-E69ED44F5
Update on 08/04/2010 by El Desaparecido , C_XX & Chimay8
Start at: 18:55:19 | 09/04/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Enabled
AV : Kaspersky Anti-Virus 9.0.0.736 [ (!) Disabled | Updated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
B:\ -> Lecteur de disquettes 3 ½ pouces # 1,39 Mo (0,92 Mo free) # FAT
C:\ -> Disque fixe local # 19,53 Go (19,4 Go free) [Disque local] # NTFS
D:\ -> Disque fixe local # 24,41 Go (20,19 Go free) # NTFS
E:\ -> Disque fixe local # 232,88 Go (60,75 Go free) [Série Film Dev Perso] # NTFS
F:\ -> Disque fixe local # 17,73 Go (2,78 Go free) [DONNÉES] # FAT32
G:\ -> Disque fixe local # 308,08 Go (85,37 Go free) [Film] # NTFS
H:\ -> Disque fixe local # 263,68 Go (27,36 Go free) [Série, Dev Perso] # NTFS
U:\ -> Disque amovible # 1,93 Go (1,35 Go free) [USB DISK] # NTFS
################## | Elements infectieux |
Supprimé ! D:\WINDOWS\System32\w.exe
Supprimé ! E:\Recycler\S-1-5-21-1960408961-790525478-1801674531-500
Supprimé ! E:\Recycler\S-1-5-21-484763869-1770027372-839522115-500
Supprimé ! E:\Recycler\S-1-5-21-583907252-688789844-725345543-500
Supprimé ! E:\Recycler\S-1-5-21-606747145-602162358-839522115-500
Supprimé ! G:\Recycler\S-1-5-21-484763869-1770027372-839522115-500
Supprimé ! G:\Recycler\S-1-5-21-606747145-602162358-839522115-500
Supprimé ! H:\Recycler\S-1-5-21-484763869-1770027372-839522115-500
Supprimé ! H:\Recycler\S-1-5-21-606747145-602162358-839522115-500
Supprimé ! U:\autorun.inf
Supprimé ! U:\ctfmon.exe
Supprimé ! U:\explorer.exe
Supprimé ! U:\svchost.exe
Supprimé ! U:\userinit.exe
Supprimé ! U:\HJTInstall.exe
Supprimé ! D:\WINDOWS\system32\userinit.exe
Supprimé ! U:\ATI2EVXX.EXE
Supprimé ! U:\SPIDER.EXE
################## | Registre |
Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "Regedit32"
################## | Mountpoints2 |
################## | Listing des fichiers présent |
[09/04/2010 20:19|-rahs----|158] C:\boot.ini
[09/04/2010 15:01|--a------|67462248] C:\kaspersky-antivirus-2010_kaspersky_antivirus_2010_9.0.0.736_final_francais_10479.exe
[14/04/2008 14:00|--a------|252240] C:\ntldr
[09/04/2010 15:33|--a------|820] C:\pr'.reg
[09/04/2010 15:11|--a------|719145] C:\Resetter 2.3.zip
[09/04/2010 15:46|--a------|4853248] C:\stinger1010815.exe
[09/04/2010 14:24|--a------|483] D:\boot.ini
[?|?|?] D:\pagefile.sys
[09/04/2010 19:01|--a------|2753] D:\UsbFix.txt
[12/08/2009 01:10|--a------|57647232] E:\10410-11.08.2009-ITEMA_20190586-0.mp3
[21/10/2009 22:12|--a------|4819910656] E:\FINAL FANTASY 12 (PS2).iso
[17/04/2009 19:47|--a------|732688140] E:\Final Fantasy VIII - CD1 by elbenzi.nrg
[29/09/2009 18:07|--a------|4598792192] E:\FINAL FANTASY X.iso
[01/02/2007 19:02|--a------|344064] E:\hjsplit.exe
[08/04/2010 02:54|--a------|96324551] E:\Kaspersky%20Total%20Protection%202010.rar
[28/04/2008 12:25|--a------|628500480] E:\Le Petit Larousse 2008 by moreno.iso
[03/09/2008 19:04|--a------|65536] E:\lettre mehdi.doc
[02/06/2009 00:44|--a------|935936] E:\manuelfrancais.pdf
[02/08/2009 15:17|--a------|173568] E:\RapidShare_Plus.exe
[17/11/2009 12:47|--a------|8518] E:\readme_ver102.html
[20/07/2009 15:33|--a------|4700864512] E:\rld-stf4.iso
[20/08/2009 01:01|--a------|1127] E:\RSPlus.conf
[20/08/2009 01:37|--a------|0] E:\RSPlus.que
[06/06/2009 20:29|--a------|128223] E:\seductionmanuscript.pdf
[10/03/2009 18:17|--ahs----|91136] E:\Thumbs.db
[24/05/2008 19:25|--a------|731648] E:\wISODP.exe
[08/04/2010 16:08|--a------|475869184] E:\WTR25-240508-Sata.iso
[29/05/2008 12:01|--a------|333824] E:\xtremsplit_xtremsplit_1.2_francais_14862.exe
[23/01/2007 19:57|--a------|1057092] F:\IMG_0014.jpg
[18/09/2008 00:39|--a------|744127] F:\IMG_0437.jpg
[22/03/2006 20:57|--a------|580984] F:\100_0099.JPG
[04/05/2007 01:46|--a------|1868679] F:\IMG_0715.jpg
[04/05/2007 01:54|--a------|1908813] F:\IMG_0716.jpg
[04/05/2007 01:56|--a------|1878803] F:\IMG_0717.jpg
[19/06/2007 19:16|--a------|233582] F:\IMG_0728.jpg
[18/09/2008 00:39|--ahs----|53248] F:\Thumbs.db
[26/03/2008 10:41|--a------|3137366] F:\14 What the World Needs Now Is Love.wma
[07/01/2005 19:05|--a------|11] F:\Microsoft Visual Basic 6 Professional.txt
[24/08/2007 13:03|--a------|195746] F:\000_0095.jpg
[24/08/2007 13:07|--a------|188118] F:\000_0103.jpg
[24/08/2007 13:09|--a------|194972] F:\000_0105.jpg
[24/08/2007 13:10|--a------|191446] F:\000_0106.jpg
[26/10/2007 22:21|--a------|1082925] F:\NEW-V2.pdf
[26/09/2008 18:35|--a------|6258277] F:\Event_of_the_day.wma
[26/03/2010 19:26|---------|12513] F:\PES2010crack101.torrent
[26/03/2008 11:55|--a------|4093030] F:\01 Let Go.wma
[09/10/2007 01:13|--a------|362514] F:\09.rar
[11/10/2008 15:03|--a------|49152] F:\memtest.exe
[11/10/2008 15:23|--a------|12029] F:\manual.html
[22/11/2008 12:41|--a------|129221744] F:\080517.mp3
[04/05/2007 02:03|--a------|1994809] F:\IMG_0737.jpg
[04/05/2007 02:03|--a------|1459025] F:\IMG_0748.jpg
[04/05/2007 02:04|--a------|1368247] F:\IMG_0751.jpg
[04/05/2007 02:04|--a------|1640515] F:\IMG_0758.jpg
[11/10/2008 15:03|--a------|49152] F:\Copie de memtest.exe
[26/03/2008 11:32|--a------|2593182] F:\01 Bang Bang (My Baby Shot Me Down).wma
[12/02/2008 12:49|--a------|22132224] F:\Dream on Tahhhhhhhhir.avi
[24/03/2008 17:10|--a------|1697092] F:\07 Edward Meets the World- Ice Dance.wma
[27/06/2007 17:58|--a------|394569] F:\020078.zip
[19/03/2006 11:19|---------|527327808] F:\SFA3.bin
[16/05/2008 11:08|--a------|1468] F:\bribes d'un poeme.rtf
[16/05/2008 11:09|--a------|991] F:\le createur.rtf
[16/10/2007 22:28|--a------|45] F:\e0107-032.ram
[24/03/2008 17:13|--a------|3316580] F:\15 Poor Edward- The Grand Finale.wma
[24/03/2008 17:56|--a------|1179648] F:\01 Edward Meets the World- Introduction (Titles).wma
[13/10/2007 04:02|--a------|292766760] F:\RIM
[24/08/2007 13:11|--a------|193996] F:\000_0107.jpg
[24/08/2007 13:13|--a------|184228] F:\000_0108.jpg
[24/08/2007 13:13|--a------|194244] F:\000_0109.jpg
[02/07/2007 16:20|--a------|39254] F:\brel_jacque_jacquesbr_101b.jpg
[25/07/2007 00:42|--a------|84514944] F:\10199-24.07.2007-ITEMA_20079689-0.mp3
[24/03/2008 17:56|--a------|0] F:\02 Edward Meets the World- Storytime.wma
[24/03/2008 17:56|--a------|0] F:\04 Edward Meets the World- Beautiful New World-Home Sweet Home.wma
[26/03/2008 11:40|--a------|3053692] F:\01 Accidentally in Love.wma
[29/03/2008 22:46|--a------|5192896] F:\02 Grace.wma
[18/03/2010 18:16|---------|20817] F:\Authentic Man Program - The Power of Appreciation.torrent
[05/04/2010 12:13|---------|36206] F:\Mastery Series.torrent
[22/03/2010 17:29|--a------|29154896] F:\10-2_xp32_dd.exe
[26/03/2008 11:48|--a------|3316498] F:\05 Colorblind.wma
[19/03/2006 11:16|---------|138] F:\SFA3.cue
[22/03/2010 23:42|---------|6176] F:\PCSX2 0.9.1, Bios and Plugins.torrent
[05/10/2007 05:11|--a------|1704869425] F:\[PSOne][PSX][PS1] Final Fantasy IX ou 9 - PAL FR - [LES 4 CD PAR MYTOO].rar
[12/06/2008 16:24|--a------|15341] F:\AR-1213280662859.pdf
[27/04/2009 11:11|--a------|80] F:\logiciels
[12/06/2008 16:25|--a------|15341] F:\d'claration impots 2007 segueg sofia
[24/03/2008 19:11|--a------|1583562] F:\08 Edward Meets the World- Eitquette Lesson.wma
[25/04/2008 13:10|--a------|4254454] F:\04 Solsbury Hill.wma
[28/03/2008 17:47|--a------|224829] F:\Java Pour les nuls.pdf
[07/03/2006 14:22|--a------|1776] F:\essai txt.txt
[06/04/2010 17:03|---------|13888] F:\The Myth Of Male Power.torrent
[30/03/2008 11:29|--a------|6680908] F:\06 Hallelujah.wma
[02/06/2009 18:49|--a------|3568] F:\souvenirs difficiles.doc
[30/03/2008 11:50|--a------|5521284] F:\01 Mojo Pin.wma
[30/03/2008 11:50|--a------|4457838] F:\03 Last Goodbye.wma
[30/03/2008 11:50|--a------|4565426] F:\05 So Real.wma
[30/03/2008 11:50|--a------|6513618] F:\07 Lover, You Should've Come Over.wma
[30/03/2008 22:16|--a------|3609330] F:\09 Somebody to Love.wma
[03/04/2008 13:20|--a------|4695608] F:\Desree - Kissing you (Romeo and Juliette Soundtrack)@.mp3
[04/04/2008 10:51|--a------|4762486] F:\Le bal des lazes.wma
[05/04/2008 11:29|--a------|1308872] F:\05 [Untranslated].wma
[05/04/2008 11:29|--a------|639560] F:\20 [Untranslated].wma
[05/04/2008 11:29|--a------|830792] F:\24 [Untranslated].wma
[05/04/2008 11:30|--a------|645536] F:\28 [Untranslated].wma
[05/04/2008 11:30|--a------|2247144] F:\30 [Untranslated] [Milennium Version].wma
[05/04/2008 11:30|--a------|2091236] F:\06 Piste 6.wma
[05/04/2008 11:30|--a------|3059348] F:\07 Piste 7.wma
[05/04/2008 11:30|--a------|2503580] F:\09 Piste 9.wma
[05/04/2008 11:30|--a------|1457780] F:\17 Piste 17.wma
[05/04/2008 11:30|--a------|1995620] F:\21 Piste 21.wma
[05/04/2008 11:30|--a------|3214724] F:\25 Piste 25.wma
[11/04/2008 10:46|--a------|4116946] F:\01 Here with Me.wma
[11/04/2008 10:46|--a------|3531578] F:\06 Thank You.wma
[13/04/2008 10:45|--a------|3465636] F:\01 Runaway.wma
[13/04/2008 10:45|--a------|3794688] F:\04 When I Think of You.wma
[12/06/2008 16:25|--a------|15341] F:\AR-1213280722203.pdf
[17/05/2008 15:07|--a------|3728072] F:\Leonard Cohen - Hallelujah (Live).mp3
[04/05/2008 11:43|--a------|4256195] F:\Leonard Cohen - I'm Your Man.mp3
[16/05/2008 18:41|--a------|4478976] F:\Leonard Cohen - Hallelujah.mp3
[30/09/2007 16:19|--a------|149] F:\msg univ.txt
[16/05/2008 11:33|--a------|161] F:\Log ... r'cup.txt
[12/06/2008 16:26|--a------|15341] F:\AR-1213280785656.pdf
[13/04/2009 01:28|--a------|13774] F:\pens'es.odt
[21/05/2008 19:38|--a------|8785] F:\l'amour, c'est.rtf
[16/06/2009 01:55|--a------|4315055] F:\220-daybreak.mp3
[16/05/2008 14:51|--a------|154827] F:\bookmarks.html
[08/11/2008 03:08|--a------|65536] F:\beau message.doc
[26/11/2008 01:50|--a------|6113439] F:\pci_filerecovery.exe
[22/11/2008 16:51|--a------|729311232] F:\The.Dark.Knight.FRENCH.DVDRiP.REPACK.1CD.XViD.ITOMA.by share.avi
[20/08/2008 00:10|--a------|81948412] F:\10x22 Les Gros QI.dpg
[02/12/2008 12:11|--a------|65024] F:\Developpement.doc
[18/04/2009 22:18|--a------|254679] F:\JohnZerzan-Futur-primitif.pdf
[20/08/2008 00:02|--a------|84634684] F:\10x23 Le Pire Du Soleil-Levant.dpg
[09/12/2008 20:48|--a------|65536] F:\lettre bourse universit'.doc
[13/01/2009 11:21|--a------|93138944] F:\EFT en FRANCAIS RECETTE DE BASE 1.mpg
[20/04/2009 14:16|--a------|14953662] F:\show_301492.mp3
[08/04/2009 22:45|--a------|34816] F:\CV - Sh'h'razade (2008).doc
[29/09/2008 21:40|--a------|30720] F:\Event of the day traduction.doc
[26/06/2008 10:59|--a------|9882] F:\lettre de motivation universit'.odt
[24/11/2008 12:16|--a------|67072] F:\Lettre pour le logement.doc
[27/04/2009 11:23|--a------|56619] F:\Bookmarks 2009-04-27.json
[10/07/2008 14:39|--a------|5570186] F:\Haydn - Clarinet Concerto in B Flat - 3 - Rondo.mp3
[19/05/2009 20:19|--a------|44032] F:\carnet d'entrainement m'thode lafay.doc
[08/05/2009 11:25|--a------|26624] F:\pens'es.doc
[20/11/2008 02:03|--a------|64512] F:\Voyage en Irlande.doc
[23/06/2009 21:38|--a------|40268] F:\4832_133740560280_605200280_3415117_741753_n.jpg
[23/06/2009 22:51|--a------|460756] F:\GangstR_rs1.rar
[27/01/2010 13:26|--a------|705200128] F:\Leaving Las Vegas.AVI
[27/01/2010 17:12|---------|15606] F:\Leaving Las Vegas (Soundtrack).torrent
[28/01/2010 00:42|--a------|367906816] F:\Au Dela Du R'el - S07E04 - Les MSres Porteuses.avi
[28/01/2010 00:13|--a------|365565952] F:\Au Dela Du R'el - S07E03 - Une Nouvelle Vie.avi
[28/01/2010 01:31|--a------|367859712] F:\Au Dela Du R'el - S07E05 - La Navette.avi
[05/04/2010 19:20|---------|98736] F:\David DeAngelo - Interviews with Dating Gurus.torrent
[02/03/2010 15:42|--a------|848412] H:\240399-The-Futures-Toolkit-on-how-to-program-and-interface-humans.pdf
[30/12/2009 12:24|--a------|2638769] H:\3ToDePlaisirBySozay.rar
[30/10/2009 20:41|--a------|40268] H:\4832_133740560280_605200280_3415117_741753_n.jpg
[03/03/2010 19:43|--a------|14018] H:\Affiche.pdf
[08/06/2009 18:10|--a------|7640] H:\anpe.odt
[28/12/2009 13:26|--a------|8178] H:\Attestation.pdf
[06/04/2010 18:16|--a------|16529] H:\Au fil de mes lectures.odt
[08/04/2010 03:44|--a------|59464] H:\bookmarks-2010-04-08.json
[03/02/2010 02:43|--a------|86181] H:\chi-start.PDF
[06/10/2009 23:23|--a------|9671] H:\comp'tence.odt
[13/03/2010 16:45|--a------|5688298] H:\Copie de The Power of Your Other Hand - A Course in Channeling the Inner Wisdom of the Right Brain.pdf
[07/10/2009 12:21|--a------|9636] H:\cvmissionlocale.zip
[18/03/2010 02:39|--a------|11588] H:\Films ... voir.odt
[13/03/2010 04:18|--a------|10864] H:\Films ... voir1.odt
[11/12/2009 15:52|--a------|94720] H:\Formation d'veloppeurs de sites WEB.doc
[08/12/2009 20:09|--a------|39424] H:\Jounal Muscu et prise de masse.doc
[04/04/2010 19:02|--a------|29696] H:\journal.doc
[24/09/2009 22:26|--a------|117840223] H:\la bio-energie sign'.pdf
[26/11/2009 17:39|--a------|9216] H:\lecture.doc
[08/11/2009 18:18|--a------|12288] H:\letres taxe d'habitation.doc
[07/04/2010 00:57|--a------|13824] H:\lettre de motivation1.doc
[18/11/2009 19:09|--a------|14336] H:\lettre motivation.doc
[09/11/2009 13:39|--a------|25088] H:\Lettre_motivation_Tahir_Belkadi.doc
[18/11/2009 18:55|--a------|49152] H:\list prat 75.xls
[24/01/2010 03:47|--a------|8746] H:\Livres ... Lire.odt
[24/01/2010 03:47|--a------|8746] H:\Livres ... Lire1.odt
[25/11/2009 17:07|--a------|167936] H:\Livret 2 - Mlle Segueg Sh'h'razade.doc
[08/04/2010 10:35|--a------|3231721] H:\motherboard_driver_lan_realtek_8111.exe
[28/09/2009 17:16|--a------|37094] H:\n530726614.jpg
[21/12/2009 15:39|--a------|215210] H:\Nessie v1.02.exe
[09/04/2010 00:11|--a------|644409] H:\pdf-o-matic.pdf
[06/04/2010 20:46|--a------|13312] H:\plan d'action.doc
[18/01/2000 13:27|--a------|262160] H:\Punch-Out!!.nes
[06/01/2010 19:29|--a------|14336] H:\Seduction.doc
[18/11/2009 19:16|--a------|24576] H:\Tahir BELKADI dev web.doc
[17/03/2010 19:54|--a------|24576] H:\Tahir BELKADI.doc
[13/03/2010 16:45|--a------|5688298] H:\The Power of Your Other Hand - A Course in Channeling the Inner Wisdom of the Right Brain.pdf
[20/11/2009 22:49|--a------|10752] H:\tirage rune.doc
[06/10/2009 12:54|--a------|179587] H:\Unidialog_5129816M_1254826488285.pdf
[06/11/2009 17:56|--a------|187144] H:\Unidialog_5129816M_1257522951515.pdf
[28/11/2009 18:33|--a------|187152] H:\Unidialog_5129816M_1259425856308.pdf
[04/01/2010 00:08|--a------|187150] H:\Unidialog_5129816M_1262556470541.pdf
[03/02/2010 18:31|--a------|187148] H:\Unidialog_5129816M_1265214638946.pdf
[01/03/2010 01:48|--a------|187138] H:\Unidialog_5129816M_1267400910044.pdf
[30/03/2010 18:53|--a------|179536] H:\Unidialog_5129816M_1269968005724.pdf
[05/02/2010 16:22|--a------|28477314] H:\video.mp4
[06/07/2008 23:31|--a------|22956] H:\wjbutton_en.xpi
[09/04/2010 12:28|--a------|1217] U:\BOOT.INI
[14/04/2008 14:00|--a------|4952] U:\BOOTFONT.BIN
[31/03/2009 21:20|--a------|2048] U:\default
[31/03/2009 21:20|--a------|217769] U:\grldr
[09/04/2010 12:20|--a------|2212] U:\menu.lst
[14/04/2008 14:00|--a------|47564] U:\NTDETECT.COM
[14/04/2008 14:00|--a------|252240] U:\NTLDR
[12/05/2007 03:03|--a------|633] U:\README.txt
[25/10/2007 23:17|--ah-----|51200] U:\RUNDLL32 .EXE
[25/10/2007 23:17|--ah-----|51200] U:\SPOOLSV.EXE
[09/04/2010 15:47|--a------|2213888] U:\stinger.exe
[09/04/2010 15:47|--a------|4853248] U:\stinger1010815.exe
[09/04/2010 15:48|--a------|8000000] U:\stinger1010838.exe
[09/04/2010 12:28|--a------|430477] U:\TXTSETUP.SIF
[14/04/2008 14:00|--a------|10] U:\WIN51
[14/04/2008 14:00|--a------|10] U:\WIN51IP
[14/04/2008 14:00|--a------|10] U:\WIN51IP.SP3
[31/03/2009 21:20|--a------|2048] U:\windefault
[09/04/2010 12:20|--a------|304] U:\winsetup.lst
################## | Vaccination |
# C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# D:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# E:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# F:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# G:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# H:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# U:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
################## | Upload |
Veuillez envoyer le fichier : D:\UsbFix_Upload_Me_TAHIR-E69ED44F5.zip : https://www.ionos.fr/?affiliate_id=77097
Merci pour votre contribution .
################## | ! Fin du rapport # UsbFix V6.101 ! |
############################## | UsbFix V6.101 |
User : Administrateur (Administrateurs) # TAHIR-E69ED44F5
Update on 08/04/2010 by El Desaparecido , C_XX & Chimay8
Start at: 18:55:19 | 09/04/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Enabled
AV : Kaspersky Anti-Virus 9.0.0.736 [ (!) Disabled | Updated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
B:\ -> Lecteur de disquettes 3 ½ pouces # 1,39 Mo (0,92 Mo free) # FAT
C:\ -> Disque fixe local # 19,53 Go (19,4 Go free) [Disque local] # NTFS
D:\ -> Disque fixe local # 24,41 Go (20,19 Go free) # NTFS
E:\ -> Disque fixe local # 232,88 Go (60,75 Go free) [Série Film Dev Perso] # NTFS
F:\ -> Disque fixe local # 17,73 Go (2,78 Go free) [DONNÉES] # FAT32
G:\ -> Disque fixe local # 308,08 Go (85,37 Go free) [Film] # NTFS
H:\ -> Disque fixe local # 263,68 Go (27,36 Go free) [Série, Dev Perso] # NTFS
U:\ -> Disque amovible # 1,93 Go (1,35 Go free) [USB DISK] # NTFS
################## | Elements infectieux |
Supprimé ! D:\WINDOWS\System32\w.exe
Supprimé ! E:\Recycler\S-1-5-21-1960408961-790525478-1801674531-500
Supprimé ! E:\Recycler\S-1-5-21-484763869-1770027372-839522115-500
Supprimé ! E:\Recycler\S-1-5-21-583907252-688789844-725345543-500
Supprimé ! E:\Recycler\S-1-5-21-606747145-602162358-839522115-500
Supprimé ! G:\Recycler\S-1-5-21-484763869-1770027372-839522115-500
Supprimé ! G:\Recycler\S-1-5-21-606747145-602162358-839522115-500
Supprimé ! H:\Recycler\S-1-5-21-484763869-1770027372-839522115-500
Supprimé ! H:\Recycler\S-1-5-21-606747145-602162358-839522115-500
Supprimé ! U:\autorun.inf
Supprimé ! U:\ctfmon.exe
Supprimé ! U:\explorer.exe
Supprimé ! U:\svchost.exe
Supprimé ! U:\userinit.exe
Supprimé ! U:\HJTInstall.exe
Supprimé ! D:\WINDOWS\system32\userinit.exe
Supprimé ! U:\ATI2EVXX.EXE
Supprimé ! U:\SPIDER.EXE
################## | Registre |
Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "Regedit32"
################## | Mountpoints2 |
################## | Listing des fichiers présent |
[09/04/2010 20:19|-rahs----|158] C:\boot.ini
[09/04/2010 15:01|--a------|67462248] C:\kaspersky-antivirus-2010_kaspersky_antivirus_2010_9.0.0.736_final_francais_10479.exe
[14/04/2008 14:00|--a------|252240] C:\ntldr
[09/04/2010 15:33|--a------|820] C:\pr'.reg
[09/04/2010 15:11|--a------|719145] C:\Resetter 2.3.zip
[09/04/2010 15:46|--a------|4853248] C:\stinger1010815.exe
[09/04/2010 14:24|--a------|483] D:\boot.ini
[?|?|?] D:\pagefile.sys
[09/04/2010 19:01|--a------|2753] D:\UsbFix.txt
[12/08/2009 01:10|--a------|57647232] E:\10410-11.08.2009-ITEMA_20190586-0.mp3
[21/10/2009 22:12|--a------|4819910656] E:\FINAL FANTASY 12 (PS2).iso
[17/04/2009 19:47|--a------|732688140] E:\Final Fantasy VIII - CD1 by elbenzi.nrg
[29/09/2009 18:07|--a------|4598792192] E:\FINAL FANTASY X.iso
[01/02/2007 19:02|--a------|344064] E:\hjsplit.exe
[08/04/2010 02:54|--a------|96324551] E:\Kaspersky%20Total%20Protection%202010.rar
[28/04/2008 12:25|--a------|628500480] E:\Le Petit Larousse 2008 by moreno.iso
[03/09/2008 19:04|--a------|65536] E:\lettre mehdi.doc
[02/06/2009 00:44|--a------|935936] E:\manuelfrancais.pdf
[02/08/2009 15:17|--a------|173568] E:\RapidShare_Plus.exe
[17/11/2009 12:47|--a------|8518] E:\readme_ver102.html
[20/07/2009 15:33|--a------|4700864512] E:\rld-stf4.iso
[20/08/2009 01:01|--a------|1127] E:\RSPlus.conf
[20/08/2009 01:37|--a------|0] E:\RSPlus.que
[06/06/2009 20:29|--a------|128223] E:\seductionmanuscript.pdf
[10/03/2009 18:17|--ahs----|91136] E:\Thumbs.db
[24/05/2008 19:25|--a------|731648] E:\wISODP.exe
[08/04/2010 16:08|--a------|475869184] E:\WTR25-240508-Sata.iso
[29/05/2008 12:01|--a------|333824] E:\xtremsplit_xtremsplit_1.2_francais_14862.exe
[23/01/2007 19:57|--a------|1057092] F:\IMG_0014.jpg
[18/09/2008 00:39|--a------|744127] F:\IMG_0437.jpg
[22/03/2006 20:57|--a------|580984] F:\100_0099.JPG
[04/05/2007 01:46|--a------|1868679] F:\IMG_0715.jpg
[04/05/2007 01:54|--a------|1908813] F:\IMG_0716.jpg
[04/05/2007 01:56|--a------|1878803] F:\IMG_0717.jpg
[19/06/2007 19:16|--a------|233582] F:\IMG_0728.jpg
[18/09/2008 00:39|--ahs----|53248] F:\Thumbs.db
[26/03/2008 10:41|--a------|3137366] F:\14 What the World Needs Now Is Love.wma
[07/01/2005 19:05|--a------|11] F:\Microsoft Visual Basic 6 Professional.txt
[24/08/2007 13:03|--a------|195746] F:\000_0095.jpg
[24/08/2007 13:07|--a------|188118] F:\000_0103.jpg
[24/08/2007 13:09|--a------|194972] F:\000_0105.jpg
[24/08/2007 13:10|--a------|191446] F:\000_0106.jpg
[26/10/2007 22:21|--a------|1082925] F:\NEW-V2.pdf
[26/09/2008 18:35|--a------|6258277] F:\Event_of_the_day.wma
[26/03/2010 19:26|---------|12513] F:\PES2010crack101.torrent
[26/03/2008 11:55|--a------|4093030] F:\01 Let Go.wma
[09/10/2007 01:13|--a------|362514] F:\09.rar
[11/10/2008 15:03|--a------|49152] F:\memtest.exe
[11/10/2008 15:23|--a------|12029] F:\manual.html
[22/11/2008 12:41|--a------|129221744] F:\080517.mp3
[04/05/2007 02:03|--a------|1994809] F:\IMG_0737.jpg
[04/05/2007 02:03|--a------|1459025] F:\IMG_0748.jpg
[04/05/2007 02:04|--a------|1368247] F:\IMG_0751.jpg
[04/05/2007 02:04|--a------|1640515] F:\IMG_0758.jpg
[11/10/2008 15:03|--a------|49152] F:\Copie de memtest.exe
[26/03/2008 11:32|--a------|2593182] F:\01 Bang Bang (My Baby Shot Me Down).wma
[12/02/2008 12:49|--a------|22132224] F:\Dream on Tahhhhhhhhir.avi
[24/03/2008 17:10|--a------|1697092] F:\07 Edward Meets the World- Ice Dance.wma
[27/06/2007 17:58|--a------|394569] F:\020078.zip
[19/03/2006 11:19|---------|527327808] F:\SFA3.bin
[16/05/2008 11:08|--a------|1468] F:\bribes d'un poeme.rtf
[16/05/2008 11:09|--a------|991] F:\le createur.rtf
[16/10/2007 22:28|--a------|45] F:\e0107-032.ram
[24/03/2008 17:13|--a------|3316580] F:\15 Poor Edward- The Grand Finale.wma
[24/03/2008 17:56|--a------|1179648] F:\01 Edward Meets the World- Introduction (Titles).wma
[13/10/2007 04:02|--a------|292766760] F:\RIM
[24/08/2007 13:11|--a------|193996] F:\000_0107.jpg
[24/08/2007 13:13|--a------|184228] F:\000_0108.jpg
[24/08/2007 13:13|--a------|194244] F:\000_0109.jpg
[02/07/2007 16:20|--a------|39254] F:\brel_jacque_jacquesbr_101b.jpg
[25/07/2007 00:42|--a------|84514944] F:\10199-24.07.2007-ITEMA_20079689-0.mp3
[24/03/2008 17:56|--a------|0] F:\02 Edward Meets the World- Storytime.wma
[24/03/2008 17:56|--a------|0] F:\04 Edward Meets the World- Beautiful New World-Home Sweet Home.wma
[26/03/2008 11:40|--a------|3053692] F:\01 Accidentally in Love.wma
[29/03/2008 22:46|--a------|5192896] F:\02 Grace.wma
[18/03/2010 18:16|---------|20817] F:\Authentic Man Program - The Power of Appreciation.torrent
[05/04/2010 12:13|---------|36206] F:\Mastery Series.torrent
[22/03/2010 17:29|--a------|29154896] F:\10-2_xp32_dd.exe
[26/03/2008 11:48|--a------|3316498] F:\05 Colorblind.wma
[19/03/2006 11:16|---------|138] F:\SFA3.cue
[22/03/2010 23:42|---------|6176] F:\PCSX2 0.9.1, Bios and Plugins.torrent
[05/10/2007 05:11|--a------|1704869425] F:\[PSOne][PSX][PS1] Final Fantasy IX ou 9 - PAL FR - [LES 4 CD PAR MYTOO].rar
[12/06/2008 16:24|--a------|15341] F:\AR-1213280662859.pdf
[27/04/2009 11:11|--a------|80] F:\logiciels
[12/06/2008 16:25|--a------|15341] F:\d'claration impots 2007 segueg sofia
[24/03/2008 19:11|--a------|1583562] F:\08 Edward Meets the World- Eitquette Lesson.wma
[25/04/2008 13:10|--a------|4254454] F:\04 Solsbury Hill.wma
[28/03/2008 17:47|--a------|224829] F:\Java Pour les nuls.pdf
[07/03/2006 14:22|--a------|1776] F:\essai txt.txt
[06/04/2010 17:03|---------|13888] F:\The Myth Of Male Power.torrent
[30/03/2008 11:29|--a------|6680908] F:\06 Hallelujah.wma
[02/06/2009 18:49|--a------|3568] F:\souvenirs difficiles.doc
[30/03/2008 11:50|--a------|5521284] F:\01 Mojo Pin.wma
[30/03/2008 11:50|--a------|4457838] F:\03 Last Goodbye.wma
[30/03/2008 11:50|--a------|4565426] F:\05 So Real.wma
[30/03/2008 11:50|--a------|6513618] F:\07 Lover, You Should've Come Over.wma
[30/03/2008 22:16|--a------|3609330] F:\09 Somebody to Love.wma
[03/04/2008 13:20|--a------|4695608] F:\Desree - Kissing you (Romeo and Juliette Soundtrack)@.mp3
[04/04/2008 10:51|--a------|4762486] F:\Le bal des lazes.wma
[05/04/2008 11:29|--a------|1308872] F:\05 [Untranslated].wma
[05/04/2008 11:29|--a------|639560] F:\20 [Untranslated].wma
[05/04/2008 11:29|--a------|830792] F:\24 [Untranslated].wma
[05/04/2008 11:30|--a------|645536] F:\28 [Untranslated].wma
[05/04/2008 11:30|--a------|2247144] F:\30 [Untranslated] [Milennium Version].wma
[05/04/2008 11:30|--a------|2091236] F:\06 Piste 6.wma
[05/04/2008 11:30|--a------|3059348] F:\07 Piste 7.wma
[05/04/2008 11:30|--a------|2503580] F:\09 Piste 9.wma
[05/04/2008 11:30|--a------|1457780] F:\17 Piste 17.wma
[05/04/2008 11:30|--a------|1995620] F:\21 Piste 21.wma
[05/04/2008 11:30|--a------|3214724] F:\25 Piste 25.wma
[11/04/2008 10:46|--a------|4116946] F:\01 Here with Me.wma
[11/04/2008 10:46|--a------|3531578] F:\06 Thank You.wma
[13/04/2008 10:45|--a------|3465636] F:\01 Runaway.wma
[13/04/2008 10:45|--a------|3794688] F:\04 When I Think of You.wma
[12/06/2008 16:25|--a------|15341] F:\AR-1213280722203.pdf
[17/05/2008 15:07|--a------|3728072] F:\Leonard Cohen - Hallelujah (Live).mp3
[04/05/2008 11:43|--a------|4256195] F:\Leonard Cohen - I'm Your Man.mp3
[16/05/2008 18:41|--a------|4478976] F:\Leonard Cohen - Hallelujah.mp3
[30/09/2007 16:19|--a------|149] F:\msg univ.txt
[16/05/2008 11:33|--a------|161] F:\Log ... r'cup.txt
[12/06/2008 16:26|--a------|15341] F:\AR-1213280785656.pdf
[13/04/2009 01:28|--a------|13774] F:\pens'es.odt
[21/05/2008 19:38|--a------|8785] F:\l'amour, c'est.rtf
[16/06/2009 01:55|--a------|4315055] F:\220-daybreak.mp3
[16/05/2008 14:51|--a------|154827] F:\bookmarks.html
[08/11/2008 03:08|--a------|65536] F:\beau message.doc
[26/11/2008 01:50|--a------|6113439] F:\pci_filerecovery.exe
[22/11/2008 16:51|--a------|729311232] F:\The.Dark.Knight.FRENCH.DVDRiP.REPACK.1CD.XViD.ITOMA.by share.avi
[20/08/2008 00:10|--a------|81948412] F:\10x22 Les Gros QI.dpg
[02/12/2008 12:11|--a------|65024] F:\Developpement.doc
[18/04/2009 22:18|--a------|254679] F:\JohnZerzan-Futur-primitif.pdf
[20/08/2008 00:02|--a------|84634684] F:\10x23 Le Pire Du Soleil-Levant.dpg
[09/12/2008 20:48|--a------|65536] F:\lettre bourse universit'.doc
[13/01/2009 11:21|--a------|93138944] F:\EFT en FRANCAIS RECETTE DE BASE 1.mpg
[20/04/2009 14:16|--a------|14953662] F:\show_301492.mp3
[08/04/2009 22:45|--a------|34816] F:\CV - Sh'h'razade (2008).doc
[29/09/2008 21:40|--a------|30720] F:\Event of the day traduction.doc
[26/06/2008 10:59|--a------|9882] F:\lettre de motivation universit'.odt
[24/11/2008 12:16|--a------|67072] F:\Lettre pour le logement.doc
[27/04/2009 11:23|--a------|56619] F:\Bookmarks 2009-04-27.json
[10/07/2008 14:39|--a------|5570186] F:\Haydn - Clarinet Concerto in B Flat - 3 - Rondo.mp3
[19/05/2009 20:19|--a------|44032] F:\carnet d'entrainement m'thode lafay.doc
[08/05/2009 11:25|--a------|26624] F:\pens'es.doc
[20/11/2008 02:03|--a------|64512] F:\Voyage en Irlande.doc
[23/06/2009 21:38|--a------|40268] F:\4832_133740560280_605200280_3415117_741753_n.jpg
[23/06/2009 22:51|--a------|460756] F:\GangstR_rs1.rar
[27/01/2010 13:26|--a------|705200128] F:\Leaving Las Vegas.AVI
[27/01/2010 17:12|---------|15606] F:\Leaving Las Vegas (Soundtrack).torrent
[28/01/2010 00:42|--a------|367906816] F:\Au Dela Du R'el - S07E04 - Les MSres Porteuses.avi
[28/01/2010 00:13|--a------|365565952] F:\Au Dela Du R'el - S07E03 - Une Nouvelle Vie.avi
[28/01/2010 01:31|--a------|367859712] F:\Au Dela Du R'el - S07E05 - La Navette.avi
[05/04/2010 19:20|---------|98736] F:\David DeAngelo - Interviews with Dating Gurus.torrent
[02/03/2010 15:42|--a------|848412] H:\240399-The-Futures-Toolkit-on-how-to-program-and-interface-humans.pdf
[30/12/2009 12:24|--a------|2638769] H:\3ToDePlaisirBySozay.rar
[30/10/2009 20:41|--a------|40268] H:\4832_133740560280_605200280_3415117_741753_n.jpg
[03/03/2010 19:43|--a------|14018] H:\Affiche.pdf
[08/06/2009 18:10|--a------|7640] H:\anpe.odt
[28/12/2009 13:26|--a------|8178] H:\Attestation.pdf
[06/04/2010 18:16|--a------|16529] H:\Au fil de mes lectures.odt
[08/04/2010 03:44|--a------|59464] H:\bookmarks-2010-04-08.json
[03/02/2010 02:43|--a------|86181] H:\chi-start.PDF
[06/10/2009 23:23|--a------|9671] H:\comp'tence.odt
[13/03/2010 16:45|--a------|5688298] H:\Copie de The Power of Your Other Hand - A Course in Channeling the Inner Wisdom of the Right Brain.pdf
[07/10/2009 12:21|--a------|9636] H:\cvmissionlocale.zip
[18/03/2010 02:39|--a------|11588] H:\Films ... voir.odt
[13/03/2010 04:18|--a------|10864] H:\Films ... voir1.odt
[11/12/2009 15:52|--a------|94720] H:\Formation d'veloppeurs de sites WEB.doc
[08/12/2009 20:09|--a------|39424] H:\Jounal Muscu et prise de masse.doc
[04/04/2010 19:02|--a------|29696] H:\journal.doc
[24/09/2009 22:26|--a------|117840223] H:\la bio-energie sign'.pdf
[26/11/2009 17:39|--a------|9216] H:\lecture.doc
[08/11/2009 18:18|--a------|12288] H:\letres taxe d'habitation.doc
[07/04/2010 00:57|--a------|13824] H:\lettre de motivation1.doc
[18/11/2009 19:09|--a------|14336] H:\lettre motivation.doc
[09/11/2009 13:39|--a------|25088] H:\Lettre_motivation_Tahir_Belkadi.doc
[18/11/2009 18:55|--a------|49152] H:\list prat 75.xls
[24/01/2010 03:47|--a------|8746] H:\Livres ... Lire.odt
[24/01/2010 03:47|--a------|8746] H:\Livres ... Lire1.odt
[25/11/2009 17:07|--a------|167936] H:\Livret 2 - Mlle Segueg Sh'h'razade.doc
[08/04/2010 10:35|--a------|3231721] H:\motherboard_driver_lan_realtek_8111.exe
[28/09/2009 17:16|--a------|37094] H:\n530726614.jpg
[21/12/2009 15:39|--a------|215210] H:\Nessie v1.02.exe
[09/04/2010 00:11|--a------|644409] H:\pdf-o-matic.pdf
[06/04/2010 20:46|--a------|13312] H:\plan d'action.doc
[18/01/2000 13:27|--a------|262160] H:\Punch-Out!!.nes
[06/01/2010 19:29|--a------|14336] H:\Seduction.doc
[18/11/2009 19:16|--a------|24576] H:\Tahir BELKADI dev web.doc
[17/03/2010 19:54|--a------|24576] H:\Tahir BELKADI.doc
[13/03/2010 16:45|--a------|5688298] H:\The Power of Your Other Hand - A Course in Channeling the Inner Wisdom of the Right Brain.pdf
[20/11/2009 22:49|--a------|10752] H:\tirage rune.doc
[06/10/2009 12:54|--a------|179587] H:\Unidialog_5129816M_1254826488285.pdf
[06/11/2009 17:56|--a------|187144] H:\Unidialog_5129816M_1257522951515.pdf
[28/11/2009 18:33|--a------|187152] H:\Unidialog_5129816M_1259425856308.pdf
[04/01/2010 00:08|--a------|187150] H:\Unidialog_5129816M_1262556470541.pdf
[03/02/2010 18:31|--a------|187148] H:\Unidialog_5129816M_1265214638946.pdf
[01/03/2010 01:48|--a------|187138] H:\Unidialog_5129816M_1267400910044.pdf
[30/03/2010 18:53|--a------|179536] H:\Unidialog_5129816M_1269968005724.pdf
[05/02/2010 16:22|--a------|28477314] H:\video.mp4
[06/07/2008 23:31|--a------|22956] H:\wjbutton_en.xpi
[09/04/2010 12:28|--a------|1217] U:\BOOT.INI
[14/04/2008 14:00|--a------|4952] U:\BOOTFONT.BIN
[31/03/2009 21:20|--a------|2048] U:\default
[31/03/2009 21:20|--a------|217769] U:\grldr
[09/04/2010 12:20|--a------|2212] U:\menu.lst
[14/04/2008 14:00|--a------|47564] U:\NTDETECT.COM
[14/04/2008 14:00|--a------|252240] U:\NTLDR
[12/05/2007 03:03|--a------|633] U:\README.txt
[25/10/2007 23:17|--ah-----|51200] U:\RUNDLL32 .EXE
[25/10/2007 23:17|--ah-----|51200] U:\SPOOLSV.EXE
[09/04/2010 15:47|--a------|2213888] U:\stinger.exe
[09/04/2010 15:47|--a------|4853248] U:\stinger1010815.exe
[09/04/2010 15:48|--a------|8000000] U:\stinger1010838.exe
[09/04/2010 12:28|--a------|430477] U:\TXTSETUP.SIF
[14/04/2008 14:00|--a------|10] U:\WIN51
[14/04/2008 14:00|--a------|10] U:\WIN51IP
[14/04/2008 14:00|--a------|10] U:\WIN51IP.SP3
[31/03/2009 21:20|--a------|2048] U:\windefault
[09/04/2010 12:20|--a------|304] U:\winsetup.lst
################## | Vaccination |
# C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# D:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# E:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# F:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# G:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# H:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# U:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
################## | Upload |
Veuillez envoyer le fichier : D:\UsbFix_Upload_Me_TAHIR-E69ED44F5.zip : https://www.ionos.fr/?affiliate_id=77097
Merci pour votre contribution .
################## | ! Fin du rapport # UsbFix V6.101 ! |
Utilisateur anonyme
9 avril 2010 à 19:32
9 avril 2010 à 19:32
Télécharge OTL de OLDTimer
▶ enregistre le sur ton Bureau.
▶ Double clic ( pour vista / 7 => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.
▶ Coche les 2 cases Lop et Purity
▶ Coche la case devant scan all users
▶ règle-le sur "60 Days"
▶ dans la moitié gauche , mets tout sur "all"
ne modifie pas ceci :
"files created whithin" et "files modified whithin"
▶Clic sur Run Scan.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)
▶▶▶ NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier ci-dessus.
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
▶▶ Tu feras la meme chose avec le "Extra.txt" qui logiquement sera aussi sur ton bureau.
▶ enregistre le sur ton Bureau.
▶ Double clic ( pour vista / 7 => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.
▶ Coche les 2 cases Lop et Purity
▶ Coche la case devant scan all users
▶ règle-le sur "60 Days"
▶ dans la moitié gauche , mets tout sur "all"
ne modifie pas ceci :
"files created whithin" et "files modified whithin"
▶Clic sur Run Scan.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)
▶▶▶ NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier ci-dessus.
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
▶▶ Tu feras la meme chose avec le "Extra.txt" qui logiquement sera aussi sur ton bureau.
Utilisateur anonyme
9 avril 2010 à 19:42
9 avril 2010 à 19:42
DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)
▶ Télécharge List_Kill'em et enregistre le sur ton bureau
double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation
une fois terminée , clic sur "terminer" et le programme se lancera seul
choisis l'option Search
un icone blanc et noir va s'afficher sur le bureau , il te servira à relancer le programme par la suite.
un autre rouge et noir te servira a desinstaller le prog a la fin de la desinfection.
▶ laisse travailler l'outil
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.
un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , , il s'auto supprimera a la fin du scan
▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
▶ Télécharge List_Kill'em et enregistre le sur ton bureau
double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation
une fois terminée , clic sur "terminer" et le programme se lancera seul
choisis l'option Search
un icone blanc et noir va s'afficher sur le bureau , il te servira à relancer le programme par la suite.
un autre rouge et noir te servira a desinstaller le prog a la fin de la desinfection.
▶ laisse travailler l'outil
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.
un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , , il s'auto supprimera a la fin du scan
▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
Rapport:
List'em by g3n-h@ckm@n 1.7.0.4
User : Administrateur (Administrateurs)
Update on 09/04/2010 by g3n-h@ckm@n ::::: 15.30
Start at: 19:48:00 | 09/04/2010
Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Disabled
AV : Kaspersky Anti-Virus 9.0.0.736 [ (!) Disabled | Updated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
B:\ -> Lecteur de disquettes 3 ½ pouces | 1,39 Mo (0,92 Mo free) | FAT
C:\ -> Disque fixe local | 19,53 Go (19,41 Go free) [Disque local] | NTFS
D:\ -> Disque fixe local | 24,41 Go (20,11 Go free) | NTFS
E:\ -> Disque fixe local | 232,88 Go (60,75 Go free) [Série Film Dev Perso] | NTFS
F:\ -> Disque fixe local | 17,73 Go (2,78 Go free) [DONNÉES] | FAT32
G:\ -> Disque fixe local | 308,08 Go (84,69 Go free) [Film] | NTFS
H:\ -> Disque fixe local | 263,68 Go (27,36 Go free) [Série, Dev Perso] | NTFS
U:\ -> Disque amovible | 1,93 Go (1,35 Go free) [USB DISK] | NTFS
Boot: Normal
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\PereSvc.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\TEMP\VRT3.tmp
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\fonts\services.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\List_Kill'em\List_Kill'em.exe
D:\WINDOWS\system32\cmd.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\Program Files\List_Kill'em\pv.exe
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE REG_SZ D:\WINDOWS\system32\ctfmon.exe
MSMSGS REG_SZ "D:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ATIModeChange REG_SZ Ati2mdxx.exe
StartCCC REG_SZ "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
RTHDCPL REG_SZ RTHDCPL.EXE
fzwkht REG_SZ RUNDLL32.EXE D:\WINDOWS\system32\msuqddft.dll,w
syncman REG_SZ d:\windows\system32\wuaucldt.exe
AVP REG_SZ "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
aholbs REG_SZ RUNDLL32.EXE D:\WINDOWS\system32\msepdlkp.dll,w
Regedit32 REG_SZ D:\WINDOWS\system32\regedit.exe
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 255 (0xff)
NoDriveAutoRun REG_DWORD 255 (0xff)
HonorAutoRunSetting REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveAutoRun REG_DWORD 255 (0xff)
NoDriveTypeAutoRun REG_DWORD 255 (0xff)
HonorAutoRunSetting REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ D:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultDomainName REG_SZ TAHIR-E69ED44F5
DefaultUserName REG_SZ Administrateur
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ D:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 1 (0x1)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 1 (0x1)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 0 (0x0)
AltDefaultUserName REG_SZ Administrateur
AltDefaultDomainName REG_SZ TAHIR-E69ED44F5
===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\klogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
===============
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
\??\D:\WINDOWS\system32\winlogon.exe REG_SZ \??\D:\WINDOWS\system32\winlogon.exe:*:enabled:@shell32.dll,-1
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
D:\WINDOWS\fonts\services.exe REG_SZ D:\WINDOWS\fonts\services.exe:*:Enabled:services.exe
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
===============
ActivX controls
===============
===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
===
DNS
===
HKLM\SYSTEM\CCS\Services\Tcpip\..\{48D52FED-99CE-4EC3-8CD9-BE6D35391320}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\..\{48D52FED-99CE-4EC3-8CD9-BE6D35391320}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS2\Services\Tcpip\..\{48D52FED-99CE-4EC3-8CD9-BE6D35391320}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr
Local Page REG_SZ D:\WINDOWS\system32\blank.htm
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Local Page REG_SZ D:\WINDOWS\system32\blank.htm
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
=========
Atapi.sys
=========
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: D:\Program Files\List_Kill'em
## D:\> hashdeep.exe D:\WINDOWS\system32\drivers\atapi.sys
##
96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,D:\WINDOWS\system32\drivers\atapi.sys
Référence :
==========
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e
=======
Drive :
=======
D'fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.
Rapport d'analyse
24,41 Go total, 20,11 Go libre (82%), 10% fragment' (fragmentation du fichier 20%)
Il ne vous est pas n'cessaire de d'fragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Present !! : D:\WINDOWS\fonts\services.exe
Present !! : D:\WINDOWS\System32\???,????.exe
Present !! : D:\WINDOWS\System32\????,???.exe
Present !! : D:\WINDOWS\System32\FInstall.sys
Present !! : D:\Documents and Settings\Administrateur\LOCAL Settings\Temp\FP_PL_PFS_INSTALLER.exe
Present !! : D:\Documents and Settings\Administrateur\LOCAL Settings\Temp\Perflib_Perfdata_1248.dat
Present !! : D:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp92.tmp
Present !! : D:\Documents and Settings\Administrateur\oashdihasidhasuidhiasdhiashdiuasdhasd
Present !! : D:\Documents and Settings\Administrateur\wuaucldt.exe
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Regedit32
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\syncman
Present !! : HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman
Present !! : HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Present !! : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDORSYS
============
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-09 19:56:38
Windows 5.1.2600 Service Pack 3 FAT NTAPI
detected NTDLL code modification:
ZwOpenFile
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
AntiVirusOverride REG_DWORD 0 (0x0)
FirewallOverride REG_DWORD 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 19:56:39,89
List'em by g3n-h@ckm@n 1.7.0.4
User : Administrateur (Administrateurs)
Update on 09/04/2010 by g3n-h@ckm@n ::::: 15.30
Start at: 19:48:00 | 09/04/2010
Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Disabled
AV : Kaspersky Anti-Virus 9.0.0.736 [ (!) Disabled | Updated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
B:\ -> Lecteur de disquettes 3 ½ pouces | 1,39 Mo (0,92 Mo free) | FAT
C:\ -> Disque fixe local | 19,53 Go (19,41 Go free) [Disque local] | NTFS
D:\ -> Disque fixe local | 24,41 Go (20,11 Go free) | NTFS
E:\ -> Disque fixe local | 232,88 Go (60,75 Go free) [Série Film Dev Perso] | NTFS
F:\ -> Disque fixe local | 17,73 Go (2,78 Go free) [DONNÉES] | FAT32
G:\ -> Disque fixe local | 308,08 Go (84,69 Go free) [Film] | NTFS
H:\ -> Disque fixe local | 263,68 Go (27,36 Go free) [Série, Dev Perso] | NTFS
U:\ -> Disque amovible | 1,93 Go (1,35 Go free) [USB DISK] | NTFS
Boot: Normal
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\PereSvc.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\TEMP\VRT3.tmp
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\fonts\services.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\List_Kill'em\List_Kill'em.exe
D:\WINDOWS\system32\cmd.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\Program Files\List_Kill'em\pv.exe
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE REG_SZ D:\WINDOWS\system32\ctfmon.exe
MSMSGS REG_SZ "D:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ATIModeChange REG_SZ Ati2mdxx.exe
StartCCC REG_SZ "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
RTHDCPL REG_SZ RTHDCPL.EXE
fzwkht REG_SZ RUNDLL32.EXE D:\WINDOWS\system32\msuqddft.dll,w
syncman REG_SZ d:\windows\system32\wuaucldt.exe
AVP REG_SZ "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
aholbs REG_SZ RUNDLL32.EXE D:\WINDOWS\system32\msepdlkp.dll,w
Regedit32 REG_SZ D:\WINDOWS\system32\regedit.exe
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 255 (0xff)
NoDriveAutoRun REG_DWORD 255 (0xff)
HonorAutoRunSetting REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveAutoRun REG_DWORD 255 (0xff)
NoDriveTypeAutoRun REG_DWORD 255 (0xff)
HonorAutoRunSetting REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ D:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultDomainName REG_SZ TAHIR-E69ED44F5
DefaultUserName REG_SZ Administrateur
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ D:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 1 (0x1)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 1 (0x1)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 0 (0x0)
AltDefaultUserName REG_SZ Administrateur
AltDefaultDomainName REG_SZ TAHIR-E69ED44F5
===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\klogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
===============
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
\??\D:\WINDOWS\system32\winlogon.exe REG_SZ \??\D:\WINDOWS\system32\winlogon.exe:*:enabled:@shell32.dll,-1
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
D:\WINDOWS\fonts\services.exe REG_SZ D:\WINDOWS\fonts\services.exe:*:Enabled:services.exe
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
===============
ActivX controls
===============
===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
===
DNS
===
HKLM\SYSTEM\CCS\Services\Tcpip\..\{48D52FED-99CE-4EC3-8CD9-BE6D35391320}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\..\{48D52FED-99CE-4EC3-8CD9-BE6D35391320}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS2\Services\Tcpip\..\{48D52FED-99CE-4EC3-8CD9-BE6D35391320}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr
Local Page REG_SZ D:\WINDOWS\system32\blank.htm
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Local Page REG_SZ D:\WINDOWS\system32\blank.htm
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
=========
Atapi.sys
=========
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: D:\Program Files\List_Kill'em
## D:\> hashdeep.exe D:\WINDOWS\system32\drivers\atapi.sys
##
96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,D:\WINDOWS\system32\drivers\atapi.sys
Référence :
==========
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e
=======
Drive :
=======
D'fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.
Rapport d'analyse
24,41 Go total, 20,11 Go libre (82%), 10% fragment' (fragmentation du fichier 20%)
Il ne vous est pas n'cessaire de d'fragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Present !! : D:\WINDOWS\fonts\services.exe
Present !! : D:\WINDOWS\System32\???,????.exe
Present !! : D:\WINDOWS\System32\????,???.exe
Present !! : D:\WINDOWS\System32\FInstall.sys
Present !! : D:\Documents and Settings\Administrateur\LOCAL Settings\Temp\FP_PL_PFS_INSTALLER.exe
Present !! : D:\Documents and Settings\Administrateur\LOCAL Settings\Temp\Perflib_Perfdata_1248.dat
Present !! : D:\Documents and Settings\Administrateur\LOCAL Settings\Temp\tmp92.tmp
Present !! : D:\Documents and Settings\Administrateur\oashdihasidhasuidhiasdhiashdiuasdhasd
Present !! : D:\Documents and Settings\Administrateur\wuaucldt.exe
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Regedit32
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\syncman
Present !! : HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman
Present !! : HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Present !! : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDORSYS
============
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-09 19:56:38
Windows 5.1.2600 Service Pack 3 FAT NTAPI
detected NTDLL code modification:
ZwOpenFile
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
AntiVirusOverride REG_DWORD 0 (0x0)
FirewallOverride REG_DWORD 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 19:56:39,89
Utilisateur anonyme
9 avril 2010 à 20:12
9 avril 2010 à 20:12
▶ Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'Option Clean
ton PC va redemarrer,
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
▶ colle le contenu dans ta reponse
mais cette fois-ci :
▶ choisis l'Option Clean
ton PC va redemarrer,
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
▶ colle le contenu dans ta reponse
Bon je reviens de quelques heures de galères car après avoir lancer list_kill'em et redémarrer j'ai pas pas accéder à windows car un compte admin est apparue et lorsque je voulais me connecter à la session, il se déconnectait automatiquement, j'ai donc du reformater et réinstaller windows
J'ai réussi à lancer List_Kill'em option clean, voilà le rapport:
Kill'em by g3n-h@ckm@n 1.7.0.4
User : Administrateur (Administrateurs)
Update on 09/04/2010 by g3n-h@ckm@n ::::: 15.30
Start at: 23:55:29 | 09/04/2010
Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Disabled
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 24,41 Go (20,73 Go free) | NTFS
D:\ -> Disque fixe local | 19,53 Go (19,41 Go free) [Disque local] | NTFS
E:\ -> Disque fixe local | 232,88 Go (60,74 Go free) [Série Film Dev Perso] | NTFS
F:\ -> Disque fixe local | 308,08 Go (85,37 Go free) [Film] | NTFS
G:\ -> Disque fixe local | 263,68 Go (27,36 Go free) [Série, Dev Perso] | NTFS
H:\ -> Disque fixe local | 17,73 Go (2,78 Go free) [DONNÉES] | FAT32
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\PereSvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\List_Kill'em\ERUNT.EXE
C:\Program Files\List_Kill'em\pv.exe
Detections :
==========
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\WINDOWS\fonts\services.exe
Quarantined & Deleted !! : C:\WINDOWS\System32\2598,688.exe
Quarantined & Deleted !! : C:\WINDOWS\System32\6727,061.exe
Quarantined & Deleted !! : C:\WINDOWS\System32\w.exe
Quarantined & Deleted !! : C:\WINDOWS\System32\FInstall.sys
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\FP_PL_PFS_INSTALLER.exe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\oashdihasidhasuidhiasdhiashdiuasdhasd
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\wuaucldt.exe
==============
host file OK !
==============
========
Registry
========
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Regedit32
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\syncman
Deleted : HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman
Deleted : HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman
Deleted : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\exec
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Deleted : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDORSYS
=================
Internet Explorer
=================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.com/?gws_rd=ssl
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
===============
Security Center
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
AntiVirusOverride REG_DWORD 1 (0x1)
FirewallOverride REG_DWORD 1 (0x1)
========
Services
=========
Ndisuio : Start = 3
EapHost : Start = 2
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2
============
Disk Cleaned
============
=================
anti-ver blaster : OK !!
=================
================
Prefetch cleaned
================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Kill'em by g3n-h@ckm@n 1.7.0.4
User : Administrateur (Administrateurs)
Update on 09/04/2010 by g3n-h@ckm@n ::::: 15.30
Start at: 23:55:29 | 09/04/2010
Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Disabled
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 24,41 Go (20,73 Go free) | NTFS
D:\ -> Disque fixe local | 19,53 Go (19,41 Go free) [Disque local] | NTFS
E:\ -> Disque fixe local | 232,88 Go (60,74 Go free) [Série Film Dev Perso] | NTFS
F:\ -> Disque fixe local | 308,08 Go (85,37 Go free) [Film] | NTFS
G:\ -> Disque fixe local | 263,68 Go (27,36 Go free) [Série, Dev Perso] | NTFS
H:\ -> Disque fixe local | 17,73 Go (2,78 Go free) [DONNÉES] | FAT32
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\PereSvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\List_Kill'em\ERUNT.EXE
C:\Program Files\List_Kill'em\pv.exe
Detections :
==========
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\WINDOWS\fonts\services.exe
Quarantined & Deleted !! : C:\WINDOWS\System32\2598,688.exe
Quarantined & Deleted !! : C:\WINDOWS\System32\6727,061.exe
Quarantined & Deleted !! : C:\WINDOWS\System32\w.exe
Quarantined & Deleted !! : C:\WINDOWS\System32\FInstall.sys
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\FP_PL_PFS_INSTALLER.exe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\oashdihasidhasuidhiasdhiashdiuasdhasd
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\wuaucldt.exe
==============
host file OK !
==============
========
Registry
========
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Regedit32
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\syncman
Deleted : HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman
Deleted : HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman
Deleted : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\exec
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Deleted : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDORSYS
=================
Internet Explorer
=================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.com/?gws_rd=ssl
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
===============
Security Center
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
AntiVirusOverride REG_DWORD 1 (0x1)
FirewallOverride REG_DWORD 1 (0x1)
========
Services
=========
Ndisuio : Start = 3
EapHost : Start = 2
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2
============
Disk Cleaned
============
=================
anti-ver blaster : OK !!
=================
================
Prefetch cleaned
================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Utilisateur anonyme
10 avril 2010 à 00:31
10 avril 2010 à 00:31
▶ Télécharge ZHPDiag (de Nicolas Coolman)
ou :ZHPDiag
▶ Enregistre le sur ton Bureau.
Une fois le téléchargement achevé,
▶ lance ZHPDiag.exe et clique sur Unzip dans la fenêtre qui s'ouvre.
▶ Clique sur le tournevis puis sur Tous pour cocher toutes les cases des options.
▶ Clique sur la loupe pour lancer l'analyse.
A la fin de l'analyse,
▶ clique sur l'appareil photo et enregistre le rapport sur ton Bureau.
Pour me le transmettre clique sur ce lien :
http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier C:\Documents and settings\le_nom_de_ta_session\.ZHPDiag.txt
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cj200905/cib7SU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
ou :ZHPDiag
▶ Enregistre le sur ton Bureau.
Une fois le téléchargement achevé,
▶ lance ZHPDiag.exe et clique sur Unzip dans la fenêtre qui s'ouvre.
▶ Clique sur le tournevis puis sur Tous pour cocher toutes les cases des options.
▶ Clique sur la loupe pour lancer l'analyse.
A la fin de l'analyse,
▶ clique sur l'appareil photo et enregistre le rapport sur ton Bureau.
Pour me le transmettre clique sur ce lien :
http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier C:\Documents and settings\le_nom_de_ta_session\.ZHPDiag.txt
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cj200905/cib7SU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
Lorsque je lance l'analyse j'ai un soucis: SetAcl2 a rencontré un problème et doit fermer. Ensuite le processus se bloque; impossible de continuer!
Utilisateur anonyme
10 avril 2010 à 00:50
10 avril 2010 à 00:50
relance List_Kill'em et fais l'option "More Informations" puis poste le contenu de C:\More.txt
========== More informations ==========
====
DLLs
====
------------------------------------------------------------------------------
explorer.exe pid: 1816
Command line: C:\WINDOWS\Explorer.EXE
Base Size Version Path
0x01000000 0x107000 6.00.2900.5512 C:\WINDOWS\Explorer.EXE
0x7c910000 0xb6000 5.01.2600.5512 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x106000 5.01.2600.5512 C:\WINDOWS\system32\kernel32.dll
0x77da0000 0xac000 5.01.2600.5512 C:\WINDOWS\system32\ADVAPI32.dll
0x77e50000 0x92000 5.01.2600.5512 C:\WINDOWS\system32\RPCRT4.dll
0x77fc0000 0x11000 5.01.2600.5512 C:\WINDOWS\system32\Secur32.dll
0x75f10000 0xfd000 6.00.2900.5512 C:\WINDOWS\system32\BROWSEUI.dll
0x77ef0000 0x49000 5.01.2600.5512 C:\WINDOWS\system32\GDI32.dll
0x7e390000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x774a0000 0x13d000 5.01.2600.5512 C:\WINDOWS\system32\ole32.dll
0x77f40000 0x76000 6.00.2900.5512 C:\WINDOWS\system32\SHLWAPI.dll
0x770e0000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x7e210000 0x171000 6.00.2900.5512 C:\WINDOWS\system32\SHDOCVW.dll
0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll
0x77a80000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\MSASN1.dll
0x76610000 0x84000 5.131.2600.5512 C:\WINDOWS\system32\CRYPTUI.dll
0x6fee0000 0x55000 5.01.2600.5512 C:\WINDOWS\system32\NETAPI32.dll
0x77bd0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x771b0000 0xce000 7.00.5730.0013 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x5dca0000 0x45000 7.00.5730.0013 C:\WINDOWS\system32\iertutil.dll
0x76be0000 0x2e000 5.131.2600.5512 C:\WINDOWS\system32\WINTRUST.dll
0x76c40000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\IMAGEHLP.dll
0x76f10000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\WLDAP32.dll
0x7c9d0000 0x825000 6.00.2900.5512 C:\WINDOWS\system32\SHELL32.dll
0x5b090000 0x38000 6.00.2900.5512 C:\WINDOWS\system32\UxTheme.dll
0x5cea0000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x595b0000 0x1ca000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcGenral.DLL
0x76ae0000 0x2f000 5.01.2600.5512 C:\WINDOWS\system32\WINMM.dll
0x77bb0000 0x15000 5.01.2600.5512 C:\WINDOWS\system32\MSACM32.dll
0x76960000 0xb6000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x76320000 0x1d000 5.01.2600.5512 C:\WINDOWS\system32\IMM32.DLL
0x77390000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
0x75140000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x77b50000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\appHelp.dll
0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
0x765b0000 0x56000 5.01.2600.5512 C:\WINDOWS\System32\cscui.dll
0x76590000 0x1d000 5.01.2600.5512 C:\WINDOWS\System32\CSCDLL.dll
0x5b950000 0x73000 6.00.2900.5512 C:\WINDOWS\system32\themeui.dll
0x76310000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\MSIMG32.dll
0x01110000 0x2da000 5.01.2600.5512 C:\WINDOWS\system32\xpsp2res.dll
0x61410000 0x124000 7.00.5730.0013 C:\WINDOWS\system32\urlmon.dll
0x10000000 0x5000 C:\Documents and Settings\LocalService\Local Settings\Application Data\Windows Server\ndrwnu.dll
0x01430000 0x5c9000 7.00.5730.0013 C:\WINDOWS\system32\ieframe.dll
0x76ba0000 0xb000 5.01.2600.5512 C:\WINDOWS\system32\PSAPI.DLL
0x5ffb0000 0x33000 5.01.2600.5512 C:\WINDOWS\system32\msutb.dll
0x74690000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x71b50000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\SAMLIB.dll
0x01c60000 0xa000 C:\WINDOWS\system32\msepdlkp.dll
0x778e0000 0xf8000 5.01.2600.5512 C:\WINDOWS\system32\SETUPAPI.dll
0x76920000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\LINKINFO.dll
0x76930000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ntshrui.dll
0x76ac0000 0x11000 3.05.2284.0001 C:\WINDOWS\system32\ATL.DLL
0x76390000 0x1a9000 5.01.2600.5512 C:\WINDOWS\system32\NETSHELL.dll
0x76bb0000 0x2f000 5.01.2600.5512 C:\WINDOWS\system32\credui.dll
0x5b660000 0xa000 5.01.2600.5512 C:\WINDOWS\system32\dot3api.dll
0x76e30000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\rtutils.dll
0x72640000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\dot3dlg.dll
0x73990000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\OneX.DLL
0x76f00000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\WTSAPI32.dll
0x762f0000 0x10000 5.01.2600.5512 C:\WINDOWS\system32\WINSTA.dll
0x6da60000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\eappcfg.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x200e0000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\eappprxy.dll
0x76d10000 0x19000 5.01.2600.5512 C:\WINDOWS\system32\iphlpapi.dll
0x719f0000 0x17000 5.01.2600.5512 C:\WINDOWS\system32\WS2_32.dll
0x719e0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\WS2HELP.dll
0x74b30000 0x3b000 7.00.5730.0013 C:\WINDOWS\system32\webcheck.dll
0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\wpdshserviceobj.dll
0x4d5e0000 0x59000 5.01.2600.5512 C:\WINDOWS\system32\WINHTTP.dll
0x72380000 0x1a000 6.00.2900.5512 C:\WINDOWS\system32\mydocs.dll
0x76540000 0x21000 5.01.2600.5512 C:\WINDOWS\system32\stobject.dll
0x74a60000 0xa000 6.00.2900.5512 C:\WINDOWS\system32\BatMeter.dll
0x74a40000 0x8000 6.00.2900.5512 C:\WINDOWS\system32\POWRPROF.dll
0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\portabledevicetypes.dll
0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\portabledeviceapi.dll
0x72c70000 0x9000 5.01.2600.5512 C:\WINDOWS\system32\wdmaud.drv
0x72c60000 0x8000 5.01.2600.0000 C:\WINDOWS\system32\msacm32.drv
0x77ba0000 0x7000 5.01.2600.5512 C:\WINDOWS\system32\midimap.dll
0x75d30000 0x91000 6.00.2900.5512 C:\WINDOWS\system32\MLANG.dll
0x71a60000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\MPR.dll
0x75ef0000 0x7000 5.01.2600.5512 C:\WINDOWS\System32\drprov.dll
0x71b70000 0xe000 5.01.2600.5512 C:\WINDOWS\System32\ntlanman.dll
0x71c30000 0x17000 5.01.2600.5512 C:\WINDOWS\System32\NETUI0.dll
0x71bf0000 0x40000 5.01.2600.5512 C:\WINDOWS\System32\NETUI1.dll
0x71be0000 0x7000 5.01.2600.5512 C:\WINDOWS\System32\NETRAP.dll
0x75f00000 0xa000 5.01.2600.5512 C:\WINDOWS\System32\davclnt.dll
0x71600000 0x13000 6.00.2900.5512 C:\WINDOWS\system32\browselc.dll
0x6c650000 0x4d000 5.01.2600.5512 C:\WINDOWS\system32\DUSER.dll
0x68000000 0x36000 5.01.2600.5507 C:\WINDOWS\system32\rsaenh.dll
0x03ae0000 0xb0000 6.14.0010.2001 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
0x02a90000 0x3000 6.14.0010.2001 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamfra.dll
0x754c0000 0xaa000 5.01.2600.5512 C:\WINDOWS\system32\RASDLG.dll
0x76cf0000 0x18000 5.01.2600.5512 C:\WINDOWS\system32\MPRAPI.dll
0x77c90000 0x32000 5.01.2600.5512 C:\WINDOWS\system32\ACTIVEDS.dll
0x76dc0000 0x25000 5.01.2600.5512 C:\WINDOWS\system32\adsldpc.dll
0x76e90000 0x3c000 5.01.2600.5512 C:\WINDOWS\system32\RASAPI32.dll
0x76e40000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\rasman.dll
0x76e60000 0x2f000 5.01.2600.5512 C:\WINDOWS\system32\TAPI32.dll
0x77cd0000 0x33000 5.01.2600.5512 C:\WINDOWS\system32\netman.dll
0x72f80000 0x10000 5.01.2600.5512 C:\WINDOWS\system32\WZCSAPI.DLL
0x7db30000 0x8c000 5.01.2600.5512 C:\WINDOWS\system32\WZCSvc.DLL
0x76ce0000 0x4000 5.01.2600.5512 C:\WINDOWS\system32\WMI.dll
0x7d4d0000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\DHCPCSVC.DLL
0x76ed0000 0x27000 5.01.2600.5512 C:\WINDOWS\system32\DNSAPI.dll
0x71780000 0xb000 5.01.2600.5512 C:\WINDOWS\system32\EapolQec.dll
0x5bdf0000 0x16000 5.01.2600.5512 C:\WINDOWS\system32\QUtil.dll
0x6f890000 0x111000 5.01.2600.5512 C:\WINDOWS\system32\ESENT.dll
0x62e40000 0x59000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
0x74e60000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemprox.dll
0x75200000 0x37000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemcomn.dll
0x74e40000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemsvc.dll
0x75610000 0x76000 5.01.2600.5512 C:\WINDOWS\system32\wbem\fastprox.dll
0x76740000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\NTDSAPI.dll
0x75570000 0x9d000 5.01.2600.5512 C:\WINDOWS\system32\netcfgx.dll
0x76d50000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\CLUSAPI.dll
0x77c40000 0x24000 5.01.2600.5512 C:\WINDOWS\system32\msv1_0.dll
0x750c0000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\Cabinet.dll
0x60990000 0x7000 3.01.4001.5512 C:\WINDOWS\system32\MSISIP.DLL
0x7e6a0000 0x16000 5.07.0000.16599 C:\WINDOWS\system32\wshext.dll
No matching processes were found.
=====
Ports
=====
Pid Process Port Proto Path
1532 -> 1028 TCP
1068 -> 135 TCP
4 System -> 139 TCP
0 System -> 38277 TCP
0 System -> 39142 TCP
0 System -> 39266 TCP
0 System -> 39267 TCP
0 System -> 39268 TCP
0 System -> 39269 TCP
0 System -> 39270 TCP
0 System -> 39324 TCP
0 System -> 39489 TCP
0 System -> 40942 TCP
0 System -> 41244 TCP
0 System -> 41255 TCP
0 System -> 41256 TCP
0 System -> 41259 TCP
0 System -> 41260 TCP
0 System -> 41261 TCP
0 System -> 41262 TCP
0 System -> 41275 TCP
0 System -> 41277 TCP
0 System -> 41426 TCP
0 System -> 41466 TCP
0 System -> 41468 TCP
0 System -> 41638 TCP
0 System -> 41780 TCP
0 System -> 41802 TCP
0 System -> 41936 TCP
0 System -> 42083 TCP
0 System -> 42086 TCP
0 System -> 42087 TCP
0 System -> 42088 TCP
0 System -> 42126 TCP
0 System -> 42160 TCP
0 System -> 42168 TCP
0 System -> 42171 TCP
0 System -> 42194 TCP
0 System -> 42200 TCP
0 System -> 42225 TCP
0 System -> 42264 TCP
0 System -> 42345 TCP
0 System -> 42360 TCP
0 System -> 42383 TCP
0 System -> 42447 TCP
4 System -> 445 TCP
7388 firefox -> 42483 TCP C:\Program Files\Mozilla Firefox\firefox.exe
7388 firefox -> 42485 TCP C:\Program Files\Mozilla Firefox\firefox.exe
7388 firefox -> 42486 TCP C:\Program Files\Mozilla Firefox\firefox.exe
7388 firefox -> 42487 TCP C:\Program Files\Mozilla Firefox\firefox.exe
7388 firefox -> 42489 TCP C:\Program Files\Mozilla Firefox\firefox.exe
7388 firefox -> 42490 TCP C:\Program Files\Mozilla Firefox\firefox.exe
7388 firefox -> 6710 TCP C:\Program Files\Mozilla Firefox\firefox.exe
7388 firefox -> 6711 TCP C:\Program Files\Mozilla Firefox\firefox.exe
7388 firefox -> 6798 TCP C:\Program Files\Mozilla Firefox\firefox.exe
7388 firefox -> 6799 TCP C:\Program Files\Mozilla Firefox\firefox.exe
2536 svchost -> 1100 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 12433 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 12778 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 17761 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 31448 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 31505 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 31506 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 31507 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 32623 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 39832 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 4070 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 41207 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 41237 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 41307 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 41446 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 41957 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 41983 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 42006 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 42427 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 42440 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 42470 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 42491 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 42492 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 42494 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 42496 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 42499 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 42500 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 42501 TCP C:\WINDOWS\System32\svchost.exe
196 svchost -> 42502 TCP C:\WINDOWS\system32\svchost.exe
2536 svchost -> 42503 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 42504 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 42505 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 42506 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 42507 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 8770 TCP C:\WINDOWS\System32\svchost.exe
720 winlogon -> 1029 TCP \??\C:\WINDOWS\system32\winlogon.exe
1532 -> 1025 UDP
1068 -> 445 UDP
4 System -> 1049 UDP
4 System -> 500 UDP
7388 firefox -> 1044 UDP C:\Program Files\Mozilla Firefox\firefox.exe
7388 firefox -> 1045 UDP C:\Program Files\Mozilla Firefox\firefox.exe
7388 firefox -> 1047 UDP C:\Program Files\Mozilla Firefox\firefox.exe
7388 firefox -> 1048 UDP C:\Program Files\Mozilla Firefox\firefox.exe
2536 svchost -> 1051 UDP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 1052 UDP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 1098 UDP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 123 UDP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 137 UDP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 138 UDP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 1381 UDP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 1900 UDP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 4500 UDP C:\WINDOWS\System32\svchost.exe
720 winlogon -> 1050 UDP \??\C:\WINDOWS\system32\winlogon.exe
=============
Boot Execute
=============
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
autocheck autochk *
autocheck autochk *
Utilitaire de vérification automatique
Microsoft Corporation
5.01.2600.5512
c:\windows\system32\autochk.exe
b16ccbf66bf41f994d2810cc2299d9d6 (MD5)
1ca550976a0a04527ba38312ffc87b0e083e5f31 (SHA-1)
72a10210863995896fdd1725f072967961ffd41926c099634ff3bc99bbd65b4f (SHA-256)
===================
LSA Security Providers
===================
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders
msapsspc.dll
msapsspc.dll
Client DPA pour plate-forme 32 bit
Microsoft Corporation
6.00.0000.7755
c:\windows\system32\msapsspc.dll
9b5b153f4d0d5cb14d9865435182bd70 (MD5)
81f2fa4984c6dd3b9bca38d5c348343062d90815 (SHA-1)
5dbbbb5c1e4b0ffe1fedb6bcacc6693c835948deec967f5e412329a02b799d5f (SHA-256)
schannel.dll
schannel.dll
TLS / SSL Security Provider
Microsoft Corporation
5.01.2600.5512
c:\windows\system32\schannel.dll
e13d36b8490a1d942b5e504409950aa3 (MD5)
dbc9ea1342443f9df89f9594e01313cbefea947f (SHA-1)
cbd3bf27640a43a12b5753cf6ad7dbf09ee6feecc744c6c60000db42793c2bab (SHA-256)
digest.dll
digest.dll
Package d'authentification Digest SSPI
Microsoft Corporation
6.00.2900.5512
c:\windows\system32\digest.dll
6cc5c1dac782a63bbc18afc1a23acb68 (MD5)
a71acf37920ee69a9b6ad859c9bcd713826cf598 (SHA-1)
31a5cabdbd646bb97d75118c738229d440020a99301d3a0552210630ad8bb431 (SHA-256)
msnsspc.dll
msnsspc.dll
Accès MSN Internet
Microsoft Corporation
6.01.1825.0000
c:\windows\system32\msnsspc.dll
25f3fbfb7cbc160674b1ac246fd13dc0 (MD5)
223431b21e851cd14c1cf0ab1fbec16d1aa86518 (SHA-1)
ffaa55260dd1c2989508910b0470997ef9c868eb578f4a2b10e187de59fe35e7 (SHA-256)
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages
msv1_0
msv1_0
Microsoft Authentication Package v1.0
Microsoft Corporation
5.01.2600.5512
c:\windows\system32\msv1_0.dll
427df62a7f78eaf26e40352cd0e05eda (MD5)
ab500c986b25b9410232eec5ca35a419346388c5 (SHA-1)
0c56662bb2662d1ced43c35d188e1e3ea94bdcb7ee85b23a3907a9f3bbbdd354 (SHA-256)
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages
scecli
scecli
Moteur du client de l'Éditeur de configuration de sécurité Windows
Microsoft Corporation
5.01.2600.5512
c:\windows\system32\scecli.dll
973b36634c544948c663e8269aa1b3a3 (MD5)
eae992c87e70dfdcdcd615624e80438e03f42f54 (SHA-1)
ad2c0561d4248c29e71dbffe5ecca1b1d061d2339773e1b54857f6d57970fe80 (SHA-256)
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages
kerberos
kerberos
Kerberos Security Package
Microsoft Corporation
5.01.2600.5512
c:\windows\system32\kerberos.dll
5e1dc78ea1cfe5f02e5c6fd256e46492 (MD5)
1b8a28c0b3826e47f08c673750f540eafbb9de0c (SHA-1)
a8d42db0a2e075597b6af77ac54e4931255feaad578324992e19e6804551fb84 (SHA-256)
msv1_0
msv1_0
Microsoft Authentication Package v1.0
Microsoft Corporation
5.01.2600.5512
c:\windows\system32\msv1_0.dll
427df62a7f78eaf26e40352cd0e05eda (MD5)
ab500c986b25b9410232eec5ca35a419346388c5 (SHA-1)
0c56662bb2662d1ced43c35d188e1e3ea94bdcb7ee85b23a3907a9f3bbbdd354 (SHA-256)
schannel
schannel
TLS / SSL Security Provider
Microsoft Corporation
5.01.2600.5512
c:\windows\system32\schannel.dll
e13d36b8490a1d942b5e504409950aa3 (MD5)
dbc9ea1342443f9df89f9594e01313cbefea947f (SHA-1)
cbd3bf27640a43a12b5753cf6ad7dbf09ee6feecc744c6c60000db42793c2bab (SHA-256)
wdigest
wdigest
Microsoft Digest Access
Microsoft Corporation
5.01.2600.5512
c:\windows\system32\wdigest.dll
a3cbc6a9e46ee3fe8396c59f4e2270cc (MD5)
6b0f691f891bcf9b5ed1098aced610a0e8c01dc7 (SHA-1)
bb9c2d96678e37a2540ac9d071dea57536d7198f342b3fca621bd87754066d82 (SHA-256)
===============
Scheduled tasks
===============
========
Programs
========
Adobe Flash Player 10 Plugin 10.0.45.2
CCC Help English 2010.0302.2232.40412
Catalyst Control Center - Branding 1.00.0000
Catalyst Control Center Core Implementation 2010.0302.2233.40412
Catalyst Control Center Graphics Full Existing 2010.0302.2233.40412
Catalyst Control Center Graphics Full New 2010.0302.2233.40412
Catalyst Control Center Graphics Light 2010.0302.2233.40412
Catalyst Control Center Graphics Previews Common 2010.0302.2233.40412
Catalyst Control Center HydraVision Full 2010.0302.2233.40412
Catalyst Control Center InstallProxy 2010.0302.2233.40412
List_Kill'em 1.7.0.4
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 9.0.30729.4148
Mozilla Firefox (3.6.3) 3.6.3 (fr)
REALTEK GbE & FE Ethernet PCI-E NIC Driver 1.26.0000
Realtek High Definition Audio Driver 5.10.0.6077
The Lord of the Rings FREE Trial 1.00.0000
WebFldrs XP 9.50.7523
ZHPDiag 1.25 1.25
ccc-core-preinstall 2010.0302.2233.40412
ccc-core-static 2010.0302.2233.40412
ccc-utility 2010.0302.2233.40412
=======
Drivers
=======
C:\WINDOWS\System32\Drivers\acpi.sys
C:\WINDOWS\System32\Drivers\acpiec.sys
C:\WINDOWS\System32\Drivers\aec.sys
C:\WINDOWS\System32\Drivers\afd.sys
C:\WINDOWS\System32\Drivers\Ambfilt.sys
C:\WINDOWS\System32\Drivers\amdk6.sys
C:\WINDOWS\System32\Drivers\amdk7.sys
C:\WINDOWS\System32\Drivers\arp1394.sys
C:\WINDOWS\System32\Drivers\asyncmac.sys
C:\WINDOWS\System32\Drivers\atapi.sys
C:\WINDOWS\System32\Drivers\ati2mtag.sys
C:\WINDOWS\System32\Drivers\atmarpc.sys
C:\WINDOWS\System32\Drivers\atmepvc.sys
C:\WINDOWS\System32\Drivers\atmlane.sys
C:\WINDOWS\System32\Drivers\atmuni.sys
C:\WINDOWS\System32\Drivers\audstub.sys
C:\WINDOWS\System32\Drivers\beep.sys
C:\WINDOWS\System32\Drivers\bridge.sys
C:\WINDOWS\System32\Drivers\cbidf2k.sys
C:\WINDOWS\System32\Drivers\cdaudio.sys
C:\WINDOWS\System32\Drivers\cdfs.sys
C:\WINDOWS\System32\Drivers\cdrom.sys
C:\WINDOWS\System32\Drivers\cinemst2.sys
C:\WINDOWS\System32\Drivers\classpnp.sys
C:\WINDOWS\System32\Drivers\cpqdap01.sys
C:\WINDOWS\System32\Drivers\crusoe.sys
C:\WINDOWS\System32\Drivers\disk.sys
C:\WINDOWS\System32\Drivers\diskdump.sys
C:\WINDOWS\System32\Drivers\dmboot.sys
C:\WINDOWS\System32\Drivers\dmio.sys
C:\WINDOWS\System32\Drivers\dmload.sys
C:\WINDOWS\System32\Drivers\DMusic.sys
C:\WINDOWS\System32\Drivers\drmk.sys
C:\WINDOWS\System32\Drivers\drmkaud.sys
C:\WINDOWS\System32\Drivers\dxapi.sys
C:\WINDOWS\System32\Drivers\dxg.sys
C:\WINDOWS\System32\Drivers\dxgthk.sys
C:\WINDOWS\System32\Drivers\fastfat.sys
C:\WINDOWS\System32\Drivers\fdc.sys
C:\WINDOWS\System32\Drivers\fips.sys
C:\WINDOWS\System32\Drivers\flpydisk.sys
C:\WINDOWS\System32\Drivers\fltMgr.sys
C:\WINDOWS\System32\Drivers\fsvga.sys
C:\WINDOWS\System32\Drivers\fs_rec.sys
C:\WINDOWS\System32\Drivers\ftdisk.sys
C:\WINDOWS\System32\Drivers\hdaudbus.sys
C:\WINDOWS\System32\Drivers\hidclass.sys
C:\WINDOWS\System32\Drivers\hidparse.sys
C:\WINDOWS\System32\Drivers\hidusb.sys
C:\WINDOWS\System32\Drivers\http.sys
C:\WINDOWS\System32\Drivers\i8042prt.sys
C:\WINDOWS\System32\Drivers\imapi.sys
C:\WINDOWS\System32\Drivers\intelppm.sys
C:\WINDOWS\System32\Drivers\ip6fw.sys
C:\WINDOWS\System32\Drivers\ipfltdrv.sys
C:\WINDOWS\System32\Drivers\ipinip.sys
C:\WINDOWS\System32\Drivers\ipnat.sys
C:\WINDOWS\System32\Drivers\ipsec.sys
C:\WINDOWS\System32\Drivers\irenum.sys
C:\WINDOWS\System32\Drivers\isapnp.sys
C:\WINDOWS\System32\Drivers\kbdclass.sys
C:\WINDOWS\System32\Drivers\kmixer.sys
C:\WINDOWS\System32\Drivers\ks.sys
C:\WINDOWS\System32\Drivers\ksecdd.sys
C:\WINDOWS\System32\Drivers\mcd.sys
C:\WINDOWS\System32\Drivers\mf.sys
C:\WINDOWS\System32\Drivers\mnmdd.sys
C:\WINDOWS\System32\Drivers\modem.sys
C:\WINDOWS\System32\Drivers\Monfilt.sys
C:\WINDOWS\System32\Drivers\mouclass.sys
C:\WINDOWS\System32\Drivers\mouhid.sys
C:\WINDOWS\System32\Drivers\mountmgr.sys
C:\WINDOWS\System32\Drivers\mqac.sys
C:\WINDOWS\System32\Drivers\mrxdav.sys
C:\WINDOWS\System32\Drivers\mrxsmb.sys
C:\WINDOWS\System32\Drivers\msfs.sys
C:\WINDOWS\System32\Drivers\msgpc.sys
C:\WINDOWS\System32\Drivers\MSKSSRV.sys
C:\WINDOWS\System32\Drivers\MSPCLOCK.sys
C:\WINDOWS\System32\Drivers\MSPQM.sys
C:\WINDOWS\System32\Drivers\mssmbios.sys
C:\WINDOWS\System32\Drivers\mup.sys
C:\WINDOWS\System32\Drivers\ndis.sys
C:\WINDOWS\System32\Drivers\ndistapi.sys
C:\WINDOWS\System32\Drivers\ndisuio.sys
C:\WINDOWS\System32\Drivers\ndiswan.sys
C:\WINDOWS\System32\Drivers\ndproxy.sys
C:\WINDOWS\System32\Drivers\netbios.sys
C:\WINDOWS\System32\Drivers\netbt.sys
C:\WINDOWS\System32\Drivers\nic1394.sys
C:\WINDOWS\System32\Drivers\nikedrv.sys
C:\WINDOWS\System32\Drivers\nmnt.sys
C:\WINDOWS\System32\Drivers\npfs.sys
C:\WINDOWS\System32\Drivers\ntfs.sys
C:\WINDOWS\System32\Drivers\null.sys
C:\WINDOWS\System32\Drivers\nwlnkflt.sys
C:\WINDOWS\System32\Drivers\nwlnkfwd.sys
C:\WINDOWS\System32\Drivers\nwlnkipx.sys
C:\WINDOWS\System32\Drivers\nwlnknb.sys
C:\WINDOWS\System32\Drivers\nwlnkspx.sys
C:\WINDOWS\System32\Drivers\nwrdr.sys
C:\WINDOWS\System32\Drivers\oprghdlr.sys
C:\WINDOWS\System32\Drivers\p3.sys
C:\WINDOWS\System32\Drivers\parport.sys
C:\WINDOWS\System32\Drivers\partmgr.sys
C:\WINDOWS\System32\Drivers\parvdm.sys
C:\WINDOWS\System32\Drivers\pci.sys
C:\WINDOWS\System32\Drivers\pciide.sys
C:\WINDOWS\System32\Drivers\pciidex.sys
C:\WINDOWS\System32\Drivers\pcmcia.sys
C:\WINDOWS\System32\Drivers\portcls.sys
C:\WINDOWS\System32\Drivers\processr.sys
C:\WINDOWS\System32\Drivers\psched.sys
C:\WINDOWS\System32\Drivers\ptilink.sys
C:\WINDOWS\System32\Drivers\rasacd.sys
C:\WINDOWS\System32\Drivers\rasl2tp.sys
C:\WINDOWS\System32\Drivers\raspppoe.sys
C:\WINDOWS\System32\Drivers\raspptp.sys
C:\WINDOWS\System32\Drivers\raspti.sys
C:\WINDOWS\System32\Drivers\rawwan.sys
C:\WINDOWS\System32\Drivers\rdbss.sys
C:\WINDOWS\System32\Drivers\rdpcdd.sys
C:\WINDOWS\System32\Drivers\rdpdr.sys
C:\WINDOWS\System32\Drivers\rdpwd.sys
C:\WINDOWS\System32\Drivers\rio8drv.sys
C:\WINDOWS\System32\Drivers\riodrv.sys
C:\WINDOWS\System32\Drivers\RMCast.sys
C:\WINDOWS\System32\Drivers\rndismp.sys
C:\WINDOWS\System32\Drivers\rootmdm.sys
C:\WINDOWS\System32\Drivers\Rtenicxp.sys
C:\WINDOWS\System32\Drivers\RtkHDAud.sys
C:\WINDOWS\System32\Drivers\scsiport.sys
C:\WINDOWS\System32\Drivers\sdbus.sys
C:\WINDOWS\System32\Drivers\secdrv.sys
C:\WINDOWS\System32\Drivers\serenum.sys
C:\WINDOWS\System32\Drivers\serial.sys
C:\WINDOWS\System32\Drivers\sffdisk.sys
C:\WINDOWS\System32\Drivers\sffp_mmc.sys
C:\WINDOWS\System32\Drivers\sffp_sd.sys
C:\WINDOWS\System32\Drivers\sfloppy.sys
C:\WINDOWS\System32\Drivers\smclib.sys
C:\WINDOWS\System32\Drivers\sonydcam.sys
C:\WINDOWS\System32\Drivers\splitter.sys
C:\WINDOWS\System32\Drivers\sr.sys
C:\WINDOWS\System32\Drivers\srv.sys
C:\WINDOWS\System32\Drivers\stream.sys
C:\WINDOWS\System32\Drivers\swenum.sys
C:\WINDOWS\System32\Drivers\swmidi.sys
C:\WINDOWS\System32\Drivers\sysaudio.sys
C:\WINDOWS\System32\Drivers\tape.sys
C:\WINDOWS\System32\Drivers\tcpip.sys
C:\WINDOWS\System32\Drivers\tcpip6.sys
C:\WINDOWS\System32\Drivers\tdi.sys
C:\WINDOWS\System32\Drivers\tdpipe.sys
C:\WINDOWS\System32\Drivers\tdtcp.sys
C:\WINDOWS\System32\Drivers\termdd.sys
C:\WINDOWS\System32\Drivers\tosdvd.sys
C:\WINDOWS\System32\Drivers\tsbvcap.sys
C:\WINDOWS\System32\Drivers\tunmp.sys
C:\WINDOWS\System32\Drivers\udfs.sys
C:\WINDOWS\System32\Drivers\update.sys
C:\WINDOWS\System32\Drivers\usb8023.sys
C:\WINDOWS\System32\Drivers\usbcamd.sys
C:\WINDOWS\System32\Drivers\usbcamd2.sys
C:\WINDOWS\System32\Drivers\usbd.sys
C:\WINDOWS\System32\Drivers\usbehci.sys
C:\WINDOWS\System32\Drivers\usbhub.sys
C:\WINDOWS\System32\Drivers\usbintel.sys
C:\WINDOWS\System32\Drivers\usbport.sys
C:\WINDOWS\System32\Drivers\usbstor.sys
C:\WINDOWS\System32\Drivers\usbuhci.sys
C:\WINDOWS\System32\Drivers\vdmindvd.sys
C:\WINDOWS\System32\Drivers\vga.sys
C:\WINDOWS\System32\Drivers\videoprt.sys
C:\WINDOWS\System32\Drivers\volsnap.sys
C:\WINDOWS\System32\Drivers\wanarp.sys
C:\WINDOWS\System32\Drivers\wdmaud.sys
C:\WINDOWS\System32\Drivers\wmilib.sys
C:\WINDOWS\System32\Drivers\wpdusb.sys
C:\WINDOWS\System32\Drivers\ws2ifsl.sys
C:\WINDOWS\System32\Drivers\wudfpf.sys
C:\WINDOWS\System32\Drivers\wudfrd.sys
==========( EOF )==========
====
DLLs
====
------------------------------------------------------------------------------
explorer.exe pid: 1816
Command line: C:\WINDOWS\Explorer.EXE
Base Size Version Path
0x01000000 0x107000 6.00.2900.5512 C:\WINDOWS\Explorer.EXE
0x7c910000 0xb6000 5.01.2600.5512 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x106000 5.01.2600.5512 C:\WINDOWS\system32\kernel32.dll
0x77da0000 0xac000 5.01.2600.5512 C:\WINDOWS\system32\ADVAPI32.dll
0x77e50000 0x92000 5.01.2600.5512 C:\WINDOWS\system32\RPCRT4.dll
0x77fc0000 0x11000 5.01.2600.5512 C:\WINDOWS\system32\Secur32.dll
0x75f10000 0xfd000 6.00.2900.5512 C:\WINDOWS\system32\BROWSEUI.dll
0x77ef0000 0x49000 5.01.2600.5512 C:\WINDOWS\system32\GDI32.dll
0x7e390000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x774a0000 0x13d000 5.01.2600.5512 C:\WINDOWS\system32\ole32.dll
0x77f40000 0x76000 6.00.2900.5512 C:\WINDOWS\system32\SHLWAPI.dll
0x770e0000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x7e210000 0x171000 6.00.2900.5512 C:\WINDOWS\system32\SHDOCVW.dll
0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll
0x77a80000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\MSASN1.dll
0x76610000 0x84000 5.131.2600.5512 C:\WINDOWS\system32\CRYPTUI.dll
0x6fee0000 0x55000 5.01.2600.5512 C:\WINDOWS\system32\NETAPI32.dll
0x77bd0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x771b0000 0xce000 7.00.5730.0013 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x5dca0000 0x45000 7.00.5730.0013 C:\WINDOWS\system32\iertutil.dll
0x76be0000 0x2e000 5.131.2600.5512 C:\WINDOWS\system32\WINTRUST.dll
0x76c40000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\IMAGEHLP.dll
0x76f10000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\WLDAP32.dll
0x7c9d0000 0x825000 6.00.2900.5512 C:\WINDOWS\system32\SHELL32.dll
0x5b090000 0x38000 6.00.2900.5512 C:\WINDOWS\system32\UxTheme.dll
0x5cea0000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x595b0000 0x1ca000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcGenral.DLL
0x76ae0000 0x2f000 5.01.2600.5512 C:\WINDOWS\system32\WINMM.dll
0x77bb0000 0x15000 5.01.2600.5512 C:\WINDOWS\system32\MSACM32.dll
0x76960000 0xb6000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x76320000 0x1d000 5.01.2600.5512 C:\WINDOWS\system32\IMM32.DLL
0x77390000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
0x75140000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x77b50000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\appHelp.dll
0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
0x765b0000 0x56000 5.01.2600.5512 C:\WINDOWS\System32\cscui.dll
0x76590000 0x1d000 5.01.2600.5512 C:\WINDOWS\System32\CSCDLL.dll
0x5b950000 0x73000 6.00.2900.5512 C:\WINDOWS\system32\themeui.dll
0x76310000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\MSIMG32.dll
0x01110000 0x2da000 5.01.2600.5512 C:\WINDOWS\system32\xpsp2res.dll
0x61410000 0x124000 7.00.5730.0013 C:\WINDOWS\system32\urlmon.dll
0x10000000 0x5000 C:\Documents and Settings\LocalService\Local Settings\Application Data\Windows Server\ndrwnu.dll
0x01430000 0x5c9000 7.00.5730.0013 C:\WINDOWS\system32\ieframe.dll
0x76ba0000 0xb000 5.01.2600.5512 C:\WINDOWS\system32\PSAPI.DLL
0x5ffb0000 0x33000 5.01.2600.5512 C:\WINDOWS\system32\msutb.dll
0x74690000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x71b50000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\SAMLIB.dll
0x01c60000 0xa000 C:\WINDOWS\system32\msepdlkp.dll
0x778e0000 0xf8000 5.01.2600.5512 C:\WINDOWS\system32\SETUPAPI.dll
0x76920000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\LINKINFO.dll
0x76930000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ntshrui.dll
0x76ac0000 0x11000 3.05.2284.0001 C:\WINDOWS\system32\ATL.DLL
0x76390000 0x1a9000 5.01.2600.5512 C:\WINDOWS\system32\NETSHELL.dll
0x76bb0000 0x2f000 5.01.2600.5512 C:\WINDOWS\system32\credui.dll
0x5b660000 0xa000 5.01.2600.5512 C:\WINDOWS\system32\dot3api.dll
0x76e30000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\rtutils.dll
0x72640000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\dot3dlg.dll
0x73990000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\OneX.DLL
0x76f00000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\WTSAPI32.dll
0x762f0000 0x10000 5.01.2600.5512 C:\WINDOWS\system32\WINSTA.dll
0x6da60000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\eappcfg.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x200e0000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\eappprxy.dll
0x76d10000 0x19000 5.01.2600.5512 C:\WINDOWS\system32\iphlpapi.dll
0x719f0000 0x17000 5.01.2600.5512 C:\WINDOWS\system32\WS2_32.dll
0x719e0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\WS2HELP.dll
0x74b30000 0x3b000 7.00.5730.0013 C:\WINDOWS\system32\webcheck.dll
0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\wpdshserviceobj.dll
0x4d5e0000 0x59000 5.01.2600.5512 C:\WINDOWS\system32\WINHTTP.dll
0x72380000 0x1a000 6.00.2900.5512 C:\WINDOWS\system32\mydocs.dll
0x76540000 0x21000 5.01.2600.5512 C:\WINDOWS\system32\stobject.dll
0x74a60000 0xa000 6.00.2900.5512 C:\WINDOWS\system32\BatMeter.dll
0x74a40000 0x8000 6.00.2900.5512 C:\WINDOWS\system32\POWRPROF.dll
0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\portabledevicetypes.dll
0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\portabledeviceapi.dll
0x72c70000 0x9000 5.01.2600.5512 C:\WINDOWS\system32\wdmaud.drv
0x72c60000 0x8000 5.01.2600.0000 C:\WINDOWS\system32\msacm32.drv
0x77ba0000 0x7000 5.01.2600.5512 C:\WINDOWS\system32\midimap.dll
0x75d30000 0x91000 6.00.2900.5512 C:\WINDOWS\system32\MLANG.dll
0x71a60000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\MPR.dll
0x75ef0000 0x7000 5.01.2600.5512 C:\WINDOWS\System32\drprov.dll
0x71b70000 0xe000 5.01.2600.5512 C:\WINDOWS\System32\ntlanman.dll
0x71c30000 0x17000 5.01.2600.5512 C:\WINDOWS\System32\NETUI0.dll
0x71bf0000 0x40000 5.01.2600.5512 C:\WINDOWS\System32\NETUI1.dll
0x71be0000 0x7000 5.01.2600.5512 C:\WINDOWS\System32\NETRAP.dll
0x75f00000 0xa000 5.01.2600.5512 C:\WINDOWS\System32\davclnt.dll
0x71600000 0x13000 6.00.2900.5512 C:\WINDOWS\system32\browselc.dll
0x6c650000 0x4d000 5.01.2600.5512 C:\WINDOWS\system32\DUSER.dll
0x68000000 0x36000 5.01.2600.5507 C:\WINDOWS\system32\rsaenh.dll
0x03ae0000 0xb0000 6.14.0010.2001 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
0x02a90000 0x3000 6.14.0010.2001 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamfra.dll
0x754c0000 0xaa000 5.01.2600.5512 C:\WINDOWS\system32\RASDLG.dll
0x76cf0000 0x18000 5.01.2600.5512 C:\WINDOWS\system32\MPRAPI.dll
0x77c90000 0x32000 5.01.2600.5512 C:\WINDOWS\system32\ACTIVEDS.dll
0x76dc0000 0x25000 5.01.2600.5512 C:\WINDOWS\system32\adsldpc.dll
0x76e90000 0x3c000 5.01.2600.5512 C:\WINDOWS\system32\RASAPI32.dll
0x76e40000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\rasman.dll
0x76e60000 0x2f000 5.01.2600.5512 C:\WINDOWS\system32\TAPI32.dll
0x77cd0000 0x33000 5.01.2600.5512 C:\WINDOWS\system32\netman.dll
0x72f80000 0x10000 5.01.2600.5512 C:\WINDOWS\system32\WZCSAPI.DLL
0x7db30000 0x8c000 5.01.2600.5512 C:\WINDOWS\system32\WZCSvc.DLL
0x76ce0000 0x4000 5.01.2600.5512 C:\WINDOWS\system32\WMI.dll
0x7d4d0000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\DHCPCSVC.DLL
0x76ed0000 0x27000 5.01.2600.5512 C:\WINDOWS\system32\DNSAPI.dll
0x71780000 0xb000 5.01.2600.5512 C:\WINDOWS\system32\EapolQec.dll
0x5bdf0000 0x16000 5.01.2600.5512 C:\WINDOWS\system32\QUtil.dll
0x6f890000 0x111000 5.01.2600.5512 C:\WINDOWS\system32\ESENT.dll
0x62e40000 0x59000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
0x74e60000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemprox.dll
0x75200000 0x37000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemcomn.dll
0x74e40000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemsvc.dll
0x75610000 0x76000 5.01.2600.5512 C:\WINDOWS\system32\wbem\fastprox.dll
0x76740000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\NTDSAPI.dll
0x75570000 0x9d000 5.01.2600.5512 C:\WINDOWS\system32\netcfgx.dll
0x76d50000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\CLUSAPI.dll
0x77c40000 0x24000 5.01.2600.5512 C:\WINDOWS\system32\msv1_0.dll
0x750c0000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\Cabinet.dll
0x60990000 0x7000 3.01.4001.5512 C:\WINDOWS\system32\MSISIP.DLL
0x7e6a0000 0x16000 5.07.0000.16599 C:\WINDOWS\system32\wshext.dll
No matching processes were found.
=====
Ports
=====
Pid Process Port Proto Path
1532 -> 1028 TCP
1068 -> 135 TCP
4 System -> 139 TCP
0 System -> 38277 TCP
0 System -> 39142 TCP
0 System -> 39266 TCP
0 System -> 39267 TCP
0 System -> 39268 TCP
0 System -> 39269 TCP
0 System -> 39270 TCP
0 System -> 39324 TCP
0 System -> 39489 TCP
0 System -> 40942 TCP
0 System -> 41244 TCP
0 System -> 41255 TCP
0 System -> 41256 TCP
0 System -> 41259 TCP
0 System -> 41260 TCP
0 System -> 41261 TCP
0 System -> 41262 TCP
0 System -> 41275 TCP
0 System -> 41277 TCP
0 System -> 41426 TCP
0 System -> 41466 TCP
0 System -> 41468 TCP
0 System -> 41638 TCP
0 System -> 41780 TCP
0 System -> 41802 TCP
0 System -> 41936 TCP
0 System -> 42083 TCP
0 System -> 42086 TCP
0 System -> 42087 TCP
0 System -> 42088 TCP
0 System -> 42126 TCP
0 System -> 42160 TCP
0 System -> 42168 TCP
0 System -> 42171 TCP
0 System -> 42194 TCP
0 System -> 42200 TCP
0 System -> 42225 TCP
0 System -> 42264 TCP
0 System -> 42345 TCP
0 System -> 42360 TCP
0 System -> 42383 TCP
0 System -> 42447 TCP
4 System -> 445 TCP
7388 firefox -> 42483 TCP C:\Program Files\Mozilla Firefox\firefox.exe
7388 firefox -> 42485 TCP C:\Program Files\Mozilla Firefox\firefox.exe
7388 firefox -> 42486 TCP C:\Program Files\Mozilla Firefox\firefox.exe
7388 firefox -> 42487 TCP C:\Program Files\Mozilla Firefox\firefox.exe
7388 firefox -> 42489 TCP C:\Program Files\Mozilla Firefox\firefox.exe
7388 firefox -> 42490 TCP C:\Program Files\Mozilla Firefox\firefox.exe
7388 firefox -> 6710 TCP C:\Program Files\Mozilla Firefox\firefox.exe
7388 firefox -> 6711 TCP C:\Program Files\Mozilla Firefox\firefox.exe
7388 firefox -> 6798 TCP C:\Program Files\Mozilla Firefox\firefox.exe
7388 firefox -> 6799 TCP C:\Program Files\Mozilla Firefox\firefox.exe
2536 svchost -> 1100 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 12433 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 12778 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 17761 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 31448 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 31505 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 31506 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 31507 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 32623 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 39832 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 4070 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 41207 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 41237 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 41307 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 41446 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 41957 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 41983 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 42006 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 42427 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 42440 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 42470 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 42491 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 42492 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 42494 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 42496 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 42499 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 42500 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 42501 TCP C:\WINDOWS\System32\svchost.exe
196 svchost -> 42502 TCP C:\WINDOWS\system32\svchost.exe
2536 svchost -> 42503 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 42504 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 42505 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 42506 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 42507 TCP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 8770 TCP C:\WINDOWS\System32\svchost.exe
720 winlogon -> 1029 TCP \??\C:\WINDOWS\system32\winlogon.exe
1532 -> 1025 UDP
1068 -> 445 UDP
4 System -> 1049 UDP
4 System -> 500 UDP
7388 firefox -> 1044 UDP C:\Program Files\Mozilla Firefox\firefox.exe
7388 firefox -> 1045 UDP C:\Program Files\Mozilla Firefox\firefox.exe
7388 firefox -> 1047 UDP C:\Program Files\Mozilla Firefox\firefox.exe
7388 firefox -> 1048 UDP C:\Program Files\Mozilla Firefox\firefox.exe
2536 svchost -> 1051 UDP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 1052 UDP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 1098 UDP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 123 UDP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 137 UDP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 138 UDP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 1381 UDP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 1900 UDP C:\WINDOWS\System32\svchost.exe
2536 svchost -> 4500 UDP C:\WINDOWS\System32\svchost.exe
720 winlogon -> 1050 UDP \??\C:\WINDOWS\system32\winlogon.exe
=============
Boot Execute
=============
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
autocheck autochk *
autocheck autochk *
Utilitaire de vérification automatique
Microsoft Corporation
5.01.2600.5512
c:\windows\system32\autochk.exe
b16ccbf66bf41f994d2810cc2299d9d6 (MD5)
1ca550976a0a04527ba38312ffc87b0e083e5f31 (SHA-1)
72a10210863995896fdd1725f072967961ffd41926c099634ff3bc99bbd65b4f (SHA-256)
===================
LSA Security Providers
===================
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders
msapsspc.dll
msapsspc.dll
Client DPA pour plate-forme 32 bit
Microsoft Corporation
6.00.0000.7755
c:\windows\system32\msapsspc.dll
9b5b153f4d0d5cb14d9865435182bd70 (MD5)
81f2fa4984c6dd3b9bca38d5c348343062d90815 (SHA-1)
5dbbbb5c1e4b0ffe1fedb6bcacc6693c835948deec967f5e412329a02b799d5f (SHA-256)
schannel.dll
schannel.dll
TLS / SSL Security Provider
Microsoft Corporation
5.01.2600.5512
c:\windows\system32\schannel.dll
e13d36b8490a1d942b5e504409950aa3 (MD5)
dbc9ea1342443f9df89f9594e01313cbefea947f (SHA-1)
cbd3bf27640a43a12b5753cf6ad7dbf09ee6feecc744c6c60000db42793c2bab (SHA-256)
digest.dll
digest.dll
Package d'authentification Digest SSPI
Microsoft Corporation
6.00.2900.5512
c:\windows\system32\digest.dll
6cc5c1dac782a63bbc18afc1a23acb68 (MD5)
a71acf37920ee69a9b6ad859c9bcd713826cf598 (SHA-1)
31a5cabdbd646bb97d75118c738229d440020a99301d3a0552210630ad8bb431 (SHA-256)
msnsspc.dll
msnsspc.dll
Accès MSN Internet
Microsoft Corporation
6.01.1825.0000
c:\windows\system32\msnsspc.dll
25f3fbfb7cbc160674b1ac246fd13dc0 (MD5)
223431b21e851cd14c1cf0ab1fbec16d1aa86518 (SHA-1)
ffaa55260dd1c2989508910b0470997ef9c868eb578f4a2b10e187de59fe35e7 (SHA-256)
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages
msv1_0
msv1_0
Microsoft Authentication Package v1.0
Microsoft Corporation
5.01.2600.5512
c:\windows\system32\msv1_0.dll
427df62a7f78eaf26e40352cd0e05eda (MD5)
ab500c986b25b9410232eec5ca35a419346388c5 (SHA-1)
0c56662bb2662d1ced43c35d188e1e3ea94bdcb7ee85b23a3907a9f3bbbdd354 (SHA-256)
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages
scecli
scecli
Moteur du client de l'Éditeur de configuration de sécurité Windows
Microsoft Corporation
5.01.2600.5512
c:\windows\system32\scecli.dll
973b36634c544948c663e8269aa1b3a3 (MD5)
eae992c87e70dfdcdcd615624e80438e03f42f54 (SHA-1)
ad2c0561d4248c29e71dbffe5ecca1b1d061d2339773e1b54857f6d57970fe80 (SHA-256)
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages
kerberos
kerberos
Kerberos Security Package
Microsoft Corporation
5.01.2600.5512
c:\windows\system32\kerberos.dll
5e1dc78ea1cfe5f02e5c6fd256e46492 (MD5)
1b8a28c0b3826e47f08c673750f540eafbb9de0c (SHA-1)
a8d42db0a2e075597b6af77ac54e4931255feaad578324992e19e6804551fb84 (SHA-256)
msv1_0
msv1_0
Microsoft Authentication Package v1.0
Microsoft Corporation
5.01.2600.5512
c:\windows\system32\msv1_0.dll
427df62a7f78eaf26e40352cd0e05eda (MD5)
ab500c986b25b9410232eec5ca35a419346388c5 (SHA-1)
0c56662bb2662d1ced43c35d188e1e3ea94bdcb7ee85b23a3907a9f3bbbdd354 (SHA-256)
schannel
schannel
TLS / SSL Security Provider
Microsoft Corporation
5.01.2600.5512
c:\windows\system32\schannel.dll
e13d36b8490a1d942b5e504409950aa3 (MD5)
dbc9ea1342443f9df89f9594e01313cbefea947f (SHA-1)
cbd3bf27640a43a12b5753cf6ad7dbf09ee6feecc744c6c60000db42793c2bab (SHA-256)
wdigest
wdigest
Microsoft Digest Access
Microsoft Corporation
5.01.2600.5512
c:\windows\system32\wdigest.dll
a3cbc6a9e46ee3fe8396c59f4e2270cc (MD5)
6b0f691f891bcf9b5ed1098aced610a0e8c01dc7 (SHA-1)
bb9c2d96678e37a2540ac9d071dea57536d7198f342b3fca621bd87754066d82 (SHA-256)
===============
Scheduled tasks
===============
========
Programs
========
Adobe Flash Player 10 Plugin 10.0.45.2
CCC Help English 2010.0302.2232.40412
Catalyst Control Center - Branding 1.00.0000
Catalyst Control Center Core Implementation 2010.0302.2233.40412
Catalyst Control Center Graphics Full Existing 2010.0302.2233.40412
Catalyst Control Center Graphics Full New 2010.0302.2233.40412
Catalyst Control Center Graphics Light 2010.0302.2233.40412
Catalyst Control Center Graphics Previews Common 2010.0302.2233.40412
Catalyst Control Center HydraVision Full 2010.0302.2233.40412
Catalyst Control Center InstallProxy 2010.0302.2233.40412
List_Kill'em 1.7.0.4
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 9.0.30729.4148
Mozilla Firefox (3.6.3) 3.6.3 (fr)
REALTEK GbE & FE Ethernet PCI-E NIC Driver 1.26.0000
Realtek High Definition Audio Driver 5.10.0.6077
The Lord of the Rings FREE Trial 1.00.0000
WebFldrs XP 9.50.7523
ZHPDiag 1.25 1.25
ccc-core-preinstall 2010.0302.2233.40412
ccc-core-static 2010.0302.2233.40412
ccc-utility 2010.0302.2233.40412
=======
Drivers
=======
C:\WINDOWS\System32\Drivers\acpi.sys
C:\WINDOWS\System32\Drivers\acpiec.sys
C:\WINDOWS\System32\Drivers\aec.sys
C:\WINDOWS\System32\Drivers\afd.sys
C:\WINDOWS\System32\Drivers\Ambfilt.sys
C:\WINDOWS\System32\Drivers\amdk6.sys
C:\WINDOWS\System32\Drivers\amdk7.sys
C:\WINDOWS\System32\Drivers\arp1394.sys
C:\WINDOWS\System32\Drivers\asyncmac.sys
C:\WINDOWS\System32\Drivers\atapi.sys
C:\WINDOWS\System32\Drivers\ati2mtag.sys
C:\WINDOWS\System32\Drivers\atmarpc.sys
C:\WINDOWS\System32\Drivers\atmepvc.sys
C:\WINDOWS\System32\Drivers\atmlane.sys
C:\WINDOWS\System32\Drivers\atmuni.sys
C:\WINDOWS\System32\Drivers\audstub.sys
C:\WINDOWS\System32\Drivers\beep.sys
C:\WINDOWS\System32\Drivers\bridge.sys
C:\WINDOWS\System32\Drivers\cbidf2k.sys
C:\WINDOWS\System32\Drivers\cdaudio.sys
C:\WINDOWS\System32\Drivers\cdfs.sys
C:\WINDOWS\System32\Drivers\cdrom.sys
C:\WINDOWS\System32\Drivers\cinemst2.sys
C:\WINDOWS\System32\Drivers\classpnp.sys
C:\WINDOWS\System32\Drivers\cpqdap01.sys
C:\WINDOWS\System32\Drivers\crusoe.sys
C:\WINDOWS\System32\Drivers\disk.sys
C:\WINDOWS\System32\Drivers\diskdump.sys
C:\WINDOWS\System32\Drivers\dmboot.sys
C:\WINDOWS\System32\Drivers\dmio.sys
C:\WINDOWS\System32\Drivers\dmload.sys
C:\WINDOWS\System32\Drivers\DMusic.sys
C:\WINDOWS\System32\Drivers\drmk.sys
C:\WINDOWS\System32\Drivers\drmkaud.sys
C:\WINDOWS\System32\Drivers\dxapi.sys
C:\WINDOWS\System32\Drivers\dxg.sys
C:\WINDOWS\System32\Drivers\dxgthk.sys
C:\WINDOWS\System32\Drivers\fastfat.sys
C:\WINDOWS\System32\Drivers\fdc.sys
C:\WINDOWS\System32\Drivers\fips.sys
C:\WINDOWS\System32\Drivers\flpydisk.sys
C:\WINDOWS\System32\Drivers\fltMgr.sys
C:\WINDOWS\System32\Drivers\fsvga.sys
C:\WINDOWS\System32\Drivers\fs_rec.sys
C:\WINDOWS\System32\Drivers\ftdisk.sys
C:\WINDOWS\System32\Drivers\hdaudbus.sys
C:\WINDOWS\System32\Drivers\hidclass.sys
C:\WINDOWS\System32\Drivers\hidparse.sys
C:\WINDOWS\System32\Drivers\hidusb.sys
C:\WINDOWS\System32\Drivers\http.sys
C:\WINDOWS\System32\Drivers\i8042prt.sys
C:\WINDOWS\System32\Drivers\imapi.sys
C:\WINDOWS\System32\Drivers\intelppm.sys
C:\WINDOWS\System32\Drivers\ip6fw.sys
C:\WINDOWS\System32\Drivers\ipfltdrv.sys
C:\WINDOWS\System32\Drivers\ipinip.sys
C:\WINDOWS\System32\Drivers\ipnat.sys
C:\WINDOWS\System32\Drivers\ipsec.sys
C:\WINDOWS\System32\Drivers\irenum.sys
C:\WINDOWS\System32\Drivers\isapnp.sys
C:\WINDOWS\System32\Drivers\kbdclass.sys
C:\WINDOWS\System32\Drivers\kmixer.sys
C:\WINDOWS\System32\Drivers\ks.sys
C:\WINDOWS\System32\Drivers\ksecdd.sys
C:\WINDOWS\System32\Drivers\mcd.sys
C:\WINDOWS\System32\Drivers\mf.sys
C:\WINDOWS\System32\Drivers\mnmdd.sys
C:\WINDOWS\System32\Drivers\modem.sys
C:\WINDOWS\System32\Drivers\Monfilt.sys
C:\WINDOWS\System32\Drivers\mouclass.sys
C:\WINDOWS\System32\Drivers\mouhid.sys
C:\WINDOWS\System32\Drivers\mountmgr.sys
C:\WINDOWS\System32\Drivers\mqac.sys
C:\WINDOWS\System32\Drivers\mrxdav.sys
C:\WINDOWS\System32\Drivers\mrxsmb.sys
C:\WINDOWS\System32\Drivers\msfs.sys
C:\WINDOWS\System32\Drivers\msgpc.sys
C:\WINDOWS\System32\Drivers\MSKSSRV.sys
C:\WINDOWS\System32\Drivers\MSPCLOCK.sys
C:\WINDOWS\System32\Drivers\MSPQM.sys
C:\WINDOWS\System32\Drivers\mssmbios.sys
C:\WINDOWS\System32\Drivers\mup.sys
C:\WINDOWS\System32\Drivers\ndis.sys
C:\WINDOWS\System32\Drivers\ndistapi.sys
C:\WINDOWS\System32\Drivers\ndisuio.sys
C:\WINDOWS\System32\Drivers\ndiswan.sys
C:\WINDOWS\System32\Drivers\ndproxy.sys
C:\WINDOWS\System32\Drivers\netbios.sys
C:\WINDOWS\System32\Drivers\netbt.sys
C:\WINDOWS\System32\Drivers\nic1394.sys
C:\WINDOWS\System32\Drivers\nikedrv.sys
C:\WINDOWS\System32\Drivers\nmnt.sys
C:\WINDOWS\System32\Drivers\npfs.sys
C:\WINDOWS\System32\Drivers\ntfs.sys
C:\WINDOWS\System32\Drivers\null.sys
C:\WINDOWS\System32\Drivers\nwlnkflt.sys
C:\WINDOWS\System32\Drivers\nwlnkfwd.sys
C:\WINDOWS\System32\Drivers\nwlnkipx.sys
C:\WINDOWS\System32\Drivers\nwlnknb.sys
C:\WINDOWS\System32\Drivers\nwlnkspx.sys
C:\WINDOWS\System32\Drivers\nwrdr.sys
C:\WINDOWS\System32\Drivers\oprghdlr.sys
C:\WINDOWS\System32\Drivers\p3.sys
C:\WINDOWS\System32\Drivers\parport.sys
C:\WINDOWS\System32\Drivers\partmgr.sys
C:\WINDOWS\System32\Drivers\parvdm.sys
C:\WINDOWS\System32\Drivers\pci.sys
C:\WINDOWS\System32\Drivers\pciide.sys
C:\WINDOWS\System32\Drivers\pciidex.sys
C:\WINDOWS\System32\Drivers\pcmcia.sys
C:\WINDOWS\System32\Drivers\portcls.sys
C:\WINDOWS\System32\Drivers\processr.sys
C:\WINDOWS\System32\Drivers\psched.sys
C:\WINDOWS\System32\Drivers\ptilink.sys
C:\WINDOWS\System32\Drivers\rasacd.sys
C:\WINDOWS\System32\Drivers\rasl2tp.sys
C:\WINDOWS\System32\Drivers\raspppoe.sys
C:\WINDOWS\System32\Drivers\raspptp.sys
C:\WINDOWS\System32\Drivers\raspti.sys
C:\WINDOWS\System32\Drivers\rawwan.sys
C:\WINDOWS\System32\Drivers\rdbss.sys
C:\WINDOWS\System32\Drivers\rdpcdd.sys
C:\WINDOWS\System32\Drivers\rdpdr.sys
C:\WINDOWS\System32\Drivers\rdpwd.sys
C:\WINDOWS\System32\Drivers\rio8drv.sys
C:\WINDOWS\System32\Drivers\riodrv.sys
C:\WINDOWS\System32\Drivers\RMCast.sys
C:\WINDOWS\System32\Drivers\rndismp.sys
C:\WINDOWS\System32\Drivers\rootmdm.sys
C:\WINDOWS\System32\Drivers\Rtenicxp.sys
C:\WINDOWS\System32\Drivers\RtkHDAud.sys
C:\WINDOWS\System32\Drivers\scsiport.sys
C:\WINDOWS\System32\Drivers\sdbus.sys
C:\WINDOWS\System32\Drivers\secdrv.sys
C:\WINDOWS\System32\Drivers\serenum.sys
C:\WINDOWS\System32\Drivers\serial.sys
C:\WINDOWS\System32\Drivers\sffdisk.sys
C:\WINDOWS\System32\Drivers\sffp_mmc.sys
C:\WINDOWS\System32\Drivers\sffp_sd.sys
C:\WINDOWS\System32\Drivers\sfloppy.sys
C:\WINDOWS\System32\Drivers\smclib.sys
C:\WINDOWS\System32\Drivers\sonydcam.sys
C:\WINDOWS\System32\Drivers\splitter.sys
C:\WINDOWS\System32\Drivers\sr.sys
C:\WINDOWS\System32\Drivers\srv.sys
C:\WINDOWS\System32\Drivers\stream.sys
C:\WINDOWS\System32\Drivers\swenum.sys
C:\WINDOWS\System32\Drivers\swmidi.sys
C:\WINDOWS\System32\Drivers\sysaudio.sys
C:\WINDOWS\System32\Drivers\tape.sys
C:\WINDOWS\System32\Drivers\tcpip.sys
C:\WINDOWS\System32\Drivers\tcpip6.sys
C:\WINDOWS\System32\Drivers\tdi.sys
C:\WINDOWS\System32\Drivers\tdpipe.sys
C:\WINDOWS\System32\Drivers\tdtcp.sys
C:\WINDOWS\System32\Drivers\termdd.sys
C:\WINDOWS\System32\Drivers\tosdvd.sys
C:\WINDOWS\System32\Drivers\tsbvcap.sys
C:\WINDOWS\System32\Drivers\tunmp.sys
C:\WINDOWS\System32\Drivers\udfs.sys
C:\WINDOWS\System32\Drivers\update.sys
C:\WINDOWS\System32\Drivers\usb8023.sys
C:\WINDOWS\System32\Drivers\usbcamd.sys
C:\WINDOWS\System32\Drivers\usbcamd2.sys
C:\WINDOWS\System32\Drivers\usbd.sys
C:\WINDOWS\System32\Drivers\usbehci.sys
C:\WINDOWS\System32\Drivers\usbhub.sys
C:\WINDOWS\System32\Drivers\usbintel.sys
C:\WINDOWS\System32\Drivers\usbport.sys
C:\WINDOWS\System32\Drivers\usbstor.sys
C:\WINDOWS\System32\Drivers\usbuhci.sys
C:\WINDOWS\System32\Drivers\vdmindvd.sys
C:\WINDOWS\System32\Drivers\vga.sys
C:\WINDOWS\System32\Drivers\videoprt.sys
C:\WINDOWS\System32\Drivers\volsnap.sys
C:\WINDOWS\System32\Drivers\wanarp.sys
C:\WINDOWS\System32\Drivers\wdmaud.sys
C:\WINDOWS\System32\Drivers\wmilib.sys
C:\WINDOWS\System32\Drivers\wpdusb.sys
C:\WINDOWS\System32\Drivers\ws2ifsl.sys
C:\WINDOWS\System32\Drivers\wudfpf.sys
C:\WINDOWS\System32\Drivers\wudfrd.sys
==========( EOF )==========
Utilisateur anonyme
10 avril 2010 à 01:06
10 avril 2010 à 01:06
Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.
▶ Télécharge :
Malwarebytes
ou :
Malwarebytes
▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX
▶ Potasses le Tuto pour te familiariser avec le prg :
( cela dit, il est très simple d'utilisation ).
relance malwarebytes en suivant scrupuleusement ces consignes :
! Déconnecte toi et ferme toutes applications en cours !
▶ Lance Malwarebyte's .
Fais un examen dit "Complet" .
▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
▶ Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .
▶ Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
▶ Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
▶ Télécharge :
Malwarebytes
ou :
Malwarebytes
▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX
▶ Potasses le Tuto pour te familiariser avec le prg :
( cela dit, il est très simple d'utilisation ).
relance malwarebytes en suivant scrupuleusement ces consignes :
! Déconnecte toi et ferme toutes applications en cours !
▶ Lance Malwarebyte's .
Fais un examen dit "Complet" .
▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
▶ Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .
▶ Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
▶ Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
voilà le rapport:
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Version de la base de données: 3973
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
10/04/2010 01:47:49
mbam-log-2010-04-10 (01-47-49).txt
Type d'examen: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|)
Elément(s) analysé(s): 131404
Temps écoulé: 29 minute(s), 7 seconde(s)
Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 4
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 18
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 48
Processus mémoire infecté(s):
C:\WINDOWS\system32\PereSvc.exe (Backdoor.Bot) -> Unloaded process successfully.
C:\WINDOWS\Fonts\services.exe (Trojan.Agent) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\Documents and Settings\LocalService\Local Settings\Application Data\Windows Server\ndrwnu.dll (Trojan.Agent) -> Delete on reboot.
c:\WINDOWS\system32\BtwSvc.dll (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Windows Server\ndrwnu.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\MSWINSCK.OCX (Worm.Nyxem) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\btwsvc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\peresvc (Backdoor.Bot) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\buildw (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\firstinstallflag (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ulrn (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\update (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\updatenew (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mbt (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udpe (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mpe (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
c:\WINDOWS\system32\wuaucldt.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Windows Server\ndrwnu.dll (Trojan.Agent) -> Delete on reboot.
c:\WINDOWS\system32\BtwSvc.dll (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Windows Server\ndrwnu.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\PereSvc.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\services.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\5UOJUZ5J\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\5UOJUZ5J\w[2].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\5UOJUZ5J\w[3].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\5UOJUZ5J\w[4].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\5UOJUZ5J\w[5].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\DKWFCNEH\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\DKWFCNEH\w[2].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\DKWFCNEH\w[3].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\DKWFCNEH\w[4].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\DKWFCNEH\w[5].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\DKWFCNEH\w[6].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\M7DX8596\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\M7DX8596\w[2].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\M7DX8596\w[3].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\M7DX8596\w[4].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\M7DX8596\w[5].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PYR76AO0\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PYR76AO0\w[2].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PYR76AO0\w[3].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PYR76AO0\w[4].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PYR76AO0\w[5].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PYR76AO0\w[6].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Windows Server\ndrwnu.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Kill'em\Quarantine\6727,061.exe.Kill'em (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Kill'em\Quarantine\services.exe.Kill'em (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Kill'em\Quarantine\w.exe.Kill'em (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{13F98D80-0AE0-47B0-9E5E-125A8433785F}\RP1\A0000002.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{13F98D80-0AE0-47B0-9E5E-125A8433785F}\RP1\A0000004.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{13F98D80-0AE0-47B0-9E5E-125A8433785F}\RP1\A0000005.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{13F98D80-0AE0-47B0-9E5E-125A8433785F}\RP1\A0000009.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{13F98D80-0AE0-47B0-9E5E-125A8433785F}\RP1\A0000010.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2676,768.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\d.bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSWINSCK.OCX (Worm.Nyxem) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opear.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\w.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ms.bin (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\PowerDes.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\so.bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\VRT2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\VRT3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Version de la base de données: 3973
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
10/04/2010 01:47:49
mbam-log-2010-04-10 (01-47-49).txt
Type d'examen: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|)
Elément(s) analysé(s): 131404
Temps écoulé: 29 minute(s), 7 seconde(s)
Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 4
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 18
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 48
Processus mémoire infecté(s):
C:\WINDOWS\system32\PereSvc.exe (Backdoor.Bot) -> Unloaded process successfully.
C:\WINDOWS\Fonts\services.exe (Trojan.Agent) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\Documents and Settings\LocalService\Local Settings\Application Data\Windows Server\ndrwnu.dll (Trojan.Agent) -> Delete on reboot.
c:\WINDOWS\system32\BtwSvc.dll (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Windows Server\ndrwnu.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\MSWINSCK.OCX (Worm.Nyxem) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\btwsvc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\peresvc (Backdoor.Bot) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\buildw (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\firstinstallflag (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ulrn (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\update (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\updatenew (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mbt (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udpe (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mpe (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
c:\WINDOWS\system32\wuaucldt.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Windows Server\ndrwnu.dll (Trojan.Agent) -> Delete on reboot.
c:\WINDOWS\system32\BtwSvc.dll (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Windows Server\ndrwnu.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\PereSvc.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\services.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\5UOJUZ5J\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\5UOJUZ5J\w[2].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\5UOJUZ5J\w[3].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\5UOJUZ5J\w[4].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\5UOJUZ5J\w[5].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\DKWFCNEH\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\DKWFCNEH\w[2].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\DKWFCNEH\w[3].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\DKWFCNEH\w[4].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\DKWFCNEH\w[5].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\DKWFCNEH\w[6].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\M7DX8596\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\M7DX8596\w[2].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\M7DX8596\w[3].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\M7DX8596\w[4].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\M7DX8596\w[5].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PYR76AO0\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PYR76AO0\w[2].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PYR76AO0\w[3].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PYR76AO0\w[4].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PYR76AO0\w[5].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PYR76AO0\w[6].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Windows Server\ndrwnu.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Kill'em\Quarantine\6727,061.exe.Kill'em (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Kill'em\Quarantine\services.exe.Kill'em (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Kill'em\Quarantine\w.exe.Kill'em (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{13F98D80-0AE0-47B0-9E5E-125A8433785F}\RP1\A0000002.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{13F98D80-0AE0-47B0-9E5E-125A8433785F}\RP1\A0000004.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{13F98D80-0AE0-47B0-9E5E-125A8433785F}\RP1\A0000005.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{13F98D80-0AE0-47B0-9E5E-125A8433785F}\RP1\A0000009.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{13F98D80-0AE0-47B0-9E5E-125A8433785F}\RP1\A0000010.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2676,768.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\d.bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSWINSCK.OCX (Worm.Nyxem) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opear.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\w.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ms.bin (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\PowerDes.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\so.bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\VRT2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\VRT3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
