Lsass.exe editeur inconnu
australe
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour
Depuis que mon conjoint a clique sur un lien msn pourri il a chopé des saloperies, grave a antivir j'en ai supprimé pas mal mais le probleme de base persiste, au demarrage de la session windows il y a le message lsass.exe éditeur inconnu voulez vous l'executer, que je clique sur oui ou non il ne se passe rien... Et je n'ai plus de connexion a internet, les ip et passrelle sont remise a blanc systematiquement a chaque reboot, meme si je les rentre manuellement.
Pas sur qu'il y ait un lien direct, j'aimerais avoir quelques eclaircissements.
Par avance, merci
Depuis que mon conjoint a clique sur un lien msn pourri il a chopé des saloperies, grave a antivir j'en ai supprimé pas mal mais le probleme de base persiste, au demarrage de la session windows il y a le message lsass.exe éditeur inconnu voulez vous l'executer, que je clique sur oui ou non il ne se passe rien... Et je n'ai plus de connexion a internet, les ip et passrelle sont remise a blanc systematiquement a chaque reboot, meme si je les rentre manuellement.
Pas sur qu'il y ait un lien direct, j'aimerais avoir quelques eclaircissements.
Par avance, merci
A voir également:
- Lsass.exe editeur inconnu
- Editeur de registre - Guide
- Editeur video windows - Guide
- Numero inconnu - Guide
- Editeur html - Télécharger - HTML
- Éditeur hexadécimal - Télécharger - Édition & Programmation
42 réponses
salut :
▶ Télécharge UsbFix
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
▶ Double clic sur le raccourci UsbFix présent sur ton bureau .
▶ Au menu principal choisis l'option " F " pour français et tape sur [entrée] .
▶ Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]
▶ Laisse travailler l'outil.
▶ Ensuite post le rapport UsbFix.txt qui apparaitra.
Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
▶ Télécharge UsbFix
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
▶ Double clic sur le raccourci UsbFix présent sur ton bureau .
▶ Au menu principal choisis l'option " F " pour français et tape sur [entrée] .
▶ Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]
▶ Laisse travailler l'outil.
▶ Ensuite post le rapport UsbFix.txt qui apparaitra.
Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Merci bien, ca tourne, un peu bloqué a 50% mais je suppose que c'est normal que ce soit assez long ;)
Je poste des que j'ai un rapport
Je poste des que j'ai un rapport
Le voila :
bon ca reste un peu esoterique pour moi lol
############################## | UsbFix V6.104 |
User : daniel meyers (Administrateurs) # BURODANIEL
Update on 14/04/2010 by El Desaparecido , C_XX & Chimay8
Start at: 11:35:43 | 15/04/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Pentium(R) 4 CPU 3.06GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Enabled
AV : AVG Anti-Virus Free 8.5 [ Enabled | Updated ]
AV : AntiVir Desktop 9.0.1.26 [ Enabled | (!) Outdated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 29,29 Go (928,68 Mo free) [Système & applications] # NTFS
D:\ -> Disque fixe local # 48,83 Go (13,61 Go free) [Données] # NTFS
E:\ -> Disque fixe local # 14,65 Go (7,46 Go free) [Sauvegarde] # NTFS
F:\ -> Disque fixe local # 4,88 Go (2,37 Go free) [XP de secours] # NTFS
G:\ -> Disque CD-ROM # 654,26 Mo (0 Mo free) [RC] # CDFS
H:\ -> Disque amovible
I:\ -> Disque amovible # 116,88 Mo (2,42 Mo free) # FAT
################## | Elements infectieux |
C:\WINDOWS\csrssm.exe
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
C:\WINDOWS\System32\sshnas21.dll
C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\a.dat
C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\Lmj.exe
C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\Lmk.exe
C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\Lml.exe
C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\Lmm.exe
C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\Lmn.exe
C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\s.exe
C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\s1.exe
C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\lssas.exe
C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\s.exe
C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\sshnas21.dll
C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\svchosts.exe
C:\a.txt
C:\lc.exe
G:\autorun.inf
G:\autorun.exe
G:\autorun.ini
C:\Documents and Settings\daniel meyers\Local Settings\Temp\svchosts.exe
C:\Documents and Settings\daniel meyers\Local Settings\Temporary Internet Files\Content.IE5\4FEVU0JM\site[1].com
################## | Registre |
[HKCU\SOFTWARE\Microsoft\Handle]
[HKCU\SOFTWARE\WEK9EMDHI9]
[HKCU\SOFTWARE\XML]
[HKCU\SOFTWARE\YVIBBBHA8C]
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "google updater"
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "YVIBBBHA8C"
[HKLM\SYSTEM\CurrentControlSet\Services\SSHNAS]
[HKLM\SYSTEM\ControlSet001\Services\SSHNAS]
[HKLM\SYSTEM\ControlSet003\Services\SSHNAS]
[HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS]
[HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHNAS]
[HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_SSHNAS]
################## | Mountpoints2 |
################## | Vaccin |
################## | ! Fin du rapport # UsbFix V6.104 ! |
bon ca reste un peu esoterique pour moi lol
############################## | UsbFix V6.104 |
User : daniel meyers (Administrateurs) # BURODANIEL
Update on 14/04/2010 by El Desaparecido , C_XX & Chimay8
Start at: 11:35:43 | 15/04/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Pentium(R) 4 CPU 3.06GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Enabled
AV : AVG Anti-Virus Free 8.5 [ Enabled | Updated ]
AV : AntiVir Desktop 9.0.1.26 [ Enabled | (!) Outdated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 29,29 Go (928,68 Mo free) [Système & applications] # NTFS
D:\ -> Disque fixe local # 48,83 Go (13,61 Go free) [Données] # NTFS
E:\ -> Disque fixe local # 14,65 Go (7,46 Go free) [Sauvegarde] # NTFS
F:\ -> Disque fixe local # 4,88 Go (2,37 Go free) [XP de secours] # NTFS
G:\ -> Disque CD-ROM # 654,26 Mo (0 Mo free) [RC] # CDFS
H:\ -> Disque amovible
I:\ -> Disque amovible # 116,88 Mo (2,42 Mo free) # FAT
################## | Elements infectieux |
C:\WINDOWS\csrssm.exe
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
C:\WINDOWS\System32\sshnas21.dll
C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\a.dat
C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\Lmj.exe
C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\Lmk.exe
C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\Lml.exe
C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\Lmm.exe
C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\Lmn.exe
C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\s.exe
C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\s1.exe
C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\lssas.exe
C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\s.exe
C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\sshnas21.dll
C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\svchosts.exe
C:\a.txt
C:\lc.exe
G:\autorun.inf
G:\autorun.exe
G:\autorun.ini
C:\Documents and Settings\daniel meyers\Local Settings\Temp\svchosts.exe
C:\Documents and Settings\daniel meyers\Local Settings\Temporary Internet Files\Content.IE5\4FEVU0JM\site[1].com
################## | Registre |
[HKCU\SOFTWARE\Microsoft\Handle]
[HKCU\SOFTWARE\WEK9EMDHI9]
[HKCU\SOFTWARE\XML]
[HKCU\SOFTWARE\YVIBBBHA8C]
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "google updater"
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "YVIBBBHA8C"
[HKLM\SYSTEM\CurrentControlSet\Services\SSHNAS]
[HKLM\SYSTEM\ControlSet001\Services\SSHNAS]
[HKLM\SYSTEM\ControlSet003\Services\SSHNAS]
[HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS]
[HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHNAS]
[HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_SSHNAS]
################## | Mountpoints2 |
################## | Vaccin |
################## | ! Fin du rapport # UsbFix V6.104 ! |
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
oui c'est la bible......de l'informatique en desinfection ^^
▶ (!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir
▶ Double clic (clic droit "en tant qu'administrateur" pour Vista)sur le raccourci UsbFix présent sur ton bureau
▶ Au menu principal choisis l'option " F " pour français et tape sur [entrée] .
▶ Au second menu Choisis l'option " 2 " ( Suppression ) et tape sur [entrée]
▶ Ton bureau disparaitra et le pc redémarrera .
▶ Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.
▶ Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .
Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
▶ (!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir
▶ Double clic (clic droit "en tant qu'administrateur" pour Vista)sur le raccourci UsbFix présent sur ton bureau
▶ Au menu principal choisis l'option " F " pour français et tape sur [entrée] .
▶ Au second menu Choisis l'option " 2 " ( Suppression ) et tape sur [entrée]
▶ Ton bureau disparaitra et le pc redémarrera .
▶ Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.
▶ Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .
Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
merci bien, voici le rapport
############################## | UsbFix V6.104 |
User : daniel meyers (Administrateurs) # BURODANIEL
Update on 14/04/2010 by El Desaparecido , C_XX & Chimay8
Start at: 17:46:34 | 16/04/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Pentium(R) 4 CPU 3.06GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Enabled
AV : AVG Anti-Virus Free 8.5 [ Enabled | (!) Outdated ]
AV : AntiVir Desktop 9.0.1.26 [ Enabled | (!) Outdated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 29,29 Go (879,57 Mo free) [Système & applications] # NTFS
D:\ -> Disque fixe local # 48,83 Go (13,61 Go free) [Données] # NTFS
E:\ -> Disque fixe local # 14,65 Go (7,46 Go free) [Sauvegarde] # NTFS
F:\ -> Disque fixe local # 4,88 Go (2,37 Go free) [XP de secours] # NTFS
G:\ -> Disque CD-ROM # 654,26 Mo (0 Mo free) [RC] # CDFS
H:\ -> Disque amovible
################## | Elements infectieux |
Supprimé ! C:\WINDOWS\csrssm.exe
Supprimé ! C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
Supprimé ! C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
Supprimé ! C:\WINDOWS\System32\sshnas21.dll
Supprimé ! C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\a.dat
Supprimé ! C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\Lmj.exe
Supprimé ! C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\Lmk.exe
Supprimé ! C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\Lml.exe
Supprimé ! C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\Lmm.exe
Supprimé ! C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\Lmn.exe
Supprimé ! C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\s.exe
Supprimé ! C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\s1.exe
Supprimé ! C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\lssas.exe
Supprimé ! C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\sshnas21.dll
Supprimé ! C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\svchosts.exe
Supprimé ! C:\a.txt
Supprimé ! C:\lc.exe
Supprimé ! C:\Recycler\S-1-5-21-1715567821-299502267-682003330-1003
Supprimé ! C:\Recycler\S-1-5-21-1715567821-299502267-682003330-1004
Supprimé ! C:\Recycler\S-1-5-21-448539723-583907252-725345543-1003
Supprimé ! D:\Recycler\S-1-5-21-1715567821-299502267-682003330-1003
Supprimé ! D:\Recycler\S-1-5-21-448539723-583907252-725345543-1003
Supprimé ! E:\Recycler\S-1-5-21-1715567821-299502267-682003330-1003
Supprimé ! E:\Recycler\S-1-5-21-448539723-583907252-725345543-1003
Supprimé ! F:\Recycler\S-1-5-21-1715567821-299502267-682003330-1003
Supprimé ! F:\Recycler\S-1-5-21-448539723-583907252-725345543-1003
(!) Non supprimé ! G:\autorun.inf
(!) Non supprimé ! G:\autorun.exe
(!) Non supprimé ! G:\autorun.ini
Supprimé ! C:\Documents and Settings\daniel meyers\Local Settings\Temporary Internet Files\Content.IE5\4FEVU0JM\site[1].com
################## | Registre |
Supprimé ! [HKCU\SOFTWARE\Microsoft\Handle]
Supprimé ! [HKCU\SOFTWARE\WEK9EMDHI9]
Supprimé ! [HKCU\SOFTWARE\XML]
Supprimé ! [HKCU\SOFTWARE\YVIBBBHA8C]
Supprimé ! [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "google updater"
Supprimé ! [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "YVIBBBHA8C"
Supprimé ! [HKLM\SYSTEM\CurrentControlSet\Services\SSHNAS]
Supprimé ! [HKLM\SYSTEM\ControlSet003\Services\SSHNAS]
Supprimé ! [HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS]
Supprimé ! [HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_SSHNAS]
################## | Mountpoints2 |
################## | Listing des fichiers présent |
[09/05/2006 15:29|--a--c---|95] C:\AUTOEXEC.BAT
[04/12/2006 17:10|---hsc---|317] C:\boot.ini
[02/03/2006 14:00|-rahsc---|4952] C:\Bootfont.bin
[05/12/2004 21:50|--a--c---|0] C:\CONFIG.SYS
[?|?|?] C:\hiberfil.sys
[05/12/2004 21:50|-r-hsc---|0] C:\IO.SYS
[31/10/2005 23:37|-----c---|199] C:\lewl2.html
[05/12/2004 21:50|-r-hsc---|0] C:\MSDOS.SYS
[02/03/2006 14:00|-rahs----|47564] C:\NTDETECT.COM
[18/11/2008 03:30|-rahs----|252240] C:\ntldr
[?|?|?] C:\pagefile.sys
[18/11/2008 20:17|--a--c---|2653] C:\rapport.txt
[15/08/2005 23:17|--a--c---|66974] C:\rlog.txt
[11/01/2005 15:45|--a--c---|224423] C:\syss.txt
[16/04/2010 18:33|--a--c---|4179] C:\UsbFix.txt
[01/12/2006 19:10|--ahsc---|2258] C:\vm404.log
[24/12/2004 18:05|--a--c---|2334] C:\_Sid.txt
[05/10/2005 19:40|--a------|2420500] D:\(pas de sujet).eml
[05/04/2006 16:01|--a------|200144] D:\-20060406-IT096132458II4VAA08171-5JdBnqdP.pdf
[05/04/2006 16:00|--a------|200206] D:\-20060406-IT096132468II4VAA30100-ioEfDKmR.pdf
[05/04/2006 16:05|--a------|200071] D:\-20060411-IT101183658II4VAA08171-Lfi_JUUl.pdf
[05/04/2006 16:04|--a------|200122] D:\-20060411-IT101183668II4VAA30100-oHh9djHJ.pdf
[13/12/2004 16:55|--a------|221037] D:\000000-20050111-SN011104497SCRIFV111490000000065407b2ef3849600003eb40937807a5e.pdf
[13/12/2004 16:55|--a------|216357] D:\000000-20050125-SN025175997SCRIFV1114900000000514d1df337463fb720f0fce1c9b3ddbe.pdf
[03/09/2007 16:30|--a------|49228] D:\16-9.dwg
[23/05/2006 12:43|--a------|90934862] D:\30avril&divers.ncd
[28/03/2005 11:04|--a------|1098779] D:\3ivx.zip
[28/04/2008 19:11|--a------|477] D:\acad.err
[13/12/2004 17:11|--a------|18810320] D:\AdbeRdr60_fra_full.exe
[24/12/2006 16:15|--a------|22845992] D:\AdbeRdr80_fr_FR.exe
[07/04/1999 17:47|--a------|28645] D:\AFAS.HLP
[20/05/1998 23:13|--a------|7867] D:\AFASHLP.TXT
[31/05/1999 14:16|--a------|366] D:\AFAS_ID.TXT
[02/04/2007 15:38|--a------|65024] D:\annonce legale diss fermeyer.doc
[25/07/2005 17:59|--a------|774898] D:\antonin2.gif
[08/07/2007 21:30|--a------|870400] D:\ariel2.ISO
[13/09/2004 18:59|--a------|95744] D:\Au revoir et bon vent.ppt
[30/05/1999 17:36|--a------|317] D:\AUTEUR.TXT
[30/05/1999 17:33|--a------|1621] D:\AUTORISE.TXT
[08/10/2005 22:07|--a------|14806] D:\bl.bmp
[08/10/2005 22:07|--a------|3276] D:\bl.gif
[08/10/2005 22:49|--a------|1536] D:\button1.swf
[06/06/2004 13:57|--a------|228352] D:\cadeaux koclicko brio.doc
[05/03/2005 21:20|--a------|82944] D:\cadeaux koclicko brio1.doc
[13/04/2007 18:48|--a------|2655939] D:\CASSANDRA SUR L'ARBRE.JPG
[11/01/2006 00:17|--a------|47144] D:\cassandra&antonin.jpg
[08/12/2004 11:32|--a------|2701] D:\caution.rtf
[16/01/2006 19:05|--a------|4902984] D:\chapu.pdf
[20/03/2006 20:16|--a------|1604967] D:\charlery_banque1.pdf
[22/03/2006 09:20|--a------|7124226] D:\charlery_banque2.pdf
[20/03/2006 18:43|--a------|2753489] D:\charlery_crd.pdf
[20/03/2006 17:52|--a------|851999] D:\charlery_identite_logement.pdf
[20/03/2006 18:17|--a------|4385761] D:\charlery_revenus.pdf
[01/08/2006 10:35|--a------|657168] D:\coca.pdf
[25/07/2005 13:38|--a------|26933] D:\contact-24817.htm
[09/10/2005 14:06|--a------|1116672] D:\credit-rachat2.fla
[21/11/2003 10:06|--a------|517699] D:\daemon341.exe
[14/04/2010 21:23|--ahs----|85] D:\desktop.ini
[26/04/2006 21:47|--a------|457854] D:\dessins.pdf
[30/12/2005 17:12|--a------|35246592] D:\directx_9c_oct05sdk_redist.exe
[09/08/2005 21:47|--a------|7769912] D:\DivXPlay.exe
[22/03/2006 12:05|--a------|56249] D:\Dossier - CHARLERY.xls
[07/03/2006 21:11|--a------|56064] D:\Dossier - MATHIOT.xls
[21/02/2006 12:18|--a------|56248] D:\Dossier - PILAT.xls
[18/03/2006 13:42|--a------|56384] D:\Dossier - ROULET.xls
[02/10/2005 15:13|--a------|63930544] D:\Dreamweaver8-fr.exe
[20/11/2005 19:30|--a------|4587890] D:\eMule0.46c-Installer.exe
[25/07/2005 15:25|--a------|2565038] D:\EnvoiFTP_V105.exe
[04/01/2006 20:06|--a------|240128] D:\FELIZ2006.pps
[26/10/2004 21:55|--a------|708913] D:\Fetes%20SV.pdf
[08/10/2005 22:15|--a------|595] D:\feuille.html
[31/05/1999 14:16|--a------|558] D:\FILE_ID.DIZ
[02/10/2005 15:15|--a------|92828912] D:\Fireworks8-fr.exe
[02/10/2005 23:12|--a------|113245824] D:\Flash8-fr.exe
[08/10/2005 22:15|--a------|611] D:\frameset.htm
[05/09/2001 23:00|--a------|1700352] D:\gdiplus.dll
[24/12/2006 16:13|--a------|867424] D:\GoogleToolbarInstaller_ADBx_fr_401019_signed.exe
[10/10/2004 21:57|--a------|1379924] D:\he2.pdf
[13/04/2007 08:18|-ra------|1116591] D:\HPIM2105.JPG
[06/02/2004 18:19|-ra------|16384] D:\hpqimgrc.resources.dll
[09/12/2006 17:36|--a------|3391046] D:\IFM32SETUP.exe
[08/10/2005 22:09|--a------|284] D:\index.htm
[08/10/2005 22:09|--a------|284] D:\index.html
[08/04/2006 14:48|--a------|3712436] D:\Inforad_Manager_2_0_full_setup.exe
[31/05/1999 15:24|--a------|496] D:\INSTAL~1.TXT
[13/03/2007 16:57|--a------|46508333] D:\izispot.exe
[25/12/2009 13:25|--a------|22016] D:\j'ai rien fait.doc
[09/03/2005 17:40|--a------|3003332] D:\jeanmichel.tif
[22/12/2004 14:23|--a------|2556459] D:\jeroboam.zip
[09/09/2005 16:38|--a------|31327784] D:\kav5.0.225_winwks_full_fr.exe
[02/09/2004 12:26|--a------|231745] D:\LECOURTAIS.pdf
[23/05/2005 21:02|--a------|1801412] D:\LECTMD10.EXE
[17/09/1999 11:37|--a------|4260] D:\LECTMD10.RSH
[02/06/1999 18:56|--a------|6357] D:\LECTME~1.GIF
[22/06/1999 07:29|--a------|967] D:\LECTME~1.HTM
[03/06/1999 16:15|--a------|1758381] D:\LECTME~1.ZIP
[31/05/1999 14:17|--a------|610] D:\LOGICIEL.TXT
[11/06/2006 10:59|--a------|198144] D:\loup garouj.doc
[08/07/2007 21:35|--a------|870400] D:\M2S0EFW1.ISO
[20/06/2006 13:59|--a------|9482] D:\mails senateurs.sxw
[08/10/2005 22:08|--a------|284] D:\main.htm
[08/10/2005 22:15|--a------|323] D:\maintest.html
[08/10/2005 22:50|--a------|1001] D:\mainttest0.html
[08/10/2005 22:15|--a------|311] D:\mainttest1.html
[19/05/2006 16:09|--a------|880640] D:\MakeMPEG4Free.exe
[07/03/2006 16:48|--a------|6792614] D:\mathiot_comptes.pdf
[07/03/2006 16:54|--a------|2173663] D:\mathiot_crd.pdf
[07/03/2006 14:43|--a------|4388392] D:\mathiot_identite_logement.pdf
[07/03/2006 15:57|--a------|4214242] D:\mathiot_revenus.pdf
[30/12/2005 16:54|--a------|4894713] D:\Maximusdvd1.2.ZIP
[09/10/2005 14:21|--a------|49152] D:\menu.fla
[09/10/2005 14:21|--a------|1865] D:\menu.html
[09/10/2005 14:21|--a------|5073] D:\menu.swf
[04/12/2009 13:23|--a------|839] D:\Mes dossiers de partage.lnk
[30/04/2005 18:10|--a------|12814336] D:\mp10setup.exe
[02/10/2005 20:21|--a------|284] D:\nav.htm
[08/10/2005 22:08|--a------|1266] D:\nav.swd
[08/10/2005 23:05|--a------|7477] D:\nav.swf
[02/10/2005 20:21|--a------|1095] D:\navfla.htm
[08/10/2005 22:15|--a------|826] D:\navigation.htm
[16/10/2007 19:57|--a------|61440] D:\nc.indb
[20/02/2006 13:49|--a------|3354143] D:\nizier_banque_mme.pdf
[20/02/2006 14:02|--a------|3250552] D:\nizier_banque_mr.pdf
[20/02/2006 14:14|--a------|3792143] D:\nizier_crd.pdf
[20/02/2006 18:42|--a------|3454052] D:\nizier_identite_logement.pdf
[21/02/2006 11:55|--a------|1427168] D:\nizier_is_compl.pdf
[20/02/2006 13:33|--a------|8614687] D:\nizier_revenus.pdf
[20/02/2006 14:08|--a------|8122933] D:\nizier_revenus.zip
[21/02/2006 13:02|--a------|244456] D:\nizier_solde_compl.pdf
[21/02/2006 12:16|--a------|303990] D:\nizier_taxhab_compl.pdf
[27/04/2006 19:20|--a------|428393] D:\Num'riser.jpg
[12/11/2006 21:02|--a------|950998] D:\octobre2006 174 bis.jpg
[08/10/2005 22:07|--a------|21530] D:\onciale.jpg
[25/01/2007 19:13|--a------|9227] D:\patchie7.ifz
[20/02/2006 22:10|--a------|2434374] D:\pilat_bque_mme_1.pdf
[20/02/2006 22:22|--a------|1986772] D:\pilat_bque_mme_2.pdf
[20/02/2006 22:34|--a------|1787655] D:\pilat_bque_mr.pdf
[27/02/2006 19:31|--a------|770944] D:\pilat_complements.pdf
[21/02/2006 12:56|--a------|2270580] D:\pilat_crd.pdf
[20/02/2006 19:25|--a------|3367950] D:\pilat_identite_logement.pdf
[20/02/2006 19:50|--a------|5807690] D:\pilat_revenus.pdf
[01/05/2008 15:04|--a------|829] D:\plot.log
[27/12/2007 15:35|--a------|24064] D:\poeme cassandra Joyeux No0/00l.doc
[13/12/2004 17:01|--a------|6607296] D:\psa2se_fre.exe
[08/04/2006 14:50|--a------|518] D:\Raccourci vers Inforad_Manager_2_0_full_setup.lnk
[24/11/2005 19:38|--a------|11851168] D:\RealPlayer10-5GOLD.exe
[04/12/2009 13:19|--a------|20480] D:\recherches cassandra theatre.doc
[14/09/2005 08:52|--a------|8100] D:\release_notes.txt
[23/05/2005 21:11|--a------|11785794] D:\rmxv3.exe
[26/09/2005 12:21|--a------|43438] D:\rosie.jpg
[18/03/2006 12:33|--a------|1912345] D:\roulet_crd.pdf
[18/03/2006 12:57|--a------|4105730] D:\roulet_hebergeur1.pdf
[18/03/2006 13:35|--a------|6169507] D:\roulet_hebergeur2.pdf
[18/03/2006 12:09|--a------|3263192] D:\roulet_mandat_revenus_identite.pdf
[20/04/1999 12:25|--a------|980] D:\R_U_S_H_.TXT
[20/11/2005 19:30|--a------|3034] D:\server.met
[20/11/2005 19:30|--a------|6209] D:\server2.met
[21/12/2008 01:34|--a------|520] D:\spider.sav
[19/05/2006 15:55|--a------|81334119] D:\Studio10_5_full.exe
[13/09/2004 18:33|--a------|24064] D:\tel urgences.doc
[18/12/2007 00:34|--a------|24064] D:\TEST.doc
[08/10/2005 22:44|--a------|966] D:\text1.swf
[05/02/2010 18:40|--ahs----|199168] D:\Thumbs.db
[08/10/2005 22:07|--a------|1284] D:\titreg2.gif
[04/09/2005 19:45|--a------|175212] D:\vac2005-1.JPG
[04/09/2005 19:45|--a------|196942] D:\vac2005-2.JPG
[04/09/2005 19:46|--a------|195030] D:\vac2005-3.JPG
[04/09/2005 19:46|--a------|174393] D:\vac2005-4.JPG
[04/09/2005 19:46|--a------|203322] D:\vac2005-5.JPG
[04/09/2005 19:46|--a------|193833] D:\vac2005-6.JPG
[04/09/2005 19:46|--a------|206818] D:\vac2005-7.JPG
[04/09/2005 19:46|--a------|200874] D:\vac2005-8.JPG
[04/09/2005 19:47|--a------|182467] D:\vac2005-9.JPG
[04/09/2005 19:47|--a------|210421] D:\vac2005-91.JPG
[30/12/2005 17:01|--a------|9692886] D:\vlc-0.8.4a-win32.exe
[30/12/2005 17:08|--a------|55034414] D:\WinDVD7.exe
[06/12/2004 14:33|--a------|3561577472] E:\Backup061204.bkf
[15/11/2006 20:20|---------|29893632] E:\Backup151106.bkf
[22/11/2006 19:20|--a------|2048] E:\Backup221106.bkf
[22/11/2006 19:24|--a------|2048] E:\Backup221106bis.bkf
[17/08/2007 15:39|--a------|4053381120] E:\souvenirsgti.ISO
[25/09/2002 18:20|-r-------|4196] G:\agree.bmp
[30/09/2002 14:33|-r-------|4196] G:\agree_o.bmp
[14/05/2003 17:18|-r-------|81920] G:\autorun.exe
[04/11/2003 11:19|-r-------|48] G:\AUTORUN.INF
[12/05/2004 09:41|-r-------|590] G:\AUTORUN.INI
[25/09/2002 18:22|-r-------|3476] G:\back.bmp
[19/02/2004 16:09|-r-------|908264] G:\background.bmp
[30/09/2002 14:30|-r-------|3476] G:\back_o.bmp
[09/02/1998 20:00|-r-------|29952] G:\BORLNDMM.DLL
[03/03/1999 21:00|-r-------|908800] G:\CP3245MT.DLL
[07/11/2002 18:22|-r-------|339968] G:\EAutorun.exe
[30/09/2002 12:50|-r-------|3476] G:\exit.bmp
[30/09/2002 12:51|-r-------|3476] G:\exit_o.bmp
[09/12/1999 17:48|-r-------|200] G:\LANG.CFG
[30/09/2002 14:24|-r-------|4668] G:\log.bmp
[30/09/2002 14:24|-r-------|4676] G:\log_o.bmp
[08/12/1999 17:22|-r-------|1866123] G:\MANUAL.PDF
[17/10/2002 16:39|-r-------|1617] G:\messagess.txt
[06/04/2004 11:46|-r-------|180598] G:\mindscape.bmp
[11/05/2004 09:55|-r-------|356864] G:\mindscape.exe
[11/04/2003 11:49|-r-------|142] G:\Mindscape.url
[30/09/2002 14:28|-r-------|3476] G:\next.bmp
[30/09/2002 14:29|-r-------|3476] G:\next_o.bmp
[06/05/2004 16:36|-r-------|86] G:\pref.txt
[06/05/2004 16:36|-r-------|34] G:\product.txt
[27/01/2000 20:09|-r-------|5676544] G:\RAL.EXE
[03/11/2003 15:33|-r-------|1773] G:\README.TXT
[25/09/2002 18:22|-r-------|4676] G:\reg.bmp
[30/09/2002 14:34|-r-------|4664] G:\reg_o.bmp
[06/05/2004 16:36|-r-------|14364] G:\resource.txt
[30/09/2002 14:43|-r-------|6476] G:\rl.bmp
[30/09/2002 14:57|-r-------|6476] G:\rl_o.bmp
[11/03/2002 00:53|-r-------|960056] G:\splash.bmp
[07/05/2004 09:32|-r-------|6826] G:\text.rtf
[23/03/2004 12:19|-r-h-----|43008] G:\Thumbs.db
[07/01/1999 21:02|-r-------|1888232] G:\VCL40.BPL
[18/06/1998 21:00|-r-------|252408] G:\VCLX40.BPL
################## | Vaccination |
# C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# D:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# E:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# F:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
################## | Upload |
Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_BURODANIEL.zip : https://www.ionos.fr/?affiliate_id=77097
Merci pour votre contribution .
############################## | UsbFix V6.104 |
User : daniel meyers (Administrateurs) # BURODANIEL
Update on 14/04/2010 by El Desaparecido , C_XX & Chimay8
Start at: 17:46:34 | 16/04/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Pentium(R) 4 CPU 3.06GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Enabled
AV : AVG Anti-Virus Free 8.5 [ Enabled | (!) Outdated ]
AV : AntiVir Desktop 9.0.1.26 [ Enabled | (!) Outdated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 29,29 Go (879,57 Mo free) [Système & applications] # NTFS
D:\ -> Disque fixe local # 48,83 Go (13,61 Go free) [Données] # NTFS
E:\ -> Disque fixe local # 14,65 Go (7,46 Go free) [Sauvegarde] # NTFS
F:\ -> Disque fixe local # 4,88 Go (2,37 Go free) [XP de secours] # NTFS
G:\ -> Disque CD-ROM # 654,26 Mo (0 Mo free) [RC] # CDFS
H:\ -> Disque amovible
################## | Elements infectieux |
Supprimé ! C:\WINDOWS\csrssm.exe
Supprimé ! C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
Supprimé ! C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
Supprimé ! C:\WINDOWS\System32\sshnas21.dll
Supprimé ! C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\a.dat
Supprimé ! C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\Lmj.exe
Supprimé ! C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\Lmk.exe
Supprimé ! C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\Lml.exe
Supprimé ! C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\Lmm.exe
Supprimé ! C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\Lmn.exe
Supprimé ! C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\s.exe
Supprimé ! C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\s1.exe
Supprimé ! C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\lssas.exe
Supprimé ! C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\sshnas21.dll
Supprimé ! C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\svchosts.exe
Supprimé ! C:\a.txt
Supprimé ! C:\lc.exe
Supprimé ! C:\Recycler\S-1-5-21-1715567821-299502267-682003330-1003
Supprimé ! C:\Recycler\S-1-5-21-1715567821-299502267-682003330-1004
Supprimé ! C:\Recycler\S-1-5-21-448539723-583907252-725345543-1003
Supprimé ! D:\Recycler\S-1-5-21-1715567821-299502267-682003330-1003
Supprimé ! D:\Recycler\S-1-5-21-448539723-583907252-725345543-1003
Supprimé ! E:\Recycler\S-1-5-21-1715567821-299502267-682003330-1003
Supprimé ! E:\Recycler\S-1-5-21-448539723-583907252-725345543-1003
Supprimé ! F:\Recycler\S-1-5-21-1715567821-299502267-682003330-1003
Supprimé ! F:\Recycler\S-1-5-21-448539723-583907252-725345543-1003
(!) Non supprimé ! G:\autorun.inf
(!) Non supprimé ! G:\autorun.exe
(!) Non supprimé ! G:\autorun.ini
Supprimé ! C:\Documents and Settings\daniel meyers\Local Settings\Temporary Internet Files\Content.IE5\4FEVU0JM\site[1].com
################## | Registre |
Supprimé ! [HKCU\SOFTWARE\Microsoft\Handle]
Supprimé ! [HKCU\SOFTWARE\WEK9EMDHI9]
Supprimé ! [HKCU\SOFTWARE\XML]
Supprimé ! [HKCU\SOFTWARE\YVIBBBHA8C]
Supprimé ! [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "google updater"
Supprimé ! [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "YVIBBBHA8C"
Supprimé ! [HKLM\SYSTEM\CurrentControlSet\Services\SSHNAS]
Supprimé ! [HKLM\SYSTEM\ControlSet003\Services\SSHNAS]
Supprimé ! [HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS]
Supprimé ! [HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_SSHNAS]
################## | Mountpoints2 |
################## | Listing des fichiers présent |
[09/05/2006 15:29|--a--c---|95] C:\AUTOEXEC.BAT
[04/12/2006 17:10|---hsc---|317] C:\boot.ini
[02/03/2006 14:00|-rahsc---|4952] C:\Bootfont.bin
[05/12/2004 21:50|--a--c---|0] C:\CONFIG.SYS
[?|?|?] C:\hiberfil.sys
[05/12/2004 21:50|-r-hsc---|0] C:\IO.SYS
[31/10/2005 23:37|-----c---|199] C:\lewl2.html
[05/12/2004 21:50|-r-hsc---|0] C:\MSDOS.SYS
[02/03/2006 14:00|-rahs----|47564] C:\NTDETECT.COM
[18/11/2008 03:30|-rahs----|252240] C:\ntldr
[?|?|?] C:\pagefile.sys
[18/11/2008 20:17|--a--c---|2653] C:\rapport.txt
[15/08/2005 23:17|--a--c---|66974] C:\rlog.txt
[11/01/2005 15:45|--a--c---|224423] C:\syss.txt
[16/04/2010 18:33|--a--c---|4179] C:\UsbFix.txt
[01/12/2006 19:10|--ahsc---|2258] C:\vm404.log
[24/12/2004 18:05|--a--c---|2334] C:\_Sid.txt
[05/10/2005 19:40|--a------|2420500] D:\(pas de sujet).eml
[05/04/2006 16:01|--a------|200144] D:\-20060406-IT096132458II4VAA08171-5JdBnqdP.pdf
[05/04/2006 16:00|--a------|200206] D:\-20060406-IT096132468II4VAA30100-ioEfDKmR.pdf
[05/04/2006 16:05|--a------|200071] D:\-20060411-IT101183658II4VAA08171-Lfi_JUUl.pdf
[05/04/2006 16:04|--a------|200122] D:\-20060411-IT101183668II4VAA30100-oHh9djHJ.pdf
[13/12/2004 16:55|--a------|221037] D:\000000-20050111-SN011104497SCRIFV111490000000065407b2ef3849600003eb40937807a5e.pdf
[13/12/2004 16:55|--a------|216357] D:\000000-20050125-SN025175997SCRIFV1114900000000514d1df337463fb720f0fce1c9b3ddbe.pdf
[03/09/2007 16:30|--a------|49228] D:\16-9.dwg
[23/05/2006 12:43|--a------|90934862] D:\30avril&divers.ncd
[28/03/2005 11:04|--a------|1098779] D:\3ivx.zip
[28/04/2008 19:11|--a------|477] D:\acad.err
[13/12/2004 17:11|--a------|18810320] D:\AdbeRdr60_fra_full.exe
[24/12/2006 16:15|--a------|22845992] D:\AdbeRdr80_fr_FR.exe
[07/04/1999 17:47|--a------|28645] D:\AFAS.HLP
[20/05/1998 23:13|--a------|7867] D:\AFASHLP.TXT
[31/05/1999 14:16|--a------|366] D:\AFAS_ID.TXT
[02/04/2007 15:38|--a------|65024] D:\annonce legale diss fermeyer.doc
[25/07/2005 17:59|--a------|774898] D:\antonin2.gif
[08/07/2007 21:30|--a------|870400] D:\ariel2.ISO
[13/09/2004 18:59|--a------|95744] D:\Au revoir et bon vent.ppt
[30/05/1999 17:36|--a------|317] D:\AUTEUR.TXT
[30/05/1999 17:33|--a------|1621] D:\AUTORISE.TXT
[08/10/2005 22:07|--a------|14806] D:\bl.bmp
[08/10/2005 22:07|--a------|3276] D:\bl.gif
[08/10/2005 22:49|--a------|1536] D:\button1.swf
[06/06/2004 13:57|--a------|228352] D:\cadeaux koclicko brio.doc
[05/03/2005 21:20|--a------|82944] D:\cadeaux koclicko brio1.doc
[13/04/2007 18:48|--a------|2655939] D:\CASSANDRA SUR L'ARBRE.JPG
[11/01/2006 00:17|--a------|47144] D:\cassandra&antonin.jpg
[08/12/2004 11:32|--a------|2701] D:\caution.rtf
[16/01/2006 19:05|--a------|4902984] D:\chapu.pdf
[20/03/2006 20:16|--a------|1604967] D:\charlery_banque1.pdf
[22/03/2006 09:20|--a------|7124226] D:\charlery_banque2.pdf
[20/03/2006 18:43|--a------|2753489] D:\charlery_crd.pdf
[20/03/2006 17:52|--a------|851999] D:\charlery_identite_logement.pdf
[20/03/2006 18:17|--a------|4385761] D:\charlery_revenus.pdf
[01/08/2006 10:35|--a------|657168] D:\coca.pdf
[25/07/2005 13:38|--a------|26933] D:\contact-24817.htm
[09/10/2005 14:06|--a------|1116672] D:\credit-rachat2.fla
[21/11/2003 10:06|--a------|517699] D:\daemon341.exe
[14/04/2010 21:23|--ahs----|85] D:\desktop.ini
[26/04/2006 21:47|--a------|457854] D:\dessins.pdf
[30/12/2005 17:12|--a------|35246592] D:\directx_9c_oct05sdk_redist.exe
[09/08/2005 21:47|--a------|7769912] D:\DivXPlay.exe
[22/03/2006 12:05|--a------|56249] D:\Dossier - CHARLERY.xls
[07/03/2006 21:11|--a------|56064] D:\Dossier - MATHIOT.xls
[21/02/2006 12:18|--a------|56248] D:\Dossier - PILAT.xls
[18/03/2006 13:42|--a------|56384] D:\Dossier - ROULET.xls
[02/10/2005 15:13|--a------|63930544] D:\Dreamweaver8-fr.exe
[20/11/2005 19:30|--a------|4587890] D:\eMule0.46c-Installer.exe
[25/07/2005 15:25|--a------|2565038] D:\EnvoiFTP_V105.exe
[04/01/2006 20:06|--a------|240128] D:\FELIZ2006.pps
[26/10/2004 21:55|--a------|708913] D:\Fetes%20SV.pdf
[08/10/2005 22:15|--a------|595] D:\feuille.html
[31/05/1999 14:16|--a------|558] D:\FILE_ID.DIZ
[02/10/2005 15:15|--a------|92828912] D:\Fireworks8-fr.exe
[02/10/2005 23:12|--a------|113245824] D:\Flash8-fr.exe
[08/10/2005 22:15|--a------|611] D:\frameset.htm
[05/09/2001 23:00|--a------|1700352] D:\gdiplus.dll
[24/12/2006 16:13|--a------|867424] D:\GoogleToolbarInstaller_ADBx_fr_401019_signed.exe
[10/10/2004 21:57|--a------|1379924] D:\he2.pdf
[13/04/2007 08:18|-ra------|1116591] D:\HPIM2105.JPG
[06/02/2004 18:19|-ra------|16384] D:\hpqimgrc.resources.dll
[09/12/2006 17:36|--a------|3391046] D:\IFM32SETUP.exe
[08/10/2005 22:09|--a------|284] D:\index.htm
[08/10/2005 22:09|--a------|284] D:\index.html
[08/04/2006 14:48|--a------|3712436] D:\Inforad_Manager_2_0_full_setup.exe
[31/05/1999 15:24|--a------|496] D:\INSTAL~1.TXT
[13/03/2007 16:57|--a------|46508333] D:\izispot.exe
[25/12/2009 13:25|--a------|22016] D:\j'ai rien fait.doc
[09/03/2005 17:40|--a------|3003332] D:\jeanmichel.tif
[22/12/2004 14:23|--a------|2556459] D:\jeroboam.zip
[09/09/2005 16:38|--a------|31327784] D:\kav5.0.225_winwks_full_fr.exe
[02/09/2004 12:26|--a------|231745] D:\LECOURTAIS.pdf
[23/05/2005 21:02|--a------|1801412] D:\LECTMD10.EXE
[17/09/1999 11:37|--a------|4260] D:\LECTMD10.RSH
[02/06/1999 18:56|--a------|6357] D:\LECTME~1.GIF
[22/06/1999 07:29|--a------|967] D:\LECTME~1.HTM
[03/06/1999 16:15|--a------|1758381] D:\LECTME~1.ZIP
[31/05/1999 14:17|--a------|610] D:\LOGICIEL.TXT
[11/06/2006 10:59|--a------|198144] D:\loup garouj.doc
[08/07/2007 21:35|--a------|870400] D:\M2S0EFW1.ISO
[20/06/2006 13:59|--a------|9482] D:\mails senateurs.sxw
[08/10/2005 22:08|--a------|284] D:\main.htm
[08/10/2005 22:15|--a------|323] D:\maintest.html
[08/10/2005 22:50|--a------|1001] D:\mainttest0.html
[08/10/2005 22:15|--a------|311] D:\mainttest1.html
[19/05/2006 16:09|--a------|880640] D:\MakeMPEG4Free.exe
[07/03/2006 16:48|--a------|6792614] D:\mathiot_comptes.pdf
[07/03/2006 16:54|--a------|2173663] D:\mathiot_crd.pdf
[07/03/2006 14:43|--a------|4388392] D:\mathiot_identite_logement.pdf
[07/03/2006 15:57|--a------|4214242] D:\mathiot_revenus.pdf
[30/12/2005 16:54|--a------|4894713] D:\Maximusdvd1.2.ZIP
[09/10/2005 14:21|--a------|49152] D:\menu.fla
[09/10/2005 14:21|--a------|1865] D:\menu.html
[09/10/2005 14:21|--a------|5073] D:\menu.swf
[04/12/2009 13:23|--a------|839] D:\Mes dossiers de partage.lnk
[30/04/2005 18:10|--a------|12814336] D:\mp10setup.exe
[02/10/2005 20:21|--a------|284] D:\nav.htm
[08/10/2005 22:08|--a------|1266] D:\nav.swd
[08/10/2005 23:05|--a------|7477] D:\nav.swf
[02/10/2005 20:21|--a------|1095] D:\navfla.htm
[08/10/2005 22:15|--a------|826] D:\navigation.htm
[16/10/2007 19:57|--a------|61440] D:\nc.indb
[20/02/2006 13:49|--a------|3354143] D:\nizier_banque_mme.pdf
[20/02/2006 14:02|--a------|3250552] D:\nizier_banque_mr.pdf
[20/02/2006 14:14|--a------|3792143] D:\nizier_crd.pdf
[20/02/2006 18:42|--a------|3454052] D:\nizier_identite_logement.pdf
[21/02/2006 11:55|--a------|1427168] D:\nizier_is_compl.pdf
[20/02/2006 13:33|--a------|8614687] D:\nizier_revenus.pdf
[20/02/2006 14:08|--a------|8122933] D:\nizier_revenus.zip
[21/02/2006 13:02|--a------|244456] D:\nizier_solde_compl.pdf
[21/02/2006 12:16|--a------|303990] D:\nizier_taxhab_compl.pdf
[27/04/2006 19:20|--a------|428393] D:\Num'riser.jpg
[12/11/2006 21:02|--a------|950998] D:\octobre2006 174 bis.jpg
[08/10/2005 22:07|--a------|21530] D:\onciale.jpg
[25/01/2007 19:13|--a------|9227] D:\patchie7.ifz
[20/02/2006 22:10|--a------|2434374] D:\pilat_bque_mme_1.pdf
[20/02/2006 22:22|--a------|1986772] D:\pilat_bque_mme_2.pdf
[20/02/2006 22:34|--a------|1787655] D:\pilat_bque_mr.pdf
[27/02/2006 19:31|--a------|770944] D:\pilat_complements.pdf
[21/02/2006 12:56|--a------|2270580] D:\pilat_crd.pdf
[20/02/2006 19:25|--a------|3367950] D:\pilat_identite_logement.pdf
[20/02/2006 19:50|--a------|5807690] D:\pilat_revenus.pdf
[01/05/2008 15:04|--a------|829] D:\plot.log
[27/12/2007 15:35|--a------|24064] D:\poeme cassandra Joyeux No0/00l.doc
[13/12/2004 17:01|--a------|6607296] D:\psa2se_fre.exe
[08/04/2006 14:50|--a------|518] D:\Raccourci vers Inforad_Manager_2_0_full_setup.lnk
[24/11/2005 19:38|--a------|11851168] D:\RealPlayer10-5GOLD.exe
[04/12/2009 13:19|--a------|20480] D:\recherches cassandra theatre.doc
[14/09/2005 08:52|--a------|8100] D:\release_notes.txt
[23/05/2005 21:11|--a------|11785794] D:\rmxv3.exe
[26/09/2005 12:21|--a------|43438] D:\rosie.jpg
[18/03/2006 12:33|--a------|1912345] D:\roulet_crd.pdf
[18/03/2006 12:57|--a------|4105730] D:\roulet_hebergeur1.pdf
[18/03/2006 13:35|--a------|6169507] D:\roulet_hebergeur2.pdf
[18/03/2006 12:09|--a------|3263192] D:\roulet_mandat_revenus_identite.pdf
[20/04/1999 12:25|--a------|980] D:\R_U_S_H_.TXT
[20/11/2005 19:30|--a------|3034] D:\server.met
[20/11/2005 19:30|--a------|6209] D:\server2.met
[21/12/2008 01:34|--a------|520] D:\spider.sav
[19/05/2006 15:55|--a------|81334119] D:\Studio10_5_full.exe
[13/09/2004 18:33|--a------|24064] D:\tel urgences.doc
[18/12/2007 00:34|--a------|24064] D:\TEST.doc
[08/10/2005 22:44|--a------|966] D:\text1.swf
[05/02/2010 18:40|--ahs----|199168] D:\Thumbs.db
[08/10/2005 22:07|--a------|1284] D:\titreg2.gif
[04/09/2005 19:45|--a------|175212] D:\vac2005-1.JPG
[04/09/2005 19:45|--a------|196942] D:\vac2005-2.JPG
[04/09/2005 19:46|--a------|195030] D:\vac2005-3.JPG
[04/09/2005 19:46|--a------|174393] D:\vac2005-4.JPG
[04/09/2005 19:46|--a------|203322] D:\vac2005-5.JPG
[04/09/2005 19:46|--a------|193833] D:\vac2005-6.JPG
[04/09/2005 19:46|--a------|206818] D:\vac2005-7.JPG
[04/09/2005 19:46|--a------|200874] D:\vac2005-8.JPG
[04/09/2005 19:47|--a------|182467] D:\vac2005-9.JPG
[04/09/2005 19:47|--a------|210421] D:\vac2005-91.JPG
[30/12/2005 17:01|--a------|9692886] D:\vlc-0.8.4a-win32.exe
[30/12/2005 17:08|--a------|55034414] D:\WinDVD7.exe
[06/12/2004 14:33|--a------|3561577472] E:\Backup061204.bkf
[15/11/2006 20:20|---------|29893632] E:\Backup151106.bkf
[22/11/2006 19:20|--a------|2048] E:\Backup221106.bkf
[22/11/2006 19:24|--a------|2048] E:\Backup221106bis.bkf
[17/08/2007 15:39|--a------|4053381120] E:\souvenirsgti.ISO
[25/09/2002 18:20|-r-------|4196] G:\agree.bmp
[30/09/2002 14:33|-r-------|4196] G:\agree_o.bmp
[14/05/2003 17:18|-r-------|81920] G:\autorun.exe
[04/11/2003 11:19|-r-------|48] G:\AUTORUN.INF
[12/05/2004 09:41|-r-------|590] G:\AUTORUN.INI
[25/09/2002 18:22|-r-------|3476] G:\back.bmp
[19/02/2004 16:09|-r-------|908264] G:\background.bmp
[30/09/2002 14:30|-r-------|3476] G:\back_o.bmp
[09/02/1998 20:00|-r-------|29952] G:\BORLNDMM.DLL
[03/03/1999 21:00|-r-------|908800] G:\CP3245MT.DLL
[07/11/2002 18:22|-r-------|339968] G:\EAutorun.exe
[30/09/2002 12:50|-r-------|3476] G:\exit.bmp
[30/09/2002 12:51|-r-------|3476] G:\exit_o.bmp
[09/12/1999 17:48|-r-------|200] G:\LANG.CFG
[30/09/2002 14:24|-r-------|4668] G:\log.bmp
[30/09/2002 14:24|-r-------|4676] G:\log_o.bmp
[08/12/1999 17:22|-r-------|1866123] G:\MANUAL.PDF
[17/10/2002 16:39|-r-------|1617] G:\messagess.txt
[06/04/2004 11:46|-r-------|180598] G:\mindscape.bmp
[11/05/2004 09:55|-r-------|356864] G:\mindscape.exe
[11/04/2003 11:49|-r-------|142] G:\Mindscape.url
[30/09/2002 14:28|-r-------|3476] G:\next.bmp
[30/09/2002 14:29|-r-------|3476] G:\next_o.bmp
[06/05/2004 16:36|-r-------|86] G:\pref.txt
[06/05/2004 16:36|-r-------|34] G:\product.txt
[27/01/2000 20:09|-r-------|5676544] G:\RAL.EXE
[03/11/2003 15:33|-r-------|1773] G:\README.TXT
[25/09/2002 18:22|-r-------|4676] G:\reg.bmp
[30/09/2002 14:34|-r-------|4664] G:\reg_o.bmp
[06/05/2004 16:36|-r-------|14364] G:\resource.txt
[30/09/2002 14:43|-r-------|6476] G:\rl.bmp
[30/09/2002 14:57|-r-------|6476] G:\rl_o.bmp
[11/03/2002 00:53|-r-------|960056] G:\splash.bmp
[07/05/2004 09:32|-r-------|6826] G:\text.rtf
[23/03/2004 12:19|-r-h-----|43008] G:\Thumbs.db
[07/01/1999 21:02|-r-------|1888232] G:\VCL40.BPL
[18/06/1998 21:00|-r-------|252408] G:\VCLX40.BPL
################## | Vaccination |
# C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# D:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# E:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# F:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
################## | Upload |
Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_BURODANIEL.zip : https://www.ionos.fr/?affiliate_id=77097
Merci pour votre contribution .
Télécharge OTL de OLDTimer
▶ enregistre le sur ton Bureau.
▶ Double clic ( pour vista / 7 => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.
▶ Coche les 2 cases Lop et Purity
▶ Coche la case devant tous les utilisateurs
▶ règle age du fichier sur "60 jours"
▶ dans la moitié gauche , mets tout sur "tous"
ne modifie pas ceci :
"fichiers créés" et "fichiers Modifiés"
▶Clic sur Analyse.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)
▶▶▶ NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier ci-dessus.
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
▶▶ Tu feras la meme chose avec le "Extra.txt" qui logiquement sera aussi sur ton bureau.
▶ enregistre le sur ton Bureau.
▶ Double clic ( pour vista / 7 => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.
▶ Coche les 2 cases Lop et Purity
▶ Coche la case devant tous les utilisateurs
▶ règle age du fichier sur "60 jours"
▶ dans la moitié gauche , mets tout sur "tous"
ne modifie pas ceci :
"fichiers créés" et "fichiers Modifiés"
▶Clic sur Analyse.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)
▶▶▶ NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier ci-dessus.
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
▶▶ Tu feras la meme chose avec le "Extra.txt" qui logiquement sera aussi sur ton bureau.
Me revoila ;)
donc le premier lien
http://www.cijoint.fr/cjlink.php?file=cj201004/cijPssDKz5.txt
et le 2e lien
http://www.cijoint.fr/cjlink.php?file=cj201004/cijm3Ed5Lp.txt
merci
donc le premier lien
http://www.cijoint.fr/cjlink.php?file=cj201004/cijPssDKz5.txt
et le 2e lien
http://www.cijoint.fr/cjlink.php?file=cj201004/cijm3Ed5Lp.txt
merci
hello
Télécharge Navilog1 depuis-ce lien
▶ Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
▶ Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
▶ Au menu principal, Fais le choix 1 >> Recherche / suppression automatique
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
>>>>> Le fix peut durer une dizaine de minutes ;)
▶ Appuie sur une touche le bloc note va s'ouvrir.
▶ Copie-colle le rapport ici.
Télécharge Navilog1 depuis-ce lien
▶ Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
▶ Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
▶ Au menu principal, Fais le choix 1 >> Recherche / suppression automatique
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
>>>>> Le fix peut durer une dizaine de minutes ;)
▶ Appuie sur une touche le bloc note va s'ouvrir.
▶ Copie-colle le rapport ici.
voila c'est fait, mais toujours pas de connexion ni pare feu...
Fix Navipromo version 4.0.8 commencé le 20/04/2010 19:22:35,46
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
Outil exécuté depuis C:\navilog1
Mise à jour le 09.03.2010 à 18h00 par IL-MAFIOSO
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.06GHz )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : daniel meyers ( Administrator )
BOOT : Normal boot
Antivirus : AntiVir Desktop 9.0.1.26 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:29 Go (Free:4 Go)
D:\ (Local Disk) - NTFS - Total:48 Go (Free:15 Go)
E:\ (Local Disk) - NTFS - Total:14 Go (Free:7 Go)
F:\ (Local Disk) - NTFS - Total:4 Go (Free:2 Go)
G:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
H:\ (USB)
I:\ (USB) - FAT - Total:116 Mo (Free:0 Go)
Recherche executée en mode normal
Nettoyage exécuté au redémarrage de l'ordinateur
C:\WINDOWS\prefetch\bjgnjxf*.pf supprimé !
c:\docume~1\daniel~1\locals~1\applic~1\bjgnjxf.exe supprimé !
c:\docume~1\daniel~1\locals~1\applic~1\bjgnjxf.dat supprimé !
c:\docume~1\daniel~1\locals~1\applic~1\bjgnjxf_nav.dat supprimé !
c:\docume~1\daniel~1\locals~1\applic~1\bjgnjxf_navps.dat supprimé !
Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\daniel meyers\locals~1\Temp effectué !
*** Sauvegarde du Registre vers dossier Safebackup ***
sauvegarde du Registre réalisée avec succès !
*** Nettoyage Registre ***
Nettoyage Registre Ok
Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat OOO-Favorit supprimé !
*** Scan terminé 20/04/2010 19:28:21,48 ***
Fix Navipromo version 4.0.8 commencé le 20/04/2010 19:22:35,46
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
Outil exécuté depuis C:\navilog1
Mise à jour le 09.03.2010 à 18h00 par IL-MAFIOSO
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.06GHz )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : daniel meyers ( Administrator )
BOOT : Normal boot
Antivirus : AntiVir Desktop 9.0.1.26 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:29 Go (Free:4 Go)
D:\ (Local Disk) - NTFS - Total:48 Go (Free:15 Go)
E:\ (Local Disk) - NTFS - Total:14 Go (Free:7 Go)
F:\ (Local Disk) - NTFS - Total:4 Go (Free:2 Go)
G:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
H:\ (USB)
I:\ (USB) - FAT - Total:116 Mo (Free:0 Go)
Recherche executée en mode normal
Nettoyage exécuté au redémarrage de l'ordinateur
C:\WINDOWS\prefetch\bjgnjxf*.pf supprimé !
c:\docume~1\daniel~1\locals~1\applic~1\bjgnjxf.exe supprimé !
c:\docume~1\daniel~1\locals~1\applic~1\bjgnjxf.dat supprimé !
c:\docume~1\daniel~1\locals~1\applic~1\bjgnjxf_nav.dat supprimé !
c:\docume~1\daniel~1\locals~1\applic~1\bjgnjxf_navps.dat supprimé !
Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\daniel meyers\locals~1\Temp effectué !
*** Sauvegarde du Registre vers dossier Safebackup ***
sauvegarde du Registre réalisée avec succès !
*** Nettoyage Registre ***
Nettoyage Registre Ok
Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat OOO-Favorit supprimé !
*** Scan terminé 20/04/2010 19:28:21,48 ***
DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)
▶ Télécharge List_Kill'em et enregistre le sur ton bureau
double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation
une fois terminée , clic sur "terminer" et le programme se lancera seul
choisis l'option Search
un icone blanc et noir va s'afficher sur le bureau , il te servira à relancer le programme par la suite.
un autre rouge et noir te servira a desinstaller le prog a la fin de la desinfection.
▶ laisse travailler l'outil
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.
un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , , il s'auto supprimera a la fin du scan
▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
▶ Télécharge List_Kill'em et enregistre le sur ton bureau
double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation
une fois terminée , clic sur "terminer" et le programme se lancera seul
choisis l'option Search
un icone blanc et noir va s'afficher sur le bureau , il te servira à relancer le programme par la suite.
un autre rouge et noir te servira a desinstaller le prog a la fin de la desinfection.
▶ laisse travailler l'outil
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.
un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , , il s'auto supprimera a la fin du scan
▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
et hop voila
List'em by g3n-h@ckm@n 1.7.1.3
User : daniel meyers (Administrateurs)
Update on 19/04/2010 by g3n-h@ckm@n ::::: 14.00
Start at: 19:52:21 | 20/04/2010
Today it's my birthday !!! :^)
Intel(R) Pentium(R) 4 CPU 3.06GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Enabled
AV : AVG Anti-Virus Free 8.5 [ Enabled | (!) Outdated ]
AV : AntiVir Desktop 9.0.1.26 [ (!) Disabled | (!) Outdated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 29,29 Go (4,57 Go free) [Système & applications] | NTFS
D:\ -> Disque fixe local | 48,83 Go (15,36 Go free) [Données] | NTFS
E:\ -> Disque fixe local | 14,65 Go (7,46 Go free) [Sauvegarde] | NTFS
F:\ -> Disque fixe local | 4,88 Go (2,42 Go free) [XP de secours] | NTFS
G:\ -> Disque CD-ROM | 654,26 Mo (0 Mo free) [RC] | CDFS
H:\ -> Disque amovible
I:\ -> Disque amovible | 116,88 Mo (9,53 Mo free) | FAT
Boot: Normal
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CAPM4RSK.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM4LAK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM4SWK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM4SWK.EXE
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\pv.exe
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
HP Software Update REG_SZ "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
HP Component Manager REG_SZ "c:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
DXDllRegExe REG_SZ dxdllreg.exe
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
SoundMan REG_SZ SOUNDMAN.EXE
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
AVG8_TRAY REG_SZ C:\PROGRA~1\AVG\AVG8\avgtray.exe
LogitechCommunicationsManager REG_SZ "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
LogitechQuickCamRibbon REG_SZ "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
Google Updater REG_SZ C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\lssas.exe
avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 255 (0xff)
NoDriveAutoRun REG_DWORD 255 (0xff)
HonorAutoRunSetting REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 0 (0x0)
NoDriveAutoRun REG_DWORD 255 (0xff)
NoDriveTypeAutoRun REG_DWORD 255 (0xff)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultDomainName REG_SZ BURODANIEL
DefaultUserName REG_SZ daniel meyers
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 1 (0x1)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 1 (0x1)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 0 (0x0)
AltDefaultUserName REG_SZ daniel meyers
AltDefaultDomainName REG_SZ BURODANIEL
ChangePasswordUseKerberos REG_DWORD 1 (0x1)
===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Fichiers communs\KAV Shared Files\avpupd.exe REG_SZ C:\Program Files\Fichiers communs\KAV Shared Files\avpupd.exe:*:Enabled:AVP Updater
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\INFORAD\IFDMAN.exe REG_SZ C:\Program Files\INFORAD\IFDMAN.exe:*:Enabled:INFORAD MANAGER 2.0
C:\Program Files\Maïdo Production\IziSpot 4\IziSpot.exe REG_SZ C:\Program Files\Maïdo Production\IziSpot 4\IziSpot.exe:*:Enabled:IziSpot
C:\WINDOWS\system32\mshta.exe REG_SZ C:\WINDOWS\system32\mshta.exe:*:Enabled:Microsoft (R) HTML Application host
C:\Program Files\Grisoft\AVG7\avginet.exe REG_SZ C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe REG_SZ C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe REG_SZ C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe
C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
D:\World of Warcraft\WoW-2.4.3-to-3.0.2-frFR-Win-Final-downloader.exe REG_SZ D:\World of Warcraft\WoW-2.4.3-to-3.0.2-frFR-Win-Final-downloader.exe:*:Enabled:Blizzard Downloader
D:\World of Warcraft\WoW-3.0.2.9056-to-3.0.3.9183-frFR-downloader.exe REG_SZ D:\World of Warcraft\WoW-3.0.2.9056-to-3.0.3.9183-frFR-downloader.exe:*:Enabled:Blizzard Downloader
C:\WINDOWS\system32\dpvsetup.exe REG_SZ C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
C:\WINDOWS\system32\rundll32.exe REG_SZ C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application
C:\Program Files\AVG\AVG8\avgupd.exe REG_SZ C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
C:\Program Files\AVG\AVG8\avgnsx.exe REG_SZ C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe
D:\World of Warcraft\WoW-3.0.3.9183-to-3.0.8.9464-frFR-downloader.exe REG_SZ D:\World of Warcraft\WoW-3.0.3.9183-to-3.0.8.9464-frFR-downloader.exe:*:Enabled:Blizzard Downloader
D:\World of Warcraft\Launcher.exe REG_SZ D:\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher
D:\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-frFR-downloader.exe REG_SZ D:\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-frFR-downloader.exe:*:Enabled:Blizzard Downloader
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
D:\World of Warcraft\WoW-3.2.0-frFR-downloader.exe REG_SZ D:\World of Warcraft\WoW-3.2.0-frFR-downloader.exe:*:Enabled:Blizzard Downloader
C:\Documents and Settings\daniel meyers\Application Data\erase_me025754.exe REG_SZ C:\Documents and Settings\daniel meyers\Application Data\erase_me025754.exe:*:Enabled:Userinit
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
===============
ActivX controls
===============
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{17492023-C23A-453E-A040-C7C580BBF700}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{49232000-16E4-426C-A231-62846947304B}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6A060448-60F9-11D5-A6CD-0002B31F7455}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{867E13F2-7F31-44FB-AC97-CD38E0DC46EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{AB86CE53-AC9F-449F-9399-D8ABCA09EC09}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{02FD1B43-6C0E-3A24-A754-79987839C9F8}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{27529823-45C0-2ED8-87A9-F5C418B294D2}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{467A0BA1-032B-AA41-67C3-827CB25765FD}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A495FFF-A9B2-4D9F-F1CC-BD42CF0006B0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
===
DNS
===
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9B418BD1-B8AD-4756-B4B2-53CD3544D966}: NameServer=212.27.40.240,212.27.40.241
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E28397E1-4063-4DB1-8BD1-EC0C9A59B848}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CCS\Services\Tcpip\..\{FCC0141E-1729-4C6B-A7B2-FA92F78A3D84}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\..\{28204043-74FF-4D5E-8FB2-1B8251F31224}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\..\{30E39581-FE96-45A5-9DAB-2070125F6C0D}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9B418BD1-B8AD-4756-B4B2-53CD3544D966}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9B418BD1-B8AD-4756-B4B2-53CD3544D966}: NameServer=212.27.40.240,212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E28397E1-4063-4DB1-8BD1-EC0C9A59B848}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FCC0141E-1729-4C6B-A7B2-FA92F78A3D84}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS3\Services\Tcpip\..\{28204043-74FF-4D5E-8FB2-1B8251F31224}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS3\Services\Tcpip\..\{30E39581-FE96-45A5-9DAB-2070125F6C0D}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9B418BD1-B8AD-4756-B4B2-53CD3544D966}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9B418BD1-B8AD-4756-B4B2-53CD3544D966}: NameServer=212.27.40.240,212.27.40.241
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E28397E1-4063-4DB1-8BD1-EC0C9A59B848}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS3\Services\Tcpip\..\{FCC0141E-1729-4C6B-A7B2-FA92F78A3D84}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr
Local Page REG_EXPAND_SZ %SystemRoot%\system32\blank.htm
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
========
Safemode
========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!
=========
Atapi.sys
=========
C:\WINDOWS\ServicePackFiles\i386\atapi.sys :
MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674]
SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]
C:\WINDOWS\system32\drivers\atapi.sys :
MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674]
SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]
Référence :
==========
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e
=======
Drive :
=======
D'fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.
Rapport d'analyse
29,29 Go total, 4,59 Go libre (15%), 32% fragment' (fragmentation du fichier 56%)
Vous devriez d'fragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Present !! : C:\Program Files\VMNToolbar
Present !! : C:\Program Files\VSAdd-in
Present !! : C:\Program Files\WinFixer 2005
Present !! : C:\WINDOWS\002866_.tmp
Present !! : C:\WINDOWS\SET29.tmp
Present !! : C:\WINDOWS\SET3.tmp
Present !! : C:\WINDOWS\SET4.tmp
Present !! : C:\WINDOWS\SET8.tmp
Present !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Present !! : C:\WINDOWS\System32\tmp.reg"
Present !! : C:\Documents and Settings\daniel meyers\RefEdit.exd
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\google updater
Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
============
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-20 20:04:56
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
AntiVirusOverride REG_DWORD 0 (0x0)
FirewallOverride REG_DWORD 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 20:04:57,92
List'em by g3n-h@ckm@n 1.7.1.3
User : daniel meyers (Administrateurs)
Update on 19/04/2010 by g3n-h@ckm@n ::::: 14.00
Start at: 19:52:21 | 20/04/2010
Today it's my birthday !!! :^)
Intel(R) Pentium(R) 4 CPU 3.06GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Enabled
AV : AVG Anti-Virus Free 8.5 [ Enabled | (!) Outdated ]
AV : AntiVir Desktop 9.0.1.26 [ (!) Disabled | (!) Outdated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 29,29 Go (4,57 Go free) [Système & applications] | NTFS
D:\ -> Disque fixe local | 48,83 Go (15,36 Go free) [Données] | NTFS
E:\ -> Disque fixe local | 14,65 Go (7,46 Go free) [Sauvegarde] | NTFS
F:\ -> Disque fixe local | 4,88 Go (2,42 Go free) [XP de secours] | NTFS
G:\ -> Disque CD-ROM | 654,26 Mo (0 Mo free) [RC] | CDFS
H:\ -> Disque amovible
I:\ -> Disque amovible | 116,88 Mo (9,53 Mo free) | FAT
Boot: Normal
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CAPM4RSK.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM4LAK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM4SWK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM4SWK.EXE
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\pv.exe
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
HP Software Update REG_SZ "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
HP Component Manager REG_SZ "c:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
DXDllRegExe REG_SZ dxdllreg.exe
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
SoundMan REG_SZ SOUNDMAN.EXE
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
AVG8_TRAY REG_SZ C:\PROGRA~1\AVG\AVG8\avgtray.exe
LogitechCommunicationsManager REG_SZ "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
LogitechQuickCamRibbon REG_SZ "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
Google Updater REG_SZ C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\lssas.exe
avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 255 (0xff)
NoDriveAutoRun REG_DWORD 255 (0xff)
HonorAutoRunSetting REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 0 (0x0)
NoDriveAutoRun REG_DWORD 255 (0xff)
NoDriveTypeAutoRun REG_DWORD 255 (0xff)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultDomainName REG_SZ BURODANIEL
DefaultUserName REG_SZ daniel meyers
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 1 (0x1)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 1 (0x1)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 0 (0x0)
AltDefaultUserName REG_SZ daniel meyers
AltDefaultDomainName REG_SZ BURODANIEL
ChangePasswordUseKerberos REG_DWORD 1 (0x1)
===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Fichiers communs\KAV Shared Files\avpupd.exe REG_SZ C:\Program Files\Fichiers communs\KAV Shared Files\avpupd.exe:*:Enabled:AVP Updater
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\INFORAD\IFDMAN.exe REG_SZ C:\Program Files\INFORAD\IFDMAN.exe:*:Enabled:INFORAD MANAGER 2.0
C:\Program Files\Maïdo Production\IziSpot 4\IziSpot.exe REG_SZ C:\Program Files\Maïdo Production\IziSpot 4\IziSpot.exe:*:Enabled:IziSpot
C:\WINDOWS\system32\mshta.exe REG_SZ C:\WINDOWS\system32\mshta.exe:*:Enabled:Microsoft (R) HTML Application host
C:\Program Files\Grisoft\AVG7\avginet.exe REG_SZ C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe REG_SZ C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe REG_SZ C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe
C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
D:\World of Warcraft\WoW-2.4.3-to-3.0.2-frFR-Win-Final-downloader.exe REG_SZ D:\World of Warcraft\WoW-2.4.3-to-3.0.2-frFR-Win-Final-downloader.exe:*:Enabled:Blizzard Downloader
D:\World of Warcraft\WoW-3.0.2.9056-to-3.0.3.9183-frFR-downloader.exe REG_SZ D:\World of Warcraft\WoW-3.0.2.9056-to-3.0.3.9183-frFR-downloader.exe:*:Enabled:Blizzard Downloader
C:\WINDOWS\system32\dpvsetup.exe REG_SZ C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
C:\WINDOWS\system32\rundll32.exe REG_SZ C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application
C:\Program Files\AVG\AVG8\avgupd.exe REG_SZ C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
C:\Program Files\AVG\AVG8\avgnsx.exe REG_SZ C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe
D:\World of Warcraft\WoW-3.0.3.9183-to-3.0.8.9464-frFR-downloader.exe REG_SZ D:\World of Warcraft\WoW-3.0.3.9183-to-3.0.8.9464-frFR-downloader.exe:*:Enabled:Blizzard Downloader
D:\World of Warcraft\Launcher.exe REG_SZ D:\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher
D:\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-frFR-downloader.exe REG_SZ D:\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-frFR-downloader.exe:*:Enabled:Blizzard Downloader
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
D:\World of Warcraft\WoW-3.2.0-frFR-downloader.exe REG_SZ D:\World of Warcraft\WoW-3.2.0-frFR-downloader.exe:*:Enabled:Blizzard Downloader
C:\Documents and Settings\daniel meyers\Application Data\erase_me025754.exe REG_SZ C:\Documents and Settings\daniel meyers\Application Data\erase_me025754.exe:*:Enabled:Userinit
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
===============
ActivX controls
===============
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{17492023-C23A-453E-A040-C7C580BBF700}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{49232000-16E4-426C-A231-62846947304B}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6A060448-60F9-11D5-A6CD-0002B31F7455}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{867E13F2-7F31-44FB-AC97-CD38E0DC46EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{AB86CE53-AC9F-449F-9399-D8ABCA09EC09}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{02FD1B43-6C0E-3A24-A754-79987839C9F8}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{27529823-45C0-2ED8-87A9-F5C418B294D2}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{467A0BA1-032B-AA41-67C3-827CB25765FD}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A495FFF-A9B2-4D9F-F1CC-BD42CF0006B0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
===
DNS
===
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9B418BD1-B8AD-4756-B4B2-53CD3544D966}: NameServer=212.27.40.240,212.27.40.241
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E28397E1-4063-4DB1-8BD1-EC0C9A59B848}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CCS\Services\Tcpip\..\{FCC0141E-1729-4C6B-A7B2-FA92F78A3D84}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\..\{28204043-74FF-4D5E-8FB2-1B8251F31224}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\..\{30E39581-FE96-45A5-9DAB-2070125F6C0D}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9B418BD1-B8AD-4756-B4B2-53CD3544D966}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9B418BD1-B8AD-4756-B4B2-53CD3544D966}: NameServer=212.27.40.240,212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E28397E1-4063-4DB1-8BD1-EC0C9A59B848}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FCC0141E-1729-4C6B-A7B2-FA92F78A3D84}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS3\Services\Tcpip\..\{28204043-74FF-4D5E-8FB2-1B8251F31224}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS3\Services\Tcpip\..\{30E39581-FE96-45A5-9DAB-2070125F6C0D}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9B418BD1-B8AD-4756-B4B2-53CD3544D966}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9B418BD1-B8AD-4756-B4B2-53CD3544D966}: NameServer=212.27.40.240,212.27.40.241
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E28397E1-4063-4DB1-8BD1-EC0C9A59B848}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS3\Services\Tcpip\..\{FCC0141E-1729-4C6B-A7B2-FA92F78A3D84}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr
Local Page REG_EXPAND_SZ %SystemRoot%\system32\blank.htm
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
========
Safemode
========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!
=========
Atapi.sys
=========
C:\WINDOWS\ServicePackFiles\i386\atapi.sys :
MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674]
SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]
C:\WINDOWS\system32\drivers\atapi.sys :
MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674]
SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]
Référence :
==========
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e
=======
Drive :
=======
D'fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.
Rapport d'analyse
29,29 Go total, 4,59 Go libre (15%), 32% fragment' (fragmentation du fichier 56%)
Vous devriez d'fragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Present !! : C:\Program Files\VMNToolbar
Present !! : C:\Program Files\VSAdd-in
Present !! : C:\Program Files\WinFixer 2005
Present !! : C:\WINDOWS\002866_.tmp
Present !! : C:\WINDOWS\SET29.tmp
Present !! : C:\WINDOWS\SET3.tmp
Present !! : C:\WINDOWS\SET4.tmp
Present !! : C:\WINDOWS\SET8.tmp
Present !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Present !! : C:\WINDOWS\System32\tmp.reg"
Present !! : C:\Documents and Settings\daniel meyers\RefEdit.exd
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\google updater
Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
============
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-20 20:04:56
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
AntiVirusOverride REG_DWORD 0 (0x0)
FirewallOverride REG_DWORD 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 20:04:57,92
▶ Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'Option Clean
ton PC va redemarrer,
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
▶ colle le contenu dans ta reponse
mais cette fois-ci :
▶ choisis l'Option Clean
ton PC va redemarrer,
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
▶ colle le contenu dans ta reponse
Kill'em by g3n-h@ckm@n 1.7.1.3
User : daniel meyers (Administrateurs)
Update on 19/04/2010 by g3n-h@ckm@n ::::: 14.00
Start at: 02:45:43 | 21/04/2010
Today it's my birthday !!! :^)
Intel(R) Pentium(R) 4 CPU 3.06GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Enabled
AV : AVG Anti-Virus Free 8.5 [ Enabled | (!) Outdated ]
AV : AntiVir Desktop 9.0.1.26 [ Enabled | (!) Outdated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 29,29 Go (4,59 Go free) [Système & applications] | NTFS
D:\ -> Disque fixe local | 48,83 Go (15,36 Go free) [Données] | NTFS
E:\ -> Disque fixe local | 14,65 Go (7,46 Go free) [Sauvegarde] | NTFS
F:\ -> Disque fixe local | 4,88 Go (2,42 Go free) [XP de secours] | NTFS
G:\ -> Disque CD-ROM | 654,26 Mo (0 Mo free) [RC] | CDFS
H:\ -> Disque amovible
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CAPM4RSK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM4SWK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM4SWK.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\List_Kill'em\ERUNT.EXE
C:\Program Files\List_Kill'em\pv.exe
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\Program Files\VMNToolbar
Quarantined & Deleted !! : C:\Program Files\VSAdd-in
Quarantined & Deleted !! : C:\Program Files\WinFixer 2005
Quarantined & Deleted !! : C:\WINDOWS\002866_.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET29.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET3.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET4.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET8.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Quarantined & Deleted !! : C:\WINDOWS\System32\tmp.reg
Quarantined & Deleted !! : C:\Documents and Settings\daniel meyers\RefEdit.exd
==============
host file OK !
==============
========
Registry
========
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\google updater
Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
=================
Internet Explorer
=================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.com/?gws_rd=ssl
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
===============
Security Center
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
AntiVirusOverride REG_DWORD 1 (0x1)
FirewallOverride REG_DWORD 1 (0x1)
========
Services
=========
Ndisuio : Start = 3
EapHost : Start = 2
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2
============
Disk Cleaned
============
=================
anti-ver blaster : OK !!
=================
================
Prefetch cleaned
================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
User : daniel meyers (Administrateurs)
Update on 19/04/2010 by g3n-h@ckm@n ::::: 14.00
Start at: 02:45:43 | 21/04/2010
Today it's my birthday !!! :^)
Intel(R) Pentium(R) 4 CPU 3.06GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Enabled
AV : AVG Anti-Virus Free 8.5 [ Enabled | (!) Outdated ]
AV : AntiVir Desktop 9.0.1.26 [ Enabled | (!) Outdated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 29,29 Go (4,59 Go free) [Système & applications] | NTFS
D:\ -> Disque fixe local | 48,83 Go (15,36 Go free) [Données] | NTFS
E:\ -> Disque fixe local | 14,65 Go (7,46 Go free) [Sauvegarde] | NTFS
F:\ -> Disque fixe local | 4,88 Go (2,42 Go free) [XP de secours] | NTFS
G:\ -> Disque CD-ROM | 654,26 Mo (0 Mo free) [RC] | CDFS
H:\ -> Disque amovible
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CAPM4RSK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM4SWK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM4SWK.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\List_Kill'em\ERUNT.EXE
C:\Program Files\List_Kill'em\pv.exe
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\Program Files\VMNToolbar
Quarantined & Deleted !! : C:\Program Files\VSAdd-in
Quarantined & Deleted !! : C:\Program Files\WinFixer 2005
Quarantined & Deleted !! : C:\WINDOWS\002866_.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET29.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET3.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET4.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET8.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Quarantined & Deleted !! : C:\WINDOWS\System32\tmp.reg
Quarantined & Deleted !! : C:\Documents and Settings\daniel meyers\RefEdit.exd
==============
host file OK !
==============
========
Registry
========
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\google updater
Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
=================
Internet Explorer
=================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.com/?gws_rd=ssl
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
===============
Security Center
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
AntiVirusOverride REG_DWORD 1 (0x1)
FirewallOverride REG_DWORD 1 (0x1)
========
Services
=========
Ndisuio : Start = 3
EapHost : Start = 2
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2
============
Disk Cleaned
============
=================
anti-ver blaster : OK !!
=================
================
Prefetch cleaned
================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Bonjour
Voila les rapports
http://www.cijoint.fr/cjlink.php?file=cj201004/cijteXQQdS.txt
et
http://www.cijoint.fr/cjlink.php?file=cj201004/cij3xqscT7.txt
Voila les rapports
http://www.cijoint.fr/cjlink.php?file=cj201004/cijteXQQdS.txt
et
http://www.cijoint.fr/cjlink.php?file=cj201004/cij3xqscT7.txt
peux-tu me donner le contenu de ceci ? :
D:\AUTORISE.TXT
ensuite :
desinstalle "Favorit"
ensuite :
? double clique sur OTL.exe pour le lancer.
?Copie la liste qui se trouve en gras ci-dessous,
? colle-la dans la zone sous Customs Scans/Fixes :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [DXDllRegExe] File not found
@Alternate Data Stream - 68 bytes -> D:\vac2005-91.JPG:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\vac2005-9.JPG:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\vac2005-8.JPG:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\vac2005-7.JPG:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\vac2005-6.JPG:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\vac2005-5.JPG:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\vac2005-4.JPG:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\vac2005-3.JPG:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\vac2005-2.JPG:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\vac2005-1.JPG:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\titreg2.gif:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\text1.swf:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\tel urgences.doc:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\server2.met:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\server.met:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\rosie.jpg:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\rmxv3.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\release_notes.txt:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\psa2se_fre.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\plot.log:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\onciale.jpg:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\navigation.htm:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\navfla.htm:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\nav.swf:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\nav.swd:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\nav.htm:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\mp10setup.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\menu.swf:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\menu.html:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\menu.fla:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\mainttest1.html:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\mainttest0.html:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\maintest.html:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\main.htm:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\LECTMD10.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\LECOURTAIS.pdf:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\jeroboam.zip:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\jeanmichel.tif:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\index.html:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\index.htm:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\he2.pdf:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\frameset.htm:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\Flash8-fr.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\Fireworks8-fr.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\feuille.html:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\Fetes%20SV.pdf:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\EnvoiFTP_V105.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\Dreamweaver8-fr.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\DivXPlay.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\credit-rachat2.fla:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\contact-24817.htm:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\caution.rtf:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\cadeaux koclicko brio1.doc:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\cadeaux koclicko brio.doc:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\button1.swf:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\bl.gif:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\bl.bmp:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\Au revoir et bon vent.ppt:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\antonin2.gif:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\AdbeRdr60_fra_full.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\3ivx.zip:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\000000-20050125-SN025175997SCRIFV1114900000000514d1df337463fb720f0fce1c9b3ddbe.pdf:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\000000-20050111-SN011104497SCRIFV111490000000065407b2ef3849600003eb40937807a5e.pdf:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\(pas de sujet).eml:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Program Files\RngInterstitial.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\WinDVD7.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\vlc-0.8.4a-win32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Studio10_5_full.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\roulet_mandat_revenus_identite.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\roulet_hebergeur2.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\roulet_hebergeur1.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\roulet_crd.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Raccourci vers Inforad_Manager_2_0_full_setup.lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\pilat_revenus.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\pilat_identite_logement.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\pilat_crd.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\pilat_complements.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\pilat_bque_mr.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\pilat_bque_mme_2.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\pilat_bque_mme_1.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\octobre2006 174 bis.jpg:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Numériser.jpg:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\nizier_taxhab_compl.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\nizier_solde_compl.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\nizier_revenus.zip:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\nizier_revenus.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\nizier_is_compl.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\nizier_identite_logement.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\nizier_crd.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\nizier_banque_mr.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\nizier_banque_mme.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Maximusdvd1.2.ZIP:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\mathiot_revenus.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\mathiot_identite_logement.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\mathiot_crd.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\mathiot_comptes.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\MakeMPEG4Free.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\mails senateurs.sxw:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\loup garouj.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Inforad_Manager_2_0_full_setup.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\FELIZ2006.pps:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Dossier - ROULET.xls:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Dossier - PILAT.xls:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Dossier - MATHIOT.xls:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Dossier - CHARLERY.xls:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\directx_9c_oct05sdk_redist.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\dessins.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\coca.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\charlery_revenus.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\charlery_identite_logement.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\charlery_crd.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\charlery_banque2.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\charlery_banque1.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\chapu.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\cassandra&antonin.jpg:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\30avril&divers.ncd:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\-20060411-IT101183668II4VAA30100-oHh9djHJ.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\-20060411-IT101183658II4VAA08171-Lfi_JUUl.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\-20060406-IT096132468II4VAA30100-ioEfDKmR.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\-20060406-IT096132458II4VAA08171-5JdBnqdP.pdf:KAVICHS
@Alternate Data Stream - 228 bytes -> D:\desktop.ini:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\vm404.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\syss.txt:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\rlog.txt:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\_Sid.txt:KAVICHS
@Alternate Data Stream - 132 bytes -> c:\Program Files\HP\hpcoretech\hpcmpmgr.exe:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe:KAVICHS
@Alternate Data Stream - 100 bytes -> D:\RealPlayer10-5GOLD.exe:KAVICHS
@Alternate Data Stream - 100 bytes -> D:\R_U_S_H_.TXT:KAVICHS
@Alternate Data Stream - 100 bytes -> D:\LOGICIEL.TXT:KAVICHS
@Alternate Data Stream - 100 bytes -> D:\LECTME~1.ZIP:KAVICHS
@Alternate Data Stream - 100 bytes -> D:\LECTME~1.HTM:KAVICHS
@Alternate Data Stream - 100 bytes -> D:\LECTME~1.GIF:KAVICHS
@Alternate Data Stream - 100 bytes -> D:\LECTMD10.RSH:KAVICHS
@Alternate Data Stream - 100 bytes -> D:\kav5.0.225_winwks_full_fr.exe:KAVICHS
@Alternate Data Stream - 100 bytes -> D:\INSTAL~1.TXT:KAVICHS
@Alternate Data Stream - 100 bytes -> D:\FILE_ID.DIZ:KAVICHS
@Alternate Data Stream - 100 bytes -> D:\eMule0.46c-Installer.exe:KAVICHS
@Alternate Data Stream - 100 bytes -> D:\daemon341.exe:KAVICHS
@Alternate Data Stream - 100 bytes -> D:\AUTORISE.TXT:KAVICHS
@Alternate Data Stream - 100 bytes -> D:\AUTEUR.TXT:KAVICHS
@Alternate Data Stream - 100 bytes -> D:\AFASHLP.TXT:KAVICHS
@Alternate Data Stream - 100 bytes -> D:\AFAS_ID.TXT:KAVICHS
@Alternate Data Stream - 100 bytes -> D:\AFAS.HLP:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\lewl2.html:KAVICHS
:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"HP Component Manager"=-
"TkBellExe"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride"=1
"FirewallOverride"=1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Fichiers communs\KAV Shared Files\avpupd.exe"=-
"C:\Documents and Settings\daniel meyers\Application Data\erase_me025754.exe"=-
:Files
C:\WINDOWS\Lfaqia.exe
:commands
[emptytemp]
[start explorer]
[reboot]
? Clique sur "Correction" pour lancer la suppression.
? Poste le rapport qui logiquement s'ouvrira tout seul en fin de travail appres le redemarrage.
?G3?-?@¢??@?(TM)©®?
D:\AUTORISE.TXT
ensuite :
desinstalle "Favorit"
ensuite :
? double clique sur OTL.exe pour le lancer.
?Copie la liste qui se trouve en gras ci-dessous,
? colle-la dans la zone sous Customs Scans/Fixes :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [DXDllRegExe] File not found
@Alternate Data Stream - 68 bytes -> D:\vac2005-91.JPG:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\vac2005-9.JPG:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\vac2005-8.JPG:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\vac2005-7.JPG:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\vac2005-6.JPG:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\vac2005-5.JPG:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\vac2005-4.JPG:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\vac2005-3.JPG:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\vac2005-2.JPG:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\vac2005-1.JPG:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\titreg2.gif:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\text1.swf:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\tel urgences.doc:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\server2.met:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\server.met:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\rosie.jpg:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\rmxv3.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\release_notes.txt:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\psa2se_fre.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\plot.log:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\onciale.jpg:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\navigation.htm:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\navfla.htm:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\nav.swf:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\nav.swd:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\nav.htm:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\mp10setup.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\menu.swf:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\menu.html:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\menu.fla:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\mainttest1.html:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\mainttest0.html:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\maintest.html:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\main.htm:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\LECTMD10.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\LECOURTAIS.pdf:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\jeroboam.zip:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\jeanmichel.tif:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\index.html:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\index.htm:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\he2.pdf:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\frameset.htm:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\Flash8-fr.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\Fireworks8-fr.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\feuille.html:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\Fetes%20SV.pdf:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\EnvoiFTP_V105.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\Dreamweaver8-fr.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\DivXPlay.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\credit-rachat2.fla:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\contact-24817.htm:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\caution.rtf:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\cadeaux koclicko brio1.doc:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\cadeaux koclicko brio.doc:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\button1.swf:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\bl.gif:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\bl.bmp:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\Au revoir et bon vent.ppt:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\antonin2.gif:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\AdbeRdr60_fra_full.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\3ivx.zip:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\000000-20050125-SN025175997SCRIFV1114900000000514d1df337463fb720f0fce1c9b3ddbe.pdf:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\000000-20050111-SN011104497SCRIFV111490000000065407b2ef3849600003eb40937807a5e.pdf:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\(pas de sujet).eml:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Program Files\RngInterstitial.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\WinDVD7.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\vlc-0.8.4a-win32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Studio10_5_full.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\roulet_mandat_revenus_identite.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\roulet_hebergeur2.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\roulet_hebergeur1.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\roulet_crd.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Raccourci vers Inforad_Manager_2_0_full_setup.lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\pilat_revenus.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\pilat_identite_logement.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\pilat_crd.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\pilat_complements.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\pilat_bque_mr.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\pilat_bque_mme_2.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\pilat_bque_mme_1.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\octobre2006 174 bis.jpg:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Numériser.jpg:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\nizier_taxhab_compl.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\nizier_solde_compl.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\nizier_revenus.zip:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\nizier_revenus.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\nizier_is_compl.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\nizier_identite_logement.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\nizier_crd.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\nizier_banque_mr.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\nizier_banque_mme.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Maximusdvd1.2.ZIP:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\mathiot_revenus.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\mathiot_identite_logement.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\mathiot_crd.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\mathiot_comptes.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\MakeMPEG4Free.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\mails senateurs.sxw:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\loup garouj.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Inforad_Manager_2_0_full_setup.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\FELIZ2006.pps:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Dossier - ROULET.xls:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Dossier - PILAT.xls:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Dossier - MATHIOT.xls:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Dossier - CHARLERY.xls:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\directx_9c_oct05sdk_redist.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\dessins.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\coca.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\charlery_revenus.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\charlery_identite_logement.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\charlery_crd.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\charlery_banque2.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\charlery_banque1.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\chapu.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\cassandra&antonin.jpg:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\30avril&divers.ncd:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\-20060411-IT101183668II4VAA30100-oHh9djHJ.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\-20060411-IT101183658II4VAA08171-Lfi_JUUl.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\-20060406-IT096132468II4VAA30100-ioEfDKmR.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\-20060406-IT096132458II4VAA08171-5JdBnqdP.pdf:KAVICHS
@Alternate Data Stream - 228 bytes -> D:\desktop.ini:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\vm404.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\syss.txt:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\rlog.txt:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\_Sid.txt:KAVICHS
@Alternate Data Stream - 132 bytes -> c:\Program Files\HP\hpcoretech\hpcmpmgr.exe:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe:KAVICHS
@Alternate Data Stream - 100 bytes -> D:\RealPlayer10-5GOLD.exe:KAVICHS
@Alternate Data Stream - 100 bytes -> D:\R_U_S_H_.TXT:KAVICHS
@Alternate Data Stream - 100 bytes -> D:\LOGICIEL.TXT:KAVICHS
@Alternate Data Stream - 100 bytes -> D:\LECTME~1.ZIP:KAVICHS
@Alternate Data Stream - 100 bytes -> D:\LECTME~1.HTM:KAVICHS
@Alternate Data Stream - 100 bytes -> D:\LECTME~1.GIF:KAVICHS
@Alternate Data Stream - 100 bytes -> D:\LECTMD10.RSH:KAVICHS
@Alternate Data Stream - 100 bytes -> D:\kav5.0.225_winwks_full_fr.exe:KAVICHS
@Alternate Data Stream - 100 bytes -> D:\INSTAL~1.TXT:KAVICHS
@Alternate Data Stream - 100 bytes -> D:\FILE_ID.DIZ:KAVICHS
@Alternate Data Stream - 100 bytes -> D:\eMule0.46c-Installer.exe:KAVICHS
@Alternate Data Stream - 100 bytes -> D:\daemon341.exe:KAVICHS
@Alternate Data Stream - 100 bytes -> D:\AUTORISE.TXT:KAVICHS
@Alternate Data Stream - 100 bytes -> D:\AUTEUR.TXT:KAVICHS
@Alternate Data Stream - 100 bytes -> D:\AFASHLP.TXT:KAVICHS
@Alternate Data Stream - 100 bytes -> D:\AFAS_ID.TXT:KAVICHS
@Alternate Data Stream - 100 bytes -> D:\AFAS.HLP:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\lewl2.html:KAVICHS
:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"HP Component Manager"=-
"TkBellExe"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride"=1
"FirewallOverride"=1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Fichiers communs\KAV Shared Files\avpupd.exe"=-
"C:\Documents and Settings\daniel meyers\Application Data\erase_me025754.exe"=-
:Files
C:\WINDOWS\Lfaqia.exe
:commands
[emptytemp]
[start explorer]
[reboot]
? Clique sur "Correction" pour lancer la suppression.
? Poste le rapport qui logiquement s'ouvrira tout seul en fin de travail appres le redemarrage.
?G3?-?@¢??@?(TM)©®?
