Lsass.exe editeur inconnu
gen-hackman -
Depuis que mon conjoint a clique sur un lien msn pourri il a chopé des saloperies, grave a antivir j'en ai supprimé pas mal mais le probleme de base persiste, au demarrage de la session windows il y a le message lsass.exe éditeur inconnu voulez vous l'executer, que je clique sur oui ou non il ne se passe rien... Et je n'ai plus de connexion a internet, les ip et passrelle sont remise a blanc systematiquement a chaque reboot, meme si je les rentre manuellement.
Pas sur qu'il y ait un lien direct, j'aimerais avoir quelques eclaircissements.
Par avance, merci
42 réponses
- 1
- 2
- 3
Une machine est infectée après avoir cliqué sur un lien MSN suspect, avec un message lsass.exe éditeur inconnu à l'ouverture de session et une perte de connexion Internet.
Plusieurs réponses décrivent des tentatives de réparation et des analyses avec OTL, désinfection de clés de registre, suppression d'éléments autoload et nettoyage de fichiers et dossiers suspects.
Des extraits de rapports montrent pannes et ajustements, notamment la suppression d'entrées Run, suppression d'ADS et suppression de processus comme msnmsgr.exe, indiquant une contamination active puis des traces résiduelles.
En cas de perspective complémentaire, le fil mentionne des rapports et des outils variés, et souligne l'ampleur des éléments malveillants comme fichiers et clés Windows, ainsi que des redémarrages répétitifs.
-
salut :
▶ Télécharge UsbFix
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
▶ Double clic sur le raccourci UsbFix présent sur ton bureau .
▶ Au menu principal choisis l'option " F " pour français et tape sur [entrée] .
▶ Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]
▶ Laisse travailler l'outil.
▶ Ensuite post le rapport UsbFix.txt qui apparaitra.
Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus. -
Merci bien, ca tourne, un peu bloqué a 50% mais je suppose que c'est normal que ce soit assez long ;)
Je poste des que j'ai un rapport -
-
Le voila :
bon ca reste un peu esoterique pour moi lol
############################## | UsbFix V6.104 |
User : daniel meyers (Administrateurs) # BURODANIEL
Update on 14/04/2010 by El Desaparecido , C_XX & Chimay8
Start at: 11:35:43 | 15/04/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Pentium(R) 4 CPU 3.06GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Enabled
AV : AVG Anti-Virus Free 8.5 [ Enabled | Updated ]
AV : AntiVir Desktop 9.0.1.26 [ Enabled | (!) Outdated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 29,29 Go (928,68 Mo free) [Système & applications] # NTFS
D:\ -> Disque fixe local # 48,83 Go (13,61 Go free) [Données] # NTFS
E:\ -> Disque fixe local # 14,65 Go (7,46 Go free) [Sauvegarde] # NTFS
F:\ -> Disque fixe local # 4,88 Go (2,37 Go free) [XP de secours] # NTFS
G:\ -> Disque CD-ROM # 654,26 Mo (0 Mo free) [RC] # CDFS
H:\ -> Disque amovible
I:\ -> Disque amovible # 116,88 Mo (2,42 Mo free) # FAT
################## | Elements infectieux |
C:\WINDOWS\csrssm.exe
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
C:\WINDOWS\System32\sshnas21.dll
C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\a.dat
C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\Lmj.exe
C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\Lmk.exe
C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\Lml.exe
C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\Lmm.exe
C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\Lmn.exe
C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\s.exe
C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\s1.exe
C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\lssas.exe
C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\s.exe
C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\sshnas21.dll
C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\svchosts.exe
C:\a.txt
C:\lc.exe
G:\autorun.inf
G:\autorun.exe
G:\autorun.ini
C:\Documents and Settings\daniel meyers\Local Settings\Temp\svchosts.exe
C:\Documents and Settings\daniel meyers\Local Settings\Temporary Internet Files\Content.IE5\4FEVU0JM\site[1].com
################## | Registre |
[HKCU\SOFTWARE\Microsoft\Handle]
[HKCU\SOFTWARE\WEK9EMDHI9]
[HKCU\SOFTWARE\XML]
[HKCU\SOFTWARE\YVIBBBHA8C]
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "google updater"
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "YVIBBBHA8C"
[HKLM\SYSTEM\CurrentControlSet\Services\SSHNAS]
[HKLM\SYSTEM\ControlSet001\Services\SSHNAS]
[HKLM\SYSTEM\ControlSet003\Services\SSHNAS]
[HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS]
[HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHNAS]
[HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_SSHNAS]
################## | Mountpoints2 |
################## | Vaccin |
################## | ! Fin du rapport # UsbFix V6.104 ! | -
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question -
oui c'est la bible......de l'informatique en desinfection ^^
▶ (!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir
▶ Double clic (clic droit "en tant qu'administrateur" pour Vista)sur le raccourci UsbFix présent sur ton bureau
▶ Au menu principal choisis l'option " F " pour français et tape sur [entrée] .
▶ Au second menu Choisis l'option " 2 " ( Suppression ) et tape sur [entrée]
▶ Ton bureau disparaitra et le pc redémarrera .
▶ Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.
▶ Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .
Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller ) -
merci bien, voici le rapport
############################## | UsbFix V6.104 |
User : daniel meyers (Administrateurs) # BURODANIEL
Update on 14/04/2010 by El Desaparecido , C_XX & Chimay8
Start at: 17:46:34 | 16/04/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Pentium(R) 4 CPU 3.06GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Enabled
AV : AVG Anti-Virus Free 8.5 [ Enabled | (!) Outdated ]
AV : AntiVir Desktop 9.0.1.26 [ Enabled | (!) Outdated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 29,29 Go (879,57 Mo free) [Système & applications] # NTFS
D:\ -> Disque fixe local # 48,83 Go (13,61 Go free) [Données] # NTFS
E:\ -> Disque fixe local # 14,65 Go (7,46 Go free) [Sauvegarde] # NTFS
F:\ -> Disque fixe local # 4,88 Go (2,37 Go free) [XP de secours] # NTFS
G:\ -> Disque CD-ROM # 654,26 Mo (0 Mo free) [RC] # CDFS
H:\ -> Disque amovible
################## | Elements infectieux |
Supprimé ! C:\WINDOWS\csrssm.exe
Supprimé ! C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
Supprimé ! C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
Supprimé ! C:\WINDOWS\System32\sshnas21.dll
Supprimé ! C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\a.dat
Supprimé ! C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\Lmj.exe
Supprimé ! C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\Lmk.exe
Supprimé ! C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\Lml.exe
Supprimé ! C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\Lmm.exe
Supprimé ! C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\Lmn.exe
Supprimé ! C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\s.exe
Supprimé ! C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\s1.exe
Supprimé ! C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\lssas.exe
Supprimé ! C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\sshnas21.dll
Supprimé ! C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\svchosts.exe
Supprimé ! C:\a.txt
Supprimé ! C:\lc.exe
Supprimé ! C:\Recycler\S-1-5-21-1715567821-299502267-682003330-1003
Supprimé ! C:\Recycler\S-1-5-21-1715567821-299502267-682003330-1004
Supprimé ! C:\Recycler\S-1-5-21-448539723-583907252-725345543-1003
Supprimé ! D:\Recycler\S-1-5-21-1715567821-299502267-682003330-1003
Supprimé ! D:\Recycler\S-1-5-21-448539723-583907252-725345543-1003
Supprimé ! E:\Recycler\S-1-5-21-1715567821-299502267-682003330-1003
Supprimé ! E:\Recycler\S-1-5-21-448539723-583907252-725345543-1003
Supprimé ! F:\Recycler\S-1-5-21-1715567821-299502267-682003330-1003
Supprimé ! F:\Recycler\S-1-5-21-448539723-583907252-725345543-1003
(!) Non supprimé ! G:\autorun.inf
(!) Non supprimé ! G:\autorun.exe
(!) Non supprimé ! G:\autorun.ini
Supprimé ! C:\Documents and Settings\daniel meyers\Local Settings\Temporary Internet Files\Content.IE5\4FEVU0JM\site[1].com
################## | Registre |
Supprimé ! [HKCU\SOFTWARE\Microsoft\Handle]
Supprimé ! [HKCU\SOFTWARE\WEK9EMDHI9]
Supprimé ! [HKCU\SOFTWARE\XML]
Supprimé ! [HKCU\SOFTWARE\YVIBBBHA8C]
Supprimé ! [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "google updater"
Supprimé ! [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "YVIBBBHA8C"
Supprimé ! [HKLM\SYSTEM\CurrentControlSet\Services\SSHNAS]
Supprimé ! [HKLM\SYSTEM\ControlSet003\Services\SSHNAS]
Supprimé ! [HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS]
Supprimé ! [HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_SSHNAS]
################## | Mountpoints2 |
################## | Listing des fichiers présent |
[09/05/2006 15:29|--a--c---|95] C:\AUTOEXEC.BAT
[04/12/2006 17:10|---hsc---|317] C:\boot.ini
[02/03/2006 14:00|-rahsc---|4952] C:\Bootfont.bin
[05/12/2004 21:50|--a--c---|0] C:\CONFIG.SYS
[?|?|?] C:\hiberfil.sys
[05/12/2004 21:50|-r-hsc---|0] C:\IO.SYS
[31/10/2005 23:37|-----c---|199] C:\lewl2.html
[05/12/2004 21:50|-r-hsc---|0] C:\MSDOS.SYS
[02/03/2006 14:00|-rahs----|47564] C:\NTDETECT.COM
[18/11/2008 03:30|-rahs----|252240] C:\ntldr
[?|?|?] C:\pagefile.sys
[18/11/2008 20:17|--a--c---|2653] C:\rapport.txt
[15/08/2005 23:17|--a--c---|66974] C:\rlog.txt
[11/01/2005 15:45|--a--c---|224423] C:\syss.txt
[16/04/2010 18:33|--a--c---|4179] C:\UsbFix.txt
[01/12/2006 19:10|--ahsc---|2258] C:\vm404.log
[24/12/2004 18:05|--a--c---|2334] C:\_Sid.txt
[05/10/2005 19:40|--a------|2420500] D:\(pas de sujet).eml
[05/04/2006 16:01|--a------|200144] D:\-20060406-IT096132458II4VAA08171-5JdBnqdP.pdf
[05/04/2006 16:00|--a------|200206] D:\-20060406-IT096132468II4VAA30100-ioEfDKmR.pdf
[05/04/2006 16:05|--a------|200071] D:\-20060411-IT101183658II4VAA08171-Lfi_JUUl.pdf
[05/04/2006 16:04|--a------|200122] D:\-20060411-IT101183668II4VAA30100-oHh9djHJ.pdf
[13/12/2004 16:55|--a------|221037] D:\000000-20050111-SN011104497SCRIFV111490000000065407b2ef3849600003eb40937807a5e.pdf
[13/12/2004 16:55|--a------|216357] D:\000000-20050125-SN025175997SCRIFV1114900000000514d1df337463fb720f0fce1c9b3ddbe.pdf
[03/09/2007 16:30|--a------|49228] D:\16-9.dwg
[23/05/2006 12:43|--a------|90934862] D:\30avril&divers.ncd
[28/03/2005 11:04|--a------|1098779] D:\3ivx.zip
[28/04/2008 19:11|--a------|477] D:\acad.err
[13/12/2004 17:11|--a------|18810320] D:\AdbeRdr60_fra_full.exe
[24/12/2006 16:15|--a------|22845992] D:\AdbeRdr80_fr_FR.exe
[07/04/1999 17:47|--a------|28645] D:\AFAS.HLP
[20/05/1998 23:13|--a------|7867] D:\AFASHLP.TXT
[31/05/1999 14:16|--a------|366] D:\AFAS_ID.TXT
[02/04/2007 15:38|--a------|65024] D:\annonce legale diss fermeyer.doc
[25/07/2005 17:59|--a------|774898] D:\antonin2.gif
[08/07/2007 21:30|--a------|870400] D:\ariel2.ISO
[13/09/2004 18:59|--a------|95744] D:\Au revoir et bon vent.ppt
[30/05/1999 17:36|--a------|317] D:\AUTEUR.TXT
[30/05/1999 17:33|--a------|1621] D:\AUTORISE.TXT
[08/10/2005 22:07|--a------|14806] D:\bl.bmp
[08/10/2005 22:07|--a------|3276] D:\bl.gif
[08/10/2005 22:49|--a------|1536] D:\button1.swf
[06/06/2004 13:57|--a------|228352] D:\cadeaux koclicko brio.doc
[05/03/2005 21:20|--a------|82944] D:\cadeaux koclicko brio1.doc
[13/04/2007 18:48|--a------|2655939] D:\CASSANDRA SUR L'ARBRE.JPG
[11/01/2006 00:17|--a------|47144] D:\cassandra&antonin.jpg
[08/12/2004 11:32|--a------|2701] D:\caution.rtf
[16/01/2006 19:05|--a------|4902984] D:\chapu.pdf
[20/03/2006 20:16|--a------|1604967] D:\charlery_banque1.pdf
[22/03/2006 09:20|--a------|7124226] D:\charlery_banque2.pdf
[20/03/2006 18:43|--a------|2753489] D:\charlery_crd.pdf
[20/03/2006 17:52|--a------|851999] D:\charlery_identite_logement.pdf
[20/03/2006 18:17|--a------|4385761] D:\charlery_revenus.pdf
[01/08/2006 10:35|--a------|657168] D:\coca.pdf
[25/07/2005 13:38|--a------|26933] D:\contact-24817.htm
[09/10/2005 14:06|--a------|1116672] D:\credit-rachat2.fla
[21/11/2003 10:06|--a------|517699] D:\daemon341.exe
[14/04/2010 21:23|--ahs----|85] D:\desktop.ini
[26/04/2006 21:47|--a------|457854] D:\dessins.pdf
[30/12/2005 17:12|--a------|35246592] D:\directx_9c_oct05sdk_redist.exe
[09/08/2005 21:47|--a------|7769912] D:\DivXPlay.exe
[22/03/2006 12:05|--a------|56249] D:\Dossier - CHARLERY.xls
[07/03/2006 21:11|--a------|56064] D:\Dossier - MATHIOT.xls
[21/02/2006 12:18|--a------|56248] D:\Dossier - PILAT.xls
[18/03/2006 13:42|--a------|56384] D:\Dossier - ROULET.xls
[02/10/2005 15:13|--a------|63930544] D:\Dreamweaver8-fr.exe
[20/11/2005 19:30|--a------|4587890] D:\eMule0.46c-Installer.exe
[25/07/2005 15:25|--a------|2565038] D:\EnvoiFTP_V105.exe
[04/01/2006 20:06|--a------|240128] D:\FELIZ2006.pps
[26/10/2004 21:55|--a------|708913] D:\Fetes%20SV.pdf
[08/10/2005 22:15|--a------|595] D:\feuille.html
[31/05/1999 14:16|--a------|558] D:\FILE_ID.DIZ
[02/10/2005 15:15|--a------|92828912] D:\Fireworks8-fr.exe
[02/10/2005 23:12|--a------|113245824] D:\Flash8-fr.exe
[08/10/2005 22:15|--a------|611] D:\frameset.htm
[05/09/2001 23:00|--a------|1700352] D:\gdiplus.dll
[24/12/2006 16:13|--a------|867424] D:\GoogleToolbarInstaller_ADBx_fr_401019_signed.exe
[10/10/2004 21:57|--a------|1379924] D:\he2.pdf
[13/04/2007 08:18|-ra------|1116591] D:\HPIM2105.JPG
[06/02/2004 18:19|-ra------|16384] D:\hpqimgrc.resources.dll
[09/12/2006 17:36|--a------|3391046] D:\IFM32SETUP.exe
[08/10/2005 22:09|--a------|284] D:\index.htm
[08/10/2005 22:09|--a------|284] D:\index.html
[08/04/2006 14:48|--a------|3712436] D:\Inforad_Manager_2_0_full_setup.exe
[31/05/1999 15:24|--a------|496] D:\INSTAL~1.TXT
[13/03/2007 16:57|--a------|46508333] D:\izispot.exe
[25/12/2009 13:25|--a------|22016] D:\j'ai rien fait.doc
[09/03/2005 17:40|--a------|3003332] D:\jeanmichel.tif
[22/12/2004 14:23|--a------|2556459] D:\jeroboam.zip
[09/09/2005 16:38|--a------|31327784] D:\kav5.0.225_winwks_full_fr.exe
[02/09/2004 12:26|--a------|231745] D:\LECOURTAIS.pdf
[23/05/2005 21:02|--a------|1801412] D:\LECTMD10.EXE
[17/09/1999 11:37|--a------|4260] D:\LECTMD10.RSH
[02/06/1999 18:56|--a------|6357] D:\LECTME~1.GIF
[22/06/1999 07:29|--a------|967] D:\LECTME~1.HTM
[03/06/1999 16:15|--a------|1758381] D:\LECTME~1.ZIP
[31/05/1999 14:17|--a------|610] D:\LOGICIEL.TXT
[11/06/2006 10:59|--a------|198144] D:\loup garouj.doc
[08/07/2007 21:35|--a------|870400] D:\M2S0EFW1.ISO
[20/06/2006 13:59|--a------|9482] D:\mails senateurs.sxw
[08/10/2005 22:08|--a------|284] D:\main.htm
[08/10/2005 22:15|--a------|323] D:\maintest.html
[08/10/2005 22:50|--a------|1001] D:\mainttest0.html
[08/10/2005 22:15|--a------|311] D:\mainttest1.html
[19/05/2006 16:09|--a------|880640] D:\MakeMPEG4Free.exe
[07/03/2006 16:48|--a------|6792614] D:\mathiot_comptes.pdf
[07/03/2006 16:54|--a------|2173663] D:\mathiot_crd.pdf
[07/03/2006 14:43|--a------|4388392] D:\mathiot_identite_logement.pdf
[07/03/2006 15:57|--a------|4214242] D:\mathiot_revenus.pdf
[30/12/2005 16:54|--a------|4894713] D:\Maximusdvd1.2.ZIP
[09/10/2005 14:21|--a------|49152] D:\menu.fla
[09/10/2005 14:21|--a------|1865] D:\menu.html
[09/10/2005 14:21|--a------|5073] D:\menu.swf
[04/12/2009 13:23|--a------|839] D:\Mes dossiers de partage.lnk
[30/04/2005 18:10|--a------|12814336] D:\mp10setup.exe
[02/10/2005 20:21|--a------|284] D:\nav.htm
[08/10/2005 22:08|--a------|1266] D:\nav.swd
[08/10/2005 23:05|--a------|7477] D:\nav.swf
[02/10/2005 20:21|--a------|1095] D:\navfla.htm
[08/10/2005 22:15|--a------|826] D:\navigation.htm
[16/10/2007 19:57|--a------|61440] D:\nc.indb
[20/02/2006 13:49|--a------|3354143] D:\nizier_banque_mme.pdf
[20/02/2006 14:02|--a------|3250552] D:\nizier_banque_mr.pdf
[20/02/2006 14:14|--a------|3792143] D:\nizier_crd.pdf
[20/02/2006 18:42|--a------|3454052] D:\nizier_identite_logement.pdf
[21/02/2006 11:55|--a------|1427168] D:\nizier_is_compl.pdf
[20/02/2006 13:33|--a------|8614687] D:\nizier_revenus.pdf
[20/02/2006 14:08|--a------|8122933] D:\nizier_revenus.zip
[21/02/2006 13:02|--a------|244456] D:\nizier_solde_compl.pdf
[21/02/2006 12:16|--a------|303990] D:\nizier_taxhab_compl.pdf
[27/04/2006 19:20|--a------|428393] D:\Num'riser.jpg
[12/11/2006 21:02|--a------|950998] D:\octobre2006 174 bis.jpg
[08/10/2005 22:07|--a------|21530] D:\onciale.jpg
[25/01/2007 19:13|--a------|9227] D:\patchie7.ifz
[20/02/2006 22:10|--a------|2434374] D:\pilat_bque_mme_1.pdf
[20/02/2006 22:22|--a------|1986772] D:\pilat_bque_mme_2.pdf
[20/02/2006 22:34|--a------|1787655] D:\pilat_bque_mr.pdf
[27/02/2006 19:31|--a------|770944] D:\pilat_complements.pdf
[21/02/2006 12:56|--a------|2270580] D:\pilat_crd.pdf
[20/02/2006 19:25|--a------|3367950] D:\pilat_identite_logement.pdf
[20/02/2006 19:50|--a------|5807690] D:\pilat_revenus.pdf
[01/05/2008 15:04|--a------|829] D:\plot.log
[27/12/2007 15:35|--a------|24064] D:\poeme cassandra Joyeux No0/00l.doc
[13/12/2004 17:01|--a------|6607296] D:\psa2se_fre.exe
[08/04/2006 14:50|--a------|518] D:\Raccourci vers Inforad_Manager_2_0_full_setup.lnk
[24/11/2005 19:38|--a------|11851168] D:\RealPlayer10-5GOLD.exe
[04/12/2009 13:19|--a------|20480] D:\recherches cassandra theatre.doc
[14/09/2005 08:52|--a------|8100] D:\release_notes.txt
[23/05/2005 21:11|--a------|11785794] D:\rmxv3.exe
[26/09/2005 12:21|--a------|43438] D:\rosie.jpg
[18/03/2006 12:33|--a------|1912345] D:\roulet_crd.pdf
[18/03/2006 12:57|--a------|4105730] D:\roulet_hebergeur1.pdf
[18/03/2006 13:35|--a------|6169507] D:\roulet_hebergeur2.pdf
[18/03/2006 12:09|--a------|3263192] D:\roulet_mandat_revenus_identite.pdf
[20/04/1999 12:25|--a------|980] D:\R_U_S_H_.TXT
[20/11/2005 19:30|--a------|3034] D:\server.met
[20/11/2005 19:30|--a------|6209] D:\server2.met
[21/12/2008 01:34|--a------|520] D:\spider.sav
[19/05/2006 15:55|--a------|81334119] D:\Studio10_5_full.exe
[13/09/2004 18:33|--a------|24064] D:\tel urgences.doc
[18/12/2007 00:34|--a------|24064] D:\TEST.doc
[08/10/2005 22:44|--a------|966] D:\text1.swf
[05/02/2010 18:40|--ahs----|199168] D:\Thumbs.db
[08/10/2005 22:07|--a------|1284] D:\titreg2.gif
[04/09/2005 19:45|--a------|175212] D:\vac2005-1.JPG
[04/09/2005 19:45|--a------|196942] D:\vac2005-2.JPG
[04/09/2005 19:46|--a------|195030] D:\vac2005-3.JPG
[04/09/2005 19:46|--a------|174393] D:\vac2005-4.JPG
[04/09/2005 19:46|--a------|203322] D:\vac2005-5.JPG
[04/09/2005 19:46|--a------|193833] D:\vac2005-6.JPG
[04/09/2005 19:46|--a------|206818] D:\vac2005-7.JPG
[04/09/2005 19:46|--a------|200874] D:\vac2005-8.JPG
[04/09/2005 19:47|--a------|182467] D:\vac2005-9.JPG
[04/09/2005 19:47|--a------|210421] D:\vac2005-91.JPG
[30/12/2005 17:01|--a------|9692886] D:\vlc-0.8.4a-win32.exe
[30/12/2005 17:08|--a------|55034414] D:\WinDVD7.exe
[06/12/2004 14:33|--a------|3561577472] E:\Backup061204.bkf
[15/11/2006 20:20|---------|29893632] E:\Backup151106.bkf
[22/11/2006 19:20|--a------|2048] E:\Backup221106.bkf
[22/11/2006 19:24|--a------|2048] E:\Backup221106bis.bkf
[17/08/2007 15:39|--a------|4053381120] E:\souvenirsgti.ISO
[25/09/2002 18:20|-r-------|4196] G:\agree.bmp
[30/09/2002 14:33|-r-------|4196] G:\agree_o.bmp
[14/05/2003 17:18|-r-------|81920] G:\autorun.exe
[04/11/2003 11:19|-r-------|48] G:\AUTORUN.INF
[12/05/2004 09:41|-r-------|590] G:\AUTORUN.INI
[25/09/2002 18:22|-r-------|3476] G:\back.bmp
[19/02/2004 16:09|-r-------|908264] G:\background.bmp
[30/09/2002 14:30|-r-------|3476] G:\back_o.bmp
[09/02/1998 20:00|-r-------|29952] G:\BORLNDMM.DLL
[03/03/1999 21:00|-r-------|908800] G:\CP3245MT.DLL
[07/11/2002 18:22|-r-------|339968] G:\EAutorun.exe
[30/09/2002 12:50|-r-------|3476] G:\exit.bmp
[30/09/2002 12:51|-r-------|3476] G:\exit_o.bmp
[09/12/1999 17:48|-r-------|200] G:\LANG.CFG
[30/09/2002 14:24|-r-------|4668] G:\log.bmp
[30/09/2002 14:24|-r-------|4676] G:\log_o.bmp
[08/12/1999 17:22|-r-------|1866123] G:\MANUAL.PDF
[17/10/2002 16:39|-r-------|1617] G:\messagess.txt
[06/04/2004 11:46|-r-------|180598] G:\mindscape.bmp
[11/05/2004 09:55|-r-------|356864] G:\mindscape.exe
[11/04/2003 11:49|-r-------|142] G:\Mindscape.url
[30/09/2002 14:28|-r-------|3476] G:\next.bmp
[30/09/2002 14:29|-r-------|3476] G:\next_o.bmp
[06/05/2004 16:36|-r-------|86] G:\pref.txt
[06/05/2004 16:36|-r-------|34] G:\product.txt
[27/01/2000 20:09|-r-------|5676544] G:\RAL.EXE
[03/11/2003 15:33|-r-------|1773] G:\README.TXT
[25/09/2002 18:22|-r-------|4676] G:\reg.bmp
[30/09/2002 14:34|-r-------|4664] G:\reg_o.bmp
[06/05/2004 16:36|-r-------|14364] G:\resource.txt
[30/09/2002 14:43|-r-------|6476] G:\rl.bmp
[30/09/2002 14:57|-r-------|6476] G:\rl_o.bmp
[11/03/2002 00:53|-r-------|960056] G:\splash.bmp
[07/05/2004 09:32|-r-------|6826] G:\text.rtf
[23/03/2004 12:19|-r-h-----|43008] G:\Thumbs.db
[07/01/1999 21:02|-r-------|1888232] G:\VCL40.BPL
[18/06/1998 21:00|-r-------|252408] G:\VCLX40.BPL
################## | Vaccination |
# C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# D:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# E:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# F:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
################## | Upload |
Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_BURODANIEL.zip : https://www.ionos.fr/?affiliate_id=77097
Merci pour votre contribution . -
Télécharge OTL de OLDTimer
▶ enregistre le sur ton Bureau.
▶ Double clic ( pour vista / 7 => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.
▶ Coche les 2 cases Lop et Purity
▶ Coche la case devant tous les utilisateurs
▶ règle age du fichier sur "60 jours"
▶ dans la moitié gauche , mets tout sur "tous"
ne modifie pas ceci :
"fichiers créés" et "fichiers Modifiés"
▶Clic sur Analyse.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)
▶▶▶ NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier ci-dessus.
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
▶▶ Tu feras la meme chose avec le "Extra.txt" qui logiquement sera aussi sur ton bureau.
-
Me revoila ;)
donc le premier lien
http://www.cijoint.fr/cjlink.php?file=cj201004/cijPssDKz5.txt
et le 2e lien
http://www.cijoint.fr/cjlink.php?file=cj201004/cijm3Ed5Lp.txt
merci -
hello
Télécharge Navilog1 depuis-ce lien
▶ Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
▶ Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
▶ Au menu principal, Fais le choix 1 >> Recherche / suppression automatique
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
>>>>> Le fix peut durer une dizaine de minutes ;)
▶ Appuie sur une touche le bloc note va s'ouvrir.
▶ Copie-colle le rapport ici.
-
voila c'est fait, mais toujours pas de connexion ni pare feu...
Fix Navipromo version 4.0.8 commencé le 20/04/2010 19:22:35,46
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
Outil exécuté depuis C:\navilog1
Mise à jour le 09.03.2010 à 18h00 par IL-MAFIOSO
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.06GHz )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : daniel meyers ( Administrator )
BOOT : Normal boot
Antivirus : AntiVir Desktop 9.0.1.26 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:29 Go (Free:4 Go)
D:\ (Local Disk) - NTFS - Total:48 Go (Free:15 Go)
E:\ (Local Disk) - NTFS - Total:14 Go (Free:7 Go)
F:\ (Local Disk) - NTFS - Total:4 Go (Free:2 Go)
G:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
H:\ (USB)
I:\ (USB) - FAT - Total:116 Mo (Free:0 Go)
Recherche executée en mode normal
Nettoyage exécuté au redémarrage de l'ordinateur
C:\WINDOWS\prefetch\bjgnjxf*.pf supprimé !
c:\docume~1\daniel~1\locals~1\applic~1\bjgnjxf.exe supprimé !
c:\docume~1\daniel~1\locals~1\applic~1\bjgnjxf.dat supprimé !
c:\docume~1\daniel~1\locals~1\applic~1\bjgnjxf_nav.dat supprimé !
c:\docume~1\daniel~1\locals~1\applic~1\bjgnjxf_navps.dat supprimé !
Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\daniel meyers\locals~1\Temp effectué !
*** Sauvegarde du Registre vers dossier Safebackup ***
sauvegarde du Registre réalisée avec succès !
*** Nettoyage Registre ***
Nettoyage Registre Ok
Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat OOO-Favorit supprimé !
*** Scan terminé 20/04/2010 19:28:21,48 *** -
DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)
▶ Télécharge List_Kill'em et enregistre le sur ton bureau
double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation
une fois terminée , clic sur "terminer" et le programme se lancera seul
choisis l'option Search
un icone blanc et noir va s'afficher sur le bureau , il te servira à relancer le programme par la suite.
un autre rouge et noir te servira a desinstaller le prog a la fin de la desinfection.
▶ laisse travailler l'outil
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.
un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , , il s'auto supprimera a la fin du scan
▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
-
et hop voila
List'em by g3n-h@ckm@n 1.7.1.3
User : daniel meyers (Administrateurs)
Update on 19/04/2010 by g3n-h@ckm@n ::::: 14.00
Start at: 19:52:21 | 20/04/2010
Today it's my birthday !!! :^)
Intel(R) Pentium(R) 4 CPU 3.06GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Enabled
AV : AVG Anti-Virus Free 8.5 [ Enabled | (!) Outdated ]
AV : AntiVir Desktop 9.0.1.26 [ (!) Disabled | (!) Outdated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 29,29 Go (4,57 Go free) [Système & applications] | NTFS
D:\ -> Disque fixe local | 48,83 Go (15,36 Go free) [Données] | NTFS
E:\ -> Disque fixe local | 14,65 Go (7,46 Go free) [Sauvegarde] | NTFS
F:\ -> Disque fixe local | 4,88 Go (2,42 Go free) [XP de secours] | NTFS
G:\ -> Disque CD-ROM | 654,26 Mo (0 Mo free) [RC] | CDFS
H:\ -> Disque amovible
I:\ -> Disque amovible | 116,88 Mo (9,53 Mo free) | FAT
Boot: Normal
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CAPM4RSK.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM4LAK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM4SWK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM4SWK.EXE
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\pv.exe
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
HP Software Update REG_SZ "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
HP Component Manager REG_SZ "c:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
DXDllRegExe REG_SZ dxdllreg.exe
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
SoundMan REG_SZ SOUNDMAN.EXE
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
AVG8_TRAY REG_SZ C:\PROGRA~1\AVG\AVG8\avgtray.exe
LogitechCommunicationsManager REG_SZ "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
LogitechQuickCamRibbon REG_SZ "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
Google Updater REG_SZ C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\lssas.exe
avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 255 (0xff)
NoDriveAutoRun REG_DWORD 255 (0xff)
HonorAutoRunSetting REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 0 (0x0)
NoDriveAutoRun REG_DWORD 255 (0xff)
NoDriveTypeAutoRun REG_DWORD 255 (0xff)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultDomainName REG_SZ BURODANIEL
DefaultUserName REG_SZ daniel meyers
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 1 (0x1)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 1 (0x1)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 0 (0x0)
AltDefaultUserName REG_SZ daniel meyers
AltDefaultDomainName REG_SZ BURODANIEL
ChangePasswordUseKerberos REG_DWORD 1 (0x1)
===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Fichiers communs\KAV Shared Files\avpupd.exe REG_SZ C:\Program Files\Fichiers communs\KAV Shared Files\avpupd.exe:*:Enabled:AVP Updater
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\INFORAD\IFDMAN.exe REG_SZ C:\Program Files\INFORAD\IFDMAN.exe:*:Enabled:INFORAD MANAGER 2.0
C:\Program Files\Maïdo Production\IziSpot 4\IziSpot.exe REG_SZ C:\Program Files\Maïdo Production\IziSpot 4\IziSpot.exe:*:Enabled:IziSpot
C:\WINDOWS\system32\mshta.exe REG_SZ C:\WINDOWS\system32\mshta.exe:*:Enabled:Microsoft (R) HTML Application host
C:\Program Files\Grisoft\AVG7\avginet.exe REG_SZ C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe REG_SZ C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe REG_SZ C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe
C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
D:\World of Warcraft\WoW-2.4.3-to-3.0.2-frFR-Win-Final-downloader.exe REG_SZ D:\World of Warcraft\WoW-2.4.3-to-3.0.2-frFR-Win-Final-downloader.exe:*:Enabled:Blizzard Downloader
D:\World of Warcraft\WoW-3.0.2.9056-to-3.0.3.9183-frFR-downloader.exe REG_SZ D:\World of Warcraft\WoW-3.0.2.9056-to-3.0.3.9183-frFR-downloader.exe:*:Enabled:Blizzard Downloader
C:\WINDOWS\system32\dpvsetup.exe REG_SZ C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
C:\WINDOWS\system32\rundll32.exe REG_SZ C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application
C:\Program Files\AVG\AVG8\avgupd.exe REG_SZ C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
C:\Program Files\AVG\AVG8\avgnsx.exe REG_SZ C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe
D:\World of Warcraft\WoW-3.0.3.9183-to-3.0.8.9464-frFR-downloader.exe REG_SZ D:\World of Warcraft\WoW-3.0.3.9183-to-3.0.8.9464-frFR-downloader.exe:*:Enabled:Blizzard Downloader
D:\World of Warcraft\Launcher.exe REG_SZ D:\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher
D:\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-frFR-downloader.exe REG_SZ D:\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-frFR-downloader.exe:*:Enabled:Blizzard Downloader
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
D:\World of Warcraft\WoW-3.2.0-frFR-downloader.exe REG_SZ D:\World of Warcraft\WoW-3.2.0-frFR-downloader.exe:*:Enabled:Blizzard Downloader
C:\Documents and Settings\daniel meyers\Application Data\erase_me025754.exe REG_SZ C:\Documents and Settings\daniel meyers\Application Data\erase_me025754.exe:*:Enabled:Userinit
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
===============
ActivX controls
===============
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{17492023-C23A-453E-A040-C7C580BBF700}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{49232000-16E4-426C-A231-62846947304B}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6A060448-60F9-11D5-A6CD-0002B31F7455}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{867E13F2-7F31-44FB-AC97-CD38E0DC46EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{AB86CE53-AC9F-449F-9399-D8ABCA09EC09}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{02FD1B43-6C0E-3A24-A754-79987839C9F8}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{27529823-45C0-2ED8-87A9-F5C418B294D2}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{467A0BA1-032B-AA41-67C3-827CB25765FD}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A495FFF-A9B2-4D9F-F1CC-BD42CF0006B0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
===
DNS
===
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9B418BD1-B8AD-4756-B4B2-53CD3544D966}: NameServer=212.27.40.240,212.27.40.241
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E28397E1-4063-4DB1-8BD1-EC0C9A59B848}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CCS\Services\Tcpip\..\{FCC0141E-1729-4C6B-A7B2-FA92F78A3D84}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\..\{28204043-74FF-4D5E-8FB2-1B8251F31224}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\..\{30E39581-FE96-45A5-9DAB-2070125F6C0D}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9B418BD1-B8AD-4756-B4B2-53CD3544D966}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9B418BD1-B8AD-4756-B4B2-53CD3544D966}: NameServer=212.27.40.240,212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E28397E1-4063-4DB1-8BD1-EC0C9A59B848}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FCC0141E-1729-4C6B-A7B2-FA92F78A3D84}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS3\Services\Tcpip\..\{28204043-74FF-4D5E-8FB2-1B8251F31224}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS3\Services\Tcpip\..\{30E39581-FE96-45A5-9DAB-2070125F6C0D}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9B418BD1-B8AD-4756-B4B2-53CD3544D966}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9B418BD1-B8AD-4756-B4B2-53CD3544D966}: NameServer=212.27.40.240,212.27.40.241
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E28397E1-4063-4DB1-8BD1-EC0C9A59B848}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS3\Services\Tcpip\..\{FCC0141E-1729-4C6B-A7B2-FA92F78A3D84}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr
Local Page REG_EXPAND_SZ %SystemRoot%\system32\blank.htm
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
========
Safemode
========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!
=========
Atapi.sys
=========
C:\WINDOWS\ServicePackFiles\i386\atapi.sys :
MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674]
SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]
C:\WINDOWS\system32\drivers\atapi.sys :
MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674]
SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]
Référence :
==========
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e
=======
Drive :
=======
D'fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.
Rapport d'analyse
29,29 Go total, 4,59 Go libre (15%), 32% fragment' (fragmentation du fichier 56%)
Vous devriez d'fragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Present !! : C:\Program Files\VMNToolbar
Present !! : C:\Program Files\VSAdd-in
Present !! : C:\Program Files\WinFixer 2005
Present !! : C:\WINDOWS\002866_.tmp
Present !! : C:\WINDOWS\SET29.tmp
Present !! : C:\WINDOWS\SET3.tmp
Present !! : C:\WINDOWS\SET4.tmp
Present !! : C:\WINDOWS\SET8.tmp
Present !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Present !! : C:\WINDOWS\System32\tmp.reg"
Present !! : C:\Documents and Settings\daniel meyers\RefEdit.exd
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\google updater
Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
============
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-20 20:04:56
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
AntiVirusOverride REG_DWORD 0 (0x0)
FirewallOverride REG_DWORD 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 20:04:57,92 -
-
▶ Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'Option Clean
ton PC va redemarrer,
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
▶ colle le contenu dans ta reponse -
Kill'em by g3n-h@ckm@n 1.7.1.3
User : daniel meyers (Administrateurs)
Update on 19/04/2010 by g3n-h@ckm@n ::::: 14.00
Start at: 02:45:43 | 21/04/2010
Today it's my birthday !!! :^)
Intel(R) Pentium(R) 4 CPU 3.06GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Enabled
AV : AVG Anti-Virus Free 8.5 [ Enabled | (!) Outdated ]
AV : AntiVir Desktop 9.0.1.26 [ Enabled | (!) Outdated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 29,29 Go (4,59 Go free) [Système & applications] | NTFS
D:\ -> Disque fixe local | 48,83 Go (15,36 Go free) [Données] | NTFS
E:\ -> Disque fixe local | 14,65 Go (7,46 Go free) [Sauvegarde] | NTFS
F:\ -> Disque fixe local | 4,88 Go (2,42 Go free) [XP de secours] | NTFS
G:\ -> Disque CD-ROM | 654,26 Mo (0 Mo free) [RC] | CDFS
H:\ -> Disque amovible
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CAPM4RSK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM4SWK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM4SWK.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\List_Kill'em\ERUNT.EXE
C:\Program Files\List_Kill'em\pv.exe
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\Program Files\VMNToolbar
Quarantined & Deleted !! : C:\Program Files\VSAdd-in
Quarantined & Deleted !! : C:\Program Files\WinFixer 2005
Quarantined & Deleted !! : C:\WINDOWS\002866_.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET29.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET3.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET4.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET8.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Quarantined & Deleted !! : C:\WINDOWS\System32\tmp.reg
Quarantined & Deleted !! : C:\Documents and Settings\daniel meyers\RefEdit.exd
==============
host file OK !
==============
========
Registry
========
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\google updater
Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
=================
Internet Explorer
=================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.com/?gws_rd=ssl
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
===============
Security Center
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
AntiVirusOverride REG_DWORD 1 (0x1)
FirewallOverride REG_DWORD 1 (0x1)
========
Services
=========
Ndisuio : Start = 3
EapHost : Start = 2
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2
============
Disk Cleaned
============
=================
anti-ver blaster : OK !!
=================
================
Prefetch cleaned
================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ -
-
Bonjour
Voila les rapports
http://www.cijoint.fr/cjlink.php?file=cj201004/cijteXQQdS.txt
et
http://www.cijoint.fr/cjlink.php?file=cj201004/cij3xqscT7.txt -
peux-tu me donner le contenu de ceci ? :
D:\AUTORISE.TXT
ensuite :
desinstalle "Favorit"
ensuite :
? double clique sur OTL.exe pour le lancer.
?Copie la liste qui se trouve en gras ci-dessous,
? colle-la dans la zone sous Customs Scans/Fixes :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [DXDllRegExe] File not found
@Alternate Data Stream - 68 bytes -> D:\vac2005-91.JPG:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\vac2005-9.JPG:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\vac2005-8.JPG:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\vac2005-7.JPG:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\vac2005-6.JPG:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\vac2005-5.JPG:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\vac2005-4.JPG:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\vac2005-3.JPG:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\vac2005-2.JPG:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\vac2005-1.JPG:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\titreg2.gif:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\text1.swf:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\tel urgences.doc:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\server2.met:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\server.met:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\rosie.jpg:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\rmxv3.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\release_notes.txt:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\psa2se_fre.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\plot.log:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\onciale.jpg:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\navigation.htm:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\navfla.htm:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\nav.swf:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\nav.swd:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\nav.htm:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\mp10setup.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\menu.swf:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\menu.html:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\menu.fla:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\mainttest1.html:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\mainttest0.html:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\maintest.html:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\main.htm:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\LECTMD10.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\LECOURTAIS.pdf:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\jeroboam.zip:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\jeanmichel.tif:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\index.html:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\index.htm:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\he2.pdf:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\frameset.htm:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\Flash8-fr.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\Fireworks8-fr.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\feuille.html:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\Fetes%20SV.pdf:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\EnvoiFTP_V105.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\Dreamweaver8-fr.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\DivXPlay.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\credit-rachat2.fla:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\contact-24817.htm:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\caution.rtf:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\cadeaux koclicko brio1.doc:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\cadeaux koclicko brio.doc:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\button1.swf:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\bl.gif:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\bl.bmp:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\Au revoir et bon vent.ppt:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\antonin2.gif:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\AdbeRdr60_fra_full.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\3ivx.zip:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\000000-20050125-SN025175997SCRIFV1114900000000514d1df337463fb720f0fce1c9b3ddbe.pdf:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\000000-20050111-SN011104497SCRIFV111490000000065407b2ef3849600003eb40937807a5e.pdf:KAVICHS
@Alternate Data Stream - 68 bytes -> D:\(pas de sujet).eml:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Program Files\RngInterstitial.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\WinDVD7.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\vlc-0.8.4a-win32.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Studio10_5_full.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\roulet_mandat_revenus_identite.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\roulet_hebergeur2.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\roulet_hebergeur1.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\roulet_crd.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Raccourci vers Inforad_Manager_2_0_full_setup.lnk:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\pilat_revenus.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\pilat_identite_logement.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\pilat_crd.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\pilat_complements.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\pilat_bque_mr.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\pilat_bque_mme_2.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\pilat_bque_mme_1.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\octobre2006 174 bis.jpg:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Numériser.jpg:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\nizier_taxhab_compl.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\nizier_solde_compl.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\nizier_revenus.zip:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\nizier_revenus.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\nizier_is_compl.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\nizier_identite_logement.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\nizier_crd.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\nizier_banque_mr.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\nizier_banque_mme.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Maximusdvd1.2.ZIP:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\mathiot_revenus.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\mathiot_identite_logement.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\mathiot_crd.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\mathiot_comptes.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\MakeMPEG4Free.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\mails senateurs.sxw:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\loup garouj.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Inforad_Manager_2_0_full_setup.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\FELIZ2006.pps:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Dossier - ROULET.xls:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Dossier - PILAT.xls:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Dossier - MATHIOT.xls:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Dossier - CHARLERY.xls:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\directx_9c_oct05sdk_redist.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\dessins.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\coca.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\charlery_revenus.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\charlery_identite_logement.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\charlery_crd.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\charlery_banque2.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\charlery_banque1.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\chapu.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\cassandra&antonin.jpg:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\30avril&divers.ncd:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\-20060411-IT101183668II4VAA30100-oHh9djHJ.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\-20060411-IT101183658II4VAA08171-Lfi_JUUl.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\-20060406-IT096132468II4VAA30100-ioEfDKmR.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\-20060406-IT096132458II4VAA08171-5JdBnqdP.pdf:KAVICHS
@Alternate Data Stream - 228 bytes -> D:\desktop.ini:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\vm404.log:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\syss.txt:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\rlog.txt:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\_Sid.txt:KAVICHS
@Alternate Data Stream - 132 bytes -> c:\Program Files\HP\hpcoretech\hpcmpmgr.exe:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe:KAVICHS
@Alternate Data Stream - 100 bytes -> D:\RealPlayer10-5GOLD.exe:KAVICHS
@Alternate Data Stream - 100 bytes -> D:\R_U_S_H_.TXT:KAVICHS
@Alternate Data Stream - 100 bytes -> D:\LOGICIEL.TXT:KAVICHS
@Alternate Data Stream - 100 bytes -> D:\LECTME~1.ZIP:KAVICHS
@Alternate Data Stream - 100 bytes -> D:\LECTME~1.HTM:KAVICHS
@Alternate Data Stream - 100 bytes -> D:\LECTME~1.GIF:KAVICHS
@Alternate Data Stream - 100 bytes -> D:\LECTMD10.RSH:KAVICHS
@Alternate Data Stream - 100 bytes -> D:\kav5.0.225_winwks_full_fr.exe:KAVICHS
@Alternate Data Stream - 100 bytes -> D:\INSTAL~1.TXT:KAVICHS
@Alternate Data Stream - 100 bytes -> D:\FILE_ID.DIZ:KAVICHS
@Alternate Data Stream - 100 bytes -> D:\eMule0.46c-Installer.exe:KAVICHS
@Alternate Data Stream - 100 bytes -> D:\daemon341.exe:KAVICHS
@Alternate Data Stream - 100 bytes -> D:\AUTORISE.TXT:KAVICHS
@Alternate Data Stream - 100 bytes -> D:\AUTEUR.TXT:KAVICHS
@Alternate Data Stream - 100 bytes -> D:\AFASHLP.TXT:KAVICHS
@Alternate Data Stream - 100 bytes -> D:\AFAS_ID.TXT:KAVICHS
@Alternate Data Stream - 100 bytes -> D:\AFAS.HLP:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\lewl2.html:KAVICHS
:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"HP Component Manager"=-
"TkBellExe"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride"=1
"FirewallOverride"=1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Fichiers communs\KAV Shared Files\avpupd.exe"=-
"C:\Documents and Settings\daniel meyers\Application Data\erase_me025754.exe"=-
:Files
C:\WINDOWS\Lfaqia.exe
:commands
[emptytemp]
[start explorer]
[reboot]
? Clique sur "Correction" pour lancer la suppression.
? Poste le rapport qui logiquement s'ouvrira tout seul en fin de travail appres le redemarrage.
?G3?-?@¢??@?(TM)©®? -
alors le fichier autorise.txt est un contrat (je ne sais pas ce qu'il fait la mais il a l'air tres inoffensif...)
pour le programme a desistaller impossible de le trouver...
du coup je n'ai pas lance la procedure demandée. -
- 1
- 2
- 3