12 réponses
Utilisateur anonyme
1 mai 2010 à 11:00
1 mai 2010 à 11:00
bonjour oui je vais m'absenter je reviens dans l'apres midi
Utilisateur anonyme
1 mai 2010 à 11:15
1 mai 2010 à 11:15
ok quand tu reviens essaie de garder lememe pseudo ou de t'inscrire stp
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Utilisateur anonyme
1 mai 2010 à 15:05
1 mai 2010 à 15:05
alors tu as effectué des scans ? tu as des rapports ? sinon ne fais rien je te donne une procedure
dada75019
Messages postés
8
Date d'inscription
samedi 1 mai 2010
Statut
Membre
Dernière intervention
1 mai 2010
1 mai 2010 à 15:33
1 mai 2010 à 15:33
tu es partis ?
Utilisateur anonyme
1 mai 2010 à 15:59
1 mai 2010 à 15:59
dada75019
Messages postés
8
Date d'inscription
samedi 1 mai 2010
Statut
Membre
Dernière intervention
1 mai 2010
1 mai 2010 à 16:36
1 mai 2010 à 16:36
quel procedure ?
Utilisateur anonyme
1 mai 2010 à 16:38
1 mai 2010 à 16:38
tu m'as dit sur l'autre topic avoir commencé à faire des scans si je ne m'abuse....
dada75019
Messages postés
8
Date d'inscription
samedi 1 mai 2010
Statut
Membre
Dernière intervention
1 mai 2010
1 mai 2010 à 18:53
1 mai 2010 à 18:53
je recois tjrs t message 4ans apres je vien juste de recevoir celui la il me laficher pas avant oui jai fait les mme scan que celui ke tu demanedr hier a lotre je te les envoi je les refait merci et desolé
dada75019
Messages postés
8
Date d'inscription
samedi 1 mai 2010
Statut
Membre
Dernière intervention
1 mai 2010
1 mai 2010 à 19:00
1 mai 2010 à 19:00
c'est normal que sa bouge pas de 30% ?
dada75019
Messages postés
8
Date d'inscription
samedi 1 mai 2010
Statut
Membre
Dernière intervention
1 mai 2010
1 mai 2010 à 19:18
1 mai 2010 à 19:18
List'em by g3n-h@ckm@n 1.7.2.6
User : Dada (Administrateurs)
Update on 30/04/2010 by g3n-h@ckm@n ::::: 19.40
Start at: 18:55:47 | 01/05/2010
Intel(R) Celeron(R) CPU 900 @ 2.20GHz
Microsoft Windows 7 Professionnel (6.1.7600 32-bit) #
Internet Explorer 8.0.7600.16385
Windows Firewall Status : Enabled
C:\ -> Disque fixe local | 48,73 Go (6,9 Go free) [Windows] | NTFS
D:\ -> Disque fixe local | 174,19 Go (146,83 Go free) [Dada] | NTFS
E:\ -> Disque fixe local | 9,86 Go (1,73 Go free) [RECOVERY] | NTFS
F:\ -> Disque CD-ROM
G:\ -> Disque CD-ROM
Boot: Normal
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\ProgramData\BarDiscover\bardiscover121.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Users\Dada\AppData\Roaming\sdra64.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Users\Dada\AppData\Roaming\ARManager\apmanager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\explorer.exe
C:\Program Files\BarDiscover\bardiscover.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Users\Dada\Desktop\CloneCD\CloneCDTray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Users\Dada\AppData\Roaming\3A915418C440CFEEEF35062C53F56C8D\gotnewupdate.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Twydyc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\mspaint.exe
C:\Users\Dada\AppData\Local\Temp\Tfx.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\pv.exe
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
PC Suite Tray REG_SZ "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
Skype REG_SZ "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
FBSSA REG_SZ C:\Program Files\SGPSA\ie3sh.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
SSBkgdUpdate REG_SZ "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
OpwareSE4 REG_SZ "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Adobe ARM REG_SZ "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
CloneCDTray REG_SZ "C:\Users\Dada\Desktop\CloneCD\CloneCDTray.exe" /s
PWRISOVM.EXE REG_SZ C:\Program Files\PowerISO\PWRISOVM.EXE
lsdefrag REG_SZ C:\Users\Dada\AppData\Local\Temp\exswrnamoc.exe
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
ConsentPromptBehaviorAdmin REG_DWORD 0 (0x0)
ConsentPromptBehaviorUser REG_DWORD 3 (0x3)
EnableInstallerDetection REG_DWORD 1 (0x1)
EnableLUA REG_DWORD 0 (0x0)
EnableSecureUIAPaths REG_DWORD 1 (0x1)
EnableUIADesktopToggle REG_DWORD 0 (0x0)
EnableVirtualization REG_DWORD 1 (0x1)
PromptOnSecureDesktop REG_DWORD 0 (0x0)
ValidateAdminCodeSignatures REG_DWORD 0 (0x0)
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
scforceoption REG_DWORD 0 (0x0)
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
FilterAdministratorToken REG_DWORD 0 (0x0)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 145 (0x91)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
ReportBootOk REG_SZ 1
Shell REG_SZ explorer.exe
PreCreateKnownFolders REG_SZ {A520A1A4-1780-4FF6-BD18-167343C5AF16}
Userinit REG_SZ C:\Windows\system32\userinit.exe,C:\Users\Dada\AppData\Roaming\sdra64.exe,
VMApplet REG_SZ SystemPropertiesPerformance.exe /pagefile
AutoRestartShell REG_DWORD 1 (0x1)
Background REG_SZ 0 0 0
CachedLogonsCount REG_SZ 10
DebugServerCommand REG_SZ no
ForceUnlockLogon REG_DWORD 0 (0x0)
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PasswordExpiryWarning REG_DWORD 5 (0x5)
PowerdownAfterShutdown REG_SZ 0
ShutdownWithoutLogon REG_SZ 0
WinStationsDisabled REG_SZ 0
DisableCAD REG_DWORD 1 (0x1)
scremoveoption REG_SZ 0
ShutdownFlags REG_DWORD 43 (0x2b)
===============
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
===============
ActivX controls
===============
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{867E13F2-7F31-44FB-AC97-CD38E0DC46EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]
===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{53707962-6F74-2D53-2644-206D7942484F}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{F0626A63-410B-45E2-99A1-3F2475B2D695}]
===
DNS
===
HKLM\SYSTEM\CCS\Services\Tcpip\..\{591FE272-1214-4C69-B5AE-3A8BD9C8943C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{591FE272-1214-4C69-B5AE-3A8BD9C8943C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{591FE272-1214-4C69-B5AE-3A8BD9C8943C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Local Page REG_SZ C:\Windows\System32\blank.htm
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.fr/?gws_rd=ssl
Local Page REG_SZ C:\Windows\system32\blank.htm
Search Page REG_SZ
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
Wlansvc : 0x2 ( OK = 2 )
SharedAccess : 0x4 ( OK = 2 )
windefend : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
wscsvc : 0x2 ( OK = 2 )
========
Safemode
========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!
=========
Atapi.sys
=========
C:\Windows\System32\drivers\atapi.sys :
MD5 :: [338c86357871c167a96ab976519bf59e]
SHA256 :: [f28cc534523d1701b0552f5d7e18e88369c4218bdb1f69110c3e31d395884ad6]
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys :
MD5 :: [338c86357871c167a96ab976519bf59e]
SHA256 :: [f28cc534523d1701b0552f5d7e18e88369c4218bdb1f69110c3e31d395884ad6]
C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys :
MD5 :: [338c86357871c167a96ab976519bf59e]
SHA256 :: [f28cc534523d1701b0552f5d7e18e88369c4218bdb1f69110c3e31d395884ad6]
Référence :
==========
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e
=======
Drive :
=======
Défragmenteur de disque Microsoft
Copyright (c) 2007 Microsoft Corp.
Invocation de analyse sur Windows (C:)...
L'opération a réussi.
Post Defragmentation Report:
Informations sur le volume :
Taille du volume = 48,72 Go
Espace libre = 6,91 Go
Quantité totale d'espace fragmenté = 0%
Taille maximale d'espace libre = 2,93 Go
Remarque : les fragments de fichier de plus de 64 Mo ne sont pas inclus dans les statistiques de fragmentation.
Il n'est pas nécessaire de défragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Present !! : C:\ProgramData\.zreglib
Present !! : C:\Program Files\ShoppingReport
Present !! : C:\Windows\System32\drivers\etc\hosts.msn
Present !! : C:\Windows\System32\sshnas??.dll
Present !! : C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
Present !! : C:\Windows\Temp\C84F.tmp
Present !! : C:\Users\Dada\AppData\Local\GDIPFONTCACHEV1.DAT
Present !! : C:\Users\Dada\AppData\Roaming\ARManager
Present !! : C:\Users\Dada\AppData\Roaming\sdra64.exe
Present !! : C:\Users\Dada\Local Settings\Temp\a.dat
Present !! : C:\Users\Dada\Local Settings\Temp\Tf0.exe
Present !! : C:\Users\Dada\Local Settings\Temp\Tf1.exe
Present !! : C:\Users\Dada\Local Settings\Temp\Tf2.exe
Present !! : C:\Users\Dada\Local Settings\Temp\Tf3.exe
Present !! : C:\Users\Dada\Local Settings\Temp\Tfv.exe
Present !! : C:\Users\Dada\Local Settings\Temp\Tfw.exe
Present !! : C:\Users\Dada\Local Settings\Temp\Tfx.exe
Present !! : C:\Users\Dada\Local Settings\Temp\Tfy.exe
Present !! : C:\Users\Dada\Local Settings\Temp\Tfz.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\enowmxarcs.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\gmfrxpgv.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\khvcol.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\SkypeSetup.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\stp439b9.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\Tf0.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\Tf1.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\Tf2.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\Tf3.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\Tfv.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\Tfw.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\Tfx.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\Tfy.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\Tfz.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is1313.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is163E.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is186.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is1BEA.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is1C36.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is27F9.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is2C5C.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is2FA7.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is389C.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is3B8D.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is3CC1.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is4153.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is434.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is4643.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is49FC.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is50B2.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is5458.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is5C23.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is5E65.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is6067.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is670C.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is67B7.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is6884.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is6AD3.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is7178.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is7223.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is75F.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is7722.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is7F25.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is8584.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is8814.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is8832.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is8F63.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is910A.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is9646.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is9A3C.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is9CAD.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is9F5A.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isA0B1.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isA41F.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isA5E.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isA708.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isA85F.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isA8AD.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isABC.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isAE99.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isB357.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isB3F3.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isB452.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isB48F.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isBBFF.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isC699.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isCBB7.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isCDAA.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isCE65.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isCF30.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isD421.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isD433.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isD58.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isD779.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isDD34.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isE23.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isE243.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isE32D.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isE34.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isE34C.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isE54F.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isE90.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isE9E2.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isF1C.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isF3C0.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isF3D2.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isF40F.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isF823.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isFD69.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isFF35.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\a.dat
Present !! : C:\Users\Dada\LOCAL Settings\Temp\catchme.dll
Present !! : C:\Users\Dada\LOCAL Settings\Temp\sshnas21.dll
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\lsdefrag
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools
Present !! : "HKCU\Software\Antimalware Doctor Inc"
Present !! : "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0626A63-410B-45E2-99A1-3F2475B2D695}"
Present !! : HKCR\CLSID\{ca3eb689-8f09-4026-aa10-b9534c691ce0}
Present !! : HKCR\Interface\{4897bba6-48d9-468c-8efa-846275d7701b}
Present !! : HKCR\TypeLib\{4509d3cc-b642-4745-b030-645b79522c6d}
Present !! : HKCR\urlsearchhook.toolbarurlsearchhook
Present !! : HKCR\urlsearchhook.toolbarurlsearchhook.1
Present !! : HKCU\SOFTWARE\Microsoft\Handle
Present !! : HKCU\SOFTWARE\ShoppingReport
Present !! : HKCU\SOFTWARE\XML
Present !! : HKLM\Software\bardiscover
Present !! : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport
Present !! : HKLM\SOFTWARE\ShoppingReport
============
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-01 19:09:02
Windows 6.1.7600 FAT NTAPI
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x01D1C4000
malicious code @ sector 0x01D1C4003 !
PE file found in sector at 0x01D1C4019 !
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval REG_DWORD 1 (0x1)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 19:09:02,90
User : Dada (Administrateurs)
Update on 30/04/2010 by g3n-h@ckm@n ::::: 19.40
Start at: 18:55:47 | 01/05/2010
Intel(R) Celeron(R) CPU 900 @ 2.20GHz
Microsoft Windows 7 Professionnel (6.1.7600 32-bit) #
Internet Explorer 8.0.7600.16385
Windows Firewall Status : Enabled
C:\ -> Disque fixe local | 48,73 Go (6,9 Go free) [Windows] | NTFS
D:\ -> Disque fixe local | 174,19 Go (146,83 Go free) [Dada] | NTFS
E:\ -> Disque fixe local | 9,86 Go (1,73 Go free) [RECOVERY] | NTFS
F:\ -> Disque CD-ROM
G:\ -> Disque CD-ROM
Boot: Normal
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\ProgramData\BarDiscover\bardiscover121.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Users\Dada\AppData\Roaming\sdra64.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Users\Dada\AppData\Roaming\ARManager\apmanager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\explorer.exe
C:\Program Files\BarDiscover\bardiscover.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Users\Dada\Desktop\CloneCD\CloneCDTray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Users\Dada\AppData\Roaming\3A915418C440CFEEEF35062C53F56C8D\gotnewupdate.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Twydyc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\mspaint.exe
C:\Users\Dada\AppData\Local\Temp\Tfx.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\pv.exe
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
PC Suite Tray REG_SZ "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
Skype REG_SZ "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
FBSSA REG_SZ C:\Program Files\SGPSA\ie3sh.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
SSBkgdUpdate REG_SZ "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
OpwareSE4 REG_SZ "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Adobe ARM REG_SZ "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
CloneCDTray REG_SZ "C:\Users\Dada\Desktop\CloneCD\CloneCDTray.exe" /s
PWRISOVM.EXE REG_SZ C:\Program Files\PowerISO\PWRISOVM.EXE
lsdefrag REG_SZ C:\Users\Dada\AppData\Local\Temp\exswrnamoc.exe
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
ConsentPromptBehaviorAdmin REG_DWORD 0 (0x0)
ConsentPromptBehaviorUser REG_DWORD 3 (0x3)
EnableInstallerDetection REG_DWORD 1 (0x1)
EnableLUA REG_DWORD 0 (0x0)
EnableSecureUIAPaths REG_DWORD 1 (0x1)
EnableUIADesktopToggle REG_DWORD 0 (0x0)
EnableVirtualization REG_DWORD 1 (0x1)
PromptOnSecureDesktop REG_DWORD 0 (0x0)
ValidateAdminCodeSignatures REG_DWORD 0 (0x0)
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
scforceoption REG_DWORD 0 (0x0)
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
FilterAdministratorToken REG_DWORD 0 (0x0)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 145 (0x91)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
ReportBootOk REG_SZ 1
Shell REG_SZ explorer.exe
PreCreateKnownFolders REG_SZ {A520A1A4-1780-4FF6-BD18-167343C5AF16}
Userinit REG_SZ C:\Windows\system32\userinit.exe,C:\Users\Dada\AppData\Roaming\sdra64.exe,
VMApplet REG_SZ SystemPropertiesPerformance.exe /pagefile
AutoRestartShell REG_DWORD 1 (0x1)
Background REG_SZ 0 0 0
CachedLogonsCount REG_SZ 10
DebugServerCommand REG_SZ no
ForceUnlockLogon REG_DWORD 0 (0x0)
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PasswordExpiryWarning REG_DWORD 5 (0x5)
PowerdownAfterShutdown REG_SZ 0
ShutdownWithoutLogon REG_SZ 0
WinStationsDisabled REG_SZ 0
DisableCAD REG_DWORD 1 (0x1)
scremoveoption REG_SZ 0
ShutdownFlags REG_DWORD 43 (0x2b)
===============
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
===============
ActivX controls
===============
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{867E13F2-7F31-44FB-AC97-CD38E0DC46EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]
===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{53707962-6F74-2D53-2644-206D7942484F}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{F0626A63-410B-45E2-99A1-3F2475B2D695}]
===
DNS
===
HKLM\SYSTEM\CCS\Services\Tcpip\..\{591FE272-1214-4C69-B5AE-3A8BD9C8943C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{591FE272-1214-4C69-B5AE-3A8BD9C8943C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{591FE272-1214-4C69-B5AE-3A8BD9C8943C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Local Page REG_SZ C:\Windows\System32\blank.htm
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.fr/?gws_rd=ssl
Local Page REG_SZ C:\Windows\system32\blank.htm
Search Page REG_SZ
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
Wlansvc : 0x2 ( OK = 2 )
SharedAccess : 0x4 ( OK = 2 )
windefend : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
wscsvc : 0x2 ( OK = 2 )
========
Safemode
========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!
=========
Atapi.sys
=========
C:\Windows\System32\drivers\atapi.sys :
MD5 :: [338c86357871c167a96ab976519bf59e]
SHA256 :: [f28cc534523d1701b0552f5d7e18e88369c4218bdb1f69110c3e31d395884ad6]
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys :
MD5 :: [338c86357871c167a96ab976519bf59e]
SHA256 :: [f28cc534523d1701b0552f5d7e18e88369c4218bdb1f69110c3e31d395884ad6]
C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys :
MD5 :: [338c86357871c167a96ab976519bf59e]
SHA256 :: [f28cc534523d1701b0552f5d7e18e88369c4218bdb1f69110c3e31d395884ad6]
Référence :
==========
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e
=======
Drive :
=======
Défragmenteur de disque Microsoft
Copyright (c) 2007 Microsoft Corp.
Invocation de analyse sur Windows (C:)...
L'opération a réussi.
Post Defragmentation Report:
Informations sur le volume :
Taille du volume = 48,72 Go
Espace libre = 6,91 Go
Quantité totale d'espace fragmenté = 0%
Taille maximale d'espace libre = 2,93 Go
Remarque : les fragments de fichier de plus de 64 Mo ne sont pas inclus dans les statistiques de fragmentation.
Il n'est pas nécessaire de défragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Present !! : C:\ProgramData\.zreglib
Present !! : C:\Program Files\ShoppingReport
Present !! : C:\Windows\System32\drivers\etc\hosts.msn
Present !! : C:\Windows\System32\sshnas??.dll
Present !! : C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
Present !! : C:\Windows\Temp\C84F.tmp
Present !! : C:\Users\Dada\AppData\Local\GDIPFONTCACHEV1.DAT
Present !! : C:\Users\Dada\AppData\Roaming\ARManager
Present !! : C:\Users\Dada\AppData\Roaming\sdra64.exe
Present !! : C:\Users\Dada\Local Settings\Temp\a.dat
Present !! : C:\Users\Dada\Local Settings\Temp\Tf0.exe
Present !! : C:\Users\Dada\Local Settings\Temp\Tf1.exe
Present !! : C:\Users\Dada\Local Settings\Temp\Tf2.exe
Present !! : C:\Users\Dada\Local Settings\Temp\Tf3.exe
Present !! : C:\Users\Dada\Local Settings\Temp\Tfv.exe
Present !! : C:\Users\Dada\Local Settings\Temp\Tfw.exe
Present !! : C:\Users\Dada\Local Settings\Temp\Tfx.exe
Present !! : C:\Users\Dada\Local Settings\Temp\Tfy.exe
Present !! : C:\Users\Dada\Local Settings\Temp\Tfz.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\enowmxarcs.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\gmfrxpgv.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\khvcol.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\SkypeSetup.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\stp439b9.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\Tf0.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\Tf1.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\Tf2.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\Tf3.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\Tfv.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\Tfw.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\Tfx.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\Tfy.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\Tfz.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is1313.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is163E.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is186.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is1BEA.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is1C36.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is27F9.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is2C5C.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is2FA7.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is389C.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is3B8D.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is3CC1.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is4153.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is434.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is4643.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is49FC.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is50B2.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is5458.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is5C23.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is5E65.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is6067.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is670C.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is67B7.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is6884.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is6AD3.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is7178.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is7223.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is75F.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is7722.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is7F25.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is8584.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is8814.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is8832.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is8F63.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is910A.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is9646.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is9A3C.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is9CAD.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_is9F5A.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isA0B1.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isA41F.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isA5E.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isA708.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isA85F.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isA8AD.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isABC.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isAE99.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isB357.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isB3F3.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isB452.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isB48F.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isBBFF.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isC699.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isCBB7.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isCDAA.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isCE65.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isCF30.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isD421.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isD433.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isD58.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isD779.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isDD34.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isE23.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isE243.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isE32D.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isE34.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isE34C.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isE54F.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isE90.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isE9E2.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isF1C.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isF3C0.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isF3D2.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isF40F.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isF823.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isFD69.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\_isFF35.exe
Present !! : C:\Users\Dada\LOCAL Settings\Temp\a.dat
Present !! : C:\Users\Dada\LOCAL Settings\Temp\catchme.dll
Present !! : C:\Users\Dada\LOCAL Settings\Temp\sshnas21.dll
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\lsdefrag
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools
Present !! : "HKCU\Software\Antimalware Doctor Inc"
Present !! : "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0626A63-410B-45E2-99A1-3F2475B2D695}"
Present !! : HKCR\CLSID\{ca3eb689-8f09-4026-aa10-b9534c691ce0}
Present !! : HKCR\Interface\{4897bba6-48d9-468c-8efa-846275d7701b}
Present !! : HKCR\TypeLib\{4509d3cc-b642-4745-b030-645b79522c6d}
Present !! : HKCR\urlsearchhook.toolbarurlsearchhook
Present !! : HKCR\urlsearchhook.toolbarurlsearchhook.1
Present !! : HKCU\SOFTWARE\Microsoft\Handle
Present !! : HKCU\SOFTWARE\ShoppingReport
Present !! : HKCU\SOFTWARE\XML
Present !! : HKLM\Software\bardiscover
Present !! : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport
Present !! : HKLM\SOFTWARE\ShoppingReport
============
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-01 19:09:02
Windows 6.1.7600 FAT NTAPI
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x01D1C4000
malicious code @ sector 0x01D1C4003 !
PE file found in sector at 0x01D1C4019 !
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval REG_DWORD 1 (0x1)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 19:09:02,90
dada75019
Messages postés
8
Date d'inscription
samedi 1 mai 2010
Statut
Membre
Dernière intervention
1 mai 2010
Modifié par dada75019 le 1/05/2010 à 19:26
Modifié par dada75019 le 1/05/2010 à 19:26
voila je fais quoi mnt ?
Utilisateur anonyme
1 mai 2010 à 20:38
1 mai 2010 à 20:38
▶ Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'Option Clean
ton PC va redemarrer,
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
▶ colle le contenu dans ta reponse
mais cette fois-ci :
▶ choisis l'Option Clean
ton PC va redemarrer,
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
▶ colle le contenu dans ta reponse
