Virus droit d'auteur

Résolu
waerbenn -  
 Utilisateur anonyme -
bonsoir,

j'ai un virus qui m'empeche d'avoir accès à mon bureau, avec une page "violation de droits d'auteurs...", j'ai réussi à avoir de nouveau accès au bureau, mais dès que j'allume mon ordinateur, le virus revient.
De plus j'ai appliqué comme mentionné dans un topic list kill'em option 1 puis 2 mais il reste toujours au demarage
que dois je faire pour l'enlever totalement?

merci de votre aide.
A voir également:

96 réponses

Réponse 1 / 96
Utilisateur anonyme
 

__________________________________________________________
=>/!\Le script qui suit a été écrit spécialement cet ordinateur/!\ <=
=>il est fort déconseillé de le transposer sur un autre ordinateur !<=====|
---------------------------------------------------------------

Toujours avec toutes les protections désactivées, fais ceci :

▶ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
▶ Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

----------------------------------------------------------
KillAll::

TDL::
C:\Windows\System32\Drivers\atapi.sys

MBR::

SkipFix::
------------------------------------------------------------------

▶ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
▶ Quitte le Bloc Notes

▶ Fais un glisser/déposer de ce fichier CFScript sur le fichier combofix

▶ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
▶ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt


3
Réponse 2 / 96
Utilisateur anonyme
 
cd erdnt\subs

puis entrée

batch erdnt.con

puis entrée
1
Réponse 3 / 96
Utilisateur anonyme
 
voila toutes les anciennes version de java sont supprimées :)
1
Réponse 4 / 96
Utilisateur anonyme
 
bonjour fait ceci

http://www.commentcamarche.net/faq/27876-icpp-online-violation-de-droits-d-auteur

est poste les rapports demandé
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 96
jalobservateur Messages postés 7372 Date d'inscription   Statut Contributeur sécurité Dernière intervention   930
 
Salut :)
http://www.commentcamarche.net/faq/27876-icpp-online-violation-de-droits-d-auteur
0
Utilisateur anonyme
 
prems
0
Réponse 6 / 96
jalobservateur Messages postés 7372 Date d'inscription   Statut Contributeur sécurité Dernière intervention   930
 
Hihi ouais il a la réponse ;)
0
Réponse 7 / 96
waerbenn
 
Kill'em by g3n-h@ckm@n 1.3.2.1

User : HOUSE (Administrateurs)
Update on 10/03/2010 by g3n-h@ckm@n ::::: 17.30
Start at: 19:01:56 | 02/05/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7

Intel(R) Pentium(R) 4 CPU 3.60GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : G Data AntiVirus 2010 18.0 [ Enabled | Updated ]

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 48,83 Go (3,8 Go free) | NTFS
D:\ -> Disque fixe local | 19,53 Go (19,46 Go free) [??????] | NTFS
E:\ -> Disque fixe local | 48,83 Go (34,2 Go free) [Logiciel] | NTFS
F:\ -> Disque fixe local | 121,55 Go (79,14 Go free) [Download] | NTFS
G:\ -> Disque CD-ROM
H:\ -> Disque CD-ROM
I:\ -> Disque fixe local | 249,25 Go (149,81 Go free) [Video] | NTFS
J:\ -> Disque fixe local | 8,02 Go (1,84 Go free) [Divers] | NTFS
K:\ -> Disque CD-ROM
L:\ -> Disque CD-ROM
N:\ -> Disque fixe local | 232,83 Go (113,65 Go free) [My Book] | FAT32


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
E:\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
E:\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\ASUSKBService.exe
C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
C:\Program Files\G Data\AntiVirus\AVK\AVKService.exe
C:\Program Files\G Data\AntiVirus\AVK\AVKWCtl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Fichiers communs\G DATA\GDScan\GDScan.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\List_Kill'em\ERUNT.EXE
C:\Program Files\List_Kill'em\pv.exe

Detections :
==========


¤¤¤¤¤¤¤¤¤¤ Files/folders :


Quarantined & Deleted !! : C:\WINDOWS\System32\lowsec
Quarantined & Deleted !! : C:\WINDOWS\System32\sdra64.exe

==============
host file OK !
==============

========
Registry
========

Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Deleted : HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7}
Deleted : HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6}
Deleted : HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7}
========
Services
=========

Ndisuio : Start = 3
EapHost : Start = 2
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2

============
Disk Cleaned
============

=================
anti-ver blaster : OK !!
=================

================
Prefetch cleaned
================



¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
waerbenn
 
le premier rapport ne passe pas
0
Réponse 8 / 96
waerbenn
 
List'em by g3n-h@ckm@n 1.3.2.1

User : HOUSE (Administrateurs)
Update on 10/03/2010 by g3n-h@ckm@n ::::: 17.30
Start at: 09:09:39 | 02/05/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7

Intel(R) Pentium(R) 4 CPU 3.60GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : G Data AntiVirus 2010 18.0 [ Enabled | (!) Outdated ]

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 48,83 Go (3,73 Go free) | NTFS
D:\ -> Disque fixe local | 19,53 Go (19,46 Go free) [??????] | NTFS
E:\ -> Disque fixe local | 48,83 Go (34,23 Go free) [Logiciel] | NTFS
F:\ -> Disque fixe local | 121,55 Go (81,2 Go free) [Download] | NTFS
G:\ -> Disque CD-ROM
H:\ -> Disque CD-ROM
I:\ -> Disque fixe local | 249,25 Go (149,81 Go free) [Video] | NTFS
J:\ -> Disque fixe local | 8,02 Go (1,84 Go free) [Divers] | NTFS
K:\ -> Disque CD-ROM
L:\ -> Disque CD-ROM
N:\ -> Disque fixe local | 232,83 Go (113,65 Go free) [My Book] | FAT32

Boot: Normal


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
E:\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
E:\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\ASUSKBService.exe
C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
C:\Program Files\G Data\AntiVirus\AVK\AVKService.exe
C:\Program Files\G Data\AntiVirus\AVK\AVKWCtl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
E:\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Fichiers communs\G DATA\GDScan\GDScan.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\G Data\AntiVirus\AVKTray\AVKTray.exe
C:\WINDOWS\System32\svchost.exe
E:\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\List_Kill'em\FxEx.scr
C:\WINDOWS\system32\cmd.exe
C:\Program Files\List_Kill'em\pv.exe

======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Raccourci vers la page des propriétés de High Definition Audio REG_SZ HDAudPropShortcut.exe
Cmaudio REG_SZ RunDll32 cmicnfg.cpl,CMICtrlWnd
REGSHAVE REG_SZ C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
NWEReboot REG_SZ
<NO NAME> REG_SZ
AOLSAV REG_SZ C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
G DATA AntiVirus Trayapplication REG_SZ C:\Program Files\G Data\AntiVirus\AVKTray\AVKTray.exe
Adobe Version Cue CS2 REG_SZ E:\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 145 (0x91)

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 1 (0x1)

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultDomainName REG_SZ EVANN
DefaultUserName REG_SZ HOUSE
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\HOUSE\Application Data\sdra64.exe,C:\WINDOWS\system32\sdra64.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 1 (0x1)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 1 (0x1)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 0 (0x0)
AltDefaultUserName REG_SZ HOUSE
AltDefaultDomainName REG_SZ EVANN
ChangePasswordUseKerberos REG_DWORD 1 (0x1)
EnableConcurrentSessions REG_DWORD 1 (0x1)

===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe REG_SZ C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe REG_SZ C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL
C:\Program Files\AOL 9.0\waol.exe REG_SZ C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0
C:\Program Files\ASUS\AsusUpdate\Update.exe REG_SZ C:\Program Files\ASUS\AsusUpdate\Update.exe:*:Enabled:ASUS Update
E:\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe REG_SZ E:\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:*:Enabled:Adobe Version Cue CS2
C:\Program Files\Fichiers communs\Ahead\Nero Web\SetupX.exe REG_SZ C:\Program Files\Fichiers communs\Ahead\Nero Web\SetupX.exe:*:Enabled:MSI starter
E:\FlashGet\flashget.exe REG_SZ E:\FlashGet\flashget.exe:*:Enabled:Flashget
C:\Program Files\Fichiers communs\AOL\1173378459\ee\aolsoftware.exe REG_SZ C:\Program Files\Fichiers communs\AOL\1173378459\ee\aolsoftware.exe:*:Enabled:AOL Shared Components
C:\Program Files\Fichiers communs\AOL\aoltpspd.exe REG_SZ C:\Program Files\Fichiers communs\AOL\aoltpspd.exe:*:Enabled:aoltpspd.exe
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
E:\lphant\Lphant.exe REG_SZ E:\lphant\Lphant.exe:*:Enabled:Lphant
E:\world pker\WPTFreePlay.exe REG_SZ E:\world pker\WPTFreePlay.exe:*:Enabled:World Poker Tour Free Play
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe REG_SZ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Disabled:Logitech Desktop Messenger
C:\Program Files\Fichiers communs\Ahead\Nero Web\SetupXu.exe REG_SZ C:\Program Files\Fichiers communs\Ahead\Nero Web\SetupXu.exe:*:Disabled:Nero ProductSetup
C:\Program Files\Real\RealPlayer\realplay.exe REG_SZ C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer
E:\SopCast\SopCast.exe REG_SZ E:\SopCast\SopCast.exe:*:Disabled:SopCast Main Application
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Disabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
E:\lphant\eLePhantClient.exe REG_SZ E:\lphant\eLePhantClient.exe:*:Enabled:Lphant

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe REG_SZ C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe REG_SZ C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL
C:\Program Files\AOL 9.0\waol.exe REG_SZ C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

===============
ActivX controls
===============
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{0CCA191D-13A6-4E29-B746-314DEE697D83}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6414512B-B978-451D-A0D8-FCFDF33E833C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8100D56A-5661-482C-BEE8-AFECE305D968}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{DEB21AD3-FDA4-42F6-B57D-EE696A675EE8}]

===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{03F998B2-0E00-11D3-A498-00104B6EB52E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3F7924B9-D148-3141-87B1-68F36043A940}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{420C1A52-99E2-9FA5-A6C9-AED8093D601E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{597E0F39-A1FE-1EBB-9BAD-48D6080876AD}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8631D7E1-A7DD-615E-2191-97434E8B81FB}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B508B3F1-A24A-32C0-B310-85786919EF28}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
0
Réponse 9 / 96
waerbenn
 
==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0124123D-61B4-456f-AF86-78C53A0790C5}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AE7CD045-E861-484f-8273-0445EE161910}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{F156768E-81EF-470C-9057-481BA8380DBA}]

===
DNS
===

HKLM\SYSTEM\CCS\Services\Tcpip\..\{E8D91296-A4DB-4479-9261-C8265FACC511}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CFF6E9DB-629C-430A-A446-1403F78840AA}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{CFF6E9DB-629C-430A-A446-1403F78840AA}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E8D91296-A4DB-4479-9261-C8265FACC511}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://fr.yahoo.com/

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )

=========
Atapi.sys
=========

%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\ServicePackFiles\i386\atapi.sys
##
96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\ServicePackFiles\i386\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\system32\drivers\atapi.sys
##
96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\system32\drivers\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys

Référence :
==========

Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C

=======
Drive :
=======

D'fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

Rapport d'analyse
48,83 Go total, 3,69 Go libre (7%), 14% fragment' (fragmentation du fichier 23%)

Vous devriez d'fragmenter ce volume.

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Present !! : C:\Documents and Settings\All Users\Application Data\espionServerData
Present !! : C:\WINDOWS\003019_.tmp
Present !! : C:\WINDOWS\SET3.tmp
Present !! : C:\WINDOWS\SET4.tmp
Present !! : C:\WINDOWS\SET8.tmp
Present !! : C:\WINDOWS\install.exe
Present !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Present !! : C:\WINDOWS\System32\lowsec
Present !! : C:\WINDOWS\System32\sdra64.exe"
Present !! : C:\WINDOWS\System32\SET*.tmp
Present !! : C:\WINDOWS\Temp\_avast4_\unp100917406.tmp
Present !! : C:\WINDOWS\Temp\_avast4_\unp105148885.tmp
Present !! : C:\WINDOWS\Temp\_avast4_\unp118866600.tmp
Present !! : C:\WINDOWS\Temp\_avast4_\unp119783177.tmp
Present !! : C:\WINDOWS\Temp\_avast4_\unp155343375.tmp
Present !! : C:\WINDOWS\Temp\_avast4_\unp167623515.tmp
Present !! : C:\WINDOWS\Temp\_avast4_\unp179074591.tmp
Present !! : C:\WINDOWS\Temp\_avast4_\unp3351269.tmp
Present !! : C:\WINDOWS\Temp\_avast4_\unp61367015.tmp
Present !! : C:\WINDOWS\Temp\_avast4_\unp94067469.tmp
Present !! : C:\Documents and Settings\HOUSE\Local Settings\Temp\2C7.tmp
Present !! : C:\Documents and Settings\HOUSE\Local Settings\Temp\2C8.tmp
Present !! : C:\Documents and Settings\HOUSE\Local Settings\Temp\dw.log
Present !! : C:\Documents and Settings\HOUSE\Local Settings\Temp\is4.tmp
Present !! : C:\Documents and Settings\HOUSE\Local Settings\Temp\isA.tmp
Present !! : C:\Documents and Settings\HOUSE\Local Settings\Temp\~1D.tmp
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\B33C11F5-3A11-4f1e-85E4-C3CABE52C369.exe
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\dotNet35setup_web.exe
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\dotnetfx35_sp1_Web.exe
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\Install.exe
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\khvcol.exe
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\nbmrh.exe
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\nerodeltmp.exe
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\ose00000.exe
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\ose00001.exe
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\Setup_PrintPratic.exe
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\setup_wm.exe
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\stp1b838.exe
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\stp5e464.exe
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\SystemRequirementsLabx.exe
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\vcredist_x86_2005.exe
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\vcredist_x86_2008.exe
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\_is10D.exe
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\_is1BD.exe
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\_is1CA.exe
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\_isF1.exe
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\Acs20Upsell.data
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\Acs20Upgrade.data
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\DETemp384Gd78Sjke78Jks75.dat
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\DETemp384Gd78Sjke78Jks76.dat
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\Perflib_Perfdata_de0.dat
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\Perflib_Perfdata_f8.dat
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\AcsInstall.dll
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\drm_dyndata_7270014.dll
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\gtapi.dll
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\IadHide4.dll
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\insmac2k.dll
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\QTInstallerHelper.dll
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\uninst.dll

¤¤¤¤¤¤¤¤¤¤ Keys :

Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Present !! : HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7}
Present !! : HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6}
Present !! : HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7}
Present !! : HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6}

============

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-02 10:23:17
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AOLSAV = C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe >>UNKNOWN [0x86FD3EB0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> 0x86fd3eb0
NDIS: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller -> SendCompleteHandler -> 0x861ad5c0
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !


¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials

F:\logiciel\Virtuosa.Gold.Phoenix.Edition.v5.0.Multilanguage.Cracked.WinAll.for.www.torrent-base.elite.to\Virtuosa.Gold.Phoenix.Edition.v5.0.Multilanguage.Cracked.WinAll-HS\hs-vgp5a\hs-vpg50\Patch.exe




¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

End of scan : 10:28:22,90
0
waerbenn
 
Les rapports sont bons ?
0
Réponse 10 / 96
Utilisateur anonyme
 
bonsoir c'est quoi cette version ?
0
Réponse 11 / 96
waerbenn
 
Je ne sais pas je l'ai trouvé sur le net.....
0
waerbenn
 
1.3.2.1 ?
0
Réponse 12 / 96
waerbenn
 
Pk ça pose probleme ?
0
Réponse 13 / 96
Utilisateur anonyme
 
tu peux me donner le lien ou tu l'as trouvé stp ?

vire cette version obsolete et :

DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)

▶ Télécharge List_Kill'em et enregistre le sur ton bureau

double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

Laisse coché :

♦ Executer Shortcut
♦ Executer List_Kill'em

une fois terminée , clic sur "terminer" et le programme se lancera seul

choisis l'option Search

▶ laisse travailler l'outil

à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
0
Réponse 14 / 96
waerbenn
 
je vais essayer mais j'ai l'ordi qui fait que planter (page bleu probleme materiel)
0
Réponse 15 / 96
Utilisateur anonyme
 
s'il faut redemarre en mode sans echec avec prise en charge reseau
0
Réponse 16 / 96
waerbenn
 
List'em by g3n-h@ckm@n 1.7.2.6

User : HOUSE (Administrateurs)
Update on 02/05/2010 by g3n-h@ckm@n ::::: 14.30
Start at: 00:42:13 | 03/05/2010

Intel(R) Pentium(R) 4 CPU 3.60GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : G Data AntiVirus 2010 18.0 [ (!) Disabled | Updated ]

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 48,83 Go (3,77 Go free) | NTFS
D:\ -> Disque fixe local | 19,53 Go (19,46 Go free) [??????] | NTFS
E:\ -> Disque fixe local | 48,83 Go (34,19 Go free) [Logiciel] | NTFS
F:\ -> Disque fixe local | 121,55 Go (79,14 Go free) [Download] | NTFS
G:\ -> Disque CD-ROM
H:\ -> Disque CD-ROM
I:\ -> Disque fixe local | 249,25 Go (149,81 Go free) [Video] | NTFS
J:\ -> Disque fixe local | 8,02 Go (1,84 Go free) [Divers] | NTFS
K:\ -> Disque CD-ROM
L:\ -> Disque CD-ROM
M:\ -> Disque amovible | 982,72 Mo (290,03 Mo free) | FAT
N:\ -> Disque fixe local | 232,83 Go (113,65 Go free) [My Book] | FAT32

Boot: Safeboot

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\explorer.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\List_Kill'em\pv.exe

======================
Keys "Run"
======================

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Raccourci vers la page des propriétés de High Definition Audio REG_SZ HDAudPropShortcut.exe
Cmaudio REG_SZ RunDll32 cmicnfg.cpl,CMICtrlWnd
REGSHAVE REG_SZ C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
NWEReboot REG_SZ
<NO NAME> REG_SZ
AOLSAV REG_SZ C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
G DATA AntiVirus Trayapplication REG_SZ C:\Program Files\G Data\AntiVirus\AVKTray\AVKTray.exe
Adobe Version Cue CS2 REG_SZ E:\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)

===============

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 145 (0x91)

===============

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 1 (0x1)

===============

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ

===============

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultDomainName REG_SZ EVANN
DefaultUserName REG_SZ HOUSE
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 1 (0x1)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 1 (0x1)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 0 (0x0)
AltDefaultUserName REG_SZ HOUSE
AltDefaultDomainName REG_SZ EVANN
ChangePasswordUseKerberos REG_DWORD 1 (0x1)
EnableConcurrentSessions REG_DWORD 1 (0x1)

===============

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

===============

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ

===============

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe REG_SZ C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe REG_SZ C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL
C:\Program Files\AOL 9.0\waol.exe REG_SZ C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0
C:\Program Files\ASUS\AsusUpdate\Update.exe REG_SZ C:\Program Files\ASUS\AsusUpdate\Update.exe:*:Enabled:ASUS Update
E:\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe REG_SZ E:\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:*:Enabled:Adobe Version Cue CS2
C:\Program Files\Fichiers communs\Ahead\Nero Web\SetupX.exe REG_SZ C:\Program Files\Fichiers communs\Ahead\Nero Web\SetupX.exe:*:Enabled:MSI starter
E:\FlashGet\flashget.exe REG_SZ E:\FlashGet\flashget.exe:*:Enabled:Flashget
C:\Program Files\Fichiers communs\AOL\1173378459\ee\aolsoftware.exe REG_SZ C:\Program Files\Fichiers communs\AOL\1173378459\ee\aolsoftware.exe:*:Enabled:AOL Shared Components
C:\Program Files\Fichiers communs\AOL\aoltpspd.exe REG_SZ C:\Program Files\Fichiers communs\AOL\aoltpspd.exe:*:Enabled:aoltpspd.exe
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
E:\lphant\Lphant.exe REG_SZ E:\lphant\Lphant.exe:*:Enabled:Lphant
E:\world pker\WPTFreePlay.exe REG_SZ E:\world pker\WPTFreePlay.exe:*:Enabled:World Poker Tour Free Play
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe REG_SZ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Disabled:Logitech Desktop Messenger
C:\Program Files\Fichiers communs\Ahead\Nero Web\SetupXu.exe REG_SZ C:\Program Files\Fichiers communs\Ahead\Nero Web\SetupXu.exe:*:Disabled:Nero ProductSetup
C:\Program Files\Real\RealPlayer\realplay.exe REG_SZ C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer
E:\SopCast\SopCast.exe REG_SZ E:\SopCast\SopCast.exe:*:Disabled:SopCast Main Application
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Disabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
E:\lphant\eLePhantClient.exe REG_SZ E:\lphant\eLePhantClient.exe:*:Enabled:Lphant

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe REG_SZ C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe REG_SZ C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL
C:\Program Files\AOL 9.0\waol.exe REG_SZ C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

===============
ActivX controls
===============

[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{0CCA191D-13A6-4E29-B746-314DEE697D83}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6414512B-B978-451D-A0D8-FCFDF33E833C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8100D56A-5661-482C-BEE8-AFECE305D968}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{DEB21AD3-FDA4-42F6-B57D-EE696A675EE8}]

===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{03F998B2-0E00-11D3-A498-00104B6EB52E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3F7924B9-D148-3141-87B1-68F36043A940}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{420C1A52-99E2-9FA5-A6C9-AED8093D601E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{597E0F39-A1FE-1EBB-9BAD-48D6080876AD}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8631D7E1-A7DD-615E-2191-97434E8B81FB}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B508B3F1-A24A-32C0-B310-85786919EF28}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]

==============
BHO :
======

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0124123D-61B4-456f-AF86-78C53A0790C5}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AE7CD045-E861-484f-8273-0445EE161910}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{F156768E-81EF-470C-9057-481BA8380DBA}]

===
DNS
===

HKLM\SYSTEM\CCS\Services\Tcpip\..\{E8D91296-A4DB-4479-9261-C8265FACC511}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CFF6E9DB-629C-430A-A446-1403F78840AA}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{CFF6E9DB-629C-430A-A446-1403F78840AA}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E8D91296-A4DB-4479-9261-C8265FACC511}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

================
Internet Explorer :
================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://fr.yahoo.com/
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

========
Services
========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x2 ( OK = 2 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )

========
Safemode
========

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!

=========
Atapi.sys
=========

C:\WINDOWS\$NtServicePackUninstall$\atapi.sys :
MD5 :: [cdfe4411a69c224bd1d11b2da92dac51]
SHA256 :: [0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d]

C:\WINDOWS\ServicePackFiles\i386\atapi.sys :
MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674]
SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]

C:\WINDOWS\system32\drivers\atapi.sys :
MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674]
SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]

C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys :
MD5 :: [cdfe4411a69c224bd1d11b2da92dac51]
SHA256 :: [0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d]

C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys :
MD5 :: [cdfe4411a69c224bd1d11b2da92dac51]
SHA256 :: [0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d]

Référence :
==========

Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e

=======
Drive :
=======

D'fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

Rapport d'analyse
48,83 Go total, 3,74 Go libre (7%), 14% fragment' (fragmentation du fichier 23%)

Vous devriez d'fragmenter ce volume.

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Present !! : C:\WINDOWS\System32\lowsec
Present !! : C:\WINDOWS\System32\sdra64.exe"
Present !! : C:\WINDOWS\Temp\1b421ff073c71ca0df67652c.tmp
Present !! : C:\WINDOWS\Temp\1b458c6a8356e59095c8c0f0.tmp
Present !! : C:\WINDOWS\Temp\1e71af8e4d0ed4ab56adba2.tmp
Present !! : C:\WINDOWS\Temp\1f486b8faf3f84e5fb444a13.tmp
Present !! : C:\WINDOWS\Temp\1fa93606d9dd6247979d677b.tmp
Present !! : C:\WINDOWS\Temp\223845fd654195ac29e949d7.tmp
Present !! : C:\WINDOWS\Temp\2872541d16aac408f7fb16b8.tmp
Present !! : C:\WINDOWS\Temp\30f6c5c55db44fdb160ef90a.tmp
Present !! : C:\WINDOWS\Temp\3d7cde167bc349dca320868f.tmp
Present !! : C:\WINDOWS\Temp\3fe58a54cce201706442afaf.tmp
Present !! : C:\WINDOWS\Temp\51498ca19bd2887c4f9d4443.tmp
Present !! : C:\WINDOWS\Temp\60d0991555060b1282ae439f.tmp
Present !! : C:\WINDOWS\Temp\63c2f2f01c088fc8290f4e5b.tmp
Present !! : C:\WINDOWS\Temp\65daa6f54acc77508dfbba6b.tmp
Present !! : C:\WINDOWS\Temp\6b2a3377b427eb59a73ef843.tmp
Present !! : C:\WINDOWS\Temp\73444c1659f6db1df1f0fc5.tmp
Present !! : C:\WINDOWS\Temp\831d335fa7952c3b9ba279f7.tmp
Present !! : C:\WINDOWS\Temp\8790c4cc297b103c83003e6d.tmp
Present !! : C:\WINDOWS\Temp\890156096790f52674079919.tmp
Present !! : C:\WINDOWS\Temp\8e03167d76df269bc5f557c.tmp
Present !! : C:\WINDOWS\Temp\97acda90e508bd067b000524.tmp
Present !! : C:\WINDOWS\Temp\a27d4ee51b68024931a83084.tmp
Present !! : C:\WINDOWS\Temp\a2f7dc06afc9badbbaf16b0a.tmp
Present !! : C:\WINDOWS\Temp\a3cd8e8a9eda23e87e83e3bf.tmp
Present !! : C:\WINDOWS\Temp\a3d240ce72dc6c3af127cb8d.tmp
Present !! : C:\WINDOWS\Temp\a74bd5b78aed0bf61b8f52c7.tmp
Present !! : C:\WINDOWS\Temp\a96470d6e98d574684fad2bf.tmp
Present !! : C:\WINDOWS\Temp\ae1d8862a7da3d79223b184f.tmp
Present !! : C:\WINDOWS\Temp\ae961390983bc440e1bae649.tmp
Present !! : C:\WINDOWS\Temp\avk10.tmp
Present !! : C:\WINDOWS\Temp\avk11.tmp
Present !! : C:\WINDOWS\Temp\avk12.tmp
Present !! : C:\WINDOWS\Temp\avk13.tmp
Present !! : C:\WINDOWS\Temp\avk14.tmp
Present !! : C:\WINDOWS\Temp\avk16.tmp
Present !! : C:\WINDOWS\Temp\avk17.tmp
Present !! : C:\WINDOWS\Temp\avk18.tmp
Present !! : C:\WINDOWS\Temp\avk19.tmp
Present !! : C:\WINDOWS\Temp\avk1A.tmp
Present !! : C:\WINDOWS\Temp\avk1B.tmp
Present !! : C:\WINDOWS\Temp\avk32.tmp
Present !! : C:\WINDOWS\Temp\avk33.tmp
Present !! : C:\WINDOWS\Temp\avk34.tmp
Present !! : C:\WINDOWS\Temp\avk4.tmp
Present !! : C:\WINDOWS\Temp\avk5.tmp
Present !! : C:\WINDOWS\Temp\avk6.tmp
Present !! : C:\WINDOWS\Temp\avk7.tmp
Present !! : C:\WINDOWS\Temp\avk8.tmp
Present !! : C:\WINDOWS\Temp\avk9.tmp
Present !! : C:\WINDOWS\Temp\avkA.tmp
Present !! : C:\WINDOWS\Temp\avkB.tmp
Present !! : C:\WINDOWS\Temp\avkC.tmp
Present !! : C:\WINDOWS\Temp\avkD.tmp
Present !! : C:\WINDOWS\Temp\avkE.tmp
Present !! : C:\WINDOWS\Temp\avkF.tmp
Present !! : C:\WINDOWS\Temp\b983eca129c772521cd1f287.tmp
Present !! : C:\WINDOWS\Temp\bc7f6091622a983f610eb1b0.tmp
Present !! : C:\WINDOWS\Temp\bff0670a506e7f41ad1f5f93.tmp
Present !! : C:\WINDOWS\Temp\c1095a5ba57e03fe691a2e72.tmp
Present !! : C:\WINDOWS\Temp\c46bd803bc51c9aab98f6f45.tmp
Present !! : C:\WINDOWS\Temp\ca91227644871479c714e647.tmp
Present !! : C:\WINDOWS\Temp\cc40fb17eb1f27d61e006238.tmp
Present !! : C:\WINDOWS\Temp\cc4f9b6ef901051b39a3dba.tmp
Present !! : C:\WINDOWS\Temp\ce4b0cf9f5b8b7a4d439178.tmp
Present !! : C:\WINDOWS\Temp\d06e99bbca66143dbfe74334.tmp
Present !! : C:\WINDOWS\Temp\d1c0aef773952b9b950c8f94.tmp
Present !! : C:\WINDOWS\Temp\ddbf77031dfc01a5be21b2f5.tmp
Present !! : C:\WINDOWS\Temp\e8417093b74c0cff99cd71c6.tmp
Present !! : C:\WINDOWS\Temp\edf65f5ed2b8eb5bbf9d64e.tmp
Present !! : C:\WINDOWS\Temp\f9ef47693d46783481fb7dbe.tmp
Present !! : C:\WINDOWS\Temp\GUR2.tmp
Present !! : C:\WINDOWS\Temp\GUR3.tmp
Present !! : C:\WINDOWS\Temp\hkc10.tmp
Present !! : C:\WINDOWS\Temp\hkc11.tmp
Present !! : C:\WINDOWS\Temp\hkc12.tmp
Present !! : C:\WINDOWS\Temp\hkc13.tmp
Present !! : C:\WINDOWS\Temp\hkc14.tmp
Present !! : C:\WINDOWS\Temp\hkc15.tmp
Present !! : C:\WINDOWS\Temp\hkc16.tmp
Present !! : C:\WINDOWS\Temp\hkc17.tmp
Present !! : C:\WINDOWS\Temp\hkc18.tmp
Present !! : C:\WINDOWS\Temp\hkc19.tmp
Present !! : C:\WINDOWS\Temp\hkc1A.tmp
Present !! : C:\WINDOWS\Temp\hkc1B.tmp
Present !! : C:\WINDOWS\Temp\hkc1C.tmp
Present !! : C:\WINDOWS\Temp\hkc1D.tmp
Present !! : C:\WINDOWS\Temp\hkc1E.tmp
Present !! : C:\WINDOWS\Temp\hkc1F.tmp
Present !! : C:\WINDOWS\Temp\hkc20.tmp
Present !! : C:\WINDOWS\Temp\hkc21.tmp
Present !! : C:\WINDOWS\Temp\hkc22.tmp
Present !! : C:\WINDOWS\Temp\hkc23.tmp
Present !! : C:\WINDOWS\Temp\hkc24.tmp
Present !! : C:\WINDOWS\Temp\hkc25.tmp
Present !! : C:\WINDOWS\Temp\hkc4.tmp
Present !! : C:\WINDOWS\Temp\hkc5.tmp
Present !! : C:\WINDOWS\Temp\hkc6.tmp
Present !! : C:\WINDOWS\Temp\hkc7.tmp
Present !! : C:\WINDOWS\Temp\hkc8.tmp
Present !! : C:\WINDOWS\Temp\hkc9.tmp
Present !! : C:\WINDOWS\Temp\hkcA.tmp
Present !! : C:\WINDOWS\Temp\hkcB.tmp
Present !! : C:\WINDOWS\Temp\hkcC.tmp
Present !! : C:\WINDOWS\Temp\hkcD.tmp
Present !! : C:\WINDOWS\Temp\hkcE.tmp
Present !! : C:\WINDOWS\Temp\hkcF.tmp
Present !! : C:\WINDOWS\Temp\is269.tmp
Present !! : C:\WINDOWS\Temp\is26B.tmp
Present !! : C:\Documents and Settings\HOUSE\Application data\sdra64.exe
Present !! : C:\Documents and Settings\HOUSE\Bureau\ARManager.lnk
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\Perflib_Perfdata_12c.dat
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\Perflib_Perfdata_178.dat
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\Perflib_Perfdata_928.dat
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\Perflib_Perfdata_950.dat
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\Perflib_Perfdata_9ec.dat
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\Perflib_Perfdata_dc8.dat
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\Perflib_Perfdata_e54.dat
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\Perflib_Perfdata_ec8.dat

¤¤¤¤¤¤¤¤¤¤ Keys :

Present !! : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\armanager
Present !! : HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7}
Present !! : HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6}
Present !! : HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7}
Present !! : HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7}
Present !! : HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6}
Present !! : HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7}

============

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-03 00:56:16
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AOLSAV = C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe >>UNKNOWN [0x86FD24D0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> 0x86fd24d0
\Driver\atapi -> 0x864a9218
NDIS: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller -> SendCompleteHandler -> 0x865ba5c0
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x025429800
malicious code @ sector 0x025429803 !
PE file found in sector at 0x025429819 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
AntiVirusOverride REG_DWORD 0 (0x0)
FirewallOverride REG_DWORD 0 (0x0)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

End of scan : 0:56:18,00
0
waerbenn
 
voila, j"espere que cette fois ci ça ira ......
0
Réponse 17 / 96
Utilisateur anonyme
 
oui tu peux le relancer et faire l'option safemode clean

en fin de scan la fenetre se ferme et tu as un rapport du nom de kill'em sur le bureau , poste son contenu
0
Réponse 18 / 96
waerbenn
 
je n'ai pas de fichier txt, il a inscris chemin introuvable o fichier copié !
0
Réponse 19 / 96
Utilisateur anonyme
 
?????????????????

tu trouves ceci :

C:\Kill'em.txt ?
0
Réponse 20 / 96
waerbenn
 
non justement il n'y a rien sur le bureau
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Barre verticale droite sur clavier
k_lou -
Leuide -

41 réponses
le signe " | " dans excel
zed -
Utilisateur anonyme -

4 réponses
Barre verticale droite sur clavier mac
oui -
jeanbern -

1 réponse
Touche du clavier barre verticale
k_lou -
Architecte_300 -

6 réponses