A voir également:
- Ralentissement soudain PC
- Ralentissement pc - Guide
- Test performance pc - Guide
- Reinitialiser pc - Guide
- Whatsapp pc - Télécharger - Messagerie
- Double ecran pc - Guide
15 réponses
Utilisateur anonyme
22 mai 2010 à 16:24
22 mai 2010 à 16:24
salut coupe le tea timer de spybot et desinstalle spybot
ensuite
Télécharge OTL de OLDTimer
▶ enregistre le sur ton Bureau.
▶ Double clic ( pour vista / 7 => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.
▶ Coche les 2 cases Lop et Purity
▶ Coche la case devant tous les utilisateurs
▶ règle age du fichier sur "60 jours"
▶ dans la moitié gauche , mets tout sur "tous"
ne modifie pas ceci :
"fichiers créés" et "fichiers Modifiés"
▶Clic sur Analyse.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)
▶▶▶ NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier ci-dessus.
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
▶▶ Tu feras la meme chose avec le "Extra.txt" qui logiquement sera aussi sur ton bureau.
ensuite
Télécharge OTL de OLDTimer
▶ enregistre le sur ton Bureau.
▶ Double clic ( pour vista / 7 => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.
▶ Coche les 2 cases Lop et Purity
▶ Coche la case devant tous les utilisateurs
▶ règle age du fichier sur "60 jours"
▶ dans la moitié gauche , mets tout sur "tous"
ne modifie pas ceci :
"fichiers créés" et "fichiers Modifiés"
▶Clic sur Analyse.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)
▶▶▶ NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier ci-dessus.
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
▶▶ Tu feras la meme chose avec le "Extra.txt" qui logiquement sera aussi sur ton bureau.
Je te remercie de M'apporter ton Aide .
OTL.txt : http://www.cijoint.fr/cjlink.php?file=cj201005/cija5w4f7K.txt
Extras.txt : http://www.cijoint.fr/cjlink.php?file=cj201005/cijO9ZK32z.txt
OTL.txt : http://www.cijoint.fr/cjlink.php?file=cj201005/cija5w4f7K.txt
Extras.txt : http://www.cijoint.fr/cjlink.php?file=cj201005/cijO9ZK32z.txt
Utilisateur anonyme
23 mai 2010 à 01:20
23 mai 2010 à 01:20
DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)
▶ Télécharge List_Kill'em
et enregistre le sur ton bureau
double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation
Laisse coché :
♦ Executer Shortcut
♦ Executer List_Kill'em
une fois terminée , clic sur "terminer" et le programme se lancera seul
choisis l'option Search
▶ laisse travailler l'outil
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.
▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
▶ Télécharge List_Kill'em
et enregistre le sur ton bureau
double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation
Laisse coché :
♦ Executer Shortcut
♦ Executer List_Kill'em
une fois terminée , clic sur "terminer" et le programme se lancera seul
choisis l'option Search
▶ laisse travailler l'outil
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.
▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
Voila le rapport :
¤¤¤¤¤¤¤¤¤¤ List'em by g3n-h@ckm@n 2.0.0.4 ¤¤¤¤¤¤¤¤¤¤
User : Administrateur (Administrateurs)
Update on 22/05/2010 by g3n-h@ckm@n ::::: 10.50
Start at: 09:46:44 | 23/05/2010
Intel(R) Pentium(R) 4 CPU 3.40GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Disabled
AV : Norton AntiVirus 2005 2005 [ (!) Disabled | Updated ]
FW : Norton Internet Worm Protection[ Enabled ]2005
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 186,3 Go (169,21 Go free) | NTFS
D:\ -> Disque fixe local | 298,08 Go (160,62 Go free) | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque CD-ROM
Boot: Normal
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SteamKeyFr\SteamKeyFr.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\pv.exe
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
TaskSwitchXP REG_SZ C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
RocketDock REG_SZ "C:\Program Files\RocketDock\RocketDock.exe"
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
Steam REG_SZ "c:\program files\steam\steam.exe" -silent
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
SteamKeyFr REG_SZ "C:\Program Files\SteamKeyFr\SteamKeyFr.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
RTHDCPL REG_SZ RTHDCPL.EXE
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz REG_SZ nwiz.exe /install
NvMediaCenter REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
UnlockerAssistant REG_SZ "C:\Program Files\Unlocker\UnlockerAssistant.exe"
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Adobe ARM REG_SZ "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
SunJavaUpdateSched REG_SZ "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
ccApp REG_SZ "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
Symantec NetDriver Monitor REG_SZ C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
HKLM REG_EXPAND_SZ c:\directory\CyberGate\install\cergylehautpute.exe
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 145 (0x91)
NoSMHelp REG_DWORD 1 (0x1)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDesktopCleanupWizard REG_DWORD 1 (0x1)
NoRemoteRecursiveEvents REG_DWORD 1 (0x1)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultDomainName REG_SZ 5C2EC71152AF48B
DefaultUserName REG_SZ Administrateur
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD 0 (0x0)
SfcDisable REG_DWORD -99 (0xffffff9d)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 1 (0x1)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 1 (0x1)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
KeepRasConnections REG_SZ 1
WinStationsDisabled REG_SZ 0
ShowLogonOptions REG_DWORD 0 (0x0)
AltDefaultUserName REG_SZ Administrateur
AltDefaultDomainName REG_SZ 5C2EC71152AF48B
===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\LimeWire\LimeWire.exe REG_SZ C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
C:\Program Files\Steam\Steam.exe REG_SZ C:\Program Files\Steam\Steam.exe:*:Enabled:Steam
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\ma-config.com\maconfservice.exe REG_SZ C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice
C:\Program Files\Steam\SteamApps\ronhi\counter-strike\hl.exe REG_SZ C:\Program Files\Steam\SteamApps\ronhi\counter-strike\hl.exe:*:Enabled:Counter-Strike
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
===============
ActivX controls
===============
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{44990301-3C9D-426D-81DF-AAB636FA4345}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8056AC9E-49C5-4375-9ADE-B2F862C9DF51}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8D1D0E9A-C799-4D28-9E29-0061D1E66E43}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11CF-96B8-444553540000} =Adobe Flash Player]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11CF-96B8-444553540000} ComponentID=Flash]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11CF-96B8-444553540000} IsInstalled=01 00 00 00]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11CF-96B8-444553540000} Locale=FR]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11CF-96B8-444553540000} Version=9.0.124.0]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EF289A85-8E57-408d-BE47-73B55609861A}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F51D8758-1R23-6W2V-ULU2-MQRIVNCN6MV4}]
==============
BHO :
======
[<NO NAME> REG_SZ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9b339f6e-ddcd-401b-8764-230adbd01761}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
===
DNS
===
HKLM\SYSTEM\CCS\Services\Tcpip\..\{617920D9-B690-4AD2-83ED-155B2354453D}: NameServer=212.27.40.240,212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\..\{617920D9-B690-4AD2-83ED-155B2354453D}: NameServer=212.27.40.240,212.27.40.241
HKLM\SYSTEM\CS2\Services\Tcpip\..\{617920D9-B690-4AD2-83ED-155B2354453D}: NameServer=212.27.40.240,212.27.40.241
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Local Page REG_EXPAND_SZ %SystemRoot%\system32\blank.htm
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.fr/?gws_rd=ssl
Search Page REG_SZ https://www.google.fr/?gws_rd=ssl
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
========
Safemode
========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!
=========
Atapi.sys
=========
C:\WINDOWS\system32\drivers\atapi.sys :
MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674]
SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]
C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys :
MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674]
SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]
C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys :
MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674]
SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]
Référence :
==========
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e
=======
Drive :
=======
D'fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.
Rapport d'analyse
186 Go total, 169 Go libre (90%), 16% fragment' (fragmentation du fichier 32%)
Vous devriez d'fragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Present !! : C:\Program Files\WindowsUpdate
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Temp\MSN.abc
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Temp\XxX.xXx
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\SymLCSVC.EXE
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\VcClnUp0.exe
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\AVRES_OPTRF_LiveUpdate.dat
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\AVSTELiveUpdate.dat
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\SSALiveUpdate.dat
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\symcprop.dat
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\SymSCLiveUpdate.dat
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\xxxyyyzzz.dat
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna1481213270274346808.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna1507560893445598117.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna1708512383011315284.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna1785195451701425084.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna1989214879943862763.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna3204276705305075130.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna3351611732463014452.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna3709263648503837916.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna3769016707759795947.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna3801728935730902041.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna4073694963521114964.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna4482016915196036680.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna4812578738736977253.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna4894640415996869303.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna5058462260212011286.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna5177739532898475103.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna5612908231866553473.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna5615863264579735101.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna5705166708964218245.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna6023285356878044573.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna6183365526345238602.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna6290342245855604873.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna6505313703384492993.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna6558329375604182906.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna6712385204134714973.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna6967803336977476342.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna6994936836694562044.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna7304186689311405205.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna751265642415592887.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna7913531739176802924.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna8501528725849994129.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna862575133121158261.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna8992600174556098291.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna941968279128300994.dll
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Run : HKLM
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run : Policies
Present !! : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run : Policies
Present !! : HKEY_USERS\S-1-5-21-1343024091-507921405-1935655697-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run : Policies
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Present !! : HKCU\software\Ask.com
Present !! : HKCU\Software\Conduit
Present !! : HKLM\Software\Conduit
============
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-23 10:24:31
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spkh.sys >>UNKNOWN [0x86787938]<<
kernel: MBR read successfully
user & kernel MBR OK
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirewallDisableNotify REG_DWORD 0 (0x0)
FirewallOverride REG_DWORD 0 (0x0)
AntiVirusDisableNotify REG_DWORD 1 (0x1)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 10:24:32,79
¤¤¤¤¤¤¤¤¤¤ List'em by g3n-h@ckm@n 2.0.0.4 ¤¤¤¤¤¤¤¤¤¤
User : Administrateur (Administrateurs)
Update on 22/05/2010 by g3n-h@ckm@n ::::: 10.50
Start at: 09:46:44 | 23/05/2010
Intel(R) Pentium(R) 4 CPU 3.40GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Disabled
AV : Norton AntiVirus 2005 2005 [ (!) Disabled | Updated ]
FW : Norton Internet Worm Protection[ Enabled ]2005
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 186,3 Go (169,21 Go free) | NTFS
D:\ -> Disque fixe local | 298,08 Go (160,62 Go free) | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque CD-ROM
Boot: Normal
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SteamKeyFr\SteamKeyFr.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\pv.exe
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
TaskSwitchXP REG_SZ C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
RocketDock REG_SZ "C:\Program Files\RocketDock\RocketDock.exe"
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
Steam REG_SZ "c:\program files\steam\steam.exe" -silent
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
SteamKeyFr REG_SZ "C:\Program Files\SteamKeyFr\SteamKeyFr.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
RTHDCPL REG_SZ RTHDCPL.EXE
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz REG_SZ nwiz.exe /install
NvMediaCenter REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
UnlockerAssistant REG_SZ "C:\Program Files\Unlocker\UnlockerAssistant.exe"
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Adobe ARM REG_SZ "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
SunJavaUpdateSched REG_SZ "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
ccApp REG_SZ "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
Symantec NetDriver Monitor REG_SZ C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
HKLM REG_EXPAND_SZ c:\directory\CyberGate\install\cergylehautpute.exe
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 145 (0x91)
NoSMHelp REG_DWORD 1 (0x1)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDesktopCleanupWizard REG_DWORD 1 (0x1)
NoRemoteRecursiveEvents REG_DWORD 1 (0x1)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultDomainName REG_SZ 5C2EC71152AF48B
DefaultUserName REG_SZ Administrateur
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD 0 (0x0)
SfcDisable REG_DWORD -99 (0xffffff9d)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 1 (0x1)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 1 (0x1)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
KeepRasConnections REG_SZ 1
WinStationsDisabled REG_SZ 0
ShowLogonOptions REG_DWORD 0 (0x0)
AltDefaultUserName REG_SZ Administrateur
AltDefaultDomainName REG_SZ 5C2EC71152AF48B
===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\LimeWire\LimeWire.exe REG_SZ C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
C:\Program Files\Steam\Steam.exe REG_SZ C:\Program Files\Steam\Steam.exe:*:Enabled:Steam
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\ma-config.com\maconfservice.exe REG_SZ C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice
C:\Program Files\Steam\SteamApps\ronhi\counter-strike\hl.exe REG_SZ C:\Program Files\Steam\SteamApps\ronhi\counter-strike\hl.exe:*:Enabled:Counter-Strike
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
===============
ActivX controls
===============
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{44990301-3C9D-426D-81DF-AAB636FA4345}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8056AC9E-49C5-4375-9ADE-B2F862C9DF51}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8D1D0E9A-C799-4D28-9E29-0061D1E66E43}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11CF-96B8-444553540000} =Adobe Flash Player]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11CF-96B8-444553540000} ComponentID=Flash]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11CF-96B8-444553540000} IsInstalled=01 00 00 00]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11CF-96B8-444553540000} Locale=FR]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11CF-96B8-444553540000} Version=9.0.124.0]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EF289A85-8E57-408d-BE47-73B55609861A}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F51D8758-1R23-6W2V-ULU2-MQRIVNCN6MV4}]
==============
BHO :
======
[<NO NAME> REG_SZ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9b339f6e-ddcd-401b-8764-230adbd01761}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
===
DNS
===
HKLM\SYSTEM\CCS\Services\Tcpip\..\{617920D9-B690-4AD2-83ED-155B2354453D}: NameServer=212.27.40.240,212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\..\{617920D9-B690-4AD2-83ED-155B2354453D}: NameServer=212.27.40.240,212.27.40.241
HKLM\SYSTEM\CS2\Services\Tcpip\..\{617920D9-B690-4AD2-83ED-155B2354453D}: NameServer=212.27.40.240,212.27.40.241
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Local Page REG_EXPAND_SZ %SystemRoot%\system32\blank.htm
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.fr/?gws_rd=ssl
Search Page REG_SZ https://www.google.fr/?gws_rd=ssl
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
========
Safemode
========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!
=========
Atapi.sys
=========
C:\WINDOWS\system32\drivers\atapi.sys :
MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674]
SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]
C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys :
MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674]
SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]
C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys :
MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674]
SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]
Référence :
==========
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e
=======
Drive :
=======
D'fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.
Rapport d'analyse
186 Go total, 169 Go libre (90%), 16% fragment' (fragmentation du fichier 32%)
Vous devriez d'fragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Present !! : C:\Program Files\WindowsUpdate
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Temp\MSN.abc
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Temp\XxX.xXx
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\SymLCSVC.EXE
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\VcClnUp0.exe
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\AVRES_OPTRF_LiveUpdate.dat
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\AVSTELiveUpdate.dat
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\SSALiveUpdate.dat
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\symcprop.dat
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\SymSCLiveUpdate.dat
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\xxxyyyzzz.dat
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna1481213270274346808.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna1507560893445598117.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna1708512383011315284.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna1785195451701425084.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna1989214879943862763.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna3204276705305075130.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna3351611732463014452.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna3709263648503837916.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna3769016707759795947.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna3801728935730902041.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna4073694963521114964.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna4482016915196036680.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna4812578738736977253.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna4894640415996869303.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna5058462260212011286.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna5177739532898475103.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna5612908231866553473.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna5615863264579735101.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna5705166708964218245.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna6023285356878044573.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna6183365526345238602.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna6290342245855604873.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna6505313703384492993.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna6558329375604182906.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna6712385204134714973.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna6967803336977476342.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna6994936836694562044.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna7304186689311405205.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna751265642415592887.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna7913531739176802924.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna8501528725849994129.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna862575133121158261.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna8992600174556098291.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna941968279128300994.dll
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Run : HKLM
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run : Policies
Present !! : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run : Policies
Present !! : HKEY_USERS\S-1-5-21-1343024091-507921405-1935655697-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run : Policies
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Present !! : HKCU\software\Ask.com
Present !! : HKCU\Software\Conduit
Present !! : HKLM\Software\Conduit
============
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-23 10:24:31
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spkh.sys >>UNKNOWN [0x86787938]<<
kernel: MBR read successfully
user & kernel MBR OK
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirewallDisableNotify REG_DWORD 0 (0x0)
FirewallOverride REG_DWORD 0 (0x0)
AntiVirusDisableNotify REG_DWORD 1 (0x1)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 10:24:32,79
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Utilisateur anonyme
23 mai 2010 à 12:52
23 mai 2010 à 12:52
salut :
▶ Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'Option Clean
ton PC va redemarrer,
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
▶ colle le contenu dans ta reponse
▶ Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'Option Clean
ton PC va redemarrer,
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
▶ colle le contenu dans ta reponse
Voici le contenu de Kill'em.txt :
¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.0.0.4 ¤¤¤¤¤¤¤¤¤¤
User : Administrateur (Administrateurs)
Update on 22/05/2010 by g3n-h@ckm@n ::::: 10.50
Start at: 23:53:26 | 23/05/2010
Intel(R) Pentium(R) 4 CPU 3.40GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Disabled
AV : Norton AntiVirus 2005 2005 [ Enabled | Updated ]
FW : Norton Internet Worm Protection[ Enabled ]2005
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 186,3 Go (169,21 Go free) | NTFS
D:\ -> Disque fixe local | 298,08 Go (160,62 Go free) | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque CD-ROM
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\ERUNT.EXE
C:\Program Files\List_Kill'em\pv.exe
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\Program Files\WindowsUpdate
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\Local Settings\Temp\MSN.abc
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\Local Settings\Temp\XxX.xXx
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\SymLCSVC.EXE
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\VcClnUp0.exe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\AVRES_OPTRF_LiveUpdate.dat
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\AVSTELiveUpdate.dat
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\SSALiveUpdate.dat
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\symcprop.dat
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\SymSCLiveUpdate.dat
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\xxxyyyzzz.dat
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna1481213270274346808.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna1507560893445598117.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna1708512383011315284.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna1785195451701425084.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna1989214879943862763.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna3204276705305075130.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna3351611732463014452.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna3709263648503837916.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna3769016707759795947.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna3801728935730902041.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna4073694963521114964.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna4482016915196036680.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna4812578738736977253.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna4894640415996869303.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna5058462260212011286.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna5177739532898475103.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna5612908231866553473.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna5615863264579735101.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna5705166708964218245.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna6023285356878044573.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna6183365526345238602.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna6290342245855604873.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna6505313703384492993.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna6558329375604182906.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna6712385204134714973.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna6967803336977476342.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna6994936836694562044.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna7304186689311405205.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna751265642415592887.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna7913531739176802924.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna8501528725849994129.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna862575133121158261.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna8857356869625122725.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna8992600174556098291.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna941968279128300994.dll
Deleted !! : C:\RECYCLER\S-1-5-21-1343024091-507921405-1935655697-500\Dc10.rar
Deleted !! : C:\RECYCLER\S-1-5-21-1343024091-507921405-1935655697-500\Dc11.rar
Deleted !! : C:\RECYCLER\S-1-5-21-1343024091-507921405-1935655697-500\Dc12.rar
Deleted !! : C:\RECYCLER\S-1-5-21-1343024091-507921405-1935655697-500\Dc13.rar
Deleted !! : C:\RECYCLER\S-1-5-21-1343024091-507921405-1935655697-500\Dc14.rar
Deleted !! : C:\RECYCLER\S-1-5-21-1343024091-507921405-1935655697-500\Dc15.rar
Deleted !! : C:\RECYCLER\S-1-5-21-1343024091-507921405-1935655697-500\Dc3.jpg
Deleted !! : C:\RECYCLER\S-1-5-21-1343024091-507921405-1935655697-500\Dc4.rar
Deleted !! : C:\RECYCLER\S-1-5-21-1343024091-507921405-1935655697-500\Dc5.rar
Deleted !! : C:\RECYCLER\S-1-5-21-1343024091-507921405-1935655697-500\Dc6.rar
Deleted !! : C:\RECYCLER\S-1-5-21-1343024091-507921405-1935655697-500\Dc7.rar
Deleted !! : C:\RECYCLER\S-1-5-21-1343024091-507921405-1935655697-500\Dc8.rar
Deleted !! : C:\RECYCLER\S-1-5-21-1343024091-507921405-1935655697-500\Dc9.rar
=======
Hosts :
=======
127.0.0.1 localhost
========
Registry
========
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Run : HKLM
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run : Policies
Deleted : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run : Policies
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Deleted : HKCU\software\Ask.com
Deleted : HKCU\Software\Conduit
Deleted : HKLM\Software\Conduit
=================
Internet Explorer
=================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.com/?gws_rd=ssl
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
===============
Security Center
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirewallDisableNotify REG_DWORD 0 (0x0)
FirewallOverride REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirstRunDisabled REG_DWORD 1 (0x1)
UpdatesDisableNotify REG_DWORD 0 (0x0)
AntiVirusOverride REG_DWORD 1 (0x1)
========
Services
=========
Ndisuio : Start = 3
EapHost : Start = 2
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2
============
Disk Cleaned
anti-ver blaster : OK
Prefetch cleaned
================
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys splg.sys >>UNKNOWN [0x86787938]<<
kernel: MBR read successfully
user & kernel MBR OK
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.0.0.4 ¤¤¤¤¤¤¤¤¤¤
User : Administrateur (Administrateurs)
Update on 22/05/2010 by g3n-h@ckm@n ::::: 10.50
Start at: 23:53:26 | 23/05/2010
Intel(R) Pentium(R) 4 CPU 3.40GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Disabled
AV : Norton AntiVirus 2005 2005 [ Enabled | Updated ]
FW : Norton Internet Worm Protection[ Enabled ]2005
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 186,3 Go (169,21 Go free) | NTFS
D:\ -> Disque fixe local | 298,08 Go (160,62 Go free) | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque CD-ROM
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\ERUNT.EXE
C:\Program Files\List_Kill'em\pv.exe
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\Program Files\WindowsUpdate
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\Local Settings\Temp\MSN.abc
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\Local Settings\Temp\XxX.xXx
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\SymLCSVC.EXE
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\VcClnUp0.exe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\AVRES_OPTRF_LiveUpdate.dat
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\AVSTELiveUpdate.dat
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\SSALiveUpdate.dat
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\symcprop.dat
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\SymSCLiveUpdate.dat
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\xxxyyyzzz.dat
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna1481213270274346808.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna1507560893445598117.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna1708512383011315284.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna1785195451701425084.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna1989214879943862763.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna3204276705305075130.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna3351611732463014452.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna3709263648503837916.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna3769016707759795947.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna3801728935730902041.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna4073694963521114964.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna4482016915196036680.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna4812578738736977253.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna4894640415996869303.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna5058462260212011286.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna5177739532898475103.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna5612908231866553473.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna5615863264579735101.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna5705166708964218245.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna6023285356878044573.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna6183365526345238602.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna6290342245855604873.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna6505313703384492993.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna6558329375604182906.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna6712385204134714973.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna6967803336977476342.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna6994936836694562044.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna7304186689311405205.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna751265642415592887.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna7913531739176802924.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna8501528725849994129.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna862575133121158261.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna8857356869625122725.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna8992600174556098291.dll
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna941968279128300994.dll
Deleted !! : C:\RECYCLER\S-1-5-21-1343024091-507921405-1935655697-500\Dc10.rar
Deleted !! : C:\RECYCLER\S-1-5-21-1343024091-507921405-1935655697-500\Dc11.rar
Deleted !! : C:\RECYCLER\S-1-5-21-1343024091-507921405-1935655697-500\Dc12.rar
Deleted !! : C:\RECYCLER\S-1-5-21-1343024091-507921405-1935655697-500\Dc13.rar
Deleted !! : C:\RECYCLER\S-1-5-21-1343024091-507921405-1935655697-500\Dc14.rar
Deleted !! : C:\RECYCLER\S-1-5-21-1343024091-507921405-1935655697-500\Dc15.rar
Deleted !! : C:\RECYCLER\S-1-5-21-1343024091-507921405-1935655697-500\Dc3.jpg
Deleted !! : C:\RECYCLER\S-1-5-21-1343024091-507921405-1935655697-500\Dc4.rar
Deleted !! : C:\RECYCLER\S-1-5-21-1343024091-507921405-1935655697-500\Dc5.rar
Deleted !! : C:\RECYCLER\S-1-5-21-1343024091-507921405-1935655697-500\Dc6.rar
Deleted !! : C:\RECYCLER\S-1-5-21-1343024091-507921405-1935655697-500\Dc7.rar
Deleted !! : C:\RECYCLER\S-1-5-21-1343024091-507921405-1935655697-500\Dc8.rar
Deleted !! : C:\RECYCLER\S-1-5-21-1343024091-507921405-1935655697-500\Dc9.rar
=======
Hosts :
=======
127.0.0.1 localhost
========
Registry
========
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Run : HKLM
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run : Policies
Deleted : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run : Policies
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Deleted : HKCU\software\Ask.com
Deleted : HKCU\Software\Conduit
Deleted : HKLM\Software\Conduit
=================
Internet Explorer
=================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.com/?gws_rd=ssl
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
===============
Security Center
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirewallDisableNotify REG_DWORD 0 (0x0)
FirewallOverride REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirstRunDisabled REG_DWORD 1 (0x1)
UpdatesDisableNotify REG_DWORD 0 (0x0)
AntiVirusOverride REG_DWORD 1 (0x1)
========
Services
=========
Ndisuio : Start = 3
EapHost : Start = 2
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2
============
Disk Cleaned
anti-ver blaster : OK
Prefetch cleaned
================
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys splg.sys >>UNKNOWN [0x86787938]<<
kernel: MBR read successfully
user & kernel MBR OK
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Utilisateur anonyme
Modifié par gen-hackman le 24/05/2010 à 00:28
Modifié par gen-hackman le 24/05/2010 à 00:28
▶ Télécharge : Gmer (by Przemyslaw Gmerek) et enregistre-le sur ton bureau
Desactive toutes tes protections le temps du scan de gMer
Pour XP => double clique sur gmer.exe
Pour Vista et 7 => clique droit "executer en tant que...."
▶ Dezippe gmer ,cliques sur l'onglet rootkit,lances le scan,des lignes rouges vont apparaitre.
▶ Les lignes rouges indiquent la presence d'un rootkit.Postes moi le rapport gmer (cliques sur copy,puis vas dans demarrer ,puis ouvres le bloc note,vas dans edition et cliques sur coller,le rapport gmer va apparaitre,postes moi le)
Ensuite
▶ sur les lignes rouge:
▶ Services:cliques droit delete service
▶ Process:cliques droit kill process
▶ Adl ,file:cliques droit delete files
?G3?-?@¢??@?(TM)©®?
Desactive toutes tes protections le temps du scan de gMer
Pour XP => double clique sur gmer.exe
Pour Vista et 7 => clique droit "executer en tant que...."
▶ Dezippe gmer ,cliques sur l'onglet rootkit,lances le scan,des lignes rouges vont apparaitre.
▶ Les lignes rouges indiquent la presence d'un rootkit.Postes moi le rapport gmer (cliques sur copy,puis vas dans demarrer ,puis ouvres le bloc note,vas dans edition et cliques sur coller,le rapport gmer va apparaitre,postes moi le)
Ensuite
▶ sur les lignes rouge:
▶ Services:cliques droit delete service
▶ Process:cliques droit kill process
▶ Adl ,file:cliques droit delete files
?G3?-?@¢??@?(TM)©®?
Gen-Hackman
En fait je sais pourquoi mon PC Ralentit , ce n'est pas du tout a cause d'un virus ou quelque chose du genre , c'est simplement du au fait que mon disque dur est en train de mourir .
Désolé de t'avoir fait perdre ton temps , et encore merci de m'avoir apporté ton aide !
Mon probleme est résolu ( Si on veut ;) )
Salut !
En fait je sais pourquoi mon PC Ralentit , ce n'est pas du tout a cause d'un virus ou quelque chose du genre , c'est simplement du au fait que mon disque dur est en train de mourir .
Désolé de t'avoir fait perdre ton temps , et encore merci de m'avoir apporté ton aide !
Mon probleme est résolu ( Si on veut ;) )
Salut !
Utilisateur anonyme
25 mai 2010 à 14:57
25 mai 2010 à 14:57
salut je pense que tu te trompes completement
cette ligne me laisse à penser que tu as un fichier systeme patché par une infection :
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys splg.sys >>UNKNOWN [0x86787938]<<
cette ligne me laisse à penser que tu as un fichier systeme patché par une infection :
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys splg.sys >>UNKNOWN [0x86787938]<<
Oui ça se peut mais ça va etre la 2e fois que je vais changer de DD et la premiere fois que mon DD Mourrait , yavait les memes symptomes que maintenant , c'est a dire bruit bizzare venant du disque dur et plantage du PC avec un ecran tout bleu avec des choses ecrites . De plus Avec Le truc que tu m'a donné la Gmer , durant le scan , il y a un plantage avec le meme ecran Bleu , pas avec les meme choses ecrites mais bon .. Et j'ai réessayer une deuxieme fois et sa a refait l'ecran bleu ..
Attend ! Dit moi , est ce qu'un virus ou quelque chose du genre peut endommager un DD S'il te plait ?
Car si la reponse est oui , je veux bien continuer ce que tu as a me conseiller car ntoskrnl.exe est souvent utile au demarrage d'un PC , et la premiere fois que mon Disque dur mourrait , au demarage on me disait souvent que Ntoskrnl.exe manquait ..
Je sais pas si ça a un rapport mais j'espere que tu pourra m'eclairer ..
Car si la reponse est oui , je veux bien continuer ce que tu as a me conseiller car ntoskrnl.exe est souvent utile au demarrage d'un PC , et la premiere fois que mon Disque dur mourrait , au demarage on me disait souvent que Ntoskrnl.exe manquait ..
Je sais pas si ça a un rapport mais j'espere que tu pourra m'eclairer ..
Gen-Hackman , j'ai fini par reussir a faire le Scan de Gmer jusqu'au bout , par contre je n'arrive vraiment pas a te l'envoyer , quand je clique sur Valider en bas , ça charge mais ça envoit pas ..
Qu'est ce que je dois faire ?
Et il n'y avait pas de Lignes rouges ..
Qu'est ce que je dois faire ?
Et il n'y avait pas de Lignes rouges ..
hackminator2
Messages postés
68
Date d'inscription
jeudi 27 mars 2008
Statut
Membre
Dernière intervention
24 juin 2010
10
28 mai 2010 à 12:59
28 mai 2010 à 12:59
Si t'installais des trucs moins gourmands en process, t'aurais moins de problème. Vire notron et install antivir a la place.
Moi te conseil ça et de faire une bonne defrag....un netoyage avec ccleaner et puis ptet aussi dépoussierer un peu ta bécane voir même refaire la pâte thermique
Moi te conseil ça et de faire une bonne defrag....un netoyage avec ccleaner et puis ptet aussi dépoussierer un peu ta bécane voir même refaire la pâte thermique
Utilisateur anonyme
4 juin 2010 à 23:47
4 juin 2010 à 23:47
bonsoir j'etais en depannage je veux bien continuer avec toi....à te lire
