Problème redirection avec des cms
Zefalcom
Messages postés
52
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
J'ai un gros problème, je ne sais pas du tout d'où ça peut venir :
Lorsque j'installe des cms, flyspray ou joomla entre autre.
Cela fonctionne parfaitement mais une fois installé, certain lien me redirige vers cette page:
http://ns2.sxm22.com/main.php?e=r
Je n'arrive pas à comprendre pourquoi, si cela vient de mon pc ou du serveur sur lesquelles sont installé les sites.
Je suis chez ovh pour l'hébergement je n'ai jamais eu de problème avant.
Merci pour votre aide, les sites installé fonctionnent parfaitement pour d'autres personnes et l'erreur n'apparait que chez moi !
merci,
Falcom
J'ai un gros problème, je ne sais pas du tout d'où ça peut venir :
Lorsque j'installe des cms, flyspray ou joomla entre autre.
Cela fonctionne parfaitement mais une fois installé, certain lien me redirige vers cette page:
http://ns2.sxm22.com/main.php?e=r
Je n'arrive pas à comprendre pourquoi, si cela vient de mon pc ou du serveur sur lesquelles sont installé les sites.
Je suis chez ovh pour l'hébergement je n'ai jamais eu de problème avant.
Merci pour votre aide, les sites installé fonctionnent parfaitement pour d'autres personnes et l'erreur n'apparait que chez moi !
merci,
Falcom
A voir également:
- Problème redirection avec des cms
- Mesurer cm avec telephone - Guide
- Redirection de mail - Guide
- Plume cms - Télécharger - Divers Web & Internet
- Appliquez à tous les paragraphes du document à télécharger, à l’exception des titres et des sous-titres, la mise en forme suivante : chaque paragraphe doit être espacé de 0,42 cm ou 12 pt du paragraphe qui suit les textes ne doivent pas être en retrait à droite et à gauche après ces modifications, sur quelle page se trouve le titre « la cheminée » dans le chapitre « informations diverses » ? - Guide
- Koken cms - Télécharger - Blog & CMS
8 réponses
salut :
DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)
▶ Télécharge List_Kill'em
et enregistre le sur ton bureau
double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation
Laisse coché :
♦ Executer Shortcut
♦ Executer List_Kill'em
une fois terminée , clic sur "terminer" et le programme se lancera seul
choisis l'option Search
▶ laisse travailler l'outil
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.
▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)
▶ Télécharge List_Kill'em
et enregistre le sur ton bureau
double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation
Laisse coché :
♦ Executer Shortcut
♦ Executer List_Kill'em
une fois terminée , clic sur "terminer" et le programme se lancera seul
choisis l'option Search
▶ laisse travailler l'outil
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.
▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
Salut et merci pour ta réponse ! (Félicitation pour le logiciel :p)
¤¤¤¤¤¤¤¤¤¤ List'em by g3n-h@ckm@n 2.0.0.6 ¤¤¤¤¤¤¤¤¤¤
User : Paul (Administrateurs)
Update on 07/06/2010 by g3n-h@ckm@n ::::: 10.55
Start at: 14:15:07 | 08/06/2010
Processeur Intel Pentium III Xeon
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : Kaspersky Anti-Virus 9.0.0.736 [ (!) Disabled | Updated ]
FW : Kaspersky Anti-Virus[ (!) Disabled ]9.0.0.736
C:\ -> Disque fixe local | 64,51 Go (4,17 Go free) | NTFS
D:\ -> Disque fixe local | 10 Go (8,22 Go free) [HP_RECOVERY] | NTFS
E:\ -> Disque CD-ROM
Boot: Normal
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Icecast2 Win32\icecastService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\pv.exe
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
AVP REG_SZ "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
DisableRegistryTools REG_DWORD 0 (0x0)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveAutoRun REG_DWORD 67108863 (0x3ffffff)
NoDriveTypeAutoRun REG_DWORD 323 (0x143)
NoDrives REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 1 (0x1)
NoDriveTypeAutoRun REG_DWORD 323 (0x143)
NoDriveAutoRun REG_DWORD 67108863 (0x3ffffff)
NoDrives REG_DWORD 0 (0x0)
NoCDBurning REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultUserName REG_SZ Paul
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 1 (0x1)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 1 (0x1)
Background REG_SZ 0 0 0
DefaultPassword REG_SZ
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 0 (0x0)
AltDefaultUserName REG_SZ Paul
AltDefaultDomainName REG_SZ ORDIFAMILIAL
AutoAdminLogon REG_SZ 0
DefaultDomainName REG_SZ ORDIFAMILIAL
ChangePasswordUseKerberos REG_DWORD 1 (0x1)
===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\klogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\WINDOWS\SMINST\Scheduler.exe REG_SZ C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler
C:\Program Files\Microsoft LifeCam\LifeExp.exe REG_SZ C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE REG_SZ C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
C:\Program Files\Steam\steamapps\falcominien@hotmail.com\day of defeat\hl.exe REG_SZ C:\Program Files\Steam\steamapps\falcominien@hotmail.com\day of defeat\hl.exe:*:Enabled:Half-Life Launcher
C:\Program Files\Microsoft LifeCam\LifeCam.exe REG_SZ C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe
C:\Program Files\eMule\emule.exe REG_SZ C:\Program Files\eMule\emule.exe:*:Enabled:eMule
C:\Program Files\Steam\steamapps\falcominien@hotmail.com\counter-strike source\hl2.exe REG_SZ C:\Program Files\Steam\steamapps\falcominien@hotmail.com\counter-strike source\hl2.exe:*:Enabled:hl2
C:\Program Files\Warcraft III\War3.exe REG_SZ C:\Program Files\Warcraft III\War3.exe:*:Enabled:Warcraft III
C:\Program Files\Warcraft III\Warcraft III.exe REG_SZ C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III
C:\WINDOWS\system32\java.exe REG_SZ C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary
C:\WINDOWS\system32\mmc.exe REG_SZ C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console
C:\Program Files\Ocean Technology\GG E-Sports Platform\Garena.exe REG_SZ C:\Program Files\Ocean Technology\GG E-Sports Platform\Garena.exe:*:Enabled:Garena
C:\Program Files\Free Download Manager\fdm.exe REG_SZ C:\Program Files\Free Download Manager\fdm.exe:*:Enabled:Free Download Manager
C:\WINDOWS\system32\dpvsetup.exe REG_SZ C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
C:\Program Files\Steam\steamapps\falcominien@hotmail.com\age of chivalry\hl2.exe REG_SZ C:\Program Files\Steam\steamapps\falcominien@hotmail.com\age of chivalry\hl2.exe:*:Enabled:hl2
C:\Program Files\Steam\Steam.exe REG_SZ C:\Program Files\Steam\Steam.exe:*:Enabled:Steam
C:\Program Files\Garena\Garena.exe REG_SZ C:\Program Files\Garena\Garena.exe:*:Enabled:Garena
C:\Program Files\StealthBot\StealthBot v2.6R3.exe REG_SZ C:\Program Files\StealthBot\StealthBot v2.6R3.exe:*:Enabled:StealthBot v2.6R3
C:\Program Files\Free Download Manager\fdmwi.exe REG_SZ C:\Program Files\Free Download Manager\fdmwi.exe:*:Enabled:fdmwi
C:\Program Files\Microsoft Games\Age of Empires\EMPIRESX.EXE REG_SZ C:\Program Files\Microsoft Games\Age of Empires\EMPIRESX.EXE:*:Enabled:Age of Empires, the Rise of Rome
C:\WINDOWS\system32\dplaysvr.exe REG_SZ C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper
C:\Program Files\IGZones\IGZones.exe REG_SZ C:\Program Files\IGZones\IGZones.exe:*:Enabled:IGZones
C:\Program Files\Java\jre6\bin\java.exe REG_SZ C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary
C:\Program Files\ma-config.com\maconfservice.exe REG_SZ C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice
C:\Program Files\Steam\steamapps\vi7\counter-strike\hl.exe REG_SZ C:\Program Files\Steam\steamapps\vi7\counter-strike\hl.exe:*:Enabled:Half-Life Launcher
C:\Documents and Settings\Administrateur\Bureau\Programmation\eclipse\eclipse.exe REG_SZ C:\Documents and Settings\Administrateur\Bureau\Programmation\eclipse\eclipse.exe:*:Enabled:eclipse
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Opera\opera.exe REG_SZ C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser
C:\Program Files\wamp\bin\apache\Apache2.2.11\bin\httpd.exe REG_SZ C:\Program Files\wamp\bin\apache\Apache2.2.11\bin\httpd.exe:*:Enabled:Apache HTTP Server
C:\Program Files\Spotify\spotify.exe REG_SZ C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify
C:\Program Files\Pando Networks\Media Booster\PMB.exe REG_SZ C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster
C:\Program Files\leagueoflegend\air\LolClient.exe REG_SZ C:\Program Files\leagueoflegend\air\LolClient.exe:*:Enabled:League of Legends Lobby
C:\Program Files\leagueoflegend\game\League of Legends.exe REG_SZ C:\Program Files\leagueoflegend\game\League of Legends.exe:*:Enabled:League of Legends Game Client
C:\Program Files\lol\League of Legends sur 192.168.0.4\Air\LolClient.exe REG_SZ C:\Program Files\lol\League of Legends sur 192.168.0.4\Air\LolClient.exe:*:Enabled:League of Legends Lobby
C:\Program Files\lol\League of Legends sur 192.168.0.4\Game\League of Legends.exe REG_SZ C:\Program Files\lol\League of Legends sur 192.168.0.4\Game\League of Legends.exe:*:Enabled:League of Legends Game Client
C:\Program Files\Bonjour\mDNSResponder.exe REG_SZ C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
C:\Program Files\iTunes\iTunes.exe REG_SZ C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
C:\Program Files\Steam\steamapps\common\natural selection 2\NS2.exe REG_SZ C:\Program Files\Steam\steamapps\common\natural selection 2\NS2.exe:*:Enabled:Natural Selection 2
C:\Program Files\Steam\steamapps\falcominien@hotmail.com\half-life\hl.exe REG_SZ C:\Program Files\Steam\steamapps\falcominien@hotmail.com\half-life\hl.exe:*:Enabled:Half-Life
C:\Program Files\Steam\steamapps\falcominien@hotmail.com\counter-strike\hl.exe REG_SZ C:\Program Files\Steam\steamapps\falcominien@hotmail.com\counter-strike\hl.exe:*:Enabled:Counter-Strike
C:\Program Files\Lol\League of Legends\Air\LolClient.exe REG_SZ C:\Program Files\Lol\League of Legends\Air\LolClient.exe:*:Enabled:League of Legends Lobby
C:\Program Files\Lol\League of Legends\Game\League of Legends.exe REG_SZ C:\Program Files\Lol\League of Legends\Game\League of Legends.exe:*:Enabled:League of Legends Game Client
C:\Program Files\Skype\Phone\Skype.exe REG_SZ C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Pando Networks\Media Booster\PMB.exe REG_SZ C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster
¤¤¤¤¤¤¤¤¤¤ List'em by g3n-h@ckm@n 2.0.0.6 ¤¤¤¤¤¤¤¤¤¤
User : Paul (Administrateurs)
Update on 07/06/2010 by g3n-h@ckm@n ::::: 10.55
Start at: 14:15:07 | 08/06/2010
Processeur Intel Pentium III Xeon
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : Kaspersky Anti-Virus 9.0.0.736 [ (!) Disabled | Updated ]
FW : Kaspersky Anti-Virus[ (!) Disabled ]9.0.0.736
C:\ -> Disque fixe local | 64,51 Go (4,17 Go free) | NTFS
D:\ -> Disque fixe local | 10 Go (8,22 Go free) [HP_RECOVERY] | NTFS
E:\ -> Disque CD-ROM
Boot: Normal
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Icecast2 Win32\icecastService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\pv.exe
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
AVP REG_SZ "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
DisableRegistryTools REG_DWORD 0 (0x0)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveAutoRun REG_DWORD 67108863 (0x3ffffff)
NoDriveTypeAutoRun REG_DWORD 323 (0x143)
NoDrives REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 1 (0x1)
NoDriveTypeAutoRun REG_DWORD 323 (0x143)
NoDriveAutoRun REG_DWORD 67108863 (0x3ffffff)
NoDrives REG_DWORD 0 (0x0)
NoCDBurning REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultUserName REG_SZ Paul
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 1 (0x1)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 1 (0x1)
Background REG_SZ 0 0 0
DefaultPassword REG_SZ
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 0 (0x0)
AltDefaultUserName REG_SZ Paul
AltDefaultDomainName REG_SZ ORDIFAMILIAL
AutoAdminLogon REG_SZ 0
DefaultDomainName REG_SZ ORDIFAMILIAL
ChangePasswordUseKerberos REG_DWORD 1 (0x1)
===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\klogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\WINDOWS\SMINST\Scheduler.exe REG_SZ C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler
C:\Program Files\Microsoft LifeCam\LifeExp.exe REG_SZ C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE REG_SZ C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
C:\Program Files\Steam\steamapps\falcominien@hotmail.com\day of defeat\hl.exe REG_SZ C:\Program Files\Steam\steamapps\falcominien@hotmail.com\day of defeat\hl.exe:*:Enabled:Half-Life Launcher
C:\Program Files\Microsoft LifeCam\LifeCam.exe REG_SZ C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe
C:\Program Files\eMule\emule.exe REG_SZ C:\Program Files\eMule\emule.exe:*:Enabled:eMule
C:\Program Files\Steam\steamapps\falcominien@hotmail.com\counter-strike source\hl2.exe REG_SZ C:\Program Files\Steam\steamapps\falcominien@hotmail.com\counter-strike source\hl2.exe:*:Enabled:hl2
C:\Program Files\Warcraft III\War3.exe REG_SZ C:\Program Files\Warcraft III\War3.exe:*:Enabled:Warcraft III
C:\Program Files\Warcraft III\Warcraft III.exe REG_SZ C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III
C:\WINDOWS\system32\java.exe REG_SZ C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary
C:\WINDOWS\system32\mmc.exe REG_SZ C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console
C:\Program Files\Ocean Technology\GG E-Sports Platform\Garena.exe REG_SZ C:\Program Files\Ocean Technology\GG E-Sports Platform\Garena.exe:*:Enabled:Garena
C:\Program Files\Free Download Manager\fdm.exe REG_SZ C:\Program Files\Free Download Manager\fdm.exe:*:Enabled:Free Download Manager
C:\WINDOWS\system32\dpvsetup.exe REG_SZ C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
C:\Program Files\Steam\steamapps\falcominien@hotmail.com\age of chivalry\hl2.exe REG_SZ C:\Program Files\Steam\steamapps\falcominien@hotmail.com\age of chivalry\hl2.exe:*:Enabled:hl2
C:\Program Files\Steam\Steam.exe REG_SZ C:\Program Files\Steam\Steam.exe:*:Enabled:Steam
C:\Program Files\Garena\Garena.exe REG_SZ C:\Program Files\Garena\Garena.exe:*:Enabled:Garena
C:\Program Files\StealthBot\StealthBot v2.6R3.exe REG_SZ C:\Program Files\StealthBot\StealthBot v2.6R3.exe:*:Enabled:StealthBot v2.6R3
C:\Program Files\Free Download Manager\fdmwi.exe REG_SZ C:\Program Files\Free Download Manager\fdmwi.exe:*:Enabled:fdmwi
C:\Program Files\Microsoft Games\Age of Empires\EMPIRESX.EXE REG_SZ C:\Program Files\Microsoft Games\Age of Empires\EMPIRESX.EXE:*:Enabled:Age of Empires, the Rise of Rome
C:\WINDOWS\system32\dplaysvr.exe REG_SZ C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper
C:\Program Files\IGZones\IGZones.exe REG_SZ C:\Program Files\IGZones\IGZones.exe:*:Enabled:IGZones
C:\Program Files\Java\jre6\bin\java.exe REG_SZ C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary
C:\Program Files\ma-config.com\maconfservice.exe REG_SZ C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice
C:\Program Files\Steam\steamapps\vi7\counter-strike\hl.exe REG_SZ C:\Program Files\Steam\steamapps\vi7\counter-strike\hl.exe:*:Enabled:Half-Life Launcher
C:\Documents and Settings\Administrateur\Bureau\Programmation\eclipse\eclipse.exe REG_SZ C:\Documents and Settings\Administrateur\Bureau\Programmation\eclipse\eclipse.exe:*:Enabled:eclipse
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Opera\opera.exe REG_SZ C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser
C:\Program Files\wamp\bin\apache\Apache2.2.11\bin\httpd.exe REG_SZ C:\Program Files\wamp\bin\apache\Apache2.2.11\bin\httpd.exe:*:Enabled:Apache HTTP Server
C:\Program Files\Spotify\spotify.exe REG_SZ C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify
C:\Program Files\Pando Networks\Media Booster\PMB.exe REG_SZ C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster
C:\Program Files\leagueoflegend\air\LolClient.exe REG_SZ C:\Program Files\leagueoflegend\air\LolClient.exe:*:Enabled:League of Legends Lobby
C:\Program Files\leagueoflegend\game\League of Legends.exe REG_SZ C:\Program Files\leagueoflegend\game\League of Legends.exe:*:Enabled:League of Legends Game Client
C:\Program Files\lol\League of Legends sur 192.168.0.4\Air\LolClient.exe REG_SZ C:\Program Files\lol\League of Legends sur 192.168.0.4\Air\LolClient.exe:*:Enabled:League of Legends Lobby
C:\Program Files\lol\League of Legends sur 192.168.0.4\Game\League of Legends.exe REG_SZ C:\Program Files\lol\League of Legends sur 192.168.0.4\Game\League of Legends.exe:*:Enabled:League of Legends Game Client
C:\Program Files\Bonjour\mDNSResponder.exe REG_SZ C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
C:\Program Files\iTunes\iTunes.exe REG_SZ C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
C:\Program Files\Steam\steamapps\common\natural selection 2\NS2.exe REG_SZ C:\Program Files\Steam\steamapps\common\natural selection 2\NS2.exe:*:Enabled:Natural Selection 2
C:\Program Files\Steam\steamapps\falcominien@hotmail.com\half-life\hl.exe REG_SZ C:\Program Files\Steam\steamapps\falcominien@hotmail.com\half-life\hl.exe:*:Enabled:Half-Life
C:\Program Files\Steam\steamapps\falcominien@hotmail.com\counter-strike\hl.exe REG_SZ C:\Program Files\Steam\steamapps\falcominien@hotmail.com\counter-strike\hl.exe:*:Enabled:Counter-Strike
C:\Program Files\Lol\League of Legends\Air\LolClient.exe REG_SZ C:\Program Files\Lol\League of Legends\Air\LolClient.exe:*:Enabled:League of Legends Lobby
C:\Program Files\Lol\League of Legends\Game\League of Legends.exe REG_SZ C:\Program Files\Lol\League of Legends\Game\League of Legends.exe:*:Enabled:League of Legends Game Client
C:\Program Files\Skype\Phone\Skype.exe REG_SZ C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Pando Networks\Media Booster\PMB.exe REG_SZ C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster
===============
ActivX controls
===============
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{17492023-C23A-453E-A040-C7C580BBF700}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{20A60F0D-9AFA-4515-A0FD-83BD84642501}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5C051655-FCD5-4969-9182-770EA5AA5565}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D6F45B3-9043-443D-A792-115447494D24}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{867E13F2-7F31-44FB-AC97-CD38E0DC46EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48}]
===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{1B320010-9D3D-429F-B71B-A4A30EA1E956}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Microsoft Base Smart Card Crypto Provider Package]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{233C1507-6A77-46A4-9443-F871F945D258}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5056b317-8d4c-43ee-8543-b9d1e234b8f4}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B508B3F1-A24A-32C0-B310-85786919EF28}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ECD292A0-0347-4244-8C24-5DBCE990FB40}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EF289A85-8E57-408d-BE47-73B55609861A}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}]
==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AE7CD045-E861-484f-8273-0445EE161910}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
===
DNS
===
Description: Attansic L1 Gigabit Ethernet 10/100/1000Base-T Controller - Miniport d'ordonnancement de paquets
DNS Server Search Order: 80.10.246.2
DNS Server Search Order: 80.10.246.128
HKLM\SYSTEM\CCS\Services\Tcpip\..\{2296855F-C96E-4900-9338-6DC4EFF6300F}: NameServer=80.10.246.2,80.10.246.128
HKLM\SYSTEM\CCS\Services\Tcpip\..\{82ED8B1E-D1BA-446A-A95B-A851D8D89E8D}: NameServer=80.10.246.2,80.10.246.129
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E30F49EA-20AB-4B9F-A331-2C0CDB0BC581}: NameServer=80.10.246.2,80.10.246.129
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2296855F-C96E-4900-9338-6DC4EFF6300F}: NameServer=80.10.246.2,80.10.246.129
HKLM\SYSTEM\CS1\Services\Tcpip\..\{82ED8B1E-D1BA-446A-A95B-A851D8D89E8D}: NameServer=80.10.246.2,80.10.246.129
HKLM\SYSTEM\CS2\Services\Tcpip\..\{2296855F-C96E-4900-9338-6DC4EFF6300F}: NameServer=80.10.246.2,80.10.246.128
HKLM\SYSTEM\CS2\Services\Tcpip\..\{82ED8B1E-D1BA-446A-A95B-A851D8D89E8D}: NameServer=80.10.246.2,80.10.246.129
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E30F49EA-20AB-4B9F-A331-2C0CDB0BC581}: NameServer=80.10.246.2,80.10.246.129
HKLM\SYSTEM\CS3\Services\Tcpip\..\{2296855F-C96E-4900-9338-6DC4EFF6300F}: NameServer=80.10.246.2,80.10.246.129
HKLM\SYSTEM\CS3\Services\Tcpip\..\{82ED8B1E-D1BA-446A-A95B-A851D8D89E8D}: NameServer=80.10.246.2,80.10.246.129
ActivX controls
===============
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{17492023-C23A-453E-A040-C7C580BBF700}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{20A60F0D-9AFA-4515-A0FD-83BD84642501}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5C051655-FCD5-4969-9182-770EA5AA5565}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D6F45B3-9043-443D-A792-115447494D24}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{867E13F2-7F31-44FB-AC97-CD38E0DC46EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48}]
===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{1B320010-9D3D-429F-B71B-A4A30EA1E956}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Microsoft Base Smart Card Crypto Provider Package]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{233C1507-6A77-46A4-9443-F871F945D258}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5056b317-8d4c-43ee-8543-b9d1e234b8f4}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B508B3F1-A24A-32C0-B310-85786919EF28}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ECD292A0-0347-4244-8C24-5DBCE990FB40}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EF289A85-8E57-408d-BE47-73B55609861A}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}]
==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AE7CD045-E861-484f-8273-0445EE161910}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
===
DNS
===
Description: Attansic L1 Gigabit Ethernet 10/100/1000Base-T Controller - Miniport d'ordonnancement de paquets
DNS Server Search Order: 80.10.246.2
DNS Server Search Order: 80.10.246.128
HKLM\SYSTEM\CCS\Services\Tcpip\..\{2296855F-C96E-4900-9338-6DC4EFF6300F}: NameServer=80.10.246.2,80.10.246.128
HKLM\SYSTEM\CCS\Services\Tcpip\..\{82ED8B1E-D1BA-446A-A95B-A851D8D89E8D}: NameServer=80.10.246.2,80.10.246.129
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E30F49EA-20AB-4B9F-A331-2C0CDB0BC581}: NameServer=80.10.246.2,80.10.246.129
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2296855F-C96E-4900-9338-6DC4EFF6300F}: NameServer=80.10.246.2,80.10.246.129
HKLM\SYSTEM\CS1\Services\Tcpip\..\{82ED8B1E-D1BA-446A-A95B-A851D8D89E8D}: NameServer=80.10.246.2,80.10.246.129
HKLM\SYSTEM\CS2\Services\Tcpip\..\{2296855F-C96E-4900-9338-6DC4EFF6300F}: NameServer=80.10.246.2,80.10.246.128
HKLM\SYSTEM\CS2\Services\Tcpip\..\{82ED8B1E-D1BA-446A-A95B-A851D8D89E8D}: NameServer=80.10.246.2,80.10.246.129
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E30F49EA-20AB-4B9F-A331-2C0CDB0BC581}: NameServer=80.10.246.2,80.10.246.129
HKLM\SYSTEM\CS3\Services\Tcpip\..\{2296855F-C96E-4900-9338-6DC4EFF6300F}: NameServer=80.10.246.2,80.10.246.129
HKLM\SYSTEM\CS3\Services\Tcpip\..\{82ED8B1E-D1BA-446A-A95B-A851D8D89E8D}: NameServer=80.10.246.2,80.10.246.129
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=69157
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Default_Search_URL REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896
Default_Page_URL REG_SZ http://go.microsoft.com/fwlink/?LinkId=69157
Search Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.fr/?gws_rd=ssl
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
========
Safemode
========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!
=========
Atapi.sys
=========
C:\WINDOWS\$NtServicePackUninstall$\atapi.sys :
MD5 :: [cdfe4411a69c224bd1d11b2da92dac51]
SHA256 :: [0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d]
C:\WINDOWS\ERDNT\cache\atapi.sys :
MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674]
SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]
C:\WINDOWS\ServicePackFiles\i386\atapi.sys :
MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674]
SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]
C:\WINDOWS\system32\dllcache\atapi.sys :
MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674]
SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]
C:\WINDOWS\system32\drivers\atapi.sys :
MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674]
SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]
C:\WINDOWS\system32\drivers\system32\DRIVERS\atapi.sys :
MD5 :: [cdfe4411a69c224bd1d11b2da92dac51]
SHA256 :: [0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d]
C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys :
MD5 :: [cdfe4411a69c224bd1d11b2da92dac51]
SHA256 :: [0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d]
C:\WINDOWS\system32\ReinstallBackups\0051\DriverFiles\i386\atapi.sys :
MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674]
SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]
C:\WINDOWS\system32\ReinstallBackups\0052\DriverFiles\i386\atapi.sys :
MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674]
SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]
Référence :
==========
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e
=======
Drive :
=======
Défragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.
Rapport d'analyse
64,51 Go total, 4,17 Go libre (6%), 29% fragmenté (fragmentation du fichier 54%)
Vous devriez défragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Present !! : C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
Present !! : C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
Present !! : C:\Program Files\WindowsUpdate
Present !! : C:\Program Files\WinPCap
Present !! : C:\WINDOWS\003087_.tmp
Present !! : C:\WINDOWS\is-QH4M9.exe
Present !! : C:\WINDOWS\System32\aniwzcsusername
Present !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Present !! : C:\WINDOWS\System32\drivers\Sonyhcp.dll
Present !! : C:\WINDOWS\system32\MSWINSCK.OCX
Present !! : C:\WINDOWS\System32\Packet.dll
Present !! : C:\WINDOWS\System32\SET132.tmp
Present !! : C:\WINDOWS\System32\SET135.tmp
Present !! : C:\WINDOWS\System32\SET136.tmp
Present !! : C:\WINDOWS\System32\SET137.tmp
Present !! : C:\WINDOWS\System32\SET138.tmp
Present !! : C:\WINDOWS\System32\SET139.tmp
Present !! : C:\WINDOWS\System32\SET13A.tmp
Present !! : C:\WINDOWS\System32\SET1A1.tmp
Present !! : C:\WINDOWS\System32\SET1A3.tmp
Present !! : C:\WINDOWS\System32\SET1AF.tmp
Present !! : C:\Documents and Settings\Administrateur\application data\D2Info0
Present !! : C:\Documents and Settings\Administrateur\application data\D2Info3
Present !! : C:\Documents and Settings\Administrateur\application data\DofusAppId0_5
Present !! : C:\Documents and Settings\Administrateur\application data\DofusAppId0_6
Present !! : C:\Documents and Settings\Administrateur\application data\DofusAppId0_7
Present !! : C:\Documents and Settings\Administrateur\application data\DofusAppId0_8
Present !! : C:\Documents and Settings\Administrateur\application data\DofusAppId0_9
Present !! : C:\Documents and Settings\Administrateur\application data\DofusAppId0_10
Present !! : C:\Documents and Settings\Administrateur\application data\DofusAppId3_1
Present !! : C:\Documents and Settings\Administrateur\application data\DofusAppId3_2
Present !! : C:\Documents and Settings\Administrateur\application data\DofusAppId0_1
Present !! : C:\Documents and Settings\Administrateur\application data\DofusAppId0_2
Present !! : C:\Documents and Settings\Administrateur\application data\DofusAppId0_3
Present !! : C:\Documents and Settings\Administrateur\application data\DofusAppId0_4
Present !! : C:\Documents and Settings\Administrateur\application data\Project Templates
Present !! : C:\Documents and Settings\Administrateur\Application data\ezpinst.exe
Present !! : C:\Documents and Settings\Administrateur\Application Data\pcouffin.inf
Present !! : C:\Documents and Settings\Administrateur\Application Data\pcouffin.log
Present !! : C:\Documents and Settings\Administrateur\Application Data\app
Present !! : C:\Documents and Settings\Administrateur\Application Data\ezpinst.exe
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Temp\alm.log
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Temp\amt.log
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\LF2_v20a_Setup.exe
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {0E5CBF21-D15F-11D0-8301-00AA005B4383}
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
Present !! : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Present !! : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NPF
Present !! : HKLM\SYSTEM\CurrentControlSet\Services\NPF
Present !! : HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_NPF
Present !! : HKLM\SYSTEM\ControlSet001\Services\NPF
Present !! : HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_NPF
Present !! : HKLM\SYSTEM\ControlSet002\Services\NPF
Present !! : HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_NPF
Present !! : HKLM\SYSTEM\ControlSet004\Services\NPF
============
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-08 14:28:31
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys >>UNKNOWN [0x8AE3C8AC]<<
kernel: MBR read successfully
user & kernel MBR OK
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
AntiVirusOverride REG_DWORD 0 (0x0)
FirewallOverride REG_DWORD 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 14:28:32,18
Merci :)
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=69157
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Default_Search_URL REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896
Default_Page_URL REG_SZ http://go.microsoft.com/fwlink/?LinkId=69157
Search Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.fr/?gws_rd=ssl
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
========
Safemode
========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!
=========
Atapi.sys
=========
C:\WINDOWS\$NtServicePackUninstall$\atapi.sys :
MD5 :: [cdfe4411a69c224bd1d11b2da92dac51]
SHA256 :: [0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d]
C:\WINDOWS\ERDNT\cache\atapi.sys :
MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674]
SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]
C:\WINDOWS\ServicePackFiles\i386\atapi.sys :
MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674]
SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]
C:\WINDOWS\system32\dllcache\atapi.sys :
MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674]
SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]
C:\WINDOWS\system32\drivers\atapi.sys :
MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674]
SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]
C:\WINDOWS\system32\drivers\system32\DRIVERS\atapi.sys :
MD5 :: [cdfe4411a69c224bd1d11b2da92dac51]
SHA256 :: [0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d]
C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys :
MD5 :: [cdfe4411a69c224bd1d11b2da92dac51]
SHA256 :: [0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d]
C:\WINDOWS\system32\ReinstallBackups\0051\DriverFiles\i386\atapi.sys :
MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674]
SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]
C:\WINDOWS\system32\ReinstallBackups\0052\DriverFiles\i386\atapi.sys :
MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674]
SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]
Référence :
==========
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e
=======
Drive :
=======
Défragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.
Rapport d'analyse
64,51 Go total, 4,17 Go libre (6%), 29% fragmenté (fragmentation du fichier 54%)
Vous devriez défragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Present !! : C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
Present !! : C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
Present !! : C:\Program Files\WindowsUpdate
Present !! : C:\Program Files\WinPCap
Present !! : C:\WINDOWS\003087_.tmp
Present !! : C:\WINDOWS\is-QH4M9.exe
Present !! : C:\WINDOWS\System32\aniwzcsusername
Present !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Present !! : C:\WINDOWS\System32\drivers\Sonyhcp.dll
Present !! : C:\WINDOWS\system32\MSWINSCK.OCX
Present !! : C:\WINDOWS\System32\Packet.dll
Present !! : C:\WINDOWS\System32\SET132.tmp
Present !! : C:\WINDOWS\System32\SET135.tmp
Present !! : C:\WINDOWS\System32\SET136.tmp
Present !! : C:\WINDOWS\System32\SET137.tmp
Present !! : C:\WINDOWS\System32\SET138.tmp
Present !! : C:\WINDOWS\System32\SET139.tmp
Present !! : C:\WINDOWS\System32\SET13A.tmp
Present !! : C:\WINDOWS\System32\SET1A1.tmp
Present !! : C:\WINDOWS\System32\SET1A3.tmp
Present !! : C:\WINDOWS\System32\SET1AF.tmp
Present !! : C:\Documents and Settings\Administrateur\application data\D2Info0
Present !! : C:\Documents and Settings\Administrateur\application data\D2Info3
Present !! : C:\Documents and Settings\Administrateur\application data\DofusAppId0_5
Present !! : C:\Documents and Settings\Administrateur\application data\DofusAppId0_6
Present !! : C:\Documents and Settings\Administrateur\application data\DofusAppId0_7
Present !! : C:\Documents and Settings\Administrateur\application data\DofusAppId0_8
Present !! : C:\Documents and Settings\Administrateur\application data\DofusAppId0_9
Present !! : C:\Documents and Settings\Administrateur\application data\DofusAppId0_10
Present !! : C:\Documents and Settings\Administrateur\application data\DofusAppId3_1
Present !! : C:\Documents and Settings\Administrateur\application data\DofusAppId3_2
Present !! : C:\Documents and Settings\Administrateur\application data\DofusAppId0_1
Present !! : C:\Documents and Settings\Administrateur\application data\DofusAppId0_2
Present !! : C:\Documents and Settings\Administrateur\application data\DofusAppId0_3
Present !! : C:\Documents and Settings\Administrateur\application data\DofusAppId0_4
Present !! : C:\Documents and Settings\Administrateur\application data\Project Templates
Present !! : C:\Documents and Settings\Administrateur\Application data\ezpinst.exe
Present !! : C:\Documents and Settings\Administrateur\Application Data\pcouffin.inf
Present !! : C:\Documents and Settings\Administrateur\Application Data\pcouffin.log
Present !! : C:\Documents and Settings\Administrateur\Application Data\app
Present !! : C:\Documents and Settings\Administrateur\Application Data\ezpinst.exe
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Temp\alm.log
Present !! : C:\Documents and Settings\Administrateur\Local Settings\Temp\amt.log
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\LF2_v20a_Setup.exe
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {0E5CBF21-D15F-11D0-8301-00AA005B4383}
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
Present !! : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Present !! : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NPF
Present !! : HKLM\SYSTEM\CurrentControlSet\Services\NPF
Present !! : HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_NPF
Present !! : HKLM\SYSTEM\ControlSet001\Services\NPF
Present !! : HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_NPF
Present !! : HKLM\SYSTEM\ControlSet002\Services\NPF
Present !! : HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_NPF
Present !! : HKLM\SYSTEM\ControlSet004\Services\NPF
============
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-08 14:28:31
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys >>UNKNOWN [0x8AE3C8AC]<<
kernel: MBR read successfully
user & kernel MBR OK
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
AntiVirusOverride REG_DWORD 0 (0x0)
FirewallOverride REG_DWORD 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 14:28:32,18
Merci :)
salut :
▶ Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'Option Clean
ton PC va redemarrer,
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
▶ colle le contenu dans ta reponse
▶ Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'Option Clean
ton PC va redemarrer,
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
▶ colle le contenu dans ta reponse
¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.0.0.6 ¤¤¤¤¤¤¤¤¤¤
User : Paul (Administrateurs)
Update on 07/06/2010 by g3n-h@ckm@n ::::: 10.55
Start at: 15:03:17 | 12/06/2010
Processeur Intel Pentium III Xeon
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : Kaspersky Anti-Virus 9.0.0.736 [ (!) Disabled | Updated ]
FW : Kaspersky Anti-Virus[ (!) Disabled ]9.0.0.736
C:\ -> Disque fixe local | 64,51 Go (3,33 Go free) | NTFS
D:\ -> Disque fixe local | 10 Go (8,22 Go free) [HP_RECOVERY] | NTFS
E:\ -> Disque CD-ROM
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Icecast2 Win32\icecastService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\List_Kill'em\ERUNT.EXE
C:\Program Files\List_Kill'em\pv.exe
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
Quarantined & Deleted !! : C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
Quarantined & Deleted !! : C:\Program Files\WindowsUpdate
Quarantined & Deleted !! : C:\Program Files\WinPCap
Quarantined & Deleted !! : C:\WINDOWS\003087_.tmp
Quarantined & Deleted !! : C:\WINDOWS\is-QH4M9.exe
Quarantined & Deleted !! : C:\WINDOWS\System32\aniwzcsusername
Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\Sonyhcp.dll
Quarantined & Deleted !! : C:\WINDOWS\system32\MSWINSCK.OCX
Quarantined & Deleted !! : C:\WINDOWS\System32\Packet.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\SET132.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET135.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET136.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET137.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET138.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET139.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET13A.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1A1.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1A3.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1AF.tmp
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\application data\D2Info0
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\application data\D2Info3
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\application data\DofusAppId0_5
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\application data\DofusAppId0_6
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\application data\DofusAppId0_7
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\application data\DofusAppId0_8
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\application data\DofusAppId0_9
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\application data\DofusAppId0_10
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\application data\DofusAppId3_1
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\application data\DofusAppId3_2
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\application data\DofusAppId0_1
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\application data\DofusAppId0_2
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\application data\DofusAppId0_3
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\application data\DofusAppId0_4
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\application data\Project Templates
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\Application data\ezpinst.exe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\Application Data\pcouffin.inf
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\Application Data\pcouffin.log
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\Application Data\app
=======
Hosts :
=======
127.0.0.1 localhost
========
Registry
========
Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {0E5CBF21-D15F-11D0-8301-00AA005B4383}
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
Deleted : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Deleted : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKLM\SYSTEM\CurrentControlSet\Services\NPF
Deleted : HKLM\SYSTEM\ControlSet001\Services\NPF
Deleted : HKLM\SYSTEM\ControlSet004\Services\NPF
=================
Internet Explorer
=================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.com/?gws_rd=ssl
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
===============
Security Center
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
AntiVirusOverride REG_DWORD 1 (0x1)
FirewallOverride REG_DWORD 1 (0x1)
========
Services
=========
Ndisuio : Start = 3
EapHost : Start = 2
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2
============
Disk Cleaned
anti-ver blaster : OK
Prefetch cleaned
================
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys >>UNKNOWN [0x8AE3C8AC]<<
kernel: MBR read successfully
user & kernel MBR OK
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Merci
User : Paul (Administrateurs)
Update on 07/06/2010 by g3n-h@ckm@n ::::: 10.55
Start at: 15:03:17 | 12/06/2010
Processeur Intel Pentium III Xeon
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : Kaspersky Anti-Virus 9.0.0.736 [ (!) Disabled | Updated ]
FW : Kaspersky Anti-Virus[ (!) Disabled ]9.0.0.736
C:\ -> Disque fixe local | 64,51 Go (3,33 Go free) | NTFS
D:\ -> Disque fixe local | 10 Go (8,22 Go free) [HP_RECOVERY] | NTFS
E:\ -> Disque CD-ROM
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Icecast2 Win32\icecastService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\List_Kill'em\ERUNT.EXE
C:\Program Files\List_Kill'em\pv.exe
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
Quarantined & Deleted !! : C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
Quarantined & Deleted !! : C:\Program Files\WindowsUpdate
Quarantined & Deleted !! : C:\Program Files\WinPCap
Quarantined & Deleted !! : C:\WINDOWS\003087_.tmp
Quarantined & Deleted !! : C:\WINDOWS\is-QH4M9.exe
Quarantined & Deleted !! : C:\WINDOWS\System32\aniwzcsusername
Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\Sonyhcp.dll
Quarantined & Deleted !! : C:\WINDOWS\system32\MSWINSCK.OCX
Quarantined & Deleted !! : C:\WINDOWS\System32\Packet.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\SET132.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET135.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET136.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET137.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET138.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET139.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET13A.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1A1.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1A3.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1AF.tmp
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\application data\D2Info0
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\application data\D2Info3
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\application data\DofusAppId0_5
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\application data\DofusAppId0_6
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\application data\DofusAppId0_7
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\application data\DofusAppId0_8
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\application data\DofusAppId0_9
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\application data\DofusAppId0_10
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\application data\DofusAppId3_1
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\application data\DofusAppId3_2
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\application data\DofusAppId0_1
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\application data\DofusAppId0_2
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\application data\DofusAppId0_3
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\application data\DofusAppId0_4
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\application data\Project Templates
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\Application data\ezpinst.exe
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\Application Data\pcouffin.inf
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\Application Data\pcouffin.log
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\Application Data\app
=======
Hosts :
=======
127.0.0.1 localhost
========
Registry
========
Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {0E5CBF21-D15F-11D0-8301-00AA005B4383}
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
Deleted : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Deleted : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKLM\SYSTEM\CurrentControlSet\Services\NPF
Deleted : HKLM\SYSTEM\ControlSet001\Services\NPF
Deleted : HKLM\SYSTEM\ControlSet004\Services\NPF
=================
Internet Explorer
=================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.com/?gws_rd=ssl
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
===============
Security Center
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
AntiVirusOverride REG_DWORD 1 (0x1)
FirewallOverride REG_DWORD 1 (0x1)
========
Services
=========
Ndisuio : Start = 3
EapHost : Start = 2
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2
============
Disk Cleaned
anti-ver blaster : OK
Prefetch cleaned
================
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys >>UNKNOWN [0x8AE3C8AC]<<
kernel: MBR read successfully
user & kernel MBR OK
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Merci
▶ Télécharge : Gmer (by Przemyslaw Gmerek) et enregistre-le sur ton bureau
Desactive toutes tes protections le temps du scan de gMer
Pour XP => double clique sur gmer.exe
Pour Vista et 7 => clique droit "executer en tant que...."
▶ Dezippe gmer ,cliques sur l'onglet rootkit,lances le scan,des lignes rouges vont apparaitre.
▶ Les lignes rouges indiquent la presence d'un rootkit.Postes moi le rapport gmer (cliques sur copy,puis vas dans demarrer ,puis ouvres le bloc note,vas dans edition et cliques sur coller,le rapport gmer va apparaitre,postes moi le)
Ensuite
▶ sur les lignes rouge:
▶ Services:cliques droit delete service
▶ Process:cliques droit kill process
▶ Adl ,file:cliques droit delete files
Desactive toutes tes protections le temps du scan de gMer
Pour XP => double clique sur gmer.exe
Pour Vista et 7 => clique droit "executer en tant que...."
▶ Dezippe gmer ,cliques sur l'onglet rootkit,lances le scan,des lignes rouges vont apparaitre.
▶ Les lignes rouges indiquent la presence d'un rootkit.Postes moi le rapport gmer (cliques sur copy,puis vas dans demarrer ,puis ouvres le bloc note,vas dans edition et cliques sur coller,le rapport gmer va apparaitre,postes moi le)
Ensuite
▶ sur les lignes rouge:
▶ Services:cliques droit delete service
▶ Process:cliques droit kill process
▶ Adl ,file:cliques droit delete files
