Touche "L" fait foirer Le pc
Résolu/Fermé
bibuz
-
16 août 2010 à 22:15
moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 - 17 août 2010 à 22:22
moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 - 17 août 2010 à 22:22
A voir également:
- Touche "L" fait foirer Le pc
- Test performance pc - Guide
- Reinitialiser pc - Guide
- Touche rémanente - Guide
- Pc lent - Guide
- Whatsapp pc - Télécharger - Messagerie
11 réponses
moment de grace
Messages postés
29042
Date d'inscription
samedi 6 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
18 juillet 2013
2 274
16 août 2010 à 22:24
16 août 2010 à 22:24
bonjour
poste le rapport complet de MBAM
puis
Télécharge ZHPDiag ( de Nicolas coolman ).
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
(outil de diagnostic)
Double clique sur le fichier d'installation, puis installe le avec les paramètres par défaut ( N'oublie pas de cocher " Créer une icône sur le bureau " )
Lance ZHPDiag en double cliquant sur l'icône présente sur ton bureau (Clique droit -> Executer en tant qu'admin ( vista )
Clique sur la loupe en haut à gauche, puis laisse l'outil scanner.
Une fois le scan terminé, clique sur l'icône en forme de disquette et enregistre le fichier sur ton bureau.
Rend toi sur Cjoint : http://www.cijoint.fr/
Clique sur "Parcourir " dans la partie " Joindre un fichier[...] "
Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau
Clique ensuite sur "Cliquez ici pour déposer le fichier " et copie/colle le lien dans ton prochain message
poste le rapport complet de MBAM
puis
Télécharge ZHPDiag ( de Nicolas coolman ).
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
(outil de diagnostic)
Double clique sur le fichier d'installation, puis installe le avec les paramètres par défaut ( N'oublie pas de cocher " Créer une icône sur le bureau " )
Lance ZHPDiag en double cliquant sur l'icône présente sur ton bureau (Clique droit -> Executer en tant qu'admin ( vista )
Clique sur la loupe en haut à gauche, puis laisse l'outil scanner.
Une fois le scan terminé, clique sur l'icône en forme de disquette et enregistre le fichier sur ton bureau.
Rend toi sur Cjoint : http://www.cijoint.fr/
Clique sur "Parcourir " dans la partie " Joindre un fichier[...] "
Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau
Clique ensuite sur "Cliquez ici pour déposer le fichier " et copie/colle le lien dans ton prochain message
Merci beaucoup de m'aider.
Voici Le rapport MBAM (j avais pas tout virer au départ pour pas faire de connerie)
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Version de la base de données: 4424
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
13/08/2010 14:45:30
mbam-log-2010-08-13 (14-45-30).txt
Type d'examen: Examen rapide
Elément(s) analysé(s): 130786
Temps écoulé: 4 minute(s), 14 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 2
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\WINDOWS\PRAGMAqpxcdienwb (Trojan.DNSChanger) -> Not selected for removal.
Fichier(s) infecté(s):
C:\WINDOWS\PRAGMAqpxcdienwb\PRAGMAd.sys (Trojan.DNSChanger) -> Not selected for removal.
C:\Documents and Settings\All Users\Favoris\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully.
Voici Le rapport ZHPdiag.txt.:
http://www.cijoint.fr/cjlink.php?file=cj201008/cijkbC1OSY.txt
Voici Le rapport MBAM (j avais pas tout virer au départ pour pas faire de connerie)
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Version de la base de données: 4424
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
13/08/2010 14:45:30
mbam-log-2010-08-13 (14-45-30).txt
Type d'examen: Examen rapide
Elément(s) analysé(s): 130786
Temps écoulé: 4 minute(s), 14 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 2
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\WINDOWS\PRAGMAqpxcdienwb (Trojan.DNSChanger) -> Not selected for removal.
Fichier(s) infecté(s):
C:\WINDOWS\PRAGMAqpxcdienwb\PRAGMAd.sys (Trojan.DNSChanger) -> Not selected for removal.
C:\Documents and Settings\All Users\Favoris\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully.
Voici Le rapport ZHPdiag.txt.:
http://www.cijoint.fr/cjlink.php?file=cj201008/cijkbC1OSY.txt
moment de grace
Messages postés
29042
Date d'inscription
samedi 6 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
18 juillet 2013
2 274
16 août 2010 à 23:15
16 août 2010 à 23:15
non rien de particulier
à part ton soucis de L, as tu d'autres soucis
Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection)
Télécharge et installe List&Kill'em et enregistre le sur ton bureau
http://sd-4.archive-host.com/membres/up/829108531491024/Mes_Tools/List_Killem_Install.exe
double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation
coche la case "creer une icone sur le bureau"
une fois terminée , clic sur "terminer" et le programme se lancer seul
choisis la langue puis choisis l'option SEARCH
laisse travailler l'outil
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.
un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.
Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
tu peux supprimer le rapport catchme.log de ton bureau maintenant.
à part ton soucis de L, as tu d'autres soucis
Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection)
Télécharge et installe List&Kill'em et enregistre le sur ton bureau
http://sd-4.archive-host.com/membres/up/829108531491024/Mes_Tools/List_Killem_Install.exe
double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation
coche la case "creer une icone sur le bureau"
une fois terminée , clic sur "terminer" et le programme se lancer seul
choisis la langue puis choisis l'option SEARCH
laisse travailler l'outil
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.
un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.
Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
tu peux supprimer le rapport catchme.log de ton bureau maintenant.
Oui Le six fait *6, le point fait .:
C est pas mon ordi (cui de ma mere) mais mon frere me dit que ca a commencé par *6 puis L ...etc comme si y faisait des raccourcis tout seul
Sinon voici le rapport :
¤¤¤¤¤¤¤¤¤¤ List'em by g3n-h@ckm@n 2.0.2.9 ¤¤¤¤¤¤¤¤¤¤
User : Marie-do (Administrateurs)
Update on 16/08/2010 by g3n-h@ckm@n ::::: 18.00
Start at: 23:26:04 | 16/08/2010
AMD Athlon(tm) 7750 Dual-Core Processor
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 48,83 Go (32,69 Go free) [Windows] | NTFS
D:\ -> Disque fixe local | 416,92 Go (216,13 Go free) [Disque SATA] | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
Boot: Normal
¤¤¤¤¤¤ Processes ------- Memory(Ko) ------- Priority ------ Command ------- Signer
C:\WINDOWS\System32\smss.exe ---- 0 Ko ---- Normal ---- \SystemRoot\System32\smss.exe ----
C:\WINDOWS\system32\csrss.exe ---- 0 Ko ---- Normal ---- C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ----
C:\WINDOWS\system32\winlogon.exe ---- 0 Ko ---- High ---- winlogon.exe ----
C:\WINDOWS\system32\services.exe ---- 0 Ko ---- Normal ---- C:\WINDOWS\system32\services.exe ----
C:\WINDOWS\system32\lsass.exe ---- 0 Ko ---- Normal ---- C:\WINDOWS\system32\lsass.exe ----
C:\WINDOWS\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\WINDOWS\system32\svchost -k DcomLaunch ----
C:\WINDOWS\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\WINDOWS\system32\svchost -k rpcss ----
C:\WINDOWS\System32\svchost.exe ---- 0 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k netsvcs ----
C:\WINDOWS\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k NetworkService ----
C:\WINDOWS\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k LocalService ----
C:\WINDOWS\Explorer.EXE ---- 0 Ko ---- Normal ---- C:\WINDOWS\Explorer.EXE ----
C:\WINDOWS\system32\brsvc01a.exe ---- 0 Ko ---- Normal ---- C:\WINDOWS\system32\brsvc01a.exe ----
C:\WINDOWS\system32\brss01a.exe ---- 0 Ko ---- Normal ---- brss01a.exe ----
C:\WINDOWS\system32\spoolsv.exe ---- 0 Ko ---- Normal ---- C:\WINDOWS\system32\spoolsv.exe ----
C:\Program Files\Avira\AntiVir Desktop\sched.exe ---- 0 Ko ---- Normal ---- "C:\Program Files\Avira\AntiVir Desktop\sched.exe" ----
C:\WINDOWS\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k LocalService ----
C:\Program Files\Avira\AntiVir Desktop\avguard.exe ---- 0 Ko ---- Normal ---- "C:\Program Files\Avira\AntiVir Desktop\avguard.exe" ----
C:\Program Files\AxiSoftware\AxiDBSafe\AxiDBSafe.exe ---- 0 Ko ---- Normal ---- "C:\Program Files\AxiSoftware\AxiDBSafe\AxiDBSafe.exe" ----
C:\WINDOWS\system32\RUNDLL32.EXE ---- 0 Ko ---- Normal ---- "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit ----
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe ---- 0 Ko ---- Normal ---- "C:\Program Files\Scansoft\PaperPort\pptd40nt.exe" ----
C:\Program Files\QuickTime\qttask.exe ---- 0 Ko ---- Normal ---- "C:\Program Files\QuickTime\qttask.exe" -atboottime ----
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe ---- 0 Ko ---- Normal ---- "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" ---- Sun Microsystems, Inc.
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe ---- 0 Ko ---- Normal ---- "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min ----
C:\Program Files\AxiSoftware\LiveUpdate\AxilogNotifier.exe ---- 0 Ko ---- Normal ---- "C:\Program Files\AxiSoftware\LiveUpdate\AxilogNotifier.exe" ----
C:\WINDOWS\RTHDCPL.EXE ---- 0 Ko ---- Normal ---- "C:\WINDOWS\RTHDCPL.EXE" ---- Realtek Semiconductor Corp
C:\WINDOWS\system32\ctfmon.exe ---- 0 Ko ---- Normal ---- "C:\WINDOWS\system32\ctfmon.exe" ----
C:\Program Files\AxiSoftware\LiveUpdate\Axilog.AxiLive.Service.AxilogUpdate.exe ---- 0 Ko ---- Normal ---- "C:\Program Files\AxiSoftware\LiveUpdate\Axilog.AxiLive.Service.AxilogUpdate.exe" ----
C:\Ariane\Ariane\Ariane.exe ---- 0 Ko ---- Normal ---- "C:\Ariane\Ariane\Ariane.exe" ----
C:\Program Files\Java\jre6\bin\jqs.exe ---- 0 Ko ---- Idle ---- "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" ---- Sun Microsystems, Inc.
C:\WINDOWS\system32\nvsvc32.exe ---- 0 Ko ---- Normal ---- C:\WINDOWS\system32\nvsvc32.exe ----
C:\WINDOWS\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k imgsvc ----
C:\Program Files\Linksys\WMP300N\WLService.exe ---- 0 Ko ---- Normal ---- "C:\Program Files\Linksys\WMP300N\WLService.exe" "WMP300N.exe" ----
C:\Program Files\Linksys\WMP300N\WMP300N.exe ---- 0 Ko ---- High ---- WMP300N.exe ----
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ---- 0 Ko ---- Normal ---- "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe" ----
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ---- 0 Ko ---- Normal ---- "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe" ----
C:\WINDOWS\system32\BRMFRSMG.EXE ---- 0 Ko ---- Normal ---- C:\WINDOWS\system32\BRMFRSMG.EXE ----
C:\WINDOWS\system32\wbem\wmiapsrv.exe ---- 0 Ko ---- Normal ---- C:\WINDOWS\system32\wbem\wmiapsrv.exe ----
C:\WINDOWS\System32\alg.exe ---- 0 Ko ---- Normal ---- C:\WINDOWS\System32\alg.exe ----
C:\WINDOWS\System32\svchost.exe ---- 0 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k HTTPFilter ----
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe ---- 0 Ko ---- Normal ---- "C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe" -ymsgr ---- Yahoo! Inc.
C:\Program Files\Fichiers communs\Java\Java Update\jucheck.exe ---- 0 Ko ---- Normal ---- "C:\Program Files\Fichiers communs\Java\Java Update\jucheck.exe" -auto ---- Sun Microsystems, Inc.
C:\WINDOWS\system32\wbem\wmiprvse.exe ---- 0 Ko ---- Normal ---- C:\WINDOWS\system32\wbem\wmiprvse.exe ----
C:\Program Files\Internet Explorer\iexplore.exe ---- 0 Ko ---- Normal ---- "C:\Program Files\Internet Explorer\iexplore.exe" ---- Microsoft Corporation
C:\Program Files\Internet Explorer\iexplore.exe ---- 0 Ko ---- Normal ---- "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1496 CREDAT:79873 ---- Microsoft Corporation
C:\Program Files\Internet Explorer\iexplore.exe ---- 0 Ko ---- Normal ---- "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1496 CREDAT:145411 ---- Microsoft Corporation
C:\WINDOWS\system32\cmd.exe ---- 0 Ko ---- Normal ---- C:\WINDOWS\system32\cmd.exe /K List'em.bat ----
C:\Program Files\List_Kill'em\pv.exe ---- 0 Ko ---- Normal ---- pv -o"%f ---- %m Ko ---- %p ---- %l ---- %s" ----
============
Keys "Run"
============
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe
Messenger (Yahoo!) = "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
swg = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
PaperPort PTD = C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
IndexSearch = C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
PP8 SE Reminder = "C:\Program Files\Scansoft\PaperPort\WebEreg\NAVBrowser.exe" -r "C:\Program Files\Scansoft\PaperPort\WebEreg\navLoad.ini"
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
SunJavaUpdateSched = "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
avgnt = "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
AxilogNotify = C:\Program Files\AxiSoftware\LiveUpdate\AxilogNotifier.exe
AxiDBSafe = C:\Program Files\AxiSoftware\AxiDBSafe\AxiDBSafe.exe
ArianeLU = C:\Ariane\Lanceur\ArianeLU.exe
RTHDCPL = RTHDCPL.EXE
KernelFaultCheck = %systemroot%\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
C est pas mon ordi (cui de ma mere) mais mon frere me dit que ca a commencé par *6 puis L ...etc comme si y faisait des raccourcis tout seul
Sinon voici le rapport :
¤¤¤¤¤¤¤¤¤¤ List'em by g3n-h@ckm@n 2.0.2.9 ¤¤¤¤¤¤¤¤¤¤
User : Marie-do (Administrateurs)
Update on 16/08/2010 by g3n-h@ckm@n ::::: 18.00
Start at: 23:26:04 | 16/08/2010
AMD Athlon(tm) 7750 Dual-Core Processor
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 48,83 Go (32,69 Go free) [Windows] | NTFS
D:\ -> Disque fixe local | 416,92 Go (216,13 Go free) [Disque SATA] | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
Boot: Normal
¤¤¤¤¤¤ Processes ------- Memory(Ko) ------- Priority ------ Command ------- Signer
C:\WINDOWS\System32\smss.exe ---- 0 Ko ---- Normal ---- \SystemRoot\System32\smss.exe ----
C:\WINDOWS\system32\csrss.exe ---- 0 Ko ---- Normal ---- C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ----
C:\WINDOWS\system32\winlogon.exe ---- 0 Ko ---- High ---- winlogon.exe ----
C:\WINDOWS\system32\services.exe ---- 0 Ko ---- Normal ---- C:\WINDOWS\system32\services.exe ----
C:\WINDOWS\system32\lsass.exe ---- 0 Ko ---- Normal ---- C:\WINDOWS\system32\lsass.exe ----
C:\WINDOWS\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\WINDOWS\system32\svchost -k DcomLaunch ----
C:\WINDOWS\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\WINDOWS\system32\svchost -k rpcss ----
C:\WINDOWS\System32\svchost.exe ---- 0 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k netsvcs ----
C:\WINDOWS\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k NetworkService ----
C:\WINDOWS\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k LocalService ----
C:\WINDOWS\Explorer.EXE ---- 0 Ko ---- Normal ---- C:\WINDOWS\Explorer.EXE ----
C:\WINDOWS\system32\brsvc01a.exe ---- 0 Ko ---- Normal ---- C:\WINDOWS\system32\brsvc01a.exe ----
C:\WINDOWS\system32\brss01a.exe ---- 0 Ko ---- Normal ---- brss01a.exe ----
C:\WINDOWS\system32\spoolsv.exe ---- 0 Ko ---- Normal ---- C:\WINDOWS\system32\spoolsv.exe ----
C:\Program Files\Avira\AntiVir Desktop\sched.exe ---- 0 Ko ---- Normal ---- "C:\Program Files\Avira\AntiVir Desktop\sched.exe" ----
C:\WINDOWS\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k LocalService ----
C:\Program Files\Avira\AntiVir Desktop\avguard.exe ---- 0 Ko ---- Normal ---- "C:\Program Files\Avira\AntiVir Desktop\avguard.exe" ----
C:\Program Files\AxiSoftware\AxiDBSafe\AxiDBSafe.exe ---- 0 Ko ---- Normal ---- "C:\Program Files\AxiSoftware\AxiDBSafe\AxiDBSafe.exe" ----
C:\WINDOWS\system32\RUNDLL32.EXE ---- 0 Ko ---- Normal ---- "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit ----
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe ---- 0 Ko ---- Normal ---- "C:\Program Files\Scansoft\PaperPort\pptd40nt.exe" ----
C:\Program Files\QuickTime\qttask.exe ---- 0 Ko ---- Normal ---- "C:\Program Files\QuickTime\qttask.exe" -atboottime ----
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe ---- 0 Ko ---- Normal ---- "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" ---- Sun Microsystems, Inc.
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe ---- 0 Ko ---- Normal ---- "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min ----
C:\Program Files\AxiSoftware\LiveUpdate\AxilogNotifier.exe ---- 0 Ko ---- Normal ---- "C:\Program Files\AxiSoftware\LiveUpdate\AxilogNotifier.exe" ----
C:\WINDOWS\RTHDCPL.EXE ---- 0 Ko ---- Normal ---- "C:\WINDOWS\RTHDCPL.EXE" ---- Realtek Semiconductor Corp
C:\WINDOWS\system32\ctfmon.exe ---- 0 Ko ---- Normal ---- "C:\WINDOWS\system32\ctfmon.exe" ----
C:\Program Files\AxiSoftware\LiveUpdate\Axilog.AxiLive.Service.AxilogUpdate.exe ---- 0 Ko ---- Normal ---- "C:\Program Files\AxiSoftware\LiveUpdate\Axilog.AxiLive.Service.AxilogUpdate.exe" ----
C:\Ariane\Ariane\Ariane.exe ---- 0 Ko ---- Normal ---- "C:\Ariane\Ariane\Ariane.exe" ----
C:\Program Files\Java\jre6\bin\jqs.exe ---- 0 Ko ---- Idle ---- "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" ---- Sun Microsystems, Inc.
C:\WINDOWS\system32\nvsvc32.exe ---- 0 Ko ---- Normal ---- C:\WINDOWS\system32\nvsvc32.exe ----
C:\WINDOWS\system32\svchost.exe ---- 0 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k imgsvc ----
C:\Program Files\Linksys\WMP300N\WLService.exe ---- 0 Ko ---- Normal ---- "C:\Program Files\Linksys\WMP300N\WLService.exe" "WMP300N.exe" ----
C:\Program Files\Linksys\WMP300N\WMP300N.exe ---- 0 Ko ---- High ---- WMP300N.exe ----
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ---- 0 Ko ---- Normal ---- "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe" ----
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ---- 0 Ko ---- Normal ---- "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe" ----
C:\WINDOWS\system32\BRMFRSMG.EXE ---- 0 Ko ---- Normal ---- C:\WINDOWS\system32\BRMFRSMG.EXE ----
C:\WINDOWS\system32\wbem\wmiapsrv.exe ---- 0 Ko ---- Normal ---- C:\WINDOWS\system32\wbem\wmiapsrv.exe ----
C:\WINDOWS\System32\alg.exe ---- 0 Ko ---- Normal ---- C:\WINDOWS\System32\alg.exe ----
C:\WINDOWS\System32\svchost.exe ---- 0 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k HTTPFilter ----
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe ---- 0 Ko ---- Normal ---- "C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe" -ymsgr ---- Yahoo! Inc.
C:\Program Files\Fichiers communs\Java\Java Update\jucheck.exe ---- 0 Ko ---- Normal ---- "C:\Program Files\Fichiers communs\Java\Java Update\jucheck.exe" -auto ---- Sun Microsystems, Inc.
C:\WINDOWS\system32\wbem\wmiprvse.exe ---- 0 Ko ---- Normal ---- C:\WINDOWS\system32\wbem\wmiprvse.exe ----
C:\Program Files\Internet Explorer\iexplore.exe ---- 0 Ko ---- Normal ---- "C:\Program Files\Internet Explorer\iexplore.exe" ---- Microsoft Corporation
C:\Program Files\Internet Explorer\iexplore.exe ---- 0 Ko ---- Normal ---- "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1496 CREDAT:79873 ---- Microsoft Corporation
C:\Program Files\Internet Explorer\iexplore.exe ---- 0 Ko ---- Normal ---- "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1496 CREDAT:145411 ---- Microsoft Corporation
C:\WINDOWS\system32\cmd.exe ---- 0 Ko ---- Normal ---- C:\WINDOWS\system32\cmd.exe /K List'em.bat ----
C:\Program Files\List_Kill'em\pv.exe ---- 0 Ko ---- Normal ---- pv -o"%f ---- %m Ko ---- %p ---- %l ---- %s" ----
============
Keys "Run"
============
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe
Messenger (Yahoo!) = "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
swg = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
PaperPort PTD = C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
IndexSearch = C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
PP8 SE Reminder = "C:\Program Files\Scansoft\PaperPort\WebEreg\NAVBrowser.exe" -r "C:\Program Files\Scansoft\PaperPort\WebEreg\navLoad.ini"
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
SunJavaUpdateSched = "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
avgnt = "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
AxilogNotify = C:\Program Files\AxiSoftware\LiveUpdate\AxilogNotifier.exe
AxiDBSafe = C:\Program Files\AxiSoftware\AxiDBSafe\AxiDBSafe.exe
ArianeLU = C:\Ariane\Lanceur\ArianeLU.exe
RTHDCPL = RTHDCPL.EXE
KernelFaultCheck = %systemroot%\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
la suite pasque povais pas envoyer tout en une fois :
=============
Other Keys
=============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername = 0 (0x0)
legalnoticecaption =
legalnoticetext =
shutdownwithoutlogon = 1 (0x1)
undockwithoutlogon = 1 (0x1)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun = 145 (0x91)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting = 1 (0x1)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS =
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell = 1 (0x1)
DefaultDomainName = MAISON
DefaultUserName = Marie-do
LegalNoticeCaption =
LegalNoticeText =
PowerdownAfterShutdown = 0
ReportBootOk = 1
Shell = Explorer.exe
ShutdownWithoutLogon = 0
System =
Userinit = C:\WINDOWS\system32\userinit.exe,
VmApplet = rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota = -1 (0xffffffff)
allocatecdroms = 0
allocatedasd = 0
allocatefloppies = 0
cachedlogonscount = 10
forceunlocklogon = 0 (0x0)
passwordexpirywarning = 14 (0xe)
scremoveoption = 0
AllowMultipleTSSessions = 1 (0x1)
UIHost = logonui.exe
LogonType = 1 (0x1)
Background = 0 0 0
DebugServerCommand = no
SFCDisable = 0 (0x0)
WinStationsDisabled = 0
HibernationPreviouslyEnabled = 1 (0x1)
ShowLogonOptions = 0 (0x0)
AltDefaultUserName = Marie-do
AltDefaultDomainName = MAISON
===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} =
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\Network Diagnostic\xpnetdiag.exe = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
%windir%\system32\sessmgr.exe = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
C:\Program Files\Internet Explorer\iexplore.exe = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer
C:\Program Files\AxiSoftware\AxiDBSafe\AxiDBSafe.exe = C:\Program Files\AxiSoftware\AxiDBSafe\AxiDBSafe.exe:LocalSubNet:Enabled:AxiDBSafe.exe
C:\Program Files\SopCast\adv\SopAdver.exe = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver
C:\Program Files\SopCast\SopCast.exe = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\Network Diagnostic\xpnetdiag.exe = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
%windir%\system32\sessmgr.exe = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
===============
ActivX controls
===============
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\Garmin Communicator Plug-In]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{32505657-9980-0010-8000-00AA00389B71}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6414512B-B978-451D-A0D8-FCFDF33E833C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{AC414988-E5BB-4C2C-873B-EA53D2F3D23A}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
=============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5056b317-8d4c-43ee-8543-b9d1e234b8f4}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
=====
BHO :
=====
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
===
DNS
===
HKLM\SYSTEM\CCS\Services\Tcpip\..\{5E319C4A-3916-4AE9-B668-5925B6177FBF}: DhcpNameServer=80.10.246.1 81.253.149.10
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5E319C4A-3916-4AE9-B668-5925B6177FBF}: DhcpNameServer=80.10.246.1 81.253.149.10
HKLM\SYSTEM\CS2\Services\Tcpip\..\{5E319C4A-3916-4AE9-B668-5925B6177FBF}: DhcpNameServer=80.10.246.1 81.253.149.10
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=80.10.246.1 81.253.149.10
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=80.10.246.1 81.253.149.10
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=80.10.246.1 81.253.149.10
==================
Internet Explorer :
==================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr/?ocid=iehp
Local Page = C:\WINDOWS\system32\blank.htm
Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.google.fr/?gws_rd=ssl
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = https://www.google.com/?gws_rd=ssl
=================
Internet Settings
=================
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
User Agent = Mozilla/4.0 (compatible; MSIE 8.0; Win32)
IE5_UA_Backup_Flag = 5.0
NoNetAutodial = 0 (0x0)
MigrateProxy = 1 (0x1)
EmailName = IEUser@
AutoConfigProxy = wininet.dll
MimeExclusionListForCache = multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
WarnOnPost = 01000000
UseSchannelDirectly = 01000000
EnableHttp1_1 = 1 (0x1)
PrivacyAdvanced = 0 (0x0)
EnableNegotiate = 1 (0x1)
ProxyEnable = 0 (0x0)
UrlEncoding = 0 (0x0)
SecureProtocols = 160 (0xa0)
PrivDiscUiShown = 1 (0x1)
ZonesSecurityUpgrade = c0c7f2e89fd1c901
DisableCachingOfSSLPages = 0 (0x0)
WarnonZoneCrossing = 0 (0x0)
ProxyHttp1.1 = 1 (0x1)
EnableAutodial = 0 (0x0)
GlobalUserOffline = 0 (0x0)
CertificateRevocation = 0 (0x0)
DisableIDNPrompt = 0 (0x0)
EnablePunycode = 1 (0x1)
ShowPunycode = 0 (0x0)
WarnOnPostRedirect = 1 (0x1)
WarnonBadCertRecving = 1 (0x1)
=============
Other Keys
=============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername = 0 (0x0)
legalnoticecaption =
legalnoticetext =
shutdownwithoutlogon = 1 (0x1)
undockwithoutlogon = 1 (0x1)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun = 145 (0x91)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting = 1 (0x1)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS =
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell = 1 (0x1)
DefaultDomainName = MAISON
DefaultUserName = Marie-do
LegalNoticeCaption =
LegalNoticeText =
PowerdownAfterShutdown = 0
ReportBootOk = 1
Shell = Explorer.exe
ShutdownWithoutLogon = 0
System =
Userinit = C:\WINDOWS\system32\userinit.exe,
VmApplet = rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota = -1 (0xffffffff)
allocatecdroms = 0
allocatedasd = 0
allocatefloppies = 0
cachedlogonscount = 10
forceunlocklogon = 0 (0x0)
passwordexpirywarning = 14 (0xe)
scremoveoption = 0
AllowMultipleTSSessions = 1 (0x1)
UIHost = logonui.exe
LogonType = 1 (0x1)
Background = 0 0 0
DebugServerCommand = no
SFCDisable = 0 (0x0)
WinStationsDisabled = 0
HibernationPreviouslyEnabled = 1 (0x1)
ShowLogonOptions = 0 (0x0)
AltDefaultUserName = Marie-do
AltDefaultDomainName = MAISON
===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} =
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\Network Diagnostic\xpnetdiag.exe = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
%windir%\system32\sessmgr.exe = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
C:\Program Files\Internet Explorer\iexplore.exe = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer
C:\Program Files\AxiSoftware\AxiDBSafe\AxiDBSafe.exe = C:\Program Files\AxiSoftware\AxiDBSafe\AxiDBSafe.exe:LocalSubNet:Enabled:AxiDBSafe.exe
C:\Program Files\SopCast\adv\SopAdver.exe = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver
C:\Program Files\SopCast\SopCast.exe = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\Network Diagnostic\xpnetdiag.exe = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
%windir%\system32\sessmgr.exe = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
===============
ActivX controls
===============
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\Garmin Communicator Plug-In]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{32505657-9980-0010-8000-00AA00389B71}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6414512B-B978-451D-A0D8-FCFDF33E833C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{AC414988-E5BB-4C2C-873B-EA53D2F3D23A}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
=============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5056b317-8d4c-43ee-8543-b9d1e234b8f4}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
=====
BHO :
=====
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
===
DNS
===
HKLM\SYSTEM\CCS\Services\Tcpip\..\{5E319C4A-3916-4AE9-B668-5925B6177FBF}: DhcpNameServer=80.10.246.1 81.253.149.10
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5E319C4A-3916-4AE9-B668-5925B6177FBF}: DhcpNameServer=80.10.246.1 81.253.149.10
HKLM\SYSTEM\CS2\Services\Tcpip\..\{5E319C4A-3916-4AE9-B668-5925B6177FBF}: DhcpNameServer=80.10.246.1 81.253.149.10
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=80.10.246.1 81.253.149.10
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=80.10.246.1 81.253.149.10
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=80.10.246.1 81.253.149.10
==================
Internet Explorer :
==================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr/?ocid=iehp
Local Page = C:\WINDOWS\system32\blank.htm
Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.google.fr/?gws_rd=ssl
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = https://www.google.com/?gws_rd=ssl
=================
Internet Settings
=================
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
User Agent = Mozilla/4.0 (compatible; MSIE 8.0; Win32)
IE5_UA_Backup_Flag = 5.0
NoNetAutodial = 0 (0x0)
MigrateProxy = 1 (0x1)
EmailName = IEUser@
AutoConfigProxy = wininet.dll
MimeExclusionListForCache = multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
WarnOnPost = 01000000
UseSchannelDirectly = 01000000
EnableHttp1_1 = 1 (0x1)
PrivacyAdvanced = 0 (0x0)
EnableNegotiate = 1 (0x1)
ProxyEnable = 0 (0x0)
UrlEncoding = 0 (0x0)
SecureProtocols = 160 (0xa0)
PrivDiscUiShown = 1 (0x1)
ZonesSecurityUpgrade = c0c7f2e89fd1c901
DisableCachingOfSSLPages = 0 (0x0)
WarnonZoneCrossing = 0 (0x0)
ProxyHttp1.1 = 1 (0x1)
EnableAutodial = 0 (0x0)
GlobalUserOffline = 0 (0x0)
CertificateRevocation = 0 (0x0)
DisableIDNPrompt = 0 (0x0)
EnablePunycode = 1 (0x1)
ShowPunycode = 0 (0x0)
WarnOnPostRedirect = 1 (0x1)
WarnonBadCertRecving = 1 (0x1)
et enfin (désoLé)
=========
TaskCache
=========
====
IFEO
====
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\apitrap.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ASSTE.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVSTE.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Cleanup.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cqw32.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\divx.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\divxdec.ax]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DJSMAR00.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DRMINST.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\enc98.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EncodeDivXExt.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EncryptPatchVer.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\front.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fullsoft.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GBROWSER.DLL]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\htmlmarq.ocx]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\htmlmm.ocx]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\install.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ishscan.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ISSTE.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\javai.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\jvm.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\jvm_g.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\main123w.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mngreg32.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msci_uno.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mscoree.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mscorsvr.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mscorwks.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msjava.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mso.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVOPTRF.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NeVideoFX.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NPMLIC.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NSWSTE.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\photohse.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PMSTE.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ppw32hlp.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\printhse.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\prwin8.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ps80.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\psdmt.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\qfinder.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\qpw.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\salwrap.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\setup.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\setup32.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sevinst.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\symlcnet.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tcore_ebook.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TFDTCTT8.DLL]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ua80.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\udtapi.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ums.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vb40032.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbe6.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wpwin8.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\xlmlEN.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\xwsetup.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Your Image File Name Here without a path]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\_INSTPGM.EXE]
===============
File Protection
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Windows File Protection]
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
========
Safemode
========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!
=========
Atapi.sys
=========
C:\WINDOWS\system32\drivers\atapi.sys :
[MD5.9f3a2f5aa6875c72bf062c712cfa2674]
[SHA256.b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]
Référence :
==========
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP1_32b : 95b858761a00e1d4f81f79a0da019aca
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e
=======
Drive :
=======
D'fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.
Rapport d'analyse
48,83 Go total, 32,69 Go libre (66%), 8% fragment' (fragmentation du fichier 17%)
Il ne vous est pas n'cessaire de d'fragmenter ce volume.
============
Mountpoints2
============
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Present !! : C:\WINDOWS\SET3.tmp
Present !! : C:\WINDOWS\SET4.tmp
Present !! : C:\WINDOWS\SET8.tmp
Present !! : C:\WINDOWS\Temp\tmpF.tmp
Present !! : C:\Documents and Settings\Marie-do\LOCAL Settings\Temp\jre-6u21-windows-i586-iftw-rv.exe
Present !! : C:\Documents and Settings\Marie-do\Local Settings\Temporary Internet Files\SuggestedSites.dat
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {0E5CBF21-D15F-11D0-8301-00AA005B4383}
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
FEATURE_BROWSER_EMULATION | svchost :
====================================
============
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-16 23:35:53
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
BIOS signateure not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled = 1 (0x1)
AntiVirusDisableNotify = 0 (0x0)
FirewallDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
AntiVirusOverride = 0 (0x0)
FirewallOverride = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 23:36:43,82
=========
TaskCache
=========
====
IFEO
====
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\apitrap.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ASSTE.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVSTE.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Cleanup.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cqw32.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\divx.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\divxdec.ax]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DJSMAR00.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DRMINST.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\enc98.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EncodeDivXExt.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EncryptPatchVer.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\front.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fullsoft.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GBROWSER.DLL]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\htmlmarq.ocx]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\htmlmm.ocx]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\install.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ishscan.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ISSTE.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\javai.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\jvm.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\jvm_g.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\main123w.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mngreg32.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msci_uno.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mscoree.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mscorsvr.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mscorwks.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msjava.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mso.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVOPTRF.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NeVideoFX.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NPMLIC.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NSWSTE.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\photohse.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PMSTE.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ppw32hlp.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\printhse.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\prwin8.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ps80.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\psdmt.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\qfinder.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\qpw.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\salwrap.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\setup.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\setup32.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sevinst.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\symlcnet.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tcore_ebook.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TFDTCTT8.DLL]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ua80.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\udtapi.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ums.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vb40032.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbe6.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wpwin8.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\xlmlEN.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\xwsetup.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Your Image File Name Here without a path]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\_INSTPGM.EXE]
===============
File Protection
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Windows File Protection]
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
========
Safemode
========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!
=========
Atapi.sys
=========
C:\WINDOWS\system32\drivers\atapi.sys :
[MD5.9f3a2f5aa6875c72bf062c712cfa2674]
[SHA256.b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]
Référence :
==========
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP1_32b : 95b858761a00e1d4f81f79a0da019aca
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e
=======
Drive :
=======
D'fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.
Rapport d'analyse
48,83 Go total, 32,69 Go libre (66%), 8% fragment' (fragmentation du fichier 17%)
Il ne vous est pas n'cessaire de d'fragmenter ce volume.
============
Mountpoints2
============
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Present !! : C:\WINDOWS\SET3.tmp
Present !! : C:\WINDOWS\SET4.tmp
Present !! : C:\WINDOWS\SET8.tmp
Present !! : C:\WINDOWS\Temp\tmpF.tmp
Present !! : C:\Documents and Settings\Marie-do\LOCAL Settings\Temp\jre-6u21-windows-i586-iftw-rv.exe
Present !! : C:\Documents and Settings\Marie-do\Local Settings\Temporary Internet Files\SuggestedSites.dat
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {0E5CBF21-D15F-11D0-8301-00AA005B4383}
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
FEATURE_BROWSER_EMULATION | svchost :
====================================
============
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-16 23:35:53
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
BIOS signateure not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled = 1 (0x1)
AntiVirusDisableNotify = 0 (0x0)
FirewallDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
AntiVirusOverride = 0 (0x0)
FirewallOverride = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 23:36:43,82
moment de grace
Messages postés
29042
Date d'inscription
samedi 6 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
18 juillet 2013
2 274
17 août 2010 à 00:07
17 août 2010 à 00:07
as tu essayé un autre clavier ?
..............
Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :
choisis l'option CLEAN
ton PC va redemarrer,
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
colle le contenu dans ta reponse
..............
Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :
choisis l'option CLEAN
ton PC va redemarrer,
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
colle le contenu dans ta reponse
G pas essayé d'autres claviers, La j en ai pas d autres sous La main mais j essaierai demain.
voici Le rapport kiLLem (encore merci pour ton aide et tes precieux conseiLs)
¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.0.2.9 ¤¤¤¤¤¤¤¤¤¤
User : Marie-do (Administrateurs)
Update on 16/08/2010 by g3n-h@ckm@n ::::: 18.00
Start at: 00:12:24 | 17/08/2010
AMD Athlon(tm) 7750 Dual-Core Processor
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 48,83 Go (32,73 Go free) [Windows] | NTFS
D:\ -> Disque fixe local | 416,92 Go (216,13 Go free) [Disque SATA] | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ------- Memory(Ko)
C:\WINDOWS\System32\smss.exe ----0 Ko
C:\WINDOWS\system32\csrss.exe ----0 Ko
C:\WINDOWS\system32\winlogon.exe ----0 Ko
C:\WINDOWS\system32\services.exe ----0 Ko
C:\WINDOWS\system32\lsass.exe ----0 Ko
C:\WINDOWS\system32\svchost.exe ----0 Ko
C:\WINDOWS\system32\svchost.exe ----0 Ko
C:\WINDOWS\System32\svchost.exe ----0 Ko
C:\WINDOWS\system32\svchost.exe ----0 Ko
C:\WINDOWS\system32\svchost.exe ----0 Ko
C:\WINDOWS\system32\logonui.exe ----0 Ko
C:\WINDOWS\system32\brsvc01a.exe ----0 Ko
C:\WINDOWS\system32\brss01a.exe ----0 Ko
C:\WINDOWS\system32\spoolsv.exe ----0 Ko
C:\Program Files\Avira\AntiVir Desktop\sched.exe ----0 Ko
C:\WINDOWS\system32\svchost.exe ----0 Ko
C:\WINDOWS\system32\WgaTray.exe ----0 Ko
C:\Program Files\Avira\AntiVir Desktop\avguard.exe ----0 Ko
C:\Program Files\AxiSoftware\AxiDBSafe\AxiDBSafe.exe ----0 Ko
C:\WINDOWS\Explorer.EXE ----0 Ko
C:\WINDOWS\system32\cmd.exe ----0 Ko
C:\Program Files\AxiSoftware\LiveUpdate\Axilog.AxiLive.Service.AxilogUpdate.exe ----0 Ko
C:\Program Files\Google\Update\GoogleUpdate.exe ----0 Ko
C:\Program Files\Java\jre6\bin\jqs.exe ----0 Ko
C:\WINDOWS\system32\nvsvc32.exe ----0 Ko
C:\WINDOWS\system32\svchost.exe ----0 Ko
C:\Program Files\Linksys\WMP300N\WLService.exe ----0 Ko
C:\Program Files\Linksys\WMP300N\WMP300N.exe ----0 Ko
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ----0 Ko
C:\WINDOWS\system32\wuauclt.exe ----0 Ko
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ----0 Ko
C:\WINDOWS\system32\BRMFRSMG.EXE ----0 Ko
C:\WINDOWS\system32\wbem\wmiapsrv.exe ----0 Ko
C:\WINDOWS\system32\wbem\wmiprvse.exe ----0 Ko
C:\WINDOWS\System32\alg.exe ----0 Ko
C:\WINDOWS\system32\wbem\wmiprvse.exe ----0 Ko
C:\Program Files\List_Kill'em\pv.exe ----0 Ko
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\WINDOWS\SET3.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET4.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET8.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\tmpF.tmp
=======
Hosts :
=======
127.0.0.1 localhost
========
Registry
========
Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {0E5CBF21-D15F-11D0-8301-00AA005B4383}
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
=================
Internet Explorer
=================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr/?ocid=iehp
Local Page = C:\WINDOWS\system32\blank.htm
Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.google.com/?gws_rd=ssl
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
===============
Security Center
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled = 1 (0x1)
AntiVirusDisableNotify = 0 (0x0)
FirewallDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
AntiVirusOverride = 1 (0x1)
FirewallOverride = 1 (0x1)
========
Services
=========
Ndisuio : Start = 3
EapHost : Start = 2
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2
============
Disk Cleaned
anti-ver blaster : OK
Prefetch cleaned
================
FEATURE_BROWSER_EMULATION | svchost :
====================================
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
kernel: MBR read successfully
user & kernel MBR OK
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
voici Le rapport kiLLem (encore merci pour ton aide et tes precieux conseiLs)
¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.0.2.9 ¤¤¤¤¤¤¤¤¤¤
User : Marie-do (Administrateurs)
Update on 16/08/2010 by g3n-h@ckm@n ::::: 18.00
Start at: 00:12:24 | 17/08/2010
AMD Athlon(tm) 7750 Dual-Core Processor
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 48,83 Go (32,73 Go free) [Windows] | NTFS
D:\ -> Disque fixe local | 416,92 Go (216,13 Go free) [Disque SATA] | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ------- Memory(Ko)
C:\WINDOWS\System32\smss.exe ----0 Ko
C:\WINDOWS\system32\csrss.exe ----0 Ko
C:\WINDOWS\system32\winlogon.exe ----0 Ko
C:\WINDOWS\system32\services.exe ----0 Ko
C:\WINDOWS\system32\lsass.exe ----0 Ko
C:\WINDOWS\system32\svchost.exe ----0 Ko
C:\WINDOWS\system32\svchost.exe ----0 Ko
C:\WINDOWS\System32\svchost.exe ----0 Ko
C:\WINDOWS\system32\svchost.exe ----0 Ko
C:\WINDOWS\system32\svchost.exe ----0 Ko
C:\WINDOWS\system32\logonui.exe ----0 Ko
C:\WINDOWS\system32\brsvc01a.exe ----0 Ko
C:\WINDOWS\system32\brss01a.exe ----0 Ko
C:\WINDOWS\system32\spoolsv.exe ----0 Ko
C:\Program Files\Avira\AntiVir Desktop\sched.exe ----0 Ko
C:\WINDOWS\system32\svchost.exe ----0 Ko
C:\WINDOWS\system32\WgaTray.exe ----0 Ko
C:\Program Files\Avira\AntiVir Desktop\avguard.exe ----0 Ko
C:\Program Files\AxiSoftware\AxiDBSafe\AxiDBSafe.exe ----0 Ko
C:\WINDOWS\Explorer.EXE ----0 Ko
C:\WINDOWS\system32\cmd.exe ----0 Ko
C:\Program Files\AxiSoftware\LiveUpdate\Axilog.AxiLive.Service.AxilogUpdate.exe ----0 Ko
C:\Program Files\Google\Update\GoogleUpdate.exe ----0 Ko
C:\Program Files\Java\jre6\bin\jqs.exe ----0 Ko
C:\WINDOWS\system32\nvsvc32.exe ----0 Ko
C:\WINDOWS\system32\svchost.exe ----0 Ko
C:\Program Files\Linksys\WMP300N\WLService.exe ----0 Ko
C:\Program Files\Linksys\WMP300N\WMP300N.exe ----0 Ko
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ----0 Ko
C:\WINDOWS\system32\wuauclt.exe ----0 Ko
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ----0 Ko
C:\WINDOWS\system32\BRMFRSMG.EXE ----0 Ko
C:\WINDOWS\system32\wbem\wmiapsrv.exe ----0 Ko
C:\WINDOWS\system32\wbem\wmiprvse.exe ----0 Ko
C:\WINDOWS\System32\alg.exe ----0 Ko
C:\WINDOWS\system32\wbem\wmiprvse.exe ----0 Ko
C:\Program Files\List_Kill'em\pv.exe ----0 Ko
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\WINDOWS\SET3.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET4.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET8.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\tmpF.tmp
=======
Hosts :
=======
127.0.0.1 localhost
========
Registry
========
Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {0E5CBF21-D15F-11D0-8301-00AA005B4383}
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
=================
Internet Explorer
=================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr/?ocid=iehp
Local Page = C:\WINDOWS\system32\blank.htm
Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.google.com/?gws_rd=ssl
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
===============
Security Center
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled = 1 (0x1)
AntiVirusDisableNotify = 0 (0x0)
FirewallDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
AntiVirusOverride = 1 (0x1)
FirewallOverride = 1 (0x1)
========
Services
=========
Ndisuio : Start = 3
EapHost : Start = 2
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2
============
Disk Cleaned
anti-ver blaster : OK
Prefetch cleaned
================
FEATURE_BROWSER_EMULATION | svchost :
====================================
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
kernel: MBR read successfully
user & kernel MBR OK
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
moment de grace
Messages postés
29042
Date d'inscription
samedi 6 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
18 juillet 2013
2 274
17 août 2010 à 00:39
17 août 2010 à 00:39
G pas essayé d'autres claviers, La j en ai pas d autres sous La main mais j essaierai demain.
oui tiens moi au courant
oui tiens moi au courant
moment de grace
Messages postés
29042
Date d'inscription
samedi 6 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
18 juillet 2013
2 274
17 août 2010 à 22:22
17 août 2010 à 22:22
résolu
bonne continuation
bonne continuation