Sujet Précédent Sujet Suivant

Problème antivirus

Fermé
cricri - 20 nov. 2010 à 16:11
 cricri - 41 - 24 nov. 2010 à 23:13
Bonjour,

j'ai un problème, je ne peux plus télécharger d'antivirus. En regardant les forums j'ai découvert combofix et l'ai utilisé. j'ai un rapport d'erreurs que je dois poster mais je ne sais pas comment cela se fait.
pouvez vous m'aider.
merci beaucoup.
A voir également:

36 réponses

  • 1
  • 2
Réponse 1 / 36
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
20 nov. 2010 à 16:13
salut

un copier coller içi
0
Réponse 2 / 36
cricri -41 Messages postés 12 Date d'inscription samedi 20 novembre 2010 Statut Membre Dernière intervention 22 novembre 2010
20 nov. 2010 à 16:30
bonjour Benurr,

ci-dessous rapport combofix.
merci pour votre aide.
omboFix 10-11-19.04 - HP_Administrateur 20/11/2010 15:38:42.1.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.959.316 [GMT 1:00]
Lancé depuis: c:\documents and settings\HP_Administrateur\Mes documents\Téléchargements\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\HotbarSA
c:\documents and settings\All Users\Application Data\HotbarSA\HotbarSA.dat
c:\documents and settings\All Users\Application Data\HotbarSA\HotbarSA_kyf.dat
c:\documents and settings\All Users\Application Data\HotbarSA\HotbarSAAbout.mht
c:\documents and settings\All Users\Application Data\HotbarSA\HotbarSAau.dat
c:\documents and settings\All Users\Application Data\HotbarSA\HotbarSAEula.mht
c:\documents and settings\HP_Administrateur\Application Data\ShoppingReport
c:\documents and settings\HP_Administrateur\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\HP_Administrateur\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\HP_Administrateur\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\HP_Administrateur\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\HP_Administrateur\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\HP_Administrateur\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\HP_Administrateur\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
c:\documents and settings\HP_Administrateur\Application Data\WeatherDPA
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\keimi.dat
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\keimi.exe
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\keimi_nav.dat
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\keimi_navps.dat
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\kukigcy.dat
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\kukigcy.exe
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\kukigcy_nav.dat
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\kukigcy_navps.dat
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\ygkiyma.dat
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\ygkiyma_navps.dat
c:\documents and settings\HP_Administrateur\Menu Démarrer\Programmes\Adzgalore Games Collection
c:\documents and settings\HP_Administrateur\Menu Démarrer\Programmes\Adzgalore Games Collection\Bob and Bill adventures - Wild Hunting.lnk
c:\documents and settings\HP_Administrateur\Menu Démarrer\Programmes\Adzgalore Games Collection\Crazy Blocks.lnk
c:\documents and settings\HP_Administrateur\Menu Démarrer\Programmes\Adzgalore Games Collection\Lines.lnk
c:\documents and settings\HP_Administrateur\Menu Démarrer\Programmes\Adzgalore Games Collection\The Battles Of Helicopters.lnk
c:\documents and settings\HP_Administrateur\Menu Démarrer\Programmes\Adzgalore Games Collection\Video Pool.lnk
c:\program files\Adzgalore Games Collection
c:\program files\Adzgalore Games Collection\BattlesOfHelicopters.exe
c:\program files\Adzgalore Games Collection\BobAndBill.exe
c:\program files\Adzgalore Games Collection\CrazyBlocks.exe
c:\program files\Adzgalore Games Collection\Lines.exe
c:\program files\Adzgalore Games Collection\uninstall.exe
c:\program files\Adzgalore Games Collection\VideoPool.exe
c:\program files\Internet Explorer\SET55F.tmp
c:\program files\Mozilla Firefox\components\nsadzgalore.dll
c:\program files\ShoppingReport
c:\program files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
c:\program files\ShoppingReport\Uninst.exe
c:\windows\cookies.ini
c:\windows\pack.epk
c:\windows\system32\_004837_.tmp.dll
c:\windows\system32\_004838_.tmp.dll
c:\windows\system32\_004839_.tmp.dll
c:\windows\system32\_004840_.tmp.dll
c:\windows\system32\_004847_.tmp.dll
c:\windows\system32\_004848_.tmp.dll
c:\windows\system32\_004849_.tmp.dll
c:\windows\system32\_004850_.tmp.dll
c:\windows\system32\_004852_.tmp.dll
c:\windows\system32\_004853_.tmp.dll
c:\windows\system32\_004856_.tmp.dll
c:\windows\system32\_004857_.tmp.dll
c:\windows\system32\_004859_.tmp.dll
c:\windows\system32\_004860_.tmp.dll
c:\windows\system32\_004861_.tmp.dll
c:\windows\system32\_004863_.tmp.dll
c:\windows\system32\_004866_.tmp.dll
c:\windows\system32\_004867_.tmp.dll
c:\windows\system32\_004871_.tmp.dll
c:\windows\system32\_004872_.tmp.dll
c:\windows\system32\_004874_.tmp.dll
c:\windows\system32\_004877_.tmp.dll
c:\windows\system32\_004879_.tmp.dll
c:\windows\system32\_004880_.tmp.dll
c:\windows\system32\_004881_.tmp.dll
c:\windows\system32\_004882_.tmp.dll
c:\windows\system32\_004883_.tmp.dll
c:\windows\system32\_004886_.tmp.dll
c:\windows\system32\_004887_.tmp.dll
c:\windows\system32\_004888_.tmp.dll
c:\windows\system32\_004889_.tmp.dll
c:\windows\system32\_004890_.tmp.dll
c:\windows\system32\_004895_.tmp.dll
c:\windows\system32\_004897_.tmp.dll
c:\windows\system32\afbrorfrsnbex.dll-uninst.exe
c:\windows\system32\cont_adzgalore-remove.exe
c:\windows\system32\D3DPMESH32.DLL
c:\windows\system32\d3dx9_323232.dll
c:\windows\system32\DBGENG32.DLL
c:\windows\system32\DBMSRPCN32.DLL
c:\windows\system32\DDRAWEX32.DLL
c:\windows\system32\deskadp32.dll
c:\windows\system32\devmgr32.dll
c:\windows\system32\dfrgsnap32.dll
c:\windows\system32\DHCPCSVC32.DLL
c:\windows\system32\DIGEST32.DLL
c:\windows\system32\DINPUT32.DLL
c:\windows\system32\DPWSOCK32.DLL
c:\windows\system32\DPWSOCKX32.DLL
c:\windows\system32\DS16GT32.DLL
c:\windows\system32\faultrep32.dll
c:\windows\system32\fxsxp3232.dll
c:\windows\system32\gdi3232.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Legacy_USNJSVC
-------\Service_Boonty Games
-------\Service_usnjsvc


((((((((((((((((((((((((((((( Fichiers créés du 2010-10-20 au 2010-11-20 ))))))))))))))))))))))))))))))))))))
.

2010-11-20 14:19 . 2010-11-20 14:19 -------- d-----w- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\PackageAware
2010-11-20 09:30 . 2010-11-20 09:30 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\GlarySoft
2010-11-20 09:25 . 2010-11-20 09:25 -------- d-----w- c:\program files\Glary Utilities
2010-11-19 20:14 . 2010-11-19 20:30 -------- d-----w- c:\program files\Zylom Games
2010-11-18 20:40 . 2010-11-18 20:40 -------- d-----w- c:\program files\musicMe
2010-11-18 20:40 . 2010-11-18 20:40 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp
2010-11-18 18:28 . 2010-11-18 18:28 -------- d-----w- c:\program files\Alwil Software
2010-11-18 17:47 . 2010-11-18 17:47 917504 ----a-w- c:\windows\system32\FLASH.OCX
2010-11-18 08:24 . 2010-11-18 20:40 -------- d-----w- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\ConduitEngine
2010-11-18 08:24 . 2010-11-18 08:24 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2010-11-16 22:33 . 2010-11-16 22:33 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-16 22:26 . 2010-11-16 22:26 -------- d-----w- c:\program files\CCleaner
2010-11-16 22:26 . 2010-11-16 22:26 -------- d-----w- C:\Zylom
2010-11-16 22:24 . 2010-11-16 22:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Merscom
2010-11-16 22:24 . 2010-11-20 13:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-11-16 22:12 . 2010-11-16 22:39 2748 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-11-04 21:01 . 2010-11-05 21:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Farm Fishes
2010-11-02 20:56 . 2010-11-02 20:56 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\RealArcade
2010-10-24 19:09 . 2010-10-24 19:11 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Brunhilda_real

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
.

------- Sigcheck -------

[7] 2008-04-14 . BE0CB143FA427D93440DED18DB8C918B . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2005-08-22 . 0D55724D88488BBFC53BC2EA219240F3 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 0D55724D88488BBFC53BC2EA219240F3 . 197632 . . [5.1.2600.2743] . . c:\windows\system32\netman.dll
[-] 2005-08-22 . 31748843AD5811351B115CC52CEA8D77 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll

[7] 2008-04-14 . 460E4CE148BD07218DA0B6A3D31885A9 . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\system32\spoolsv.exe

[7] 2008-07-07 20:31 . A5B1B7C76134329AA7547F6E6DA35410 . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
[7] 2008-07-07 20:28 . EC16AE9B37EACF871629227A3F3913FD . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[7] 2008-07-07 20:28 . EC16AE9B37EACF871629227A3F3913FD . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[7] 2008-07-07 20:24 . 157F9C595FD0D10502497DC4C1348D17 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[7] 2008-07-07 20:18 . 74ECF4DDC685BD3249CAB323405FCC49 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[7] 2008-04-14 02:33 . 9FD4A0615BF3E9388A46EDF8774C7294 . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2005-07-26 11:29 . B56B69129181FF63BAED5EDE65DCC9B1 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll

[7] 2008-04-14 . 5C64008E661307C4A3C3C25D9086CDE7 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2005-09-01 . D9BD4CCA0533401B6609E47FF74F40DC . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . 8D9A075C065DFE1228688D10155D6624 . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] 2005-09-01 . 8D9A075C065DFE1228688D10155D6624 . 19968 . . [5.1.2600.2751] . . c:\windows\system32\linkinfo.dll

[7] 2008-04-14 . 8E5231171AD6595FF002E848CC54FCD7 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2005-07-08 . C9FA05D271A0066764FE75BE38E24D69 . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . 720DA0C9DB8996AD9B7F5164B2242DAA . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] 2005-07-08 . 720DA0C9DB8996AD9B7F5164B2242DAA . 249344 . . [5.1.2600.2716] . . c:\windows\system32\tapisrv.dll

[7] 2008-04-14 . E853F84D3CE2FAA2A802E33CF89AC023 . 579584 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2007-03-08 . 4D88AAF39ADABFE45958EA1384E2C4FF . 579072 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . 753354F594809A9B96F73999B435A533 . 578560 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2007-03-08 . 753354F594809A9B96F73999B435A533 . 578560 . . [5.1.2600.3099] . . c:\windows\system32\user32.dll
[-] 2005-03-02 . C34920EB988CE98910BD6B0417F334EB . 578048 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll

[7] 2008-04-14 . F2317622D29F9FF0F88AEECD5F60F0DD . 1037824 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . D0288319660EDCFED07C7E74C4EA38A5 . 1037312 . . [6.00.2900.3156] . . c:\windows\explorer.exe
[-] 2007-06-13 . D0288319660EDCFED07C7E74C4EA38A5 . 1037312 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2007-06-13 . B795475444D6D57A572C14B9E1A29839 . 1037312 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

[7] 2008-04-14 . 9245FAF86A8235D5290A23C010DABD43 . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
[-] 2005-07-26 . 1C43C758C54C768250107F4C5D7CA054 . 1284608 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\ole32.dll
[-] 2005-07-26 . 1C43C758C54C768250107F4C5D7CA054 . 1284608 . . [5.1.2600.2726] . . c:\windows\system32\ole32.dll
[-] 2005-07-26 . EED987351DDEB1B8AE7892A9AAEFF453 . 1285632 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll

[7] 2008-04-14 . B9F20D71E5B6CE89A7A94B38351FDBDC . 135680 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2006-12-19 . D7DFBD1EFA149EC158363B974DAE0C6B . 135168 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . D7DFBD1EFA149EC158363B974DAE0C6B . 135168 . . [6.00.2900.3051] . . c:\windows\system32\shsvcs.dll
[-] 2006-12-19 . 1839CDF416A5AA8BF2EFE377F57452CC . 135680 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll

[7] 2008-04-14 . 710BC85A8C22626EE094439E3EA0D38C . 297984 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2005-03-10 . 70921DE4C83652DC301A05F0CC46C985 . 297984 . . [5.1.2600.2627] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
[-] 2005-03-10 . 70921DE4C83652DC301A05F0CC46C985 . 297984 . . [5.1.2600.2627] . . c:\windows\system32\termsrv.dll

c:\windows\System32\es.dll ... manque !!
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "c:\program files\AGI\common\agcutils.dll" [2010-11-20 43520]

[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
[HKEY_CLASSES_ROOT\agcutils.AGSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{647B16D8-AD7B-4983-82D7-82A270FC9E6D}]
[HKEY_CLASSES_ROOT\agcutils.AGSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}]
2010-11-20 13:57 43520 ----a-w- c:\program files\AGI\common\agcutils.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]
2008-10-24 18:30 277648 ----a-w- c:\program files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= "c:\program files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll" [2008-10-24 277648]

[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= "c:\program files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll" [2008-10-24 277648]

[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2010-09-24 1786168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"ftutil2"="ftutil2.dll" [2004-06-07 106496]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-20 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]

c:\documents and settings\Default User\Menu D'marrer\Programmes\D'marrage\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-9-19 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-9-19 27136]

c:\documents and settings\Default User\Menu D'marrer\Programmes\D'marrage\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-9-19 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-9-19 27136]

c:\documents and settings\HP_Administrateur\Menu D'marrer\Programmes\D'marrage\
Notification de cadeaux MSN.lnk - c:\documents and settings\HP_Administrateur\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2009-11-10 135680]
PowerReg Scheduler.exe [2007-2-12 256000]

c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
WiFi Station pour Livebox.lnk - c:\program files\Hercules\WiFi Station pour Livebox\WiFiStationLB.exe [2007-9-19 694272]

c:\documents and settings\Default User\Menu D'marrer\Programmes\D'marrage\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-9-19 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-9-19 27136]

c:\documents and settings\Default User\Menu D'marrer\Programmes\D'marrage\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-9-19 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-9-19 27136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrateur^Menu Démarrer^Programmes^Démarrage^BoontyBox 01net.lnk]
backup=c:\windows\pss\BoontyBox 01net.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiweeHook]
2008-10-24 18:30 56456 ----a-w- c:\program files\Kiwee Toolbar\2.8.167\kwtbaim.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Acrobat3\\Reader\\AcroRd32.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 AGWinService;AG Windows Service;c:\program files\AGI\common\win32\pythonservice.exe [24/10/2008 19:29 10240]
R2 ezntsvc;EasyBits Magic Desktop Services for Windows NT;c:\windows\system32\ezntsvc.exe [20/06/2009 13:38 33792]
S2 gupdate1c9e239a1128f50;Service Google Update (gupdate1c9e239a1128f50);c:\program files\Google\Update\GoogleUpdate.exe [31/05/2009 22:49 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenu du dossier 'Tâches planifiées'

2010-11-20 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-11-20 20:55]

2010-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-31 21:49]

2010-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-31 21:49]
.
.
------- Examen supplémentaire -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\documents and settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\0ehjvxfv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={94BE86A5-9C89-51AE-E600-C97AB24A26F6}&q=
FF - component: c:\documents and settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\0ehjvxfv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{21ab67c4-573e-77c7-e618-267ab4627010}\components\cc8b347f-5682-e153-a7e2-1eb2997d75ae.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\0ehjvxfv.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npgcplug.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll

---- PARAMETRES FIREFOX ----
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www3.searchonthego.net/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www3.searchonthego.net/search.php?q=
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - (no file)
Toolbar-{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - (no file)
WebBrowser-{A8F9752D-E2B8-4E7A-86B5-499F4330E2FE} - (no file)
HKLM-Run-IS CfgWiz - c:\program files\Norton Internet Security\cfgwiz.exe
HKLM-Run-iurcbuqbiutwdkz - c:\windows\system32\buhdsdccvghi.dll
AddRemove-keimi - c:\documents and settings\hp_administrateur\local settings\application data\keimi.exe
AddRemove-kukigcy - c:\documents and settings\hp_administrateur\local settings\application data\kukigcy.exe
AddRemove-McAfee Security Scan - c:\program files\McAfee Security Scan\uninstall.exe
AddRemove-{F70454C6-617C-ED9D-7C55-471F3F5F0BE3} - c:\windows\system32\afbrorfrsnbex.dll-uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-20 15:50
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø*€|ÿÿÿÿ*€|ù*9~*]
"C040210900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(772)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1840)
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\arservice.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\ARPWRMSG.EXE
c:\windows\eHome\ehmsas.exe
c:\program files\Java\jre1.6.0_06\bin\jucheck.exe
.
**************************************************************************
.
Heure de fin: 2010-11-20 15:55:20 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-11-20 14:55

Avant-CF: 156 737 945 600 octets libres
Après-CF: 159 146 881 024 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=,1,2,3,4
- - End Of File - - F2A9EA19EF5E1A12F3EEA29C0845FCF8
0
Réponse 3 / 36
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
20 nov. 2010 à 16:35
Télécharge Ad-Remover sur ton bureau:

http://www.teamxscript.org/adremoverTelechargement.html

Double clique sur le fichier que tu viens de télécharger, à l'écran qui apparait, clique sur "Scanner".
Laisse travailler l'outil.
Poste le rapport qui s'affiche à l'écran quand l'analyse est terminée.
0
Réponse 4 / 36
cricri -41 Messages postés 12 Date d'inscription samedi 20 novembre 2010 Statut Membre Dernière intervention 22 novembre 2010
20 nov. 2010 à 16:49
et voilà

======= RAPPORT D'AD-REMOVER 2.0.0.2,B | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 11/11/10 à 11:40
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 16:47:52 le 20/11/2010, Mode normal

Microsoft Windows XP Professionnel Service Pack 3 (X86)
HP_Administrateur@NOM-FB9B15D2723 ( )

============== RECHERCHE ==============


Fichier trouvé: C:\WINDOWS\system32\715174c8-cb92-1ee6-ac57-9a89c4d59fda.exe
Fichier trouvé: C:\WINDOWS\system32\manspybsplrwlah.exe
Fichier trouvé: C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\FireFox\Profiles\0ehjvxfv.default\searchplugins\Yoog Search.xml
Dossier trouvé: C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Conduit
Dossier trouvé: C:\Program Files\Conduit
Dossier trouvé: C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\ConduitEngine
Dossier trouvé: C:\Documents and Settings\All Users\Application Data\GamesBar
Dossier trouvé: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\GamesBar
Dossier trouvé: C:\Documents and Settings\All Users\Application Data\Trymedia
Dossier trouvé: C:\Documents and Settings\HP_Administrateur\Application Data\AGI
Dossier trouvé: C:\Documents and Settings\All Users\Application Data\AGI
Dossier trouvé: C:\Program Files\AGI
Dossier trouvé: C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar
Dossier trouvé: C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Kiwee Toolbar
Dossier trouvé: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Kiwee Toolbar
Dossier trouvé: C:\Program Files\Kiwee Toolbar
Dossier trouvé: C:\Program Files\Mozilla FireFox\Extensions\{21ab67c4-573e-77c7-e618-267ab4627010}
Fichier trouvé: C:\WINDOWS\system32\fdc25c53-b5bf-3add-ac96-caa6db73a9fc.dll

-- Fichier ouvert: C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\FireFox\Profiles\0ehjvxfv.default\Prefs.js --
Ligne trouvée: user_pref("browser.search.defaultenginename", "Fast Browser Search");
Ligne trouvée: user_pref("browser.search.defaulturl", "hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&...
Ligne trouvée: user_pref("browser.search.order.1", "Fast Browser Search");
Ligne trouvée: user_pref("browser.search.selectedEngine", "Fast Browser Search");
Ligne trouvée: user_pref("keyword.URL", "hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={94B...
-- Fichier Fermé --


-- Fichier ouvert: C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\FireFox\Profiles\0ehjvxfv.default\User.js --
Ligne trouvée: user_pref("browser.search.selectedEngine", "Yoog Search");
Ligne trouvée: user_pref("browser.search.defaultenginename", "Yoog Search");
-- Fichier Fermé --


Clé trouvée: HKLM\Software\Classes\CLSID\{0dfebfe1-6efe-0b3c-59d6-8e472a117ef3}
Clé trouvée: HKLM\Software\Classes\CLSID\{3B370F57-CE77-4F91-F906-0E174A19232D}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B370F57-CE77-4F91-F906-0E174A19232D}
Clé trouvée: HKLM\Software\Classes\CLSID\{4260e0cc-0f75-462e-88a3-1e05c248bf4c}
Clé trouvée: HKLM\Software\Classes\AppID\{E142D053-7023-4B33-AF22-91F14202142D}
Clé trouvée: HKLM\Software\Classes\CLSID\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}
Clé trouvée: HKLM\Software\Classes\CLSID\{6E15D3C4-C6FC-4F02-B130-77CC5B1F09DB}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6E15D3C4-C6FC-4F02-B130-77CC5B1F09DB}
Clé trouvée: HKLM\Software\Classes\CLSID\{A3C5635E-1202-E0C9-F6A9-4041711278E9}
Clé trouvée: HKLM\Software\Classes\CLSID\{E03BAFDC-EB9D-4C35-A7A2-AB6C62FF0A68}
Clé trouvée: HKLM\Software\Classes\CLSID\{E6375F37-E4D1-4F51-B651-4658C27AC5BF}
Clé trouvée: HKLM\Software\Classes\AppID\{A5461FCA-320C-4D6F-A150-A53823CE8142}
Clé trouvée: HKLM\Software\Classes\Interface\{3E16A203-C0AA-4D44-ACC5-38A70A8C76DA}
Clé trouvée: HKLM\Software\Classes\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}
Clé trouvée: HKLM\Software\Classes\TypeLib\{C7403C30-3644-43D8-A82F-4BD84B9682D9}
Clé trouvée: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\715174c8-cb92-1ee6-ac57-9a89c4d59fda
Clé trouvée: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\manspybsplrwlah
Clé trouvée: HKLM\Software\Classes\AG.MediaPlayerCOM
Clé trouvée: HKLM\Software\Classes\KiweeIEToolbar.KiweeToolbar
Clé trouvée: HKLM\Software\Classes\KiweeIEToolbar.KiweeToolbar.1
Clé trouvée: HKLM\Software\Classes\KiweeIEToolbar.ToolbarInfo
Clé trouvée: HKLM\Software\Classes\KiweeIEToolbar.ToolbarInfo.1
Clé trouvée: HKLM\Software\Classes\Oberontb.Band
Clé trouvée: HKLM\Software\Classes\Oberontb.Band.1
Clé trouvée: HKLM\Software\Classes\oberontb.GamesBarBHO
Clé trouvée: HKLM\Software\Classes\oberontb.GamesBarBHO.1
Clé trouvée: HKLM\Software\AGI
Clé trouvée: HKLM\Software\Conduit
Clé trouvée: HKLM\Software\conduitEngine
Clé trouvée: HKLM\Software\GamesBar
Clé trouvée: HKLM\Software\GamesBarSetup
Clé trouvée: HKLM\Software\PopCap
Clé trouvée: HKLM\Software\Trymedia Systems
Clé trouvée: HKCU\Software\AGI
Clé trouvée: HKCU\Software\Binary Noise\mPlayer\kiwee_toolbar_installer.exe
Clé trouvée: HKCU\Software\Conduit
Clé trouvée: HKCU\Software\conduitEngine
Clé trouvée: HKCU\Software\GamesBar
Clé trouvée: HKCU\Software\PopCap
Clé trouvée: HKCU\Software\AppDataLow\3aaedf5f-2dee-9982-b0d8-8a925ce5d64e
Clé trouvée: HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\KiweeHook
Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A61C2F91-EDCA-47C1-B0E1-E149FBE26EB1}
Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E08E2846-77C2-4598-9652-4F6A0AF1E65E}
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{765D15CB-F519-4088-A948-252100B60EDB}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{23A287DB-449A-462F-BDE1-8635A61671CE}
Clé trouvée: HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\E6A6A4A475FCE37F8B5AC2F1244DEB2BFCA5615A
Clé trouvée: HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7EE743314C844C7F445B8B1D7617612DF1FDD50F
Clé trouvée: HKLM\Software\Microsoft\Code Store Database\Distribution Units\CabBuilder

Valeur trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0|goicfboogidikkejccmclpieicihhlpo jimddp
Valeur trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0|goicfboogidikkejccmclpieicihhlpo hpfanicgkffmccehnpkikogcffaepkfp
Valeur trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0|goicfboogidikkejccmclpieicihhlpo dgnckdmmolaijpbbakmplfhlfpdhglgc
Valeur trouvée: HKLM\Software\Mozilla\Firefox\Extensions|toolbar@kiwee.com
Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Valeur trouvée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}
Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}


============== SCAN ADDITIONNEL ==============

** Mozilla Firefox Version [3.6.12 (fr)] **

-- C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\FireFox\Profiles\0ehjvxfv.default\User.js --
browser.search.selectedEngine, Yoog Search
keyword.URL, hxxp://www3.searchonthego.net/search.php?q=
browser.search.defaultenginename, Yoog Search
browser.search.defaulturl, hxxp://www3.searchonthego.net/search.php?q=

-- C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\FireFox\Profiles\0ehjvxfv.default\Prefs.js --
browser.download.lastDir, C:\\Documents and Settings\\HP_Administrateur\\Mes documents\\FLO\\photo flo
browser.search.defaultenginename, Fast Browser Search
browser.search.defaulturl, hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
browser.search.selectedEngine, Fast Browser Search
browser.startup.homepage, hxxp://www.google.fr/
browser.startup.homepage_override.mstone, rv:1.9.2.12
keyword.URL, hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={94BE86A5-9C89-51AE-E600-C97AB24A26F6...

========================================

** Internet Explorer Version [6.0.2900.5512] **

[HKCU\Software\Microsoft\Internet Explorer\Main]
Default_Search_URL: hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Show_ToolBar: yes
Start Page: about:blank
Use Custom Search URL: 1
Use Search Asst: no

[HKLM\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=64&bd=PAVILION&pf=desktop

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Blank: res://mshtml.dll/blank.htm

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 1 Fichier(s)

C:\Ad-Report-SCAN[1].txt - 20/11/2010 (7601 Octet(s))

Fin à: 16:48:41, 20/11/2010

============== E.O.F ==============
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 36
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
20 nov. 2010 à 18:26
Nettoyage:

/!\ Ferme toutes tes applications ouvertes. /!\

Double clique sur le fichier que tu viens de télécharger, à l'écran qui apparait, clique sur "Nettoyer".
Laisse travailler l'outil.
Poste le rapport qui s'affiche à l'écran quand l'analyse est terminée.
0
Réponse 6 / 36
cricri -41 Messages postés 12 Date d'inscription samedi 20 novembre 2010 Statut Membre Dernière intervention 22 novembre 2010
20 nov. 2010 à 19:07
======= RAPPORT D'AD-REMOVER 2.0.0.2,B | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 11/11/10 à 11:40
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 19:00:36 le 20/11/2010, Mode normal

Microsoft Windows XP Professionnel Service Pack 3 (X86)
HP_Administrateur@NOM-FB9B15D2723 ( )

============== ACTION(S) ==============


Fichier supprimé: C:\WINDOWS\system32\715174c8-cb92-1ee6-ac57-9a89c4d59fda.exe
Fichier supprimé: C:\WINDOWS\system32\manspybsplrwlah.exe
Fichier supprimé: C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\FireFox\Profiles\0ehjvxfv.default\searchplugins\Yoog Search.xml
Dossier supprimé: C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Conduit
Dossier supprimé: C:\Program Files\Conduit
Dossier supprimé: C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\ConduitEngine
Dossier supprimé: C:\Documents and Settings\All Users\Application Data\GamesBar
Dossier supprimé: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\GamesBar
Dossier supprimé: C:\Documents and Settings\All Users\Application Data\Trymedia
Dossier supprimé: C:\Documents and Settings\HP_Administrateur\Application Data\AGI
Dossier supprimé: C:\Documents and Settings\All Users\Application Data\AGI
Dossier supprimé: C:\Program Files\AGI
Dossier supprimé: C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar
Dossier supprimé: C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Kiwee Toolbar
Dossier supprimé: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Kiwee Toolbar
Dossier supprimé: C:\Program Files\Kiwee Toolbar
Dossier supprimé: C:\Program Files\Mozilla FireFox\Extensions\{21ab67c4-573e-77c7-e618-267ab4627010}
Fichier supprimé: C:\WINDOWS\system32\fdc25c53-b5bf-3add-ac96-caa6db73a9fc.dll

(!) -- Fichiers temporaires supprimés.


-- Fichier ouvert: C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\FireFox\Profiles\0ehjvxfv.default\Prefs.js --
Ligne supprimée:
Ligne supprimée:
Ligne supprimée: user_pref("browser.search.defaultenginename", "Fast Browser Search");
Ligne supprimée: user_pref("browser.search.defaulturl", "hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&...
Ligne supprimée: user_pref("browser.search.order.1", "Fast Browser Search");
Ligne supprimée: user_pref("browser.search.selectedEngine", "Fast Browser Search");
Ligne supprimée: user_pref("keyword.URL", "hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={94B...
-- Fichier Fermé --


-- Fichier ouvert: C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\FireFox\Profiles\0ehjvxfv.default\User.js --
Ligne supprimée: user_pref("browser.search.selectedEngine", "Yoog Search");
Ligne supprimée: user_pref("browser.search.defaultenginename", "Yoog Search");
-- Fichier Fermé --


Clé supprimée: HKLM\Software\Classes\CLSID\{0dfebfe1-6efe-0b3c-59d6-8e472a117ef3}
Clé supprimée: HKLM\Software\Classes\CLSID\{3B370F57-CE77-4F91-F906-0E174A19232D}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B370F57-CE77-4F91-F906-0E174A19232D}
Clé supprimée: HKLM\Software\Classes\CLSID\{4260e0cc-0f75-462e-88a3-1e05c248bf4c}
Clé supprimée: HKLM\Software\Classes\AppID\{E142D053-7023-4B33-AF22-91F14202142D}
Clé supprimée: HKLM\Software\Classes\CLSID\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}
Clé supprimée: HKLM\Software\Classes\CLSID\{6E15D3C4-C6FC-4F02-B130-77CC5B1F09DB}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6E15D3C4-C6FC-4F02-B130-77CC5B1F09DB}
Clé supprimée: HKLM\Software\Classes\CLSID\{A3C5635E-1202-E0C9-F6A9-4041711278E9}
Clé supprimée: HKLM\Software\Classes\CLSID\{E03BAFDC-EB9D-4C35-A7A2-AB6C62FF0A68}
Clé supprimée: HKLM\Software\Classes\CLSID\{E6375F37-E4D1-4F51-B651-4658C27AC5BF}
Clé supprimée: HKLM\Software\Classes\AppID\{A5461FCA-320C-4D6F-A150-A53823CE8142}
Clé supprimée: HKLM\Software\Classes\Interface\{3E16A203-C0AA-4D44-ACC5-38A70A8C76DA}
Clé supprimée: HKLM\Software\Classes\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}
Clé supprimée: HKLM\Software\Classes\TypeLib\{C7403C30-3644-43D8-A82F-4BD84B9682D9}
Clé supprimée: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\715174c8-cb92-1ee6-ac57-9a89c4d59fda
Clé supprimée: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\manspybsplrwlah
Clé supprimée: HKLM\Software\Classes\AG.MediaPlayerCOM
Clé supprimée: HKLM\Software\Classes\KiweeIEToolbar.KiweeToolbar
Clé supprimée: HKLM\Software\Classes\KiweeIEToolbar.KiweeToolbar.1
Clé supprimée: HKLM\Software\Classes\KiweeIEToolbar.ToolbarInfo
Clé supprimée: HKLM\Software\Classes\KiweeIEToolbar.ToolbarInfo.1
Clé supprimée: HKLM\Software\Classes\Oberontb.Band
Clé supprimée: HKLM\Software\Classes\Oberontb.Band.1
Clé supprimée: HKLM\Software\Classes\oberontb.GamesBarBHO
Clé supprimée: HKLM\Software\Classes\oberontb.GamesBarBHO.1
Clé supprimée: HKLM\Software\AGI
Clé supprimée: HKLM\Software\Conduit
Clé supprimée: HKLM\Software\conduitEngine
Clé supprimée: HKLM\Software\GamesBar
Clé supprimée: HKLM\Software\GamesBarSetup
Clé supprimée: HKLM\Software\PopCap
Clé supprimée: HKLM\Software\Trymedia Systems
Clé supprimée: HKCU\Software\AGI
Clé supprimée: HKCU\Software\Binary Noise\mPlayer\kiwee_toolbar_installer.exe
Clé supprimée: HKCU\Software\Conduit
Clé supprimée: HKCU\Software\conduitEngine
Clé supprimée: HKCU\Software\GamesBar
Clé supprimée: HKCU\Software\PopCap
Clé supprimée: HKCU\Software\AppDataLow\3aaedf5f-2dee-9982-b0d8-8a925ce5d64e
Clé supprimée: HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\KiweeHook
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A61C2F91-EDCA-47C1-B0E1-E149FBE26EB1}
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E08E2846-77C2-4598-9652-4F6A0AF1E65E}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{765D15CB-F519-4088-A948-252100B60EDB}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{23A287DB-449A-462F-BDE1-8635A61671CE}
Clé supprimée: HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\E6A6A4A475FCE37F8B5AC2F1244DEB2BFCA5615A
Clé supprimée: HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7EE743314C844C7F445B8B1D7617612DF1FDD50F
Clé supprimée: HKLM\Software\Microsoft\Code Store Database\Distribution Units\CabBuilder

Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0|goicfboogidikkejccmclpieicihhlpo jimddp
Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0|goicfboogidikkejccmclpieicihhlpo hpfanicgkffmccehnpkikogcffaepkfp
Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0|goicfboogidikkejccmclpieicihhlpo dgnckdmmolaijpbbakmplfhlfpdhglgc
Valeur supprimée: HKLM\Software\Mozilla\Firefox\Extensions|toolbar@kiwee.com
Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}
Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}


============== SCAN ADDITIONNEL ==============

** Mozilla Firefox Version [3.6.12 (fr)] **

-- C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\FireFox\Profiles\0ehjvxfv.default\User.js --
keyword.URL, hxxp://www3.searchonthego.net/search.php?q=
browser.search.defaulturl, hxxp://www3.searchonthego.net/search.php?q=

-- C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\FireFox\Profiles\0ehjvxfv.default\Prefs.js --
browser.download.lastDir, C:\\Documents and Settings\\HP_Administrateur\\Mes documents\\FLO\\photo flo
browser.startup.homepage, hxxp://www.google.fr/
browser.startup.homepage_override.mstone, rv:1.9.2.12

========================================

** Internet Explorer Version [6.0.2900.5512] **

[HKCU\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Custom Search URL: 1
Use Search Asst: no

[HKLM\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm

========================================

C:\Program Files\Ad-Remover\Quarantine: 1792 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 16 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 20/11/2010 (3039 Octet(s))
C:\Ad-Report-SCAN[1].txt - 20/11/2010 (10129 Octet(s))

Fin à: 19:01:26, 20/11/2010

============== E.O.F ==============
0
Réponse 7 / 36
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
20 nov. 2010 à 19:19
Désactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est détecte a tort comme infection)

Télécharge et installe List&Kill'em et enregistre le sur ton bureau

http://sd-1.archive-host.com/...

double clique ( clic droit "exécuter en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

une fois terminée , clic sur "terminer" et le programme se lancera seul

choisis l'option Search

un icone blanc et noir va s'afficher sur le bureau , il te servira à relancer le programme par la suite.
un autre rouge et noir te servira a désinstaller le prog a la fin de la désinfection.

? laisse travailler l'outil

à l'apparition de la fenêtre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , , il s'auto supprimera a la fin du scan

? Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
0
Réponse 8 / 36
cricri -41 Messages postés 12 Date d'inscription samedi 20 novembre 2010 Statut Membre Dernière intervention 22 novembre 2010
20 nov. 2010 à 20:02
j'ai un souci, j'ai bien le raccourci sur le bureau, je fais (un clic droit
"exécuter en tant qu'administrateur" pour Vista/7)
mais je n'y arrive pas. la seule possibilité est utilisateur actuel (NOM- (lettres + chiffres)\HP ADMINISTRATEUR)
j'ai quand même lancé le programme mais je ne vois pas les icones dont tu parles.

désolée de t'embêter encore.
0
Réponse 9 / 36
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
20 nov. 2010 à 20:06
normalement il aurai du se lancer directement

toi tu est xp lance le avec un double clic
0
Réponse 10 / 36
cricri -41 Messages postés 12 Date d'inscription samedi 20 novembre 2010 Statut Membre Dernière intervention 22 novembre 2010
20 nov. 2010 à 20:20
c'est bon.
voici le rapport
¤¤¤¤¤¤¤¤¤¤ List'em by g3n-h@ckm@n 2.0.0.4 ¤¤¤¤¤¤¤¤¤¤

User : HP_Administrateur (Administrateurs)
Update on 23/05/2010 by g3n-h@ckm@n ::::: 15.00
Start at: 20:09:21 | 20/11/2010

Intel(R) Pentium(R) 4 CPU 3.06GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 6.0.2900.5512
Windows Firewall Status : Disabled

C:\ -> Disque fixe local | 226,14 Go (148,17 Go free) [HP_PAVILION] | NTFS
D:\ -> Disque fixe local | 6,72 Go (815,5 Mo free) [HP_RECOVERY] | FAT32
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
K:\ -> Disque amovible

Boot: Normal
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\ezNTSvc.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hercules\WiFi Station pour Livebox\WiFiStationLB.exe
C:\Documents and Settings\HP_Administrateur\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\WINDOWS\System32\svchost.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\pv.exe

======================
Keys "Run"
======================

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
ccleaner REG_SZ "C:\Program Files\CCleaner\CCleaner.exe" /AUTO

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ehTray REG_SZ C:\WINDOWS\ehome\ehtray.exe
ftutil2 REG_SZ rundll32.exe ftutil2.dll,SetWriteCacheMode
RTHDCPL REG_SZ RTHDCPL.EXE
AlwaysReady Power Message APP REG_SZ ARPWRMSG.EXE
DMAScheduler REG_SZ "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
Recguard REG_SZ C:\WINDOWS\SMINST\RECGUARD.EXE
HPBootOp REG_SZ "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
HP Software Update REG_EXPAND_SZ C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
InstallVisualStyle REG_EXPAND_SZ C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
InstallTheme REG_EXPAND_SZ C:\WINDOWS\Resources\Themes\Royale.theme
DisableRegistryTools REG_DWORD 0 (0x0)

===============

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 323 (0x143)
NoLogoff REG_DWORD 0 (0x0)
NoDriveAutoRun REG_DWORD 67108863 (0x3ffffff)
NoDrives REG_DWORD 0 (0x0)

===============

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDrives REG_DWORD 0 (0x0)
NoDriveAutoRun REG_DWORD 67108863 (0x3ffffff)
NoDriveTypeAutoRun REG_DWORD 323 (0x143)
NoCDBurning REG_DWORD 0 (0x0)

===============

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ

===============

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 0 (0x0)
DefaultUserName REG_SZ HP_Administrateur
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 1 (0x1)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 1 (0x1)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 0 (0x0)
AltDefaultUserName REG_SZ HP_Administrateur
AltDefaultDomainName REG_SZ NOM-FB9B15D2723
DefaultDomainName REG_SZ NOM-FB9B15D2723
AutoAdminLogon REG_SZ 0
DefaultPassword REG_SZ
ChangePasswordUseKerberos REG_DWORD 1 (0x1)
Windows Shell (ezShellStart) REG_SZ C:\WINDOWS\system32\userinit.exe,
LegalNotice Text REG_SZ

===============

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

===============

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{E54729E8-BB3D-4270-9D49-7389EA579090} REG_SZ EasyBits Security Shield Hook - prevents launching insecure programs by kids
UPB:{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ

===============

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Messenger\livecall.exe REG_SZ C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
C:\Acrobat3\Reader\AcroRd32.exe REG_SZ C:\Acrobat3\Reader\AcroRd32.exe:*:Enabled:Acrobat Reader 3.01
C:\Program Files\LimeWire\LimeWire.exe REG_SZ C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
C:\Program Files\MSN Messenger\msnmsgr.exe REG_SZ C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Messenger
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Messenger\livecall.exe REG_SZ C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

===============
ActivX controls
===============

[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\CabBuilder]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}]

===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\KB910393]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0EE054D1-D3ED-F347-D093-6A182E2A1D9B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{26A65454-C15B-D2BD-F1D5-6725A754DBC5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{26B4FE4F-2E3B-DC41-F3CA-68E408160431}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{407408d4-94ed-4d86-ab69-a7f649d112ee}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{68EA438F-B840-6401-0322-A42A8F10B189}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8B6C49B0-70F3-0F9D-69D5-E93960E88777}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8D1D0E9A-C799-4D28-9E29-0061D1E66E43}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{94de52c8-2d59-4f1b-883e-79663d2d9a8c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9912F027-C0B4-6718-B556-E9CC7FBCDB21}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8239E86-6C9A-1CC4-8967-475CBFCC6FE1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B670E8AC-ECC2-1528-E9B0-BF705DB41440}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BA9AEF05-DE0D-70B7-D28D-2124BEB71F1C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BDE0FA43-6952-4BA8-8C58-09AF690F88E1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CE685868-F92C-43E6-3CD1-5964C098B229}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D0AFC8F1-C51A-2895-836B-2F855AB2D9AA}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D8701104-26DC-9EDE-A31C-90E51D548F5E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E8EA5BD6-D931-4001-ABF6-81BAA500360A}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EA29D410-CE41-4953-A862-2DE706A1DAD7}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F6CB1D24-BC2E-1745-90DA-F3E1958F8B31}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FDC11A6F-17D1-48f9-9EA3-9051954BAA24}]

==============
BHO :
======

[<NO NAME> REG_SZ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{53707962-6F74-2D53-2644-206D7942484F}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

===
DNS
===

DNS Server Search Order: 16.81.3.243
DNS Server Search Order: 16.118.3.243
Description: Hercules Wireless G USB2 #2 - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{122A0A33-7070-4E7A-A30A-2450110417B6}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{1CEDAE29-FA41-4AE6-BD3D-D3CBBA6A701C}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
HKLM\SYSTEM\CS1\Services\Tcpip\..\{122A0A33-7070-4E7A-A30A-2450110417B6}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1CEDAE29-FA41-4AE6-BD3D-D3CBBA6A701C}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

================
Internet Explorer :
================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr
Local Page REG_EXPAND_SZ %SystemRoot%\system32\blank.htm
Default_Search_URL REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_Page_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr
Local Page REG_SZ C:\WINDOWS\system32\blank.htm

========
Services
========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )

========
Safemode
========

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!

=========
Atapi.sys
=========

C:\WINDOWS\$NtServicePackUninstall$\atapi.sys :
MD5 :: [cdfe4411a69c224bd1d11b2da92dac51]
SHA256 :: [0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d]

C:\WINDOWS\ERDNT\cache\atapi.sys :
MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674]
SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]

C:\WINDOWS\ServicePackFiles\i386\atapi.sys :
MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674]
SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]

C:\WINDOWS\system32\drivers\atapi.sys :
MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674]
SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]

Référence :
==========

Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e

=======
Drive :
=======

D'fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

Rapport d'analyse
226 Go total, 148 Go libre (65%), 19% fragment' (fragmentation du fichier 39%)

Vous devriez d'fragmenter ce volume.

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Present !! : C:\Documents and Settings\All Users\Application Data\SalesMon
Present !! : C:\Documents and Settings\LocalService\Application Data\agi
Present !! : C:\Program Files\WindowsUpdate
Present !! : C:\WINDOWS\003237_.tmp
Present !! : C:\WINDOWS\SET461.tmp
Present !! : C:\WINDOWS\kb913800.exe
Present !! : C:\WINDOWS\system32\d3drm32.dll
Present !! : C:\WINDOWS\system32\dbnetlib32.dll
Present !! : C:\WINDOWS\System32\ddeml32.dll
Present !! : C:\WINDOWS\system32\dhcpsapi32.dll
Present !! : C:\WINDOWS\System32\dispex32.dll
Present !! : C:\WINDOWS\System32\drivers\_004814_.tmp.dll
Present !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Present !! : C:\WINDOWS\System32\es32.dll
Present !! : C:\WINDOWS\System32\EZUPBH~1.DLL
Present !! : C:\WINDOWS\System32\SET113B.tmp
Present !! : C:\WINDOWS\System32\SET1145.tmp
Present !! : C:\WINDOWS\System32\SET1149.tmp
Present !! : C:\WINDOWS\System32\SET1150.tmp
Present !! : C:\WINDOWS\System32\SET1153.tmp
Present !! : C:\WINDOWS\System32\SET116F.tmp
Present !! : C:\WINDOWS\System32\SET119F.tmp
Present !! : C:\WINDOWS\System32\SET12A4.tmp
Present !! : C:\WINDOWS\System32\SET12A9.tmp
Present !! : C:\WINDOWS\System32\SET12BC.tmp
Present !! : C:\WINDOWS\System32\SET12C4.tmp
Present !! : C:\WINDOWS\System32\SET12C5.tmp
Present !! : C:\WINDOWS\System32\SET12D3.tmp
Present !! : C:\WINDOWS\System32\SET12ED.tmp
Present !! : C:\WINDOWS\System32\SET12FD.tmp
Present !! : C:\WINDOWS\System32\SET131F.tmp
Present !! : C:\WINDOWS\System32\SET1320.tmp
Present !! : C:\WINDOWS\System32\SET1321.tmp
Present !! : C:\WINDOWS\System32\SET1322.tmp
Present !! : C:\WINDOWS\System32\SET132A.tmp
Present !! : C:\WINDOWS\System32\SET136C.tmp
Present !! : C:\WINDOWS\System32\SET13D.tmp
Present !! : C:\WINDOWS\System32\SET13E.tmp
Present !! : C:\WINDOWS\System32\SET13F.tmp
Present !! : C:\WINDOWS\System32\SET140.tmp
Present !! : C:\WINDOWS\System32\SET142.tmp
Present !! : C:\WINDOWS\System32\SET144.tmp
Present !! : C:\WINDOWS\System32\SET14B.tmp
Present !! : C:\WINDOWS\System32\SET14C.tmp
Present !! : C:\WINDOWS\System32\SET14F.tmp
Present !! : C:\WINDOWS\System32\SET158.tmp
Present !! : C:\WINDOWS\System32\SET159.tmp
Present !! : C:\WINDOWS\System32\SET15A.tmp
Present !! : C:\WINDOWS\System32\SET15C.tmp
Present !! : C:\WINDOWS\System32\SET15D.tmp
Present !! : C:\WINDOWS\System32\SET15E.tmp
Present !! : C:\WINDOWS\System32\SET15F.tmp
Present !! : C:\WINDOWS\System32\SET160.tmp
Present !! : C:\WINDOWS\System32\SET162.tmp
Present !! : C:\WINDOWS\System32\SET163.tmp
Present !! : C:\WINDOWS\System32\SET164.tmp
Present !! : C:\WINDOWS\System32\SET168.tmp
Present !! : C:\WINDOWS\System32\SET16F.tmp
Present !! : C:\WINDOWS\System32\SET170.tmp
Present !! : C:\WINDOWS\System32\SET171.tmp
Present !! : C:\WINDOWS\System32\SET172.tmp
Present !! : C:\WINDOWS\System32\SET175.tmp
Present !! : C:\WINDOWS\System32\SET177.tmp
Present !! : C:\WINDOWS\System32\SET178.tmp
Present !! : C:\WINDOWS\System32\SET17C.tmp
Present !! : C:\WINDOWS\System32\SET17F.tmp
Present !! : C:\WINDOWS\System32\SET182.tmp
Present !! : C:\WINDOWS\System32\SET183.tmp
Present !! : C:\WINDOWS\System32\SET185.tmp
Present !! : C:\WINDOWS\System32\SET187.tmp
Present !! : C:\WINDOWS\System32\SET18C.tmp
Present !! : C:\WINDOWS\System32\SET18D.tmp
Present !! : C:\WINDOWS\System32\SET18E.tmp
Present !! : C:\WINDOWS\System32\SET18F.tmp
Present !! : C:\WINDOWS\System32\SET190.tmp
Present !! : C:\WINDOWS\System32\SET193.tmp
Present !! : C:\WINDOWS\System32\SET196.tmp
Present !! : C:\WINDOWS\System32\SET19B.tmp
Present !! : C:\WINDOWS\System32\SET19C.tmp
Present !! : C:\WINDOWS\System32\SET1A0.tmp
Present !! : C:\WINDOWS\System32\SET1A3.tmp
Present !! : C:\WINDOWS\System32\SET1A4.tmp
Present !! : C:\WINDOWS\System32\SET1AB.tmp
Present !! : C:\WINDOWS\System32\SET1AC.tmp
Present !! : C:\WINDOWS\System32\SET1AE.tmp
Present !! : C:\WINDOWS\System32\SET1B2.tmp
Present !! : C:\WINDOWS\System32\SET1BB.tmp
Present !! : C:\WINDOWS\System32\SET1BC.tmp
Present !! : C:\WINDOWS\System32\SET1BF.tmp
Present !! : C:\WINDOWS\System32\SET1C1.tmp
Present !! : C:\WINDOWS\System32\SET1C2.tmp
Present !! : C:\WINDOWS\System32\SET1C3.tmp
Present !! : C:\WINDOWS\System32\SET1C4.tmp
Present !! : C:\WINDOWS\System32\SET1C5.tmp
Present !! : C:\WINDOWS\System32\SET1D5.tmp
Present !! : C:\WINDOWS\System32\SET1DA.tmp
Present !! : C:\WINDOWS\System32\SET1DC.tmp
Present !! : C:\WINDOWS\System32\SET1DE.tmp
Present !! : C:\WINDOWS\System32\SET1DF.tmp
Present !! : C:\WINDOWS\System32\SET1E1.tmp
Present !! : C:\WINDOWS\System32\SET1E3.tmp
Present !! : C:\WINDOWS\System32\SET1E4.tmp
Present !! : C:\WINDOWS\System32\SET1E8.tmp
Present !! : C:\WINDOWS\System32\SET1E9.tmp
Present !! : C:\WINDOWS\System32\SET1EC.tmp
Present !! : C:\WINDOWS\System32\SET1ED.tmp
Present !! : C:\WINDOWS\System32\SET1EE.tmp
Present !! : C:\WINDOWS\System32\SET1F4.tmp
Present !! : C:\WINDOWS\System32\SET1F5.tmp
Present !! : C:\WINDOWS\System32\SET1F6.tmp
Present !! : C:\WINDOWS\System32\SET1FE.tmp
Present !! : C:\WINDOWS\System32\SET201.tmp
Present !! : C:\WINDOWS\System32\SET204.tmp
Present !! : C:\WINDOWS\System32\SET205.tmp
Present !! : C:\WINDOWS\System32\SET206.tmp
Present !! : C:\WINDOWS\System32\SET207.tmp
Present !! : C:\WINDOWS\System32\SET209.tmp
Present !! : C:\WINDOWS\System32\SET20E.tmp
Present !! : C:\WINDOWS\System32\SET20F.tmp
Present !! : C:\WINDOWS\System32\SET215.tmp
Present !! : C:\WINDOWS\System32\SET21B.tmp
Present !! : C:\WINDOWS\System32\SET21D.tmp
Present !! : C:\WINDOWS\System32\SET21F.tmp
Present !! : C:\WINDOWS\System32\SET220.tmp
Present !! : C:\WINDOWS\System32\SET221.tmp
Present !! : C:\WINDOWS\System32\SET226.tmp
Present !! : C:\WINDOWS\System32\SET22C.tmp
Present !! : C:\WINDOWS\System32\SET22E.tmp
Present !! : C:\WINDOWS\System32\SET22F.tmp
Present !! : C:\WINDOWS\System32\SET232.tmp
Present !! : C:\WINDOWS\System32\SET234.tmp
Present !! : C:\WINDOWS\System32\SET237.tmp
Present !! : C:\WINDOWS\System32\SET238.tmp
Present !! : C:\WINDOWS\System32\SET23D.tmp
Present !! : C:\WINDOWS\System32\SET241.tmp
Present !! : C:\WINDOWS\System32\SET247.tmp
Present !! : C:\WINDOWS\System32\SET249.tmp
Present !! : C:\WINDOWS\System32\SET24A.tmp
Present !! : C:\WINDOWS\System32\SET24B.tmp
Present !! : C:\WINDOWS\System32\SET252.tmp
Present !! : C:\WINDOWS\System32\SET253.tmp
Present !! : C:\WINDOWS\System32\SET256.tmp
Present !! : C:\WINDOWS\System32\SET257.tmp
Present !! : C:\WINDOWS\System32\SET258.tmp
Present !! : C:\WINDOWS\System32\SET259.tmp
Present !! : C:\WINDOWS\System32\SET25A.tmp
Present !! : C:\WINDOWS\System32\SET25C.tmp
Present !! : C:\WINDOWS\System32\SET25D.tmp
Present !! : C:\WINDOWS\System32\SET25E.tmp
Present !! : C:\WINDOWS\System32\SET260.tmp
Present !! : C:\WINDOWS\System32\SET261.tmp
Present !! : C:\WINDOWS\System32\SET262.tmp
Present !! : C:\WINDOWS\System32\SET265.tmp
Present !! : C:\WINDOWS\System32\SET268.tmp
Present !! : C:\WINDOWS\System32\SET26D.tmp
Present !! : C:\WINDOWS\System32\SET26E.tmp
Present !! : C:\WINDOWS\System32\SET26F.tmp
Present !! : C:\WINDOWS\System32\SET274.tmp
Present !! : C:\WINDOWS\System32\SET275.tmp
Present !! : C:\WINDOWS\System32\SET276.tmp
Present !! : C:\WINDOWS\System32\SET278.tmp
Present !! : C:\WINDOWS\System32\SET27B.tmp
Present !! : C:\WINDOWS\System32\SET27D.tmp
Present !! : C:\WINDOWS\System32\SET27E.tmp
Present !! : C:\WINDOWS\System32\SET281.tmp
Present !! : C:\WINDOWS\System32\SET285.tmp
Present !! : C:\WINDOWS\System32\SET288.tmp
Present !! : C:\WINDOWS\System32\SET289.tmp
Present !! : C:\WINDOWS\System32\SET28A.tmp
Present !! : C:\WINDOWS\System32\SET28B.tmp
Present !! : C:\WINDOWS\System32\SET290.tmp
Present !! : C:\WINDOWS\System32\SET297.tmp
Present !! : C:\WINDOWS\System32\SET299.tmp
Present !! : C:\WINDOWS\System32\SET29A.tmp
Present !! : C:\WINDOWS\System32\SET29B.tmp
Present !! : C:\WINDOWS\System32\SET29D.tmp
Present !! : C:\WINDOWS\System32\SET29E.tmp
Present !! : C:\WINDOWS\System32\SET2A1.tmp
Present !! : C:\WINDOWS\System32\SET2A6.tmp
Present !! : C:\WINDOWS\System32\SET2A7.tmp
Present !! : C:\WINDOWS\System32\SET2A9.tmp
Present !! : C:\WINDOWS\System32\SET2AA.tmp
Present !! : C:\WINDOWS\System32\SET2AB.tmp
Present !! : C:\WINDOWS\System32\SET2AF.tmp
Present !! : C:\WINDOWS\System32\SET2B.tmp
Present !! : C:\WINDOWS\System32\SET2B0.tmp
Present !! : C:\WINDOWS\System32\SET2B1.tmp
Present !! : C:\WINDOWS\System32\SET2B2.tmp
Present !! : C:\WINDOWS\System32\SET2B3.tmp
Present !! : C:\WINDOWS\System32\SET2B4.tmp
Present !! : C:\WINDOWS\System32\SET2B6.tmp
Present !! : C:\WINDOWS\System32\SET2B8.tmp
Present !! : C:\WINDOWS\System32\SET2BA.tmp
Present !! : C:\WINDOWS\System32\SET2BB.tmp
Present !! : C:\WINDOWS\System32\SET2C.tmp
Present !! : C:\WINDOWS\System32\SET2C0.tmp
Present !! : C:\WINDOWS\System32\SET2C8.tmp
Present !! : C:\WINDOWS\System32\SET2CA.tmp
Present !! : C:\WINDOWS\System32\SET2CC.tmp
Present !! : C:\WINDOWS\System32\SET2CD.tmp
Present !! : C:\WINDOWS\System32\SET2CE.tmp
Present !! : C:\WINDOWS\System32\SET2D2.tmp
Present !! : C:\WINDOWS\System32\SET2D6.tmp
Present !! : C:\WINDOWS\System32\SET2D7.tmp
Present !! : C:\WINDOWS\System32\SET2D8.tmp
Present !! : C:\WINDOWS\System32\SET2D9.tmp
Present !! : C:\WINDOWS\System32\SET2DA.tmp
Present !! : C:\WINDOWS\System32\SET2DB.tmp
Present !! : C:\WINDOWS\System32\SET2DC.tmp
Present !! : C:\WINDOWS\System32\SET2DF.tmp
Present !! : C:\WINDOWS\System32\SET2E2.tmp
Present !! : C:\WINDOWS\System32\SET2EA.tmp
Present !! : C:\WINDOWS\System32\SET2ED.tmp
Present !! : C:\WINDOWS\System32\SET2EE.tmp
Present !! : C:\WINDOWS\System32\SET2EF.tmp
Present !! : C:\WINDOWS\System32\SET2F0.tmp
Present !! : C:\WINDOWS\System32\SET2F2.tmp
Present !! : C:\WINDOWS\System32\SET2FA.tmp
Present !! : C:\WINDOWS\System32\SET301.tmp
Present !! : C:\WINDOWS\System32\SET303.tmp
Present !! : C:\WINDOWS\System32\SET308.tmp
Present !! : C:\WINDOWS\System32\SET30A.tmp
Present !! : C:\WINDOWS\System32\SET30C.tmp
Present !! : C:\WINDOWS\System32\SET30F.tmp
Present !! : C:\WINDOWS\System32\SET310.tmp
Present !! : C:\WINDOWS\System32\SET31F.tmp
Present !! : C:\WINDOWS\System32\SET323.tmp
Present !! : C:\WINDOWS\System32\SET325.tmp
Present !! : C:\WINDOWS\System32\SET327.tmp
Present !! : C:\WINDOWS\System32\SET32C.tmp
Present !! : C:\WINDOWS\System32\SET32E.tmp
Present !! : C:\WINDOWS\System32\SET333.tmp
Present !! : C:\WINDOWS\System32\SET334.tmp
Present !! : C:\WINDOWS\System32\SET33E.tmp
Present !! : C:\WINDOWS\System32\SET348.tmp
Present !! : C:\WINDOWS\System32\SET349.tmp
Present !! : C:\WINDOWS\System32\SET34B.tmp
Present !! : C:\WINDOWS\System32\SET351.tmp
Present !! : C:\WINDOWS\System32\SET353.tmp
Present !! : C:\WINDOWS\System32\SET354.tmp
Present !! : C:\WINDOWS\System32\SET356.tmp
Present !! : C:\WINDOWS\System32\SET35A.tmp
Present !! : C:\WINDOWS\System32\SET365.tmp
Present !! : C:\WINDOWS\System32\SET368.tmp
Present !! : C:\WINDOWS\System32\SET36A.tmp
Present !! : C:\WINDOWS\System32\SET370.tmp
Present !! : C:\WINDOWS\System32\SET37A.tmp
Present !! : C:\WINDOWS\System32\SET37E.tmp
Present !! : C:\WINDOWS\System32\SET380.tmp
Present !! : C:\WINDOWS\System32\SET382.tmp
Present !! : C:\WINDOWS\System32\SET390.tmp
Present !! : C:\WINDOWS\System32\SET395.tmp
Present !! : C:\WINDOWS\System32\SET39B.tmp
Present !! : C:\WINDOWS\System32\SET3A3.tmp
Present !! : C:\WINDOWS\System32\SET3AB.tmp
Present !! : C:\WINDOWS\System32\SET3B1.tmp
Present !! : C:\WINDOWS\System32\SET3BB.tmp
Present !! : C:\WINDOWS\System32\SET3BF.tmp
Present !! : C:\WINDOWS\System32\SET3CB.tmp
Present !! : C:\WINDOWS\System32\SET3CE.tmp
Present !! : C:\WINDOWS\System32\SET3D1.tmp
Present !! : C:\WINDOWS\System32\SET3D6.tmp
Present !! : C:\WINDOWS\System32\SET3D8.tmp
Present !! : C:\WINDOWS\System32\SET3DC.tmp
Present !! : C:\WINDOWS\System32\SET3E0.tmp
Present !! : C:\WINDOWS\System32\SET3E1.tmp
Present !! : C:\WINDOWS\System32\SET3E3.tmp
Present !! : C:\WINDOWS\System32\SET3E4.tmp
Present !! : C:\WINDOWS\System32\SET3E5.tmp
Present !! : C:\WINDOWS\System32\SET3E6.tmp
Present !! : C:\WINDOWS\System32\SET3E8.tmp
Present !! : C:\WINDOWS\System32\SET3EA.tmp
Present !! : C:\WINDOWS\System32\SET3EB.tmp
Present !! : C:\WINDOWS\System32\SET3ED.tmp
Present !! : C:\WINDOWS\System32\SET3F0.tmp
Present !! : C:\WINDOWS\System32\SET3F2.tmp
Present !! : C:\WINDOWS\System32\SET3F7.tmp
Present !! : C:\WINDOWS\System32\SET3F8.tmp
Present !! : C:\WINDOWS\System32\SET400.tmp
Present !! : C:\WINDOWS\System32\SET406.tmp
Present !! : C:\WINDOWS\System32\SET40B.tmp
Present !! : C:\WINDOWS\System32\SET40E.tmp
Present !! : C:\WINDOWS\System32\SET411.tmp
Present !! : C:\WINDOWS\System32\SET413.tmp
Present !! : C:\WINDOWS\System32\SET417.tmp
Present !! : C:\WINDOWS\System32\SET419.tmp
Present !! : C:\WINDOWS\System32\SET41A.tmp
Present !! : C:\WINDOWS\System32\SET41B.tmp
Present !! : C:\WINDOWS\System32\SET41E.tmp
Present !! : C:\WINDOWS\System32\SET41F.tmp
Present !! : C:\WINDOWS\System32\SET423.tmp
Present !! : C:\WINDOWS\System32\SET424.tmp
Present !! : C:\WINDOWS\System32\SET429.tmp
Present !! : C:\WINDOWS\System32\SET42B.tmp
Present !! : C:\WINDOWS\System32\SET42E.tmp
Present !! : C:\WINDOWS\System32\SET431.tmp
Present !! : C:\WINDOWS\System32\SET433.tmp
Present !! : C:\WINDOWS\System32\SET436.tmp
Present !! : C:\WINDOWS\System32\SET439.tmp
Present !! : C:\WINDOWS\System32\SET43B.tmp
Present !! : C:\WINDOWS\System32\SET5B3.tmp
Present !! : C:\WINDOWS\System32\SET5B9.tmp
Present !! : C:\WINDOWS\System32\SETCB.tmp
Present !! : C:\WINDOWS\System32\SETD0.tmp
Present !! : C:\Documents and Settings\HP_Administrateur\Application Data\wklnhst.dat
Present !! : C:\Documents and Settings\HP_Administrateur\Application data\install_fr[1].exe
Present !! : C:\Documents and Settings\HP_Administrateur\Application data\setup_fr[1].exe
Present !! : C:\Documents and Settings\HP_Administrateur\Application Data\wklnhst.dat

¤¤¤¤¤¤¤¤¤¤ Keys :

Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {0E5CBF21-D15F-11D0-8301-00AA005B4383}
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoLogoff
Present !! : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
Present !! : HKEY_USERS\S-1-5-21-655304262-786006266-3101335627-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
Present !! : HKEY_USERS\S-1-5-21-655304262-786006266-3101335627-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoLogoff
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoLogoff
Present !! : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
Present !! : HKEY_USERS\S-1-5-21-655304262-786006266-3101335627-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
Present !! : HKEY_USERS\S-1-5-21-655304262-786006266-3101335627-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoLogoff
Present !! : "HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Present !! : HKCR\ezUPBHook.ShellObj
Present !! : HKCR\ezUPBHook.ShellObj.1
Present !! : HKCR\interface\{5663B370-F3C3-40D1-9C46-0E800AA4D0E8}
Present !! : HKCR\TypeLib\{478CAB91-9E28-11D4-97FF-0050047D51FB}
Present !! : HKLM\Software\Classes\Interface\{01009AEC-AFAA-4982-9F2B-6411C5C27E77}
Present !! : HKLM\Software\Classes\Interface\{5663B370-F3C3-40D1-9C46-0E800AA4D0E8}
Present !! : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AGWinService
Present !! : HKLM\SYSTEM\CurrentControlSet\Services\AGWinService
Present !! : HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_AGWinService
Present !! : HKLM\SYSTEM\ControlSet001\Services\AGWinService
Present !! : HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_AGWinService
Present !! : HKLM\SYSTEM\ControlSet004\Services\AGWinService

============

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-20 20:19:04
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
AntiVirusOverride REG_DWORD 0 (0x0)
FirewallOverride REG_DWORD 0 (0x0)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

End of scan : 20:19:05,60
0
Réponse 11 / 36
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
Modifié par benurrr le 20/11/2010 à 20:29
Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :

choisis l'Option Clean

ton PC va redémarrer,

laisse travailler l'outil.

en fin de scan la fenêtre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,

colle le contenu dans ta réponse
Par Manque De Curiosité On Risque De Mourir Ignorant;Tu es libre de penser que tu es C..,
Mais C.. de penser que ­tu es libre...Merci a australe13
0
Réponse 12 / 36
cricri -41 Messages postés 12 Date d'inscription samedi 20 novembre 2010 Statut Membre Dernière intervention 22 novembre 2010
20 nov. 2010 à 21:03
le rapport du nettoyage

¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.0.0.4 ¤¤¤¤¤¤¤¤¤¤

User : HP_Administrateur (Administrateurs)
Update on 23/05/2010 by g3n-h@ckm@n ::::: 15.00
Start at: 20:37:31 | 20/11/2010

Intel(R) Pentium(R) 4 CPU 3.06GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 6.0.2900.5512
Windows Firewall Status : Disabled

C:\ -> Disque fixe local | 226,14 Go (148,17 Go free) [HP_PAVILION] | NTFS
D:\ -> Disque fixe local | 6,72 Go (815,5 Mo free) [HP_RECOVERY] | FAT32
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
K:\ -> Disque amovible


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\ezNTSvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\List_Kill'em\ERUNT.EXE
C:\Program Files\List_Kill'em\pv.exe

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Quarantined & Deleted !! : C:\Documents and Settings\All Users\Application Data\SalesMon
Quarantined & Deleted !! : C:\Documents and Settings\LocalService\Application Data\agi
Quarantined & Deleted !! : C:\Program Files\WindowsUpdate
Quarantined & Deleted !! : C:\WINDOWS\003237_.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET461.tmp
Quarantined & Deleted !! : C:\WINDOWS\kb913800.exe

Quarantined & Deleted !! : C:\WINDOWS\system32\d3drm32.dll
Quarantined & Deleted !! : C:\WINDOWS\system32\dbnetlib32.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\ddeml32.dll
Quarantined & Deleted !! : C:\WINDOWS\system32\dhcpsapi32.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\dispex32.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\_004814_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Quarantined & Deleted !! : C:\WINDOWS\System32\es32.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\EZUPBH~1.DLL
Quarantined & Deleted !! : C:\WINDOWS\System32\SET113B.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1145.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1149.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1150.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1153.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET116F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET119F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET12A4.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET12A9.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET12BC.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET12C4.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET12C5.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET12D3.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET12ED.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET12FD.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET131F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1320.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1321.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1322.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET132A.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET136C.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET13D.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET13E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET13F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET140.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET142.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET144.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET14B.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET14C.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET14F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET158.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET159.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET15A.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET15C.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET15D.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET15E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET15F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET160.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET162.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET163.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET164.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET168.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET16F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET170.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET171.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET172.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET175.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET177.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET178.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET17C.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET17F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET182.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET183.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET185.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET187.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET18C.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET18D.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET18E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET18F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET190.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET193.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET196.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET19B.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET19C.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1A0.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1A3.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1A4.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1AB.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1AC.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1AE.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1B2.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1BB.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1BC.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1BF.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1C1.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1C2.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1C3.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1C4.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1C5.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1D5.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1DA.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1DC.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1DE.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1DF.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1E1.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1E3.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1E4.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1E8.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1E9.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1EC.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1ED.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1EE.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1F4.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1F5.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1F6.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1FE.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET201.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET204.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET205.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET206.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET207.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET209.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET20E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET20F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET215.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET21B.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET21D.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET21F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET220.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET221.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET226.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET22C.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET22E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET22F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET232.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET234.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET237.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET238.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET23D.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET241.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET247.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET249.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET24A.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET24B.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET252.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET253.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET256.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET257.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET258.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET259.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET25A.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET25C.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET25D.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET25E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET260.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET261.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET262.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET265.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET268.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET26D.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET26E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET26F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET274.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET275.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET276.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET278.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET27B.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET27D.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET27E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET281.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET285.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET288.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET289.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET28A.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET28B.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET290.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET297.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET299.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET29A.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET29B.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET29D.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET29E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2A1.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2A6.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2A7.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2A9.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2AA.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2AB.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2AF.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2B.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2B0.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2B1.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2B2.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2B3.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2B4.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2B6.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2B8.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2BA.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2BB.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2C.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2C0.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2C8.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2CA.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2CC.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2CD.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2CE.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2D2.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2D6.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2D7.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2D8.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2D9.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2DA.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2DB.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2DC.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2DF.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2E2.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2EA.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2ED.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2EE.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2EF.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2F0.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2F2.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2FA.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET301.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET303.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET308.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET30A.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET30C.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET30F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET310.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET31F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET323.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET325.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET327.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET32C.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET32E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET333.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET334.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET33E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET348.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET349.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET34B.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET351.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET353.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET354.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET356.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET35A.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET365.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET368.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET36A.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET370.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET37A.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET37E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET380.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET382.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET390.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET395.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET39B.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3A3.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3AB.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3B1.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3BB.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3BF.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3CB.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3CE.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3D1.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3D6.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3D8.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3DC.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3E0.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3E1.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3E3.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3E4.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3E5.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3E6.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3E8.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3EA.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3EB.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3ED.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3F0.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3F2.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3F7.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3F8.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET400.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET406.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET40B.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET40E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET411.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET413.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET417.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET419.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET41A.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET41B.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET41E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET41F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET423.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET424.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET429.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET42B.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET42E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET431.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET433.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET436.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET439.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET43B.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET5B3.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET5B9.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SETCB.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SETD0.tmp
Quarantined & Deleted !! : C:\Documents and Settings\HP_Administrateur\Application Data\wklnhst.dat
Quarantined & Deleted !! : C:\Documents and Settings\HP_Administrateur\Application data\install_fr[1].exe
Quarantined & Deleted !! : C:\Documents and Settings\HP_Administrateur\Application data\setup_fr[1].exe

=======
Hosts :
=======

127.0.0.1 localhost

========
Registry
========

Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {0E5CBF21-D15F-11D0-8301-00AA005B4383}
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoLogoff
Deleted : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
Deleted : "HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Deleted : HKCR\ezUPBHook.ShellObj
Deleted : HKCR\ezUPBHook.ShellObj.1
Deleted : HKCR\interface\{5663B370-F3C3-40D1-9C46-0E800AA4D0E8}
Deleted : HKCR\TypeLib\{478CAB91-9E28-11D4-97FF-0050047D51FB}
Deleted : HKLM\Software\Classes\Interface\{01009AEC-AFAA-4982-9F2B-6411C5C27E77}
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AGWinService
Deleted : HKLM\SYSTEM\CurrentControlSet\Services\AGWinService
Deleted : HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_AGWinService
Deleted : HKLM\SYSTEM\ControlSet004\Services\AGWinService
=================
Internet Explorer
=================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.com/?gws_rd=ssl
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

===============
Security Center
===============

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
AntiVirusOverride REG_DWORD 1 (0x1)
FirewallOverride REG_DWORD 1 (0x1)

========
Services
=========

Ndisuio : Start = 3
EapHost : Start = 2
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2

============
Disk Cleaned
anti-ver blaster : OK
Prefetch cleaned
================

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK




¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Réponse 13 / 36
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
20 nov. 2010 à 21:09
télécharge

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

a l'installation vérifie que mise a jour et lancer programme et scan complet sont bien cocher

Une fois a jour, le programme va se lancer; clic sur l'onglet paramètre, et coche la case : "Arrêter internet explorer pendant la suppression".

A la fin du scan clique sur Afficher les résultats

Vérifier si tout est coché et clic Supprimer la sélection

S'il t'es demandé de redémarrer >>> clique sur "Yes"

Et tu poste le rapport générer
0
Réponse 14 / 36
cricri -41 Messages postés 12 Date d'inscription samedi 20 novembre 2010 Statut Membre Dernière intervention 22 novembre 2010
21 nov. 2010 à 12:19
bonjour benurrr,

j'ai vu ton message un peu tard.

j'ai été sur le lien et il me propose plusieurs programme et j'ai un message d'avetissement concernant la sécurité de mon ordinateur.

je dois prendre quel programme :

Now downloading...
Malwarebytes Anti-Malware 1.46
Easy-to-use, simple, and effective anti-malware application.

Thank you for choosing TechSpot as your download destination.
If the download process does not begin automatically, please click here.

Video: Windows Phone in 7 Minutes

Watch brief highlights of Windows Phone 7 features



Protect your PC in real-time with Malwarebytes' Anti-Malware

Award-winning security tool. The anti-malware killer app.



Download Top 5 Freeware Network Monitoring Tools

Be a network superhero, score some free network and application monitoring tools.



Windows Phone 7: A New Kind of Phone

For business and end-users, enable rich applications that run on PC, Web, and phone





Webmasters: Please link to the download detail page, otherwise the download may appear as broken.
0
Réponse 15 / 36
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
21 nov. 2010 à 13:33
salut

OK le lien a changer voila le nouveau

[https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/
0
Réponse 16 / 36
cricri -41 Messages postés 12 Date d'inscription samedi 20 novembre 2010 Statut Membre Dernière intervention 22 novembre 2010
21 nov. 2010 à 17:44
le rapport de mawlway
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 5162

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

21/11/2010 17:42:06
mbam-log-2010-11-21 (17-42-06).txt

Type d'examen: Examen complet (C:\|D:\|)
Elément(s) analysé(s): 320362
Temps écoulé: 1 heure(s), 13 minute(s), 38 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 58

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Documents and Settings\HP_Administrateur\Application Data\Hotbar_Icons (Adware.Hotbar) -> No action taken.

Fichier(s) infecté(s):
C:\Kill'em\Quarantine\d3drm32.dll.Kill'em (Trojan.Agent) -> No action taken.
C:\Kill'em\Quarantine\dbnetlib32.dll.Kill'em (Trojan.Agent) -> No action taken.
C:\Kill'em\Quarantine\ddeml32.dll.Kill'em (Trojan.Agent) -> No action taken.
C:\Kill'em\Quarantine\dhcpsapi32.dll.Kill'em (Trojan.Agent) -> No action taken.
C:\Kill'em\Quarantine\dispex32.dll.Kill'em (Trojan.Agent) -> No action taken.
C:\Kill'em\Quarantine\es32.dll.Kill'em (Trojan.Agent) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\afbrorfrsnbex.dll-uninst.exe.vir (Trojan.BHO) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\d3dpmesh32.dll.vir (Trojan.Agent) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\d3dx9_323232.dll.vir (Trojan.Agent) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\dbgeng32.dll.vir (Trojan.Agent) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\dbmsrpcn32.dll.vir (Trojan.Agent) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ddrawex32.dll.vir (Trojan.Agent) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\deskadp32.dll.vir (Trojan.Agent) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\dfrgsnap32.dll.vir (Trojan.Agent) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\dhcpcsvc32.dll.vir (Trojan.Agent) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\digest32.dll.vir (Trojan.Agent) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\dinput32.dll.vir (Trojan.Agent) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\dpwsock32.dll.vir (Trojan.Agent) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\dpwsockx32.dll.vir (Trojan.Agent) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ds16gt32.dll.vir (Trojan.Agent) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\faultrep32.dll.vir (Trojan.Agent) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\fxsxp3232.dll.vir (Trojan.Agent) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\gdi3232.dll.vir (Trojan.Agent) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\devmgr32.dll.vir (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP854\A0144515.exe (Rogue.SystemErrorFixer) -> No action taken.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP854\A0145513.exe (Trojan.BHO) -> No action taken.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP854\A0145515.dll (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP854\A0145516.dll (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP854\A0145518.dll (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP854\A0145519.dll (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP854\A0145520.dll (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP854\A0145521.dll (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP854\A0145522.dll (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP854\A0145523.dll (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP854\A0145524.dll (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP854\A0145525.dll (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP854\A0145526.dll (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP854\A0145527.dll (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP854\A0145528.dll (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP854\A0145529.dll (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP854\A0145530.dll (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP854\A0145531.dll (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP854\A0146699.dll (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP854\A0146700.dll (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP854\A0146701.dll (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP854\A0146702.dll (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP854\A0146703.dll (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP854\A0146705.dll (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP854\A0145517.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\dpuGUI1032.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\dsauth32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\els32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\encdec32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\esent9732.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\eventcls32.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Hotbar_Icons\meetic.ico (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Hotbar_Icons\Registryrepair.ico (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Hotbar_Icons\wallpapere1.ico (Adware.Hotbar) -> No action taken.
0
Réponse 17 / 36
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
21 nov. 2010 à 20:22
No action taken. tu n'a pas supprimer se qu'il a trouver relance malwarbyte et va dans l'onglet quarantaine et supprime se qui s'y trouve

0
Réponse 18 / 36
cricri -41 Messages postés 12 Date d'inscription samedi 20 novembre 2010 Statut Membre Dernière intervention 22 novembre 2010
21 nov. 2010 à 20:40
c'est fait
0
Réponse 19 / 36
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
21 nov. 2010 à 21:23
* Télécharger UsbFix (d' El desaparecido & C_XX) sur le Bureau.

http://www.teamxscript.org/usbfixTelechargement.html

* Important : brancher les sources de données externes au PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
* Double-cliquer sur le programme UsbFix.exe sur le Bureau, l'installation se fera automatiquement.
* /!\ Désactiver la garde de l'antivirus pour éviter tout conflit lors de l'utilisation de l'outil.
* Cliquer sur le bouton Recherche.
* Laisser travailler l'outil.
* Poste le rapport
* Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).

( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

* Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
0
Réponse 20 / 36
cricri -41 Messages postés 12 Date d'inscription samedi 20 novembre 2010 Statut Membre Dernière intervention 22 novembre 2010
21 nov. 2010 à 21:40
############################## | UsbFix 7.035 | [Recherche]

Utilisateur: HP_Administrateur (Administrateur) # NOM-FB9B15D2723 [ ]
Mis à jour le 11/11/10 par El Desaparecido / C_XX
Lancé à 21:29:38 | 21/11/2010
Site Web: http://www.teamxscript.org
Contact: eldesaparecido@teamxscript.org

CPU: Intel(R) Pentium(R) 4 CPU 3.06GHz
CPU 2: Intel(R) Pentium(R) 4 CPU 3.06GHz
Microsoft Windows XP Professionnel (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 6.0.2900.5512

Pare-feu Windows: Activé
RAM -> 959 Mo
C:\ (%systemdrive%) -> Disque fixe # 226 Go (148 Go libre(s) - 66%) [HP_PAVILION] # NTFS
D:\ -> Disque fixe # 7 Go (815 Mo libre(s) - 12%) [HP_RECOVERY] # FAT32
E:\ -> CD-ROM

################## | Éléments infectieux |



################## | Registre |

Présent! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools

################## | Mountpoints2 |


################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné!

################## | E.O.F |
0

Discussions similaires

Google Chrome "  Échec de l'analyse antivirus "
jmpower -
RBmoon -

18 réponses
échec de l'analyse antivirus
StalkerShadows -
ness -

19 réponses