Cheval de troie

Résolu/Fermé
lancome51 Messages postés 50 Date d'inscription jeudi 3 septembre 2009 Statut Membre Dernière intervention 19 novembre 2014 - 5 avril 2011 à 16:50
 Utilisateur anonyme - 14 avril 2011 à 16:23
Bonjour,

Aprés l'analyse de mon Pc avec mon anti-virus (AVG internet security) il me detecte un cheval de troie dans 3 fichiers qu'il ne peut pas supprimer car objets inaccéssibles.

Cheval de toie: Agent_r.XJ dans fichiers:
- C:\ windows\system32\svchost.exe (1980):\memory_001a0000
- C:\ windows\system32\wuauclt.exe (2952):\memory_002c0000
- C:\ windows\explorer.exe (1360):\memory_001a0000

J'espere avoir fourni assez de renseignements, merci par avance pour votre aide.


A voir également:

77 réponses

lancome51 Messages postés 50 Date d'inscription jeudi 3 septembre 2009 Statut Membre Dernière intervention 19 novembre 2014
Modifié par lancome51 le 12/04/2011 à 13:54
Bizzare je n'arrive pas à le poster il n'apparait pas une fois valider ????
je vais essayer de le coller avec ci-joint.

http://www.cijoint.fr/cjlink.php?file=cj201104/cijVMzQ64G.txt
0
Utilisateur anonyme
12 avril 2011 à 14:14
DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!! (car l'outil est detecté a tort comme infection contenant un module qui sert à arrêter des processus , et un autre servant à prendre des droits dans le registre pour effectuer des suppressions)

▶ Télécharge ici :List_Kill'em

et enregistre le sur ton bureau et lance l'installation

Laisse coché :

♦ Executer List_Kill'em

une fois terminée , clic sur "terminer"

choisis l'option Search

▶ laisse travailler l'outil

Attention : il se peut que l'outil bloque anormalement longtemps arrivé à 95%, relance-le avec le raccourci sur le bureau sans l'arreter , puis clique sur le tout petit "X" en bas de la fenetre d'accueil du programme, ca le debloquera pour finir son scan

▶ Poste les rapports qui apparaitront sur ton bureau : List'em.txt et More.txt

▶▶▶ NE LES POSTE PAS SUR LE FORUM

Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

▶ Clique sur Parcourir et selectionne , un par un , les fichiers concernés apparus sur ton bureau

▶ Clique sur Ouvrir.

▶ Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=265368/cijSKAP5fU.txt

est ajouté dans la page.

▶ Copie ces liens dans ta réponse.
0
lancome51 Messages postés 50 Date d'inscription jeudi 3 septembre 2009 Statut Membre Dernière intervention 19 novembre 2014
12 avril 2011 à 15:37
j'ai lancé List_Killem mais je ne peux pas finir le scan un message d'erreur apparait:
Autolt Error
line 6090 (file"c:\program files\List_Killem\List_Killem.exe")
Error: error in expression
0
Utilisateur anonyme
12 avril 2011 à 15:39
poste List'em.txt qui est dans C:\ stp
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
lancome51 Messages postés 50 Date d'inscription jeudi 3 septembre 2009 Statut Membre Dernière intervention 19 novembre 2014
12 avril 2011 à 15:48
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ List'em by g3n-h@ckm@n 2.1.3.8 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Mis à jour le 09/04/2011 | 15.30 par g3n-h@ckm@n
Utilisateur : Foot (Administrateurs)
Ordinateur : CLUB_FOOT

Système d'exploitation : Microsoft Windows XP (32 bits)Service Pack 3
Internet Explorer : 8.0.6001.18702
Mozilla Firefox :

[HKLM\..\..\SpecialAccounts\UserList] | HelpAssistant -> 0
[HKLM\..\..\SpecialAccounts\UserList] | TsInternetUser -> 0
[HKLM\..\..\SpecialAccounts\UserList] | SQLAgentCmdExec -> 0
[HKLM\..\..\SpecialAccounts\UserList] | NetShowServices -> 0
[HKLM\..\..\SpecialAccounts\UserList] | IWAM_ -> 65536
[HKLM\..\..\SpecialAccounts\UserList] | IUSR_ -> 65536
[HKLM\..\..\SpecialAccounts\UserList] | VUSR_ -> 65536
[HKLM\..\..\SpecialAccounts\UserList] | ASPNET -> 0

a:\ -> [Removable] | [] | Total : 0 Mo | Free : 0 Mo ->
c:\ -> [Fixed] | [ACER] | Total : 76320 Mo | Free : 24840 Mo -> NTFS
d:\ -> [CDROM] | [] | Total : 0 Mo | Free : 0 Mo ->

Scan : 15:25:32 | 12/04/2011

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤


¤¤¤¤¤¤¤¤¤¤ Démarrage ¤¤¤¤¤¤¤¤¤¤

[HKCU\..\..\Run] | H/PC Connection Agent = "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
[HKCU\..\..\Run] | CTSyncU.exe = "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
[HKCU\..\..\Run] | ctfmon.exe = C:\windows\system32\ctfmon.exe



[HKLM\..\..\Run] | LaunchApp = Alaunch
[HKLM\..\..\Run] | ntiMUI = c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
[HKLM\..\..\Run] | DiscWizardMonitor.exe = C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
[HKLM\..\..\Run] | AcronisTimounterMonitor = C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
[HKLM\..\..\Run] | Acronis Scheduler2 Service = "C:\Program Files\Fichiers communs\Seagate\Schedule2\schedhlp.exe"
[HKLM\..\..\Run] | IgfxTray = C:\WINDOWS\system32\igfxtray.exe
[HKLM\..\..\Run] | HotKeysCmds = C:\WINDOWS\system32\hkcmd.exe
[HKLM\..\..\Run] | Persistence = C:\WINDOWS\system32\igfxpers.exe
[HKLM\..\..\Run] | LogitechCommunicationsManager = "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
[HKLM\..\..\Run] | LogitechQuickCamRibbon = "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
[HKLM\..\..\Run] | EEventManager = C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
[HKLM\..\..\Run] | CTCheck = C:\Program Files\ComPlus Applications\ZEN Media Explorer\CTCheck.exe
[HKLM\..\..\Run] | SunJavaUpdateSched = "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
[HKLM\..\..\Run] | Adobe ARM = "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
[HKLM\..\..\Run] | ArcSoft Connection Service = C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
[HKLM\..\..\Run] | avast = "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui



¤¤¤¤¤¤¤¤¤¤ Policies\Explorer ¤¤¤¤¤¤¤¤¤¤

[HKCU\..\..\Policies\explorer] | NoDriveTypeAutoRun = 323
[HKCU\..\..\Policies\explorer] | NoDriveAutoRun = 67108863
[HKCU\..\..\Policies\explorer] | NoDrives = 0

[HKLM\..\..\Policies\explorer] | HonorAutoRunSetting = 1
[HKLM\..\..\Policies\explorer] | NoDriveAutoRun = 67108863
[HKLM\..\..\Policies\explorer] | NoDriveTypeAutoRun = 323
[HKLM\..\..\Policies\explorer] | NoDrives = 0

¤¤¤¤¤¤¤¤¤¤ Policies\System ¤¤¤¤¤¤¤¤¤¤


[HKLM\..\..\Policies\System] | dontdisplaylastusername = 0
[HKLM\..\..\Policies\System] | legalnoticecaption =
[HKLM\..\..\Policies\System] | legalnoticetext =
[HKLM\..\..\Policies\System] | shutdownwithoutlogon = 1
[HKLM\..\..\Policies\System] | undockwithoutlogon = 1
[HKLM\..\..\Policies\System] | DisableRegistryTools = 0

¤¤¤¤¤¤¤¤¤¤ Windows ¤¤¤¤¤¤¤¤¤¤

[HKLM\..\..\..\Windows] | AppInit_DLLS =
[HKLM\..\..\..\Windows] | LoadAppInit_DLLs =
[HKLM\..\..\..\Windows] | Load =

¤¤¤¤¤¤¤¤¤¤ Winlogon\Notify ¤¤¤¤¤¤¤¤¤¤

[AtiExtEvent]
[crypt32chain]
[cryptnet]
[cscdll]
[dimsntfy]
[igfxcui]
[ScCertProp]
[Schedule]
[sclgntfy]
[SensLogn]
[termsrv]
[WgaLogon]
[wlballoon]

¤¤¤¤¤¤¤¤¤¤ ShellExecuteHooks ¤¤¤¤¤¤¤¤¤¤

[ShellExecuteHooks] | {AEB6717E-7E19-11d0-97EE-00C04FD91972} =

¤¤¤¤¤¤¤¤¤¤ Active X ¤¤¤¤¤¤¤¤¤¤

[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] | IEUDINIT -> Mise à jour de la version d'Internet Explorer
[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] | WMPACCESS -> Lecteur Windows Media
[>{26923b43-4d38-484f-9b9e-de460746276c}] | IEACCESS -> Internet Explorer
[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] | OEACCESS -> Outlook Express
[>{DA74DE13-84ED-4456-96DE-95872C5E37C2}] | BRANDING.CAB -> Personnalisation du navigateur
[{08B0E5C0-4FCB-11CF-AAA5-00401C608500}] | JAVAVM -> Java (Sun)
[{10072CEC-8CC1-11D1-986E-00A0C955B42F}] | MSVML -> Rendu VML (Vector Graphics Rendering)
[{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}] | NetShow ->
[{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] | Microsoft Windows Media Player -> Lecteur Windows Media Microsoft 6.4
[{283807B5-2C60-11D0-A31D-00AA00B92C03}] | DirectAnimation -> DirectAnimation
[{2A3320D6-C805-4280-B423-B665BDE33D8F}] | M979906 -> Microsoft .NET Framework 1.1 Security Update (KB979906)
[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] | Theme Component -> Themes Setup
[{2F6EFCE6-10DF-49F9-9E64-9AE3775B2588}] | M2416447 -> Microsoft .NET Framework 1.1 Security Update (KB2416447)
[{36f8ec70-c29a-11d1-b5c7-0000f8051515}] | TridataJava -> Liaison de données Dynamic HTML pour Java
[{3af36230-a269-11d1-b5bf-0000f8051515}] | MobilePk -> Offline Browsing Pack
[{3bf42070-b3b1-11d1-b5c5-0000f8051515}] | USP10 -> Uniscribe
[{411EDCF7-755D-414E-A74B-3DCD6583F589}] | S867460 -> Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
[{4278c270-a269-11d1-b5bf-0000f8051515}] | AdvAuth -> Création avancée
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] | MailNews -> Microsoft Outlook Express 6
[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] | NetMeeting -> NetMeeting 3.01
[{44BBA848-CC51-11CF-AAFA-00AA00B6015C}] | activemovie -> DirectShow
[{44BBA855-CC51-11CF-AAFA-00AA00B6015F}] | DirectDrawEx -> DirectDrawEx
[{45ea75a0-a269-11d1-b5bf-0000f8051515}] | HelpCont -> Internet Explorer Help
[{4f216970-c90c-11d1-b5c7-0000f8051515}] | DAJava -> Classes Java DirectAnimation
[{4f645220-306d-11d2-995d-00c04f98bbc9}] | MSVBScript -> Microsoft Windows Script 5.8
[{5056b317-8d4c-43ee-8543-b9d1e234b8f4}] | KB923789 -> Mise à jour de sécurité pour Windows XP (KB923789)
[{5945c046-1e7d-11d1-bc44-00c04fd912be}] | Messenger -> Windows Messenger 4.7
[{5A8D6EE0-3E18-11D0-821E-444553540000}] | ICW ->
[{5fd399c0-a70a-11d1-9948-00c04f98bbc9}] | GenSetup -> Internet Explorer Setup Tools
[{630b1da0-b465-11d1-9948-00c04f98bbc9}] | ExtraPack -> Browsing Enhancements
[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] | Microsoft Windows Media Player -> Microsoft Windows Media Player
[{6fab99d0-bab8-11d1-994a-00c04f98bbc9}] | MSN_Auth -> MSN Site Access
[{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}] | .NETFramework -> .NET Framework
[{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] | WebFolders -> Dossiers Web
[{7790769C-0471-11d2-AF11-00C04FA35D02}] | WAB -> Carnet d'adresses 6
[{89820200-ECBD-11cf-8B85-00AA005B4340}] | IE4Shell_NT -> Mise à jour du Bureau Windows
[{89820200-ECBD-11cf-8B85-00AA005B4383}] | BASEIE40_W2K -> Internet Explorer
[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] | DOTNETFRAMEWORKS ->
[{8b15971b-5355-4c82-8c07-7e181ea07608}] | Fax -> Fax
[{9381D8F2-0288-11D0-9501-00AA00B911A5}] | Tridata -> Dynamic HTML Data Binding
[{94de52c8-2d59-4f1b-883e-79663d2d9a8c}] | Fax Provider -> Fax Provider
[{9A394342-4A68-4EBA-85A6-55B559F4E700}] | .NETFramework -> .NET Framework
[{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}] | .NETFramework -> .NET Framework
[{C9E9A340-D1F1-11D0-821E-444553540600}] | Fontcore -> Internet Explorer Core Fonts
[{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}] | .NETFramework -> .NET Framework
[{CC2A9BA0-3BDD-11D0-821E-444553540000}] | MSTASK -> Planificateur de tâches
[{CDD7975E-60F8-41d5-8149-19E51D6F71D0}] | Windows Movie Maker v2.1 ->
[{D27CDB6E-AE6D-11cf-96B8-444553540000}] | Flash -> Adobe Flash Player 9 ActiveX
[{de5aed00-a4bf-11d1-9948-00c04f98bbc9}] | HTMLHelp -> HTML Help
[{E92B03AB-B707-11d2-9CBD-0000F87A369E}] | ADSI -> Active Directory Service Interface

¤¤¤¤¤¤¤¤¤¤ Ports ¤¤¤¤¤¤¤¤¤¤

[OpenPorts\List] | 26675:TCP -> 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
[OpenPorts\List] | 1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
[OpenPorts\List] | 2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
[OpenPorts\List] | 3389:TCP -> 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

¤¤¤¤¤¤¤¤¤¤ Hosts ¤¤¤¤¤¤¤¤¤¤


¤¤¤¤¤¤¤¤¤¤ BHO ¤¤¤¤¤¤¤¤¤¤

BHO - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} | (Adobe PDF Link Helper) -> C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} | (Search Helper) -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} | (avast! WebRep) -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO - {DBC80044-A445-435b-BC74-9C25C1C588A9} | (Java(tm) Plug-In 2 SSV Helper) -> C:\Program Files\Java\jre6\bin\jp2ssv.dll
BHO - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} | (Windows Live Toolbar Helper) -> C:\Program Files\Windows Live\Toolbar\wltcore.dll
BHO - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} | (JQSIEStartDetectorImpl Class) -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO - {EC8FCB46-9F27-476E-B26A-93989316D2FB} | (WebAdSystem Helper) -> C:\Program Files\WebAdSystem\BrowserExtensions\internetexplorer\WebAdSystemBho.dll

¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤

[HKCU\..\..\Internet Explorer\Main] | Start Page=https://www.google.fr/?gws_rd=ssl
[HKCU\..\..\Internet Explorer\Main] | Local Page=C:\windows\system32\blank.htm
[HKCU\..\..\Internet Explorer\Main] | Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKLM\..\..\Internet Explorer\Main] | Start Page=https://www.msn.com/fr-fr/?ocid=iehp
[HKLM\..\..\Internet Explorer\Main] | Local Page=C:\windows\system32\blank.htm
[HKLM\..\..\Internet Explorer\Main] | Default_Search_URL=https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKLM\..\..\Internet Explorer\Main] | Default_Page_URL=https://www.msn.com/fr-fr/?ocid=iehp
[HKLM\..\..\Internet Explorer\Main] | Search Page=https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

¤¤¤¤¤¤¤¤¤¤ Proxy ¤¤¤¤¤¤¤¤¤¤

[HKCU\..\..\Internet Settings] | ProxyHttp1.1 = 1
[HKCU\..\..\Internet Settings] | ProxyEnable = 0
[HKCU\..\..\Internet Settings] | EnableHttp1_1 = 1
[HKCU\..\..\Internet Settings] | ProxyOverride = <local>
[HKCU\..\..\Internet Settings] | ProxyServer =
[HKCU\..\..\Internet Settings] | AutoConfigProxy = wininet.dll

¤¤¤¤¤¤¤¤¤¤¤ DNS ¤¤¤¤¤¤¤¤¤¤

[HKLM\CCS\..\Interfaces\{5DAF598F-707C-40AC-ABD1-4915B652742E}] | DhcpServer -> 255.255.255.255
[HKLM\CCS\..\Interfaces\{ADEEB63C-480E-44D0-B583-2F3DAC627126}] | DhcpServer -> 192.168.20.254
[HKLM\CCS\..\Interfaces\{CA495168-0DDD-444B-938F-B1585933031D}] | NameServer -> 192.168.1.1
[HKLM\CCS\..\Interfaces\{CA495168-0DDD-444B-938F-B1585933031D}] | DhcpServer -> 255.255.255.255
[HKLM\CCS\..\Interfaces\{CCD85EB5-8D11-4E0B-BBA8-A53BDC4C2DC7}] | NameServer -> 194.2.0.20,194.2.0.50
[HKLM\CCS\..\Interfaces\{CCD85EB5-8D11-4E0B-BBA8-A53BDC4C2DC7}] | DhcpServer -> 255.255.255.255
[HKLM\CS1\..\Interfaces\{5DAF598F-707C-40AC-ABD1-4915B652742E}] | DhcpServer -> 255.255.255.255
[HKLM\CS1\..\Interfaces\{ADEEB63C-480E-44D0-B583-2F3DAC627126}] | DhcpServer -> 192.168.20.254
[HKLM\CS1\..\Interfaces\{CA495168-0DDD-444B-938F-B1585933031D}] | NameServer -> 192.168.1.1
[HKLM\CS1\..\Interfaces\{CA495168-0DDD-444B-938F-B1585933031D}] | DhcpServer -> 255.255.255.255
[HKLM\CS1\..\Interfaces\{CCD85EB5-8D11-4E0B-BBA8-A53BDC4C2DC7}] | NameServer -> 194.2.0.20,194.2.0.50
[HKLM\CS1\..\Interfaces\{CCD85EB5-8D11-4E0B-BBA8-A53BDC4C2DC7}] | DhcpServer -> 255.255.255.255
[HKLM\CS2\..\Interfaces\{5DAF598F-707C-40AC-ABD1-4915B652742E}] | DhcpServer -> 255.255.255.255
[HKLM\CS2\..\Interfaces\{ADEEB63C-480E-44D0-B583-2F3DAC627126}] | DhcpServer -> 192.168.20.254
[HKLM\CS2\..\Interfaces\{CA495168-0DDD-444B-938F-B1585933031D}] | NameServer -> 192.168.1.1
[HKLM\CS2\..\Interfaces\{CA495168-0DDD-444B-938F-B1585933031D}] | DhcpServer -> 255.255.255.255
[HKLM\CS2\..\Interfaces\{CCD85EB5-8D11-4E0B-BBA8-A53BDC4C2DC7}] | NameServer -> 194.2.0.20,194.2.0.50
[HKLM\CS2\..\Interfaces\{CCD85EB5-8D11-4E0B-BBA8-A53BDC4C2DC7}] | DhcpServer -> 255.255.255.255

¤¤¤¤¤¤¤¤¤¤ HKCU | HKLM ¤¤¤¤¤¤¤¤¤¤

[HKCU\Software\ABBYY]
[HKCU\Software\acer]
[HKCU\Software\Ad-Remover]
[HKCU\Software\Adobe]
[HKCU\Software\AppDataLow]
[HKCU\Software\Apple Computer, Inc.]
[HKCU\Software\Apple Inc.]
[HKCU\Software\ArcSoft]
[HKCU\Software\ATI Technologies Inc.]
[HKCU\Software\Audible]
[HKCU\Software\Aurigma]
[HKCU\Software\AVAST Software]
[HKCU\Software\BearShare]
[HKCU\Software\BitTorrent]
[HKCU\Software\Boonty]
[HKCU\Software\Borland]
[HKCU\Software\Bugsplat]
[HKCU\Software\Camfrog]
[HKCU\Software\CamfrogWEB]
[HKCU\Software\CamfrogWEBAdvanced]
[HKCU\Software\CDDB]
[HKCU\Software\CeWe Color]
[HKCU\Software\Clients]
[HKCU\Software\Creative Tech]
[HKCU\Software\Cyberlink]
[HKCU\Software\Digital Workshop]
[HKCU\Software\DivXNetworks]
[HKCU\Software\EPSON]
[HKCU\Software\gcompris]
[HKCU\Software\GNU]
[HKCU\Software\Google]
[HKCU\Software\Hewlett-Packard]
[HKCU\Software\HookNetwork]
[HKCU\Software\IADirectShow]
[HKCU\Software\IAMANYS]
[HKCU\Software\IGA]
[HKCU\Software\IM Providers]
[HKCU\Software\imeshmediabartb]
[HKCU\Software\Intel]
[HKCU\Software\InterActual Technologies]
[HKCU\Software\JavaSoft]
[HKCU\Software\KalityWeb]
[HKCU\Software\Kodak]
[HKCU\Software\Kyocera Mita]
[HKCU\Software\Lake]
[HKCU\Software\Lavalys]
[HKCU\Software\Lavasoft]
[HKCU\Software\Leadertech]
[HKCU\Software\LetsTunes]
[HKCU\Software\Local AppWizard-Generated Applications]
[HKCU\Software\LogiShared]
[HKCU\Software\Logitech]
[HKCU\Software\Macromedia]
[HKCU\Software\Magnet]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\MicroApp]
[HKCU\Software\Microsoft]
[HKCU\Software\Mozilla]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Netscape]
[HKCU\Software\NewTech Infosystems]
[HKCU\Software\ODBC]
[HKCU\Software\ORL]
[HKCU\Software\PatchPoker]
[HKCU\Software\Piriform]
[HKCU\Software\PokerOfficer.com]
[HKCU\Software\Policies]
[HKCU\Software\POWERARC]
[HKCU\Software\PowerArchiver]
[HKCU\Software\RDE]
[HKCU\Software\Realtek]
[HKCU\Software\Roxio]
[HKCU\Software\RtWLan]
[HKCU\Software\RtWLanP]
[HKCU\Software\SEIKO EPSON]
[HKCU\Software\Skype]
[HKCU\Software\Sysinternals]
[HKCU\Software\Trolltech]
[HKCU\Software\TuneUp]
[HKCU\Software\VB and VBA Program Settings]
[HKCU\Software\Veoh]
[HKCU\Software\VirtualDJ]
[HKCU\Software\Wget]
[HKCU\Software\Windows Live Writer]
[HKCU\Software\Xenocode]
[HKCU\Software\Yahoo]
[HKCU\Software\YahooPartnerToolbar]
[HKCU\Software\ZyDAS]
[HKCU\Software\Classes]

[HKLM\Software\ABBYY]
[HKLM\Software\Acer]
[HKLM\Software\Acronis]
[HKLM\Software\Adobe]
[HKLM\Software\AppDataLow]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\Apple Inc.]
[HKLM\Software\ArcSoft]
[HKLM\Software\ATI Technologies]
[HKLM\Software\Audible]
[HKLM\Software\AVAST Software]
[HKLM\Software\Babylon]
[HKLM\Software\BORLAND]
[HKLM\Software\BrowserChoice]
[HKLM\Software\C07ft5Y]
[HKLM\Software\CDDB]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Creative Tech]
[HKLM\Software\CXT]
[HKLM\Software\DivXNetworks]
[HKLM\Software\EnigmaSoftwareGroup]
[HKLM\Software\EPSON]
[HKLM\Software\Full Tilt Poker]
[HKLM\Software\gcompris]
[HKLM\Software\GEAR Software]
[HKLM\Software\Gemplus]
[HKLM\Software\Google]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\HP]
[HKLM\Software\HPS]
[HKLM\Software\iMeshMediabarTb]
[HKLM\Software\InstallShield]
[HKLM\Software\Intel]
[HKLM\Software\InterActual Technologies]
[HKLM\Software\JavaSoft]
[HKLM\Software\JreMetrics]
[HKLM\Software\KalityWeb]
[HKLM\Software\Kodak]
[HKLM\Software\Kyocera Mita]
[HKLM\Software\Lake]
[HKLM\Software\Lavasoft]
[HKLM\Software\LightScribe]
[HKLM\Software\Logitech]
[HKLM\Software\Macromedia]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\MDC]
[HKLM\Software\Micro Application]
[HKLM\Software\MicroApp]
[HKLM\Software\Microsoft]
[HKLM\Software\MimarSinan]
[HKLM\Software\Mozilla]
[HKLM\Software\mozilla.org]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\muvee Technologies]
[HKLM\Software\NewTech Infosystems]
[HKLM\Software\NVIDIA Corporation]
[HKLM\Software\ODBC]
[HKLM\Software\OldTimer Tools]
[HKLM\Software\ORL]
[HKLM\Software\Piriform]
[HKLM\Software\PKR]
[HKLM\Software\Policies]
[HKLM\Software\Program Groups]
[HKLM\Software\PTECH]
[HKLM\Software\Realtek]
[HKLM\Software\Realtek Semiconductor Corp.]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\RTLSetup]
[HKLM\Software\RtWLan]
[HKLM\Software\Schlumberger]
[HKLM\Software\Seagate]
[HKLM\Software\Secure]
[HKLM\Software\SecureDigitalServices]
[HKLM\Software\Set8187]
[HKLM\Software\Skype]
[HKLM\Software\Swearware]
[HKLM\Software\Symantec]
[HKLM\Software\TENCENT]
[HKLM\Software\TuneUp]
[HKLM\Software\U.S. Robotics Corporation]
[HKLM\Software\VideoLAN]
[HKLM\Software\WebSupergoo]
[HKLM\Software\Windows 3.1 Migration Status]
[HKLM\Software\Yahoo]
[HKLM\Software\ZSMC]

¤¤¤¤¤¤¤¤¤¤ Détection Fichiers | Dossiers ¤¤¤¤¤¤¤¤¤¤

C:\Documents and Settings\Foot\Mes documents\layout.bin

C:\Documents and Settings\Foot\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.enigmasoftware.com
C:\Program Files\Enigma Software Group

¤¤¤¤¤¤¤¤¤¤ Détection Clés ¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ List'em by g3n-h@ckm@n 2.1.3.8 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Mis à jour le 09/04/2011 | 15.30 par g3n-h@ckm@n
Utilisateur : Foot (Administrateurs)
Ordinateur : CLUB_FOOT

Système d'exploitation : Microsoft Windows XP (32 bits)Service Pack 3
Internet Explorer : 8.0.6001.18702
Mozilla Firefox :

[HKLM\..\..\SpecialAccounts\UserList] | HelpAssistant -> 0
[HKLM\..\..\SpecialAccounts\UserList] | TsInternetUser -> 0
[HKLM\..\..\SpecialAccounts\UserList] | SQLAgentCmdExec -> 0
[HKLM\..\..\SpecialAccounts\UserList] | NetShowServices -> 0
[HKLM\..\..\SpecialAccounts\UserList] | IWAM_ -> 65536
[HKLM\..\..\SpecialAccounts\UserList] | IUSR_ -> 65536
[HKLM\..\..\SpecialAccounts\UserList] | VUSR_ -> 65536
[HKLM\..\..\SpecialAccounts\UserList] | ASPNET -> 0

a:\ -> [Removable] | [] | Total : 0 Mo | Free : 0 Mo ->
c:\ -> [Fixed] | [ACER] | Total : 76320 Mo | Free : 24840 Mo -> NTFS
d:\ -> [CDROM] | [] | Total : 0 Mo | Free : 0 Mo ->

Scan : 15:28:37 | 12/04/2011

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤


¤¤¤¤¤¤¤¤¤¤ Démarrage ¤¤¤¤¤¤¤¤¤¤

[HKCU\..\..\Run] | H/PC Connection Agent = "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
[HKCU\..\..\Run] | CTSyncU.exe = "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
[HKCU\..\..\Run] | ctfmon.exe = C:\windows\system32\ctfmon.exe



[HKLM\..\..\Run] | LaunchApp = Alaunch
[HKLM\..\..\Run] | ntiMUI = c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
[HKLM\..\..\Run] | DiscWizardMonitor.exe = C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
[HKLM\..\..\Run] | AcronisTimounterMonitor = C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
[HKLM\..\..\Run] | Acronis Scheduler2 Service = "C:\Program Files\Fichiers communs\Seagate\Schedule2\schedhlp.exe"
[HKLM\..\..\Run] | IgfxTray = C:\WINDOWS\system32\igfxtray.exe
[HKLM\..\..\Run] | HotKeysCmds = C:\WINDOWS\system32\hkcmd.exe
[HKLM\..\..\Run] | Persistence = C:\WINDOWS\system32\igfxpers.exe
[HKLM\..\..\Run] | LogitechCommunicationsManager = "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
[HKLM\..\..\Run] | LogitechQuickCamRibbon = "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
[HKLM\..\..\Run] | EEventManager = C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
[HKLM\..\..\Run] | CTCheck = C:\Program Files\ComPlus Applications\ZEN Media Explorer\CTCheck.exe
[HKLM\..\..\Run] | SunJavaUpdateSched = "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
[HKLM\..\..\Run] | Adobe ARM = "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
[HKLM\..\..\Run] | ArcSoft Connection Service = C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
[HKLM\..\..\Run] | avast = "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui



¤¤¤¤¤¤¤¤¤¤ Policies\Explorer ¤¤¤¤¤¤¤¤¤¤

[HKCU\..\..\Policies\explorer] | NoDriveTypeAutoRun = 323
[HKCU\..\..\Policies\explorer] | NoDriveAutoRun = 67108863
[HKCU\..\..\Policies\explorer] | NoDrives = 0

[HKLM\..\..\Policies\explorer] | HonorAutoRunSetting = 1
[HKLM\..\..\Policies\explorer] | NoDriveAutoRun = 67108863
[HKLM\..\..\Policies\explorer] | NoDriveTypeAutoRun = 323
[HKLM\..\..\Policies\explorer] | NoDrives = 0

¤¤¤¤¤¤¤¤¤¤ Policies\System ¤¤¤¤¤¤¤¤¤¤


[HKLM\..\..\Policies\System] | dontdisplaylastusername = 0
[HKLM\..\..\Policies\System] | legalnoticecaption =
[HKLM\..\..\Policies\System] | legalnoticetext =
[HKLM\..\..\Policies\System] | shutdownwithoutlogon = 1
[HKLM\..\..\Policies\System] | undockwithoutlogon = 1
[HKLM\..\..\Policies\System] | DisableRegistryTools = 0

¤¤¤¤¤¤¤¤¤¤ Windows ¤¤¤¤¤¤¤¤¤¤

[HKLM\..\..\..\Windows] | AppInit_DLLS =
[HKLM\..\..\..\Windows] | LoadAppInit_DLLs =
[HKLM\..\..\..\Windows] | Load =

¤¤¤¤¤¤¤¤¤¤ Winlogon\Notify ¤¤¤¤¤¤¤¤¤¤

[AtiExtEvent]
[crypt32chain]
[cryptnet]
[cscdll]
[dimsntfy]
[igfxcui]
[ScCertProp]
[Schedule]
[sclgntfy]
[SensLogn]
[termsrv]
[WgaLogon]
[wlballoon]

¤¤¤¤¤¤¤¤¤¤ ShellExecuteHooks ¤¤¤¤¤¤¤¤¤¤

[ShellExecuteHooks] | {AEB6717E-7E19-11d0-97EE-00C04FD91972} =

¤¤¤¤¤¤¤¤¤¤ Active X ¤¤¤¤¤¤¤¤¤¤

[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] | IEUDINIT -> Mise à jour de la version d'Internet Explorer
[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] | WMPACCESS -> Lecteur Windows Media
[>{26923b43-4d38-484f-9b9e-de460746276c}] | IEACCESS -> Internet Explorer
[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] | OEACCESS -> Outlook Express
[>{DA74DE13-84ED-4456-96DE-95872C5E37C2}] | BRANDING.CAB -> Personnalisation du navigateur
[{08B0E5C0-4FCB-11CF-AAA5-00401C608500}] | JAVAVM -> Java (Sun)
[{10072CEC-8CC1-11D1-986E-00A0C955B42F}] | MSVML -> Rendu VML (Vector Graphics Rendering)
[{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}] | NetShow ->
[{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] | Microsoft Windows Media Player -> Lecteur Windows Media Microsoft 6.4
[{283807B5-2C60-11D0-A31D-00AA00B92C03}] | DirectAnimation -> DirectAnimation
[{2A3320D6-C805-4280-B423-B665BDE33D8F}] | M979906 -> Microsoft .NET Framework 1.1 Security Update (KB979906)
[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] | Theme Component -> Themes Setup
[{2F6EFCE6-10DF-49F9-9E64-9AE3775B2588}] | M2416447 -> Microsoft .NET Framework 1.1 Security Update (KB2416447)
[{36f8ec70-c29a-11d1-b5c7-0000f8051515}] | TridataJava -> Liaison de données Dynamic HTML pour Java
[{3af36230-a269-11d1-b5bf-0000f8051515}] | MobilePk -> Offline Browsing Pack
[{3bf42070-b3b1-11d1-b5c5-0000f8051515}] | USP10 -> Uniscribe
[{411EDCF7-755D-414E-A74B-3DCD6583F589}] | S867460 -> Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
[{4278c270-a269-11d1-b5bf-0000f8051515}] | AdvAuth -> Création avancée
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] | MailNews -> Microsoft Outlook Express 6
[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] | NetMeeting -> NetMeeting 3.01
[{44BBA848-CC51-11CF-AAFA-00AA00B6015C}] | activemovie -> DirectShow
[{44BBA855-CC51-11CF-AAFA-00AA00B6015F}] | DirectDrawEx -> DirectDrawEx
[{45ea75a0-a269-11d1-b5bf-0000f8051515}] | HelpCont -> Internet Explorer Help
[{4f216970-c90c-11d1-b5c7-0000f8051515}] | DAJava -> Classes Java DirectAnimation
[{4f645220-306d-11d2-995d-00c04f98bbc9}] | MSVBScript -> Microsoft Windows Script 5.8
[{5056b317-8d4c-43ee-8543-b9d1e234b8f4}] | KB923789 -> Mise à jour de sécurité pour Windows XP (KB923789)
[{5945c046-1e7d-11d1-bc44-00c04fd912be}] | Messenger -> Windows Messenger 4.7
[{5A8D6EE0-3E18-11D0-821E-444553540000}] | ICW ->
[{5fd399c0-a70a-11d1-9948-00c04f98bbc9}] | GenSetup -> Internet Explorer Setup Tools
[{630b1da0-b465-11d1-9948-00c04f98bbc9}] | ExtraPack -> Browsing Enhancements
[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] | Microsoft Windows Media Player -> Microsoft Windows Media Player
[{6fab99d0-bab8-11d1-994a-00c04f98bbc9}] | MSN_Auth -> MSN Site Access
[{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}] | .NETFramework -> .NET Framework
[{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] | WebFolders -> Dossiers Web
[{7790769C-0471-11d2-AF11-00C04FA35D02}] | WAB -> Carnet d'adresses 6
[{89820200-ECBD-11cf-8B85-00AA005B4340}] | IE4Shell_NT -> Mise à jour du Bureau Windows
[{89820200-ECBD-11cf-8B85-00AA005B4383}] | BASEIE40_W2K -> Internet Explorer
[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] | DOTNETFRAMEWORKS ->
[{8b15971b-5355-4c82-8c07-7e181ea07608}] | Fax -> Fax
[{9381D8F2-0288-11D0-9501-00AA00B911A5}] | Tridata -> Dynamic HTML Data Binding
[{94de52c8-2d59-4f1b-883e-79663d2d9a8c}] | Fax Provider -> Fax Provider
[{9A394342-4A68-4EBA-85A6-55B559F4E700}] | .NETFramework -> .NET Framework
[{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}] | .NETFramework -> .NET Framework
[{C9E9A340-D1F1-11D0-821E-444553540600}] | Fontcore -> Internet Explorer Core Fonts
[{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}] | .NETFramework -> .NET Framework
[{CC2A9BA0-3BDD-11D0-821E-444553540000}] | MSTASK -> Planificateur de tâches
[{CDD7975E-60F8-41d5-8149-19E51D6F71D0}] | Windows Movie Maker v2.1 ->
[{D27CDB6E-AE6D-11cf-96B8-444553540000}] | Flash -> Adobe Flash Player 9 ActiveX
[{de5aed00-a4bf-11d1-9948-00c04f98bbc9}] | HTMLHelp -> HTML Help
[{E92B03AB-B707-11d2-9CBD-0000F87A369E}] | ADSI -> Active Directory Service Interface

¤¤¤¤¤¤¤¤¤¤ Ports ¤¤¤¤¤¤¤¤¤¤

[OpenPorts\List] | 26675:TCP -> 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
[OpenPorts\List] | 1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
[OpenPorts\List] | 2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
[OpenPorts\List] | 3389:TCP -> 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

¤¤¤¤¤¤¤¤¤¤ Hosts ¤¤¤¤¤¤¤¤¤¤


¤¤¤¤¤¤¤¤¤¤ BHO ¤¤¤¤¤¤¤¤¤¤

BHO - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} | (Adobe PDF Link Helper) -> C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} | (Search Helper) -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} | (avast! WebRep) -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO - {DBC80044-A445-435b-BC74-9C25C1C588A9} | (Java(tm) Plug-In 2 SSV Helper) -> C:\Program Files\Java\jre6\bin\jp2ssv.dll
BHO - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} | (Windows Live Toolbar Helper) -> C:\Program Files\Windows Live\Toolbar\wltcore.dll
BHO - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} | (JQSIEStartDetectorImpl Class) -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO - {EC8FCB46-9F27-476E-B26A-93989316D2FB} | (WebAdSystem Helper) -> C:\Program Files\WebAdSystem\BrowserExtensions\internetexplorer\WebAdSystemBho.dll

¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤

[HKCU\..\..\Internet Explorer\Main] | Start Page=https://www.google.fr/?gws_rd=ssl
[HKCU\..\..\Internet Explorer\Main] | Local Page=C:\windows\system32\blank.htm
[HKCU\..\..\Internet Explorer\Main] | Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKLM\..\..\Internet Explorer\Main] | Start Page=https://www.msn.com/fr-fr/?ocid=iehp
[HKLM\..\..\Internet Explorer\Main] | Local Page=C:\windows\system32\blank.htm
[HKLM\..\..\Internet Explorer\Main] | Default_Search_URL=https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKLM\..\..\Internet Explorer\Main] | Default_Page_URL=https://www.msn.com/fr-fr/?ocid=iehp
[HKLM\..\..\Internet Explorer\Main] | Search Page=https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

¤¤¤¤¤¤¤¤¤¤ Proxy ¤¤¤¤¤¤¤¤¤¤

[HKCU\..\..\Internet Settings] | ProxyHttp1.1 = 1
[HKCU\..\..\Internet Settings] | ProxyEnable = 0
[HKCU\..\..\Internet Settings] | EnableHttp1_1 = 1
[HKCU\..\..\Internet Settings] | ProxyOverride = <local>
[HKCU\..\..\Internet Settings] | ProxyServer =
[HKCU\..\..\Internet Settings] | AutoConfigProxy = wininet.dll

¤¤¤¤¤¤¤¤¤¤¤ DNS ¤¤¤¤¤¤¤¤¤¤

[HKLM\CCS\..\Interfaces\{5DAF598F-707C-40AC-ABD1-4915B652742E}] | DhcpServer -> 255.255.255.255
[HKLM\CCS\..\Interfaces\{ADEEB63C-480E-44D0-B583-2F3DAC627126}] | DhcpServer -> 192.168.20.254
[HKLM\CCS\..\Interfaces\{CA495168-0DDD-444B-938F-B1585933031D}] | NameServer -> 192.168.1.1
[HKLM\CCS\..\Interfaces\{CA495168-0DDD-444B-938F-B1585933031D}] | DhcpServer -> 255.255.255.255
[HKLM\CCS\..\Interfaces\{CCD85EB5-8D11-4E0B-BBA8-A53BDC4C2DC7}] | NameServer -> 194.2.0.20,194.2.0.50
[HKLM\CCS\..\Interfaces\{CCD85EB5-8D11-4E0B-BBA8-A53BDC4C2DC7}] | DhcpServer -> 255.255.255.255
[HKLM\CS1\..\Interfaces\{5DAF598F-707C-40AC-ABD1-4915B652742E}] | DhcpServer -> 255.255.255.255
[HKLM\CS1\..\Interfaces\{ADEEB63C-480E-44D0-B583-2F3DAC627126}] | DhcpServer -> 192.168.20.254
[HKLM\CS1\..\Interfaces\{CA495168-0DDD-444B-938F-B1585933031D}] | NameServer -> 192.168.1.1
[HKLM\CS1\..\Interfaces\{CA495168-0DDD-444B-938F-B1585933031D}] | DhcpServer -> 255.255.255.255
[HKLM\CS1\..\Interfaces\{CCD85EB5-8D11-4E0B-BBA8-A53BDC4C2DC7}] | NameServer -> 194.2.0.20,194.2.0.50
[HKLM\CS1\..\Interfaces\{CCD85EB5-8D11-4E0B-BBA8-A53BDC4C2DC7}] | DhcpServer -> 255.255.255.255
[HKLM\CS2\..\Interfaces\{5DAF598F-707C-40AC-ABD1-4915B652742E}] | DhcpServer -> 255.255.255.255
[HKLM\CS2\..\Interfaces\{ADEEB63C-480E-44D0-B583-2F3DAC627126}] | DhcpServer -> 192.168.20.254
[HKLM\CS2\..\Interfaces\{CA495168-0DDD-444B-938F-B1585933031D}] | NameServer -> 192.168.1.1
[HKLM\CS2\..\Interfaces\{CA495168-0DDD-444B-938F-B1585933031D}] | DhcpServer -> 255.255.255.255
[HKLM\CS2\..\Interfaces\{CCD85EB5-8D11-4E0B-BBA8-A53BDC4C2DC7}] | NameServer -> 194.2.0.20,194.2.0.50
[HKLM\CS2\..\Interfaces\{CCD85EB5-8D11-4E0B-BBA8-A53BDC4C2DC7}] | DhcpServer -> 255.255.255.255

¤¤¤¤¤¤¤¤¤¤ HKCU | HKLM ¤¤¤¤¤¤¤¤¤¤

[HKCU\Software\ABBYY]
[HKCU\Software\acer]
[HKCU\Software\Ad-Remover]
[HKCU\Software\Adobe]
[HKCU\Software\AppDataLow]
[HKCU\Software\Apple Computer, Inc.]
[HKCU\Software\Apple Inc.]
[HKCU\Software\ArcSoft]
[HKCU\Software\ATI Technologies Inc.]
[HKCU\Software\Audible]
[HKCU\Software\Aurigma]
[HKCU\Software\AVAST Software]
[HKCU\Software\BearShare]
[HKCU\Software\BitTorrent]
[HKCU\Software\Boonty]
[HKCU\Software\Borland]
[HKCU\Software\Bugsplat]
[HKCU\Software\Camfrog]
[HKCU\Software\CamfrogWEB]
[HKCU\Software\CamfrogWEBAdvanced]
[HKCU\Software\CDDB]
[HKCU\Software\CeWe Color]
[HKCU\Software\Clients]
[HKCU\Software\Creative Tech]
[HKCU\Software\Cyberlink]
[HKCU\Software\Digital Workshop]
[HKCU\Software\DivXNetworks]
[HKCU\Software\EPSON]
[HKCU\Software\gcompris]
[HKCU\Software\GNU]
[HKCU\Software\Google]
[HKCU\Software\Hewlett-Packard]
[HKCU\Software\HookNetwork]
[HKCU\Software\IADirectShow]
[HKCU\Software\IAMANYS]
[HKCU\Software\IGA]
[HKCU\Software\IM Providers]
[HKCU\Software\imeshmediabartb]
[HKCU\Software\Intel]
[HKCU\Software\InterActual Technologies]
[HKCU\Software\JavaSoft]
[HKCU\Software\KalityWeb]
[HKCU\Software\Kodak]
[HKCU\Software\Kyocera Mita]
[HKCU\Software\Lake]
[HKCU\Software\Lavalys]
[HKCU\Software\Lavasoft]
[HKCU\Software\Leadertech]
[HKCU\Software\LetsTunes]
[HKCU\Software\Local AppWizard-Generated Applications]
[HKCU\Software\LogiShared]
[HKCU\Software\Logitech]
[HKCU\Software\Macromedia]
[HKCU\Software\Magnet]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\MicroApp]
[HKCU\Software\Microsoft]
[HKCU\Software\Mozilla]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Netscape]
[HKCU\Software\NewTech Infosystems]
[HKCU\Software\ODBC]
[HKCU\Software\ORL]
[HKCU\Software\PatchPoker]
[HKCU\Software\Piriform]
[HKCU\Software\PokerOfficer.com]
[HKCU\Software\Policies]
[HKCU\Software\POWERARC]
[HKCU\Software\PowerArchiver]
[HKCU\Software\RDE]
[HKCU\Software\Realtek]
[HKCU\Software\Roxio]
[HKCU\Software\RtWLan]
[HKCU\Software\RtWLanP]
[HKCU\Software\SEIKO EPSON]
[HKCU\Software\Skype]
[HKCU\Software\Sysinternals]
[HKCU\Software\Trolltech]
[HKCU\Software\TuneUp]
[HKCU\Software\VB and VBA Program Settings]
[HKCU\Software\Veoh]
[HKCU\Software\VirtualDJ]
[HKCU\Software\Wget]
[HKCU\Software\Windows Live Writer]
[HKCU\Software\Xenocode]
[HKCU\Software\Yahoo]
[HKCU\Software\YahooPartnerToolbar]
[HKCU\Software\ZyDAS]
[HKCU\Software\Classes]

[HKLM\Software\ABBYY]
[HKLM\Software\Acer]
[HKLM\Software\Acronis]
[HKLM\Software\Adobe]
[HKLM\Software\AppDataLow]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\Apple Inc.]
[HKLM\Software\ArcSoft]
[HKLM\Software\ATI Technologies]
[HKLM\Software\Audible]
[HKLM\Software\AVAST Software]
[HKLM\Software\Babylon]
[HKLM\Software\BORLAND]
[HKLM\Software\BrowserChoice]
[HKLM\Software\C07ft5Y]
[HKLM\Software\CDDB]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Creative Tech]
[HKLM\Software\CXT]
[HKLM\Software\DivXNetworks]
[HKLM\Software\EnigmaSoftwareGroup]
[HKLM\Software\EPSON]
[HKLM\Software\Full Tilt Poker]
[HKLM\Software\gcompris]
[HKLM\Software\GEAR Software]
[HKLM\Software\Gemplus]
[HKLM\Software\Google]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\HP]
[HKLM\Software\HPS]
[HKLM\Software\iMeshMediabarTb]
[HKLM\Software\InstallShield]
[HKLM\Software\Intel]
[HKLM\Software\InterActual Technologies]
[HKLM\Software\JavaSoft]
[HKLM\Software\JreMetrics]
[HKLM\Software\KalityWeb]
[HKLM\Software\Kodak]
[HKLM\Software\Kyocera Mita]
[HKLM\Software\Lake]
[HKLM\Software\Lavasoft]
[HKLM\Software\LightScribe]
[HKLM\Software\Logitech]
[HKLM\Software\Macromedia]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\MDC]
[HKLM\Software\Micro Application]
[HKLM\Software\MicroApp]
[HKLM\Software\Microsoft]
[HKLM\Software\MimarSinan]
[HKLM\Software\Mozilla]
[HKLM\Software\mozilla.org]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\muvee Technologies]
[HKLM\Software\NewTech Infosystems]
[HKLM\Software\NVIDIA Corporation]
[HKLM\Software\ODBC]
[HKLM\Software\OldTimer Tools]
[HKLM\Software\ORL]
[HKLM\Software\Piriform]
[HKLM\Software\PKR]
[HKLM\Software\Policies]
[HKLM\Software\Program Groups]
[HKLM\Software\PTECH]
[HKLM\Software\Realtek]
[HKLM\Software\Realtek Semiconductor Corp.]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\RTLSetup]
[HKLM\Software\RtWLan]
[HKLM\Software\Schlumberger]
[HKLM\Software\Seagate]
[HKLM\Software\Secure]
[HKLM\Software\SecureDigitalServices]
[HKLM\Software\Set8187]
[HKLM\Software\Skype]
[HKLM\Software\Swearware]
[HKLM\Software\Symantec]
[HKLM\Software\TENCENT]
[HKLM\Software\TuneUp]
[HKLM\Software\U.S. Robotics Corporation]
[HKLM\Software\VideoLAN]
[HKLM\Software\WebSupergoo]
[HKLM\Software\Windows 3.1 Migration Status]
[HKLM\Software\Yahoo]
[HKLM\Software\ZSMC]

¤¤¤¤¤¤¤¤¤¤ Détection Fichiers | Dossiers ¤¤¤¤¤¤¤¤¤¤

C:\Documents and Settings\Foot\Mes documents\layout.bin

C:\Documents and Settings\Foot\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.enigmasoftware.com
C:\Program Files\Enigma Software Group

¤¤¤¤¤¤¤¤¤¤ Détection Clés ¤¤¤¤¤¤¤¤¤¤
0
Utilisateur anonyme
12 avril 2011 à 17:20
pourquoi tu l'as lancé plusieurs fois ?
0
lancome51 Messages postés 50 Date d'inscription jeudi 3 septembre 2009 Statut Membre Dernière intervention 19 novembre 2014
12 avril 2011 à 17:26
comme il indiqué une erreur j'ai pensé qu'il fallait le relancer ?????
0
Utilisateur anonyme
12 avril 2011 à 17:44
et ouais et comme on a deux services qui se recréent juste apres suppression , ben on est un peu coincés

il faut que je reflechisse.....
0
lancome51 Messages postés 50 Date d'inscription jeudi 3 septembre 2009 Statut Membre Dernière intervention 19 novembre 2014
12 avril 2011 à 17:50
Oupsss desolé !!!!!
0
Utilisateur anonyme
12 avril 2011 à 18:01
Fais analyser le(s) fichier(s) suivants sur Virustotal :

Virus Total

clique sur "Parcourir" et trouve puis selectionne ce(s) fichier(s) :

c:\program files\UPHClean\uphclean.exe

* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée colle le lien de(s)( la) page(s) dans ta prochaine réponse.
0
lancome51 Messages postés 50 Date d'inscription jeudi 3 septembre 2009 Statut Membre Dernière intervention 19 novembre 2014
12 avril 2011 à 18:10
http://www.virustotal.com/file-scan/report.html?id=ed2a0acb135f85606d22035ba324c95de58c9564ed7b4340d2acb1f4f57abfb3-1302624526
0
Utilisateur anonyme
12 avril 2011 à 18:24
fais la suppression avec List_kill'em
0
lancome51 Messages postés 50 Date d'inscription jeudi 3 septembre 2009 Statut Membre Dernière intervention 19 novembre 2014
12 avril 2011 à 19:27
C'est fait, voici le rapport

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.1.3.8 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Mis à jour le 09/04/2011 | 15.30 par g3n-h@ckm@n
Utilisateur : Foot (Administrateurs)
Ordinateur : CLUB_FOOT

Système d'exploitation : Microsoft Windows XP (32 bits)

a:\ -> [Removable] | [] | Total : 0 Mo | Free : 0 Mo ->
c:\ -> [Fixed] | [ACER] | Total : 76320 Mo | Free : 24730 Mo -> NTFS
d:\ -> [CDROM] | [] | Total : 0 Mo | Free : 0 Mo ->

Scan : 19:16:09 | 12/04/2011


¤¤¤¤¤¤¤¤¤¤ Hosts ¤¤¤¤¤¤¤¤¤¤

127.0.0.1 localhost



¤¤¤¤¤¤¤¤¤¤ Supression Fichiers | Dossiers ¤¤¤¤¤¤¤¤¤¤

Mise en quarantaine : C:\Documents and Settings\Foot\Mes documents\layout.bin
Mise en quarantaine : C:\Documents and Settings\Foot\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.enigmasoftware.com\settings.sol
Mise en quarantaine : C:\Documents and Settings\Foot\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.enigmasoftware.com
Erreur de suppression : C:\Documents and Settings\Foot\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.enigmasoftware.com
Mise en quarantaine : C:\Program Files\Enigma Software Group\SpyHunter
Erreur de suppression : C:\Program Files\Enigma Software Group\SpyHunter
Mise en quarantaine : C:\Program Files\Enigma Software Group
Erreur de suppression : C:\Program Files\Enigma Software Group

¤¤¤¤¤¤¤¤¤¤ Suppression Clés ¤¤¤¤¤¤¤¤¤¤


¤¤¤¤¤¤¤¤¤¤¤ Services néfastes ¤¤¤¤¤¤¤¤¤¤





¤¤¤¤¤¤¤¤¤¤ Suppression Valeurs ¤¤¤¤¤¤¤¤¤¤

Valeur Supprimée : [HKCU\..\..\Policies\Explorer] | NoDrives
Valeur Supprimée : [HKLM\..\..\Policies\Explorer] | NoDrives
Valeur Supprimée : [HKLM\..\..\Policies\System] | DisableRegistryTools

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

[HKLM\..\..\Security Center] | FirstRunDisabled = 1
[HKLM\..\..\Security Center] | AntiVirusDisableNotify = 0
[HKLM\..\..\Security Center] | FirewallDisableNotify = 0
[HKLM\..\..\Security Center] | UpdatesDisableNotify = 0
[HKLM\..\..\Security Center] | AntiVirusOverride = 1
[HKLM\..\..\Security Center] | FirewallOverride = 0


Fin : 19:23:24

¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤
0
Utilisateur anonyme
12 avril 2011 à 19:30
spy hunter 4 est installé dans ton ordi ?
0
lancome51 Messages postés 50 Date d'inscription jeudi 3 septembre 2009 Statut Membre Dernière intervention 19 novembre 2014
12 avril 2011 à 19:42
non je ne pense pas , je ne connais pas !!!
0
regarde si tu as toujours ce dossier ou si c'est une erreur d'affichage du logiciel

C:\Program Files\Enigma Software Group
G3?-?@¢??@?......Concepteur de List_Kill'em...Pre_Scan....MBR_Repair....
0
je regarde cela en rentrant et je te redis car je bosse de nuit là.
0
lancome51 Messages postés 50 Date d'inscription jeudi 3 septembre 2009 Statut Membre Dernière intervention 19 novembre 2014
12 avril 2011 à 21:39
je regarde en rentrant et je te dis cela car je travaille de nuit là.
0
Utilisateur anonyme
12 avril 2011 à 22:28
ok :)
0
lancome51 Messages postés 50 Date d'inscription jeudi 3 septembre 2009 Statut Membre Dernière intervention 19 novembre 2014
13 avril 2011 à 06:03
J'ai effectivement encore ce dossier dans c:\program Files\Enigma Software Group
0
Utilisateur anonyme
13 avril 2011 à 11:08
salut

vide ou plein ?
0