

triton
Membres-
Compteur de contenus
94 -
Inscription
-
Dernière visite
Tout ce qui a été posté par triton
-
voici le fichier [boot Loader] Timeout=5 Default=C:\$WIN_NT$.~BT\BOOTSECT.DAT [Operating Systems] multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect C:\CMDCONS\BOOTSECT.DAT="Console de r‚cup‚ration Microsoft Windows XP" /cmdcons C:\$WIN_NT$.~BT\BOOTSECT.DAT="Installation de Microsoft Windows XP Professionnel" je vire les 2 dernières lignes ??? pour le reste ça marche toujours pas mais comme je vais changer la carte mère je verrai tout celà le moment venu merci à vous
-
pas de réponse ?
-
marche toujours pas. Comment supprimer le menu au demarrage qui me demande de continuer l'installation merci
-
bon, me revoilà j'ai copié la totalité du cd sur le disque k puis lancé l'installation à partir du setup. Tout s'est bien passé jusqu'au reboot, puis même problème.
-
j'ai fait tourner memtest toute la nuit, j'ai du ok partout, sauf 2 petites erreurs !!! le problème c'est que tout semble fonctionner au boot et lorsque le message windows install apparait, je n'ai rien qui s'affiche en bas pour m'indiquer la progression. dur dur
-
je reviens vite fait, j'ai rebooté avec le cd xp puis appuyé sur la touche f6 le lecteur de disquette s'est allumé le système a lu quelquechose puis écran bleu installation xp puis plus rien il faut pas attendre plusieurs minutes ? je n'ai rien qui s'inscrit en bas.
-
je vais voir coté ram c'est bien possible car c'est de la récup. Je pense changer de carte mère prochainement, mais ça fera l'objet d'un autre post. J'ai chargé les pilotes raid je redémarre et.... vais me coucher merci et à demain
-
merci de tes conseils, je vais faire un ghost du disque C mais il me faut quand même avoir acces à C pour reformater la partition. ou puis je trouver les pilotes SATA que je vais mettre sur disquette. J'ai une carte mère MSI KT6 delta merci
-
les 2 possibilités sont probables mais comme aucune install ne fonctionne... si j'ai bien compris mes DD ne sont pas reconnus. Le SATA de 350GO EST PARTITIONN2 EN 2 C: 80Go I: 250Go le disque IDE K: 80 Go
-
un dernier mot, pourquoi faut il un pilote sata alors que je veux l'installer sur mon disque IDE (k:)
-
j'ai tenté une installation à partir du cd xp, la première partie se déroule jusqu'au reboot et là même problème, je n'ai pas de ligne d'état en bas de l'écran,je pense qu'effectivement j'ai un souci de driver. Je vais donc essayer de copier le cd sur le disque k: et insaller, à suivre
-
bonsoir à tous ma config actuelle : disque dur sata avec 2 partitions C: et I: systeme xp valide sur c: fonctionnement normal disque dur IDE k: formaté et vierge ram 1,5 Go je voudrais réinstaller xp. je boote sur mon graveur dvd D: écran d'accueil et écran bleu avec "installation windows" puis plus rien. j'ai essayé divers cd xp sp1 sp2 rien à faire. Mon OS donnant des signes de fatigue j'angoisse à l'idée de ne pouvoir installer un OS vos avis sont particulièrement attendus merci
-
windows antivirus encoore lui
triton a répondu à un(e) sujet de triton dans Analyses et éradication malwares
apres plusieurs semaines d'absence je reviens pour remercier la communauté de son aide lors de la désinfection du pc de mon boss !! tout semble ok pour le moment merci encore -
windows antivirus encoore lui
triton a répondu à un(e) sujet de triton dans Analyses et éradication malwares
Je viens de faire la manip. J'ai du ruser pour activer regedit mais tout s'est bien passé apparemment. Je peux maintenent acceder aux commandes. Je vais faire le scan en ligne sans doute ce soir ou demain. En principe tout devrait etre rentré dans l'ordre et je te remercie à nouveau pour ton aide efficace. A cette occasion j'ai pu comprendre un peu mieux le fonctionnement des registres. je m'en serais bien passé. ! -
windows antivirus encoore lui
triton a répondu à un(e) sujet de triton dans Analyses et éradication malwares
je ne faisais pas de reproches au sujet de la 3eme semaine, c'était une pointe d'humour ! je te tiens au courant de la suite et te remercie à nouveau de ton aide. Ce n'est pas facile car nous sommes en production en permanence et je ne peux pas toujours utiliser utiliser ce poste. -
windows antivirus encoore lui
triton a répondu à un(e) sujet de triton dans Analyses et éradication malwares
bonjour, on attaque la 3e semaine !! ci joint le rapport WinPFind3 logfile created on: 17/09/2007 11:09:21 WinPFind3U by OldTimer - Version 1.0.41 Folder = C:\Documents and Settings\boss\Bureau\WinPFind3u\ Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) Internet Explorer (Version = 6.0.2900.2180) 510,09 Mb Total Physical Memory | 223,20 Mb Available Physical Memory | 43,76% Memory free 1,22 Gb Paging File | 0,32 Gb Available in Paging File | 26,59% Paging File free Paging file location(s): C:\pagefile.sys 768 1536; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 229,76 Gb Total Space | 211,67 Gb Free Space | 92,13% Space Free D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded Computer Name: FRANCIS Current User Name: boss Logged in as Administrator. Current Boot Mode: Normal [Processes - Non-Microsoft Only] aawtray.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\AAWTray.exe -> [Ver = 1, 0, 0, 1 | Size = 88024 bytes | Modified Date = 08/08/2007 15:53:16 | Attr = ] ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1029, 0 | Size = 75128 bytes | Modified Date = 28/07/2007 00:03:34 | Attr = ] ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1029, 0 | Size = 243064 bytes | Modified Date = 28/07/2007 00:03:08 | Attr = ] ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1029, 0 | Size = 132472 bytes | Modified Date = 28/07/2007 00:03:28 | Attr = ] ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1029, 0 | Size = 345464 bytes | Modified Date = 28/07/2007 00:02:20 | Attr = ] aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1029, 0 | Size = 16248 bytes | Modified Date = 27/07/2007 23:52:46 | Attr = ] ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 04/08/2005 06:02:58 | Attr = ] dex_ic-304v1.exe -> %UserAppData%\Color_Server_Client_Tools\JRE\JRE1.4.2\bin\DEX_IC-304V1.EXE -> [Ver = | Size = 28771 bytes | Modified Date = 26/01/2004 18:58:48 | Attr = ] dmxlauncher.exe -> %ProgramFiles%\Dell\Media Experience\DMXLauncher.exe -> [Ver = | Size = 86016 bytes | Modified Date = 15/09/2004 03:01:00 | Attr = ] dvdlauncher.exe -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 53248 bytes | Modified Date = 23/02/2005 18:19:56 | Attr = ] gnotify.exe -> %ProgramFiles%\Google\Gmail Notifier\gnotify.exe -> Google Inc. [Ver = 1.0.25.0 | Size = 479232 bytes | Modified Date = 15/07/2005 23:48:34 | Attr = ] hpcmpmgr.exe -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 12/05/2004 15:18:56 | Attr = ] hpqimzone.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqimzone.exe -> Hewlett-Packard Co. [Ver = 053.000.013.000 | Size = 479232 bytes | Modified Date = 12/05/2005 00:33:52 | Attr = ] hpqste08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqste08.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 204800 bytes | Modified Date = 12/05/2005 00:40:38 | Attr = ] hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 282624 bytes | Modified Date = 11/05/2005 23:23:26 | Attr = ] hprblog.exe -> %ProgramFiles%\HP\Digital Imaging\Product Assistant\bin\hprblog.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 77824 bytes | Modified Date = 11/05/2005 23:16:22 | Attr = ] hpzipm12.exe -> %System32%\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 29/09/2004 12:14:36 | Attr = ] iaanotif.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> Intel Corporation [Ver = 5.0.1.1001 | Size = 139264 bytes | Modified Date = 25/04/2005 10:50:08 | Attr = ] iaantmon.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTMon.exe -> Intel Corporation [Ver = 5.0.1.1001 | Size = 86142 bytes | Modified Date = 25/04/2005 10:49:52 | Attr = ] integr10.exe -> %SystemDrive%\Devis10\Integr10.exe -> GRAPHISOFT [Ver = 10.03.0017 | Size = 14725120 bytes | Modified Date = 04/11/2005 17:43:32 | Attr = ] issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Modified Date = 27/07/2004 18:50:18 | Attr = ] jusched.exe -> %ProgramFiles%\Java\j2re1.4.2_03\bin\jusched.exe -> [Ver = | Size = 32881 bytes | Modified Date = 19/11/2003 19:48:14 | Attr = ] qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 01/09/2006 15:57:48 | Attr = ] sdtrayapp.exe -> %ProgramFiles%\Spyware Doctor\SDTrayApp.exe -> PC Tools [Ver = 5.0.5.8 | Size = 1063752 bytes | Modified Date = 14/08/2007 17:02:20 | Attr = ] soffice.bin -> %ProgramFiles%\OpenOffice.org 2.2\program\soffice.bin -> OpenOffice.org [Ver = 1.09.9153 | Size = 2510848 bytes | Modified Date = 29/05/2007 15:48:16 | Attr = ] soffice.exe -> %ProgramFiles%\OpenOffice.org 2.2\program\soffice.exe -> OpenOffice.org [Ver = 1.09.9153 | Size = 2359296 bytes | Modified Date = 29/05/2007 15:48:14 | Attr = ] stsystra.exe -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4450.0 nd83 cp1 | Size = 339968 bytes | Modified Date = 23/03/2005 02:20:44 | Attr = ] svcntaux.exe -> %ProgramFiles%\Spyware Doctor\svcntaux.exe -> PC Tools [Ver = 5.0.5.1 | Size = 729416 bytes | Modified Date = 14/08/2007 17:02:22 | Attr = ] swdsvc.exe -> %ProgramFiles%\Spyware Doctor\swdsvc.exe -> PC Tools [Ver = 5.0.5.5 | Size = 1407816 bytes | Modified Date = 14/08/2007 17:02:28 | Attr = ] tfswctrl.exe -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127035 bytes | Modified Date = 06/12/2004 03:05:00 | Attr = ] w32mkde.exe -> %System32%\W32mkde.exe -> [Ver = | Size = 320512 bytes | Modified Date = 07/10/1996 22:22:04 | Attr = ] winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.41.0 | Size = 322560 bytes | Modified Date = 31/08/2007 10:30:22 | Attr = ] wlancfg.exe -> %SystemRoot%\wlancfg.exe -> Inventel [Ver = 3, 1, 0, 0 | Size = 1294336 bytes | Modified Date = 05/12/2003 19:50:10 | Attr = ] wlanmonitor.exe -> %ProgramFiles%\802.11 Wireless LAN\WlanMonitor.exe -> ATMEL [Ver = 3, 3, 4, 52 | Size = 450560 bytes | Modified Date = 01/10/2003 15:27:44 | Attr = ] [Win32 Services - Non-Microsoft Only] (aawservice) Ad-Aware 2007 Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 1 | Size = 566616 bytes | Modified Date = 27/08/2007 14:38:50 | Attr = ] (aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1029, 0 | Size = 16248 bytes | Modified Date = 27/07/2007 23:52:46 | Attr = ] (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 04/08/2005 06:02:58 | Attr = ] (avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1029, 0 | Size = 132472 bytes | Modified Date = 28/07/2007 00:03:28 | Attr = ] (avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1029, 0 | Size = 243064 bytes | Modified Date = 28/07/2007 00:03:08 | Attr = ] (avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1029, 0 | Size = 345464 bytes | Modified Date = 28/07/2007 00:02:20 | Attr = ] (dmadmin) Service d'administration du Gestionnaire de disque logique [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 225280 bytes | Modified Date = 05/08/2004 14:00:00 | Attr = ] (IAANTMon) Intel® Matrix Storage Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTMon.exe -> Intel Corporation [Ver = 5.0.1.1001 | Size = 86142 bytes | Modified Date = 25/04/2005 10:49:52 | Attr = ] (Planificateur LiveUpdate automatique) Planificateur LiveUpdate automatique [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> File not found (Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Running] -> %System32%\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 29/09/2004 12:14:36 | Attr = ] (sdAuxService) PC Tools Auxiliary Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\svcntaux.exe -> PC Tools [Ver = 5.0.5.1 | Size = 729416 bytes | Modified Date = 14/08/2007 17:02:22 | Attr = ] (sdCoreService) PC Tools Security Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\swdsvc.exe -> PC Tools [Ver = 5.0.5.5 | Size = 1407816 bytes | Modified Date = 14/08/2007 17:02:28 | Attr = ] (Wlancfg) Service de lancement de WlanCfg [Win32_Own | Auto | Running] -> %SystemRoot%\wlancfg.exe -> Inventel [Ver = 3, 1, 0, 0 | Size = 1294336 bytes | Modified Date = 05/12/2003 19:50:10 | Attr = ] [Registry - Non-Microsoft Only] < Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> {0228e555-4f9c-4e35-a3ec-b109a192b4c2} -> %ProgramFiles%\Google\Gmail Notifier\gnotify.exe -> Google Inc. [Ver = 1.0.25.0 | Size = 479232 bytes | Modified Date = 15/07/2005 23:48:34 | Attr = ] AAWTray -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\AAWTray.exe -> [Ver = 1, 0, 0, 1 | Size = 88024 bytes | Modified Date = 08/08/2007 15:53:16 | Attr = ] avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1029, 0 | Size = 75128 bytes | Modified Date = 28/07/2007 00:03:34 | Attr = ] dla -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127035 bytes | Modified Date = 06/12/2004 03:05:00 | Attr = ] DMXLauncher -> %ProgramFiles%\Dell\Media Experience\DMXLauncher.exe -> [Ver = | Size = 86016 bytes | Modified Date = 15/09/2004 03:01:00 | Attr = ] DVDLauncher -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 53248 bytes | Modified Date = 23/02/2005 18:19:56 | Attr = ] HP Component Manager -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 12/05/2004 15:18:56 | Attr = ] IAAnotif -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> Intel Corporation [Ver = 5.0.1.1001 | Size = 139264 bytes | Modified Date = 25/04/2005 10:50:08 | Attr = ] ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 221184 bytes | Modified Date = 27/07/2004 18:50:42 | Attr = ] ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Modified Date = 27/07/2004 18:50:18 | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 01/09/2006 15:57:48 | Attr = ] SDTray -> %ProgramFiles%\Spyware Doctor\SDTrayApp.exe -> PC Tools [Ver = 5.0.5.8 | Size = 1063752 bytes | Modified Date = 14/08/2007 17:02:20 | Attr = ] SigmatelSysTrayApp -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4450.0 nd83 cp1 | Size = 339968 bytes | Modified Date = 23/03/2005 02:20:44 | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\j2re1.4.2_03\bin\jusched.exe -> [Ver = | Size = 32881 bytes | Modified Date = 19/11/2003 19:48:14 | Attr = ] < OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL -> Installed = 1 -> MAPI -> Installed = 1 -> MSFS -> Installed = 1 -> < Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> DexStarter_IC-304V1 -> %UserAppData%\Color_Server_Client_Tools\PrinterDriver\IC-304V1\DexRunner.bat -> [Ver = | Size = 438 bytes | Modified Date = 22/06/2007 17:45:14 | Attr = ] < Common Startup > -> C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage -> %AllUsersStartup%\Démarrage rapide du logiciel HP Image Zone.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqthb08.exe -> Hewlett-Packard Co. [Ver = 053.000.013.000 | Size = 73728 bytes | Modified Date = 12/05/2005 00:49:24 | Attr = ] %AllUsersStartup%\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 282624 bytes | Modified Date = 11/05/2005 23:23:26 | Attr = ] < User Startup > -> C:\Documents and Settings\boss\Menu Démarrer\Programmes\Démarrage -> %UserStartup%\Moniteur & Configuration.lnk -> %ProgramFiles%\802.11 Wireless LAN\WlanMonitor.exe -> ATMEL [Ver = 3, 3, 4, 52 | Size = 450560 bytes | Modified Date = 01/10/2003 15:27:44 | Attr = ] %UserStartup%\OpenOffice.org 2.2.lnk -> %ProgramFiles%\OpenOffice.org 2.2\program\quickstart.exe -> [Ver = | Size = 393216 bytes | Modified Date = 02/02/2007 17:54:56 | Attr = ] < SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoControlPanel -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableTaskMgr -> 1 -> < CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoControlPanel -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoWindowsUpdate -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 1 -> < HOSTS File > (3353 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 192.168.200.3 ad.doubleclick.net 192.168.200.3 ad.fastclick.net 192.168.200.3 ads.fastclick.net 192.168.200.3 ar.atwola.com 192.168.200.3 atdmt.com 192.168.200.3 avp.ch 192.168.200.3 avp.com 192.168.200.3 avp.ru 192.168.200.3 awaps.net 192.168.200.3 banner.fastclick.net 192.168.200.3 banners.fastclick.net 192.168.200.3 ca.com 192.168.200.3 click.atdmt.com 192.168.200.3 clicks.atdmt.com 192.168.200.3 customer.symantec.com 192.168.200.3 dispatch.mcafee.com 192.168.200.3 download.mcafee.com 192.168.200.3 download.microsoft.com 192.168.200.3 downloads-us1.kaspersky-labs.com 192.168.200.3 downloads-us2.kaspersky-labs.com 192.168.200.3 downloads-us3.kaspersky-labs.com 192.168.200.3 downloads.microsoft.com 192.168.200.3 downloads1.kaspersky-labs.com 192.168.200.3 downloads2.kaspersky-labs.com 192.168.200.3 downloads3.kaspersky-labs.com 192.168.200.3 downloads4.kaspersky-labs.com 192.168.200.3 engine.awaps.net 192.168.200.3 f-secure.com 192.168.200.3 fastclick.net 192.168.200.3 ftp.avp.ch 192.168.200.3 ftp.downloads1.kaspersky-labs.com 192.168.200.3 ftp.downloads2.kaspersky-labs.com 192.168.200.3 ftp.downloads3.kaspersky-labs.com 192.168.200.3 ftp.f-secure.com 192.168.200.3 ftp.kasperskylab.ru 192.168.200.3 ftp.sophos.com 192.168.200.3 go.microsoft.com 192.168.200.3 ids.kaspersky-labs.com 192.168.200.3 kaspersky-labs.com 192.168.200.3 kaspersky.com 192.168.200.3 liveupdate.symantec.com 192.168.200.3 liveupdate.symantecliveupdate.com 192.168.200.3 mast.mcafee.com 192.168.200.3 mcafee.com 192.168.200.3 media.fastclick.net 192.168.200.3 microsoft.com 192.168.200.3 msdn.microsoft.com 192.168.200.3 my-etrust.com 192.168.200.3 nai.com 192.168.200.3 networkassociates.com 192.168.200.3 norton.com 192.168.200.3 office.microsoft.com 192.168.200.3 pandasoftware.com 192.168.200.3 phx.corporate-ir.net 192.168.200.3 rads.mcafee.com 192.168.200.3 secure.nai.com 192.168.200.3 securityresponse.symantec.com 192.168.200.3 service1.symantec.com 192.168.200.3 sophos.com 192.168.200.3 spd.atdmt.com 192.168.200.3 support.microsoft.com 192.168.200.3 symantec.com 192.168.200.3 trendmicro.com 192.168.200.3 update.symantec.com 192.168.200.3 updates.symantec.com 192.168.200.3 updates1.kaspersky-labs.com 192.168.200.3 updates2.kaspersky-labs.com 192.168.200.3 updates3.kaspersky-labs.com 192.168.200.3 updates4.kaspersky-labs.com 192.168.200.3 updates5.kaspersky-labs.com 192.168.200.3 us.mcafee.com 192.168.200.3 vil.nai.com 192.168.200.3 viruslist.com 192.168.200.3 viruslist.ru 192.168.200.3 virusscan.jotti.org 192.168.200.3 virustotal.com 192.168.200.3 windowsupdate.microsoft.com 192.168.200.3 www.avp.ch 192.168.200.3 www.avp.com 192.168.200.3 www.avp.ru 192.168.200.3 www.awaps.net 192.168.200.3 www.ca.com 192.168.200.3 www.f-secure.com 192.168.200.3 www.fastclick.net 192.168.200.3 www.grisoft.com 192.168.200.3 www.kaspersky-labs.com 192.168.200.3 www.kaspersky.com 192.168.200.3 www.kaspersky.ru 192.168.200.3 www.mcafee.com 192.168.200.3 www.microsoft.com 192.168.200.3 www.my-etrust.com 192.168.200.3 www.nai.com 192.168.200.3 www.networkassociates.com 192.168.200.3 www.pandasoftware.com 192.168.200.3 www.sophos.com 192.168.200.3 www.symantec.com 192.168.200.3 www.symantec.com 192.168.200.3 www.trendmicro.com 192.168.200.3 www.viruslist.com 192.168.200.3 www.viruslist.ru 192.168.200.3 www.virustotal.com 192.168.200.3 www3.ca.com -> -> < Internet Explorer Settings > -> -> HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome -> HKLM: Main\\Default_Search_URL -> http://www.google.com/ie -> HKLM: Local Page -> C:\windows\system32\blank.htm -> HKLM: Search Page -> http://www.google.com -> HKLM: Start Page -> http://www.google.com -> HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch -> HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch -> HKCU: Local Page -> C:\windows\system32\blank.htm -> HKCU: Search Bar -> http://www.google.com/ie -> HKCU: Search Page -> http://www.google.com -> HKCU: Start Page -> http://www.google.com -> HKCU: URLSearchHooks\\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found HKCU: ProxyEnable -> 0 -> < Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> msn.com [ - ] -> -> < Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {FE54FA40-D68C-11D2-98FA-00C0F0318AFE} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found < Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found < Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> Reg Data - Key not found [MenuText: Console Java (Sun)] -> File not found {92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [buttonText: Recherche] -> File not found {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> Reg Data - Key not found [MenuText: Reg Data - Value does not exist] -> File not found < Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xporter vers Microsoft Excel -> -> File not found < User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> SV1 -> -> < DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {4F24856B-E7B5-42FA-8898-F1B5156B6552} -> (ATMEL USB FastVNET (505A)) -> {7A0DB3F8-E7A9-4D6E-BC8E-A3FDC4AD2558} -> (ATMEL USB FastVNET (505A)) -> {FFA92BA0-7FD5-4866-B39D-58FC128F4843} -> (Intel® PRO/100 VE Network Connection) -> < Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> cetihpz -> %ProgramFiles%\HP\hpcoretech\comp\hpuiprot.dll -> Hewlett-Packard Company [Ver = 2.1.5 | Size = 81920 bytes | Modified Date = 12/05/2004 15:18:56 | Attr = ] ipp -> Reg Data - Key not found -> File not found msdaipp -> Reg Data - Key not found -> File not found < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {644E432F-49D3-41A1-8DD5-E099162EEEC5} -> Symantec RuFSI Utility Class - CodeBase = http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab -> {8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.4.2_03 - CodeBase = http://java.sun.com/products/plugin/autodl...indows-i586.cab -> {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} -> Java Plug-in 1.4.2_03 - CodeBase = http://java.sun.com/products/plugin/autodl...indows-i586.cab -> {D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shockwa...ash/swflash.cab -> [Files/Folders - Created Within 30 days] dnsbak.reg -> %SystemDrive%\dnsbak.reg -> [Ver = | Size = 7661 bytes | Created Date = 30/08/2007 15:41:56 | Attr = ] fixwareout -> %SystemDrive%\fixwareout -> [Folder | Created Date = 30/08/2007 15:41:40 | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 534941696 bytes | Created Date = 02/01/1601 23:00:00 | Attr = HS] repair.reg -> %SystemDrive%\repair.reg -> [Ver = | Size = 236 bytes | Created Date = 11/09/2007 13:09:53 | Attr = ] WA7PV -> %SystemDrive%\WA7PV -> [Folder | Created Date = 28/08/2007 07:16:53 | Attr = HS] $NtUninstallKB921503$ -> %SystemRoot%\$NtUninstallKB921503$ -> [Folder | Created Date = 20/08/2007 02:02:18 | Attr = H ] $NtUninstallKB933360$ -> %SystemRoot%\$NtUninstallKB933360$ -> [Folder | Created Date = 03/09/2007 02:00:31 | Attr = H ] $NtUninstallKB936021$ -> %SystemRoot%\$NtUninstallKB936021$ -> [Folder | Created Date = 20/08/2007 02:02:27 | Attr = H ] $NtUninstallKB936782_WMP11$ -> %SystemRoot%\$NtUninstallKB936782_WMP11$ -> [Folder | Created Date = 20/08/2007 02:00:42 | Attr = H ] $NtUninstallKB937143$ -> %SystemRoot%\$NtUninstallKB937143$ -> [Folder | Created Date = 20/08/2007 02:01:15 | Attr = H ] $NtUninstallKB938127$ -> %SystemRoot%\$NtUninstallKB938127$ -> [Folder | Created Date = 20/08/2007 02:01:25 | Attr = H ] $NtUninstallKB938828$ -> %SystemRoot%\$NtUninstallKB938828$ -> [Folder | Created Date = 20/08/2007 02:02:23 | Attr = H ] $NtUninstallKB938829$ -> %SystemRoot%\$NtUninstallKB938829$ -> [Folder | Created Date = 20/08/2007 02:02:13 | Attr = H ] $NtUninstallKB939683$ -> %SystemRoot%\$NtUninstallKB939683$ -> [Folder | Created Date = 03/09/2007 02:01:05 | Attr = H ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1355 bytes | Created Date = 03/09/2007 02:00:37 | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Created Date = 29/08/2007 15:50:58 | Attr = ] dumphive.exe -> %System32%\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 11/09/2007 13:59:26 | Attr = ] MRT.INI -> %System32%\MRT.INI -> [Ver = | Size = 118 bytes | Created Date = 14/09/2007 16:05:43 | Attr = ] my360 Classic dir -> %System32%\my360 Classic dir -> [Folder | Created Date = 31/08/2007 16:53:25 | Attr = ] my360 Classic.scr -> %System32%\my360 Classic.scr -> ScreenTime Media [Ver = 3.2.2 | Size = 201728 bytes | Created Date = 31/08/2007 16:53:25 | Attr = ] my360 Psyche dir -> %System32%\my360 Psyche dir -> [Folder | Created Date = 31/08/2007 16:53:14 | Attr = ] my360 Psyche.scr -> %System32%\my360 Psyche.scr -> ScreenTime Media [Ver = 3.2.2 | Size = 201728 bytes | Created Date = 31/08/2007 16:53:14 | Attr = ] Process.exe -> %System32%\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 11/09/2007 13:59:25 | Attr = ] SrchSTS.exe -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 11/09/2007 13:59:26 | Attr = ] swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Created Date = 11/09/2007 13:59:25 | Attr = ] swsc.exe -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Created Date = 11/09/2007 13:59:26 | Attr = ] swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 11/09/2007 13:59:26 | Attr = ] tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 3412 bytes | Created Date = 29/08/2007 14:44:54 | Attr = ] VCCLSID.exe -> %System32%\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Created Date = 11/09/2007 13:59:26 | Attr = ] ikfilesec.sys -> %System32%\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1032 built by: WinDDK | Size = 40264 bytes | Created Date = 29/08/2007 15:55:00 | Attr = ] iksysflt.sys -> %System32%\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1020 | Size = 57672 bytes | Created Date = 29/08/2007 15:55:00 | Attr = ] iksyssec.sys -> %System32%\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1021 | Size = 82248 bytes | Created Date = 29/08/2007 15:55:00 | Attr = ] kcom.sys -> %System32%\drivers\kcom.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1008 | Size = 29000 bytes | Created Date = 29/08/2007 15:55:00 | Attr = ] HOSTS.bak -> %System32%\drivers\etc\HOSTS.bak -> [Ver = | Size = 692 bytes | Created Date = 14/09/2007 15:14:00 | Attr = ] [Files/Folders - Modified Within 30 days] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 216 bytes | Modified Date = 14/09/2007 15:48:20 | Attr = RHS] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 14/09/2007 16:12:52 | Attr = H ] Devis10 -> %SystemDrive%\Devis10 -> [Folder | Modified Date = 17/09/2007 11:09:08 | Attr = ] dnsbak.reg -> %SystemDrive%\dnsbak.reg -> [Ver = | Size = 7661 bytes | Modified Date = 30/08/2007 16:41:58 | Attr = ] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 28/08/2007 14:11:22 | Attr = ] fixwareout -> %SystemDrive%\fixwareout -> [Folder | Modified Date = 30/08/2007 16:44:16 | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 534941696 bytes | Modified Date = 15/09/2007 09:03:28 | Attr = HS] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 14/09/2007 16:12:52 | Attr = R ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 30/08/2007 16:36:58 | Attr = HS] repair.reg -> %SystemDrive%\repair.reg -> [Ver = | Size = 236 bytes | Modified Date = 11/09/2007 14:05:46 | Attr = ] WA7PV -> %SystemDrive%\WA7PV -> [Folder | Modified Date = 28/08/2007 08:16:54 | Attr = HS] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 15/09/2007 09:03:50 | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 29/08/2007 13:00:58 | Attr = H ] $NtUninstallKB921503$ -> %SystemRoot%\$NtUninstallKB921503$ -> [Folder | Modified Date = 20/08/2007 03:02:20 | Attr = H ] $NtUninstallKB933360$ -> %SystemRoot%\$NtUninstallKB933360$ -> [Folder | Modified Date = 03/09/2007 03:00:34 | Attr = H ] $NtUninstallKB936021$ -> %SystemRoot%\$NtUninstallKB936021$ -> [Folder | Modified Date = 20/08/2007 03:02:28 | Attr = H ] $NtUninstallKB936782_WMP11$ -> %SystemRoot%\$NtUninstallKB936782_WMP11$ -> [Folder | Modified Date = 20/08/2007 03:00:46 | Attr = H ] $NtUninstallKB937143$ -> %SystemRoot%\$NtUninstallKB937143$ -> [Folder | Modified Date = 20/08/2007 03:01:18 | Attr = H ] $NtUninstallKB938127$ -> %SystemRoot%\$NtUninstallKB938127$ -> [Folder | Modified Date = 20/08/2007 03:01:26 | Attr = H ] $NtUninstallKB938828$ -> %SystemRoot%\$NtUninstallKB938828$ -> [Folder | Modified Date = 20/08/2007 03:02:24 | Attr = H ] $NtUninstallKB938829$ -> %SystemRoot%\$NtUninstallKB938829$ -> [Folder | Modified Date = 20/08/2007 03:02:14 | Attr = H ] $NtUninstallKB939683$ -> %SystemRoot%\$NtUninstallKB939683$ -> [Folder | Modified Date = 03/09/2007 03:01:08 | Attr = H ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 15/09/2007 09:03:30 | Attr = S] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 29/08/2007 16:00:42 | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 11/09/2007 14:15:24 | Attr = S] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 21/08/2007 22:38:08 | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1355 bytes | Modified Date = 03/09/2007 03:00:40 | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 03/09/2007 03:01:10 | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 14/09/2007 16:12:54 | Attr = HS] Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 29/08/2007 16:00:42 | Attr = ] MKDEWE.TRN -> %SystemRoot%\MKDEWE.TRN -> [Ver = | Size = 3072 bytes | Modified Date = 17/09/2007 08:16:46 | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 17/09/2007 06:32:24 | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Modified Date = 29/08/2007 16:52:08 | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 243 bytes | Modified Date = 14/09/2007 15:48:20 | Attr = ] system32 -> %System32% -> [Folder | Modified Date = 14/09/2007 17:05:44 | Attr = ] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 17/09/2007 09:16:42 | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 816 bytes | Modified Date = 14/09/2007 15:48:20 | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 20/08/2007 03:01:04 | Attr = ] AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 14/09/2007 10:23:04 | Attr = ] HPpromotions journeysoftware.job -> %SystemRoot%\tasks\HPpromotions journeysoftware.job -> [Ver = | Size = 364 bytes | Modified Date = 17/09/2007 08:00:02 | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 15/09/2007 09:03:34 | Attr = H ] CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 11/09/2007 14:15:24 | Attr = ] CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 3121 bytes | Modified Date = 28/08/2007 14:27:04 | Attr = ] dllcache -> %System32%\dllcache -> [Folder | Modified Date = 03/09/2007 03:01:08 | Attr = RHS] drivers -> %System32%\drivers -> [Folder | Modified Date = 15/09/2007 09:03:52 | Attr = ] MRT.INI -> %System32%\MRT.INI -> [Ver = | Size = 118 bytes | Modified Date = 14/09/2007 17:05:44 | Attr = ] my360 Classic dir -> %System32%\my360 Classic dir -> [Folder | Modified Date = 31/08/2007 18:43:04 | Attr = ] my360 Classic.scr -> %System32%\my360 Classic.scr -> ScreenTime Media [Ver = 3.2.2 | Size = 201728 bytes | Modified Date = 31/08/2007 17:53:26 | Attr = ] my360 Psyche dir -> %System32%\my360 Psyche dir -> [Folder | Modified Date = 31/08/2007 17:53:16 | Attr = ] my360 Psyche.scr -> %System32%\my360 Psyche.scr -> ScreenTime Media [Ver = 3.2.2 | Size = 201728 bytes | Modified Date = 31/08/2007 17:53:16 | Attr = ] perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 53436 bytes | Modified Date = 29/08/2007 16:56:08 | Attr = ] perfc00C.dat -> %System32%\perfc00C.dat -> [Ver = | Size = 64484 bytes | Modified Date = 29/08/2007 16:56:08 | Attr = ] perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 381692 bytes | Modified Date = 29/08/2007 16:56:08 | Attr = ] perfh00C.dat -> %System32%\perfh00C.dat -> [Ver = | Size = 446566 bytes | Modified Date = 29/08/2007 16:56:08 | Attr = ] PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 956504 bytes | Modified Date = 29/08/2007 16:56:08 | Attr = ] tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 3412 bytes | Modified Date = 14/09/2007 15:45:30 | Attr = ] VCCLSID.exe -> %System32%\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Modified Date = 06/09/2007 00:22:24 | Attr = ] wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 15/09/2007 09:04:48 | Attr = ] etc -> %System32%\drivers\etc -> [Folder | Modified Date = 14/09/2007 16:14:02 | Attr = ] HOSTS.bak -> %System32%\drivers\etc\HOSTS.bak -> [Ver = | Size = 692 bytes | Modified Date = 14/09/2007 16:05:42 | Attr = ] HOSTS.ehm -> %System32%\drivers\etc\HOSTS.ehm -> [Ver = | Size = 614488 bytes | Modified Date = 14/09/2007 16:14:02 | Attr = ] [File String Scan - Non-Microsoft Only] UPX! , UPX0 , -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1029, 0 | Size = 783224 bytes | Modified Date = 28/07/2007 00:07:22 | Attr = ] PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41131 bytes | Modified Date = 05/08/2004 14:00:00 | Attr = ] aspack , -> %System32%\my360 Classic.scr -> ScreenTime Media [Ver = 3.2.2 | Size = 201728 bytes | Modified Date = 31/08/2007 17:53:26 | Attr = ] aspack , -> %System32%\my360 Psyche.scr -> ScreenTime Media [Ver = 3.2.2 | Size = 201728 bytes | Modified Date = 31/08/2007 17:53:16 | Attr = ] UPX! , UPX0 , -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Modified Date = 27/04/2006 17:49:30 | Attr = ] UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Modified Date = 29/08/2006 19:43:54 | Attr = ] UPX! , UPX0 , -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Modified Date = 09/01/2006 10:36:06 | Attr = ] UPX! , UPX0 , -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Modified Date = 01/12/2006 06:20:34 | Attr = ] UPX! , UPX0 , -> %System32%\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Modified Date = 06/09/2007 00:22:24 | Attr = ] winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 05/08/2004 14:00:00 | Attr = ] Thawte Consulting , -> %System32%\XceedFtp.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 1.1.129.0 | Size = 279392 bytes | Modified Date = 14/01/2005 15:09:24 | Attr = ] Thawte Consulting , -> %System32%\XceedZip.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 5.0.115.0 | Size = 426848 bytes | Modified Date = 08/04/2004 13:50:04 | Attr = ] qoologic , PTech , SAHAgent , abetterinternet.com , web-nex , ad-w-a-r-e.com , -> %System32%\drivers\etc\HOSTS.ehm -> [Ver = | Size = 614488 bytes | Modified Date = 14/09/2007 16:14:02 | Attr = ] < End of report > de plus regedit est encore desactivé et impossible de desinstaller qoui que ce soit ! merci -
windows antivirus encoore lui
triton a répondu à un(e) sujet de triton dans Analyses et éradication malwares
le fichier Activer_regedit_taskmgr.reg était bien chargé mais j'ai eu le message d'interdiction. J'ai donc enlevé les clé avec vilma et j'ai supposé que regedit était réactivé. Ensuite j'ai appliqué hoster sans rien voir de sensationnel. Je constate que l'infection est toujours là. Impossible d'accéder au module de desinstallation (pour java). De plus maintenant je n'ai plus d'accès à internet, je crois bien que j'ai du faire une connerie avec le fichier host. J'ajoute que le programme que tu m'as indiququé pour restaurer le fichier host n'existe pas. J'ai donc pris le premier de la liste. Je poste depuis mon domicile est il possible de restaurer le fichier host ? -
windows antivirus encoore lui
triton a répondu à un(e) sujet de triton dans Analyses et éradication malwares
il me refuse toujours l'acces au registre. j'arrive à virer les 2 clés regedit avec vilma mais pas acces à installer désinstaller programmes. j'ai touvé xperhost et quand je le lance il ne se passe rien de spécial dur dur !! -
windows antivirus encoore lui
triton a répondu à un(e) sujet de triton dans Analyses et éradication malwares
bonjour, j'ai fait la manip mode 2 et impossible d'acceder au registre. ci joint rapport: SmitFraudFix v2.222 Rapport fait à 11:19:16,10, 14/09/2007 Executé à partir de C:\Documents and Settings\boss\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» hosts 192.168.200.3 ad.doubleclick.net 192.168.200.3 ad.fastclick.net 192.168.200.3 ads.fastclick.net 192.168.200.3 ar.atwola.com 192.168.200.3 atdmt.com 192.168.200.3 avp.ch 192.168.200.3 avp.com 192.168.200.3 avp.ru 192.168.200.3 awaps.net 192.168.200.3 banner.fastclick.net 192.168.200.3 banners.fastclick.net 192.168.200.3 ca.com 192.168.200.3 click.atdmt.com 192.168.200.3 clicks.atdmt.com 192.168.200.3 customer.symantec.com 192.168.200.3 dispatch.mcafee.com 192.168.200.3 download.mcafee.com 192.168.200.3 downloads-us1.kaspersky-labs.com 192.168.200.3 downloads-us2.kaspersky-labs.com 192.168.200.3 downloads-us3.kaspersky-labs.com 192.168.200.3 downloads1.kaspersky-labs.com 192.168.200.3 downloads2.kaspersky-labs.com 192.168.200.3 downloads3.kaspersky-labs.com 192.168.200.3 downloads4.kaspersky-labs.com 192.168.200.3 engine.awaps.net 192.168.200.3 f-secure.com 192.168.200.3 fastclick.net 192.168.200.3 ftp.avp.ch 192.168.200.3 ftp.downloads1.kaspersky-labs.com 192.168.200.3 ftp.downloads2.kaspersky-labs.com 192.168.200.3 ftp.downloads3.kaspersky-labs.com 192.168.200.3 ftp.f-secure.com 192.168.200.3 ftp.kasperskylab.ru 192.168.200.3 ftp.sophos.com 192.168.200.3 ids.kaspersky-labs.com 192.168.200.3 kaspersky-labs.com 192.168.200.3 kaspersky.com 192.168.200.3 liveupdate.symantec.com 192.168.200.3 liveupdate.symantecliveupdate.com 192.168.200.3 mast.mcafee.com 192.168.200.3 mcafee.com 192.168.200.3 media.fastclick.net 192.168.200.3 my-etrust.com 192.168.200.3 nai.com 192.168.200.3 networkassociates.com 192.168.200.3 norton.com 192.168.200.3 phx.corporate-ir.net 192.168.200.3 rads.mcafee.com 192.168.200.3 secure.nai.com 192.168.200.3 securityresponse.symantec.com 192.168.200.3 service1.symantec.com 192.168.200.3 sophos.com 192.168.200.3 spd.atdmt.com 192.168.200.3 symantec.com 192.168.200.3 trendmicro.com 192.168.200.3 update.symantec.com 192.168.200.3 updates.symantec.com 192.168.200.3 updates1.kaspersky-labs.com 192.168.200.3 updates2.kaspersky-labs.com 192.168.200.3 updates3.kaspersky-labs.com 192.168.200.3 updates4.kaspersky-labs.com 192.168.200.3 updates5.kaspersky-labs.com 192.168.200.3 us.mcafee.com 192.168.200.3 vil.nai.com 192.168.200.3 viruslist.com 192.168.200.3 viruslist.ru 192.168.200.3 virusscan.jotti.org 192.168.200.3 virustotal.com 192.168.200.3 www.avp.ch 192.168.200.3 www.avp.com 192.168.200.3 www.avp.ru 192.168.200.3 www.awaps.net 192.168.200.3 www.ca.com 192.168.200.3 www.f-secure.com 192.168.200.3 www.fastclick.net 192.168.200.3 www.grisoft.com 192.168.200.3 www.kaspersky-labs.com 192.168.200.3 www.kaspersky.com 192.168.200.3 www.kaspersky.ru 192.168.200.3 www.mcafee.com 192.168.200.3 www.my-etrust.com 192.168.200.3 www.nai.com 192.168.200.3 www.networkassociates.com 192.168.200.3 www.sophos.com 192.168.200.3 www.symantec.com 192.168.200.3 www.symantec.com 192.168.200.3 www.trendmicro.com 192.168.200.3 www.viruslist.com 192.168.200.3 www.viruslist.ru 192.168.200.3 www.virustotal.com 192.168.200.3 www3.ca.com »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{FFA92BA0-7FD5-4866-B39D-58FC128F4843}: DhcpNameServer=10.32.235.18 10.0.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{FFA92BA0-7FD5-4866-B39D-58FC128F4843}: DhcpNameServer=10.32.235.18 10.0.0.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{FFA92BA0-7FD5-4866-B39D-58FC128F4843}: DhcpNameServer=10.32.235.18 10.0.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.32.235.18 10.0.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.32.235.18 10.0.0.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=10.32.235.18 10.0.0.1 »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Fin merci -
windows antivirus encoore lui
triton a répondu à un(e) sujet de triton dans Analyses et éradication malwares
entre temps j'ai lancé spyware doctor qui m'a trouvé plus de 500 infections diverses. J'ai réussi à restaurer regedit et nettoyer tout SAUF 1 !!! apres redemarrage c'est reparti de plus belle. Je vais faire ce que tu m'as demandé !! C'est le poste du boss et je ne peux pas toujours y accéder. à suivre et merci encore pour ton aide -
windows antivirus encoore lui
triton a répondu à un(e) sujet de triton dans Analyses et éradication malwares
j'ai lancé l'analyse et elle s'arrete avec un message "la modification du registre a été désactivée par votre administrateur" quand je continue j'obtiens le rapport suivant mais rien sur l'infection SmitFraudFix v2.222 Rapport fait à 13:52:13,20, 11/09/2007 Executé à partir de C:\Documents and Settings\boss\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\printer.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\WINDOWS\stsystra.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\boss\Application Data\Color_Server_Client_Tools\JRE\JRE1.4.2\bin\DEX_IC-304V1.EXE C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\802.11 Wireless LAN\WlanMonitor.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\wlancfg.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Outlook Express\msimn.exe C:\Devis10\Integr10.exe C:\WINDOWS\system32\W32MKDE.EXE C:\WINDOWS\system32\WISPTIS.EXE C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts Fichier hosts corrompu ! 192.168.200.3 download.microsoft.com 192.168.200.3 downloads.microsoft.com 192.168.200.3 go.microsoft.com 192.168.200.3 microsoft.com 192.168.200.3 msdn.microsoft.com 192.168.200.3 office.microsoft.com 192.168.200.3 support.microsoft.com 192.168.200.3 windowsupdate.microsoft.com 192.168.200.3 www.microsoft.com 192.168.200.3 pandasoftware.com 192.168.200.3 www.pandasoftware.com »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 C:\WINDOWS\system32\printer.exe PRESENT ! C:\WINDOWS\system32\WinAvXX.exe PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\boss »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\boss\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer C:\DOCUME~1\boss\MENUDM~1\PROGRA~1\DMARRA~1\system.exe PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\boss\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Intel® PRO/100 VE Network Connection - Miniport d'ordonnancement de paquets DNS Server Search Order: 10.32.235.18 DNS Server Search Order: 10.0.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{FFA92BA0-7FD5-4866-B39D-58FC128F4843}: DhcpNameServer=10.32.235.18 10.0.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{FFA92BA0-7FD5-4866-B39D-58FC128F4843}: DhcpNameServer=10.32.235.18 10.0.0.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{FFA92BA0-7FD5-4866-B39D-58FC128F4843}: DhcpNameServer=10.32.235.18 10.0.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.32.235.18 10.0.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.32.235.18 10.0.0.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=10.32.235.18 10.0.0.1 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin -
windows antivirus encoore lui
triton a répondu à un(e) sujet de triton dans Analyses et éradication malwares
merci j'y vais la version c'est la 2.222 -
windows antivirus encoore lui
triton a répondu à un(e) sujet de triton dans Analyses et éradication malwares
pas de solution ??? merci -
windows antivirus encoore lui
triton a répondu à un(e) sujet de triton dans Analyses et éradication malwares
blocage ici : NY -> UPX0 , -> %UserStartup%\system.exe -
windows antivirus encoore lui
triton a répondu à un(e) sujet de triton dans Analyses et éradication malwares
je suis allé voir dans msconfig il y a 3 winavx je les décoche mais ils reviennent ! de plus je ne peux accéder au gestionnaire de taches de windows. à suivre