Aller au contenu

gate_2

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    30

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par gate_2

  1. gate_2
    est ce qu il y a quelqu un sur l autre rive ? j attend toujours du renfort , Merci ..
  2. gate_2
    suite a votre coseil ,voila le resultat:Search Navipromo version 3.5.8 commencé le 18/06/2008 à 17.52.01,66 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis C:\Program Files\navilog1 Session actuelle : "standared" Mise à jour le 06.06.2008 à 18h00 par IL-MAFIOSO Microsoft Windows Vista 6.0.6001 Internet Explorer : 7.0.6001.18000 Système de fichiers : NTFS Recherche executé en mode normal *** Recherche Programmes installés *** *** Recherche dossiers dans "C:\Windows" *** *** Recherche dossiers dans "C:\Program Files" *** C:\Program Files\WebMediaPlayer trouvé ! *** Recherche dossiers dans "C:\ProgramData" *** *** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" *** ...\WebMediaPlayer trouvé ! *** Recherche dossiers dans "c:\users\standa~1\appdata\roaming\micros~1\windows\startm~1\programs" *** *** Recherche dossiers dans "C:\Users\standared\AppData\Local\virtualstore\Program Files" *** *** Recherche dossiers dans "C:\Users\standared\AppData\Roaming" *** *** Recherche avec Catchme-rootkit/stealth malware detector par gmer *** pour + d'infos : http://www.gmer.net Aucun Fichier trouvé *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans "C:\Windows\system32" * * Recherche dans "C:\Users\standared\AppData\Local\Microsoft" * * Recherche dans "C:\Users\standared\AppData\Local" * Fichiers trouvés : pyjrcl.exe trouvé ! pyjrcl.dat trouvé ! pyjrcl_nav.dat trouvé ! pyjrcl_navps.dat trouvé ! *** Recherche fichiers *** c:\users\public\desktop\WebMediaPlayer.lnk trouvé ! C:\Windows\system32\nvs2.inf trouvé ! *** Recherche clés spécifiques dans le Registre *** HKEY_CURRENT_USER\Software\Lanconfig trouvé ! *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche nouveaux fichiers Instant Access : 2)Recherche Heuristique : * Dans "C:\Windows\system32" : * Dans "C:\Users\standared\AppData\Local\Microsoft" : * Dans "C:\Users\standared\AppData\Local" : pyjrcl.dat trouvé ! pyjrcl_nav.dat trouvé ! pyjrcl_navps.dat trouvé ! 3)Recherche Certificats : Certificat Egroup trouvé ! Certificat Electronic-Group trouvé ! Certificat OOO-Favorit trouvé ! Certificat Sunny-Day-Design-Ltd absent ! 4)Recherche fichiers connus : *** Analyse terminée le 18/06/2008 à 17.59.23,23 ***
  3. gate_2
    il se peut qu il a d autres types d infections mais celui dont j ai parlee est signalee par kaspersky 7.0.0.125.sans tt fois que ce dernier reussit a l eliminer puisqe il ne donne pas ce choix ds ces option de desinfection .autres chose j ai dejas recu (sous IE7)un message me sucitant a ttelecharger un outil pour guerire mon pc infecte ..biensure je n ai rien telechargé ...d habitude je suis un fidele a mozilla firefox IE7 m est seulemnt impose par les liens qi s ouvrent a partir de windows live et compagnie ...qd c le cas ,des fenetres publicitaires s ouvrent souvent ..je veux dire ces derniers moments ...
  4. gate_2
    salut ,merci d avance pour votre soutien voila ce que vous m avez demande c si bien cela : Deckard's System Scanner v20071014.68 Run by standared on 2008-06-18 12:17:50 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- Last 5 Restore Point(s) -- 47: 2008-06-18 00:22:44 UTC - RP135 - Windows Update 46: 2008-06-17 14:38:59 UTC - RP134 - Punto di controllo pianificato 45: 2008-06-14 13:43:27 UTC - RP132 - Windows Update 44: 2008-06-14 00:23:41 UTC - RP131 - Windows Update 43: 2008-06-13 15:23:07 UTC - RP130 - Installazione pacchetto driver di dispositivo: 3COM Corporation Schede di rete -- First Restore Point -- 1: 2008-04-11 20:37:33 UTC - RP83 - Installazione pacchetto driver di dispositivo: ATI Technologies Inc. Schede video Backed up registry hives. Performed disk cleanup. -- HijackThis (run as standared.exe) ------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12.23.22, on 18/06/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Windows\Vm_sti.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehtray.exe C:\Users\standared\AppData\Local\pyjrcl.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Users\standared\Desktop\dss.exe C:\Users\standared\Desktop\dss.exe C:\Windows\system32\conime.exe C:\Users\STANDA~1\Desktop\standared.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [bigDogPath] C:\Windows\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL) O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [pyjrcl] c:\users\standared\appdata\local\pyjrcl.exe pyjrcl O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O13 - Gopher Prefix: O17 - HKLM\System\CCS\Services\Tcpip\..\{698FDFD2-FE90-4AA8-881D-651A185565F4}: NameServer = 192.168.183.250 O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 6274 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- S3 ZSMC301b (Vimicro USB PC Camera (ZC0301PL)) - c:\windows\system32\drivers\usbvm31b.sys <Not Verified; VM; > -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour> S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe S3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home> S3 WLSetupSvc (Windows Live Setup Service) - "c:\program files\windows live\installer\wlsetupsvc.exe" <Not Verified; Microsoft Corporation; Windows Live installer> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-06-18 12:21:40 426 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{44E3ABD0-E636-438A-A4E6-83AB68D523FD}.job -- Files created between 2008-05-18 and 2008-06-18 ----------------------------- 2008-06-15 22:02:02 0 d-------- C:\Windows\Sun 2008-06-13 17:20:53 0 d-------- C:\3Com 2008-06-12 01:02:58 0 d-------- C:\Program Files\WebMediaPlayer 2008-06-11 22:17:19 24576 --a------ C:\Windows\system32\ZyDelReg.exe <Not Verified; ; ZyDelReg Application> 2008-06-11 22:17:19 17151 --a------ C:\Windows\system32\ZDPNDIS5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); > 2008-06-11 22:17:19 81920 --a------ C:\Windows\system32\ZDPN50.dll <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows> 2008-06-11 22:17:19 31744 --a------ C:\Windows\system32\drivers\ZDPSp50a64.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows> 2008-06-11 22:17:19 17664 --a------ C:\Windows\system32\drivers\ZDPSp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows> 2008-06-11 22:17:19 29184 --a------ C:\Windows\system32\drivers\BRGSp50a64.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); > 2008-06-11 22:17:19 20608 --a------ C:\Windows\system32\drivers\BRGSp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); > 2008-06-11 22:17:18 15872 --a------ C:\Windows\system32\InsDrvZD64.DLL <INSDRV~1.DLL> <Not Verified; ; InsDrvZD Dynamic Link Library> 2008-06-11 22:17:18 28672 --a------ C:\Windows\system32\InsDrvZD.dll <Not Verified; ; InsDrvZD Dynamic Link Library> 2008-06-08 02:15:56 0 d-------- C:\Program Files\Gimp Pack Mode 2008-06-06 03:55:10 22 --a------ C:\Windows\out1.dat 2008-05-29 22:17:41 0 d-------- C:\Program Files\RegCleaner 2008-05-27 23:36:43 0 d-------- C:\PerfLogs -- Find3M Report --------------------------------------------------------------- 2008-06-18 11:40:08 652852 --a------ C:\Windows\system32\perfh010.dat 2008-06-18 11:40:08 119552 --a------ C:\Windows\system32\perfc010.dat 2008-06-17 12:50:08 0 d-------- C:\Users\standared\AppData\Roaming\gtk-2.0 2008-06-13 17:23:06 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-06-11 23:18:16 0 d-------- C:\Program Files\Windows Mail 2008-05-28 07:38:59 0 d-------- C:\Program Files\ATI 2008-05-28 00:10:56 0 d-------- C:\Program Files\Common Files\Steam 2008-05-27 23:45:34 174 --ahs---- C:\Program Files\desktop.ini 2008-05-27 23:37:30 0 d-------- C:\Program Files\Windows Calendar 2008-05-27 23:37:29 0 d-------- C:\Program Files\Windows Sidebar 2008-05-27 23:37:29 0 d-------- C:\Program Files\Windows Photo Gallery 2008-05-27 23:37:29 0 d-------- C:\Program Files\Windows Journal 2008-05-27 23:37:29 0 d-------- C:\Program Files\Windows Collaboration 2008-05-27 23:37:29 0 d-------- C:\Program Files\Movie Maker 2008-05-27 23:37:27 0 d-------- C:\Program Files\Windows Defender 2008-05-02 11:56:13 0 d-------- C:\Program Files\Windows Live 2008-05-01 22:02:44 0 d-------- C:\Users\standared\AppData\Roaming\Adobe 2008-05-01 21:57:30 0 d-------- C:\Program Files\Common Files\Adobe 2008-05-01 21:57:06 0 d-------- C:\Program Files\Common Files 2008-04-29 08:21:39 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2008-04-20 20:41:31 0 d-------- C:\Users\standared\AppData\Roaming\WinRAR 2008-04-18 10:44:04 0 d-------- C:\Program Files\iTunes 2008-04-18 10:44:00 0 d-------- C:\Program Files\iPod 2008-04-18 10:43:12 0 d-------- C:\Program Files\QuickTime 2008-04-18 10:32:33 0 d-------- C:\Program Files\Apple Software Update 2008-04-11 22:38:24 0 --a------ C:\Windows\ativpsrm.bin 2008-03-22 00:23:05 315392 --a------ C:\Windows\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program> 2008-03-21 23:05:37 25471 --a------ C:\Users\standared\AppData\Roaming\UserTile.png 2008-03-21 22:46:07 0 --a------ C:\Windows\nsreg.dat -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [19/01/2008 09.38] "RtHDVCpl"="RtHDVCpl.exe" [27/08/2007 07.10 C:\Windows\RtHDVCpl.exe] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12/01/2006 16.40] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [28/06/2007 13.51] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [22/03/2008 02.07] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 05.25] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [21/01/2008 12.17] "BigDogPath"="C:\Windows\VM_STI.exe" [15/12/2004 19.01] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28/03/2008 23.37] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10.36] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22.16] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [19/01/2008 09.33] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12.34] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [19/01/2008 09.33] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [19/01/2008 09.33] "pyjrcl"="c:\users\standared\appdata\local\pyjrcl.exe" [12/06/2008 01.02] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"=2 (0x2) "EnableLUA"=0 (0x0) "EnableUIADesktopToggle"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds] rundll32.exe C:\Users\STANDA~1\AppData\Local\Temp\efcYOiHB.dll,c [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\f8ccfc0d] rundll32.exe "C:\Users\STANDA~1\AppData\Local\Temp\ihgfjred.dll",b [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer] rundll32.exe C:\Users\STANDA~1\AppData\Local\Temp\awtrSiif.dll,#1 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] C:\Windows\system32\unregmp2.exe /ShowWMP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI -- End of Deckard's System Scanner: finished at 2008-06-18 12:26:43 ------------
  5. gate_2
    salut bienfaiteurs, il semble qu mon pc soit touche par ce maudit trojan qui est :trojan.win32.agent .kkp que faire,aidez moi s il vous plait
×
×
  • Créer...