Virus obligeant a reinstaller TCP/IP

[Alpinette74]

Bonjour,

 

Depuis maintenant un bon moment, je pense etre infectée par un virus qui modifie mon adresse IP. Il m' oblige a reinstaller TCP/IP avec le netsh winsock reset, voir netsh int ip reset z afin de récupérer ma connexion. J' ai bitdefender comme antivirus et celui-ci me trouve réguilerement des fichiers infectés tels que: File c:\cp1382.nls

infected with Trojan.Spabot.NAC. Mais je ne trouve rien pour eradiquer ce trojan ...

J' ai deja essayé AVG, Spybot mais eux ne trouvent rien.

 

Je n' arrive vraiment pas a m' en débarasse seule, alors je me résoud a demander de l'aide auprès de vous.

J' ai windowns XP avec le SP2.

 

Je vous joins un post HikjackThis.

 

Merci d' avance pour votre aide.

 

 

Logfile of HijackThis v1.99.1

Scan saved at 11:53:05, on 08/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\igfxpers.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Softwin\BitDefender10\bdmcon.exe

C:\Program Files\Softwin\BitDefender10\bdagent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g\WLANUTL.exe

C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe

C:\Program Files\Softwin\BitDefender10\vsserv.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1165677364702

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab

O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://www.securitoo.com/fra/pages/navol/fscax.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{6BB3C3AD-E6D0-41E5-AA6E-880016EA099F}: NameServer = 192.168.1.1

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

[Thanos]

salut et bienvenue

 

Je vois que tu as ouvert deux topics pour le même cas : reste dans celui ci stp

Utilise le bouton "Répondre" qui se trouve entre "Flash" et "Nouveau" en bas de page, pour répondre.

 

Poste les deux rapports suivants stp >

 

1) Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.

***Si le lien ne fonctionne pas, essaie celui-ci : http://download.bleepingcomputer.com/andymanchesta/SDFix.exe ***

 

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :

• Redémarre ton ordinateur
  
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
  
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
  
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
  
• Choisis ton compte.
  

Déroule la liste des instructions ci-dessous :

• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.cmd pour lancer le script.
  
• Appuie sur Y pour commencer le processus de nettoyage.
  
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
  
• Appuie sur une touche pour redémarrer le PC.
  
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
  
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
  
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
  
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
  
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
  

2) Télécharge et lance DiagHelp comme montré dans ce tutoriel> http://www.malekal.com/DiagHelp/DiagHelp.php

Ne lance que l'option 1 et poste le rapport stp.

Notes: lors du scan, une fenêtre "Sysinternals Software Licence Terms" va s'ouvrir > clique sur Agree

Tu va certainement reçevoir une alerte du parefeu te demandant si tu acceptes que le processus sigcheck.exe puisse se connecter à internet > accepte.

A la fin du scan tu sera dirigé vers la page de l'auteur afin d'expédier le fichier c:\upload_moi_xxxxx.zip

Envoie le fichier stp : si tu reçois un message d'erreur ferme simplement la page internet et clique sur la touche [Enter]

pour obtenir le rapport. S'il ne s'affiche pas, tu le trouvera dans le répertoire C:\ > il se nomme resultat.txt

 

@++

Modifié le 8 décembre 2007 par charles ingals

[Alpinette74]

Bonjour et merci pour votre reponse.

 

Je vais faire ce que vous me conseillez, mais avant je voudrai juste signaler que pour le mode sans echec, j^ai un probleme : le mode sans echec ne fonctionne pas, en effet apres avoir choisi ma session, windows redemarre systematiquement. J' opte en attendant pour le mode sans echec avec prise en charge reseau, qui lui fonctionne... De plus j' ai remarqué que lors de mon démarrage, je n' ai plus l' écran d' acces au BIOS comme j' avais avant. IL me met maintenant des le démarrage un écran graphique, avec un image contenant " Asus....". De plus, lorsque je presse f5 ou f8 des les démarrage, j' obtiens une fenetre qui me demande de choisir mon boot device, et la j' ai deux choix : - 3MTSSTCorpCD/DVDW SH-S183A ou 4MST3250220AS. ALors que je n' avais pas cela avant ... cela ne me laisse rien présager de bon. Je resinstallerai bien XP mais je n' ai pas le SP2 inclu et mon CD d' install ne detecte pas toutes mes partitions et je crain de les perdre.

Je vais donc déja suivre la procédure que vous me conseillez avec le mode sans échec avec prise en charge réseau.

 

Merci encore.

[Alpinette74]

Voici les scans SDFIX et HijackThis :

 

SDFix: Version 1.117

 

Run by Celina on 09/12/2007 at 12:37

 

Microsoft Windows XP [version 5.1.2600]

 

Running From: C:\DOCUME~1\Celina\Bureau\SDFIX\SDFix

 

Safe Mode:

Checking Services:

 

 

Restoring Windows Registry Values

Restoring Windows Default Hosts File

Restoring Missing Security Center Service

 

Rebooting...

 

 

Normal Mode:

Checking Files:

 

Trojan Files Found:

 

C:\Documents and Settings\Micheal\Local Settings\Temp\2.dllb - Deleted

C:\Documents and Settings\Micheal\Local Settings\Temp\5.dllb - Deleted

C:\Documents and Settings\Micheal\Local Settings\Temp\6.dllb - Deleted

C:\Documents and Settings\Micheal\Local Settings\Temp\7.dllb - Deleted

 

 

 

 

Removing Temp Files...

 

ADS Check:

 

C:\WINDOWS

No streams found.

 

C:\WINDOWS\system32

No streams found.

 

C:\WINDOWS\system32\svchost.exe

No streams found.

 

C:\WINDOWS\system32\ntoskrnl.exe

No streams found.

 

 

 

Final Check:

 

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-09 12:41:27

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services:

------------------

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Disabled:MSN Messenger 7.5"

"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Enabled:Explorer"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

 

Remaining Files:

---------------

 

File Backups: - C:\DOCUME~1\Celina\Bureau\SDFIX\SDFix\backups\backups.zip

 

Files with Hidden Attributes:

 

Wed 14 Feb 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Sat 8 Dec 2007 21,504 ...H. --- "C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Quarantine\q.dll"

 

Finished!

 

 

Et enfin HijackThis :

 

Logfile of HijackThis v1.99.1

Scan saved at 12:45:21, on 09/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Softwin\BitDefender10\vsserv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\igfxpers.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Softwin\BitDefender10\bdmcon.exe

C:\Program Files\Softwin\BitDefender10\bdagent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g\WLANUTL.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1165677364702

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab

O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://www.securitoo.com/fra/pages/navol/fscax.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{6BB3C3AD-E6D0-41E5-AA6E-880016EA099F}: NameServer = 192.168.1.1

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

[Alpinette74]

Et voici le rapport DiagHelp

 

DiagHelp version v1.4 - http://www.malekal.com

excute le 09/12/2007 à 12:51:13,89

 

 

Liste des derniers fichies modifies/crees dans windir\system32 et prefetch

C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->09/12/2007 12:51:06

C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->09/12/2007 12:51:03

C:\WINDOWS\prefetch\IZARC.EXE-2B73BBEB.pf -->09/12/2007 12:49:36

C:\WINDOWS\prefetch\IGFXSRVC.EXE-2FB63FE8.pf -->09/12/2007 12:49:30

C:\WINDOWS\prefetch\JUCHECK.EXE-272A8733.pf -->09/12/2007 12:48:27

C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf -->09/12/2007 12:45:32

C:\WINDOWS\prefetch\HIJACKTHIS.EXE-0D776E28.pf -->09/12/2007 12:45:28

C:\WINDOWS\prefetch\IEXPLORE.EXE-27122324.pf -->09/12/2007 12:44:14

C:\WINDOWS\prefetch\WLANUTL.EXE-1BD782E6.pf -->09/12/2007 12:44:02

C:\WINDOWS\prefetch\RTHDCPL.EXE-06918CFA.pf -->09/12/2007 12:43:28

 

C:\WINDOWS\System32\drivers\ndis.sys -->10/02/2007 09:10:42

C:\WINDOWS\System32\drivers\RtkHDAud.Sys -->19/12/2005 10:37:42

C:\WINDOWS\System32\drivers\ialmnt5.sys -->20/09/2005 04:00:54

C:\WINDOWS\System32\drivers\e1e5132.sys -->01/09/2005 06:52:50

C:\WINDOWS\System32\drivers\Hdaudbus.sys -->07/01/2005 17:07:18

C:\WINDOWS\System32\drivers\Hdaudio.sys -->07/01/2005 17:07:16

C:\WINDOWS\System32\drivers\tdtcp.sys -->19/08/2004 16:10:20

 

C:\WINDOWS\System32\bdod.bin -->09/12/2007 12:46:16

C:\WINDOWS\System32\bdss.log -->09/12/2007 12:41:06

C:\WINDOWS\System32\wpa.dbl -->08/12/2007 11:18:21

C:\WINDOWS\System32\PerfStringBackup.INI -->29/10/2007 18:49:08

C:\WINDOWS\System32\perfh00C.dat -->29/10/2007 18:49:08

C:\WINDOWS\System32\perfh009.dat -->29/10/2007 18:49:08

C:\WINDOWS\System32\perfc00C.dat -->29/10/2007 18:49:08

C:\WINDOWS\System32\perfc009.dat -->29/10/2007 18:49:08

C:\WINDOWS\System32\swreg.exe -->22/07/2007 17:39:27

C:\WINDOWS\System32\testscript.tmp -->10/04/2007 20:45:32

C:\WINDOWS\System32\xreglib.dll -->10/04/2007 19:42:07

C:\WINDOWS\System32\Uninstall.ico -->01/03/2007 19:13:34

C:\WINDOWS\System32\pavas.ico -->01/03/2007 19:13:34

C:\WINDOWS\System32\Help.ico -->01/03/2007 19:13:34

C:\WINDOWS\System32\asfiles.txt -->01/03/2007 11:08:07

C:\WINDOWS\System32\FNTCACHE.DAT -->27/02/2007 20:54:51

C:\WINDOWS\System32\jupdate-1.5.0_09-b03.log -->14/12/2006 10:18:50

C:\WINDOWS\System32\LoopyMusic.wav -->09/12/2006 17:08:21

C:\WINDOWS\System32\BuzzingBee.wav -->09/12/2006 17:08:21

C:\WINDOWS\System32\spupdwxp.log -->09/12/2006 17:00:24

C:\WINDOWS\System32\wmpscheme.xml -->09/12/2006 15:58:23

C:\WINDOWS\System32\$winnt$.inf -->09/12/2006 15:54:56

C:\WINDOWS\System32\CONFIG.NT -->09/12/2006 15:53:34

C:\WINDOWS\System32\nscompat.tlb -->09/12/2006 15:53:31

C:\WINDOWS\System32\amcompat.tlb -->09/12/2006 15:53:31

 

C:\WINDOWS.log -->09/12/2007 12:41:14

C:\WINDOWS\wiadebug.log -->09/12/2007 12:41:08

C:\WINDOWS\WindowsUpdate.log -->09/12/2007 12:41:07

C:\WINDOWS\wiaservc.log -->09/12/2007 12:41:07

C:\WINDOWS\bootstat.dat -->09/12/2007 12:41:04

C:\WINDOWS\ntbtlog.txt -->09/12/2007 12:37:20

C:\WINDOWS\SchedLgU.Txt -->09/12/2007 12:36:26

C:\WINDOWS\win.ini -->08/12/2007 20:38:31

C:\WINDOWS\setupact.log -->08/12/2007 13:28:07

C:\WINDOWS\setuperr.log -->08/12/2007 13:25:26

C:\WINDOWS\setupapi.log -->05/12/2007 10:54:14

C:\WINDOWS\NeroDigital.ini -->03/12/2007 21:22:22

C:\WINDOWS\wmsetup.log -->26/11/2007 20:59:31

C:\WINDOWS\tsc.ini -->01/11/2007 17:58:43

C:\WINDOWS\tsc.ptn -->01/11/2007 17:23:45

 

winlogon.exe

Verified: Signed

svchost.exe

Verified: Signed

ws2_32.dll

Verified: Signed

user32.dll

Verified: Signed

tcpip.sys

Verified: Signed

ndis.sys

null.sys

Verified: Signed

 

 

ListDLLs v2.25 - DLL lister for Win9x/NT

Copyright © 1997-2004 Mark Russinovich

Sysinternals - www.sysinternals.com

 

------------------------------------------------------------------------------

explorer.exe pid: 560

Command line: C:\WINDOWS\Explorer.EXE

 

Base Size Version Path

0x76f80000 0x7f000 2001.12.4414.0258 C:\WINDOWS\system32\CLBCATQ.DLL

0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll

0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL

0x7d200000 0x2b2000 3.00.3790.2180 C:\WINDOWS\system32\msi.dll

0x10000000 0x26000 3.00.0000.4396 C:\WINDOWS\System32\igfxpph.dll

0x02310000 0x13000 3.00.0000.4396 C:\WINDOWS\System32\hccutils.DLL

0x02350000 0x24000 3.00.0000.4396 C:\WINDOWS\system32\igfxres.dll

0x023c0000 0x16f000 3.00.0000.4396 C:\WINDOWS\system32\igfxress.dll

0x02570000 0xe000 3.00.0000.4396 C:\WINDOWS\System32\igfxsrvc.dll

0x02580000 0xe000 1.00.0000.0002 C:\Program Files\UltraEdit-32\ue32ctmn.dll

0x025a0000 0x9b000 C:\PROGRA~1\IZArc\IZArcCM.dll

0x027e0000 0x12000 1.00.0000.0002 C:\Program Files\Softwin\BitDefender10\bdshelxt.dll

0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll

0x013e0000 0x8000 1.00.0000.0001 C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

0x6d610000 0x6a000 5.00.0090.0003 C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

0x60990000 0xe000 3.00.3790.2180 C:\WINDOWS\system32\MSISIP.DLL

0x74e10000 0x10000 5.06.0000.8820 C:\WINDOWS\System32\wshext.dll

0x73d20000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL

0x61d70000 0xe000 6.00.8665.0000 C:\WINDOWS\system32\MFC42LOC.DLL

0x59000000 0xe000 5.06.0000.6626 C:\WINDOWS\System32\wshFR.DLL

 

ListDLLs v2.25 - DLL lister for Win9x/NT

Copyright © 1997-2004 Mark Russinovich

Sysinternals - www.sysinternals.com

 

------------------------------------------------------------------------------

winlogon.exe pid: 696

Command line: winlogon.exe

 

Base Size Version Path

0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe

0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll

0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll

0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll

0x76f80000 0x7f000 2001.12.4414.0258 C:\WINDOWS\system32\CLBCATQ.DLL

 

 

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 3430-2C4B

 

Répertoire de C:\WINDOWS\system

 

23/12/1997 02:23 4 672 wowpost.exe

1 fichier(s) 4 672 octets

0 Rép(s) 18 790 768 640 octets libres

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 3430-2C4B

 

Répertoire de C:\WINDOWS\system32

 

19/08/2004 16:09 6 144 csrss.exe

1 fichier(s) 6 144 octets

0 Rép(s) 18 790 768 640 octets libres

 

Contenu de Downloaded Program Files

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 3430-2C4B

 

Répertoire de C:\WINDOWS\Downloaded Program Files

 

31/10/2007 20:32 <REP> .

31/10/2007 20:32 <REP> ..

24/08/2006 08:28 141 424 asinst.dll

22/08/2006 09:06 537 asinst.inf

07/12/2004 17:07 32 bdcore.dll

25/05/2006 01:21 118 784 bdupd.dll

09/12/2006 15:52 65 desktop.ini

06/12/2006 16:27 1 249 erma.inf

28/12/2004 16:14 652 736 fscax.dll

25/05/2006 01:21 53 248 ipsupd.dll

16/03/2005 12:34 7 407 lang.ini

07/12/2004 17:07 32 libfn.dll

14/03/2005 14:38 126 live.ini

20/06/2006 14:44 379 704 MsnPUpld.dll

19/06/2006 13:40 393 MsnPUpld.inf

31/05/2006 04:15 10 oscan81.ocx_x

20/11/2006 10:04 117 088 PURen-ie.dll

20/06/2006 14:44 117 560 PURen-us.dll

14/03/2005 14:58 7 073 scanoptions.tsi

14/02/2007 15:30 144 setup.inf

09/11/2006 14:36 5 019 swflash.inf

26/05/2005 04:19 291 wuweb.inf

02/11/2005 18:01 1 777 xscan.inf

02/11/2005 18:07 435 712 xscan53.ocx

22 fichier(s) 2 040 411 octets

 

Total des fichiers listés :

22 fichier(s) 2 040 411 octets

2 Rép(s) 18 790 764 544 octets libres

 

Recherche de rootkit! (Merci S!Ri)

 

Recherche d'infections connues

 

Export des clefs sensibles..

 

 

Liste des fichiers en exception sur le pare-feu XP SP2

 

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Disabled:MSN Messenger 7.5"

"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Enabled:Explorer"

 

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

 

Export de la clef SharedTaskScheduler

 

[sharedTaskScheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

 

 

 

exports des policies

REGEDIT4

 

[system]

"dontdisplaylastusername"=dword:00000000

"legalnoticecaption"=""

"legalnoticetext"=""

"shutdownwithoutlogon"=dword:00000001

"undockwithoutlogon"=dword:00000001

 

 

 

Export des clefs sensibles..

Rechercher adresses sensibles dans le fichier HOSTS...

catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-09 12:51:39

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden services & system hive ...

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden services: 0

hidden files: 0

 

 

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

 

Process list by traversal of KiWaitListHead

 

4 - System

332 - RTHDCPL.exe

560 - explorer.exe

672 - csrss.exe

696 - winlogon.exe

740 - services.exe

752 - lsass.exe

952 - svchost.exe

1008 - svchost.exe

1048 - iexplore.exe

1096 - svchost.exe

1200 - svchost.exe

1212 - bdagent.exe

1256 - svchost.exe

1312 - ctfmon.exe

1380 - vsserv.exe

1832 - xcommsvr.exe

1932 - bdss.exe

1944 - livesrv.exe

2012 - bdmcon.exe

2260 - WLANUTL.exe

3392 - jucheck.exe

3732 - cmd.exe

 

Total number of processes = 23

NOTE: Under WinXP, this will not show all processes.

 

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

 

Driver/Module list by traversal of PsLoadedModuleList

 

804D7000 - \WINDOWS\system32\ntoskrnl.exe

80701000 - \WINDOWS\system32\hal.dll

F7987000 - \WINDOWS\system32\KDCOM.DLL

F7897000 - \WINDOWS\system32\BOOTVID.dll

F75A7000 - ACPI.sys

F7989000 - \WINDOWS\System32\DRIVERS\WMILIB.SYS

F7596000 - pci.sys

F75F7000 - isapnp.sys

F7607000 - ohci1394.sys

F7617000 - \WINDOWS\System32\DRIVERS\1394BUS.SYS

F7A4F000 - pciide.sys

F7707000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS

F7627000 - MountMgr.sys

F74D7000 - ftdisk.sys

F798B000 - dmload.sys

F74B1000 - dmio.sys

F770F000 - PartMgr.sys

F7637000 - VolSnap.sys

F7499000 - atapi.sys

F7647000 - disk.sys

F7657000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS

F747A000 - fltmgr.sys

F7468000 - sr.sys

F7451000 - KSecDD.sys

F7B52000 - Ntfs.sys

F7422000 - NDIS.sys

F7407000 - Mup.sys

BAF50000 - \SystemRoot\System32\DRIVERS\intelppm.sys

BA865000 - \SystemRoot\System32\DRIVERS\ialmnt5.sys

BA851000 - \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS

BA82C000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys

F77B7000 - \SystemRoot\System32\DRIVERS\usbuhci.sys

BA809000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS

F77BF000 - \SystemRoot\system32\DRIVERS\usbehci.sys

BA7F5000 - \SystemRoot\System32\DRIVERS\parport.sys

F79A7000 - \SystemRoot\System32\DRIVERS\ASACPI.sys

BAF40000 - \SystemRoot\System32\DRIVERS\i8042prt.sys

F77C7000 - \SystemRoot\System32\DRIVERS\kbdclass.sys

F77CF000 - \SystemRoot\System32\DRIVERS\mouclass.sys

BA7E4000 - \SystemRoot\System32\DRIVERS\serial.sys

BAFF0000 - \SystemRoot\System32\DRIVERS\serenum.sys

BAF30000 - \SystemRoot\System32\Drivers\Imapi.SYS

BAF20000 - \SystemRoot\System32\DRIVERS\cdrom.sys

BAF10000 - \SystemRoot\System32\DRIVERS\redbook.sys

BA7C1000 - \SystemRoot\System32\DRIVERS\ks.sys

F7A9E000 - \SystemRoot\System32\DRIVERS\audstub.sys

BAA33000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys

BAFE8000 - \SystemRoot\System32\DRIVERS\ndistapi.sys

BA7AA000 - \SystemRoot\System32\DRIVERS\ndiswan.sys

BAA23000 - \SystemRoot\System32\DRIVERS\raspppoe.sys

BAA13000 - \SystemRoot\System32\DRIVERS\raspptp.sys

F77D7000 - \SystemRoot\System32\DRIVERS\TDI.SYS

BA799000 - \SystemRoot\System32\DRIVERS\psched.sys

BAA03000 - \SystemRoot\System32\DRIVERS\msgpc.sys

F77DF000 - \SystemRoot\System32\DRIVERS\ptilink.sys

F77E7000 - \SystemRoot\System32\DRIVERS\raspti.sys

BA768000 - \SystemRoot\System32\DRIVERS\rdpdr.sys

BA9F3000 - \SystemRoot\System32\DRIVERS\termdd.sys

F79A9000 - \SystemRoot\System32\DRIVERS\swenum.sys

BA734000 - \SystemRoot\System32\DRIVERS\update.sys

BAFC0000 - \SystemRoot\System32\DRIVERS\mssmbios.sys

BA9D3000 - \SystemRoot\System32\Drivers\NDProxy.SYS

AA221000 - \SystemRoot\system32\drivers\RtkHDAud.sys

AA1FF000 - \SystemRoot\system32\drivers\portcls.sys

BA9C3000 - \SystemRoot\system32\drivers\drmk.sys

BA9B3000 - \SystemRoot\System32\DRIVERS\usbhub.sys

F79B1000 - \SystemRoot\System32\DRIVERS\USBD.SYS

F79B3000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS

F7A63000 - \SystemRoot\System32\Drivers\Null.SYS

F79B5000 - \SystemRoot\System32\Drivers\Beep.SYS

F7817000 - \SystemRoot\System32\drivers\vga.sys

F79B7000 - \SystemRoot\System32\Drivers\mnmdd.SYS

F79B9000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys

F781F000 - \SystemRoot\System32\Drivers\Msfs.SYS

F774F000 - \SystemRoot\System32\Drivers\Npfs.SYS

BABA9000 - \SystemRoot\System32\DRIVERS\rasacd.sys

A9C8E000 - \SystemRoot\System32\DRIVERS\ipsec.sys

A9C36000 - \SystemRoot\System32\DRIVERS\tcpip.sys

F7757000 - \??\C:\Program Files\Softwin\BitDefender10\bdpredir.sys

A9C15000 - \SystemRoot\System32\DRIVERS\ipnat.sys

A9BED000 - \SystemRoot\System32\DRIVERS\netbt.sys

BA9A3000 - \SystemRoot\System32\DRIVERS\wanarp.sys

F792B000 - \SystemRoot\System32\drivers\ws2ifsl.sys

A9BCB000 - \SystemRoot\System32\drivers\afd.sys

F7697000 - \SystemRoot\System32\DRIVERS\netbios.sys

A9B9F000 - \SystemRoot\System32\DRIVERS\rdbss.sys

A9B30000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys

F76B7000 - \SystemRoot\System32\Drivers\Fips.SYS

A9A0B000 - \SystemRoot\system32\DRIVERS\WlanUIG.sys

F7767000 - \SystemRoot\System32\DRIVERS\USBSTOR.SYS

F76D7000 - \SystemRoot\System32\Drivers\Cdfs.SYS

A99F3000 - \SystemRoot\System32\Drivers\dump_atapi.sys

F79BD000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS

BF800000 - \SystemRoot\System32\win32k.sys

F776F000 - \SystemRoot\System32\watchdog.sys

F794B000 - \SystemRoot\System32\drivers\Dxapi.sys

BF9C1000 - \SystemRoot\System32\drivers\dxg.sys

BAC16000 - \SystemRoot\System32\drivers\dxgthk.sys

BF9E1000 - \SystemRoot\System32\ialmdnt5.dll

BF9D3000 - \SystemRoot\System32\ialmrnt5.dll

BFA03000 - \SystemRoot\System32\ialmdev5.DLL

BFA38000 - \SystemRoot\System32\ialmdd5.DLL

A99A7000 - \SystemRoot\system32\DRIVERS\mdc8021x.sys

A99A3000 - \SystemRoot\System32\DRIVERS\ndisuio.sys

A971E000 - \SystemRoot\System32\DRIVERS\mrxdav.sys

F79D3000 - \SystemRoot\System32\Drivers\ParVdm.SYS

A9847000 - \SystemRoot\System32\Drivers\Aspi32.SYS

A9843000 - \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys

A9667000 - \SystemRoot\System32\DRIVERS\srv.sys

A93AA000 - \SystemRoot\system32\drivers\wdmaud.sys

A9547000 - \SystemRoot\system32\drivers\sysaudio.sys

A9E77000 - \??\C:\Program Files\Softwin\BitDefender10\bdfdll.sys

A93CF000 - \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys

A90B7000 - \??\C:\DOCUME~1\Celina\LOCALS~1\Temp\catchme.sys

A8FFA000 - \SystemRoot\System32\Drivers\HTTP.sys

A9A78000 - \??\C:\WINDOWS\system32\PCANDIS5.SYS

BADD6000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

 

Total number of drivers = 117

 

Liste des programmes installes

 

Adobe Acrobat 5.0

Adobe Flash Player 9 ActiveX

Adobe Photoshop 7.0

Adobe Shockwave Player

AVIcodec (remove only)

BitDefender Antivirus v10

Canon iP4200

CCleaner (remove only)

eMule

Google Earth

High Definition Audio Driver Package - KB888111

HijackThis 1.99.1

Intel® Graphics Media Accelerator Driver

Intel® PRO Network Connections Drivers

IZArc 3.81

J2SE Runtime Environment 5.0 Update 9

livebox

Microsoft .NET Framework 1.1

Microsoft .NET Framework 2.0

Microsoft .NET Framework 2.0

Microsoft Office 2000 Premium

MSN Messenger 7.5

Native Instruments Traktor DJ Studio v2.5.3

Nero 6 Demo

Orion Pro DEMO

Panda ActiveScan

PowerDVD

Realtek High Definition Audio Driver

Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g

SweetMovieLife 1.0E

Trading Floor 2

UltraCompare Professional

UltraEdit-32

WebFldrs XP

Westwood Shared Internet Components

Windows Genuine Advantage Validation Tool (KB892130)

Windows XP Service Pack 2

XviD 1.2.-127 standalone decoder uninstall

 

 

 

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 3430-2C4B

 

Répertoire de C:\Program Files

 

09/12/2007 12:45 <REP> .

09/12/2007 12:45 <REP> ..

16/12/2006 17:52 <REP> Adobe

09/12/2006 21:57 <REP> Ahead

24/03/2007 10:39 <REP> AVIcodec

31/10/2007 20:32 <REP> backups

18/08/2007 12:46 <REP> CCleaner

09/12/2006 22:00 <REP> CyberLink

01/03/2007 16:12 <REP> directx

24/03/2007 13:40 <REP> Fichiers communs

18/08/2007 18:34 <REP> Google

10/02/2007 09:41 <REP> Grisoft

21/07/2005 15:42 218 112 HijackThis.exe

09/12/2007 12:45 5 088 hijackthis.log

21/01/2007 18:13 <REP> IDM Computer Solutions

09/12/2006 16:05 <REP> Intel

01/03/2007 19:24 <REP> Internet Explorer

10/07/2007 09:06 <REP> IZArc

14/12/2006 10:18 <REP> Java

22/03/2007 21:03 <REP> Messenger

12/02/2007 10:13 <REP> Microids

09/12/2006 21:19 <REP> microsoft frontpage

09/12/2006 21:19 <REP> Microsoft Office

09/12/2006 21:21 <REP> Microsoft Visual Studio

09/12/2006 16:54 <REP> Movie Maker

09/12/2006 15:51 <REP> MSN

09/12/2006 15:50 <REP> MSN Gaming Zone

28/09/2007 21:07 <REP> MSN Messenger

09/12/2006 16:53 <REP> NetMeeting

12/02/2007 19:24 <REP> OrionPro

09/12/2006 16:53 <REP> Outlook Express

24/03/2007 14:40 <REP> Panasonic

09/12/2006 17:06 <REP> Realtek

18/10/2007 23:03 <REP> SAGEM

28/09/2007 13:10 <REP> Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g

08/09/2007 19:10 <REP> Securitoo

09/12/2006 15:51 <REP> Services en ligne

10/02/2007 09:34 2 144 setup.log

14/03/2007 19:58 <REP> Softwin

24/03/2007 14:37 <REP> Spybot - Search & Destroy

07/08/2007 16:13 <REP> Synthesis Bank

21/01/2007 18:12 <REP> UltraEdit-32

18/10/2003 17:58 64 512 uninstall.exe

18/10/2007 00:18 <REP> Wanadoo

09/12/2006 16:54 <REP> Windows Media Player

09/12/2006 16:53 <REP> Windows NT

09/12/2006 15:53 <REP> xerox

24/03/2007 10:45 <REP> XviD

18/08/2007 13:19 <REP> Yahoo!

4 fichier(s) 289 856 octets

45 Rép(s) 18 789 875 712 octets libres

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 3430-2C4B

 

Répertoire de C:\Program Files\fichiers communs

 

24/03/2007 13:40 <REP> .

24/03/2007 13:40 <REP> ..

16/12/2006 17:52 <REP> Adobe

09/12/2006 21:56 <REP> Ahead

09/12/2006 21:21 <REP> Designer

08/09/2007 19:43 <REP> InstallShield

14/12/2006 10:17 <REP> Java

16/01/2007 20:46 <REP> Microsoft Shared

09/12/2006 15:51 <REP> MSSoap

09/12/2006 15:43 <REP> ODBC

24/03/2007 13:40 <REP> Panasonic

09/12/2006 15:51 <REP> Services

14/03/2007 19:58 <REP> Softwin

09/12/2006 15:43 <REP> SpeechEngines

09/12/2006 21:21 <REP> System

0 fichier(s) 0 octets

15 Rép(s) 18 789 871 616 octets libres

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 3430-2C4B

 

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

 

09/12/2006 15:58 <REP> .

09/12/2006 15:58 <REP> ..

18/05/2001 17:57 561 209 MSONSEXT.DLL

03/06/1999 14:09 122 937 MSOWS409.DLL

07/03/2001 09:00 127 033 MSOWS40c.DLL

18/03/1999 05:37 593 977 RAGENT.DLL

4 fichier(s) 1 405 156 octets

2 Rép(s) 18 789 871 616 octets libres

 

 

 

 

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\Cnmvsa.exe

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\helpkicker.exe

c:\Documents and Settings\Celina\.housecall6.6\getMac.exe

c:\Documents and Settings\Celina\.housecall6.6\patch.exe

c:\Documents and Settings\Celina\.housecall6.6\tsc.exe

c:\Documents and Settings\Celina\Bureau\SDFix.exe

c:\Documents and Settings\Celina\Bureau\DiagHelp\catchme.exe

c:\Documents and Settings\Celina\Bureau\DiagHelp\diff.exe

c:\Documents and Settings\Celina\Bureau\DiagHelp\dumphive.exe

c:\Documents and Settings\Celina\Bureau\DiagHelp\FilesInfoCmd.exe

c:\Documents and Settings\Celina\Bureau\DiagHelp\find2.exe

c:\Documents and Settings\Celina\Bureau\DiagHelp\Fport.exe

c:\Documents and Settings\Celina\Bureau\DiagHelp\grep.exe

c:\Documents and Settings\Celina\Bureau\DiagHelp\gzip.exe

c:\Documents and Settings\Celina\Bureau\DiagHelp\KProcCheck.exe

c:\Documents and Settings\Celina\Bureau\DiagHelp\LFiles.exe

c:\Documents and Settings\Celina\Bureau\DiagHelp\LISTDLLS.exe

c:\Documents and Settings\Celina\Bureau\DiagHelp\md5sums.exe

c:\Documents and Settings\Celina\Bureau\DiagHelp\pslist.exe

c:\Documents and Settings\Celina\Bureau\DiagHelp\sigcheck.exe

c:\Documents and Settings\Celina\Bureau\DiagHelp\streams.exe

c:\Documents and Settings\Celina\Bureau\DiagHelp\swreg.exe

c:\Documents and Settings\Celina\Bureau\DiagHelp\tar.exe

c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\catchme.exe

c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\dummy.exe

c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\apps\cliptext.exe

c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\apps\download.exe

c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\apps\drivers.exe

c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\apps\dummy.exe

c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\apps\ERUNT.EXE

c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\apps\FixPath.exe

c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\apps\isadmin.exe

c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\apps\LS.exe

c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\apps\MD5File.exe

c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\apps\moveex.exe

c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\apps\Process.exe

c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\apps\procs.exe

c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\apps\psservice.exe

c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\apps\RegDACL.exe

c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\apps\regedit.exe

c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\apps\RestartIt!.exe

c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\apps\sc.exe

c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\apps\SF.exe

c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\apps\shutdown.exe

c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\apps\swreg.exe

c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\apps\swsc.exe

c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\apps\unzip.exe

c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\apps\WINMSG.EXE

c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\apps\zip.exe

c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\apps\Replace\W2K.exe

c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\apps\Replace\XP.exe

c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\backups\attrib.exe

c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\backups\find.exe

c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\backups\findstr.exe

c:\Documents and Settings\Celina\Bureau\SDFIX\SDFix\backups\regedit.exe

c:\Documents and Settings\Invite\Local Settings\Temporary Internet Files\Content.IE5\S1QVW1QV\gg77[1].exe

c:\Documents and Settings\Micheal\Local Settings\Temp\46484.exe

c:\Documents and Settings\Micheal\Local Settings\Temp\47718.exe

c:\Documents and Settings\Micheal\Local Settings\Temp\702953.exe

c:\Documents and Settings\Micheal\Local Settings\Temp\dotnetfx.exe

c:\Documents and Settings\Micheal\Local Settings\Temp\jre-6u1-windows-i586-p-iftw_fa96d0d7.exe

c:\Documents and Settings\Micheal\Local Settings\Temp\jre-6u2-windows-i586-p-iftw_7070c3f7.exe

c:\Documents and Settings\Micheal\Local Settings\Temp\setup_wm.exe

c:\Documents and Settings\Micheal\Local Settings\Temp\{9D2F1473-4056-419E-946E-EDC1CE41ED59}\{E07C71A6-1576-4F7F-8856-B1C439E669AC}\285118USAM.EXE

c:\Documents and Settings\Micheal\Local Settings\Temp\{9D2F1473-4056-419E-946E-EDC1CE41ED59}\{E07C71A6-1576-4F7F-8856-B1C439E669AC}\PSSService.exe

c:\Documents and Settings\Micheal\Local Settings\Temp\{9D2F1473-4056-419E-946E-EDC1CE41ED59}\{E07C71A6-1576-4F7F-8856-B1C439E669AC}\VCREDIST.EXE

c:\Documents and Settings\Micheal\Local Settings\Temp\{9D2F1473-4056-419E-946E-EDC1CE41ED59}\{E07C71A6-1576-4F7F-8856-B1C439E669AC}\WMFDist.exe

c:\Documents and Settings\Micheal\Local Settings\Temp\{9D2F1473-4056-419E-946E-EDC1CE41ED59}\{E07C71A6-1576-4F7F-8856-B1C439E669AC}\wmpcdcs8.exe

c:\Documents and Settings\Micheal\Local Settings\Temp\{CB6337DF-9DFE-49F8-9F50-8EF898BA95CA}\{E07C71A6-1576-4F7F-8856-B1C439E669AC}\285118USAM.EXE

c:\Documents and Settings\Micheal\Local Settings\Temp\{CB6337DF-9DFE-49F8-9F50-8EF898BA95CA}\{E07C71A6-1576-4F7F-8856-B1C439E669AC}\PSSService.exe

c:\Documents and Settings\Micheal\Local Settings\Temp\{CB6337DF-9DFE-49F8-9F50-8EF898BA95CA}\{E07C71A6-1576-4F7F-8856-B1C439E669AC}\VCREDIST.EXE

c:\Documents and Settings\Micheal\Local Settings\Temp\{CB6337DF-9DFE-49F8-9F50-8EF898BA95CA}\{E07C71A6-1576-4F7F-8856-B1C439E669AC}\WMFDist.exe

c:\Documents and Settings\Micheal\Local Settings\Temp\{CB6337DF-9DFE-49F8-9F50-8EF898BA95CA}\{E07C71A6-1576-4F7F-8856-B1C439E669AC}\wmpcdcs8.exe

c:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Quarantine\q.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules404\CNMlr78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules404\CNMsr78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules404\CNMur78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules405\CNMlr78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules405\CNMsr78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules405\CNMur78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules406\CNMlr78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules406\CNMsr78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules406\CNMur78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules407\CNMlr78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules407\CNMsr78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules407\CNMur78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules408\CNMlr78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules408\CNMsr78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules408\CNMur78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules409\CNMlr78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules409\CNMsr78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules409\CNMur78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules40b\CNMlr78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules40b\CNMsr78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules40b\CNMur78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules40c\CNMlr78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules40c\CNMsr78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules40c\CNMur78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules40e\CNMlr78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules40e\CNMsr78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules40e\CNMur78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules410\CNMlr78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules410\CNMsr78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules410\CNMur78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules411\CNMlr78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules411\CNMsr78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules411\CNMur78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules412\CNMlr78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules412\CNMsr78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules412\CNMur78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules413\CNMlr78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules413\CNMsr78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules413\CNMur78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules414\CNMlr78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules414\CNMsr78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules414\CNMur78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules415\CNMlr78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules415\CNMsr78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules415\CNMur78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules419\CNMlr78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules419\CNMsr78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules419\CNMur78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules41D\CNMlr78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules41D\CNMsr78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules41D\CNMur78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules41E\CNMlr78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules41E\CNMsr78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules41E\CNMur78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules41F\CNMlr78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules41F\CNMsr78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules41F\CNMur78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules804\CNMlr78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules804\CNMsr78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules804\CNMur78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules816\CNMlr78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules816\CNMsr78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules816\CNMur78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModulesc0a\CNMlr78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModulesc0a\CNMsr78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModulesc0a\CNMur78.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNM_0260.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMBR260.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMDRV.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMDUMP5.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMFUS.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMINST.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLMON2.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLR.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRCN.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRCZ.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRDE.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRDK.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRES.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRFI.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRFR.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRGR.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRHU.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRIT.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRJ.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRKR.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRNL.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRNO.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRPL.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRPT.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRRU.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRSE.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRTH.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRTR.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRTW.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMOP78.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMP_260.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMPCOMM.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMPD.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMPP.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMPV.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMQUEUE.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSMSD.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSR.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRCN.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRCZ.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRDE.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRDK.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRES.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRFI.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRFR.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRGR.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRHU.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRIT.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRJ.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRKR.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRNL.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRNO.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRPL.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRPT.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRRU.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRSE.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRTH.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRTR.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRTW.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSTMN.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMUI.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMUR.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURCN.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURCZ.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURDE.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURDK.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURES.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURFI.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURFR.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURGR.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURHU.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURIT.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURJ.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURKR.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURNL.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURNO.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURPL.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURPT.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURRU.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURSE.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURTH.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURTR.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURTW.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMVS.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMW3.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\cnmi040c.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\cnminst2.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\cnmis.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\cnmis4.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\cnmis5.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\devid.dll

c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll

c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll

c:\Documents and Settings\Celina\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll

[Thanos]

salut

 

SDFix a fait du nettoyage. Le rapport DiagHelp ne montre rien de mauvais

 

Tu ne parviens pas à démarrer en mode sans échec ? Poste moi le rapport suivant stp >

 

Télécharge Deckard's System Scanner (DSS) sur ton bureau.

Tu dois possèder les droits administrateurs pour le lancer.

• Ferme toutes les applications en cours (fenêtres internet etc...)
  
• Double-clique sur dss.exe et clique sur ok au message qui s'affiche.
  
• Lorsque le scan est terminé, deux fichiers texte vont s'ouvrir.
  
• Poste le contenu du rapport nommé main.txt
  
• Si tu ne vois pas le rapport, tu le trouvera dans le dossier suivant > C:\Deckard\System Scanner
  

On va faire un scan en ligne à présent >

 

Fais un scan en ligne avec Panda > http://www.nanoscan.com/as/v1/principal.aspx?Lang=en

En images ici > http://www.malekal.com/scan_Av_en_ligne.php#mozTocId131054

• Il faut choisir Full Scan (et pas QuickScan) >
  
• Poste le rapport qu'il t'affichera à la fin.
  
• Note : Tu n'es pas obligé de donner ton email, tu peux utiliser une adresse jetable si tu le souhaites : http://www.jetable.org/fr/index
  
• Si ca ne fonctionne pas,assure toi que Internet Explorer est correctement configuré pour le scan en ligne comme indiqué ici : http://www.malekal.com/scan_Av_en_ligne.html#mozTocId898809
  
• Plus d'infos ici > http://www.malekal.com/scan_Av_en_ligne.php#mozTocId131054
  

@+ tard

[Alpinette74]

Bonsoir et merci pour votre aide, Charles .

 

Voici les resultats comme demandé. J' ai également mis a la fin le resultat extra.txt (a l' air de contenir des trucs interessants ...)

Le virus SPABOT.NAC est toujours présenz... il me genere toujours le probleme de modification de mon IP et m' oblige toujours a fait le netsh winsock reset pour recuperer ma connection. Il genere un fichier dans C: nommé cp154.nls impossible a supprimer ....

 

 

 

Deckard's System Scanner v20071014.68

Run by Celina on 2007-12-09 23:10:39

Computer is in Normal Mode.

--------------------------------------------------------------------------------

 

-- System Restore --------------------------------------------------------------

 

Successfully created a Deckard's System Scanner Restore Point.

 

 

-- Last 5 Restore Point(s) --

76: 2007-12-09 22:10:42 UTC - RP220 - Deckard's System Scanner Restore Point

75: 2007-12-09 12:49:34 UTC - RP219 - Point de vérification système

74: 2007-12-08 11:41:45 UTC - RP218 - Point de vérification système

73: 2007-12-04 21:54:52 UTC - RP217 - Point de vérification système

72: 2007-12-03 21:22:11 UTC - RP216 - Point de vérification système

 

 

-- First Restore Point --

1: 2007-09-28 12:18:26 UTC - RP145 - Supprimé Livebox

 

 

Backed up registry hives.

Performed disk cleanup.

 

 

 

-- HijackThis (run as Celina.exe) ----------------------------------------------

 

Logfile of HijackThis v1.99.1

Scan saved at 23:11:13, on 09/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\igfxpers.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Softwin\BitDefender10\bdagent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe

C:\Program Files\Softwin\BitDefender10\vsserv.exe

C:\Program Files\Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g\WLANUTL.exe

C:\Documents and Settings\Celina\Bureau\dss.exe

C:\PROGRA~1\Celina.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1165677364702

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab

O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://www.securitoo.com/fra/pages/navol/fscax.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{6BB3C3AD-E6D0-41E5-AA6E-880016EA099F}: NameServer = 192.168.1.1

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

 

 

-- HijackThis Fixed Entries (C:\PROGRA~1\backups\) -----------------------------

 

backup-20070301-181447-570 O21 - SSODL: CDRecorder030 - {A3BC5E20-0235-1ABF-9CE1-00AA00512030} - C:\WINDOWS\system32\zuyi32.dll (file missing)

backup-20070301-181447-653 O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

backup-20071031-203208-440 O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab

backup-20071031-203209-396 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

 

-- File Associations -----------------------------------------------------------

 

All associations okay.

 

 

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

 

R1 bdpredir - c:\program files\softwin\bitdefender10\bdpredir.sys <Not Verified; Softwin SRL; BitDefender 10>

R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>

R3 catchme - c:\docume~1\celina\locals~1\temp\catchme.sys (file missing)

R3 PCANDIS5 (PCANDIS5 Protocol Driver) - c:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

 

 

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

 

All services whitelisted.

 

 

-- Device Manager: Disabled ----------------------------------------------------

 

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Intel® PRO/1000 PL Network Connection

Device ID: PCI\VEN_8086&DEV_109A&SUBSYS_81C21043&REV_00\4&38D2602C&0&00E1

Manufacturer: Intel

Name: Intel® PRO/1000 PL Network Connection

PNP Device ID: PCI\VEN_8086&DEV_109A&SUBSYS_81C21043&REV_00\4&38D2602C&0&00E1

Service: e1express

 

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Carte réseau 1394

Device ID: V1394\NIC1394\B4C22E11D800

Manufacturer: Microsoft

Name: Carte réseau 1394

PNP Device ID: V1394\NIC1394\B4C22E11D800

Service: NIC1394

 

 

-- Files created between 2007-11-09 and 2007-12-09 -----------------------------

 

2007-12-09 23:11:12 218112 --a------ C:\Program Files\Celina.exe <Not Verified; Soeperman Enterprises Ltd.; HijackThis>

2007-12-09 12:37:47 0 d-------- C:\WINDOWS\ERUNT

2007-12-08 13:15:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira

2007-12-08 13:13:38 0 d--h----- C:\Documents and Settings\Administrateur.HOME.004\Voisinage réseau

2007-12-08 13:13:38 0 d--h----- C:\Documents and Settings\Administrateur.HOME.004\Voisinage d'impression

2007-12-08 13:13:38 0 dr-h----- C:\Documents and Settings\Administrateur.HOME.004\SendTo

2007-12-08 13:13:38 0 d--h----- C:\Documents and Settings\Administrateur.HOME.004\Recent

2007-12-08 13:13:38 0 d--h----- C:\Documents and Settings\Administrateur.HOME.004\Modèles

2007-12-08 13:13:38 0 d-------- C:\Documents and Settings\Administrateur.HOME.004\Mes documents

2007-12-08 13:13:38 0 dr------- C:\Documents and Settings\Administrateur.HOME.004\Menu Démarrer

2007-12-08 13:13:38 0 d--h----- C:\Documents and Settings\Administrateur.HOME.004\Local Settings

2007-12-08 13:13:38 0 d-------- C:\Documents and Settings\Administrateur.HOME.004\Favoris

2007-12-08 13:13:38 0 d---s---- C:\Documents and Settings\Administrateur.HOME.004\Cookies

2007-12-08 13:13:38 0 d-------- C:\Documents and Settings\Administrateur.HOME.004\Bureau

2007-12-08 13:13:38 0 dr-h----- C:\Documents and Settings\Administrateur.HOME.004\Application Data

2007-12-08 13:13:38 0 d---s---- C:\Documents and Settings\Administrateur.HOME.004\Application Data\Microsoft

2007-12-08 13:13:37 524288 --ah----- C:\Documents and Settings\Administrateur.HOME.004\NTUSER.DAT

2007-12-08 13:12:36 0 d--h----- C:\Documents and Settings\Administrateur.HOME.003\Voisinage réseau

2007-12-08 13:12:36 0 d--h----- C:\Documents and Settings\Administrateur.HOME.003\Voisinage d'impression

2007-12-08 13:12:36 0 dr-h----- C:\Documents and Settings\Administrateur.HOME.003\SendTo

2007-12-08 13:12:36 0 d--h----- C:\Documents and Settings\Administrateur.HOME.003\Recent

2007-12-08 13:12:36 237568 --ah----- C:\Documents and Settings\Administrateur.HOME.003\NTUSER.DAT

2007-12-08 13:12:36 0 d--h----- C:\Documents and Settings\Administrateur.HOME.003\Modèles

2007-12-08 13:12:36 0 d-------- C:\Documents and Settings\Administrateur.HOME.003\Mes documents

2007-12-08 13:12:36 0 dr------- C:\Documents and Settings\Administrateur.HOME.003\Menu Démarrer

2007-12-08 13:12:36 0 d--h----- C:\Documents and Settings\Administrateur.HOME.003\Local Settings

2007-12-08 13:12:36 0 d-------- C:\Documents and Settings\Administrateur.HOME.003\Favoris

2007-12-08 13:12:36 0 d---s---- C:\Documents and Settings\Administrateur.HOME.003\Cookies

2007-12-08 13:12:36 0 d-------- C:\Documents and Settings\Administrateur.HOME.003\Bureau

2007-12-08 13:12:36 0 dr-h----- C:\Documents and Settings\Administrateur.HOME.003\Application Data

2007-12-08 13:12:36 0 d---s---- C:\Documents and Settings\Administrateur.HOME.003\Application Data\Microsoft

2007-11-30 09:59:05 5180 --a------ C:\Documents and Settings\Celina\z

 

 

-- Find3M Report ---------------------------------------------------------------

 

2007-12-09 23:11:13 5013 --a------ C:\Program Files\hijackthis.log

2007-12-09 23:06:28 81984 --a------ C:\WINDOWS\system32\bdod.bin

2007-11-01 17:23:44 267845 --a------ C:\WINDOWS\tsc.exe <Not Verified; Trend Micro Inc.; TrendSystemCleaner>

2007-11-01 17:23:44 71749 --a------ C:\WINDOWS\hcextoutput.dll

2007-11-01 17:23:43 1163344 --a------ C:\WINDOWS\vsapi32.dll <Not Verified; Trend Micro Inc.; VSAPI>

2007-11-01 17:23:43 86094 --a------ C:\WINDOWS\BPMNT.dll <Not Verified; Trend Micro Inc.; VSAPI>

2007-10-31 20:32:09 0 d-------- C:\Program Files\backups

2007-10-29 18:49:08 468490 --a------ C:\WINDOWS\system32\perfh00C.dat

2007-10-29 18:49:08 75506 --a------ C:\WINDOWS\system32\perfc00C.dat

2007-10-18 23:03:14 0 d-------- C:\Program Files\SAGEM

2007-10-18 00:18:56 0 d-------- C:\Program Files\Wanadoo

 

 

-- Registry Dump ---------------------------------------------------------------

 

*Note* empty entries & legit default entries are not shown

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [12/10/2006 03:10]

"RTHDCPL"="RTHDCPL.EXE" [19/12/2005 07:52 C:\WINDOWS\RTHDCPL.exe]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 11:50]

"igfxtray"="C:\WINDOWS\System32\igfxtray.exe" [20/09/2005 03:35]

"igfxpers"="C:\WINDOWS\System32\igfxpers.exe" [20/09/2005 03:36]

"igfxhkcmd"="C:\WINDOWS\System32\hkcmd.exe" [20/09/2005 03:32]

"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [18/04/2007 16:01]

"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [10/04/2007 19:40]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [19/08/2004 16:09]

"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" []

 

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [09/12/2006 21:51:21]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [17/02/1999 21:05:56]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=sockspy.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

@="Volume shadow copy"

 

*Newly Created Service* - KPROCCHECK

*Newly Created Service* - PCANDIS5

 

 

 

-- End of Deckard's System Scanner: finished at 2007-12-09 23:11:49 ------------

 

 

 

Voici la reponse au scan en ligne :

 

Results

PC infected

49 examples of less dangerous malicious software.

1 suspicious file.

We detected that Bitdefender Antivirus is enabled and up-to-date.

El texto que corresponda en cada momento

After completely scanning your PC, we have not detected any ACTIVE or LATENT malicious software.

Become a TotalScan Pro member

Includes disinfection!

 

< Back to home

 

 

Scan details

High danger level (0)

 

Medium danger level (1)

Trj/Downloader... Virus Latent Show + Info

C:\Documents and Settings...top\Quarantine\cp2156.nls

 

Low danger level (48)

Cookie/Overtur... Tracking Cookie Latent Show + Info

C:\Documents and Settings...s\micheal@overture[1].txt

C:\Documents and Settings...s\micheal@overture[2].txt

C:\Documents and Settings...es\celina@overture[1].txt

Cookie/Comclic... Tracking Cookie Latent Show + Info

C:\Documents and Settings...@fl01.ct2.comclick[1].txt

Cookie/Cgi-bin Tracking Cookie Latent Show + Info

C:\Documents and Settings...es\micheal@cgi-bin[5].txt

Cookie/Azjmp Tracking Cookie Latent Show + Info

C:\Documents and Settings...kies\micheal@azjmp[1].txt

Cookie/RealMed... Tracking Cookie Latent Show + Info

C:\Documents and Settings...s\celina@realmedia[1].txt

C:\Documents and Settings...\micheal@realmedia[2].txt

Cookie/AdDynam... Tracking Cookie Latent Show + Info

C:\Documents and Settings...lina@ads.addynamix[1].txt

Cookie/Com.com Tracking Cookie Latent Show + Info

C:\Documents and Settings...Cookies\celina@com[1].txt

C:\Documents and Settings...ookies\micheal@com[1].txt

Cookie/Toplist Tracking Cookie Latent Show + Info

C:\Documents and Settings...ies\celina@toplist[1].txt

Cookie/Statcou... Tracking Cookie Latent Show + Info

C:\Documents and Settings...celina@statcounter[2].txt

Cookie/Hitbox Tracking Cookie Latent Show + Info

C:\Documents and Settings...ina@ehg-dig.hitbox[1].txt

Cookie/bravene... Tracking Cookie Latent Show + Info

C:\Documents and Settings...s\micheal@bravenet[2].txt

Cookie/Xiti Tracking Cookie Latent Show + Info

C:\Documents and Settings...ookies\invite@xiti[1].txt

C:\Documents and Settings...okies\micheal@xiti[1].txt

C:\Documents and Settings...okies\micheal@xiti[1].txt

C:\Documents and Settings...ookies\celina@xiti[1].txt

Cookie/BurstNe... Tracking Cookie Latent Show + Info

C:\Documents and Settings...s\micheal@burstnet[1].txt

Cookie/Tradedo... Tracking Cookie Latent Show + Info

C:\Documents and Settings...elina@tradedoubler[1].txt

C:\Documents and Settings...nvite@tradedoubler[1].txt

Cookie/Adverti... Tracking Cookie Latent Show + Info

C:\Documents and Settings...celina@advertising[1].txt

Cookie/Webtren... Tracking Cookie Latent Show + Info

C:\Documents and Settings...atse.webtrendslive[1].txt

Cookie/Adviva Tracking Cookie Latent Show + Info

C:\Documents and Settings...kies\celina@adviva[2].txt

Cookie/fe.lea.... Tracking Cookie Latent Show + Info

C:\Documents and Settings...cheal@fe.lea.lycos[1].txt

C:\Documents and Settings...elina@fe.lea.lycos[1].txt

Cookie/Smartad... Tracking Cookie Latent Show + Info

C:\Documents and Settings...lina@smartadserver[2].txt

C:\Documents and Settings...heal@smartadserver[1].txt

Cookie/Zedo Tracking Cookie Latent Show + Info

C:\Documents and Settings...ookies\celina@zedo[2].txt

Cookie/FastCli... Tracking Cookie Latent Show + Info

C:\Documents and Settings...s\celina@fastclick[1].txt

Cookie/RealMed... Tracking Cookie Latent Show + Info

C:\Documents and Settings...elina@247realmedia[2].txt

C:\Documents and Settings...cheal@247realmedia[1].txt

Application/Ni... Tracking Application Latent Show + Info

C:\System Volume Informat...7B5F5}\RP218\A0065212.exe

Cookie/Serving... Tracking Cookie Latent Show + Info

C:\Documents and Settings...icheal@serving-sys[1].txt

C:\Documents and Settings...celina@serving-sys[2].txt

C:\Documents and Settings...icheal@serving-sys[1].txt

Cookie/Go Tracking Cookie Latent Show + Info

C:\Documents and Settings...Cookies\micheal@go[2].txt

C:\Documents and Settings...Cookies\micheal@go[1].txt

C:\Documents and Settings...\Cookies\celina@go[1].txt

Cookie/Serving... Tracking Cookie Latent Show + Info

C:\Documents and Settings...eal@bs.serving-sys[2].txt

C:\Documents and Settings...ina@bs.serving-sys[2].txt

C:\Documents and Settings...eal@bs.serving-sys[2].txt

Cookie/2o7 Tracking Cookie Latent Show + Info

C:\Documents and Settings...ies\celina@112.2o7[1].txt

Trj/Spabot.BJ Virus Latent Show + Info

C:\Documents and Settings...\Desktop\Quarantine\q.dll

Cookie/BurstBe... Tracking Cookie Latent Show + Info

C:\Documents and Settings...al@www.burstbeacon[2].txt

Cookie/Tribalf... Tracking Cookie Latent Show + Info

C:\Documents and Settings...cheal@tribalfusion[1].txt

C:\Documents and Settings...cheal@tribalfusion[1].txt

Cookie/WUpd Tracking Cookie Latent Show + Info

C:\Documents and Settings...es\micheal@revenue[2].txt

Application/Pr... Tracking Application Latent Show + Info

C:\Documents and Settings...e[sDFix\apps\Process.exe]

C:\Documents and Settings...IX\SDFix\apps\Process.exe

Cookie/Traffic... Tracking Cookie Latent Show + Info

C:\Documents and Settings...\micheal@trafficmp[1].txt

Cookie/MetriWe... Tracking Cookie Latent Show + Info

C:\Documents and Settings...es\celina@metriweb[1].txt

Cookie/Atwola Tracking Cookie Latent Show + Info

C:\Documents and Settings...ies\micheal@atwola[1].txt

Cookie/Mediapl... Tracking Cookie Latent Show + Info

C:\Documents and Settings...s\celina@mediaplex[1].txt

Cookie/Casalem... Tracking Cookie Latent Show + Info

C:\Documents and Settings...celina@casalemedia[1].txt

Cookie/Doublec... Tracking Cookie Latent Show + Info

C:\Documents and Settings...celina@doubleclick[1].txt

Cookie/Weboram... Tracking Cookie Latent Show + Info

C:\Documents and Settings...s\micheal@weborama[2].txt

C:\Documents and Settings...es\celina@weborama[2].txt

C:\Documents and Settings...s\micheal@weborama[2].txt

Cookie/Atlas D... Tracking Cookie Latent Show + Info

C:\Documents and Settings...okies\celina@atdmt[1].txt

Cookie/Adtech Tracking Cookie Latent Show + Info

C:\Documents and Settings...ies\micheal@adtech[2].txt

C:\Documents and Settings...ies\micheal@adtech[2].txt

C:\Documents and Settings...kies\celina@adtech[1].txt

Cookie/YieldMa... Tracking Cookie Latent Show + Info

C:\Documents and Settings...na@ad.yieldmanager[1].txt

Cookie/Server.... Tracking Cookie Latent Show + Info

C:\Documents and Settings...ver.iad.liveperson[2].txt

Cookie/PointRo... Tracking Cookie Latent Show + Info

C:\Documents and Settings...heal@ads.pointroll[1].txt

C:\Documents and Settings...lina@ads.pointroll[1].txt

Cookie/adultfr... Tracking Cookie Latent Show + Info

C:\Documents and Settings...@adultfriendfinder[1].txt

Cookie/Questio... Tracking Cookie Latent Show + Info

C:\Documents and Settings...ina@questionmarket[1].txt

C:\Documents and Settings...eal@questionmarket[2].txt

C:\Documents and Settings...eal@questionmarket[1].txt

Cookie/Apmebf Tracking Cookie Latent Show + Info

C:\Documents and Settings...kies\celina@apmebf[2].txt

Cookie/Bluestr... Tracking Cookie Latent Show + Info

C:\Documents and Settings...\celina@bluestreak[2].txt

 

 

Suspicious files (1)

C:\System Volume Informat...7B5F5}\RP200\A0056500.exe

[Thanos]

salut

 

Ok le rapport Panda ne montre rien!

On va faire ceci stp >

 

1) Stp rend toi sur cette page afin de télécharger le fichier search.bat > http://www.sendspace.com/file/1hltbt

pour cela, clique sur le lien en bas de page > Download Link: search.bat

 

Double clique sur le fichier et poste le rapport stp

 

2) Fais un second scan en ligne ici >

• Fais un scan en ligne Kaspersky
  
• Clique sur Accept
  
• Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.
  
• clique une nouvelle fois sur "Accept"
  
• Les bases de mises à jour vont s'installer, patiente un moment
  
• Clique sur Next.
  
• Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.
  

A la fin du scan, si des objets infectés sont découverts, clique sur Save report as... Choisis bureau et nomme le rapport "rapport Kaspersky" et dans le champ d'enregistrement, choisis "fichiers texte" enregistre alors le rapport.

 

Copie/colle la totalité du fichier texte ouvert, par clic droit dessus, sélectionner tout/copier.

 

Colle ce rapport dans ta réponse sur le forum.

 

Aide en cas de problème :Cybersécurité

 

NOTE: Le scan est à faire avec Internet Explorer.

Le virus SPABOT.NAC est toujours présenz...

Est ce que tu as un rapport de BitDefender stp ? si oui, poste le.

 

@+

[Alpinette74]

Bonjour Charles,

 

Je ne suis plus a la maison je ne peux pour le moment pas continuer le travail sur mon ordinateur. Je reviens Jeudi, j'espère que vous serez toujours là !

 

Merci encore pour votre aide,

 

A bientot.

[Alpinette74]

Bonsoir !

 

Me revoici de retour à la maison. Voici les posts de search.bat et

 

 

! REG.EXE VERSION 3.0

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot

AlternateShell REG_SZ cmd.exe

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys

<SANS NOM> REG_SZ Driver

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys

<SANS NOM> REG_SZ Driver

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys

<SANS NOM> REG_SZ Driver

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys

<SANS NOM> REG_SZ Driver

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys

<SANS NOM> REG_SZ FSFilter System Recovery

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys

<SANS NOM> REG_SZ Driver

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys

<SANS NOM> REG_SZ Driver

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}

<SANS NOM> REG_SZ Universal Serial Bus controllers

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}

<SANS NOM> REG_SZ CD-ROM Drive

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}

<SANS NOM> REG_SZ DiskDrive

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}

<SANS NOM> REG_SZ Standard floppy disk controller

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}

<SANS NOM> REG_SZ Hdc

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}

<SANS NOM> REG_SZ Keyboard

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}

<SANS NOM> REG_SZ Mouse

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}

<SANS NOM> REG_SZ PCMCIA Adapters

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}

<SANS NOM> REG_SZ SCSIAdapter

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}

<SANS NOM> REG_SZ System

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}

<SANS NOM> REG_SZ Floppy disk drive

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}

<SANS NOM> REG_SZ Volume shadow copy

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}

<SANS NOM> REG_SZ Volume

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

<SANS NOM> REG_SZ Human Interface Devices

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmadmin

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmboot.sys

<SANS NOM> REG_SZ Driver

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmio.sys

<SANS NOM> REG_SZ Driver

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmload.sys

<SANS NOM> REG_SZ Driver

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmserver

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ip6fw.sys

<SANS NOM> REG_SZ Driver

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys

<SANS NOM> REG_SZ Driver

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NtLmSsp

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpcdd.sys

<SANS NOM> REG_SZ Driver

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpdd.sys

<SANS NOM> REG_SZ Driver

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpwd.sys

<SANS NOM> REG_SZ Driver

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys

<SANS NOM> REG_SZ Driver

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sharedaccess

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sr.sys

<SANS NOM> REG_SZ FSFilter System Recovery

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SRService

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdpipe.sys

<SANS NOM> REG_SZ Driver

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdtcp.sys

<SANS NOM> REG_SZ Driver

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\termservice

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys

<SANS NOM> REG_SZ Driver

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys

<SANS NOM> REG_SZ Driver

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WZCSVC

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}

<SANS NOM> REG_SZ Universal Serial Bus controllers

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}

<SANS NOM> REG_SZ CD-ROM Drive

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}

<SANS NOM> REG_SZ DiskDrive

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}

<SANS NOM> REG_SZ Standard floppy disk controller

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}

<SANS NOM> REG_SZ Hdc

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}

<SANS NOM> REG_SZ Keyboard

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}

<SANS NOM> REG_SZ Mouse

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}

<SANS NOM> REG_SZ Net

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}

<SANS NOM> REG_SZ NetClient

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}

<SANS NOM> REG_SZ NetService

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}

<SANS NOM> REG_SZ NetTrans

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}

<SANS NOM> REG_SZ PCMCIA Adapters

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}

<SANS NOM> REG_SZ SCSIAdapter

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}

<SANS NOM> REG_SZ System

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}

<SANS NOM> REG_SZ Floppy disk drive

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}

<SANS NOM> REG_SZ Volume

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

<SANS NOM> REG_SZ Human Interface Devices