Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Fichiers infectés (38)

jojo2186

Par jojo2186
dans Analyses et éradication malwares

 Partager

Messages recommandés

jojo2186 Power Member

jojo2186

Posté(e)
  • Auteur
Posté(e)

Voici enfin un rapport généré par Mbam.

 

Malwarebytes' Anti-Malware 1.38

Version de la base de données: 2297

Windows 5.1.2600 Service Pack 3

 

19/07/2009 18:47:15

mbam-log-2009-07-19 (18-47-08).txt

 

Type de recherche: Examen rapide

Eléments examinés: 90857

Temps écoulé: 5 minute(s), 23 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 1

Clé(s) du Registre infectée(s): 2

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 2

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

C:\WINDOWS\system32\reset5c.dll (Trojan.Agent) -> No action taken.

 

Clé(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\reset5c (Trojan.Agent) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> No action taken.

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\WINDOWS\system32\reset5c.dll (Trojan.Agent) -> No action taken.

c:\WINDOWS\system32\wsnpoema.exe.vir (Trojan.Agent) -> No action taken.

pear Devil Member !

pear

Posté(e)
Posté(e) (modifié)

Encore un dernier effort.

 

Télécharger sur le bureauOTM by OldTimer .

Double-clic sur OTM.exe pour le lancer.

Sous Vista,Clic droit sur le fichier ->Choisir Exécuter en tant qu' Administrateur

Vérifier que Unregister Dll's and Ocx's soit coché.

* Copiez /Collez les lignes ci dessous):

 

:Processes

explorer.exe

:Files

C:\Program Files\Bonjour

c:\windows\system32\reset5c.dll

 

:Services

Bonjour Service

:Reg

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\reset5c]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\reset5c]

[-HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride]

:Commands

[purity]

[emptytemp]

[start explorer]

[Reboot]

 

Revenez dans OTM,

Clic droit sur la fenêtre "Paste Instructions for Items to be Moved" sous la barre jaune et choisir Coller(Paste).

* Click le bouton rouge Moveit!

* Fermez OTM

Votre Pc va redémarrer.

Rendez vous dans le dossier C:\_OTM\MovedFiles ,

ouvrez le dernier fichier .log

Copiez/collez en le contenu dans votre prochaine réponse

 

 

Dans Hijackthis, cochz ces lignes puis clic sur Fix checked:

 

O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

 

Supprimer Ctfmon

Suppression des fonctionnalités Modes d'entrée utilisateur complémentaires des Services de texte

Démarrer-> Panneau de configuration.

-> Options régionales, date, heure et langue,

-> Options régionales et linguistiques.

Sous l'onglet Langues, cliquez sur Détails.

Sous Services installés, sélectionnez chaque élément d'entrée répertorié,

->cliquez sur Supprimer pour supprimer l'élément en question.

Tous les éléments doivent être supprimés, un par un, à l'exception du service d'entrée suivant :

Français (France) – clavier : Français

Ensuite

Démarrer->Exécuter ->

Taper:

Regsvr32.exe /u msimtf.dll

Cliquez sur OK.

Répétez pour le fichier Msctf.dll.

 

Il ne vous servirait à rien de garder des outils de désinfection qui sont constamment mis à jours et seraient obsolètes en quelques jours.

 

Pour enlever les programmes utilisés pendant la procédure.

Télécharger ToolsCleaner2 de A.Rothstein

* Enregistrer ToolsCleaner2.exe sur le Bureau.

Sous Vista,Clic-droit > Exécuter en tant que Administrateur

* Double-cliquer dessus, puis cliquer sur Recherche --> Le programme va chercher les utilitaires installés

------> Il se peut que la fenêtre devienne blanche pendant le scan, c'est normal !

L'outil supprimera sans que vous ayez à intervenir.

 

* Copier-coller le contenu du rapport qui apparait dans la fenêtre blanche.

 

Mbam pourrait être inactivé par un rootkit:

Rechercher le rootkit

Téléchargez RootRepeal

Installez RootRepeal , cliquez sur *Files*

Cliquez sur Save Report

Lancez le scan

Postez le rapport

[/color]

Modifié par pear
jojo2186 Power Member

jojo2186

Posté(e)
  • Auteur
Posté(e)

Bonsoir,

 

Voici les rapport demandés

 

Rapport OTM

 

All processes killed

========== PROCESSES ==========

No active process named explorer.exe was found!

========== FILES ==========

C:\Program Files\Bonjour moved successfully.

DllUnregisterServer procedure not found in c:\windows\system32\reset5c.dll

c:\windows\system32\reset5c.dll NOT unregistered.

c:\windows\system32\reset5c.dll moved successfully.

========== SERVICES/DRIVERS ==========

 

Service\Driver Bonjour Service deleted successfully.

========== REGISTRY ==========

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\reset5c\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\reset5c\ not found.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride\ not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrateur

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

->Temporary Internet Files folder emptied: 49286 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: Patrick

->Temp folder emptied: 172267694 bytes

File delete failed. C:\Documents and Settings\Patrick\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

->Temporary Internet Files folder emptied: 32902 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 62389519 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 39097 bytes

%systemroot%\System32 .tmp files removed: 3072 bytes

File delete failed. C:\WINDOWS\temp\$$$dq3e scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\$$yt7.$$ scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\$67we.$ scheduled to be deleted on reboot.

Windows Temp folder emptied: 386751 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 224,31 mb

 

 

OTM by OldTimer - Version 3.0.0.5 log created on 07192009_190845

 

Rapport TOOLSCLEANER2

 

[ Rapport ToolsCleaner version 2.3.7 (par A.Rothstein & dj QUIOU) ]

 

--> Recherche:

 

C:\Combofix.txt: trouvé !

C:\avenger: trouvé !

C:\Qoobox: trouvé !

C:\_OTM: trouvé !

C:\Toolbar SD: trouvé !

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !

C:\Documents and Settings\Patrick\Bureau\HijackThis.lnk: trouvé !

C:\Documents and Settings\Patrick\Bureau\Rapports du 18.07.09\cleannavi.txt: trouvé !

C:\Documents and Settings\Patrick\Bureau\Rapports du 18.07.09\Rapport\TB.txt: trouvé !

C:\Documents and Settings\Patrick\Bureau\Rapports du 19.07.09\hijackthis.log: trouvé !

C:\Documents and Settings\Patrick\Bureau\Telechargement\OTM.exe: trouvé !

C:\Documents and Settings\Patrick\Bureau\Telechargement\Navilog1.exe: trouvé !

C:\Documents and Settings\Patrick\Bureau\Telechargement\ComboFix.exe: trouvé !

C:\Documents and Settings\Patrick\Bureau\Telechargement\HJTInstall.exe: trouvé !

C:\Documents and Settings\Patrick\Bureau\Telechargement\ToolBarSD.exe: trouvé !

C:\Program Files\Navilog1: trouvé !

C:\Program Files\Navilog1\Navilog1.bat: trouvé !

C:\Program Files\Trend Micro\HijackThis: trouvé !

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !

C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !

 

Rapport RootRepeal

 

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2009/07/19 19:56

Program Version: Version 1.3.2.0

Windows Version: Windows XP SP3

==================================================

 

Drivers

-------------------

Name: 1394BUS.SYS

Image Path: C:\WINDOWS\System32\DRIVERS\1394BUS.SYS

Address: 0xF7597000 Size: 57344 File Visible: - Signed: -

Status: -

 

Name: ABP480N5.SYS

Image Path: ABP480N5.SYS

Address: 0xF774F000 Size: 23552 File Visible: - Signed: -

Status: -

 

Name: ACPI.sys

Image Path: ACPI.sys

Address: 0xF7437000 Size: 188672 File Visible: - Signed: -

Status: -

 

Name: ACPI_HAL

Image Path: \Driver\ACPI_HAL

Address: 0x804D7000 Size: 2191104 File Visible: - Signed: -

Status: -

 

Name: adpu160m.sys

Image Path: adpu160m.sys

Address: 0xF73BE000 Size: 101888 File Visible: - Signed: -

Status: -

 

Name: aeaudio.sys

Image Path: C:\WINDOWS\system32\drivers\aeaudio.sys

Address: 0xF79B9000 Size: 4384 File Visible: - Signed: -

Status: -

 

Name: afd.sys

Image Path: C:\WINDOWS\System32\drivers\afd.sys

Address: 0xB2DED000 Size: 138496 File Visible: - Signed: -

Status: -

 

Name: agp440.sys

Image Path: agp440.sys

Address: 0xF75C7000 Size: 42368 File Visible: - Signed: -

Status: -

 

Name: agpCPQ.sys

Image Path: agpCPQ.sys

Address: 0xF75D7000 Size: 44928 File Visible: - Signed: -

Status: -

 

Name: aha154x.sys

Image Path: aha154x.sys

Address: 0xF789F000 Size: 12800 File Visible: - Signed: -

Status: -

 

Name: aic78u2.sys

Image Path: aic78u2.sys

Address: 0xF74E7000 Size: 55168 File Visible: - Signed: -

Status: -

 

Name: aic78xx.sys

Image Path: aic78xx.sys

Address: 0xF74B7000 Size: 56960 File Visible: - Signed: -

Status: -

 

Name: aliide.sys

Image Path: aliide.sys

Address: 0xF798B000 Size: 5248 File Visible: - Signed: -

Status: -

 

Name: alim1541.sys

Image Path: alim1541.sys

Address: 0xF75A7000 Size: 42752 File Visible: - Signed: -

Status: -

 

Name: amdagp.sys

Image Path: amdagp.sys

Address: 0xF75B7000 Size: 43008 File Visible: - Signed: -

Status: -

 

Name: amsint.sys

Image Path: amsint.sys

Address: 0xF78AB000 Size: 12032 File Visible: - Signed: -

Status: -

 

Name: arp1394.sys

Image Path: C:\WINDOWS\System32\DRIVERS\arp1394.sys

Address: 0xF7255000 Size: 60800 File Visible: - Signed: -

Status: -

 

Name: asc.sys

Image Path: asc.sys

Address: 0xF771F000 Size: 26496 File Visible: - Signed: -

Status: -

 

Name: asc3350p.sys

Image Path: asc3350p.sys

Address: 0xF7757000 Size: 22400 File Visible: - Signed: -

Status: -

 

Name: asc3550.sys

Image Path: asc3550.sys

Address: 0xF78AF000 Size: 14848 File Visible: - Signed: -

Status: -

 

Name: atapi.sys

Image Path: atapi.sys

Address: 0xF73D7000 Size: 96512 File Visible: - Signed: -

Status: -

 

Name: ati2cqag.dll

Image Path: C:\WINDOWS\System32\ati2cqag.dll

Address: 0xBFA0C000 Size: 229376 File Visible: - Signed: -

Status: -

 

Name: ati2dvag.dll

Image Path: C:\WINDOWS\System32\ati2dvag.dll

Address: 0xBF9D5000 Size: 225280 File Visible: - Signed: -

Status: -

 

Name: ati2mtag.sys

Image Path: C:\WINDOWS\System32\DRIVERS\ati2mtag.sys

Address: 0xF6AAA000 Size: 856064 File Visible: - Signed: -

Status: -

 

Name: ati3duag.dll

Image Path: C:\WINDOWS\System32\ati3duag.dll

Address: 0xBFA44000 Size: 2101248 File Visible: - Signed: -

Status: -

 

Name: atisgkaf.sys

Image Path: atisgkaf.sys

Address: 0xF78BF000 Size: 13088 File Visible: - Signed: -

Status: -

 

Name: ativvaxx.dll

Image Path: C:\WINDOWS\System32\ativvaxx.dll

Address: 0xBFC45000 Size: 512000 File Visible: - Signed: -

Status: -

 

Name: audstub.sys

Image Path: C:\WINDOWS\System32\DRIVERS\audstub.sys

Address: 0xF7AA1000 Size: 3072 File Visible: - Signed: -

Status: -

 

Name: Beep.SYS

Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS

Address: 0xF79C5000 Size: 4224 File Visible: - Signed: -

Status: -

 

Name: BOOTVID.dll

Image Path: C:\WINDOWS\system32\BOOTVID.dll

Address: 0xF7897000 Size: 12288 File Visible: - Signed: -

Status: -

 

Name: Cap7134.sys

Image Path: C:\WINDOWS\System32\DRIVERS\Cap7134.sys

Address: 0xF69F9000 Size: 349056 File Visible: - Signed: -

Status: -

 

Name: cbidf2k.sys

Image Path: cbidf2k.sys

Address: 0xF78B7000 Size: 13952 File Visible: - Signed: -

Status: -

 

Name: cd20xrnt.sys

Image Path: cd20xrnt.sys

Address: 0xF7995000 Size: 7680 File Visible: - Signed: -

Status: -

 

Name: Cdfs.SYS

Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS

Address: 0xF7215000 Size: 63744 File Visible: - Signed: -

Status: -

 

Name: cdrom.sys

Image Path: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Address: 0xF6E4F000 Size: 62976 File Visible: - Signed: -

Status: -

 

Name: CLASSPNP.SYS

Image Path: C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS

Address: 0xF7547000 Size: 53248 File Visible: - Signed: -

Status: -

 

Name: cmdide.sys

Image Path: cmdide.sys

Address: 0xF798D000 Size: 6656 File Visible: - Signed: -

Status: -

 

Name: cpqarray.sys

Image Path: cpqarray.sys

Address: 0xF789B000 Size: 14976 File Visible: - Signed: -

Status: -

 

Name: dac2w2k.sys

Image Path: dac2w2k.sys

Address: 0xF7392000 Size: 179584 File Visible: - Signed: -

Status: -

 

Name: dac960nt.sys

Image Path: dac960nt.sys

Address: 0xF78A7000 Size: 14720 File Visible: - Signed: -

Status: -

 

Name: disk.sys

Image Path: disk.sys

Address: 0xF7537000 Size: 36352 File Visible: - Signed: -

Status: -

 

Name: dpti2o.sys

Image Path: dpti2o.sys

Address: 0xF775F000 Size: 20192 File Visible: - Signed: -

Status: -

 

Name: drmk.sys

Image Path: C:\WINDOWS\system32\drivers\drmk.sys

Address: 0xF6E0F000 Size: 61440 File Visible: - Signed: -

Status: -

 

Name: dump_atapi.sys

Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys

Address: 0xB2C24000 Size: 98304 File Visible: No Signed: -

Status: -

 

Name: dump_WMILIB.SYS

Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS

Address: 0xF79D5000 Size: 8192 File Visible: No Signed: -

Status: -

 

Name: Dxapi.sys

Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys

Address: 0xB2FA0000 Size: 12288 File Visible: - Signed: -

Status: -

 

Name: dxg.sys

Image Path: C:\WINDOWS\System32\drivers\dxg.sys

Address: 0xBF9C3000 Size: 73728 File Visible: - Signed: -

Status: -

 

Name: dxgthk.sys

Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys

Address: 0xF7B1D000 Size: 4096 File Visible: - Signed: -

Status: -

 

Name: eamon.sys

Image Path: C:\WINDOWS\system32\DRIVERS\eamon.sys

Address: 0xB24EB000 Size: 315392 File Visible: - Signed: -

Status: -

 

Name: easdrv.sys

Image Path: C:\WINDOWS\system32\DRIVERS\easdrv.sys

Address: 0xF7235000 Size: 61440 File Visible: - Signed: -

Status: -

 

Name: el90Xbc5.SYS

Image Path: C:\WINDOWS\System32\DRIVERS\el90Xbc5.SYS

Address: 0xF69E6000 Size: 74240 File Visible: - Signed: -

Status: -

 

Name: epfw.sys

Image Path: C:\WINDOWS\system32\DRIVERS\epfw.sys

Address: 0xB2AA8000 Size: 81920 File Visible: - Signed: -

Status: -

 

Name: Epfwndis.sys

Image Path: C:\WINDOWS\system32\DRIVERS\Epfwndis.sys

Address: 0xF6DFF000 Size: 45056 File Visible: - Signed: -

Status: -

 

Name: epfwtdi.sys

Image Path: C:\WINDOWS\system32\DRIVERS\epfwtdi.sys

Address: 0xB2E37000 Size: 73728 File Visible: - Signed: -

Status: -

 

Name: fdc.sys

Image Path: C:\WINDOWS\System32\DRIVERS\fdc.sys

Address: 0xF784F000 Size: 27392 File Visible: - Signed: -

Status: -

 

Name: Fips.SYS

Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS

Address: 0xF76F7000 Size: 44672 File Visible: - Signed: -

Status: -

 

Name: fltmgr.sys

Image Path: fltmgr.sys

Address: 0xF7372000 Size: 129792 File Visible: - Signed: -

Status: -

 

Name: Fs_Rec.SYS

Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS

Address: 0xF79C3000 Size: 7936 File Visible: - Signed: -

Status: -

 

Name: ftdisk.sys

Image Path: ftdisk.sys

Address: 0xF7407000 Size: 126080 File Visible: - Signed: -

Status: -

 

Name: hal.dll

Image Path: C:\WINDOWS\system32\hal.dll

Address: 0x806EE000 Size: 131840 File Visible: - Signed: -

Status: -

 

Name: hpn.sys

Image Path: hpn.sys

Address: 0xF776F000 Size: 25952 File Visible: - Signed: -

Status: -

 

Name: HPZid412.sys

Image Path: C:\WINDOWS\system32\DRIVERS\HPZid412.sys

Address: 0xF7205000 Size: 49920 File Visible: - Signed: -

Status: -

 

Name: HPZipr12.sys

Image Path: C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

Address: 0xB2FBC000 Size: 16224 File Visible: - Signed: -

Status: -

 

Name: HPZius12.sys

Image Path: C:\WINDOWS\system32\DRIVERS\HPZius12.sys

Address: 0xF77E7000 Size: 21568 File Visible: - Signed: -

Status: -

 

Name: HTTP.sys

Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys

Address: 0xB1C88000 Size: 264832 File Visible: - Signed: -

Status: -

 

Name: i2omgmt.SYS

Image Path: C:\WINDOWS\System32\Drivers\i2omgmt.SYS

Address: 0xF7199000 Size: 8576 File Visible: - Signed: -

Status: -

 

Name: i2omp.sys

Image Path: i2omp.sys

Address: 0xF772F000 Size: 18560 File Visible: - Signed: -

Status: -

 

Name: i8042prt.sys

Image Path: C:\WINDOWS\System32\DRIVERS\i8042prt.sys

Address: 0xF6E2F000 Size: 54144 File Visible: - Signed: -

Status: -

 

Name: imapi.sys

Image Path: C:\WINDOWS\System32\DRIVERS\imapi.sys

Address: 0xF6E5F000 Size: 42112 File Visible: - Signed: -

Status: -

 

Name: ini910u.sys

Image Path: ini910u.sys

Address: 0xF78B3000 Size: 16000 File Visible: - Signed: -

Status: -

 

Name: intelide.sys

Image Path: intelide.sys

Address: 0xF7993000 Size: 5504 File Visible: - Signed: -

Status: -

 

Name: intelppm.sys

Image Path: C:\WINDOWS\System32\DRIVERS\intelppm.sys

Address: 0xF6E6F000 Size: 40576 File Visible: - Signed: -

Status: -

 

Name: ipnat.sys

Image Path: C:\WINDOWS\System32\DRIVERS\ipnat.sys

Address: 0xB2D2C000 Size: 152832 File Visible: - Signed: -

Status: -

 

Name: ipsec.sys

Image Path: C:\WINDOWS\System32\DRIVERS\ipsec.sys

Address: 0xB2EA2000 Size: 75264 File Visible: - Signed: -

Status: -

 

Name: isapnp.sys

Image Path: isapnp.sys

Address: 0xF7487000 Size: 37632 File Visible: - Signed: -

Status: -

 

Name: kbdclass.sys

Image Path: C:\WINDOWS\System32\DRIVERS\kbdclass.sys

Address: 0xF7857000 Size: 25216 File Visible: - Signed: -

Status: -

 

Name: KDCOM.DLL

Image Path: C:\WINDOWS\system32\KDCOM.DLL

Address: 0xF7987000 Size: 8192 File Visible: - Signed: -

Status: -

 

Name: ks.sys

Image Path: C:\WINDOWS\System32\DRIVERS\ks.sys

Address: 0xF6A4F000 Size: 143360 File Visible: - Signed: -

Status: -

 

Name: KSecDD.sys

Image Path: KSecDD.sys

Address: 0xF7349000 Size: 92288 File Visible: - Signed: -

Status: -

 

Name: mnmdd.SYS

Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS

Address: 0xF79C7000 Size: 4224 File Visible: - Signed: -

Status: -

 

Name: Modem.SYS

Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS

Address: 0xF7867000 Size: 30336 File Visible: - Signed: -

Status: -

 

Name: mouclass.sys

Image Path: C:\WINDOWS\System32\DRIVERS\mouclass.sys

Address: 0xF785F000 Size: 23680 File Visible: - Signed: -

Status: -

 

Name: MountMgr.sys

Image Path: MountMgr.sys

Address: 0xF7497000 Size: 42368 File Visible: - Signed: -

Status: -

 

Name: mraid35x.sys

Image Path: mraid35x.sys

Address: 0xF7727000 Size: 17280 File Visible: - Signed: -

Status: -

 

Name: mrxdav.sys

Image Path: C:\WINDOWS\System32\DRIVERS\mrxdav.sys

Address: 0xB2560000 Size: 180608 File Visible: - Signed: -

Status: -

 

Name: mrxsmb.sys

Image Path: C:\WINDOWS\System32\DRIVERS\mrxsmb.sys

Address: 0xB2D52000 Size: 455296 File Visible: - Signed: -

Status: -

 

Name: Msfs.SYS

Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS

Address: 0xF77AF000 Size: 19072 File Visible: - Signed: -

Status: -

 

Name: msgpc.sys

Image Path: C:\WINDOWS\System32\DRIVERS\msgpc.sys

Address: 0xF7637000 Size: 35072 File Visible: - Signed: -

Status: -

 

Name: mssmbios.sys

Image Path: C:\WINDOWS\System32\DRIVERS\mssmbios.sys

Address: 0xF7967000 Size: 15488 File Visible: - Signed: -

Status: -

 

Name: Mtlmnt5.sys

Image Path: C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys

Address: 0xF68AE000 Size: 126688 File Visible: - Signed: -

Status: -

 

Name: Mup.sys

Image Path: Mup.sys

Address: 0xF7275000 Size: 105344 File Visible: - Signed: -

Status: -

 

Name: NDIS.sys

Image Path: NDIS.sys

Address: 0xF728F000 Size: 182656 File Visible: - Signed: -

Status: -

 

Name: ndistapi.sys

Image Path: C:\WINDOWS\System32\DRIVERS\ndistapi.sys

Address: 0xF795F000 Size: 10112 File Visible: - Signed: -

Status: -

 

Name: ndisuio.sys

Image Path: C:\WINDOWS\System32\DRIVERS\ndisuio.sys

Address: 0xB2B10000 Size: 14592 File Visible: - Signed: -

Status: -

 

Name: ndiswan.sys

Image Path: C:\WINDOWS\System32\DRIVERS\ndiswan.sys

Address: 0xF6897000 Size: 91520 File Visible: - Signed: -

Status: -

 

Name: NDProxy.SYS

Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS

Address: 0xF7657000 Size: 40576 File Visible: - Signed: -

Status: -

 

Name: netbios.sys

Image Path: C:\WINDOWS\System32\DRIVERS\netbios.sys

Address: 0xF76B7000 Size: 34688 File Visible: - Signed: -

Status: -

 

Name: netbt.sys

Image Path: C:\WINDOWS\System32\DRIVERS\netbt.sys

Address: 0xB2E0F000 Size: 162816 File Visible: - Signed: -

Status: -

 

Name: nic1394.sys

Image Path: C:\WINDOWS\System32\DRIVERS\nic1394.sys

Address: 0xF76C7000 Size: 61824 File Visible: - Signed: -

Status: -

 

Name: Npfs.SYS

Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS

Address: 0xF77B7000 Size: 30848 File Visible: - Signed: -

Status: -

 

Name: Ntfs.sys

Image Path: Ntfs.sys

Address: 0xF72BC000 Size: 574976 File Visible: - Signed: -

Status: -

 

Name: ntoskrnl.exe

Image Path: C:\WINDOWS\system32\ntoskrnl.exe

Address: 0x804D7000 Size: 2191104 File Visible: - Signed: -

Status: -

 

Name: Null.SYS

Image Path: C:\WINDOWS\System32\Drivers\Null.SYS

Address: 0xF7BDE000 Size: 2944 File Visible: - Signed: -

Status: -

 

Name: ohci1394.sys

Image Path: ohci1394.sys

Address: 0xF7587000 Size: 61696 File Visible: - Signed: -

Status: -

 

Name: PartMgr.sys

Image Path: PartMgr.sys

Address: 0xF770F000 Size: 19712 File Visible: - Signed: -

Status: -

 

Name: pci.sys

Image Path: pci.sys

Address: 0xF7426000 Size: 68608 File Visible: - Signed: -

Status: -

 

Name: pciide.sys

Image Path: pciide.sys

Address: 0xF7A4F000 Size: 3328 File Visible: - Signed: -

Status: -

 

Name: PCIIDEX.SYS

Image Path: C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS

Address: 0xF7707000 Size: 28672 File Visible: - Signed: -

Status: -

 

Name: perc2.sys

Image Path: perc2.sys

Address: 0xF7767000 Size: 27296 File Visible: - Signed: -

Status: -

 

Name: perc2hib.sys

Image Path: perc2hib.sys

Address: 0xF7997000 Size: 5504 File Visible: - Signed: -

Status: -

 

Name: PhTVTune.sys

Image Path: C:\WINDOWS\System32\DRIVERS\PhTVTune.sys

Address: 0xF7787000 Size: 24608 File Visible: - Signed: -

Status: -

 

Name: PnpManager

Image Path: \Driver\PnpManager

Address: 0x804D7000 Size: 2191104 File Visible: - Signed: -

Status: -

 

Name: portcls.sys

Image Path: C:\WINDOWS\system32\drivers\portcls.sys

Address: 0xF6930000 Size: 147456 File Visible: - Signed: -

Status: -

 

Name: psched.sys

Image Path: C:\WINDOWS\System32\DRIVERS\psched.sys

Address: 0xF6886000 Size: 69120 File Visible: - Signed: -

Status: -

 

Name: ptilink.sys

Image Path: C:\WINDOWS\System32\DRIVERS\ptilink.sys

Address: 0xF7877000 Size: 17792 File Visible: - Signed: -

Status: -

 

Name: PxHelp20.sys

Image Path: PxHelp20.sys

Address: 0xF7557000 Size: 35712 File Visible: - Signed: -

Status: -

 

Name: ql1080.sys

Image Path: ql1080.sys

Address: 0xF7507000 Size: 40320 File Visible: - Signed: -

Status: -

 

Name: ql10wnt.sys

Image Path: ql10wnt.sys

Address: 0xF74C7000 Size: 33152 File Visible: - Signed: -

Status: -

 

Name: ql12160.sys

Image Path: ql12160.sys

Address: 0xF7527000 Size: 45312 File Visible: - Signed: -

Status: -

 

Name: ql1240.sys

Image Path: ql1240.sys

Address: 0xF74D7000 Size: 40448 File Visible: - Signed: -

Status: -

 

Name: ql1280.sys

Image Path: ql1280.sys

Address: 0xF7517000 Size: 49024 File Visible: - Signed: -

Status: -

 

Name: rasacd.sys

Image Path: C:\WINDOWS\System32\DRIVERS\rasacd.sys

Address: 0xF7195000 Size: 8832 File Visible: - Signed: -

Status: -

 

Name: rasl2tp.sys

Image Path: C:\WINDOWS\System32\DRIVERS\rasl2tp.sys

Address: 0xF6DEF000 Size: 51328 File Visible: - Signed: -

Status: -

 

Name: raspppoe.sys

Image Path: C:\WINDOWS\System32\DRIVERS\raspppoe.sys

Address: 0xF7617000 Size: 41472 File Visible: - Signed: -

Status: -

 

Name: raspptp.sys

Image Path: C:\WINDOWS\System32\DRIVERS\raspptp.sys

Address: 0xF7627000 Size: 48384 File Visible: - Signed: -

Status: -

 

Name: raspti.sys

Image Path: C:\WINDOWS\System32\DRIVERS\raspti.sys

Address: 0xF787F000 Size: 16512 File Visible: - Signed: -

Status: -

 

Name: RAW

Image Path: \FileSystem\RAW

Address: 0x804D7000 Size: 2191104 File Visible: - Signed: -

Status: -

 

Name: rdbss.sys

Image Path: C:\WINDOWS\System32\DRIVERS\rdbss.sys

Address: 0xB2DC2000 Size: 175744 File Visible: - Signed: -

Status: -

 

Name: RDPCDD.sys

Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys

Address: 0xF79C9000 Size: 4224 File Visible: - Signed: -

Status: -

 

Name: RecAgent.sys

Image Path: RecAgent.sys

Address: 0xF78BB000 Size: 13824 File Visible: - Signed: -

Status: -

 

Name: redbook.sys

Image Path: C:\WINDOWS\System32\DRIVERS\redbook.sys

Address: 0xF6E3F000 Size: 58752 File Visible: - Signed: -

Status: -

 

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xB1FB1000 Size: 49152 File Visible: No Signed: -

Status: -

 

Name: SCSIPORT.SYS

Image Path: C:\WINDOWS\System32\DRIVERS\SCSIPORT.SYS

Address: 0xF73EF000 Size: 98304 File Visible: - Signed: -

Status: -

 

Name: sisagp.sys

Image Path: sisagp.sys

Address: 0xF7567000 Size: 40960 File Visible: - Signed: -

Status: -

 

Name: slntamr.sys

Image Path: C:\WINDOWS\System32\DRIVERS\slntamr.sys

Address: 0xF68CD000 Size: 404768 File Visible: - Signed: -

Status: -

 

Name: SlWdmSup.sys

Image Path: C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys

Address: 0xF7957000 Size: 13152 File Visible: - Signed: -

Status: -

 

Name: smwdm.sys

Image Path: C:\WINDOWS\system32\drivers\smwdm.sys

Address: 0xF6954000 Size: 594048 File Visible: - Signed: -

Status: -

 

Name: sparrow.sys

Image Path: sparrow.sys

Address: 0xF7717000 Size: 19072 File Visible: - Signed: -

Status: -

 

Name: sr.sys

Image Path: sr.sys

Address: 0xF7360000 Size: 73600 File Visible: - Signed: -

Status: -

 

Name: srv.sys

Image Path: C:\WINDOWS\System32\DRIVERS\srv.sys

Address: 0xB23A9000 Size: 333952 File Visible: - Signed: -

Status: -

 

Name: STREAM.SYS

Image Path: C:\WINDOWS\System32\DRIVERS\STREAM.SYS

Address: 0xF6E1F000 Size: 53248 File Visible: - Signed: -

Status: -

 

Name: swenum.sys

Image Path: C:\WINDOWS\System32\DRIVERS\swenum.sys

Address: 0xF79BB000 Size: 4352 File Visible: - Signed: -

Status: -

 

Name: sym_hi.sys

Image Path: sym_hi.sys

Address: 0xF773F000 Size: 28384 File Visible: - Signed: -

Status: -

 

Name: sym_u3.sys

Image Path: sym_u3.sys

Address: 0xF7747000 Size: 30688 File Visible: - Signed: -

Status: -

 

Name: symc810.sys

Image Path: symc810.sys

Address: 0xF78A3000 Size: 16256 File Visible: - Signed: -

Status: -

 

Name: symc8xx.sys

Image Path: symc8xx.sys

Address: 0xF7737000 Size: 32640 File Visible: - Signed: -

Status: -

 

Name: sysaudio.sys

Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys

Address: 0xB2BDC000 Size: 60800 File Visible: - Signed: -

Status: -

 

Name: tcpip.sys

Image Path: C:\WINDOWS\System32\DRIVERS\tcpip.sys

Address: 0xB2E49000 Size: 361600 File Visible: - Signed: -

Status: -

 

Name: TDI.SYS

Image Path: C:\WINDOWS\System32\DRIVERS\TDI.SYS

Address: 0xF786F000 Size: 20480 File Visible: - Signed: -

Status: -

 

Name: termdd.sys

Image Path: C:\WINDOWS\System32\DRIVERS\termdd.sys

Address: 0xF7647000 Size: 40704 File Visible: - Signed: -

Status: -

 

Name: toside.sys

Image Path: toside.sys

Address: 0xF798F000 Size: 4992 File Visible: - Signed: -

Status: -

 

Name: ultra.sys

Image Path: ultra.sys

Address: 0xF74F7000 Size: 36736 File Visible: - Signed: -

Status: -

 

Name: update.sys

Image Path: C:\WINDOWS\System32\DRIVERS\update.sys

Address: 0xF6828000 Size: 384768 File Visible: - Signed: -

Status: -

 

Name: usbccgp.sys

Image Path: C:\WINDOWS\System32\DRIVERS\usbccgp.sys

Address: 0xF778F000 Size: 32128 File Visible: - Signed: -

Status: -

 

Name: USBD.SYS

Image Path: C:\WINDOWS\System32\DRIVERS\USBD.SYS

Address: 0xF79C1000 Size: 8192 File Visible: - Signed: -

Status: -

 

Name: usbehci.sys

Image Path: C:\WINDOWS\System32\DRIVERS\usbehci.sys

Address: 0xF7847000 Size: 30208 File Visible: - Signed: -

Status: -

 

Name: usbhub.sys

Image Path: C:\WINDOWS\System32\DRIVERS\usbhub.sys

Address: 0xF7687000 Size: 59520 File Visible: - Signed: -

Status: -

 

Name: usbohci.sys

Image Path: C:\WINDOWS\System32\DRIVERS\usbohci.sys

Address: 0xF783F000 Size: 17152 File Visible: - Signed: -

Status: -

 

Name: USBPORT.SYS

Image Path: C:\WINDOWS\System32\DRIVERS\USBPORT.SYS

Address: 0xF6A72000 Size: 147456 File Visible: - Signed: -

Status: -

 

Name: usbprint.sys

Image Path: C:\WINDOWS\System32\DRIVERS\usbprint.sys

Address: 0xF77BF000 Size: 25856 File Visible: - Signed: -

Status: -

 

Name: usbscan.sys

Image Path: C:\WINDOWS\System32\DRIVERS\usbscan.sys

Address: 0xF793B000 Size: 15104 File Visible: - Signed: -

Status: -

 

Name: USBSTOR.SYS

Image Path: C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS

Address: 0xF7797000 Size: 26368 File Visible: - Signed: -

Status: -

 

Name: vga.sys

Image Path: C:\WINDOWS\System32\drivers\vga.sys

Address: 0xF77A7000 Size: 20992 File Visible: - Signed: -

Status: -

 

Name: viaagp.sys

Image Path: viaagp.sys

Address: 0xF7577000 Size: 42240 File Visible: - Signed: -

Status: -

 

Name: viaide.sys

Image Path: viaide.sys

Address: 0xF7991000 Size: 5376 File Visible: - Signed: -

Status: -

 

Name: VIDEOPRT.SYS

Image Path: C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS

Address: 0xF6A96000 Size: 81920 File Visible: - Signed: -

Status: -

 

Name: VolSnap.sys

Image Path: VolSnap.sys

Address: 0xF74A7000 Size: 53376 File Visible: - Signed: -

Status: -

 

Name: wanarp.sys

Image Path: C:\WINDOWS\System32\DRIVERS\wanarp.sys

Address: 0xF7265000 Size: 34560 File Visible: - Signed: -

Status: -

 

Name: watchdog.sys

Image Path: C:\WINDOWS\System32\watchdog.sys

Address: 0xF77C7000 Size: 20480 File Visible: - Signed: -

Status: -

 

Name: wdmaud.sys

Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys

Address: 0xB283B000 Size: 83072 File Visible: - Signed: -

Status: -

 

Name: Win32k

Image Path: \Driver\Win32k

Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -

Status: -

 

Name: win32k.sys

Image Path: C:\WINDOWS\System32\win32k.sys

Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -

Status: -

 

Name: WMILIB.SYS

Image Path: C:\WINDOWS\System32\DRIVERS\WMILIB.SYS

Address: 0xF7989000 Size: 8192 File Visible: - Signed: -

Status: -

 

Name: WMIxWDM

Image Path: \Driver\WMIxWDM

Address: 0x804D7000 Size: 2191104 File Visible: - Signed: -

Status: -

jojo2186 Power Member

jojo2186

Posté(e)
  • Auteur
Posté(e)

Bonsoir,

 

Pc lent et pas de réception ni d'envoi avec outlook

 

Voici un rapport mbam

 

Malwarebytes' Anti-Malware 1.38

Version de la base de données: 2297

Windows 5.1.2600 Service Pack 3

 

19/07/2009 21:06:59

mbam-log-2009-07-19 (21-06-49).txt

 

Type de recherche: Examen rapide

Eléments examinés: 90595

Temps écoulé: 7 minute(s), 17 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 2

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 1

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\reset5c (Trojan.Agent) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> No action taken.

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

c:\WINDOWS\system32\wsnpoema.exe.vir (Trojan.Agent) -> No action taken.

pear Devil Member !

pear

Posté(e)
Posté(e) (modifié)

Avez vous essayé la suppression ?

 

Si ça ne marchait pas:

 

 

 

 

Télécharger sur le bureauOTM by OldTimer .

Double-clic sur OTM.exe pour le lancer.

Sous Vista,Clic droit sur le fichier ->Choisir Exécuter en tant qu' Administrateur

Vérifier que Unregister Dll's and Ocx's soit coché.

* Copiez /Collez les lignes ci dessous):

 

:Processes

explorer.exe

:Files

c:\WINDOWS\system32\wsnpoema.exe.vir

c:\windows\system32\reset5c.dll

:Services

:Reg

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\reset5c]

[-HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo]

:Commands

[purity]

[emptytemp]

[start explorer]

[Reboot]

 

Revenez dans OTM,

Clic droit sur la fenêtre "Paste Instructions for Items to be Moved" sous la barre jaune et choisir Coller(Paste).

* Click le bouton rouge Moveit!

* Fermez OTM

Votre Pc va redémarrer.

Rendez vous dans le dossier C:\_OTM\MovedFiles ,

ouvrez le dernier fichier .log

Copiez/collez en le contenu dans votre prochaine réponse

Modifié par pear
jojo2186 Power Member

jojo2186

Posté(e)
  • Auteur
Posté(e)

Bonjour,

 

Avec mbam quand je lance la suppression, pas de réponse.

 

Voici le rapport avec otm

 

All processes killed

========== PROCESSES ==========

No active process named explorer.exe was found!

========== FILES ==========

c:\WINDOWS\system32\wsnpoema.exe.vir moved successfully.

File/Folder c:\windows\system32\reset5c.dll not found.

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\reset5c\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo\ deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrateur

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

->Temporary Internet Files folder emptied: 33170 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Patrick

->Temp folder emptied: 76398794 bytes

File delete failed. C:\Documents and Settings\Patrick\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

->Temporary Internet Files folder emptied: 34068 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 33514004 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

File delete failed. C:\WINDOWS\temp\$$$dq3e scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\$$yt7.$$ scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\$67we.$ scheduled to be deleted on reboot.

Windows Temp folder emptied: 413888 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 105,28 mb

 

 

OTM by OldTimer - Version 3.0.0.5 log created on 07202009_085850

 

Files moved on Reboot...

File move failed. C:\WINDOWS\temp\$$$dq3e scheduled to be moved on reboot.

File move failed. C:\WINDOWS\temp\$$yt7.$$ scheduled to be moved on reboot.

File move failed. C:\WINDOWS\temp\$67we.$ scheduled to be moved on reboot.

 

Registry entries deleted on Reboot...

pear Devil Member !

pear

Posté(e)
Posté(e) (modifié)
Avec mbam quand je lance la suppression, pas de réponse.

Sous Firefox, Menu Editions / Préférences puis onglet Avancés.

o Cliquez sur Réseau et Paramètres.

o Choisissez "Ne pas mettre de Proxy".

La commande Tasklist n'existe pas sous XP Home

telecharger ce fichier :

http://speedweb1.free.fr/download/utilitaire/tasklist.exe

et collez le dans C:\Windows\System32\

 

Pour la lancer, le service Lanceur de Processus Dcom doit être actif:

L'accès à la console des services:

Démarrer->Exécuter->

Services.msc

 

Afin de voir les processus actifs, lancer Tasklist et rediriger le résultat vers le Bureau:

 

Démarrer->Exécuter

Cmd /k tasklist /svc >Bureau\Liste.txt

 

Faites en un copier /coller ici.

Modifié par pear
jojo2186 Power Member

jojo2186

Posté(e)
  • Auteur
Posté(e)

Bonjour, voici le rapport

 

 

Image Name PID Services

========================= ====== =============================================

System Idle Process 0 N/A

System 4 N/A

smss.exe 664 N/A

csrss.exe 712 N/A

winlogon.exe 744 N/A

services.exe 788 Eventlog, PlugPlay

lsass.exe 800 PolicyAgent, ProtectedStorage, SamSs

ati2evxx.exe 952 Ati HotKey Poller

svchost.exe 964 DcomLaunch, TermService

svchost.exe 1060 RpcSs

svchost.exe 1152 AudioSrv, Browser, CryptSvc, Dhcp, ERSvc,

EventSystem, FastUserSwitchingCompatibility,

helpsvc, lanmanserver, lanmanworkstation,

Netman, Nla, RasMan, Schedule, seclogon,

SENS, SharedAccess, ShellHWDetection,

srservice, TapiSrv, Themes, TrkWks, W32Time,

winmgmt, wscsvc, wuauserv, WZCSVC

svchost.exe 1208 Dnscache

svchost.exe 1268 LmHosts, SSDPSRV

explorer.exe 1612 N/A

spoolsv.exe 1644 Spooler

opwareSE2.exe 1784 N/A

winampa.exe 1792 N/A

egui.exe 1800 N/A

jusched.exe 1820 N/A

hpqtra08.exe 1900 N/A

svchost.exe 524 WebClient

AppleMobileDeviceService. 556 Apple Mobile Device

ekrn.exe 592 ekrn

svchost.exe 612 hpqcxs08, hpqddsvc

jqs.exe 636 JavaQuickStarterService

svchost.exe 992 Net Driver HPZ12

svchost.exe 1188 Pml Driver HPZ12

slserv.exe 832 SLService

SMAgent.exe 1464 SoundMAX Agent Service (default)

svchost.exe 1532 stisvc

wdfmgr.exe 1596 UMWdf

alg.exe 3460 ALG

hpqste08.exe 3628 N/A

hpqbam08.exe 3672 N/A

hpqgpc01.exe 3700 N/A

dwwin.exe 476 N/A

firefox.exe 1768 N/A

dumprep.exe 2604 N/A

dwwin.exe 3984 N/A

cmd.exe 1316 N/A

mmc.exe 2248 N/A

cmd.exe 2676 N/A

tasklist.exe 456 N/A

wmiprvse.exe 2692 N/A

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...