Lisa Invité
| Sujet: Re: [résolu] Virus et pages internet bloquées Mar 12 Avr - 23:05 | |
| Yess c'est fait ! Pour moi et mes connaissances informatiques, ça tient de l'exploit et je te remercie, toutes tes explications sont niquel ! Quand tu m'écris : Poste le rapport qui sera générer automatiquement au redémarrage Ici stp. Ca ne me renvoie à aucun lien donc je te les copie sur ce post. - Spoiler:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "AutoRestartShell"=dword:00000001 "DefaultUserName"="Administrateur" "LegalNoticeCaption"="" "LegalNoticeText"="" "PowerdownAfterShutdown"="0" "ReportBootOk"="1" "Shell"="Explorer.exe C:\\WINDOWS\\system32\\WinSit.exe" "ShutdownWithoutLogon"="0" "System"="" "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," "VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\"" "SfcQuota"=dword:ffffffff "allocatecdroms"="0" "allocatedasd"="0" "allocatefloppies"="0" "cachedlogonscount"="10" "forceunlocklogon"=dword:00000000 "passwordexpirywarning"=dword:0000000e "scremoveoption"="0" "AllowMultipleTSSessions"=dword:00000001 "UIHost"=hex(2):6c,00,6f,00,67,00,6f,00,6e,00,75,00,69,00,2e,00,65,00,78,00,65,\ 00,00,00 "LogonType"=dword:00000001 "Background"="0 0 0" "DefaultPassword"="" "DebugServerCommand"="no" "SFCDisable"=dword:00000000 "WinStationsDisabled"="0" "HibernationPreviouslyEnabled"=dword:00000001 "ShowLogonOptions"=dword:00000000 "AltDefaultUserName"="Administrateur" "AltDefaultDomainName"="PCELISA" "DefaultDomainName"="PCELISA" "ChangePasswordUseKerberos"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}] @="Sans fil" "ProcessGroupPolicy"="ProcessWIRELESSPolicy" "DllName"=hex(2):67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,\ 00,00 "NoUserPolicy"=dword:00000001 "NoGPOListChanges"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}] @="Folder Redirection" "ProcessGroupPolicyEx"="ProcessGroupPolicyEx" "DllName"=hex(2):66,00,64,00,65,00,70,00,6c,00,6f,00,79,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "NoMachinePolicy"=dword:00000001 "NoSlowLink"=dword:00000001 "PerUserLocalSettings"=dword:00000001 "NoGPOListChanges"=dword:00000000 "NoBackgroundPolicy"=dword:00000000 "GenerateGroupPolicy"="GenerateGroupPolicy" "EventSources"=hex(7):28,00,46,00,6f,00,6c,00,64,00,65,00,72,00,20,00,52,00,65,\ 00,64,00,69,00,72,00,65,00,63,00,74,00,69,00,6f,00,6e,00,2c,00,41,00,70,00,\ 70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,29,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}] @="Quota du disque Microsoft" "NoMachinePolicy"=dword:00000000 "NoUserPolicy"=dword:00000001 "NoSlowLink"=dword:00000001 "NoBackgroundPolicy"=dword:00000001 "NoGPOListChanges"=dword:00000001 "PerUserLocalSettings"=dword:00000000 "RequiresSuccessfulRegistry"=dword:00000001 "EnableAsynchronousProcessing"=dword:00000000 "DllName"=hex(2):64,00,73,00,6b,00,71,00,75,00,6f,00,74,00,61,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "ProcessGroupPolicy"="ProcessGroupPolicy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}] @="Planificateur de paquets QoS" "ProcessGroupPolicy"="ProcessPSCHEDPolicy" "DllName"=hex(2):67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,\ 00,00 "NoUserPolicy"=dword:00000001 "NoGPOListChanges"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}] @="Scripts" "ProcessGroupPolicy"="ProcessScriptsGroupPolicy" "ProcessGroupPolicyEx"="ProcessScriptsGroupPolicyEx" "GenerateGroupPolicy"="GenerateScriptsGroupPolicy" "DllName"=hex(2):67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,\ 00,00 "NoSlowLink"=dword:00000001 "NoGPOListChanges"=dword:00000001 "NotifyLinkTransition"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}] @="Internet Explorer Zonemapping" "DllName"="C:\\WINDOWS\\system32\\iedkcs32.dll" "ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap" "NoGPOListChanges"=dword:00000001 "RequiresSucessfulRegistry"=dword:00000001 "DisplayName"="@C:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051" "RequiresSuccessfulRegistry"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}] @="Internet Explorer User Accelerators" "DisplayName"="@C:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051" "DllName"="C:\\WINDOWS\\system32\\iedkcs32.dll" "NoGPOListChanges"=dword:00000001 "ProcessGroupPolicy"="ProcessGroupPolicyForActivities" "ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx" "RequiresSuccessfulRegistry"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}] "ProcessGroupPolicy"="SceProcessSecurityPolicyGPO" "GenerateGroupPolicy"="SceGenerateGroupPolicy" "ExtensionRsopPlanningDebugLevel"=dword:00000001 "ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx" "ExtensionDebugLevel"=dword:00000001 "DllName"=hex(2):73,00,63,00,65,00,63,00,6c,00,69,00,2e,00,64,00,6c,00,6c,00,\ 00,00 @="Security" "NoUserPolicy"=dword:00000001 "NoGPOListChanges"=dword:00000001 "EnableAsynchronousProcessing"=dword:00000001 "MaxNoGPOListChangesInterval"=dword:000003c0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{8F51D94E-8B89-4844-B15C-9C049BA0F49F}] "DllName"="C:\\Program Files\\HPQ\\IAM\\Bin\\ItVCard.dll" "NoBackgroundPolicy"=dword:00000000 "NoMachinePolicy"=dword:00000000 "NoUserPolicy"=dword:00000001 "ProcessGroupPolicy"="ProcessGroupPolicy" "RequiresSuccessfulRegistry"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}] "ProcessGroupPolicyEx"="ProcessGroupPolicyEx" "GenerateGroupPolicy"="GenerateGroupPolicy" "ProcessGroupPolicy"="ProcessGroupPolicy" "DllName"="C:\\WINDOWS\\system32\\iedkcs32.dll" @="Internet Explorer Branding" "NoSlowLink"=dword:00000001 "NoBackgroundPolicy"=dword:00000000 "NoGPOListChanges"=dword:00000001 "NoMachinePolicy"=dword:00000001 "DisplayName"="@C:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3014"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}] "ProcessGroupPolicy"="SceProcessEFSRecoveryGPO" "DllName"=hex(2):73,00,63,00,65,00,63,00,6c,00,69,00,2e,00,64,00,6c,00,6c,00,\ 00,00 @="EFS recovery" "NoUserPolicy"=dword:00000001 "NoGPOListChanges"=dword:00000001 "RequiresSuccessfulRegistry"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}] @="802.3 Group Policy" "DisplayName"=hex(2):40,00,64,00,6f,00,74,00,33,00,67,00,70,00,63,00,6c,00,6e,\ 00,74,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,30,00,30,00,00,00 "ProcessGroupPolicyEx"="ProcessLANPolicyEx" "GenerateGroupPolicy"="GenerateLANPolicy" "DllName"=hex(2):64,00,6f,00,74,00,33,00,67,00,70,00,63,00,6c,00,6e,00,74,00,\ 2e,00,64,00,6c,00,6c,00,00,00 "NoUserPolicy"=dword:00000001 "NoGPOListChanges"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}] @="Microsoft Offline Files" "DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,63,\ 00,73,00,63,00,75,00,69,00,2e,00,64,00,6c,00,6c,00,00,00 "EnableAsynchronousProcessing"=dword:00000000 "NoBackgroundPolicy"=dword:00000000 "NoGPOListChanges"=dword:00000000 "NoMachinePolicy"=dword:00000000 "NoSlowLink"=dword:00000000 "NoUserPolicy"=dword:00000001 "PerUserLocalSettings"=dword:00000000 "ProcessGroupPolicy"="ProcessGroupPolicy" "RequiresSuccessfulRegistry"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}] @="Installation de logiciel" "DllName"=hex(2):61,00,70,00,70,00,6d,00,67,00,6d,00,74,00,73,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx" "GenerateGroupPolicy"="GenerateGroupPolicy" "NoBackgroundPolicy"=dword:00000000 "RequiresSucessfulRegistry"=dword:00000000 "NoSlowLink"=dword:00000001 "PerUserLocalSettings"=dword:00000001 "EventSources"=hex(7):28,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,\ 00,6f,00,6e,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,\ 74,00,2c,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,\ 00,29,00,00,00,28,00,4d,00,73,00,69,00,49,00,6e,00,73,00,74,00,61,00,6c,00,\ 6c,00,65,00,72,00,2c,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,\ 00,6f,00,6e,00,29,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}] @="Internet Explorer Machine Accelerators" "DisplayName"="@C:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051" "DllName"="C:\\WINDOWS\\system32\\iedkcs32.dll" "NoGPOListChanges"=dword:00000001 "ProcessGroupPolicy"="ProcessGroupPolicyForActivities" "ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx" "RequiresSuccessfulRegistry"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}] @="Sécurité IP" "ProcessGroupPolicy"="ProcessIPSECPolicy" "DllName"=hex(2):67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,\ 00,00 "NoUserPolicy"=dword:00000001 "NoGPOListChanges"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] "DLLName"="Ati2evxx.dll" "Asynchronous"=dword:00000000 "Impersonate"=dword:00000001 "Lock"="AtiLockEvent" "Logoff"="AtiLogoffEvent" "Logon"="AtiLogonEvent" "Disconnect"="AtiDisConnectEvent" "Reconnect"="AtiReConnectEvent" "Safe"=dword:00000000 "Shutdown"="AtiShutdownEvent" "StartScreenSaver"="AtiStartScreenSaverEvent" "StartShell"="AtiStartShellEvent" "Startup"="AtiStartupEvent" "StopScreenSaver"="AtiStopScreenSaverEvent" "Unlock"="AtiUnLockEvent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy] "Asynchronous"=dword:00000001 "DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,\ 00,69,00,6d,00,73,00,6e,00,74,00,66,00,79,00,2e,00,64,00,6c,00,6c,00,00,00 "Startup"="WlDimsStartup" "Shutdown"="WlDimsShutdown" "Logon"="WlDimsLogon" "Logoff"="WlDimsLogoff" "StartShell"="WlDimsStartShell" "Lock"="WlDimsLock" "Unlock"="WlDimsUnlock"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IfxWlxEN] "DllName"="IfxWlxEN.dll" "StartShell"="StartShellEvent" "Logoff"="LogoffEvent" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OneCard] "DllName"="C:\\Program Files\\HPQ\\IAM\\Bin\\AsWlnPkg.dll" "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "Lock"="OnLock" "Logoff"="OnLogoff" "Logon"="OnLogon" "Shutdown"="OnShutdown" "StartScreenSaver"="OnStartScreenSaver" "StartShell"="OnStartShell" "Startup"="OnStartup" "StopScreenSaver"="OnStopScreenSaver" "Unlock"="OnUnlock" "PostShell"="OnPostShell" "Disconnect"="OnDisconnect" "Reconnect"="OnReconnect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] "Logon"="WLEventLogon" "Logoff"="WLEventLogoff" "Startup"="WLEventStartup" "Shutdown"="WLEventShutdown" "StartScreenSaver"="WLEventStartScreenSaver" "StopScreenSaver"="WLEventStopScreenSaver" "Lock"="WLEventLock" "Unlock"="WLEventUnlock" "StartShell"="WLEventStartShell" "PostShell"="WLEventPostShell" "Disconnect"="WLEventDisconnect" "Reconnect"="WLEventReconnect" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000000 "SafeMode"=dword:00000001 "MaxWait"=dword:ffffffff "DllName"=hex(2):57,00,67,00,61,00,4c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Event"=dword:00000001 "InstallEvent"="1.9.0040.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings] @="" "Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\ 00,00,6c,50,9a,94,16,b2,92,46,a2,3d,4e,40,ae,af,5a,f3,04,00,00,00,04,00,00,\ 00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00,ff,98,ca,12,3b,7a,17,56,\ 8b,d5,73,b8,6e,54,b1,c1,00,00,00,00,04,80,00,00,a0,00,00,00,10,00,00,00,80,\ 83,4d,7d,7f,2b,1f,89,80,65,0a,8a,07,23,ec,50,b8,01,00,00,f0,be,f2,c9,9f,b6,\ a9,e7,e3,1a,48,b0,13,52,ef,dd,bb,7a,89,a6,19,bd,4b,00,3f,cd,24,f0,91,9a,ba,\ a9,cc,12,8a,1d,0f,93,c4,d4,47,9a,79,fc,59,ca,3e,77,9f,7c,26,2f,4b,df,aa,35,\ de,9e,d1,d7,b9,81,62,16,66,bb,cd,c7,ff,7e,64,8b,65,96,12,a0,63,d2,a1,aa,1e,\ 30,db,f2,0c,f3,9c,a3,03,23,9a,d0,5e,be,7c,18,8d,e4,ce,eb,53,d8,7f,99,cf,1d,\ fb,de,79,5b,be,69,82,a4,56,c4,07,cc,2f,0f,45,e0,bf,35,50,e5,b5,55,51,4f,1a,\ c2,6a,40,7a,e3,8c,7b,f1,4b,57,2b,d0,2b,e8,f2,62,b6,ee,e1,21,2b,87,d4,49,a2,\ fa,50,0e,22,bf,46,45,ae,cb,cd,af,9c,ae,12,7a,aa,58,49,f0,21,70,48,d0,26,16,\ 87,ba,4b,f3,18,a8,f3,0a,e0,4b,cf,25,d5,95,e8,08,05,ad,77,a6,70,00,09,6f,5d,\ 8d,33,ab,7d,2e,f8,e1,37,f9,e1,a4,54,e9,4b,f8,b5,60,1f,9e,6e,ad,ee,be,6e,7a,\ 92,08,8c,f3,79,f7,2f,f6,2c,b9,cd,9a,e0,ac,f7,97,a6,36,b5,a0,bc,53,77,3b,e0,\ 94,ce,1d,33,0d,b2,43,01,5c,e0,3e,a9,55,f8,7b,c0,ce,23,40,62,9c,b0,8a,c9,be,\ 88,45,c5,fd,d8,b2,95,54,37,a9,d5,61,ed,6f,10,ec,fe,86,74,10,33,8b,34,c4,13,\ 1b,d2,6c,ba,96,fd,5f,70,09,4a,a8,20,13,aa,86,75,fe,cf,df,89,1a,52,4c,a6,90,\ 6f,0e,e1,97,29,94,54,9b,86,c0,54,68,f5,50,6e,ec,0b,01,32,f4,6d,c9,79,4a,c9,\ 67,db,84,39,8e,1d,3b,c2,36,73,f7,b7,1a,84,1f,0f,ba,4f,74,7b,14,44,82,8d,8b,\ bb,ed,4e,20,3a,3b,15,d8,f3,77,83,fc,b0,1b,2d,2e,9e,22,ac,4b,38,33,c6,1b,9c,\ 9e,31,5c,36,72,07,55,22,a7,af,f4,de,0b,25,f6,14,f6,7c,b4,e3,8b,8a,d4,92,41,\ 1c,64,70,0e,6f,67,a1,f4,db,14,00,00,00,5f,11,42,56,5d,04,88,e7,39,b5,7a,b9,\ 64,29,63,93,51,61,7f,1b
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList] "HelpAssistant"=dword:00000000 "TsInternetUser"=dword:00000000 "SQLAgentCmdExec"=dword:00000000 "NetShowServices"=dword:00000000 "IWAM_"=dword:00010000 "IUSR_"=dword:00010000 "VUSR_"=dword:00010000 "ASPNET"=dword:00000000 "ASVA_"=dword:00010000
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "dc2k5"="C:\\WINDOWS\\SVIQ.EXE" "Fun"="C:\\WINDOWS\\system\\Fun.exe" "dc"="C:\\WINDOWS\\dc.exe" "systems"="c:\\windows\\inf\\svchost.exe" "AutoStartNPSAgent"="C:\\Program Files\\Samsung\\Samsung New PC Studio\\NPSAgent.exe" "WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater] @=""
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "Fun"="C:\\WINDOWS\\system\\Fun.exe" "dc"="C:\\WINDOWS\\dc.exe" "systems"="c:\\windows\\inf\\svchost.exe" "AutoStartNPSAgent"="C:\\Program Files\\Samsung\\Samsung New PC Studio\\NPSAgent.exe" "WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater] @=""
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "dc"="C:\\WINDOWS\\dc.exe" "systems"="c:\\windows\\inf\\svchost.exe" "AutoStartNPSAgent"="C:\\Program Files\\Samsung\\Samsung New PC Studio\\NPSAgent.exe" "WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater] @=""
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "systems"="c:\\windows\\inf\\svchost.exe" "AutoStartNPSAgent"="C:\\Program Files\\Samsung\\Samsung New PC Studio\\NPSAgent.exe" "WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater] @=""
JAWARYINTI: Export de clé mis dans les balises spoiler======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 ======= Mis à jour par TeamXscript le 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com Site web: C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 20:46:48 le 12/04/2011, Mode normal Microsoft Windows XP Professionnel Service Pack 3 (X86) Administrateur@PCLISA ( ) ============== ACTION(S) ============== Service: "Application Updater" Stoppé et supprimé Service: "BarDiscover Service" Stoppé et supprimé Dossier supprimé: C:\Documents and Settings\Administrateur\Local Settings\Application Data\Conduit Dossier supprimé: C:\Program Files\Application Updater Dossier supprimé: C:\Documents and Settings\All Users\Application Data\bardiscover Dossier supprimé: C:\Documents and Settings\Administrateur\Application Data\pdfforge Dossier supprimé: C:\Program Files\pdfforge Toolbar Dossier supprimé: C:\Documents and Settings\Administrateur\Application Data\Search Settings Dossier supprimé: C:\Program Files\Fichiers communs\Spigot (!) -- Fichiers temporaires supprimés. Clé supprimée: HKLM\Software\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402} Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402} Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402} Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402} Clé supprimée: HKLM\Software\Classes\Toolbar.CT2542115 Clé supprimée: HKLM\Software\Application Updater Clé supprimée: HKLM\Software\AskBarDis Clé supprimée: HKLM\Software\bardiscover Clé supprimée: HKLM\Software\pdfforge Clé supprimée: HKLM\Software\Search Settings Clé supprimée: HKCU\Software\Conduit Clé supprimée: HKCU\Software\AppDataLow\Software\Search Settings Clé supprimée: HKLM\Software\Classes\Installer\Products\7A931B0A5D8E8E947AFB2124E1562280 Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\7A931B0A5D8E8E947AFB2124E1562280 Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BarDiscover Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47FD-81F3-EE91287F9465} Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465} Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2} Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3} Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SearchSettings Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{B922D405-6D13-4A2B-AE89-08A030DA4402} ============== SCAN ADDITIONNEL ============== **** Mozilla Firefox Version [3.6.16 (fr)] **** -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\w4zi8g65.default -- Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\Administrateur\\Bureau\\ATSP-les assises plurielles Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.16 ======================================== **** Internet Explorer Version [8.0.6001.18702] **** HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896 HKCU_Main|Start Page - hxxp://fr.msn.com/ HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Start Page - hxxp://fr.msn.com/ HKCU_URLSearchHooks|{B922D405-6D13-4A2B-AE89-08A030DA4402} (x) HKLM_ElevationPolicy\{76E2369A-75BA-41F9-8B9E-16059E5CF9A6} - C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (x) HKLM_Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F} - "@btrez.dll,-4015" (C:\Program Files\WIDCOMM\Logiciel Bluetooth\bt_cold_icon.ico) HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?) BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?) BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll) BHO\{DF21F1DB-80C6-11D3-9483-B03D0EC10000} - "HP Credential Manager for ProtectTools" (C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll) ======================================== C:\Program Files\Ad-Remover\Quarantine: 27 Fichier(s) C:\Program Files\Ad-Remover\Backup: 15 Fichier(s) C:\Ad-Report-CLEAN[1].txt - 12/04/2011 20:46:52 (1117 Octet(s)) C:\Ad-Report-SCAN[1].txt - 12/04/2011 20:43:38 (5689 Octet(s)) C:\Ad-Report-SCAN[2].txt - 12/04/2011 20:45:29 (5754 Octet(s)) Fin à: 20:47:46, 12/04/2011 ============== E.O.F ============== |
|