Forum Clubic

Assurer la protection de votre pc (page 8)

[pourri-re]
pas oublier mes 50% … :oui: :oui:

j’ai… 10 enfants à élever :’( … :ane:

edit : jsuis entrain de penser à surikat14 et ses 766 rootkits > il devrait demander à rentrer dans le livre des records.

[/pourri-re] :smiley:

Bonjour tout le monde :hello:

Bon j’ai pas compris comment marché regdelnull mais j’ai scanné avec CCleaner, rebooté et rescanné avec RKR tout en ayant désactivé la restauration système et que vois-je à la fin du scan… 157 discrepancies… :riva: :riva: :riva:
alors que l’autre scan d’avant yen avait 15… Je ne comprend rien… :pt1cable:
J’ai encore max de fichier de “Temporary Internet Files” +
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb 10/02/2006 15:25 64.00 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\wbem\Logs\wmiprov.log 10/02/2006 15:28 67 bytes Hidden from Windows API.
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 10/02/2006 15:27 80 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet001\Services\d347prt\Cfg\0Jf40 10/02/2006 15:23 0 bytes Hidden from Windows API.
C:\Documents and Settings\Bou\Application Data\Macromedia\Flash Player\#SharedObjects 10/02/2006 15:28 0 bytes Hidden from Windows API.
C:\Documents and Settings\Bou\Application Data\Macromedia\Flash Player\#SharedObjects\N4MZD48H 10/02/2006 15:28 0 bytes Hidden from Windows API.
C:\Documents and Settings\Bou\Application Data\Macromedia\Flash Player\macromedia.com 10/02/2006 15:28 0 bytes Hidden from Windows API.
C:\Documents and Settings\Bou\Application Data\Macromedia\Flash Player\macromedia.com\support 10/02/2006 15:28 0 bytes Hidden from Windows API.
C:\Documents and Settings\Bou\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer 10/02/2006 15:28 0 bytes Hidden from Windows API.
C:\Documents and Settings\Bou\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys 10/02/2006 15:28 0 bytes Hidden from Windows API.
C:\Documents and Settings\Bou\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 10/02/2006 15:28 348 bytes Hidden from Windows API.
C:\Documents and Settings\Bou\Cookies\bou@metrixlablw.customers.luna[1].txt 10/02/2006 15:28 184 bytes Hidden from Windows API.
C:\Documents and Settings\Bou\Cookies\bou@serving-sys[2].txt 10/02/2006 15:28 518 bytes Hidden from Windows API.
C:\Documents and Settings\Bou\Cookies\bou@weborama[2].txt 10/02/2006 15:30 166 bytes Hidden from Windows API.
C:\Documents and Settings\Bou\Cookies\bou@www.binnews[1].txt 10/02/2006 15:30 79 bytes Hidden from Windows API.
C:\Documents and Settings\Bou\Cookies\bou@www.promobenef[1].txt 10/02/2006 15:30 526 bytes Hidden from Windows API.

ça me désole… j’aurais su ne jamais essayé ce prog…
Merci pour tes commentaires MasterCode :bounce: lol

:hello:

surikat14

dis toi que RKR n’est à utiliser qu’en dernier et sur un système clean.

ce qu’il te faut faire c’est d’abord :

Désactiver la restauration.
Supprimer tout fichier virus de la quarantaine.
CCleaner ; nettoyage et correction des erreurs. (faire 2 à 3 fois de suite)
Passer un scan spybot ,Ad-Aware ou Spy Sweper , si erreur trouvée , corriger en mode sans échec .

Seulement après avoir fait ce clean tu pourras , faire le scan RKR (mode normal)

je te dis ça car je vois que t’as dans le dossier \Cookies , des détections de RKR donc d’abord faire le clean et ensuite après un reboot refaire le scan RKR pour localiser ce qui est plus sérieux.

édit:

seule doit subsister :

HKLM\SYSTEM\ControlSet001\Services\d347prt\Cfg\0Jf40 10/02/2006 15:23 0 bytes Hidden from Windows API.

tout le reste de tes clés c’est >>> danger …

bueno, toujours MOa!!!! :ane:

d’abord sache que regdelnull a pour fonction précise de supprimer des clés que normalement tu ne pourrais pas avoir accès donc pas conséquent son contenu.

nous allons te/vous faire comprendre en pratique son utilité:

télécharge l’exemple >> RegHide

tu n’as seulement besoin que d’aller dans RegHide\RELEASE et clique sur RegHide
ensuite clique sur le premier “OK” , donc la clé inaccessible a été crée, pour le vérifier, tu vas lancer regedit (Exécuter…) et dans cette branche :
HKEY_LOCAL_MACHINE\SOFTWARE\Systems Internals
maintenant essaye d’ouvrir Can’t touch me!

là t’as donc vu l’effet , c’est justement pour ce type de clé que regdelnull
intervient car il va identifier et permettre la suppression de ce genre de clé.
maintenant ferme regedit.
donc tu places
regdelnull dans C:

et tu vas dans Exécuter… là tu fais :
C:\RegDelNull.exe hklm -s

et tu verras qu’il aura localisé la clé et remplaçant la valeur “nulle” par “*” permettant la suppression de celle-ci .
si tu rouvres regedit , tu remarqueras que Can’t touch me! n’y est plus .

pour finir : tu peux fermer RegHide en cliquant sur le "OK" (second )

et d’ailleurs cette clé Can’t touch me! sera effacée automatiquement en sortant de RegHide , c’est pour cette raison qu’il faut maintenir RegHide ouvert dans sa dernière fenêtre pour faire le test.

edit : allez, un ptit coup de :clap: et :jap: pour l’explication , j’adore la foule … :lol:

:clap: :clap: :clap: :clap: :clap: :clap: :clap: :clap: :clap: :clap: :clap:

Je viens de lire vite fait, je n’ai pas le temps de faire ça ce soir mais j’ai bien compris. J’avais fait ce que tu m’avais dit mais j’avais été sur le net pendant le scan, peut-être pour ça…

Le prochain smiley arrivera quand je n’aurais plus que la seule clé qui doit resté :ane:

Tcho les gens

Bonjour a tous :hello:

Tout d’abord un gros big up :bounce: et felicitation :clap: a Juju pour le temps consacré à aider les autres il existe des pirates mais y’ aussi des anges gardiens sur le net et tu en fait parti :super: .Un grand merci aussi a Mastercode et tous les gens qui font avancer le forum.

Bon fini les eloges :pt1cable: et place a ma question

J’ai fait a partir de ton lien

Tester son pare-feu

Ce lien permet de tester son pare feu afin de vérifier que les reglages effectués permettent d’etre invisible sur le réseau:

http://www.pcflank.com/test.htm un analyse de mon pare feu

et les resultats sont tres mediocres:

Check for vulnerabilities of your computer system to remove attacks = danger
trojan horse check = warning
browser privacy check = danger

Mon pare feu est zone alarm et mon antivirus est avast.
Que dois je faire aider moi svp a mieux proteger mon system.

Merci :wink:

je suis deg un conseil: mettez jamais f-secure il met des trucs louches… Backweb c’est quoi? (ça vient de f-secure) enfin je suis passe à Nod32 et y’a pas photo.

:super: merci c’est sympa

fais le test de ton firewall ici :

https://www.grc.com/x/ne.dll?bh0bkyd2

tu cliques sur "proceed" puis dans le tableau sur "Common Ports" puis ensuite sur "All Service Ports" ensuite tu vas dans TEXT SUMMARY si tu as FAiled copier et coller le resultat dans ce topic.

exemple d’un bon résultat :

pour ce qui est de ZA même si c’est un bon Fwall il se peut que certains exploits lui soient difficile à gerer d’ailleurs ce fut le cas dans les anciennes versions.

pour ce qui est de la sécurité de ton système faut dire que c’est un ensemble de mesures et matériel qui pourront te donner la tranquillité recherchée .

as tu fermé les ports critiques ? >> l’utilitaire ZebProtect

Posséder un modem routeur est un plus non négligeable car il permet de filtrer de par son firewall intégré évitant une surcharge du firewall logiciel (ZA).
selon le résultat à ce test, soit il te faudra configurer ton routeur (si t’en a) , soit ZA .

Backweb c’est le systeme de mise a jour de f-secure, pas de craintes à avoir. :wink:

Bon choix pour nod32. :wink: Faut vraiment que je le teste :smiley:

Edit: il existe aussi une version de back web utilisée par les spywares… C’est vrai qu’a ce niveau la situation n’est pas très clair, mais dans le cas de f-secure no pb :wink:

Bonjour voilà les resultats du test ils sont pas bon :

Solicited TCP Packets: RECEIVED (FAILED) — As detailed in the port report below, one or more of your system’s ports actively responded to our deliberate attempts to establish a connection. It is generally possible to increase your system’s security by hiding it from the probes of potentially hostile hackers. Please see the details presented by the specific port links below, as well as the various resources on this site, and in our extremely helpful and active user community.

Unsolicited Packets: PASSED — No Internet packets of any sort were received from your system as a side-effect of our attempts to elicit some response from any of the ports listed above. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system remained wisely silent. (Except for the fact that not all of its ports are completely stealthed as shown below.)

Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation.

Port
Service
Status Security Implications

0
<nil>
Closed Your computer has responded that this port exists but is currently closed to connections.

21
FTP
OPEN! FTP servers have many known security vulnerabilities and the payoff from exploiting an insecure FTP server can be significant. This system’s open FTP port is inviting intruders to examine your system more closely.

22
SSH
OPEN! Secure Shell provides a secure-connection version of the Telnet remote console service with additional features. Unfortunately, the SSH services and their security add-on packages have a long history of many widely exploited buffer overflow vulnerabilities. If your system has this port exposed to the outside world you should be vigilant in keeping your SSH service updated.

23
Telnet
OPEN! Telnet provides a remote command prompt window which allows remote systems to be configured and controlled. Any system that appears to be offering a Telnet connection — like yours is right now — is offering the potential for total command-level access. Since a surprising number of Telnet servers are known to have no password, this open Telnet port will be attracting a LOT of the wrong kind of attention. If your network contains a residential NAT or DSL router, it may be that its "WAN-side" management interface is open and accepting connections. No matter what the cause, you should immediately attend to this open Telnet port.

25
SMTP
Closed Your computer has responded that this port exists but is currently closed to connections.

79
Finger
Closed Your computer has responded that this port exists but is currently closed to connections.

80
HTTP
OPEN! The web is so insecure these days that new security “exploits” are being discovered almost daily. There are many known problems with Microsoft’s Personal Web Server (PWS) and its Frontpage Extensions that many people run on their personal machines. So having port 80 “open” as it is here causes intruders to wonder how much information you might be willing to give away.

110
POP3
Closed Your computer has responded that this port exists but is currently closed to connections.

113
IDENT
Closed Your computer has responded that this port exists but is currently closed to connections.

119
NNTP
Closed Your computer has responded that this port exists but is currently closed to connections.

135
RPC
Closed Your computer has responded that this port exists but is currently closed to connections.

139
Net
BIOS
Closed Your computer has responded that this port exists but is currently closed to connections.

143
IMAP
Closed Your computer has responded that this port exists but is currently closed to connections.

389
LDAP
Closed Your computer has responded that this port exists but is currently closed to connections.

443
HTTPS
Closed Your computer has responded that this port exists but is currently closed to connections.

445
MSFT
DS
Closed Your computer has responded that this port exists but is currently closed to connections.

1002
ms-ils
Closed Your computer has responded that this port exists but is currently closed to connections.

1024
DCOM
Closed Your computer has responded that this port exists but is currently closed to connections.

1025
Host
Closed Your computer has responded that this port exists but is currently closed to connections.

1026
Host
Closed Your computer has responded that this port exists but is currently closed to connections.

1027
Host
Closed Your computer has responded that this port exists but is currently closed to connections.

1028
Host
Closed Your computer has responded that this port exists but is currently closed to connections.

1029
Host
Closed Your computer has responded that this port exists but is currently closed to connections.

1030
Host
Closed Your computer has responded that this port exists but is currently closed to connections.

1720
H.323
Closed Your computer has responded that this port exists but is currently closed to connections.

5000
UPnP
Closed Your computer has responded that this port exists but is currently closed to connections.

0 0 / <nil> / Reserved 1 / tcpmux / TCP Port Service Multiplexer 2 / compressnet / Management Utility 3 / compressnet / Compression Process 4 5 / rje / Remote Job Entry 6 7 / echo / Echo 8 9 / discard / Discard 10 11 / systat / Active Users 12 13 / daytime / Daytime 14 15 16 17 / qotd / Quote of the Day 18 / msp / Message Send Protocol 19 / chargen / Character Generator 20 / ftp-data / File Transfer Protocol / Default Data Channel 21 / ftp / File Transfer Protocol / Control Channel 22 / ssh / SSH Remote Login Protocol 23 / telnet / Telnet 24 / privmail / Private Mail System 25 / smtp / Simple Mail Transfer Protocol 26 27 / nsw-fe / NSW User System FE 28 / - / (Used by ‘Amanda’ Trojan) 29 / msg-icp / MSG ICP 30 / - / (Used by ‘Agent 40421’ Trojan) 31 / msg-auth / MSG Authentication 31
32 32 33 / dsp / Display Support Protocol 34 35 / privprnt / Private Printer Server 36 37 / time / Time 38 / rap / Route Access Protocol 39 / rlp / Resource Location Protocol 40 41 / graphics / Graphics 42 / nameserver / Host Name Server 43 / nicname / Who Is 44 / mpm-flags / Message Processing Module / Flags 45 / mpm / Message Processing Module / Receive 46 / mpm-snd / Message Processing Module / Send 47 / ni-ftp / NI FTP 48 / auditd / Digital Audit Daemon 49 / tacacs / Login Host Protocol 50 / re-mail-ck / Remote Mail Checking Protocol 51 / la-maint / IMP Logical Address Maintenance 52 / xns-time / XNS Time Protocol 53 / domain / Domain Name Server 54 / xns-ch / XNS Clearinghouse 55 / isi-gl / ISI Graphics Language 56 / xns-auth / XNS Authentication 57 / privterm / Private Terminal Access 58 / xns-mail / XNS Mail 59 / privfs / Private File Service 60 61 / ni-mail / NI MAIL 62 / acas / ACA Services 63 / whois++ / whois++ 63
64 64 / covia / Communications Integrator (CI) 65 / tacacs-ds / TACACS-Database Service 66 / sqlnet / Oracle SQLNET 67 / bootps / Bootstrap Protocol Server 68 / bootpc / Bootstrap Protocol Client 69 / tftp / Trivial File Transfer 70 / gopher / Gopher 71 / netrjs-1 / Remote Job Service 72 / netrjs-2 / Remote Job Service 73 / netrjs-3 / Remote Job Service 74 / netrjs-4 / Remote Job Service 75 / privdial / Private Dial Out Service 76 / deos / Distributed External Object Store 77 / privRJE / Private RJE Service 78 / vettcp / vettcp 79 / finger / Finger 80 / http / World Wide Web HTTP Protocol 81 / hosts2-ns / HOSTS2 Name Server 82 / xfer / XFER Utility 83 / mit-ml-dev / MIT ML Device 84 / ctf / Common Trace Facility 85 / mit-ml-dev / MIT ML Device 86 / mfcobol / Micro Focus Cobol 87 / privlnk / Private Terminal Link 88 / kerberos / Kerberos 89 / su-mit-tg / SU/MIT Telnet Gateway 90 / dnsix / DNSIX Securit Attribute Token Map 91 / mit-dov / MIT Dover Spooler 92 / npp / Network Printing Protocol 93 / dcp / Device Control Protocol 94 / objcall / Tivoli Object Dispatcher 95 / supdup / SUPDUP 95
96 96 / dixie / DIXIE Protocol Specification 97 / swift-rvf / Swift Remote Virtural File Protocol 98 / tacnews / TAC News 99 / metagram / Metagram Relay 100 101 / hostname / NIC Host Name Server 102 / iso-tsap / ISO-TSAP Class 0 103 / gppitnp / Genesis Point-to-Point Trans Net 104 / acr-nema / ACR-NEMA Digital Imag. & Comm. 300 105 / csnet-ns / Mailbox Name Nameserver 106 / 3com-tsmux / 3COM-TSMUX 107 / rtelnet / Remote Telnet Service 108 / snagas / SNA Gateway Access Server 109 / pop2 / Post Office Protocol - Version 2 110 / pop3 / Post Office Protocol - Version 3 111 / sunrpc / SUN Remote Procedure Call 112 / mcidas / McIDAS Data Transmission Protocol 113 / ident / Authentication Service 114 / audionews / Audio News Multicast 115 / sftp / Simple File Transfer Protocol 116 / ansanotify / ANSA REX Notify 117 / uucp-path / UUCP Path Service 118 / sqlserv / SQL Services 119 / nntp / Network News Transfer Protocol 120 / cfdptkt / CFDPTKT 121 / erpc / Encore Expedited Remote Pro.Call 122 / smakynet / SMAKYNET 123 / ntp / Network Time Protocol 124 / ansatrader / ANSA REX Trader 125 / locus-map / Locus PC-Interface Net Map Ser 126 / nxedit / NXEdit 127 / locus-con / Locus PC-Interface Conn Server 127
128 128 / gss-xlicen / GSS X License Verification 129 / pwdgen / Password Generator Protocol 130 / cisco-fna / cisco FNATIVE 131 / cisco-tna / cisco TNATIVE 132 / cisco-sys / cisco SYSMAINT 133 / statsrv / Statistics Service 134 / ingres-net / INGRES-NET Service 135 / epmap / DCE endpoint resolution 136 / profile / PROFILE Naming System 137 / netbios-ns / NetBIOS Name Service 138 / netbios-dgm / NetBIOS Datagram Service 139 / netbios-ssn / NetBIOS Session Service 140 / emfis-data / EMFIS Data Service 141 / emfis-cntl / EMFIS Control Service 142 / bl-idm / Britton-Lee IDM 143 / imap / Internet Message Access Protocol 144 / uma / Universal Management Architecture 145 / uaac / UAAC Protocol 146 / iso-tp0 / ISO-IP0 147 / iso-ip / ISO-IP 148 / jargon / Jargon 149 / aed-512 / AED 512 Emulation Service 150 / sql-net / SQL-NET 151 / hems / HEMS 152 / bftp / Background File Transfer Protocol 153 / sgmp / SGMP 154 / netsc-prod / NETSC 155 / netsc-dev / NETSC 156 / sqlsrv / SQL Service 157 / knet-cmp / KNET/VM Command/Message Protocol 158 / pcmail-srv / PCMail Server 159 / nss-routing / NSS-Routing 159
160 160 / sgmp-traps / SGMP-TRAPS 161 / snmp / SNMP 162 / snmptrap / SNMPTRAP 163 / cmip-man / CMIP Manager 164 / cmip-agent / CMIP Agent 165 / xns-courier / Xerox 166 / s-net / Sirius Systems 167 / namp / NAMP 168 / rsvd / RSVD 169 / send / SEND 170 / print-srv / Network PostScript 171 / multiplex / Network Innovations Multiplex 172 / cl/1 / Network Innovations CL/1 173 / xyplex-mux / Xyplex 174 / mailq / MAILQ 175 / vmnet / VMNET 176 / genrad-mux / GENRAD-MUX 177 / xdmcp / X Display Manager Control Protocol 178 / nextstep / NextStep Window Server 179 / bgp / Border Gateway Protocol 180 / ris / Intergraph 181 / unify / Unify 182 / audit / Unisys Audit SITP 183 / ocbinder / OCBinder 184 / ocserver / OCServer 185 / remote-kis / Remote-KIS 186 / kis / KIS Protocol 187 / aci / Application Communication Interface 188 / mumps / Plus Five’s MUMPS 189 / qft / Queued File Transport 190 / gacp / Gateway Access Control Protocol 191 / prospero / Prospero Directory Service 191
192 192 / osu-nms / OSU Network Monitoring System 193 / srmp / Spider Remote Monitoring Protocol 194 / irc / Internet Relay Chat Protocol 195 / dn6-nlm-aud / DNSIX Network Level Module Audit 196 / dn6-smm-red / DNSIX Session Mgt Module Audit Redir 197 / dls / Directory Location Service 198 / dls-mon / Directory Location Service Monitor 199 / smux / SMUX 200 / src / IBM System Resource Controller 201 / at-rtmp / AppleTalk Routing Maintenance 202 / at-nbp / AppleTalk Name Binding 203 / at-3 / AppleTalk Unused 204 / at-echo / AppleTalk Echo 205 / at-5 / AppleTalk Unused 206 / at-zis / AppleTalk Zone Information 207 / at-7 / AppleTalk Unused 208 / at-8 / AppleTalk Unused 209 / qmtp / The Quick Mail Transfer Protocol 210 / z39.50 / ANSI Z39.50 211 / 914c/g / Texas Instruments 914C/G Terminal 212 / anet / ATEXSSTR 213 / ipx / IPX 214 / vmpwscs / VM PWSCS 215 / softpc / Insignia Solutions 216 / CAIlic / Computer Associates Int’l License Server 217 / dbase / dBASE Unix 218 / mpp / Netix Message Posting Protocol 219 / uarps / Unisys ARPs 220 / imap3 / Interactive Mail Access Protocol v3 221 / fln-spx / Berkeley rlogind with SPX auth 222 / rsh-spx / Berkeley rshd with SPX auth 223 / cdc / Certificate Distribution Center 223
224 224 / masqdialer / masqdialer 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 / direct / Direct 243 / sur-meas / Survey Measurement 244 / inbusiness / inbusiness 245 / link / LINK 246 / dsp3270 / Display Systems Protocol 247 / subntbcst_tftp / SUBNTBCST_TFTP 248 / bhfhs / bhfhs 249 250 251 252 253 254 255 255
256 256 / rap / RAP 257 / set / Secure Electronic Transaction 258 / yak-chat / Yak Winsock Personal Chat 259 / esro-gen / Efficient Short Remote Operations 260 / openport / Openport 261 / nsiiops / IIOP Name Service over SSL 262 / arcisdms / Arcisdms 263 / hdap / HDAP 264 / bgmp / BGMP 265 / x-bone-ctl / X-Bone CTL 266 / sst / SCSI on ST 267 / td-service / Tobit David Service Layer 268 / td-replica / Tobit David Replica 269 270 271 272 273 274 275 276 277 278 279 280 / http-mgmt / http-mgmt 281 / personal-link / Personal Link 282 / cableport-ax / Cable Port A/X 283 / rescap / rescap 284 / corerjd / corerjd 285 / - / (Used by ‘WCTrojan’ Trojan) 286 / fxp-1 / FXP-1 287 / k-block / K-BLOCK 287
288 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 / novastorbakcup / Novastor Backup 309 / entrusttime / EntrustTime 310 / bhmds / bhmds 311 / asip-webadmin / AppleShare IP WebAdmin 312 / vslmp / VSLMP 313 / magenta-logic / Magenta Logic 314 / opalis-robot / Opalis Robot 315 / dpsi / DPSI 316 / decauth / decAuth 317 / zannet / Zannet 318 / pkix-timestamp / PKIX TimeStamp 319 / ptp-event / PTP Event 319
320 320 / ptp-general / PTP General 321 / pip / PIP 322 / rtsps / RTSPS 323 324 325 326 327 328 329 330 331 332 333 / texar / Texar Security Port 334 / - / (Used by ‘Backage’ Trojan) 335 336 337 338 339 340 341 342 343 344 / pdap / Prospero Data Access Protocol 345 / pawserv / Perf Analysis Workbench 346 / zserv / Zebra server 347 / fatserv / Fatmen Server 348 / csi-sgwp / Cabletron Management Protocol 349 / mftp / mftp 350 / matip-type-a / MATIP Type A 351 / matip-type-b / MATIP Type B 351
352 352 / dtag-ste-sb / DTAG 353 / ndsauth / NDSAUTH 354 / bh611 / bh611 355 / datex-asn / DATEX-ASN 356 / cloanto-net-1 / Cloanto Net 1 357 / bhevent / bhevent 358 / shrinkwrap / Shrinkwrap 359 / nsrmp / Network Security Risk Management Protocol 360 / scoi2odialog / scoi2odialog 361 / semantix / Semantix 362 / srssend / SRS Send 363 / rsvp_tunnel / RSVP Tunnel 364 / aurora-cmgr / Aurora CMGR 365 / dtk / DTK 366 / odmr / ODMR 367 / mortgageware / MortgageWare 368 / qbikgdp / QbikGDP 369 / rpc2portmap / rpc2portmap 370 / codaauth2 / codaauth2 371 / clearcase / Clearcase 372 / ulistproc / ListProcessor 373 / legent-1 / Legent Corporation 374 / legent-2 / Legent Corporation 375 / hassle / Hassle 376 / nip / Amiga Envoy Network Inquiry Proto 377 / tnETOS / NEC Corporation 378 / dsETOS / NEC Corporation 379 / is99c / TIA/EIA/IS-99 modem client 380 / is99s / TIA/EIA/IS-99 modem server 381 / hp-collector / hp performance data collector 382 / hp-managed-node / hp performance data managed node 383 / hp-alarm-mgr / hp performance data alarm manager 383
384 384 / arns / A Remote Network Server System 385 / ibm-app / IBM Application 386 / asa / ASA Message Router Object Def. 387 / aurp / Appletalk Update-Based Routing Pro. 388 / unidata-ldm / Unidata LDM 389 / ldap / Lightweight Directory Access Protocol 390 / uis / UIS 391 / synotics-relay / SynOptics SNMP Relay Port 392 / synotics-broker / SynOptics Port Broker Port 393 / meta5 / Meta5 394 / embl-ndt / EMBL Nucleic Data Transfer 395 / netcp / NETscout Control Protocol 396 / netware-ip / Novell Netware over IP 397 / mptn / Multi Protocol Trans. Net. 398 / kryptolan / Kryptolan 399 / iso-tsap-c2 / ISO Transport Class 2 Non-Control over TCP 400 / work-sol / Workstation Solutions 401 / ups / Uninterruptible Power Supply 402 / genie / Genie Protocol 403 / decap / decap 404 / nced / nced 405 / ncld / ncld 406 / imsp / Interactive Mail Support Protocol 407 / timbuktu / Timbuktu 408 / prm-sm / Prospero Resource Manager Sys. Man. 409 / prm-nm / Prospero Resource Manager Node Man. 410 / decladebug / DECLadebug Remote Debug Protocol 411 / rmt / Remote MT Protocol 412 / synoptics-trap / Trap Convention Port 413 / smsp / Storage Management Services Protocol 414 / infoseek / InfoSeek 415 / bnet / BNet 415
416 416 / silverplatter / Silverplatter 417 / onmux / Onmux 418 / hyper-g / Hyper-G 419 / ariel1 / Ariel 1 420 / smpte / SMPTE 421 / ariel2 / Ariel 2 422 / ariel3 / Ariel 3 423 / opc-job-start / IBM Operations Planning and Control Start 424 / opc-job-track / IBM Operations Planning and Control Track 425 / icad-el / ICAD 426 / smartsdp / smartsdp 427 / svrloc / Server Location 428 / ocs_cmu / OCS_CMU 429 / ocs_amu / OCS_AMU 430 / utmpsd / UTMPSD 431 / utmpcd / UTMPCD 432 / iasd / IASD 433 / nnsp / NNSP 434 / mobileip-agent / MobileIP-Agent 435 / mobilip-mn / MobilIP-MN 436 / dna-cml / DNA-CML 437 / comscm / comscm 438 / dsfgw / dsfgw 439 / dasp / dasp Thomas Obermair 440 / sgcp / sgcp 441 / decvms-sysmgt / decvms-sysmgt 442 / cvc_hostd / cvc_hostd 443 / https / secure http protocol (SSL) 444 / snpp / Simple Network Paging Protocol 445 / microsoft-ds / Microsoft Directory Service 446 / ddm-rdb / DDM-RDB 447 / ddm-dfm / DDM-RFM 447
448 448 / ddm-ssl / DDM-SSL 449 / as-servermap / AS Server Mapper 450 / tserver / Computer Supported Telecomunication Applications 451 / sfs-smp-net / Cray Network Semaphore server 452 / sfs-config / Cray SFS config server 453 / creativeserver / CreativeServer 454 / contentserver / ContentServer 455 / creativepartnr / CreativePartnr 456 / macon-tcp / macon-tcp 457 / scohelp / scohelp 458 / appleqtc / apple quick time 459 / ampr-rcmd / ampr-rcmd 460 / skronk / skronk 461 / datasurfsrv / DataRampSrv 462 / datasurfsrvsec / DataRampSrvSec 463 / alpes / alpes 464 / kpasswd / kpasswd 465 / urd / URL Rendesvous Directory for SSM 466 / digital-vrc / digital-vrc 467 / mylex-mapd / mylex-mapd 468 / photuris / proturis 469 / rcp / Radio Control Protocol 470 / scx-proxy / scx-proxy 471 / mondex / Mondex 472 / ljk-login / ljk-login 473 / hybrid-pop / hybrid-pop 474 / tn-tl-w1 / tn-tl-w1 475 / tcpnethaspsrv / tcpnethaspsrv 476 / tn-tl-fd1 / tn-tl-fd1 477 / ss7ns / ss7ns 478 / spsc / spsc 479 / iafserver / iafserver 479
480 480 / iafdbase / iafdbase 481 / ph / Ph service 482 / bgs-nsi / bgs-nsi 483 / ulpnet / ulpnet 484 / integra-sme / Integra Software Management Environment 485 / powerburst / Air Soft Power Burst 486 / avian / avian 487 / saft / saft Simple Asynchronous File Transfer 488 / gss-http / gss-http 489 / nest-protocol / nest-protocol 490 / micom-pfs / micom-pfs 491 / go-login / go-login 492 / ticf-1 / Transport Independent Convergence for FNA 493 / ticf-2 / Transport Independent Convergence for FNA 494 / pov-ray / POV-Ray 495 / intecourier / intecourier 496 / pim-rp-disc / PIM-RP-DISC 497 / dantz / dantz 498 / siam / siam 499 / iso-ill / ISO ILL Protocol 500 / isakmp / isakmp 501 / stmf / STMF 502 / asa-appl-proto / asa-appl-proto 503 / intrinsa / Intrinsa 504 / citadel / citadel 505 / mailbox-lm / mailbox-lm 506 / ohimsrv / ohimsrv 507 / crs / crs 508 / xvttp / xvttp 509 / snare / snare 510 / fcp / FirstClass Protocol 511 / passgo / PassGo 511
512 512 / exec / remote process execution 513 / login / remote login a la telnet 514 / syslog / syslog 515 / printer / spooler 516 / videotex / videotex 517 / talk / like tenex link 518 519 / utime / unixtime 520 / efs / extended file name server 521 / ripng / ripng 522 / ulp / ULP 523 / ibm-db2 / IBM-DB2 524 / ncp / NCP 525 / timed / timeserver 526 / tempo / newdate 527 / stx / Stock IXChange 528 / custix / Customer IXChange 529 / irc-serv / IRC-SERV 530 / courier / rpc 531 / conference / chat 532 / netnews / readnews 533 / netwall / for emergency broadcasts 534 / mm-admin / MegaMedia Admin 535 / iiop / iiop 536 / opalis-rdv / opalis-rdv 537 / nmsp / Networked Media Streaming Protocol 538 / gdomap / gdomap 539 / apertus-ldp / Apertus Technologies Load Determination 540 / uucp / uucpd 541 / uucp-rlogin / uucp-rlogin 542 / commerce / commerce 543 543
544 544 / kshell / krcmd 545 / appleqtcsrvr / appleqtcsrvr 546 / dhcpv6-client / DHCPv6 Client 547 / dhcpv6-server / DHCPv6 Server 548 / afpovertcp / AFP over TCP 549 / idfp / IDFP 550 / new-rwho / new-who 551 / cybercash / cybercash 552 / devshr-nts / DeviceShare 553 / pirp / pirp 554 / rtsp / Real Time Stream Control Protocol 555 556 / remotefs / rfs server 557 / openvms-sysipc / openvms-sysipc 558 / sdnskmp / SDNSKMP 559 / teedtap / TEEDTAP 560 / rmonitor / rmonitord 561 562 / chshell / chcmd 563 / nntps / secure nntp protocol (SSL) (was snntp) 564 / 9pfs / plan 9 file service 565 / whoami / whoami 566 / streettalk / streettalk 567 / banyan-rpc / banyan-rpc 568 / ms-shuttle / microsoft shuttle 569 / ms-rome / microsoft rome 570 / meter / demon 571 / meter / udemon 572 / sonar / sonar 573 / banyan-vip / banyan-vip 574 / ftp-agent / FTP Software Agent System 575 / vemmi / VEMMI 575
576 576 / ipcd / ipcd 577 / vnas / vnas 578 / ipdd / ipdd 579 / decbsrv / decbsrv 580 / sntp-heartbeat / SNTP HEARTBEAT 581 / bdp / Bundle Discovery Protocol 582 / scc-security / SCC Security 583 / philips-vc / Philips Video-Conferencing 584 / keyserver / Key Server 585 / imap4-ssl / IMAP4+SSL (use 993 instead) 586 / password-chg / Password Change 587 / submission / Submission 588 / cal / CAL 589 / eyelink / EyeLink 590 / tns-cml / TNS CML 591 / http-alt / FileMaker Inc. - HTTP Alternate (see Port 80) 592 / eudora-set / Eudora Set 593 / http-rpc-epmap / HTTP RPC Ep Map 594 / tpip / TPIP 595 / cab-protocol / CAB Protocol 596 / smsd / SMSD 597 / ptcnameservice / PTC Name Service 598 / sco-websrvrmg3 / SCO Web Server Manager 3 599 / acp / Aeolon Core Protocol 600 / ipcserver / Sun IPC server 601 / syslog-conn / Reliable Syslog Service 602 / xmlrpc-beep / XML-RPC over BEEP 603 / idxp / IDXP 604 / tunnel / TUNNEL 605 / soap-beep / SOAP over BEEP 606 / urm / Cray Unified Resource Manager 607 / nqs / nqs 607
608 608 / sift-uft / Sender-Initiated/Unsolicited File Transfer 609 / npmp-trap / npmp-trap 610 / npmp-local / npmp-local 611 / npmp-gui / npmp-gui 612 / hmmp-ind / HMMP Indication 613 / hmmp-op / HMMP Operation 614 / sshell / Secure SSLshell 615 / sco-inetmgr / Internet Configuration Manager 616 / sco-sysmgr / SCO System Administration Server 617 / sco-dtmgr / SCO Desktop Administration Server 618 / dei-icda / DEI-ICDA 619 / compaq-evm / Compaq EVM 620 / sco-websrvrmgr / SCO WebServer Manager 621 / escp-ip / ESCP 622 / collaborator / Collaborator 623 / asf-rmcp / ASF Remote Management and Control Protocol 624 / cryptoadmin / Crypto Admin 625 / dec_dlm / DEC DLM 626 / asia / ASIA 627 / passgo-tivoli / PassGo Tivoli 628 / qmqp / QMQP 629 / 3com-amp3 / 3Com AMP3 630 / rda / RDA 631 / ipp / IPP (Internet Printing Protocol) 632 / bmpp / bmpp 633 / servstat / Service Status update (Sterling Software) 634 / ginad / ginad 635 / rlzdbase / RLZ DBase 636 / ldaps / secure ldap protocol (SSL) (was sldap) 637 / lanserver / lanserver 638 / mcns-sec / mcns-sec 639 / msdp / MSDP 639
640 640 / entrust-sps / entrust-sps 641 / repcmd / repcmd 642 / esro-emsdp / ESRO-EMSDP V1.3 643 / sanity / SANity 644 / dwr / dwr 645 / pssc / PSSC 646 / ldp / LDP 647 / dhcp-failover / DHCP Failover 648 / rrp / Registry Registrar Protocol (RRP) 649 / cadview-3d / Cadview-3d - streaming 3d models over the internet 650 / obex / OBEX 651 / ieee-mms / IEEE MMS 652 / hello-port / HELLO_PORT 653 / repscmd / RepCmd 654 / aodv / AODV 655 / tinc / TINC 656 / spmp / SPMP 657 / rmc / RMC 658 / tenfold / TenFold 659 660 / mac-srvr-admin / MacOS Server Admin 661 / hap / HAP 662 / pftp / PFTP 663 / purenoise / PureNoise 664 / asf-secure-rmcp / ASF Secure Remote Management and Control Protocol 665 / sun-dr / Sun DR 666 667 / disclose / campaign contribution disclosures - SDR Technologies 668 / mecomm / MeComm 669 / meregister / MeRegister 670 / vacdsm-sws / VACDSM-SWS 671 / vacdsm-app / VACDSM-APP 671
672 672 / vpps-qua / VPPS-QUA 673 / cimplex / CIMPLEX 674 / acap / ACAP 675 / dctp / DCTP 676 / vpps-via / VPPS Via 677 / vpp / Virtual Presence Protocol 678 / ggf-ncp / GNU Generation Foundation NCP 679 / mrm / MRM 680 / entrust-aaas / entrust-aaas 681 / entrust-aams / entrust-aams 682 / xfr / XFR 683 / corba-iiop / CORBA IIOP 684 / corba-iiop-ssl / CORBA IIOP SSL 685 / mdc-portmapper / MDC Port Mapper 686 / hcp-wismar / Hardware Control Protocol Wismar 687 / asipregistry / asipregistry 688 / realm-rusd / REALM-RUSD 689 / nmap / NMAP 690 / vatp / VATP 691 / msexch-routing / MS Exchange Routing 692 / hyperwave-isp / Hyperwave-ISP 693 / connendp / connendp 694 / ha-cluster / ha-cluster 695 / ieee-mms-ssl / IEEE-MMS-SSL 696 / rushd / RUSHD 697 / uuidgen / UUIDGEN 698 / olsr / OLSR 699 / accessnetwork / Access Network 700 701 702 703 703
704 704 / elcsd / errlog copy/server daemon 705 / agentx / AgentX 706 / silc / SILC 707 / borland-dsj / Borland DSJ 708 709 / entrust-kmsh / Entrust Key Management Service Handler 710 / entrust-ash / Entrust Administration Service Handler 711 / cisco-tdp / Cisco TDP 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 / netviewdm1 / IBM NetView DM/6000 Server/Client 730 / netviewdm2 / IBM NetView DM/6000 send 731 / netviewdm3 / IBM NetView DM/6000 receive 732 733 734 735 735
736 736 737 738 739 740 741 / netgw / netGW 742 / netrcs / Network based Rev. Cont. Sys. 743 744 / flexlm / Flexible License Manager 745 746 747 / fujitsu-dev / Fujitsu Device Control 748 / ris-cm / Russell Info Sci Calendar Manager 749 / kerberos-adm / kerberos administration 750 751 752 753 754 / tell / send 755 756 757 758 759 760 761 762 763 764 765 766 767 / phonebook / phone 767
768 768 769 770 771 772 773 774 775 776 777 / multiling-http / Multiling HTTP 778 779 780 781 782 783 784 785 / - / (Used by ‘Network Terrorist’ Trojan) 786 787 788 789 790 791 792 793 794 795 796 797 798 799 799
800 800 801 802 803 804 805 806 807 808 / - / (Used by ‘WinHole’ Trojan) 809 810 / fcp-udp / FCP 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 / itm-mcell-s / itm-mcell-s 829 / pkix-3-ca-ra / PKIX-3 CA/RA 830 831 / - / (Used by ‘Neurotic Kat’ Trojan) 831
832 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 / dhcp-failover2 / dhcp-failover 2 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 863
864 864 865 866 867 868 869 870 871 872 873 / rsync / rsync 874 875 876 877 878 879 880 881 882 883 884 885 886 / iclcnet-locate / ICL coNETion locate server 887 / iclcnet_svinfo / ICL coNETion server info 888 / cddbp / CD Database Protocol 889 890 891 892 893 894 895 895
896 896 897 898 899 900 / omginitialrefs / OMG Initial Refs 901 / smpnameres / SMPNAMERES 902 / ideafarm-chat / IDEAFARM-CHAT 903 / ideafarm-catch / IDEAFARM-CATCH 904 905 906 907 908 909 910 911 / xact-backup / xact-backup 912 / apex-mesh / APEX relay-relay service 913 / apex-edge / APEX endpoint-relay service 914 915 916 917 918 919 920 921 922 923 924 925 926 927 927
928 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 959
960 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 989 / ftps-data / secure ftp protocol / data over SSL 990 / ftps / secure ftp protocol / control over SSL 991 / nas / Netnews Administration System 991
992 992 / telnets / secure telnet protocol over SSL 993 / imaps / secure imap4 protocol over SSL 994 / ircs / secure irc protocol over SSL 995 / pop3s / secure pop3 protocol over SSL (was spop3) 996 / vsinet / vsinet 997 998 999 1000 1001 / - / (popular with Trojans - see details) 1002 / ms-ils / Microsoft Netmeeting ILS Service 1003 1004 1005 / - / (Used by ‘Theef’ Trojan) 1006 1007 1008 / - / (Used by ‘Lion’ & ‘AutoSpy’ Trojans) 1009 1010 / surf / surf (also used by ‘Doly’ Trojan) 1011 / - / (Used by ‘Doly’ Trojan) 1012 / - / (Used by ‘Doly’ Trojan) 1013 1014 1015 / - / (Used by ‘Doly’ Trojan) 1016 / - / (Used by ‘Doly’ Trojan) 1017 1018 1019 1020 / - / (Used by ‘Doly’ Trojan) 1021 1022 1023 / - / Reserved 1023
1024 1024 / ms-svchost / Microsoft Generic Service Host 1025 / ms-svchost / Microsoft Generic Service Host 1026 / ms-svchost / Microsoft Generic Service Host 1027 / ms-svchost / Microsoft Generic Service Host 1028 / ms-svchost / Microsoft Generic Service Host 1029 / ms-svchost / Microsoft Generic Service Host 1030 / ms-svchost / Microsoft Generic Service Host 1031 / iad2 / BBN IAD 1032 / iad3 / BBN IAD 1033 / netinfo-local / local netinfo port 1034 / activesync / ActiveSync Notifications 1035 / - / (Used by ‘Multidropper’ Trojan) 1036 / pcg-radar / RADAR Service Protocol 1037 1038 1039 1040 / netarx / Netarx 1041 1042 / - / (Used by ‘BLA’ Trojan) 1043 1044 1045 / fpitp / Fingerprint Image Transfer Protocol 1046 1047 / neod1 / Sun’s NEO Object Request Broker 1048 / neod2 / Sun’s NEO Object Request Broker 1049 / td-postman / Tobit David Postman VPMN 1050 / cma / CORBA Management Agent 1051 / optima-vnet / Optima VNET 1052 / ddt / Dynamic DNS Tools 1053 / remote-as / Remote Assistant (RA) 1054 / brvread / BRVREAD 1055 / ansyslmd / ANSYS - License Manager 1055
The port number of any location on the grid above may be determined by floating
your mouse over the square. Most web browsers will display a pop-up window to
identify the port. Otherwise, see the URL display at the bottom of your browser.

Open    		Closed    		Stealth

Total elapsed testing time: 22.902 seconds

voila si c’est ça que tu veux savoir moi honnetement j’y nage un peu.
Sinon mon routeur est le hitachi de club-internet je sais pas si il a un pare feu mais surement.
Merci de votre aide. :wink:

Ton pare-feu est bien configuré? (quelle version de Zone alarm?)

Sinon, c’est assez bizarre comme truc :heink: Fais un scan en ligne des fois que tu aies un trojan qui ouvre tes ports… :confused:

Et pour le routeur, t’as pas une doc avec (je ne connais pas le routeur de club-internet)?

c’est la derniere version de za je l’ai telecharge cette semaine sur clubic j’ai vu la liste de tes sites pour faire un scan en ligne mais j’arrive pas sur panda software meme en passant par internet explorer peut tu me passer stp un lien ou je puisse faire une bonne analyse merci.
Je peux aussi si çà t’embete pas mettre un log a partir de hijackthis et tu me dit ce qu’il faut que je fix.
Merci

:hello: j’ai jamais vu un PC avec tous ces ports ouverts :ouch: To pare feu doit etre mal configurer, soit dit sans vouloir te vexer :slight_smile:

Dejas un lien pour un test en ligne: http://www.secuser.com/antivirus/index.htm

(Accepte l’active X qu’il te propose ) :oui:

:hello: Utilise ZebProtect pour fermer tous les ports critique, comme te l’a dit MasterCode; en plus ici un lien pour la configuration de ZA: http://www.zebulon.fr/articles/configurationZA_1.php

bjour
qu’est ce que je fais , je vire toutes les autres ?.. c important ou je laisse comme ça?
merci de ta réponse

:hello:

je sais que ces clés sont crées par Daemon 4.3.0.0 , normalement il en crée une pour chaque lecteur virtuel soit donc 4

HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\s0 19/12/2005 10:28 4 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\s1 19/12/2005 10:28 4 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\s2 19/12/2005 10:28 4 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\g0 19/12/2005 10:28 32 bytes Hidden from Windows API.

HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\h0 19/12/2005 10:28 4 bytes Hidden from Windows API.

pour ce qui est de cette 6eme

HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 19/12/2005 10:35 0 bytes Hidden from Windows API.

je ne l’ai jamais rencontrée , ce que tu peux faire c’est faire un backup de cette clé par exporter puis la supprimer de ta BdR , cas ou ça foire avec Daemon tu pourras la restaurer.

ou alors tu demontes tous tes lecteurs puis tu fais un backup de toutes les clés puis tu les supprimes .

quand tu remonteras un lecteur il reecrira une nouvelle clé.

attention il se peut aussi que tu aies utilisé , d’autre applications du type :

SR_Stop.exe ou SR7 Stop v1.0.exe

Il y a le site de Trend micro: http://housecall.trendmicro.com/ (il est dans la liste ;))

Mets le log d’hijack this, pas de pb, le TO est la pour ça. :slight_smile:

:oui: effectivement , c’est pas bon du tout , comme selon toi tu possèdes un routeur , le firewall de ce dernier doit être désactivé .

voir dans le setup du routeur si t’as l’option : (je ne connais pas le setup de ton routeur donc peux pas être plus précis )

DMZ en enable (activé)

une zone démilitarisée (DMZ) est un sous-réseau isolé par un pare-feu. Ce sous-réseau contient des machines se situant entre un réseau interne (LAN) et un réseau externe (typiquement, Internet).

DMZ activé (plus aucune protection pare-feu) peut être utile avec certains jeux en ligne et applications de vidéo conférence qui sont incompatibles avec un routeur disposant du mode NAT .(ou alors plutot que de l’activé creer de régles pour FORWARDER les ports du jeu concerné).

si il est activé > désactivé le

ensuite cherche dans les options avancés de ton routeur l’option :

ICMP (echo reply) si elle est sur enable > passe sur disable
certain routeur possède une règle prédéfinie pour activer ou désactiver ce protocole (pas pour la CBOX ou il faut créer la règle dans les options du Firewall du routeur).

bon voila pour les options à trouver dans ton setup routeur .

maintenant , je suppose que ZA lui aussi a une mauvaise configuration , car normalement même avec DMZ activé (routeur) il aurait du te cacher tes ports .
et comme je n’utilise plus ZA jpeux pas t’aider à le configurer.

pour finir je note aussi que t’as pas fermer les ports critiques Windows , télécharge ZEBPROTECT et suivre le tuto ( faire un backup de ta BdR avant d’entreprendre la fermeture des ports)

quand t’auras fait cela recommence le test .

edit : je viens de voir sur un forum que :

Sur l’Hitachi, le firewall interne n’est pas actif par défaut ( à confirmer)
donc il te faut acceder à son setup par> http://ip_passerelle_par_defaut (par ton navigateur)

Executer > CMD > ipconfig /all >cherche passerelle par defaut

edit 2: vlà qui va t’aider à le configurer:

http://www.emule-inside.net/emule/routeurs/hitachi.htm

thxs

quand j’ai fait le scan , j’avais, et j’ai tjrs, daemon desactive mais effectivement j’ai bien utilisé jusqu’à 4 lecteurs montés simultanement.
Connais pas les 2 prog dont tu me parles.
Je parlais sutout des autres clés, tu connais?
(Pour info , j’ai aussi utilisé de tps à autre le lecteur virtuel d’alcohol.)

HKLM\SOFTWARE\Classes\Installer\Products\32418F9EE1126B64A90E8365B85CFCF6\ProductName 19/12/2005 10:14 26 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}\DisplayName 19/12/2005 10:18 26 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet002\Control\MediaProperties\PrivateProperties\Midi\Ports\GFIII 7.1 Ext. MIDI [ 09/06/2005 07:04 0 bytes Key name contains embedded nulls ()
HKLM\SYSTEM\ControlSet002\Control\MediaProperties\PrivateProperties\Midi\Ports\Mappeur MIDI Microsoft [ 09/06/2005 07:04 0 bytes Key name contains embedded nulls (
)
HKLM\SYSTEM\ControlSet002\Control\MediaProperties\PrivateProperties\Midi\Ports\MPU-401 [ 09/06/2005 07:04 0 bytes Key name contains embedded nulls ()
HKLM\SYSTEM\ControlSet002\Control\MediaProperties\PrivateProperties\Midi\Ports\SynthÚ. SW table de sons GS Mic [ 09/06/2005 07:04 0 bytes Key name contains embedded nulls (
)
HKLM\SYSTEM\ControlSet003\Control\MediaProperties\PrivateProperties\Midi\Ports\GFIII 7.1 Ext. MIDI [ 09/06/2005 07:04 0 bytes Key name contains embedded nulls ()
HKLM\SYSTEM\ControlSet003\Control\MediaProperties\PrivateProperties\Midi\Ports\Mappeur MIDI Microsoft [ 09/06/2005 07:04 0 bytes Key name contains embedded nulls (
)
HKLM\SYSTEM\ControlSet003\Control\MediaProperties\PrivateProperties\Midi\Ports\MPU-401 [ 09/06/2005 07:04 0 bytes Key name contains embedded nulls ()
HKLM\SYSTEM\ControlSet003\Control\MediaProperties\PrivateProperties\Midi\Ports\SynthÚ. SW table de sons GS Mic [ 09/06/2005 07:04 0 bytes Key name contains embedded nulls (
)
C:\Documents and Settings\bureautique\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG:KAVICHS 09/02/2006 11:21 36 bytes Hidden from Windows API.

Edit: alcohol fait bien des entrees detectees par RKR (google)

pour alcohol je ne me rappelle plus du chemin (je ne l’utilise plus) :neutre:

pour ces clés, moi j’aurai tout viré : (desactiver restau + backup des clés + suppression de la BdR et reboot) puis refaire le scan RKR

HKLM\SOFTWARE\Classes\Installer\Products\32418F9EE1126B64A90E8365B85CFCF6\ProductName 19/12/2005 10:14 26 bytes Data mismatch between Windows API and raw hive data.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}\DisplayName 19/12/2005 10:18 26 bytes Data mismatch between Windows API and raw hive data.

HKLM\SYSTEM\ControlSet002\Control\MediaProperties\PrivateProperties\Midi\Ports\GFIII 7.1 Ext. MIDI [ 09/06/2005 07:04 0 bytes Key name contains embedded nulls (*)

HKLM\SYSTEM\ControlSet002\Control\MediaProperties\PrivateProperties\Midi\Ports\Mappeur MIDI Microsoft [ 09/06/2005 07:04 0 bytes Key name contains embedded nulls (*)

HKLM\SYSTEM\ControlSet002\Control\MediaProperties\PrivateProperties\Midi\Ports\MPU-401 [ 09/06/2005 07:04 0 bytes Key name contains embedded nulls ()
HKLM\SYSTEM\ControlSet002\Control\MediaProperties\PrivateProperties\Midi\Ports\SynthÚ. SW table de sons GS Mic [ 09/06/2005 07:04 0 bytes Key name contains embedded nulls (
)

HKLM\SYSTEM\ControlSet003\Control\MediaProperties\PrivateProperties\Midi\Ports\GFIII 7.1 Ext. MIDI [ 09/06/2005 07:04 0 bytes Key name contains embedded nulls (*)

HKLM\SYSTEM\ControlSet003\Control\MediaProperties\PrivateProperties\Midi\Ports\Mappeur MIDI Microsoft [ 09/06/2005 07:04 0 bytes Key name contains embedded nulls (*)

HKLM\SYSTEM\ControlSet003\Control\MediaProperties\PrivateProperties\Midi\Ports\MPU-401 [ 09/06/2005 07:04 0 bytes Key name contains embedded nulls ()
HKLM\SYSTEM\ControlSet003\Control\MediaProperties\PrivateProperties\Midi\Ports\SynthÚ. SW table de sons GS Mic [ 09/06/2005 07:04 0 bytes Key name contains embedded nulls (
)

C:\Documents and Settings\bureautique\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG:KAVICHS 09/02/2006 11:21 36 bytes Hidden from Windows API.

les 2 exe sont utilisés pour contourner la detection d’emulateur CD soit avec “DT” ou “Alco”

Edit:
"alcohol fait bien des entrees detectees par RKR (google)"
> :oui: