Problémes d'infections?????

Section d'analyse de rapports et de désinfection : malwares en tous genre et autres indésirables. Demandes de nettoyage uniquement. Prise en charge restreinte : équipe spécialisée.

Modérateur: Modérateurs

Règles du forum :arrow: Les désinfections sont prises en charge par un groupe spécifique, tout le monde ne peut pas intervenir pour désinfecter les machines (règles).
:arrow: Les procédures sont sur-mesure, ne faites pas la même chose chez vous (explications).
:arrow: Un topic par machine, chacun crée le sien. ;)

Problémes d'infections?????

Messagepar Sebas » 02 Nov 2010 10:33

Bonjour, je vous écis en sollicitant votre aide car je me sers de mon pc pour travailler, et, depuis presque une semaine, sans réellement savoir pourquoi, dans outlook 2003 il m'est impossible de cliquer sur des liens, la réponse étant "cette opération à été annulée à cause de restrictions en vigueur sur cet ordinateur. Contactez votre administrateur système." De plus impossible d'installer un antivirus quelconque, il ne me laisse pas le faire. Mon probléme est qu je ne peux ps tout écraser poour recommencer sur du neuf, étant donné que je stoque des miliers de potos sur ce pc est que je m'ensers quotidiennement, tout comme les mails (envoyés et reçus) don je me sers quotidiennnement. Je précise qu'il n'y à aucun lien avec du P2P, vu que je ne me sers d'aucune plate forme de ce genre. Merci de votre aide.
Sebas
 
Messages: 14
Inscription: 02 Nov 2010 10:21

Re: Problémes d'infections?????

Messagepar Florinator » 02 Nov 2010 11:11

Bonjour Sebas,

On dirait bien que les droits ont été modifiés.
Il nous faut regarder de plus prés ce qui se passe:

Télécharge ZHPDiag crée par Nicolas Coolman

  • Enregistre le sur ton bureau
  • Double clique sur l'icône
  • Suis les instructions à l'ecran
  • Clique sur Image pour lancer l'analyse
  • Clique sur Image pour copier le rapport
  • Puis colle le dans ta prochaine réponses
  • Le rapport se situe aussi sous C:\Program Files\ZebHelpProcess\ZHPDiag.txt

A++
Le savoir n'est utile que si il est transmis.
Avatar de l’utilisateur
Florinator
Maître Libellulien
Maître Libellulien
 
Messages: 661
Inscription: 28 Déc 2009 16:19

Re: Problémes d'infections?????

Messagepar Sebas » 02 Nov 2010 11:46

Re,

Merci de prendre du temps pour moi.
Je dois poster le rapport en plusieurs fois car cela dépasse le nombre de caractéres autorisés.
1ére partie:

Rapport de ZHPDiag v1.27.062 par Nicolas Coolman, Update du 01/11/2010
Run by Daniel Cerf at 02.11.2010 11:44:24
Web site : http://www.premiumorange.com/zeb-help-p ... pdiag.html
Contact : nicolascoolman@yahoo.fr

---\\ Web Browser
MSIE: Internet Explorer v8.0.6001.18702

---\\ System Information
Windows XP Professional Service Pack 3 (Build 2600)
Processor: x86 Family 6 Model 15 Stepping 6, GenuineIntel
Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2046.1 MB (56% free)
System drive C: has 4 GB (7%) free of 53 GB

---\\ Logged in mode
Computer Name: ACERASPIRE9429
User Name: Daniel Cerf
All Users Names: SUPPORT_388945a0, HelpAssistant, Daniel Cerf, Administrateur,
Unselected Option: O1,O45,O61,O62,O65,O82
Logged in as Administrator

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 4 Go of 53 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 912 Go of 932 Go)
E:\ Hard drive, Flash drive, Thumb drive (Free 15 Go of 54 Go)
F:\ CD-ROM drive (Not Inserted)
G:\ CD-ROM drive (Not Inserted)


---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoFolderOptions: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] DisableRegistryTools: Modified


---\\ Recherche particulière de fichiers générics
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14.04.2008 03:34:03.) -- C:\Windows\Explorer.exe [1037824]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14.04.2008 03:34:28.) -- C:\Windows\System32\Winlogon.exe [512000]


---\\ Processus lancés
[MD5.56DED3ADE453272E6A0AD582D945D1A4] - (.Intel Corporation - Intel(R) PROSet/Wireless Event Log.) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [114753]
[MD5.6C5155CC0E805C7BE6028BFF7AC14524] - (.Intel Corporation - Wireless Management Service.) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [540745]
[MD5.93AD0B78C7357A05F50E594EC7C22300] - (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\RUNDLL32.EXE [33792]
[MD5.0B4A7B6DCC667AC50660E0AAA5914704] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.EXE [15961088]
[MD5.2F802115D13BC5AF0BBDC76166C7E102] - (.Agere Systems - SoftModem Messaging Applet.) -- C:\WINDOWS\AGRSMMSG.exe [88203]
[MD5.B402D4C987ED57B0DE3E2667409785C1] - (.Intel Corporation - ZeroCfgSvc MFC Application.) -- C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [667718]
[MD5.D4830448B45CDD45F4285DC6E152764F] - (.Intel Corporation - Intel Framework MFC Application.) -- C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [602182]
[MD5.EB95CE92F946230D8FEC416DF0D51593] - (.Intel Corporation - Ease Of Use Wizard Application.) -- C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe [569413]
[MD5.90F19FCD64A4F6517025A73BAC172805] - (.Pas de propriétaire - winternet.) -- C:\Documents and Settings\Daniel Cerf\winternet.exe [99328]
[MD5.8DE8DEFE523C005C5F88852E2493D67D] - (.ALWIL Software - avast! Antivirus.) -- C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2790472]
[MD5.93DB1FF92B03D24738A71E6E4992DFD3] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [248552]
[MD5.79CC43BE17E1D1AC58844574ABD58941] - (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\daemon.exe [490952]
[MD5.D31BE03B7CAAEE453D265B20C10744A3] - (.Logitech - Logitech LVPrcSrv Module..) -- c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe [86016]
[MD5.73686FE0B2E0469F89FD2075BE724704] - (.Apple Computer, Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [229376]
[MD5.D9E3B5AAD23BF7EFA6A5DE3C855E0DA2] - (.Broadcom Corporation. - Bluetooth Support Server.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [266295]
[MD5.126A16F569122AE00AD3D12EF831D651] - (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) -- C:\Program Files\Java\jre6\bin\jqs.exe [153376]
[MD5.11F714F85530A2BD134074DC30E99FCA] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [322120]
[MD5.A0101E836D2A39682E134C47B1565256] - (.Nero AG - Nero BackItUp.) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [836904]
[MD5.4E96FB9503537E444D1E8A237B50997D] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 83.60.) -- C:\WINDOWS\system32\nvsvc32.exe [143426]
[MD5.1B2857EF12D79A9F9ADBA14B0637CBF8] - (.Intel Corporation - Intel(R) PROSet/Wireless Registry Service.) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [217164]
[MD5.0335FD5493864EAC41785FA92C3D5E1D] - (.Intel Corporation - Intel 802.1x Server.) -- C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe [397381]
[MD5.0D63C88443F224534D8B52597D74E98A] - (.Microsoft Corporation - Microsoft Office Word.) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE [12313432]
[MD5.6D12771CB33619F4BDAF2F6BBD310F60] - (.Microsoft Corp. - Microsoft Office Live Add-in Sign-in.) -- C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe [97128]
[MD5.B60DDDD2D63CE41CB8C487FCFBB6419E] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [638816]
[MD5.97BBA199D6B6619F264FDF4555F700E2] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [616448]
Sebas
 
Messages: 14
Inscription: 02 Nov 2010 10:21

Re: Problémes d'infections?????

Messagepar Sebas » 02 Nov 2010 11:47

2éme partie:

---\\ Plugins de navigateurs Opera/Firefox(P1/P2)
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
P2 - FPN: [HKLM] [@adobe.com/ShockwavePlayer] - (.Adobe Systems, Inc. - Adobe Shockwave for Director Netscape plug-in, version 11.5.) -- C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
P2 - FPN: [HKLM] [@divx.com/DivX Browser Plugin,version=1.0.0] - (.DivX,Inc. - DivX Web Player version 1.4.2.7.) -- C:\Program Files\DivX\DivX Web Player\npdivx32.dll
P2 - FPN: [HKLM] [@divx.com/DivX Player Plugin,version=1.0.0] - (.DivX, Inc - npdivxplayerplugin.) -- C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_21 for Mozilla browsers.) -- C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 3.0.50106.0.) -- C:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll
P2 - FPN: [HKLM] [@microsoft.com/OfficeLive,version=1.3] - (.Microsoft Corp. - Office Live Update v1.3.) -- C:\Program Files\Microsoft\Office Live\npOLW.dll
P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=14.0.8081.0709] - (.Microsoft Corporation - NPWLPG.) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
P2 - FPN: [HKLM] [@RIM.com/WebSLLauncher,version=1.0] - (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Fichiers communs\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=8] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll


---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\eksplorasi.exe"
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"


---\\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cherche.us


---\\ Pages de recherche d'Internet Explorer (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchs.at
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.searchs.at
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchs.at/keyword/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchs.at
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.searchs.at
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchs.at
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0


---\\ Internet Explorer URLSearchHook (R3)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.18904 (longhorn_ie8_gdr.100222-1700)) -- C:\WINDOWS\system32\ieframe.dll


---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} . (.Skype Technologies S.A. - Skype add-on for IE.) -- C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} . (.Safer Networking Limited - SBSD IE Protection.) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} Clé orpheline
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} . (.Microsoft Corporation - Search Helper for Internet Explorer.) -- C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} . (.Microsoft Corporation - Windows Live Toolbar Core.) -- C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} . (.Sun Microsystems, Inc. - Java(TM) Quick Starter binary.) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll


---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} . (.Microsoft Corporation - Windows Live Toolbar Core.) -- C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll


---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll
O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\WINDOWS\system32\NvMcTray.dll
O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\Windows\RTHDCPL.exe
O4 - HKLM\..\Run: [Alcmtr] . (.Realtek Semiconductor Corp. - Realtek Azalia Audio - Event Monitor.) -- C:\Windows\ALCMTR.exe
O4 - HKLM\..\Run: [AGRSMMSG] . (.Agere Systems - SoftModem Messaging Applet.) -- C:\Windows\AGRSMMSG.exe
O4 - HKLM\..\Run: [AzMixerSel] . (.Realtek Semiconductor Corp. - Azalia Mixer Selector.) -- C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [IntelZeroConfig] . (.Intel Corporation - ZeroCfgSvc MFC Application.) -- C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] . (.Intel Corporation - Intel Framework MFC Application.) -- C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
O4 - HKLM\..\Run: [EOUApp] . (.Intel Corporation - Ease Of Use Wizard Application.) -- C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [winternet] . (.Pas de propriétaire - winternet.) -- C:\Documents and Settings\Daniel Cerf\winternet.exe
O4 - HKLM\..\Run: [avast5] . (.ALWIL Software - avast! Antivirus.) -- C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
O4 - HKLM\..\Run: [Bron-Spizaetus] . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\ShellNew\sempalong.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Tok-Cirrhatus] . (.Pas de propriétaire - Pas de description.) -- C:\Documents and Settings\Daniel Cerf\Local Settings\Application Data\smss.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe2.0.50727; InfoPath.1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0) -http:\\www.miniclip.com\games\age-of-speed-2\es\ (.not file.)
O4 - HKUS\S-1-5-21-1123561945-179605362-1801674531-1003\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1123561945-179605362-1801674531-1003\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
O4 - HKUS\S-1-5-21-1123561945-179605362-1801674531-1003\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKUS\S-1-5-21-1123561945-179605362-1801674531-1003\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-1123561945-179605362-1801674531-1003\..\Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-1123561945-179605362-1801674531-1003\..\Run: [Tok-Cirrhatus] . (.Pas de propriétaire - Pas de description.) -- C:\Documents and Settings\Daniel Cerf\Local Settings\Application Data\smss.exe
O4 - HKUS\S-1-5-21-1123561945-179605362-1801674531-1003\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe2.0.50727; InfoPath.1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0) -http:\\www.miniclip.com\games\age-of-speed-2\es\ (.not file.)
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk . (.Adobe Systems, Inc..) -- C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
Sebas
 
Messages: 14
Inscription: 02 Nov 2010 10:21

Re: Problémes d'infections?????

Messagepar Sebas » 02 Nov 2010 11:47

3éme partie:

---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Adobe ImageReady CS.lnk . (.Adobe Systems Incorporated.) -- C:\Program Files\Adobe\Photoshop CS\ImageReady.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Adobe Photoshop CS.lnk . (.Adobe Systems, Incorporated.) -- C:\Program Files\Adobe\Photoshop CS\Photoshop.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Favoris Bluetooth.lnk - Clé orpheline
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Windows Messenger.lnk . (.Microsoft Corporation.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Windows Movie Maker.lnk . (.Microsoft Corporation.) -- C:\Program Files\Movie Maker\moviemk.exe
O4 - Global Startup: C:\Documents And Settings\Daniel Cerf\Menu Démarrer\Programmes\Assistance à distance.lnk . (.Microsoft Corporation.) -- C:\WINDOWS\system32\rcimlby.exe
O4 - Global Startup: C:\Documents And Settings\Daniel Cerf\Menu Démarrer\Programmes\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Documents And Settings\Daniel Cerf\Menu Démarrer\Programmes\NSSstub.lnk . (.Symantec Corporation.) -- C:\WINDOWS\system32\Adobe\Shockwave 11\nssstub.exe
O4 - Global Startup: C:\Documents And Settings\Daniel Cerf\Menu Démarrer\Programmes\Outlook Express.lnk . (.Microsoft Corporation.) -- C:\Program Files\Outlook Express\msimn.exe
O4 - Global Startup: C:\Documents And Settings\Daniel Cerf\Menu Démarrer\Programmes\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe


---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: Ajouter au fichier PDF existant . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O8 - Extra context menu item: Convertir en Adobe PDF . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O8 - Extra context menu item: Convertir la sélection en Adobe PDF . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.exe
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Google Sidewiki... . (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll
O8 - Extra context menu item: Recherche avec cherche.us . (.Pas de propriétaire - Pas de description.) -- C:\Documents and Settings\Daniel Cerf\scriptjava.html


---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} . (.Pas de propriétaire - Pas de description.) -- C:\PROGRA~1\Skype\Toolbars\INTERN~1\favicon.ico
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (.Pas de propriétaire - Pas de description.) -- C:\PROGRA~1\MICROS~2\OFFICE11\REFBARH.ICO
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} . (.not file.) - (.not file.)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} . (.not file.) - (.not file.)
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe


---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Apple Computer, Inc. - Bonjour Namespace Provider.) -- C:\Program Files\Bonjour\mdnsNSP.dll


---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKCU\...\Domains] *.chat-land.org
O15 - Trusted Zone: [HKCU\...\Domains\www] *.chat-land.org
O15 - Trusted Zone: [HKCU\...\Domains] *.chatflirty.com
O15 - Trusted Zone: [HKCU\...\Domains\www] *.chatflirty.com


---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shoc ... tor/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/ ... ontrol.cab
O16 - DPF: {8214B72E-B0CD-466E-A44D-1D54D926038D} (CV781Object Object) - http://kiwibar.homeunix.com:81/AVC_AX_724.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} () - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/ph ... NPUpld.cab


---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{60177E58-6557-4919-960F-8B821C558E43}: DhcpNameServer = 80.58.61.250 80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{BBFD13AD-7F36-472C-BCE2-2D3570065FB5}: DhcpNameServer = 80.58.61.250 80.58.61.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{60177E58-6557-4919-960F-8B821C558E43}: DhcpNameServer = 80.58.61.250 80.58.61.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{BBFD13AD-7F36-472C-BCE2-2D3570065FB5}: DhcpNameServer = 80.58.61.250 80.58.61.254
O17 - HKLM\System\CS3\Services\Tcpip\..\{60177E58-6557-4919-960F-8B821C558E43}: DhcpNameServer = 80.58.61.250 80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{60177E58-6557-4919-960F-8B821C558E43}: DhcpDomain = local.lan
O17 - HKLM\System\CCS\Services\Tcpip\..\{BBFD13AD-7F36-472C-BCE2-2D3570065FB5}: DhcpDomain = local.lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{60177E58-6557-4919-960F-8B821C558E43}: DhcpDomain = local.lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{BBFD13AD-7F36-472C-BCE2-2D3570065FB5}: DhcpDomain = local.lan
O17 - HKLM\System\CS3\Services\Tcpip\..\{60177E58-6557-4919-960F-8B821C558E43}: DhcpDomain = local.lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.58.61.250 80.58.61.254


---\\ Protocole additionnel et piratage de protocole (O18)
O18 - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} . (.Skype Technologies - Skype for COM API.) -- C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL


---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\Windows\System32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\Windows\System32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\Windows\System32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\System32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\Windows\System32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll
O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notifications Windows Genuine Advantage.) -- C:\Windows\System32\WgaLogon.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll


---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objet du service d'environnement Systray.) -- C:\WINDOWS\system32\stobject.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} . (.Microsoft Corporation - Windows Portable Device Shell Service Objec.) -- C:\WINDOWS\system32\WPDShServiceObj.dll
Sebas
 
Messages: 14
Inscription: 02 Nov 2010 10:21

Re: Problémes d'infections?????

Messagepar Sebas » 02 Nov 2010 11:50

4éme partie:

---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll


---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: avast! Antivirus (avast! Antivirus) . (.ALWIL Software - avast! Service.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) . (.Apple Computer, Inc. - Bonjour Service.) - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) . (.Broadcom Corporation. - Bluetooth Support Server.) - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet\Wireless Event Log (EvtEng) . (.Intel Corporation - Intel(R) PROSet/Wireless Event Log.) - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Service Google Update (gupdate) (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) . (.Logitech - Logitech LVPrcSrv Module..) - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 (Nero BackItUp Scheduler 3) . (.Nero AG - Nero BackItUp.) - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 83.60.) - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet\Wireless Registry Service (RegSrvc) . (.Intel Corporation - Intel(R) PROSet/Wireless Registry Service.) - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet\Wireless Service (S24EventMonitor) . (.Intel Corporation - Wireless Management Service.) - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe


---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(.Microsoft Corporation - Microsoft Office Word.) - C:\Program Files\Microsoft Office\OFFICE11\WINWORD.exe


---\\ Redirection du fichier Hosts (O1)
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
O1 - Hosts: <html lang='en'>
O1 - Hosts: <head>
O1 - Hosts: <meta name="description" content="Yahoo! GeoCities offers you a free web site and all the tools you need to build a dynamic site. Features include easy-to-
O1 - Hosts: use site building tools, online help, web site statistics, secure and reliable hosting, and an intuitive control panel.">
O1 - Hosts: <title>Yahoo! GeoCities: Get a web site with easy-to-use site building tools.</title>
O1 - Hosts: <link rel="stylesheet" type="text/css" media="all" href="http://l.yimg.com/a/combo?yui/2.5.2/build/reset-fonts-grids/reset-fonts-
O1 - Hosts: grids.css&smbiz/css/headfoot_6.css&smbiz/css/ysbs_glossary_1.css">
O1 - Hosts: <link rel="stylesheet" type="text/css" media="all" href="http://us.i1.yimg.com/us.yimg.com/lib/smbiz/css/geocities_84954.css">
O1 - Hosts: <style>
O1 - Hosts: h1 { line-height:30px;height:30px; padding-left:15px; font-weight:bold;font-size:1.6em;color:#1f296a;}
O1 - Hosts: .services li { margin-left:1.0em; padding-left:0.5em; background:url("http://l.yimg.com/a/lib/smbiz/i/geo_bullet_3x3_1.gif") no-repeat 0 0.5em; margin-
O1 - Hosts: bottom:0.5em;margin-left:1.5em;margin-right:0.5em;width:6em}
O1 - Hosts: .services li {float:left; width:17em; font-size:116%;margin-top:0.8em}
O1 - Hosts: .services { font-size:116%; padding-bottom:20px }
O1 - Hosts: .learnmore a {color:#2882DE;font-size:16px}
O1 - Hosts: .image_web {float:right; margin:15px 0 0 15px}
O1 - Hosts: p {margin:20px;font-size:1em;}
O1 - Hosts: h2 {margin:20px 0 0 20px;color:#1F296;font-weight:bold;font-size:1.25em;color:#1f296a;}
O1 - Hosts: h3 {margin:20px;color:#1F296;font-weight:bold;font-size:1.15em;color:#1f296a;}
O1 - Hosts: li.rule {border-top:solid 1px #DBE1E6;}
O1 - Hosts: </style>
O1 - Hosts: </head>
O1 - Hosts: <body>
O1 - Hosts: <!-- following code added by server. PLEASE REMOVE -->
O1 - Hosts: <!-- preceding code added by server. PLEASE REMOVE -->
O1 - Hosts: <div class="ez-mw" style ="height:900px;width:905px">
O1 - Hosts: <div class="ez-wri ez-oh" style="width:900px">
O1 - Hosts: <div class="ez-box">
O1 - Hosts: <link type="text/css" rel="stylesheet" href="http://l.yimg.com/a/lib/uh/15/css/uh-1.0.28.css">
O1 - Hosts: <style type="text/css">
O1 - Hosts: div#headerblock div{font-family:arial;}
O1 - Hosts: #ygma{position:relative;z-index:99999;}
O1 - Hosts: #ygma #ygma-search input{width:200px;}
O1 - Hosts: #ygma #ygma-search{width:400px;}
O1 - Hosts: </style>
O1 - Hosts: <div id="ygma"><div id="ygmaheader"><div class="bd sp"><div id="ymenu" class="ygmaclr"><div id="mepanel"><ul id="mepanel-nav"><li class="me1"><em>
O1 - Hosts: New User? <a class="ygmasignup" title="Sign Up" href="http://us.ard.yahoo.com/SIG=15u88cce2/M=650008.13654023.13693397.13153904/D=smallbiz/S=
O1 - Hosts: 2023010636:HEAD/Y=YAHOO/EXP=1252098940/L=HzY9i9j8aIuVH8pzSp2qoCoWz37hF0qhZ1wABADc/B=RCQ9Atj8a20-/J=1252091740846210/K=
O1 - Hosts: 88LB2KvJxEkW95HaZ4xf4Q/A=5836007/R=2/SIG=13j8rdsqp/*https://edit.yahoo.com/config/eval_register?.done=http://smallbusiness.yahoo.com%
O1 - Hosts: 2findex.html&.src=smbiz&.intl=us">Sign Up</a></em></li><li class="me2"><a title="Sign In" href="http://us.ard.yahoo.com/SIG=15u88cce2/M=
O1 - Hosts: 650008.13654023.13693397.13153904/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=
O1 - Hosts: 1252098940/L=HzY9i9j8aIuVH8pzSp2qoCoWz37hF0qhZ1wABADc/B=RCQ9Atj8a20-/J=1252091740846210/K=88LB2KvJxEkW95HaZ4xf4Q/A=5836007/R=
O1 - Hosts: 3/SIG=13cm6p12o/*https://login.yahoo.com/config/login?.done=http://geocities.yahoo.com&.src=smbiz&.intl=us">Sign In</a></li>
O1 - Hosts: <li class="me3"><a href="http://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=
O1 - Hosts: 2023010636:HEAD/Y=YAHOO/EXP=1252098025/L=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=zgw4Atj8a20-/J=
O1 - Hosts: 1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5836006/R=7/SIG=11hjute28/*http://help.yahoo.com/l/us/yahoo/geocities/" target="_top" title="Yahoo!
O1 - Hosts: Help Central">Help</a></li>
O1 - Hosts: </ul></div><div id="ygmapromo"><a style="font-weight:bold;" id="ygmaie8" href="http://us.ard.yahoo.com/SIG=15vud5jbf/M=
O1 - Hosts: 650008.13445975.13532322.12832737/D=smallbiz/S=2023010636:HPRM2/Y=YAHOO/EXP=1252098025/L=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=
O1 - Hosts: 0Qw4Atj8a20-/J=1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5706923/R=0/SIG=117bakia1/*http://toolbar.yahoo.com/?.cpdl=ushdl" target="_top">
O1 - Hosts: Get Yahoo! Toolbar<abbr title="Yahoo! Toolbar"></abbr></a>
O1 - Hosts: <script language=javascript>
O1 - Hosts: if(window.yzq_d==null)window.yzq_d=new Object();
O1 - Hosts: window.yzq_d['0Qw4Atj8a20-']='&U=13hn349r9%2fN%3d0Qw4Atj8a20-%2fC%3d650008.13445975.13532322.12832737%2fD%3dHPRM2%2fB%3d5706923%
O1 - Hosts: 2fV%3d1';
O1 - Hosts: </script>
O1 - Hosts: <noscript><img width=1 height=1 alt="" src="http://us.bc.yahoo.com/b?P=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48&T=144j596l3%2fX%3d1252090825%
O1 - Hosts: 2fE%3d2023010636%2fR%3dsmallbiz%2fK%3d5%2fV%3d2.1%2fW%3dH%2fY%3dYAHOO%2fF%3d1861688409%2fQ%3d-1%2fS%3d1%2fJ%3d8B68FCD8&U=
O1 - Hosts: 13hn349r9%2fN%3d0Qw4Atj8a20-%2fC%3d650008.13445975.13532322.12832737%2fD%3dHPRM2%2fB%3d5706923%2fV%3d1"></noscript></div>
O1 - Hosts: <div id="pa"><div id="pa-wrapper"><ul id="pa2-nav" class="sp"><li class="pa1 sp"><a class="sp" href="http://us.ard.yahoo.com/SIG=15uqalioe/M=
O1 - Hosts: 650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098025/L=j.Ah_
O1 - Hosts: 9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=zgw4Atj8a20-/J=1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5836006/R=8/SIG=10jmd0d5u/
O1 - Hosts: *http://yahoo.com/" title="Yahoo!" target="_top">Yahoo!</a></li><li class="pa2 sp"><a class="sp" href="http://us.ard.yahoo.com/SIG=15uqalioe/M=
O1 - Hosts: 650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098025/L=j.Ah_
O1 - Hosts: 9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=zgw4Atj8a20-/J=1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5836006/R=9/SIG=10n3m6b64/
O1 - Hosts: *http://mail.yahoo.com" title="Yahoo! Mail" target="_top">Mail</a></li></ul><div id="pa-left" class="sp"></div><ul id="pa-nav" class="sp"><li class="pa3 sp"><a
O1 - Hosts: class="sp" href="http://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=
O1 - Hosts: 1252098025/L=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=zgw4Atj8a20-/J=1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5836006/R=
O1 - Hosts: 10/SIG=10l2nj3k8/*http://my.yahoo.com" title="My Yahoo!" target="_top">My Yahoo!</a></li><li class="pa4 sp"><a class="sp"
O1 - Hosts: href="http://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098025/L=j.Ah_
O1 - Hosts: 9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=zgw4Atj8a20-/J=1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5836006/R=11/SIG=10niob72s/
O1 - Hosts: *http://news.yahoo.com" title="Yahoo! News" target="_top">News</a></li><li class="pa5 sp"><a class="sp" href="http://us.ard.yahoo.com/SIG=15uqalioe/M=
O1 - Hosts: 650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098025/L=j.Ah_
O1 - Hosts: 9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=zgw4Atj8a20-/J=1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5836006/R=12/SIG=10q40gpus/
O1 - Hosts: *http://finance.yahoo.com" title="Yahoo! Finance" target="_top">Finance</a></li><li class="pa6 sp"><a class="sp" href="http://us.ard.yahoo.com/SIG=
O1 - Hosts: 15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098025/L=j.Ah_
O1 - Hosts: 9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=zgw4Atj8a20-/J=1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5836006/R=13/SIG=10pcalhda/
O1 - Hosts: *http://sports.yahoo.com" title="Yahoo! Sports" target="_top">Sports</a></li></ul><div id="pa-right" class="sp"></div></div></div></div><div id="yahoo"
O1 - Hosts: class="ygmaclr"><div id="ygmabot"><a id="ygmalogo" href="http://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=
O1 - Hosts: 2023010636:HEAD/Y=YAHOO/EXP=1252098025/L=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=zgw4Atj8a20-/J=
O1 - Hosts: 1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5836006/R=14/SIG=110k0lq1s/*http://smallbusiness.yahoo.com" target="_top"><img id="ygmalogoimg"
O1 - Hosts: width="265" height="33" src="http://l.yimg.com/a/i/us/geo/b/geo_ma_p_us_1.gif" alt="Yahoo! Small Business"></a></div><div id="ygma-search"><form
O1 - Hosts: class="ygmaclr" id="sf" action="http://search.yahoo.com/search" method="GET"><fieldset><span class="ygma-search-wrapper" role="application"><input
O1 - Hosts: class="sp" type="text" id="ygmasearchInput" name="p" value="Search" onblur="if (this.value == ''){this.value='Search';this.style.color='#
O1 - Hosts: 999';this.style.fontWeight='normal';}" onfocus="if (this.value == 'Search'){this.value='';this.style.color='#000';this.style.fontWeight='bold';}" maxlength="100"
O1 - Hosts: autocomplete="off" /><input type="hidden" id="fr" name="fr" value="ush-smbizc" /><div id="sat"></div></span><span class="ygma-search-wrapper"><span
O1 - Hosts: class="btn sp"><span class="first-child"><button name="ygmasrchbtn" id="ygmasrchbtn" value="Web Search" type="submit">Web Search </button></span>
O1 - Hosts: </span></span></fieldset></form></div></div></div></div></div><script charset="utf-8" type="text/javascript" src="http://l.yimg.com/a/lib/uh/15/js/uh-1.0.20.js">
O1 - Hosts: </script>
O1 - Hosts: <script language=javascript>
O1 - Hosts: if(window.yzq_d==null)window.yzq_d=new Object();
O1 - Hosts: window.yzq_d['zgw4Atj8a20-']='&U=13gmetml2%2fN%3dzgw4Atj8a20-%2fC%3d650008.13654021.13693393.13153902%2fD%3dHEAD%2fB%3d5836006%2fV%
O1 - Hosts: 3d1';
O1 - Hosts: </script>
O1 - Hosts:
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: <div class="ez-wr" style="width:898px;margin-top:1.5em">
O1 - Hosts: <Div class="ez-l2a" id="wrapper">
O1 - Hosts: <div class="ez-l2a-1 " style="width:898px">
O1 - Hosts: <div class="ez-box">
O1 - Hosts: <div class="ez-wr" >
O1 - Hosts: <div class="ez-box" style="width:898px">
O1 - Hosts: <h1>Sorry, the GeoCities web site you were trying to reach is no longer available.</h1>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: <div class="ez-wr">
O1 - Hosts: <div class="ez-box" id="boxyahoourls">
O1 - Hosts: <p> GeoCities has closed, but there's a lot more to explore on Yahoo!</p>
O1 - Hosts: <h2>Visit one of these popular Yahoo! sites:</h2>
O1 - Hosts: <ul class= "services">
O1 - Hosts: <li><a href="http://mail.yahoo.com">Yahoo! Mail</a></li>
O1 - Hosts: <li><a href="http://smallbusiness.yahoo.com/webhosting">Web Hosting</a></li>
O1 - Hosts: <li><a href="http://news.yahoo.com">News</a></li>
O1 - Hosts: <li><a href="http://games.yahoo.com">Games</a></li>
O1 - Hosts: <li><a href="http://sports.yahoo.com/">Sports</a> </li>
O1 - Hosts: <li><a href="http://movies.yahoo.com">Movies</a></li>
O1 - Hosts: <li><a href="http://finance.yahoo.com">Finance</a></li>
O1 - Hosts: <li><a href="http://maps.yahoo.com">Maps</a></li>
O1 - Hosts: </ul>
O1 - Hosts: </div>
O1 - Hosts: <li class="rule"><!----></li>
O1 - Hosts: <p>The GeoCities site you were looking for may have been preserved in the Internet Archive's Wayback Machine. To find out, <a
O1 - Hosts: href="http://www.archive.org/web/web.php" target="_blank">visit Archive.org</a> and enter the site's web address in the field provided.</p>
O1 - Hosts: <li class="rule"><!----></li>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: <div class="ez-wr">
O1 - Hosts: <div class="ez-box" style="text-align:center; margin-top:25px;">
O1 - Hosts: <font size="-2" face="verdana">Copyright &copy; 2009 <a href="http://yahoo.com/">Yahoo!</a> Inc. All rights reserved.
O1 - Hosts: <ul>
O1 - Hosts: <li style="display:inline;"><a target="_top" href="http://privacy.yahoo.com/privacy/us/geo/">Privacy Policy</a></li> -
O1 - Hosts: <li style="display:inline;"><a target="_top" href="http://docs.yahoo.com/info/copyright/copyright.html">Copyright Policy</a></li> -
O1 - Hosts: <li style="display:inline;"><a target="_top" href="http://docs.yahoo.com/info/guidelines/community.html">Guidelines</a
O1 - Hosts: ></li> -
O1 - Hosts: <li style="display:inline;"><a target="_top" href="http://smallbusiness.yahoo.com/tos/tos.php">Terms of Service
O1 - Hosts: </a></li> -
O1 - Hosts: <li style="display:inline;"><a target="_top" href="http://help.yahoo.com/help/us/geo/">Help</a></li>
O1 - Hosts: </ul>
O1 - Hosts: </font>
O1 - Hosts: </div>
O1 - Hosts:
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: </body>
O1 - Hosts: </html>
O1 - Hosts: <!-- text below generated by server. PLEASE REMOVE --></object></layer></div></span></style></noscript></table></script></applet>
O1 - Hosts: <IMG SRC="http://geo.yahoo.com/serv?s=19190039&t=1288030840&f=us-w1" ALT=1 WIDTH=1 HEIGHT=1>
Sebas
 
Messages: 14
Inscription: 02 Nov 2010 10:21

Re: Problémes d'infections?????

Messagepar Sebas » 02 Nov 2010 12:10

5éme partie:

---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1231871130.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\NSSstub.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\OGALogon.job


---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Personnalisation du navigateur - >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS . (.Pas de propriétaire - Pas de description.) -- Rundll32 IEDKCS32.dll
O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\msnetmtg.inf
O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\msmsgs.inf
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\wmp11.inf
O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11cf-96B8-444553540000} . (.Adobe Systems, Inc. - Adobe Flash Player 10.1 r85.) -- C:\WINDOWS\system32\Macromed\Flash\Flash10k.ocx


---\\ Logiciels installés (O42)
O42 - Logiciel: AHV content for Acrobat and Flash - (.Adobe Systems Incorporated.) [HKLM] -- {6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
O42 - Logiciel: Acer OrbiCam - (.Pas de propriétaire.) [HKLM] -- {4A57592C-FF92-4083-97A9-92783BD5AFB4}
O42 - Logiciel: Adobe Anchor Service CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {90176341-0A8B-4CCC-A78D-F862228A6B95}
O42 - Logiciel: Adobe Asset Services CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
O42 - Logiciel: Adobe Bridge CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {9C9824D9-9000-4373-A6A5-D0E5D4831394}
O42 - Logiciel: Adobe Bridge Start Meeting - (.Adobe Systems Incorporated.) [HKLM] -- {08B32819-6EEF-4057-AEDA-5AB681A36A23}
O42 - Logiciel: Adobe BridgeTalk Plugin CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
O42 - Logiciel: Adobe CMaps - (.Adobe Systems Incorporated.) [HKLM] -- {A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
O42 - Logiciel: Adobe Camera Raw 4.0 - (.Adobe Systems Incorporated.) [HKLM] -- {B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
O42 - Logiciel: Adobe Color - Photoshop Specific - (.Adobe Systems Incorporated.) [HKLM] -- {A2D81E70-2A98-4A08-A628-94388B063C5E}
O42 - Logiciel: Adobe Color Common Settings - (.Adobe Systems Incorporated.) [HKLM] -- {DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
O42 - Logiciel: Adobe Color EU Recommended Settings - (.Adobe Systems Incorporated.) [HKLM] -- {73B5D990-04EA-4751-B10F-5534770B91F2}
O42 - Logiciel: Adobe Color JA Extra Settings - (.Adobe Systems Incorporated.) [HKLM] -- {DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
O42 - Logiciel: Adobe Color NA Extra Settings - (.Adobe Systems Incorporated.) [HKLM] -- {FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
O42 - Logiciel: Adobe Creative Suite 3 Web Premium - (.Adobe Systems Incorporated.) [HKLM] -- {69B6B4A5-1C4D-4F16-BB11-A4EB9A439116}
O42 - Logiciel: Adobe Default Language CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
O42 - Logiciel: Adobe Device Central CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
O42 - Logiciel: Adobe Dreamweaver CS3 - (.Adobe Systems Incorporated.) [HKLM] -- Adobe_435a6af7459cb02a9c1138113a26e93
O42 - Logiciel: Adobe Dreamweaver CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {4BDB76C6-902E-41D5-9064-68768E02886B}
O42 - Logiciel: Adobe Dreamweaver CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {F01D5ED5-D53A-4468-B428-149DC2CB3110}
O42 - Logiciel: Adobe ExtendScript Toolkit 2 - (.Adobe Systems Incorporated.) [HKLM] -- {C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
O42 - Logiciel: Adobe Extension Manager CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {BE5F3842-8309-4754-92D5-83E02E6077A3}
O42 - Logiciel: Adobe Fireworks CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {21C4D775-368A-46C4-8DC3-4207165B7115}
O42 - Logiciel: Adobe Flash CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {80FD3971-8482-49C8-BA8C-B6464A15882F}
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Flash Video Encoder - (.Adobe Systems Incorporated.) [HKLM] -- {1B0BCA28-1F11-4D60-8A2F-DEBE04B5341E}
O42 - Logiciel: Adobe Fonts All - (.Adobe Systems Incorporated.) [HKLM] -- {6ABE0BEE-D572-4FE8-B434-9E72A289431B}
O42 - Logiciel: Adobe Help Viewer CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {04AF207D-9A77-465A-8B76-991F6AB66245}
O42 - Logiciel: Adobe Illustrator CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {6E08CE13-C2AB-4749-9335-5900B958929E}
O42 - Logiciel: Adobe Linguistics CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {54793AA1-5001-42F4-ABB6-C364617C6078}
O42 - Logiciel: Adobe MotionPicture Color Files - (.Adobe Systems Incorporated.) [HKLM] -- {6B708481-748A-4EB4-97C1-CD386244FF77}
O42 - Logiciel: Adobe PDF Library Files - (.Adobe Systems Incorporated.) [HKLM] -- {D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
O42 - Logiciel: Adobe Photoshop CS - (.Adobe Systems, Inc..) [HKLM] -- {EFB21DE7-8C19-4A88-BB28-A766E16493BC}
O42 - Logiciel: Adobe Photoshop CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {C1FA4B3B-1625-4922-9C9D-780E8FCE161A}
O42 - Logiciel: Adobe Setup - (.Adobe Systems Incorporated.) [HKLM] -- {3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}
O42 - Logiciel: Adobe Setup - (.Adobe Systems Incorporated.) [HKLM] -- {BE136F60-5D0F-4663-8B32-938A3EFD3FCB}
O42 - Logiciel: Adobe Shockwave Player 11.5 - (.Adobe Systems, Inc..) [HKLM] -- Adobe Shockwave Player
O42 - Logiciel: Adobe Stock Photos CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {29E5EA97-5F74-4A57-B8B2-D4F169117183}
O42 - Logiciel: Adobe Type Support - (.Adobe Systems Incorporated.) [HKLM] -- {8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
O42 - Logiciel: Adobe Update Manager CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {E69AE897-9E0B-485C-8552-7841F48D42D8}
O42 - Logiciel: Adobe Version Cue CS3 Client - (.Adobe Systems Incorporated.) [HKLM] -- {D0DFF92A-492E-4C40-B862-A74A173C25C5}
O42 - Logiciel: Adobe WAS CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {C5BD220A-EFE8-48A5-B70E-9503D535FACE}
O42 - Logiciel: Adobe WinSoft Linguistics Plugin - (.Adobe Systems Incorporated.) [HKLM] -- {184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
O42 - Logiciel: Adobe XMP Panels CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {802771A9-A856-4A41-ACF7-1450E523C923}
O42 - Logiciel: Agere Systems HDA Modem - (.Pas de propriétaire.) [HKLM] -- Agere Systems Soft Modem
O42 - Logiciel: Ajouter ou supprimer Adobe Creative Suite 3 Web Premium - (.Adobe Systems Incorporated.) [HKLM] -- Adobe_e7f691c6f2bf7b70c25ea19f3d73b6e
O42 - Logiciel: Assistant de connexion Windows Live - (.Microsoft Corporation.) [HKLM] -- {DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
O42 - Logiciel: AviSynth 2.5 - (.Pas de propriétaire.) [HKLM] -- AviSynth
O42 - Logiciel: BlackBerry Desktop Software 6.0 - (.Research In Motion Ltd..) [HKLM] -- BlackBerry_Desktop
O42 - Logiciel: BlackBerry Desktop Software 6.0 - (.Research In Motion Ltd..) [HKLM] -- {D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: ConvertXtoDVD 3.3.4.106e - (.Pas de propriétaire.) [HKLM] -- {76C24F39-B161-498F-BD8B-C64789812D13}_is1
O42 - Logiciel: Disque de souvenirs HP - (.Hewlett-Packard Company.) [HKLM] -- {B376402D-58EA-45EA-BD50-DD924EB67A70}
O42 - Logiciel: DivX Codec - (.DivX, Inc..) [HKLM] -- {7B63B2922B174135AFC0E1377DD81EC2}
O42 - Logiciel: DivX Converter - (.DivX, Inc..) [HKLM] -- {B13A7C41581B411290FBC0395694E2A9}
O42 - Logiciel: DivX Player - (.DivX, Inc..) [HKLM] -- {8ADFC4160D694100B5B8A22DE9DCABD9}
O42 - Logiciel: DivX Plus DirectShow Filters - (.DivX, Inc..) [HKLM] -- DivX Plus DirectShow Filters
O42 - Logiciel: DivX Web Player - (.DivX,Inc..) [HKLM] -- {B7050CBDB2504B34BC2A9CA0A692CC29}
O42 - Logiciel: GIMP 2.6.8 - (.Pas de propriétaire.) [HKLM] -- WinGimp-2.0_is1
O42 - Logiciel: Galerie de photos Windows Live - (.Microsoft Corporation.) [HKLM] -- {B131E59D-202C-43C6-84C9-68F0C37541F1}
O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM] -- {18455581-E099-4BA8-BC6B-F34B2F06600C}
O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM] -- {2318C2B1-4965-11d4-9B18-009027A5CD4F}
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
O42 - Logiciel: HP Color LaserJet CP1210 Series - (.Hewlett-Packard.) [HKLM] -- {54360A73-B080-4A69-BFD4-53C190DD3AB0}
O42 - Logiciel: HP Color LaserJet CP1210 Series - (.Pas de propriétaire.) [HKLM] -- HP Color LaserJet CP1210 Series
O42 - Logiciel: HP Color LaserJet CP1210 Series Toolbox - (.Hewlett-Packard.) [HKLM] -- {1E187923-04E5-4E1F-9BF2-40E32D93A1C4}
O42 - Logiciel: HP LaserJet Toolbox - (.Hewlett-Packard.) [HKLM] -- {FC656543-4E4C-46F8-86F0-F9F907ABE5FD}
O42 - Logiciel: HP Software Update - (.HEWLET~1|Hewlett-Packard.) [HKLM] -- {BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
O42 - Logiciel: HPSSupply - (.Hewlett Packard Development Company L.P..) [HKLM] -- {7902E313-FF0F-4493-ACB1-A8147B78DCD0}
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484
O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM] -- KB954550-v5
O42 - Logiciel: Hotfix for Windows XP (KB976002-v5) - (.Microsoft Corporation.) [HKLM] -- KB976002-v5
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite_Wave3
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- {46ABBC54-1872-4AA3-95E2-F2C063A63F31}
O42 - Logiciel: InterActual Player - (.Pas de propriétaire.) [HKLM] -- InterActual Player
O42 - Logiciel: J2SE Runtime Environment 5.0 Update 6 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0150060}
O42 - Logiciel: Java(TM) 6 Update 16 - (.Sun Microsystems, Inc..) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216016F0}
O42 - Logiciel: Java(TM) 6 Update 21 - (.Sun Microsystems, Inc..) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216017FF}
O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM] -- {E2DFE069-083E-4631-9B6C-43C48E991DE5}
O42 - Logiciel: K-Lite Codec Pack 4.3.4 (Full) - (.Pas de propriétaire.) [HKLM] -- KLiteCodecPack_is1
O42 - Logiciel: Lame ACM MP3 Codec - (.Pas de propriétaire.) [HKLM] -- LameACM
O42 - Logiciel: Lecteur Windows Media 11 - (.Pas de propriétaire.) [HKLM] -- Windows Media Player
O42 - Logiciel: Logiciel Intel(R) PROSet/Wireless - (.Intel Corporation.) [HKLM] -- ProInst
O42 - Logiciel: MSN - (.Pas de propriétaire.) [HKLM] -- MSNINST
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
O42 - Logiciel: Macromedia Dreamweaver 8 - (..) [HKLM] -- {5FD788ED-1A37-4496-9BDD-463F493B27FA}
O42 - Logiciel: Macromedia Extension Manager - (.Nom de votre société.) [HKLM] -- {3C8C9FB3-5FDF-40B4-B314-EAD722728C76}
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM] -- {F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
O42 - Logiciel: Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 - (.Microsoft Corporation.) [HKLM] -- Wdf01005
O42 - Logiciel: Microsoft Office Live Add-in 1.3 - (.Microsoft Corporation.) [HKLM] -- {57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
O42 - Logiciel: Microsoft Office Outlook Connector - (.Microsoft Corporation.) [HKLM] -- {95120000-0122-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Professional Edition 2003 - (.Microsoft Corporation.) [HKLM] -- {9011040C-6000-11D3-8CFE-0150048383C9}
Sebas
 
Messages: 14
Inscription: 02 Nov 2010 10:21

Re: Problémes d'infections?????

Messagepar Sebas » 02 Nov 2010 12:16

6éme partie:

O42 - Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU] - (.Microsoft Corporation.) [HKLM] -- {F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
O42 - Logiciel: Microsoft Search Enhancement Pack - (.Microsoft Corporation.) [HKLM] -- {4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Microsoft Sync Framework Runtime Native v1.0 (x86) - (.Microsoft Corporation.) [HKLM] -- {8A74E887-8F0F-4017-AF53-CBA42211AAA5}
O42 - Logiciel: Microsoft Sync Framework Services Native v1.0 (x86) - (.Microsoft Corporation.) [HKLM] -- {BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {837b34e3-7c30-493c-8f6a-2b0f04e2912c}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 - (.Microsoft Corporation.) [HKLM] -- {FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
O42 - Logiciel: Module de compatibilité pour Microsoft Office System 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0020-040C-0000-0000000FF1CE}
O42 - Logiciel: MrvlUsgTracking - (.Marvell.) [HKLM] -- {DDC87CB0-CB02-4454-9B05-EE09CB9D035D}
O42 - Logiciel: NVIDIA Drivers - (.Pas de propriétaire.) [HKLM] -- NVIDIA Drivers
O42 - Logiciel: Nero 8 - (.Nero AG.) [HKLM] -- {8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1036}
O42 - Logiciel: OGA Notifier 2.0.0048.0 - (.Microsoft Corporation.) [HKLM] -- {B2544A03-10D0-4E5E-BA69-0362FFC20D18}
O42 - Logiciel: Outil de téléchargement Windows Live - (.Microsoft Corporation.) [HKLM] -- {205C6BDD-7B73-42DE-8505-9A093F35A238}
O42 - Logiciel: PDF Settings - (.Adobe Systems Incorporated.) [HKLM] -- {AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
O42 - Logiciel: Photo et imagerie HP 2.0 - All-in-One - (.Hewlett-Packard Company.) [HKLM] -- {9867A917-5D17-40DE-83BA-BEA5293194B1}
O42 - Logiciel: Photo et imagerie HP 2.0 - All-in-One Pilote - (.Hewlett-Packard Company.) [HKLM] -- {6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
O42 - Logiciel: Photo et imagerie HP 2.0 - hp psc 1200 series - (.Pas de propriétaire.) [HKLM] -- HP PSC 1200 Series
O42 - Logiciel: Programme de gestion Acer OrbiCam - (.Pas de propriétaire.) [HKLM] -- AcerOrbiCamDrv
O42 - Logiciel: ProtectDisc Helper Driver 10 - (.Pas de propriétaire.) [HKLM] -- ProtectDisc Driver 10
O42 - Logiciel: REALTEK PCIE NIC Driver - (.REALTEK Semiconductor Corp..) [HKLM] -- {17E2F183-BAC4-4D01-BD7A-59F781E17EFA}
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
O42 - Logiciel: Ri4m v5.0.1d - (.Pas de propriétaire.) [HKLM] -- Ri4m v5.0.1d
O42 - Logiciel: Segoe UI - (.Microsoft Corp.) [HKLM] -- {A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
O42 - Logiciel: Skype™ 3.8 - (.Skype Technologies S.A..) [HKLM] -- {5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
O42 - Logiciel: Spybot - Search & Destroy - (.Safer Networking Limited.) [HKLM] -- {B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1
O42 - Logiciel: Survey Manager On-Line - (.WysuForms.) [HKLM] -- {DA4BB593-96AA-4E4D-A1F8-CB85A2E9AFF7}
O42 - Logiciel: Texas Instruments PCIxx21/x515 drivers. - (.Texas Instruments Inc..) [HKLM] -- InstallShield_{FF6F491D-BC82-4DCC-A72F-1824957C6466}
O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707
O42 - Logiciel: VC80CRTRedist - 8.0.50727.762 - (.DivX, Inc.) [HKLM] -- {767CC44C-9BBC-438D-BAD3-FD4595DD148B}
O42 - Logiciel: VLC media player 0.9.8a - (.VideoLAN Team.) [HKLM] -- VLC media player
O42 - Logiciel: VSO Image Resizer 3.0.0.140 - (.VSO-Software.) [HKLM] -- {3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1
O42 - Logiciel: Versteckt - Entdeckt! Fantasy - (.Terzio Verlag.) [HKLM] -- {FD2A02A5-C285-11DC-AA69-00E07DDCAF19}
O42 - Logiciel: WIDCOMM Bluetooth Software - (.WIDCOMM, Inc..) [HKLM] -- {3F4EC965-28EF-45C3-B063-04B25D4E9679}
O42 - Logiciel: WinRAR archiver - (.Pas de propriétaire.) [HKLM] -- WinRAR archiver
O42 - Logiciel: Windows Genuine Advantage Notifications (KB905474) - (.Microsoft Corporation.) [HKLM] -- WgaNotify
O42 - Logiciel: Windows Internet Explorer 7 - (.Microsoft Corporation.) [HKLM] -- ie7
O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM] -- {82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {ED00D08A-3C5F-488D-93A0-A04F21F23956}
O42 - Logiciel: Windows Live Contrôle parental - (.Microsoft Corporation.) [HKLM] -- {D5D81435-B8DE-4CAF-867F-7998F2B92CFC}
O42 - Logiciel: Windows Live FolderShare - (.Microsoft Corporation.) [HKLM] -- {2075CB0A-D26F-4DAA-B424-5079296B43BA}
O42 - Logiciel: Windows Live Mail - (.Microsoft Corporation.) [HKLM] -- {5DD76286-9BE7-4894-A990-E905E91AC818}
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {770F1BEC-2871-4E70-B837-FB8525FFA3B1}
O42 - Logiciel: Windows Live Toolbar - (.Microsoft Corporation.) [HKLM] -- {F7D27C70-90F5-49B9-B188-0A133C0CE353}
O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM] -- {4634B21A-CC07-4396-890C-2B8168661FEA}
O42 - Logiciel: Windows Media Format 11 runtime - (.Pas de propriétaire.) [HKLM] -- Windows Media Format Runtime
O42 - Logiciel: WysuForms On-Line Survey Manager - (.WysuForms.) [HKCU] -- Survey Manager On-Line
O42 - Logiciel: avast! Free Antivirus - (.Alwil Software.) [HKLM] -- avast5
O42 - Logiciel: hp psc 1200 series - (.##HP_COMPANY_NAME##.) [HKLM] -- {C900EF06-2E76-49C7-8DB0-41F629B21DC5}
O42 - Logiciel: mCore - (.Intel Corporation.) [HKLM] -- {E81667C6-2856-46D6-ABEA-6A2F42166779}
O42 - Logiciel: mDrWiFi - (.Intel Corporation.) [HKLM] -- {F6090A17-0967-4A8A-B3C3-422A1B514D49}
O42 - Logiciel: mDriver - (.Intel.) [HKLM] -- {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
O42 - Logiciel: mEoU - (.Intel Corporation.) [HKLM] -- {B502B428-3386-40A9-98DB-079AAB72E64F}
O42 - Logiciel: mHelp - (.Intel.) [HKLM] -- {8C6BB412-D3A8-4AAE-A01B-35B681789D68}
O42 - Logiciel: mIWA - (.Intel Corporation.) [HKLM] -- {3E9D596A-61D4-4239-BD19-2DB984D2A16F}
O42 - Logiciel: mLogView - (.Intel Corporation.) [HKLM] -- {0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
O42 - Logiciel: mMHouse - (.Intel Corporation.) [HKLM] -- {F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
O42 - Logiciel: mPfMgr - (.Intel Corporation.) [HKLM] -- {8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
O42 - Logiciel: mPfWiz - (.Intel Corporation.) [HKLM] -- {90B0D222-8C21-4B35-9262-53B042F18AF9}
O42 - Logiciel: mProSafe - (.Intel.) [HKLM] -- {23FB368F-1399-4EAC-817C-4B83ECBE3D83}
O42 - Logiciel: mWlsSafe - (.Intel.) [HKLM] -- {FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
O42 - Logiciel: mXML - (.Intel Corporation.) [HKLM] -- {9CC89556-3578-48DD-8408-04E66EBEF401}
O42 - Logiciel: mZConfig - (.Intel Corporation.) [HKLM] -- {94658027-9F16-4509-BBD7-A59FE57C3023}
O42 - Logiciel: neroxml - (.Nero AG.) [HKLM] -- {56C049BE-79E9-4502-BEA7-9754A3E60F9B}
O42 - Logiciel: ntsThunder - (.Pas de propriétaire.) [HKLM] -- ntsThunder

---\\ HKCU & HKLM Software Keys
[HKCU\Software\AC3filter]
[HKCU\Software\ALWIL Software]
[HKCU\Software\ASProtect]
[HKCU\Software\Adobe]
[HKCU\Software\Ahead]
[HKCU\Software\AppDataLow\Software\Macromedia]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow]
[HKCU\Software\Caphyon]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\Cyberlink]
[HKCU\Software\DVD Decrypter]
[HKCU\Software\Digital River]
[HKCU\Software\DivXNetworks]
[HKCU\Software\Freeware]
[HKCU\Software\GNU]
[HKCU\Software\GSpot Appliance Corp]
[HKCU\Software\Gabest]
[HKCU\Software\Google]
[HKCU\Software\Haali]
[HKCU\Software\Hewlett-Packard]
[HKCU\Software\HookNetwork]
[HKCU\Software\Hybrid]
[HKCU\Software\IADirectShow]
[HKCU\Software\IM Providers]
[HKCU\Software\Intel]
[HKCU\Software\InterActual Technologies]
[HKCU\Software\JEDI-VCL]
[HKCU\Software\JavaSoft]
[HKCU\Software\Local AppWizard-Generated Applications]
[HKCU\Software\Macromedia]
[HKCU\Software\MainConcept]
[HKCU\Software\Marvell]
[HKCU\Software\MediaInfo]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\NVIDIA Corporation]
[HKCU\Software\Nero]
[HKCU\Software\Netscape]
[HKCU\Software\ODBC]
[HKCU\Software\Oak Technology]
[HKCU\Software\PBORY]
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\Protect Software GmbH]
[HKCU\Software\Realtek]
[HKCU\Software\Research In Motion]
[HKCU\Software\Ripp-it]
[HKCU\Software\Safer Networking Limited]
[HKCU\Software\SecuROM]
[HKCU\Software\Skype]
[HKCU\Software\SoftVTU]
[HKCU\Software\Software]
[HKCU\Software\THQ]
[HKCU\Software\VB and VBA Program Settings]
[HKCU\Software\VSO]
[HKCU\Software\Widcomm]
[HKCU\Software\WinRAR SFX]
[HKCU\Software\WinRAR]
[HKCU\Software\YahooPartnerToolbar]
[HKLM\Software\13fe]
[HKLM\Software\781]
[HKLM\Software\ALWIL Software]
[HKLM\Software\Acer OrbiCam]
[HKLM\Software\Adobe Systems]
[HKLM\Software\Adobe]
[HKLM\Software\Agere]
[HKLM\Software\Ahead]
[HKLM\Software\AjaxData]
[HKLM\Software\AppDataLow]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\Audible]
[HKLM\Software\BisonCam]
[HKLM\Software\BrowserChoice]
[HKLM\Software\C07ft5Y]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\CobianSoft]
[HKLM\Software\Codec Tweak Tool]
[HKLM\Software\Cyberlink]
[HKLM\Software\DIOC]
[HKLM\Software\DT Soft]
[HKLM\Software\DivXNetworks]
[HKLM\Software\EPSON]
[HKLM\Software\GNU]
[HKLM\Software\Gabest]
[HKLM\Software\Gemplus]
[HKLM\Software\Google]
[HKLM\Software\HaaliMkx]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\InstallShield]
[HKLM\Software\Intel]
[HKLM\Software\InterActual Technologies]
[HKLM\Software\InterVideo]
[HKLM\Software\JavaSoft]
[HKLM\Software\JreMetrics]
[HKLM\Software\KLCodecPack]
[HKLM\Software\LanSetup]
[HKLM\Software\Logitech]
[HKLM\Software\MAXSOFT-OCRON]
[HKLM\Software\MDC]
[HKLM\Software\Macromedia]
[HKLM\Software\Macrovision]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\NVIDIA Corporation]
[HKLM\Software\Nero]
[HKLM\Software\ODBC]
[HKLM\Software\Oak Technology]
[HKLM\Software\One Voice Technologies]
[HKLM\Software\PBORY]
[HKLM\Software\Policies]
[HKLM\Software\Program Groups]
[HKLM\Software\REALTEK Semiconductor Corporation]
[HKLM\Software\Realtek Semiconductor Corp.]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\Research In Motion]
[HKLM\Software\S3R521]
[HKLM\Software\Safer Networking Limited]
[HKLM\Software\Schlumberger]
[HKLM\Software\Scholastic Inc]
[HKLM\Software\Secure]
[HKLM\Software\Set8168]
[HKLM\Software\Skype]
[HKLM\Software\Terzio]
[HKLM\Software\VSO]
[HKLM\Software\VideoLAN]
[HKLM\Software\WebCam]
[HKLM\Software\Widcomm]
[HKLM\Software\Windows 3.1 Migration Status]
[HKLM\Software\Windows]
[HKLM\Software\mozilla.org]
Sebas
 
Messages: 14
Inscription: 02 Nov 2010 10:21

Re: Problémes d'infections?????

Messagepar Sebas » 02 Nov 2010 12:45

7éme partie:


---\\ Contenu des dossiers ProgramFiles/ProgramData (O43)
O43 - CFD:Common File Directory ----D- C:\Program Files\Activision
O43 - CFD:Common File Directory ----D- C:\Program Files\Adobe
O43 - CFD:Common File Directory ----D- C:\Program Files\Alwil Software
O43 - CFD:Common File Directory ----D- C:\Program Files\AviSynth 2.5
O43 - CFD:Common File Directory ----D- C:\Program Files\Bonjour
O43 - CFD:Common File Directory ----D- C:\Program Files\CCleaner
O43 - CFD:Common File Directory ----D- C:\Program Files\Cobian Backup 10
O43 - CFD:Common File Directory ----D- C:\Program Files\ComPlus Applications
O43 - CFD:Common File Directory ----D- C:\Program Files\DAEMON Tools Lite
O43 - CFD:Common File Directory ----D- C:\Program Files\DivX
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers communs
O43 - CFD:Common File Directory --H-D- C:\Program Files\FX Uninstall Information
O43 - CFD:Common File Directory ----D- C:\Program Files\GIMP-2.0
O43 - CFD:Common File Directory ----D- C:\Program Files\Google
O43 - CFD:Common File Directory ----D- C:\Program Files\Hewlett-Packard
O43 - CFD:Common File Directory ----D- C:\Program Files\HP
O43 - CFD:Common File Directory --H-D- C:\Program Files\InstallShield Installation Information
O43 - CFD:Common File Directory ----D- C:\Program Files\Intel
O43 - CFD:Common File Directory ----D- C:\Program Files\InterActual
O43 - CFD:Common File Directory ----D- C:\Program Files\Internet Explorer
O43 - CFD:Common File Directory ----D- C:\Program Files\Java
O43 - CFD:Common File Directory ----D- C:\Program Files\K-Lite Codec Pack
O43 - CFD:Common File Directory ----D- C:\Program Files\Macromedia
O43 - CFD:Common File Directory ----D- C:\Program Files\MaxiCompte
O43 - CFD:Common File Directory ----D- C:\Program Files\Messenger
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft
O43 - CFD:Common File Directory ----D- C:\Program Files\microsoft frontpage
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Office
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Office Outlook Connector
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Silverlight
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft SQL Server Compact Edition
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Sync Framework
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Visual Studio
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Works
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft.NET
O43 - CFD:Common File Directory ----D- C:\Program Files\Movie Maker
O43 - CFD:Common File Directory ----D- C:\Program Files\MSBuild
O43 - CFD:Common File Directory ----D- C:\Program Files\MSECache
O43 - CFD:Common File Directory ----D- C:\Program Files\MSN
O43 - CFD:Common File Directory ----D- C:\Program Files\MSN Gaming Zone
O43 - CFD:Common File Directory ----D- C:\Program Files\MSXML 4.0
O43 - CFD:Common File Directory ----D- C:\Program Files\Nero
O43 - CFD:Common File Directory ----D- C:\Program Files\NetMeeting
O43 - CFD:Common File Directory ----D- C:\Program Files\ntsThunder
O43 - CFD:Common File Directory ----D- C:\Program Files\Online Services
O43 - CFD:Common File Directory ----D- C:\Program Files\OpenOffice.org 3
O43 - CFD:Common File Directory ----D- C:\Program Files\Outlook Express
O43 - CFD:Common File Directory ----D- C:\Program Files\ProtectDisc Driver Installer
O43 - CFD:Common File Directory ----D- C:\Program Files\QuickTime
O43 - CFD:Common File Directory ----D- C:\Program Files\Realtek
O43 - CFD:Common File Directory ----D- C:\Program Files\Reference Assemblies
O43 - CFD:Common File Directory ----D- C:\Program Files\Research In Motion
O43 - CFD:Common File Directory ----D- C:\Program Files\Ripp-it_AM
O43 - CFD:Common File Directory ----D- C:\Program Files\Services en ligne
O43 - CFD:Common File Directory ----D- C:\Program Files\Skype
O43 - CFD:Common File Directory ----D- C:\Program Files\Spybot - Search & Destroy
O43 - CFD:Common File Directory --H-D- C:\Program Files\Uninstall Information
O43 - CFD:Common File Directory ----D- C:\Program Files\VBW
O43 - CFD:Common File Directory ----D- C:\Program Files\VideoLAN
O43 - CFD:Common File Directory ----D- C:\Program Files\VSO
O43 - CFD:Common File Directory ----D- C:\Program Files\WIDCOMM
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live SkyDrive
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Connect 2
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Player
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows NT
O43 - CFD:Common File Directory --H-D- C:\Program Files\WindowsUpdate
O43 - CFD:Common File Directory ----D- C:\Program Files\WinRAR
O43 - CFD:Common File Directory ----D- C:\Program Files\xerox
O43 - CFD:Common File Directory ----D- C:\Program Files\ZHPDiag
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Acer
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Adobe
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Adobe Systems Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\DESIGNER
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Hewlett-Packard
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\InstallShield
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Java
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Logitech
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Macromedia
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Macrovision Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Microsoft Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\MSSoap
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Nero
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\ODBC
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Research In Motion
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Services
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Skype
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\SpeechEngines
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\System
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Windows Live


---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.78EE1200F915817C00FCFD7F4CEF1200] - 02.11.2010 - 10:49:37 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\wiadebug.log [377]
O44 - LFC:[MD5.78EE1200F915817C00FCFD7F4CEF1200] - 02.11.2010 - 10:49:37 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\wiaservc.log [48]
O44 - LFC:[MD5.78EE1200F915817C00FCFD7F4CEF1200] - 02.11.2010 - 08:20:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\SchedLgU.Txt [32580]
O44 - LFC:[MD5.C564F0F9ED17FDF45D596096F206321E] - 01.11.2010 - 12:02:32 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\WindowsUpdate.log [1482]
O44 - LFC:[MD5.F72A1A1262F4003997E11CEAEF539BE3] - 01.11.2010 - 11:44:22 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\wpa.dbl [2206]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 01.11.2010 - 11:44:10 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\0.log [0]
O44 - LFC:[MD5.CAC0393EA755CEF2C9C4A1DE4AE2B7C9] - 01.11.2010 - 11:39:39 -SH-- . (.Pas de propriétaire - Pas de description.) -- C:\AUTOEXEC.BAT [7]
O44 - LFC:[MD5.A5B7C2A0B5810648CD648786FAF511CB] - 01.11.2010 - 11:39:34 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\nvapps.xml [45086]
O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 01.11.2010 - 11:39:29 -S-A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\bootstat.dat [2048]
O44 - LFC:[MD5.486E0B1BC94C346E5C352C295388C803] - 30.10.2010 - 16:50:48 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\CONFIG.NT [3072]
O44 - LFC:[MD5.EA68A602B9EA036DD824F6E53D94F072] - 26.10.2010 - 19:01:46 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\MRT.INI [206]
O44 - LFC:[MD5.8B138ED363128BFF2C2E1E7FEA9793B4] - 22.10.2010 - 19:21:05 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\avisplitter.ini [38]
O44 - LFC:[MD5.16E26176E758416ADB9AD60E69335753] - 18.10.2010 - 15:07:07 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\OKI C5540(PS).ini [33]
Sebas
 
Messages: 14
Inscription: 02 Nov 2010 10:21

Re: Problémes d'infections?????

Messagepar Sebas » 02 Nov 2010 12:46

8éme partie:

---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll


---\\ Export de clé d'application autorisée (ECAA) (O47)
O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe
O47 - AAKE:Key Export SP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Bonjour\mDNSResponder.exe" [Enabled] .(.Apple Computer, Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe
O47 - AAKE:Key Export SP - "C:\Program Files\BitTornado\btdownloadgui.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\BitTornado\btdownloadgui.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Nero\Nero8\Nero Home\NeroHome.exe" [Enabled] .(.Nero AG - Nero Home.) (.not file.) -- C:\Program Files\Nero\Nero8\Nero Home\NeroHome.exe
O47 - AAKE:Key Export SP - "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Messenger\msmsgs.exe" [Enabled] .(.Microsoft Corporation - Windows Messenger.) (.not file.) -- C:\Program Files\Messenger\msmsgs.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" [Enabled] .(.Microsoft Corporation - Windows Live Call.) (.not file.) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [Enabled] .(.Microsoft Corporation - Windows Live Messenger.) (.not file.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" [Enabled] .(.Microsoft Corporation - Windows Live Sync.) (.not file.) -- C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Internet Explorer\iexplore.exe" [Enabled] .(.Microsoft Corporation - Internet Explorer.) (.not file.) -- C:\Program Files\Internet Explorer\iexplore.exe
O47 - AAKE:Key Export SP - "C:\Documents and Settings\Daniel Cerf\Application Data\WysuForms On-Line\Survey Manager\Clientfr.exe" [Enabled] .(.Wysuforms - .) (.not file.) -- C:\Documents and Settings\Daniel Cerf\Application Data\WysuForms On-Line\Survey Manager\Clientfr.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" [Enabled] .(.Research In Motion - .) (.not file.) -- C:\Program Files\Research In Motion\BlackBerry desktop\Rim.desktop.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Skype\Phone\Skype.exe" [Enabled] .(.Skype Technologies S.A. - Skype.) (.not file.) -- C:\Program Files\Skype\Phone\Skype.exe
O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe
O47 - AAKE:Key Export DP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" [Enabled] .(.Microsoft Corporation - Windows Live Call.) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe
O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [Enabled] .(.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" [Enabled] .(.Microsoft Corporation - Windows Live Sync.) -- C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe


---\\ Déni du service (Local Security Authority) (LSA) (O48)
O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l'Éditeur de configuration de sécurité Windows.) -- C:\WINDOWS\System32\scecli.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\System32\msv1_0.dll


---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d


---\\ MountPoints2 Shell Key (MPSK) (O51)
O51 - MPSK:{2af6b784-290c-11df-ad73-806d6172696f}\Shell\AutoRun\command. (.Pas de propriétaire - Pas de description.) -- ystem32\RUNdLl32.exe
O51 - MPSK:{2d7a17e4-d19c-11dd-8c2f-0013028e5892}\Shell\AutoRun\command. (.Pas de propriétaire - Pas de description.) -- D:\LaunchU3.exe
O51 - MPSK:{33a18640-162c-11df-8d50-0013028e5892}\Shell\AutoRun\command. (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\WINDOWS\system32\wscript.exe
O51 - MPSK:{42a67bef-2c35-11df-ad76-0013028e5892}\Shell\AutoRun\command. (.Pas de propriétaire - Pas de description.) -- ystem32\RuNdLl32.exe
O51 - MPSK:{4445656b-dcee-11df-ae36-0013028e5892}\Shell\AutoRun\command. (.Pas de propriétaire - Pas de description.) -- ystem32\RuNdLl32.exe
O51 - MPSK:{6c890ad3-bd65-11dd-a8f6-806d6172696f}\Shell\AutoRun\command. (.Microsoft Corporation - Windows XP Version Checking Program.) -- E:\setupSNK.exe
O51 - MPSK:{b97e5a4a-2fe1-11de-8c83-0013028e5892}\Shell\AutoRun\command. (.Pas de propriétaire - Pas de description.) -- D:\LaunchU3.exe
O51 - MPSK:{becfd768-64f0-11df-adba-0013028e5892}\Shell\AutoRun\command. (.Pas de propriétaire - Pas de description.) -- ystem32\RuNdLl32.exe
O51 - MPSK:{d83c7c78-0ff7-11de-8c74-0013028e5892}\Shell\AutoRun\command. (.Pas de propriétaire - Pas de description.) -- D:\LaunchU3.exe
O51 - MPSK:{dfbe9f94-bf25-11df-ae16-0013028e5892}\Shell\AutoRun\command. (.Pas de propriétaire - Pas de description.) -- ystem32\RuNdLl32.exe


---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"msacm.trspch"="tssoft32.acm" . (.DSP GROUP, INC. - Codec audio TrueSpeech(TM) DSP Group pour MSACM V3.50.) -- C:\WINDOWS\System32\tssoft32.acm
O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\WINDOWS\System32\iccvid.dll
O52 - TDSD: \Drivers32\"VIDC.I420"="lvcodec2.dll" . (.Logitech - Video Codec.) -- C:\WINDOWS\System32\lvcodec2.dll
O52 - TDSD: \Drivers32\"vidc.iv31"="ir32_32.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ir32_32.dll
O52 - TDSD: \Drivers32\"vidc.iv32"="ir32_32.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ir32_32.dll
O52 - TDSD: \Drivers32\"vidc.iv41"="ir41_32.ax" . (.Intel Corporation - Intel Indeo® Video 4.5.) -- C:\WINDOWS\System32\ir41_32.ax
O52 - TDSD: \Drivers32\"msacm.sl_anet"="sl_anet.acm" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm
O52 - TDSD: \Drivers32\"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax
O52 - TDSD: \Drivers32\"vidc.iv50"="ir50_32.dll" . (.Intel Corporation - Intel Indeo® video 5.10.) -- C:\WINDOWS\System32\ir50_32.dll
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm
O52 - TDSD: \Drivers32\"VIDC.XVID"="xvidvfw.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\xvidvfw.dll
O52 - TDSD: \Drivers32\"VIDC.YV12"="DivX.dll" . (.DivX, Inc. - DivX.) -- C:\WINDOWS\System32\DivX.dll
O52 - TDSD: \Drivers32\"msacm.ac3acm"="ac3acm.acm" . (.fccHandler - AC-3 ACM Codec.) -- C:\WINDOWS\System32\ac3acm.acm
O52 - TDSD: \Drivers32\"msacm.lameacm"="LameACM.acm" . (.http://www.mp3dev.org/ - Lame MP3 codec engine.) -- C:\WINDOWS\System32\LameACM.acm
O52 - TDSD: \Drivers32\"VIDC.FFDS"="ff_vfw.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ff_vfw.dll
O52 - TDSD: \Drivers32\"vidc.DIVX"="DivX.dll" . (.DivX, Inc. - DivX.) -- C:\WINDOWS\System32\DivX.dll
O52 - TDSD: \drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm
O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\iac25_32.ax"="Indeo® audio software" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax
O52 - TDSD: \drivers.desc\"ir50_32.dll"="Indeo® video 5.10" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm
O52 - TDSD: \drivers.desc\"xvidvfw.dll"="Xvid MPEG-4 Video Codec v1.2-dev" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
O52 - TDSD: \drivers.desc\"lameACM.acm"="Lame ACM MP3 Codec" . (.http://www.mp3dev.org/ - Lame MP3 codec engine.) -- C:\WINDOWS\System32\lameACM.acm
O52 - TDSD: \drivers.desc\"ac3acm.acm"="AC-3 ACM Codec" . (.fccHandler - AC-3 ACM Codec.) -- C:\WINDOWS\System32\ac3acm.acm
O52 - TDSD: \drivers.desc\"ff_vfw.dll"="ffdshow video encoder" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ff_vfw.dll
O52 - TDSD: \drivers.desc\"DivX.dll"="DivX 6.8.5 Codec" . (.Pas de propriétaire - Pas de description.) -- (.not file.)


---\\ ShareTools MSconfig StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Acrobat Assistant 8.0 [Key] . (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
O53 - SMSR:HKLM\...\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} [Key] . (.Nero AG - Nero Home.) -- C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
O53 - SMSR:HKLM\...\startupreg\FreeCall [Key] . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe
O53 - SMSR:HKLM\...\startupreg\HP Software Update [Key] . (.Hewlett-Packard Co. - Hewlett-Packard Product Assistant.) -- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O53 - SMSR:HKLM\...\startupreg\LVCOMSX [Key] . (.Logitech - LVCom Server.) -- C:\WINDOWS\system32\LVCOMSX.exe
O53 - SMSR:HKLM\...\startupreg\NBKeyScan [Key] . (.Nero AG - Nero BackItUp.) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
O53 - SMSR:HKLM\...\startupreg\NeroFilterCheck [Key] . (.Nero AG - NeroCheck.) -- C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O53 - SMSR:HKLM\...\startupreg\PrnStatusMX [Key] . (.Marvell Semiconductor, Inc. - Status Monitor..) -- C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
O53 - SMSR:HKLM\...\startupreg\SunJavaUpdateSched [Key] . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Java\jre6\bin\jusched.exe
O53 - SMSR:HKLM\...\startupreg\swg [Key] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe


---\\ Microsoft Control Security Providers (MCSP) (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll
Sebas
 
Messages: 14
Inscription: 02 Nov 2010 10:21

Re: Problémes d'infections?????

Messagepar Sebas » 02 Nov 2010 12:47

9éme partie:

---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKCU\...\Policies\System] - "DisableRegistryTools"=1
O55 - MWPS:[HKCU\...\Policies\System] - "DisableCMD"=0


---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=145
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoFolderOptions"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "HonorAutoRunSetting"=1


---\\ Liste des Drivers Système (SDL) (O58)
O58 - SDL:[MD5.94321612E022BAED249BF6BC2B9DDF9E] - 14.04.2010 - 17:30:45 ---A- . (.ALWIL Software - avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP.) -- C:\WINDOWS\system32\drivers\aavmker4.sys
O58 - SDL:[MD5.0059FF74927A27395C5E190F9AA392DF] - 28.10.2007 - 16:35:14 ---A- . (.Protect Software GmbH - Filter Driver ProtectDisc.) -- C:\WINDOWS\system32\drivers\ACEDRV10.sys
O58 - SDL:[MD5.6625A32AD17A3FA6C7F405AEAC945AA7] - 26.10.2007 - 14:53:46 ---A- . (.Protect Software GmbH - ProtectDisc Filter Driver.) -- C:\WINDOWS\system32\drivers\acehlp10.sys
O58 - SDL:[MD5.12DAFD934641DCF61E446313BC261EC2] - 28.11.2008 - 17:12:03 ---A- . (.Meetinghouse Data Communications - IEEE 802.1X Protocol Driver.) -- C:\WINDOWS\system32\drivers\AegisP.sys
O58 - SDL:[MD5.B34B1AB0A7690A0E2301FEC6D17B2FC1] - 13.01.2009 - 19:25:20 ---A- . (.Oak Technology Inc. - Audio File System.) -- C:\WINDOWS\system32\drivers\AFS2K.SYS
O58 - SDL:[MD5.E9ED9B1036545DE0E03D5B1AE2B71720] - 09.09.2005 - 11:21:02 ---A- . (.Agere Systems - SoftModem Device Driver.) -- C:\WINDOWS\system32\drivers\AGRSM.sys
O58 - SDL:[MD5.7F7135C14ED4FB190AA75CB1FD1F14E8] - 14.04.2010 - 17:31:01 ---A- . (.ALWIL Software - avast! File System Access Blocking Driver.) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys
O58 - SDL:[MD5.098E3A9FFAE8CA693FAE7229F6E659B7] - 14.04.2010 - 17:31:09 ---A- . (.ALWIL Software - avast! File System Filter Driver for Windows NT/2000.) -- C:\WINDOWS\system32\drivers\aswmon.sys
O58 - SDL:[MD5.71A24FC1564C39CF834ACEC3396577E6] - 14.04.2010 - 17:31:12 ---A- . (.ALWIL Software - avast! File System Filter Driver for Windows XP.) -- C:\WINDOWS\system32\drivers\aswmon2.sys
O58 - SDL:[MD5.9A2F01E6BCECE7A1A1F39846E392CD41] - 14.04.2010 - 17:31:39 ---A- . (.ALWIL Software - avast! TDI RDR Driver.) -- C:\WINDOWS\system32\drivers\aswRdr.sys
O58 - SDL:[MD5.7DF85E2E544B505EE74D734A394E39C7] - 14.04.2010 - 17:35:25 ---A- . (.ALWIL Software - avast! self protection module.) -- C:\WINDOWS\system32\drivers\aswSP.sys
O58 - SDL:[MD5.9E82102B7249EF33A1CC132F26AFEAC4] - 14.04.2010 - 17:35:47 ---A- . (.ALWIL Software - avast! TDI Filter Driver.) -- C:\WINDOWS\system32\drivers\aswTdi.sys
O58 - SDL:[MD5.3292260A6AE8F328C7EF698B6EBD56E2] - 15.11.2002 - 11:15:08 ---A- . (.Broadcom Corporation - USB Driver for Bluetooth Adapter.) -- C:\WINDOWS\system32\drivers\bcbthub.sys
O58 - SDL:[MD5.18A1C728D04F071B9EC178496542117A] - 30.03.2006 - 17:45:22 ---A- . (.Bison Electronics. Inc. - Universal Serial Bus Camera Driver.) -- C:\WINDOWS\system32\drivers\BisonCam.sys
O58 - SDL:[MD5.F73D41FD3653FE64CC79610F7B240472] - 17.01.2006 - 10:21:52 ---A- . (.Broadcom Corporation. - Bluetooth Audio Device.) -- C:\WINDOWS\system32\drivers\btaudio.sys
O58 - SDL:[MD5.4EBD4EBFF01617FBDA6CE7963F150918] - 17.01.2006 - 10:18:22 ---A- . (.Broadcom Corporation. - Bluetooth Bus Enumerator.) -- C:\WINDOWS\system32\drivers\btkrnl.sys
O58 - SDL:[MD5.4854ED2EE57769B9527680978A9DD5B4] - 17.01.2006 - 10:15:36 ---A- . (.Broadcom Corporation. - Bluetooth BTPORT Driver for Windows 2000.) -- C:\WINDOWS\system32\drivers\btport.sys
O58 - SDL:[MD5.6D9F1D03D4EBA886E1626D856762B4F0] - 17.01.2006 - 10:19:46 ---A- . (.Broadcom Corporation. - Bluetooth Serial Driver for Windows 2000.) -- C:\WINDOWS\system32\drivers\btserial.sys
O58 - SDL:[MD5.79E93333584810F31DBFF47DC6C016A8] - 17.01.2006 - 10:19:38 ---A- . (.Broadcom Corporation. - Bluetooth Serial Driver for Windows 2000.) -- C:\WINDOWS\system32\drivers\btslbcsp.sys
O58 - SDL:[MD5.96708D343264ABAF8AD93C464B2FC9CA] - 17.01.2006 - 10:11:56 ---A- . (.Broadcom Corporation. - Bluetooth LAN Access Server Driver.) -- C:\WINDOWS\system32\drivers\btwdndis.sys
O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 07.09.2002 - 01:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\drivers\cinemst2.sys
O58 - SDL:[MD5.9624293E55AD405415862B504CA95B73] - 07.09.2002 - 01:00:00 ---A- . (.Compaq Computer Corporation - Compaq PA-1 Player Driver.) -- C:\WINDOWS\system32\drivers\cpqdap01.sys
O58 - SDL:[MD5.863CC3A82C63C9F60ACF2E85D5310620] - 09.03.2003 - 21:31:00 R--A- . (.HP - IEEE-1284.4-1999 Driver (Windows 2000).) -- C:\WINDOWS\system32\drivers\hpzid412.sys
O58 - SDL:[MD5.08CB72E95DD75B61F2966B311D0E4366] - 09.03.2003 - 21:31:02 R--A- . (.HP - IEEE-1284.4-1999 Print Class Driver.) -- C:\WINDOWS\system32\drivers\HPZipr12.sys
O58 - SDL:[MD5.CA990306ED4EF732AF9695BFF24FC96F] - 09.03.2003 - 21:31:02 R--A- . (.HP - 1284.4<->Usb Datalink Driver (Windows 2000).) -- C:\WINDOWS\system32\drivers\HPZius12.sys
O58 - SDL:[MD5.F05C634290C4E416FC3AD78F1FFC75C4] - 08.08.2007 - 09:33:38 ---A- . (.Ahead Software AG - NERO IMAGEDRIVE SCSI miniport.) -- C:\WINDOWS\system32\drivers\imagedrv.sys
O58 - SDL:[MD5.1238B6FB6472680B436AD2DAC07E5976] - 08.08.2007 - 09:33:40 ---A- . (.Ahead Software AG - Nero Image Server.) -- C:\WINDOWS\system32\drivers\imagesrv.sys
O58 - SDL:[MD5.9919E66D8E7B0C77B07A0852E1B38834] - 19.06.2006 - 12:20:00 ---A- . (.Logitech - USB Camera Driver.) -- C:\WINDOWS\system32\drivers\lv321av.sys
O58 - SDL:[MD5.FA974AD25CD6C1FC94380D7DC5271B0D] - 23.06.2006 - 10:40:58 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys
O58 - SDL:[MD5.B750D805A1E024E42096970AD01434CF] - 23.06.2006 - 10:40:58 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\drivers\LVPrcMon.sys
O58 - SDL:[MD5.DCC4677C583FB9563E31B565FC28EAA2] - 19.06.2006 - 12:16:00 ---A- . (.Logitech - USB Statistic Driver.) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys
O58 - SDL:[MD5.BE984D604D91C217355CDD3737AAD25D] - 07.09.2002 - 01:00:00 ---A- . (.S3/Diamond Multimedia Systems - NikeDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\nikedrv.sys
O58 - SDL:[MD5.F23C42377C118C7E6256F030BE388FCB] - 19.01.2006 - 08:43:00 ---A- . (.NVIDIA Corporation - NVIDIA Compatible Windows 2000 Miniport Driver, Version 83.60.) -- C:\WINDOWS\system32\drivers\nv4_mini.sys
O58 - SDL:[MD5.5B6C11DE7E839C05248CED8825470FEF] - 23.01.2009 - 20:33:44 ---A- . (.VSO Software - low level access layer for CD/DVD/BD devices.) -- C:\WINDOWS\system32\drivers\pcouffin.sys
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 07.09.2002 - 01:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\drivers\ptilink.sys
O58 - SDL:[MD5.2C4FB2E9F039287767C384E46EE91030] - 09.01.2009 - 15:18:02 R--A- . (.Research in Motion Ltd - RIM Virtual Serial Driver.) -- C:\WINDOWS\system32\drivers\RimSerial.sys
O58 - SDL:[MD5.F17713D108ACA124A139FDE877EEF68A] - 20.05.2008 - 17:33:50 ---A- . (.Research In Motion Limited - BlackBerry Device Driver.) -- C:\WINDOWS\system32\drivers\RimUsb.sys
O58 - SDL:[MD5.A56FE08EC7473E8580A390BB1081CDD7] - 07.09.2002 - 01:00:00 ---A- . (.S3/Diamond Multimedia Systems - Rio8Drv.sys Usb Driver.) -- C:\WINDOWS\system32\drivers\rio8drv.sys
O58 - SDL:[MD5.0A854DF84C77A0BE205BFEAB2AE4F0EC] - 07.09.2002 - 01:00:00 ---A- . (.S3/Diamond Multimedia Systems - RioDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\riodrv.sys
O58 - SDL:[MD5.D6E1B1BD04FAD422AF17FC4B810CB9AF] - 16.11.2005 - 16:08:16 ---A- . (.Realtek Semiconductor Corporation - Realtek 10/100/1000 NDIS 5.1 Driver.) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys
O58 - SDL:[MD5.90E1B42E49D9E91E5ACCAAAAEFA10CE8] - 13.01.2006 - 17:13:18 ---A- . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function Driver.) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys
O58 - SDL:[MD5.1CC074E0D48383D4E9BFFC6A26C2A58A] - 28.11.2005 - 12:09:26 ---A- . (.Intel Corporation - Intel WLAN Packet Driver.) -- C:\WINDOWS\system32\drivers\s24trans.sys
O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 13.04.2008 - 17:39:15 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\WINDOWS\system32\drivers\secdrv.sys
O58 - SDL:[MD5.78EE1200F915817C00FCFD7F4CEF1200] - 01.12.2008 - 02:56:13 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\drivers\sptd.sys
O58 - SDL:[MD5.0EDC3CF7B38F4260EB006C38E4A44DE4] - 23.06.2005 - 22:16:00 ---A- . (.Texas Instruments - tifm21.sys.) -- C:\WINDOWS\system32\drivers\tifm21.sys
O58 - SDL:[MD5.D74A8EC75305F1D3CFDE7C7FC1BD62A9] - 07.09.2002 - 01:00:00 ---A- . (.Toshiba Corporation - WDM Toshiba Tecra Video Capture Driver.) -- C:\WINDOWS\system32\drivers\tsbvcap.sys
O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 07.09.2002 - 01:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\drivers\vdmindvd.sys
O58 - SDL:[MD5.73395A19FC86461A151D3C330604E8B3] - 27.11.2005 - 07:36:08 ---A- . (.Intel® Corporation - Intel® Wireless LAN Driver.) -- C:\WINDOWS\system32\drivers\w39n51.sys
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 07.09.2002 - 01:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ansi.sys
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 07.09.2002 - 01:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\country.sys
O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 07.09.2002 - 01:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\himem.sys
O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 07.09.2002 - 01:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\key01.sys
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 03.08.2004 - 21:46:56 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\keyboard.sys
O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 07.09.2002 - 01:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos.sys
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 07.09.2002 - 01:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos404.sys
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 07.09.2002 - 01:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos411.sys
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 07.09.2002 - 01:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos412.sys
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 07.09.2002 - 01:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos804.sys
O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 03.08.2004 - 21:45:26 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio.sys
O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 03.08.2004 - 21:45:16 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio404.sys
O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 03.08.2004 - 21:45:12 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio411.sys
O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 03.08.2004 - 21:45:16 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio412.sys
O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 03.08.2004 - 21:45:14 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio804.sys


---\\ Liste des outils de nettoyage (LATC) (O63)
O63 - Logiciel: ZHPDiag 1.27 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1


---\\ Liste des services Legacy (LALS) (O64)
O64 - Services: CurCS - (.not file.) - avast! Asynchronous Virus Monitor (Aavmker4) .(.Pas de propriétaire - Pas de description.) - LEGACY_AAVMKER4
O64 - Services: CurCS - C:\WINDOWS\system32\drivers\acedrv10.sys - acedrv10 (acedrv10) .(.Protect Software GmbH - Filter Driver ProtectDisc.) - LEGACY_ACEDRV10
O64 - Services: CurCS - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe - Adobe LM Service (Adobe LM Service) .(.Pas de propriétaire - System Level Service Utilty.) - LEGACY_ADOBE_LM_SERVICE
O64 - Services: CurCS - C:\Windows\system32\DRIVERS\AegisP.sys - AEGIS Protocol (IEEE 802.1x) v3.4.9.0 (AegisP) .(.Meetinghouse Data Communications - IEEE 802.1X Protocol Driver.) - LEGACY_AEGISP
O64 - Services: CurCS - C:\WINDOWS\system32\drivers\afd.sys - AFD (AFD) .(.Microsoft Corporation - Ancillary Function Driver for WinSock.) - LEGACY_AFD
O64 - Services: CurCS - C:\WINDOWS\System32\alg.exe - Service de la passerelle de la couche Application (ALG) .(.Microsoft Corporation - Application Layer Gateway Service.) - LEGACY_ALG
O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Gestion d'applications (AppMgmt) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_APPMGMT
O64 - Services: CurCS - (.not file.) - aswFsBlk (aswFsBlk) .(.Pas de propriétaire - Pas de description.) - LEGACY_ASWFSBLK
O64 - Services: CurCS - (.not file.) - avast! Standard Shield Support (aswMon2) .(.Pas de propriétaire - Pas de description.) - LEGACY_ASWMON2
O64 - Services: CurCS - (.not file.) - aswRdr (aswRdr) .(.Pas de propriétaire - Pas de description.) - LEGACY_ASWRDR
O64 - Services: CurCS - (.not file.) - avast! Self Protection (aswSP) .(.Pas de propriétaire - Pas de description.) - LEGACY_ASWSP
O64 - Services: CurCS - (.not file.) - avast! Network Shield Support (aswTdi) .(.Pas de propriétaire - Pas de description.) - LEGACY_ASWTDI
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Audio Windows (AudioSrv) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_AUDIOSRV
O64 - Services: CurCS - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe - avast! Antivirus (avast! Antivirus) .(.ALWIL Software - avast! Service.) - LEGACY_AVAST!_ANTIVIRUS
O64 - Services: CurCS - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe - avast! Mail Scanner (avast! Mail Scanner) .(.ALWIL Software - avast! Service.) - LEGACY_AVAST!_MAIL_SCANNER
O64 - Services: CurCS - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe - avast! Web Scanner (avast! Web Scanner) .(.ALWIL Software - avast! Service.) - LEGACY_AVAST!_WEB_SCANNER
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\BEEP.sys - Beep (Beep) .(.Pas de propriétaire - Pas de description.) - LEGACY_BEEP
O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Service de transfert intelligent en arrière-plan (BITS) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_BITS
O64 - Services: CurCS - C:\Program Files\Bonjour\mDNSResponder.exe - ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) .(.Apple Computer, Inc. - Bonjour Service.) - LEGACY_BONJOUR_SERVICE
O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Explorateur d'ordinateur (Browser) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_BROWSER
O64 - Services: CurCS - C:\WINDOWS\system32\drivers\btserial.sys - Bluetooth Serial Driver (BTSERIAL) .(.Broadcom Corporation. - Bluetooth Serial Driver for Windows 2000.) - LEGACY_BTSERIAL
O64 - Services: CurCS - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe - Bluetooth Service (btwdins) .(.Broadcom Corporation. - Bluetooth Support Server.) - LEGACY_BTWDINS
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\CDFS.sys - cdfs (cdfs) .(.Pas de propriétaire - Pas de description.) - LEGACY_CDFS
O64 - Services: CurCS - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe - .NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) .(.Microsoft Corporation - .NET Runtime Optimization Service.) - LEGACY_CLR_OPTIMIZATION_V2.0.50727_32
O64 - Services: CurCS - C:\WINDOWS\system32\dllhost.exe - Application système COM+ (COMSysApp) .(.Microsoft Corporation - COM Surrogate.) - LEGACY_COMSYSAPP
O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Services de cryptographie (CryptSvc) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_CRYPTSVC
O64 - Services: CurCS - C:\WINDOWS\system32\svchost -k DcomLaunch (.not file.) - Lanceur de processus serveur DCOM (DcomLaunch) .(.Pas de propriétaire - Pas de description.) - LEGACY_DCOMLAUNCH
O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Client DHCP (Dhcp) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_DHCP
O64 - Services: CurCS - C:\WINDOWS\System32\dmadmin.exe - Service d'administration du Gestionnaire de disque logique (dmadmin) .(.Microsoft Corp., Veritas Software - Processus du service Gestionnaire de disque.) - LEGACY_DMADMIN
O64 - Services: CurCS - C:\Windows\system32\drivers\dmboot.sys - dmboot (dmboot) .(.Microsoft Corp., Veritas Software - Pilote de démarrage du gestionnaire de disq.) - LEGACY_DMBOOT
O64 - Services: CurCS - C:\Windows\system32\drivers\dmload.sys - dmload (dmload) .(.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) - LEGACY_DMLOAD
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Gestionnaire de disque logique (dmserver) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_DMSERVER
O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Client DNS (Dnscache) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_DNSCACHE
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Service de rapport d'erreurs (ERSvc) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_ERSVC
O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Système d'événements de COM+ (EventSystem) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_EVENTSYSTEM
O64 - Services: CurCS - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe - Intel(R) PROSet/Wireless Event Log (EvtEng) .(.Intel Corporation - Intel(R) PROSet/Wireless Event Log.) - LEGACY_EVTENG
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\FASTFAT.sys - fastfat (fastfat) .(.Pas de propriétaire - Pas de description.) - LEGACY_FASTFAT
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Compatibilité avec le Changement rapide d'utilisateur (FastUserSwitchingCompatibility) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_FASTUSERSWITCHINGCOMPATIBILITY
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\FIPS.sys - Fips (Fips) .(.Pas de propriétaire - Pas de description.) - LEGACY_FIPS
O64 - Services: CurCS - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe - FLEXnet Licensing Service (FLEXnet Licensing Service) .(.Macrovision Europe Ltd. - Activation Licensing Service.) - LEGACY_FLEXNET_LICENSING_SERVICE
O64 - Services: CurCS - C:\Windows\system32\drivers\fltmgr.sys - FltMgr (FltMgr) .(.Microsoft Corporation - Microsoft Filesystem Filter Manager.) - LEGACY_FLTMGR
O64 - Services: CurCS - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe - Windows Presentation Foundation Font Cache 3.0.0.0 (FontCache3.0.0.0) .(.Microsoft Corporation - PresentationFontCache.exe.) - LEGACY_FONTCACHE3.0.0.0
O64 - Services: CurCS - C:\Windows\system32\DRIVERS\fssfltr_tdi.sys - FssFltr (fssfltr) .(.Microsoft Corporation - Family Safety Filter Driver (TDI).) - LEGACY_FSSFLTR
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\FS_REC.sys - Fs_Rec (Fs_Rec) .(.Pas de propriétaire - Pas de description.) - LEGACY_FS_REC
O64 - Services: CurCS - C:\Windows\system32\DRIVERS\msgpc.sys - Classificateur de paquets générique (Gpc) .(.Microsoft Corporation - MS General Packet Classifier.) - LEGACY_GPC
O64 - Services: CurCS - C:\Program Files\Google\Update\GoogleUpdate.exe - Service Google Update (gupdate) (gupdate) .(.Google Inc. - Programme d'installation de Google.) - LEGACY_GUPDATE
O64 - Services: CurCS - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe - Google Software Updater (gusvc) .(.Google - gusvc.) - LEGACY_GUSVC
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Aide et support (helpsvc) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_HELPSVC
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - HID Input Service (HidServ) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_HIDSERV
O64 - Services: CurCS - C:\Windows\system32\Drivers\HTTP.sys - HTTP (HTTP) .(.Microsoft Corporation - HTTP Protocol Stack.) - LEGACY_HTTP
O64 - Services: CurCS - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe - Windows CardSpace (idsvc) .(.Microsoft Corporation - Windows CardSpace.) - LEGACY_IDSVC
O64 - Services: CurCS - C:\WINDOWS\system32\imapi.exe - Service COM de gravage de CD IMAPI (ImapiService) .(.Microsoft Corporation - API Image Mastering.) - LEGACY_IMAPISERVICE
O64 - Services: CurCS - C:\Windows\system32\DRIVERS\ipnat.sys - Traducteur d'adresses réseau IP (IpNat) .(.Microsoft Corporation - IP Network Address Translator.) - LEGACY_IPNAT
O64 - Services: CurCS - C:\Windows\system32\DRIVERS\ipsec.sys - Pilote IPSEC (IPSec) .(.Microsoft Corporation - IPSec Driver.) - LEGACY_IPSEC
O64 - Services: CurCS - C:\Program Files\Java\jre6\bin\jqs.exe - Java Quick Starter (JavaQuickStarterService) .(.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) - LEGACY_JAVAQUICKSTARTERSERVICE
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\KSECDD.sys - ksecdd (ksecdd) .(.Pas de propriétaire - Pas de description.) - LEGACY_KSECDD
O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Serveur (lanmanserver) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_LANMANSERVER
O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Station de travail (LanmanWorkstation) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_LANMANWORKSTATION
O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Assistance TCP/IP NetBIOS (LmHosts) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_LMHOSTS
O64 - Services: CurCS - C:\WINDOWS\system32\drivers\LVPrcMon.sys - Logitech LVPrcMon Driver (LVPrcMon) .(.Pas de propriétaire - Pas de description.) - LEGACY_LVPRCMON
O64 - Services: CurCS - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe - Logitech Process Monitor (LVPrcSrv) .(.Logitech - Logitech LVPrcSrv Module..) - LEGACY_LVPRCSRV
O64 - Services: CurCS - (.not file.) - Update Helper (lxzzvxo) .(.Pas de propriétaire - Pas de description.) - LEGACY_LXZZVXO
O64 - Services: CurCS - C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\mbr.sys (.not file.) - mbr (mbr) .(.Pas de propriétaire - Pas de description.) - LEGACY_MBR
O64 - Services: CurCS - C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.exe - Machine Debug Manager (MDM) .(.Microsoft Corporation - Machine Debug Manager.) - LEGACY_MDM
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\MNMDD.sys - mnmdd (mnmdd) .(.Pas de propriétaire - Pas de description.) - LEGACY_MNMDD
O64 - Services: CurCS - (.not file.) - mountmgr (mountmgr) .(.Pas de propriétaire - Pas de description.) - LEGACY_MOUNTMGR
O64 - Services: CurCS - C:\Windows\system32\DRIVERS\mrxdav.sys - Redirecteur client WebDav (MRxDAV) .(.Microsoft Corporation - Windows NT WebDav Minirdr.) - LEGACY_MRXDAV
O64 - Services: CurCS - C:\Windows\system32\DRIVERS\mrxsmb.sys - MRXSMB (MRxSmb) .(.Microsoft Corporation - Windows NT SMB Minirdr.) - LEGACY_MRXSMB
O64 - Services: CurCS - C:\WINDOWS\system32\msdtc.exe - Distributed Transaction Coordinator (MSDTC) .(.Microsoft Corporation - MS DTC console program.) - LEGACY_MSDTC
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\MSFS.sys - Msfs (Msfs) .(.Pas de propriétaire - Pas de description.) - LEGACY_MSFS
O64 - Services: CurCS - C:\WINDOWS\system32\msiexec.exe - Windows Installer (MSIServer) .(.Microsoft Corporation - Windows® installer.) - LEGACY_MSISERVER
O64 - Services: CurCS - (.not file.) - Mup (Mup) .(.Pas de propriétaire - Pas de description.) - LEGACY_MUP
O64 - Services: CurCS - (.not file.) - Pilote système NDIS (NDIS) .(.Pas de propriétaire - Pas de description.) - LEGACY_NDIS
O64 - Services: CurCS - C:\Windows\system32\DRIVERS\ndistapi.sys - Pilote TAPI NDIS d'accès distant (NdisTapi) .(.Microsoft Corporation - NDIS 3.0 connection wrapper driver.) - LEGACY_NDISTAPI
O64 - Services: CurCS - C:\Windows\system32\DRIVERS\ndisuio.sys - NDIS mode utilisateur E/S Protocole (Ndisuio) .(.Microsoft Corporation - NDIS User mode I/O Driver.) - LEGACY_NDISUIO
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\NDPROXY.sys - NDProxy (NDProxy) .(.Pas de propriétaire - Pas de description.) - LEGACY_NDPROXY
O64 - Services: CurCS - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe - Nero BackItUp Scheduler 3 (Nero BackItUp Scheduler 3) .(.Nero AG - Nero BackItUp.) - LEGACY_NERO_BACKITUP_SCHEDULER_3
O64 - Services: CurCS - C:\Windows\system32\DRIVERS\netbios.sys - Interface NetBIOS (NetBIOS) .(.Microsoft Corporation - NetBIOS interface driver.) - LEGACY_NETBIOS
O64 - Services: CurCS - C:\Windows\system32\DRIVERS\netbt.sys - NetBIOS sur TCP/IP (NetBT) .(.Microsoft Corporation - MBT Transport driver.) - LEGACY_NETBT
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Connexions réseau (Netman) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_NETMAN
O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - NLA (Network Location Awareness) (Nla) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_NLA
O64 - Services: CurCS - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe - NMIndexingService (NMIndexingService) .(.Nero AG - Nero Home.) - LEGACY_NMINDEXINGSERVICE
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\NPFS.sys - Npfs (Npfs) .(.Pas de propriétaire - Pas de description.) - LEGACY_NPFS
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\NTFS.sys - ntfs (ntfs) .(.Pas de propriétaire - Pas de description.) - LEGACY_NTFS
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\NULL.sys - Null (Null) .(.Pas de propriétaire - Pas de description.) - LEGACY_NULL
O64 - Services: CurCS - C:\WINDOWS\system32\nvsvc32.exe - NVIDIA Display Driver Service (NVSvc) .(.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 83.60.) - LEGACY_NVSVC
O64 - Services: CurCS - C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.exe - Office Source Engine (ose) .(.Microsoft Corporation - Office Source Engine.) - LEGACY_OSE
O64 - Services: CurCS - (.not file.) - PartMgr (PartMgr) .(.Pas de propriétaire - Pas de description.) - LEGACY_PARTMGR
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\PARVDM.sys - ParVdm (ParVdm) .(.Pas de propriétaire - Pas de description.) - LEGACY_PARVDM
O64 - Services: CurCS - C:\WINDOWS\system32\HPZipm12.exe - Pml Driver HPZ12 (Pml Driver HPZ12) .(.HP - PML Driver.) - LEGACY_PML_DRIVER_HPZ12
O64 - Services: CurCS - C:\WINDOWS\system32\lsass.exe - Services IPSEC (PolicyAgent) .(.Microsoft Corporation - LSA Shell (Export Version).) - LEGACY_POLICYAGENT
O64 - Services: CurCS - C:\WINDOWS\system32\lsass.exe - Emplacement protégé (ProtectedStorage) .(.Microsoft Corporation - LSA Shell (Export Version).) - LEGACY_PROTECTEDSTORAGE
O64 - Services: CurCS - C:\Windows\system32\DRIVERS\rasacd.sys - Pilote de connexion automatique d'accès distant (RasAcd) .(.Microsoft Corporation - RAS Automatic Connection Driver.) - LEGACY_RASACD
O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Gestionnaire de connexions d'accès distant (RasMan) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_RASMAN
O64 - Services: CurCS - C:\Windows\system32\DRIVERS\rdbss.sys - Rdbss (Rdbss) .(.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - LEGACY_RDBSS
O64 - Services: CurCS - C:\Windows\system32\DRIVERS\RDPCDD.sys - RDPCDD (RDPCDD) .(.Microsoft Corporation - RDP Miniport.) - LEGACY_RDPCDD
O64 - Services: CurCS - (.not file.) - RDPNP (RDPNP) .(.Pas de propriétaire - Pas de description.) - LEGACY_RDPNP
O64 - Services: CurCS - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe - Intel(R) PROSet/Wireless Registry Service (RegSrvc) .(.Intel Corporation - Intel(R) PROSet/Wireless Registry Service.) - LEGACY_REGSRVC
O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Accès à distance au Registre (RemoteRegistry) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_REMOTEREGISTRY
O64 - Services: CurCS - C:\WINDOWS\system32\svchost -k rpcss (.not file.) - Appel de procédure distante (RPC) (RpcSs) .(.Pas de propriétaire - Pas de description.) - LEGACY_RPCSS
O64 - Services: CurCS - C:\WINDOWS\system32\rsvp.exe - QoS RSVP (RSVP) .(.Microsoft Corporation - Microsoft RSVP.) - LEGACY_RSVP
O64 - Services: CurCS - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe - Intel(R) PROSet/Wireless Service (S24EventMonitor) .(.Intel Corporation - Wireless Management Service.) - LEGACY_S24EVENTMONITOR
O64 - Services: CurCS - C:\Windows\system32\DRIVERS\s24trans.sys - Transport RLAN (s24trans) .(.Intel Corporation - Intel WLAN Packet Driver.) - LEGACY_S24TRANS
O64 - Services: CurCS - C:\WINDOWS\system32\lsass.exe - Gestionnaire de comptes de sécurité (SamSs) .(.Microsoft Corporation - LSA Shell (Export Version).) - LEGACY_SAMSS
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Planificateur de tâches (Schedule) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SCHEDULE
O64 - Services: CurCS - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe - SeaPort (SeaPort) .(.Microsoft Corporation - Microsoft SeaPort Search Enhancement Broker.) - LEGACY_SEAPORT
O64 - Services: CurCS - C:\Windows\system32\DRIVERS\secdrv.sys - Secdrv (Secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Connexion secondaire (seclogon) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SECLOGON
O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Notification d'événement système (SENS) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SENS
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\SERIAL.sys - Serial (Serial) .(.Pas de propriétaire - Pas de description.) - LEGACY_SERIAL
O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Pare-feu Windows / Partage de connexion Internet (SharedAccess) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SHAREDACCESS
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Détection matériel noyau (ShellHWDetection) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SHELLHWDETECTION
O64 - Services: CurCS - C:\WINDOWS\system32\spoolsv.exe - Spouleur d'impression (Spooler) .(.Microsoft Corporation - Spooler SubSystem App.) - LEGACY_SPOOLER
O64 - Services: CurCS - C:\Windows\system32\Drivers\sptd.sys - sptd (sptd) .(.Pas de propriétaire - Pas de description.) - LEGACY_SPTD
O64 - Services: CurCS - C:\Windows\system32\DRIVERS\sr.sys - Pilote de filtre de restauration système (sr) .(.Microsoft Corporation - Pilote de filtre de système de fichiers pou.) - LEGACY_SR
O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Service de restauration système (srservice) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SRSERVICE
O64 - Services: CurCS - C:\Windows\system32\DRIVERS\srv.sys - Srv (Srv) .(.Microsoft Corporation - Server driver.) - LEGACY_SRV
O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Service de découvertes SSDP (SSDPSRV) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SSDPSRV
O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Acquisition d'image Windows (WIA) (stisvc) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_STISVC
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Téléphonie (TapiSrv) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_TAPISRV
O64 - Services: CurCS - C:\Windows\system32\DRIVERS\tcpip.sys - Pilote du protocole TCP/IP (Tcpip) .(.Microsoft Corporation - TCP/IP Protocol Driver.) - LEGACY_TCPIP
O64 - Services: CurCS - C:\WINDOWS\System32\svchost -k DComLaunch (.not file.) - Services Terminal Server (TermService) .(.Pas de propriétaire - Pas de description.) - LEGACY_TERMSERVICE
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Thèmes (Themes) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_THEMES
O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Client de suivi de lien distribué (TrkWks) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_TRKWKS
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\UDFS.sys - Udfs (Udfs) .(.Pas de propriétaire - Pas de description.) - LEGACY_UDFS
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\VGA.sys - vga (vga) .(.Pas de propriétaire - Pas de description.) - LEGACY_VGA
O64 - Services: CurCS - C:\WINDOWS\system32\drivers\vga.sys - VgaSave (VgaSave) .(.Microsoft Corporation - VGA/Super VGA Video Driver.) - LEGACY_VGASAVE
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\VOLSNAP.sys - VolSnap (VolSnap) .(.Pas de propriétaire - Pas de description.) - LEGACY_VOLSNAP
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Horloge Windows (W32Time) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_W32TIME
O64 - Services: CurCS - C:\Windows\system32\DRIVERS\wanarp.sys - Pilote ARP IP d'accès distant (Wanarp) .(.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - LEGACY_WANARP
O64 - Services: CurCS - C:\Windows\system32\DRIVERS\Wdf01000.sys - Wdf01000 (Wdf01000) .(.Microsoft Corporation - WDF Dynamic.) - LEGACY_WDF01000
O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - WebClient (WebClient) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WEBCLIENT
O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Infrastructure de gestion Windows (winmgmt) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WINMGMT
O64 - Services: CurCS - C:\WINDOWS\system32\wbem\wmiapsrv.exe - Carte de performance WMI (WmiApSrv) .(.Microsoft Corporation - Service de la carte de performance WMI.) - LEGACY_WMIAPSRV
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Centre de sécurité (wscsvc) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WSCSVC
O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Mises à jour automatiques (wuauserv) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WUAUSERV
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Configuration automatique sans fil (WZCSVC) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WZCSVC
O64 - Services: CurCS - (.not file.) - Windows Security (zjxxwelc) .(.Pas de propriétaire - Pas de description.) - LEGACY_ZJXXWELC
Sebas
 
Messages: 14
Inscription: 02 Nov 2010 10:21

Re: Problémes d'infections?????

Messagepar Sebas » 02 Nov 2010 12:49

Dérnière partie:

---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll
O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCR\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Adobe Systems, Inc. - Adobe Dreamweaver CS3.) -- C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe
O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe


---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe


---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {9D5BD211-422C-4164-9298-BB4186A30F31} [DefaultScope] - (Bing) - http://www.bing.com


---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
Run by Daniel Cerf at 02.11.2010 11:44:33
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spiy.sys >>UNKNOWN [0x89E00938]<<
kernel: MBR read successfully
user & kernel MBR OK


---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
MBRCheck, version 1.2.3 by ad13, http://ad13.geekstog
Run by Daniel Cerf at 02.11.2010 11:44:56
111 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: 8637A6CD1F8DC55758E12C0B860CDE1133CA5719
931 GB \\.\PhysicalDrive1 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
Dump file Name : C:\Program Files\ZHPDiag\MBRDump_11-02-10_11-44-56_PhysicalDrive0.bin


---\\ Recherche des services démarrés par Svchost (SSS) (O83)
O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Service Installation de logiciels.) -- C:\WINDOWS\System32\appmgmts.dll [176640]
O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Windows Audio Service.) -- C:\WINDOWS\System32\audiosrv.dll [42496]
O83 - Search Svchost Services: Browser (Browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\WINDOWS\System32\browser.dll [77824]
O83 - Search Svchost Services: CryptSvc (CryptSvc) . (.Microsoft Corporation - Cryptographic Services.) -- C:\WINDOWS\System32\cryptsvc.dll [62464]
O83 - Search Svchost Services: DMServer (DMServer) . (.Microsoft Corp. - DLL Service gestionnaire de disque logique.) -- C:\WINDOWS\System32\dmserver.dll [24576]
O83 - Search Svchost Services: DHCP (DHCP) . (.Microsoft Corporation - Service client DHCP.) -- C:\WINDOWS\System32\dhcpcsvc.dll [127488]
O83 - Search Svchost Services: ERSvc (ERSvc) . (.Microsoft Corporation - Windows Error Reporting Service.) -- C:\WINDOWS\System32\ersvc.dll [23040]
O83 - Search Svchost Services: EventSystem (EventSystem) . (.Microsoft Corporation - Pas de description.) -- C:\WINDOWS\system32\es.dll [253952]
O83 - Search Svchost Services: FastUserSwitchingCompatibility (FastUserSwitchingCompatibility) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\WINDOWS\System32\shsvcs.dll [135680]
O83 - Search Svchost Services: HidServ (HidServ) . (.Microsoft Corporation - HID Audio Service.) -- C:\WINDOWS\System32\hidserv.dll [21504]
O83 - Search Svchost Services: LanmanServer (LanmanServer) . (.Microsoft Corporation - Server Service DLL.) -- C:\WINDOWS\System32\srvsvc.dll [96768]
O83 - Search Svchost Services: LanmanWorkstation (LanmanWorkstation) . (.Microsoft Corporation - Workstation Service DLL.) -- C:\WINDOWS\System32\wkssvc.dll [132096]
O83 - Search Svchost Services: Messenger (Messenger) . (.Microsoft Corporation - NT Messenger Service.) -- C:\WINDOWS\System32\msgsvc.dll [33792]
O83 - Search Svchost Services: Netman (Netman) . (.Microsoft Corporation - Gestionnaire de connexions réseau.) -- C:\WINDOWS\System32\netman.dll [198144]
O83 - Search Svchost Services: Nla (Nla) . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\System32\mswsock.dll [247808]
O83 - Search Svchost Services: Ntmssvc (Ntmssvc) . (.Microsoft Corporation - Gestionnaire de stockage amovible.) -- C:\WINDOWS\system32\ntmssvc.dll [438272]
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\WINDOWS\System32\rasauto.dll [88576]
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\WINDOWS\System32\rasmans.dll [186368]
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\WINDOWS\System32\mprdim.dll [53248]
O83 - Search Svchost Services: Schedule (Schedule) . (.Microsoft Corporation - Moteur du Planificateur de tâches.) -- C:\WINDOWS\system32\schedsvc.dll [194560]
O83 - Search Svchost Services: Seclogon (Seclogon) . (.Microsoft Corporation - DLL de service d'ouverture de session secondaire.) -- C:\WINDOWS\System32\seclogon.dll [18944]
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\WINDOWS\system32\sens.dll [39424]
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Composants de l'application d'assistance à Microsoft NAT.) -- C:\WINDOWS\System32\ipnathlp.dll [332800]
O83 - Search Svchost Services: SRService (SRService) . (.Microsoft Corporation - Service de restauration du système.) -- C:\WINDOWS\system32\srsvc.dll [171520]
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Serveur de téléphonie Microsoft® Windows(TM).) -- C:\WINDOWS\System32\tapisrv.dll [249856]
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\WINDOWS\System32\shsvcs.dll [135680]
O83 - Search Svchost Services: TrkWks (TrkWks) . (.Microsoft Corporation - Distributed Link Tracking Client.) -- C:\WINDOWS\system32\trkwks.dll [90112]
O83 - Search Svchost Services: W32Time (W32Time) . (.Microsoft Corporation - Service de temps Windows.) -- C:\WINDOWS\system32\w32time.dll [178176]
O83 - Search Svchost Services: WZCSVC (WZCSVC) . (.Microsoft Corporation - Service configuration automatique sans fil.) -- C:\WINDOWS\System32\wzcsvc.dll [483840]
O83 - Search Svchost Services: Wmi (Wmi) . (.Microsoft Corporation - API avancées Windows 32.) -- C:\WINDOWS\System32\advapi32.dll [685568]
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\WINDOWS\system32\wbem\WMIsvc.dll [145408]
O83 - Search Svchost Services: wscsvc (wscsvc) . (.Microsoft Corporation - Windows Security Center Service.) -- C:\WINDOWS\system32\wscsvc.dll [80896]
O83 - Search Svchost Services: xmlprov (xmlprov) . (.Microsoft Corporation - Network Provisioning Service.) -- C:\WINDOWS\System32\xmlprov.dll [129024]
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Service de transfert intelligent en arrière-plan.) -- C:\WINDOWS\system32\qmgr.dll [409088]
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update AutoUpdate Service.) -- C:\WINDOWS\system32\wuauserv.dll [6656]
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\WINDOWS\System32\shsvcs.dll [135680]
O83 - Search Svchost Services: helpsvc (helpsvc) . (.Microsoft Corporation - Microsoft PCHealth Service Holder.) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400]
O83 - Search Svchost Services: WmdmPmSN (WmdmPmSN) . (.Microsoft Corporation - Microsoft Media Device Service Provider.) -- C:\WINDOWS\system32\MsPMSNSv.dll [27136]
O83 - Search Svchost Services: napagent (napagent) . (.Microsoft Corporation - Exécution du service Agent de quarantaine.) -- C:\WINDOWS\System32\qagentrt.dll [293376]
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Service Gestion des clés.) -- C:\WINDOWS\System32\kmsvc.dll [61440]


---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 25.11.2009 68096 | C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe LM Service) . (.Pas de propriétaire.) - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
SS - | Auto 14.04.2010 40384 | C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (avast! Antivirus) . (.ALWIL Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
SS - | Demand 14.04.2010 40384 | C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (avast! Mail Scanner) . (.ALWIL Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
SS - | Demand 14.04.2010 40384 | C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (avast! Web Scanner) . (.ALWIL Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
SR - | Auto 28.02.2006 229376 | C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service) . (.Apple Computer, Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 17.01.2006 266295 | C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
SS - | Demand 14.04.2008 225280 | C:\WINDOWS\System32\dmadmin.exe (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\System32\dmadmin.exe
SR - | Auto 28.11.2005 114753 | C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (EvtEng) . (.Intel Corporation.) - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
SS - | Demand 01.12.2008 654848 | C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Auto 29.01.2010 135664 | C:\Program Files\Google\Update\GoogleUpdate.exe (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 02.05.2009 182768 | C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Auto 17.07.2010 153376 | C:\Program Files\Java\jre6\bin\jqs.exe (JavaQuickStarterService) . (.Sun Microsystems, Inc..) - C:\Program Files\Java\jre6\bin\jqs.exe
SS - | Demand 17.07.2010 0 | C:\WINDOWS\system32\04.tmp (jkaehrnlq) . (.Pas de propriétaire.) - C:\WINDOWS\system32\04.tmp
SR - | Auto 23.06.2006 86016 | c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe (LVPrcSrv) . (.Logitech.) - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
SR - | Auto 08.08.2007 836904 | C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (Nero BackItUp Scheduler 3) . (.Nero AG.) - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
SS - | Demand 03.08.2007 382248 | C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe (NMIndexingService) . (.Nero AG.) - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
SR - | Auto 19.01.2006 143426 | C:\WINDOWS\system32\nvsvc32.exe (NVSvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvsvc32.exe
SS - | Demand 09.03.2003 65795 | C:\WINDOWS\system32\HPZipm12.exe (Pml Driver HPZ12) . (.HP.) - C:\WINDOWS\system32\HPZipm12.exe
SR - | Auto 28.11.2005 217164 | C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (RegSrvc) . (.Intel Corporation.) - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
SR - | Auto 28.11.2005 540745 | C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (S24EventMonitor) . (.Intel Corporation.) - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe



End of the scan (1315 lines in 00mn 32s)(0)
Sebas
 
Messages: 14
Inscription: 02 Nov 2010 10:21

Re: Problémes d'infections?????

Messagepar Sebas » 02 Nov 2010 12:51

Voila et merci.
Sebas
 
Messages: 14
Inscription: 02 Nov 2010 10:21

Re: Problémes d'infections?????

Messagepar Sebas » 02 Nov 2010 13:26

Re,
Et aussi, je ne sias pas si cela a à voir avec le même probléme, mais lorsque je ferme un document Word, il me demande toujours d'enregistrer un document normal.dot
Je cliques non, et voila que tout ce bloque durant quelques secondes avant d'arriver sur la page de "ce programme ne réponds pas...."
Voila pour l'info suplémentaire.
Sebas
 
Messages: 14
Inscription: 02 Nov 2010 10:21

Re: Problémes d'infections?????

Messagepar Florinator » 02 Nov 2010 22:02

Bonsoir,

Oui, et bien ton pc est effectivement bien infecté, je vais t'aider à te débarrasser de tout ça, je pense que certains de tes problèmes vont disparaître ainsi:

Télécharge MBAM

  • Installe le
  • Lance l'outil
  • Coche "Executer un examen complet"
  • Si tu es en présence d'une infection à la fin de l'examen clique sur "ok"
  • Clique sur Supprimer la sélection
  • Pour poster le rapport clique sur l'onglet Rapports/Log et
  • Sélectionne celui t'intéresse et clique sur Ouvrir
  • Fait copier coller et poste le rapport stp

A++
Le savoir n'est utile que si il est transmis.
Avatar de l’utilisateur
Florinator
Maître Libellulien
Maître Libellulien
 
Messages: 661
Inscription: 28 Déc 2009 16:19

Re: Problémes d'infections?????

Messagepar Sebas » 03 Nov 2010 13:58

Ok et merci du tuyau.
Cela à mis du temps, mais voila le rapport.
En éspèrant que cela te soit utile.

Merci et a +.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 5030

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

03.11.2010 13:48:01
mbam-log-2010-11-03 (13-48-01).txt

Type d'examen: Examen complet (C:\|D:\|E:\|)
Elément(s) analysé(s): 314488
Temps écoulé: 1 heure(s), 47 minute(s), 3 seconde(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 5
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 177

Processus mémoire infecté(s):
C:\Documents and Settings\Daniel Cerf\winternet.exe (Redir.ChercheUs) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Recherche avec cherche.us (Redir.ChercheUs) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\chatflirty.com (Trojan.SearchPage) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winternet (Redir.ChercheUs) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tok-cirrhatus (Worm.Brontok) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bron-spizaetus (Worm.Brontok) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.chatflirty.com (Trojan.SearchPage) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Worm.Brontok) -> Data: c:\windows\eksplorasi.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe "C:\WINDOWS\eksplorasi.exe") Good: (Explorer.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Documents and Settings\Daniel Cerf\Local Settings\Application Data\Bron.tok-12-1 (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel Cerf\Local Settings\Application Data\Bron.tok-12-3 (Worm.Brontok) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\Daniel Cerf\winternet.exe (Redir.ChercheUs) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel Cerf\Local Settings\Application Data\smss.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\WINDOWS\SHELLNEW\sempalong.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel Cerf\Bureau\Dossiers terminés\alan king\alan king.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel Cerf\Bureau\KIWI BAR\carte boissons\carte boissons.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel Cerf\Local Settings\Application Data\csrss.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel Cerf\Menu Démarrer\Programmes\Démarrage\Empty.pif (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel Cerf\Mes documents\Mes documents.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel Cerf\Mes documents\carte boissons\carte boissons.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel Cerf\Mes documents\musique\Ma musique\Ma musique.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel Cerf\Mes documents\PcSetup\PcSetup.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel Cerf\Mes documents\rachida factures\rachida factures.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel Cerf\Mes documents\Downloaded Installations\Adobe Dreamweaver CS3\Adobe Dreamweaver CS3.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel Cerf\Mes documents\Downloaded Installations\Adobe Dreamweaver CS3\payloads\payloads.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel Cerf\Mes documents\Downloaded Installations\Adobe Dreamweaver CS3\payloads\AdobeALMAnchorServiceAll\AdobeALMAnchorServiceAll.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel Cerf\Mes documents\Downloaded Installations\Adobe Dreamweaver CS3\payloads\AdobeAssetServices3All\AdobeAssetServices3All.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel Cerf\Mes documents\Downloaded Installations\Adobe Dreamweaver CS3\payloads\AdobeAUM5.1All\AdobeAUM5.1All`.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel Cerf\Mes documents\Downloaded Installations\Adobe Dreamweaver CS3\payloads\AdobeBridge2All\AdobeBridge2All.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel Cerf\Mes documents\Downloaded Installations\Adobe Dreamweaver CS3\payloads\AdobeCameraRaw4.0All\AdobeCameraRaw4.0All`.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel Cerf\Mes documents\Downloaded Installations\Adobe Dreamweaver CS3\payloads\AdobeCMapsAll\AdobeCMapsAll.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel Cerf\Mes documents\Downloaded Installations\Adobe Dreamweaver CS3\payloads\AdobeDefaultLanguageCS3All\AdobeDefaultLanguageCS3All.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel Cerf\Mes documents\Downloaded Installations\Adobe Dreamweaver CS3\payloads\AdobeDeviceCentralAll\AdobeDeviceCentralAll.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel Cerf\Mes documents\Downloaded Installations\Adobe Dreamweaver CS3\payloads\AdobeDeviceCentralAll\oem\Adobe Device Central CS3\Adobe Device Central CS3.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel Cerf\Mes documents\Downloaded Installations\Adobe Dreamweaver CS3\payloads\AdobeDreamweaver9en_US\AdobeDreamweaver9en_US.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel Cerf\Mes documents\Downloaded Installations\Adobe Dreamweaver CS3\payloads\AdobeExtendScriptToolKitAll\AdobeExtendScriptToolKitAll.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel Cerf\Mes documents\Downloaded Installations\Adobe Dreamweaver CS3\payloads\AdobeExtensionManager1.8All\AdobeExtensionManager1.8All`.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel Cerf\Mes documents\Downloaded Installations\Adobe Dreamweaver CS3\payloads\AdobeHelpViewerAll\AdobeHelpViewerAll.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel Cerf\Mes documents\Downloaded Installations\Adobe Dreamweaver CS3\payloads\AdobePDFL8All\AdobePDFL8All.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel Cerf\Mes documents\Downloaded Installations\Adobe Dreamweaver CS3\payloads\AdobeTypeSupportAll\AdobeTypeSupportAll.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel Cerf\Mes documents\Downloaded Installations\Adobe Dreamweaver CS3\payloads\AdobeVersionCueClient3All\AdobeVersionCueClient3All.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel Cerf\Mes documents\Downloaded Installations\Adobe Dreamweaver CS3\payloads\BridgeStartMeeting\BridgeStartMeeting.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel Cerf\Mes documents\Downloaded Installations\Adobe Dreamweaver CS3\redist\redist.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel Cerf\Mes documents\Downloaded Installations\Adobe Dreamweaver CS3\resources\resources.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel Cerf\Mes documents\Downloaded Installations\Adobe Dreamweaver CS3\resources\common\alert\alert.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel Cerf\Mes documents\Downloaded Installations\Adobe Dreamweaver CS3\resources\common\scripts\scripts.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel Cerf\Mes documents\Downloaded Installations\Adobe Dreamweaver CS3\resources\media\css\css.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel Cerf\Mes documents\Downloaded Installations\Adobe Dreamweaver CS3\resources\media\img\img.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel Cerf\Mes documents\Downloads\Downloads.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel Cerf\Mes documents\tickets auto\tickets auto.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel Cerf\Mes documents\Téléchargements\Téléchargements.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel Cerf\Mes documents\Version Cue\Version Cue.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel Cerf\Mes documents\videos avril09\videos avril09.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel Cerf\Mes documents\videos avril09\dreamweaver 8\dreamweaver 8.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel Cerf\Mes documents\videos avril09\dreamweaver 8\Keygen\keygen.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel Cerf\Mes documents\videos avril09\DreamWeaver CS3 by phoenixion\DreamWeaver CS3 by phoenixion.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel Cerf\Mes documents\videos avril09\DreamWeaver CS3 by phoenixion\Crack\Crack.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel Cerf\Mes documents\Mes vidéos\Mes vidéos.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel Cerf\Mes documents\EuroSoft Software Development\EuroSoft Software Development.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel Cerf\Mes documents\EuroSoft Software Development\MaxiCompte\MaxiCompte.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel Cerf\Mes documents\EuroSoft Software Development\MaxiCompte\Data\Access\Access.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel Cerf\Mes documents\EuroSoft Software Development\MaxiCompte\Data\Images\Images.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel Cerf\Mes documents\EuroSoft Software Development\MaxiCompte\Html\Temp\Temp.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel Cerf\Mes documents\gegl-0.0\plug-ins\plug-ins.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel Cerf\Modèles\Brengkolang.com (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP1\A0000036.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP1\A0000008.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP1\A0000009.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP1\A0000010.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP1\A0000011.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP1\A0000012.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP1\A0000031.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP1\A0000032.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP1\A0000033.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP1\A0000034.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP1\A0000035.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP1\A0000037.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP1\A0000038.com (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP1\A0000039.scr (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP1\A0000040.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP2\A0000049.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP2\A0000050.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP2\A0000051.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP2\A0000052.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP2\A0000053.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP2\A0000068.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP2\A0000069.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP2\A0000070.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP2\A0000071.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP2\A0000073.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP2\A0000074.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP2\A0000075.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP2\A0000076.com (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP2\A0000077.scr (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP2\A0000078.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP3\A0000107.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP3\A0000090.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP3\A0000091.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP3\A0000092.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP3\A0000093.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP3\A0000094.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP3\A0000102.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP3\A0000103.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP3\A0000104.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP3\A0000105.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP3\A0000108.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP3\A0000109.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP3\A0000110.com (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP3\A0000111.scr (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP3\A0000112.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP4\A0000119.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP4\A0000120.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP4\A0000121.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP4\A0000122.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP4\A0000244.com (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP4\A0000228.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP4\A0000237.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP4\A0000238.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP4\A0000239.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP4\A0000240.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP4\A0000241.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP4\A0000242.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP4\A0000243.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP4\A0000245.scr (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP4\A0000246.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP4\A0000252.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP4\A0000253.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP4\A0000254.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP4\A0000255.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP4\A0000256.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP4\A0000257.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP4\A0000258.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP4\A0000259.com (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP4\A0000260.scr (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP4\A0000261.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP4\A0000267.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP4\A0000268.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP4\A0000269.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP4\A0000270.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP4\A0000271.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP4\A0000272.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP4\A0000273.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP4\A0000274.com (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP4\A0000275.scr (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP4\A0000276.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP5\A0000282.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP5\A0000283.scr (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP5\A0000284.com (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP5\A0000285.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP5\A0000286.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP5\A0000287.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP5\A0000288.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP5\A0000289.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP5\A0000290.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP5\A0000291.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP5\A0000347.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP5\A0000348.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP5\A0000349.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP5\A0000350.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP5\A0000352.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP5\A0000354.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP5\A0000355.com (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP5\A0000356.scr (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP5\A0000357.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP5\A0000370.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP5\A0000371.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP5\A0000372.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP5\A0000373.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP5\A0000374.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP5\A0000375.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP5\A0000378.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP5\A0000379.com (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP5\A0000380.scr (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP5\A0000381.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP5\A0000351.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP7\A0000432.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP7\A0000433.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP7\A0000434.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP7\A0000435.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP7\A0000436.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP7\A0000437.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP7\A0000440.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP7\A0000441.com (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP7\A0000442.scr (Worm.Brontok) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9EC41D85-43A1-49FD-B455-F7C744EC763D}\RP7\A0000443.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\WINDOWS\eksplorasi.exe (Worm.Brontok) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Daniel Cerf's Setting.scr (Worm.Brontok) -> Quarantined and deleted successfully.
E:\Daniel\Application Data\WinButler\WinBuninstaller.exe (Adware.WinButler) -> Quarantined and deleted successfully.
Sebas
 
Messages: 14
Inscription: 02 Nov 2010 10:21

Re: Problémes d'infections?????

Messagepar Florinator » 03 Nov 2010 21:24

Ok, on va continuer les supressions:

Télécharge ZebRestore
Lance le ,et choisis l'option "Réinitialiser les fichiers Host"

On continu:

Télécharge GMer

  • Clique sur "Download EXE"
  • Sauvegarde-le sur ton Bureau (le nom est aléatoire)

NB:Sauvegarde ces instructions dans un fichier texte ou imprime-les, car tu devras fermer le navigateur.

  • Fais un clique droit dessus ((le nom comporte 8 chiffres/lettres aléatoires) et "Exécuter en tant qu'administrateur"
  • Déconnecte toi d'Internet puis ferme tous les programmes.

NB:Si l'outil te lance un warning d'activité de rootkit et te demande de faire un scan , clique "NO"

  • Dans la section de droite de la fenêtre de l'outil, décoche l'option suivante IAT/EAT
  • Assure-toi que "Show All" est décoché
  • Clique sur "Scan" et patiente (cela peut prendre 10 minutes ou +)
  • Une fois fini, clique sur le bouton "Save..." (au bas à droite) ;
  • Nomme le fichier "Florinator" et sauvegarde-le sur le Bureau ;
  • Copie/colle le contenu de ce rapport dans ta réponse.

A++
Le savoir n'est utile que si il est transmis.
Avatar de l’utilisateur
Florinator
Maître Libellulien
Maître Libellulien
 
Messages: 661
Inscription: 28 Déc 2009 16:19


Retourner vers Désinfections et demandes d'analyse

Qui est en ligne

Utilisateurs parcourant ce forum: jean4812 et 0 invités