Infection par w32/xor-encoded.a

Résolu
pandax27 Messages postés 38 Statut Membre -  
chimay8 Messages postés 7947 Statut Contributeur sécurité -
Bonjour,
Mon PC portable (HP pavillon dv6000) est infecté par w32/xor.encoded.a , les sympyômes sont : la barre d'outils/de tâches ne fonctionnent plus ainsi que le menu demarrer et le processeur tourne au minimum à 50% (chose inhabituelle). Mon systeme est vista premium et l'antivirus est norton 360. Pouvez-vous m'aider à nettoyer mon ordi ?
D'avance merci.
Je poste le dernier rapport fait en ligne avec panda security :

;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-01-03 20:44:35
PROTECTIONS: 3
MALWARE: 10
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Windows Defender 1.1.4205.0 No Yes
Norton 360 8.2.0.81 No No
Norton Antivirus Internet Security 2008 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\PANDA\AppData\Roaming\Microsoft\Windows\Cookies\Low\panda@doubleclick[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\PANDA\AppData\Roaming\Microsoft\Windows\Cookies\Low\panda@247realmedia[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\PANDA\AppData\Roaming\Microsoft\Windows\Cookies\panda@mediaplex[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\PANDA\AppData\Roaming\Microsoft\Windows\Cookies\Low\panda@com[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\PANDA\AppData\Roaming\Microsoft\Windows\Cookies\Low\panda@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\PANDA\AppData\Roaming\Microsoft\Windows\Cookies\panda@xiti[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\PANDA\AppData\Roaming\Microsoft\Windows\Cookies\panda@apmebf[1].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Users\PANDA\AppData\Roaming\Microsoft\Windows\Cookies\panda@statse.webtrendslive[1].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Users\PANDA\AppData\Roaming\Microsoft\Windows\Cookies\Low\panda@statse.webtrendslive[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\PANDA\AppData\Roaming\Microsoft\Windows\Cookies\Low\panda@bluestreak[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\PANDA\AppData\Roaming\Microsoft\Windows\Cookies\panda@bluestreak[1].txt
03009106 W32/Xor-encoded.A Virus No 0 No No C:\Users\PANDA\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0cec6dcf\Report.cab[ecwaosw.exe.xor]
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Users\PANDA\Downloads\ComboFix.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Users\PANDA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M6EE7PVF\ComboFix[1].exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location ���{��C5
;===================================================================================================================================================================================
No C:\Program Files\Image-Line\FLStudio5\Fl.exe ���{��C5
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description ���{��C5
;===================================================================================================================================================================================
184379 MEDIUM MS08-001 ���{��C5
182048 HIGH MS07-069 ���{��C5
182043 HIGH MS07-064 ���{��C5
176382 HIGH MS07-057 ���{��C5
170906 HIGH MS07-045 ���{��C5
164913 HIGH MS07-033 ���{��C5
160623 HIGH MS07-027 ���{��C5
;===================================================================================================================================================================================
Configuration: Windows Vista
Internet Explorer 7.0

44 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Une infection par W32/Xor-encoded.A sur un PC sous Windows Vista Premium provoque des plantages de l'explorateur, des dysfonctionnements de la barre des tâches et du menu Démarrer, et une utilisation CPU élevée. Plusieurs outils et méthodes ont été évoqués pour nettoyer, tels que l'analyse avec Panda Security en ligne, Norton 360, et d'autres solutions qui détectent des maliciels et des cookies de suivi. D'autres propositions recommandent des outils complémentaires comme RSIT, Malwarebytes, Spybot S&D et des scans répétés, puis la remise en place progressive des éléments système après désinfection. Une information nouvelle ou nuance utile: l'obtention de rapports log et la vérification de l'impact des vulnérabilités et des composants démarrés peut être nécessaire pour évaluer la persistance de l'infection.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. pandax27 Messages postés 38 Statut Membre 1
     
    Existe-t-il vraiment un moyen de me débarasser de ce putain de w32/xor.encoded.a?
    1
  2. pandax27 Messages postés 38 Statut Membre 1
     
    Bonsoir ezekielo,

    J'ai essayé ccleaner puis redémarré le PC mais rien n'y change...
    0
  3. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  4. ezekielo
     
    tu a deux troyen aussi aplé trojen
    0
  5. pandax27 Messages postés 38 Statut Membre 1
     
    Merci pour le lien.
    En telechargeant spybot windows m'a notifié que je devais l'installer en tant qu'administrateur...bon,le programme s'est quand meme executer et j'ai pû faire le scan. Je t'envoi le rapport que j'ai trouvé dans le mode détaillé de spybot :

    --- Search result list ---
    Hint of the Day: Click the bar at the right of this to see more information! ()

    Félicitations!: Aucun mouchard n'a été trouvé. ()

    --- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---

    2008-07-07 blindman.exe (1.0.0.8)
    2008-07-07 SDFiles.exe (1.6.0.4)
    2008-07-07 SDMain.exe (1.0.0.6)
    2008-07-07 SDShred.exe (1.0.2.3)
    2008-07-07 SDUpdate.exe (1.6.0.8)
    2008-07-07 SDWinSec.exe (1.0.0.12)
    2008-07-07 SpybotSD.exe (1.6.0.30)
    2008-07-07 TeaTimer.exe (1.6.0.20)
    2009-01-04 unins000.exe (51.49.0.0)
    2008-07-07 Update.exe (1.6.0.7)
    2008-07-07 advcheck.dll (1.6.1.12)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2008-07-07 SDHelper.dll (1.6.0.12)
    2008-06-19 sqlite3.dll
    2008-07-07 Tools.dll (2.1.5.7)
    2008-11-04 Includes\Adware.sbi (*)
    2008-12-29 Includes\AdwareC.sbi (*)
    2008-06-03 Includes\Cookies.sbi (*)
    2008-09-02 Includes\Dialer.sbi (*)
    2008-09-09 Includes\DialerC.sbi (*)
    2008-07-23 Includes\HeavyDuty.sbi (*)
    2008-11-18 Includes\Hijackers.sbi (*)
    2008-12-22 Includes\HijackersC.sbi (*)
    2008-12-09 Includes\Keyloggers.sbi (*)
    2008-12-22 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2008-11-18 Includes\Malware.sbi (*)
    2008-12-29 Includes\MalwareC.sbi (*)
    2008-12-16 Includes\PUPS.sbi (*)
    2008-12-16 Includes\PUPSC.sbi (*)
    2007-11-07 Includes\Revision.sbi (*)
    2008-06-18 Includes\Security.sbi (*)
    2008-12-29 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2008-12-10 Includes\Spyware.sbi (*)
    2008-12-10 Includes\SpywareC.sbi (*)
    2008-06-03 Includes\Tracks.uti
    2008-12-29 Includes\Trojans.sbi (*)
    2008-12-29 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll

    --- System information ---
    Windows Vista (Build: 6000) (6.0.6000)

    --- Startup entries list ---
    Located: HK_LM:Run, Adobe Reader Speed Launcher
    command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    size: 39792
    MD5: 392845E8D49B5F0E81AAC4D795000A8C

    Located: HK_LM:Run, avgnt
    command: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    file: C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    size: 266497
    MD5: 6E812818306D460D62B4ABEA9FDC6679

    Located: HK_LM:Run, ccApp
    command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    size: 51048
    MD5: B01902E9451B3D39DC5CAFDC9B9B398C

    Located: HK_LM:Run, CognizanceTS
    command: rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
    file: c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll
    size: 17920
    MD5: 09B9F07E4D91B4EC48D7271110136881

    Located: HK_LM:Run, DJ Console Mk2
    command: C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe -hide
    file: C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe
    size: 218664
    MD5: FEF91C7E13AF76CB1EE2EB61AE77C2CD

    Located: HK_LM:Run, Hercules DJ Series
    command: C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot
    file: C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe
    size: 484648
    MD5: FC33E89D61BCA700AEC36A3D977135E9

    Located: HK_LM:Run, HP Health Check Scheduler
    command: C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    file: C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    size: 50696
    MD5: 06B28C3CFD5C995B82F5EF1E5A0A576C

    Located: HK_LM:Run, HP Software Update
    command: C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    file: C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    size: 54840
    MD5: 21293443961A4E2597453EE7A9347F22

    Located: HK_LM:Run, hpWirelessAssistant
    command: %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    file: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    size: 472776
    MD5: AF849798ECA383184C88ED436CF3EFB2

    Located: HK_LM:Run, IAAnotif
    command: C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    file: C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    size: 174872
    MD5: C7C70AE1DE8F0FCC8F2431C5D15632DF

    Located: HK_LM:Run, MSConfig
    command: "C:\Windows\System32\msconfig.exe" /auto
    file: C:\Windows\System32\msconfig.exe
    size: 222208
    MD5: 1BB128A09911A936E8EFC30C3F6C597C

    Located: HK_LM:Run, NvCplDaemon
    command: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    file: C:\Windows\system32\NvCpl.dll
    size: 13556256
    MD5: FEDDAB61F1C79D1A2AD7E7A9690B5B24

    Located: HK_LM:Run, NvMediaCenter
    command: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    file: C:\Windows\system32\NvMcTray.dll
    size: 92704
    MD5: AB9391E6DF6DADCD5A237216F3CAC2B7

    Located: HK_LM:Run, osCheck
    command: "C:\Program Files\Norton 360\osCheck.exe"
    file: C:\Program Files\Norton 360\osCheck.exe
    size: 988512
    MD5: 956740878FF68E493C1D9923C65C9A20

    Located: HK_LM:Run, QlbCtrl
    command: %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    file: C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    size: 159744
    MD5: A04BE1DBBA0E554B2F33555CCBA5F969

    Located: HK_LM:Run, QPService
    command: "C:\Program Files\HP\QuickPlay\QPService.exe"
    file: C:\Program Files\HP\QuickPlay\QPService.exe
    size: 176128
    MD5: 041AF1711BF3D6BFF12FD9D28F0AC303

    Located: HK_LM:Run, RtHDVCpl
    command: RtHDVCpl.exe
    file: C:\Windows\RtHDVCpl.exe
    size: 4390912
    MD5: 6F77B5BA086729378197CAA18DBDCB29

    Located: HK_LM:Run, SMSERIAL
    command: C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    file: C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    size: 729088
    MD5: 04870A30820F902AAB828317C3B5E897

    Located: HK_LM:Run, SunJavaUpdateSched
    command: "C:\Program Files\Java\jre6\bin\jusched.exe"
    file: C:\Program Files\Java\jre6\bin\jusched.exe
    size: 136600
    MD5: B98FFA8288EFAABC436C30D198608345

    Located: HK_LM:Run, SynTPEnh
    command: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    size: 1045800
    MD5: 62B3C9786081ECAAB272A118408D2817

    Located: HK_LM:Run, WAWifiMessage
    command: %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    file: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    size: 317128
    MD5: F533507FE318B46629E84DF630A316F8

    Located: HK_LM:Run, Windows Mobile-based device management
    command: %windir%\WindowsMobile\wmdSync.exe
    file: C:\Windows\WindowsMobile\wmdSync.exe
    size: 215552
    MD5: 4AB05041D5C922B9A7A5D9059F5538CD

    Located: HK_LM:RunOnce, Launcher
    command: %WINDIR%\SMINST\launcher.exe
    file: C:\Windows\SMINST\launcher.exe
    size: 44128
    MD5: 50ECAA360582260ACC5E1495CC34A22E

    Located: HK_CU:Run, ehTray.exe
    where: S-1-5-21-733741292-2615198191-2379931871-1000...
    command: C:\Windows\ehome\ehTray.exe
    file: C:\Windows\ehome\ehTray.exe
    size: 125440
    MD5: 2E0953919779A44BF9DFB7B07C58535A

    Located: HK_CU:Run, Sidebar
    where: S-1-5-21-733741292-2615198191-2379931871-1000...
    command: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    file: C:\Program Files\Windows Sidebar\sidebar.exe
    size: 1232896
    MD5: 582F3A0BA61D8F0D50C66B592808B6D6

    Located: HK_CU:Run, SpybotSD TeaTimer
    where: S-1-5-21-733741292-2615198191-2379931871-1000...
    command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    size: 2156368
    MD5: 08FC1FAD357F053043016597B6559BDC

    Located: HK_CU:Run, WMPNSCFG
    where: S-1-5-21-733741292-2615198191-2379931871-1000...
    command: C:\Program Files\Windows Media Player\WMPNSCFG.exe
    file: C:\Program Files\Windows Media Player\WMPNSCFG.exe
    size: 201728
    MD5: 20EF9002CFF89C4C1077E4415EC7297B

    Located: Démarrage (tous utilisateurs), BTTray.lnk
    where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
    command: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    file: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    size: 719664
    MD5: 13C4E87CF239C73F6DDF64D14FF2480D

    Located: Démarrage (tous utilisateurs), Service Manager.lnk
    where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
    command: C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    file: C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    size: 74308
    MD5: A6455ADF66EE2FDD53B81AAE74F40C4C

    Located: Démarrage (tous utilisateurs), WinZip Quick Pick.lnk
    where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
    command: C:\Program Files\WinZip\WZQKPICK.EXE
    file: C:\Program Files\WinZip\WZQKPICK.EXE
    size: 106560
    MD5: 2FE253973433442C2CB234FB2BC4BF29

    --- Browser helper object list ---
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Aide pour le lien d'Adobe PDF Reader
    description: Adobe Acrobat reader
    classification: Legitimate
    known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
    info link: https://get2.adobe.com/reader/otherversions/
    info source: TonyKlein
    Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
    Long name: AcroIEHelper.dll
    Short name: ACROIE~1.DLL
    Date (created): 22/10/2006 23:08:42
    Date (last access): 19/11/2008 22:49:40
    Date (last write): 22/10/2006 23:08:42
    Filesize: 62080
    Attributes: archive
    MD5: C11F6A1F61481E24BE3FDC06EA6F7D2A
    CRC32: E388508F
    Version: 8.0.0.456

    {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Spybot-S&D IE Protection
    description: Spybot-S&D IE Browser plugin
    classification: Legitimate
    known filename: SDhelper.dll
    info link: http://spybot.eon.net.au/
    info source: Patrick M. Kolla
    Path: C:\Program Files\Spybot - Search & Destroy\
    Long name: SDHelper.dll
    Short name:
    Date (created): 04/01/2009 11:33:02
    Date (last access): 04/01/2009 11:33:02
    Date (last write): 07/07/2008 09:41:58
    Filesize: 1562448
    Attributes: archive
    MD5: 32981ADE44D01EC2A9EBC2E311291707
    CRC32: C2F522E6
    Version: 1.6.0.12

    {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} (NCO 2.0 IE BHO)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: NCO 2.0 IE BHO
    CLSID name:
    Path: C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\
    Long name: CoIEPlg.dll
    Short name:
    Date (created): 25/09/2008 15:24:04
    Date (last access): 25/09/2008 15:24:04
    Date (last write): 30/06/2008 07:44:04
    Filesize: 349552
    Attributes: archive
    MD5: 3063C05D9CA51D9BB47830BD04A19766
    CRC32: CBCA0ED1
    Version: 2008.2.7.7

    {6D53EC84-6AAE-4787-AEEE-F4628F01010C} (Symantec Intrusion Prevention)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: Symantec Intrusion Prevention
    CLSID name: Symantec Intrusion Prevention
    Path: C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\
    Long name: IPSBHO.dll
    Short name:
    Date (created): 20/09/2008 09:35:54
    Date (last access): 20/09/2008 09:35:54
    Date (last write): 20/09/2008 09:35:54
    Filesize: 116088
    Attributes: archive
    MD5: 317FC88BDD45DD92A4A8A6C1F7963EF3
    CRC32: 00F465C4
    Version: 8.2.0.81

    {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} (Search Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: Search Helper
    CLSID name: Search Helper
    Path: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\
    Long name: SearchHelper.dll
    Short name: SEARCH~1.DLL
    Date (created): 04/12/2008 15:59:06
    Date (last access): 17/12/2008 14:54:26
    Date (last write): 04/12/2008 15:59:06
    Filesize: 92504
    Attributes: archive
    MD5: C5700CD3293E88BE85C73ECCCE772E9E
    CRC32: 4005D5F1
    Version: 1.2.118.0

    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (Java(tm) Plug-In SSV Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Java(tm) Plug-In SSV Helper
    Path: C:\Program Files\Java\jre6\bin\
    Long name: ssv.dll
    Short name:
    Date (created): 17/12/2008 01:33:46
    Date (last access): 17/12/2008 01:33:46
    Date (last write): 17/12/2008 01:33:46
    Filesize: 320920
    Attributes: archive
    MD5: 35E6FB6E6003BD54A5D69C9C1C762192
    CRC32: 9699660C
    Version: 6.0.110.3

    {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name:

    {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Programme d'aide de l'Assistant de connexion Windows Live
    Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
    Long name: WindowsLiveLogin.dll
    Short name: WINDOW~1.DLL
    Date (created): 18/11/2008 13:47:06
    Date (last access): 17/12/2008 14:47:26
    Date (last write): 18/11/2008 13:47:06
    Filesize: 408952
    Attributes: archive
    MD5: 4B9CBC54FA3A846649F59BC185DF63DF
    CRC32: 0402898F
    Version: 5.0.817.1

    {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Google Toolbar Helper
    description: Google toolbar
    classification: Open for discussion
    known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
    info link: http://www.google.com/intl/fr/toolbar/ie/index.html
    info source: TonyKlein
    Path: c:\program files\google\
    Long name: GoogleToolbar2.dll
    Short name: GOOGLE~2.DLL
    Date (created): 09/10/2008 08:41:02
    Date (last access): 09/10/2008 08:41:02
    Date (last write): 09/10/2008 08:41:02
    Filesize: 2436160
    Attributes: readonly archive
    MD5: 6D44E0C3B43D27484FBB355E470C4188
    CRC32: 2DE875CD
    Version: 4.0.1601.4978

    {DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Java(tm) Plug-In 2 SSV Helper
    Path: C:\Program Files\Java\jre6\bin\
    Long name: jp2ssv.dll
    Short name:
    Date (created): 17/12/2008 01:33:44
    Date (last access): 17/12/2008 01:33:44
    Date (last write): 17/12/2008 01:33:44
    Filesize: 34816
    Attributes: archive
    MD5: 5D57FD3DF32DC69CEC3D1D54B4C43162
    CRC32: D7C13FB2
    Version: 6.0.110.3

    {DF21F1DB-80C6-11D3-9483-B03D0EC10000} (VeriSoft Access Manager)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: VeriSoft Access Manager
    CLSID name: VeriSoft Access Manager
    Path: c:\Program Files\Bioscrypt\VeriSoft\Bin\
    Long name: ItIEAddIn.dll
    Short name: ITIEAD~1.DLL
    Date (created): 21/11/2006 15:59:00
    Date (last access): 20/10/2007 10:26:04
    Date (last write): 21/11/2006 15:59:00
    Filesize: 71192
    Attributes: readonly archive
    MD5: CF8735D4E3E58C9C609074BEC00FD260
    CRC32: 93D11BD8
    Version: 2.1.0.78

    {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} (Windows Live Toolbar Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Windows Live Toolbar Helper
    Path: C:\Program Files\Windows Live\Toolbar\
    Long name: wltcore.dll
    Short name:
    Date (created): 08/12/2008 17:01:58
    Date (last access): 17/12/2008 14:55:02
    Date (last write): 08/12/2008 17:01:58
    Filesize: 1067352
    Attributes: archive
    MD5: 4DC993F947CA0E46DAF3260D78BC9A60
    CRC32: E16D1FE7
    Version: 14.0.8052.1208

    --- ActiveX list ---
    {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control)
    DPF name:
    CLSID name: Facebook Photo Uploader 5 Control
    Installer: C:\Windows\Downloaded Program Files\PhotoUploader5.inf
    Codebase: http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    Path: C:\Windows\Downloaded Program Files\
    Long name: PhotoUploader5.ocx
    Short name: PHOTOU~1.OCX
    Date (created): 10/10/2008 15:44:58
    Date (last access): 10/10/2008 15:44:58
    Date (last write): 10/10/2008 15:44:58
    Filesize: 3536384
    Attributes: archive
    MD5: 3F703EC5DB5638C08008132A78430136
    CRC32: AB0E6745
    Version: 5.5.8.0

    {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object)
    DPF name:
    CLSID name: CKAVWebScan Object
    Installer: C:\Windows\Downloaded Program Files\kavwebscan.inf
    Codebase: https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    Path: C:\Windows\system32\Kaspersky Lab\Kaspersky Online Scanner\
    Long name: kavwebscan.dll
    Short name: KAVWEB~1.DLL
    Date (created): 13/08/2008 15:03:26
    Date (last access): 13/08/2008 15:03:26
    Date (last write): 13/08/2008 15:03:26
    Filesize: 798720
    Attributes: archive
    MD5: 7719560C8F3D21518B683C186140EEB3
    CRC32: 0BB88B7D
    Version: 5.0.84.2

    {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class)
    DPF name:
    CLSID name: ActiveScan 2.0 Installer Class
    Installer: C:\Windows\Downloaded Program Files\as2stubie.inf
    Codebase: http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    Path: C:\Windows\Downloaded Program Files\
    Long name: as2stubie.dll
    Short name: AS2STU~1.DLL
    Date (created): 30/06/2008 10:39:58
    Date (last access): 30/06/2008 10:39:58
    Date (last write): 30/06/2008 10:39:58
    Filesize: 128256
    Attributes: archive
    MD5: BB482DD127289F0FAD474610F5A4C3E3
    CRC32: 1CF0CB03
    Version: 1.0.0.10

    {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control)
    DPF name:
    CLSID name: OnlineScanner Control
    Installer: C:\Windows\Downloaded Program Files\OnlineScanner.inf
    Codebase: https://www.eset.com/
    Path: C:\Windows\system32\
    Long name: OnlineScanner.ocx
    Short name: ONLINE~1.OCX
    Date (created): 11/02/2008 09:40:08
    Date (last access): 11/02/2008 09:40:08
    Date (last write): 11/02/2008 09:40:08
    Filesize: 2715648
    Attributes: archive
    MD5: 8A41731096C2ECD10568DDB8F0F90498
    CRC32: 5CE9D28A
    Version: 1.0.0.635

    {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control)
    DPF name:
    CLSID name: BDSCANONLINE Control
    Installer: C:\Windows\Downloaded Program Files\oscan8.inf
    Codebase: http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    Path: C:\Windows\DOWNLO~1\
    Long name: oscan8.ocx
    Short name:
    Date (created): 25/10/2007 16:54:18
    Date (last access): 25/10/2007 16:54:18
    Date (last write): 25/10/2007 16:54:18
    Filesize: 471040
    Attributes: archive
    MD5: BC4E154A06C9208EF36669B1B9E5FDAD
    CRC32: DF08A08D
    Version: 1.0.0.1

    {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object)
    DPF name:
    CLSID name: CSEQueryObject Object
    Installer:
    Codebase: http://www.myheritage.fr/Genoogle/Components/ActiveX/SearchEngineQuery.dll
    Path: C:\Windows\Downloaded Program Files\
    Long name: SearchEngineQuery.dll
    Short name: SEARCH~1.DLL
    Date (created): 27/10/2008 20:17:32
    Date (last access): 27/10/2008 20:17:32
    Date (last write): 27/10/2008 20:17:16
    Filesize: 316944
    Attributes: archive
    MD5: A854DE9EEEC572C31C9A6D948E21A76D
    CRC32: B2B8E92A
    Version: 1.0.2.0

    {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_11
    Installer: C:\Windows\Downloaded Program Files\jinstall-6u11.inf
    Codebase: http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1229491750579&h=cc186c807fb4150fc5ccb6c5908406f5/&filename=jinstall-6u11-windows-i586-jc.cab
    description: Sun Java
    classification: Legitimate
    known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
    info link:
    info source: Patrick M. Kolla
    Path: C:\Program Files\Java\jre6\bin\
    Long name: jp2iexp.dll
    Short name:
    Date (created): 17/12/2008 01:33:44
    Date (last access): 17/12/2008 01:33:44
    Date (last write): 17/12/2008 01:33:44
    Filesize: 94208
    Attributes: archive
    MD5: 3DA696FCE470365F830726A5DB33733F
    CRC32: F0FC81C2
    Version: 6.0.110.3

    {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
    DPF name:
    CLSID name:
    Installer: C:\Windows\Downloaded Program Files\erma.inf
    Codebase: http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

    {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component)
    DPF name:
    CLSID name: Lycos File Upload Component
    Installer: C:\Windows\Downloaded Program Files\FileUploader.inf
    Codebase: http://f008.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
    Path: C:\Windows\Downloaded Program Files\
    Long name: FileUploader.dll
    Short name: FILEUP~1.DLL
    Date (created): 06/02/2008 16:33:10
    Date (last access): 06/02/2008 16:33:10
    Date (last write): 06/02/2008 16:33:10
    Filesize: 155648
    Attributes: archive
    MD5: 521EF304FF44D62781D9B9707372989E
    CRC32: BE279149
    Version: 2.0.0.4

    {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    Path: C:\Program Files\Java\jre6\bin\
    Long name: jp2iexp.dll
    Short name:
    Date (created): 17/12/2008 01:33:44
    Date (last access): 17/12/2008 01:33:44
    Date (last write): 17/12/2008 01:33:44
    Filesize: 94208
    Attributes: archive
    MD5: 3DA696FCE470365F830726A5DB33733F
    CRC32: F0FC81C2
    Version: 6.0.110.3

    {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_11
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    Path: C:\Program Files\Java\jre6\bin\
    Long name: jp2iexp.dll
    Short name:
    Date (created): 17/12/2008 01:33:44
    Date (last access): 17/12/2008 01:33:44
    Date (last write): 17/12/2008 01:33:44
    Filesize: 94208
    Attributes: archive
    MD5: 3DA696FCE470365F830726A5DB33733F
    CRC32: F0FC81C2
    Version: 6.0.110.3

    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_11
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    Path: C:\Program Files\Java\jre6\bin\
    Long name: npjpi160_11.dll
    Short name: NPJPI1~1.DLL
    Date (created): 17/12/2008 01:33:46
    Date (last access): 17/12/2008 01:33:46
    Date (last write): 17/12/2008 01:33:46
    Filesize: 132504
    Attributes: archive
    MD5: D400116F6776ACB6EDB6B1F5EEB9F92D
    CRC32: CECB5751
    Version: 6.0.110.3

    --- Process list ---
    PID: 2760 (1080) C:\Windows\system32\Dwm.exe
    size: 83456
    MD5: E87B968F3D49117445893EB0503FE34F
    PID: 2772 ( 868) c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
    size: 65536
    MD5: 3F91D1056D2CEBEF374BE0E55428190A
    PID: 2820 (2732) C:\Windows\Explorer.EXE
    size: 2923520
    MD5: 37440D09DEAE0B672A04DCCF7ABF06BE
    PID: 2884 (1104) C:\Windows\system32\taskeng.exe
    size: 166400
    MD5: 1226E9FAE5B8508801EC974E3C9D9C14
    PID: 3804 (2820) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    size: 729088
    MD5: 04870A30820F902AAB828317C3B5E897
    PID: 892 (2820) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    size: 1045800
    MD5: 62B3C9786081ECAAB272A118408D2817
    PID: 3144 (2820) C:\Windows\RtHDVCpl.exe
    size: 4390912
    MD5: 6F77B5BA086729378197CAA18DBDCB29
    PID: 2248 (2820) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    size: 174872
    MD5: C7C70AE1DE8F0FCC8F2431C5D15632DF
    PID: 3684 (2820) C:\Program Files\HP\QuickPlay\QPService.exe
    size: 176128
    MD5: 041AF1711BF3D6BFF12FD9D28F0AC303
    PID: 3944 (2820) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    size: 159744
    MD5: A04BE1DBBA0E554B2F33555CCBA5F969
    PID: 2532 (2820) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    size: 472776
    MD5: AF849798ECA383184C88ED436CF3EFB2
    PID: 2976 (2820) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    size: 317128
    MD5: F533507FE318B46629E84DF630A316F8
    PID: 3692 (2820) C:\Program Files\Java\jre6\bin\jusched.exe
    size: 136600
    MD5: B98FFA8288EFAABC436C30D198608345
    PID: 1524 (1324) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    size: 149352
    MD5: 2F237AAB91497AAA03AF48EAE68758FC
    PID: 1332 (2820) C:\Windows\WindowsMobile\wmdSync.exe
    size: 215552
    MD5: 4AB05041D5C922B9A7A5D9059F5538CD
    PID: 2320 (2820) C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe
    size: 484648
    MD5: FC33E89D61BCA700AEC36A3D977135E9
    PID: 2680 (2820) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    size: 54840
    MD5: 21293443961A4E2597453EE7A9347F22
    PID: 3764 (2820) C:\Program Files\Hercules\Audio\DJ Console Series\Mk2\HDJ2CPL.exe
    size: 218664
    MD5: FEF91C7E13AF76CB1EE2EB61AE77C2CD
    PID: 2208 (2820) C:\Windows\System32\rundll32.exe
    size: 44544
    MD5: 4B555106290BD117334E9A08761C035A
    PID: 668 (2820) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    size: 266497
    MD5: 6E812818306D460D62B4ABEA9FDC6679
    PID: 1640 (2820) C:\Program Files\Windows Sidebar\sidebar.exe
    size: 1232896
    MD5: 582F3A0BA61D8F0D50C66B592808B6D6
    PID: 1616 (2820) C:\Windows\ehome\ehtray.exe
    size: 125440
    MD5: 2E0953919779A44BF9DFB7B07C58535A
    PID: 1244 (2820) C:\Program Files\Windows Media Player\wmpnscfg.exe
    size: 201728
    MD5: 20EF9002CFF89C4C1077E4415EC7297B
    PID: 2216 (2820) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    size: 719664
    MD5: 13C4E87CF239C73F6DDF64D14FF2480D
    PID: 2176 (2820) C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    size: 74308
    MD5: A6455ADF66EE2FDD53B81AAE74F40C4C
    PID: 2568 (2820) C:\Program Files\WinZip\WZQKPICK.EXE
    size: 106560
    MD5: 2FE253973433442C2CB234FB2BC4BF29
    PID: 2668 ( 868) C:\Windows\ehome\ehmsas.exe
    size: 37376
    MD5: 693E4C15CEE5D6487D7913A2701B5E40
    PID: 4104 ( 868) C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    size: 677576
    MD5: 241B74792CC295DFDCB7940BBF52B226
    PID: 5916 ( 868) C:\Windows\System32\mobsync.exe
    size: 95232
    MD5: 9C632DC0F1B6D79B05F46A4A5349CEF4
    PID: 6052 ( 868) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    size: 1600304
    MD5: 36EF7773F00E940A6E1FE753DA619080
    PID: 5392 (1348) C:\Program Files\Internet Explorer\IEUser.exe
    size: 301568
    MD5: CC3BC04443E65FEB28B5A043420610BA
    PID: 2844 ( 868) C:\Program Files\Windows Live\Toolbar\wltuser.exe
    size: 224600
    MD5: A29E6A21171B933348EB1FEAB2FF1D73
    PID: 2836 (5048) C:\Program Files\Internet Explorer\iexplore.exe
    size: 634024
    MD5: D762642A109433EEDCD332B0A9511137
    PID: 5100 (1168) C:\Windows\system32\Taskmgr.exe
    size: 163840
    MD5: D826545F1051D3675E7FC8AA27858C97
    PID: 4528 (5756) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    size: 4891472
    MD5: 3B1B5D09D3C9C4CD39D4DB06ED7A0855
    PID: 3928 (5756) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    size: 2156368
    MD5: 08FC1FAD357F053043016597B6559BDC
    PID: 2172 (3128) C:\Windows\system32\conime.exe
    size: 68608
    MD5: 05CB3DA78A4BBD9B799A5957F9D101CC
    PID: 1580 (4528) C:\Windows\hh.exe
    size: 14848
    MD5: 7C06CED2F7B9272A126D53A2A9F52AC0
    PID: 0 ( 0) [System Process]
    PID: 4 ( 0) System
    PID: 480 ( 4) smss.exe
    size: 62976
    PID: 604 ( 592) csrss.exe
    size: 7680
    PID: 652 ( 592) wininit.exe
    size: 95744
    PID: 664 ( 644) csrss.exe
    size: 7680
    PID: 696 ( 652) services.exe
    size: 279552
    PID: 708 ( 652) lsass.exe
    size: 7680
    PID: 716 ( 652) lsm.exe
    size: 210944
    PID: 868 ( 696) svchost.exe
    size: 22016
    PID: 908 ( 696) svchost.exe
    size: 22016
    PID: 936 ( 696) nvvsvc.exe
    size: 203296
    PID: 964 ( 696) svchost.exe
    size: 22016
    PID: 1000 ( 696) svchost.exe
    size: 22016
    PID: 1048 ( 696) svchost.exe
    size: 22016
    PID: 1080 ( 696) svchost.exe
    size: 22016
    PID: 1104 ( 696) svchost.exe
    size: 22016
    PID: 1168 ( 644) winlogon.exe
    size: 308224
    PID: 1228 (1048) audiodg.exe
    size: 88064
    PID: 1248 ( 696) svchost.exe
    size: 22016
    PID: 1264 ( 696) SLsvc.exe
    size: 2605568
    PID: 1292 ( 696) svchost.exe
    size: 22016
    PID: 1428 ( 696) svchost.exe
    size: 22016
    PID: 1684 ( 936) rundll32.exe
    size: 44544
    PID: 1724 ( 696) spoolsv.exe
    size: 124928
    PID: 1768 ( 696) CCSVCHST.EXE
    PID: 2012 ( 696) sched.exe
    PID: 492 ( 696) svchost.exe
    size: 22016
    PID: 3200 ( 696) avguard.exe
    PID: 3212 ( 696) svchost.exe
    size: 22016
    PID: 3224 ( 696) CLCapSvc.exe
    PID: 3428 ( 696) HerculesDJControlMP3.EXE
    PID: 3544 ( 696) IAANTmon.exe
    PID: 3604 ( 696) LSSrvc.exe
    PID: 3632 ( 696) sqlservr.exe
    PID: 3844 ( 696) svchost.exe
    size: 22016
    PID: 3856 ( 696) SeaPort.exe
    PID: 3900 ( 696) svchost.exe
    size: 22016
    PID: 3936 ( 696) svchost.exe
    size: 22016
    PID: 3972 ( 696) SearchIndexer.exe
    size: 287744
    PID: 4036 ( 696) hpqwmiex.exe
    PID: 2452 ( 696) AluSchedulerSvc.exe
    PID: 2716 (1104) taskeng.exe
    size: 166400
    PID: 2728 (1104) taskeng.exe
    size: 166400
    PID: 948 ( 868) WmiPrvSE.exe
    PID: 2828 ( 696) wmpnetwk.exe
    PID: 4400 ( 696) symlcsvc.exe
    PID: 5424 ( 696) svchost.exe
    size: 22016
    PID: 5800 ( 892) SynTPHelper.exe
    PID: 4356 ( 696) HPHC_Service.exe

    --- Browser start & search pages list ---
    Spybot - Search & Destroy browser pages report, 04/01/2009 12:37:16

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\Windows\system32\blank.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
    http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
    https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
    %SystemRoot%\system32\blank.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
    https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
    https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    https://www.msn.com/fr-fr/?ocid=iehp
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
    https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
    https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm

    --- Winsock Layered Service Provider list ---
    Protocol 0: MSAFD Tcpip [TCP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip [*]

    Protocol 1: MSAFD Tcpip [UDP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip [*]

    Protocol 2: MSAFD Tcpip [RAW/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip [*]

    Protocol 3: MSAFD Tcpip [TCP/IPv6]
    GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IPv6 protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip [*]

    Protocol 4: MSAFD Tcpip [UDP/IPv6]
    GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IPv6 protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip [*]

    Protocol 5: MSAFD Tcpip [RAW/IPv6]
    GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IPv6 protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip [*]

    Protocol 6: Fournisseur de services RSVP TCPv6
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 7: Fournisseur de services RSVP TCP
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 8: Fournisseur de services RSVP UDPv6
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 9: Fournisseur de services RSVP UDP
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 10: MSAFD RfComm [Bluetooth]
    GUID: {9FC48064-7298-43E4-B7BD-181F2089792A}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Bluetooth
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD RfComm [Bluetooth]

    Protocol 11: MSAFD Irda [IrDA]
    GUID: {3972523D-2AF1-11D1-B655-00805F3642CC}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Infrared protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Irda [IrDA]

    Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{708E1A90-9F0D-4160-846B-C059798263FB}] SEQPACKET 4
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{708E1A90-9F0D-4160-846B-C059798263FB}] DATAGRAM 4
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2879C839-F6A2-4F07-BE34-EF9C51453D1B}] SEQPACKET 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2879C839-F6A2-4F07-BE34-EF9C51453D1B}] DATAGRAM 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5A062821-6072-4DFB-B979-369CBABAB818}] SEQPACKET 2
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5A062821-6072-4DFB-B979-369CBABAB818}] DATAGRAM 2
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{708E1A90-9F0D-4160-846B-C059798263FB}] SEQPACKET 5
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{708E1A90-9F0D-4160-846B-C059798263FB}] DATAGRAM 5
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{2879C839-F6A2-4F07-BE34-EF9C51453D1B}] SEQPACKET 1
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{2879C839-F6A2-4F07-BE34-EF9C51453D1B}] DATAGRAM 1
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{5A062821-6072-4DFB-B979-369CBABAB818}] SEQPACKET 3
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{5A062821-6072-4DFB-B979-369CBABAB818}] DATAGRAM 3
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Namespace Provider 0: Espace de noms NLAv1 (Network Location Awareness Legacy)
    GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
    Filename:
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: NLA-Namespace

    Namespace Provider 1: TCP/IP
    GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
    Filename:
    Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: TCP/IP

    Namespace Provider 2: NTDS
    GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
    Filename: %SystemRoot%\System32\winrnr.dll
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\winrnr.dll
    DB protocol: NTDS

    Namespace Provider 3: Fournisseur Shim d'affectation de noms de messagerie
    GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
    Filename:

    Namespace Provider 4: Fournisseur d'espace de noms du nuage PNRP
    GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
    Filename:

    Namespace Provider 5: Fournisseur d'espace de noms du nom PNRP
    GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
    Filename:

    Namespace Provider 6: Espace de noms Bluetooth
    GUID: {06AA63E0-7D60-41FF-AFB2-3EE6D2D9392D}
    Filename: %SystemRoot%\system32\wshbth.dll
    Description: Bluetooth
    DB filename: %SystemRoot%\system32\wshbth.dll
    DB protocol: Bluetooth-Namespace

    --- Uninstall list ---

    --- System Services ---
    Service (registry key): .NET CLR Data
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): .NET CLR Networking
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): .NET Data Provider for Oracle
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): .NET Data Provider for SqlServer
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): .NETFramework
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): ACPI
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Pilote ACPI Microsoft
    Image path: system32\drivers\acpi.sys
    Image size: 258232
    Image MD5: 84FC6DF81212D16BE5C4F441682FECCC
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 3

    Service (registry key): adp94xx
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\adp94xx.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): adpahci
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\adpahci.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): adpu160m
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\adpu160m.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): adpu320
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\adpu320.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): adsi
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): AeLookupSvc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\aelupsvc.dll,-1
    Description: @%SystemRoot%\system32\aelupsvc.dll,-2
    Object name: localSystem
    Image path: %systemroot%\system32\svchost.exe -k netsvcs
    Image size: 22016
    Image MD5: 10DA15933D582D2FEDCF705EFE394B09
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1

    Service (registry key): AFD
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Ancilliary Function Driver for Winsock
    Description: Ancilliary Function Driver for Winsock
    Image path: \SystemRoot\system32\drivers\afd.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): agp440
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Intel AGP Bus Filter
    Image path: \SystemRoot\system32\drivers\agp440.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): aic78xx
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\djsvs.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): ALG
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\Alg.exe,-112
    Description: @%SystemRoot%\system32\Alg.exe,-113
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\alg.exe
    Image size: 58880
    Image MD5: E69FB0E3112C40FDC0EF7D21A52DC951
    Control Set: CurrentControlSet
    Start: 3
    Type: 16
    Error Control: 1

    Service (registry key): aliide
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\aliide.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 3

    Service (registry key): amdagp
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: AMD AGP Bus Filter Driver
    Image path: \SystemRoot\system32\drivers\amdagp.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): amdide
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\amdide.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 3

    Service (registry key): AmdK7
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: AMD K7 Processor Driver
    Image path: \SystemRoot\system32\drivers\amdk7.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): AmdK8
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: AMD K8 Processor Driver
    Image path: \SystemRoot\system32\drivers\amdk8.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): AntiVirScheduler
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Planificateur Avira AntiVir Personal - Free Antivirus
    Description: Service de commande des tâches de contrôle et mises à jour Avira AntiVir Personal - Free Antivirus.
    Object name: LocalSystem
    Image path: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"
    Image size: 68865
    Image MD5: D6C8942BEA3698A2E7559BD423BFA5D7
    Control Set: CurrentControlSet
    Start: 2
    Type: 16
    Error Control: 1

    Service (registry key): AntiVirService
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Avira AntiVir Personal - Free Antivirus Guard
    Description: Offre une protection permanente contre les virus et les logiciels malveillants grâce au moteur de recherche AntiVir.
    Object name: LocalSystem
    Image path: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"
    Image size: 151297
    Image MD5: 335A142923FE7F97E8C8388ACD067568
    Control Set: CurrentControlSet
    Start: 2
    Type: 16
    Error Control: 1

    Service (registry key): Appinfo
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%systemroot%\system32\appinfo.dll,-100
    Description: @%systemroot%\system32\appinfo.dll,-101
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 22016
    Image MD5: 10DA15933D582D2FEDCF705EFE394B09
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: RpcSs,ProfSvc

    Service (registry key): AppMgmt
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 22016
    Image MD5: 10DA15933D582D2FEDCF705EFE394B09
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): arc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\arc.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): arcsas
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\arcsas.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): ASAPIW2K
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: ASAPIW2K
    Image path: System32\Drivers\ASAPIW2K.sys
    Image size: 11264
    Image MD5: 4F9CBBF95E8F7A0D4C0EDCFE3B78102E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): ASBroker
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Courtier de session de connexion
    Description: Service d'intégration du client VeriSoft.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k Cognizance
    Image size: 22016
    Image MD5: 10DA15933D582D2FEDCF705EFE394B09
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1

    Service (registry key): ASChannel
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Canal de communication local
    Description: Fournit des fonctionnalités de serveur de bureau VeriSoft local.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k Cognizance
    Image size: 22016
    Image MD5: 10DA15933D582D2FEDCF705EFE394B09
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1

    Service
    0
  6. pandax27 Messages postés 38 Statut Membre 1
     
    Ok pas de souci, je t'envoi le rapport de mbam :

    Malwarebytes' Anti-Malware 1.31
    Version de la base de données: 1597
    Windows 6.0.6000

    04/01/2009 13:33:53
    mbam-log-2009-01-04 (13-33-33).txt

    Type de recherche: Examen rapide
    Eléments examinés: 55070
    Temps écoulé: 3 minute(s), 0 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 2

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\Windows\System32\~.tmp (Trojan.Agent) -> No action taken.
    C:\Users\PANDA\AppData\Roaming\REX Shared Library.dll (Trojan.Lop.H) -> No action taken.
    0
  7. ezekielo
     
    il les a trouv fait suprimé et dit moi si ca change
    0
  8. pandax27 Messages postés 38 Statut Membre 1
     
    ok meci je vais essayer mais je ne les vois pas dans le menu quarantaine de mbam.
    0
  9. ezekielo
     
    si tu les suprime il ni seron pas dans la mise an quarantaine
    0
  10. pandax27 Messages postés 38 Statut Membre 1
     
    J'ai refais une analyse avec mbam qui m'a redonné les 2 fichiers infectés puis je les ais supprimé. J'ai redemarré l'ordi.
    Enfin j'ai refais une dernière analyse avec mbam qui ne trouve plus de problèmes.
    Par contre, la barre d'outils et de taches ainsi que le menu demarrer restent bloqués (ils refonctionnent un instant si je relance explorer.exe dans les processus du planificateur de taches). Et le processeur turbine toujours trop.
    Quand est-il du w32/xor detecté par panda security?
    Enfin, j'ai fait en parallèle une analyse avec avira qui me place des fichiers infectés en quarantaine. Est-ce que je dois aussi les supprimer?
    Merci de ta patience.
    0
  11. ezekielo
     
    oui il fau suprimé tout ce qui et en quarentaine
    0
  12. pandax27 Messages postés 38 Statut Membre 1
     
    ok merci, j'ai effacé tout ce que avira et mbma me trouvais. J'ai refais tous les scan avec norton, avira, spybot et mbam qui n'ont rien trouvé puis j'ai executé ccleaner et enfin j'ai redemarré. Pour l'instant ma barre windows remarche mais le processeur reste tjrs à 50% mnimum. J'ai verifié dans le planificateur de taches et c'est explorer.exe de windows explorer qui pompe les 50%. Pense-tu que je peux corriger çà?
    En attendant je refais le scan avec activescan2.0 de panda security pour cette nuit, car c'est le seul qui me trouve ce maudit w32/xor
    Je te donne les resultats de ce scan demain. buona notte
    0
  13. pandax27 Messages postés 38 Statut Membre 1
     
    Dernières nouvelles : windows explorer plante toujours,tout est désinfecté à part activescan qui trouve toujours ce putain de w32/xor.encoded.a et m'annonce qu'il ne peut pas le desinfecter. Existe-t-il un moyen de m'en débarrasser? Voici le scan :

    ;***********************************************************************************************************************************************************************************
    ANALYSIS: 2009-01-05 02:11:17
    PROTECTIONS: 3
    MALWARE: 5
    SUSPECTS: 0
    ;***********************************************************************************************************************************************************************************
    PROTECTIONS
    Description Version Active Updated
    ;===================================================================================================================================================================================
    Windows Defender 1.1.4205.0 No Yes
    Norton 360 8.2.0.81 No No
    Norton Antivirus Internet Security 2008 No No
    ;===================================================================================================================================================================================
    MALWARE
    Id Description Type Active Severity Disinfectable Disinfected Location
    ;===================================================================================================================================================================================
    00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\PANDA\AppData\Roaming\Microsoft\Windows\Cookies\Low\panda@doubleclick[1].txt
    00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\PANDA\AppData\Roaming\Microsoft\Windows\Cookies\Low\panda@xiti[1].txt
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\PANDA\AppData\Roaming\Microsoft\Windows\Cookies\Low\panda@ad.yieldmanager[1].txt
    00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\PANDA\AppData\Roaming\Microsoft\Windows\Cookies\Low\panda@bluestreak[1].txt
    03009106 W32/Xor-encoded.A Virus No 0 No No C:\Users\PANDA\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0cec6dcf\Report.cab[ecwaosw.exe.xor]
    ;===================================================================================================================================================================================
    SUSPECTS
    Sent Location }�mh�� C5
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================
    VULNERABILITIES
    Id Severity Description }�mh�� C5
    ;===================================================================================================================================================================================
    184379 MEDIUM MS08-001 }�mh�� C5
    182048 HIGH MS07-069 }�mh�� C5
    182043 HIGH MS07-064 }�mh�� C5
    176382 HIGH MS07-057 }�mh�� C5
    170906 HIGH MS07-045 }�mh�� C5
    164913 HIGH MS07-033 }�mh�� C5
    160623 HIGH MS07-027 }�mh�� C5
    ;===================================================================================================================================================================================
    0
  14. chimay8 Messages postés 7947 Statut Contributeur sécurité 60
     
    Bonjour,

    - Télécharge TrendMicro™ HijackThis™ de Merijn(prog de diagnostic) sur ton bureau.
    - Cette version est sans installateur! ( Zip à décompresser )
    - Enregistre le sur ton bureau.

    -A l'installation,
    ****Place le dans son répertoire par défaut, c'est à dire : C:\program files***

    installer hijackthis correctement:
    https://forums.cnetfrance.fr

    *** Ferme toute les fenêtres ouvertes , et déconnecte toi du web***

    - Double-clique dessus
    - Génère un rapport en suivant ces indications :
    - Exécute le et clique sur "Do a scan and save log file".
    - Le rapport s'ouvre sur le Bloc-Note.
    - Colle le rapport ici, pour cela :
    - Menu Edition / Selectionner Tout
    - Menu Edition / copier
    - Ici dans un nouveau message : clic droit / coller
    - ** ne pas fixer de lignes sans notre avis **
    Aide : N'hésite pas à consulter l'aide HiJackThis de Malekal_morte
    En image
    0
  15. pandax27 Messages postés 38 Statut Membre 1
     
    Merci chimay8,
    Voici le rapport de HIJACK :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:24:26, on 05/01/2009
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16764)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Windows\WindowsMobile\wmdSync.exe
    C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Hercules\Audio\DJ Console Series\Mk2\HDJ2CPL.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Program Files\Internet Explorer\IEUser.exe
    C:\Windows\Explorer.exe
    C:\Users\PANDA\Desktop\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
    O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
    O4 - HKLM\..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [DJ Console Mk2] C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe -hide
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.fr/Genoogle/Components/ActiveX/SearchEngineQuery.dll
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1229491750579&h=cc186c807fb4150fc5ccb6c5908406f5/&filename=jinstall-6u11-windows-i586-jc.cab
    O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f008.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
    O20 - AppInit_DLLs: APSHook.dll
    O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Hercules DJ Control MP3 (HerculesDJControlMP3) - Unknown owner - C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    0
  16. chimay8 Messages postés 7947 Statut Contributeur sécurité 60
     
    bon,le log ne montre pas d'infections

    par contre MBAM montre un truc(lop)

    Télécharge LOP S&D de Eric71.
    https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

    Double-clique dessus pour lancer l'installation.
    Double-clique sur le raccourci Lop S&D présent sur ton bureau.
    Séléctionne la langue souhaitée, puis choisis l'Option 1 ( Recherche )
    Patiente jusqu'à la fin du scan.
    Poste le rapport généré ( Il se trouve ici: C:\lopR.txt )

    Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr , choisis l' onglet Fichier , puis clique sur Nouvelle tâche; tape alors explorer.exe et valide.

    0
    1. pandax27 Messages postés 38 Statut Membre 1
       
      J'ai fait le scan que tu m'as indiqué. Il faut que tu saches qu'entre temps j'ai éliminé les 2 troyens montrés par mbam avc avira. Voici le scan :


      --------------------\\ Lop S&D 4.2.5-0 XP/Vista

      Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
      X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz )
      BIOS : Ver 1.00PARTTBL
      USER : PANDA ( Administrator )
      BOOT : Normal boot
      Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)
      Firewall : Norton 360 2007 (Activated)
      C:\ (Local Disk) - NTFS - Total:225 Go (Free:42 Go)
      D:\ (Local Disk) - NTFS - Total:7 Go (Free:1 Go)
      E:\ (CD or DVD)

      "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
      Option : [1] ( 05/01/2009|20:18 )

      [ UAC => 1 ]

      --------------------\\ Listing des dossiers dans Local

      [19/11/2008|22:11] C:\Users\PANDA\AppData\Local\Adobe
      [20/10/2007|10:16] C:\Users\PANDA\AppData\Local\Application Data
      [17/12/2008|14:55] C:\Users\PANDA\AppData\Local\ApplicationHistory
      [20/10/2007|10:28] C:\Users\PANDA\AppData\Local\AtStart.txt
      [29/12/2008|13:01] C:\Users\PANDA\AppData\Local\d3d9caps.dat
      [03/01/2009|22:36] C:\Users\PANDA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      [20/10/2007|10:28] C:\Users\PANDA\AppData\Local\DSwitch.txt
      [22/02/2008|08:39] C:\Users\PANDA\AppData\Local\fusioncache.dat
      [25/12/2008|15:28] C:\Users\PANDA\AppData\Local\GDIPFONTCACHEV1.DAT
      [20/10/2007|10:32] C:\Users\PANDA\AppData\Local\Google
      [20/10/2007|10:16] C:\Users\PANDA\AppData\Local\Historique
      [20/10/2007|12:31] C:\Users\PANDA\AppData\Local\HP
      [05/01/2009|19:34] C:\Users\PANDA\AppData\Local\IconCache.db
      [12/11/2008|08:07] C:\Users\PANDA\AppData\Local\keyfile3.drm
      [01/01/2009|12:30] C:\Users\PANDA\AppData\Local\Microsoft
      [10/02/2008|11:28] C:\Users\PANDA\AppData\Local\Microsoft Games
      [23/11/2008|18:06] C:\Users\PANDA\AppData\Local\Microsoft Help
      [20/11/2008|12:23] C:\Users\PANDA\AppData\Local\MicroVision Applications
      [12/12/2008|14:05] C:\Users\PANDA\AppData\Local\Netlog
      [02/01/2009|21:11] C:\Users\PANDA\AppData\Local\qaiomgi.bat
      [20/10/2007|10:28] C:\Users\PANDA\AppData\Local\QSwitch.txt
      [01/01/2009|15:03] C:\Users\PANDA\AppData\Local\QuickPlay
      [21/02/2008|14:06] C:\Users\PANDA\AppData\Local\rx_image.Cache
      [05/01/2009|20:16] C:\Users\PANDA\AppData\Local\Temp
      [20/10/2007|10:16] C:\Users\PANDA\AppData\Local\Temporary Internet Files
      [20/10/2007|12:32] C:\Users\PANDA\AppData\Local\VirtualStore

      --------------------\\ Tâches planifiées dans C:\Windows\tasks

      [05/01/2009 01:14][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{20513758-25DC-41FB-8D90-34BD3C841772}.job
      [05/01/2009 19:44][--ah-----] C:\Windows\tasks\SA.DAT
      [05/01/2009 19:42][--a------] C:\Windows\tasks\SCHEDLGU.TXT

      --------------------\\ Listing des dossiers dans C:\ProgramData

      [09/10/2008|08:55] C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
      [16/05/2007|23:02] C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
      [19/11/2008|22:49] C:\ProgramData\Adobe
      [20/10/2007|10:13] C:\ProgramData\Application Data
      [04/01/2009|00:23] C:\ProgramData\Avira
      [12/11/2008|20:22] C:\ProgramData\AVS4YOU
      [20/10/2007|10:13] C:\ProgramData\Bureau
      [25/12/2008|15:02] C:\ProgramData\CanonCP
      [21/10/2007|11:25] C:\ProgramData\CyberLink
      [20/10/2007|10:13] C:\ProgramData\Documents
      [14/12/2008|16:33] C:\ProgramData\DVD Shrink
      [31/10/2008|12:31] C:\ProgramData\eMule
      [09/06/2008|08:05] C:\ProgramData\EPSON
      [20/10/2007|10:13] C:\ProgramData\Favoris
      [16/05/2007|23:14] C:\ProgramData\Google
      [16/05/2007|23:38] C:\ProgramData\Hewlett-Packard
      [21/10/2007|11:21] C:\ProgramData\HP
      [04/11/2008|11:35] C:\ProgramData\hpzinstall.log
      [20/09/2008|09:31] C:\ProgramData\LUUnInstall.LiveUpdate
      [02/01/2009|20:45] C:\ProgramData\Malwarebytes
      [20/10/2007|10:13] C:\ProgramData\Menu D‚marrer
      [17/12/2008|14:54] C:\ProgramData\Microsoft
      [11/12/2008|15:33] C:\ProgramData\Microsoft Help
      [20/10/2007|10:13] C:\ProgramData\ModŠles
      [03/01/2009|13:01] C:\ProgramData\ntuser.pol
      [01/01/2009|16:28] C:\ProgramData\NVIDIA
      [05/01/2009|19:44] C:\ProgramData\nvModes.001
      [05/01/2009|19:40] C:\ProgramData\nvModes.dat
      [26/11/2007|17:19] C:\ProgramData\Pinnacle
      [26/11/2007|12:34] C:\ProgramData\Propellerhead Software
      [05/01/2009|13:37] C:\ProgramData\Roxio
      [20/10/2007|12:29] C:\ProgramData\Skype
      [26/10/2008|16:57] C:\ProgramData\Sonic
      [05/01/2009|19:14] C:\ProgramData\Spybot - Search & Destroy
      [28/12/2008|00:46] C:\ProgramData\Symantec
      [01/01/2009|18:54] C:\ProgramData\TEMP
      [01/01/2009|12:11] C:\ProgramData\Ulead Systems
      [23/10/2008|10:40] C:\ProgramData\WLInstaller
      [26/12/2008|20:49] C:\ProgramData\ZoomBrowser

      --------------------\\ Listing des dossiers dans C:\Program Files

      [26/11/2007|12:41] C:\Program Files\Ableton
      [16/05/2007|23:02] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
      [19/11/2008|22:49] C:\Program Files\Adobe
      [01/11/2008|23:07] C:\Program Files\adslTV
      [15/11/2008|19:58] C:\Program Files\Ahead
      [05/09/2008|10:08] C:\Program Files\Algorithmix
      [26/11/2007|18:01] C:\Program Files\ASIO4ALL v2
      [04/01/2009|00:23] C:\Program Files\Avira
      [20/11/2008|20:42] C:\Program Files\AVS4YOU
      [20/10/2007|10:25] C:\Program Files\Bioscrypt
      [31/10/2008|10:34] C:\Program Files\BoontyGames
      [25/12/2008|15:45] C:\Program Files\Canon
      [01/01/2009|18:57] C:\Program Files\CCleaner
      [02/01/2009|21:44] C:\Program Files\Common Files
      [03/12/2007|07:02] C:\Program Files\coolpro2
      [05/11/2008|16:30] C:\Program Files\Disc2Phone
      [18/11/2008|20:44] C:\Program Files\DsNET Corp
      [26/11/2008|10:55] C:\Program Files\DVD Decrypter
      [26/11/2008|12:40] C:\Program Files\DVD Shrink
      [14/04/2008|14:05] C:\Program Files\easetech
      [16/05/2007|23:14] C:\Program Files\EasyBits
      [09/06/2008|08:29] C:\Program Files\EPSON
      [20/10/2007|10:13] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
      [20/10/2007|10:25] C:\Program Files\Fingerprint Sensor
      [05/11/2008|16:30] C:\Program Files\Google
      [17/10/2008|16:36] C:\Program Files\Guillemot
      [03/04/2008|18:47] C:\Program Files\Guitar Pro 5
      [17/10/2008|16:36] C:\Program Files\Hercules
      [01/11/2008|21:49] C:\Program Files\Hewlett-Packard
      [31/10/2008|20:53] C:\Program Files\HP
      [16/05/2007|23:21] C:\Program Files\HPQ
      [28/11/2007|18:40] C:\Program Files\IK Multimedia
      [23/10/2008|01:35] C:\Program Files\Illustrate
      [20/10/2007|12:56] C:\Program Files\Image-Line
      [25/12/2008|15:12] C:\Program Files\InstallShield Installation Information
      [16/05/2007|22:22] C:\Program Files\Intel
      [11/12/2008|15:35] C:\Program Files\Internet Explorer
      [17/12/2008|01:33] C:\Program Files\Java
      [04/01/2009|14:10] C:\Program Files\Malwarebytes' Anti-Malware
      [17/12/2008|14:56] C:\Program Files\Microsoft
      [02/11/2006|08:37] C:\Program Files\Microsoft Games
      [25/02/2008|13:50] C:\Program Files\Microsoft Office
      [17/12/2008|14:55] C:\Program Files\Microsoft Office Outlook Connector
      [17/12/2008|14:56] C:\Program Files\Microsoft Silverlight
      [21/10/2007|16:14] C:\Program Files\Microsoft SQL Server
      [23/10/2008|11:12] C:\Program Files\Microsoft SQL Server Compact Edition
      [17/12/2008|14:54] C:\Program Files\Microsoft Sync Framework
      [05/11/2008|16:30] C:\Program Files\Microsoft Works
      [16/05/2007|23:00] C:\Program Files\Microsoft.NET
      [16/05/2007|22:00] C:\Program Files\Motorola
      [02/11/2006|08:42] C:\Program Files\Movie Maker
      [02/11/2006|08:37] C:\Program Files\MSBuild
      [02/11/2006|08:37] C:\Program Files\MSN
      [18/12/2008|00:13] C:\Program Files\MSN Messenger
      [10/10/2008|08:24] C:\Program Files\MSXML 4.0
      [15/10/2008|10:01] C:\Program Files\Native Instruments
      [04/11/2008|21:13] C:\Program Files\Norton 360
      [01/01/2009|21:31] C:\Program Files\Panda Security
      [10/12/2007|13:46] C:\Program Files\Propellerhead
      [16/05/2007|23:19] C:\Program Files\Realtek
      [02/11/2006|08:37] C:\Program Files\Reference Assemblies
      [16/05/2007|22:42] C:\Program Files\Roxio
      [08/10/2008|18:12] C:\Program Files\ScanSoft
      [16/05/2007|23:15] C:\Program Files\Services en ligne
      [20/10/2007|12:29] C:\Program Files\Skype
      [26/01/2008|20:47] C:\Program Files\Sony
      [21/10/2007|16:11] C:\Program Files\Sony Setup
      [04/01/2009|11:33] C:\Program Files\Spybot - Search & Destroy
      [10/12/2008|22:42] C:\Program Files\Steinberg
      [25/09/2008|15:28] C:\Program Files\Symantec
      [16/05/2007|22:06] C:\Program Files\Synaptics
      [26/11/2007|14:48] C:\Program Files\Syncrosoft
      [02/01/2009|22:02] C:\Program Files\Trend Micro
      [25/12/2008|15:14] C:\Program Files\Ulead Photo Express LE
      [21/10/2007|16:15] C:\Program Files\Uninstall Information
      [05/11/2008|14:50] C:\Program Files\Vidal
      [24/10/2007|16:32] C:\Program Files\VideoLAN
      [09/11/2008|16:43] C:\Program Files\VirtualDJ
      [10/12/2008|21:24] C:\Program Files\VstPlugins
      [20/10/2007|10:26] C:\Program Files\WIDCOMM
      [26/09/2008|14:07] C:\Program Files\Windows Calendar
      [02/11/2006|08:42] C:\Program Files\Windows Collaboration
      [10/10/2008|08:44] C:\Program Files\Windows Defender
      [02/11/2006|08:42] C:\Program Files\Windows Journal
      [17/12/2008|14:55] C:\Program Files\Windows Live
      [23/10/2008|11:15] C:\Program Files\Windows Live Favorites
      [17/12/2008|14:47] C:\Program Files\Windows Live SkyDrive
      [17/12/2008|14:54] C:\Program Files\Windows Live Toolbar
      [11/12/2008|15:35] C:\Program Files\Windows Mail
      [12/12/2008|14:05] C:\Program Files\Windows Media Player
      [20/10/2007|10:13] C:\Program Files\Windows NT
      [02/11/2006|08:42] C:\Program Files\Windows Photo Gallery
      [17/10/2008|10:24] C:\Program Files\Windows Sidebar
      [19/11/2008|12:49] C:\Program Files\WinRAR
      [03/04/2008|19:40] C:\Program Files\WinZip
      [02/04/2008|16:41] C:\Program Files\Worms World Party

      --------------------\\ Listing des dossiers dans C:\Program Files\Common Files

      [19/11/2008|22:49] C:\Program Files\Common Files\Adobe
      [20/11/2008|20:42] C:\Program Files\Common Files\AVSMedia
      [25/12/2008|14:59] C:\Program Files\Common Files\Canon
      [16/05/2007|23:00] C:\Program Files\Common Files\DESIGNER
      [28/11/2007|18:40] C:\Program Files\Common Files\DigiDesign
      [16/05/2007|23:12] C:\Program Files\Common Files\HP
      [16/05/2007|23:20] C:\Program Files\Common Files\InstallShield
      [16/05/2007|23:38] C:\Program Files\Common Files\Java
      [16/05/2007|23:21] C:\Program Files\Common Files\LightScribe
      [17/12/2008|14:47] C:\Program Files\Common Files\microsoft shared
      [16/05/2007|22:41] C:\Program Files\Common Files\Roxio Shared
      [08/10/2008|18:28] C:\Program Files\Common Files\ScanSoft Shared
      [02/11/2006|07:18] C:\Program Files\Common Files\Services
      [16/05/2007|22:40] C:\Program Files\Common Files\Sonic Shared
      [26/01/2008|20:47] C:\Program Files\Common Files\Sony Shared
      [02/11/2006|07:18] C:\Program Files\Common Files\SpeechEngines
      [05/11/2008|16:31] C:\Program Files\Common Files\SureThing Shared
      [31/10/2008|09:38] C:\Program Files\Common Files\Symantec Shared
      [17/12/2008|14:55] C:\Program Files\Common Files\System
      [25/12/2008|15:14] C:\Program Files\Common Files\Ulead Systems
      [17/12/2008|14:03] C:\Program Files\Common Files\Windows Live
      [23/10/2008|10:44] C:\Program Files\Common Files\WindowsLiveInstaller

      --------------------\\ Process

      ( 85 Processes )

      iexplore.exe ~ [PID:4144]

      --------------------\\ Recherche avec S_Lop

      Aucun fichier / dossier Lop trouvé !

      --------------------\\ Recherche de Fichiers / Dossiers Lop

      C:\Users\PANDA\AppData\Local\Temp\stadistic.log

      --------------------\\ Verification du Registre

      ..... OK !

      --------------------\\ Verification du fichier Hosts

      Fichier Hosts PROPRE


      --------------------\\ Recherche de fichiers avec Catchme

      catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-01-05 20:18:33
      Windows 6.0.6000 NTFS
      scanning hidden processes ...
      scanning hidden files ...
      scan completed successfully
      hidden processes: 0
      hidden files: 143

      --------------------\\ Recherche d'autres infections

      --------------------\\ Cracks & Keygens ..

      C:\Users\PANDA\Documents\SON\Programmes son\cool edit pro 20 +crack.zip
      C:\Users\PANDA\Documents\SON\Programmes son\Fl Studio 6.0.8 Crack Aka Fruity Loops All Plugins Unlocked!(Xxl Edition).rar
      C:\Users\PANDA\Documents\SON\Programmes son\Fruity Loops Studio 5 + Crack (full program).rar
      C:\Users\PANDA\Documents\SON\Programmes son\Virtual DJ 3.01 + Crack, Skins, Effects
      C:\Users\PANDA\Documents\SON\Programmes son\Ableton\Presets\Audio Effects\Vinyl Distortion\Crack.adv
      C:\Users\PANDA\Documents\SON\Programmes son\Guitare\Guitar Pro Tabs\F\Faith No More\Faith No More - Crack Hitler.gp3
      C:\Users\PANDA\Documents\SON\Programmes son\Guitare\Guitar Pro Tabs\L\Limp Bizkit\Limp Bizkit - Crack Addict.gp4
      C:\Users\PANDA\Documents\SON\Programmes son\Guitare\Guitar Pro Tabs\P\Pixies\Pixies - Crackity Jones.gp3
      C:\Users\PANDA\Documents\SON\Programmes son\MIDI CONVERTER\Dbpoweramp Music Converter 10.1 All Add-Ons All Codecs Crack-m3Zz
      C:\Users\PANDA\Documents\SON\Programmes son\MIDI CONVERTER\Keygen1.exe
      C:\Users\PANDA\Documents\SON\Programmes son\MIDI CONVERTER\Dbpoweramp Music Converter 10.1 All Add-Ons All Codecs Crack-m3Zz\Add-Ons
      C:\Users\PANDA\Documents\SON\Programmes son\MIDI CONVERTER\Dbpoweramp Music Converter 10.1 All Add-Ons All Codecs Crack-m3Zz\Codecs
      C:\Users\PANDA\Documents\SON\Programmes son\MIDI CONVERTER\Dbpoweramp Music Converter 10.1 All Add-Ons All Codecs Crack-m3Zz\Add-Ons\dbPowerAMP Auxiliary Input Release 3.exe
      C:\Users\PANDA\Documents\SON\Programmes son\MIDI CONVERTER\Dbpoweramp Music Converter 10.1 All Add-Ons All Codecs Crack-m3Zz\Add-Ons\dbPowerAMP File Selector Add-on Release 4b.exe
      C:\Users\PANDA\Documents\SON\Programmes son\MIDI CONVERTER\Dbpoweramp Music Converter 10.1 All Add-Ons All Codecs Crack-m3Zz\Add-Ons\dbPowerAMP Power Pack Release 3.exe
      C:\Users\PANDA\Documents\SON\Programmes son\MIDI CONVERTER\Dbpoweramp Music Converter 10.1 All Add-Ons All Codecs Crack-m3Zz\Add-Ons\dbPowerAMP Skin Designer 4.0.exe
      C:\Users\PANDA\Documents\SON\Programmes son\MIDI CONVERTER\Dbpoweramp Music Converter 10.1 All Add-Ons All Codecs Crack-m3Zz\Add-Ons\dBpowerAMP-codec-Arrange-Music.exe
      C:\Users\PANDA\Documents\SON\Programmes son\MIDI CONVERTER\Dbpoweramp Music Converter 10.1 All Add-Ons All Codecs Crack-m3Zz\Add-Ons\dBpowerAMP-codec-Rename-Extension.exe
      C:\Users\PANDA\Documents\SON\Programmes son\MIDI CONVERTER\Dbpoweramp Music Converter 10.1 All Add-Ons All Codecs Crack-m3Zz\Add-Ons\dBpowerAMP-codec-Tag-From-Filename.exe
      C:\Users\PANDA\Documents\SON\Programmes son\MIDI CONVERTER\Dbpoweramp Music Converter 10.1 All Add-Ons All Codecs Crack-m3Zz\Codecs\dBpowerAMP-codec-VCD.exe
      C:\Users\PANDA\Documents\SON\Programmes son\MIDI CONVERTER\Dbpoweramp Music Converter 10.1 All Add-Ons All Codecs Crack-m3Zz\Codecs\dBpowerAMP-codec-VOC.exe
      C:\Users\PANDA\Documents\SON\Programmes son\MIDI CONVERTER\Dbpoweramp Music Converter 10.1 All Add-Ons All Codecs Crack-m3Zz\Codecs\dBpowerAMP-codec-VQF.exe
      C:\Users\PANDA\Documents\SON\Programmes son\MIDI CONVERTER\Dbpoweramp Music Converter 10.1 All Add-Ons All Codecs Crack-m3Zz\Codecs\dBpowerAMP-codec-VTX.exe
      C:\Users\PANDA\Documents\SON\Programmes son\MIDI CONVERTER\Dbpoweramp Music Converter 10.1 All Add-Ons All Codecs Crack-m3Zz\Codecs\dBpowerAMP-codec-WAVpack.exe
      C:\Users\PANDA\Documents\SON\Programmes son\MIDI CONVERTER\Dbpoweramp Music Converter 10.1 All Add-Ons All Codecs Crack-m3Zz\Codecs\dBpowerAMP-codec-Winamp-Input.exe
      C:\Users\PANDA\Documents\SON\Programmes son\MIDI CONVERTER\Dbpoweramp Music Converter 10.1 All Add-Ons All Codecs Crack-m3Zz\Codecs\dBpowerAMP-codec-WMA-9-Release-1.3b .exe
      C:\Users\PANDA\Documents\SON\Programmes son\Virtual DJ 3.01 + Crack, Skins, Effects\+100VirtualDJSamples-mosconet.com.rar
      C:\Users\PANDA\Documents\SON\Programmes son\Virtual DJ 3.01 + Crack, Skins, Effects\+35VirtualDJSkins-mosconet.com.rar
      C:\Users\PANDA\Documents\SON\Programmes son\Virtual DJ 3.01 + Crack, Skins, Effects\crack to 3.1
      C:\Users\PANDA\Documents\SON\Programmes son\Virtual DJ 3.01 + Crack, Skins, Effects\setup 2.6.exe
      C:\Users\PANDA\Documents\SON\Programmes son\Virtual DJ 3.01 + Crack, Skins, Effects\Steinberg
      C:\Users\PANDA\Documents\SON\Programmes son\Virtual DJ 3.01 + Crack, Skins, Effects\update_virtualdj_v3.0.exe
      C:\Users\PANDA\Documents\SON\Programmes son\Virtual DJ 3.01 + Crack, Skins, Effects\VirtualDJ-Video-Effects-mosconet.com.rar
      C:\Users\PANDA\Documents\SON\Programmes son\Virtual DJ 3.01 + Crack, Skins, Effects\VirtualDJ2.06ACT-mosconet.com.rar
      C:\Users\PANDA\Documents\SON\Programmes son\Virtual DJ 3.01 + Crack, Skins, Effects\virtualdj301act-mosconet.com.rar
      C:\Users\PANDA\Documents\SON\Programmes son\Virtual DJ 3.01 + Crack, Skins, Effects\crack to 3.1\virtualdj.exe
      C:\Users\PANDA\Documents\SON\Programmes son\Virtual DJ 3.01 + Crack, Skins, Effects\Steinberg\Cubase Sx 3.1.1.944 Spanish (2006) & Key H2o Rula Ok.rar
      C:\Users\PANDA\Documents\SON\Programmes son\Virtual DJ 3.01 + Crack, Skins, Effects\Steinberg\Steinberg - Cubase VST PlugIn - Voicemachine v1.0 (DigitalForce).zip
      C:\Users\PANDA\Documents\SON\Programmes son\Virtual DJ 3.01 + Crack, Skins, Effects\Steinberg\Steinberg - Groove Agent 1.0 (Virtual Drummer).rar
      C:\Users\PANDA\Documents\SON\Programmes son\Virtual DJ 3.01 + Crack, Skins, Effects\Steinberg\Steinberg Cubase VST PlugIn - AKAI ACID LOOPS & SAMPLES - Essential Sounds II [Bass, Drums & Percussion].rar
      C:\Users\PANDA\Documents\SON\Programmes son\Virtual DJ 3.01 + Crack, Skins, Effects\Steinberg\Steinberg Cubase Vst Plugin - Akai Virtual Sampler Pro 2.7 - Test Ok - V Usa.zip
      C:\Users\PANDA\Documents\SON\Programmes son\Virtual DJ 3.01 + Crack, Skins, Effects\Steinberg\Steinberg.Cubase.SX.v3.0.2.623-H2O.rar
      C:\Users\PANDA\Documents\SON\Programmes son\Virtual DJ 3.01 + Crack, Skins, Effects\Steinberg\[SOUNDBANKS] VST-Drums-Samples - Native Instruments Battery Kits TAMA Rock Star-EXCELLENT!.rar
      C:\Users\PANDA\Documents\SON\Programmes son\Virtual Dj v2.01 Full + Effects + Skins + Samples + CD VDJTimeCode + ID3-TAG Plug-In [ by DJ Francky ]\Virtual Dj v2.01 Full + Effects + Skins [ by DJ Francky ]\VirtualDJ v2.01 - Crack.exe
      C:\Users\PANDA\Documents\SON\Sound Bank\9000 Drum.MIDI.FILES.loops.and.songs.drum.mid.by LAG\MIDI FILES ( Over 3000 midi files )\RetroFunk\RF Disc B\104_Crackin.mid
      C:\Users\PANDA\Music\HC\mix declic\b2-bryan_fury-crack_the_jewel.mp3
      C:\Users\PANDA\Music\HC\mix declic\Unexist - Crack Whore.mp3
      C:\Users\PANDA\Music\TRIBE\WORLD TRAVELLER ADVENTURES\10-Keshno, Probe 1 & Crackhead Worm -Urban decay.mp3


      [F:33][D:8]-> C:\Users\PANDA\AppData\Local\Temp
      [F:44][D:1]-> C:\Users\PANDA\AppData\Roaming\MICROS~1\Windows\Cookies
      [F:32][D:4]-> C:\Users\PANDA\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
      [F:17][D:6]-> C:\$Recycle.Bin

      1 - "C:\Lop SD\LopR_1.txt" - 05/01/2009|20:20 - Option : [1]

      --------------------\\ Fin du rapport a 20:20:30
      [ UAC => 1 ]
      0
  17. ezekielo
     
    ouvre le programme spy bot, et dans longlé mode choisi avacé, en suit clic sur outi , et démarage systéme, tu ora une liste de programme qui s ative au démarage clic sur les deux fleche qui son a droit sela t afiche des information sur l element clic sur la barre de droite et fait glissé jusquan bas il t afiche si c est un virus si c est le cas fau que tu décoche le petit carré a droit
    0
    1. pandax27 Messages postés 38 Statut Membre 1
       
      Bonsoir ezekielo,

      J'ai fait ce que tu m'as dit sur spybot dans le démarrage systeme. J'ai trouvé un seul élement (le seul surligné en rouge) dont les informations sont :
      Nom du fichier: %WINDIR%/SMINST/launcher
      Description : Spyware component related to DownloadWare and found in Program Files KFH
      Etat base de donnée : Inutile - virus, spyware Malaware ou autres dévoreurs de ressources

      Je l'ai décoché puis redémarer l'ordinateur mais pas d'amelioration visible. Ai-je bien fait de le décocher?
      D'autre part, Spybot m'indiquait d'autres éléments surlignés en jaune qui avait le meme état de base de donnée mais pas une description suspecte.Est- ce que j'aurai dû tous les décocher?
      0
  18. chimay8 Messages postés 7947 Statut Contributeur sécurité 60
     
    Relance LOP S&D

    Choisis cette fois ci l'Option 2 ( Suppression )

    ! Ne ferme pas la fenêtre lors de la suppression !

    Poste le rapport généré ( C:\lopR.txt )

    ( Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr, Onglet Fichier,

    Nouvelle tâche, tape explorer.exe et valide )
    0
  • 1
  • 2
  • 3