rapport hijackthis Fermé

Question

Bonjour,j'ai mon ordinateur qui bug et je sais pas d'ou cela peu venir.En fait des que je suis sur internet il me marque firefox ne répond pas et idem pour IE  et impossible d'activer mon antivirus pourtant j'ai acheté l'antivirus pour 3 ordi et et impossible de le mettre sur mon deuxieme ordi .comment faire pour savoir si j'ai un virus ? je vous met mon rapport hijackthis si ça peu etre utile.merci.  
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:01:50, on 06/03/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Users\patrice\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files (x86)\EoRezo\EoEngine.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Users\patrice\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Users\patrice\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: EoBHO - {C7B76B90-3455-4AE6-A752-EAC4D19689E5} - C:\Program Files (x86)\EoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files (x86)\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\RunOnce: [SoftwareHelper] C:\Users\patrice\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe -runonce
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Outil de notification Live Search.lnk = C:\Users\patrice\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &Search - ?p=ZNxmk762YYFR
O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix: 
O16 - DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} (Google Gadget Control) - http://dl.google.com/dl/desktop/nv/GoogleGadgetPluginIEWin.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32
etlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32
vvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

truecode · Answer

Bonsoir , 

Tu as une toolbar Eorezo on va la supprimer : 

Désactiver sa avant C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

Télécharge http://pagesperso-orange.fr/NosTools/C_XX/AD-R.exe] (de Cyrildu17 / C_XX) sur ton Bureau. 

/!\ Déconnecte-toi d'Internet et ferme toutes applications en cours. /!\ 

Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program Files). 
Double-clique sur le raccourci d'Ad-Remover située sur ton Bureau. 
(Sous Vista, il faut cliquer droit sur le raccourci d'Ad-Remover et choisir Exécuter en tant qu'administrateur) 
Au menu principal, choisis l'option S. 
Poste le rapport généré (C:\Ad-Report-Scan-(date).log). 

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller) 

Note : "Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.

hacker13 · Answer

edit truecode désactiver sa avant C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

truecode · Answer

A oui merci j'avais pas vu

patinamort · Answer

bonjour et excusé moi pour hier mais après avoir mis mon post j'ai coupé l'ordi car je pensais pas avoir une réponse aussi rapide. Sinon j'ai téléchargé ad-remover et quand je lance le scan il démarre mais arrivé a 15% ad-remover se ferme tout seul. J'ai fait plusieurs essai mais toujours pareil.

truecode · Answer

Tu as Désactiver sa avant C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

patinamort · Answer

oui je suis allé sur spybot puis j'ai fait mode avancé,résident,et j'ai décocher les deux cases.  je suis pas sur mais je crois que c'est comme ça qu'on le désactive.

moment de grace · Answer

bonsoir

(en passant)

@ truecode

Ad Remover non compatible 64 bits

=> List&Kill'em  ou MBAM

bonne continuation...

truecode · Answer

Bonjour , 

Alors on va utiliser un autre utilitaire : ( merci pour la précision )

•Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent
•Télécharge List&Kill'em et enregistre le sur ton bureau
http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem.exe
Il ne necessite pas d'installation
•double clic (clic droit "executer en tant qu'administrateur" pour Vista) pour lancer le scan
•choisis la langue puis choisis l'option 1 = Mode Recherche
•laisse travailler l'outil
•le rapport va s'afficher , une fois le scan fini
•colle le contenu sur un forum spécialisé

patinamort · Answer

Scan saved at 15:22:10, on 07/03/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: EoBHO - {C7B76B90-3455-4AE6-A752-EAC4D19689E5} - C:\Program Files (x86)\EoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files (x86)\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKLM\..\RunOnce: [SoftwareHelper] C:\Users\patrice\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe -runonce
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Outil de notification Live Search.lnk = C:\Users\patrice\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &Search - ?p=ZNxmk762YYFR
O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix: 
O16 - DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} (Google Gadget Control) - http://dl.google.com/dl/desktop/nv/GoogleGadgetPluginIEWin.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32
etlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32
vvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

truecode · Answer

Quand tu es en mode sans echec , va dans démarrer -> panneau de configuration -> ajout/suppression et désinstalle Eorezo.

Tu n'arrive pas a réaliser la manip ci dessus en mode sans echec ?

patinamort · Answer

ça y est j'ai enfin reussi a télécharger list&kill'em et maintenant je vais enlever eorezo.

patinamort · Answer

quand je clique sur supprimer une fenetre s'ouvre est me dit le fichier n'existe pas impossible de le désintaller

hacker13 · Answer

bonjour

edit truecode demande lui d'utiliser RKILL avant ad-remover

truecode · Answer

Ad remover n'est pas compatible avec cette version 

Essai de faire cette manip:

Téléchargez Rkill https://download.bleepingcomputer.com/grinler/rkill.com
Double-cliquez dessus pour le lancer. Il va arrêter automatiquement tous les processus associés à Security Tool et à d'autres rogues. soyez patient car le logiciel peut prendre du temps ! Une fois terminé, le logiciel se ferme tout simplement : c'est normal . Vous pouvez passer directement à la suite de la désinfection. 
Si vous avez un message qui signale que Rkill est un indésirable, ignorez la et lancez de nouveau Rkill après désactivation du logiciel le considérant comme néfaste.


Puis lance un scan avec malware bytes :

 •Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent
•Télécharge List&Kill'em et enregistre le sur ton bureau
http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem.exe
Il ne necessite pas d'installation
•double clic (clic droit "executer en tant qu'administrateur" pour Vista) pour lancer le scan
•choisis la langue puis choisis l'option 1 = Mode Recherche
•laisse travailler l'outil
•le rapport va s'afficher , une fois le scan fini
•colle le contenu sur un forum spécialisé

patinamort · Answer

je vais le faire juste aprés car la j'ai reussi a envoyer list&kill'em comme vous m'avez dit plus haut

patinamort · Answer

voici le rapport de list&kill'em

List'em by g3n-h@ckm@n 1.3.0.0

User : patrice (Administrateurs) 
Update on 06/03/2010 by g3n-h@ckm@n ::::: 14.00
Start at: 15:57:41 | 07/03/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7

AMD Athlon(tm) 64 X2 Dual Core Processor 4800+
Microsoft® Windows Vista™ Édition Familiale Premium  (6.0.6001 64-bit) # Service Pack 1
Internet Explorer 8.0.6001.18882
Windows Firewall Status : Disabled

C:\ -> Disque fixe local | 39,06 Go (7,82 Go free) | NTFS
D:\ -> Disque fixe local | 193,82 Go (193,67 Go free) | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible
K:\ -> Disque amovible | 14,9 Go (14,84 Go free) [USB DISK] | FAT32
 
Boot: Safeboot 
 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running 

C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\List_Kill'em\List_Kill'em.scr
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\List_Kill'em\FxEx.scr
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\List_Kill'em\List_Kill'em.scr
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\List_Kill'em\FxEx.scr
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\List_Kill'em\pv.exe

======================
Keys "Run" 
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Sidebar	REG_SZ         	C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
swg	REG_SZ         	C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
msnmsgr	REG_SZ         	"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
EoEngine	REG_SZ         	"C:\Program Files (x86)\EoRezo\EoEngine.exe" 
HP Software Update	REG_SZ         	C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe 
hpqSRMon	REG_SZ         	C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe 
SunJavaUpdateSched	REG_SZ         	"C:\Program Files (x86)\Java\jre6\bin\jusched.exe" 
RemoteControl	REG_SZ         	"C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe" 
LanguageShortcut	REG_SZ         	"C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe" 
AVP	REG_SZ         	"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" 
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
SoftwareHelper	REG_SZ         	C:\Users\patrice\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe -runonce

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] 
ConsentPromptBehaviorAdmin	REG_DWORD      	2 (0x2) 
ConsentPromptBehaviorUser	REG_DWORD      	1 (0x1) 
EnableInstallerDetection	REG_DWORD      	1 (0x1) 
EnableLUA	REG_DWORD      	1 (0x1) 
EnableSecureUIAPaths	REG_DWORD      	1 (0x1) 
EnableVirtualization	REG_DWORD      	1 (0x1) 
PromptOnSecureDesktop	REG_DWORD      	1 (0x1) 
ValidateAdminCodeSignatures	REG_DWORD      	0 (0x0) 
dontdisplaylastusername	REG_DWORD      	0 (0x0) 
legalnoticecaption	REG_SZ         	 
legalnoticetext	REG_SZ         	 
scforceoption	REG_DWORD      	0 (0x0) 
shutdownwithoutlogon	REG_DWORD      	1 (0x1) 
undockwithoutlogon	REG_DWORD      	1 (0x1) 
FilterAdministratorToken	REG_DWORD      	0 (0x0) 
EnableUIADesktopToggle	REG_DWORD      	0 (0x0) 

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] 

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] 
NoActiveDesktop	REG_DWORD      	1 (0x1) 
NoActiveDesktopChanges	REG_DWORD      	1 (0x1) 
ForceActiveDesktopOn	REG_DWORD      	0 (0x0) 

=============== 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS	REG_SZ         	C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 
 Shell	REG_SZ         	explorer.exe 
 Userinit	REG_SZ         	userinit.exe 
 VmApplet	REG_SZ         	rundll32 shell32,Control_RunDLL "sysdm.cpl" 
 ReportBootOk	REG_SZ         	1 
 AutoRestartShell	REG_DWORD      	1 (0x1) 
 LegalNoticeCaption	REG_SZ         	 
 LegalNoticeText	REG_SZ         	 
 PowerdownAfterShutdown	REG_SZ         	0 
 ShutdownWithoutLogon	REG_SZ         	0 
 cachedlogonscount	REG_SZ         	10 
 forceunlocklogon	REG_DWORD      	0 (0x0) 
 passwordexpirywarning	REG_DWORD      	14 (0xe) 
 Background	REG_SZ         	0 0 0 
 DebugServerCommand	REG_SZ         	no 
 WinStationsDisabled	REG_SZ         	0 
 allocatecdroms	REG_SZ         	0 

===============

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

===============
ActivX controls
===============
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D80A6D1-B500-47DA-82B8-EB9875F85B4D}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

===============
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11CF-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}

==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]

===
DNS
===

HKLM\SYSTEM\CCS\Services\Tcpip\..\{B728E5E5-14B2-4980-B849-2A483B536AC1}: DhcpNameServer=192.168.1.1 192.168.1.1 
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B728E5E5-14B2-4980-B849-2A483B536AC1}: DhcpNameServer=192.168.1.1 192.168.1.1 
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1 
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1 

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page	REG_SZ         	https://www.msn.com/fr-fr/?ocid=iehp

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page	REG_SZ         	https://www.google.fr/?gws_rd=ssl

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services] 

Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
Wlansvc : 0x3 ( OK = 2 )
SharedAccess : 0x4 ( OK = 2 )
windefend : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
wscsvc : 0x2 ( OK = 2 )

=========
Atapi.sys
=========

%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files (x86)\List_Kill'em
## C:\> hashdeep.exe C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
## 
20952,e68d9b3a3905619732f7fe039466a623,74c0b29e54ef064660b9c756e03d5a7eb78f261eff768eb6e74d261fbd34340d,C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files (x86)\List_Kill'em
## C:\> hashdeep.exe C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
## 
22584,1898fae8e07d97f2f6c2d5326c633fac,62142e7b720c0a7fad36577ee985b5793cb395574a3eca9f2af613c0f889d39c,C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys

Référence :
==========

Win 2000_SP2   : ff953a8f08ca3f822127654375786bbe
Win XP_32b     : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b      : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b  : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b  : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b  : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b  : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b  : 02062C0B390B7729EDC9E69C680A6F3C
 
=======
Drive :
=======


¤¤¤¤¤¤¤¤¤¤ Files/folders :

Present !! : C:\Program Files (x86)\EoRezo  
Present !! : C:\Program Files (x86)\Windows Live\Messenger\Riched20.dll  
Present !! : C:\Users\patrice\AppData\Roaming\EoRezo  
Present !! : C:\Users\patrice\LOCAL Settings\Temp\_is3A12.exe  
Present !! : C:\Users\patrice\LOCAL Settings\Temp\_is9A0.exe  
Present !! : C:\Users\patrice\LOCAL Settings\Temp\_isD029.exe  
 
¤¤¤¤¤¤¤¤¤¤ Keys : 

Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Eoengine  
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\SoftwareHelper  
Present !! : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges  
Present !! : "HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}"  
Present !! : "HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7}"  
Present !! : "HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}"  
Present !! : "HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127}"  
Present !! : "HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7}"  
Present !! : "HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}"  
Present !! : "HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}"  
Present !! : "HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}"  
Present !! : "HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}"  
Present !! : "HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}"  
Present !! : "HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}"  
Present !! : "HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}"  
Present !! : "HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll"  
Present !! : "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}"  
Present !! : HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}  
Present !! : HKCR\EoRezoBHO.EoBho  
Present !! : HKCR\EoRezoBHO.EoBho.1  
Present !! : HKCR\Interface\{819db72d-1c28-4387-9778-e2ff3dc86f74}  
Present !! : HKCR\TypeLib\{b6acb3f1-6a83-432c-b854-3e1056f87f4e}  
Present !! : HKCU\SOFTWARE\AppDataLow\software\MyWebSearch  
Present !! : HKCU\SOFTWARE\EoRezo  
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d}  
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca}  
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca}  
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d}  
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca}  
Present !! : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}  
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb}  
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8}  
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df}  
Present !! : HKLM\SOFTWARE\Classes\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}  
Present !! : HKLM\SOFTWARE\Classes\AppID\EoRezoBHO.dll  
Present !! : HKLM\Software\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}  
Present !! : HKLM\SOFTWARE\Classes\CLSID\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}  
Present !! : HKLM\Software\Classes\EoRezoBHO.EoBho  
Present !! : HKLM\Software\Classes\EoRezoBHO.EoBho.1  
Present !! : HKLM\Software\Classes\Interface\{819DB72D-1C28-4387-9778-E2FF3DC86F74}  
Present !! : HKLM\SOFTWARE\Classes\TypeLib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}  
Present !! : HKLM\SOFTWARE\EoRezo  
Present !! : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss  
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A}  
Present !! : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8}  
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}  
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}  
Present !! : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab}  
Present !! : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df}  
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB}  
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF}  
Present !! : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eoEngine_is1  
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1  

============

 
¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials 
 
 
 
 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

End of scan : 16:05:21,53

truecode · Answer

Maintenant le nettoyage : 

•Relance List&Kill'em  (clic droit pour vista),
mais cette fois-ci :
•choisis l'option 2 = Mode Destruction
•laisse travailler l'outil
•Apres les verifications , un rapport va s'ouvrir.
•ferme-le.
•un deuxieme rapport va s'ouvrir ,
•colle son contenu dans ta reponse apres avoir redemarré en mode normal

patinamort · Answer

c'est bon j'envois malwarebytes

truecode · Answer

? fais la manip avec List&kill

patinamort · Answer

impossible de faire la manip avec list&kill car des que je l'envoie mon écran devient de toute les couleurs j'ai du reprendre mon autre ordi pour pouvoir vous répondre

truecode · Answer

Avec malware bytes c'est pareil ?

patinamort · Answer

c'est pareil mon ordi marche est d'un coup l'écran devient un peu comme de la tapisserie il y a des rayures de plusieurs couleur et la je peu plus rien faire je suis obligé de l'éteindre et de le rallumé je sais plus quoi faire.
   Je vais voir si il redémarre.

patinamort · Answer

impossible de faire quoi que se soit . il n'y a pas un moyen de le remettre a zéro l'ordi car j'ai le cd windows si oui comment faire ?

truecode · Answer

Il est possible de faire une réparation du système mais bon pas sur que cela règle le problème : http://www.vista-xp.fr/forum/topic39.html

patinamort · Answer

que me conseille tu ?

truecode · Answer

C'est dommage que tu n'arrive pas a réaliser la manip avec l'outil que je t'ai demander .

Tu peux toujours essayer la réparation système voir si tu peux ainsi accéder plus facilement a windows

patinamort · Answer

l'ordi vient tout juste de repartir. je viens de lancer malware bytes mais au bout de 10 secondes sa bloque j'ai les couleurs bizarre et j'ai plus le pointeur de la souris. je ne sais plus quoi faire.

patinamort · Answer

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3831
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18882

07/03/2010 18:29:29
mbam-log-2010-03-07 (18-29-23).txt

Type de recherche: Examen rapide
Eléments examinés: 97535
Temps écoulé: 2 minute(s), 52 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 23
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

truecode · Answer

Et pareil pour List kill ?

patinamort · Answer

voila je suis arrivé a faire une analyse rapide avec malware bytes et je t'ai poster le rapport au dessus

truecode · Answer

Tu peux supprimer toute les menaces détectés .
Vois si tu peux faire la manip avec list kill .

Sinon relance une analyse mais complète du système

patinamort · Answer

avec list kill j'ai fais l'analyse et ensuite quand je fais le choix numero 2 ça me redémare l'ordi

truecode · Answer

Si tu as du mieux lance une analyse complète du système avec malware bytes

patinamort · Answer

voici le rapport list'm

List'em by g3n-h@ckm@n 1.3.0.0

User : patrice (Administrateurs) 
Update on 06/03/2010 by g3n-h@ckm@n ::::: 14.00
Start at: 18:39:49 | 07/03/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7

AMD Athlon(tm) 64 X2 Dual Core Processor 4800+
Microsoft® Windows Vista™ Édition Familiale Premium  (6.0.6001 64-bit) # Service Pack 1
Internet Explorer 8.0.6001.18882
Windows Firewall Status : Disabled

C:\ -> Disque fixe local | 39,06 Go (7,52 Go free) | NTFS
D:\ -> Disque fixe local | 193,82 Go (193,67 Go free) | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible
 
Boot: Safeboot 
 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running 

C:\Program Files (x86)\List_Kill'em\List_Kill'em.scr
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\List_Kill'em\FxEx.scr
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\List_Kill'em\pv.exe

======================
Keys "Run" 
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Sidebar	REG_SZ         	C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
swg	REG_SZ         	C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
msnmsgr	REG_SZ         	"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
HP Software Update	REG_SZ         	C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe 
hpqSRMon	REG_SZ         	C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe 
SunJavaUpdateSched	REG_SZ         	"C:\Program Files (x86)\Java\jre6\bin\jusched.exe" 
RemoteControl	REG_SZ         	"C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe" 
LanguageShortcut	REG_SZ         	"C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe" 
AVP	REG_SZ         	"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" 
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] 
ConsentPromptBehaviorAdmin	REG_DWORD      	2 (0x2) 
ConsentPromptBehaviorUser	REG_DWORD      	1 (0x1) 
EnableInstallerDetection	REG_DWORD      	1 (0x1) 
EnableLUA	REG_DWORD      	1 (0x1) 
EnableSecureUIAPaths	REG_DWORD      	1 (0x1) 
EnableVirtualization	REG_DWORD      	1 (0x1) 
PromptOnSecureDesktop	REG_DWORD      	1 (0x1) 
ValidateAdminCodeSignatures	REG_DWORD      	0 (0x0) 
dontdisplaylastusername	REG_DWORD      	0 (0x0) 
legalnoticecaption	REG_SZ         	 
legalnoticetext	REG_SZ         	 
scforceoption	REG_DWORD      	0 (0x0) 
shutdownwithoutlogon	REG_DWORD      	1 (0x1) 
undockwithoutlogon	REG_DWORD      	1 (0x1) 
FilterAdministratorToken	REG_DWORD      	0 (0x0) 
EnableUIADesktopToggle	REG_DWORD      	0 (0x0) 

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] 

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] 
NoActiveDesktop	REG_DWORD      	1 (0x1) 
ForceActiveDesktopOn	REG_DWORD      	0 (0x0) 

=============== 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS	REG_SZ         	C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 
 Shell	REG_SZ         	explorer.exe 
 Userinit	REG_SZ         	userinit.exe 
 VmApplet	REG_SZ         	rundll32 shell32,Control_RunDLL "sysdm.cpl" 
 ReportBootOk	REG_SZ         	1 
 AutoRestartShell	REG_DWORD      	1 (0x1) 
 LegalNoticeCaption	REG_SZ         	 
 LegalNoticeText	REG_SZ         	 
 PowerdownAfterShutdown	REG_SZ         	0 
 ShutdownWithoutLogon	REG_SZ         	0 
 cachedlogonscount	REG_SZ         	10 
 forceunlocklogon	REG_DWORD      	0 (0x0) 
 passwordexpirywarning	REG_DWORD      	14 (0xe) 
 Background	REG_SZ         	0 0 0 
 DebugServerCommand	REG_SZ         	no 
 WinStationsDisabled	REG_SZ         	0 
 allocatecdroms	REG_SZ         	0 

===============

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

===============
ActivX controls
===============
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D80A6D1-B500-47DA-82B8-EB9875F85B4D}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

===============
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11CF-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}

==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]

===
DNS
===

HKLM\SYSTEM\CCS\Services\Tcpip\..\{B728E5E5-14B2-4980-B849-2A483B536AC1}: DhcpNameServer=192.168.1.1 192.168.1.1 
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B728E5E5-14B2-4980-B849-2A483B536AC1}: DhcpNameServer=192.168.1.1 192.168.1.1 
HKLM\SYSTEM\CS2\Services\Tcpip\..\{B728E5E5-14B2-4980-B849-2A483B536AC1}: DhcpNameServer=192.168.1.1 192.168.1.1 
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1 
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1 
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1 

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page	REG_SZ         	https://www.msn.com/fr-fr/?ocid=iehp

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page	REG_SZ         	https://www.google.fr/?gws_rd=ssl

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services] 

Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
Wlansvc : 0x3 ( OK = 2 )
SharedAccess : 0x4 ( OK = 2 )
windefend : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
wscsvc : 0x2 ( OK = 2 )

=========
Atapi.sys
=========

%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files (x86)\List_Kill'em
## C:\> hashdeep.exe C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
## 
20952,e68d9b3a3905619732f7fe039466a623,74c0b29e54ef064660b9c756e03d5a7eb78f261eff768eb6e74d261fbd34340d,C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files (x86)\List_Kill'em
## C:\> hashdeep.exe C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
## 
22584,1898fae8e07d97f2f6c2d5326c633fac,62142e7b720c0a7fad36577ee985b5793cb395574a3eca9f2af613c0f889d39c,C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys

Référence :
==========

Win 2000_SP2   : ff953a8f08ca3f822127654375786bbe
Win XP_32b     : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b      : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b  : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b  : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b  : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b  : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b  : 02062C0B390B7729EDC9E69C680A6F3C
 
=======
Drive :
=======


¤¤¤¤¤¤¤¤¤¤ Files/folders :

 
¤¤¤¤¤¤¤¤¤¤ Keys : 

Present !! : "HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}"  
Present !! : "HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7}"  
Present !! : "HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}"  
Present !! : "HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127}"  
Present !! : "HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7}"  
Present !! : "HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}"  
Present !! : "HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}"  
Present !! : "HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}"  
Present !! : "HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}"  
Present !! : "HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}"  
Present !! : "HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}"  
Present !! : "HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}"  
Present !! : "HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll"  
Present !! : "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}"  
Present !! : HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}  
Present !! : HKCR\EoRezoBHO.EoBho  
Present !! : HKCR\EoRezoBHO.EoBho.1  
Present !! : HKCR\Interface\{819db72d-1c28-4387-9778-e2ff3dc86f74}  
Present !! : HKCR\TypeLib\{b6acb3f1-6a83-432c-b854-3e1056f87f4e}  
Present !! : HKCU\SOFTWARE\AppDataLow\software\MyWebSearch  
Present !! : HKCU\SOFTWARE\EoRezo  
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d}  
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca}  
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca}  
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d}  
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca}  
Present !! : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}  
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb}  
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8}  
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df}  
Present !! : HKLM\SOFTWARE\Classes\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}  
Present !! : HKLM\SOFTWARE\Classes\AppID\EoRezoBHO.dll  
Present !! : HKLM\Software\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}  
Present !! : HKLM\SOFTWARE\Classes\CLSID\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}  
Present !! : HKLM\Software\Classes\EoRezoBHO.EoBho  
Present !! : HKLM\Software\Classes\EoRezoBHO.EoBho.1  
Present !! : HKLM\Software\Classes\Interface\{819DB72D-1C28-4387-9778-E2FF3DC86F74}  
Present !! : HKLM\SOFTWARE\Classes\TypeLib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}  
Present !! : HKLM\SOFTWARE\EoRezo  
Present !! : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss  
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A}  
Present !! : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8}  
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}  
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}  
Present !! : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab}  
Present !! : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df}  
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB}  
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF}  
Present !! : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eoEngine_is1  
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1  

============

 
 
 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

End of scan : 18:47:18,27

truecode · Answer

Réalise l'option 2 normalement un rapport va s'ouvrir .
Si cela ne fonctionne pas la solution c'est d'effectuer un scan complet avec Malware bytes et de poster le rapport

patinamort · Answer

voila j'ai tout supprimer et je viens de lancer l'analyse compléte avec malware bytes j'espère que sa va pas planté

patinamort · Answer

ok mais l'option 2 me fais redémarrer l'ordi (je ne sais pas si c'est normal) alors j'ai lancer l'analyse complete avec malware bytes

patinamort · Answer

impossible de faire l'analyse complète mon ordi veux pas il plante.

truecode · Answer

Lance cette analyse c'est un outil de diagnostic qui va permettre d'en savoir plus 

• Télécharge ZHPDiag https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html 
• Laisse toi guider lors de l'installation, il se lancera automatiquement à la fin. 
• Clique sur l'icône représentant une loupe (« Lancer le diagnostic ») 
• Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette 
• Héberge le rapport ZHPDiag.txt sur http://www.cijoint.fr/ puis copie/colle le lien fourni dans ta prochaine réponse sur le forum.

patinamort · Answer

voila.
http://www.cijoint.fr/cjlink.php?file=cj201003/cijzXBaOCs.

patinamort · Answer

http://www.cijoint.fr/cjlink.php?file=cj201003/cijpZPbZG2.txt

patinamort · Answer

http://www.cijoint.fr/cjlink.php?file=cj201003/cij1LjVrj3.txt

patinamort · Answer

je crois que c'est le lien numéro 3 le bon

moment de grace · Answer

edit

patinamort · Answer

apparament il y a trop de ligne car je n'arrive pas a faire un copier coller

patinamort · Answer

je vais essayer de le mettre en plusieur fois

moment de grace · Answer

edit

moment de grace · Answer

arrêtes patinamort,

il y a eu erreur de sujet de ma part

ton helpeur va revenir

moment de grace · Answer

il y a eu erreur de sujet de ma part 

ton helpeur va revenir 

mes excuses...

truecode · Answer

Toujours infecté par Eorezo : 
OTMoveIT
Télécharger [url=http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/]OTMoveIt3 par OldTimer[/url]
Enregistrer ce fichier sur le Bureau.
Faire un double clic sur OTMoveIt3.exe pour lancer l'exécution de l'outil. (Note: Si vous utilisez Vista, faire un clic droit sur le fichier puis choisir Exécuter en tant qu'administrateur).
Copier les lignes de la zone "Code" ci-dessous dans le Presse-papiers en les sélectionnant TOUTES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):

Code:


:processes

explorer.exe

:files

c:\program files\eorezo\eoadv\eorezobho.dll


:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}]


:commands

[emptytemp]

[start explorer]

[reboot]


Retourner dans la fenêtre de OTMoveIt3, faire un clic droit dans la zone "Paste List Instruction for Items to be Moved" (sous la barre bleu clair) puis choisir Coller.
Cliquer sur le bouton rouge Moveit!.
Fermer OTMoveIt3
Reviens sur le forum, et poste le rapport généré. Celui-ci se trouve ici : C:\_OTMoveIt\MovedFiles, poster le rapport le plus récent.
Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire afin de terminer le processus de déplacement. Si le redémarrage de la machine vous est demandé, choisir Oui/Yes.

patinamort · Answer

ok je n'avais pas vu ton méssage
je peu l'éffacer tous ça ou pas ?

truecode · Answer

Eorezo est infectieux tu peux le supprimer

patinamort · Answer

le rapport c'est ça ?

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder c:\program files\eorezo\eoadv\eorezobho.dll not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}\ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: patrice
->Temp folder emptied: 18788965 bytes
->Temporary Internet Files folder emptied: 8391993 bytes
->Java cache emptied: 7633772 bytes
->FireFox cache emptied: 36677685 bytes
->Flash cache emptied: 1421 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2129044 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 2791879 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1265771 bytes
 
Total Files Cleaned = 74,00 mb
 
 
OTM by OldTimer - Version 3.1.10.0 log created on 03072010_222507

Files moved on Reboot...
File C:\Users\patrice\AppData\Local\Temp\~DFBA0.tmp not found!
File C:\Users\patrice\AppData\Local\Temp\~DFBA5.tmp not found!
File C:\Users\patrice\AppData\Local\Temp\~DFBEB.tmp not found!
File C:\Users\patrice\AppData\Local\Temp\~DFBF0.tmp not found!
File C:\Users\patrice\AppData\Local\Temp\~DFC14.tmp not found!
File C:\Users\patrice\AppData\Local\Temp\~DFC19.tmp not found!
C:\Users\patrice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JKT5NS2T\cjlink[1].htm moved successfully.
C:\Users\patrice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\726H082H\affich-16890490-rapport-hijackthis[1].txt moved successfully.
C:\Users\patrice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2MT95EQS\cij1LjVrj3[1].txt moved successfully.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZB3AS8NE\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF0SGOT\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TNB0IPM4\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KIVDQX46\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

Registry entries deleted on Reboot...

patinamort · Answer

j'ai éffacé eorezo dans mon panneau de configuration.

truecode · Answer

Bonjour,

Je te laisse faire un nouveau scan avec ZHPdiag et poste le rapport .

Toujours le soucis au niveau de l'écran ?

patinamort · Answer

Bonjour,

mon soucis de l'écran disparu par contre quand j'allume mon ordi l'écran et noir mais après plusieurs redémarrage je réussi enfin mais des que je suis sur internet il me marque firefox ne répond pas est il me faut aller dans mon gestionnaire de tache pour faire fin de tache.
Meme quand je lance ZHPdiag il me marque que le programme ne répond pas.

patinamort · Answer

Rapport de ZHPDiag v1.25.1285 par Nicolas Coolman
Run by patrice at 08/03/2010 12:19:45
Web site :  http://www.premiumorange.com/zeb-help-process/zhpdiag.html

---\ Web Browser
MSIE: Internet Explorer v8.0.6001.18882
MFIE: Mozilla Firefox (3.6)

---\ System Information
Platform : Windows (TM) Vista Home Premium (6.0.6001) 
Processor: AMD64 Family 15 Model 107 Stepping 2, AuthenticAMD
Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2046 MB (45% free)
System drive C: has 10 GB (25%) free of 39 GB

---\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 10 Go of 39 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 194 Go of 194 Go)
E:\ CD-ROM drive (Not Inserted)
F:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
J:\ Floppy drive, Flash card reader, USB Key (Not Inserted)


---\ Processus lancés
[MD5.062F3DB9AFA9C3CE0DA52F28595C0C6D] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
[MD5.941A08CBDEEDF16B6C986B6BA7C9A5D0] - (.Hewlett-Packard - HpqSRmon.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
[MD5.56F676060D70BA066459478824510BEA] - (.Cyberlink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
[MD5.405D6C6C1D5D255CB4EF1BFD1CE305E8] - (.Pas de propriétaire - Language Application.) -- C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe
[MD5.3A0647BDED81DBE0BCBB51D70B22C9E0] - (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
[MD5.5213EB5405A886A9B4FED6724C392C07] - (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[MD5.CDA9F1373805AF88F6FA4F2064BBA24D] - (.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
[MD5.18AA5FF4EE3FE45A64B98589C62B7FC0] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 191.0.) -- C:\Windows\system32
vvsvc.exe
[MD5.BD517C7FB119997EFFBE39D5E4B37B05] - (.Pas de propriétaire - RichVideo Module.) -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
[MD5.80F4593E92FF960E4763380D3168E498] - (.Microsoft Corporation - Processus de l’autorité de sécurité locale.) -- C:\Windows\system32\lsass.exe
[MD5.794D4B48DFB6E999537C7C3947863463] - (.Safer Networking Ltd. - Spybot-S&D Security Center integration.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
[MD5.271077B91D7AD1B616F8AFDFE8E3F981] - (.Microsoft Corporation - Microsoft SeaPort Search Enhancement Broker.) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
[MD5.A301D2CEFB4747DFE0C24425DCBE0B78] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe
[MD5.E6519A9E756D74DC51C697BA62162F51] - (.Microsoft Corporation - Application sous-système spouleur.) -- C:\Windows\System32\spoolsv.exe
[MD5.65B7309C79A5D2E16E734F2773CF5A7A] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) -- C:\Windows\system32\SearchIndexer.exe


---\ Pages de recherche  de Mozilla Firefox (M1)
M1 - SPR:Search Page Redirection - C:\Program Files (x86)\Mozilla FireFox\extensions\linkfilter@kaspersky.ru


---\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=userinit.exe
F2 - REG:system.ini: Shell=explorer.exe


---\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp


---\ Pages de recherche d'Internet Explorer (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF


---\ Internet Explorer URLSearchHook (R3)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)) -- C:\Windows\SysWOW64\ieframe.dll


---\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} . (.Microsoft Corporation - Search Helper for Internet Explorer.) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} . (.Pas de propriétaire - Pas de description.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} . (.Google Inc. - Fast Search.) -- C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet E.) -- C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll


---\ Internet Explorer Toolbars (O3)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Pas de propriétaire - Pas de description.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll


---\ Applications démarrées automatiquement par le registre (O4)
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe 
O4 - HKLM\..\Run: [hpqSRMon] . (.Hewlett-Packard - HpqSRmon.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe 
O4 - HKLM\..\Run: [RemoteControl] . (.Cyberlink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe 
O4 - HKLM\..\Run: [LanguageShortcut] . (.Pas de propriétaire - Language Application.) -- C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe 
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe 
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe 
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 
O4 - Global Startup: HP Digital Imaging Monitor.lnk . (.Hewlett-Packard Co. - HP Digital Imaging Monitor.)  -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk . (.Logitech Inc. - Logitech Desktop Messenger.)  -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk . (.Logitech Inc. - Logitech SetPoint Event Manager (UNICODE).)  -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Outil de notification Live Search.lnk . (.Microsoft Corporation - Outil de Notification LiveSearch.)  -- C:\Users\patrice\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe


---\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: &Search - (.not file.) - ?p=ZNxmk762YYFR


---\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet Explorer.) -- C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll


---\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} (Google Gadget Control) - http://dl.google.com/dl/desktop/nv/GoogleGadgetPluginIEWin.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab


---\ Protocole additionnel et piratage de protocole (O18)
O18 - Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} . (.Logitech Inc. - Logitech Desktop Messenger.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll


---\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Contrôleur de site Web.) -- C:\Windows\SysWOW64\webcheck.dll


---\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\system32\browseui.dll


---\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: NVIDIA Display Driver Service (nvsvc) . (.Pas de propriétaire - Pas de description.) - C:\Windows\system32
vvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) . (.Pas de propriétaire - RichVideo Module.) - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: C:\Windows\system32\samsrv.dll (SamSs) . (.Pas de propriétaire - Pas de description.) - C:\Windows\system32\lsass.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) . (.Safer Networking Ltd. - Spybot-S&D Security Center integration.) - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: C:\Windows\system32\SLsvc.exe (slsvc) . (.Pas de propriétaire - Pas de description.) - C:\Windows\system32\SLsvc.exe
O23 - Service: C:\Windows\system32\spoolsv.exe (Spooler) . (.Pas de propriétaire - Pas de description.) - C:\Windows\System32\spoolsv.exe


---\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre6\binegutils.dll
O40 - ASIC: Microsoft Windows Mail 7 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Pas de propriétaire - Pas de description.) -- "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
O40 - ASIC: Macromedia Shockwave Flash - {D27CDB6E-AE6D-11CF-96B8-444553540000} . (.Adobe Systems, Inc. - Adobe Flash Player 10.0 r12.) -- C:\Windows\SysWow64\Macromed\Flash\Flash10a.ocx


---\ Pilotes lancés au démarrage (O41)
O41 - Driver: Ancilliary Function Driver for Winsock (AFD) . (.Pas de propriétaire - Pas de description.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: Pilote de CD-ROM (cdrom) . (.Pas de propriétaire - Pas de description.) - C:\Windows\system32\DRIVERS\cdrom.sys
O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Pas de propriétaire - Pas de description.) - C:\Windows\system32\Drivers\dfsc.sys
O41 - Driver: Pilote pour clavier i8042 et souris sur port PS/2 (i8042prt) . (.Pas de propriétaire - Pas de description.) - C:\Windows\system32\DRIVERS\i8042prt.sys
O41 - Driver: Pilote de la classe Clavier (kbdclass) . (.Pas de propriétaire - Pas de description.) - C:\Windows\system32\DRIVERS\kbdclass.sys
O41 - Driver: Pilote de la classe Souris (mouclass) . (.Pas de propriétaire - Pas de description.) - C:\Windows\system32\DRIVERS\mouclass.sys
O41 - Driver: NetBIOS Interface (NetBIOS) . (.Pas de propriétaire - Pas de description.) - C:\Windows\system32\DRIVERS
etbios.sys
O41 - Driver: NETBT (netbt) . (.Pas de propriétaire - Pas de description.) - C:\Windows\system32\DRIVERS
etbt.sys
O41 - Driver: NSI proxy service (nsiproxy) . (.Pas de propriétaire - Pas de description.) - C:\Windows\system32\drivers
siproxy.sys
O41 - Driver: C:\Windows\system32\drivers\pacer.sys (PSched) . (.Pas de propriétaire - Pas de description.) - C:\Windows\system32\DRIVERS\pacer.sys
O41 - Driver: Remote Access Auto Connection Driver (RasAcd) . (.Pas de propriétaire - Pas de description.) - C:\Windows\system32\DRIVERSasacd.sys
O41 - Driver: Redirected Buffering Sub Sysytem (rdbss) . (.Pas de propriétaire - Pas de description.) - C:\Windows\system32\DRIVERSdbss.sys
O41 - Driver: RDPCDD (RDPCDD) . (.Pas de propriétaire - Pas de description.) - C:\Windows\system32\DRIVERS\RDPCDD.sys
O41 - Driver: RDP Encoder Mirror Driver (RDPENCDD) . (.Pas de propriétaire - Pas de description.) - C:\Windows\system32\driversdpencdd.sys
O41 - Driver: Pilote de port série (Serial) . (.Pas de propriétaire - Pas de description.) - C:\Windows\system32\DRIVERS\serial.sys
O41 - Driver: Pilote de périphérique terminal (TermDD) . (.Pas de propriétaire - Pas de description.) - C:\Windows\system32\DRIVERS	ermdd.sys
O41 - Driver: (VgaSave) . (.Pas de propriétaire - Pas de description.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver: Remote Access IPv6 ARP Driver (Wanarpv6) . (.Pas de propriétaire - Pas de description.) - C:\Windows\system32\DRIVERS\wanarp.sys


---\ Logiciels installés (O42)
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.)
O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.)
O42 - Logiciel: Assistant de connexion Windows Live - (.Microsoft Corporation.)
O42 - Logiciel: CCleaner - (.Piriform.)
O42 - Logiciel: CDDRV_Installer - (.Logitech Inc..)
O42 - Logiciel: Choice Guard - (.Microsoft Corporation.)
O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..)
O42 - Logiciel: HP Update - (.Hewlett-Packard.)
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.)
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.)
O42 - Logiciel: Java(TM) 6 Update 17 - (.Sun Microsystems, Inc..)
O42 - Logiciel: Java(TM) 6 Update 7 - (.Sun Microsystems, Inc..)
O42 - Logiciel: List_Kill'em 1.3.0.0 - (.g3n-h@ckm@n..)
O42 - Logiciel: Logitech Desktop Messenger - (.Logitech, Inc..)
O42 - Logiciel: Logitech SetPoint - (.Logitech.)
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.)
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.)
O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.)
O42 - Logiciel: Microsoft Search Enhancement Pack - (.Microsoft Corporation.)
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.)
O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.)
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.)
O42 - Logiciel: Mozilla Firefox (3.6) - (.Mozilla.)
O42 - Logiciel: Nero 7 Essentials - (.Nero AG.)
O42 - Logiciel: OpenOffice.org 3.0 - (.OpenOffice.org.)
O42 - Logiciel: Outil de téléchargement Windows Live - (.Microsoft Corporation.)
O42 - Logiciel: PowerDVD - (.CyberLink Corporation.)
O42 - Logiciel: PowerProducer - (.Pas de propriétaire.)
O42 - Logiciel: Roxio Express Labeler 3 - (.Roxio.)
O42 - Logiciel: Spybot - Search & Destroy - (.Safer Networking Limited.)
O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.)
O42 - Logiciel: Windows Live Sync - (.Microsoft Corporation.)
O42 - Logiciel: ffdshow [rev 1703] [2007-12-15] - (.Pas de propriétaire.)


---\ Contenu des dossiers Fichiers Communs (O43)
O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Analog Devices
O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Avira
O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\CCleaner
O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files
O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\CyberLink
O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\EoRezo
O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\ffdshow
O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Google
O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Hewlett-Packard
O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\HP
O43 - CFD:Common File Directory --H-D- C:\Program Files (x86)\InstallShield Installation Information
O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Internet Explorer
O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Java
O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\JRE
O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\List_Kill'em
O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Malwarebytes' Anti-Malware
O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Microsoft
O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Microsoft Silverlight
O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Mozilla Firefox
O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\MSBuild
O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\MSXML 4.0
O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Nero
O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\OpenOffice.org 3
O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Reference Assemblies
O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Roxio
O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Spybot - Search & Destroy
O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Trend Micro
O43 - CFD:Common File Directory --H-D- C:\Program Files (x86)\Uninstall Information
O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Windows Calendar
O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Windows Collaboration
O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Windows Defender
O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Windows Live
O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Windows Live SkyDrive
O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Windows Mail
O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Windows Media Player
O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Windows NT
O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Windows Photo Gallery
O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Windows Sidebar
O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\ZHPDiag
O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\Adobe
O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\Ahead
O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\Hewlett-Packard
O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\HP
O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\InstallShield
O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\Java
O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\microsoft shared
O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\Services
O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\SpeechEngines
O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\SureThing Shared
O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\System
O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\Windows Live


---\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.275739E905BE42F1D464C44F7BA00800] - 08/03/2010 - 12:19:11 -S-A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\bootstat.dat
O44 - LFC:[MD5.0A6513C9862E91AE17EA4F115EFDDA29] - 08/03/2010 - 12:17:13 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows
tbtlog.txt
O44 - LFC:[MD5.C2436BC99DD3A7DA2277097FAA28C898] - 08/03/2010 - 11:58:48 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\WindowsUpdate.log
O44 - LFC:[MD5.8FF5268D4C5E63CEDA60AD1E14728A0C] - 08/03/2010 - 11:56:43 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\SysNative\perfc00C.dat
O44 - LFC:[MD5.F1299723685CDE4C9460EBDB2B5C201E] - 08/03/2010 - 11:56:43 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\SysNative\perfh009.dat
O44 - LFC:[MD5.1E194D5569167B847122D0B2B87F139E] - 08/03/2010 - 11:56:43 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\SysNative\perfh00C.dat
O44 - LFC:[MD5.841FAC1D3D3F31077862B2C07DE4C9BE] - 08/03/2010 - 11:56:42 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\SysNative\PerfStringBackup.INI
O44 - LFC:[MD5.120C8D6B0A5BCD1B3B5E1A91BDAFC0B0] - 08/03/2010 - 11:56:42 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\SysNative\perfc009.dat
O44 - LFC:[MD5.AAA7CBB1A6F728C2308B28102BC9CCF5] - 08/03/2010 - 11:50:55 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\PFRO.log
O44 - LFC:[MD5.CC672B31FA05BC94ED6D6C26208069F5] - 07/03/2010 - 23:32:01 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\SysNative\FNTCACHE.DAT
O44 - LFC:[MD5.D79E5E1321BDF0CEFED91103C92DB954] - 07/03/2010 - 18:47:18 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\List'em.txt
O44 - LFC:[MD5.BD29B87ED95EA996B8A59E86681329D3] - 07/03/2010 - 16:45:44 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Kill'em.txt
O44 - LFC:[MD5.96ECB91D134E66FFB64936B7A667E828] - 07/03/2010 - 16:12:08 ---A- . (.Pas de propriétaire - Pas de description.) -- C:kill.log
O44 - LFC:[MD5.24D798AA625D5829F2967281D1B42007] - 06/03/2010 - 21:15:46 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Ad-Report-SCAN[5].log
O44 - LFC:[MD5.E9C823FC703001A0FB6684D57A816F4A] - 06/03/2010 - 21:09:10 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Ad-Report-SCAN[6].log
O44 - LFC:[MD5.18D263472DCD651B90C3D7C12CA73030] - 06/03/2010 - 21:07:13 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Ad-Report-SCAN[4].log
O44 - LFC:[MD5.F1CE018AB5E3EEF4145A04695BDD7F7C] - 06/03/2010 - 20:31:03 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Ad-Report-SCAN[3].log
O44 - LFC:[MD5.AA78FDA1C685EEE2D65BF44429EC0028] - 06/03/2010 - 20:24:08 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Ad-Report-SCAN[2].log
O44 - LFC:[MD5.09A3A05E7918F76FFCAA8578EF92E740] - 06/03/2010 - 20:17:09 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Ad-Report-SCAN[1].log


---\ Trojan Driver Search Data (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\SysWOW64\l3codeca.acm" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Codec Cinepak®.) -- C:\Windows\System32\iccvid.dll
O52 - TDSD: \Drivers32\"VIDC.FFDS"="ff_vfw.dll" . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\ff_vfw.dll
O52 - TDSD: \drivers.desc\"C:\Windows\SysWOW64\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
O52 - TDSD: \drivers.desc\"ff_vfw.dll"="ffdshow video encoder" . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\ff_vfw.dll


---\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=2
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0


---\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\Policies\Explorer] - "NoActiveDesktop"=1
O56 - MWPE:[HKLM\...\Policies\Explorer] - "ForceActiveDesktopOn"=0


---\ Liste des Drivers Système (SDL) (O58)
O58 - SDL:[MD5.F14215E37CF124104575073F782111D2] - 21/01/2008 - 03:46:53 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\system32\drivers\adp94xx.sys
O58 - SDL:[MD5.7D05A75E3066861A6610F7EE04FF085C] - 21/01/2008 - 03:46:54 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\system32\drivers\adpahci.sys
O58 - SDL:[MD5.820A201FE08A0C345B3BEDBC30E1A77C] - 21/01/2008 - 03:46:54 ---A- . (.Adaptec, Inc. - Adaptec LH Ultra160 Driver (X64).) -- C:\Windows\system32\drivers\adpu160m.sys
O58 - SDL:[MD5.9B4AB6854559DC168FBB4C24FC52E794] - 21/01/2008 - 03:47:27 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver (X64).) -- C:\Windows\system32\drivers\adpu320.sys
O58 - SDL:[MD5.157D0898D4B73F075CE9FA26B482DF98] - 21/01/2008 - 03:46:50 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\system32\drivers\aliide.sys
O58 - SDL:[MD5.BA8417D4765F3988FF921F30F630E303] - 21/01/2008 - 03:46:52 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\system32\drivers\arc.sys
O58 - SDL:[MD5.9D41C435619733B34CC16A511E644B11] - 21/01/2008 - 03:47:00 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\system32\drivers\arcsas.sys
O58 - SDL:[MD5.6936198F2CC25B39CF5262436C80DF46] - 31/10/2006 - 16:23:42 ---A- . (.Pas de propriétaire - ATK0110 ACPI Utility.) -- C:\Windows\system32\drivers\ASACPI.sys
O58 - SDL:[MD5.F09EEE9EDC320B5E1501F749FDE686C8] - 18/09/2006 - 22:30:15 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\system32\drivers\BrFiltLo.sys
O58 - SDL:[MD5.B114D3098E9BDB8BEA8B053685831BE6] - 18/09/2006 - 22:30:15 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\system32\drivers\BrFiltUp.sys
O58 - SDL:[MD5.F0F0BA4D815BE446AA6A4583CA3BCA9B] - 02/11/2006 - 09:43:25 ---A- . (.Brother Industries Ltd. - Pilote Brother Série I/F (WDM).) -- C:\Windows\system32\drivers\BrSerId.sys
O58 - SDL:[MD5.A6ECA2151B08A09CACECA35C07F05B42] - 18/09/2006 - 22:30:18 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\system32\drivers\BrSerWdm.sys
O58 - SDL:[MD5.B79968002C277E869CF38BD22CD61524] - 18/09/2006 - 22:30:18 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\system32\drivers\BrUsbMdm.sys
O58 - SDL:[MD5.A87528880231C54E75EA7A44943B38BF] - 19/09/2006 - 12:42:33 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\system32\drivers\BrUsbSer.sys
O58 - SDL:[MD5.E5D5499A1C50A54B5161296B6AFE6192] - 21/01/2008 - 03:46:50 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\cmdide.sys
O58 - SDL:[MD5.222CB641B4B8A1D1126F8033F9FD6A00] - 02/11/2006 - 12:50:06 ---A- . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\Windows\system32\drivers\djsvs.sys
O58 - SDL:[MD5.264CEE7B031A9D6C827F3D0CB031F2FE] - 21/01/2008 - 03:46:56 ---A- . (.Intel Corporation - Intel(R) PRO/1000 Adapter NDIS 6 deserialized driver.) -- C:\Windows\system32\drivers\E1G6032E.sys
O58 - SDL:[MD5.C4636D6E10469404AB5308D9FD45ED07] - 21/01/2008 - 03:46:59 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\system32\drivers\elxstor.sys
O58 - SDL:[MD5.D7109A1E6BD2DFDBCBA72A6BC626A13B] - 21/01/2008 - 03:46:59 ---A- . (.Hewlett-Packard Company - Smart Array Storport Driver.) -- C:\Windows\system32\drivers\HpCISSs.sys
O58 - SDL:[MD5.3E3BF3627D886736D0B4E90054F929F6] - 21/01/2008 - 03:46:59 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver (base).) -- C:\Windows\system32\drivers\iaStorV.sys
O58 - SDL:[MD5.8C3951AD2FE886EF76C7B5027C3125D3] - 02/11/2006 - 13:02:39 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\system32\drivers\iirsp.sys
O58 - SDL:[MD5.63C766CDC609FF8206CB447A65ABBA4A] - 02/11/2006 - 13:02:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\system32\drivers\iteatapi.sys
O58 - SDL:[MD5.1281FE73B17664631D12F643CBEA3F59] - 02/11/2006 - 13:02:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\system32\drivers\iteraid.sys
O58 - SDL:[MD5.8FA5F561F8D9E9D9D0F5B9FDC92FE0FA] - 23/01/2007 - 15:47:00 ---A- . (.Logitech Inc. - Logitech PS2 Keyboard Filter Driver..) -- C:\Windows\system32\drivers\L8042Kbd.sys
O58 - SDL:[MD5.346327DF9EBBA24671230462E3BEC8F4] - 23/01/2007 - 15:47:00 ---A- . (.Logitech Inc. - Logitech PS/2 Mouse Filter Driver..) -- C:\Windows\system32\drivers\L8042mou.Sys
O58 - SDL:[MD5.8C14643089AD1A307DAD03698023865D] - 23/01/2007 - 15:48:00 ---A- . (.Logitech Inc. - Logitech Filter Driver for Mouse Class..) -- C:\Windows\system32\drivers\LMouKE.Sys
O58 - SDL:[MD5.ACBE1AF32D3123E330A07BFBC5EC4A9B] - 21/01/2008 - 03:46:51 ---A- . (.LSI Logic - LSI Logic Fusion-MPT FC Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_fc.sys
O58 - SDL:[MD5.799FFB2FC4729FA46D2157C0065B3525] - 21/01/2008 - 03:46:56 ---A- . (.LSI Logic - LSI Logic Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas.sys
O58 - SDL:[MD5.F445FF1DAAD8A226366BFAF42551226B] - 21/01/2008 - 03:47:01 ---A- . (.LSI Logic - LSI Logic Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_scsi.sys
O58 - SDL:[MD5.989D47E8BD1D7539EB3976D3902E223E] - 07/01/2010 - 16:07:06 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbam.sys
O58 - SDL:[MD5.5C5CD6AACED32FB26C3FB34B3DCF972F] - 21/01/2008 - 03:46:59 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows Vista/Longhorn for x.) -- C:\Windows\system32\drivers\megasas.sys
O58 - SDL:[MD5.859BC2436B076C77C159ED694ACFE8F8] - 21/01/2008 - 03:46:56 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\system32\drivers\MegaSR.sys
O58 - SDL:[MD5.3C200630A89EF2C0864D515B7A75802E] - 02/11/2006 - 13:02:24 ---A- . (.LSI Logic Corporation - MegaRAID RAID Controller Driver for Windows Vista/Longhorn for.) -- C:\Windows\system32\drivers\Mraid35x.sys
O58 - SDL:[MD5.4AC08BD6AF2DF42E0C3196D826C8AEA7] - 02/11/2006 - 13:03:03 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\system32\drivers
frd960.sys
O58 - SDL:[MD5.FEFFC8474BE060EA7349A172B9810415] - 27/09/2009 - 23:12:22 ---A- . (.NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 191.07.) -- C:\Windows\system32\drivers
vlddmkm.sys
O58 - SDL:[MD5.9733F305FA84AAF84E7FB09C0B345ADB] - 10/10/2006 - 03:09:03 ---A- . (.NVIDIA Corporation - NVIDIA MCP Networking Function Driver..) -- C:\Windows\system32\drivers
vm60x64.sys
O58 - SDL:[MD5.99ED33F7FE39026A477893D92AEA5EF0] - 18/11/2007 - 03:39:46 ---A- . (.NVIDIA Corporation - NVIDIA MCP Networking Function Driver..) -- C:\Windows\system32\drivers
vmfdx64.sys
O58 - SDL:[MD5.2C040B7ADA5B06F6FACADAC8514AA034] - 21/01/2008 - 03:46:54 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\system32\drivers
vraid.sys
O58 - SDL:[MD5.F7EA0FE82842D05EDA3EFDD376DBFDBA] - 21/01/2008 - 03:46:54 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\system32\drivers
vstor.sys
O58 - SDL:[MD5.795C6BDD366F3B9A67CAEEFD5A53183A] - 05/01/2007 - 22:10:44 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\system32\drivers
vstor64.sys
O58 - SDL:[MD5.0B83F4E681062F3839BE2EC1D98FD94A] - 21/01/2008 - 03:46:52 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\system32\drivers\ql2300.sys
O58 - SDL:[MD5.E1C80F8D4D1E39EF9595809C1369BF2A] - 02/11/2006 - 12:50:27 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\system32\drivers\ql40xx.sys
O58 - SDL:[MD5.3EA8A16169C26AFBEB544E0E48421186] - 30/09/2006 - 00:51:44 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\system32\drivers\secdrv.sys
O58 - SDL:[MD5.3A2F769FAB9582BC720E11EA1DFB184D] - 21/01/2008 - 03:47:26 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\system32\drivers\sisraid4.sys
O58 - SDL:[MD5.2F26A2C6FC96B29BEFF5D8ED74E6625B] - 02/11/2006 - 13:02:52 ---A- . (.LSI Logic - LSI Logic 8XX SCSI Miniport Driver.) -- C:\Windows\system32\drivers\symc8xx.sys
O58 - SDL:[MD5.A909667976D3BCCD1DF813FED517D837] - 02/11/2006 - 13:02:37 ---A- . (.LSI Logic - LSI Logic Hi-Perf SCSI Miniport Driver.) -- C:\Windows\system32\drivers\sym_hi.sys
O58 - SDL:[MD5.36887B56EC2D98B9C362F6AE4DE5B7B0] - 02/11/2006 - 13:02:47 ---A- . (.LSI Logic - LSI Logic Ultra160 SCSI Miniport Driver.) -- C:\Windows\system32\drivers\sym_u3.sys
O58 - SDL:[MD5.697F0446134CDC8F99E69306184FBBB4] - 21/01/2008 - 03:46:56 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\system32\drivers\uliahci.sys
O58 - SDL:[MD5.31707F09846056651EA2C37858F5DDB0] - 02/11/2006 - 12:50:54 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\system32\drivers\ulsata.sys
O58 - SDL:[MD5.85E5E43ED5B48C8376281BAB519271B7] - 21/01/2008 - 03:46:52 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series x64 Windows Driver.) -- C:\Windows\system32\drivers\ulsata2.sys
O58 - SDL:[MD5.8294B6C3FDB6C33F24E150DE647ECDAA] - 21/01/2008 - 03:46:50 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\viaide.sys
O58 - SDL:[MD5.A68F455ED2673835209318DD61BFBB0E] - 21/01/2008 - 03:47:25 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\system32\drivers\vsmraid.sys
O58 - SDL:[MD5.C2A6683C9FF46AA70E2C2092B008EDC7] - 11/10/2006 - 04:33:58 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\SysWOW64\drivers\ASUSHWIO.SYS
O58 - SDL:[MD5.C0D40BEAA6DFC05602FC8F484696F7F5] - 07/01/2010 - 16:07:14 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys


---\ Liste des outils de nettoyage (LATC) (O63)
O63 - Logiciel: HijackThis 2.0.2 - (.TrendMicro.)
O63 - Logiciel: ZHPDiag 1.25 - (.Nicolas Coolman.)
O63 - Logiciel: OTM - (OldTimer)



End of the scan (366 lines in 00mn 29s)

truecode · Answer

La je n'ai pas trop le temps mais je regarde ça ce soir

Rapport hijackthis

58 réponses

Discussions similaires