HELP : This website has been reported as unsa

manon_c12 -  
 manon_c12 -
Bonjour,

J'ai été infecté par un virus.
description: pendant ma navigation d'hier soir, une fenetre windows, qui avait l'air vraiment vrai, apparait "votre pc est infecté" et m'indique que pls virus ont été detecté. Il me propose d'opérer a la suppression des virus, mais ca ne marche pas (j'avais mis ok a un moment) et me demande une "clé" que je n'ai pas, c'est là que cela m'a semblé louche. Depuis, mes pages IE8 se bloque avec le messages : This website has been reported as unsafe.
Au vue de l'infection avéré de mon pc, j'ai consulté les sites internet, il s'avère qu'il s'agit d'un faux programmes antivirus qui s'installe impunément sur l'ordi, passant à travers Norton (que je posssède), son nom personal security. Effectivement il apparait dans mes programmes. J opère, d'après les conseils d'un internaute, a la suppression de ce programme, "ajout suppression programme", suppression manuelle de tous les fichiers portant son nom. PROBLEME : les pages IE8 se bloquent tjs, et malgré le redémarrage du pc. Ca se bloque 1 fois sur 2. J'avais ccleaner , donc g fais une analyse suppression au cas ou mais "This website has been reported as unsafe" est resistant. J'ai l'impression que ca se blok de plus en plus. ca devient urgent, j'ai peur que cela endommage mon disk dur.
Aidez moi, je suis nul en informatique!

34 réponses

  • 1
  • 2
Réponse 1 / 34
moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274
 
bonjour

tu as décris la définition d'un rogue

redémarrer le pc en mode sans échec avec prise en charge reseau

https://www.micro-astuce.com/depannage/demarrer-mode-sans-echec.php


Télécharge rkill

Enregistre-le sur ton Bureau
Double-clique sur l'icone rkill ( pour Vista/Seven clic-droit Exécuter en tant qu'Administrateur)
Un bref écran noir t'indiquera que le tool s'est correctement exécuter, s'il ne lance pas
change de lien de téléchargement en utilisant le suivant à partir d'ici:
https://download.bleepingcomputer.com/grinler/rkill.exe
https://download.bleepingcomputer.com/grinler/rkill.exe

Rkill COM: Rkill COM:
https://download.bleepingcomputer.com/grinler/rkill.com
https://download.bleepingcomputer.com/grinler/rkill.com

Rkill SCR: Rkill RCS:
https://download.bleepingcomputer.com/grinler/rkill.scr
https://download.bleepingcomputer.com/grinler/rkill.scr

Rkill PIF: Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif
http://download.bleepingcomputer.com/grinler/rkill.pif

une fois qu'il aura terminé


Téléchargez MalwareByte's Anti-Malware (que tu pourras garder ensuite)

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

. Enregistres le sur le bureau
. Double cliques sur le fichier téléchargé pour lancer le processus d'installation.
. Dans l'onglet "mise à jour", cliques sur le bouton Recherche de mise à jour
. Si le pare-feu demande l'autorisation de se connecter pour malwarebytes, accepte
. Une fois la mise à jour terminé
. Rend-toi dans l'onglet, Recherche
. Sélectionnes Exécuter un examen complet (examen assez long)
. Cliques sur Rechercher
. Le scan démarre.
. A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement.
Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
. Cliques sur Ok pour poursuivre.
. [b]Si des malwares ont été détectés, clique sur Afficher les résultats
. Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection
Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
. Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
. Rends toi dans l'onglet rapport/log
. Tu cliques dessus pour l'afficher, une fois affiché
. Tu cliques sur edition en haut du boc notes, et puis sur sélectionner tous
. Tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
. tu cliques droit dans le cadre de la reponse et coller


Si tu as besoin d'aide regarde ces tutoriels :
Aide: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
http://www.infos-du-net.com/forum/278396-11-tuto-malwarebytes-anti-malware-mbam
0
Réponse 2 / 34
manon_c12
 
Le problème c que depuis tout a l heure j'essaye d'accéder au mode sans echec comme indiquer sur le lien. J'ai un packard bell qd j'appuie sur f8 des le debut, il y a une fenetre qui me propose d'aller sur "hard disk" ou autre chose, je tape hard disk et f8 en meme temps et il me propose 2 trucs avec des numeos, j'ai tapé sur l un d'eux et ça ma demarré l'ordi normalement, jamais je vois apparaitre mode sans echec (f2 pour bios)
De plus pr telecharger rkill quand je serais dans le moe sans echec, je tape sur lequel de tes liens?
0
Réponse 3 / 34
moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274
 
bon

fais le en mode normal
0
moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274
 
pour Rkill tu fais le premier

s'il échoue passes au suivant
0
Réponse 4 / 34
manon_c12
 
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4053

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

30/04/2010 12:31:03
mbam-log-2010-04-30 (12-31-03).txt

Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 201335
Temps écoulé: 1 heure(s), 46 minute(s), 40 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\win32extension.dll (Trojan.FakeAlert) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\rxresult.rxresultfilter (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\rxresult.rxresultfilter.1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d1c4e81-a32a-416b-bcdb-33b3ef3617d3} (Adware.Need2Find) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\personsecurity (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\win32extension.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\Anne-Marie\Application Data\Microsoft\Internet Explorer\Quick Launch\PersonSecurity.lnk (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\smdat32a.sys (Rootkit.Agent) -> Quarantined and deleted successfully.




Je tiens à préciser que lorsque j'ai fais "supprimer la sélection" des 13 éléments détectés, une fenêtre m'a indiqué que "tout les éléments n'ont pas tous pu être supprimé. pour supprimer vous devez redémarrer, voulez vous redemarrez maintenant?" j'ai dit non pour continuer la marche a suivre.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 34
moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274
 
ok

redemarres le pc comme demandé

ensuite

Télécharge ZHPDiag ( de Nicolas coolman ).
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html

(outil de diagnostic)

Double clique sur le fichier d'installation, puis installe le avec les paramètres par défaut ( N'oublie pas de cocher " Créer une icône sur le bureau " )

Lance ZHPDiag en double cliquant sur l'icône présente sur ton bureau (Clique droit -> Executer en tant qu'admin pour vista )

Clique sur la loupe en haut à gauche, puis laisse l'outil scanner.

Une fois le scan terminé, clique sur l'icône en forme de disquette et enregistre le fichier sur ton bureau.

Rend toi sur Cjoint : http://www.cijoint.fr/

Clique sur "Parcourir " dans la partie " Joindre un fichier[...] "

Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau

Clique ensuite sur "Cliquez ici pour déposer le fichier " et copie/colle le lien dans ton prochain message


si soucis avec ci joint. fr => utiliser https://www.cjoint.com/


0
Réponse 6 / 34
manon_c12
 
http://www.cijoint.fr/cjlink.php?file=cj201004/cijJ4OKNqb.txt
0
Réponse 7 / 34
moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274
 
ok

1)


Téléchargez USBFIX de El Desaparecido, C_xx

http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe
ou
https://www.ionos.fr/?affiliate_id=77097

/!\ Utilisateur de vista et windows 7 :
ne pas oublier de désactiver Le contrôle des comptes utilisateurs
https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac

/!\ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

* Double clic sur le raccourci UsbFix présent sur le bureau .

* Choisir l'option2 suppression
(d'autres options disponibles, voir le tutoriel).
* Laissez travailler l'outil.
Le menu démarrer et les icônes vont disparaître.. c'est normal.

Si un message te demande de redémarrer l'ordinateur fais le ...

? Au redémarrage, le fix se relance... laisses l'opération s'effectuer.

? Le bloc note s'ouvre avec un rapport, envoies le dans la prochaine réponse


* Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

* Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.


* Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html


UsbFix peut te demander d'uploader un dossier compressé à cette adresse : https://www.ionos.fr/?affiliate_id=77097

Il est enregistré sur ton bureau.

Merci de l'envoyer à l'adresse indiquée afin d'aider l'auteur de UsbFix dans ses recherches.

...............................

2)

* Télécharge de AD-Remover sur ton Bureau. (Merci à C_XX)
http://pagesperso-orange.fr/NosTools/C_XX/AD-R.exe

Miroir:

https://www.androidworld.fr/

/!\ Déconnecte-toi d'internet et ferme toutes applications en cours /!\

Désactive provisoirement et seulement le temps de l'utilisation de ADremover, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

- Double-clique sur l'icône Ad-remover située sur ton Bureau.
- Sur la page, clique sur le bouton « NETTOYER »
- Confirme lancement du scan
- Laisse travailler l'outil.
- Poste le rapport qui apparaît à la fin.

(Le rapport est sauvegardé aussi sous C:\Ad-report(Scan/clean).Txt)

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

.............................

3)

DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)

? Télécharge List_Kill'em et enregistre le sur ton bureau

http://sd-1.archive-host.com/...

double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

Laisse coché :

Executer Shortcut
Executer List_Kill'em

une fois terminée , clic sur "terminer" et le programme se lancera seul

choisis l'option Search

laisse travailler l'outil

à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"




0
Réponse 8 / 34
manon_c12
 
Réponse etape 1
############################## | UsbFix V6.110 |

User : Anne-Marie (Administrateurs) # SN404475890003
Update on 29/04/2010 by El Desaparecido , C_XX & Chimay8
Start at: 17:15:08 | 30/04/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Pentium(R) 4 CPU 3.20GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled

C:\ -> Disque fixe local # 180,29 Go (96,24 Go free) [HDD] # NTFS
D:\ -> Disque CD-ROM

################## | Elements infectieux |

Supprimé ! C:\Recycler\S-1-5-21-3817341157-2852955905-2705397224-1008
Supprimé ! C:\Recycler\S-1-5-21-3885208989-1389336924-726956927-1003

################## | Registre |

Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

################## | Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\{d4926383-147e-11dd-8205-00038a000015}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{ec48c164-d459-11de-85a8-000feabe6cde}\Shell\AutoRun\Command

################## | Listing des fichiers présent |

[08/04/2005 08:15|-rahs----|215] C:\BOOT.BAK
[17/07/2007 10:35|--ahs----|296] C:\BOOT.INI
[05/08/2004 14:00|-rahs----|4952] C:\Bootfont.bin
[13/07/2007 13:09|--a------|2123] C:\cleannavi.txt
[05/08/2004 14:00|-rahs----|263488] C:\cmldr
[08/04/2005 08:04|--a------|6238] C:\DWNLOG.TXT
[05/09/2001 21:00|--a------|1700352] C:\gdiplus.dll
[?|?|?] C:\hiberfil.sys
[08/04/2005 08:18|-rahs----|0] C:\IO.SYS
[08/04/2005 08:20|--ah-----|826] C:\IPH.PH
[16/06/2005 11:48|--a------|183] C:\LogiSetup.log
[08/04/2005 08:18|-rahs----|0] C:\MSDOS.SYS
[11/04/2008 22:12|--a------|479136] C:\NetInstallPokerRoom.exe
[05/08/2004 14:00|-rahs----|47564] C:\NTDETECT.COM
[05/08/2004 14:00|-rahs----|251712] C:\ntldr
[?|?|?] C:\pagefile.sys
[13/07/2007 21:18|--a------|734] C:\rapport_clean.txt
[30/04/2010 10:28|--a------|646] C:\rkill.log
[07/04/2005 18:52|--a------|1182] C:\SAUDIT.TXT
[30/04/2010 17:25|--a------|2114] C:\UsbFix.txt

################## | Vaccination |

# C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).

################## | Upload |

Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_SN404475890003.zip : https://www.ionos.fr/?affiliate_id=77097
Merci pour votre contribution .
0
Réponse 9 / 34
moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274
 
vu

=> Ad Remover
0
Réponse 10 / 34
manon_c12
 
.
======= RAPPORT D'AD-REMOVER 2.0.0.0,D | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 29/04/10 à 18:00
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 17:33:04 le 30/04/2010 | Mode normal | Option: CLEAN
Exécuté de: C:\Ad-Remover\ADR.exe
SE: Microsoft® Windows XP(TM) Service Pack 2 - X86
Nom du PC: SN404475890003
Utilisateur actuel: Anne-Marie
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
Service: *Application Updater*
.
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\All Users\Bureau\Everest Poker.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Everest Poker
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Poker 770
C:\Documents and Settings\Anne-Marie\Application Data\pdfforge
C:\Documents and Settings\Anne-Marie\Application Data\Search Settings
C:\Documents and Settings\Anne-Marie\Menu Démarrer\Programmes\WebMediaPlayer
C:\Documents and Settings\Anne-Marie\Mes documents\PacificPoker
C:\Poker\Poker 770
C:\Program Files\Application Updater
C:\Program Files\Everest Poker
C:\Program Files\Mozilla Firefox\extensions\searchsettings@spigot.com
C:\Program Files\pdfforge Toolbar

(!) -- Fichiers temporaires supprimés.
.
HKCU\Software\Dynamic Toolbar
HKCU\Software\EoRezo
HKCU\Software\Grand Virtual
HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKCU\Software\pacificpoker
HKCU\Software\pdfforge
HKCU\Software\Poker 770
HKCU\Software\pokerinstaller
HKCU\Software\Search Settings
HKLM\Software\Application Updater
HKLM\Software\Classes\AxMetaStream.MetaStreamCtl
HKLM\Software\Classes\AxMetaStream.MetaStreamCtl.1
HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary
HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary.1
HKLM\Software\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKLM\Software\Classes\Need2FindBar.SettingsPlugin
HKLM\Software\Classes\Need2FindBar.SettingsPlugin.1
HKLM\Software\Classes\Need2FindBar.ToolbarPlugin
HKLM\Software\Classes\Need2FindBar.ToolbarPlugin.1
HKLM\Software\Classes\TypeLib\{4D1C4E80-A32A-416B-BCDB-33B3EF3617D3}
HKLM\Software\MetaStream
HKLM\Software\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
HKLM\Software\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Everest Poker
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
HKLM\Software\pdfforge
HKLM\Software\Poker 770
HKLM\Software\Search Settings
HKLM\Software\Viewpoint
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKLM\Software\Microsoft\Internet Explorer\Toolbar|{B922D405-6D13-4A2B-AE89-08A030DA4402}
HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Eoengine
HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SearchSettings
HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Softwarehelper
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Application Updater\ApplicationUpdater.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\pdfforge Toolbar\FF\chrome.manifest
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\pdfforge Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\pdfforge Toolbar\FF\install.rdf
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\pdfforge Toolbar\SearchSettings.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\pdfforge Toolbar\SearchSettings.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\pdfforge Toolbar\SSFF\chrome.manifest
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\pdfforge Toolbar\SSFF\chrome\locale\en-US\searchsettingsplugin.dtd
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\pdfforge Toolbar\SSFF\components\SearchSettingsFF.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\pdfforge Toolbar\SSFF\install.rdf
.
(Orpheline) BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} (CLSID manquant)
(Orpheline) HKLM,Uninstall - ie7 - C:\WINDOWS\ie7\spuninst\spuninst.exe (Fichier manquant)
.
============== SCAN ADDITIONNEL ==============
.
* Mozilla FireFox Version 3.5.9 (fr) *
.
C:\Documents and Settings\Anne-Marie\..\5kesvvou.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\Anne-Marie\\Mes documents\\Mes images
C:\Documents and Settings\Anne-Marie\..\5kesvvou.default\prefs.js - browser.search.defaultenginename: Google
C:\Documents and Settings\Anne-Marie\..\5kesvvou.default\prefs.js - browser.search.defaulturl: hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
C:\Documents and Settings\Anne-Marie\..\5kesvvou.default\prefs.js - browser.search.selectedEngine: Google
C:\Documents and Settings\Anne-Marie\..\5kesvvou.default\prefs.js - browser.startup.homepage: hxxp://y.lo.st
C:\Documents and Settings\Anne-Marie\..\5kesvvou.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.1.9
.
EFFACÉ: C:\Documents and Settings\Anne-Marie\..\5kesvvou.default\prefs.js - user_pref("browser.startup.homepage", "hxxp://y.lo.st");
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKCU\Software\Microsoft\Internet Explorer\Main]
.
AutoHide: yes
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Search Asst: no
.
[HKLM\Software\Microsoft\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
.
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
.
========================================
.
C:\Ad-Remover\Quarantine: 81 Fichier(s)
C:\Ad-Remover\Backup: 14 Fichier(s)
.
C:\Ad-Report-CLEAN[1].txt - 7596 Octet(s)
.
Fin à: 17:43:05, 30/04/2010
.
============== E.O.F - CLEAN[1] ==============
0
Réponse 11 / 34
moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274
 
vu

=> List_Kill'em
0
Réponse 12 / 34
manon_c12
 
List'em by g3n-h@ckm@n 1.7.2.5

User : Anne-Marie (Administrateurs)
Update on 29/04/2010 by g3n-h@ckm@n ::::: 21.00
Start at: 17:54:50 | 30/04/2010

Intel(R) Pentium(R) 4 CPU 3.20GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled

C:\ -> Disque fixe local | 180,29 Go (96,41 Go free) [HDD] | NTFS
D:\ -> Disque CD-ROM

Boot: Normal

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Anne-Marie\Mes documents\Mes images\tomtom\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\apps\ABoard\AOSD.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Apps\EZHome\EZStatus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Documents and Settings\Anne-Marie\Mes documents\Mes images\tomtom\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\pv.exe
0
moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274
 
le rapport n'est pas complet, il se ternie par EOF
0
Réponse 13 / 34
manon_c12
 
=====================
Keys "Run"
======================

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
EzStatus REG_SZ C:\Apps\EZHome\EZStatus.exe
LogitechSoftwareUpdate REG_SZ "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
VeohPlugin REG_SZ "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
TomTomHOME.exe REG_SZ "C:\Documents and Settings\Anne-Marie\Mes documents\Mes images\tomtom\TomTom HOME 2\TomTomHOMERunner.exe"
WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
IMJPMIG8.1 REG_SZ "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
PHIME2002ASync REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
Raccourci vers la page des propriétés de High Definition Audio REG_SZ HDAudPropShortcut.exe
SoundMan REG_SZ SOUNDMAN.EXE
AlcWzrd REG_SZ ALCWZRD.EXE
Alcmtr REG_SZ ALCMTR.EXE
ATIPTA REG_SZ C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
PCMService REG_SZ "c:\Apps\Powercinema\PCMService.exe"
ACTIVBOARD REG_SZ c:\apps\ABoard\ABoard.exe
VCSPlayer REG_SZ "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
LVCOMSX REG_SZ C:\WINDOWS\system32\LVCOMSX.EXE
LogitechVideoRepair REG_SZ C:\Program Files\Logitech\Video\ISStart.exe
LogitechVideoTray REG_SZ C:\Program Files\Logitech\Video\LogiTray.exe
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)

===============

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 255 (0xff)
NoDriveAutoRun REG_DWORD 255 (0xff)
HonorAutoRunSetting REG_DWORD 0 (0x0)

===============

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveAutoRun REG_DWORD 255 (0xff)
NoCDBurning REG_DWORD 0 (0x0)
HonorAutoRunSetting REG_DWORD 0 (0x0)
NoDriveTypeAutoRun REG_DWORD 255 (0xff)

===============

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ

===============

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultDomainName REG_SZ SN404475890003
DefaultUserName REG_SZ Anne-Marie
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 1 (0x1)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 1 (0x1)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 0 (0x0)
AltDefaultUserName REG_SZ Anne-Marie
AltDefaultDomainName REG_SZ SN404475890003

===============

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

===============

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ

===============

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%ProgramFiles%\AOL 9.0\aol.exe REG_SZ %ProgramFiles%\AOL 9.0\aol.exe:*:Enabled:AOL
%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe REG_SZ %ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA
%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe REG_SZ %ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe:*:Enabled:PANDORA
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\APPS\Inventime\my.exe REG_SZ C:\APPS\Inventime\my.exe:*:Enabled:INVENTIME
C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\Program Files\Real\RealPlayer\realplay.exe REG_SZ C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer
C:\Program Files\Kazaa\kazaa.exe REG_SZ C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa Media Desktop
C:\Program Files\Shareaza\Shareaza.exe REG_SZ C:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza
C:\Program Files\Tiscali_Triway_WiFi\Wizard\CTD_FirmwareUpgrader.exe REG_SZ C:\Program Files\Tiscali_Triway_WiFi\Wizard\CTD_FirmwareUpgrader.exe:*:Enabled:Réinitialisation du terminal
C:\Program Files\Tiscali_Triway_WiFi\Wizard\CTD633_Tiscali.exe REG_SZ C:\Program Files\Tiscali_Triway_WiFi\Wizard\CTD633_Tiscali.exe:*:Enabled:Tiscali - Assistant de configuration
C:\Program Files\eMule\emule.exe REG_SZ C:\Program Files\eMule\emule.exe:*:Disabled:eMule
C:\Program Files\Canon\DV Messenger\DV Messenger.exe REG_SZ C:\Program Files\Canon\DV Messenger\DV Messenger.exe:*:Enabled:Executable
C:\WINDOWS\system32\rtcshare.exe REG_SZ C:\WINDOWS\system32\rtcshare.exe:*:Enabled:Partage de l'application RTC
C:\Program Files\Internet Explorer\IEXPLORE.EXE REG_SZ C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe REG_SZ C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater
C:\Program Files\Gadu-Gadu\gg.exe REG_SZ C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program glowny
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe REG_SZ C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe:*:Enabled:Kaspersky AV Scanner
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe REG_SZ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe REG_SZ C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Bonjour\mDNSResponder.exe REG_SZ C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
C:\Program Files\iTunes\iTunes.exe REG_SZ C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe REG_SZ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
0
Réponse 14 / 34
manon_c12
 
===============
ActivX controls
===============

[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{00B71CFB-6864-4346-A978-C0A14556272C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{0CCA191D-13A6-4E29-B746-314DEE697D83}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{14B87622-7E19-4EA8-93B3-97215F77A6BC}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{17492023-C23A-453E-A040-C7C580BBF700}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{31B7EB4E-8B4B-11D1-A789-00A0CC6651A8}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6A344D34-5231-452A-8A57-D064AC9B7862}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8100D56A-5661-482C-BEE8-AFECE305D968}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8E0D4DE5-3180-4024-A327-4DFAD1796A8D}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{9122D757-5A4F-4768-82C5-B4171D8556A7}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{B8BE5E93-A60C-4D26-A2DC-220313175592}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D6E7CFB5-C074-4D1C-B647-663D1A8D96BF}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]

===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{7C5EB9E7-2D02-4B23-8412-9C0F7E5DD6D5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Microsoft Base Smart Card Crypto Provider Package]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{166B1BCA-3F9C-11CF-8075-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B508B3F1-A24A-32C0-B310-85786919EF28}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}]

==============
BHO :
======

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]

===
DNS
===

HKLM\SYSTEM\CCS\Services\Tcpip\..\{BD96F91E-14C3-4486-A160-A85E5B59AB03}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{BD96F91E-14C3-4486-A160-A85E5B59AB03}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{BD96F91E-14C3-4486-A160-A85E5B59AB03}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

================
Internet Explorer :
================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Default_Search_URL REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_Page_URL REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr
Local Page REG_SZ C:\WINDOWS\system32\blank.htm

========
Services
========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3 ( OK = 3 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )

========
Safemode
========

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!

=========
Atapi.sys
=========

C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\atapi.sys :
MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674]
SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]

C:\WINDOWS\system32\drivers\atapi.sys :
MD5 :: [cdfe4411a69c224bd1d11b2da92dac51]
SHA256 :: [0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d]

Référence :
==========

Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e

=======
Drive :
=======

D'fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

Rapport d'analyse
180 Go total, 96,41 Go libre (53%), 12% fragment' (fragmentation du fichier 24%)

Vous devriez d'fragmenter ce volume.

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Present !! : C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
Present !! : C:\Program Files\KaZaA
Present !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Present !! : C:\WINDOWS\System32\MSWINSCK.OCX
Present !! : C:\WINDOWS\System32\rnaph.dll
Present !! : C:\WINDOWS\System32\SET*.tmp
Present !! : C:\WINDOWS\Temp\JET92C5.tmp
Present !! : C:\Documents and Settings\Anne-Marie\Application Data\GDIPFONTCACHEV1.DAT
Present !! : C:\Documents and Settings\Anne-Marie\Application Data\GDIPFONTCACHEV1.DAT
Present !! : C:\Documents and Settings\Anne-Marie\LOCAL Settings\Temp\Perflib_Perfdata_c14.dat

¤¤¤¤¤¤¤¤¤¤ Keys :

Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Present !! : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\76DA9915C36F3D742951F63351CF5C97
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9B0B0584E80456A4FB98DA3973B1EB3F
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A89F1E0FE544529429C8BF82FE74CE39
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\C9667115F6A9CE340B31B63B680FF26F
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EFB70E89C3D6D354596520DE424F89D6
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F49A213B5069AC348994D03F81B56C19
Present !! : HKLM\SYSTEM\ControlSet001\Enum\Root\Legacy_BHDRVX86
Present !! : HKLM\SYSTEM\ControlSet001\Enum\Root\Legacy_MEMSWEEP2
Present !! : HKLM\SYSTEM\ControlSet001\Services\MEMSWEEP2
Present !! : HKLM\SYSTEM\ControlSet003\Enum\Root\Legacy_BHDRVX86
Present !! : HKLM\SYSTEM\ControlSet003\Enum\Root\Legacy_MEMSWEEP2
Present !! : HKLM\SYSTEM\ControlSet003\Services\MEMSWEEP2
Present !! : HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_BHDRVX86
Present !! : HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_MEMSWEEP2
Present !! : HKLM\SYSTEM\CurrentControlSet\Services\MEMSWEEP2

============

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-30 18:50:39
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
kernel: MBR read successfully
user & kernel MBR OK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
AntiVirusOverride REG_DWORD 0 (0x0)
FirewallOverride REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

End of scan : 18:50:42,40
0
Réponse 15 / 34
manon_c12
 
j'ai divisé la réponse
0
Réponse 16 / 34
moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274
 
vu

1)

Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :

choisis l'option CLEAN
ton PC va redemarrer,

laisse travailler l'outil.

en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,

colle le contenu dans ta reponse

......................

2)

refais un nouveau rapport ZHPdiag et postes le lien stp



0
Réponse 17 / 34
manon_c12
 
Kill'em by g3n-h@ckm@n 1.7.2.5

User : Anne-Marie (Administrateurs)
Update on 29/04/2010 by g3n-h@ckm@n ::::: 21.00
Start at: 19:54:35 | 30/04/2010

Intel(R) Pentium(R) 4 CPU 3.20GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled

C:\ -> Disque fixe local | 180,29 Go (96,35 Go free) [HDD] | NTFS
D:\ -> Disque CD-ROM


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Anne-Marie\Mes documents\Mes images\tomtom\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\List_Kill'em\ERUNT.EXE
C:\Program Files\List_Kill'em\pv.exe

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Quarantined & Deleted !! : C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
Quarantined & Deleted !! : C:\Program Files\KaZaA

Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Quarantined & Deleted !! : C:\WINDOWS\system32\MSWINSCK.OCX
Quarantined & Deleted !! : C:\WINDOWS\System32\rnaph.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\SET14E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET150.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET155.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET15C.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\JET4F2F.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\JET92C5.tmp
Quarantined & Deleted !! : C:\Documents and Settings\Anne-Marie\Application Data\GDIPFONTCACHEV1.DAT
Deleted !! : C:\RECYCLER\S-1-5-21-3817341157-2852955905-2705397224-1008\Dc1.exe

=======
Hosts :
=======

127.0.0.1 localhost

========
Registry
========

Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Deleted : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\76DA9915C36F3D742951F63351CF5C97
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9B0B0584E80456A4FB98DA3973B1EB3F
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A89F1E0FE544529429C8BF82FE74CE39
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\C9667115F6A9CE340B31B63B680FF26F
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EFB70E89C3D6D354596520DE424F89D6
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F49A213B5069AC348994D03F81B56C19
Deleted : HKLM\SYSTEM\ControlSet001\Enum\Root\Legacy_BHDRVX86
Deleted : HKLM\SYSTEM\ControlSet001\Enum\Root\Legacy_MEMSWEEP2
Deleted : HKLM\SYSTEM\ControlSet001\Services\MEMSWEEP2
Deleted : HKLM\SYSTEM\ControlSet003\Enum\Root\Legacy_BHDRVX86
Deleted : HKLM\SYSTEM\ControlSet003\Enum\Root\Legacy_MEMSWEEP2
Deleted : HKLM\SYSTEM\ControlSet003\Services\MEMSWEEP2
=================
Internet Explorer
=================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.com/?gws_rd=ssl
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

===============
Security Center
===============

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
AntiVirusOverride REG_DWORD 1 (0x1)
FirewallOverride REG_DWORD 1 (0x1)
FirewallDisableNotify REG_DWORD 0 (0x0)

========
Services
=========

Ndisuio : Start = 3
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2

============
Disk Cleaned
anti-ver blaster : OK
Prefetch cleaned
================



¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Réponse 18 / 34
manon_c12
 
Rapport de ZHPDiag v1.25.1415 par Nicolas Coolman
Run by Anne-Marie at 30/04/2010 21:37:54
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html

---\\ Web Browser
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox (3.5.9)

---\\ System Information
Platform : Microsoft Windows XP (5.1.2600) Service Pack 2
Processor: x86 Family 15 Model 4 Stepping 1, GenuineIntel
Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1023 MB (30% free)
System drive C: has 96 GB (53%) free of 180 GB

---\\ Logged in mode
Computer Name: SN404475890003
User Name: Anne-Marie
Unselected Option: O1,O45,O61,O65
Logged in as Administrator

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 96 Go of 180 Go)
D:\ CD-ROM drive (Not Inserted)


---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: Modified
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: Modified
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK


---\\ Processus lancés
[MD5.7BBE4CF421AECC7F0226EDD75F12079F] - (.Microsoft Corporation - Microsoft IME.) -- C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe [208952]
[MD5.024DC0F68DF5FD6AE9DD82DFBAF479D6] - (.Microsoft Corporation - ???????? 2002a.) -- C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe [455168]
[MD5.2863F29C5F134B92445C78FDEF46BB89] - (.ATI Technologies, Inc. - ATI Desktop Control Panel.) -- C:\ATI Technologies\ATI Control Panel\atiptaxx.exe [339968]
[MD5.5E4C9C25D603AE46DEDCBD9674F86E21] - (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jusched.exe [149280]
[MD5.ED0F2CC726E167AF02FBD250BF35C7A0] - (.CyberLink Corp. - CyberLink PowerCinema Resident Program.) -- c:\Apps\Powercinema\PCMService.exe [110740]
[MD5.84DA056C4331B17A5AAFACFF49C3BBA3] - (.NEC Computers International - Activboard Application.) -- c:\apps\ABoard\ABoard.exe [24576]
[MD5.551A7585694985D50B0C3891A03AB50B] - (.H+H Software GmbH - Virtual CD v4.3 SDK - Player.) -- C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe [299008]
[MD5.BCD419D4EA19087E91601C1C2914323A] - (.Logitech Inc. - LVCom Server.) -- C:\WINDOWS\system32\LVCOMSX.exe [221184]
[MD5.3D9D5AA7B8A3D9F447274599D3EFB578] - (.Logitech Inc. - Logitech QuickCam Startup Application.) -- C:\Program Files\Logitech\Video\ISStart.exe [458752]
[MD5.EE2A9192A73D51E7F4D9099FC35C32D0] - (.Logitech Inc. - ImageStudio Tray Application.) -- C:\Program Files\Logitech\Video\LogiTray.exe [217088]
[MD5.3CF6BFF887AF6F733473D81A8921A5C5] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [180269]
[MD5.FABAD2BFD44661D8CC627E5485BFAFAF] - (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\qttask.exe [413696]
[MD5.9D4F3923F8D3A13F2FEADB66C62FE5D0] - (.Apple Inc. - iTunesHelper Module.) -- C:\Program Files\iTunes\iTunesHelper.exe [292136]
[MD5.804F9A025540D3EA0A78618E3F8FF8E5] - (.Nec Computers International - Application EZStatus.) -- C:\Apps\EZHome\EZStatus.exe [94208]
[MD5.C1913A21CB3A7BF314641ACF0A8F81C9] - (.Logitech Inc. - Logitech Software Update.) -- C:\Program Files\Logitech\Video\ManifestEngine.exe [196608]
[MD5.5584247B568C2E53934873F4B655FE6A] - (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe [15360]
[MD5.D55F27F176CC687AAE438E0907F5A6D3] - (.Veoh Networks - Veoh Web Player Beta.) -- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [3558136]
[MD5.49AD8709B96741F9C3C5A98CBBAB0777] - (.TomTom - System Tray application for TomTom HOME.) -- C:\Documents and Settings\Anne-Marie\Mes documents\Mes images\tomtom\TomTom HOME 2\TomTomHOMERunner.exe [247144]
[MD5.5011A24AECF4D573473BDC15EE84C178] - (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe [204288]
[MD5.BB1DA35335D88DB1CE1FEE8BD35F2248] - (.America Online, Inc. - AOL Connectivity Service.) -- C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe [1123440]
[MD5.7E94E567C1AA5ABE6174032B3DAB6C23] - (.Apple Inc. - Apple Mobile Device Service.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144712]
[MD5.C67BDE7FB9B34496BDDD0F5F5922D3E4] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\WINDOWS\system32\Ati2evxx.exe [344064]
[MD5.1BD6C2F707A275CB7C16FD99FE0F31CA] - (.Microsoft Corporation - Generic Host Process for Win32 Services.) -- C:\WINDOWS\System32\svchost.exe [14336]
[MD5.3F56903E124E820AEECE6D471583C6C1] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [238888]
[MD5.0326B36B8331569F25DB4A06412261F9] - (.Pas de propriétaire - CLCapSvc Module.) -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe [176220]
[MD5.F905E8799D4EBF0597DFEEE659ECBA36] - (.Pas de propriétaire - CLSched Module.) -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe [110682]
[MD5.2BB11CD367D49098D57A8638ADB5BCF6] - (.Cyberlink - NT CLMLServer.) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe [24576]
[MD5.9D6BF82FE50D55F20F8E10E0F6653886] - (.Microsoft Corporation - Applications Services et Contrôleur.) -- C:\WINDOWS\system32\services.exe [111104]
[MD5.69202C049779AE09470370F163363F13] - (.Pas de propriétaire - Pas de description.) -- c:\APPS\HIDSERVICE\HIDSERVICE.exe [49152]
[MD5.09417134F248DFCEEA15C72BCC87F592] - (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) -- C:\Program Files\Java\jre6\bin\jqs.exe [153376]
[MD5.11F714F85530A2BD134074DC30E99FCA] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [322120]
[MD5.EE215321E83BE72AB77B6627FD149EAE] - (.Symantec Corporation - Symantec Service Framework.) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [117640]
[MD5.9F3744A5C6F49291A7A685040A013399] - (.Microsoft Corporation - LSA Shell (Export Version).) -- C:\WINDOWS\system32\lsass.exe [13312]
[MD5.DA81EC57ACD4CDC3D4C51CF3D409AF9F] - (.Microsoft Corporation - Spooler SubSystem App.) -- C:\WINDOWS\system32\spoolsv.exe [57856]
[MD5.67C5AF84809468061121FBCBECB19285] - (.Symantec Corporation - Norton Security Center Service.) -- C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe [316544]
[MD5.FBD16717FD68B206C4CE3BB3C9EE5CB3] - (.TomTom - Windows Service for TomTom HOME.) -- C:\Documents and Settings\Anne-Marie\Mes documents\Mes images\tomtom\TomTom HOME 2\TomTomHOMEService.exe [92008]
[MD5.8C7579C9E29FB3430EF5AC8C09A71211] - (.H+H Software GmbH - Virtual CD v4.3 SDK - Security Service.) -- C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [139264]
[MD5.C9BEA742CE225CC993C9465FDDAE4656] - (.Microsoft Corporation - Service Partage réseau du Lecteur Windows M.) -- C:\Program Files\Windows Media Player\WMPNetwk.exe [918016]


---\\ Pages de recherche de Mozilla Firefox (M1)
M1 - SPR:Search Page Redirection - C:\Program Files\Mozilla FireFox\extensions\pdfforge@mybrowserbar.com


---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: Shell=explorer.exe


---\\ Pages de recherche d'Internet Explorer (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local


---\\ Internet Explorer URLSearchHook (R3)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.18904 (longhorn_ie8_gdr.100222-1700)) -- C:\WINDOWS\system32\ieframe.dll
R3 - URLSearchHook: Microsoft Url Search Hook - {EF99BD32-C1FB-11D2-892F-0090271D4F88} . (.Yahoo! Inc. - Yahoo! Toolbar.) (2008, 7, 28, 01) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll


---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} . (.Yahoo! Inc. - Yahoo! Toolbar.) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} . (.Adobe Systems Incorporated - Adobe Acrobat IE Helper Version 7.0 for Act.) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} . (.Pas de propriétaire - Pas de description.) -- (.not file.)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} . (.Symantec Corporation - coIEPlugIn.) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} . (.Symantec Corporation - IPS Browser Helper DLL.) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} . (.Sun Microsystems, Inc. - Java(TM) Quick Starter binary.) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} . (.Yahoo! Inc - Yahoo! Single Instance for Mail.) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll


---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} . (.Symantec Corporation - coIEPlugIn.) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} . (.Veoh Networks Inc - Veoh Video Finder.) -- C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} . (.Veoh Networks - Veoh Video Compass.) -- C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} . (.Yahoo! Inc. - Yahoo! Toolbar.) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll


---\\ Applications démarrées automatiquement par le registre (O4)
O4 - HKLM\..\Run: [IMJPMIG8.1] . (.Microsoft Corporation - Microsoft IME.) -- C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe
O4 - HKLM\..\Run: [PHIME2002ASync] . (.Microsoft Corporation - ???????? 2002a.) -- C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
O4 - HKLM\..\Run: [PHIME2002A] . (.Microsoft Corporation - ???????? 2002a.) -- C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
O4 - HKLM\..\Run: [ATIPTA] . (.ATI Technologies, Inc. - ATI Desktop Control Panel.) -- C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] . (.CyberLink Corp. - CyberLink PowerCinema Resident Program.) -- c:\Apps\Powercinema\PCMService.exe
O4 - HKLM\..\Run: [ACTIVBOARD] . (.NEC Computers International - Activboard Application.) -- c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [VCSPlayer] . (.H+H Software GmbH - Virtual CD v4.3 SDK - Player.) -- C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
O4 - HKLM\..\Run: [LVCOMSX] . (.Logitech Inc. - LVCom Server.) -- C:\WINDOWS\system32\LVCOMSX.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] . (.Logitech Inc. - Logitech QuickCam Startup Application.) -- C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] . (.Logitech Inc. - ImageStudio Tray Application.) -- C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper Module.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [EzStatus] . (.Nec Computers International - Application EZStatus.) -- C:\Apps\EZHome\EZStatus.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] . (.Logitech Inc. - Logitech Software Update.) -- C:\Program Files\Logitech\Video\ManifestEngine.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VeohPlugin] . (.Veoh Networks - Veoh Web Player Beta.) -- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] . (.TomTom - System Tray application for TomTom HOME.) -- C:\Documents and Settings\Anne-Marie\Mes documents\Mes images\tomtom\TomTom HOME 2\TomTomHOMERunner.exe
O4 - HKCU\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [EzStatus] . (.Nec Computers International - Application EZStatus.) -- C:\Apps\EZHome\EZStatus.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [EzStatus] . (.Nec Computers International - Application EZStatus.) -- C:\Apps\EZHome\EZStatus.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - Global Startup: Adobe Gamma Loader.lnk . (.Adobe Systems, Inc. - Adobe Gamma Loader.) -- C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk . (.Logitech Inc. - Logitech Desktop Messenger.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: OpenOffice.org 3.1.lnk . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\OpenOffice.org 3\program\quickstart.exe
0
Réponse 19 / 34
manon_c12
 
---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: Add to Windows &Live Favorites - (.not file.) - http:\\favorites.live.com\quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.exe


---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (.Pas de propriétaire - Pas de description.) -- C:\PROGRA~1\MICROS~2\OFFICE11\REFBARH.ICO
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Real\RealPlayer\eb_act.ico
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe


---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Apple Inc. - Bonjour Namespace Provider.) -- C:\Program Files\Bonjour\mdnsNSP.dll


---\\ Piratage de l'Option 'Rétablir les paramètres Web' (O14)
O14 - IERESET.INF: START_PAGE_URL=START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm


---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - (.not file.) - https:\\webdl.symantec.com\activex\symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} () - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab


---\\ Protocole additionnel et piratage de protocole (O18)
O18 - Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} . (.Logitech Inc. - Logitech Desktop Messenger.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} . (.Symantec Corporation - coIEPlugIn.) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll


---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) -- C:\WINDOWS\System32\Ati2evxx.dll
O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Windows Genuine Advantage Notification.) -- C:\WINDOWS\System32\WgaLogon.dll


---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSODL) (O21)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objet du service d'environnement Systray.) -- C:\WINDOWS\system32\stobject.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} . (.Microsoft Corporation - Windows Portable Device Shell Service Objec.) -- C:\WINDOWS\system32\WPDShServiceObj.dll


---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll


---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: AOL Connectivity Service (AOL ACS) . (.America Online, Inc. - AOL Connectivity Service.) - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device (Apple Mobile Device) . (.Apple Inc. - Apple Mobile Device Service.) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: (Ati HotKey Poller) . (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) . (.Apple Inc. - Bonjour Service.) - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) . (.Pas de propriétaire - CLCapSvc Module.) - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) . (.Pas de propriétaire - CLSched Module.) - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service (CyberLink Media Library Service) . (.Cyberlink - NT CLMLServer.) - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) . (.Pas de propriétaire - Pas de description.) - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Internet Security (Norton Internet Security) . (.Symantec Corporation - Symantec Service Framework.) - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
O23 - Service: SymWMI Service (SymWSC) . (.Symantec Corporation - Norton Security Center Service.) - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TomTomHOMEService (TomTomHOMEService) . (.TomTom - Windows Service for TomTom HOME.) - C:\Documents and Settings\Anne-Marie\Mes documents\Mes images\tomtom\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) . (.H+H Software GmbH - Virtual CD v4.3 SDK - Security Service.) - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O23 - Service: VNC Server Version 4 (WinVNC4) . (.Pas de propriétaire - Pas de description.) - C:\Program Files\RealVNC\VNC4\WinVNC4.exe


---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Symantec NetDetect.job


---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Personnalisation du navigateur - >{7C5EB9E7-2D02-4B23-8412-9C0F7E5DD6D5} . (.Pas de propriétaire - Pas de description.) -- RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\regutils.dll
O40 - ASIC: Macromedia Shockwave Director 8.5 - {166B1BCA-3F9C-11CF-8075-444553540000} . (.Macromedia, Inc. - Shockwave ActiveX Control.) -- C:\WINDOWS\system32\Macromed\Director\SwDir.dll
O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\msnetmtg.inf
O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\msmsgs.inf
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\wmp11.inf
O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11cf-96B8-444553540000} . (.Adobe Systems, Inc. - Adobe Flash Player 10.0 r32.) -- C:\WINDOWS\system32\Macromed\Flash\Flash10c.ocx


---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: Symantec Heuristics Driver (BHDrvx86) . (.Symantec Corporation - BASH Driver.) - C:\WINDOWS\system32\Drivers\NIS\1008000.029\BHDrvx86.sys
O41 - Driver: Symantec Hash Provider (ccHP) . (.Symantec Corporation - Common Client Hash Provider Driver.) - C:\WINDOWS\system32\Drivers\NIS\1008000.029\ccHPx86.sys
O41 - Driver: Symantec Eraser Control driver (eeCtrl) . (.Symantec Corporation - Symantec Eraser Control Driver.) - C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys
O41 - Driver: IDSxpx86 (IDSxpx86) . (.Symantec Corporation - IDS Core Driver.) - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100422.002\IDSxpx86.sys
O41 - Driver: Boot Tasks Driver (SAVRKBootTasks) . (.Sophos Plc - Sophos boot tasks for Windows 2000.) - C:\WINDOWS\system32\SAVRKBootTasks.sys
O41 - Driver: Symantec Real Time Storage Protection (SRTSP) . (.Symantec Corporation - Symantec AutoProtect.) - C:\WINDOWS\system32\Drivers\NIS\1008000.029\SRTSP.sys
O41 - Driver: Symantec Real Time Storage Protection (PEL) (SRTSPX) . (.Symantec Corporation - Symantec AutoProtect.) - C:\WINDOWS\system32\drivers\NIS\1008000.029\SRTSPX.sys
O41 - Driver: Symantec Network Dispatch Driver (SYMTDI) . (.Symantec Corporation - Network Dispatch Driver.) - C:\WINDOWS\system32\Drivers\NIS\1008000.029\SYMTDI.sys
O41 - Driver: (vcsmpdrv) . (.H+H Software GmbH - Virtual CD v4.3 - Windows 2000 / XP Driver.) - C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys


---\\ Logiciels installés (O42)
O42 - Logiciel: Adobe Digital Editions - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM]
O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM]
O42 - Logiciel: Adobe Photoshop 7.0 - (.Adobe Systems, Inc..) [HKLM]
O42 - Logiciel: Adobe Reader 7.0 - Français - (.Adobe Systems Incorporated.) [HKLM]
O42 - Logiciel: Alice ADSL - Installation principale - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: Amazon MP3 Downloader 1.0.9 - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: Apple Mobile Device Support - (.Apple Inc..) [HKLM]
O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM]
O42 - Logiciel: Archiveur WinRAR - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: Assistant de connexion Windows Live - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Audacity 1.2.6 - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: Bonjour - (.Apple Inc..) [HKLM]
O42 - Logiciel: CCHelp - (.Nom de votre société.) [HKLM]
O42 - Logiciel: CCScore - (.EASTMAN KODAK Company.) [HKLM]
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM]
O42 - Logiciel: Canon Camera Window for ZoomBrowser EX - (.Canon.) [HKLM]
O42 - Logiciel: Canon Internet Library for ZoomBrowser EX - (.Canon Inc..) [HKLM]
O42 - Logiciel: Canon PhotoRecord - (.Cisra.) [HKLM]
O42 - Logiciel: Canon RAW Image Task for ZoomBrowser EX - (.Canon.) [HKLM]
O42 - Logiciel: Canon RemoteCapture Task for ZoomBrowser EX - (.Canon.) [HKLM]
O42 - Logiciel: Canon Utilities PhotoStitch 3.1 - (.Canon.) [HKLM]
O42 - Logiciel: Canon Utilities ZoomBrowser EX - (.CISRA.) [HKLM]
O42 - Logiciel: Color Scheme Editor - (.Post Productions.) [HKLM]
O42 - Logiciel: Cosmo Player 2.1 (38329) - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: DV Network Software - (.Canon Inc..) [HKLM]
O42 - Logiciel: DivX Codec - (.DivX, Inc..) [HKLM]
O42 - Logiciel: DivX Player - (.DivXNetworks, Inc..) [HKLM]
O42 - Logiciel: DivX Web Player - (.DivX,Inc..) [HKLM]
O42 - Logiciel: Drivers Comtrend CT-600 - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: ESSANUP - (.Nom de votre société.) [HKLM]
O42 - Logiciel: ESSAdpt - (.Nom de votre société.) [HKLM]
O42 - Logiciel: ESSCAM - (.Nom de votre société.) [HKLM]
O42 - Logiciel: ESSCDBK - (.Nom de votre société.) [HKLM]
O42 - Logiciel: ESSPCD - (.Nom de votre société.) [HKLM]
O42 - Logiciel: ESSSONIC - (.EASTMAN KODAK Company.) [HKLM]
O42 - Logiciel: ESScore - (.Nom de votre société.) [HKLM]
O42 - Logiciel: ESSgui - (.Nom de votre société.) [HKLM]
O42 - Logiciel: ESShelp - (.Nom de votre société.) [HKLM]
O42 - Logiciel: ESSini - (.Nom de votre société.) [HKLM]
O42 - Logiciel: ESSvpaht - (.Eastman Kodak.) [HKLM]
O42 - Logiciel: Encyclopédie Universelle Larousse - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: Free Mp3 Wma Converter V 1.7.3 - (.Koyote Soft.) [HKLM]
O42 - Logiciel: Galerie de photos Windows Live - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: HLPIndex - (.Nom de votre société.) [HKLM]
O42 - Logiciel: HLPRFO - (.Nom de votre société.) [HKLM]
O42 - Logiciel: High Definition Audio Driver Package - KB835221 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Hotfix for Windows Media Format 11 SDK (KB929399) - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Hotfix for Windows XP (KB915865) - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Hotfix for Windows XP (KB926239) - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Hotfix for Windows XP (KB976002-v5) - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: J2SE Runtime Environment 5.0 Update 6 - (.Sun Microsystems, Inc..) [HKLM]
O42 - Logiciel: Java 2 Runtime Environment, SE v1.4.2_05 - (.Sun Microsystems, Inc..) [HKLM]
O42 - Logiciel: Java(TM) 6 Update 16 - (.Sun Microsystems, Inc..) [HKLM]
O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: KSU - (.Nom de votre société.) [HKLM]
O42 - Logiciel: Lecteur Windows Media 11 - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: LiveUpdate 2.6 (Symantec Corporation) - (.Symantec Corporation.) [HKLM]
O42 - Logiciel: Logiciel Kodak EasyShare - (.Eastman Kodak Company.) [HKLM]
O42 - Logiciel: Logitech Desktop Messenger - (.Logitech, Inc..) [HKLM]
O42 - Logiciel: Logitech Print Service - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: Logitech QuickCam - (.Logitech, Inc..) [HKLM]
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM]
O42 - Logiciel: MSXML 4.0 SP2 (KB925672) - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: MSXML 4.0 SP2 (KB927978) - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: MSXML 4.0 SP2 (KB936181) - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: MSXML 6 Service Pack 2 (KB973686) - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.) [HKLM]
O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Microsoft.) [HKLM]
O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: Microsoft .NET Framework 1.1 French Language Pack - (.Microsoft.) [HKLM]
O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB953297) - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft Compression Client Pack 1.0 for Windows XP - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft Internationalized Domain Names Mitigation APIs - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft National Language Support Downlevel APIs - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft Office 2003 Web Components - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft Office PowerPoint Viewer 2003 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft Office Professional Edition 2003 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU] - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft User-Mode Driver Framework Feature Pack 1.0 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Mozilla Firefox (3.5.9) - (.Mozilla.) [HKLM]
O42 - Logiciel: Norton Internet Security - (.Symantec Corporation.) [HKLM]
O42 - Logiciel: Notifier - (.Nom de votre société.) [HKLM]
O42 - Logiciel: OTtBP - (.EASTMAN KODAK Company.) [HKLM]
O42 - Logiciel: OTtBPSDK - (.EASTMAN KODAK Company.) [HKLM]
O42 - Logiciel: OpenOffice.org 3.1 - (.OpenOffice.org.) [HKLM]
O42 - Logiciel: Outil de téléchargement Windows Live - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: PCDADDIN - (.Nom de votre société.) [HKLM]
O42 - Logiciel: PCDHELP - (.Nom de votre société.) [HKLM]
O42 - Logiciel: PCDLNCH - (.EASTMAN KODAK Company.) [HKLM]
O42 - Logiciel: Package de base Microsoft de service de chiffrement pour cartes à puce - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Packard Bell InfoCentre - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: Programme de gestion Camera de Logitech® - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: QuickTime - (.Apple Inc..) [HKLM]
O42 - Logiciel: Realtek High Definition Audio Driver - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: SFR - (.Eastman Kodak Company.) [HKLM]
O42 - Logiciel: SFR2 - (.EASTMAN KODAK Company.) [HKLM]
O42 - Logiciel: Samsung Master - (.Samsung.) [HKLM]
O42 - Logiciel: Samsung USB Driver - (.Samsung Techwin.) [HKLM]
O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Segoe UI - (.Microsoft Corp.) [HKLM]
O42 - Logiciel: Shockwave - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: Sonic MyDVD - (.Sonic Solutions.) [HKLM]
O42 - Logiciel: Sonic RecordNow! - (.Sonic Solutions.) [HKLM]
O42 - Logiciel: Sophos Anti-Rootkit 1.3 - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: StuffPlug-NG (Messenger Plus! Plugins) - (.TheBlasphemer.) [HKLM]
O42 - Logiciel: TomTom HOME 2.7.3.1894 - (.TomTom.) [HKLM]
O42 - Logiciel: TomTom HOME Visual Studio Merge Modules - (.TomTom International B.V..) [HKLM]
O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Veoh Video Compass - (.Veoh Networks, Inc..) [HKLM]
O42 - Logiciel: Veoh Web Player Beta - (.Veoh Networks, Inc..) [HKLM]
O42 - Logiciel: VideoLAN VLC media player 0.8.2 - (.VideoLAN Team.) [HKLM]
O42 - Logiciel: Winamp (remove only) - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: Windows Genuine Advantage Notifications (KB905474) - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Windows Genuine Advantage Validation Tool (KB892130) - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Windows Genuine Advantage v1.3.0254.0 - (.Microsoft.) [HKLM]
O42 - Logiciel: Windows Imaging Component - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Windows Installer 3.1 (KB893803) - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Windows Internet Explorer 8 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Windows Live FolderShare - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Windows Live Mail - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Windows Media Connect - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Windows Media Format 11 runtime - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Windows Media Format 11 runtime - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: Windows Media Format SDK Hotfix - KB891122 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Windows Media Player 11 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Yahoo! Toolbar - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: eMule - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: honestech Video Editor - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: iTunes - (.Apple Inc..) [HKLM]
O42 - Logiciel: pdfforge Toolbar v1.1.2 - (.Spigot, Inc..) [HKLM]
0
Réponse 20 / 34
manon_c12
 
--\\ HKCU & HKLM Software Keys
[HKCU\Software\ASProtect]
[HKCU\Software\Ad-Remover]
[HKCU\Software\Adobe]
[HKCU\Software\America Online]
[HKCU\Software\AppConf]
[HKCU\Software\Apple Computer, Inc.]
[HKCU\Software\Audacity]
[HKCU\Software\Aurigma]
[HKCU\Software\Binary Noise]
[HKCU\Software\Bugsplat]
[HKCU\Software\CDDB]
[HKCU\Software\CISRA]
[HKCU\Software\CLSID]
[HKCU\Software\Canon]
[HKCU\Software\Classes]
[HKCU\Software\CosmoSoftware]
[HKCU\Software\Cyberlink]
[HKCU\Software\Cycore]
[HKCU\Software\DivXNetworks]
[HKCU\Software\ESMP]
[HKCU\Software\EZhome]
[HKCU\Software\Eyeball]
[HKCU\Software\FotoWire]
[HKCU\Software\Freeware]
[HKCU\Software\GNU]
[HKCU\Software\Gadu-Gadu]
[HKCU\Software\Google]
[HKCU\Software\High-Logic]
[HKCU\Software\Hilgraeve Inc]
[HKCU\Software\IM Providers]
[HKCU\Software\Illustrate]
[HKCU\Software\Intel]
[HKCU\Software\JavaSoft]
[HKCU\Software\Kazaa]
[HKCU\Software\Kodak]
[HKCU\Software\Lake]
[HKCU\Software\Leadertech]
[HKCU\Software\Local AppWizard-Generated Applications]
[HKCU\Software\Logitech]
[HKCU\Software\Macromedia]
[HKCU\Software\MainConcept (Sonic)]
[HKCU\Software\MainConcept]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\Multi_Media]
[HKCU\Software\Need2Find]
[HKCU\Software\Netscape]
[HKCU\Software\Nokia]
[HKCU\Software\Northcode Inc]
[HKCU\Software\Norton]
[HKCU\Software\ODBC]
[HKCU\Software\OpenOffice.org]
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\Protexis]
[HKCU\Software\RealNetworks]
[HKCU\Software\SCC]
[HKCU\Software\SOCID]
[HKCU\Software\STOIK Imagic 30]
[HKCU\Software\Skype]
[HKCU\Software\Sonic]
[HKCU\Software\Stoik]
[HKCU\Software\Symantec]
[HKCU\Software\System Process]
[HKCU\Software\Terravirtual]
[HKCU\Software\TomTom]
[HKCU\Software\TorrentAid]
[HKCU\Software\Trend Micro]
[HKCU\Software\Trolltech]
[HKCU\Software\Ultralingua]
[HKCU\Software\VB and VBA Program Settings]
[HKCU\Software\VHLD]
[HKCU\Software\Veoh]
[HKCU\Software\Virtual Plastic Surgery Software - VPSS]
[HKCU\Software\WinRAR SFX]
[HKCU\Software\WinRAR]
[HKCU\Software\Winamp]
[HKCU\Software\YahooPartnerToolbar]
[HKCU\Software\Yahoo]
[HKCU\Software\eMule]
[HKCU\Software\honestech]
[HKLM\Software\116f]
[HKLM\Software\242E7B6AE22375B468E219C710FBFE04]
[HKLM\Software\8ec]
[HKLM\Software\ATI Technologies Inc.]
[HKLM\Software\ATI Technologies]
[HKLM\Software\Adobe]
[HKLM\Software\Alice]
[HKLM\Software\Amazon]
[HKLM\Software\America Online]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\Apple Inc.]
[HKLM\Software\Avance]
[HKLM\Software\BackWeb]
[HKLM\Software\BrowserChoice]
[HKLM\Software\C07ft5Y]
[HKLM\Software\CDDB]
[HKLM\Software\CISRA]
[HKLM\Software\Cakewalk Music Software]
[HKLM\Software\Canon]
[HKLM\Software\Claritas UK Ltd]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\CosmoSoftware]
[HKLM\Software\CyberLink]
[HKLM\Software\Cycore]
[HKLM\Software\DivXNetworks]
[HKLM\Software\ESMP]
[HKLM\Software\Eyeball]
[HKLM\Software\FotoWire]
[HKLM\Software\FullCircle]
[HKLM\Software\GEAR Software]
[HKLM\Software\GNU]
[HKLM\Software\GTek]
[HKLM\Software\Gadu-Gadu]
[HKLM\Software\Gemplus]
[HKLM\Software\Google]
[HKLM\Software\H+H Zfrk]
[HKLM\Software\Havas Interactive]
[HKLM\Software\High-Logic]
[HKLM\Software\InstallShield]
[HKLM\Software\Intel Corporation]
[HKLM\Software\Intel]
[HKLM\Software\JavaSoft]
[HKLM\Software\Kazaa]
[HKLM\Software\Kodak]
[HKLM\Software\Lake]
[HKLM\Software\Larousse]
[HKLM\Software\Logitech]
[HKLM\Software\MDMOptions]
[HKLM\Software\Macromedia]
[HKLM\Software\MicroVision]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\Multi_Media]
[HKLM\Software\NEC Computers International]
[HKLM\Software\Need2Find]
[HKLM\Software\Norton]
[HKLM\Software\Nullsoft]
[HKLM\Software\ODBC]
[HKLM\Software\OpenOffice.org]
[HKLM\Software\PCSuite]
[HKLM\Software\PTECH]
[HKLM\Software\Policies]
[HKLM\Software\Program Groups]
[HKLM\Software\Protexis]
[HKLM\Software\RNDIS driver]
[HKLM\Software\RealNetworks]
[HKLM\Software\RealVNC]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\RichFX]
[HKLM\Software\S3R521]
[HKLM\Software\Samsung Techwin]
[HKLM\Software\SamsungMaster]
[HKLM\Software\Samsung]
[HKLM\Software\Schlumberger]
[HKLM\Software\Secure]
[HKLM\Software\SemanticInsight]
[HKLM\Software\Sharman Networks Ltd]
[HKLM\Software\SmartLink]
[HKLM\Software\Soeperman Enterprises Ltd.]
[HKLM\Software\Sonic]
[HKLM\Software\Sun Microsystems]
[HKLM\Software\Symantec]
[HKLM\Software\TerraVirtual]
[HKLM\Software\The Silicon Realms Toolworks]
[HKLM\Software\Tiscali]
[HKLM\Software\TomTom]
[HKLM\Software\TrendMicro]
[HKLM\Software\VOB]
[HKLM\Software\VideoLAN]
[HKLM\Software\Windows 3.1 Migration Status]
[HKLM\Software\Wise Solutions]
[HKLM\Software\Xing Technology Corp.]
[HKLM\Software\Yahoo]
[HKLM\Software\Zone Labs]
[HKLM\Software\honestech]
[HKLM\Software\mozilla.org]


---\\ Contenu des dossiers Fichiers Communs (O43)
O43 - CFD:Common File Directory ----D- C:\Program Files\Adobe
O43 - CFD:Common File Directory ----D- C:\Program Files\Amazon
O43 - CFD:Common File Directory ----D- C:\Program Files\American Systems
O43 - CFD:Common File Directory ----D- C:\Program Files\AOL 9.0
O43 - CFD:Common File Directory ----D- C:\Program Files\AOL Compagnon
O43 - CFD:Common File Directory ----D- C:\Program Files\Apple Software Update
O43 - CFD:Common File Directory ----D- C:\Program Files\Audacity
O43 - CFD:Common File Directory ----D- C:\Program Files\Bonjour
O43 - CFD:Common File Directory ----D- C:\Program Files\Canon
O43 - CFD:Common File Directory ----D- C:\Program Files\CCleaner
O43 - CFD:Common File Directory ----D- C:\Program Files\ComPlus Applications
O43 - CFD:Common File Directory ----D- C:\Program Files\CosmoSoftware
O43 - CFD:Common File Directory ----D- C:\Program Files\CyberLink
O43 - CFD:Common File Directory ----D- C:\Program Files\Dictionnaire
O43 - CFD:Common File Directory ----D- C:\Program Files\directx
O43 - CFD:Common File Directory ----D- C:\Program Files\DivX
O43 - CFD:Common File Directory ----D- C:\Program Files\eMule
O43 - CFD:Common File Directory ----D- C:\Program Files\ESF
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers communs
O43 - CFD:Common File Directory ----D- C:\Program Files\Free Audio Pack
O43 - CFD:Common File Directory ----D- C:\Program Files\Google
O43 - CFD:Common File Directory ----D- C:\Program Files\Grisoft
O43 - CFD:Common File Directory ----D- C:\Program Files\honestech Video Editor 7.0 Shareware
O43 - CFD:Common File Directory ----D- C:\Program Files\Ihsv
O43 - CFD:Common File Directory ----D- C:\Program Files\Illustrate
O43 - CFD:Common File Directory --H-D- C:\Program Files\InstallShield Installation Information
O43 - CFD:Common File Directory ----D- C:\Program Files\Internet Explorer
O43 - CFD:Common File Directory ----D- C:\Program Files\iPod
O43 - CFD:Common File Directory ----D- C:\Program Files\iTunes
O43 - CFD:Common File Directory ----D- C:\Program Files\Java
O43 - CFD:Common File Directory ----D- C:\Program Files\JRE
O43 - CFD:Common File Directory ----D- C:\Program Files\Kodak
O43 - CFD:Common File Directory ----D- C:\Program Files\Larousse
O43 - CFD:Common File Directory ----D- C:\Program Files\Learn2.com
O43 - CFD:Common File Directory ----D- C:\Program Files\List_Kill'em
O43 - CFD:Common File Directory ----D- C:\Program Files\Livre Album Fuji Photo
O43 - CFD:Common File Directory ----D- C:\Program Files\Logitech
O43 - CFD:Common File Directory ----D- C:\Program Files\Malwarebytes' Anti-Malware
O43 - CFD:Common File Directory ----D- C:\Program Files\Messenger
O43 - CFD:Common File Directory ----D- C:\Program Files\MessengerPlus! 3
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft ActiveSync
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft CAPICOM 2.1.0.2
O43 - CFD:Common File Directory ----D- C:\Program Files\microsoft frontpage
O43 - CFD:Common File Directory ----D- C:\Program Files\microsoft office
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft SQL Server Compact Edition
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Visual Studio
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft.NET
O43 - CFD:Common File Directory ----D- C:\Program Files\Movie Maker
O43 - CFD:Common File Directory ----D- C:\Program Files\Mozilla Firefox
O43 - CFD:Common File Directory ----D- C:\Program Files\MSBuild
O43 - CFD:Common File Directory ----D- C:\Program Files\MSN
O43 - CFD:Common File Directory ----D- C:\Program Files\MSN Gaming Zone
O43 - CFD:Common File Directory ----D- C:\Program Files\MSN Messenger
O43 - CFD:Common File Directory ----D- C:\Program Files\MSXML 4.0
O43 - CFD:Common File Directory ----D- C:\Program Files\MSXML 6.0
O43 - CFD:Common File Directory ----D- C:\Program Files\Navilog1
O43 - CFD:Common File Directory ----D- C:\Program Files\NetMeeting
O43 - CFD:Common File Directory ----D- C:\Program Files\Norton Internet Security
O43 - CFD:Common File Directory R---D- C:\Program Files\Norton Support
O43 - CFD:Common File Directory ----D- C:\Program Files\NortonInstaller
O43 - CFD:Common File Directory ----D- C:\Program Files\Online Services
O43 - CFD:Common File Directory ----D- C:\Program Files\OpenOffice.org 2.0
O43 - CFD:Common File Directory ----D- C:\Program Files\OpenOffice.org 3
O43 - CFD:Common File Directory ----D- C:\Program Files\Outlook Express
O43 - CFD:Common File Directory ----D- C:\Program Files\Photo Wizard
O43 - CFD:Common File Directory ----D- C:\Program Files\PokerRoom.com
O43 - CFD:Common File Directory ----D- C:\Program Files\QuickTime
O43 - CFD:Common File Directory ----D- C:\Program Files\Real
O43 - CFD:Common File Directory ----D- C:\Program Files\Realtek
O43 - CFD:Common File Directory ----D- C:\Program Files\Reference Assemblies
O43 - CFD:Common File Directory ----D- C:\Program Files\Samsung
O43 - CFD:Common File Directory ----D- C:\Program Files\Services en ligne
O43 - CFD:Common File Directory ----D- C:\Program Files\Sonic
O43 - CFD:Common File Directory ----D- C:\Program Files\Sophos
O43 - CFD:Common File Directory ----D- C:\Program Files\Symantec
O43 - CFD:Common File Directory ----D- C:\Program Files\Tiscali Triway Wi-Fi
O43 - CFD:Common File Directory ----D- C:\Program Files\Tiscali_Triway_WiFi
O43 - CFD:Common File Directory ----D- C:\Program Files\TomTom International B.V
O43 - CFD:Common File Directory ----D- C:\Program Files\Trend Micro
O43 - CFD:Common File Directory --H-D- C:\Program Files\Uninstall Information
O43 - CFD:Common File Directory ----D- C:\Program Files\Veoh Networks
O43 - CFD:Common File Directory ----D- C:\Program Files\VideoLAN
O43 - CFD:Common File Directory ----D- C:\Program Files\Virtual CD v4 SDK
O43 - CFD:Common File Directory ----D- C:\Program Files\Winamp
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Desktop Search
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live SkyDrive
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live Toolbar
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Connect 2
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Player
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows NT
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Sidebar
O43 - CFD:Common File Directory --H-D- C:\Program Files\WindowsUpdate
O43 - CFD:Common File Directory ----D- C:\Program Files\WinRAR
O43 - CFD:Common File Directory ----D- C:\Program Files\xerox
O43 - CFD:Common File Directory ----D- C:\Program Files\Yahoo!
O43 - CFD:Common File Directory ----D- C:\Program Files\ZHPDiag
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Adobe
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\AOL
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\aolshare
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Apple
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\DESIGNER
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\FotoWire
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\InstallShield
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Java
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Kodak
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Logitech
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Microsoft Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\MSSoap
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\NSV
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Nullsoft
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\ODBC
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Real
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Services
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Sonic Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\SpeechEngines
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\SureThing Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\SWF Studio
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Symantec Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\System
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Windows Live
O43 - CFD:Common File Directory -SH-D- C:\Program Files\Fichiers Communs\WindowsLiveInstaller
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\xing shared
0
moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274
 
il manque un petit bout encore
0