- Publications
- Technologies
- Informatique
- Presse
- Dépêches
- Recherches
- Sondages
Help svp
Whitehat02 avril 2011 à 22h06
Bonjour,
au fait ces dernier temps je sens que quelqu'un ma envoyé un torjan ou je ne sais quoi , et il tente de se connécter à ma machine
pour vérifier les ports LISTENING j'ai fait un netstat -a avant d'établir aucune connexion et ça donne ça:
Proto Adresse locale Adresse distante État
TCP 0.0.0.0:135 Seven-PC:0 LISTENING
TCP 0.0.0.0:445 Seven-PC:0 LISTENING
TCP 0.0.0.0:912 Seven-PC:0 LISTENING
TCP 0.0.0.0:49152 Seven-PC:0 LISTENING
TCP 0.0.0.0:49153 Seven-PC:0 LISTENING
TCP 0.0.0.0:49154 Seven-PC:0 LISTENING
TCP 0.0.0.0:49155 Seven-PC:0 LISTENING
TCP 0.0.0.0:49156 Seven-PC:0 LISTENING
TCP 0.0.0.0:49157 Seven-PC:0 LISTENING
TCP 127.0.0.1:7005 Seven-PC:0 LISTENING
TCP 127.0.0.1:49158 Seven-PC:0 LISTENING
TCP 192.168.86.1:139 Seven-PC:0 LISTENING
TCP 192.168.238.1:139 Seven-PC:0 LISTENING
TCP [::]:135 Seven-PC:0 LISTENING
TCP [::]:445 Seven-PC:0 LISTENING
TCP [::]:49152 Seven-PC:0 LISTENING
TCP [::]:49153 Seven-PC:0 LISTENING
TCP [::]:49154 Seven-PC:0 LISTENING
TCP [::]:49155 Seven-PC:0 LISTENING
TCP [::]:49156 Seven-PC:0 LISTENING
TCP [::]:49157 Seven-PC:0 LISTENING
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:4500 *:*
UDP 0.0.0.0:5355 *:*
UDP 127.0.0.1:1900 *:*
UDP 127.0.0.1:49156 *:*
UDP 192.168.86.1:137 *:*
UDP 192.168.86.1:138 *:*
UDP 192.168.86.1:1900 *:*
UDP 192.168.86.1:49154 *:*
UDP 192.168.238.1:137 *:*
UDP 192.168.238.1:138 *:*
UDP 192.168.238.1:1900 *:*
UDP 192.168.238.1:49155 *:*
UDP [::]:500 *:*
UDP [::]:4500 *:*
UDP [::1]:1900 *:*
UDP [::1]:49153 *:*
aussi j'ai efféctué un scan avec hijackthis et ça donne ça:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:29:57, on 02/04/2011
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal
Running processes:
C:Program Files (x86)G DataAntiVirusAVKTrayAVKTray.exe
C:Program Files (x86)Zone LabsZoneAlarmzlclient.exe
C:Program Files (x86)Hewlett-PackardHP Quick Launch ButtonsQLBCtrl.exe
C:UsersSevenDownloadsHiJackThis.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.fr/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: G Data WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:Program Files (x86)G DataAntiVirusWebFilterAvkWebIE.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:Program Files (x86)SkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:PROGRA~2MICROS~4Office14GROOVEEX.DLL
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:Program FilesCheckPointZAForceFieldWOW64TrustCheckerbinTrustCheckerIEPlugin.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:Program Files (x86)Windows LiveCompanioncompanioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:PROGRA~2MICROS~4Office14URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:Program Files (x86)MicrosoftBingBarBingExt.dll" (file missing)
O3 - Toolbar: G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:Program Files (x86)G DataAntiVirusWebFilterAvkWebIE.dll
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:Program FilesCheckPointZAForceFieldWOW64TrustCheckerbinTrustCheckerIEPlugin.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:Program Files (x86)MicrosoftBingBarBingExt.dll" (file missing)
O4 - HKLM..Run: [G Data AntiVirus Tray Application] C:Program Files (x86)G DataAntiVirusAVKTrayAVKTray.exe
O4 - HKLM..Run: [ZoneAlarm Client] "C:Program Files (x86)Zone LabsZoneAlarmzlclient.exe"
O4 - HKLM..Run: [QlbCtrl.exe] C:Program Files (x86)Hewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe /Start
O4 - HKCU..Run: [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
O4 - HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun (User 'SERVICE LOCAL')
O4 - HKUSS-1-5-19..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (User 'SERVICE LOCAL')
O4 - HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun (User 'SERVICE RÉSEAU')
O4 - HKUSS-1-5-20..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (User 'SERVICE RÉSEAU')
O4 - HKUSS-1-5-21-2037397086-4284981973-3115649341-1000..Run: [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun (User 'Seven')
O9 - Extra button: @C:Program Files (x86)Windows LiveCompanioncompanionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:Program Files (x86)Windows LiveCompanioncompanioncore.dll
O9 - Extra button: @C:Program Files (x86)Windows LiveWriterWindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:Program Files (x86)Windows LiveWriterWindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:Program Files (x86)SkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:program files (x86)common filesmicrosoft sharedwindows livewlidnsp.dll
O10 - Unknown file in Winsock LSP: c:program files (x86)common filesmicrosoft sharedwindows livewlidnsp.dll
O10 - Unknown file in Winsock LSP: c:program files (x86)vmwarevmware workstationvsocklib.dll
O10 - Unknown file in Winsock LSP: c:program files (x86)vmwarevmware workstationvsocklib.dll
O13 - Gopher Prefix:
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ("Ma-Config.com control) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_5_1_1_0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~2COMMON~1SkypeSKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:Program Files (x86)Windows LivePhoto GalleryAlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:Program Files (x86)Common FilesMicrosoft SharedOFFICE14MSOXMLMF.DLL
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:Program FilesRealtekAudioHDAAERTSr64.exe
O23 - Service: @%SystemRoot%system32Alg.exe,-112 (ALG) - Unknown owner - C:WindowsSystem32alg.exe (file missing)
O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G Data Software AG - C:Program Files (x86)Common FilesG DataAVKProxyAVKProxy.exe
O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:Program Files (x86)G DataAntiVirusAVKAVKService.exe
O23 - Service: G Data Gardien (AVKWCtl) - G Data Software AG - C:Program Files (x86)G DataAntiVirusAVKAVKWCtlX64.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:Program Files (x86)Hewlett-PackardHP Quick Launch ButtonsCom4QLBEx.exe
O23 - Service: @%SystemRoot%system32efssvc.dll,-100 (EFS) - Unknown owner - C:WindowsSystem32lsass.exe (file missing)
O23 - Service: @%systemroot%system32fxsresm.dll,-118 (Fax) - Unknown owner - C:Windowssystem32fxssvc.exe (file missing)
O23 - Service: G Data Scanner (GDScan) - G Data Software AG - C:Program Files (x86)Common FilesG DataGDScanGDScan.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:Program Files (x86)Hewlett-PackardSharedhpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:Program Files (x86)IntelIntel Matrix Storage ManagerIAANTMon.exe
O23 - Service: ZoneAlarm ForceField IswSvc (IswSvc) - Check Point Software Technologies - C:Program FilesCheckPointZAForceFieldIswSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:Program Files (x86)ma-config.commaconfservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:WindowsSystem32msdtc.exe (file missing)
O23 - Service: @%SystemRoot%System32netlogon.dll,-102 (Netlogon) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%systemroot%system32psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%systemroot%system32Locator.exe,-2 (RpcLocator) - Unknown owner - C:Windowssystem32locator.exe (file missing)
O23 - Service: @%SystemRoot%system32samsrv.dll,-1 (SamSs) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%SystemRoot%system32snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:WindowsSystem32snmptrap.exe (file missing)
O23 - Service: @%systemroot%system32spoolsv.exe,-1 (Spooler) - Unknown owner - C:WindowsSystem32spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%system32sppsvc.exe,-101 (sppsvc) - Unknown owner - C:Windowssystem32sppsvc.exe (file missing)
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:Program Files (x86)VMwareVMware Workstationvmware-ufad.exe
O23 - Service: @%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:Windowssystem32UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe
O23 - Service: @%SystemRoot%system32vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%SystemRoot%system32vds.exe,-100 (vds) - Unknown owner - C:WindowsSystem32vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:Program Files (x86)VMwareVMware Workstationvmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:Windowssystem32vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:Program Files (x86)Common FilesVMwareUSBvmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:Windowssystem32vmnat.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:WindowsSysWOW64ZoneLabsvsmon.exe
O23 - Service: @%systemroot%system32vssvc.exe,-102 (VSS) - Unknown owner - C:Windowssystem32vssvc.exe (file missing)
O23 - Service: @%SystemRoot%system32WatWatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:Windowssystem32WatWatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%system32wbengine.exe,-104 (wbengine) - Unknown owner - C:Windowssystem32wbengine.exe (file missing)
O23 - Service: @%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:Windowssystem32wbemWmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:Program Files (x86)Windows Media Playerwmpnetwk.exe (file missing)
--
End of file - 11735 bytes
autres infos:
je me connecte en tant qu'utilisateur standard sous Seven Edition Integral et quand j'éxécute regedit apparemment ça dois me donner de saisire le mot de passe administrateur, mais ça ne le donne pas
Cordialement,
au fait ces dernier temps je sens que quelqu'un ma envoyé un torjan ou je ne sais quoi , et il tente de se connécter à ma machine
pour vérifier les ports LISTENING j'ai fait un netstat -a avant d'établir aucune connexion et ça donne ça:
Proto Adresse locale Adresse distante État
TCP 0.0.0.0:135 Seven-PC:0 LISTENING
TCP 0.0.0.0:445 Seven-PC:0 LISTENING
TCP 0.0.0.0:912 Seven-PC:0 LISTENING
TCP 0.0.0.0:49152 Seven-PC:0 LISTENING
TCP 0.0.0.0:49153 Seven-PC:0 LISTENING
TCP 0.0.0.0:49154 Seven-PC:0 LISTENING
TCP 0.0.0.0:49155 Seven-PC:0 LISTENING
TCP 0.0.0.0:49156 Seven-PC:0 LISTENING
TCP 0.0.0.0:49157 Seven-PC:0 LISTENING
TCP 127.0.0.1:7005 Seven-PC:0 LISTENING
TCP 127.0.0.1:49158 Seven-PC:0 LISTENING
TCP 192.168.86.1:139 Seven-PC:0 LISTENING
TCP 192.168.238.1:139 Seven-PC:0 LISTENING
TCP [::]:135 Seven-PC:0 LISTENING
TCP [::]:445 Seven-PC:0 LISTENING
TCP [::]:49152 Seven-PC:0 LISTENING
TCP [::]:49153 Seven-PC:0 LISTENING
TCP [::]:49154 Seven-PC:0 LISTENING
TCP [::]:49155 Seven-PC:0 LISTENING
TCP [::]:49156 Seven-PC:0 LISTENING
TCP [::]:49157 Seven-PC:0 LISTENING
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:4500 *:*
UDP 0.0.0.0:5355 *:*
UDP 127.0.0.1:1900 *:*
UDP 127.0.0.1:49156 *:*
UDP 192.168.86.1:137 *:*
UDP 192.168.86.1:138 *:*
UDP 192.168.86.1:1900 *:*
UDP 192.168.86.1:49154 *:*
UDP 192.168.238.1:137 *:*
UDP 192.168.238.1:138 *:*
UDP 192.168.238.1:1900 *:*
UDP 192.168.238.1:49155 *:*
UDP [::]:500 *:*
UDP [::]:4500 *:*
UDP [::1]:1900 *:*
UDP [::1]:49153 *:*
aussi j'ai efféctué un scan avec hijackthis et ça donne ça:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:29:57, on 02/04/2011
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal
Running processes:
C:Program Files (x86)G DataAntiVirusAVKTrayAVKTray.exe
C:Program Files (x86)Zone LabsZoneAlarmzlclient.exe
C:Program Files (x86)Hewlett-PackardHP Quick Launch ButtonsQLBCtrl.exe
C:UsersSevenDownloadsHiJackThis.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.fr/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: G Data WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:Program Files (x86)G DataAntiVirusWebFilterAvkWebIE.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:Program Files (x86)SkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:PROGRA~2MICROS~4Office14GROOVEEX.DLL
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:Program FilesCheckPointZAForceFieldWOW64TrustCheckerbinTrustCheckerIEPlugin.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:Program Files (x86)Windows LiveCompanioncompanioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:PROGRA~2MICROS~4Office14URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:Program Files (x86)MicrosoftBingBarBingExt.dll" (file missing)
O3 - Toolbar: G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:Program Files (x86)G DataAntiVirusWebFilterAvkWebIE.dll
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:Program FilesCheckPointZAForceFieldWOW64TrustCheckerbinTrustCheckerIEPlugin.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:Program Files (x86)MicrosoftBingBarBingExt.dll" (file missing)
O4 - HKLM..Run: [G Data AntiVirus Tray Application] C:Program Files (x86)G DataAntiVirusAVKTrayAVKTray.exe
O4 - HKLM..Run: [ZoneAlarm Client] "C:Program Files (x86)Zone LabsZoneAlarmzlclient.exe"
O4 - HKLM..Run: [QlbCtrl.exe] C:Program Files (x86)Hewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe /Start
O4 - HKCU..Run: [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
O4 - HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun (User 'SERVICE LOCAL')
O4 - HKUSS-1-5-19..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (User 'SERVICE LOCAL')
O4 - HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun (User 'SERVICE RÉSEAU')
O4 - HKUSS-1-5-20..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (User 'SERVICE RÉSEAU')
O4 - HKUSS-1-5-21-2037397086-4284981973-3115649341-1000..Run: [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun (User 'Seven')
O9 - Extra button: @C:Program Files (x86)Windows LiveCompanioncompanionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:Program Files (x86)Windows LiveCompanioncompanioncore.dll
O9 - Extra button: @C:Program Files (x86)Windows LiveWriterWindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:Program Files (x86)Windows LiveWriterWindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:Program Files (x86)SkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:program files (x86)common filesmicrosoft sharedwindows livewlidnsp.dll
O10 - Unknown file in Winsock LSP: c:program files (x86)common filesmicrosoft sharedwindows livewlidnsp.dll
O10 - Unknown file in Winsock LSP: c:program files (x86)vmwarevmware workstationvsocklib.dll
O10 - Unknown file in Winsock LSP: c:program files (x86)vmwarevmware workstationvsocklib.dll
O13 - Gopher Prefix:
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ("Ma-Config.com control) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_5_1_1_0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~2COMMON~1SkypeSKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:Program Files (x86)Windows LivePhoto GalleryAlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:Program Files (x86)Common FilesMicrosoft SharedOFFICE14MSOXMLMF.DLL
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:Program FilesRealtekAudioHDAAERTSr64.exe
O23 - Service: @%SystemRoot%system32Alg.exe,-112 (ALG) - Unknown owner - C:WindowsSystem32alg.exe (file missing)
O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G Data Software AG - C:Program Files (x86)Common FilesG DataAVKProxyAVKProxy.exe
O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:Program Files (x86)G DataAntiVirusAVKAVKService.exe
O23 - Service: G Data Gardien (AVKWCtl) - G Data Software AG - C:Program Files (x86)G DataAntiVirusAVKAVKWCtlX64.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:Program Files (x86)Hewlett-PackardHP Quick Launch ButtonsCom4QLBEx.exe
O23 - Service: @%SystemRoot%system32efssvc.dll,-100 (EFS) - Unknown owner - C:WindowsSystem32lsass.exe (file missing)
O23 - Service: @%systemroot%system32fxsresm.dll,-118 (Fax) - Unknown owner - C:Windowssystem32fxssvc.exe (file missing)
O23 - Service: G Data Scanner (GDScan) - G Data Software AG - C:Program Files (x86)Common FilesG DataGDScanGDScan.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:Program Files (x86)Hewlett-PackardSharedhpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:Program Files (x86)IntelIntel Matrix Storage ManagerIAANTMon.exe
O23 - Service: ZoneAlarm ForceField IswSvc (IswSvc) - Check Point Software Technologies - C:Program FilesCheckPointZAForceFieldIswSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:Program Files (x86)ma-config.commaconfservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:WindowsSystem32msdtc.exe (file missing)
O23 - Service: @%SystemRoot%System32netlogon.dll,-102 (Netlogon) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%systemroot%system32psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%systemroot%system32Locator.exe,-2 (RpcLocator) - Unknown owner - C:Windowssystem32locator.exe (file missing)
O23 - Service: @%SystemRoot%system32samsrv.dll,-1 (SamSs) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%SystemRoot%system32snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:WindowsSystem32snmptrap.exe (file missing)
O23 - Service: @%systemroot%system32spoolsv.exe,-1 (Spooler) - Unknown owner - C:WindowsSystem32spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%system32sppsvc.exe,-101 (sppsvc) - Unknown owner - C:Windowssystem32sppsvc.exe (file missing)
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:Program Files (x86)VMwareVMware Workstationvmware-ufad.exe
O23 - Service: @%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:Windowssystem32UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe
O23 - Service: @%SystemRoot%system32vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%SystemRoot%system32vds.exe,-100 (vds) - Unknown owner - C:WindowsSystem32vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:Program Files (x86)VMwareVMware Workstationvmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:Windowssystem32vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:Program Files (x86)Common FilesVMwareUSBvmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:Windowssystem32vmnat.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:WindowsSysWOW64ZoneLabsvsmon.exe
O23 - Service: @%systemroot%system32vssvc.exe,-102 (VSS) - Unknown owner - C:Windowssystem32vssvc.exe (file missing)
O23 - Service: @%SystemRoot%system32WatWatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:Windowssystem32WatWatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%system32wbengine.exe,-104 (wbengine) - Unknown owner - C:Windowssystem32wbengine.exe (file missing)
O23 - Service: @%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:Windowssystem32wbemWmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:Program Files (x86)Windows Media Playerwmpnetwk.exe (file missing)
--
End of file - 11735 bytes
autres infos:
je me connecte en tant qu'utilisateur standard sous Seven Edition Integral et quand j'éxécute regedit apparemment ça dois me donner de saisire le mot de passe administrateur, mais ça ne le donne pas
Cordialement,