Sebest

sur une page blanche qui a fini de charger.

Pour l'instant rien à changer.Perseverons:super: ----------------------------------- Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4700 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 05/10/2010 17:38:22 mbam-log-2010-10-05 (17-38-22).txt Type d'examen: Examen rapide Elément(s) analysé(s): 140609 Temps écoulé: 16 minute(s), 32 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 3 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Users\Seb\AppData\Local\Temp\B2CA.tmp\Adobe_CS5_Activator.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully. C:\Program Files\dte_wrapper.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Users\Seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat213921.bat (Trojan.Agent) -> Quarantined and deleted successfully.

J'ai bien téléchargé Mbam mais la page des mises à jour demeure introuvable.Et une erreur se produit dans MBAM pour la mise à jour aussi.

haaa ya un soucis,je suis en 64bits

Cela s'empire, tous les liens cliquables me redirigent vers adresse type 255.185.... et me lance un download qui se plante juste apres. Et j'ai de plus en plus de pages web qui ne s'affichent plus.

Bonjour, J'ai été malheuresement infecté par ma clé USB par un rootkit ou autre.ça affecte IE8 et Firefox, où à chaque fois que je clique sur un lien ça m'ouvre une nouvelle fenetre Wordslife,Antivirus 2010 ou after.php qui essaye d'etre telechargé sans y reussir. J'ai aussi des addresses qui depuis cette infection ne s'affichent plus. Je solicite votre aide en vous remerciant pas avance. Pour indication je tourne sur Windows 7 en version Ultimate (emulateur XP)

Ok merci, tout façon anti-malware est parti.Merci

Rapport de ZHPDiag v1.26.59 par Nicolas Coolman, Update du 05/09/2010 Run by intel i7 at 05/09/2010 22:18:56 Web site : ZHPDiag Outil de diagnostic Contact : nicolascoolman@yahoo.fr ---\\ Web Browser MSIE: Internet Explorer v8.0.6001.18702 ---\\ System Information Platform : Microsoft Windows XP (5.1.2600) Service Pack 3 Processor: x86 Family 15 Model 4 Stepping 1, GenuineIntel Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 2047 MB (73% free) System drive D: has 48 GB (59%) free of 81 GB ---\\ Logged in mode Computer Name: INTEL-B2A3569E0 User Name: intel i7 All Users Names: SUPPORT_388945a0, ROLAND, intel i7, HelpAssistant, Administrateur, Unselected Option: O1,O45,O61,O65,O82 Logged in as Administrator ---\\ DOS/Devices A:\ Floppy drive, Flash card reader, USB Key (Not Inserted) C:\ Hard drive, Flash drive, Thumb drive (Free 64 Go of 68 Go) D:\ Hard drive, Flash drive, Thumb drive (Free 48 Go of 81 Go) E:\ CD-ROM drive (Not Inserted) F:\ Floppy drive, Flash card reader, USB Key (Free 1 Go of 1 Go) 　 ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] DisableTaskMgr: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] DisableRegistryTools: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] NoDispScrSavPage: OK 　 ---\\ Processus lancés [MD5.2E3E53A6AEF23E24F402C7855B9B1542] - (.Apple Inc. - Apple Mobile Device Service.) -- D:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe [144176] [MD5.B453700B9EB83FEF29811B28DAE27D29] - (.ASUSTeK COMPUTER INC. - ASUS Keyboard Service.) -- D:\WINDOWS\ATKKBService.exe [257024] [MD5.5AB58C337AC65837FE404462AD6265AB] - (.Apple Inc. - Bonjour Service.) -- D:\Program Files\Bonjour\mDNSResponder.exe [345376] [MD5.09417134F248DFCEEA15C72BCC87F592] - (.Sun Microsystems, Inc. - Java Quick Starter Service.) -- D:\Program Files\Java\jre6\bin\jqs.exe [153376] [MD5.4571B4E5D316CA688CEDD3AB0F2563F1] - (.Pas de propriétaire - Pas de description.) -- D:\Program Files\McAfee\SiteAdvisor\McSACore.exe [206112] [MD5.B26A3EA976E6FD5C03C65F6E5824AD7C] - (.McAfee, Inc. - McAfee Service Host.) -- D:\Program Files\Fichiers communs\McAfee\McSvcHost\McSvHost.exe [271480] [MD5.B0E1CE9ED1E5EA5642EB6602016B70CC] - (.McAfee, Inc. - McAfee Process Validation Service.) -- D:\Program Files\Fichiers communs\McAfee\SystemCore\mfevtps.exe [141792] [MD5.E9E110CDF6A063A5F9B841C36FB5CC95] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 162.1.) -- D:\WINDOWS\system32\nvsvc32.exe [155716] [MD5.A9EEB7B09B898A53EC8B7063B923AC32] - (.SafeNet, Inc. - Pas de description.) -- D:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [328992] [MD5.FD8723219C907C7AB753C93334FA4610] - (.SafeNet, Inc - Sentinel Protection Server for SuperPro and.) -- D:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [226592] [MD5.861255C3ED2ACE9DF92ED10A6A174BAC] - (.McAfee, Inc. - McAfee On-Access Scanner service.) -- D:\Program Files\Fichiers communs\McAfee\SystemCore\mcshield.exe [170144] [MD5.E96F9CF4F8D244FDD5181FE90826E28F] - (.McAfee, Inc. - McAfee Core Firewall Service.) -- D:\Program Files\Fichiers communs\McAfee\SystemCore\mfefire.exe [188136] [MD5.8F610078437A459948480407F4DB91EA] - (.Apple Inc. - iPodService Module (32-bit).) -- D:\Program Files\iPod\bin\iPodService.exe [540472] [MD5.5E2F961CA018361DA942CDDA54741ED4] - (.McAfee, Inc. - McAfee Update Launcher.) -- d:\PROGRA~1\mcafee.com\agent\mcupdate.exe [746352] [MD5.72F23A6038F099C968E55C77FC3A99EB] - (.Nicolas Coolman - Diagnostic Tool.) -- D:\Program Files\ZHPDiag\ZHPDiag.exe [548352] 　 ---\\ Plugins de navigateurs Opera/Firefox(P1/P2) P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll P2 - FPN: [HKLM] [@Apple.com/iTunes,version=1.0] - (.Pas de propriétaire - Pas de description.) -- D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.50524.0.) -- D:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- d:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll 　 ---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2) F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe, F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" 　 ---\\ Pages de démarrage d'Internet Explorer (R0) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo 　 ---\\ Pages de recherche d'Internet Explorer (R1) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local 　 ---\\ Internet Explorer URLSearchHook (R3) R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.18939 (longhorn_ie8_gdr.100616-1700)) -- D:\WINDOWS\system32\ieframe.dll 　 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} . (.Pas de propriétaire - Pas de description.) -- (.not file.) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} . (.Pas de propriétaire - Pas de description.) -- d:\progra~1\mcafee\msk\mskapbho.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} . (.Pas de propriétaire - Pas de description.) -- (.not file.) O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} . (.McAfee, Inc. - VSCore Script Scanner.) -- D:\Program Files\Fichiers communs\McAfee\SystemCore\ScriptSn.20100723040455.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Interest recogniser for Freecompressor (powered by Spointer) - {a83c3565-302c-4bf8-b000-6b6f1811d892} . (.Freecompressor - Interest Recognizer for Freecompressor.) -- D:\Program Files\FreeCompressor\spointer\extensions\freecompressor_air_ie.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} . (.Pas de propriétaire - Pas de description.) -- d:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} . (.Megaupload Limited - Mega Manager IE Click Catcher.) -- D:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- D:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} . (.Sun Microsystems, Inc. - Java Quick Starter binary.) -- D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: OfferBox - {FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C} . (.Secure Digital Services Limited - OfferBox.) -- D:\Program Files\OfferBox\OfferBoxBHO.dll 　 ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} . (.Pas de propriétaire - Pas de description.) -- d:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll 　 ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [igfxTray] . (.Intel Corporation - igfxTray Module.) -- D:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- D:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- D:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [HDAudDeck] . (.VIA Technologies, Inc. - HDeck MFC Application.) -- D:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe O4 - HKLM\..\Run: [ASUSGamerOSD] . (.ASUSTeK Computer Inc. - ASUS GamerOSD.) -- D:\Program Files\ASUS\GamerOSD\GamerOSD.exe O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- D:\WINDOWS\system32\NvCpl.dll O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- D:\WINDOWS\system32\NvMcTray.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- D:\Program Files\Java\jre6\bin\jusched.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe O4 - HKLM\..\Run: [CanonMyPrinter] . (.CANON INC. - Canon My Printer.) -- D:\Program Files\Canon\MyPrinter\BJMyPrt.exe O4 - HKLM\..\Run: [CanonSolutionMenu] . (.CANON INC. - CNSLMAIN.) -- D:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- D:\Program Files\QuickTime\qttask.exe O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- D:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [mcui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- D:\Program Files\McAfee.com\Agent\mcagent.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- D:\Program Files\Windows Live\Messenger\msnmsgr.exe O4 - HKCU\..\Run: [nodenable] D:\Program Files\eset\nodenable.exe (.not file.) O4 - HKCU\..\Run: [VistaStartMenu] . (.OrdinarySoft - Vista Start Menu program.) -- D:\Program Files\Transform XP to Vista\Vista Start Menu\VistaStartMenu.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- D:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- D:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-21-1614895754-1220945662-1606980848-1004-1614895754-1220945662-1606980848-1003\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- D:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-1614895754-1220945662-1606980848-1004-1614895754-1220945662-1606980848-1003\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- D:\Program Files\QuickTime\qttask.exe O4 - HKUS\S-1-5-21-1614895754-1220945662-1606980848-1004-1614895754-1220945662-1606980848-1003\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- D:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe O4 - HKUS\S-1-5-21-1614895754-1220945662-1606980848-1004-1614895754-1220945662-1606980848-1003\..\Run: [mseancwxor.tmp] D:\DOCUME~1\ROLAND\LOCALS~1\Temp\mseancwxor.tmp (.not file.) O4 - HKUS\S-1-5-21-1614895754-1220945662-1606980848-1004-1614895754-1220945662-1606980848-1003\..\Run: [KB5164415.exe] D:\Documents and Settings\ROLAND\Application Data\E4D8BF60D9972B047999D933A349BD03\KB5164415.exe (.not file.) O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N 　 ---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8) O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- D:\PROGRA~1\MICROS~3\Office12\EXCEL.exe O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... . (.Pas de propriétaire - Pas de description.) -- D:\Program Files\Megaupload\Mega Manager\mm_file.htm 　 ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (.Pas de propriétaire - Pas de description.) -- D:\PROGRA~1\MICROS~3\Office12\REFBARH.ICO O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} . (.not file.) - (.not file.) O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- D:\Program Files\Messenger\msmsgs.exe 　 ---\\ Winsock hijacker (Layered Service Provider) (O10) O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- D:\WINDOWS\system32\mswsock.dll O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- D:\WINDOWS\system32\winrnr.dll O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- D:\WINDOWS\system32\mswsock.dll O10 - WLSP:\000000000004\Winsock LSP File . (.Apple Inc. - Bonjour Namespace Provider.) -- D:\Program Files\Bonjour\mdnsNSP.dll 　 ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab 　 ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{3DFF30BD-AC72-4EA5-A8F3-FB6F0859DB7E}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{3DFF30BD-AC72-4EA5-A8F3-FB6F0859DB7E}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{3DFF30BD-AC72-4EA5-A8F3-FB6F0859DB7E}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{3DFF30BD-AC72-4EA5-A8F3-FB6F0859DB7E}: DhcpDomain = Belkin O17 - HKLM\System\CS1\Services\Tcpip\..\{3DFF30BD-AC72-4EA5-A8F3-FB6F0859DB7E}: DhcpDomain = Belkin O17 - HKLM\System\CS2\Services\Tcpip\..\{3DFF30BD-AC72-4EA5-A8F3-FB6F0859DB7E}: DhcpDomain = Belkin O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 　 ---\\ Protocole additionnel et piratage de protocole (O18) O18 - Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} . (.Pas de propriétaire - Pas de description.) -- d:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll 　 ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- D:\WINDOWS\System32\dimsntfy.dll O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- D:\WINDOWS\System32\igfxdev.dll O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notifications Windows Genuine Advantage.) -- D:\WINDOWS\System32\WgaLogon.dll 　 ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- D:\WINDOWS\system32\webcheck.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} . (.Microsoft Corporation - Windows Portable Device Shell Service Objec.) -- D:\WINDOWS\system32\wpdshserviceobj.dll O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- D:\WINDOWS\system32\SHELL32.dll O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- D:\WINDOWS\system32\SHELL32.dll O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objet du service d'environnement Systray.) -- D:\WINDOWS\system32\stobject.dll 　 ---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22) O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- D:\WINDOWS\system32\browseui.dll 　 ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Apple Mobile Device (Apple Mobile Device) . (.Apple Inc. - Apple Mobile Device Service.) - D:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) . (.ASUSTeK COMPUTER INC. - ASUS Keyboard Service.) - D:\WINDOWS\ATKKBService.exe O23 - Service: Service Bonjour (Bonjour Service) . (.Apple Inc. - Bonjour Service.) - D:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java Quick Starter Service.) - D:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee SiteAdvisor Service (McAfee SiteAdvisor Service) . (.Pas de propriétaire - Pas de description.) - D:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: Service McAfee Personal Firewall (McMPFSvc) . (.McAfee, Inc. - McAfee Service Host.) - D:\Program Files\Fichiers communs\Mcafee\McSvcHost\McSvHost.exe O23 - Service: McAfee Services (mcmscsvc) . (.McAfee, Inc. - McAfee Service Host.) - D:\Program Files\Fichiers communs\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee VirusScan Announcer (McNaiAnn) . (.McAfee, Inc. - McAfee Service Host.) - D:\Program Files\Fichiers communs\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Network Agent (McNASvc) . (.McAfee, Inc. - McAfee Service Host.) - D:\Program Files\Fichiers communs\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Proxy Service (McProxy) . (.McAfee, Inc. - McAfee Service Host.) - D:\Program Files\Fichiers communs\McAfee\McSvcHost\McSvHost.exe O23 - Service: McShield (McShield) . (.McAfee, Inc. - McAfee On-Access Scanner service.) - D:\Program Files\Fichiers communs\McAfee\SystemCore\mcshield.exe O23 - Service: McAfee Firewall Core Service (mfefire) . (.McAfee, Inc. - McAfee Core Firewall Service.) - D:\Program Files\Fichiers communs\McAfee\SystemCore\mfefire.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) . (.McAfee, Inc. - McAfee Process Validation Service.) - D:\Program Files\Fichiers communs\McAfee\SystemCore\mfevtps.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) . (.McAfee, Inc. - McAfee Service Host.) - D:\Program Files\Fichiers communs\Mcafee\McSvcHost\McSvHost.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 162.1.) - D:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sentinel Keys Server (SentinelKeysServer) . (.SafeNet, Inc. - Pas de description.) - D:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe O23 - Service: Sentinel Protection Server (SentinelProtectionServer) . (.SafeNet, Inc - Sentinel Protection Server for SuperPro and.) - D:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe 　 ---\\ Enumération Active Desktop & MHTML Editor (O24) O24 - Default MHTML Editor: Last - .(.Pas de propriétaire - Pas de description.) - (.not file.) 　 ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - D:\WINDOWS\Tasks\PCConfidential.job 　 ---\\ Composants installés (ActiveSetup Installed Components) (O40) O40 - ASIC: Personnalisation du navigateur - >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS . (.Pas de propriétaire - Pas de description.) -- RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- D:\Program Files\Java\jre6\bin\regutils.dll O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\INF\msnetmtg.inf O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\INF\msmsgs.inf O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\INF\wmp.inf O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11cf-96B8-444553540000} . (.Adobe Systems, Inc. - Adobe Flash Player 10.0 r32.) -- D:\WINDOWS\system32\Macromed\Flash\Flash10c.ocx 　 ---\\ Pilotes lancés au démarrage (O41) O41 - Driver: Enhanced Display Driver Helper Service (asuskbnt) . (.ASUSTeK COMPUTER INC. - ASUS Help driver For Keyboard Service..) - D:\Windows\system32\drivers\atkkbnt.sys O41 - Driver: EIO (EIO) . (.ASUSTeK Computer Inc. - ASUS Kernel Mode Driver for NT.) - D:\WINDOWS\system32\drivers\EIO.sys O41 - Driver: McAfee Inc. mfetdi2k (mfetdi2k) . (.McAfee, Inc. - Anti-Virus Mini-Firewall Driver.) - D:\Windows\system32\drivers\mfetdi2k.sys 　 ---\\ Logiciels installés (O42) O42 - Logiciel: ASUS Gamer OSD - (.ASUSTeK COMPUTER INC..) [HKLM] -- {315ACD04-BCEB-478B-9B1D-5431D0E6CB11} O42 - Logiciel: AVS Audio Converter version 6.2 - (.Online Media Technologies Ltd..) [HKLM] -- AVS Audio Converter 6.2_is1 O42 - Logiciel: AVS Update Manager 1.0 - (.Online Media Technologies Ltd..) [HKLM] -- AVS Update Manager_is1 O42 - Logiciel: AVS4YOU Software Navigator 1.4 - (.Online Media Technologies Ltd..) [HKLM] -- AVS4YOU Software Navigator_is1 O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems, Inc..) [HKLM] -- {0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1} O42 - Logiciel: Adobe Reader 9.1 - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-A91000000001} O42 - Logiciel: Apple Application Support - (.Apple Inc..) [HKLM] -- {B2D328BE-45AD-4D92-96F9-2151490A203E} O42 - Logiciel: Apple Mobile Device Support - (.Apple Inc..) [HKLM] -- {85991ED2-010C-4930-96FA-52F43C2CE98A} O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM] -- {C41300B9-185D-475E-BFEC-39EF732F19B1} O42 - Logiciel: Assistant de connexion Windows Live - (.Microsoft Corporation.) [HKLM] -- {DCE8CD14-FBF5-4464-B9A4-E18E473546C7} O42 - Logiciel: Badongo - (.Badongo.) [HKLM] -- {9985ABB2-14F3-4825-B5AF-0EFB23F715CB} O42 - Logiciel: Bonjour - (.Apple Inc..) [HKLM] -- {0CB9668D-F979-4F31-B8B8-67FE90F929F8} O42 - Logiciel: BurnAware Free 2.4.7 - (.Burnaware Technologies.) [HKLM] -- BurnAware Free_is1 O42 - Logiciel: CDex - Open Source Digital Audio CD Extractor - (.Georgy Berdyshev.) [HKLM] -- CDex O42 - Logiciel: Canon MP Navigator 2.0 - (.Pas de propriétaire.) [HKLM] -- MP Navigator 2.0 O42 - Logiciel: Canon MP Navigator EX 3.0 - (.Pas de propriétaire.) [HKLM] -- MP Navigator EX 3.0 O42 - Logiciel: Canon MP450 - (.Pas de propriétaire.) [HKLM] -- {CF23AFD7-3078-4134-8823-EBF6D1FE6FAD} O42 - Logiciel: Canon MP560 series MP Drivers - (.Pas de propriétaire.) [HKLM] -- {1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series O42 - Logiciel: Canon Utilities My Printer - (.Pas de propriétaire.) [HKLM] -- CanonMyPrinter O42 - Logiciel: Canon Utilities Solution Menu - (.Pas de propriétaire.) [HKLM] -- CanonSolutionMenu O42 - Logiciel: ETKA 7.2 Final - (.Pas de propriétaire.) [HKLM] -- ETKA 7.2 Final O42 - Logiciel: Enregistrement utilisateur de Canon MP560 series - (.Pas de propriétaire.) [HKLM] -- Enregistrement utilisateur de Canon MP560 series O42 - Logiciel: FreeCompressor - (.Secure Digital Services.) [HKLM] -- {1EF93620-4B15-4DB4-B0EA-889E2F187081} O42 - Logiciel: Hardlock Device Drivers - (.Pas de propriétaire.) [HKLM] -- Hardlock Device Drivers O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595 O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484 O42 - Logiciel: Hotfix for Windows Media Format 11 SDK (KB929399) - (.Microsoft Corporation.) [HKLM] -- KB929399 O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM] -- KB954550-v5 O42 - Logiciel: Hotfix for Windows XP (KB976002-v5) - (.Microsoft Corporation.) [HKLM] -- KB976002-v5 O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite_Wave3 O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- {46ABBC54-1872-4AA3-95E2-F2C063A63F31} O42 - Logiciel: Intel® Graphics Media Accelerator Driver - (.Pas de propriétaire.) [HKLM] -- HDMI O42 - Logiciel: IsoBuster 2.5.5 - (.Smart Projects.) [HKLM] -- IsoBuster_is1 O42 - Logiciel: Java 6 Update 16 - (.Sun Microsystems, Inc..) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216016FF} O42 - Logiciel: LimeWire 5.5.9 - (.Lime Wire, LLC.) [HKLM] -- LimeWire O42 - Logiciel: Logiciel d'archivage WinRAR - (.Pas de propriétaire.) [HKLM] -- WinRAR archiver O42 - Logiciel: MSN - (.Pas de propriétaire.) [HKLM] -- MSNINST O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {22B775E7-6C42-4FC5-8E10-9A5E3257BD94} O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1 O42 - Logiciel: McAfee Internet Security - (.McAfee, Inc..) [HKLM] -- MSC O42 - Logiciel: Mega Manager - (.Megaupload Limited.) [HKLM] -- {3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2} O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA - (.Microsoft Corporation.) [HKLM] -- {72AD53CC-CCC0-3757-8480-9EE176866A7C} O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA - (.Microsoft Corporation.) [HKLM] -- {0BD83598-C2EF-3343-847B-7D2E84599128} O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack SP1 - fra - (.Microsoft Corporation.) [HKLM] -- {3E31821C-7917-367E-938E-E65FC413EA31} O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1 O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM] -- {F0E12BBA-AD66-4022-A453-A1C8A0C4D570} O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-006E-040C-0000-0000000FF1CE}_PROPLUS_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0} O42 - Logiciel: Microsoft Office Access MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0015-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Excel MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0016-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office InfoPath MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0044-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Outlook MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001A-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office PowerPoint MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0018-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Professional Plus 2007 - (.Microsoft Corporation.) [HKLM] -- PROPLUS O42 - Logiciel: Microsoft Office Professional Plus 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proof (Arabic) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0401-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proof (Dutch) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0413-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proof (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proof (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proof (German) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0407-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proof (Spanish) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proofing (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-002C-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0401-0000-0000000FF1CE}_PROPLUS_{14809F99-C601-4D4A-9391-F1E8FAA964C5} O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165} O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045} O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787} O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB} O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9} O42 - Logiciel: Microsoft Office Publisher MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0019-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Shared MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-006E-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Word MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001B-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {837b34e3-7c30-493c-8f6a-2b0f04e2912c} O42 - Logiciel: Module linguistique Microsoft .NET Framework 3.5 SP1- fra - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 Language Pack SP1 - fra O42 - Logiciel: NVIDIA Drivers - (.Pas de propriétaire.) [HKLM] -- NVIDIA Drivers O42 - Logiciel: OfferBox - (.Secure Digital Services.) [HKLM] -- {2C8574B5-6935-4FCE-860E-F4E8602378FF} O42 - Logiciel: Outil de téléchargement Windows Live - (.Microsoft Corporation.) [HKLM] -- {205C6BDD-7B73-42DE-8505-9A093F35A238} O42 - Logiciel: QuickTime - (.Apple Inc..) [HKLM] -- {3D9892BB-A751-4E48-ADC8-E4289956CE1D} O42 - Logiciel: REALTEK GbE & FE Ethernet PCI-E NIC Driver - (.Realtek.) [HKLM] -- {C9BED750-1211-4480-B1A5-718A3BE15525} O42 - Logiciel: RocketDock 1.3.5 - (.Punk Software.) [HKLM] -- RocketDock_is1 O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2277947) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{5857EE21-03D0-482E-9620-5A30B314A2AE} O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB969559) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{69F52148-9BF6-4CDC-BF76-103DEAF3DD08} O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB976321) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{7F207DCA-3399-40CB-A968-6E5991B1421A} O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB982312) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{B0EC5722-241F-4CDA-83B4-AA5846B6F9F4} O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB982331) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E8766951-2B6C-4022-86E8-80D2D1762B76} O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.) [HKLM] -- KB931906 O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.) [HKLM] -- {0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} O42 - Logiciel: Security Update for Microsoft Office Access 2007 (KB979440) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{1142CCEC-ACA9-484B-BA90-C3A5CA1988C5} O42 - Logiciel: Security Update for Microsoft Office Access 2007 (KB979440) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{5A4E43D5-858F-49BD-BA72-8F30E1793060} O42 - Logiciel: Security Update for Microsoft Office Excel 2007 (KB982308) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B} O42 - Logiciel: Security Update for Microsoft Office InfoPath 2007 (KB979441) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{1109D0B3-EFA3-4553-AAED-4C3E9AD130E8} O42 - Logiciel: Security Update for Microsoft Office InfoPath 2007 (KB979441) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB} O42 - Logiciel: Security Update for Microsoft Office Outlook 2007 (KB980376) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{48113C06-9BA2-4D54-A731-D1D2C5B3144A} O42 - Logiciel: Security Update for Microsoft Office PowerPoint 2007 (KB982158) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{F5B70033-E79C-4569-90BF-BC9B4E4F3F46} O42 - Logiciel: Security Update for Microsoft Office Publisher 2007 (KB982124) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{289FA8BC-6A8E-4341-B194-EB26B49E9F5D} O42 - Logiciel: Security Update for Microsoft Office Visio Viewer 2007 (KB973709) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{71127777-8B2C-4F97-AF7A-6CF8CAC8224D} O42 - Logiciel: Security Update for Microsoft Office Word 2007 (KB2251419) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{7E9103DA-253F-41FF-9E83-7C83806C77DA} O42 - Logiciel: Security Update for Microsoft Office system 2007 (972581) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF} O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB974234) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{FCD742B9-7A55-44BC-A776-F795F21FEDDC} O42 - Logiciel: Segoe UI - (.Microsoft Corp.) [HKLM] -- {A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} O42 - Logiciel: Sentinel Protection Installer 7.5.0 - (.SafeNet, Inc..) [HKLM] -- {A5A63519-F5C2-4F4A-849A-F28A1AB3D522} O42 - Logiciel: Transform XP to Vista 3.1 - (.OrdinarySoft.) [HKLM] -- Transform XP to Vista_is1 O42 - Logiciel: UltraUXThemePatcher - (.Manuel Hoefs (alias Zottel).) [HKLM] -- UltraUXThemePatcher O42 - Logiciel: Update for 2007 Microsoft Office System (KB967642) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D} O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707 O42 - Logiciel: Update for Outlook 2007 Junk Email Filter (kb2279264) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{01D475AB-57B1-44CC-8A8F-3A6B0FA4989F} O42 - Logiciel: VIA Gestionnaire de périphériques de plate-forme - (.VIA Technologies, Inc..) [HKLM] -- InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169} O42 - Logiciel: VLC media player 1.1.1 - (.VideoLAN.) [HKLM] -- VLC media player O42 - Logiciel: Vista Start Menu 3.31 - (.OrdinarySoft.) [HKLM] -- Vista Start Menu_is1 O42 - Logiciel: Windows Genuine Advantage Notifications (KB905474) - (.Microsoft Corporation.) [HKLM] -- WgaNotify O42 - Logiciel: Windows Genuine Advantage Validation Tool (KB892130) - (.Microsoft Corporation.) [HKLM] -- KB892130 O42 - Logiciel: Windows Internet Explorer 8 - (.Microsoft Corporation.) [HKLM] -- ie8 O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM] -- {82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41} O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {3B4E636E-9D65-4D67-BA61-189800823F52} O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {770F1BEC-2871-4E70-B837-FB8525FFA3B1} O42 - Logiciel: XML Paper Specification Shared Components Language Pack 1.0 - (.Microsoft Corporation.) [HKLM] -- XPSEPSCLP O42 - Logiciel: iTunes - (.Apple Inc..) [HKLM] -- {7AB3A249-FB81-416B-917A-A2A10E74C503} ---\\ HKCU & HKLM Software Keys [HKCU\Software\ASUS] [HKCU\Software\AVS4YOU] [HKCU\Software\Adobe] [HKCU\Software\Apple Computer, Inc.] [HKCU\Software\Apple Inc.] [HKCU\Software\Bitberry] [HKCU\Software\Canon] [HKCU\Software\Classes] [HKCU\Software\ESET] [HKCU\Software\FreeCompressor] [HKCU\Software\Freeze.com] [HKCU\Software\GNU] [HKCU\Software\IM Providers] [HKCU\Software\Intel] [HKCU\Software\JavaSoft] [HKCU\Software\Local AppWizard-Generated Applications] [HKCU\Software\Macromedia] [HKCU\Software\Magnet] [HKCU\Software\Malwarebytes' Anti-Malware] [HKCU\Software\MarineCat] [HKCU\Software\McAfee] [HKCU\Software\Megaupload] [HKCU\Software\NVIDIA Corporation] [HKCU\Software\Netscape] [HKCU\Software\ODBC] [HKCU\Software\OfferBox] [HKCU\Software\Ordinarysoft] [HKCU\Software\Policies] [HKCU\Software\Smart Projects] [HKCU\Software\Spointer] [HKCU\Software\WinRAR SFX] [HKCU\Software\WinRAR] [HKCU\Software\Winamp] [HKCU\Software\Winferno] [HKCU\Software\YahooPartnerToolbar] [HKCU\Software\Yahoo] [HKLM\Software\ADSECURITY] [HKLM\Software\ASUSTeK COMPUTER INC.] [HKLM\Software\ASUS] [HKLM\Software\AUTODATA] [HKLM\Software\AVS4YOU] [HKLM\Software\Adobe] [HKLM\Software\Aladdin Knowledge Systems] [HKLM\Software\America Online] [HKLM\Software\Apple Computer, Inc.] [HKLM\Software\Apple Inc.] [HKLM\Software\Autodata Limited] [HKLM\Software\BrowserChoice] [HKLM\Software\C07ft5Y] [HKLM\Software\Canon] [HKLM\Software\Classes] [HKLM\Software\Clients] [HKLM\Software\Creative Tech] [HKLM\Software\ESET] [HKLM\Software\FreeCompressor] [HKLM\Software\Freeze.com] [HKLM\Software\GEAR Software] [HKLM\Software\Gemplus] [HKLM\Software\Google] [HKLM\Software\InstallShield] [HKLM\Software\Intel] [HKLM\Software\JavaSoft] [HKLM\Software\Macromedia] [HKLM\Software\Malwarebytes' Anti-Malware] [HKLM\Software\McAfee.com] [HKLM\Software\McAfee] [HKLM\Software\Megaupload Limited] [HKLM\Software\Megaupload] [HKLM\Software\MozillaPlugins] [HKLM\Software\Mozilla] [HKLM\Software\NVIDIA Corporation] [HKLM\Software\ODBC] [HKLM\Software\OfferBox] [HKLM\Software\Policies] [HKLM\Software\Program Groups] [HKLM\Software\RTLSetup] [HKLM\Software\Rainbow Technologies] [HKLM\Software\Realtek] [HKLM\Software\RegisteredApplications] [HKLM\Software\Safenet Sentinel] [HKLM\Software\Schlumberger] [HKLM\Software\Secure] [HKLM\Software\SiteAdvisor] [HKLM\Software\VIA Technologies, Inc] [HKLM\Software\VideoLAN] [HKLM\Software\Volkswagen AG] [HKLM\Software\WinRAR] [HKLM\Software\Windows 3.1 Migration Status] [HKLM\Software\Winferno] [HKLM\Software\Yahoo] [HKLM\Software\lameme] [HKLM\Software\mozilla.org] 　 ---\\ Contenu des dossiers ProgramFiles/ProgramData (O43) O43 - CFD:Common File Directory ----D- D:\Program Files\Adobe O43 - CFD:Common File Directory ----D- D:\Program Files\Apple Software Update O43 - CFD:Common File Directory ----D- D:\Program Files\ASUS O43 - CFD:Common File Directory ----D- D:\Program Files\AVS4YOU O43 - CFD:Common File Directory ----D- D:\Program Files\Badongo O43 - CFD:Common File Directory ----D- D:\Program Files\Bonjour O43 - CFD:Common File Directory ----D- D:\Program Files\BurnAware Free O43 - CFD:Common File Directory ----D- D:\Program Files\Canon O43 - CFD:Common File Directory --H-D- D:\Program Files\CanonBJ O43 - CFD:Common File Directory ----D- D:\Program Files\CDex O43 - CFD:Common File Directory ----D- D:\Program Files\ComPlus Applications O43 - CFD:Common File Directory ----D- D:\Program Files\ESET O43 - CFD:Common File Directory ----D- D:\Program Files\Fichiers communs O43 - CFD:Common File Directory ----D- D:\Program Files\FreeCompressor O43 - CFD:Common File Directory --H-D- D:\Program Files\InstallShield Installation Information O43 - CFD:Common File Directory ----D- D:\Program Files\Intel O43 - CFD:Common File Directory ----D- D:\Program Files\Internet Explorer O43 - CFD:Common File Directory ----D- D:\Program Files\iPod O43 - CFD:Common File Directory ----D- D:\Program Files\iTunes O43 - CFD:Common File Directory ----D- D:\Program Files\Java O43 - CFD:Common File Directory ----D- D:\Program Files\LimeWire O43 - CFD:Common File Directory ----D- D:\Program Files\Malwarebytes' Anti-Malware O43 - CFD:Common File Directory ----D- D:\Program Files\McAfee O43 - CFD:Common File Directory ----D- D:\Program Files\McAfee.com O43 - CFD:Common File Directory ----D- D:\Program Files\Megaupload O43 - CFD:Common File Directory ----D- D:\Program Files\Messenger O43 - CFD:Common File Directory ----D- D:\Program Files\Microsoft O43 - CFD:Common File Directory ----D- D:\Program Files\Microsoft CAPICOM 2.1.0.2 O43 - CFD:Common File Directory ----D- D:\Program Files\microsoft frontpage O43 - CFD:Common File Directory ----D- D:\Program Files\Microsoft Office O43 - CFD:Common File Directory ----D- D:\Program Files\Microsoft Silverlight O43 - CFD:Common File Directory ----D- D:\Program Files\Microsoft Visual Studio O43 - CFD:Common File Directory ----D- D:\Program Files\Microsoft Works O43 - CFD:Common File Directory ----D- D:\Program Files\Movie Maker O43 - CFD:Common File Directory ----D- D:\Program Files\MSBuild O43 - CFD:Common File Directory ----D- D:\Program Files\MSN O43 - CFD:Common File Directory ----D- D:\Program Files\MSN Gaming Zone O43 - CFD:Common File Directory ----D- D:\Program Files\My Company Name O43 - CFD:Common File Directory ----D- D:\Program Files\NetMeeting O43 - CFD:Common File Directory ----D- D:\Program Files\OfferBox O43 - CFD:Common File Directory ----D- D:\Program Files\Online Services O43 - CFD:Common File Directory ----D- D:\Program Files\Outlook Express O43 - CFD:Common File Directory ----D- D:\Program Files\QuickTime O43 - CFD:Common File Directory ----D- D:\Program Files\Realtek O43 - CFD:Common File Directory ----D- D:\Program Files\Reference Assemblies O43 - CFD:Common File Directory ----D- D:\Program Files\RocketDock O43 - CFD:Common File Directory ----D- D:\Program Files\SafeNet Sentinel O43 - CFD:Common File Directory ----D- D:\Program Files\Services en ligne O43 - CFD:Common File Directory ----D- D:\Program Files\Smart Projects O43 - CFD:Common File Directory ----D- D:\Program Files\Transform XP to Vista O43 - CFD:Common File Directory ----D- D:\Program Files\UltraUXThemePatcher O43 - CFD:Common File Directory --H-D- D:\Program Files\Uninstall Information O43 - CFD:Common File Directory ----D- D:\Program Files\VIA O43 - CFD:Common File Directory ----D- D:\Program Files\VideoLAN O43 - CFD:Common File Directory ----D- D:\Program Files\Vista Start Menu O43 - CFD:Common File Directory ----D- D:\Program Files\Windows Live O43 - CFD:Common File Directory ----D- D:\Program Files\Windows Live SkyDrive O43 - CFD:Common File Directory ----D- D:\Program Files\Windows Media Connect 2 O43 - CFD:Common File Directory ----D- D:\Program Files\Windows Media Player O43 - CFD:Common File Directory ----D- D:\Program Files\Windows NT O43 - CFD:Common File Directory --H-D- D:\Program Files\WindowsUpdate O43 - CFD:Common File Directory ----D- D:\Program Files\Winferno O43 - CFD:Common File Directory ----D- D:\Program Files\WinRAR O43 - CFD:Common File Directory ----D- D:\Program Files\xerox O43 - CFD:Common File Directory ----D- D:\Program Files\Yahoo! O43 - CFD:Common File Directory ----D- D:\Program Files\ZHPDiag O43 - CFD:Common File Directory ----D- D:\Program Files\Fichiers Communs\Adobe O43 - CFD:Common File Directory ----D- D:\Program Files\Fichiers Communs\Apple O43 - CFD:Common File Directory ----D- D:\Program Files\Fichiers Communs\AVSMedia O43 - CFD:Common File Directory ----D- D:\Program Files\Fichiers Communs\CANON O43 - CFD:Common File Directory ----D- D:\Program Files\Fichiers Communs\DESIGNER O43 - CFD:Common File Directory ----D- D:\Program Files\Fichiers Communs\InstallShield O43 - CFD:Common File Directory ----D- D:\Program Files\Fichiers Communs\McAfee O43 - CFD:Common File Directory ----D- D:\Program Files\Fichiers Communs\Microsoft Shared O43 - CFD:Common File Directory ----D- D:\Program Files\Fichiers Communs\MSSoap O43 - CFD:Common File Directory ----D- D:\Program Files\Fichiers Communs\ODBC O43 - CFD:Common File Directory ----D- D:\Program Files\Fichiers Communs\SafeNet Sentinel O43 - CFD:Common File Directory ----D- D:\Program Files\Fichiers Communs\Services O43 - CFD:Common File Directory ----D- D:\Program Files\Fichiers Communs\SpeechEngines O43 - CFD:Common File Directory ----D- D:\Program Files\Fichiers Communs\System O43 - CFD:Common File Directory ----D- D:\Program Files\Fichiers Communs\Windows Live 　 ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.00000000000000000000000000000000] - 05/09/2010 - 21:09:51 ---A- . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\WindowsUpdate.log [2058976] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 05/09/2010 - 21:09:32 ---A- . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\0.log [0] O44 - LFC:[MD5.00000000000000000000000000000000] - 05/09/2010 - 21:08:50 ---A- . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\wiaservc.log [50] O44 - LFC:[MD5.00000000000000000000000000000000] - 05/09/2010 - 21:08:48 ---A- . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\wiadebug.log [159] O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 05/09/2010 - 21:08:32 -S-A- . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\bootstat.dat [2048] O44 - LFC:[MD5.00000000000000000000000000000000] - 05/09/2010 - 21:07:34 ---A- . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\SchedLgU.Txt [32392] O44 - LFC:[MD5.C7DD7D9739785BD3A6B8499EEC1DEE7E] - 05/09/2010 - 20:15:34 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys [38224] O44 - LFC:[MD5.67B48A903430C6D4FB58CBACA1866601] - 05/09/2010 - 20:15:33 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- D:\WINDOWS\System32\drivers\mbam.sys [20952] O44 - LFC:[MD5.65DF39704BB72594C5DB9E45FD38542D] - 05/09/2010 - 20:08:57 ---A- . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\System32\wpa.dbl [2206] O44 - LFC:[MD5.C23FC9EE782AB388F7DAAD85C2B3E016] - 05/09/2010 - 20:01:34 ---A- . (.Pas de propriétaire - Pas de description.) -- D:\rkill.log [409] O44 - LFC:[MD5.451BDD96DF89A6BD2EDA7B7A4D723E58] - 05/09/2010 - 19:55:29 ---A- . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\ntbtlog.txt [78578] O44 - LFC:[MD5.C4792C2BA4E32A0ECE14D2018EA1A0CE] - 05/09/2010 - 16:16:08 ---A- . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\setupapi.log [92339] O44 - LFC:[MD5.E5B8FF1F39E5933722B4A3779C3B3CC2] - 23/08/2010 - 07:37:48 ---A- . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\System32\FNTCACHE.DAT [267008] O44 - LFC:[MD5.7D0175A65FE75C5D8482A908E808B332] - 23/08/2010 - 07:21:56 ---A- . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\FaxSetup.log [716970] O44 - LFC:[MD5.4F07166794F85A0F0B5C44EC7F0EA52A] - 23/08/2010 - 07:21:56 ---A- . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\KB982214.log [13942] O44 - LFC:[MD5.AD177EAE883013642FC7347E284BBF2B] - 23/08/2010 - 07:21:56 ---A- . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\MedCtrOC.log [50231] O44 - LFC:[MD5.799518B7586939AFA82D2536FEA3A434] - 23/08/2010 - 07:21:56 ---A- . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\comsetup.log [251339] O44 - LFC:[MD5.F80D4022328036741C02F165151A73B0] - 23/08/2010 - 07:21:56 ---A- . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\iis6.log [810010] O44 - LFC:[MD5.E68B791173611472B5BF97E15ACFA7AE] - 23/08/2010 - 07:21:56 ---A- . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\imsins.log [1374] O44 - LFC:[MD5.598E00CCC658064ED63BAFA71B832333] - 23/08/2010 - 07:21:56 ---A- . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\msgsocm.log [36267] O44 - LFC:[MD5.8A281EDBF35FD64A872DFC4C486D7A73] - 23/08/2010 - 07:21:56 ---A- . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\netfxocm.log [126761] O44 - LFC:[MD5.B2B7EED92D7121DE234F1FCF0C77091C] - 23/08/2010 - 07:21:56 ---A- . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\ntdtcsetup.log [150600] O44 - LFC:[MD5.7012FCA90C9C3504526BD866BCDFA51C] - 23/08/2010 - 07:21:56 ---A- . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\ocgen.log [402516] O44 - LFC:[MD5.D6FDC29AE21EC318AA9832EEFADF9E2A] - 23/08/2010 - 07:21:56 ---A- . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\ocmsn.log [40000] O44 - LFC:[MD5.02A29945024631073178859FE7398D8D] - 23/08/2010 - 07:21:56 ---A- . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\tabletoc.log [36706] O44 - LFC:[MD5.F2AD6FBB8DD59268445BDC8C5C9E2FFF] - 23/08/2010 - 07:21:56 ---A- . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\tsoc.log [334249] O44 - LFC:[MD5.D620B3D96E179473B664074190938A43] - 23/08/2010 - 07:21:55 ---A- . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\msmqinst.log [227364] O44 - LFC:[MD5.DF6EC5B91B808DEDC661840E9D8B9230] - 23/08/2010 - 07:21:49 ---A- . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\imsins.BAK [1374] O44 - LFC:[MD5.0FEC58BC2A6F21D774CC0B79EE44F092] - 23/08/2010 - 07:21:48 ---A- . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\KB2115168.log [18203] O44 - LFC:[MD5.99959F20B5B642F72B18DEC5C0657B72] - 23/08/2010 - 07:21:40 ---A- . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\KB981852.log [15682] O44 - LFC:[MD5.D66C16C9AE9A874D6420B11D11EA116C] - 23/08/2010 - 07:21:26 ---A- . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\KB2079403.log [18592] O44 - LFC:[MD5.106F8AE8E0EDFD567994F72962B070FF] - 23/08/2010 - 07:21:24 ---A- . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\updspapi.log [88269] O44 - LFC:[MD5.7190AA76D415054EA2838994A5AB9CE0] - 23/08/2010 - 07:20:16 ---A- . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\System32\PerfStringBackup.INI [1057160] O44 - LFC:[MD5.0055574E0FE99C4DB6EF2046C5F87D69] - 23/08/2010 - 07:20:16 ---A- . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\System32\perfc009.dat [68156] O44 - LFC:[MD5.F102112DA91CA191037A4A71CCF9BC46] - 23/08/2010 - 07:20:16 ---A- . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\System32\perfc00C.dat [81386] O44 - LFC:[MD5.BBCEE078BD8B8EBCC94EA27F7A888AE9] - 23/08/2010 - 07:20:16 ---A- . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\System32\perfh009.dat [435260] O44 - LFC:[MD5.7C058D7E9DC9B4519A903A0300F52C3A] - 23/08/2010 - 07:20:16 ---A- . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\System32\perfh00C.dat [503210] O44 - LFC:[MD5.BDBAB04AAA0B8974418D19454B788CA4] - 23/08/2010 - 07:17:58 ---A- . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\KB2183461-IE8.log [16451] O44 - LFC:[MD5.F3F96F41F895EB7CA8E53F95290C072F] - 23/08/2010 - 07:17:31 ---A- . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\KB2160329.log [12886] O44 - LFC:[MD5.BF36D557758E953B72EF3A79A7D85A48] - 23/08/2010 - 07:17:25 ---A- . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\KB980436.log [12232] O44 - LFC:[MD5.BA1766E0D731C03C6DD3CBAE100FCF94] - 23/08/2010 - 07:16:06 ---A- . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\KB981997.log [6641] O44 - LFC:[MD5.9BCE4885701F782D70D839419A4C9EB3] - 23/08/2010 - 07:15:40 ---A- . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\KB982665.log [10776] 　 ---\\ Export de clé d'application autorisée (ECAA) (O47) O47 - AAKE:Key Export SP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- D:\WINDOWS\system32\sessmgr.exe O47 - AAKE:Key Export SP - "D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" [Enabled] .(.Microsoft Corporation - Microsoft Office Outlook.) -- D:\Program Files\Microsoft Office\Office12\OUTLOOK.exe O47 - AAKE:Key Export SP - "D:\Program Files\Windows Live\Messenger\wlcsdk.exe" [Enabled] .(.Microsoft Corporation - Windows Live Call.) -- D:\Program Files\Windows Live\Messenger\wlcsdk.exe O47 - AAKE:Key Export SP - "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" [Enabled] .(.Microsoft Corporation - Windows Live Messenger.) -- D:\Program Files\Windows Live\Messenger\msnmsgr.exe O47 - AAKE:Key Export SP - "D:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- D:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe O47 - AAKE:Key Export SP - "D:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe" [Disabled] .(.SafeNet, Inc - .) (.not file.) -- D:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe O47 - AAKE:Key Export SP - "D:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe" [Disabled] .(.SafeNet, Inc. - .) (.not file.) -- D:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe O47 - AAKE:Key Export SP - "D:\Program Files\LimeWire\LimeWire.exe" [Enabled] .(.Lime Wire, LLC - LimeWire.) (.not file.) -- D:\Program Files\LimeWire\LimeWire.exe O47 - AAKE:Key Export SP - "D:\Program Files\Bonjour\mDNSResponder.exe" [Enabled] .(.Apple Inc. - Bonjour Service.) (.not file.) -- D:\Program Files\Bonjour\mDNSResponder.exe O47 - AAKE:Key Export SP - "D:\Program Files\iTunes\iTunes.exe" [Enabled] .(.Apple Inc. - iTunes.) (.not file.) -- D:\Program Files\iTunes\iTunes.exe O47 - AAKE:Key Export SP - "D:\Program Files\Fichiers communs\McAfee\McSvcHost\McSvHost.exe" [Enabled] .(.McAfee, Inc. - McAfee Service Host.) (.not file.) -- D:\Program Files\Fichiers communs\McAfee\McSvcHost\McSvHost.exe O47 - AAKE:Key Export DP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- D:\WINDOWS\system32\sessmgr.exe O47 - AAKE:Key Export DP - "D:\Program Files\Windows Live\Messenger\wlcsdk.exe" [Enabled] .(.Microsoft Corporation - Windows Live Call.) -- D:\Program Files\Windows Live\Messenger\wlcsdk.exe O47 - AAKE:Key Export DP - "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" [Enabled] .(.Microsoft Corporation - Windows Live Messenger.) -- D:\Program Files\Windows Live\Messenger\msnmsgr.exe 　 ---\\ Déni du service (Local Security Authority) (LSA) (O48) O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- D:\WINDOWS\System32\msv1_0.dll O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l'Éditeur de configuration de sécurité Windows.) -- D:\WINDOWS\System32\scecli.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- D:\WINDOWS\System32\msv1_0.dll 　 ---\\ Contrôle du Safe Boot (CSB) (O49) O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\mfefirek.sys . (.McAfee, Inc. - McAfee Core Firewall Engine Driver.) -- D:\WINDOWS\System32\Drivers\mfefirek.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\mfehidk.sys . (.McAfee, Inc. - McAfee Link Driver.) -- D:\WINDOWS\System32\Drivers\mfehidk.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\mfefirek.sys . (.McAfee, Inc. - McAfee Core Firewall Engine Driver.) -- D:\WINDOWS\System32\Drivers\mfefirek.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\mfehidk.sys . (.McAfee, Inc. - McAfee Link Driver.) -- D:\WINDOWS\System32\Drivers\mfehidk.sys O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\mfefirek.sys . (.McAfee, Inc. - McAfee Core Firewall Engine Driver.) -- D:\WINDOWS\System32\Drivers\mfefirek.sys O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\mfehidk.sys . (.McAfee, Inc. - McAfee Link Driver.) -- D:\WINDOWS\System32\Drivers\mfehidk.sys 　 ---\\ Image File Execution Options (IFEO) (O50) O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d 　 ---\\ MountPoints2 Shell Key (MPSK) (O51) O51 - MPSK:{43ea9feb-a196-11df-9dfb-00400510ae47}\Shell\AutoRun\command. (.Pas de propriétaire - Pas de description.) -- F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\DrvGuard32.exe O51 - MPSK:{4e891b02-a165-11df-9df9-00400510ae47}\Shell\AutoRun\command. (.Pas de propriétaire - Pas de description.) -- G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\DrvGuard32.exe (.not file.) 　 ---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52) O52 - TDSD: \Drivers32\"msacm.trspch"="tssoft32.acm" . (.DSP GROUP, INC. - Codec audio TrueSpeech DSP Group pour MSACM V3.50.) -- D:\WINDOWS\System32\tssoft32.acm O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- D:\WINDOWS\System32\iccvid.dll O52 - TDSD: \Drivers32\"vidc.iv31"="ir32_32.dll" . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\System32\ir32_32.dll O52 - TDSD: \Drivers32\"vidc.iv32"="ir32_32.dll" . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\System32\ir32_32.dll O52 - TDSD: \Drivers32\"vidc.iv41"="ir41_32.ax" . (.Intel Corporation - Intel Indeo® Video 4.5.) -- D:\WINDOWS\System32\ir41_32.ax O52 - TDSD: \Drivers32\"msacm.sl_anet"="sl_anet.acm" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- D:\WINDOWS\System32\sl_anet.acm O52 - TDSD: \Drivers32\"msacm.iac2"="D:\WINDOWS\system32\iac25_32.ax" . (.Intel Corporation - Indeo® audio software.) -- D:\WINDOWS\system32\iac25_32.ax O52 - TDSD: \Drivers32\"vidc.iv50"="ir50_32.dll" . (.Intel Corporation - Intel Indeo® video 5.10.) -- D:\WINDOWS\System32\ir50_32.dll O52 - TDSD: \Drivers32\"msacm.l3acm"="D:\WINDOWS\system32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- D:\WINDOWS\system32\l3codeca.acm O52 - TDSD: \drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- D:\WINDOWS\System32\sl_anet.acm O52 - TDSD: \drivers.desc\"D:\WINDOWS\system32\iac25_32.ax"="Indeo® audio software" . (.Intel Corporation - Indeo® audio software.) -- D:\WINDOWS\system32\iac25_32.ax O52 - TDSD: \drivers.desc\"ir50_32.dll"="Indeo® video 5.10" . (.Pas de propriétaire - Pas de description.) -- (.not file.) O52 - TDSD: \drivers.desc\"D:\WINDOWS\system32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- D:\WINDOWS\system32\l3codeca.acm 　 ---\\ Microsoft Control Security Providers (MCSP) (O54) O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- D:\WINDOWS\system32\msapsspc.dll O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- D:\WINDOWS\system32\schannel.dll O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- D:\WINDOWS\system32\digest.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- D:\WINDOWS\system32\msapsspc.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- D:\WINDOWS\system32\schannel.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- D:\WINDOWS\system32\digest.dll 　 ---\\ Microsoft Windows Policies System (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0 O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"= O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"= O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1 　 ---\\ Microsoft Windows Policies Explorer (MWPE) (O56) O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=145 O56 - MWPE:[HKLM\...\policies\Explorer] - "HonorAutoRunSetting"=1 　 ---\\ Liste des Drivers Système (SDL) (O58) O58 - SDL:[MD5.D48659BB24C48345D926ECB45C1EBDF5] - 13/08/2004 - 11:56:20 R--A- . (.Pas de propriétaire - ATK0110 ACPI Utility.) -- D:\WINDOWS\system32\drivers\ASACPI.sys O58 - SDL:[MD5.2AD78087FF299D1596F0336749F84B1F] - 01/08/2007 - 04:39:28 ---A- . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\system32\drivers\ASUSHWIO.SYS O58 - SDL:[MD5.B3B881EB81013AAC11594A5400ADA47A] - 12/07/2007 - 09:03:38 ---A- . (.ASUSTeK COMPUTER INC. - ASUS Help driver For Keyboard Service..) -- D:\WINDOWS\system32\drivers\atkkbnt.sys O58 - SDL:[MD5.BE45142C45E28B6E39B08E7B452A0C16] - 12/07/2007 - 09:03:38 ---A- . (.ASMT - Kernel-Mode Dll.) -- D:\WINDOWS\system32\drivers\Bravo.sys O58 - SDL:[MD5.44E4A7DDED054DD55AE995C3AED719AE] - 31/05/2010 - 19:32:58 ---A- . (.McAfee, Inc. - McAfee Personal Firewall IDS Plugin.) -- D:\WINDOWS\system32\drivers\cfwids.sys O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 14/04/2008 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- D:\WINDOWS\system32\drivers\cinemst2.sys O58 - SDL:[MD5.9624293E55AD405415862B504CA95B73] - 14/04/2008 - 13:00:00 ---A- . (.Compaq Computer Corporation - Compaq PA-1 Player Driver.) -- D:\WINDOWS\system32\drivers\cpqdap01.sys O58 - SDL:[MD5.0DAF3544804650526751C478AECCCE63] - 12/07/2007 - 09:03:38 ---A- . (.ASUSTeK Computer Inc. - ASUS Kernel Mode Driver for NT.) -- D:\WINDOWS\system32\drivers\EIO.sys O58 - SDL:[MD5.8182FF89C65E4D38B2DE4BB0FB18564E] - 18/05/2009 - 12:17:00 ---A- . (.GEAR Software Inc. - CD DVD Filter.) -- D:\WINDOWS\system32\drivers\GEARAspiWDM.sys O58 - SDL:[MD5.9D4AD703C57F87118BFCD83787E6D82D] - 09/11/2005 - 08:44:36 ---A- . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\system32\drivers\hardlock.sys O58 - SDL:[MD5.573C7D0A32852B48F3058CFD8026F511] - 14/04/2008 - 13:00:00 ---A- . (.Windows ® Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- D:\WINDOWS\system32\drivers\hdaudbus.sys O58 - SDL:[MD5.CD32607F1CC8AC67224334AE123F7B98] - 17/03/2008 - 01:45:50 R--A- . (.Intel Corporation - Intel Graphics Miniport Driver.) -- D:\WINDOWS\system32\drivers\igxpmp32.sys O58 - SDL:[MD5.67B48A903430C6D4FB58CBACA1866601] - 29/04/2010 - 14:39:26 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- D:\WINDOWS\system32\drivers\mbam.sys O58 - SDL:[MD5.C7DD7D9739785BD3A6B8499EEC1DEE7E] - 29/04/2010 - 14:39:38 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- D:\WINDOWS\system32\drivers\mbamswissarmy.sys O58 - SDL:[MD5.B77E959E1C50D3E3A9D9EF423BE62E09] - 31/05/2010 - 19:32:58 ---A- . (.McAfee, Inc. - Access Protection Filter Driver.) -- D:\WINDOWS\system32\drivers\mfeapfk.sys O58 - SDL:[MD5.E84596FCB591117F5597498A5F82AD97] - 31/05/2010 - 19:32:58 ---A- . (.McAfee, Inc. - Anti-Virus File System Filter Driver.) -- D:\WINDOWS\system32\drivers\mfeavfk.sys O58 - SDL:[MD5.D40CE01E2D3FE0C079CD2D6B3E4B823B] - 31/05/2010 - 19:32:58 ---A- . (.McAfee, Inc. - Buffer Overflow Protection Driver.) -- D:\WINDOWS\system32\drivers\mfebopk.sys O58 - SDL:[MD5.403F171BE080DF2B7A3865F014F4D0CA] - 31/05/2010 - 19:32:58 ---A- . (.McAfee, Inc. - McAfee Driver Cleaning Driver.) -- D:\WINDOWS\system32\drivers\mfeclnk.sys O58 - SDL:[MD5.3962C6A9E35C4319DCDAB0497614FD69] - 31/05/2010 - 19:32:58 ---A- . (.McAfee, Inc. - McAfee Core Firewall Engine Driver.) -- D:\WINDOWS\system32\drivers\mfefirek.sys O58 - SDL:[MD5.E7ECF7872BF8F2897AE5A696D908C2F7] - 31/05/2010 - 19:32:58 ---A- . (.McAfee, Inc. - McAfee Link Driver.) -- D:\WINDOWS\system32\drivers\mfehidk.sys O58 - SDL:[MD5.554DBBDC8C3B4F380B21269239BD29BB] - 31/05/2010 - 19:32:58 ---A- . (.McAfee, Inc. - McAfee NDIS Intermediate Driver.) -- D:\WINDOWS\system32\drivers\mfendisk.sys O58 - SDL:[MD5.E411594AC94BAEF7F8EA991CC8F47FD1] - 31/05/2010 - 19:32:58 ---A- . (.McAfee, Inc. - McAfee Code Analysis Driver.) -- D:\WINDOWS\system32\drivers\mferkdet.sys O58 - SDL:[MD5.1BFE4C4CCF8CD2D7DEAFFB424E691196] - 31/05/2010 - 19:32:58 ---A- . (.McAfee, Inc. - Anti-Virus Mini-Firewall Driver.) -- D:\WINDOWS\system32\drivers\mfetdi2k.sys O58 - SDL:[MD5.9FA7207D1B1ADEAD88AE8EED9CDBBAA5] - 14/02/2008 - 07:12:00 R--A- . (.Creative Technology Ltd. - Creative WDM Audio Driver (32-bit).) -- D:\WINDOWS\system32\drivers\monfilt.sys O58 - SDL:[MD5.BE984D604D91C217355CDD3737AAD25D] - 14/04/2008 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - NikeDrv Usb Driver.) -- D:\WINDOWS\system32\drivers\nikedrv.sys O58 - SDL:[MD5.F8E396F5E703D7A8F37D90F59C776268] - 23/11/2008 - 10:23:04 ---A- . (.T0r0 2008 - DongleEmulator for HASP, Sentinel, etc.) -- D:\WINDOWS\system32\drivers\NSHE.SYS O58 - SDL:[MD5.F8BE83F0C686533170F7537E94BF411A] - 28/06/2007 - 17:43:00 ---A- . (.NVIDIA Corporation - NVIDIA Compatible Windows 2000 Miniport Driver, Version 162.18.) -- D:\WINDOWS\system32\drivers\nv4_mini.sys O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 14/04/2008 - 13:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- D:\WINDOWS\system32\drivers\ptilink.sys O58 - SDL:[MD5.A56FE08EC7473E8580A390BB1081CDD7] - 14/04/2008 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - Rio8Drv.sys Usb Driver.) -- D:\WINDOWS\system32\drivers\rio8drv.sys O58 - SDL:[MD5.0A854DF84C77A0BE205BFEAB2AE4F0EC] - 14/04/2008 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - RioDrv Usb Driver.) -- D:\WINDOWS\system32\drivers\riodrv.sys O58 - SDL:[MD5.F0A21C62B9B835E1C96268EAAE31D239] - 07/08/2008 - 12:14:00 R--A- . (.Realtek Semiconductor Corporation - Realtek 10/100/1000 NDIS 5.1 Driver.) -- D:\WINDOWS\system32\drivers\Rtenicxp.sys O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 14/04/2008 - 13:00:00 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- D:\WINDOWS\system32\drivers\secdrv.sys O58 - SDL:[MD5.A2CC81C30BEF6AC9F27055490EEF6DE3] - 11/07/2008 - 06:05:00 ---A- . (.SafeNet, Inc. - Sentinel System Driver (NT Parallel driver).) -- D:\WINDOWS\system32\drivers\sentinel.sys O58 - SDL:[MD5.9DE6E60CE7FD82B4985DE5D9C22265AD] - 11/07/2008 - 06:05:00 ---A- . (.SafeNet, Inc. - Sentinel System USB Driver.) -- D:\WINDOWS\system32\drivers\SNTNLUSB.SYS O58 - SDL:[MD5.D74A8EC75305F1D3CFDE7C7FC1BD62A9] - 14/04/2008 - 13:00:00 ---A- . (.Toshiba Corporation - WDM Toshiba Tecra Video Capture Driver.) -- D:\WINDOWS\system32\drivers\tsbvcap.sys O58 - SDL:[MD5.4B8A9C16B6D9258ED99C512AECB8C555] - 19/04/2010 - 19:47:42 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- D:\WINDOWS\system32\drivers\usbaapl.sys O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 14/04/2008 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- D:\WINDOWS\system32\drivers\vdmindvd.sys O58 - SDL:[MD5.51B24990850076F659D1D1DAEFBED6F1] - 25/07/2008 - 13:09:24 R--A- . (.VIA Technologies, Inc. - VIA High Definition Audio Function Driver.) -- D:\WINDOWS\system32\drivers\viahduaa.sys O58 - SDL:[MD5.8643DA4A6C83DA6C10FCAB1E5AB6632D] - 12/07/2007 - 09:03:40 ---A- . (.ASUSTeK COMPUTER INC. - ASUS Video3D driver.) -- D:\WINDOWS\system32\drivers\Video3D32.sys O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 14/04/2008 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\system32\ansi.sys O58 - SDL:[MD5.D320732BCF5FF856120BD06855C66867] - 12/07/2007 - 09:03:42 ---A- . (.ASUSTeK Computer Inc. - ASUS Virtual Video Capture Device Driver.) -- D:\WINDOWS\system32\asusgsb.sys O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 14/04/2008 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\system32\country.sys O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 14/04/2008 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\system32\himem.sys O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 14/04/2008 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\system32\key01.sys O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 14/04/2008 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\system32\keyboard.sys O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 14/04/2008 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\system32\ntdos.sys O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 14/04/2008 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\system32\ntdos404.sys O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 14/04/2008 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\system32\ntdos411.sys O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 14/04/2008 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\system32\ntdos412.sys O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 14/04/2008 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\system32\ntdos804.sys O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 14/04/2008 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\system32\ntio.sys O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 14/04/2008 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\system32\ntio404.sys O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 14/04/2008 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\system32\ntio411.sys O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 14/04/2008 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\system32\ntio412.sys O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 14/04/2008 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- D:\WINDOWS\system32\ntio804.sys 　 ---\\ Liste des outils de nettoyage (LATC) (O63) O63 - Logiciel: ZHPDiag 1.26 - (.Nicolas Coolman.) 　 ---\\ Liste des services Legacy (LALS) (O64) O64 - Services: CurCS - D:\WINDOWS\system32\drivers\afd.sys - AFD (AFD) .(.Microsoft Corporation - Ancillary Function Driver for WinSock.) - LEGACY_AFD O64 - Services: CurCS - D:\WINDOWS\System32\alg.exe - Service de la passerelle de la couche Application (ALG) .(.Microsoft Corporation - Application Layer Gateway Service.) - LEGACY_ALG O64 - Services: CurCS - D:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe - Apple Mobile Device (Apple Mobile Device) .(.Apple Inc. - Apple Mobile Device Service.) - LEGACY_APPLE_MOBILE_DEVICE O64 - Services: CurCS - D:\WINDOWS\system32\svchost.exe - Gestion d'applications (AppMgmt) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_APPMGMT O64 - Services: CurCS - D:\WINDOWS\ATKKBService.exe - ATK Keyboard Service (ATKKeyboardService) .(.ASUSTeK COMPUTER INC. - ASUS Keyboard Service.) - LEGACY_ATKKEYBOARDSERVICE O64 - Services: CurCS - D:\WINDOWS\System32\svchost.exe - Audio Windows (AudioSrv) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_AUDIOSRV O64 - Services: CurCS - D:\WINDOWS\system32\Drivers\BEEP.sys - Beep (Beep) .(.Pas de propriétaire - Pas de description.) - LEGACY_BEEP O64 - Services: CurCS - D:\WINDOWS\system32\svchost.exe - Service de transfert intelligent en arrière-plan (BITS) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_BITS O64 - Services: CurCS - D:\Program Files\Bonjour\mDNSResponder.exe - Service Bonjour (Bonjour Service) .(.Apple Inc. - Bonjour Service.) - LEGACY_BONJOUR_SERVICE O64 - Services: CurCS - D:\WINDOWS\system32\svchost.exe - Explorateur d'ordinateur (Browser) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_BROWSER O64 - Services: CurCS - D:\WINDOWS\system32\Drivers\CDFS.sys - cdfs (cdfs) .(.Pas de propriétaire - Pas de description.) - LEGACY_CDFS O64 - Services: CurCS - D:\Windows\system32\drivers\cfwids.sys - McAfee Inc. cfwids (cfwids) .(.McAfee, Inc. - McAfee Personal Firewall IDS Plugin.) - LEGACY_CFWIDS O64 - Services: CurCS - D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe - .NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) .(.Microsoft Corporation - .NET Runtime Optimization Service.) - LEGACY_CLR_OPTIMIZATION_V2.0.50727_32 O64 - Services: CurCS - D:\WINDOWS\system32\dllhost.exe - Application système COM+ (COMSysApp) .(.Microsoft Corporation - COM Surrogate.) - LEGACY_COMSYSAPP O64 - Services: CurCS - D:\WINDOWS\system32\svchost.exe - Services de cryptographie (CryptSvc) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_CRYPTSVC O64 - Services: CurCS - D:\WINDOWS\system32\svchost -k DcomLaunch (.not file.) - Lanceur de processus serveur DCOM (DcomLaunch) .(.Pas de propriétaire - Pas de description.) - LEGACY_DCOMLAUNCH O64 - Services: CurCS - D:\WINDOWS\system32\svchost.exe - Client DHCP (Dhcp) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_DHCP O64 - Services: CurCS - D:\WINDOWS\System32\dmadmin.exe - Service d'administration du Gestionnaire de disque logique (dmadmin) .(.Microsoft Corp., Veritas Software - Processus du service Gestionnaire de disque.) - LEGACY_DMADMIN O64 - Services: CurCS - D:\Windows\system32\drivers\dmboot.sys - dmboot (dmboot) .(.Microsoft Corp., Veritas Software - Pilote de démarrage du gestionnaire de disq.) - LEGACY_DMBOOT O64 - Services: CurCS - D:\Windows\system32\drivers\dmload.sys - dmload (dmload) .(.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) - LEGACY_DMLOAD O64 - Services: CurCS - D:\WINDOWS\System32\svchost.exe - Gestionnaire de disque logique (dmserver) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_DMSERVER O64 - Services: CurCS - D:\WINDOWS\system32\svchost.exe - Client DNS (Dnscache) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_DNSCACHE O64 - Services: CurCS - (.not file.) - EAMON (eamon) .(.Pas de propriétaire - Pas de description.) - LEGACY_EAMON O64 - Services: CurCS - (.not file.) - easdrv (easdrv) .(.Pas de propriétaire - Pas de description.) - LEGACY_EASDRV O64 - Services: CurCS - D:\WINDOWS\system32\drivers\EIO.sys - EIO (EIO) .(.ASUSTeK Computer Inc. - ASUS Kernel Mode Driver for NT.) - LEGACY_EIO O64 - Services: CurCS - (.not file.) - epfwtdir (epfwtdir) .(.Pas de propriétaire - Pas de description.) - LEGACY_EPFWTDIR O64 - Services: CurCS - D:\WINDOWS\System32\svchost.exe - Service de rapport d'erreurs (ERSvc) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_ERSVC O64 - Services: CurCS - D:\WINDOWS\system32\svchost.exe - Système d'événements de COM+ (EventSystem) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_EVENTSYSTEM O64 - Services: CurCS - D:\WINDOWS\system32\Drivers\FASTFAT.sys - fastfat (fastfat) .(.Pas de propriétaire - Pas de description.) - LEGACY_FASTFAT O64 - Services: CurCS - D:\WINDOWS\System32\svchost.exe - Compatibilité avec le Changement rapide d'utilisateur (FastUserSwitchingCompatibility) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_FASTUSERSWITCHINGCOMPATIBILITY O64 - Services: CurCS - D:\WINDOWS\system32\Drivers\FIPS.sys - Fips (Fips) .(.Pas de propriétaire - Pas de description.) - LEGACY_FIPS O64 - Services: CurCS - D:\Windows\system32\DRIVERS\fltMgr.sys - FltMgr (FltMgr) .(.Microsoft Corporation - Microsoft Filesystem Filter Manager.) - LEGACY_FLTMGR O64 - Services: CurCS - D:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe - Windows Presentation Foundation Font Cache 3.0.0.0 (FontCache3.0.0.0) .(.Microsoft Corporation - PresentationFontCache.exe.) - LEGACY_FONTCACHE3.0.0.0 O64 - Services: CurCS - D:\WINDOWS\system32\Drivers\FS_REC.sys - Fs_Rec (Fs_Rec) .(.Pas de propriétaire - Pas de description.) - LEGACY_FS_REC O64 - Services: CurCS - D:\Windows\system32\DRIVERS\msgpc.sys - Classificateur de paquets générique (Gpc) .(.Microsoft Corporation - MS General Packet Classifier.) - LEGACY_GPC O64 - Services: CurCS - D:\WINDOWS\system32\drivers\hardlock.sys - Hardlock (Hardlock) .(.Pas de propriétaire - Pas de description.) - LEGACY_HARDLOCK O64 - Services: CurCS - D:\WINDOWS\System32\svchost.exe - Aide et support (helpsvc) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_HELPSVC O64 - Services: CurCS - D:\WINDOWS\System32\svchost.exe - HID Input Service (HidServ) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_HIDSERV O64 - Services: CurCS - D:\Windows\system32\Drivers\HTTP.sys - HTTP (HTTP) .(.Microsoft Corporation - HTTP Protocol Stack.) - LEGACY_HTTP O64 - Services: CurCS - D:\WINDOWS\System32\svchost.exe - HTTP SSL (HTTPFilter) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_HTTPFILTER O64 - Services: CurCS - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe - InstallDriver Table Manager (IDriverT) .(.Macrovision Corporation - IDriverT Module.) - LEGACY_IDRIVERT O64 - Services: CurCS - D:\WINDOWS\system32\imapi.exe - Service COM de gravage de CD IMAPI (ImapiService) .(.Microsoft Corporation - API Image Mastering.) - LEGACY_IMAPISERVICE O64 - Services: CurCS - D:\Windows\system32\DRIVERS\ipfltdrv.sys - Pilote de filtre de trafic IP (IpFilterDriver) .(.Microsoft Corporation - IP FILTER DRIVER.) - LEGACY_IPFILTERDRIVER O64 - Services: CurCS - D:\Windows\system32\DRIVERS\ipnat.sys - Traducteur d'adresses réseau IP (IpNat) .(.Microsoft Corporation - IP Network Address Translator.) - LEGACY_IPNAT O64 - Services: CurCS - D:\Program Files\iPod\bin\iPodService.exe - Service de l’iPod (iPod Service) .(.Apple Inc. - iPodService Module (32-bit).) - LEGACY_IPOD_SERVICE O64 - Services: CurCS - D:\Windows\system32\DRIVERS\ipsec.sys - Pilote IPSEC (IPSec) .(.Microsoft Corporation - IPSec Driver.) - LEGACY_IPSEC O64 - Services: CurCS - D:\Program Files\Java\jre6\bin\jqs.exe - Java Quick Starter (JavaQuickStarterService) .(.Sun Microsystems, Inc. - Java Quick Starter Service.) - LEGACY_JAVAQUICKSTARTERSERVICE O64 - Services: CurCS - D:\WINDOWS\system32\Drivers\KSECDD.sys - ksecdd (ksecdd) .(.Pas de propriétaire - Pas de description.) - LEGACY_KSECDD O64 - Services: CurCS - D:\WINDOWS\system32\svchost.exe - Serveur (LanmanServer) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_LANMANSERVER O64 - Services: CurCS - D:\WINDOWS\system32\svchost.exe - Station de travail (LanmanWorkstation) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_LANMANWORKSTATION O64 - Services: CurCS - D:\WINDOWS\system32\svchost.exe - Assistance TCP/IP NetBIOS (LmHosts) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_LMHOSTS O64 - Services: CurCS - D:\Program Files\McAfee\SiteAdvisor\McSACore.exe - McAfee SiteAdvisor Service (McAfee SiteAdvisor Service) .(.Pas de propriétaire - Pas de description.) - LEGACY_MCAFEE_SITEADVISOR_SERVICE O64 - Services: CurCS - D:\Program Files\Fichiers communs\Mcafee\McSvcHost\McSvHost.exe - Service McAfee Personal Firewall (McMPFSvc) .(.McAfee, Inc. - McAfee Service Host.) - LEGACY_MCMPFSVC O64 - Services: CurCS - D:\Program Files\Fichiers communs\McAfee\McSvcHost\McSvHost.exe - McAfee Services (mcmscsvc) .(.McAfee, Inc. - McAfee Service Host.) - LEGACY_MCMSCSVC O64 - Services: CurCS - D:\Program Files\Fichiers communs\McAfee\McSvcHost\McSvHost.exe - McAfee VirusScan Announcer (McNaiAnn) .(.McAfee, Inc. - McAfee Service Host.) - LEGACY_MCNAIANN O64 - Services: CurCS - D:\Program Files\Fichiers communs\McAfee\McSvcHost\McSvHost.exe - McAfee Network Agent (McNASvc) .(.McAfee, Inc. - McAfee Service Host.) - LEGACY_MCNASVC O64 - Services: CurCS - D:\Program Files\McAfee\VirusScan\mcods.exe - McAfee Scanner (McODS) .(.McAfee, Inc. - McAfee VirusScan On-Demand Scan.) - LEGACY_MCODS O64 - Services: CurCS - D:\Program Files\Fichiers communs\McAfee\McSvcHost\McSvHost.exe - McAfee Proxy Service (McProxy) .(.McAfee, Inc. - McAfee Service Host.) - LEGACY_MCPROXY O64 - Services: CurCS - D:\Program Files\Fichiers communs\McAfee\SystemCore\mcshield.exe - McAfee Real-time Scanner (McShield) .(.McAfee, Inc. - McAfee On-Access Scanner service.) - LEGACY_MCSHIELD O64 - Services: CurCS - D:\Windows\system32\drivers\mfeapfk.sys - McAfee Inc. mfeapfk (mfeapfk) .(.McAfee, Inc. - Access Protection Filter Driver.) - LEGACY_MFEAPFK O64 - Services: CurCS - D:\Windows\system32\drivers\mfeavfk.sys - McAfee Inc. mfeavfk (mfeavfk) .(.McAfee, Inc. - Anti-Virus File System Filter Driver.) - LEGACY_MFEAVFK O64 - Services: CurCS - (.not file.) - McAfee Inc. (mfeavfk01) .(.Pas de propriétaire - Pas de description.) - LEGACY_MFEAVFK01 O64 - Services: CurCS - D:\Windows\system32\drivers\mfebopk.sys - McAfee Inc. mfebopk (mfebopk) .(.McAfee, Inc. - Buffer Overflow Protection Driver.) - LEGACY_MFEBOPK O64 - Services: CurCS - D:\Program Files\Fichiers communs\McAfee\SystemCore\mfefire.exe - McAfee Firewall Core Service (mfefire) .(.McAfee, Inc. - McAfee Core Firewall Service.) - LEGACY_MFEFIRE O64 - Services: CurCS - D:\Windows\system32\drivers\mfefirek.sys - McAfee Inc. mfefirek (mfefirek) .(.McAfee, Inc. - McAfee Core Firewall Engine Driver.) - LEGACY_MFEFIREK O64 - Services: CurCS - D:\Windows\system32\drivers\mfehidk.sys - McAfee Inc. mfehidk (mfehidk) .(.McAfee, Inc. - McAfee Link Driver.) - LEGACY_MFEHIDK O64 - Services: CurCS - (.not file.) - McAfee Inc. (mfehidk01) .(.Pas de propriétaire - Pas de description.) - LEGACY_MFEHIDK01 O64 - Services: CurCS - D:\Windows\system32\drivers\mferkdet.sys - McAfee Inc. mferkdet (mferkdet) .(.McAfee, Inc. - McAfee Code Analysis Driver.) - LEGACY_MFERKDET O64 - Services: CurCS - (.not file.) - McAfee Inc. mferkdk (mferkdk) .(.Pas de propriétaire - Pas de description.) - LEGACY_MFERKDK O64 - Services: CurCS - (.not file.) - McAfee Inc. mfesmfk (mfesmfk) .(.Pas de propriétaire - Pas de description.) - LEGACY_MFESMFK O64 - Services: CurCS - D:\Windows\system32\drivers\mfetdi2k.sys - McAfee Inc. mfetdi2k (mfetdi2k) .(.McAfee, Inc. - Anti-Virus Mini-Firewall Driver.) - LEGACY_MFETDI2K O64 - Services: CurCS - D:\Program Files\Fichiers communs\McAfee\SystemCore\mfevtps.exe - McAfee Validation Trust Protection Service (mfevtp) .(.McAfee, Inc. - McAfee Process Validation Service.) - LEGACY_MFEVTP O64 - Services: CurCS - D:\WINDOWS\system32\Drivers\MNMDD.sys - mnmdd (mnmdd) .(.Pas de propriétaire - Pas de description.) - LEGACY_MNMDD O64 - Services: CurCS - D:\WINDOWS\system32\Drivers\MOUNTMGR.sys - mountmgr (mountmgr) .(.Pas de propriétaire - Pas de description.) - LEGACY_MOUNTMGR O64 - Services: CurCS - (.not file.) - MPFP (MPFP) .(.Pas de propriétaire - Pas de description.) - LEGACY_MPFP O64 - Services: CurCS - D:\Windows\system32\DRIVERS\mrxdav.sys - Redirecteur client WebDav (MRxDAV) .(.Microsoft Corporation - Windows NT WebDav Minirdr.) - LEGACY_MRXDAV O64 - Services: CurCS - D:\Windows\system32\DRIVERS\mrxsmb.sys - MRXSMB (MRxSmb) .(.Microsoft Corporation - Windows NT SMB Minirdr.) - LEGACY_MRXSMB O64 - Services: CurCS - D:\WINDOWS\system32\msdtc.exe - Distributed Transaction Coordinator (MSDTC) .(.Microsoft Corporation - MS DTC console program.) - LEGACY_MSDTC O64 - Services: CurCS - D:\WINDOWS\system32\Drivers\MSFS.sys - Msfs (Msfs) .(.Pas de propriétaire - Pas de description.) - LEGACY_MSFS O64 - Services: CurCS - D:\WINDOWS\system32\msiexec.exe - Windows Installer (MSIServer) .(.Microsoft Corporation - Windows® installer.) - LEGACY_MSISERVER O64 - Services: CurCS - D:\Program Files\Fichiers communs\Mcafee\McSvcHost\McSvHost.exe - McAfee Anti-Spam Service (MSK80Service) .(.McAfee, Inc. - McAfee Service Host.) - LEGACY_MSK80SERVICE O64 - Services: CurCS - (.not file.) - Mup (Mup) .(.Pas de propriétaire - Pas de description.) - LEGACY_MUP O64 - Services: CurCS - (.not file.) - Pilote système NDIS (NDIS) .(.Pas de propriétaire - Pas de description.) - LEGACY_NDIS O64 - Services: CurCS - D:\Windows\system32\DRIVERS\ndistapi.sys - Pilote TAPI NDIS d'accès distant (NdisTapi) .(.Microsoft Corporation - NDIS 3.0 connection wrapper driver.) - LEGACY_NDISTAPI O64 - Services: CurCS - D:\Windows\system32\DRIVERS\ndisuio.sys - NDIS mode utilisateur E/S Protocole (Ndisuio) .(.Microsoft Corporation - NDIS User mode I/O Driver.) - LEGACY_NDISUIO O64 - Services: CurCS - D:\WINDOWS\system32\Drivers\NDPROXY.sys - NDProxy (NDProxy) .(.Pas de propriétaire - Pas de description.) - LEGACY_NDPROXY O64 - Services: CurCS - D:\Windows\system32\DRIVERS\netbios.sys - Interface NetBIOS (NetBIOS) .(.Microsoft Corporation - NetBIOS interface driver.) - LEGACY_NETBIOS O64 - Services: CurCS - D:\Windows\system32\DRIVERS\netbt.sys - NetBIOS sur TCP/IP (NetBT) .(.Microsoft Corporation - MBT Transport driver.) - LEGACY_NETBT O64 - Services: CurCS - D:\WINDOWS\System32\svchost.exe - Connexions réseau (Netman) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_NETMAN O64 - Services: CurCS - D:\WINDOWS\system32\svchost.exe - NLA (Network Location Awareness) (Nla) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_NLA O64 - Services: CurCS - D:\WINDOWS\system32\Drivers\NPFS.sys - Npfs (Npfs) .(.Pas de propriétaire - Pas de description.) - LEGACY_NPFS O64 - Services: CurCS - D:\WINDOWS\system32\Drivers\NTFS.sys - ntfs (ntfs) .(.Pas de propriétaire - Pas de description.) - LEGACY_NTFS O64 - Services: CurCS - D:\WINDOWS\system32\Drivers\NULL.sys - Null (Null) .(.Pas de propriétaire - Pas de description.) - LEGACY_NULL O64 - Services: CurCS - D:\WINDOWS\system32\nvsvc32.exe - NVIDIA Display Driver Service (NVSvc) .(.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 162.1.) - LEGACY_NVSVC O64 - Services: CurCS - D:\WINDOWS\system32\Drivers\PARTMGR.sys - PartMgr (PartMgr) .(.Pas de propriétaire - Pas de description.) - LEGACY_PARTMGR O64 - Services: CurCS - D:\WINDOWS\system32\Drivers\PARVDM.sys - ParVdm (ParVdm) .(.Pas de propriétaire - Pas de description.) - LEGACY_PARVDM O64 - Services: CurCS - D:\WINDOWS\system32\lsass.exe - Services IPSEC (PolicyAgent) .(.Microsoft Corporation - LSA Shell (Export Version).) - LEGACY_POLICYAGENT O64 - Services: CurCS - D:\WINDOWS\system32\lsass.exe - Emplacement protégé (ProtectedStorage) .(.Microsoft Corporation - LSA Shell (Export Version).) - LEGACY_PROTECTEDSTORAGE O64 - Services: CurCS - D:\Windows\system32\DRIVERS\rasacd.sys - Pilote de connexion automatique d'accès distant (RasAcd) .(.Microsoft Corporation - RAS Automatic Connection Driver.) - LEGACY_RASACD O64 - Services: CurCS - D:\WINDOWS\system32\svchost.exe - Gestionnaire de connexions d'accès distant (RasMan) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_RASMAN O64 - Services: CurCS - D:\Windows\system32\DRIVERS\rdbss.sys - Rdbss (Rdbss) .(.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - LEGACY_RDBSS O64 - Services: CurCS - D:\Windows\system32\DRIVERS\RDPCDD.sys - RDPCDD (RDPCDD) .(.Microsoft Corporation - RDP Miniport.) - LEGACY_RDPCDD O64 - Services: CurCS - (.not file.) - RDPNP (RDPNP) .(.Pas de propriétaire - Pas de description.) - LEGACY_RDPNP O64 - Services: CurCS - D:\WINDOWS\system32\svchost.exe - Accès à distance au Registre (RemoteRegistry) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_REMOTEREGISTRY O64 - Services: CurCS - D:\WINDOWS\system32\svchost -k rpcss (.not file.) - Appel de procédure distante (RPC) (RpcSs) .(.Pas de propriétaire - Pas de description.) - LEGACY_RPCSS O64 - Services: CurCS - D:\WINDOWS\system32\rsvp.exe - QoS RSVP (RSVP) .(.Microsoft Corporation - Microsoft RSVP.) - LEGACY_RSVP O64 - Services: CurCS - D:\WINDOWS\system32\lsass.exe - Gestionnaire de comptes de sécurité (SamSs) .(.Microsoft Corporation - LSA Shell (Export Version).) - LEGACY_SAMSS O64 - Services: CurCS - D:\WINDOWS\System32\svchost.exe - Planificateur de tâches (Schedule) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SCHEDULE O64 - Services: CurCS - D:\WINDOWS\System32\svchost.exe - Connexion secondaire (seclogon) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SECLOGON O64 - Services: CurCS - D:\WINDOWS\system32\svchost.exe - Notification d'événement système (SENS) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SENS O64 - Services: CurCS - D:\WINDOWS\system32\Drivers\SENTINEL.sys - Sentinel (Sentinel) .(.SafeNet, Inc. - Sentinel System Driver (NT Parallel driver).) - LEGACY_SENTINEL O64 - Services: CurCS - D:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe - Sentinel Keys Server (SentinelKeysServer) .(.SafeNet, Inc. - Pas de description.) - LEGACY_SENTINELKEYSSERVER O64 - Services: CurCS - D:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe - Sentinel Protection Server (SentinelProtectionServer) .(.SafeNet, Inc - Sentinel Protection Server for SuperPro and.) - LEGACY_SENTINELPROTECTIONSERVER O64 - Services: CurCS - D:\WINDOWS\system32\svchost.exe - Pare-feu Windows / Partage de connexion Internet (SharedAccess) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SHAREDACCESS O64 - Services: CurCS - D:\WINDOWS\System32\svchost.exe - Détection matériel noyau (ShellHWDetection) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SHELLHWDETECTION O64 - Services: CurCS - D:\WINDOWS\system32\spoolsv.exe - Spouleur d'impression (Spooler) .(.Microsoft Corporation - Spooler SubSystem App.) - LEGACY_SPOOLER O64 - Services: CurCS - D:\Windows\system32\DRIVERS\sr.sys - Pilote de filtre de restauration système (sr) .(.Microsoft Corporation - Pilote de filtre de système de fichiers pou.) - LEGACY_SR O64 - Services: CurCS - D:\WINDOWS\system32\svchost.exe - Service de restauration système (srservice) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SRSERVICE O64 - Services: CurCS - D:\Windows\system32\DRIVERS\srv.sys - Srv (Srv) .(.Microsoft Corporation - Server driver.) - LEGACY_SRV O64 - Services: CurCS - D:\WINDOWS\system32\svchost.exe - Service de découvertes SSDP (SSDPSRV) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SSDPSRV O64 - Services: CurCS - D:\WINDOWS\system32\svchost.exe - Acquisition d'image Windows (WIA) (stisvc) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_STISVC O64 - Services: CurCS - D:\WINDOWS\System32\svchost.exe - Téléphonie (TapiSrv) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_TAPISRV O64 - Services: CurCS - D:\Windows\system32\DRIVERS\tcpip.sys - Pilote du protocole TCP/IP (Tcpip) .(.Microsoft Corporation - TCP/IP Protocol Driver.) - LEGACY_TCPIP O64 - Services: CurCS - D:\WINDOWS\System32\svchost -k DComLaunch (.not file.) - Services Terminal Server (TermService) .(.Pas de propriétaire - Pas de description.) - LEGACY_TERMSERVICE O64 - Services: CurCS - D:\WINDOWS\System32\svchost.exe - Thèmes (Themes) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_THEMES O64 - Services: CurCS - D:\WINDOWS\system32\svchost.exe - Client de suivi de lien distribué (TrkWks) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_TRKWKS O64 - Services: CurCS - D:\WINDOWS\system32\Drivers\UDFS.sys - Udfs (Udfs) .(.Pas de propriétaire - Pas de description.) - LEGACY_UDFS O64 - Services: CurCS - D:\WINDOWS\system32\svchost.exe - Hôte de périphérique universel Plug-and-Play (upnphost) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_UPNPHOST O64 - Services: CurCS - D:\WINDOWS\system32\Drivers\VGA.sys - vga (vga) .(.Pas de propriétaire - Pas de description.) - LEGACY_VGA O64 - Services: CurCS - D:\WINDOWS\system32\drivers\vga.sys - VgaSave (VgaSave) .(.Microsoft Corporation - VGA/Super VGA Video Driver.) - LEGACY_VGASAVE O64 - Services: CurCS - D:\WINDOWS\system32\Drivers\VOLSNAP.sys - VolSnap (VolSnap) .(.Pas de propriétaire - Pas de description.) - LEGACY_VOLSNAP O64 - Services: CurCS - D:\WINDOWS\System32\svchost.exe - Horloge Windows (W32Time) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_W32TIME O64 - Services: CurCS - D:\Windows\system32\DRIVERS\wanarp.sys - Pilote ARP IP d'accès distant (Wanarp) .(.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - LEGACY_WANARP O64 - Services: CurCS - D:\WINDOWS\system32\svchost.exe - WebClient (WebClient) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WEBCLIENT O64 - Services: CurCS - D:\WINDOWS\system32\svchost.exe - Infrastructure de gestion Windows (winmgmt) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WINMGMT O64 - Services: CurCS - D:\WINDOWS\system32\wbem\wmiapsrv.exe - Carte de performance WMI (WmiApSrv) .(.Microsoft Corporation - Service de la carte de performance WMI.) - LEGACY_WMIAPSRV O64 - Services: CurCS - D:\WINDOWS\System32\svchost.exe - Centre de sécurité (wscsvc) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WSCSVC O64 - Services: CurCS - D:\WINDOWS\system32\svchost.exe - Mises à jour automatiques (wuauserv) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WUAUSERV O64 - Services: CurCS - D:\WINDOWS\System32\svchost.exe - Configuration automatique sans fil (WZCSVC) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WZCSVC 　 ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- D:\Windows\System32\shell32.dll O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- D:\Program Files\Internet Explorer\IEXPLORE.exe O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- D:\WINDOWS\System32\WScript.exe O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- D:\WINDOWS\regedit.exe O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- D:\Windows\System32\shell32.dll O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.html> <htmlfile>[HKCR\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- D:\Program Files\Internet Explorer\IEXPLORE.exe O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- D:\WINDOWS\System32\WScript.exe O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- D:\WINDOWS\regedit.exe 　 ---\\ Start Menu Internet (SMI) (O68) O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- D:\Program Files\Internet Explorer\iexplore.exe 　 ---\\ Search Browser Infection (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - Bing O69 - SBI: SearchScopes [HKCU] {DE7A612F-A15E-455A-8D05-4A1D7CC7F9FE} - (Yahoo! Search) - Yahoo! Search - Recherche Web 　 ---\\ Search Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover Run by intel i7 at 05/09/2010 22:19:20 device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS kernel: MBR read successfully user & kernel MBR OK 　 ---\\ Recherche des services démarrés par Svchost (SSS) (O83) O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Service Installation de logiciels.) -- D:\WINDOWS\System32\appmgmts.dll [176640] O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Windows Audio Service.) -- D:\WINDOWS\System32\audiosrv.dll [42496] O83 - Search Svchost Services: Browser (Browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- D:\WINDOWS\System32\browser.dll [77824] O83 - Search Svchost Services: CryptSvc (CryptSvc) . (.Microsoft Corporation - Cryptographic Services.) -- D:\WINDOWS\System32\cryptsvc.dll [62464] O83 - Search Svchost Services: DMServer (DMServer) . (.Microsoft Corp. - DLL Service gestionnaire de disque logique.) -- D:\WINDOWS\System32\dmserver.dll [24576] O83 - Search Svchost Services: DHCP (DHCP) . (.Microsoft Corporation - Service client DHCP.) -- D:\WINDOWS\System32\dhcpcsvc.dll [127488] O83 - Search Svchost Services: ERSvc (ERSvc) . (.Microsoft Corporation - Windows Error Reporting Service.) -- D:\WINDOWS\System32\ersvc.dll [23040] O83 - Search Svchost Services: EventSystem (EventSystem) . (.Microsoft Corporation - Pas de description.) -- D:\WINDOWS\system32\es.dll [253952] O83 - Search Svchost Services: FastUserSwitchingCompatibility (FastUserSwitchingCompatibility) . (.Microsoft Corporation - Dll des services Windows Shell.) -- D:\WINDOWS\System32\shsvcs.dll [135680] O83 - Search Svchost Services: HidServ (HidServ) . (.Microsoft Corporation - HID Audio Service.) -- D:\WINDOWS\System32\hidserv.dll [21504] O83 - Search Svchost Services: LanmanServer (LanmanServer) . (.Microsoft Corporation - Server Service DLL.) -- D:\WINDOWS\System32\srvsvc.dll [96768] O83 - Search Svchost Services: LanmanWorkstation (LanmanWorkstation) . (.Microsoft Corporation - Workstation Service DLL.) -- D:\WINDOWS\System32\wkssvc.dll [132096] O83 - Search Svchost Services: Messenger (Messenger) . (.Microsoft Corporation - NT Messenger Service.) -- D:\WINDOWS\System32\msgsvc.dll [33792] O83 - Search Svchost Services: Netman (Netman) . (.Microsoft Corporation - Gestionnaire de connexions réseau.) -- D:\WINDOWS\System32\netman.dll [198144] O83 - Search Svchost Services: Nla (Nla) . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- D:\WINDOWS\System32\mswsock.dll [247808] O83 - Search Svchost Services: Ntmssvc (Ntmssvc) . (.Microsoft Corporation - Gestionnaire de stockage amovible.) -- D:\WINDOWS\system32\ntmssvc.dll [438272] O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- D:\WINDOWS\System32\rasauto.dll [88576] O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- D:\WINDOWS\System32\rasmans.dll [186368] O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- D:\WINDOWS\System32\mprdim.dll [53248] O83 - Search Svchost Services: Schedule (Schedule) . (.Microsoft Corporation - Moteur du Planificateur de tâches.) -- D:\WINDOWS\system32\schedsvc.dll [194560] O83 - Search Svchost Services: Seclogon (Seclogon) . (.Microsoft Corporation - DLL de service d'ouverture de session secondaire.) -- D:\WINDOWS\System32\seclogon.dll [18944] O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- D:\WINDOWS\system32\sens.dll [39424] O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Composants de l'application d'assistance à Microsoft NAT.) -- D:\WINDOWS\System32\ipnathlp.dll [332800] O83 - Search Svchost Services: SRService (SRService) . (.Microsoft Corporation - Service de restauration du système.) -- D:\WINDOWS\system32\srsvc.dll [171520] O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Serveur de téléphonie Microsoft® Windows.) -- D:\WINDOWS\System32\tapisrv.dll [249856] O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Dll des services Windows Shell.) -- D:\WINDOWS\System32\shsvcs.dll [135680] O83 - Search Svchost Services: TrkWks (TrkWks) . (.Microsoft Corporation - Distributed Link Tracking Client.) -- D:\WINDOWS\system32\trkwks.dll [90112] O83 - Search Svchost Services: W32Time (W32Time) . (.Microsoft Corporation - Service de temps Windows.) -- D:\WINDOWS\system32\w32time.dll [178176] O83 - Search Svchost Services: WZCSVC (WZCSVC) . (.Microsoft Corporation - Service configuration automatique sans fil.) -- D:\WINDOWS\System32\wzcsvc.dll [483840] O83 - Search Svchost Services: Wmi (Wmi) . (.Microsoft Corporation - API avancées Windows 32.) -- D:\WINDOWS\System32\advapi32.dll [685568] O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- D:\WINDOWS\system32\wbem\WMIsvc.dll [145408] O83 - Search Svchost Services: wscsvc (wscsvc) . (.Microsoft Corporation - Windows Security Center Service.) -- D:\WINDOWS\system32\wscsvc.dll [80896] O83 - Search Svchost Services: xmlprov (xmlprov) . (.Microsoft Corporation - Network Provisioning Service.) -- D:\WINDOWS\System32\xmlprov.dll [129024] O83 - Search Svchost Services: napagent (napagent) . (.Microsoft Corporation - Exécution du service Agent de quarantaine.) -- D:\WINDOWS\System32\qagentrt.dll [293376] O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Service Gestion des clés.) -- D:\WINDOWS\System32\kmsvc.dll [61440] O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Service de transfert intelligent en arrière-plan.) -- D:\WINDOWS\system32\qmgr.dll [409088] O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update AutoUpdate Service.) -- D:\WINDOWS\system32\wuauserv.dll [6656] O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Dll des services Windows Shell.) -- D:\WINDOWS\System32\shsvcs.dll [135680] O83 - Search Svchost Services: helpsvc (helpsvc) . (.Microsoft Corporation - Microsoft PCHealth Service Holder.) -- D:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400] O83 - Search Svchost Services: WmdmPmSN (WmdmPmSN) . (.Microsoft Corporation - Microsoft Media Device Service Provider.) -- D:\WINDOWS\system32\mspmsnsv.dll [27136] 　 ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 10/06/2010 144176 | Apple Mobile Device (Apple Mobile Device) . (.Apple Inc..) - D:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 12/07/2007 257024 | ATK Keyboard Service (ATKKeyboardService) . (.ASUSTeK COMPUTER INC..) - D:\WINDOWS\ATKKBService.exe SR - | Auto 18/05/2010 345376 | Service Bonjour (Bonjour Service) . (.Apple Inc..) - D:\Program Files\Bonjour\mDNSResponder.exe SS - | Demand 04/04/2005 69632 | InstallDriver Table Manager (IDriverT) . (.Macrovision Corporation.) - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe SR - | Demand 15/06/2010 540472 | Service de l’iPod (iPod Service) . (.Apple Inc..) - D:\Program Files\iPod\bin\iPodService.exe SR - | Auto 26/09/2009 153376 | Java Quick Starter (JavaQuickStarterService) . (.Sun Microsystems, Inc..) - D:\Program Files\Java\jre6\bin\jqs.exe SR - | Auto 23/07/2008 206112 | McAfee SiteAdvisor Service (McAfee SiteAdvisor Service) . (.Pas de propriétaire.) - D:\Program Files\McAfee\SiteAdvisor\McSACore.exe SR - | Auto 10/03/2010 271480 | Service McAfee Personal Firewall (McMPFSvc) . (.McAfee, Inc..) - D:\Program Files\Fichiers communs\Mcafee\McSvcHost\McSvHost.exe SR - | Auto 10/03/2010 271480 | McAfee Services (mcmscsvc) . (.McAfee, Inc..) - D:\Program Files\Fichiers communs\McAfee\McSvcHost\McSvHost.exe SR - | Auto 10/03/2010 271480 | McAfee VirusScan Announcer (McNaiAnn) . (.McAfee, Inc..) - D:\Program Files\Fichiers communs\McAfee\McSvcHost\McSvHost.exe SR - | Auto 10/03/2010 271480 | McAfee Network Agent (McNASvc) . (.McAfee, Inc..) - D:\Program Files\Fichiers communs\McAfee\McSvcHost\McSvHost.exe SS - | Demand 15/04/2010 364216 | McAfee Scanner (McODS) . (.McAfee, Inc..) - D:\Program Files\McAfee\VirusScan\mcods.exe SR - | Auto 10/03/2010 271480 | McAfee Proxy Service (McProxy) . (.McAfee, Inc..) - D:\Program Files\Fichiers communs\McAfee\McSvcHost\McSvHost.exe SR - | Auto 31/05/2010 170144 | McShield (McShield) . (.McAfee, Inc..) - D:\Program Files\Fichiers communs\McAfee\SystemCore\mcshield.exe SR - | Auto 31/05/2010 188136 | McAfee Firewall Core Service (mfefire) . (.McAfee, Inc..) - D:\Program Files\Fichiers communs\McAfee\SystemCore\mfefire.exe SR - | Auto 31/05/2010 141792 | McAfee Validation Trust Protection Service (mfevtp) . (.McAfee, Inc..) - D:\Program Files\Fichiers communs\McAfee\SystemCore\mfevtps.exe SR - | Auto 10/03/2010 271480 | McAfee Anti-Spam Service (MSK80Service) . (.McAfee, Inc..) - D:\Program Files\Fichiers communs\Mcafee\McSvcHost\McSvHost.exe SR - | Auto 28/06/2007 155716 | NVIDIA Display Driver Service (NVSvc) . (.NVIDIA Corporation.) - D:\WINDOWS\system32\nvsvc32.exe SR - | Auto 11/07/2008 328992 | Sentinel Keys Server (SentinelKeysServer) . (.SafeNet, Inc..) - D:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe SR - | Auto 11/07/2008 226592 | Sentinel Protection Server (SentinelProtectionServer) . (.SafeNet, Inc.) - D:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe 　 　 End of the scan (997 lines in 00mn 25s)(0)

RKILL This log file is located at D:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Ran as Administrateur on 05/09/2010 at 21:01:27. Services Stopped: Processes terminated by Rkill or while it was running: D:\Documents and Settings\Administrateur\Bureau\rkill.scr Rkill completed on 05/09/2010 at 21:01:34. -------------------------------------------------------------------------------------------------------------------------------------------------- MBAM Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4551 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 05/09/2010 21:54:50 mbam-log-2010-09-05 (21-54-50).txt Type d'examen: Examen complet (A:\|C:\|D:\|E:\|F:\|) Elément(s) analysé(s): 260405 Temps écoulé: 36 minute(s), 26 seconde(s) Processus mémoire infecté(s): 2 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 2 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 8 Processus mémoire infecté(s): D:\Documents and Settings\ROLAND\Application Data\E4D8BF60D9972B047999D933A349BD03\KB5164415.exe (Malware.Packer.Gen) -> Unloaded process successfully. D:\Documents and Settings\intel i7\DrvGuard32.exe (Backdoor.IRCBot) -> Unloaded process successfully. Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\adatadrv (Trojan.Agent) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft drive guard32 (Backdoor.IRCBot) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): D:\Documents and Settings\ROLAND\Application Data\E4D8BF60D9972B047999D933A349BD03\KB5164415.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. D:\WINDOWS\system32\drivers\adatadrv.sys (Trojan.Agent) -> Quarantined and deleted successfully. D:\Documents and Settings\ROLAND\Bureau\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. D:\Documents and Settings\ROLAND\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. D:\Documents and Settings\ROLAND\Menu Démarrer\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. D:\Documents and Settings\ROLAND\Menu Démarrer\Programmes\Démarrage\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully. D:\Documents and Settings\intel i7\DrvGuard32.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully. D:\WINDOWS\explorer.vbk (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Bonjour, Mon pere c'est laissé berné par Antimalware Doctor et donc je suis infecté par ce satané truc.Ce qui ralenti l'ordinateur considerablement.Et il doit y avoir d'autres infections en passant. Pouvez-vous m'indiquez la marche à suivre pour désinfecté mon pc ? Par avance merci

Tout est OK alors.UN grand merci. 13 logiciels utilisés waou ça m'a scié. Encore un grand merci

Tout est ok, par contre ya des trucs à remttre non ? Sur usb-set notament non ?

USB fix ############################## | UsbFix V6.103 | User : Seb (Administrateurs) # SEB Update on 12/04/2010 by El Desaparecido , C_XX & Chimay8 Start at: 18:07:41 | 14/04/2010 Website : http://pagesperso-orange.fr/NosTools/index.html Contact : FindyKill.Contact@gmail.com Processeur Intel Pentium III Xeon Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3 Internet Explorer 8.0.6001.18702 Windows Firewall Status : Disabled AV : McAfee VirusScan [ (!) Disabled | Updated ] FW : McAfee Personal Firewall[ (!) Disabled ] C:\ -> Disque fixe local # 298,08 Go (266,43 Go free) # NTFS D:\ -> Disque CD-ROM E:\ -> Disque fixe local # 149,01 Go (90,09 Go free) [sEB 160] # FAT32 G:\ -> Disque fixe local # 232,88 Go (183 Go free) [sEB 250] # NTFS H:\ -> Disque amovible # 14,9 Go (12,51 Go free) [uDISK 16GB] # FAT32 ################## | Elements infectieux | ################## | Registre | ################## | Mountpoints2 | ################## | Vaccin | # C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido). # E:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido). # G:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido). # H:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido). ################## | ! Fin du rapport # UsbFix V6.103 ! | ############################## | UsbFix V6.103 | User : Seb (Administrateurs) # SEB Update on 12/04/2010 by El Desaparecido , C_XX & Chimay8 Start at: 18:16:55 | 14/04/2010 Website : http://pagesperso-orange.fr/NosTools/index.html Contact : FindyKill.Contact@gmail.com Processeur Intel Pentium III Xeon Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3 Internet Explorer 8.0.6001.18702 Windows Firewall Status : Disabled AV : McAfee VirusScan [ (!) Disabled | Updated ] FW : McAfee Personal Firewall[ (!) Disabled ] C:\ -> Disque fixe local # 298,08 Go (266,43 Go free) # NTFS D:\ -> Disque CD-ROM G:\ -> Disque fixe local # 232,88 Go (183 Go free) [sEB 250] # NTFS H:\ -> Disque amovible # 14,9 Go (12,51 Go free) [uDISK 16GB] # FAT32 ################## | Elements infectieux | Supprimé ! C:\Recycler\S-1-5-21-606747145-362288127-1801674531-1004 Supprimé ! G:\Recycler\S-1-5-21-606747145-362288127-1801674531-1004 ################## | Registre | ################## | Mountpoints2 | ################## | Listing des fichiers présent | [13/04/2010 13:42|--a------|7310] C:\Ad-Report-CLEAN[1].txt [13/04/2010 13:38|--a------|7033] C:\Ad-Report-SCAN[1].txt [30/04/2009 18:53|--a------|0] C:\AUTOEXEC.BAT [30/04/2009 18:48|--a------|216] C:\Boot.bak [13/04/2010 13:58|-rahs----|286] C:\boot.ini [14/04/2008 14:00|-rahs----|4952] C:\Bootfont.bin [03/08/2004 23:00|--a------|263488] C:\cmldr [13/04/2010 18:11|--a------|21801] C:\ComboFix.txt [30/04/2009 18:53|--a------|0] C:\CONFIG.SYS [11/02/2010 20:25|--a------|3789] C:\GERCC.txt [30/04/2009 18:53|-rahs----|0] C:\IO.SYS [30/04/2009 18:53|-rahs----|0] C:\MSDOS.SYS [14/04/2008 14:00|-rahs----|47564] C:\NTDETECT.COM [14/04/2008 14:00|-rahs----|252240] C:\ntldr [?|?|?] C:\pagefile.sys [11/02/2010 20:25|--a------|1058] C:\RCPARAM.txt [12/04/2010 18:57|--a------|530] C:\rkill.log [14/04/2010 11:24|--a------|1728] C:\RootRepeal report 04-14-10 (11-24-22).txt [14/04/2010 18:25|--a------|2014] C:\UsbFix.txt [14/04/2010 17:02|--a------|183459] C:\UsbFix_Upload_Me_SEB.zip [06/01/2010 07:14|--ahs----|5120] G:\Thumbs.db [08/03/2010 10:01|--ah-----|4096] H:\._.Trashes [08/03/2010 10:02|--ah-----|6148] H:\.DS_Store [31/12/2009 16:47|--a------|12850] H:\PROGRAMME SECHE.docx [13/04/2010 20:12|--a------|813633] H:\IMG_0213.jpg [14/04/2010 11:06|--a------|465298] H:\RootRepeal.rar ################## | Vaccination | # C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido). # G:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido). # H:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido). ################## | Upload | Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_SEB.zip : http://chiquitine.changelog.fr/Sample/Upload.php Merci pour votre contribution . ################## | ! Fin du rapport # UsbFix V6.103 ! | ############################## | UsbFix V6.103 | User : Seb (Administrateurs) # SEB Update on 12/04/2010 by El Desaparecido , C_XX & Chimay8 Start at: 18:32:43 | 14/04/2010 Website : http://pagesperso-orange.fr/NosTools/index.html Contact : FindyKill.Contact@gmail.com Processeur Intel Pentium III Xeon Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3 Internet Explorer 8.0.6001.18702 Windows Firewall Status : Disabled AV : McAfee VirusScan [ (!) Disabled | Updated ] FW : McAfee Personal Firewall[ (!) Disabled ] C:\ -> Disque fixe local # 298,08 Go (266,44 Go free) # NTFS D:\ -> Disque CD-ROM G:\ -> Disque fixe local # 232,88 Go (183 Go free) [sEB 250] # NTFS H:\ -> Disque amovible # 14,9 Go (12,51 Go free) [uDISK 16GB] # FAT32 ################## | Vaccination | # C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido). # G:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido). # H:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido). ################## | ! Fin du rapport # UsbFix V6.103 ! | ----------------------------------- USB-set Tout est nikel, il mets juste pour le D(lecteur CD/DVD) : lecteur non pret

La regis.reg OK --------------- USBFIX ############################## | UsbFix V6.103 | User : Seb (Administrateurs) # SEB Update on 12/04/2010 by El Desaparecido , C_XX & Chimay8 Start at: 16:36:14 | 14/04/2010 Website : http://pagesperso-orange.fr/NosTools/index.html Contact : FindyKill.Contact@gmail.com Processeur Intel Pentium III Xeon Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3 Internet Explorer 8.0.6001.18702 Windows Firewall Status : Disabled AV : McAfee VirusScan [ (!) Disabled | Updated ] FW : McAfee Personal Firewall[ (!) Disabled ] C:\ -> Disque fixe local # 298,08 Go (266,31 Go free) # NTFS D:\ -> Disque CD-ROM # 469,37 Mo (0 Mo free) [TomTom] # CDFS E:\ -> Disque fixe local # 149,01 Go (90,09 Go free) [sEB 160] # FAT32 G:\ -> Disque fixe local # 232,88 Go (183 Go free) [sEB 250] # NTFS H:\ -> Disque amovible # 14,9 Go (12,51 Go free) [uDISK 16GB] # FAT32 ################## | Elements infectieux | D:\autorun.inf E:\msvcr71.dll ################## | Registre | [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives" [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives" ################## | Mountpoints2 | HKCU\..\..\Explorer\MountPoints2\{63595c12-47a9-11df-b3d5-0090f582af08} Shell\AutoRun\command =F:\InstallTomTomHOME.exe ################## | Vaccin | ################## | ! Fin du rapport # UsbFix V6.103 ! | ############################## | UsbFix V6.103 | User : Seb (Administrateurs) # SEB Update on 12/04/2010 by El Desaparecido , C_XX & Chimay8 Start at: 16:50:52 | 14/04/2010 Website : http://pagesperso-orange.fr/NosTools/index.html Contact : FindyKill.Contact@gmail.com Processeur Intel Pentium III Xeon Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3 Internet Explorer 8.0.6001.18702 Windows Firewall Status : Disabled AV : McAfee VirusScan [ (!) Disabled | Updated ] FW : McAfee Personal Firewall[ (!) Disabled ] C:\ -> Disque fixe local # 298,08 Go (266,26 Go free) # NTFS D:\ -> Disque CD-ROM # 469,37 Mo (0 Mo free) [TomTom] # CDFS E:\ -> Disque fixe local # 149,01 Go (90,09 Go free) [sEB 160] # FAT32 G:\ -> Disque fixe local # 232,88 Go (183 Go free) [sEB 250] # NTFS H:\ -> Disque amovible # 14,9 Go (12,51 Go free) [uDISK 16GB] # FAT32 ################## | Elements infectieux | Supprimé ! C:\Recycler\S-1-5-21-606747145-362288127-1801674531-1004 (!) Non supprimé ! D:\autorun.inf Supprimé ! E:\msvcr71.dll Supprimé ! G:\$Recycle.Bin\S-1-5-21-2536563965-4259997258-2051350044-1000 Supprimé ! G:\$Recycle.Bin\S-1-5-21-2536563965-4259997258-2051350044-1005 Supprimé ! G:\Recycler\S-1-5-21-606747145-362288127-1801674531-1004 ################## | Registre | Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives" Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives" ################## | Mountpoints2 | Supprimé ! HKCU\...\Explorer\MountPoints2\{63595c12-47a9-11df-b3d5-0090f582af08}\Shell\AutoRun\Command ################## | Listing des fichiers présent | [13/04/2010 13:42|--a------|7310] C:\Ad-Report-CLEAN[1].txt [13/04/2010 13:38|--a------|7033] C:\Ad-Report-SCAN[1].txt [30/04/2009 18:53|--a------|0] C:\AUTOEXEC.BAT [30/04/2009 18:48|--a------|216] C:\Boot.bak [13/04/2010 13:58|-rahs----|286] C:\boot.ini [14/04/2008 14:00|-rahs----|4952] C:\Bootfont.bin [03/08/2004 23:00|--a------|263488] C:\cmldr [13/04/2010 18:11|--a------|21801] C:\ComboFix.txt [30/04/2009 18:53|--a------|0] C:\CONFIG.SYS [11/02/2010 20:25|--a------|3789] C:\GERCC.txt [30/04/2009 18:53|-rahs----|0] C:\IO.SYS [30/04/2009 18:53|-rahs----|0] C:\MSDOS.SYS [14/04/2008 14:00|-rahs----|47564] C:\NTDETECT.COM [14/04/2008 14:00|-rahs----|252240] C:\ntldr [?|?|?] C:\pagefile.sys [11/02/2010 20:25|--a------|1058] C:\RCPARAM.txt [12/04/2010 18:57|--a------|530] C:\rkill.log [14/04/2010 11:24|--a------|1728] C:\RootRepeal report 04-14-10 (11-24-22).txt [14/04/2010 17:01|--a------|2632] C:\UsbFix.txt [03/04/2008 14:04|-r-------|79] D:\Autorun.inf [06/05/2008 12:46|-r-------|18890720] D:\Install TomTom HOME.exe [03/02/2006 17:02|-r-------|3584] D:\autoplay.exe [13/05/2008 16:04|-r-------|17] D:\documentation_cd.cid [29/02/2008 20:21|-r-------|1265] D:\raster.toc [14/08/2007 15:51|-r-------|2999] D:\voice.22k.v4.1.toc [14/08/2007 15:48|-r-------|19659] D:\voice.22k.v4.toc [14/08/2007 15:52|-r-------|912] D:\voice.22k.v5.1.toc [15/05/2007 01:53|-r-------|1916] D:\voice.22k.v7.toc [07/07/2007 00:53|-r-------|832] D:\voice.22k.v8.toc [05/11/2009 15:25|--ahs----|13824] E:\Thumbs.db [06/01/2010 07:14|--ahs----|5120] G:\Thumbs.db [08/03/2010 10:01|--ah-----|4096] H:\._.Trashes [08/03/2010 10:02|--ah-----|6148] H:\.DS_Store [31/12/2009 16:47|--a------|12850] H:\PROGRAMME SECHE.docx [13/04/2010 20:12|--a------|813633] H:\IMG_0213.jpg [14/04/2010 11:06|--a------|465298] H:\RootRepeal.rar ################## | Vaccination | # C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido). # E:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido). # G:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido). # H:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido). ################## | Upload | Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_SEB.zip : http://chiquitine.changelog.fr/Sample/Upload.php Merci pour votre contribution . ################## | ! Fin du rapport # UsbFix V6.103 ! | ############################## | UsbFix V6.103 | User : Seb (Administrateurs) # SEB Update on 12/04/2010 by El Desaparecido , C_XX & Chimay8 Start at: 17:06:20 | 14/04/2010 Website : http://pagesperso-orange.fr/NosTools/index.html Contact : FindyKill.Contact@gmail.com Processeur Intel Pentium III Xeon Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3 Internet Explorer 8.0.6001.18702 Windows Firewall Status : Disabled AV : McAfee VirusScan [ (!) Disabled | Updated ] FW : McAfee Personal Firewall[ (!) Disabled ] C:\ -> Disque fixe local # 298,08 Go (266,51 Go free) # NTFS D:\ -> Disque CD-ROM # 469,37 Mo (0 Mo free) [TomTom] # CDFS E:\ -> Disque fixe local # 149,01 Go (90,09 Go free) [sEB 160] # FAT32 G:\ -> Disque fixe local # 232,88 Go (183 Go free) [sEB 250] # NTFS H:\ -> Disque amovible # 14,9 Go (12,51 Go free) [uDISK 16GB] # FAT32 ################## | Vaccination | # C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido). # E:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido). # G:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido). # H:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido). ################## | ! Fin du rapport # UsbFix V6.103 ! | ----------------------------------------- USB SET Mise à jour KB953252 absente / le probleme c'est que je l'a trouve nulle part sur le net. Conséquence : D:CD/DVD - Lecteur non vacciné - Fichier Autorun.inf trouvé Le reste c'est bon. Nettoyage trace ok Je refais usb fix

F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe bnis.mxo yfklng Cette ligne n'apparait pas sur la scan Hijackthis --------------------- LOG Catchme Processing "Files to kill:" read file error: C:\WINDOWS\system32\qtplugin.exe, Le fichier spécifié est introuvable. file zipped: c:\windows\system32\drivers\JMCR_2.sys -> catchme.zip -> JMCR_2.sys ( 84240 bytes ) kill file error: c:\windows\system32\drivers\JMCR_2.sys, Accès refusé. Processing "Files to delete:" read file error: C:\WINDOWS\system32\qtplugin.exe, Le fichier spécifié est introuvable. read file error: c:\windows\system32\drivers\JMCR_2.sys , Le fichier spécifié est introuvable. Processing "Files to kill:" read file error: C:\WINDOWS\system32\qtplugin.exe, Le fichier spécifié est introuvable. file zipped: c:\windows\system32\drivers\JMCR_2.sys -> catchme.zip -> JMCR_2.sys ( 84240 bytes ) kill file error: c:\windows\system32\drivers\JMCR_2.sys, Accès refusé. Processing "Files to delete:" read file error: C:\WINDOWS\system32\qtplugin.exe, Le fichier spécifié est introuvable. read file error: c:\windows\system32\drivers\JMCR_2.sys , Le fichier spécifié est introuvable. ----------------- Le contenu de fix.reg s'est bien inscrit dans le registre ----------------- RSIT log Logfile of random's system information tool 1.06 (written by random/random) Run by Seb at 2010-04-14 15:14:00 Microsoft Windows XP Édition familiale Service Pack 3 System drive C: has 273 GB (89%) free of 305 GB Total RAM: 3067 MB (80% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:14:01, on 14/04/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Wacom_Tablet.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe C:\WINDOWS\system32\Wacom_Tablet.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\BisonCam\BisonHK.exe C:\WINDOWS\BisonCam\DeLay.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Belkin Storage Manager\StorageManager.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HotKey_Driver\HotKeyDriver.exe C:\Program Files\NETGEAR\WN111v2\WN111V2.exe C:\Program Files\MaxTV\MaxTV4\task_scheduler.exe C:\Program Files\Protector Suite QL\psqltray.exe C:\Program Files\Fichiers communs\PPLiveNetwork\PPAP.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Documents and Settings\Seb\Bureau\RSIT.exe C:\Program Files\trend micro\HijackThis\Seb.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [bisonHK] C:\WINDOWS\BisonCam\BisonHK.exe O4 - HKLM\..\Run: [DeLay] C:\WINDOWS\BisonCam\DeLay.exe O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [belkin Storage Manager] "C:\Program Files\Belkin Storage Manager\StorageManager.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (rootkit-scan)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\NETGEAR\WN111v2\jswtrayutil.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [OrangePlayer] c:\program files\orange\media player\Media Player.exe /systray O4 - HKCU\..\Run: [PPAP] "C:\Program Files\Fichiers communs\PPLiveNetwork\PPAP.exe" -background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [OrangePlayer] c:\program files\orange\media player\Media Player.exe /systray (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: MaxTV Recorder Manager.lnk = C:\Program Files\MaxTV\MaxTV4\task_scheduler.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: HotKeyDriver.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: NETGEAR WN111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111v2\WN111V2.exe O4 - Global Startup: SketchBook Snapshot.lnk = C:\Program Files\Autodesk\SketchBookPro2010\SketchBookSnapshot.exe O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O4 - Global Startup: WiziWYG XP Startup.lnk = C:\Program Files\Praxisoft\WiziWYG XP\WiziWYGXP.exe O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlcdnet.asus.com/pub/ASUS/misc/dlm-...vex-2.2.5.0.cab O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-27-0.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {FD47E0E7-D528-4D72-9386-E608448119C6} - http://www.superstarracing.net/miniclip/Ch...ublicPlayer.cab O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit (mi-raysat_3dsmax2010_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- End of file - 11498 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\1 Copernic Intra-Daily ~SEB Seb.job C:\WINDOWS\tasks\2 Copernic Daily ~SEB Seb.job C:\WINDOWS\tasks\3 Copernic Weekly ~SEB Seb.job C:\WINDOWS\tasks\4 Copernic Monthly ~SEB Seb.job C:\WINDOWS\tasks\McDefragTask.job C:\WINDOWS\tasks\McQcTask.job C:\WINDOWS\tasks\User_Feed_Synchronization-{8D00EE27-E11D-45D3-AFAF-68AF33D0F235}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-04-10 16861184] "SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2008-03-27 1208320] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-12-06 1024000] "BisonHK"=C:\WINDOWS\BisonCam\BisonHK.exe [2008-03-25 77824] "DeLay"=C:\WINDOWS\BisonCam\DeLay.exe [2008-03-11 53248] "PSQLLauncher"=C:\Program Files\Protector Suite QL\launcher.exe [2008-07-04 49928] "mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-10-29 1218008] "McENUI"=C:\PROGRA~1\McAfee\MHN\McENUI.exe [2009-07-07 1176808] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624] "UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2009-10-26 15872] "Adobe Acrobat Speed Launcher"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2008-06-12 37232] "Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2008-06-11 640376] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 148888] "Belkin Storage Manager"=C:\Program Files\Belkin Storage Manager\StorageManager.exe [2008-08-30 855040] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-08-19 13762560] "nwiz"=nwiz.exe /installquiet [] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-08-19 86016] "Malwarebytes Anti-Malware (rootkit-scan)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-03-30 1086856] "jswtrayutil"=C:\Program Files\NETGEAR\WN111v2\jswtrayutil.exe [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856] "OrangePlayer"=c:\program files\orange\media player\Media Player.exe [2009-09-05 319488] "PPAP"=C:\Program Files\Fichiers communs\PPLiveNetwork\PPAP.exe [2010-02-04 173512] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-11-13 247144] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe HotKeyDriver.lnk - C:\Program Files\HotKey_Driver\HotKeyDriver.exe Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe NETGEAR WN111v2 Smart Wizard.lnk - C:\Program Files\NETGEAR\WN111v2\WN111V2.exe SketchBook Snapshot.lnk - C:\Program Files\Autodesk\SketchBookPro2010\SketchBookSnapshot.exe Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe WiziWYG XP Startup.lnk - C:\Program Files\Praxisoft\WiziWYG XP\WiziWYGXP.exe C:\Documents and Settings\Seb\Menu Démarrer\Programmes\Démarrage MaxTV Recorder Manager.lnk - C:\Program Files\MaxTV\MaxTV4\task_scheduler.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus] C:\WINDOWS\system32\psqlpwd.dll [2008-07-04 96008] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"=scecli psqlpwd [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe"="C:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent" "C:\Program Files\uusee\UUSeePlayer.exe"="C:\Program Files\uusee\UUSeePlayer.exe:*:Enabled:UUSEE" "C:\Program Files\Autodesk\Backburner\monitor.exe"="C:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor" "C:\Program Files\Autodesk\Backburner\manager.exe"="C:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager" "C:\Program Files\Autodesk\Backburner\server.exe"="C:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server" "C:\Program Files\Autodesk\3ds Max 2010\3dsmax.exe"="C:\Program Files\Autodesk\3ds Max 2010\3dsmax.exe:*:Enabled:Autodesk 3ds Max 2010 32-bit" "C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe"="C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe:*:Enabled:mental ray satellite for Autodesk 3ds Max 2010 32-bit" "C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe"="C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe:*:Enabled:mental ray satellite server for Autodesk 3ds Max 2010 32-bit" "C:\Program Files\DMV\MaxTV4\core\maxtv_xul.exe"="C:\Program Files\DMV\MaxTV4\core\maxtv_xul.exe:*:Enabled:MaxTV" "C:\Program Files\DMV\MaxTV4\maxtv.exe"="C:\Program Files\DMV\MaxTV4\maxtv.exe:*:Enabled:MaxTV Framework" "C:\Program Files\DMV\MaxTV4\recorder.exe"="C:\Program Files\DMV\MaxTV4\recorder.exe:*:Enabled:MaxTV Recorder" "C:\Program Files\Autodesk\3ds Max 2009\3dsmax.exe"="C:\Program Files\Autodesk\3ds Max 2009\3dsmax.exe:*:Enabled:Autodesk 3ds Max Design 2009 32-bit" "C:\Program Files\PPStream\PPStream.exe"="C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPSÍøÂçµçÊÓ" "C:\Program Files\PPStream\PPSAP.exe"="C:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS ÍøÂç¼ÓËÙÆ÷" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Fichiers communs\PPLiveNetwork\PPAP.exe"="C:\Program Files\Fichiers communs\PPLiveNetwork\PPAP.exe:*:Enabled:PPLive" "C:\Program Files\PPLive\PPTV\PPLive.exe"="C:\Program Files\PPLive\PPTV\PPLive.exe:*:Enabled:PPLive" "C:\Program Files\PPLive\PPTV\PPLiveU.exe"="C:\Program Files\PPLive\PPTV\PPLiveU.exe:*:Enabled:PPLiveU" "C:\Program Files\PPLive\PPVA\PPLiveVA.exe"="C:\Program Files\PPLive\PPVA\PPLiveVA.exe:*:Enabled:PPLiveVA" "C:\Program Files\PPLive\PPVA\PPLiveVA_U.exe"="C:\Program Files\PPLive\PPVA\PPLiveVA_U.exe:*:Enabled:PPLiveVA" "C:\Program Files\PPLive\PPVA\FlvPick.exe"="C:\Program Files\PPLive\PPVA\FlvPick.exe:*:Enabled:FlvPick" "C:\Program Files\PPLive\PPVA\crashreporter.exe"="C:\Program Files\PPLive\PPVA\crashreporter.exe:*:Enabled:CrashUpload" "C:\Program Files\PPLive\PPVA\PPVADownload.exe"="C:\Program Files\PPLive\PPVA\PPVADownload.exe:*:Enabled:Download" "C:\Program Files\PPLive\PPVA\DownloadProgress.exe"="C:\Program Files\PPLive\PPVA\DownloadProgress.exe:*:Enabled:DownloadProgress" "C:\Program Files\MaxTV\MaxTV4\maxtv.exe"="C:\Program Files\MaxTV\MaxTV4\maxtv.exe:*:Enabled:MaxTV" "C:\Program Files\MaxTV\MaxTV4\core\maxtv_xul.exe"="C:\Program Files\MaxTV\MaxTV4\core\maxtv_xul.exe:*:Enabled:MaxTV GUI" "C:\Program Files\MaxTV\MaxTV4\recorder.exe"="C:\Program Files\MaxTV\MaxTV4\recorder.exe:*:Enabled:MaxTV Recorder" "C:\Program Files\MaxTV\MaxTV4\task_scheduler.exe"="C:\Program Files\MaxTV\MaxTV4\task_scheduler.exe:*:Enabled:MaxTV Recorder Manager" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a8c9941-35b6-11de-b157-806d6172696f}] shell\AutoRun\command - D:\autoplay.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63595c12-47a9-11df-b3d5-0090f582af08}] shell\AutoRun\command - F:\InstallTomTomHOME.exe ======File associations====== .js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" .txt - open - ======List of files/folders created in the last 1 months====== 2010-04-14 11:39:54 ----D---- C:\Documents and Settings\All Users\Application Data\TomTom 2010-04-14 11:37:51 ----D---- C:\Documents and Settings\Seb\Application Data\TomTom 2010-04-14 11:37:42 ----D---- C:\Program Files\TomTom International B.V 2010-04-14 11:37:31 ----D---- C:\Program Files\TomTom HOME 2 2010-04-14 11:24:22 ----A---- C:\RootRepeal report 04-14-10 (11-24-22).txt 2010-04-13 19:26:11 ----D---- C:\Documents and Settings\All Users\Application Data\TVU Networks 2010-04-13 18:17:53 ----SHD---- C:\RECYCLER 2010-04-13 18:11:32 ----A---- C:\ComboFix.txt 2010-04-13 17:42:26 ----A---- C:\WINDOWS\ntbtlog.txt 2010-04-13 17:03:41 ----A---- C:\WINDOWS\system32\MPFServiceFailureCount.txt 2010-04-13 13:58:26 ----A---- C:\Boot.bak 2010-04-13 13:58:19 ----RASHD---- C:\cmdcons 2010-04-13 13:55:49 ----A---- C:\WINDOWS\zip.exe 2010-04-13 13:55:49 ----A---- C:\WINDOWS\SWXCACLS.exe 2010-04-13 13:55:49 ----A---- C:\WINDOWS\SWSC.exe 2010-04-13 13:55:49 ----A---- C:\WINDOWS\SWREG.exe 2010-04-13 13:55:49 ----A---- C:\WINDOWS\sed.exe 2010-04-13 13:55:49 ----A---- C:\WINDOWS\PEV.exe 2010-04-13 13:55:49 ----A---- C:\WINDOWS\NIRCMD.exe 2010-04-13 13:55:49 ----A---- C:\WINDOWS\MBR.exe 2010-04-13 13:55:49 ----A---- C:\WINDOWS\grep.exe 2010-04-13 13:55:30 ----D---- C:\WINDOWS\ERDNT 2010-04-13 13:54:47 ----D---- C:\Qoobox 2010-04-13 13:38:49 ----A---- C:\Ad-Report-CLEAN[1].txt 2010-04-13 13:34:18 ----A---- C:\Ad-Report-SCAN[1].txt 2010-04-13 13:33:38 ----D---- C:\Ad-Remover 2010-04-13 11:04:19 ----D---- C:\Program Files\trend micro 2010-04-13 11:04:18 ----D---- C:\rsit 2010-04-12 14:17:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-04-12 12:35:58 ----D---- C:\Documents and Settings\Seb\Application Data\Malwarebytes 2010-04-12 12:35:44 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2010-04-12 03:13:36 ----D---- C:\Program Files\CCleaner 2010-04-10 17:29:17 ----D---- C:\Program Files\MaxTV 2010-04-07 16:10:20 ----D---- C:\Documents and Settings\Seb\Application Data\Windows Desktop Search 2010-04-07 16:09:44 ----D---- C:\WINDOWS\system32\GroupPolicy 2010-04-07 16:09:44 ----D---- C:\Program Files\Windows Desktop Search 2010-04-07 16:09:29 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$ 2010-04-07 16:09:13 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$ 2010-03-18 20:46:14 ----HD---- C:\Documents and Settings\Seb\Application Data\FDBTemp 2010-03-18 20:37:12 ----D---- C:\Program Files\scripts 2010-03-18 20:37:12 ----D---- C:\Program Files\defaults 2010-03-18 20:37:12 ----A---- C:\Program Files\plugin.ini 2010-03-18 20:37:11 ----D---- C:\Program Files\plugins 2010-03-18 20:37:10 ----D---- C:\Program Files\Chaos Group 2010-03-18 20:37:10 ----A---- C:\Program Files\vray2009.dll 2010-03-18 20:37:10 ----A---- C:\Program Files\libmmd.dll 2010-03-18 20:24:47 ----D---- C:\Documents and Settings\All Users\Application Data\Macromedia 2010-03-18 20:24:29 ----D---- C:\Program Files\Macromedia 2010-03-18 20:24:29 ----D---- C:\Program Files\Fichiers communs\Macromedia ======List of files/folders modified in the last 1 months====== 2010-04-14 15:11:55 ----D---- C:\WINDOWS\Prefetch 2010-04-14 14:31:27 ----D---- C:\WINDOWS\Temp 2010-04-14 13:31:12 ----D---- C:\Documents and Settings\Seb\Application Data\vlc 2010-04-14 11:39:41 ----D---- C:\WINDOWS\system32\CatRoot2 2010-04-14 11:37:43 ----SHD---- C:\WINDOWS\Installer 2010-04-14 11:37:43 ----D---- C:\Config.Msi 2010-04-14 11:37:42 ----RD---- C:\Program Files 2010-04-14 11:13:57 ----D---- C:\WINDOWS\system32\drivers 2010-04-14 11:12:20 ----D---- C:\WINDOWS 2010-04-14 11:11:28 ----D---- C:\Documents and Settings\Seb\Application Data\WTablet 2010-04-14 09:51:59 ----D---- C:\Documents and Settings\Seb\Application Data\Media Player 2010-04-13 21:24:21 ----A---- C:\WINDOWS\NeroDigital.ini 2010-04-13 21:03:14 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-04-13 19:26:03 ----D---- C:\Program Files\TVUPlayer 2010-04-13 18:04:31 ----A---- C:\WINDOWS\system.ini 2010-04-13 17:56:02 ----D---- C:\WINDOWS\system32 2010-04-13 17:56:02 ----D---- C:\WINDOWS\AppPatch 2010-04-13 17:55:59 ----D---- C:\Program Files\Fichiers communs 2010-04-13 16:54:00 ----SHD---- C:\System Volume Information 2010-04-13 16:54:00 ----D---- C:\WINDOWS\system32\Restore 2010-04-13 14:15:45 ----D---- C:\FavoriteVideo 2010-04-13 14:07:50 ----D---- C:\WINDOWS\system32\config 2010-04-13 14:06:45 ----SD---- C:\WINDOWS\Tasks 2010-04-13 13:58:26 ----RASH---- C:\boot.ini 2010-04-12 20:22:03 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-04-12 19:57:06 ----D---- C:\WINDOWS\MYP2P EPL MEDIA PLAYER 2010-04-12 18:45:28 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$ 2010-04-12 18:02:54 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$ 2010-04-12 15:10:17 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$ 2010-04-12 14:04:24 ----D---- C:\WINDOWS\L2Schemas 2010-04-12 12:30:19 ----HD---- C:\WINDOWS\inf 2010-04-12 03:16:26 ----D---- C:\Documents and Settings\Seb\Application Data\Azureus 2010-04-12 03:16:25 ----D---- C:\WINDOWS\Minidump 2010-04-12 03:16:25 ----D---- C:\WINDOWS\Debug 2010-04-12 03:08:25 ----D---- C:\Program Files\Mozilla Firefox 2010-04-10 17:29:18 ----D---- C:\WINDOWS\MaxTV 2010-04-07 16:10:23 ----SD---- C:\Documents and Settings\Seb\Application Data\Microsoft 2010-04-07 16:09:53 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2010-04-07 16:09:49 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-04-07 16:09:46 ----D---- C:\WINDOWS\system32\fr-fr 2010-04-07 16:09:44 ----D---- C:\WINDOWS\system32\wbem 2010-04-04 12:00:05 ----D---- C:\Program Files\McAfee 2010-03-24 22:39:14 ----D---- C:\Program Files\TVAnts 2010-03-24 21:45:52 ----D---- C:\Documents and Settings\Seb\Application Data\TVU networks 2010-03-18 20:29:01 ----D---- C:\Documents and Settings\Seb\Application Data\Macromedia 2010-03-18 20:23:54 ----D---- C:\WINDOWS\Downloaded Installations 2010-03-18 19:32:50 ----D---- C:\Program Files\Autodesk ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576] R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720] R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-09-16 214664] R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2009-07-16 120136] R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800] R3 Cam5607;BisonCam, NB Pro; C:\WINDOWS\System32\Drivers\BisonC07.sys [2008-04-30 1073320] R3 catchme;catchme; \??\C:\DOCUME~1\Seb\LOCALS~1\Temp\catchme.sys [] R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384] R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-04-17 4707328] R3 JMCR;JMCR; C:\WINDOWS\system32\DRIVERS\jmcr.sys [2008-04-11 84240] R3 JSWSCIMD;jswscimd Service; C:\WINDOWS\system32\DRIVERS\jswscimd.sys [2008-02-12 57440] R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-09-16 79816] R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-09-16 35272] R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-08-19 7968448] R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda32.sys [2009-05-11 56480] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2009-10-29 10368] R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-03-07 106624] R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2008-03-27 1094272] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-12-06 220032] R3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2008-01-30 50576] R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 wacommousefilter;Wacom Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312] R3 wacomvhid;Wacom Virtual Hid Driver; C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 12848] R3 WacomVKHid;Virtual Keyboard Driver; C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-16 11440] R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-12-14 57408] S3 Bridge;Pont MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-14 71552] S3 BridgeMP;Miniport de pont MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-14 71552] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\DNINDIS5.SYS [] S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-09-16 34248] S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-09-16 40552] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 NETw5x32;Pilote de carte Intel® Wireless WiFi Link pour Windows XP 32 bits ; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-04-28 3626112] S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984] S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service; C:\WINDOWS\system32\DRIVERS\WN111v2.sys [2008-05-31 434688] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2008-05-04 467029] R2 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe [2009-11-20 79360] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 152984] R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-10 865832] R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848] R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952] R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-09-16 144704] R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit; C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-19 65536] R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit; C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-04-13 86016] R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-10-27 895696] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-08-19 168004] R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656] R2 TabletServiceWacom;TabletServiceWacom; C:\WINDOWS\system32\Wacom_Tablet.exe [2007-09-07 1373480] R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008] R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [] S2 vvdsvc;VJVodClientServices; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-05-01 651720] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 Imapi Helper;Imapi Helper; C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe [2006-01-05 163840] S3 jswpsapi;Jumpstart Wifi Protected Setup; C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe [2008-02-27 360547] S3 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2009-07-08 68112] S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-09-16 365072] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S4 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-09-16 606736] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- info info.txt logfile of random's system information tool 1.06 2010-04-14 15:14:02 ======Uninstall list====== -->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 -->MsiExec /X{B83FC356-B7C0-441F-8A4D-D71E088E7974} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf ACDSee Pro-->MsiExec.exe /I{6DE20125-6C25-46DD-8743-9C731E25ABA5} Adobe Acrobat 9 Pro - English, Français, Deutsch-->msiexec /I {AC76BA86-1033-F400-7760-000000000004} Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95} Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61} Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394} Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23} Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C} Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C} Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E} Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9} Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2} Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029} Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A} Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D} Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD} Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B} Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245} Adobe Illustrator CS3-->C:\Program Files\Fichiers communs\Adobe\Installers\e21d2df5563f0bf421cf2cc5ec26c42\Setup.exe Adobe Illustrator CS3-->MsiExec.exe /I{6E08CE13-C2AB-4749-9335-5900B958929E} Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078} Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C} Adobe Photoshop CS3-->C:\Program Files\Fichiers communs\Adobe\Installers\32e9033392a51340b32fdc6ad893ab7\Setup.exe Adobe Photoshop CS3-->MsiExec.exe /I{BF794769-8875-4E01-B7BE-E00104604F4A} Adobe Reader 8 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A80000000002} Adobe Setup-->MsiExec.exe /I{926DEB4E-2B0A-4C5C-AE4A-BF6C06949702} Adobe Setup-->MsiExec.exe /I{CE67DBBB-2ED0-4F35-B482-0CFE4CFC1570} Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe" Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183} Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312} Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8} Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5} Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6} Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923} Ad-Remover By C_XX-->"C:\Ad-Remover\Un-ADR.exe" Apago PDF Enhancer 3.2-->C:\Program Files\PDF Enhancer\uninst.exe Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7} Autodesk 3ds Max 2010 32-bit-->MsiExec.exe /I{317AC0C7-FEBF-040C-87A3-4FC70D0ED900} Autodesk 3ds Max Design 2009 32-bit Additional Maps and Material Libraries-->MsiExec.exe /I{F681200C-0446-040C-ABE4-EA9105E40EE4} Autodesk 3ds Max Design 2009 32-bit Architectural Materials Library-->MsiExec.exe /I{C251E4E6-89BA-040C-9B42-1B3D01D34783} Autodesk 3ds Max Design 2009 32-bit Films-->MsiExec.exe /I{305D5417-E687-040C-AA09-53DE06E059F8} Autodesk 3ds Max Design 2009 32-bit ProMaterials™ Library-->MsiExec.exe /I{2AB45FAF-2D92-040C-8D33-E2FE6172280E} Autodesk 3ds Max Design 2009 32-bit Vault 2008 Extension-->MsiExec.exe /I{EFCBBB01-F876-040C-B91F-7B6132E8BB64} Autodesk 3ds Max Design 2009 32-bit Vault 2009 Extension-->MsiExec.exe /I{744A5C19-AA4C-040C-BC07-9F4C73C8B247} Autodesk 3ds Max Design 2009 32-bit-->MsiExec.exe /I{FDD8070F-E3B9-040C-822C-CCFE5E82C14D} Autodesk AliasStudio 2009-->MsiExec.exe /I{B37CD443-C872-47B3-949A-C08BA2EB9D2B} Autodesk Backburner 2008.1-->MsiExec.exe /I{3D347E6D-5A03-4342-B5BA-6A771885F379} Autodesk DirectConnect 2009-->MsiExec.exe /I{35BA2BAF-FFD4-4B12-B42B-AA8CC902CD23} Autodesk FBX Plugin 2009.4 - 3ds Max 2010-->C:\Program Files\Autodesk\FBX\FBXPlugins\2009.4\3ds Max 2010\Uninstall.exe Autodesk Showcase 2009-->MsiExec.exe /I{071F11A8-3157-4739-B38E-3224F1FD9F59} Autodesk SketchBookPro 2010-->MsiExec.exe /X{F8236DB8-CF1E-476B-A718-0ADBDBD97863} Belkin Storage Manager-->MsiExec.exe /X{C12D7D54-7DE8-4DF7-AB2D-8A5ECFB2F89B} BisonCam-->C:\Program Files\InstallShield Installation Information\{4BB1DCED-84D3-47F9-B718-5947E904593E}\Setup.exe -runfromtemp -l0x040c -removeonly Bluerock Technologies Flight Studio 3ds Max Design 2009 32-bit-->MsiExec.exe /I{0B56244C-7B61-040C-A739-3E29DDE4DC3C} Canon MP Navigator 2.0-->"C:\Program Files\Canon\MP Navigator 2.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 2.0\uninst.ini Canon MP450-->"C:\WINDOWS\system32\CanonMP Uninstaller Information\{CF23AFD7-3078-4134-8823-EBF6D1FE6FAD}\DelDrv.exe" /U:{CF23AFD7-3078-4134-8823-EBF6D1FE6FAD} /L0x000c CCleaner-->"C:\Program Files\CCleaner\uninst.exe" CombiMovie Version 1.31-->"C:\Program Files\bobyte\CombiMovie\unins000.exe" Command Prompt Here PowerToy-->rundll32.exe syssetup.dll,SetupInfObjectInstallAction DefaultUninstall 132 C:\WINDOWS\INF\DosHere.inf Copernic Agent Professional-->"C:\WINDOWS\CopernicAgentUninstall.exe" /ARGSFILE="C:\Program Files\Copernic Agent\unwise.dat" Corel Painter Essentials 3-->MsiExec.exe /I{0C180787-F8C8-42FD-A9D3-689BA44BEAAF} Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN eMule-->"C:\Program Files\eMule\Uninstall.exe" FBX Plugin 2009.0 for Max 2009-->C:\Program Files\Autodesk\FBX\FbxPlugins\2009.0\Max2009\Uninstall.exe Free Video Converter V 2.3-->"C:\Program Files\Free Video Converter\unins000.exe" HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe" HotKey_Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63F8286A-601D-4B06-BB21-DB863AF17BFA}\Setup.exe" -l0x9 hypershot-->MsiExec.exe /I{04DD2EE7-31BB-4186-9A30-447283BC26F8} Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31} Intel PROSet Wireless-->Intel PROSet Wireless ISO Recorder-->MsiExec.exe /I{DFC6573E-124D-4026-BFA4-B433C9D3FF21} IsoBuster 1.9-->"C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe" Java 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF} JMicron JMB38X Flash Media Controller-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{26604C7E-A313-4D12-867F-7C6E7820BE4C}\setup.exe" -l0x40c -removeonly Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Macromedia Dreamweaver 8-->MsiExec.exe /I{5FD788ED-1A37-4496-9BDD-463F493B27FA} Macromedia Extension Manager-->MsiExec.exe /I{3C8C9FB3-5FDF-40B4-B314-EAD722728C76} Macromedia Flash Player 8-->MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46} Magic ISO Maker v5.5 (build 0276)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" MaxTV-->"C:\WINDOWS\MaxTV\uninstall_maxtv.exe" "/U:C:\Program Files\MaxTV\MaxTV4\Uninstall\MaxTV\uninstall_maxtv.xml" McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe Media Player-->"C:\Program Files\Orange\Media Player\uninstall.exe" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE} Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13} Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Motorola SM56 Data Fax Modem-->rundll32.exe sm56co81.dll,SM56UnInstaller Mozilla Firefox (3.0.18)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe Mozilla Thunderbird (2.0.0.23)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 6.0 Parser-->MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE} MYP2P EPL MEDIA PLAYER-->"C:\WINDOWS\MYP2P EPL MEDIA PLAYER\uninstall.exe" "/U:C:\Program Files\MYP2P EPL MEDIA PLAYER\Uninstall\uninstall.xml" Nero 8 Lite 8.3.6.0-->"C:\Program Files\Nero\unins000.exe" NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI NVIDIA PhysX-->MsiExec.exe /X{B83FC356-B7C0-441F-8A4D-D71E088E7974} Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5} PPStream V2.6.86.8989 Final-->C:\Program Files\PPStream\unpps.exe PPTV V2.4.2.0013-->C:\Program Files\PPLive\PPTV\uninst.exe Protector Suite QL 5.8-->MsiExec.exe /I{23B14BE4-5277-40B2-B602-3FCD456C27BC} QuickTime-->MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8} RangeMax Wireless-N USB Adapter WN111v2-->C:\Program Files\InstallShield Installation Information\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\setup.exe -runfromtemp -l0x0409 RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\Setup.exe -runfromtemp -l0x040c -removeonly Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x40c -removeonly Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85} Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} Sina Web TV-->C:\PROGRA~1\sina\SINAWE~1\307~1.1\UNWISE.EXE C:\PROGRA~1\sina\SINAWE~1\307~1.1\Install.LOG SLD Codec Pack-->C:\Program Files\SLD Codec Pack\uninstall.exe SopCast 2.0.4-->C:\Program Files\SopCast\uninst.exe SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe" Stream Torrent 1.0-->"C:\Program Files\StreamTorrent 1.0\uninstall.exe" Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Tablette Wacom-->C:\Program Files\Tablet\Wacom\Remove.exe /u TomTom HOME 2.7.3.1894-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533} Turbo Squid Tentacles 3ds Max 2009 32-bit-->MsiExec.exe /X{7A046E1F-BEB7-49C8-83E2-78E1F1C65C60} TVAnts 1.0-->C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG TVUPlayer 2.5.2.2-->C:\Program Files\TVUPlayer\uninst.exe Unity Web Player-->C:\Program Files\Unity\WebPlayer\Uninstall.exe Unlocker 1.8.8-->C:\Program Files\Unlocker\uninst.exe Update for Outlook 2007 Junk Email Filter (kb962871)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {297857BF-4011-449B-BD74-DB64D182821C} UUSee ÍøÂçµçÊÓ [4.4.801.53]-->C:\Program Files\uusee\uninst.exe VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B} VCW VicMan's Photo Editor 8.1-->"C:\Program Files\VCW VicMan's Photo Editor\unins000.exe" Veetle TV 0.9.16-->C:\Program Files\Veetle\UninstallVeetleTV.exe VexcastPlayer2.0-->"C:\WINDOWS\system32\Nagasoft\Uninstall.exe" Virtual Plastic Surgery Software - VPSS v1.0-->"C:\Program Files\VPSS\unins000.exe" VLC media player 1.0.3-->C:\Program Files\VideoLAN\VLC\uninstall.exe V-Ray for 3dsmax 2009 for x86-->"C:\Program Files\Chaos Group\V-Ray\3dsmax 2009 for x86\uninstall\wininstaller.exe"-uninstall="C:\Program Files\Chaos Group\V-Ray\3dsmax 2009 for x86\uninstall\install.log" -uninstallApp="V-Ray for 3dsmax 2009 for x86" Vuze-->C:\Program Files\Vuze\uninstall.exe Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe" Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe" WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall WiziWYG XP-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Praxisoft\WiziWYG XP\Uninst.isu" X-Fonter 6.4-->"C:\Program Files\X-Fonter\unins000.exe" ======Security center information====== AV: McAfee VirusScan (disabled) FW: McAfee Personal Firewall (disabled) ======System event log====== Computer Name: SEB Event Code: 51 Message: Une erreur a été détectée sur le périphérique \Device\Harddisk3\D au cours d'une opération de pagination. Record Number: 31545 Source Name: Disk Time Written: 20100317150314.000000+060 Event Type: Avertissement User: Computer Name: SEB Event Code: 51 Message: Une erreur a été détectée sur le périphérique \Device\Harddisk3\D au cours d'une opération de pagination. Record Number: 31544 Source Name: Disk Time Written: 20100317150314.000000+060 Event Type: Avertissement User: Computer Name: SEB Event Code: 51 Message: Une erreur a été détectée sur le périphérique \Device\Harddisk3\D au cours d'une opération de pagination. Record Number: 31543 Source Name: Disk Time Written: 20100317150314.000000+060 Event Type: Avertissement User: Computer Name: SEB Event Code: 51 Message: Une erreur a été détectée sur le périphérique \Device\Harddisk3\D au cours d'une opération de pagination. Record Number: 31542 Source Name: Disk Time Written: 20100317150314.000000+060 Event Type: Avertissement User: Computer Name: SEB Event Code: 51 Message: Une erreur a été détectée sur le périphérique \Device\Harddisk3\D au cours d'une opération de pagination. Record Number: 31541 Source Name: Disk Time Written: 20100317150314.000000+060 Event Type: Avertissement User: =====Application event log===== Computer Name: SEB Event Code: 1800 Message: Le service Centre de sécurité Windows a démarré. Record Number: 657 Source Name: SecurityCenter Time Written: 20090701190910.000000+120 Event Type: Informations User: Computer Name: SEB Event Code: 1 Message: Record Number: 656 Source Name: Bonjour Service Time Written: 20090701190907.000000+120 Event Type: Informations User: Computer Name: SEB Event Code: 5000 Message: Service McShield démarré. Version du moteur : 5301.4018 Version du fichier DAT : 5654.0000 Nombre de signatures dans le fichier EXTRA.DAT : None Nom des menaces pouvant être détectées par EXTRA.DAT : None Record Number: 655 Source Name: McLogEvent Time Written: 20090630184338.000000+120 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: SEB Event Code: 1800 Message: Le service Centre de sécurité Windows a démarré. Record Number: 654 Source Name: SecurityCenter Time Written: 20090630184333.000000+120 Event Type: Informations User: Computer Name: SEB Event Code: 1 Message: Record Number: 653 Source Name: Bonjour Service Time Written: 20090630184330.000000+120 Event Type: Informations User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Autodesk\AliasStudio2009\bin;C:\Program Files\Fichiers communs\DivX Shared;C:\Program Files\QuickTime\QTSystem\C:\Program Files\DMV\MaxTV4\plugins;C:\Program Files\Autodesk\Backburner;C:\Program Files\Fichiers communs\Autodesk Shared "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel "PROCESSOR_REVISION"=1706 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip "QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip "HYPERSHOT"=C:\Documents and Settings\All Users\Bunkspeed\HyperShot -----------------EOF-----------------

ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2010/04/14 11:19 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: giveio.sys Image Path: giveio.sys Address: 0xB8672000 Size: 1664 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xA8F46000 Size: 49152 File Visible: No Signed: - Status: - Name: speedfan.sys Image Path: speedfan.sys Address: 0xB85AC000 Size: 5248 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: C:\Documents and Settings\All Users\Application Data\PPLive\Core\resconfig\ResourceInfo.dat Status: Could not get file information (Error 0xc0000008) ==EOF==

Est-ce normal qu'apres une nuit d'analyse,il n'a toujours pas fini ? Il s'est pas planté car je vois les fichiers défiler mais c'est super long ! J'ai décoché sections,ça décoché show all,tout le reste est coché y compris ADS... Et voilà,planté puis redemarrage... Nouveau Scan sans les devices Scan 3 sans les files...

http://www.virustotal.com/fr/analisis/9d7d...67cb-1271172953 Fichier 3669FDB406.sys reçu le 2010.04.13 15:35:53 (UTC) Situation actuelle: terminé Résultat: 0/40 (0.00%) Formaté Impression des résultats AntivirusVersionDernière mise à jourRésultata-squared4.5.0.502010.04.13-AhnLab-V35.0.0.22010.04.12-AntiVir7.10.6.682010.04.13-Antiy-AVL2.0.3.72010.04.13-Authentium5.2.0.52010.04.13-Avast4.8.1351.02010.04.13-Avast55.0.332.02010.04.13-AVG9.0.0.7872010.04.13-BitDefender7.22010.04.13-CAT-QuickHeal10.002010.04.13-ClamAV0.96.0.3-git2010.04.13-Comodo45872010.04.13-DrWeb5.0.2.033002010.04.13-eSafe7.0.17.02010.04.13-eTrust-Vet35.2.74232010.04.13-F-Prot4.5.1.852010.04.13-F-Secure9.0.15370.02010.04.13-Fortinet4.0.14.02010.04.12-GData192010.04.13-IkarusT3.1.1.80.02010.04.13-Jiangmin13.0.9002010.04.13-Kaspersky7.0.0.1252010.04.13-McAfee5.400.0.11582010.04.13-McAfee-GW-Edition6.8.52010.04.13-Microsoft1.56052010.04.13-NOD3250252010.04.13-Norman6.04.112010.04.13-nProtect2009.1.8.02010.04.06-Panda10.0.2.72010.04.13-PCTools7.0.3.52010.04.13-Prevx3.02010.04.13-Rising22.43.01.012010.04.13-Sophos4.52.02010.04.13-Sunbelt61702010.04.13-Symantec20091.2.0.412010.04.13-TheHacker6.5.2.0.2602010.04.13-TrendMicro9.120.0.10042010.04.13-VBA323.12.12.42010.04.09-ViRobot2010.4.13.22742010.04.13-VirusBuster5.0.27.02010.04.13-Information additionnelleFile size: 8 bytesMD5 : 0641a46f1e58529a42ead4573a3a0861SHA1 : 2fa91927668fb0b3a4da32722825e15080cb5c21SHA256: 9d7d948ef1329cc1db5fb77cbe9ed7bbf7d74cd8be1ad214689ebbe52a2267cbTrID : File type identification MS Flight Simulator Aircraft Performance Info (100.0%)ssdeep: 3:hl/n:rsigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned PEiD : -CWSandbox: http://research.sunbelt-software.com/partn...2ead4573a3a0861RDS : NSRL Reference Data Set -------------------------- En mode normal, pas de fenetre bleu apparu ComboFix 10-04-12.06 - Seb 13/04/2010 17:03:57.2.2 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.3067.2456 [GMT 2:00] Lancé depuis: c:\documents and settings\Seb\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\Seb\Bureau\CFScript.txt AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} FILE :: "c:\documents and settings\All Users\Application Data\pragmamfeklnmal.dll" . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\pragmamfeklnmal.dll . ---- Exécution préalable ------- . c:\windows\system32\bnis.mxo c:\windows\system32\drivers\aikhmtm.sys c:\windows\system32\Drivers\hkvcsfm.sys c:\windows\system32\Drivers\maysaj.sys c:\windows\system32\driVERs\suvgsw.sys c:\windows\system32\Drivers\yqnvoqnb.sys c:\windows\system32\PRAGMArxepttiqjd.log c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SSHNAS -------\Legacy_bndtkgxg -------\Legacy_jkueokw -------\Legacy_suvgsw -------\Legacy_ucfbbv -------\Legacy_vpubbuxe -------\Service_bndtkgxg -------\Service_jkueokw -------\Service_suvgsw -------\Service_ucfbbv -------\Service_vpubbuxe ((((((((((((((((((((((((((((( Fichiers créés du 2010-03-13 au 2010-04-13 )))))))))))))))))))))))))))))))))))) . 2010-04-13 15:03 . 2008-04-11 17:55 84240 ----a-r- c:\windows\system32\drivers\JMCR_2.sys 2010-04-13 11:33 . 2010-04-13 11:42 -------- d-----w- C:\Ad-Remover 2010-04-13 09:04 . 2010-04-13 09:04 -------- d-----w- c:\program files\trend micro 2010-04-13 09:04 . 2010-04-13 09:04 -------- d-----w- C:\rsit 2010-04-12 12:17 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-12 12:17 . 2010-04-12 12:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-12 12:17 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-12 10:35 . 2010-04-12 10:35 -------- d-----w- c:\documents and settings\Seb\Application Data\Malwarebytes 2010-04-12 10:35 . 2010-04-12 10:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-04-12 01:13 . 2010-04-12 01:13 -------- d-----w- c:\program files\CCleaner 2010-04-10 15:29 . 2010-04-10 15:29 -------- d-----w- c:\program files\MaxTV 2010-04-07 14:10 . 2010-04-07 14:12 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe 2010-04-07 14:10 . 2010-04-07 14:10 -------- d-----w- c:\documents and settings\Seb\Local Settings\Application Data\Identities 2010-04-07 14:10 . 2010-04-07 14:10 -------- d-----w- c:\documents and settings\Seb\Application Data\Windows Desktop Search 2010-04-07 14:09 . 2010-04-07 14:09 -------- d-----w- c:\program files\Windows Desktop Search 2010-04-07 14:09 . 2010-04-07 14:09 -------- d-----w- c:\windows\system32\GroupPolicy 2010-03-24 19:45 . 2010-03-24 19:54 5514304 ----a-w- c:\documents and settings\Seb\Application Data\TVU networks\AutoUpgrade\TVUPlayer2.5.2.2.exe 2010-03-18 18:49 . 2010-03-18 18:49 -------- d-----w- c:\documents and settings\All Users\Bunkspeed 2010-03-18 18:46 . 2010-03-18 18:46 45056 ----a-r- c:\documents and settings\Seb\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe 2010-03-18 18:46 . 2010-03-18 18:46 -------- d--h--w- c:\documents and settings\Seb\Application Data\FDBTemp 2010-03-18 18:37 . 2010-03-18 18:37 -------- d-----w- c:\program files\scripts 2010-03-18 18:37 . 2010-03-18 18:37 -------- d-----w- c:\program files\defaults 2010-03-18 18:37 . 2010-03-18 18:37 -------- d-----w- c:\program files\plugins 2010-03-18 18:37 . 2010-03-18 18:37 7749632 ----a-w- c:\program files\vray2009.dll 2010-03-18 18:37 . 2010-03-18 18:37 2875392 ----a-w- c:\program files\libmmd.dll 2010-03-18 18:37 . 2010-03-18 18:37 -------- d-----w- c:\program files\Chaos Group 2010-03-18 18:28 . 2005-09-16 15:28 1052672 ----a-w- c:\documents and settings\Seb\Application Data\Macromedia\Dreamweaver 8\Configuration\Flash Player\FlashPlayerW.dll 2010-03-18 18:24 . 2010-03-18 18:25 -------- d-----w- c:\program files\Fichiers communs\Macromedia 2010-03-18 18:24 . 2010-03-18 18:24 -------- d-----w- c:\program files\Macromedia 2010-03-14 16:11 . 2010-03-14 16:11 4370528 ----a-w- c:\documents and settings\Seb\Application Data\PPLive\PPTV\Update\PPTV_Update.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-13 15:13 . 2010-03-03 18:09 -------- d-----w- c:\documents and settings\Seb\Application Data\WTablet 2010-04-13 06:07 . 2009-05-09 08:18 -------- d-----w- c:\documents and settings\Seb\Application Data\Media Player 2010-04-12 20:08 . 2009-11-03 15:12 -------- d-----w- c:\documents and settings\Seb\Application Data\vlc 2010-04-12 18:21 . 2008-04-14 12:00 68608 ----a-w- c:\windows\system32\drivers\pci.sys 2010-04-12 01:16 . 2009-05-01 20:04 -------- d-----w- c:\documents and settings\Seb\Application Data\Azureus 2010-04-07 14:09 . 2008-04-14 12:00 95154 ----a-w- c:\windows\system32\perfc00C.dat 2010-04-07 14:09 . 2008-04-14 12:00 535788 ----a-w- c:\windows\system32\perfh00C.dat 2010-04-04 10:00 . 2009-05-01 10:11 -------- d-----w- c:\program files\McAfee 2010-04-01 22:58 . 2009-10-26 12:32 62919 ----a-w- c:\documents and settings\Seb\Application Data\Media Player\settings.dll 2010-03-24 20:39 . 2010-01-31 09:04 -------- d-----w- c:\program files\TVAnts 2010-03-24 19:45 . 2009-09-15 18:54 -------- d-----w- c:\documents and settings\Seb\Application Data\TVU networks 2010-03-18 18:42 . 2009-05-01 09:41 344656 ----a-w- c:\documents and settings\Seb\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-03-18 18:37 . 2010-03-18 18:37 125 ----a-w- c:\program files\plugin.ini 2010-03-18 17:32 . 2009-05-01 14:55 -------- d-----w- c:\program files\Autodesk 2010-03-09 16:56 . 2010-03-09 16:56 -------- d-----w- c:\documents and settings\Seb\Application Data\Corel 2010-03-09 16:53 . 2010-03-09 16:53 -------- d-----w- c:\program files\Corel 2010-03-09 16:40 . 2010-03-09 16:37 848 --sha-w- c:\windows\system32\KGyGaAvL.sys 2010-03-09 16:37 . 2010-03-09 16:37 8 --sh--r- c:\windows\system32\3669FDB406.sys 2010-03-08 21:44 . 2009-05-01 14:41 -------- d-----w- c:\program files\Unlocker 2010-03-05 02:38 . 2010-03-05 02:38 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles 2010-03-04 05:43 . 2009-12-04 05:58 152576 ----a-w- c:\documents and settings\Seb\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2010-03-04 05:43 . 2009-12-04 05:58 79488 ----a-w- c:\documents and settings\Seb\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2010-03-04 05:36 . 2010-03-04 05:36 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet 2010-03-03 18:09 . 2010-03-03 18:09 -------- d-----w- c:\program files\Tablet 2010-02-26 10:56 . 2009-05-23 22:08 -------- d-----w- c:\documents and settings\Seb\Application Data\dvdcss 2010-02-19 12:00 . 2009-07-18 14:11 -------- d-----w- c:\program files\SpeedFan 2010-02-09 23:48 . 2010-02-10 00:06 19163 ----a-w- c:\windows\system32\deltree.exe 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((( SnapShot@2010-04-13_12.16.43 ))))))))))))))))))))))))))))))))))))))))) . + 2010-04-13 15:13 . 2010-04-13 15:13 16384 c:\windows\Temp\Perflib_Perfdata_6e4.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay] @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}" [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] 2008-07-04 00:14 4232968 ----a-w- c:\program files\Protector Suite QL\farchns.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen] @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}" [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] 2008-07-04 00:14 4232968 ----a-w- c:\program files\Protector Suite QL\farchns.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "OrangePlayer"="c:\program files\orange\media player\Media Player.exe" [2009-09-05 319488] "PPAP"="c:\program files\Fichiers communs\PPLiveNetwork\PPAP.exe" [2010-02-04 173512] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2008-03-27 1208320] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000] "BisonHK"="c:\windows\BisonCam\BisonHK.exe" [2008-03-25 77824] "DeLay"="c:\windows\BisonCam\DeLay.exe" [2008-03-11 53248] "PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2008-07-03 49928] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008] "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-07 1176808] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 148888] "Belkin Storage Manager"="c:\program files\Belkin Storage Manager\StorageManager.exe" [2008-08-30 855040] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-19 13762560] "nwiz"="nwiz.exe" [2009-08-19 1657376] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-19 86016] "Malwarebytes Anti-Malware (rootkit-scan)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-29 1086856] "jswtrayutil"="c:\program files\NETGEAR\WN111v2\jswtrayutil.exe" [bU] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "OrangePlayer"="c:\program files\orange\media player\Media Player.exe" [2009-09-05 319488] c:\documents and settings\Seb\Menu D‚marrer\Programmes\D‚marrage\ MaxTV Recorder Manager.lnk - c:\program files\MaxTV\MaxTV4\task_scheduler.exe [2010-2-9 3429724] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872] HotKeyDriver.lnk - c:\program files\HotKey_Driver\HotKeyDriver.exe [2009-4-30 3633152] Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048] NETGEAR WN111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WN111v2\WN111V2.exe [2008-5-9 1474631] SketchBook Snapshot.lnk - c:\program files\Autodesk\SketchBookPro2010\SketchBookSnapshot.exe [2009-2-23 708608] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] WiziWYG XP Startup.lnk - c:\program files\Praxisoft\WiziWYG XP\WiziWYGXP.exe [2009-12-10 6029369] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2008-07-04 00:02 96008 ----a-w- c:\windows\system32\psqlpwd.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli psqlpwd [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\uusee\\UUSeePlayer.exe"= "c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"= "c:\\Program Files\\Autodesk\\Backburner\\manager.exe"= "c:\\Program Files\\Autodesk\\Backburner\\server.exe"= "c:\\Program Files\\Autodesk\\3ds Max 2010\\3dsmax.exe"= "c:\\Program Files\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32.exe"= "c:\\Program Files\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32server.exe"= "c:\\Program Files\\DMV\\MaxTV4\\core\\maxtv_xul.exe"= "c:\\Program Files\\DMV\\MaxTV4\\maxtv.exe"= "c:\\Program Files\\DMV\\MaxTV4\\recorder.exe"= "c:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"= "c:\\Program Files\\PPStream\\PPStream.exe"= "c:\\Program Files\\PPStream\\PPSAP.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Fichiers communs\\PPLiveNetwork\\PPAP.exe"= "c:\\Program Files\\PPLive\\PPTV\\PPLive.exe"= "c:\\Program Files\\PPLive\\PPTV\\PPLiveU.exe"= "c:\\Program Files\\PPLive\\PPVA\\PPLiveVA.exe"= "c:\\Program Files\\PPLive\\PPVA\\PPLiveVA_U.exe"= "c:\\Program Files\\PPLive\\PPVA\\FlvPick.exe"= "c:\\Program Files\\PPLive\\PPVA\\crashreporter.exe"= "c:\\Program Files\\PPLive\\PPVA\\PPVADownload.exe"= "c:\\Program Files\\PPLive\\PPVA\\DownloadProgress.exe"= "c:\\Program Files\\MaxTV\\MaxTV4\\maxtv.exe"= "c:\\Program Files\\MaxTV\\MaxTV4\\core\\maxtv_xul.exe"= "c:\\Program Files\\MaxTV\\MaxTV4\\recorder.exe"= "c:\\Program Files\\MaxTV\\MaxTV4\\task_scheduler.exe"= R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [19/03/2008 19:28 65536] R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [13/04/2009 11:51 86016] R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [03/03/2010 20:09 1373480] R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [30/04/2009 19:37 84240] R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [12/02/2008 18:05 57440] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [03/04/2008 14:56 56480] S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [24/07/2003 12:10 17149] S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe [27/02/2008 11:54 360547] S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [31/05/2008 14:46 434688] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] vvdsvc REG_MULTI_SZ vvdsvc . Contenu du dossier 'Tâches planifiées' 2009-10-14 c:\windows\Tasks\1 Copernic Intra-Daily ~SEB Seb.job - c:\program files\Copernic Agent\CopernicAgent.exe [2009-10-14 17:16] 2009-10-14 c:\windows\Tasks\2 Copernic Daily ~SEB Seb.job - c:\program files\Copernic Agent\CopernicAgent.exe [2009-10-14 17:16] 2009-10-14 c:\windows\Tasks\3 Copernic Weekly ~SEB Seb.job - c:\program files\Copernic Agent\CopernicAgent.exe [2009-10-14 17:16] 2009-10-14 c:\windows\Tasks\4 Copernic Monthly ~SEB Seb.job - c:\program files\Copernic Agent\CopernicAgent.exe [2009-10-14 17:16] 2010-03-15 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-01 11:22] 2010-03-01 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-01 11:22] 2010-04-13 c:\windows\Tasks\User_Feed_Synchronization-{8D00EE27-E11D-45D3-AFAF-68AF33D0F235}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 03:31] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = local IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Ajouter à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - c:\progra~1\COPERN~1\COPERN~1.DLL Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - c:\progra~1\COPERN~1\COPERN~1.DLL DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab DPF: {FD47E0E7-D528-4D72-9386-E608448119C6} - hxxp://www.superstarracing.net/miniclip/ChatRepublicPlayer.cab FF - ProfilePath - c:\documents and settings\Seb\Application Data\Mozilla\Firefox\Profiles\3g2z2wzd.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ FF - plugin: c:\documents and settings\Seb\Application Data\Mozilla\Firefox\Profiles\3g2z2wzd.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: c:\program files\Veetle\Player\npvlc.dll FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-13 17:13 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A432AC8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xb810cf28 \Driver\ACPI -> ACPI.sys @ 0xb7f7ecb8 \Driver\atapi -> atapi.sys @ 0xb7f36852 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 NDIS: Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xb7e2fbb0 PacketIndicateHandler -> NDIS.sys @ 0xb7e1ea0d SendHandler -> NDIS.sys @ 0xb7e32b40 user & kernel MBR OK ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(748) c:\windows\system32\vrlogon.dll c:\windows\system32\psqlpwd.dll c:\program files\Protector Suite QL\homefus2.dll c:\program files\Protector Suite QL\infql2.dll c:\program files\Protector Suite QL\homepass.dll c:\program files\Protector Suite QL\bio.dll c:\program files\Protector Suite QL\qlbase.dll c:\program files\Protector Suite QL\otp.dll c:\program files\Protector Suite QL\psqltray.dll - - - - - - - > 'lsass.exe'(808) c:\windows\system32\psqlpwd.dll c:\program files\Protector Suite QL\homefus2.dll c:\program files\Protector Suite QL\infql2.dll - - - - - - - > 'explorer.exe'(1168) c:\program files\Protector Suite QL\farchns.dll c:\program files\Protector Suite QL\infql2.dll c:\windows\system32\ieframe.dll c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\nvsvc32.exe c:\windows\system32\acs.exe c:\program files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe c:\program files\Java\jre6\bin\jqs.exe c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\progra~1\FICHIE~1\mcafee\mna\mcnasvc.exe c:\progra~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe c:\progra~1\McAfee\VIRUSS~1\mcshield.exe c:\program files\McAfee\MPF\MPFSrv.exe c:\windows\system32\PSIService.exe c:\windows\system32\SearchIndexer.exe c:\progra~1\mcafee.com\agent\mcagent.exe c:\windows\system32\wscntfy.exe c:\windows\system32\WTablet\Wacom_TabletUser.exe c:\windows\RTHDCPL.EXE c:\windows\system32\RUNDLL32.EXE c:\program files\Protector Suite QL\psqltray.exe c:\windows\system32\wbem\unsecapp.exe . ************************************************************************** . Heure de fin: 2010-04-13 17:20:53 - La machine a redémarré ComboFix-quarantined-files.txt 2010-04-13 15:20 Avant-CF: 286 313 922 560 octets libres Après-CF: 286 355 460 096 octets libres - - End Of File - - E6BFD350D69D81A949E8AC0565712370

AD REPORT SCAN . ======= RAPPORT D'AD-REMOVER 2.0.0.0,B | UNIQUEMENT XP/VISTA/7 ======= . Mis à jour par C_XX le 31/03/10 à 21:30 Contact: AdRemover.contact@gmail.com Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html . Lancé à: 13:33:56 le 13/04/2010 | Mode normal | Option: SCAN Exécuté de: C:\Ad-Remover\ADR.exe SE: Microsoft® Windows XP™ Service Pack 3 - X86 Nom du PC: SEB | Utilisateur actuel: Seb (Administrateur) . ============== ÉLÉMENT(S) TROUVÉ(S) ============== . Service: *ASKService* Service: *ASKUpgrade* . C:\Documents and Settings\Seb\Application Data\Mozilla\FireFox\Profiles\3g2z2wzd.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} C:\Documents and Settings\Seb\Application Data\Mozilla\FireFox\Profiles\3g2z2wzd.default\searchplugins\ask.xml C:\Program Files\AskBarDis C:\Program Files\Search Guard PlusU . HKCU\Software\AppDataLow\AskBarDis HKCU\Software\AskBarDis HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E451F25E-487D-4D19-9C76-E53DF91DBF47} HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201f27d4-3704-41d6-89c1-aa35e39143ed} HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041d03e-fd4b-44e0-b742-2d9b88305f98} HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201f27d4-3704-41d6-89c1-aa35e39143ed} HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041d03e-fd4b-44e0-b742-2d9b88305f98} HKLM\Software\AppDataLow\AskBarDis HKLM\Software\AskBarDis HKLM\Software\Classes\AskIBar.PopSwatterBarButton HKLM\Software\Classes\AskIBar.PopSwatterBarButton.1 HKLM\Software\Classes\AskIBar.PopSwatterSettingsControl HKLM\Software\Classes\AskIBar.PopSwatterSettingsControl.1 HKLM\Software\Classes\AskToolBar.SettingsPlugin HKLM\Software\Classes\AskToolBar.SettingsPlugin.1 HKLM\Software\Classes\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f} HKLM\Software\Classes\CLSID\{08993A7C-E764-4172-9627-BFB5EA6897B2} HKLM\Software\Classes\CLSID\{128A6C66-AC6A-4617-8268-AB7F47B7215E} HKLM\Software\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed} HKLM\Software\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98} HKLM\Software\Classes\CLSID\{571715D7-3395-4DF0-B43C-784836209E60} HKLM\Software\Classes\CLSID\{622fd888-4e91-4d68-84d4-7262fd0811bf} HKLM\Software\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b} HKLM\Software\Classes\Interface\{4634804A-F0B0-4A74-A550-FC0EEF8A4362} HKLM\Software\Classes\Interface\{4C07EA4F-5F52-4222-B170-4CD9ED33BAEA} HKLM\Software\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9} HKLM\Software\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742} HKLM\Software\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D} HKLM\Software\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150} HKLM\Software\Classes\TypeLib\{D2E5FA06-DCC7-46F9-BEFF-BFD06F69B9B2} HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook.1 HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E260AC53-FEBA-405d-A6CC-97B581E92283} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ask Toolbar_is1 HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{3041D03E-FD4B-44E0-B742-2D9B88305F98} HKLM\Software\Microsoft\Internet Explorer\Toolbar|{3041D03E-FD4B-44E0-B742-2D9B88305F98} . . ============== SCAN ADDITIONNEL ============== . * Mozilla FireFox Version 3.0.18 (fr) * . C:\Documents and Settings\Seb\..\3g2z2wzd.default\prefs.js - browser.download.lastDir: H:\\Master 2010\\Animal urbain\\01 RESSOURCES\\01 Cible\\04 Logique du Fast C:\Documents and Settings\Seb\..\3g2z2wzd.default\prefs.js - browser.search.selectedEngine: Ask C:\Documents and Settings\Seb\..\3g2z2wzd.default\prefs.js - browser.startup.homepage: hxxp://www.google.fr/ C:\Documents and Settings\Seb\..\3g2z2wzd.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.0.18 . . * Internet Explorer Version 8.0.6001.18702 * . [HKCU\Software\Microsoft\Internet Explorer\Main] . AutoHide: yes Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157 Do404Search: 0x01000000 Enable Browser Extensions: yes Local Page: C:\WINDOWS\system32\blank.htm Search bar: res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_BAND_SEARCHBAR_HTML Show_ToolBar: yes Start Page: hxxp://www.google.fr/ Start Page Restore: hxxp://search.babylon.com/home Use Custom Search URL: 1 . [HKLM\Software\Microsoft\Internet Explorer\Main] . Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157 Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Delete_Temp_Files_On_Exit: yes Local Page: C:\WINDOWS\system32\blank.htm Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157 . [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] . Tabs: res://ieframe.dll/tabswelcome.htm Blank: res://mshtml.dll/blank.htm . ============== SUSPECT(S) ============== . C:\Documents and Settings\Seb\Application Data\Azureus\torrents\Copernic Agent Professional v6.1.2.722 Serial.rar [mininova][1].torrent C:\Documents and Settings\Seb\Application Data\Azureus\torrents\[MONOVA.ORG] Bunkspeed HyperShot v1 5 17 Cracked 2008[1].torrent C:\Documents and Settings\Seb\Application Data\Azureus\torrents\[MONOVA.ORG] Bunkspeed HyperShot v1 5 17 Cracked-iNViSiBLE NEW[1].torrent C:\Documents and Settings\Seb\Application Data\Azureus\torrents\[MONOVA.ORG] Bunkspeed HyperShot v1.5.17 Cracked 2008[1].torrent C:\Documents and Settings\Seb\Application Data\Azureus\torrents\_[MONOVA.ORG] Bunkspeed HyperShot v1 5 17 Cracked-iNViSiBLE NEW[1].torrent C:\Documents and Settings\Seb\Favoris\Download\Cracks Serials Keygens.url C:\Documents and Settings\Seb\Favoris\Download\Serials & keys - unlocks the world.url C:\Documents and Settings\Seb\Mes documents\Azureus Downloads\Bunkspeed.HyperShot.v1.5.17.Cracked-iNViSiBLE NEW.rar C:\Documents and Settings\Seb\Mes documents\Azureus Downloads\Bunkspeed.HyperShot.v1.5.17.Cracked-iNViSiBLE.zip C:\Documents and Settings\Seb\Mes documents\DL\Blacksun X Fonter v6 4 [h33t] [pmsyb]\X -Fonter v6 4\X -Fonter v6 4\crack\X-Fonter.exe C:\Documents and Settings\Seb\Mes documents\DL\Blacksun X Fonter v6 4 [h33t] [pmsyb]\X-Fonter v6.3\X-Fonter.6.3\X-Fonter 6.3\crack.X-Fonter.6.3\X-Fonter.exe C:\Documents and Settings\Seb\Mes documents\DL\Blacksun X Fonter v6 4 [h33t] [pmsyb]-1\X-Fonter v6.3\X-Fonter.6.3\X-Fonter 6.3\crack.X-Fonter.6.3\X-Fonter.exe . ======================================== . C:\DOCUME~1\Seb\LOCALS~1\Temp: 86 Fichier(s), 10 Dossier(s) C:\WINDOWS\temp: 19 Fichier(s), 171 Dossier(s) Temporary Internet Files: 1921 Fichier(s), 16 Dossier(s) . C:\Ad-Remover\Quarantine: 0 Fichier(s) C:\Ad-Remover\Backup: 1 Fichier(s) . C:\Ad-Report-SCAN[1].txt - 6909 Octet(s) . Fin à: 13:38:11, 13/04/2010 . ============== E.O.F - SCAN[1] ============== -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- AD REPORT CLEAN . ======= RAPPORT D'AD-REMOVER 2.0.0.0,B | UNIQUEMENT XP/VISTA/7 ======= . Mis à jour par C_XX le 31/03/10 à 21:30 Contact: AdRemover.contact@gmail.com Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html . Lancé à: 13:38:37 le 13/04/2010 | Mode normal | Option: CLEAN Exécuté de: C:\Ad-Remover\ADR.exe SE: Microsoft® Windows XP™ Service Pack 3 - X86 Nom du PC: SEB | Utilisateur actuel: Seb (Administrateur) . ============== ÉLÉMENT(S) NEUTRALISÉ(S) ============== . Service: *ASKService* Service: *ASKUpgrade* . C:\Documents and Settings\Seb\Application Data\Mozilla\FireFox\Profiles\3g2z2wzd.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} C:\Documents and Settings\Seb\Application Data\Mozilla\FireFox\Profiles\3g2z2wzd.default\searchplugins\ask.xml C:\Program Files\AskBarDis C:\Program Files\Search Guard PlusU (!) -- Fichiers temporaires supprimés. . HKCU\Software\AppDataLow\AskBarDis HKCU\Software\AskBarDis HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E451F25E-487D-4D19-9C76-E53DF91DBF47} HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201f27d4-3704-41d6-89c1-aa35e39143ed} HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041d03e-fd4b-44e0-b742-2d9b88305f98} HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201f27d4-3704-41d6-89c1-aa35e39143ed} HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041d03e-fd4b-44e0-b742-2d9b88305f98} HKLM\Software\AppDataLow\AskBarDis HKLM\Software\AskBarDis HKLM\Software\Classes\AskIBar.PopSwatterBarButton HKLM\Software\Classes\AskIBar.PopSwatterBarButton.1 HKLM\Software\Classes\AskIBar.PopSwatterSettingsControl HKLM\Software\Classes\AskIBar.PopSwatterSettingsControl.1 HKLM\Software\Classes\AskToolBar.SettingsPlugin HKLM\Software\Classes\AskToolBar.SettingsPlugin.1 HKLM\Software\Classes\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f} HKLM\Software\Classes\CLSID\{08993A7C-E764-4172-9627-BFB5EA6897B2} HKLM\Software\Classes\CLSID\{128A6C66-AC6A-4617-8268-AB7F47B7215E} HKLM\Software\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed} HKLM\Software\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98} HKLM\Software\Classes\CLSID\{571715D7-3395-4DF0-B43C-784836209E60} HKLM\Software\Classes\CLSID\{622fd888-4e91-4d68-84d4-7262fd0811bf} HKLM\Software\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b} HKLM\Software\Classes\Interface\{4634804A-F0B0-4A74-A550-FC0EEF8A4362} HKLM\Software\Classes\Interface\{4C07EA4F-5F52-4222-B170-4CD9ED33BAEA} HKLM\Software\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9} HKLM\Software\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742} HKLM\Software\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D} HKLM\Software\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150} HKLM\Software\Classes\TypeLib\{D2E5FA06-DCC7-46F9-BEFF-BFD06F69B9B2} HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook.1 HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E260AC53-FEBA-405d-A6CC-97B581E92283} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ask Toolbar_is1 HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{3041D03E-FD4B-44E0-B742-2D9B88305F98} HKLM\Software\Microsoft\Internet Explorer\Toolbar|{3041D03E-FD4B-44E0-B742-2D9B88305F98} . (Orpheline) HKCU,Run - PPLiveVA - C:\Program Files\PPLive\PPVA\PPLiveVA.exe /LoadModule PPVA.DLL (Fichier manquant) . ============== SCAN ADDITIONNEL ============== . * Mozilla FireFox Version 3.0.18 (fr) * . C:\Documents and Settings\Seb\..\3g2z2wzd.default\prefs.js - browser.download.lastDir: H:\\Master 2010\\Animal urbain\\01 RESSOURCES\\01 Cible\\04 Logique du Fast C:\Documents and Settings\Seb\..\3g2z2wzd.default\prefs.js - browser.search.selectedEngine: Ask C:\Documents and Settings\Seb\..\3g2z2wzd.default\prefs.js - browser.startup.homepage: hxxp://www.google.fr/ C:\Documents and Settings\Seb\..\3g2z2wzd.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.0.18 . . * Internet Explorer Version 8.0.6001.18702 * . [HKCU\Software\Microsoft\Internet Explorer\Main] . AutoHide: yes Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Do404Search: 0x01000000 Enable Browser Extensions: yes Local Page: C:\WINDOWS\system32\blank.htm Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896 Show_ToolBar: yes Start Page: hxxp://fr.msn.com/ Use Custom Search URL: 1 . [HKLM\Software\Microsoft\Internet Explorer\Main] . Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Delete_Temp_Files_On_Exit: yes Local Page: C:\WINDOWS\system32\blank.htm Search bar: hxxp://search.msn.com/spbasic.htm Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Start Page: hxxp://fr.msn.com/ . [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] . Tabs: res://ieframe.dll/tabswelcome.htm Blank: res://mshtml.dll/blank.htm . ============== SUSPECT(S) ============== . C:\Documents and Settings\Seb\Application Data\Azureus\torrents\Copernic Agent Professional v6.1.2.722 Serial.rar [mininova][1].torrent C:\Documents and Settings\Seb\Application Data\Azureus\torrents\[MONOVA.ORG] Bunkspeed HyperShot v1 5 17 Cracked 2008[1].torrent C:\Documents and Settings\Seb\Application Data\Azureus\torrents\[MONOVA.ORG] Bunkspeed HyperShot v1 5 17 Cracked-iNViSiBLE NEW[1].torrent C:\Documents and Settings\Seb\Application Data\Azureus\torrents\[MONOVA.ORG] Bunkspeed HyperShot v1.5.17 Cracked 2008[1].torrent C:\Documents and Settings\Seb\Application Data\Azureus\torrents\_[MONOVA.ORG] Bunkspeed HyperShot v1 5 17 Cracked-iNViSiBLE NEW[1].torrent C:\Documents and Settings\Seb\Favoris\Download\Cracks Serials Keygens.url C:\Documents and Settings\Seb\Favoris\Download\Serials & keys - unlocks the world.url C:\Documents and Settings\Seb\Mes documents\Azureus Downloads\Bunkspeed.HyperShot.v1.5.17.Cracked-iNViSiBLE NEW.rar C:\Documents and Settings\Seb\Mes documents\Azureus Downloads\Bunkspeed.HyperShot.v1.5.17.Cracked-iNViSiBLE.zip C:\Documents and Settings\Seb\Mes documents\DL\Blacksun X Fonter v6 4 [h33t] [pmsyb]\X -Fonter v6 4\X -Fonter v6 4\crack\X-Fonter.exe C:\Documents and Settings\Seb\Mes documents\DL\Blacksun X Fonter v6 4 [h33t] [pmsyb]\X-Fonter v6.3\X-Fonter.6.3\X-Fonter 6.3\crack.X-Fonter.6.3\X-Fonter.exe C:\Documents and Settings\Seb\Mes documents\DL\Blacksun X Fonter v6 4 [h33t] [pmsyb]-1\X-Fonter v6.3\X-Fonter.6.3\X-Fonter 6.3\crack.X-Fonter.6.3\X-Fonter.exe . ======================================== . C:\DOCUME~1\Seb\LOCALS~1\Temp: 4 Fichier(s), 10 Dossier(s) C:\WINDOWS\temp: 8 Fichier(s), 172 Dossier(s) Temporary Internet Files: 2 Fichier(s), 16 Dossier(s) . C:\Ad-Remover\Quarantine: 1 Fichier(s) C:\Ad-Remover\Backup: 14 Fichier(s) . C:\Ad-Report-CLEAN[1].txt - 7142 Octet(s) C:\Ad-Report-SCAN[1].txt - 7033 Octet(s) . Fin à: 13:42:59, 13/04/2010 . ============== E.O.F - CLEAN[1] ============== ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- COMBOFIX ComboFix 10-04-12.06 - Seb 13/04/2010 13:59:56.1.2 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.3067.2499 [GMT 2:00] Lancé depuis: C:\Documents and Settings\Seb\Bureau\ComboFix.exe AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\bnis.mxo c:\windows\system32\drivers\aikhmtm.sys C:\WINDOWS\system32\Drivers\hkvcsfm.sys C:\WINDOWS\system32\Drivers\maysaj.sys c:\windows\system32\driVERs\suvgsw.sys C:\WINDOWS\system32\Drivers\yqnvoqnb.sys C:\WINDOWS\system32\PRAGMArxepttiqjd.log C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SSHNAS -------\Legacy_bndtkgxg -------\Legacy_jkueokw -------\Legacy_suvgsw -------\Legacy_ucfbbv -------\Legacy_vpubbuxe -------\Service_bndtkgxg -------\Service_jkueokw -------\Service_suvgsw -------\Service_ucfbbv -------\Service_vpubbuxe ((((((((((((((((((((((((((((( Fichiers créés du 2010-03-13 au 2010-04-13 )))))))))))))))))))))))))))))))))))) . 2010-04-13 11:33:38 . 2010-04-13 11:42:49 -------- d-----w- C:\Ad-Remover 2010-04-13 09:04:19 . 2010-04-13 09:04:51 -------- d-----w- C:\Program Files\trend micro 2010-04-13 09:04:18 . 2010-04-13 09:04:28 -------- d-----w- C:\rsit 2010-04-12 12:17:23 . 2010-03-29 22:46:30 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2010-04-12 12:17:21 . 2010-04-12 12:17:27 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware 2010-04-12 12:17:21 . 2010-03-29 22:45:52 20824 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys 2010-04-12 10:35:58 . 2010-04-12 10:35:58 -------- d-----w- C:\Documents and Settings\Seb\Application Data\Malwarebytes 2010-04-12 10:35:44 . 2010-04-12 10:35:44 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2010-04-12 01:13:36 . 2010-04-12 01:13:36 -------- d-----w- C:\Program Files\CCleaner 2010-04-12 00:48:11 . 2010-04-12 00:48:11 1192 ----a-w- C:\Documents and Settings\All Users\Application Data\pragmamfeklnmal.dll 2010-04-10 15:29:17 . 2010-04-10 15:29:17 -------- d-----w- C:\Program Files\MaxTV 2010-04-07 14:10:26 . 2010-04-07 14:12:17 -------- d-----w- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe 2010-04-07 14:10:22 . 2010-04-07 14:10:22 -------- d-----w- C:\Documents and Settings\Seb\Local Settings\Application Data\Identities 2010-04-07 14:10:20 . 2010-04-07 14:10:20 -------- d-----w- C:\Documents and Settings\Seb\Application Data\Windows Desktop Search 2010-04-07 14:09:44 . 2010-04-07 14:09:45 -------- d-----w- C:\Program Files\Windows Desktop Search 2010-04-07 14:09:44 . 2010-04-07 14:09:44 -------- d-----w- C:\WINDOWS\system32\GroupPolicy 2010-03-24 19:45:52 . 2010-03-24 19:54:50 5514304 ----a-w- C:\Documents and Settings\Seb\Application Data\TVU networks\AutoUpgrade\TVUPlayer2.5.2.2.exe 2010-03-18 18:49:40 . 2010-03-18 18:49:40 -------- d-----w- C:\Documents and Settings\All Users\Bunkspeed 2010-03-18 18:46:16 . 2010-03-18 18:46:16 45056 ----a-r- C:\Documents and Settings\Seb\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe 2010-03-18 18:46:14 . 2010-03-18 18:46:24 -------- d--h--w- C:\Documents and Settings\Seb\Application Data\FDBTemp 2010-03-18 18:37:12 . 2010-03-18 18:37:12 -------- d-----w- C:\Program Files\scripts 2010-03-18 18:37:12 . 2010-03-18 18:37:12 -------- d-----w- C:\Program Files\defaults 2010-03-18 18:37:11 . 2010-03-18 18:37:11 -------- d-----w- C:\Program Files\plugins 2010-03-18 18:37:10 . 2010-03-18 18:37:11 7749632 ----a-w- C:\Program Files\vray2009.dll 2010-03-18 18:37:10 . 2010-03-18 18:37:10 2875392 ----a-w- C:\Program Files\libmmd.dll 2010-03-18 18:37:10 . 2010-03-18 18:37:10 -------- d-----w- C:\Program Files\Chaos Group 2010-03-18 18:28:12 . 2005-09-16 15:28:22 1052672 ----a-w- C:\Documents and Settings\Seb\Application Data\Macromedia\Dreamweaver 8\Configuration\Flash Player\FlashPlayerW.dll 2010-03-18 18:24:29 . 2010-03-18 18:25:51 -------- d-----w- C:\Program Files\Fichiers communs\Macromedia 2010-03-18 18:24:29 . 2010-03-18 18:24:46 -------- d-----w- C:\Program Files\Macromedia 2010-03-14 16:11:44 . 2010-03-14 16:11:44 4370528 ----a-w- C:\Documents and Settings\Seb\Application Data\PPLive\PPTV\Update\PPTV_Update.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-13 12:14:12 . 2010-03-03 18:09:42 -------- d-----w- C:\Documents and Settings\Seb\Application Data\WTablet 2010-04-13 06:07:28 . 2009-05-09 08:18:52 -------- d-----w- C:\Documents and Settings\Seb\Application Data\Media Player 2010-04-12 20:08:07 . 2009-11-03 15:12:50 -------- d-----w- C:\Documents and Settings\Seb\Application Data\vlc 2010-04-12 18:21:57 . 2008-04-14 12:00:00 68608 ----a-w- C:\WINDOWS\system32\drivers\pci.sys 2010-04-12 01:16:26 . 2009-05-01 20:04:45 -------- d-----w- C:\Documents and Settings\Seb\Application Data\Azureus 2010-04-07 14:09:49 . 2008-04-14 12:00:00 95154 ----a-w- C:\WINDOWS\system32\perfc00C.dat 2010-04-07 14:09:49 . 2008-04-14 12:00:00 535788 ----a-w- C:\WINDOWS\system32\perfh00C.dat 2010-04-04 10:00:05 . 2009-05-01 10:11:04 -------- d-----w- C:\Program Files\McAfee 2010-04-01 22:58:15 . 2009-10-26 12:32:55 62919 ----a-w- C:\Documents and Settings\Seb\Application Data\Media Player\settings.dll 2010-03-24 20:39:14 . 2010-01-31 09:04:37 -------- d-----w- C:\Program Files\TVAnts 2010-03-24 19:45:52 . 2009-09-15 18:54:47 -------- d-----w- C:\Documents and Settings\Seb\Application Data\TVU networks 2010-03-18 18:42:01 . 2009-05-01 09:41:12 344656 ----a-w- C:\Documents and Settings\Seb\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-03-18 18:37:12 . 2010-03-18 18:37:12 125 ----a-w- C:\Program Files\plugin.ini 2010-03-18 17:32:50 . 2009-05-01 14:55:28 -------- d-----w- C:\Program Files\Autodesk 2010-03-09 16:56:13 . 2010-03-09 16:56:13 -------- d-----w- C:\Documents and Settings\Seb\Application Data\Corel 2010-03-09 16:53:47 . 2010-03-09 16:53:47 -------- d-----w- C:\Program Files\Corel 2010-03-09 16:40:02 . 2010-03-09 16:37:23 848 --sha-w- C:\WINDOWS\system32\KGyGaAvL.sys 2010-03-09 16:37:23 . 2010-03-09 16:37:23 8 --sh--r- C:\WINDOWS\system32\3669FDB406.sys 2010-03-08 21:44:59 . 2009-05-01 14:41:21 -------- d-----w- C:\Program Files\Unlocker 2010-03-05 02:38:29 . 2010-03-05 02:38:29 -------- d-----w- C:\Documents and Settings\All Users\Application Data\nView_Profiles 2010-03-04 05:43:25 . 2009-12-04 05:58:59 152576 ----a-w- C:\Documents and Settings\Seb\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2010-03-04 05:43:14 . 2009-12-04 05:58:53 79488 ----a-w- C:\Documents and Settings\Seb\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2010-03-04 05:36:22 . 2010-03-04 05:36:21 -------- d-----w- C:\Documents and Settings\LocalService\Application Data\WTablet 2010-03-03 18:09:26 . 2010-03-03 18:09:03 -------- d-----w- C:\Program Files\Tablet 2010-02-26 10:56:14 . 2009-05-23 22:08:09 -------- d-----w- C:\Documents and Settings\Seb\Application Data\dvdcss 2010-02-19 12:00:52 . 2009-07-18 14:11:30 -------- d-----w- C:\Program Files\SpeedFan 2010-02-09 23:48:37 . 2010-02-10 00:06:11 19163 ----a-w- C:\WINDOWS\system32\deltree.exe 2009-05-01 21:02:48 . 2009-05-01 21:02:48 1044480 ----a-w- C:\Program Files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02:48 . 2009-05-01 21:02:48 200704 ----a-w- C:\Program Files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay] @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}" [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] 2008-07-04 00:14:44 4232968 ----a-w- C:\Program Files\Protector Suite QL\farchns.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen] @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}" [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] 2008-07-04 00:14:44 4232968 ----a-w- C:\Program Files\Protector Suite QL\farchns.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 15:44:52 3883856] "OrangePlayer"="c:\program files\orange\media player\Media Player.exe" [2009-09-05 15:29:50 319488] "PPAP"="C:\Program Files\Fichiers communs\PPLiveNetwork\PPAP.exe" [2010-02-04 05:37:26 173512] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 12:00:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16:52:00 16861184] "SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2008-03-27 11:43:32 1208320] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 17:20:56 1024000] "BisonHK"="C:\WINDOWS\BisonCam\BisonHK.exe" [2008-03-25 13:46:32 77824] "DeLay"="C:\WINDOWS\BisonCam\DeLay.exe" [2008-03-11 15:08:50 53248] "PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" [2008-07-03 23:40:48 49928] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2009-10-29 05:54:44 1218008] "McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2009-07-07 19:02:26 1176808] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 13:57:48 282624] "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2009-10-26 07:33:41 15872] "Adobe Acrobat Speed Launcher"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 00:25:18 37232] "Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 20:43:26 640376] "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-07-25 10:19:47 148888] "Belkin Storage Manager"="C:\Program Files\Belkin Storage Manager\StorageManager.exe" [2008-08-30 00:37:22 855040] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2009-08-19 14:40:44 13762560] "nwiz"="nwiz.exe" [2009-08-19 14:41:40 1657376] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2009-08-19 14:40:46 86016] "Malwarebytes Anti-Malware (rootkit-scan)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-29 22:46:02 1086856] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 12:00:00 15360] "OrangePlayer"="c:\program files\orange\media player\Media Player.exe" [2009-09-05 15:29:50 319488] C:\Documents and Settings\Seb\Menu D‚marrer\Programmes\D‚marrage\ MaxTV Recorder Manager.lnk - C:\Program Files\MaxTV\MaxTV4\task_scheduler.exe [2010-2-9 3429724] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872] HotKeyDriver.lnk - C:\Program Files\HotKey_Driver\HotKeyDriver.exe [2009-4-30 3633152] Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048] NETGEAR WN111v2 Smart Wizard.lnk - C:\Program Files\NETGEAR\WN111v2\WN111V2.exe [2008-5-9 1474631] SketchBook Snapshot.lnk - C:\Program Files\Autodesk\SketchBookPro2010\SketchBookSnapshot.exe [2009-2-23 708608] Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] WiziWYG XP Startup.lnk - C:\Program Files\Praxisoft\WiziWYG XP\WiziWYGXP.exe [2009-12-10 6029369] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 20:19:02 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2008-07-04 00:02:34 96008 ----a-w- C:\WINDOWS\system32\psqlpwd.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli psqlpwd [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"= "C:\\Program Files\\uusee\\UUSeePlayer.exe"= "C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"= "C:\\Program Files\\Autodesk\\Backburner\\manager.exe"= "C:\\Program Files\\Autodesk\\Backburner\\server.exe"= "C:\\Program Files\\Autodesk\\3ds Max 2010\\3dsmax.exe"= "C:\\Program Files\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32.exe"= "C:\\Program Files\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32server.exe"= "C:\\Program Files\\DMV\\MaxTV4\\core\\maxtv_xul.exe"= "C:\\Program Files\\DMV\\MaxTV4\\maxtv.exe"= "C:\\Program Files\\DMV\\MaxTV4\\recorder.exe"= "C:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"= "C:\\Program Files\\PPStream\\PPStream.exe"= "C:\\Program Files\\PPStream\\PPSAP.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Fichiers communs\\PPLiveNetwork\\PPAP.exe"= "C:\\Program Files\\PPLive\\PPTV\\PPLive.exe"= "C:\\Program Files\\PPLive\\PPTV\\PPLiveU.exe"= "C:\\Program Files\\PPLive\\PPVA\\PPLiveVA.exe"= "C:\\Program Files\\PPLive\\PPVA\\PPLiveVA_U.exe"= "C:\\Program Files\\PPLive\\PPVA\\FlvPick.exe"= "C:\\Program Files\\PPLive\\PPVA\\crashreporter.exe"= "C:\\Program Files\\PPLive\\PPVA\\PPVADownload.exe"= "C:\\Program Files\\PPLive\\PPVA\\DownloadProgress.exe"= "C:\\Program Files\\MaxTV\\MaxTV4\\maxtv.exe"= "C:\\Program Files\\MaxTV\\MaxTV4\\core\\maxtv_xul.exe"= "C:\\Program Files\\MaxTV\\MaxTV4\\recorder.exe"= "C:\\Program Files\\MaxTV\\MaxTV4\\task_scheduler.exe"= R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [19/03/2008 19:28:56 65536] R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [13/04/2009 11:51:34 86016] R2 TabletServiceWacom;TabletServiceWacom;C:\WINDOWS\system32\Wacom_Tablet.exe [03/03/2010 20:09:11 1373480] R3 JMCR;JMCR;C:\WINDOWS\system32\drivers\jmcr.sys [30/04/2009 19:37:13 84240] R3 JSWSCIMD;jswscimd Service;C:\WINDOWS\system32\drivers\jswscimd.sys [12/02/2008 18:05:00 57440] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\WINDOWS\system32\drivers\nvhda32.sys [03/04/2008 14:56:00 56480] S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.sys [24/07/2003 12:10:34 17149] S3 jswpsapi;Jumpstart Wifi Protected Setup;C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe [27/02/2008 11:54:52 360547] S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;C:\WINDOWS\system32\drivers\WN111v2.sys [31/05/2008 14:46:00 434688] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] vvdsvc REG_MULTI_SZ vvdsvc . Contenu du dossier 'Tâches planifiées' 2009-10-14 C:\WINDOWS\Tasks\1 Copernic Intra-Daily ~SEB Seb.job - C:\Program Files\Copernic Agent\CopernicAgent.exe [2009-10-14 13:58:03 . 2004-12-02 17:16:56] 2009-10-14 C:\WINDOWS\Tasks\2 Copernic Daily ~SEB Seb.job - C:\Program Files\Copernic Agent\CopernicAgent.exe [2009-10-14 13:58:03 . 2004-12-02 17:16:56] 2009-10-14 C:\WINDOWS\Tasks\3 Copernic Weekly ~SEB Seb.job - C:\Program Files\Copernic Agent\CopernicAgent.exe [2009-10-14 13:58:03 . 2004-12-02 17:16:56] 2009-10-14 C:\WINDOWS\Tasks\4 Copernic Monthly ~SEB Seb.job - C:\Program Files\Copernic Agent\CopernicAgent.exe [2009-10-14 13:58:03 . 2004-12-02 17:16:56] 2010-03-15 C:\WINDOWS\Tasks\McDefragTask.job - c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2009-05-01 10:11:24 . 2009-09-25 11:22:14] 2010-03-01 C:\WINDOWS\Tasks\McQcTask.job - c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2009-05-01 10:11:24 . 2009-09-25 11:22:14] 2010-04-13 C:\WINDOWS\Tasks\User_Feed_Synchronization-{8D00EE27-E11D-45D3-AFAF-68AF33D0F235}.job - C:\WINDOWS\system32\msfeedssync.exe [2009-03-08 03:31:54 . 2009-03-08 03:31:54] . . ------- Examen supplémentaire ------- . uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = local IE: Ajouter la cible du lien à un fichier PDF existant - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Ajouter à un fichier PDF existant - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir au format Adobe PDF - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la cible du lien au format Adobe PDF - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab DPF: {FD47E0E7-D528-4D72-9386-E608448119C6} - hxxp://www.superstarracing.net/miniclip/ChatRepublicPlayer.cab FF - ProfilePath - C:\Documents and Settings\Seb\Application Data\Mozilla\Firefox\Profiles\3g2z2wzd.default\ FF - prefs.js: browser.search.selectedEngine - Ask FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ FF - plugin: C:\Documents and Settings\Seb\Application Data\Mozilla\Firefox\Profiles\3g2z2wzd.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll FF - plugin: C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Program Files\Veetle\Player\npvlc.dll FF - plugin: C:\Program Files\Veetle\plugins\npVeetle.dll FF - plugin: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll . . ------- Associations de fichier ------- . .txt= . - - - - ORPHELINS SUPPRIMES - - - - HKLM-Run-jswtrayutil - C:\Program Files\NETGEAR\WN111v2\jswtrayutil.exe AddRemove-V-Ray for 3dsmax 2009 for x86 - C:\Program Files\Chaos Group\V-Ray\3dsmax 2009 for x86\uninstall\wininstaller.exe-uninstall=C:\Program Files\Chaos Group\V-Ray\3dsmax 2009 for x86\uninstall\install.log

Bonjour,vraiment merci pour votre aide. Impresionnant sur Rsit,ça decortique tout mon ordi Askbar et Protector suite toujours là, c'est chiant ces merdes ------------- RSIT log Logfile of random's system information tool 1.06 (written by random/random) Run by Seb at 2010-04-13 11:04:50 Microsoft Windows XP Édition familiale Service Pack 3 System drive C: has 273 GB (89%) free of 305 GB Total RAM: 3067 MB (79% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:04:51, on 13/04/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\AskBarDis\bar\bin\AskService.exe C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Wacom_Tablet.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe C:\WINDOWS\system32\Wacom_Tablet.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\BisonCam\BisonHK.exe C:\WINDOWS\BisonCam\DeLay.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Belkin Storage Manager\StorageManager.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\qtplugin.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HotKey_Driver\HotKeyDriver.exe C:\Program Files\NETGEAR\WN111v2\WN111V2.exe C:\Program Files\Autodesk\SketchBookPro2010\SketchBookSnapshot.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\MaxTV\MaxTV4\task_scheduler.exe C:\Program Files\Protector Suite QL\psqltray.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\PPLiveNetwork\PPAP.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Documents and Settings\Seb\Bureau\RSIT.exe C:\Program Files\trend micro\Seb.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_BAND_SEARCHBAR_HTML R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe bnis.mxo yfklng O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [bisonHK] C:\WINDOWS\BisonCam\BisonHK.exe O4 - HKLM\..\Run: [DeLay] C:\WINDOWS\BisonCam\DeLay.exe O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [belkin Storage Manager] "C:\Program Files\Belkin Storage Manager\StorageManager.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (rootkit-scan)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\NETGEAR\WN111v2\jswtrayutil.exe" O4 - HKLM\..\Run: [ewrgetuj] C:\DOCUME~1\Seb\LOCALS~1\Temp\geurge.exe O4 - HKLM\..\Run: [RegistryMonitor1] C:\WINDOWS\system32\qtplugin.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [OrangePlayer] c:\program files\orange\media player\Media Player.exe /systray O4 - HKCU\..\Run: [PPAP] "C:\Program Files\Fichiers communs\PPLiveNetwork\PPAP.exe" -background O4 - HKCU\..\Run: [PPLiveVA] C:\Program Files\PPLive\PPVA\PPLiveVA.exe /LoadModule PPVA.DLL /M REAL /S 0 /T 0 O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.shockplay.com/WWW3/MISC/Start.asp" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [OrangePlayer] c:\program files\orange\media player\Media Player.exe /systray (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: MaxTV Recorder Manager.lnk = C:\Program Files\MaxTV\MaxTV4\task_scheduler.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: HotKeyDriver.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: NETGEAR WN111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111v2\WN111V2.exe O4 - Global Startup: SketchBook Snapshot.lnk = C:\Program Files\Autodesk\SketchBookPro2010\SketchBookSnapshot.exe O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O4 - Global Startup: WiziWYG XP Startup.lnk = C:\Program Files\Praxisoft\WiziWYG XP\WiziWYGXP.exe O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlcdnet.asus.com/pub/ASUS/misc/dlm-...vex-2.2.5.0.cab O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-27-0.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {FD47E0E7-D528-4D72-9386-E608448119C6} - http://www.superstarracing.net/miniclip/Ch...ublicPlayer.cab O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit (mi-raysat_3dsmax2010_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe -- End of file - 13130 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\1 Copernic Intra-Daily ~SEB Seb.job C:\WINDOWS\tasks\2 Copernic Daily ~SEB Seb.job C:\WINDOWS\tasks\3 Copernic Weekly ~SEB Seb.job C:\WINDOWS\tasks\4 Copernic Monthly ~SEB Seb.job C:\WINDOWS\tasks\McDefragTask.job C:\WINDOWS\tasks\McQcTask.job C:\WINDOWS\tasks\User_Feed_Synchronization-{8D00EE27-E11D-45D3-AFAF-68AF33D0F235}.job C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480] {3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-04-10 16861184] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632] "SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2008-03-27 1208320] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-12-06 1024000] "BisonHK"=C:\WINDOWS\BisonCam\BisonHK.exe [2008-03-25 77824] "DeLay"=C:\WINDOWS\BisonCam\DeLay.exe [2008-03-11 53248] "PSQLLauncher"=C:\Program Files\Protector Suite QL\launcher.exe [2008-07-04 49928] "mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-10-29 1218008] "McENUI"=C:\PROGRA~1\McAfee\MHN\McENUI.exe [2009-07-07 1176808] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624] "UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2009-10-26 15872] "Adobe Acrobat Speed Launcher"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2008-06-12 37232] ""= [] "Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2008-06-11 640376] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 148888] "Belkin Storage Manager"=C:\Program Files\Belkin Storage Manager\StorageManager.exe [2008-08-30 855040] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-08-19 13762560] "nwiz"=nwiz.exe /installquiet [] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-08-19 86016] "Malwarebytes Anti-Malware (rootkit-scan)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-03-30 1086856] "jswtrayutil"=C:\Program Files\NETGEAR\WN111v2\jswtrayutil.exe [] "ewrgetuj"=C:\DOCUME~1\Seb\LOCALS~1\Temp\geurge.exe [] "RegistryMonitor1"=C:\WINDOWS\system32\qtplugin.exe [2010-04-12 481280] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856] "OrangePlayer"=c:\program files\orange\media player\Media Player.exe [2009-09-05 319488] "PPAP"=C:\Program Files\Fichiers communs\PPLiveNetwork\PPAP.exe [2010-02-04 173512] "PPLiveVA"=C:\Program Files\PPLive\PPVA\PPLiveVA.exe [2009-12-30 71152] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Shockwave Updater"=C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150596.exe [2009-04-29 468408] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe HotKeyDriver.lnk - C:\Program Files\HotKey_Driver\HotKeyDriver.exe Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe NETGEAR WN111v2 Smart Wizard.lnk - C:\Program Files\NETGEAR\WN111v2\WN111V2.exe SketchBook Snapshot.lnk - C:\Program Files\Autodesk\SketchBookPro2010\SketchBookSnapshot.exe Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe WiziWYG XP Startup.lnk - C:\Program Files\Praxisoft\WiziWYG XP\WiziWYGXP.exe C:\Documents and Settings\Seb\Menu Démarrer\Programmes\Démarrage MaxTV Recorder Manager.lnk - C:\Program Files\MaxTV\MaxTV4\task_scheduler.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus] C:\WINDOWS\system32\psqlpwd.dll [2008-07-04 96008] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"=scecli psqlpwd [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "DisableTaskMgr"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoFolderOptions"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe"="C:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent" "C:\Program Files\uusee\UUSeePlayer.exe"="C:\Program Files\uusee\UUSeePlayer.exe:*:Enabled:UUSEE" "C:\Program Files\Autodesk\Backburner\monitor.exe"="C:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor" "C:\Program Files\Autodesk\Backburner\manager.exe"="C:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager" "C:\Program Files\Autodesk\Backburner\server.exe"="C:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server" "C:\Program Files\Autodesk\3ds Max 2010\3dsmax.exe"="C:\Program Files\Autodesk\3ds Max 2010\3dsmax.exe:*:Enabled:Autodesk 3ds Max 2010 32-bit" "C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe"="C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe:*:Enabled:mental ray satellite for Autodesk 3ds Max 2010 32-bit" "C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe"="C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe:*:Enabled:mental ray satellite server for Autodesk 3ds Max 2010 32-bit" "C:\Program Files\DMV\MaxTV4\core\maxtv_xul.exe"="C:\Program Files\DMV\MaxTV4\core\maxtv_xul.exe:*:Enabled:MaxTV" "C:\Program Files\DMV\MaxTV4\maxtv.exe"="C:\Program Files\DMV\MaxTV4\maxtv.exe:*:Enabled:MaxTV Framework" "C:\Program Files\DMV\MaxTV4\recorder.exe"="C:\Program Files\DMV\MaxTV4\recorder.exe:*:Enabled:MaxTV Recorder" "C:\Program Files\Autodesk\3ds Max 2009\3dsmax.exe"="C:\Program Files\Autodesk\3ds Max 2009\3dsmax.exe:*:Enabled:Autodesk 3ds Max Design 2009 32-bit" "C:\Program Files\PPLive\PPLive.exe"="C:\Program Files\PPLive\PPLive.exe:*:Enabled:PPLive" "C:\Program Files\PPLive\PPLiveU.exe"="C:\Program Files\PPLive\PPLiveU.exe:*:Enabled:PPLiveU" "C:\Program Files\PPLiveVA\PPLiveVA.exe"="C:\Program Files\PPLiveVA\PPLiveVA.exe:*:Enabled:PPLiveVA" "C:\Program Files\PPLiveVA\FlvPick.exe"="C:\Program Files\PPLiveVA\FlvPick.exe:*:Enabled:FlvPick" "C:\Program Files\PPLiveVA\CrashUpload.exe"="C:\Program Files\PPLiveVA\CrashUpload.exe:*:Enabled:CrashUpload" "C:\Program Files\PPLiveVA\Download.exe"="C:\Program Files\PPLiveVA\Download.exe:*:Enabled:Download" "C:\Program Files\PPLiveVA\DownloadProgress.exe"="C:\Program Files\PPLiveVA\DownloadProgress.exe:*:Enabled:DownloadProgress" "C:\Documents and Settings\All Users\Application Data\PPLiveVA\Application\PPAP.exe"="C:\Documents and Settings\All Users\Application Data\PPLiveVA\Application\PPAP.exe:*:Enabled:PPAP" "C:\Program Files\PPStream\PPStream.exe"="C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPSÍøÂçµçÊÓ" "C:\Program Files\PPStream\PPSAP.exe"="C:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS ÍøÂç¼ÓËÙÆ÷" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Fichiers communs\PPLiveNetwork\PPAP.exe"="C:\Program Files\Fichiers communs\PPLiveNetwork\PPAP.exe:*:Enabled:PPLive" "C:\Program Files\PPLive\PPTV\PPLive.exe"="C:\Program Files\PPLive\PPTV\PPLive.exe:*:Enabled:PPLive" "C:\Program Files\PPLive\PPTV\PPLiveU.exe"="C:\Program Files\PPLive\PPTV\PPLiveU.exe:*:Enabled:PPLiveU" "C:\Program Files\PPLive\PPVA\PPLiveVA.exe"="C:\Program Files\PPLive\PPVA\PPLiveVA.exe:*:Enabled:PPLiveVA" "C:\Program Files\PPLive\PPVA\PPLiveVA_U.exe"="C:\Program Files\PPLive\PPVA\PPLiveVA_U.exe:*:Enabled:PPLiveVA" "C:\Program Files\PPLive\PPVA\FlvPick.exe"="C:\Program Files\PPLive\PPVA\FlvPick.exe:*:Enabled:FlvPick" "C:\Program Files\PPLive\PPVA\crashreporter.exe"="C:\Program Files\PPLive\PPVA\crashreporter.exe:*:Enabled:CrashUpload" "C:\Program Files\PPLive\PPVA\PPVADownload.exe"="C:\Program Files\PPLive\PPVA\PPVADownload.exe:*:Enabled:Download" "C:\Program Files\PPLive\PPVA\DownloadProgress.exe"="C:\Program Files\PPLive\PPVA\DownloadProgress.exe:*:Enabled:DownloadProgress" "C:\Program Files\MaxTV\MaxTV4\maxtv.exe"="C:\Program Files\MaxTV\MaxTV4\maxtv.exe:*:Enabled:MaxTV" "C:\Program Files\MaxTV\MaxTV4\core\maxtv_xul.exe"="C:\Program Files\MaxTV\MaxTV4\core\maxtv_xul.exe:*:Enabled:MaxTV GUI" "C:\Program Files\MaxTV\MaxTV4\recorder.exe"="C:\Program Files\MaxTV\MaxTV4\recorder.exe:*:Enabled:MaxTV Recorder" "C:\Program Files\MaxTV\MaxTV4\task_scheduler.exe"="C:\Program Files\MaxTV\MaxTV4\task_scheduler.exe:*:Enabled:MaxTV Recorder Manager" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4c56032-c7b8-11de-9248-0090f582af08}] shell\Shell00\command - G:\Start.exe ======File associations====== .js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" .js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1" .txt - open - ======List of files/folders created in the last 3 months====== 2010-04-13 11:04:19 ----D---- C:\Program Files\trend micro 2010-04-13 11:04:18 ----D---- C:\rsit 2010-04-12 22:03:31 ----A---- C:\WINDOWS\system32\qtplugin.exe 2010-04-12 14:17:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-04-12 12:35:58 ----D---- C:\Documents and Settings\Seb\Application Data\Malwarebytes 2010-04-12 12:35:44 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2010-04-12 03:13:36 ----D---- C:\Program Files\CCleaner 2010-04-12 02:48:11 ----A---- C:\Documents and Settings\All Users\Application Data\pragmamfeklnmal.dll 2010-04-10 17:29:17 ----D---- C:\Program Files\MaxTV 2010-04-07 16:10:20 ----D---- C:\Documents and Settings\Seb\Application Data\Windows Desktop Search 2010-04-07 16:09:44 ----D---- C:\WINDOWS\system32\GroupPolicy 2010-04-07 16:09:44 ----D---- C:\Program Files\Windows Desktop Search 2010-04-07 16:09:29 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$ 2010-04-07 16:09:13 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$ 2010-03-18 20:46:14 ----HD---- C:\Documents and Settings\Seb\Application Data\FDBTemp 2010-03-18 20:37:12 ----D---- C:\Program Files\scripts 2010-03-18 20:37:12 ----D---- C:\Program Files\defaults 2010-03-18 20:37:12 ----A---- C:\Program Files\plugin.ini 2010-03-18 20:37:11 ----D---- C:\Program Files\plugins 2010-03-18 20:37:10 ----D---- C:\Program Files\Chaos Group 2010-03-18 20:37:10 ----A---- C:\Program Files\vray2009.dll 2010-03-18 20:37:10 ----A---- C:\Program Files\libmmd.dll 2010-03-18 20:24:47 ----D---- C:\Documents and Settings\All Users\Application Data\Macromedia 2010-03-18 20:24:29 ----D---- C:\Program Files\Macromedia 2010-03-18 20:24:29 ----D---- C:\Program Files\Fichiers communs\Macromedia 2010-03-09 18:56:13 ----D---- C:\Documents and Settings\Seb\Application Data\Corel 2010-03-09 18:53:47 ----D---- C:\Program Files\Corel 2010-03-05 04:38:29 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles 2010-03-03 20:09:42 ----D---- C:\Documents and Settings\Seb\Application Data\WTablet 2010-03-03 20:09:14 ----D---- C:\WINDOWS\system32\WTablet 2010-03-03 20:09:11 ----N---- C:\WINDOWS\system32\Wintab32.dll 2010-03-03 20:09:11 ----N---- C:\WINDOWS\system32\Wacom_Tablet.exe 2010-03-03 20:09:11 ----N---- C:\WINDOWS\system32\Wacom_Tablet.dll 2010-03-03 20:09:03 ----D---- C:\Program Files\Tablet 2010-03-03 18:46:58 ----A---- C:\WINDOWS\system32\hidserv.dll 2010-02-12 10:17:52 ----D---- C:\WTablet 2010-02-10 21:56:07 ----D---- C:\Documents and Settings\All Users\Application Data\Jlcm 2010-02-10 21:56:05 ----D---- C:\Documents and Settings\All Users\Application Data\PPLive 2010-02-10 21:56:02 ----D---- C:\Documents and Settings\Seb\Application Data\PPLive 2010-02-10 21:55:52 ----D---- C:\Program Files\PPLive 2010-02-10 21:55:32 ----D---- C:\Program Files\Fichiers communs\PPLiveNetwork 2010-02-10 02:06:11 ----A---- C:\WINDOWS\system32\deltree.exe 2010-01-31 11:04:37 ----D---- C:\Program Files\TVAnts 2010-01-27 14:00:07 ----D---- C:\Program Files\StreamTorrent 1.0 2010-01-26 12:56:12 ----D---- C:\Program Files\Microsoft 2010-01-15 22:00:54 ----HDC---- C:\WINDOWS\ie8 ======List of files/folders modified in the last 3 months====== 2010-04-13 11:04:19 ----RD---- C:\Program Files 2010-04-13 10:56:37 ----D---- C:\FavoriteVideo 2010-04-13 08:35:54 ----D---- C:\WINDOWS\Temp 2010-04-13 08:07:28 ----D---- C:\Documents and Settings\Seb\Application Data\Media Player 2010-04-13 08:06:15 ----D---- C:\WINDOWS\Prefetch 2010-04-13 08:06:03 ----D---- C:\WINDOWS 2010-04-12 22:58:59 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-04-12 22:48:32 ----D---- C:\WINDOWS\system32 2010-04-12 22:08:07 ----D---- C:\Documents and Settings\Seb\Application Data\vlc 2010-04-12 20:22:03 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-04-12 20:21:58 ----D---- C:\WINDOWS\system32\CatRoot2 2010-04-12 19:57:06 ----D---- C:\WINDOWS\system32\drivers 2010-04-12 19:57:06 ----D---- C:\WINDOWS\MYP2P EPL MEDIA PLAYER 2010-04-12 19:53:14 ----SD---- C:\WINDOWS\Tasks 2010-04-12 18:45:28 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$ 2010-04-12 18:02:54 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$ 2010-04-12 15:10:17 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$ 2010-04-12 14:04:24 ----D---- C:\WINDOWS\L2Schemas 2010-04-12 12:30:19 ----HD---- C:\WINDOWS\inf 2010-04-12 03:16:26 ----D---- C:\Documents and Settings\Seb\Application Data\Azureus 2010-04-12 03:16:25 ----D---- C:\WINDOWS\Minidump 2010-04-12 03:16:25 ----D---- C:\WINDOWS\Debug 2010-04-12 03:08:25 ----D---- C:\Program Files\Mozilla Firefox 2010-04-12 03:05:50 ----SHD---- C:\System Volume Information 2010-04-12 03:05:50 ----D---- C:\WINDOWS\system32\Restore 2010-04-10 17:29:18 ----D---- C:\WINDOWS\MaxTV 2010-04-07 16:10:23 ----SD---- C:\Documents and Settings\Seb\Application Data\Microsoft 2010-04-07 16:09:53 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2010-04-07 16:09:49 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-04-07 16:09:46 ----D---- C:\WINDOWS\system32\fr-fr 2010-04-07 16:09:44 ----D---- C:\WINDOWS\system32\wbem 2010-04-06 17:25:01 ----A---- C:\WINDOWS\NeroDigital.ini 2010-04-04 12:00:05 ----D---- C:\Program Files\McAfee 2010-03-24 21:45:52 ----D---- C:\Documents and Settings\Seb\Application Data\TVU networks 2010-03-18 20:50:09 ----SHD---- C:\WINDOWS\Installer 2010-03-18 20:50:09 ----SHD---- C:\Config.Msi 2010-03-18 20:29:01 ----D---- C:\Documents and Settings\Seb\Application Data\Macromedia 2010-03-18 20:24:29 ----D---- C:\Program Files\Fichiers communs 2010-03-18 20:23:54 ----D---- C:\WINDOWS\Downloaded Installations 2010-03-18 19:32:50 ----D---- C:\Program Files\Autodesk 2010-03-12 01:58:06 ----D---- C:\WINDOWS\Network Diagnostic 2010-03-08 23:44:59 ----D---- C:\Program Files\Unlocker 2010-03-03 18:46:49 ----D---- C:\WINDOWS\system32\ReinstallBackups 2010-03-03 14:51:17 ----D---- C:\Autodesk 2010-02-26 12:56:14 ----D---- C:\Documents and Settings\Seb\Application Data\dvdcss 2010-02-19 14:00:52 ----D---- C:\Program Files\SpeedFan 2010-02-11 20:25:20 ----A---- C:\GERCC.txt 2010-02-11 20:25:19 ----A---- C:\RCPARAM.txt 2010-02-09 12:29:51 ----D---- C:\Program Files\Microsoft Silverlight 2010-01-29 09:51:00 ----D---- C:\Program Files\Veetle 2010-01-20 16:46:59 ----SD---- C:\WINDOWS\Downloaded Program Files 2010-01-20 16:12:58 ----D---- C:\WINDOWS\WinSxS 2010-01-20 16:11:58 ----D---- C:\Program Files\Adobe 2010-01-20 16:10:42 ----D---- C:\Program Files\Fichiers communs\Adobe 2010-01-20 16:04:07 ----D---- C:\Documents and Settings\Seb\Application Data\Adobe 2010-01-20 15:26:27 ----D---- C:\Program Files\Vuze 2010-01-15 22:05:25 ----D---- C:\WINDOWS\Help 2010-01-15 22:05:25 ----D---- C:\Program Files\Internet Explorer 2010-01-15 22:02:48 ----HD---- C:\WINDOWS\msdownld.tmp 2010-01-15 22:02:30 ----D---- C:\WINDOWS\WBEM 2010-01-15 22:02:22 ----D---- C:\WINDOWS\Media ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576] R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720] R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-09-16 214664] R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2009-07-16 120136] R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800] R3 Cam5607;BisonCam, NB Pro; C:\WINDOWS\System32\Drivers\BisonC07.sys [2008-04-30 1073320] R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384] R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-04-17 4707328] R3 JMCR;JMCR; C:\WINDOWS\system32\DRIVERS\jmcr.sys [2008-04-11 84240] R3 JSWSCIMD;jswscimd Service; C:\WINDOWS\system32\DRIVERS\jswscimd.sys [2008-02-12 57440] R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-09-16 79816] R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-09-16 35272] R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-08-19 7968448] R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda32.sys [2009-05-11 56480] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2009-10-29 10368] R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-03-07 106624] R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2008-03-27 1094272] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-12-06 220032] R3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2008-01-30 50576] R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 wacommousefilter;Wacom Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312] R3 wacomvhid;Wacom Virtual Hid Driver; C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 12848] R3 WacomVKHid;Virtual Keyboard Driver; C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-16 11440] R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-12-14 57408] S3 Bridge;Pont MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-14 71552] S3 BridgeMP;Miniport de pont MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-14 71552] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\DNINDIS5.SYS [] S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-09-16 34248] S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-09-16 40552] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 NETw5x32;Pilote de carte Intel® Wireless WiFi Link pour Windows XP 32 bits ; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-04-28 3626112] S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984] S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service; C:\WINDOWS\system32\DRIVERS\WN111v2.sys [2008-05-31 434688] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 bndtkgxg;bndtkgxg; C:\WINDOWS\System32\drivers\aikhmtm.sys [2010-04-12 54016] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] S4 jkueokw;jkueokw; C:\WINDOWS\System32\drivers\hkvcsfm.sys [2010-04-12 54016] S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73600] S4 ucfbbv;ucfbbv; C:\WINDOWS\System32\drivers\yqnvoqnb.sys [2010-04-12 54016] S4 vpubbuxe;vpubbuxe; C:\WINDOWS\System32\drivers\maysaj.sys [2010-04-12 54016] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2008-05-04 467029] R2 ASKService;ASKService; C:\Program Files\AskBarDis\bar\bin\AskService.exe [2009-04-02 464264] R2 ASKUpgrade;ASKUpgrade; C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-02 234888] R2 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe [2009-11-20 79360] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 152984] R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-10 865832] R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848] R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952] R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-09-16 144704] R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit; C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-19 65536] R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit; C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-04-13 86016] R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-10-27 895696] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-08-19 168004] R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656] R2 TabletServiceWacom;TabletServiceWacom; C:\WINDOWS\system32\Wacom_Tablet.exe [2007-09-07 1373480] R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [] S2 vvdsvc;VJVodClientServices; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-05-01 651720] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 Imapi Helper;Imapi Helper; C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe [2006-01-05 163840] S3 jswpsapi;Jumpstart Wifi Protected Setup; C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe [2008-02-27 360547] S3 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2009-07-08 68112] S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-09-16 365072] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S4 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-09-16 606736] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- ------------------------------------------------------------------------------------------------------------------------------------------- RSIT info info.txt logfile of random's system information tool 1.06 2010-04-13 11:04:28 ======Uninstall list====== -->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 -->MsiExec /X{B83FC356-B7C0-441F-8A4D-D71E088E7974} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf ACDSee Pro-->MsiExec.exe /I{6DE20125-6C25-46DD-8743-9C731E25ABA5} Adobe Acrobat 9 Pro - English, Français, Deutsch-->msiexec /I {AC76BA86-1033-F400-7760-000000000004} Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95} Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61} Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394} Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23} Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C} Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C} Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E} Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9} Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2} Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029} Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A} Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D} Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD} Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B} Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245} Adobe Illustrator CS3-->C:\Program Files\Fichiers communs\Adobe\Installers\e21d2df5563f0bf421cf2cc5ec26c42\Setup.exe Adobe Illustrator CS3-->MsiExec.exe /I{6E08CE13-C2AB-4749-9335-5900B958929E} Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078} Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C} Adobe Photoshop CS3-->C:\Program Files\Fichiers communs\Adobe\Installers\32e9033392a51340b32fdc6ad893ab7\Setup.exe Adobe Photoshop CS3-->MsiExec.exe /I{BF794769-8875-4E01-B7BE-E00104604F4A} Adobe Reader 8 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A80000000002} Adobe Setup-->MsiExec.exe /I{926DEB4E-2B0A-4C5C-AE4A-BF6C06949702} Adobe Setup-->MsiExec.exe /I{CE67DBBB-2ED0-4F35-B482-0CFE4CFC1570} Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe" Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183} Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312} Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8} Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5} Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6} Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923} Apago PDF Enhancer 3.2-->C:\Program Files\PDF Enhancer\uninst.exe Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7} Autodesk 3ds Max 2010 32-bit-->MsiExec.exe /I{317AC0C7-FEBF-040C-87A3-4FC70D0ED900} Autodesk 3ds Max Design 2009 32-bit Additional Maps and Material Libraries-->MsiExec.exe /I{F681200C-0446-040C-ABE4-EA9105E40EE4} Autodesk 3ds Max Design 2009 32-bit Architectural Materials Library-->MsiExec.exe /I{C251E4E6-89BA-040C-9B42-1B3D01D34783} Autodesk 3ds Max Design 2009 32-bit Films-->MsiExec.exe /I{305D5417-E687-040C-AA09-53DE06E059F8} Autodesk 3ds Max Design 2009 32-bit ProMaterials™ Library-->MsiExec.exe /I{2AB45FAF-2D92-040C-8D33-E2FE6172280E} Autodesk 3ds Max Design 2009 32-bit Vault 2008 Extension-->MsiExec.exe /I{EFCBBB01-F876-040C-B91F-7B6132E8BB64} Autodesk 3ds Max Design 2009 32-bit Vault 2009 Extension-->MsiExec.exe /I{744A5C19-AA4C-040C-BC07-9F4C73C8B247} Autodesk 3ds Max Design 2009 32-bit-->MsiExec.exe /I{FDD8070F-E3B9-040C-822C-CCFE5E82C14D} Autodesk AliasStudio 2009-->MsiExec.exe /I{B37CD443-C872-47B3-949A-C08BA2EB9D2B} Autodesk Backburner 2008.1-->MsiExec.exe /I{3D347E6D-5A03-4342-B5BA-6A771885F379} Autodesk DirectConnect 2009-->MsiExec.exe /I{35BA2BAF-FFD4-4B12-B42B-AA8CC902CD23} Autodesk FBX Plugin 2009.4 - 3ds Max 2010-->C:\Program Files\Autodesk\FBX\FBXPlugins\2009.4\3ds Max 2010\Uninstall.exe Autodesk Showcase 2009-->MsiExec.exe /I{071F11A8-3157-4739-B38E-3224F1FD9F59} Autodesk SketchBookPro 2010-->MsiExec.exe /X{F8236DB8-CF1E-476B-A718-0ADBDBD97863} Belkin Storage Manager-->MsiExec.exe /X{C12D7D54-7DE8-4DF7-AB2D-8A5ECFB2F89B} BisonCam-->C:\Program Files\InstallShield Installation Information\{4BB1DCED-84D3-47F9-B718-5947E904593E}\Setup.exe -runfromtemp -l0x040c -removeonly Bluerock Technologies Flight Studio 3ds Max Design 2009 32-bit-->MsiExec.exe /I{0B56244C-7B61-040C-A739-3E29DDE4DC3C} Canon MP Navigator 2.0-->"C:\Program Files\Canon\MP Navigator 2.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 2.0\uninst.ini Canon MP450-->"C:\WINDOWS\system32\CanonMP Uninstaller Information\{CF23AFD7-3078-4134-8823-EBF6D1FE6FAD}\DelDrv.exe" /U:{CF23AFD7-3078-4134-8823-EBF6D1FE6FAD} /L0x000c CCleaner-->"C:\Program Files\CCleaner\uninst.exe" CombiMovie Version 1.31-->"C:\Program Files\bobyte\CombiMovie\unins000.exe" Command Prompt Here PowerToy-->rundll32.exe syssetup.dll,SetupInfObjectInstallAction DefaultUninstall 132 C:\WINDOWS\INF\DosHere.inf Copernic Agent Professional-->"C:\WINDOWS\CopernicAgentUninstall.exe" /ARGSFILE="C:\Program Files\Copernic Agent\unwise.dat" Corel Painter Essentials 3-->MsiExec.exe /I{0C180787-F8C8-42FD-A9D3-689BA44BEAAF} Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN eMule-->"C:\Program Files\eMule\Uninstall.exe" FBX Plugin 2009.0 for Max 2009-->C:\Program Files\Autodesk\FBX\FbxPlugins\2009.0\Max2009\Uninstall.exe Free Video Converter V 2.3-->"C:\Program Files\Free Video Converter\unins000.exe" HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe" HotKey_Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63F8286A-601D-4B06-BB21-DB863AF17BFA}\Setup.exe" -l0x9 hypershot-->MsiExec.exe /I{04DD2EE7-31BB-4186-9A30-447283BC26F8} Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31} Intel PROSet Wireless-->Intel PROSet Wireless ISO Recorder-->MsiExec.exe /I{DFC6573E-124D-4026-BFA4-B433C9D3FF21} IsoBuster 1.9-->"C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe" Java 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF} JMicron JMB38X Flash Media Controller-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{26604C7E-A313-4D12-867F-7C6E7820BE4C}\setup.exe" -l0x40c -removeonly Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Macromedia Dreamweaver 8-->MsiExec.exe /I{5FD788ED-1A37-4496-9BDD-463F493B27FA} Macromedia Extension Manager-->MsiExec.exe /I{3C8C9FB3-5FDF-40B4-B314-EAD722728C76} Macromedia Flash Player 8-->MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46} Magic ISO Maker v5.5 (build 0276)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" MaxTV-->"C:\WINDOWS\MaxTV\uninstall_maxtv.exe" "/U:C:\Program Files\MaxTV\MaxTV4\Uninstall\MaxTV\uninstall_maxtv.xml" McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe Media Player-->"C:\Program Files\Orange\Media Player\uninstall.exe" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE} Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13} Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Motorola SM56 Data Fax Modem-->rundll32.exe sm56co81.dll,SM56UnInstaller Mozilla Firefox (3.0.18)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe Mozilla Thunderbird (2.0.0.23)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 6.0 Parser-->MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE} MYP2P EPL MEDIA PLAYER-->"C:\WINDOWS\MYP2P EPL MEDIA PLAYER\uninstall.exe" "/U:C:\Program Files\MYP2P EPL MEDIA PLAYER\Uninstall\uninstall.xml" Nero 8 Lite 8.3.6.0-->"C:\Program Files\Nero\unins000.exe" NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI NVIDIA PhysX-->MsiExec.exe /X{B83FC356-B7C0-441F-8A4D-D71E088E7974} Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5} PPStream V2.6.86.8989 Final-->C:\Program Files\PPStream\unpps.exe PPTV V2.4.2.0013-->C:\Program Files\PPLive\PPTV\uninst.exe Protector Suite QL 5.8-->MsiExec.exe /I{23B14BE4-5277-40B2-B602-3FCD456C27BC} QuickTime-->MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8} RangeMax Wireless-N USB Adapter WN111v2-->C:\Program Files\InstallShield Installation Information\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\setup.exe -runfromtemp -l0x0409 RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\Setup.exe -runfromtemp -l0x040c -removeonly Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x40c -removeonly Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85} Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} Sina Web TV-->C:\PROGRA~1\sina\SINAWE~1\307~1.1\UNWISE.EXE C:\PROGRA~1\sina\SINAWE~1\307~1.1\Install.LOG SLD Codec Pack-->C:\Program Files\SLD Codec Pack\uninstall.exe SopCast 2.0.4-->C:\Program Files\SopCast\uninst.exe SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe" Stream Torrent 1.0-->"C:\Program Files\StreamTorrent 1.0\uninstall.exe" Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Tablette Wacom-->C:\Program Files\Tablet\Wacom\Remove.exe /u Turbo Squid Tentacles 3ds Max 2009 32-bit-->MsiExec.exe /X{7A046E1F-BEB7-49C8-83E2-78E1F1C65C60} TVAnts 1.0-->C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG TVUPlayer 2.5.0.1-->C:\Program Files\TVUPlayer\uninst.exe Unity Web Player-->C:\Program Files\Unity\WebPlayer\Uninstall.exe Unlocker 1.8.8-->C:\Program Files\Unlocker\uninst.exe Update for Outlook 2007 Junk Email Filter (kb962871)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {297857BF-4011-449B-BD74-DB64D182821C} UUSee ÍøÂçµçÊÓ [4.4.801.53]-->C:\Program Files\uusee\uninst.exe VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B} VCW VicMan's Photo Editor 8.1-->"C:\Program Files\VCW VicMan's Photo Editor\unins000.exe" Veetle TV 0.9.16-->C:\Program Files\Veetle\UninstallVeetleTV.exe VexcastPlayer2.0-->"C:\WINDOWS\system32\Nagasoft\Uninstall.exe" Virtual Plastic Surgery Software - VPSS v1.0-->"C:\Program Files\VPSS\unins000.exe" VLC media player 1.0.3-->C:\Program Files\VideoLAN\VLC\uninstall.exe V-Ray for 3dsmax 2009 for x86-->"C:\Program Files\Chaos Group\V-Ray\3dsmax 2009 for x86\uninstall\wininstaller.exe"-uninstall="C:\Program Files\Chaos Group\V-Ray\3dsmax 2009 for x86\uninstall\install.log" -uninstallApp="V-Ray for 3dsmax 2009 for x86" Vuze Toolbar-->"C:\Program Files\AskBarDis\unins000.exe" Vuze-->C:\Program Files\Vuze\uninstall.exe Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe" Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe" WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall WiziWYG XP-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Praxisoft\WiziWYG XP\Uninst.isu" X-Fonter 6.4-->"C:\Program Files\X-Fonter\unins000.exe" ======Security center information====== AV: Digital Protection (outdated) AV: McAfee VirusScan (disabled) FW: McAfee Personal Firewall (disabled) ======System event log====== Computer Name: SEB Event Code: 51 Message: Une erreur a été détectée sur le périphérique \Device\Harddisk3\D au cours d'une opération de pagination. Record Number: 31243 Source Name: Disk Time Written: 20100317150314.000000+060 Event Type: Avertissement User: Computer Name: SEB Event Code: 51 Message: Une erreur a été détectée sur le périphérique \Device\Harddisk3\D au cours d'une opération de pagination. Record Number: 31242 Source Name: Disk Time Written: 20100317150314.000000+060 Event Type: Avertissement User: Computer Name: SEB Event Code: 51 Message: Une erreur a été détectée sur le périphérique \Device\Harddisk3\D au cours d'une opération de pagination. Record Number: 31241 Source Name: Disk Time Written: 20100317150314.000000+060 Event Type: Avertissement User: Computer Name: SEB Event Code: 51 Message: Une erreur a été détectée sur le périphérique \Device\Harddisk3\D au cours d'une opération de pagination. Record Number: 31240 Source Name: Disk Time Written: 20100317150314.000000+060 Event Type: Avertissement User: Computer Name: SEB Event Code: 51 Message: Une erreur a été détectée sur le périphérique \Device\Harddisk3\D au cours d'une opération de pagination. Record Number: 31239 Source Name: Disk Time Written: 20100317150314.000000+060 Event Type: Avertissement User: =====Application event log===== Computer Name: SEB Event Code: 1800 Message: Le service Centre de sécurité Windows a démarré. Record Number: 625 Source Name: SecurityCenter Time Written: 20090622074455.000000+120 Event Type: Informations User: Computer Name: SEB Event Code: 1 Message: Record Number: 624 Source Name: Bonjour Service Time Written: 20090622074452.000000+120 Event Type: Informations User: Computer Name: SEB Event Code: 5000 Message: Service McShield démarré. Version du moteur : 5301.4018 Version du fichier DAT : 5642.0000 Nombre de signatures dans le fichier EXTRA.DAT : None Nom des menaces pouvant être détectées par EXTRA.DAT : None Record Number: 623 Source Name: McLogEvent Time Written: 20090621094739.000000+120 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: SEB Event Code: 1800 Message: Le service Centre de sécurité Windows a démarré. Record Number: 622 Source Name: SecurityCenter Time Written: 20090621094730.000000+120 Event Type: Informations User: Computer Name: SEB Event Code: 1 Message: Record Number: 621 Source Name: Bonjour Service Time Written: 20090621094727.000000+120 Event Type: Informations User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=C:\Program Files\Autodesk\AliasStudio2009\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Fichiers communs\DivX Shared\;C:\Program Files\QuickTime\QTSystem\C:\Program Files\DMV\MaxTV4\plugins;C:\Program Files\Autodesk\Backburner\;C:\Program Files\Fichiers communs\Autodesk Shared\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel "PROCESSOR_REVISION"=1706 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip "QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip "HYPERSHOT"=C:\Documents and Settings\All Users\Bunkspeed\HyperShot -----------------EOF-----------------

Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Version de la base de données: 3980 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 12/04/2010 19:52:25 mbam-log-2010-04-12 (19-52-25).txt Type d'examen: Examen complet (C:\|D:\|G:\|H:\|) Elément(s) analysé(s): 160030 Temps écoulé: 51 minute(s), 55 seconde(s) Processus mémoire infecté(s): 1 Module(s) mémoire infecté(s): 2 Clé(s) du Registre infectée(s): 12 Valeur(s) du Registre infectée(s): 6 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 3 Fichier(s) infecté(s): 25 Processus mémoire infecté(s): C:\WINDOWS\Nmozoa.exe (Trojan.Fraudpack) -> No action taken. Module(s) mémoire infecté(s): C:\WINDOWS\system32\qhjfpz63.dll (Trojan.Vundo.H) -> No action taken. c:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> No action taken. Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a9ba40a1-74f1-52bd-f431-00b15a2c8953} (Trojan.Vundo.H) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{a9ba40a1-74f1-52bd-f431-00b15a2c8953} (Trojan.Vundo.H) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a9ba40a1-74f1-52bd-f431-00b15a2c8953} (Trojan.Ertfor) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pragmaoisecxtrpo (Trojan.DNSChanger) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PRAGMAd.sys (Trojan.DNSChanger) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Digital Protection (Rogue.DigitalProtection) -> No action taken. HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> No action taken. HKEY_CURRENT_USER\Software\Malware Defense (Rogue.MalwareDefense) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.Downloader) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Paladin Antivirus (Rogue.PaladinAntivirus) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Paladin Antivirus (Rogue.PaladinAntivirus) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense (Rogue.MalwareDefense) -> No action taken. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hf8wefhuaihf8ewfydiujhfdsfdf (Trojan.Ertfor) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yvibbbha8c (Trojan.Fraudpack) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hsf87efjhdsf87f3jfsdi7fhsujfd (Trojan.Agent) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\davclnt.exe (Rogue.DigitalProtection) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{a9ba40a1-74f1-52bd-f431-00b15a2c8953} (Trojan.Ertfor) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\digital protection (Rogue.DigitalProtection) -> No action taken. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Program Files\Digital Protection (Rogue.DigitalProtection) -> No action taken. C:\Documents and Settings\Seb\Menu Démarrer\Programmes\Digital Protection (Rogue.DigitalProtection) -> No action taken. C:\WINDOWS\PRAGMAoisecxtrpo (Trojan.DNSChanger) -> No action taken. Fichier(s) infecté(s): C:\WINDOWS\system32\qhjfpz63.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\Nmozoa.exe (Trojan.Fraudpack) -> No action taken. C:\Documents and Settings\Seb\Local Settings\Temp\duk0x.exe (Trojan.Ertfor) -> No action taken. C:\Documents and Settings\Seb\Local Settings\Temp\Ntl.exe (Trojan.Fraudpack) -> No action taken. C:\Documents and Settings\Seb\Local Settings\Temp\spoolsv.exe (Trojan.Agent) -> No action taken. C:\Documents and Settings\Seb\Local Settings\Temp\davclnt.exe (Rogue.DigitalProtection) -> No action taken. C:\Documents and Settings\Seb\Local Settings\Temp\asdA.tmp.exe (Malware.Packer.Gen) -> No action taken. C:\WINDOWS\PRAGMAoisecxtrpo\PRAGMAd.sys (Trojan.DNSChanger) -> No action taken. C:\WINDOWS\system32\PRAGMAjetavuhpak.dll (Malware.Packer.Gen) -> No action taken. C:\WINDOWS\system32\PRAGMAyfxclfwndn.dll (Malware.Packer.Gen) -> No action taken. C:\WINDOWS\system32\PRAGMAyktkvvxnhl.dll (Malware.Packer.Gen) -> No action taken. C:\WINDOWS\system32\drivers\suvgsw.sys (Rootkit.Agent) -> No action taken. C:\Documents and Settings\Seb\Menu Démarrer\Programmes\Digital Protection\About.lnk (Rogue.DigitalProtection) -> No action taken. C:\Documents and Settings\Seb\Menu Démarrer\Programmes\Digital Protection\Activate.lnk (Rogue.DigitalProtection) -> No action taken. C:\Documents and Settings\Seb\Menu Démarrer\Programmes\Digital Protection\Buy.lnk (Rogue.DigitalProtection) -> No action taken. C:\Documents and Settings\Seb\Menu Démarrer\Programmes\Digital Protection\Digital Protection Support.lnk (Rogue.DigitalProtection) -> No action taken. C:\Documents and Settings\Seb\Menu Démarrer\Programmes\Digital Protection\Digital Protection.lnk (Rogue.DigitalProtection) -> No action taken. C:\Documents and Settings\Seb\Menu Démarrer\Programmes\Digital Protection\Scan.lnk (Rogue.DigitalProtection) -> No action taken. C:\Documents and Settings\Seb\Menu Démarrer\Programmes\Digital Protection\Settings.lnk (Rogue.DigitalProtection) -> No action taken. C:\Documents and Settings\Seb\Menu Démarrer\Programmes\Digital Protection\Update.lnk (Rogue.DigitalProtection) -> No action taken. C:\WINDOWS\system32\PRAGMAlabnpgiuua.dat (Trojan.DNSChanger) -> No action taken. C:\Documents and Settings\Seb\Local Settings\Temp\PRAGMA9dc8.tmp (Trojan.DNSChanger) -> No action taken. C:\Documents and Settings\All Users\Favoris\_favdata.dat (Malware.Trace) -> No action taken. C:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> No action taken. C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> No action taken. ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Version de la base de données: 3980 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 12/04/2010 19:53:15 mbam-log-2010-04-12 (19-53-15).txt Type d'examen: Examen complet (C:\|D:\|G:\|H:\|) Elément(s) analysé(s): 160030 Temps écoulé: 51 minute(s), 55 seconde(s) Processus mémoire infecté(s): 1 Module(s) mémoire infecté(s): 2 Clé(s) du Registre infectée(s): 12 Valeur(s) du Registre infectée(s): 6 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 3 Fichier(s) infecté(s): 25 Processus mémoire infecté(s): C:\WINDOWS\Nmozoa.exe (Trojan.Fraudpack) -> Unloaded process successfully. Module(s) mémoire infecté(s): C:\WINDOWS\system32\qhjfpz63.dll (Trojan.Vundo.H) -> Delete on reboot. c:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> Delete on reboot. Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a9ba40a1-74f1-52bd-f431-00b15a2c8953} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{a9ba40a1-74f1-52bd-f431-00b15a2c8953} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a9ba40a1-74f1-52bd-f431-00b15a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pragmaoisecxtrpo (Trojan.DNSChanger) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PRAGMAd.sys (Trojan.DNSChanger) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Digital Protection (Rogue.DigitalProtection) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Paladin Antivirus (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Paladin Antivirus (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hf8wefhuaihf8ewfydiujhfdsfdf (Trojan.Ertfor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yvibbbha8c (Trojan.Fraudpack) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hsf87efjhdsf87f3jfsdi7fhsujfd (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\davclnt.exe (Rogue.DigitalProtection) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{a9ba40a1-74f1-52bd-f431-00b15a2c8953} (Trojan.Ertfor) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\digital protection (Rogue.DigitalProtection) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Program Files\Digital Protection (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Documents and Settings\Seb\Menu Démarrer\Programmes\Digital Protection (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\WINDOWS\PRAGMAoisecxtrpo (Trojan.DNSChanger) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\WINDOWS\system32\qhjfpz63.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\Nmozoa.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully. C:\Documents and Settings\Seb\Local Settings\Temp\duk0x.exe (Trojan.Ertfor) -> Quarantined and deleted successfully. C:\Documents and Settings\Seb\Local Settings\Temp\Ntl.exe (Trojan.Fraudpack) -> Delete on reboot. C:\Documents and Settings\Seb\Local Settings\Temp\spoolsv.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Seb\Local Settings\Temp\davclnt.exe (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Documents and Settings\Seb\Local Settings\Temp\asdA.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\WINDOWS\PRAGMAoisecxtrpo\PRAGMAd.sys (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\WINDOWS\system32\PRAGMAjetavuhpak.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\WINDOWS\system32\PRAGMAyfxclfwndn.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\WINDOWS\system32\PRAGMAyktkvvxnhl.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\suvgsw.sys (Rootkit.Agent) -> Delete on reboot. C:\Documents and Settings\Seb\Menu Démarrer\Programmes\Digital Protection\About.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Documents and Settings\Seb\Menu Démarrer\Programmes\Digital Protection\Activate.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Documents and Settings\Seb\Menu Démarrer\Programmes\Digital Protection\Buy.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Documents and Settings\Seb\Menu Démarrer\Programmes\Digital Protection\Digital Protection Support.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Documents and Settings\Seb\Menu Démarrer\Programmes\Digital Protection\Digital Protection.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Documents and Settings\Seb\Menu Démarrer\Programmes\Digital Protection\Scan.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Documents and Settings\Seb\Menu Démarrer\Programmes\Digital Protection\Settings.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\Documents and Settings\Seb\Menu Démarrer\Programmes\Digital Protection\Update.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully. C:\WINDOWS\system32\PRAGMAlabnpgiuua.dat (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\Documents and Settings\Seb\Local Settings\Temp\PRAGMA9dc8.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Favoris\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> Delete on reboot. C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

non rien, je suis en train de refaire là

J'ai un probleme avec MBam,à chaque que l'analyse est terminé ( j'en est fait 3),quand je clique sur ok,le programme se ferme....

Hello, je viens de subir l'attaque de "Digital protection" en direct.Il a reussit à s'installer malgré que le parefeu lui bloquait l'acces,j'ai meme debranché le fil mais il a reussit à s'incruster... Resultat un message danger toutes les 30 secondes, le security center piraté et Virus scan bloqué. Cc cleaner ou unlocker n'y ont rien fait. Comment faut-t-il le dégagé svp merci

Moi aussi ça me parait bizarre, d'ailleurs je pense que mon modem routeur ne doit pas reconnaitre ses adresses. Que veut tu dire plus d'infos?