pldta

La suite (j'ai un peu de mal avec le pad : info.txt logfile of random's system information tool 1.06 2010-05-23 18:13:49 ======Uninstall list====== -->C:\Program Files\InstallShield Installation Information\{69333A04-5134-40A5-A055-9166A7AA1EC8}\setup.exe -runfromtemp -l0x0009 -removeonly -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adabas D 13.01.00-->MsiExec.exe /X{5C52CED3-D45C-4DA9-932F-B91BD44BB461} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2} Asus ACPI Driver-->MsiExec.exe /X{19F5658D-92E8-4A08-8657-D38ABB1574B2} Asus OS Cleaner-->C:\Program Files\InstallShield Installation Information\{84E2AA5A-8BA3-4F08-9F6F-C14E4C679FF0}\setup.exe -runfromtemp -l0x0009 -removeonly ASUSUpdate for Eee PC-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x40c Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver-->"C:\Program Files\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe" -runfromtemp -l0x040c -removeonly Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE Azurewave Wireless LAN-->C:\Program Files\InstallShield Installation Information\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}\setup.exe -runfromtemp -l0x0009 -removeonly CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Eee Storage 1.1.15.197-->C:\Program Files\Eee Storage\uninst.exe ETDWare PS/2-x86 7.0.3.8 WHQL-->C:\Program Files\Elantech\ETDUninst.exe Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL Java 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF} Java 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft Flight Simulator 2002-->"C:\Program Files\Microsoft Games\FS2002\FSUNINSTALL.EXE" /runtemp /addremove Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Mise à jour de sécurité pour Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Mise à jour pour Windows Internet Explorer 8 (KB973874)-->"C:\WINDOWS\ie8updates\KB973874-IE8\spuninst\spuninst.exe" Mise à jour pour Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe" Mise à jour pour Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe" Mozilla Firefox (3.5.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly Sunbelt Kerio Personal Firewall-->MsiExec.exe /X{E659E0EE-10E6-49B7-8696-60F38D0EB174} Super Hybrid Engine-->C:\Program Files\InstallShield Installation Information\{88F08F98-12BC-4613-81A2-8F9B88CFC73E}\setup.exe -runfromtemp -l0x0009 -removeonly WIDCOMM Bluetooth Software-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6} Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe" Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65} ZebHelpProcess 2.35-->"C:\Program Files\ZebHelpProcess\unins000.exe" ======Security center information====== AV: AntiVir Desktop FW: Sunbelt Kerio Personal Firewall ======System event log====== Computer Name: NETBOOKP Event Code: 7023 Message: Le service Gestion d'applications s'est arrêté avec l'erreur : Le module spécifié est introuvable. Record Number: 2189 Source Name: Service Control Manager Time Written: 20090723155950.000000+120 Event Type: erreur User: Computer Name: NETBOOKP Event Code: 7036 Message: Le service Gestion d'applications est entré dans l'état : arrêté. Record Number: 2188 Source Name: Service Control Manager Time Written: 20090723155950.000000+120 Event Type: Informations User: Computer Name: NETBOOKP Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service Gestion d'applications. Record Number: 2187 Source Name: Service Control Manager Time Written: 20090723155950.000000+120 Event Type: Informations User: NETBOOKP\Pascal Computer Name: NETBOOKP Event Code: 7023 Message: Le service Gestion d'applications s'est arrêté avec l'erreur : Le module spécifié est introuvable. Record Number: 2186 Source Name: Service Control Manager Time Written: 20090723155950.000000+120 Event Type: erreur User: Computer Name: NETBOOKP Event Code: 7036 Message: Le service Gestion d'applications est entré dans l'état : arrêté. Record Number: 2185 Source Name: Service Control Manager Time Written: 20090723155950.000000+120 Event Type: Informations User: =====Application event log===== Computer Name: NETBOOKP Event Code: 0 Message: Record Number: 5 Source Name: IviRegMgr Time Written: 20090719122030.000000+120 Event Type: Informations User: Computer Name: NETBOOKP Event Code: 11728 Message: Product: WebFldrs XP -- La configuration s'est terminée correctement. Record Number: 4 Source Name: MsiInstaller Time Written: 20090719121608.000000+120 Event Type: Informations User: NETBOOKP\Pascal Computer Name: NETBOOKP Event Code: 0 Message: Record Number: 3 Source Name: btwdins Time Written: 20090719121559.000000+120 Event Type: Informations User: Computer Name: NETBOOKP Event Code: 1800 Message: Le service Centre de sécurité Windows a démarré. Record Number: 2 Source Name: SecurityCenter Time Written: 20090719121559.000000+120 Event Type: Informations User: Computer Name: NETBOOKP Event Code: 0 Message: Record Number: 1 Source Name: IviRegMgr Time Written: 20090719121558.000000+120 Event Type: Informations User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 28 Stepping 2, GenuineIntel "PROCESSOR_REVISION"=1c02 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF-----------------

Voici les logs de Toolbar scan : -----------\\ ToolBar S&D 1.2.9 XP/Vista Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3 X86-based PC ( Multiprocessor Free : Intel® Atom CPU N270 @ 1.60GHz ) BIOS : BIOS Date: 06/12/09 Ver: 08.00.12 USER : Pascal ( Administrator ) BOOT : Normal boot Antivirus : AntiVir Desktop 9.0.1.32 (Activated) Firewall : Sunbelt Kerio Personal Firewall 4.3.268 T (Activated) C:\ (Local Disk) - NTFS - Total:14 Go (Free:8 Go) E:\ (CD or DVD) F:\ (USB) - FAT32 - Total:15317 Mo (Free:14 Go) "C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 ) Option : [1] ( 23/05/2010|18:00 ) -----------\\ Recherche de Fichiers / Dossiers ... -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Start Page"="http://www.google.fr/"'>http://www.google.fr/" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"'>http://go.microsoft.com/fwlink/?LinkId=69157"'>http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" --------------------\\ Recherche d'autres infections Aucune autre infection trouvée ! 1 - "C:\ToolBar SD\TB_1.txt" - 23/05/2010|18:04 - Option : [1] -----------\\ Fin du rapport a 18:04:29,60 Nettoyage -----------\\ ToolBar S&D 1.2.9 XP/Vista Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3 X86-based PC ( Multiprocessor Free : Intel® Atom CPU N270 @ 1.60GHz ) BIOS : BIOS Date: 06/12/09 Ver: 08.00.12 USER : Pascal ( Administrator ) BOOT : Normal boot Antivirus : AntiVir Desktop 9.0.1.32 (Activated) Firewall : Sunbelt Kerio Personal Firewall 4.3.268 T (Activated) C:\ (Local Disk) - NTFS - Total:14 Go (Free:8 Go) E:\ (CD or DVD) F:\ (USB) - FAT32 - Total:15317 Mo (Free:14 Go) "C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 ) Option : [2] ( 23/05/2010|18:07 ) -----------\\ Recherche de Fichiers / Dossiers ... -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Start Page"="http://www.google.fr/" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Start Page"="http://www.msn.com/" --------------------\\ Recherche d'autres infections Aucune autre infection trouvée ! 1 - "C:\ToolBar SD\TB_1.txt" - 23/05/2010|18:04 - Option : [1] 2 - "C:\ToolBar SD\TB_2.txt" - 23/05/2010|18:11 - Option : [2] -----------\\ Fin du rapport a 18:11:38,50 : Logfile of random's system information tool 1.07 (written by random/random) Run by Pascal at 2010-05-23 18:13:34 Microsoft Windows XP Édition familiale Service Pack 3 System drive C: has 8 GB (55%) free of 15 GB Total RAM: 1015 MB (59% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:13:47, on 23/05/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Elantech\ETDCtrl.exe C:\Program Files\Elantech\ETDDect.exe C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe C:\Program Files\EeePC\ACPI\AsTray.exe C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe C:\Program Files\EeePC\ACPI\AsEPCMon.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\igfxext.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Documents and Settings\Pascal\Bureau\RSIT.exe C:\Program Files\trend micro\Pascal.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - Default URLSearchHook is missing O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe O4 - HKLM\..\Run: [ETDWareDetect] C:\Program Files\Elantech\ETDDect.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: AutoRun OSCleaner.lnk = ? O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: SuperHybridEngine.lnk = ? O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Envoyer à Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1251549659938 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1251549650219 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe -- End of file - 8104 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-24 501136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-12-19 135168] "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-12-19 159744] "Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-12-19 131072] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-07-31 16806912] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344] "ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2008-09-03 335872] "ETDWareDetect"=C:\Program Files\Elantech\ETDDect.exe [2008-08-22 204800] "SunJavaUpdateSched"=C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [2010-02-18 248040] "AsusTray"=C:\Program Files\EeePC\ACPI\AsTray.exe [2008-09-17 106496] "AsusACPIServer"=C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe [2008-09-16 593920] "AsusEPCMonitor"=C:\Program Files\EeePC\ACPI\AsEPCMon.exe [2008-05-21 94208] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-15 15360] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage AutoRun OSCleaner.lnk - C:\Program Files\ASUS\Asus OS Cleaner\AsOSCleaner.exe BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe SuperHybridEngine.lnk - C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2007-12-19 208896] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" ======List of files/folders created in the last 1 months====== 2010-05-23 18:13:35 ----D---- C:\Program Files\trend micro 2010-05-23 18:13:34 ----D---- C:\rsit 2010-05-23 17:59:40 ----A---- C:\TB.txt 2010-05-23 17:58:22 ----D---- C:\ToolBar SD 2010-05-22 17:04:05 ----D---- C:\Documents and Settings\All Users\Application Data\Sun 2010-05-22 14:39:21 ----A---- C:\WINDOWS\system32\javaws.exe 2010-05-22 14:39:21 ----A---- C:\WINDOWS\system32\javaw.exe 2010-05-22 14:39:21 ----A---- C:\WINDOWS\system32\java.exe 2010-05-22 14:39:21 ----A---- C:\WINDOWS\system32\deployJava1.dll 2010-05-22 12:02:23 ----D---- C:\Documents and Settings\Pascal\Application Data\Malwarebytes 2010-05-22 12:02:13 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-05-22 12:02:13 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2010-05-22 11:28:50 ----A---- C:\WINDOWS\system32\DBCLIENT.DLL 2010-05-22 11:28:38 ----D---- C:\Program Files\Fichiers communs\Borland Shared 2010-05-22 11:28:10 ----D---- C:\Program Files\ZebHelpProcess 2010-05-22 10:30:00 ----N---- C:\WINDOWS\system32\browserchoice.exe ======List of files/folders modified in the last 1 months====== 2010-05-23 18:13:40 ----D---- C:\WINDOWS\Prefetch 2010-05-23 18:13:35 ----RD---- C:\Program Files 2010-05-23 18:12:17 ----D---- C:\Program Files\Mozilla Firefox 2010-05-23 18:02:03 ----D---- C:\WINDOWS\Temp 2010-05-23 17:50:40 ----D---- C:\WINDOWS 2010-05-23 17:50:38 ----D---- C:\WINDOWS\system32\CatRoot2 2010-05-22 17:15:39 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-05-22 17:04:05 ----SHD---- C:\WINDOWS\Installer 2010-05-22 17:03:59 ----D---- C:\Program Files\Fichiers communs\Java 2010-05-22 14:39:21 ----D---- C:\WINDOWS\system32 2010-05-22 14:36:30 ----D---- C:\Program Files\Java 2010-05-22 14:31:29 ----D---- C:\WINDOWS\Help 2010-05-22 14:30:53 ----SD---- C:\Documents and Settings\Pascal\Application Data\Microsoft 2010-05-22 12:04:32 ----D---- C:\WINDOWS\Debug 2010-05-22 12:02:16 ----D---- C:\WINDOWS\system32\drivers 2010-05-22 11:53:50 ----D---- C:\Programmes portables 2010-05-22 11:35:16 ----HD---- C:\WINDOWS\inf 2010-05-22 11:33:20 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-05-22 11:32:35 ----D---- C:\WINDOWS\ie8updates 2010-05-22 11:31:04 ----D---- C:\Program Files\Movie Maker 2010-05-22 11:30:58 ----D---- C:\WINDOWS\system32\CatRoot 2010-05-22 11:28:38 ----D---- C:\Program Files\Fichiers communs 2010-05-22 11:11:50 ----D---- C:\Program Files\Internet Explorer 2010-05-22 11:10:21 ----D---- C:\Program Files\Outlook Express 2010-05-22 10:24:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-04-30 11:51:08 ----A---- C:\WINDOWS\system32\MRT.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2006-07-18 284184] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-15 40576] R1 khips;Kerio HIPS Driver; C:\WINDOWS\system32\drivers\khips.sys [2006-07-18 91672] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-07-23 28520] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-01-10 56816] R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2008-08-29 1325344] R3 AsusACPI;ASUS ACPI Driver; C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys [2008-04-08 10752] R3 BTDriver;Pilote de communications virtuelles Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2008-02-04 37160] R3 BTKRNL;Enumérateur de bus Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2008-08-19 991656] R3 CmBatt;Pilote d'adaptateur secteur Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-15 144384] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-12-19 5854688] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-08-12 4751360] R3 Ktp;Elantech Smart-Pad; C:\WINDOWS\system32\DRIVERS\ETD.sys [2008-08-24 26112] R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2008-03-11 36864] R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984] S3 aeuoswf0;aeuoswf0; C:\WINDOWS\system32\drivers\aeuoswf0.sys [] S3 btaudio;Périphérique audio Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2008-05-30 534568] S3 BTWDNDIS;Serveur d'accès au réseau local Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2008-07-24 156816] S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2008-03-10 57384] S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2008-08-19 47272] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-07-23 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-29 185089] R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-09-02 346720] R2 IviRegMgr;IviRegMgr; C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-05-22 153376] R2 KPF4;Sunbelt Kerio Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2006-07-18 1205784] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-14 32768] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] -----------------EOF-----------------

Sur un netbook où j'ai installé très peu de logiciels ZHP m'a trouvé deux problèmes, l'un corrigé par Malwarebytes : Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. : l'autre qui est toujours là : Rapport de ZHPDiag v1.25.1416 par Nicolas Coolman Run by Pascal at 22/05/2010 14:17:32 Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html ---\\ Web Browser MSIE: Internet Explorer v8.0.6001.18702 MFIE: Mozilla Firefox (3.5.3) ---\\ System Information Platform : Microsoft Windows XP (5.1.2600) Service Pack 3 Processor: x86 Family 6 Model 28 Stepping 2, GenuineIntel Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 1015 MB (59% free) System drive C: has 8 GB (55%) free of 15 GB ---\\ Logged in mode Computer Name: NETBOOKP User Name: Pascal Unselected Option: O1,O45,O61,O65 Logged in as Administrator ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 8 Go of 15 Go) E:\ CD-ROM drive (Not Inserted) F:\ Floppy drive, Flash card reader, USB Key (Not Inserted) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] DisableTaskMgr: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] DisableRegistryTools: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] NoDispScrSavPage: OK ---\\ Processus lancés [MD5.4F0BED169FAB31EA094A649B0473B5C6] - (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe [135168] [MD5.8B0DE4B972DB725FB9D591E69CD236FB] - (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe [159744] [MD5.CC632EB3A7D106464E933E7D53883550] - (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe [131072] [MD5.7C78467E411001DDDA695111239994CC] - (.ELANTECH Devices Corp. - ETD Ware TSR Enhancements.) -- C:\Program Files\Elantech\ETDCtrl.exe [335872] [MD5.81733454253997DE4F6170ECF42458AE] - (.ELANTECH Devices Corp. - ETD Ware Detect.) -- C:\Program Files\Elantech\ETDDect.exe [204800] [MD5.D4F0F7437327DBAA264338BAAFB5E5AF] - (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [132496] [MD5.3EFFC2ED6263F45439270EDCBDAD539E] - (.ASUSTeK Computer Inc. - Eee PC Tray Utility.) -- C:\Program Files\EeePC\ACPI\AsTray.exe [106496] [MD5.2B1F8043C0D6E3416D14C3EAD769C997] - (.ASUSTeK Computer Inc. - Asus Eee PC ACPI Service.) -- C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe [593920] [MD5.2D3A4F1B70420B367763AB14F9E9510F] - (.ASUSTeK Computer Inc. - AsEPCMon.) -- C:\Program Files\EeePC\ACPI\AsEPCMon.exe [94208] [MD5.29680A793F690EEF4AAA68479D2A6DF8] - (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [209153] [MD5.59DC5BB82E4C8E0B3EADCFDBC44BA6E4] - (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe [15360] [MD5.E13EA4860E8F2AA845B53BFD2B6FEC5B] - (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe [1695232] [MD5.9015BC03F62940527EC92D45EE89E46F] - (.Avira GmbH - Antivirus Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [108289] [MD5.B8720A787C1223492E6F319465E996CE] - (.Avira GmbH - Antivirus On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [185089] [MD5.E4BDF223CD75478BF44567B4D5C2634D] - (.Microsoft Corporation - Generic Host Process for Win32 Services.) -- C:\WINDOWS\System32\svchost.exe [14336] [MD5.E43F7709F36444681978F9DC067A976B] - (.Broadcom Corporation. - Bluetooth Support Server.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [346720] [MD5.C3FB1D70CB88722267949694BA51759E] - (.Microsoft Corporation - Applications Services et Contrôleur.) -- C:\WINDOWS\system32\services.exe [111104] [MD5.213822072085B5BBAD9AF30AB577D817] - (.InterVideo - RegMgr Module.) -- C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe [112152] [MD5.9EF600C64435CCFDEA01C991289E76EC] - (.Sunbelt Software - Sunbelt Kerio Firewall Service.) -- C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [1205784] [MD5.91E6024D6D4DCDECDB36C43ECF9BBECB] - (.Microsoft Corporation - LSA Shell (Export Version).) -- C:\WINDOWS\system32\lsass.exe [13312] [MD5.460E4CE148BD07218DA0B6A3D31885A9] - (.Microsoft Corporation - Spooler SubSystem App.) -- C:\WINDOWS\system32\spoolsv.exe [57856] ---\\ Pages de recherche d'Internet Explorer (R1) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ---\\ Internet Explorer URLSearchHook (R3) R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.18904 (longhorn_ie8_gdr.100222-1700)) -- C:\WINDOWS\system32\ieframe.dll ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} . (.Pas de propriétaire - Pas de description.) -- (.not file.) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: (no name) - {1E796980-9CC5-11D1-A83F-00C04FC99D61} . (.Pas de propriétaire - Pas de description.) -- ---\\ Applications démarrées automatiquement par le registre (O4) O4 - HKLM\..\Run: [igfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [ETDWare] . (.ELANTECH Devices Corp. - ETD Ware TSR Enhancements.) -- C:\Program Files\Elantech\ETDCtrl.exe O4 - HKLM\..\Run: [ETDWareDetect] . (.ELANTECH Devices Corp. - ETD Ware Detect.) -- C:\Program Files\Elantech\ETDDect.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe O4 - HKLM\..\Run: [AsusTray] . (.ASUSTeK Computer Inc. - Eee PC Tray Utility.) -- C:\Program Files\EeePC\ACPI\AsTray.exe O4 - HKLM\..\Run: [AsusACPIServer] . (.ASUSTeK Computer Inc. - Asus Eee PC ACPI Service.) -- C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe O4 - HKLM\..\Run: [AsusEPCMonitor] . (.ASUSTeK Computer Inc. - AsEPCMon.) -- C:\Program Files\EeePC\ACPI\AsEPCMon.exe O4 - HKLM\..\Run: [avgnt] . (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - Global Startup: AutoRun OSCleaner.lnk . (.Pas de propriétaire - Asus XP Cleaner.) -- C:\Program Files\ASUS\Asus OS Cleaner\AsOSCleaner.exe O4 - Global Startup: BTTray.lnk . (.Broadcom Corporation. - Bluetooth Tray Application.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe O4 - Global Startup: SuperHybridEngine.lnk . (.ASUSTeK Computer Inc. - Eee Super Hybrid Engine.) -- C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe ---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8) O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Envoyer à Bluetooth . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} . (.not file.) - (.not file.) O9 - Extra button: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} . (.not file.) - (.not file.) O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe ---\\ Winsock hijacker (Layered Service Provider) (O10) O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1251549659938 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1251549650219 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\System32\dimsntfy.dll O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\System32\igfxdev.dll ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSODL) (O21) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objet du service d'environnement Systray.) -- C:\WINDOWS\system32\stobject.dll ---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22) O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) . (.Avira GmbH - Antivirus Scheduler.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) . (.Avira GmbH - Antivirus On-Access Service.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Bluetooth Service (btwdins) . (.Broadcom Corporation. - Bluetooth Support Server.) - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: IviRegMgr (IviRegMgr) . (.InterVideo - RegMgr Module.) - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) . (.Sunbelt Software - Sunbelt Kerio Firewall Service.) - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe ---\\ Composants installés (ActiveSetup Installed Components) (O40) O40 - ASIC: Personnalisation du navigateur - >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS . (.Pas de propriétaire - Pas de description.) -- RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre1.6.0_03\bin\regutils.dll O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\msnetmtg.inf O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\msmsgs.inf O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\wmp.inf O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11cf-96B8-444553540000} . (.Adobe Systems, Inc. - Adobe Flash Player 10.0 r32.) -- C:\WINDOWS\system32\Macromed\Flash\Flash10c.ocx ---\\ Pilotes lancés au démarrage (O41) O41 - Driver: avgio (avgio) . (.Avira GmbH - Avira AntiVir Support for Minifilter.) - C:\Program Files\Avira\AntiVir Desktop\avgio.sys O41 - Driver: avipbb (avipbb) . (.Avira GmbH - Avira Driver for RootKit Detection.) - C:\WINDOWS\system32\DRIVERS\avipbb.sys O41 - Driver: Firewall Driver (fwdrv) . (.Sunbelt Software - Sunbelt Kerio Firewall FWDRV.) - C:\WINDOWS\system32\drivers\fwdrv.sys O41 - Driver: Kerio HIPS Driver (khips) . (.Sunbelt Software - Sunbelt Kerio Host Intrusion Prevention Dri.) - C:\WINDOWS\system32\drivers\khips.sys O41 - Driver: ssmdrv (ssmdrv) . (.Avira GmbH - AVIRA SnapShot Driver.) - C:\WINDOWS\system32\DRIVERS\ssmdrv.sys ---\\ Logiciels installés (O42) O42 - Logiciel: ASUSUpdate for Eee PC - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Adabas D 13.01.00 - (.Sun Microsystems.) [HKLM] O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] O42 - Logiciel: Assistant de connexion Windows Live - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Asus ACPI Driver - (.ASUSTek Computer.) [HKLM] O42 - Logiciel: Asus OS Cleaner - (.ASUSTek Computer INC..) [HKLM] O42 - Logiciel: Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver - (.Atheros Communications Inc..) [HKLM] O42 - Logiciel: Avira AntiVir Personal - Free Antivirus - (.Avira GmbH.) [HKLM] O42 - Logiciel: Azurewave Wireless LAN - (.RaLink.) [HKLM] O42 - Logiciel: CCleaner (remove only) - (.Piriform.) [HKLM] O42 - Logiciel: ETDWare PS/2-x86 7.0.3.8 WHQL - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Eee Storage 1.1.15.197 - (.ECAREME.) [HKLM] O42 - Logiciel: Foxit Reader - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Hotfix for Windows XP (KB976002-v5) - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Intel® Graphics Media Accelerator Driver - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: InterVideo WinDVD - (.InterVideo Inc..) [HKLM] O42 - Logiciel: Java 6 Update 3 - (.Sun Microsystems, Inc..) [HKLM] O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.) [HKLM] O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Microsoft.) [HKLM] O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB953297) - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Microsoft Flight Simulator 2002 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU] - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Mozilla Firefox (3.5.3) - (.Mozilla.) [HKLM] O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM] O42 - Logiciel: Sunbelt Kerio Personal Firewall - (.Sunbelt Software.) [HKLM] O42 - Logiciel: Super Hybrid Engine - (.ASUS.) [HKLM] O42 - Logiciel: WIDCOMM Bluetooth Software - (.WIDCOMM, Inc..) [HKLM] O42 - Logiciel: Windows Genuine Advantage Validation Tool (KB892130) - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Windows Internet Explorer 8 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: ZebHelpProcess 2.35 - (.Nicolas Coolman.) [HKLM] ---\\ HKCU & HKLM Software Keys [HKCU\Software\Asus] [HKCU\Software\Avira] [HKCU\Software\Classes] [HKCU\Software\Clients] [HKCU\Software\DT Soft] [HKCU\Software\ECAREME] [HKCU\Software\Elantech] [HKCU\Software\Foxit Software] [HKCU\Software\Intel] [HKCU\Software\InterVideo] [HKCU\Software\JavaSoft] [HKCU\Software\Lake] [HKCU\Software\Macromedia] [HKCU\Software\Malwarebytes' Anti-Malware] [HKCU\Software\Netscape] [HKCU\Software\Piriform] [HKCU\Software\Policies] [HKCU\Software\Realtek] [HKCU\Software\Skype] [HKCU\Software\Sony Corporation] [HKCU\Software\Sunbelt Software] [HKCU\Software\Widcomm] [HKCU\Software\Windows Live] [HKCU\Software\YahooPartnerToolbar] [HKLM\Software\ASUSTek Computer INC.] [HKLM\Software\Asus] [HKLM\Software\Atheros Communications Inc.] [HKLM\Software\Atheros] [HKLM\Software\Avira] [HKLM\Software\Borland] [HKLM\Software\C07ft5Y] [HKLM\Software\Classes] [HKLM\Software\Clients] [HKLM\Software\DT Soft] [HKLM\Software\ECAREME] [HKLM\Software\Foxit Software] [HKLM\Software\Gemplus] [HKLM\Software\Google] [HKLM\Software\Intel] [HKLM\Software\InterVideo Inc.] [HKLM\Software\InterVideo] [HKLM\Software\JavaSoft] [HKLM\Software\JreMetrics] [HKLM\Software\Lake] [HKLM\Software\Macromedia] [HKLM\Software\MozillaPlugins] [HKLM\Software\Mozilla] [HKLM\Software\ODBC] [HKLM\Software\Policies] [HKLM\Software\Program Groups] [HKLM\Software\RALINK] [HKLM\Software\Realtek Semiconductor Corp.] [HKLM\Software\Realtek] [HKLM\Software\RegisteredApplications] [HKLM\Software\Schlumberger] [HKLM\Software\Secure] [HKLM\Software\Software AG] [HKLM\Software\Sunbelt Software] [HKLM\Software\SuppHelpDir] [HKLM\Software\Widcomm] [HKLM\Software\Windows 3.1 Migration Status] [HKLM\Software\X-AVCSD] [HKLM\Software\mozilla.org] ---\\ Contenu des dossiers Fichiers Communs (O43) O43 - CFD:Common File Directory ----D- C:\Program Files\ASUS O43 - CFD:Common File Directory ----D- C:\Program Files\Atheros O43 - CFD:Common File Directory ----D- C:\Program Files\Avira O43 - CFD:Common File Directory ----D- C:\Program Files\CCleaner O43 - CFD:Common File Directory ----D- C:\Program Files\ComPlus Applications O43 - CFD:Common File Directory ----D- C:\Program Files\DAEMON Tools Lite O43 - CFD:Common File Directory ----D- C:\Program Files\Eee Storage O43 - CFD:Common File Directory ----D- C:\Program Files\EeePC O43 - CFD:Common File Directory ----D- C:\Program Files\Elantech O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers communs O43 - CFD:Common File Directory ----D- C:\Program Files\Foxit Software O43 - CFD:Common File Directory --H-D- C:\Program Files\InstallShield Installation Information O43 - CFD:Common File Directory ----D- C:\Program Files\Intel O43 - CFD:Common File Directory ----D- C:\Program Files\Internet Explorer O43 - CFD:Common File Directory ----D- C:\Program Files\InterVideo O43 - CFD:Common File Directory ----D- C:\Program Files\Java O43 - CFD:Common File Directory ----D- C:\Program Files\Malwarebytes' Anti-Malware O43 - CFD:Common File Directory ----D- C:\Program Files\Messenger O43 - CFD:Common File Directory ----D- C:\Program Files\microsoft frontpage O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Games O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft SQL Server Compact Edition O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Works O43 - CFD:Common File Directory ----D- C:\Program Files\Movie Maker O43 - CFD:Common File Directory ----D- C:\Program Files\Mozilla Firefox O43 - CFD:Common File Directory ----D- C:\Program Files\MSN Gaming Zone O43 - CFD:Common File Directory ----D- C:\Program Files\NetMeeting O43 - CFD:Common File Directory ----D- C:\Program Files\Outlook Express O43 - CFD:Common File Directory ----D- C:\Program Files\RALINK O43 - CFD:Common File Directory ----D- C:\Program Files\Realtek O43 - CFD:Common File Directory ----D- C:\Program Files\Services en ligne O43 - CFD:Common File Directory ----D- C:\Program Files\Sun O43 - CFD:Common File Directory ----D- C:\Program Files\Sunbelt Software O43 - CFD:Common File Directory --H-D- C:\Program Files\Uninstall Information O43 - CFD:Common File Directory ----D- C:\Program Files\WIDCOMM O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live Toolbar O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Player O43 - CFD:Common File Directory ----D- C:\Program Files\Windows NT O43 - CFD:Common File Directory --H-D- C:\Program Files\WindowsUpdate O43 - CFD:Common File Directory ----D- C:\Program Files\xerox O43 - CFD:Common File Directory ----D- C:\Program Files\ZebHelpProcess O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Adobe O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Borland Shared O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\InstallShield O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\InterVideo O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Java O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Microsoft Shared O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\MSSoap O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\ODBC O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Services O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\SpeechEngines O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\System O43 - CFD:Common File Directory -SH-D- C:\Program Files\Fichiers Communs\WindowsLiveInstaller ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.00000000000000000000000000000000] - 22/05/2010 - 13:16:29 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\WindowsUpdate.log [1467324] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 22/05/2010 - 13:15:34 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\0.log [0] O44 - LFC:[MD5.00000000000000000000000000000000] - 22/05/2010 - 13:15:19 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\wiadebug.log [159] O44 - LFC:[MD5.00000000000000000000000000000000] - 22/05/2010 - 13:15:06 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\wiaservc.log [50] O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 22/05/2010 - 13:14:51 -S-A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\bootstat.dat [2048] O44 - LFC:[MD5.00000000000000000000000000000000] - 22/05/2010 - 12:20:34 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\SchedLgU.Txt [26656] O44 - LFC:[MD5.00000000000000000000000000000000] - 22/05/2010 - 10:52:09 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\PDOXUSRS.NET [13030] O44 - LFC:[MD5.4BC02BD73338C3A26265F5C64DBEC770] - 22/05/2010 - 10:28:50 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\BDEADMIN.CPL [183808] O44 - LFC:[MD5.8C25E347F5E2C2BCA9B5258A68B72AE7] - 22/05/2010 - 10:28:50 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\DBCLIENT.DLL [210032] O44 - LFC:[MD5.3EEDFCEEBA18475325EF23D591239BFF] - 22/05/2010 - 10:10:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\TZLog.log [365902] O44 - LFC:[MD5.120DFB271E4E355FB1F09FCEFD67CB4C] - 22/05/2010 - 09:25:10 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\wpa.dbl [1158] O44 - LFC:[MD5.CE7E5D43B0297ED46F7620BB4E817E68] - 22/05/2010 - 09:25:01 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfh00C.dat [445672] O44 - LFC:[MD5.2EEF1E39424DB47BED275844A9FEC35E] - 22/05/2010 - 09:25:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfc009.dat [53098] O44 - LFC:[MD5.8253D6C82E71A11A9AD935C3F6A22A3F] - 22/05/2010 - 09:25:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfc00C.dat [64052] O44 - LFC:[MD5.1624CFEC1C8C1A4205E20A2B020010B3] - 22/05/2010 - 09:25:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfh009.dat [380684] O44 - LFC:[MD5.4209FD273A10717399E93CF06571AF40] - 22/05/2010 - 09:24:59 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\PerfStringBackup.INI [951770] O44 - LFC:[MD5.C7DD7D9739785BD3A6B8499EEC1DEE7E] - 29/04/2010 - 14:39:38 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [38224] O44 - LFC:[MD5.67B48A903430C6D4FB58CBACA1866601] - 29/04/2010 - 14:39:26 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\System32\drivers\mbam.sys [20952] ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll ---\\ Export de clé d'application autorisée (ECAA) (O47) O47 - AAKE:Key Export SP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [Enabled] .(.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Messenger\livecall.exe" [Enabled] .(.Microsoft Corporation - Windows Live Call.) -- C:\Program Files\Windows Live\Messenger\livecall.exe O47 - AAKE:Key Export SP - "C:\Program Files\Messenger\msmsgs.exe" [Enabled] .(.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe O47 - AAKE:Key Export DP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [Enabled] .(.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Messenger\livecall.exe" [Enabled] .(.Microsoft Corporation - Windows Live Call.) -- C:\Program Files\Windows Live\Messenger\livecall.exe ---\\ Image File Execution Options (IFEO) (O50) O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d ---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52) O52 - TDSD: \Drivers32\"msacm.trspch"="tssoft32.acm" . (.DSP GROUP, INC. - Codec audio TrueSpeech DSP Group pour MSACM V3.50.) -- C:\WINDOWS\System32\tssoft32.acm O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\WINDOWS\System32\iccvid.dll O52 - TDSD: \Drivers32\"vidc.iv31"="ir32_32.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ir32_32.dll O52 - TDSD: \Drivers32\"vidc.iv32"="ir32_32.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ir32_32.dll O52 - TDSD: \Drivers32\"vidc.iv41"="ir41_32.ax" . (.Intel Corporation - Intel Indeo® Video 4.5.) -- C:\WINDOWS\System32\ir41_32.ax O52 - TDSD: \Drivers32\"msacm.sl_anet"="sl_anet.acm" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm O52 - TDSD: \Drivers32\"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax O52 - TDSD: \Drivers32\"vidc.iv50"="ir50_32.dll" . (.Intel Corporation - Intel Indeo® video 5.10.) -- C:\WINDOWS\System32\ir50_32.dll O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm O52 - TDSD: \drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\iac25_32.ax"="Indeo® audio software" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax O52 - TDSD: \drivers.desc\"ir50_32.dll"="Indeo® video 5.10" . (.Pas de propriétaire - Pas de description.) -- (.not file.) O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm ---\\ ShareTools MSconfig StartupReg (SMSR) (O53) O53 - SMSR:HKLM\...\startupreg\Adobe Reader Speed Launcher [Key] . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe O53 - SMSR:HKLM\...\startupreg\MsnMsgr [Key] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\MsnMsgr.exe ---\\ Microsoft Control Security Providers (MCSP) (O54) O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll ---\\ Microsoft Windows Policies System (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0 O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"= O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"= O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1 ---\\ Microsoft Windows Policies Explorer (MWPE) (O56) O56 - MWPE:[HKCU\...\Policies\Explorer] - "NoDriveTypeAutoRun"=145 O56 - MWPE:[HKLM\...\Policies\Explorer] - "HonorAutoRunSetting"=1 ---\\ Liste des Drivers Système (SDL) (O58) O58 - SDL:[MD5.12415A4B61DED200FE9932B47A35FA42] - 08/04/2008 - 14:59:28 ---A- . (.ASUSTeK Computer Inc. - ASUS ACPI Device Driver.) -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS O58 - SDL:[MD5.EC79BD966B02AA6050E24D640F87DC07] - 29/08/2008 - 12:45:30 ---A- . (.Atheros Communications, Inc. - Driver for Atheros AR5008 Wireless Network Adapter.) -- C:\WINDOWS\system32\drivers\athw.sys O58 - SDL:[MD5.5B44C214F9CD9F590BE9125347610380] - 13/02/2009 - 11:17:49 ---A- . (.Avira GmbH - Avira AntiVir File Filter Driver.) -- C:\WINDOWS\system32\drivers\avgntdd.sys O58 - SDL:[MD5.14FE36D8F2C6A2435275338D061A0B66] - 10/01/2010 - 16:04:54 ---A- . (.Avira GmbH - Avira Minifilter Driver.) -- C:\WINDOWS\system32\drivers\avgntflt.sys O58 - SDL:[MD5.2DAA8CC2670720DEDDCC74A20EDE2EE9] - 13/02/2009 - 11:28:39 ---A- . (.Avira GmbH - Avira AntiVir File Filter Driver Manager.) -- C:\WINDOWS\system32\drivers\avgntmgr.sys O58 - SDL:[MD5.AD9BD66A862116E79CB45BB6BE46055F] - 30/03/2009 - 09:32:47 ---A- . (.Avira GmbH - Avira Driver for RootKit Detection.) -- C:\WINDOWS\system32\drivers\avipbb.sys O58 - SDL:[MD5.4B43DFE1C1FBB305A1DC5504EF9BB34E] - 30/05/2008 - 04:46:12 ---A- . (.Broadcom Corporation. - Bluetooth Audio Device.) -- C:\WINDOWS\system32\drivers\btaudio.sys O58 - SDL:[MD5.70455BAFFC078B6152D1E52376296467] - 19/08/2008 - 15:16:36 ---A- . (.Broadcom Corporation. - Bluetooth Bus Enumerator.) -- C:\WINDOWS\system32\drivers\btkrnl.sys O58 - SDL:[MD5.2F9F111D31AA3FBBE5781D829A4524E6] - 04/02/2008 - 10:57:44 ---A- . (.Broadcom Corporation. - Bluetooth BTPORT Driver for Windows 2000.) -- C:\WINDOWS\system32\drivers\btport.sys O58 - SDL:[MD5.485020A1E1FC5C51A800CA69C618D881] - 24/07/2008 - 10:37:10 ---A- . (.Broadcom Corporation. - Bluetooth LAN Access Server Driver.) -- C:\WINDOWS\system32\drivers\btwdndis.sys O58 - SDL:[MD5.949ECA9C56F657C06D3166D51F3226C7] - 10/03/2008 - 11:18:42 ---A- . (.Broadcom Corporation. - Bluetooth Virtual HID Minidriver.) -- C:\WINDOWS\system32\drivers\btwhid.sys O58 - SDL:[MD5.C21362BB5A22CE4B40A7B475254F858C] - 11/06/2008 - 07:14:24 ---A- . (.Broadcom Corporation. - Broadcom Bluetooth IT Manager Filter.) -- C:\WINDOWS\system32\drivers\btwsecfl.sys O58 - SDL:[MD5.2CFC2BD8785F82A42FCAD83DE1FA5A36] - 19/08/2008 - 15:16:28 ---A- . (.Broadcom Corporation. - Driver for Bluetooth USB Devices.) -- C:\WINDOWS\system32\drivers\btwusb.sys O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 15/04/2008 - 04:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\drivers\cinemst2.sys O58 - SDL:[MD5.9624293E55AD405415862B504CA95B73] - 15/04/2008 - 04:00:00 ---A- . (.Compaq Computer Corporation - Compaq PA-1 Player Driver.) -- C:\WINDOWS\system32\drivers\cpqdap01.sys O58 - SDL:[MD5.6E775ADE642556C6D43450D16D763FC2] - 24/08/2008 - 17:59:40 ---A- . (.ELANTECH Devices Corp. - ETD Ware TSR Enhancements.) -- C:\WINDOWS\system32\drivers\ETD.sys O58 - SDL:[MD5.1FF2EEF447A177DF2C544B80F8F7F879] - 18/07/2006 - 11:02:50 ---A- . (.Sunbelt Software - Sunbelt Kerio Firewall FWDRV.) -- C:\WINDOWS\system32\drivers\fwdrv.sys O58 - SDL:[MD5.573C7D0A32852B48F3058CFD8026F511] - 15/04/2008 - 04:00:00 ---A- . (.Windows ® Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\drivers\hdaudbus.sys O58 - SDL:[MD5.0F68E2EC713F132FFB19E45415B09679] - 19/12/2007 - 16:32:12 ---A- . (.Intel Corporation - Intel Graphics Miniport Driver.) -- C:\WINDOWS\system32\drivers\igxpmp32.sys O58 - SDL:[MD5.304CE9FB3D64CAA07B940BEF4F8C2DCD] - 18/07/2006 - 11:02:52 ---A- . (.Sunbelt Software - Sunbelt Kerio Host Intrusion Prevention Driver.) -- C:\WINDOWS\system32\drivers\khips.sys O58 - SDL:[MD5.303627228DD739D98289679901A38C8F] - 11/03/2008 - 12:37:00 ---A- . (.Atheros Communications, Inc. - Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller ndis min.) -- C:\WINDOWS\system32\drivers\l1e51x86.sys O58 - SDL:[MD5.67B48A903430C6D4FB58CBACA1866601] - 29/04/2010 - 14:39:26 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbam.sys O58 - SDL:[MD5.C7DD7D9739785BD3A6B8499EEC1DEE7E] - 29/04/2010 - 14:39:38 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys O58 - SDL:[MD5.BE984D604D91C217355CDD3737AAD25D] - 15/04/2008 - 04:00:00 ---A- . (.S3/Diamond Multimedia Systems - NikeDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\nikedrv.sys O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 15/04/2008 - 04:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\drivers\ptilink.sys O58 - SDL:[MD5.A56FE08EC7473E8580A390BB1081CDD7] - 15/04/2008 - 04:00:00 ---A- . (.S3/Diamond Multimedia Systems - Rio8Drv.sys Usb Driver.) -- C:\WINDOWS\system32\drivers\rio8drv.sys O58 - SDL:[MD5.0A854DF84C77A0BE205BFEAB2AE4F0EC] - 15/04/2008 - 04:00:00 ---A- . (.S3/Diamond Multimedia Systems - RioDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\riodrv.sys O58 - SDL:[MD5.C73A4A48FBB3D00C7DBC6FE4F5E3675F] - 12/08/2008 - 09:10:50 ---A- . (.Realtek Semiconductor Corp. - Realtek® High Definition Audio Function Driver.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 15/04/2008 - 04:00:00 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\WINDOWS\system32\drivers\secdrv.sys O58 - SDL:[MD5.00000000000000000000000000000000] - 03/10/2009 - 02:50:43 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\drivers\sptd.sys O58 - SDL:[MD5.3AD0362CF68DE3AC500E981700242CCA] - 23/07/2009 - 17:29:18 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\WINDOWS\system32\drivers\ssmdrv.sys O58 - SDL:[MD5.D74A8EC75305F1D3CFDE7C7FC1BD62A9] - 15/04/2008 - 04:00:00 ---A- . (.Toshiba Corporation - WDM Toshiba Tecra Video Capture Driver.) -- C:\WINDOWS\system32\drivers\tsbvcap.sys O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 15/04/2008 - 04:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\drivers\vdmindvd.sys O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 15/04/2008 - 04:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ansi.sys O58 - SDL:[MD5.EC79BD966B02AA6050E24D640F87DC07] - 29/08/2008 - 12:45:30 ---A- . (.Atheros Communications, Inc. - Driver for Atheros AR5008 Wireless Network Adapter.) -- C:\WINDOWS\system32\athw.sys O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 15/04/2008 - 04:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\country.sys O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 15/04/2008 - 04:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\himem.sys O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 15/04/2008 - 04:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\key01.sys O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 15/04/2008 - 04:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\keyboard.sys O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 15/04/2008 - 04:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos.sys O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 15/04/2008 - 04:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos404.sys O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 15/04/2008 - 04:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos411.sys O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 15/04/2008 - 04:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos412.sys O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 15/04/2008 - 04:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos804.sys O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 15/04/2008 - 04:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio.sys O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 15/04/2008 - 04:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio404.sys O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 15/04/2008 - 04:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio411.sys O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 15/04/2008 - 04:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio412.sys O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 15/04/2008 - 04:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio804.sys ---\\ Liste des services Legacy (LALS) (O64) O64 - Services: CurCS - C:\Program Files\Avira\AntiVir Desktop\sched.exe - Avira AntiVir Planificateur (AntiVirSchedulerService) .(.Avira GmbH - Antivirus Scheduler.) - LEGACY_ANTIVIRSCHEDULERSERVICE O64 - Services: CurCS - C:\Program Files\Avira\AntiVir Desktop\avguard.exe - Avira AntiVir Guard (AntiVirService) .(.Avira GmbH - Antivirus On-Access Service.) - LEGACY_ANTIVIRSERVICE O64 - Services: CurCS - C:\Program Files\Avira\AntiVir Desktop\avgio.sys - avgio (avgio) .(.Avira GmbH - Avira AntiVir Support for Minifilter.) - LEGACY_AVGIO O64 - Services: CurCS - C:\WINDOWS\system32\DRIVERS\avgntflt.sys - avgntflt (avgntflt) .(.Avira GmbH - Avira Minifilter Driver.) - LEGACY_AVGNTFLT O64 - Services: CurCS - C:\WINDOWS\system32\DRIVERS\avipbb.sys - avipbb (avipbb) .(.Avira GmbH - Avira Driver for RootKit Detection.) - LEGACY_AVIPBB O64 - Services: CurCS - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe - Bluetooth Service (btwdins) .(.Broadcom Corporation. - Bluetooth Support Server.) - LEGACY_BTWDINS O64 - Services: CurCS - (.not file.) - Lanceur de processus serveur DCOM (DcomLaunch) .(.Pas de propriétaire - Pas de description.) - LEGACY_DCOMLAUNCH O64 - Services: CurCS - C:\WINDOWS\system32\drivers\fwdrv.sys - Firewall Driver (fwdrv) .(.Sunbelt Software - Sunbelt Kerio Firewall FWDRV.) - LEGACY_FWDRV O64 - Services: CurCS - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe - IviRegMgr (IviRegMgr) .(.InterVideo - RegMgr Module.) - LEGACY_IVIREGMGR O64 - Services: CurCS - C:\WINDOWS\system32\drivers\khips.sys - Kerio HIPS Driver (khips) .(.Sunbelt Software - Sunbelt Kerio Host Intrusion Prevention Dri.) - LEGACY_KHIPS O64 - Services: CurCS - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe - Sunbelt Kerio Personal Firewall 4 (KPF4) .(.Sunbelt Software - Sunbelt Kerio Firewall Service.) - LEGACY_KPF4 O64 - Services: CurCS - (.not file.) - mbr (mbr) .(.Pas de propriétaire - Pas de description.) - LEGACY_MBR O64 - Services: CurCS - (.not file.) - Mup (Mup) .(.Pas de propriétaire - Pas de description.) - LEGACY_MUP O64 - Services: CurCS - (.not file.) - Pilote système NDIS (NDIS) .(.Pas de propriétaire - Pas de description.) - LEGACY_NDIS O64 - Services: CurCS - (.not file.) - RDPNP (RDPNP) .(.Pas de propriétaire - Pas de description.) - LEGACY_RDPNP O64 - Services: CurCS - (.not file.) - Appel de procédure distante (RPC) (RpcSs) .(.Pas de propriétaire - Pas de description.) - LEGACY_RPCSS O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\sptd.sys - sptd (sptd) .(.Pas de propriétaire - Pas de description.) - LEGACY_SPTD O64 - Services: CurCS - C:\WINDOWS\system32\DRIVERS\ssmdrv.sys - ssmdrv (ssmdrv) .(.Avira GmbH - AVIRA SnapShot Driver.) - LEGACY_SSMDRV O64 - Services: CurCS - (.not file.) - Services Terminal Server (TermService) .(.Pas de propriétaire - Pas de description.) - LEGACY_TERMSERVICE ---\\ Observateur d'évènement d'application (OEA) (O66) O66 - EventLog: ID=490 (ESENT) - (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Pas de propriétaire - Pas de description.) -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Pas de propriétaire - Pas de description.) -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe ---\\ Start Menu Internet (SMI) (O68) O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ---\\ Recherche d'infection Master Boot Record (O80) Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net Run by Pascal at 22/05/2010 14:18:05 device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spoy.sys >>UNKNOWN [0x86575938]<< kernel: MBR read successfully user & kernel MBR OK End of the scan (530 lines in 00mn 33s) Est-ce que j'aurais pu attraper cela à partir de clés USB qui seraient infectées? Quelle serait la méthode pour les nettoyer? Merci pour votre réponse.

et voila : ComboFix 10-05-15.03 - Pascal Admin 16/05/2010 13:51:24.5.1 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.511.139 [GMT 2:00] Lancé depuis: c:\documents and settings\Pascal Admin\Bureau\bitroc.exe Commutateurs utilisés :: c:\documents and settings\Pascal Admin\Bureau\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FW: Sunbelt Kerio Personal Firewall *disabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174} FILE :: "c:\documents and settings\Pascal Admin\Bureau\Asapiw2k.sys.txt" "c:\documents and settings\Pascal Admin\Recent\Asapiw2k.sys.txt.lnk" "c:\windows\maxdriver\asapiW2k.sys" "c:\windows\system32\Asapiw2k.sys" . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Pascal Admin\Bureau\Asapiw2k.sys.txt c:\documents and settings\Pascal Admin\Recent\Asapiw2k.sys.txt.lnk c:\windows\look.bat c:\windows\maxdriver\asapiW2k.sys . ((((((((((((((((((((((((((((( Fichiers créés du 2010-04-16 au 2010-05-16 )))))))))))))))))))))))))))))))))))) . 2010-05-15 13:12 . 2010-05-15 16:10 -------- d-----w- C:\Sauvegarde 2010-05-15 08:34 . 2010-05-15 08:34 -------- d-----w- c:\program files\Zeb-Utility 2010-05-15 08:06 . 2010-05-15 08:06 -------- d-----w- c:\windows\system32\wbem\Repository 2010-05-10 18:27 . 2010-02-26 15:26 220024 ----a-w- c:\windows\sigcheck.exe 2010-05-10 18:15 . 2010-05-16 12:04 -------- d-----w- c:\windows\maxdriver 2010-05-09 14:43 . 2010-05-09 15:15 12552 ----a-w- c:\windows\system32\drivers\hddirect.sys 2010-05-02 12:30 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-02 12:29 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-02 12:29 . 2010-05-02 12:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-02 10:13 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-04-28 19:32 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe 2010-04-28 14:55 . 2010-05-15 15:04 -------- d-----w- c:\program files\SEAF 2010-04-28 08:09 . 2010-04-28 08:09 -------- d-----w- c:\documents and settings\Pascal Admin\Application Data\Foxit Software 2010-04-27 10:03 . 2010-04-27 11:25 -------- d-----w- C:\Ad-Remover 2010-04-26 17:31 . 2010-04-27 08:12 -------- d-----w- C:\ToolBar SD . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-15 13:31 . 2005-11-06 11:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-05-13 19:49 . 2008-11-24 19:11 -------- d-----w- c:\documents and settings\Pascal Admin\Application Data\Vso 2010-05-12 06:23 . 2008-12-19 12:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-05-09 15:09 . 2006-08-08 20:23 1736213 ----a-w- c:\windows\system32\drivers\fwdrv.err 2010-05-08 11:06 . 2010-04-04 09:35 -------- d-----w- c:\program files\URLSnooper2 2010-05-08 10:29 . 2010-04-25 00:29 664 ----a-w- c:\documents and settings\Dominique\Local Settings\Application Data\d3d9caps.tmp 2010-05-06 08:36 . 2009-10-23 08:40 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-04 20:52 . 2007-03-03 18:06 -------- d-----w- c:\program files\SlySoft 2010-05-02 10:13 . 2009-12-20 14:11 -------- d-----w- c:\program files\Java 2010-05-02 09:15 . 2008-05-24 19:58 -------- d-----w- c:\program files\ZebHelpProcess 2 2010-05-01 14:42 . 2009-11-29 17:46 -------- d-----w- c:\program files\ZHPDiag 2010-04-26 17:46 . 2008-01-19 10:01 -------- d-----w- c:\documents and settings\Pascal Admin\Application Data\uTorrent 2010-04-26 08:40 . 2007-10-20 09:05 -------- d-----w- c:\program files\CCleaner 2010-04-09 10:05 . 2004-11-04 18:05 -------- d-----w- c:\program files\Fichiers communs\Adobe 2010-04-07 05:43 . 2006-04-15 10:06 -------- d-----w- c:\program files\Radio Fr Solo 2010-04-04 14:41 . 2008-11-30 21:38 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-04-04 09:37 . 2010-04-04 09:37 46 ----a-w- c:\windows\system32\DonationCoder_urlsnooper_InstallInfo.dat 2010-04-04 09:37 . 2010-04-04 09:37 -------- d-----w- c:\documents and settings\Pascal Admin\Application Data\DonationCoder 2010-04-04 09:36 . 2010-04-04 09:36 -------- d-----w- c:\program files\WinPcap 2010-04-04 09:35 . 2010-04-04 09:35 -------- d-----w- c:\documents and settings\All Users\Application Data\DonationCoder 2010-04-04 09:21 . 2010-04-04 09:21 -------- d-----w- c:\program files\Xi 2010-04-03 17:29 . 2010-04-03 17:29 503808 ----a-w- c:\documents and settings\Dominique\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6f6d9473-n\msvcp71.dll 2010-04-03 17:29 . 2010-04-03 17:29 499712 ----a-w- c:\documents and settings\Dominique\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6f6d9473-n\jmc.dll 2010-04-03 17:29 . 2010-04-03 17:29 12800 ----a-w- c:\documents and settings\Dominique\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2524fe97-n\decora-d3d.dll 2010-04-03 17:29 . 2010-04-03 17:29 348160 ----a-w- c:\documents and settings\Dominique\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6f6d9473-n\msvcr71.dll 2010-04-03 17:29 . 2010-04-03 17:29 61440 ----a-w- c:\documents and settings\Dominique\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2524fe97-n\decora-sse.dll 2010-04-03 10:07 . 2005-10-07 15:49 -------- d-----w- c:\program files\Fichiers communs\Java 2010-04-03 10:07 . 2010-04-03 10:07 503808 ----a-w- c:\documents and settings\Pascal Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5ae4574e-n\msvcp71.dll 2010-04-03 10:07 . 2010-04-03 10:07 61440 ----a-w- c:\documents and settings\Pascal Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-65ae946b-n\decora-sse.dll 2010-04-03 10:07 . 2010-04-03 10:07 499712 ----a-w- c:\documents and settings\Pascal Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5ae4574e-n\jmc.dll 2010-04-03 10:07 . 2010-04-03 10:07 348160 ----a-w- c:\documents and settings\Pascal Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5ae4574e-n\msvcr71.dll 2010-04-03 10:07 . 2010-04-03 10:07 12800 ----a-w- c:\documents and settings\Pascal Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-65ae946b-n\decora-d3d.dll 2010-04-03 10:05 . 2001-08-28 12:00 615420 ----a-w- c:\windows\system32\perfh00C.dat 2010-04-03 10:05 . 2001-08-28 12:00 123638 ----a-w- c:\windows\system32\perfc00C.dat 2010-03-28 12:37 . 2010-03-06 16:20 -------- d-----w- c:\program files\USB-set 2010-03-27 12:32 . 2008-03-16 14:51 -------- d-----w- c:\documents and settings\Dominique\Application Data\Smart Panel 2010-03-26 11:17 . 2004-10-10 15:53 -------- d-----w- c:\program files\eMule 2010-03-24 13:09 . 2005-02-14 21:38 117824 ----a-w- c:\documents and settings\Olivier\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-03-24 13:05 . 2010-03-24 13:05 130 ----a-w- c:\documents and settings\Olivier\Local Settings\Application Data\fusioncache.dat 2010-03-20 13:00 . 2008-05-24 11:41 -------- d-----w- c:\documents and settings\All Users\Application Data\BSD 2010-03-13 17:28 . 2010-03-13 17:28 2734 ----a-r- c:\documents and settings\Pascal Admin\Application Data\Microsoft\Installer\{C9CE8735-F02F-4DE4-B979-04D30DFFE7C3}\_2cd672ae.exe 2010-03-13 17:28 . 2010-03-13 17:28 2734 ----a-r- c:\documents and settings\Pascal Admin\Application Data\Microsoft\Installer\{C9CE8735-F02F-4DE4-B979-04D30DFFE7C3}\_294823.exe 2010-03-13 17:28 . 2010-03-13 17:28 2734 ----a-r- c:\documents and settings\Pascal Admin\Application Data\Microsoft\Installer\{C9CE8735-F02F-4DE4-B979-04D30DFFE7C3}\_18be6784.exe 2010-03-13 17:28 . 2010-03-13 17:28 12390 ----a-r- c:\documents and settings\Pascal Admin\Application Data\Microsoft\Installer\{C9CE8735-F02F-4DE4-B979-04D30DFFE7C3}\_4ae13d6c.exe 2010-03-10 06:16 . 2002-08-29 09:45 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-02-25 06:17 . 2002-08-29 09:45 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2005-02-12 12:06 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr 2010-02-17 12:07 . 2002-08-29 09:42 2192000 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 19:07 . 2002-08-29 11:42 2068864 ----a-w- c:\windows\system32\ntkrnlpa.exe 1999-12-02 12:54 . 2007-10-27 08:36 91648 ------w- c:\program files\xcacls.exe 2008-09-10 11:49 . 2008-09-10 11:49 5817064 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll 2005-05-30 19:37 . 2005-05-30 19:37 8192 --sha-w- c:\windows\o2cLicStore.bin 2005-05-05 15:01 . 2005-05-05 15:01 8 --sh--r- c:\windows\system32\0AA48D50C7.sys 2006-07-11 06:15 . 2006-07-11 06:15 5 --sha-w- c:\windows\system32\aebdd_s.dll 2008-04-14 02:33 . 2001-08-28 12:00 65024 --sha-w- c:\windows\system32\asycfilt.dll 2005-05-05 15:15 . 2005-05-05 15:01 1056 --sha-w- c:\windows\system32\KGyGaAvL.sys 2001-08-28 12:00 . 2001-08-28 12:00 57344 --sha-w- c:\windows\system32\mfc42loc.dll 2001-08-28 12:00 . 2001-08-28 12:00 253952 --sha-w- c:\windows\system32\msvcrt20.dll 2008-04-14 02:33 . 2002-08-29 09:44 551936 --sha-w- c:\windows\system32\oleaut32.dll 2008-04-14 02:33 . 2001-08-28 12:00 84992 --sha-w- c:\windows\system32\olepro32.dll 2008-04-14 02:33 . 2001-08-28 12:00 30749 --sha-w- c:\windows\system32\vbajet32.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PSDrvCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-08-28 396800] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 10:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e\0SsiEfr.e [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HDDirect.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Nikon Monitor.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Nikon Monitor.lnk backup=c:\windows\pss\Nikon Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Pascal Admin^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk] path=c:\documents and settings\Pascal Admin\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk backup=c:\windows\pss\Adobe Gamma.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Pascal Admin^Menu Démarrer^Programmes^Démarrage^HotSync Manager.lnk] path=c:\documents and settings\Pascal Admin\Menu Démarrer\Programmes\Démarrage\HotSync Manager.lnk backup=c:\windows\pss\HotSync Manager.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Pascal Admin^Menu Démarrer^Programmes^Démarrage^Outil de notification Live Search.lnk] backup=c:\windows\pss\Outil de notification Live Search.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager] 2007-02-07 23:12 488984 ----a-w- c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] 2007-02-07 23:13 774168 ----a-w- c:\program files\Logitech\QuickCam10\QuickCam10.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX] 2007-02-06 15:43 252704 ----a-w- c:\program files\Fichiers communs\Logitech\LComMgr\LVComSX.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [04/11/2004 11:55 23003] R0 PrecSim;PrecSim;c:\windows\system32\drivers\precsim.sys [22/05/2002 01:00 69600] R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [18/07/2006 12:02 284184] R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [18/07/2006 12:02 91672] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [29/02/2008 16:03 8944] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [29/02/2008 16:03 51440] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [03/10/2009 12:04 108289] R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20/10/2009 20:19 50704] R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [27/04/2007 15:19 2368] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [05/10/2006 23:11 13592] R3 chdrvr01;CH Control Manager Driver 1;c:\windows\system32\drivers\chdrvr01.sys [06/01/2008 18:37 215104] R3 chdrvr02;CH Control Manager Driver 2;c:\windows\system32\drivers\chdrvr02.sys [06/01/2008 18:37 3744] R3 chdrvr03;CH Control Manager Driver 3;c:\windows\system32\drivers\chdrvr03.sys [06/01/2008 18:37 9024] R3 emu10kx;Creative EMU10K1/EMU10K2 Audio Driver (WDM);c:\windows\system32\drivers\e10kx2k.sys [01/04/2006 14:19 1757928] S0 ElbyVCD;ElbyVCD;c:\windows\system32\DRIVERS\ElbyVCD.sys --> c:\windows\system32\DRIVERS\ElbyVCD.sys [?] S3 HDDirect;Hard Disk Direct Control;c:\windows\system32\drivers\hddirect.sys [09/05/2010 16:43 12552] S3 MODRC;DiBcom Infrared Receiver;c:\windows\system32\drivers\modrc.sys [28/04/2008 18:54 13824] S3 PctvVirtualNdis;Pinnacle Virtual Miniport;c:\windows\system32\drivers\PctvVirtualNdis.sys [28/04/2008 19:14 13696] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16/02/2006 16:51 4096] . Contenu du dossier 'Tâches planifiées' 2010-05-16 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-10-05 21:11] . . ------- Examen supplémentaire ------- . mWindow Title = uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Télécharger avec NetTransport - c:\program files\Xi\NetTransport 2\NTAddLink.html IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Tout t&élécharger avec NetTransport - c:\program files\Xi\NetTransport 2\NTAddList.html Trusted Zone: ahnlab.com\global Trusted Zone: cltnet.de\www Trusted Zone: gdfsuez.com\webmailfr TCP: {9548D205-C2A3-4969-BEF2-92CBB72FF227} = 192.168.0.1 DPF: DirectAnimation Java Classes DPF: Microsoft XML Parser for Java DPF: teleir_cert - hxxps://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab DPF: {0D9392CD-A784-4FCA-9342-0F75F7D7C8CB} - hxxp://www.cltnet.de/login/dplaunch.cab DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-2.0.cab FF - ProfilePath - c:\documents and settings\Pascal Admin\Application Data\Mozilla\Firefox\Profiles\ksf78zvj.default\ FF - prefs.js: browser.search.selectedEngine - Live Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q= FF - component: c:\documents and settings\Pascal Admin\Application Data\Mozilla\Firefox\Profiles\ksf78zvj.default\extensions\isadmin@vdtsoftware.ffext\components\isadmin.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . - - - - ORPHELINS SUPPRIMES - - - - SafeBoot-HDDirect ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-16 14:08 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8336401C]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf86daf28 \Driver\ACPI -> ACPI.sys @ 0xf862ccb8 \Driver\atapi -> 0x8336401c IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615 ParseProcedure -> 0x82e881b0 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615 ParseProcedure -> 0x82e881b0 Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-1935655697-1993962763-1343024091-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(628) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(3100) c:\program files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe c:\windows\system32\Ati2evxx.exe c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe c:\program files\Sandboxie\SbieSvc.exe c:\windows\System32\MsPMSPSv.exe c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe c:\windows\System32\wbem\wmiapsrv.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Heure de fin: 2010-05-16 14:22:33 - La machine a redémarré ComboFix-quarantined-files.txt 2010-05-16 12:22 ComboFix2.txt 2010-05-02 11:50 ComboFix3.txt 2010-04-28 19:19 ComboFix4.txt 2010-04-28 12:08 ComboFix5.txt 2010-05-16 11:41 Avant-CF: 12 238 553 088 octets libres Après-CF: 12 307 173 376 octets libres Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4 - - End Of File - - 4BE3A830DF1EFBE77ED2A668117EBB5A

Finalement j'ai désinstallé un logiciel qui s'appelait Asapi update et je n'ai plus ces fameux drivers dans le répertoire drivers et mes lecteurs fonctionnent. Il reste des traces dans la base de registre et dans le répertoire maxdriver dont je ne connais pas l'utilité : 1. ========================= SEAF 1.0.0.7 - C_XX 2. 3. Commencé à: 16:58:27 le 15/05/2010 4. 5. Valeur(s) recherchée(s): 6. 7. asapiW2k.sys 8. pcouffin.sys 9. 10. (!) --- Informations supplémentaires 11. (!) --- Recherche registre 12. 13. ====== Fichier(s) (TC: Date de création, TM: Date de modification, DA, Dernier accès) ====== 14. 15. "c:\WINDOWS\maxdriver\asapiW2k.sys" [ ----A---- | 11264 ] 16. TC: 31/03/2006,11:59:56 | TM: 17/04/2002,20:27:02 | DA: 15/05/2010,16:29:22 17. 18. CompagnyName: VOB Computersysteme GmbH 19. ProductName: asapi 20. InternalName: asapi.sys 21. OriginalFilename: asapi.sys 22. LegalCopyright: © 1997-2001 by VOB Computersysteme GmbH 23. ProductVersion: 6, 0, 0, 1 24. FileVersion: 6, 0, 0, 1 25. 26. ========================= 27. 28. "c:\WINDOWS\maxdriver\pcouffin.sys" [ ----A---- | 47360 ] 29. TC: 24/11/2008,21:11:45 | TM: 29/11/2008,14:53:06 | DA: 15/05/2010,16:29:22 30. 31. CompagnyName: VSO Software 32. ProductName: Patin couffin engine 33. InternalName: Pcouffin.sys 34. OriginalFilename: Pcouffin.sys 35. LegalCopyright: Copyright © 2001-2006 VSO Software 36. ProductVersion: 1.37 37. FileVersion: 1.37 38. 39. ========================= 40. 41. "c:\Documents and Settings\Pascal Admin\Recent\Asapiw2k.sys.txt.lnk" [ ----A---- | 529 ] 42. TC: 15/05/2010,15:59:53 | TM: 15/05/2010,16:47:22 | DA: 15/05/2010,16:47:22 43. 44. 45. ========================= 46. 47. "c:\Documents and Settings\Pascal Admin\Bureau\Asapiw2k.sys.txt" [ ----A---- | 610 ] 48. TC: 15/05/2010,14:43:01 | TM: 15/05/2010,14:43:01 | DA: 15/05/2010,15:58:49 49. 50. 51. ========================= 52. 53. "c:\Documents and Settings\Pascal Admin\Application Data\pcouffin.sys.bak" [ ----A---- | 47360 ] 54. TC: 24/11/2008,21:11:45 | TM: 29/11/2008,14:53:06 | DA: 15/05/2010,16:21:00 55. 56. CompagnyName: VSO Software 57. ProductName: Patin couffin engine 58. InternalName: Pcouffin.sys 59. OriginalFilename: Pcouffin.sys 60. LegalCopyright: Copyright © 2001-2006 VSO Software 61. ProductVersion: 1.37 62. FileVersion: 1.37 63. 64. ========================= 65. 66. ====== Dossier(s) (TC: Date de création, TM: Date de modification, DA, Dernier accès) ====== 67. 68. Aucun dossier trouvé 69. 70. 71. ====== Entrée(s) du registre ====== 72. 73. 74. 75. [HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603] 76. "001"="Asapiw2k.sys" 77. 78. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AsapiW2K] 79. "ImagePath"="system32\drivers\Asapiw2k.sys" 80. 81. [HKEY_USERS\S-1-5-21-1935655697-1993962763-1343024091-1003\Software\Microsoft\Search Assistant\ACMru\5603] 82. "001"="Asapiw2k.sys" 83. 84. 85. 86. [HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603] 87. "000"="pcouffin.sys" 88. 89. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\pcouffin] 90. "ImagePath"="System32\Drivers\pcouffin.sys" 91. 92. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\pcouffin] 93. "ImagePath"="System32\Drivers\pcouffin.sys" 94. 95. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pcouffin] 96. "ImagePath"="System32\Drivers\pcouffin.sys" 97. 98. [HKEY_USERS\S-1-5-21-1935655697-1993962763-1343024091-1003\Software\Microsoft\Search Assistant\ACMru\5603] 99. "000"="pcouffin.sys" 100. 101. ========================= 102. 103. Fin à: 17:04:55 le 15/05/2010 ( E.O.F ) et j'ai toujours Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully detected MBR rootkit hooks: \Driver\atapi -> 0x8336401c IoDeviceObjectType -> ParseProcedure -> 0x831361b0 \Device\Harddisk0\DR0 -> ParseProcedure -> 0x831361b0 Warning: possible MBR rootkit infection ! user & kernel MBR OK Use "Recovery Console" command "fixmbr" to clear infection !

Visiblement la suppression brutale du driver Asapiw2k.sys pose problème . Ci-dessous recherche Google Originally Posted by Webslinger View Post Asapiw2k.sys - Used by Pinnacle Studio 9 by Pinnacle systems or VOB Computersysteme GMBH 1. i) Create a backup of your registry: http://support.microsoft.com/kb/322756/?ln=en (scroll down and click the link for Vista or 7 instructions) ii) Download imgburn. It's a free program: http://www.imgburn.com/index.php?act=download (it's also an excellent program imo) iii) Go to Tools > Filter Driver Load Order. Select "ASAPIW2k". Click "Remove Selected Filter". Click "ok". iv) Reboot Whatever program installed that filter will no longer work properly. Je

Eh bien, on va faire avec .Je ne sais pas bien ce que c'est que ce driver Pinnacle. En tout cas, quand je le supprime plus d'installation possible de lecteurs DVD. Mais il me semble (je peux recommencer la manip pour en être sûr ) c'est que je ne trouve plus le fichier Asapiw2k.sys dans les drivers Windows et pourtant MBR trouve toujours un problème.

Quand je redémarre le micro , je vois que mes lecteurs existent bien dans la config matérielle mais qu'ils ne sont pas activés et je n'arrive pas à les activer. Je suis donc revenu à la config d'avant la suppression des drivers.

Je désinstalle. Je redémarre. Le plus curieux est que j'ai toujours le message Pinnacle au démarrage. Je réponds non à sa proposition de résoudre le problème de driver. Je n'arrive pas à réinstaller le lecteur et graveur de DVD. "un problème s'est produit lors de l'installation de ce matériel. Windows ne peut pas charger le pilote de périphérique de ce matériel. Ce pilote est peut-être endommagé ou absent (code 39)" Je redémarre à nouveau . Je réponds oui à la question sur le driver pinnacle il me dit que le problème est résolu.Le lecteur de DVD et le graveur refusent de s'installer (l'installation boucle) Et le pire est que j'ai à nouveau ce message mbr Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully detected MBR rootkit hooks: \Driver\atapi -> 0x8333d01c IoDeviceObjectType -> ParseProcedure -> 0xffbcb1b0 \Device\Harddisk0\DR0 -> ParseProcedure -> 0xffbcb1b0 Warning: possible MBR rootkit infection ! user & kernel MBR OK Use "Recovery Console" command "fixmbr" to clear infection !

Oui effectivement MBR donne ceci après avoir repassé un coup de fixmbr : Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK Le problème est que je n'ai plus de lecteur de DVD ni de graveur avec un message au démarrage " le contrôleur de pilote Pinnacle a détecté des problèmes dans les paramètres de votre pilote" .

C'est fait! Que fait-on maintenant?

Voici la log de Seaf : 1. ========================= SEAF 1.0.0.7 - C_XX 2. 3. Commencé à: 20:15:34 le 12/05/2010 4. 5. Valeur(s) recherchée(s): 6. 7. asapiW2k.sys 8. pcouffin.sys 9. 10. (!) --- Informations supplémentaires 11. (!) --- Recherche registre 12. 13. ====== Fichier(s) (TC: Date de création, TM: Date de modification, DA, Dernier accès) ====== 14. 15. "c:\WINDOWS\system32\drivers\asapiW2k.sys" [ ----A---- | 11264 ] 16. TC: 31/03/2006,11:59:56 | TM: 17/04/2002,20:27:02 | DA: 12/05/2010,20:08:12 17. 18. CompagnyName: VOB Computersysteme GmbH 19. ProductName: asapi 20. InternalName: asapi.sys 21. OriginalFilename: asapi.sys 22. LegalCopyright: © 1997-2001 by VOB Computersysteme GmbH 23. ProductVersion: 6, 0, 0, 1 24. FileVersion: 6, 0, 0, 1 25. 26. ========================= 27. 28. "c:\WINDOWS\system32\drivers\pcouffin.sys" [ ----A---- | 47360 ] 29. TC: 24/11/2008,21:11:45 | TM: 29/11/2008,14:53:06 | DA: 12/05/2010,20:08:20 30. 31. CompagnyName: VSO Software 32. ProductName: Patin couffin engine 33. InternalName: Pcouffin.sys 34. OriginalFilename: Pcouffin.sys 35. LegalCopyright: Copyright © 2001-2006 VSO Software 36. ProductVersion: 1.37 37. FileVersion: 1.37 38. 39. ========================= 40. 41. "c:\WINDOWS\maxdriver\asapiW2k.sys" [ ----A---- | 11264 ] 42. TC: 31/03/2006,11:59:56 | TM: 17/04/2002,20:27:02 | DA: 10/05/2010,19:58:02 43. 44. CompagnyName: VOB Computersysteme GmbH 45. ProductName: asapi 46. InternalName: asapi.sys 47. OriginalFilename: asapi.sys 48. LegalCopyright: © 1997-2001 by VOB Computersysteme GmbH 49. ProductVersion: 6, 0, 0, 1 50. FileVersion: 6, 0, 0, 1 51. 52. ========================= 53. 54. "c:\WINDOWS\maxdriver\pcouffin.sys" [ ----A---- | 47360 ] 55. TC: 24/11/2008,21:11:45 | TM: 29/11/2008,14:53:06 | DA: 10/05/2010,19:58:11 56. 57. CompagnyName: VSO Software 58. ProductName: Patin couffin engine 59. InternalName: Pcouffin.sys 60. OriginalFilename: Pcouffin.sys 61. LegalCopyright: Copyright © 2001-2006 VSO Software 62. ProductVersion: 1.37 63. FileVersion: 1.37 64. 65. ========================= 66. 67. "c:\Documents and Settings\Pascal Admin\Application Data\pcouffin.sys" [ ----A---- | 47360 ] 68. TC: 24/11/2008,21:11:45 | TM: 29/11/2008,14:53:06 | DA: 02/05/2010,14:36:12 69. 70. CompagnyName: VSO Software 71. ProductName: Patin couffin engine 72. InternalName: Pcouffin.sys 73. OriginalFilename: Pcouffin.sys 74. LegalCopyright: Copyright © 2001-2006 VSO Software 75. ProductVersion: 1.37 76. FileVersion: 1.37 77. 78. ========================= 79. 80. ====== Dossier(s) (TC: Date de création, TM: Date de modification, DA, Dernier accès) ====== 81. 82. Aucun dossier trouvé 83. 84. 85. ====== Entrée(s) du registre ====== 86. 87. 88. 89. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AsapiW2K] 90. "ImagePath"="system32\drivers\Asapiw2k.sys" 91. 92. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\AsapiW2K] 93. "ImagePath"="system32\drivers\Asapiw2k.sys" 94. 95. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\AsapiW2K] 96. "ImagePath"="system32\drivers\Asapiw2k.sys" 97. 98. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AsapiW2K] 99. "ImagePath"="system32\drivers\Asapiw2k.sys" 100. 101. 102. 103. [HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603] 104. "000"="pcouffin.sys" 105. 106. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\pcouffin] 107. "ImagePath"="System32\Drivers\pcouffin.sys" 108. 109. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\pcouffin] 110. "ImagePath"="System32\Drivers\pcouffin.sys" 111. 112. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pcouffin] 113. "ImagePath"="System32\Drivers\pcouffin.sys" 114. 115. [HKEY_USERS\S-1-5-21-1935655697-1993962763-1343024091-1003\Software\Microsoft\Search Assistant\ACMru\5603] 116. "000"="pcouffin.sys" 117. 118. ========================= 119. 120. Fin à: 20:23:23 le 12/05/2010 ( E.O.F )

Voici le résultat : Run from C:\Documents and Settings\Pascal Admin\Bureau\maxlook.exe on 10/05/2010 at 20:27:36,11 --------- maxlook unsigned files --------- c:\windows\maxdriver\asapiW2k.sys: Verified: Unsigned File date: 20:27 17/04/2002 Publisher: VOB Computersysteme GmbH Description: ASAPI Product: asapi Version: 6, 0, 0, 1 File version: 6, 0, 0, 1 c:\windows\maxdriver\chdrvr01.sys: Verified: Unsigned File date: 01:36 21/11/2006 Publisher: CH Products Description: CH Control Manager Driver 1 Product: CH Products Control Manager Version: 4.20 File version: 11.21.2006 c:\windows\maxdriver\chdrvr02.sys: Verified: Unsigned File date: 23:41 22/12/2005 Publisher: CH Products Description: CH Control Manager Driver 2 Product: CH Products Control Manager Version: 4.10 File version: 12.19.2005 c:\windows\maxdriver\chdrvr03.sys: Verified: Unsigned File date: 23:41 22/12/2005 Publisher: CH Products Description: CH Control Manager Driver 3 Product: CH Products Control Manager Version: 4.10 File version: 12.19.2005 c:\windows\maxdriver\imagedrv.sys: Verified: Unsigned File date: 22:30 03/03/2004 Publisher: Ahead Software AG Description: NERO IMAGEDRIVE SCSI miniport Product: Nero ImageDrive Version: 2.27.0.0 File version: 2.27.0.0 built by: WinDDK c:\windows\maxdriver\imagesrv.sys: Verified: Unsigned File date: 22:30 03/03/2004 Publisher: Ahead Software AG Description: Nero Image Server Product: Nero ImageDrive Version: 2.27.0.0 File version: 2.27.0.0 built by: WinDDK c:\windows\maxdriver\iteraid.sys: Verified: Unsigned File date: 05:25 26/03/2003 Publisher: Integrated Technology Express, Inc. Description: ITE IT8212 ATA RAID SCSI miniport Product: Windows (R) 2000 DDK driver Version: 5.00.2195.1620 File version: v1.3.1.4 c:\windows\maxdriver\pcouffin.sys: Verified: Unsigned File date: 14:53 29/11/2008 Publisher: VSO Software Description: low level access layer for CD/DVD/BD devices Product: Patin couffin engine Version: 1.37 File version: 1.37 c:\windows\maxdriver\PFMODNT.SYS: Verified: Unsigned File date: 12:19 05/03/2003 Publisher: Creative Technology Ltd. Description: PCI/ISA Device Info. Service Product: PfModNT Version: 3.0.0.3 File version: 3.0.0.3 c:\windows\maxdriver\precsim.sys: Verified: Unsigned File date: 01:00 22/05/2002 Publisher: Engelmann GmbH Description: PrecSim SCSI miniport Product: PrecSim Version: 1.16.0.0 File version: 1.16.0.0 c:\windows\maxdriver\TPkd.sys: Verified: Unsigned File date: 09:00 27/09/2005 Publisher: PACE Anti-Piracy, Inc. Description: InterLok system file Product: InterLok(R) Version: 5.3.0.2339 File version: 5.3.0.2339 c:\windows\maxdriver\VIAPFD.SYS: Verified: Unsigned File date: 09:24 04/05/2001 Publisher: VIA Technologies. Inc. Description: VIA PFD driver Product: VIA PFD driver Version: 5.00.2195.100 File version: 5.00.2195.100 --------- system32\drivers unsigned files --------- c:\windows\system32\drivers\asapiW2k.sys: Verified: Unsigned File date: 20:27 17/04/2002 Publisher: VOB Computersysteme GmbH Description: ASAPI Product: asapi Version: 6, 0, 0, 1 File version: 6, 0, 0, 1 c:\windows\system32\drivers\chdrvr01.sys: Verified: Unsigned File date: 01:36 21/11/2006 Publisher: CH Products Description: CH Control Manager Driver 1 Product: CH Products Control Manager Version: 4.20 File version: 11.21.2006 c:\windows\system32\drivers\chdrvr02.sys: Verified: Unsigned File date: 23:41 22/12/2005 Publisher: CH Products Description: CH Control Manager Driver 2 Product: CH Products Control Manager Version: 4.10 File version: 12.19.2005 c:\windows\system32\drivers\chdrvr03.sys: Verified: Unsigned File date: 23:41 22/12/2005 Publisher: CH Products Description: CH Control Manager Driver 3 Product: CH Products Control Manager Version: 4.10 File version: 12.19.2005 c:\windows\system32\drivers\imagedrv.sys: Verified: Unsigned File date: 22:30 03/03/2004 Publisher: Ahead Software AG Description: NERO IMAGEDRIVE SCSI miniport Product: Nero ImageDrive Version: 2.27.0.0 File version: 2.27.0.0 built by: WinDDK c:\windows\system32\drivers\imagesrv.sys: Verified: Unsigned File date: 22:30 03/03/2004 Publisher: Ahead Software AG Description: Nero Image Server Product: Nero ImageDrive Version: 2.27.0.0 File version: 2.27.0.0 built by: WinDDK c:\windows\system32\drivers\iteraid.sys: Verified: Unsigned File date: 05:25 26/03/2003 Publisher: Integrated Technology Express, Inc. Description: ITE IT8212 ATA RAID SCSI miniport Product: Windows (R) 2000 DDK driver Version: 5.00.2195.1620 File version: v1.3.1.4 c:\windows\system32\drivers\pcouffin.sys: Verified: Unsigned File date: 14:53 29/11/2008 Publisher: VSO Software Description: low level access layer for CD/DVD/BD devices Product: Patin couffin engine Version: 1.37 File version: 1.37 c:\windows\system32\drivers\PFMODNT.SYS: Verified: Unsigned File date: 12:19 05/03/2003 Publisher: Creative Technology Ltd. Description: PCI/ISA Device Info. Service Product: PfModNT Version: 3.0.0.3 File version: 3.0.0.3 c:\windows\system32\drivers\precsim.sys: Verified: Unsigned File date: 01:00 22/05/2002 Publisher: Engelmann GmbH Description: PrecSim SCSI miniport Product: PrecSim Version: 1.16.0.0 File version: 1.16.0.0 c:\windows\system32\drivers\TPkd.sys: Verified: Unsigned File date: 09:00 27/09/2005 Publisher: PACE Anti-Piracy, Inc. Description: InterLok system file Product: InterLok(R) Version: 5.3.0.2339 File version: 5.3.0.2339 c:\windows\system32\drivers\VIAPFD.SYS: Verified: Unsigned File date: 09:24 04/05/2001 Publisher: VIA Technologies. Inc. Description: VIA PFD driver Product: VIA PFD driver Version: 5.00.2195.100 File version: 5.00.2195.100

Je ne suis pa pressé! Le problème est que antirootkit se fige après avoir affiché " starting up driver". Tout le pc est bloqué et je rédémarre de manière brutale.

Quand je regarde à nouveau la log de Sysprot je ne vois pas la dernière ligne du post précédent. j'ai du faire une erreur de copier-coller au milieu de la log de mbr

mbr donne toujours la même chose : Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully detected MBR rootkit hooks: \Driver\atapi -> 0x8333d01c IoDeviceObjectType -> ParseProcedure -> 0x82e731b0 \Device\Harddisk0\DR0 -> ParseProcedure -> 0x82e731b0 Warning: possible MBR rootkit infection ! user & kernel MBR OK Voici la log de Sysprot SysProt AntiRootkit v1.0.1.0 by swatkat ******************************************************************************** ********** ******************************************************************************** ********** No Hidden Processes found ******************************************************************************** ********** ******************************************************************************** ********** Kernel Modules: Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys Service Name: --- Module Base: F3266000 Module End: F327E000 Hidden: Yes Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS Service Name: --- Module Base: F8C2E000 Module End: F8C30000 Hidden: Yes Module Name: \??\C:\DOCUME~1\PASCAL~1\LOCALS~1\Temp\mbr.sys Service Name: mbr Module Base: F89C6000 Module End: F89CC000 Hidden: Yes ******************************************************************************** ********** ******************************************************************************** ********** SSDT: Function Name: ZwClose Address: F3496110 Driver Base: F346E000 Driver End: F354D000 Driver Name: \SystemRoot\system32\drivers\fwdrv.sys Function Name: ZwCreateFile Address: F3495920 Driver Base: F346E000 Driver End: F354D000 Driver Name: \SystemRoot\system32\drivers\fwdrv.sys Function Name: ZwCreateKey Address: F8D13966 Driver Base: 0 Driver End: 0 Driver Name: _unknown_ Function Name: ZwCreateProcess Address: F3494F20 Driver Base: F346E000 Driver End: F354D000 Driver Name: \SystemRoot\system32\drivers\fwdrv.sys Function Name: ZwCreateProcessEx Address: F3494D90 Driver Base: F346E000 Driver End: F354D000 Driver Name: \SystemRoot\system32\drivers\fwdrv.sys Function Name: ZwCreateThread Address: F8D1395C Driver Base: 0 Driver End: 0 Driver Name: _unknown_ Function Name: ZwDeleteFile Address: F3496190 Driver Base: F346E000 Driver End: F354D000 Driver Name: \SystemRoot\system32\drivers\fwdrv.sys Function Name: ZwDeleteKey Address: F8D1396B Driver Base: 0 Driver End: 0 Driver Name: _unknown_ Function Name: ZwDeleteValueKey Address: F8D13975 Driver Base: 0 Driver End: 0 Driver Name: _unknown_ Function Name: ZwLoadDriver Address: F32C49A0 Driver Base: F32C2000 Driver End: F32D7000 Driver Name: \SystemRoot\system32\drivers\khips.sys Function Name: ZwLoadKey Address: F8D1397A Driver Base: 0 Driver End: 0 Driver Name: _unknown_ Function Name: ZwMapViewOfSection Address: F32C4B30 Driver Base: F32C2000 Driver End: F32D7000 Driver Name: \SystemRoot\system32\drivers\khips.sys Function Name: ZwOpenFile Address: F3495BF0 Driver Base: F346E000 Driver End: F354D000 Driver Name: \SystemRoot\system32\drivers\fwdrv.sys Function Name: ZwOpenKey Address: F3492140 Driver Base: F346E000 Driver End: F354D000 Driver Name: \SystemRoot\system32\drivers\fwdrv.sys Function Name: ZwOpenProcess Address: F8D13948 Driver Base: 0 Driver End: 0 Driver Name: _unknown_ Function Name: ZwOpenThread Address: F8D1394D Driver Base: 0 Driver End: 0 Driver Name: _unknown_ Function Name: ZwReplaceKey Address: F8D13984 Driver Base: 0 Driver End: 0 Driver Name: _unknown_ Function Name: ZwRestoreKey Address: F8D1397F Driver Base: 0 Driver End: 0 Driver Name: _unknown_ Function Name: ZwResumeThread Address: F3495510 Driver Base: F346E000 Driver End: F354D000 Driver Name: \SystemRoot\system32\drivers\fwdrv.sys Function Name: ZwSetInformationFile Address: F3495F00 Driver Base: F346E000 Driver End: F354D000 Driver Name: \SystemRoot\system32\drivers\fwdrv.sys Function Name: ZwSetValueKey Address: F8D13970 Driver Base: 0 Driver End: 0 Driver Name: _unknown_ Function Name: ZwTerminateProcess Address: F8D13957 Driver Base: 0 Driver End: 0 Driver Name: _unknown_ Function Name: ZwWriteFile Address: F3495E50 Driver Base: F346E000 Driver End: F354D000 Driver Name: \SystemRoot\system32\drivers\fwdrv.sys ******************************************************************************** ********** ******************************************************************************** ********** No Kernel Hooks found ******************************************************************************** ********** ******************************************************************************** ********** IRP Hooks: Hooked Module: C:\WINDOWS\system32\drivers\atapi.sys Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: 8333D01C Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\precsim.sys Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: 8333D00C Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys Hooked IRP: IRP_MJ_READ Jump To: 8333B96E Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys Hooked IRP: IRP_MJ_DEVICE_CONTROL Jump To: 8333B975 Hooking Module: _unknown_ ******************************************************************************** ********** ******************************************************************************** ********** Ports: Local Address: PCPASCAL:44334 Remote Address: LOCALHOST:1037 Type: TCP Process: C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe State: ESTABLISHED Local Address: PCPASCAL:44334 Remote Address: LOCALHOST:1025 Type: TCP Process: C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe State: ESTABLISHED Local Address: PCPASCAL:5152 Remote Address: LOCALHOST:1060 Type: TCP Process: C:\Program Files\Java\jre6\bin\jqs.exe State: CLOSE_WAIT Local Address: PCPASCAL:5152 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Java\jre6\bin\jqs.exe State: LISTENING Local Address: PCPASCAL:1052 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe State: LISTENING Local Address: PCPASCAL:1050 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe State: LISTENING Local Address: PCPASCAL:1048 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe State: LISTENING Local Address: PCPASCAL:1041 Remote Address: LOCALHOST:1039 Type: TCP Process: C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe State: ESTABLISHED Local Address: PCPASCAL:1039 Remote Address: LOCALHOST:1041 Type: TCP Process: C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe State: ESTABLISHED Local Address: PCPASCAL:1037 Remote Address: LOCALHOST:44334 Type: TCP Process: C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe State: ESTABLISHED Local Address: PCPASCAL:1031 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\WINDOWS\system32\alg.exe State: LISTENING Local Address: PCPASCAL:1029 Remote Address: LOCALHOST:1027 Type: TCP Process: C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe State: ESTABLISHED Local Address: PCPASCAL:1027 Remote Address: LOCALHOST:1029 Type: TCP Process: C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe State: ESTABLISHED Local Address: PCPASCAL:1025 Remote Address: LOCALHOST:44334 Type: TCP Process: C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe State: ESTABLISHED Local Address: PCPASCAL:44501 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe State: LISTENING Local Address: PCPASCAL:44334 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe State: LISTENING Local Address: PCPASCAL:1039 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe State: LISTENING Local Address: PCPASCAL:1027 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe State: LISTENING Local Address: PCPASCAL:MICROSOFT-DS Remote Address: 0.0.0.0:0 Type: TCP Process: System State: LISTENING Local Address: PCPASCAL:EPMAP Remote Address: 0.0.0.0:0 Type: TCP Process: C:\WINDOWS\system32\svchost.exe State: LISTENING Local Address: PCPASCAL:1900 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: PCPASCAL:123 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: PCPASCAL:44334 Remote Address: NA Type: UDP Process: C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe State: NA Local Address: PCPASCAL:4500 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\lsass.exe State: NA Local Address: PCPASCAL:1040 Remote Address: NA Type: UDP Process: C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe State: NA Local Address: PCPASCAL:1038 Remote Address: NA Type: UDP Process: C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe State: NA Local Address: PCPASCAL:1028 Remote Address: NA Type: UDP Process: C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe State: NA Local Address: PCPASCAL:1026 Remote Address: NA Type: UDP Process: C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe State: NA Local Address: PCPASCAL:500 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\lsass.exe State: NA Local Address: PCPASCAL:MICROSOFT-DS Remote Address: NA Type: UDP Process: System State: NA ******************************************************************************** ********** ******************************************************************************** ********** Hidden files/folders: Object: C:\Documents and Settings\Dominique\Local Settings\Application Data\Microsoft\Messenger\x@hotmail.fr\SharingMetadata\w@voila.fr\DFSR\Staging\CS{47094F16-F549-4612-849D-50F02AE550EA}\01\10-{47094F16-F549-4612-849D-50F02AE550EA}-v1-{821F6B Status: Hidden Object: C:\Documents and Settings\Olivier\Local Settings\Application Data\Microsoft\Messenger\y@noos.fr\SharingMetadata\z@hotmail.com\DFSR\Staging\CS{53CD5E93-A390-C69A-A5A6-0DB6B78CF7BC}\01\10-{53CD5E93-A390-C69A-A5A6-0DB6B78CF7BC}-v1-{4CEA99A5-B5 Status: Hidden Object: C:\Documents and Settings\Pascal Admin\Favoris\P2p\WORLD MUSIC DOWNLOAD Aralik 2007.URL Status: Hidden Object: C:\Documents and Settings\Pascal Admin\Favoris\P2p\? ??????sa?? ??l???a?g? g?a??i? ?.URL Status: Hidden Object: C:\Documents and Settings\Pascal Admin\Local Settings\Application Data\Microsoft\Messenger\w@voila.fr\SharingMetadata\z@hotmail.fr\DFSR\Staging\CS{47094F16-F549-4612-849D-50F02AE550EA}\01\10-{47094F16-F549-4612-849D-50F02AE550EA}-v1-{076 Status: Hidden Object: C:\System Volume Information\MountPointManagerRemoteDatabase Status: Access denied Object: C:\System Volume Information\tracking.log Status: Access denied Object: C:\System Volume Information\_restore{DC7E0091-EC97-43EE-B622-CDE3004E48C2} Status: Access denied Use "Recovery Console" command "fixmbr" to clear infection !

Le rapport d'Avenger qui a nettoyé les drivers résiduels : Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Driver "axwhisky" disabled successfully. Driver "axwskbus" disabled successfully. Driver "axwhisky" deleted successfully. Driver "axwskbus" deleted successfully. File "c:\windows\system32\drivers\axwhisky.sys" deleted successfully. File "c:\windows\system32\drivers\axwskbus.sys" deleted successfully. Completed script processing. et celui de Rootrepeal ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2010/05/05 21:01 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xF3208000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF8BE6000 Size: 8192 File Visible: No Signed: - Status: - Name: giveio.sys Image Path: giveio.sys Address: 0xF8C3F000 Size: 1664 File Visible: No Signed: - Status: - Name: gjaeoivi.sys Image Path: gjaeoivi.sys Address: 0xF8676000 Size: 61440 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xF03AB000 Size: 49152 File Visible: No Signed: - Status: - Name: speedfan.sys Image Path: speedfan.sys Address: 0xF8C3E000 Size: 4096 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: C:\hiberfil.sys Status: Locked to the Windows API! SSDT ------------------- #: 025 Function Name: NtClose Status: Hooked by "C:\WINDOWS\system32\drivers\fwdrv.sys" at address 0xf3438110 #: 037 Function Name: NtCreateFile Status: Hooked by "C:\WINDOWS\system32\drivers\fwdrv.sys" at address 0xf3437920 #: 041 Function Name: NtCreateKey Status: Hooked by "<unknown>" at address 0xf8c63eee #: 047 Function Name: NtCreateProcess Status: Hooked by "C:\WINDOWS\system32\drivers\fwdrv.sys" at address 0xf3436f20 #: 048 Function Name: NtCreateProcessEx Status: Hooked by "C:\WINDOWS\system32\drivers\fwdrv.sys" at address 0xf3436d90 #: 053 Function Name: NtCreateThread Status: Hooked by "<unknown>" at address 0xf8c63ee4 #: 062 Function Name: NtDeleteFile Status: Hooked by "C:\WINDOWS\system32\drivers\fwdrv.sys" at address 0xf3438190 #: 063 Function Name: NtDeleteKey Status: Hooked by "<unknown>" at address 0xf8c63ef3 #: 065 Function Name: NtDeleteValueKey Status: Hooked by "<unknown>" at address 0xf8c63efd #: 097 Function Name: NtLoadDriver Status: Hooked by "C:\WINDOWS\system32\drivers\khips.sys" at address 0xf323e9a0 #: 098 Function Name: NtLoadKey Status: Hooked by "<unknown>" at address 0xf8c63f02 #: 108 Function Name: NtMapViewOfSection Status: Hooked by "C:\WINDOWS\system32\drivers\khips.sys" at address 0xf323eb30 #: 116 Function Name: NtOpenFile Status: Hooked by "C:\WINDOWS\system32\drivers\fwdrv.sys" at address 0xf3437bf0 #: 119 Function Name: NtOpenKey Status: Hooked by "C:\WINDOWS\system32\drivers\fwdrv.sys" at address 0xf3434140 #: 122 Function Name: NtOpenProcess Status: Hooked by "<unknown>" at address 0xf8c63ed0 #: 128 Function Name: NtOpenThread Status: Hooked by "<unknown>" at address 0xf8c63ed5 #: 193 Function Name: NtReplaceKey Status: Hooked by "<unknown>" at address 0xf8c63f0c #: 204 Function Name: NtRestoreKey Status: Hooked by "<unknown>" at address 0xf8c63f07 #: 206 Function Name: NtResumeThread Status: Hooked by "C:\WINDOWS\system32\drivers\fwdrv.sys" at address 0xf3437510 #: 224 Function Name: NtSetInformationFile Status: Hooked by "C:\WINDOWS\system32\drivers\fwdrv.sys" at address 0xf3437f00 #: 247 Function Name: NtSetValueKey Status: Hooked by "<unknown>" at address 0xf8c63ef8 #: 257 Function Name: NtTerminateProcess Status: Hooked by "<unknown>" at address 0xf8c63edf #: 274 Function Name: NtWriteFile Status: Hooked by "C:\WINDOWS\system32\drivers\fwdrv.sys" at address 0xf3437e50 Stealth Objects ------------------- Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8333f01c Size: 4068 Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ] Process: System Address: 0x8333d96e Size: 177 Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8333d975 Size: 170 Object: Hidden Code [Driver: PrecSim, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8333f00c Size: 4084 ==EOF==

Je n'arrive pas à passer GMER en entier même en décochant les options devices et files J'ai un message d'erreurs "dwwin.exe. L'application n'a pas réussi à s'initialiser correctement (0xc0000005)" Je n'ai donc qu'un résultat partiel en faisant un save au moment où il s'arrête: GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-05-04 22:30:55 Windows 5.1.2600 Service Pack 3 Running: 7c1ephfw.exe; Driver: C:\DOCUME~1\PASCAL~1\LOCALS~1\Temp\fxliapoc.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwClose [0xF3371110] SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateFile [0xF3370920] SSDT F8C4276E ZwCreateKey SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateProcess [0xF336FF20] SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateProcessEx [0xF336FD90] SSDT F8C42764 ZwCreateThread SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwDeleteFile [0xF3371190] SSDT F8C42773 ZwDeleteKey SSDT F8C4277D ZwDeleteValueKey SSDT \SystemRoot\system32\drivers\khips.sys (Sunbelt Kerio Host Intrusion Prevention Driver/Sunbelt Software) ZwLoadDriver [0xF31259A0] SSDT F8C42782 ZwLoadKey SSDT \SystemRoot\system32\drivers\khips.sys (Sunbelt Kerio Host Intrusion Prevention Driver/Sunbelt Software) ZwMapViewOfSection [0xF3125B30] SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwOpenFile [0xF3370BF0] SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwOpenKey [0xF336D140] SSDT F8C42750 ZwOpenProcess SSDT F8C42755 ZwOpenThread SSDT F8C4278C ZwReplaceKey SSDT F8C42787 ZwRestoreKey SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwResumeThread [0xF3370510] SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwSetInformationFile [0xF3370F00] SSDT F8C42778 ZwSetValueKey SSDT F8C4275F ZwTerminateProcess SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwWriteFile [0xF3370E50] ---- Kernel code sections - GMER 1.0.15 ---- .text win32k.sys!EngAcquireSemaphore + 20E2 BF8082E1 5 Bytes JMP 827794D0 .text win32k.sys!EngFreeUserMem + 5BD2 BF80EE68 5 Bytes JMP 82779430 .text win32k.sys!EngCreateBitmap + DDB2 BF845CCB 5 Bytes JMP 82779610 .text win32k.sys!EngMultiByteToWideChar + 2F32 BF852C47 5 Bytes JMP 82779750 .text win32k.sys!XLATEOBJ_iXlate + 3A50 BF86368D 5 Bytes JMP 82779570 .text win32k.sys!FONTOBJ_pxoGetXform + CC3E BF8C31D6 5 Bytes JMP 827796B0 .text win32k.sys!PATHOBJ_vGetBounds + 74EE BF8F00FB 5 Bytes JMP 827797F0 ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[220] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[220] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[220] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[220] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[220] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[220] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[220] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[220] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[220] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[220] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[220] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[220] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[220] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[220] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[220] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720 .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[220] WS2_32.dll!socket 719F4211 5 Bytes JMP 001308C4 .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[220] WS2_32.dll!bind 719F4480 5 Bytes JMP 00130838 .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[220] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00130950 .text C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe[252] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe[252] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe[252] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe[252] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe[252] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe[252] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe[252] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe[252] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe[252] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe[252] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe[252] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe[252] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe[252] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe[252] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC .text C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe[252] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720 .text C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe[264] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe[264] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe[264] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe[264] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe[264] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe[264] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe[264] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe[264] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe[264] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe[264] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe[264] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe[264] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe[264] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe[264] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC .text C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe[264] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720 .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[272] KERNEL32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[272] KERNEL32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[272] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[272] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[272] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[272] KERNEL32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[272] KERNEL32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[272] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[272] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[272] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[272] KERNEL32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[272] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[272] KERNEL32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[272] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[272] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720 .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[272] ws2_32.dll!socket 719F4211 5 Bytes JMP 001308C4 .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[272] ws2_32.dll!bind 719F4480 5 Bytes JMP 00130838 .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[272] ws2_32.dll!connect 719F4A07 5 Bytes JMP 00130950 .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[272] WININET.dll!InternetConnectA 404BDEAE 5 Bytes JMP 00130F54 .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[272] WININET.dll!InternetConnectW 404BF862 5 Bytes JMP 00130FE0 .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[272] WININET.dll!InternetOpenA 404CD690 5 Bytes JMP 00130D24 .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[272] WININET.dll!InternetOpenW 404CDB09 5 Bytes JMP 00130DB0 .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[272] WININET.dll!InternetOpenUrlA 404CF3A4 5 Bytes JMP 00130E3C .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[272] WININET.dll!InternetOpenUrlW 40516DDF 5 Bytes JMP 00130EC8 .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[284] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[284] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[284] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[284] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[284] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[284] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[284] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[284] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[284] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[284] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[284] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[284] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[284] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[284] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[284] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720 .text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[296] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[296] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[296] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[296] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[296] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[296] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[296] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[296] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[296] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[296] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[296] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[296] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[296] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[296] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC .text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[296] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720 .text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[296] WININET.dll!InternetConnectA 404BDEAE 5 Bytes JMP 00130F54 .text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[296] WININET.dll!InternetConnectW 404BF862 5 Bytes JMP 00130FE0 .text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[296] WININET.dll!InternetOpenA 404CD690 5 Bytes JMP 00130D24 .text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[296] WININET.dll!InternetOpenW 404CDB09 5 Bytes JMP 00130DB0 .text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[296] WININET.dll!InternetOpenUrlA 404CF3A4 5 Bytes JMP 00130E3C .text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[296] WININET.dll!InternetOpenUrlW 40516DDF 5 Bytes JMP 00130EC8 .text C:\Program Files\Java\jre6\bin\jqs.exe[340] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\Program Files\Java\jre6\bin\jqs.exe[340] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\Program Files\Java\jre6\bin\jqs.exe[340] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\Program Files\Java\jre6\bin\jqs.exe[340] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\Program Files\Java\jre6\bin\jqs.exe[340] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\Program Files\Java\jre6\bin\jqs.exe[340] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\Program Files\Java\jre6\bin\jqs.exe[340] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\Program Files\Java\jre6\bin\jqs.exe[340] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text C:\Program Files\Java\jre6\bin\jqs.exe[340] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text C:\Program Files\Java\jre6\bin\jqs.exe[340] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text C:\Program Files\Java\jre6\bin\jqs.exe[340] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text C:\Program Files\Java\jre6\bin\jqs.exe[340] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text C:\Program Files\Java\jre6\bin\jqs.exe[340] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text C:\Program Files\Java\jre6\bin\jqs.exe[340] WS2_32.dll!socket 719F4211 5 Bytes JMP 001308C4 .text C:\Program Files\Java\jre6\bin\jqs.exe[340] WS2_32.dll!bind 719F4480 5 Bytes JMP 00130838 .text C:\Program Files\Java\jre6\bin\jqs.exe[340] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00130950 .text C:\Program Files\Java\jre6\bin\jqs.exe[340] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC .text C:\Program Files\Java\jre6\bin\jqs.exe[340] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[548] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000301A8 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[548] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00030090 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[548] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00030694 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[548] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000302C0 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[548] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00030234 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[548] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00030004 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[548] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0003011C .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[548] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000304F0 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[548] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0003057C .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[548] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000303D8 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[548] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0003034C .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[548] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00030464 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[548] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00030608 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[548] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000307AC .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[548] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00030720 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[548] WS2_32.dll!socket 719F4211 5 Bytes JMP 000308C4 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[548] WS2_32.dll!bind 719F4480 5 Bytes JMP 00030838 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[548] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00030950 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[548] WININET.dll!InternetConnectA 404BDEAE 5 Bytes JMP 00030F54 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[548] WININET.dll!InternetConnectW 404BF862 5 Bytes JMP 00030FE0 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[548] WININET.dll!InternetOpenA 404CD690 5 Bytes JMP 00030D24 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[548] WININET.dll!InternetOpenW 404CDB09 5 Bytes JMP 00030DB0 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[548] WININET.dll!InternetOpenUrlA 404CF3A4 5 Bytes JMP 00030E3C .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[548] WININET.dll!InternetOpenUrlW 40516DDF 5 Bytes JMP 00030EC8 .text C:\WINDOWS\system32\ctfmon.exe[556] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\ctfmon.exe[556] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\ctfmon.exe[556] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\ctfmon.exe[556] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\ctfmon.exe[556] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\ctfmon.exe[556] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\ctfmon.exe[556] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\ctfmon.exe[556] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\ctfmon.exe[556] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\ctfmon.exe[556] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\ctfmon.exe[556] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\ctfmon.exe[556] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\ctfmon.exe[556] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\ctfmon.exe[556] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\ctfmon.exe[556] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720 .text C:\Program Files\Messenger\msmsgs.exe[608] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8 .text C:\Program Files\Messenger\msmsgs.exe[608] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090 .text C:\Program Files\Messenger\msmsgs.exe[608] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694 .text C:\Program Files\Messenger\msmsgs.exe[608] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0 .text C:\Program Files\Messenger\msmsgs.exe[608] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234 .text C:\Program Files\Messenger\msmsgs.exe[608] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004 .text C:\Program Files\Messenger\msmsgs.exe[608] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C .text C:\Program Files\Messenger\msmsgs.exe[608] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0 .text C:\Program Files\Messenger\msmsgs.exe[608] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C .text C:\Program Files\Messenger\msmsgs.exe[608] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8 .text C:\Program Files\Messenger\msmsgs.exe[608] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C .text C:\Program Files\Messenger\msmsgs.exe[608] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070464 .text C:\Program Files\Messenger\msmsgs.exe[608] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00070608 .text C:\Program Files\Messenger\msmsgs.exe[608] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000707AC .text C:\Program Files\Messenger\msmsgs.exe[608] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00070720 .text C:\Program Files\Messenger\msmsgs.exe[608] WS2_32.dll!socket 719F4211 5 Bytes JMP 000708C4 .text C:\Program Files\Messenger\msmsgs.exe[608] WS2_32.dll!bind 719F4480 5 Bytes JMP 00070838 .text C:\Program Files\Messenger\msmsgs.exe[608] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00070950 .text C:\Program Files\Messenger\msmsgs.exe[608] WININET.dll!InternetConnectA 404BDEAE 5 Bytes JMP 00070F54 .text C:\Program Files\Messenger\msmsgs.exe[608] WININET.dll!InternetConnectW 404BF862 5 Bytes JMP 00070FE0 .text C:\Program Files\Messenger\msmsgs.exe[608] WININET.dll!InternetOpenA 404CD690 5 Bytes JMP 00070D24 .text C:\Program Files\Messenger\msmsgs.exe[608] WININET.dll!InternetOpenW 404CDB09 5 Bytes JMP 00070DB0 .text C:\Program Files\Messenger\msmsgs.exe[608] WININET.dll!InternetOpenUrlA 404CF3A4 5 Bytes JMP 00070E3C .text C:\Program Files\Messenger\msmsgs.exe[608] WININET.dll!InternetOpenUrlW 40516DDF 5 Bytes JMP 00070EC8 .text C:\WINDOWS\system32\wscntfy.exe[636] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8 .text C:\WINDOWS\system32\wscntfy.exe[636] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090 .text C:\WINDOWS\system32\wscntfy.exe[636] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694 .text C:\WINDOWS\system32\wscntfy.exe[636] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0 .text C:\WINDOWS\system32\wscntfy.exe[636] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234 .text C:\WINDOWS\system32\wscntfy.exe[636] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004 .text C:\WINDOWS\system32\wscntfy.exe[636] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C .text C:\WINDOWS\system32\wscntfy.exe[636] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0 .text C:\WINDOWS\system32\wscntfy.exe[636] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C .text C:\WINDOWS\system32\wscntfy.exe[636] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8 .text C:\WINDOWS\system32\wscntfy.exe[636] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C .text C:\WINDOWS\system32\wscntfy.exe[636] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070464 .text C:\WINDOWS\system32\wscntfy.exe[636] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00070608 .text C:\WINDOWS\system32\wscntfy.exe[636] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000707AC .text C:\WINDOWS\system32\wscntfy.exe[636] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00070720 .text C:\WINDOWS\system32\csrss.exe[648] KERNEL32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001601A8 .text C:\WINDOWS\system32\csrss.exe[648] KERNEL32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00160090 .text C:\WINDOWS\system32\csrss.exe[648] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00160694 .text C:\WINDOWS\system32\csrss.exe[648] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 001602C0 .text C:\WINDOWS\system32\csrss.exe[648] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00160234 .text C:\WINDOWS\system32\csrss.exe[648] KERNEL32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00160004 .text C:\WINDOWS\system32\csrss.exe[648] KERNEL32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0016011C .text C:\WINDOWS\system32\csrss.exe[648] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001604F0 .text C:\WINDOWS\system32\csrss.exe[648] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 0016057C .text C:\WINDOWS\system32\csrss.exe[648] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001603D8 .text C:\WINDOWS\system32\csrss.exe[648] KERNEL32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0016034C .text C:\WINDOWS\system32\csrss.exe[648] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 00160464 .text C:\WINDOWS\system32\csrss.exe[648] KERNEL32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00160608 .text C:\WINDOWS\system32\csrss.exe[648] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001607AC .text C:\WINDOWS\system32\csrss.exe[648] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00160720 .text C:\WINDOWS\system32\winlogon.exe[676] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8 .text C:\WINDOWS\system32\winlogon.exe[676] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090 .text C:\WINDOWS\system32\winlogon.exe[676] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694 .text C:\WINDOWS\system32\winlogon.exe[676] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0 .text C:\WINDOWS\system32\winlogon.exe[676] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234 .text C:\WINDOWS\system32\winlogon.exe[676] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004 .text C:\WINDOWS\system32\winlogon.exe[676] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C .text C:\WINDOWS\system32\winlogon.exe[676] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0 .text C:\WINDOWS\system32\winlogon.exe[676] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C .text C:\WINDOWS\system32\winlogon.exe[676] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8 .text C:\WINDOWS\system32\winlogon.exe[676] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C .text C:\WINDOWS\system32\winlogon.exe[676] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070464 .text C:\WINDOWS\system32\winlogon.exe[676] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00070608 .text C:\WINDOWS\system32\winlogon.exe[676] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000707AC .text C:\WINDOWS\system32\winlogon.exe[676] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00070720 .text C:\WINDOWS\system32\winlogon.exe[676] WS2_32.dll!socket 719F4211 5 Bytes JMP 000708C4 .text C:\WINDOWS\system32\winlogon.exe[676] WS2_32.dll!bind 719F4480 5 Bytes JMP 00070838 .text C:\WINDOWS\system32\winlogon.exe[676] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00070950 .text C:\WINDOWS\system32\winlogon.exe[676] WININET.dll!InternetConnectA 404BDEAE 5 Bytes JMP 00070F54 .text C:\WINDOWS\system32\winlogon.exe[676] WININET.dll!InternetConnectW 404BF862 5 Bytes JMP 00070FE0 .text C:\WINDOWS\system32\winlogon.exe[676] WININET.dll!InternetOpenA 404CD690 5 Bytes JMP 00070D24 .text C:\WINDOWS\system32\winlogon.exe[676] WININET.dll!InternetOpenW 404CDB09 5 Bytes JMP 00070DB0 .text C:\WINDOWS\system32\winlogon.exe[676] WININET.dll!InternetOpenUrlA 404CF3A4 5 Bytes JMP 00070E3C .text C:\WINDOWS\system32\winlogon.exe[676] WININET.dll!InternetOpenUrlW 40516DDF 5 Bytes JMP 00070EC8 .text C:\WINDOWS\system32\services.exe[720] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\services.exe[720] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\services.exe[720] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\services.exe[720] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\services.exe[720] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\services.exe[720] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\services.exe[720] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\services.exe[720] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\services.exe[720] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\services.exe[720] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\services.exe[720] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\services.exe[720] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\services.exe[720] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\services.exe[720] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\services.exe[720] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\services.exe[720] WS2_32.dll!socket 719F4211 5 Bytes JMP 001308C4 .text C:\WINDOWS\system32\services.exe[720] WS2_32.dll!bind 719F4480 5 Bytes JMP 00130838 .text C:\WINDOWS\system32\services.exe[720] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00130950 .text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\lsass.exe[732] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\lsass.exe[732] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\lsass.exe[732] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\lsass.exe[732] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\lsass.exe[732] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950 .text C:\Program Files\WinZip\WZQKPICK.EXE[856] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\Program Files\WinZip\WZQKPICK.EXE[856] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\Program Files\WinZip\WZQKPICK.EXE[856] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\Program Files\WinZip\WZQKPICK.EXE[856] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\Program Files\WinZip\WZQKPICK.EXE[856] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\Program Files\WinZip\WZQKPICK.EXE[856] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\Program Files\WinZip\WZQKPICK.EXE[856] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\Program Files\WinZip\WZQKPICK.EXE[856] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text C:\Program Files\WinZip\WZQKPICK.EXE[856] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text C:\Program Files\WinZip\WZQKPICK.EXE[856] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text C:\Program Files\WinZip\WZQKPICK.EXE[856] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text C:\Program Files\WinZip\WZQKPICK.EXE[856] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text C:\Program Files\WinZip\WZQKPICK.EXE[856] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text C:\Program Files\WinZip\WZQKPICK.EXE[856] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC .text C:\Program Files\WinZip\WZQKPICK.EXE[856] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720 .text C:\WINDOWS\system32\Ati2evxx.exe[912] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\WINDOWS\system32\Ati2evxx.exe[912] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\WINDOWS\system32\Ati2evxx.exe[912] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\WINDOWS\system32\Ati2evxx.exe[912] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\WINDOWS\system32\Ati2evxx.exe[912] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\WINDOWS\system32\Ati2evxx.exe[912] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\WINDOWS\system32\Ati2evxx.exe[912] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\WINDOWS\system32\Ati2evxx.exe[912] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text C:\WINDOWS\system32\Ati2evxx.exe[912] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text C:\WINDOWS\system32\Ati2evxx.exe[912] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text C:\WINDOWS\system32\Ati2evxx.exe[912] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text C:\WINDOWS\system32\Ati2evxx.exe[912] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text C:\WINDOWS\system32\Ati2evxx.exe[912] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text C:\WINDOWS\system32\Ati2evxx.exe[912] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC .text C:\WINDOWS\system32\Ati2evxx.exe[912] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720 .text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[928] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[928] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\svchost.exe[928] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\svchost.exe[928] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\svchost.exe[928] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[988] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[988] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\svchost.exe[988] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\svchost.exe[988] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\svchost.exe[988] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950 .text C:\Program Files\Windows Defender\MsMpEng.exe[1048] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8 .text C:\Program Files\Windows Defender\MsMpEng.exe[1048] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090 .text C:\Program Files\Windows Defender\MsMpEng.exe[1048] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694 .text C:\Program Files\Windows Defender\MsMpEng.exe[1048] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0 .text C:\Program Files\Windows Defender\MsMpEng.exe[1048] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234 .text C:\Program Files\Windows Defender\MsMpEng.exe[1048] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004 .text C:\Program Files\Windows Defender\MsMpEng.exe[1048] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C .text C:\Program Files\Windows Defender\MsMpEng.exe[1048] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0 .text C:\Program Files\Windows Defender\MsMpEng.exe[1048] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C .text C:\Program Files\Windows Defender\MsMpEng.exe[1048] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8 .text C:\Program Files\Windows Defender\MsMpEng.exe[1048] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C .text C:\Program Files\Windows Defender\MsMpEng.exe[1048] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070464 .text C:\Program Files\Windows Defender\MsMpEng.exe[1048] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00070608 .text C:\Program Files\Windows Defender\MsMpEng.exe[1048] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000707AC .text C:\Program Files\Windows Defender\MsMpEng.exe[1048] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00070720 .text C:\Program Files\Windows Defender\MsMpEng.exe[1048] wininet.dll!InternetConnectA 404BDEAE 5 Bytes JMP 00070F54 .text C:\Program Files\Windows Defender\MsMpEng.exe[1048] wininet.dll!InternetConnectW 404BF862 5 Bytes JMP 00070FE0 .text C:\Program Files\Windows Defender\MsMpEng.exe[1048] wininet.dll!InternetOpenA 404CD690 5 Bytes JMP 00070D24 .text C:\Program Files\Windows Defender\MsMpEng.exe[1048] wininet.dll!InternetOpenW 404CDB09 5 Bytes JMP 00070DB0 .text C:\Program Files\Windows Defender\MsMpEng.exe[1048] wininet.dll!InternetOpenUrlA 404CF3A4 5 Bytes JMP 00070E3C .text C:\Program Files\Windows Defender\MsMpEng.exe[1048] wininet.dll!InternetOpenUrlW 40516DDF 5 Bytes JMP 00070EC8 .text C:\Program Files\Windows Defender\MsMpEng.exe[1048] WS2_32.dll!socket 719F4211 5 Bytes JMP 000708C4 .text C:\Program Files\Windows Defender\MsMpEng.exe[1048] WS2_32.dll!bind 719F4480 5 Bytes JMP 00070838 .text C:\Program Files\Windows Defender\MsMpEng.exe[1048] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00070950 .text C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8 .text C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090 .text C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694 .text C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0 .text C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234 .text C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004 .text C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C .text C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0 .text C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C .text C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8 .text C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C .text C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464 .text C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608 .text C:\WINDOWS\System32\svchost.exe[1092] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC .text C:\WINDOWS\System32\svchost.exe[1092] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720 .text C:\WINDOWS\System32\svchost.exe[1092] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4 .text C:\WINDOWS\System32\svchost.exe[1092] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838 .text C:\WINDOWS\System32\svchost.exe[1092] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950 .text C:\WINDOWS\System32\svchost.exe[1092] WININET.dll!InternetConnectA 404BDEAE 5 Bytes JMP 00080F54 .text C:\WINDOWS\System32\svchost.exe[1092] WININET.dll!InternetConnectW 404BF862 5 Bytes JMP 00080FE0 .text C:\WINDOWS\System32\svchost.exe[1092] WININET.dll!InternetOpenA 404CD690 5 Bytes JMP 00080D24 .text C:\WINDOWS\System32\svchost.exe[1092] WININET.dll!InternetOpenW 404CDB09 5 Bytes JMP 00080DB0 .text C:\WINDOWS\System32\svchost.exe[1092] WININET.dll!InternetOpenUrlA 404CF3A4 5 Bytes JMP 00080E3C .text C:\WINDOWS\System32\svchost.exe[1092] WININET.dll!InternetOpenUrlW 40516DDF 5 Bytes JMP 00080EC8 .text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8 .text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090 .text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694 .text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0 .text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234 .text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004 .text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C .text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0 .text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C .text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8 .text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C .text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464 .text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608 .text C:\WINDOWS\System32\svchost.exe[1152] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC .text C:\WINDOWS\System32\svchost.exe[1152] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720 .text C:\WINDOWS\System32\svchost.exe[1152] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4 .text C:\WINDOWS\System32\svchost.exe[1152] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838 .text C:\WINDOWS\System32\svchost.exe[1152] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\svchost.exe[1316] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\svchost.exe[1316] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\svchost.exe[1316] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\spoolsv.exe[1408] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\spoolsv.exe[1408] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\spoolsv.exe[1408] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\spoolsv.exe[1408] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\spoolsv.exe[1408] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\spoolsv.exe[1408] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\spoolsv.exe[1408] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\spoolsv.exe[1408] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\spoolsv.exe[1408] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\spoolsv.exe[1408] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\spoolsv.exe[1408] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\spoolsv.exe[1408] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\spoolsv.exe[1408] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\spoolsv.exe[1408] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\spoolsv.exe[1408] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\spoolsv.exe[1408] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\spoolsv.exe[1408] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\spoolsv.exe[1408] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950 .text C:\Program Files\Sandboxie\SbieSvc.exe[1448] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8 .text C:\Program Files\Sandboxie\SbieSvc.exe[1448] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090 .text C:\Program Files\Sandboxie\SbieSvc.exe[1448] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694 .text C:\Program Files\Sandboxie\SbieSvc.exe[1448] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0 .text C:\Program Files\Sandboxie\SbieSvc.exe[1448] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234 .text C:\Program Files\Sandboxie\SbieSvc.exe[1448] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004 .text C:\Program Files\Sandboxie\SbieSvc.exe[1448] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C .text C:\Program Files\Sandboxie\SbieSvc.exe[1448] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0 .text C:\Program Files\Sandboxie\SbieSvc.exe[1448] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C .text C:\Program Files\Sandboxie\SbieSvc.exe[1448] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8 .text C:\Program Files\Sandboxie\SbieSvc.exe[1448] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C .text C:\Program Files\Sandboxie\SbieSvc.exe[1448] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070464 .text C:\Program Files\Sandboxie\SbieSvc.exe[1448] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00070608 .text C:\Program Files\Sandboxie\SbieSvc.exe[1448] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000707AC .text C:\Program Files\Sandboxie\SbieSvc.exe[1448] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00070720 .text c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe[1452] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe[1452] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe[1452] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe[1452] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe[1452] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe[1452] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe[1452] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe[1452] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe[1452] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe[1452] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe[1452] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe[1452] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe[1452] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe[1452] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC .text c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe[1452] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720 .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1472] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1472] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1472] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1472] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1472] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1472] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1472] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1472] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1472] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1472] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1472] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1472] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1472] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1472] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1472] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720 .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1472] WS2_32.dll!socket 719F4211 5 Bytes JMP 001308C4 .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1472] WS2_32.dll!bind 719F4480 5 Bytes JMP 00130838 .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1472] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00130950 .text C:\WINDOWS\system32\Ati2evxx.exe[1600] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\WINDOWS\system32\Ati2evxx.exe[1600] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\WINDOWS\system32\Ati2evxx.exe[1600] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\WINDOWS\system32\Ati2evxx.exe[1600] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\WINDOWS\system32\Ati2evxx.exe[1600] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\WINDOWS\system32\Ati2evxx.exe[1600] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\WINDOWS\system32\Ati2evxx.exe[1600] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\WINDOWS\system32\Ati2evxx.exe[1600] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text C:\WINDOWS\system32\Ati2evxx.exe[1600] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text C:\WINDOWS\system32\Ati2evxx.exe[1600] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text C:\WINDOWS\system32\Ati2evxx.exe[1600] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text C:\WINDOWS\system32\Ati2evxx.exe[1600] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text C:\WINDOWS\system32\Ati2evxx.exe[1600] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text C:\WINDOWS\system32\Ati2evxx.exe[1600] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC .text C:\WINDOWS\system32\Ati2evxx.exe[1600] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720 .text C:\WINDOWS\System32\svchost.exe[1684] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8 .text C:\WINDOWS\System32\svchost.exe[1684] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090 .text C:\WINDOWS\System32\svchost.exe[1684] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694 .text C:\WINDOWS\System32\svchost.exe[1684] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0 .text C:\WINDOWS\System32\svchost.exe[1684] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234 .text C:\WINDOWS\System32\svchost.exe[1684] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004 .text C:\WINDOWS\System32\svchost.exe[1684] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C .text C:\WINDOWS\System32\svchost.exe[1684] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0 .text C:\WINDOWS\System32\svchost.exe[1684] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C .text C:\WINDOWS\System32\svchost.exe[1684] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8 .text C:\WINDOWS\System32\svchost.exe[1684] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C .text C:\WINDOWS\System32\svchost.exe[1684] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464 .text C:\WINDOWS\System32\svchost.exe[1684] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608 .text C:\WINDOWS\System32\svchost.exe[1684] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC .text C:\WINDOWS\System32\svchost.exe[1684] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720 .text C:\WINDOWS\Explorer.EXE[1736] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8 .text C:\WINDOWS\Explorer.EXE[1736] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090 .text C:\WINDOWS\Explorer.EXE[1736] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694 .text C:\WINDOWS\Explorer.EXE[1736] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0 .text C:\WINDOWS\Explorer.EXE[1736] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234 .text C:\WINDOWS\Explorer.EXE[1736] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004 .text C:\WINDOWS\Explorer.EXE[1736] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C .text C:\WINDOWS\Explorer.EXE[1736] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0 .text C:\WINDOWS\Explorer.EXE[1736] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C .text C:\WINDOWS\Explorer.EXE[1736] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8 .text C:\WINDOWS\Explorer.EXE[1736] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C .text C:\WINDOWS\Explorer.EXE[1736] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464 .text C:\WINDOWS\Explorer.EXE[1736] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608 .text C:\WINDOWS\Explorer.EXE[1736] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC .text C:\WINDOWS\Explorer.EXE[1736] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720 .text C:\WINDOWS\Explorer.EXE[1736] WININET.dll!InternetConnectA 404BDEAE 5 Bytes JMP 00080F54 .text C:\WINDOWS\Explorer.EXE[1736] WININET.dll!InternetConnectW 404BF862 5 Bytes JMP 00080FE0 .text C:\WINDOWS\Explorer.EXE[1736] WININET.dll!InternetOpenA 404CD690 5 Bytes JMP 00080D24 .text C:\WINDOWS\Explorer.EXE[1736] WININET.dll!InternetOpenW 404CDB09 5 Bytes JMP 00080DB0 .text C:\WINDOWS\Explorer.EXE[1736] WININET.dll!InternetOpenUrlA 404CF3A4 5 Bytes JMP 00080E3C .text C:\WINDOWS\Explorer.EXE[1736] WININET.dll!InternetOpenUrlW 40516DDF 5 Bytes JMP 00080EC8 .text C:\WINDOWS\Explorer.EXE[1736] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4 .text C:\WINDOWS\Explorer.EXE[1736] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838 .text C:\WINDOWS\Explorer.EXE[1736] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1764] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1764] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1764] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1764] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1764] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1764] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1764] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1764] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1764] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1764] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1764] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1764] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1764] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1764] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1764] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1764] WS2_32.dll!socket 719F4211 5 Bytes JMP 001308C4 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1764] WS2_32.dll!bind 719F4480 5 Bytes JMP 00130838 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1764] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00130950 .text C:\WINDOWS\System32\svchost.exe[1848] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8 .text C:\WINDOWS\System32\svchost.exe[1848] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090 .text C:\WINDOWS\System32\svchost.exe[1848] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694 .text C:\WINDOWS\System32\svchost.exe[1848] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0 .text C:\WINDOWS\System32\svchost.exe[1848] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234 .text C:\WINDOWS\System32\svchost.exe[1848] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004 .text C:\WINDOWS\System32\svchost.exe[1848] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C .text C:\WINDOWS\System32\svchost.exe[1848] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0 .text C:\WINDOWS\System32\svchost.exe[1848] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C .text C:\WINDOWS\System32\svchost.exe[1848] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8 .text C:\WINDOWS\System32\svchost.exe[1848] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C .text C:\WINDOWS\System32\svchost.exe[1848] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464 .text C:\WINDOWS\System32\svchost.exe[1848] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608 .text C:\WINDOWS\System32\svchost.exe[1848] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC .text C:\WINDOWS\System32\svchost.exe[1848] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720 .text C:\WINDOWS\System32\svchost.exe[1848] WININET.dll!InternetConnectA 404BDEAE 5 Bytes JMP 00080F54 .text C:\WINDOWS\System32\svchost.exe[1848] WININET.dll!InternetConnectW 404BF862 5 Bytes JMP 00080FE0 .text C:\WINDOWS\System32\svchost.exe[1848] WININET.dll!InternetOpenA 404CD690 5 Bytes JMP 00080D24 .text C:\WINDOWS\System32\svchost.exe[1848] WININET.dll!InternetOpenW 404CDB09 5 Bytes JMP 00080DB0 .text C:\WINDOWS\System32\svchost.exe[1848] WININET.dll!InternetOpenUrlA 404CF3A4 5 Bytes JMP 00080E3C .text C:\WINDOWS\System32\svchost.exe[1848] WININET.dll!InternetOpenUrlW 40516DDF 5 Bytes JMP 00080EC8 .text C:\WINDOWS\System32\svchost.exe[1848] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4 .text C:\WINDOWS\System32\svchost.exe[1848] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838 .text C:\WINDOWS\System32\svchost.exe[1848] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950 .text C:\WINDOWS\System32\MsPMSPSv.exe[1896] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\WINDOWS\System32\MsPMSPSv.exe[1896] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\WINDOWS\System32\MsPMSPSv.exe[1896] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\WINDOWS\System32\MsPMSPSv.exe[1896] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\WINDOWS\System32\MsPMSPSv.exe[1896] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\WINDOWS\System32\MsPMSPSv.exe[1896] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\WINDOWS\System32\MsPMSPSv.exe[1896] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\WINDOWS\System32\MsPMSPSv.exe[1896] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text C:\WINDOWS\System32\MsPMSPSv.exe[1896] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text C:\WINDOWS\System32\MsPMSPSv.exe[1896] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text C:\WINDOWS\System32\MsPMSPSv.exe[1896] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text C:\WINDOWS\System32\MsPMSPSv.exe[1896] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text C:\WINDOWS\System32\MsPMSPSv.exe[1896] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text C:\WINDOWS\System32\MsPMSPSv.exe[1896] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC .text C:\WINDOWS\System32\MsPMSPSv.exe[1896] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720 .text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[2016] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[2016] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[2016] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[2016] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[2016] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[2016] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[2016] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[2016] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[2016] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[2016] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[2016] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[2016] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[2016] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[2016] WS2_32.dll!socket 719F4211 5 Bytes JMP 001308C4 .text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[2016] WS2_32.dll!bind 719F4480 5 Bytes JMP 00130838 .text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[2016] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00130950 .text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[2016] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC .text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[2016] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720 .text C:\Documents and Settings\Pascal Admin\Bureau\7c1ephfw.exe[2508] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\Documents and Settings\Pascal Admin\Bureau\7c1ephfw.exe[2508] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\Documents and Settings\Pascal Admin\Bureau\7c1ephfw.exe[2508] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\Documents and Settings\Pascal Admin\Bureau\7c1ephfw.exe[2508] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\Documents and Settings\Pascal Admin\Bureau\7c1ephfw.exe[2508] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\Documents and Settings\Pascal Admin\Bureau\7c1ephfw.exe[2508] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\Documents and Settings\Pascal Admin\Bureau\7c1ephfw.exe[2508] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\Documents and Settings\Pascal Admin\Bureau\7c1ephfw.exe[2508] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text C:\Documents and Settings\Pascal Admin\Bureau\7c1ephfw.exe[2508] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text C:\Documents and Settings\Pascal Admin\Bureau\7c1ephfw.exe[2508] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text C:\Documents and Settings\Pascal Admin\Bureau\7c1ephfw.exe[2508] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text C:\Documents and Settings\Pascal Admin\Bureau\7c1ephfw.exe[2508] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text C:\Documents and Settings\Pascal Admin\Bureau\7c1ephfw.exe[2508] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text C:\Documents and Settings\Pascal Admin\Bureau\7c1ephfw.exe[2508] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC .text C:\Documents and Settings\Pascal Admin\Bureau\7c1ephfw.exe[2508] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720 .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3264] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8 .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3264] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090 .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3264] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694 .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3264] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0 .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3264] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234 .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3264] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004 .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3264] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3264] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0 .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3264] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3264] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8 .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3264] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3264] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464 .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3264] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608 .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3264] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3264] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720 .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3264] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4 .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3264] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838 .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3264] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3684] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3684] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3684] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3684] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3684] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3684] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3684] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3684] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3684] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3684] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3684] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3684] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3684] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3684] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3684] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3684] WS2_32.dll!socket 719F4211 5 Bytes JMP 001308C4 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3684] WS2_32.dll!bind 719F4480 5 Bytes JMP 00130838 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3684] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00130950 .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3768] KERNEL32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3768] KERNEL32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3768] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3768] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3768] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3768] KERNEL32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3768] KERNEL32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3768] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3768] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3768] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3768] KERNEL32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3768] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3768] KERNEL32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3768] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3768] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720 .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3768] ws2_32.dll!socket 719F4211 5 Bytes JMP 001308C4 .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3768] ws2_32.dll!bind 719F4480 5 Bytes JMP 00130838 .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3768] ws2_32.dll!connect 719F4A07 5 Bytes JMP 00130950 .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3864] KERNEL32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3864] KERNEL32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3864] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3864] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3864] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3864] KERNEL32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3864] KERNEL32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3864] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3864] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3864] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3864] KERNEL32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3864] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3864] KERNEL32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3864] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3864] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720 .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3864] ws2_32.dll!socket 719F4211 5 Bytes JMP 001308C4 .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3864] ws2_32.dll!bind 719F4480 5 Bytes JMP 00130838 .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3864] ws2_32.dll!connect 719F4A07 5 Bytes JMP 00130950 .text C:\WINDOWS\System32\alg.exe[3916] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8 .text C:\WINDOWS\System32\alg.exe[3916] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090 .text C:\WINDOWS\System32\alg.exe[3916] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694 .text C:\WINDOWS\System32\alg.exe[3916] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0 .text C:\WINDOWS\System32\alg.exe[3916] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234 .text C:\WINDOWS\System32\alg.exe[3916] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004 .text C:\WINDOWS\System32\alg.exe[3916] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C .text C:\WINDOWS\System32\alg.exe[3916] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0 .text C:\WINDOWS\System32\alg.exe[3916] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C .text C:\WINDOWS\System32\alg.exe[3916] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8 .text C:\WINDOWS\System32\alg.exe[3916] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C .text C:\WINDOWS\System32\alg.exe[3916] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464 .text C:\WINDOWS\System32\alg.exe[3916] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608 .text C:\WINDOWS\System32\alg.exe[3916] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC .text C:\WINDOWS\System32\alg.exe[3916] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720 .text C:\WINDOWS\System32\alg.exe[3916] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4 .text C:\WINDOWS\System32\alg.exe[3916] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838 .text C:\WINDOWS\System32\alg.exe[3916] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950 ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F3364CE0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F3364D00] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F3364D90] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F3364DC0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F3364D90] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F3364D00] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F3364CE0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F3364D90] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F3364DC0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F3364CE0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F3364D00] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Messenger\msmsgs.exe[608] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00FE2EC0] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\Messenger\msmsgs.exe[608] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00FE2C30] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\Messenger\msmsgs.exe[608] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00FE2C90] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\Messenger\msmsgs.exe[608] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00FE2C60] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\wscntfy.exe[636] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [008F2EC0] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\wscntfy.exe[636] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [008F2C30] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\wscntfy.exe[636] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [008F2C90] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\wscntfy.exe[636] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [008F2C60] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\Explorer.EXE[1736] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01A12EC0] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\Explorer.EXE[1736] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01A12C30] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\Explorer.EXE[1736] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01A12C90] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\Explorer.EXE[1736] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01A12C60] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Documents and Settings\Pascal Admin\Bureau\7c1ephfw.exe[2508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802EC0] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Documents and Settings\Pascal Admin\Bureau\7c1ephfw.exe[2508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802C30] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Documents and Settings\Pascal Admin\Bureau\7c1ephfw.exe[2508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802C90] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Documents and Settings\Pascal Admin\Bureau\7c1ephfw.exe[2508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802C60] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3684] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00D42EC0] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3684] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00D42C30] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3684] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00D42C90] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3684] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00D42C60] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3768] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtCreateFile] [00802EC0] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3768] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDeviceIoControlFile] [00802C30] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3768] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtClose] [00802C90] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3768] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDuplicateObject] [00802C60] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3864] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtCreateFile] [00802EC0] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3864] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDeviceIoControlFile] [00802C30] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3864] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtClose] [00802C90] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3864] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDuplicateObject] [00802C60] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7E 0x80 0x7A 0xCB ... Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ... Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ... Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ... Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ... Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ... Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ... Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ... Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ... Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ... Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ... Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xF8 0x31 0x0F 0xA9 ... Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ... ---- EOF - GMER 1.0.15 ----

Merci pour votre patience; ça n'est effectivement pas simple!

Voici le rapport combofix : ComboFix 10-04-27.02 - Pascal Admin 02/05/2010 13:19:27.4.1 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.511.156 [GMT 2:00] Lancé depuis: c:\documents and settings\Pascal Admin\Bureau\bitruc.exe Commutateurs utilisés :: c:\documents and settings\Pascal Admin\Bureau\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FW: Sunbelt Kerio Personal Firewall *disabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174} FILE :: "c:\documents and settings\All Users\Menu Démarrer\Programmes\Gravure\Alcohol 120%\Online manual.lnk" "c:\documents and settings\All Users\Menu Démarrer\Programmes\Gravure\Alcohol 120%\Uninstall Alcohol 120%.lnk" "c:\program files\Alcohol Soft\Alcohol 120\Alcohol.exe" "c:\program files\Alcohol Soft\Alcohol 120\AXShlEx.dll" "c:\program files\Alcohol Soft\Alcohol 120\DevSupp.dll" "c:\program files\Alcohol Soft\Alcohol 120\Help\ax_enu.chm" "c:\program files\Alcohol Soft\Alcohol 120\Plugins\Images\ccdmount.dll" "c:\program files\PixVue\bin\Daemon.exe" "c:\windows\daemon.dll" "c:\windows\Downloaded Installations\DAEMON Tools 3.47\daemon.msi" "c:\windows\Prefetch\DAEMON.EXE-338AFD1E.pf" "d:\documents de pascal\Provi\daemon4304-lite.exe" "d:\utiltaires présents\Alcohol120_trial_1_4_6_711.exe" "d:\utiltaires présents\daemon-tools_daemon_tools_4.0.3_anglais_10729.exe" "d:\utiltaires présents\Daemon_Tools_L_v4.30.1.exe" "d:\utiltaires présents\daemon347.exe" "d:\utiltaires présents\daemon408-139-x86.exe" "e:\outils photo\PixVue.exe" "e:\u_w95-3\War FTP Daemon 1.66 - Jgaa(98)us.exe" "e:\u_w95-3\War Ftp Daemon Server 2 - Jgaa(97)us.exe" "e:\utiltaires présents\daemon-tools_daemon_tools_4.0.3_anglais_10729.exe" "e:\utiltaires présents\daemon347.exe" "e:\utiltaires présents\daemon408-139-x86.exe" "f:\outils photo\PixVue.exe" "f:\utiltaires présents\Alcohol120_trial_1_4_6_711.exe" "f:\utiltaires présents\daemon-tools_daemon_tools_4.0.3_anglais_10729.exe" "f:\utiltaires présents\daemon347.exe" "f:\utiltaires présents\daemon408-139-x86.exe" . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Menu Démarrer\Programmes\Gravure\Alcohol 120% c:\documents and settings\All Users\Menu Démarrer\Programmes\Gravure\Alcohol 120%\Alcohol 120%.lnk c:\documents and settings\All Users\Menu Démarrer\Programmes\Gravure\Alcohol 120%\Alcohol Command Launcher.lnk c:\documents and settings\All Users\Menu Démarrer\Programmes\Gravure\Alcohol 120%\Online manual.lnk c:\documents and settings\All Users\Menu Démarrer\Programmes\Gravure\Alcohol 120%\Uninstall Alcohol 120%.lnk c:\documents and settings\All Users\Menu Démarrer\Programmes\Gravure\DAEMON Tools c:\documents and settings\All Users\Menu Démarrer\Programmes\Gravure\DAEMON Tools\DAEMON Tools.lnk c:\documents and settings\All Users\Menu Démarrer\Programmes\Gravure\DAEMON Tools\Uninstall.lnk c:\documents and settings\Pascal Admin\Application Data\DAEMON Tools Lite c:\documents and settings\Pascal Admin\Application Data\DAEMON Tools Lite\ImageCatalog.xml c:\documents and settings\Pascal Admin\Application Data\DAEMON Tools c:\documents and settings\Pascal Admin\Application Data\DAEMON Tools\daemontools.ini c:\documents and settings\Pascal Admin\Application Data\PixVue c:\documents and settings\Pascal Admin\Application Data\PixVue\Mes galeries\Gallery14.GDB c:\documents and settings\Pascal Admin\Application Data\PixVue\Mes galeries\Gallery14.NDX c:\documents and settings\Pascal Admin\Application Data\PixVue\Mes galeries\Thumbnails14.GDB c:\documents and settings\Pascal Admin\Application Data\PixVue\Mes galeries\Thumbnails14.NDX c:\windows\Downloaded Installations\DAEMON Tools 3.47 c:\windows\Downloaded Installations\DAEMON Tools 3.47\daemon.msi c:\windows\Prefetch\DAEMON.EXE-338AFD1E.pf e:\outils photo\PixVue.exe e:\u_w95-3\War FTP Daemon 1.66 - Jgaa(98)us.exe e:\u_w95-3\War Ftp Daemon Server 2 - Jgaa(97)us.exe f:\outils photo\PixVue.exe Une copie infectée de c:\windows\system32\Drivers\atapi.sys a été trouvée et désinfectée Copie restaurée à partir de - c:\windows\ServicePackFiles\i386\atapi.sys . ((((((((((((((((((((((((((((( Fichiers créés du 2010-04-02 au 2010-05-02 )))))))))))))))))))))))))))))))))))) . 2010-05-02 10:13 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-04-28 19:32 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe 2010-04-28 14:55 . 2010-05-01 15:53 -------- d-----w- c:\program files\SEAF 2010-04-28 08:09 . 2010-04-28 08:09 -------- d-----w- c:\documents and settings\Pascal Admin\Application Data\Foxit Software 2010-04-27 10:03 . 2010-04-27 11:25 -------- d-----w- C:\Ad-Remover 2010-04-26 17:31 . 2010-04-27 08:12 -------- d-----w- C:\ToolBar SD 2010-04-04 09:37 . 2010-04-04 09:37 46 ----a-w- c:\windows\system32\DonationCoder_urlsnooper_InstallInfo.dat 2010-04-04 09:37 . 2010-04-04 09:37 -------- d-----w- c:\documents and settings\Pascal Admin\Application Data\DonationCoder 2010-04-04 09:36 . 2010-04-04 09:36 -------- d-----w- c:\program files\WinPcap 2010-04-04 09:35 . 2010-04-21 05:48 -------- d-----w- c:\program files\URLSnooper2 2010-04-04 09:35 . 2010-04-04 09:35 -------- d-----w- c:\documents and settings\All Users\Application Data\DonationCoder 2010-04-04 09:21 . 2010-04-04 09:21 -------- d-----w- c:\program files\Xi . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-02 10:13 . 2009-12-20 14:11 -------- d-----w- c:\program files\Java 2010-05-02 09:15 . 2008-05-24 19:58 -------- d-----w- c:\program files\ZebHelpProcess 2 2010-05-01 14:42 . 2009-11-29 17:46 -------- d-----w- c:\program files\ZHPDiag 2010-04-30 16:57 . 2005-11-06 11:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-04-27 06:59 . 2006-08-08 20:23 1735460 ----a-w- c:\windows\system32\drivers\fwdrv.err 2010-04-26 17:46 . 2008-01-19 10:01 -------- d-----w- c:\documents and settings\Pascal Admin\Application Data\uTorrent 2010-04-26 10:21 . 2008-12-26 17:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-26 10:14 . 2009-01-10 19:45 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-04-26 08:40 . 2007-10-20 09:05 -------- d-----w- c:\program files\CCleaner 2010-04-25 00:29 . 2010-04-25 00:29 664 ----a-w- c:\documents and settings\Dominique\Local Settings\Application Data\d3d9caps.tmp 2010-04-17 11:50 . 2008-12-19 12:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-04-09 10:05 . 2004-11-04 18:05 -------- d-----w- c:\program files\Fichiers communs\Adobe 2010-04-07 05:43 . 2006-04-15 10:06 -------- d-----w- c:\program files\Radio Fr Solo 2010-04-05 10:24 . 2008-11-24 19:11 -------- d-----w- c:\documents and settings\Pascal Admin\Application Data\Vso 2010-04-04 14:41 . 2008-11-30 21:38 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-04-03 17:29 . 2010-04-03 17:29 503808 ----a-w- c:\documents and settings\Dominique\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6f6d9473-n\msvcp71.dll 2010-04-03 17:29 . 2010-04-03 17:29 499712 ----a-w- c:\documents and settings\Dominique\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6f6d9473-n\jmc.dll 2010-04-03 17:29 . 2010-04-03 17:29 12800 ----a-w- c:\documents and settings\Dominique\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2524fe97-n\decora-d3d.dll 2010-04-03 17:29 . 2010-04-03 17:29 348160 ----a-w- c:\documents and settings\Dominique\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6f6d9473-n\msvcr71.dll 2010-04-03 17:29 . 2010-04-03 17:29 61440 ----a-w- c:\documents and settings\Dominique\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2524fe97-n\decora-sse.dll 2010-04-03 10:07 . 2005-10-07 15:49 -------- d-----w- c:\program files\Fichiers communs\Java 2010-04-03 10:07 . 2010-04-03 10:07 503808 ----a-w- c:\documents and settings\Pascal Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5ae4574e-n\msvcp71.dll 2010-04-03 10:07 . 2010-04-03 10:07 61440 ----a-w- c:\documents and settings\Pascal Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-65ae946b-n\decora-sse.dll 2010-04-03 10:07 . 2010-04-03 10:07 499712 ----a-w- c:\documents and settings\Pascal Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5ae4574e-n\jmc.dll 2010-04-03 10:07 . 2010-04-03 10:07 348160 ----a-w- c:\documents and settings\Pascal Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5ae4574e-n\msvcr71.dll 2010-04-03 10:07 . 2010-04-03 10:07 12800 ----a-w- c:\documents and settings\Pascal Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-65ae946b-n\decora-d3d.dll 2010-04-03 10:05 . 2001-08-28 12:00 615420 ----a-w- c:\windows\system32\perfh00C.dat 2010-04-03 10:05 . 2001-08-28 12:00 123638 ----a-w- c:\windows\system32\perfc00C.dat 2010-03-29 22:46 . 2008-12-26 17:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-29 22:45 . 2008-12-26 17:58 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-28 12:37 . 2010-03-06 16:20 -------- d-----w- c:\program files\USB-set 2010-03-27 12:32 . 2008-03-16 14:51 -------- d-----w- c:\documents and settings\Dominique\Application Data\Smart Panel 2010-03-26 11:17 . 2004-10-10 15:53 -------- d-----w- c:\program files\eMule 2010-03-24 13:09 . 2005-02-14 21:38 117824 ----a-w- c:\documents and settings\Olivier\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-03-24 13:05 . 2010-03-24 13:05 130 ----a-w- c:\documents and settings\Olivier\Local Settings\Application Data\fusioncache.dat 2010-03-20 13:00 . 2008-05-24 11:41 -------- d-----w- c:\documents and settings\All Users\Application Data\BSD 2010-03-13 17:28 . 2010-03-13 17:28 2734 ----a-r- c:\documents and settings\Pascal Admin\Application Data\Microsoft\Installer\{C9CE8735-F02F-4DE4-B979-04D30DFFE7C3}\_2cd672ae.exe 2010-03-13 17:28 . 2010-03-13 17:28 2734 ----a-r- c:\documents and settings\Pascal Admin\Application Data\Microsoft\Installer\{C9CE8735-F02F-4DE4-B979-04D30DFFE7C3}\_294823.exe 2010-03-13 17:28 . 2010-03-13 17:28 2734 ----a-r- c:\documents and settings\Pascal Admin\Application Data\Microsoft\Installer\{C9CE8735-F02F-4DE4-B979-04D30DFFE7C3}\_18be6784.exe 2010-03-13 17:28 . 2010-03-13 17:28 12390 ----a-r- c:\documents and settings\Pascal Admin\Application Data\Microsoft\Installer\{C9CE8735-F02F-4DE4-B979-04D30DFFE7C3}\_4ae13d6c.exe 2010-03-13 17:28 . 2010-03-13 17:28 -------- d-----w- c:\program files\Ujihara 2010-03-10 06:16 . 2002-08-29 09:45 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-03-07 19:00 . 2005-05-15 08:35 -------- d-----w- c:\documents and settings\Pascal Admin\Application Data\ArcSoft 2010-02-25 06:17 . 2002-08-29 09:45 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2005-02-12 12:06 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-24 08:16 . 2009-10-23 08:40 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr 2010-02-17 12:07 . 2002-08-29 09:42 2192000 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 19:07 . 2002-08-29 11:42 2068864 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 04:34 . 2002-08-29 09:44 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2002-08-28 23:37 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys 1999-12-02 12:54 . 2007-10-27 08:36 91648 ------w- c:\program files\xcacls.exe 2008-09-10 11:49 . 2008-09-10 11:49 5817064 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll 2005-05-30 19:37 . 2005-05-30 19:37 8192 --sha-w- c:\windows\o2cLicStore.bin 2005-05-05 15:01 . 2005-05-05 15:01 8 --sh--r- c:\windows\system32\0AA48D50C7.sys 2006-07-11 06:15 . 2006-07-11 06:15 5 --sha-w- c:\windows\system32\aebdd_s.dll 2008-04-14 02:33 . 2001-08-28 12:00 65024 --sha-w- c:\windows\system32\asycfilt.dll 2005-05-05 15:15 . 2005-05-05 15:01 1056 --sha-w- c:\windows\system32\KGyGaAvL.sys 2001-08-28 12:00 . 2001-08-28 12:00 57344 --sha-w- c:\windows\system32\mfc42loc.dll 2001-08-28 12:00 . 2001-08-28 12:00 253952 --sha-w- c:\windows\system32\msvcrt20.dll 2008-04-14 02:33 . 2002-08-29 09:44 551936 --sha-w- c:\windows\system32\oleaut32.dll 2008-04-14 02:33 . 2001-08-28 12:00 84992 --sha-w- c:\windows\system32\olepro32.dll 2008-04-14 02:33 . 2001-08-28 12:00 30749 --sha-w- c:\windows\system32\vbajet32.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "PSDrvCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-08-28 396800] "CloneCDElbyCDFL"="c:\program files\SlySoft\CloneCD\ElbyCheck.exe" [2002-11-02 45056] "LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-07 488984] "LVCOMSX"="c:\program files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" [2007-02-06 252704] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Pascal Admin\Menu D‚marrer\Programmes\D‚marrage\ HotSync Manager.lnk - c:\palm\HOTSYNC.EXE [2004-4-13 299008] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-1-14 122880] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 10:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e\0SsiEfr.e [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Nikon Monitor.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Nikon Monitor.lnk backup=c:\windows\pss\Nikon Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Pascal Admin^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk] path=c:\documents and settings\Pascal Admin\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk backup=c:\windows\pss\Adobe Gamma.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Pascal Admin^Menu Démarrer^Programmes^Démarrage^Outil de notification Live Search.lnk] backup=c:\windows\pss\Outil de notification Live Search.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] 2007-02-07 23:13 774168 ----a-w- c:\program files\Logitech\QuickCam10\QuickCam10.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= R0 axwhisky;axwhisky;c:\windows\system32\drivers\axwhisky.sys [02/07/2003 18:41 5248] R0 axwskbus;axwskbus;c:\windows\system32\drivers\axwskbus.sys [02/07/2003 17:49 124160] R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [28/11/2002 12:43 22016] R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [04/11/2004 11:55 23003] R0 PrecSim;PrecSim;c:\windows\system32\drivers\precsim.sys [22/05/2002 01:00 69600] R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [18/07/2006 12:02 284184] R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [18/07/2006 12:02 91672] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [29/02/2008 16:03 8944] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [29/02/2008 16:03 51440] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [03/10/2009 12:04 108289] R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20/10/2009 20:19 50704] R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [27/04/2007 15:19 2368] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [05/10/2006 23:11 13592] R3 chdrvr01;CH Control Manager Driver 1;c:\windows\system32\drivers\chdrvr01.sys [06/01/2008 18:37 215104] R3 chdrvr02;CH Control Manager Driver 2;c:\windows\system32\drivers\chdrvr02.sys [06/01/2008 18:37 3744] R3 chdrvr03;CH Control Manager Driver 3;c:\windows\system32\drivers\chdrvr03.sys [06/01/2008 18:37 9024] R3 emu10kx;Creative EMU10K1/EMU10K2 Audio Driver (WDM);c:\windows\system32\drivers\e10kx2k.sys [01/04/2006 14:19 1757928] S3 MODRC;DiBcom Infrared Receiver;c:\windows\system32\drivers\modrc.sys [28/04/2008 18:54 13824] S3 PctvVirtualNdis;Pinnacle Virtual Miniport;c:\windows\system32\drivers\PctvVirtualNdis.sys [28/04/2008 19:14 13696] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16/02/2006 16:51 4096] . Contenu du dossier 'Tâches planifiées' 2010-05-02 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-10-05 21:11] . . ------- Examen supplémentaire ------- . mWindow Title = uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Télécharger avec NetTransport - c:\program files\Xi\NetTransport 2\NTAddLink.html IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Tout t&élécharger avec NetTransport - c:\program files\Xi\NetTransport 2\NTAddList.html Trusted Zone: ahnlab.com\global Trusted Zone: cltnet.de\www Trusted Zone: gdfsuez.com\webmailfr TCP: {9548D205-C2A3-4969-BEF2-92CBB72FF227} = 192.168.0.1 DPF: DirectAnimation Java Classes DPF: Microsoft XML Parser for Java DPF: teleir_cert - hxxps://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab DPF: {0D9392CD-A784-4FCA-9342-0F75F7D7C8CB} - hxxp://www.cltnet.de/login/dplaunch.cab DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-2.0.cab FF - ProfilePath - c:\documents and settings\Pascal Admin\Application Data\Mozilla\Firefox\Profiles\ksf78zvj.default\ FF - prefs.js: browser.search.selectedEngine - Live Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q= FF - component: c:\documents and settings\Pascal Admin\Application Data\Mozilla\Firefox\Profiles\ksf78zvj.default\extensions\isadmin@vdtsoftware.ffext\components\isadmin.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . - - - - ORPHELINS SUPPRIMES - - - - WebBrowser-{200B4767-4E46-4A4F-B2A0-D23A0E30B592} - (no file) ShellIconOverlayIdentifiers-{3E57A8B6-849B-476E-A3E9-CFCE49E3662A} - (no file) ShellIconOverlayIdentifiers-{E3F36090-0540-418f-8136-074D5B255B59} - (no file) ShellIconOverlayIdentifiers-{E1C1BE26-35A8-4999-A3A6-235CB7BD558B} - (no file) ShellIconOverlayIdentifiers-{2E9BD3CA-A57F-450b-B1BA-A6A58C0C1D51} - (no file) ShellIconOverlayIdentifiers-{BCA5FB3A-9FC1-4465-ACE3-8C2072449164} - (no file) ShellIconOverlayIdentifiers-{F0C13C81-FB8D-464e-873F-F8FF999E3EEC} - (no file) ShellIconOverlayIdentifiers-{0117FFFB-91FD-414E-AC34-A00531032006} - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-02 13:34 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x82F73CC0]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf86daf28 \Driver\ACPI -> ACPI.sys @ 0xf862ccb8 \Driver\atapi -> 0x82f73cc0 IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615 ParseProcedure -> 0x827841b0 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615 ParseProcedure -> 0x827841b0 Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-1935655697-1993962763-1343024091-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(688) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(7100) c:\program files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe c:\windows\system32\Ati2evxx.exe c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe c:\program files\Sandboxie\SbieSvc.exe c:\windows\System32\MsPMSPSv.exe c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe c:\windows\System32\wbem\wmiapsrv.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Heure de fin: 2010-05-02 13:50:08 - La machine a redémarré ComboFix-quarantined-files.txt 2010-05-02 11:49 ComboFix2.txt 2010-04-28 19:19 ComboFix3.txt 2010-04-28 12:08 ComboFix4.txt 2010-04-27 19:24 Avant-CF: 15 283 658 752 octets libres Après-CF: 15 211 896 832 octets libres Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4 - - End Of File - - 29719E2E198F562DB03CF8E29C042DF5

Voici le résultat : 1. ========================= SEAF 1.0.0.7 - C_XX 2. 3. Commencé à: 17:44:10 le 01/05/2010 4. 5. Valeur(s) recherchée(s): 6. 7. Alcohol 8. Daemon 9. Pixvue 10. spdt 11. 12. (!) --- Recherche registre 13. 14. ====== Fichier(s) (TC: Date de création, TM: Date de modification, DA, Dernier accès) ====== 15. 16. "c:\WINDOWS\daemon.dll" [ ----A---- | 69120 ] 17. TC: 22/08/2004,17:04:56 | TM: 22/08/2004,17:04:56 | DA: 01/05/2010,16:40:52 18. 19. ========================= 20. 21. "c:\WINDOWS\system32\cidaemon.exe" [ ----A---- | 8192 ] 22. TC: 28/08/2001,14:00:00 | TM: 28/08/2001,14:00:00 | DA: 01/05/2010,16:41:03 23. 24. ========================= 25. 26. "c:\WINDOWS\system32\oobe\isperror\ispdtone.htm" [ ----A---- | 3224 ] 27. TC: 03/10/2004,18:15:45 | TM: 28/08/2001,14:00:00 | DA: 27/04/2010,17:56:54 28. 29. ========================= 30. 31. "c:\WINDOWS\system32\dllcache\cidaemon.exe" [ ----AC---- | 8192 ] 32. TC: 28/08/2001,14:00:00 | TM: 28/08/2001,14:00:00 | DA: 30/04/2010,21:55:51 33. 34. ========================= 35. 36. "c:\WINDOWS\ServicePackFiles\i386\ispdtone.htm" [ ----N---- | 3224 ] 37. TC: 07/10/2008,20:22:45 | TM: 28/08/2001,14:00:00 | DA: 27/04/2010,17:48:16 38. 39. ========================= 40. 41. "c:\WINDOWS\Prefetch\ALCOHOL.EXE-2B0DA9A4.pf" [ ----A---- | 26680 ] 42. TC: 01/05/2010,16:04:27 | TM: 01/05/2010,16:04:27 | DA: 01/05/2010,16:04:27 43. 44. ========================= 45. 46. "c:\WINDOWS\Prefetch\DAEMON.EXE-338AFD1E.pf" [ ----A---- | 61668 ] 47. TC: 01/05/2010,11:15:57 | TM: 01/05/2010,11:16:00 | DA: 01/05/2010,11:16:00 48. 49. ========================= 50. 51. "c:\WINDOWS\Downloaded Installations\DAEMON Tools 3.47\daemon.msi" [ ----A---- | 829952 ] 52. TC: 05/10/2005,16:33:48 | TM: 20/08/2006,10:36:29 | DA: 27/04/2010,17:50:08 53. 54. ========================= 55. 56. "c:\Program Files\GNU Solfege\python\Tools\Scripts\mailerdaemon.py" [ ----A---- | 8157 ] 57. TC: 11/09/2009,11:29:08 | TM: 28/10/2005,20:06:40 | DA: 27/04/2010,17:32:38 58. 59. ========================= 60. 61. "c:\Documents and Settings\Pascal Admin\Recent\Alcohol_120%_v1[1].4.6.711_by_ViperZX.zip.lnk" [ ----A---- | 567 ] 62. TC: 01/05/2010,16:37:11 | TM: 01/05/2010,16:37:11 | DA: 01/05/2010,16:37:11 63. 64. ========================= 65. 66. "c:\Documents and Settings\Pascal Admin\Application Data\PixVue\Mes galeries\Gallery14.GDB" [ ----A---- | 65535 ] 67. TC: 20/11/2005,19:36:54 | TM: 20/11/2005,19:36:54 | DA: 27/04/2010,18:13:23 68. 69. ========================= 70. 71. "c:\Documents and Settings\Pascal Admin\Application Data\PixVue\Mes galeries\Gallery14.NDX" [ ----A---- | 65535 ] 72. TC: 20/11/2005,19:36:54 | TM: 20/11/2005,19:36:54 | DA: 27/04/2010,18:13:23 73. 74. ========================= 75. 76. "c:\Documents and Settings\Pascal Admin\Application Data\PixVue\Mes galeries\Thumbnails14.GDB" [ ----A---- | 65535 ] 77. TC: 16/10/2005,18:56:53 | TM: 16/10/2005,18:56:53 | DA: 27/04/2010,18:13:23 78. 79. ========================= 80. 81. "c:\Documents and Settings\Pascal Admin\Application Data\PixVue\Mes galeries\Thumbnails14.NDX" [ ----A---- | 36864 ] 82. TC: 16/10/2005,18:56:53 | TM: 16/10/2005,18:56:53 | DA: 27/04/2010,18:13:23 83. 84. ========================= 85. 86. "c:\Documents and Settings\Pascal Admin\Application Data\DAEMON Tools Lite\ImageCatalog.xml" [ ----A---- | 97 ] 87. TC: 28/08/2009,15:41:02 | TM: 28/08/2009,15:41:03 | DA: 27/04/2010,18:13:05 88. 89. ========================= 90. 91. "c:\Documents and Settings\Pascal Admin\Application Data\DAEMON Tools\daemontools.ini" [ ----A---- | 23 ] 92. TC: 23/08/2008,11:10:42 | TM: 23/08/2008,11:10:42 | DA: 27/04/2010,18:13:05 93. 94. ========================= 95. 96. "c:\Documents and Settings\Dominique\Application Data\PixVue\Mes galeries\Gallery14.GDB" [ ----A---- | 65535 ] 97. TC: 16/12/2005,20:22:46 | TM: 16/12/2005,20:22:47 | DA: 27/04/2010,18:09:39 98. 99. ========================= 100. 101. "c:\Documents and Settings\Dominique\Application Data\PixVue\Mes galeries\Gallery14.NDX" [ ----A---- | 65535 ] 102. TC: 16/12/2005,20:22:46 | TM: 16/12/2005,20:22:47 | DA: 27/04/2010,18:09:39 103. 104. ========================= 105. 106. "c:\Documents and Settings\All Users\Menu Démarrer\Programmes\photos\PixVue\PixVue Help.lnk" [ ----A---- | 2405 ] 107. TC: 15/10/2005,11:58:59 | TM: 16/10/2005,19:03:59 | DA: 01/05/2010,16:22:44 108. 109. ========================= 110. 111. "c:\Documents and Settings\All Users\Menu Démarrer\Programmes\Gravure\DAEMON Tools\DAEMON Tools.lnk" [ ----A---- | 720 ] 112. TC: 24/03/2007,16:34:48 | TM: 30/05/2009,22:07:26 | DA: 01/05/2010,16:22:08 113. 114. ========================= 115. 116. "c:\Documents and Settings\All Users\Menu Démarrer\Programmes\Gravure\DAEMON Tools\Uninstall.lnk" [ ----A---- | 720 ] 117. TC: 24/03/2007,16:34:48 | TM: 30/05/2009,22:07:26 | DA: 01/05/2010,16:22:08 118. 119. ========================= 120. 121. "c:\Documents and Settings\All Users\Menu Démarrer\Programmes\Gravure\Alcohol 120%\Alcohol 120%.lnk" [ ----A---- | 1801 ] 122. TC: 05/11/2004,12:00:37 | TM: 05/11/2004,12:00:37 | DA: 01/05/2010,16:22:05 123. 124. ========================= 125. 126. "c:\Documents and Settings\All Users\Menu Démarrer\Programmes\Gravure\Alcohol 120%\Alcohol Command Launcher.lnk" [ ----A---- | 1703 ] 127. TC: 05/11/2004,12:00:37 | TM: 05/11/2004,12:00:37 | DA: 01/05/2010,16:22:05 128. 129. ========================= 130. 131. "c:\Documents and Settings\All Users\Menu Démarrer\Programmes\Gravure\Alcohol 120%\Online manual.lnk" [ ----A---- | 1777 ] 132. TC: 05/11/2004,12:00:37 | TM: 05/11/2004,12:00:37 | DA: 01/05/2010,16:22:05 133. 134. ========================= 135. 136. "c:\Documents and Settings\All Users\Menu Démarrer\Programmes\Gravure\Alcohol 120%\Uninstall Alcohol 120%.lnk" [ ----A---- | 513 ] 137. TC: 05/11/2004,12:00:37 | TM: 05/11/2004,12:00:37 | DA: 01/05/2010,16:22:05 138. 139. ========================= 140. 141. "d:\Utiltaires présents\Alcohol120_trial_1_4_6_711.exe" [ ----A---- | 3687589 ] 142. TC: 10/10/2004,11:49:48 | TM: 13/09/2003,12:22:50 | DA: 27/04/2010,18:28:31 143. 144. ========================= 145. 146. "d:\Utiltaires présents\Alcohol_120%_v1[1].4.6.711_by_ViperZX.zip" [ ----A---- | 15735 ] 147. TC: 10/10/2004,11:49:50 | TM: 19/09/2003,15:27:29 | DA: 27/04/2010,18:28:31 148. 149. ========================= 150. 151. "d:\Utiltaires présents\daemon-tools_daemon_tools_4.0.3_anglais_10729.exe" [ ----A---- | 1439128 ] 152. TC: 09/06/2006,12:04:36 | TM: 09/06/2006,12:04:42 | DA: 27/04/2010,18:29:01 153. 154. ========================= 155. 156. "d:\Utiltaires présents\daemon347.exe" [ ----A---- | 504320 ] 157. TC: 05/10/2005,17:08:43 | TM: 05/10/2005,16:23:09 | DA: 27/04/2010,18:29:01 158. 159. ========================= 160. 161. "d:\Utiltaires présents\daemon408-139-x86.exe" [ ----A---- | 1527192 ] 162. TC: 24/03/2007,16:27:26 | TM: 24/03/2007,16:27:25 | DA: 27/04/2010,18:29:01 163. 164. ========================= 165. 166. "d:\Utiltaires présents\Daemon_Tools_L_v4.30.1.exe" [ ----A---- | 4744648 ] 167. TC: 23/08/2008,10:42:48 | TM: 23/08/2008,10:44:02 | DA: 27/04/2010,18:29:01 168. 169. ========================= 170. 171. "d:\Documents de Pascal\Provi\alcoholer.rar" [ ----A---- | 578252 ] 172. TC: 03/10/2009,15:28:40 | TM: 03/10/2009,15:28:42 | DA: 27/04/2010,18:19:26 173. 174. ========================= 175. 176. "d:\Documents de Pascal\Provi\daemon4304-lite.exe" [ ----A---- | 7658952 ] 177. TC: 28/08/2009,13:59:24 | TM: 28/08/2009,13:59:43 | DA: 30/04/2010,12:51:13 178. 179. ========================= 180. 181. "d:\Documents de Cécile\Photos\Nouvel An 2004 (Nancy)\alcohol-no%20alcohol.jpg" [ ----A---- | 98175 ] 182. TC: 06/01/2005,19:24:08 | TM: 06/01/2005,19:24:04 | DA: 27/04/2010,18:17:00 183. 184. ========================= 185. 186. "e:\U_w95-3\War FTP Daemon 1.66 - Jgaa(98)us.exe" [ ----RA---- | 326046 ] 187. TC: 26/05/2006,11:35:37 | TM: 17/12/1999,18:25:30 | DA: 27/04/2010,18:36:43 188. 189. ========================= 190. 191. "e:\U_w95-3\War FTP Daemon 1.66 - Jgaa(98)us.txt" [ ----RA---- | 62 ] 192. TC: 26/05/2006,11:35:37 | TM: 01/12/1999,18:42:20 | DA: 27/04/2010,18:36:43 193. 194. ========================= 195. 196. "e:\U_w95-3\War Ftp Daemon Server 2 - Jgaa(97)us.exe" [ ----RA---- | 610195 ] 197. TC: 26/05/2006,11:35:37 | TM: 17/12/1999,18:25:20 | DA: 27/04/2010,18:36:43 198. 199. ========================= 200. 201. "e:\U_w95-3\War Ftp Daemon Server 2 - Jgaa(97)us.txt" [ ----RA---- | 66 ] 202. TC: 26/05/2006,11:35:37 | TM: 01/12/1999,18:42:24 | DA: 27/04/2010,18:36:43 203. 204. ========================= 205. 206. "e:\Utiltaires présents\Alcohol120_trial_1_4_6_711.exe" [ ----A---- | 3687589 ] 207. TC: 19/05/2008,22:42:27 | TM: 13/09/2003,12:22:50 | DA: 01/05/2010,16:36:15 208. 209. ========================= 210. 211. "e:\Utiltaires présents\daemon-tools_daemon_tools_4.0.3_anglais_10729.exe" [ ----A---- | 1439128 ] 212. TC: 19/05/2008,22:42:43 | TM: 09/06/2006,12:04:42 | DA: 27/04/2010,18:35:54 213. 214. ========================= 215. 216. "e:\Utiltaires présents\daemon347.exe" [ ----A---- | 504320 ] 217. TC: 19/05/2008,22:42:43 | TM: 05/10/2005,16:23:09 | DA: 27/04/2010,18:35:54 218. 219. ========================= 220. 221. "e:\Utiltaires présents\daemon408-139-x86.exe" [ ----A---- | 1527192 ] 222. TC: 19/05/2008,22:42:43 | TM: 24/03/2007,16:27:25 | DA: 27/04/2010,18:35:55 223. 224. ========================= 225. 226. "e:\Outils photo\PixVue.exe" [ ----A---- | 7769600 ] 227. TC: 29/04/2006,11:43:01 | TM: 10/10/2005,22:43:14 | DA: 27/04/2010,18:32:08 228. 229. ========================= 230. 231. "f:\Utiltaires présents\Alcohol120_trial_1_4_6_711.exe" [ ----A---- | 3687589 ] 232. TC: 03/02/2008,12:05:30 | TM: 13/09/2003,12:22:50 | DA: 27/04/2010,18:39:34 233. 234. ========================= 235. 236. "f:\Utiltaires présents\Alcohol_120%_v1[1].4.6.711_by_ViperZX.zip" [ ----A---- | 15735 ] 237. TC: 03/02/2008,12:05:31 | TM: 19/09/2003,15:27:29 | DA: 27/04/2010,18:39:29 238. 239. ========================= 240. 241. "f:\Utiltaires présents\daemon-tools_daemon_tools_4.0.3_anglais_10729.exe" [ ----A---- | 1439128 ] 242. TC: 03/02/2008,12:05:54 | TM: 09/06/2006,12:04:42 | DA: 27/04/2010,18:39:36 243. 244. ========================= 245. 246. "f:\Utiltaires présents\daemon347.exe" [ ----A---- | 504320 ] 247. TC: 03/02/2008,12:05:54 | TM: 05/10/2005,16:23:09 | DA: 27/04/2010,18:39:38 248. 249. ========================= 250. 251. "f:\Utiltaires présents\daemon408-139-x86.exe" [ ----A---- | 1527192 ] 252. TC: 03/02/2008,12:05:54 | TM: 24/03/2007,16:27:25 | DA: 27/04/2010,18:39:38 253. 254. ========================= 255. 256. "f:\Outils photo\PixVue.exe" [ ----A---- | 7769600 ] 257. TC: 27/01/2007,16:48:26 | TM: 10/10/2005,22:43:14 | DA: 27/04/2010,18:38:36 258. 259. ========================= 260. 261. ====== Dossier(s) (TC: Date de création, TM: Date de modification, DA, Dernier accès) ====== 262. 263. "c:\WINDOWS\Downloaded Installations\DAEMON Tools 3.47" [ ----D---- ] 264. TC: 05/10/2005,16:33:48 | TM: 05/10/2005,16:33:48 | DA: 01/05/2010,17:50:57 265. 266. ========================= 267. 268. "c:\Documents and Settings\Pascal Admin\Application Data\DAEMON Tools" [ ----D---- ] 269. TC: 23/08/2008,11:10:42 | TM: 04/09/2009,22:05:07 | DA: 01/05/2010,17:50:58 270. 271. ========================= 272. 273. "c:\Documents and Settings\Pascal Admin\Application Data\DAEMON Tools Lite" [ ----D---- ] 274. TC: 28/08/2009,15:30:24 | TM: 04/09/2009,22:05:07 | DA: 01/05/2010,17:50:58 275. 276. ========================= 277. 278. "c:\Documents and Settings\Pascal Admin\Application Data\PixVue" [ ----D---- ] 279. TC: 15/10/2005,11:58:58 | TM: 01/05/2010,11:16:03 | DA: 01/05/2010,11:16:03 280. 281. ========================= 282. 283. "c:\Documents and Settings\Pascal Admin\Application Data\PixVue\Mes galeries" [ ----D---- ] 284. TC: 16/10/2005,10:40:02 | TM: 20/11/2005,19:36:54 | DA: 01/05/2010,17:50:58 285. 286. ========================= 287. 288. "c:\Documents and Settings\Dominique\Application Data\PixVue" [ ----D---- ] 289. TC: 16/12/2005,20:22:45 | TM: 16/12/2005,20:22:45 | DA: 30/04/2010,21:59:11 290. 291. ========================= 292. 293. "c:\Documents and Settings\Dominique\Application Data\PixVue\Mes galeries" [ ----D---- ] 294. TC: 16/12/2005,20:22:45 | TM: 16/12/2005,20:22:46 | DA: 01/05/2010,17:50:58 295. 296. ========================= 297. 298. "c:\Documents and Settings\All Users\Menu Démarrer\Programmes\photos\PixVue" [ ----D---- ] 299. TC: 15/10/2005,11:58:59 | TM: 15/10/2005,11:58:59 | DA: 01/05/2010,17:42:37 300. 301. ========================= 302. 303. "c:\Documents and Settings\All Users\Menu Démarrer\Programmes\Gravure\Alcohol 120%" [ ----D---- ] 304. TC: 05/11/2004,12:00:36 | TM: 05/11/2004,12:00:37 | DA: 01/05/2010,17:42:36 305. 306. ========================= 307. 308. "c:\Documents and Settings\All Users\Menu Démarrer\Programmes\Gravure\DAEMON Tools" [ ----D---- ] 309. TC: 08/05/2009,16:08:04 | TM: 20/09/2009,11:55:16 | DA: 01/05/2010,17:42:36 310. 311. ========================= 312. 313. 314. ====== Entrée(s) du registre ====== 315. 316. 317. 318. [HKEY_CLASSES_ROOT\AXShlEx.AlcoholShellEx] 319. ""="AlcoholShellEx" 320. 321. [HKEY_CLASSES_ROOT\Interface\{00C724A3-E741-4CE7-B3E4-2FABB3FA2CBE}] 322. ""="IAlcoholShellEx" 323. 324. [HKEY_CLASSES_ROOT\TypeLib\{DFFAEA82-07FA-4440-9A52-D54EB21C627F}\1.0\0\win32] 325. ""="C:\Program Files\Alcohol Soft\Alcohol 120\AXShlEx.dll" 326. 327. [HKEY_CLASSES_ROOT\TypeLib\{DFFAEA82-07FA-4440-9A52-D54EB21C627F}\1.0\HELPDIR] 328. ""="C:\Program Files\Alcohol Soft\Alcohol 120\" 329. 330. [HKEY_CURRENT_USER\Software\Alcohol Soft\Alcohol 120%\Basic] 331. "App Caption"="Alcohol 120%- Trial Version" 332. 333. [HKEY_CURRENT_USER\Software\GlarySoft\Glary Utilities\TracksEraser\Sections] 334. "300Alcohol 120%"="" 335. 336. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cue\OpenWithList] 337. "f"="Alcohol.exe" 338. 339. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mdf\OpenWithProgids] 340. "AlcoholImageFile"="" 341. 342. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mds\OpenWithList] 343. "a"="Alcohol.exe" 344. 345. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mds\OpenWithProgids] 346. "AlcoholImageFile"="" 347. 348. [HKEY_CURRENT_USER\Software\Nico Mak Computing\WinZip\filemenu] 349. "filemenu1"="E:\Utiltaires présents\Alcohol_120%_v1[1].4.6.711_by_ViperZX.zip" 350. 351. [HKEY_LOCAL_MACHINE\SOFTWARE\ATI Technologies\CDS\Software\0] 352. "ProgramItem0292"="[Alcohol 120% (Trial Version)] (0x00000000)" 353. 354. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AXShlEx.AlcoholShellEx] 355. ""="AlcoholShellEx" 356. 357. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00C724A3-E741-4CE7-B3E4-2FABB3FA2CBE}] 358. ""="IAlcoholShellEx" 359. 360. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DFFAEA82-07FA-4440-9A52-D54EB21C627F}\1.0\0\win32] 361. ""="C:\Program Files\Alcohol Soft\Alcohol 120\AXShlEx.dll" 362. 363. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DFFAEA82-07FA-4440-9A52-D54EB21C627F}\1.0\HELPDIR] 364. ""="C:\Program Files\Alcohol Soft\Alcohol 120\" 365. 366. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\HandleCDBurningOnArrival] 367. "AlcoholAutoPlayV2.BurnDisc"="" 368. 369. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayCDAudioOnArrival] 370. "AlcoholAutoPlayV2.ReadDisc"="" 371. 372. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayDVDMovieOnArrival] 373. "AlcoholAutoPlayV2.ReadDisc"="" 374. 375. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\AlcoholAutoPlayV2.BurnDisc] 376. "DefaultIcon"=""C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe"" 377. 378. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\AlcoholAutoPlayV2.BurnDisc] 379. "InvokeProgID"="AlcoholAutoPlayV2" 380. 381. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\AlcoholAutoPlayV2.BurnDisc] 382. "Provider"="Alcohol 120%" 383. 384. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\AlcoholAutoPlayV2.ReadDisc] 385. "DefaultIcon"=""C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe"" 386. 387. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\AlcoholAutoPlayV2.ReadDisc] 388. "InvokeProgID"="AlcoholAutoPlayV2" 389. 390. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\AlcoholAutoPlayV2.ReadDisc] 391. "Provider"="Alcohol 120%" 392. 393. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2EEAC297ECA355740882BC07066A4389] 394. "32418F9EE1126B64A90E8365B85CFCF6"="C:\Program Files\Alcohol Soft\Alcohol 120\pfctoc.dll" 395. 396. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\35A78FF67099F0343987D562DD9A375E] 397. "32418F9EE1126B64A90E8365B85CFCF6"="C:\Program Files\Alcohol Soft\Alcohol 120\alcoholx.dll" 398. 399. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69B2787A9793C3D4EBEEC5BDFEB51C99] 400. "32418F9EE1126B64A90E8365B85CFCF6"="C:\Program Files\Alcohol Soft\Alcohol 120\Langs\" 401. 402. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76A0B95DE150A174BB0711DA106182CA] 403. "32418F9EE1126B64A90E8365B85CFCF6"="C:\Program Files\Alcohol Soft\Alcohol 120\Plugins\Images\pdimount.dll" 404. 405. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7E514C661CA4EE643AA0A354EF62E45A] 406. "32418F9EE1126B64A90E8365B85CFCF6"="C:\Program Files\Alcohol Soft\Alcohol 120\AxCmd.exe" 407. 408. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B045DE39188296843BC984B26A575DAB] 409. "32418F9EE1126B64A90E8365B85CFCF6"="C:\Program Files\Alcohol Soft\Alcohol 120\Plugins\" 410. 411. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B229CE6D85046BE46A1329A88AFD63A8] 412. "32418F9EE1126B64A90E8365B85CFCF6"="C:\Program Files\Alcohol Soft\Alcohol 120\Plugins\Images\ccdmount.dll" 413. 414. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B3F165F89D2585F4ABFAF8C9877C0758] 415. "32418F9EE1126B64A90E8365B85CFCF6"="C:\Program Files\Alcohol Soft\Alcohol 120\Help\ax_enu.chm" 416. 417. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C81E8FD57FF0FB54686E09DF977F27B1] 418. "32418F9EE1126B64A90E8365B85CFCF6"="C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe" 419. 420. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DF866329F8DFDE047BC33E1991487B03] 421. "32418F9EE1126B64A90E8365B85CFCF6"="C:\Program Files\Alcohol Soft\Alcohol 120\" 422. 423. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ECB26CE28B5EC2E49B7E6816947B2180] 424. "32418F9EE1126B64A90E8365B85CFCF6"="C:\Program Files\Alcohol Soft\Alcohol 120\DevSupp.dll" 425. 426. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA8DC0BC57AEC5649B7905DFC8CD4BBE] 427. "32418F9EE1126B64A90E8365B85CFCF6"="C:\Program Files\Alcohol Soft\Alcohol 120\AXShlEx.dll" 428. 429. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] 430. "{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx" 431. 432. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}] 433. "DisplayIcon"="C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe,0" 434. 435. [HKEY_USERS\S-1-5-21-1935655697-1993962763-1343024091-1003\Software\Alcohol Soft\Alcohol 120%\Basic] 436. "App Caption"="Alcohol 120%- Trial Version" 437. 438. [HKEY_USERS\S-1-5-21-1935655697-1993962763-1343024091-1003\Software\GlarySoft\Glary Utilities\TracksEraser\Sections] 439. "300Alcohol 120%"="" 440. 441. [HKEY_USERS\S-1-5-21-1935655697-1993962763-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cue\OpenWithList] 442. "f"="Alcohol.exe" 443. 444. [HKEY_USERS\S-1-5-21-1935655697-1993962763-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mdf\OpenWithProgids] 445. "AlcoholImageFile"="" 446. 447. [HKEY_USERS\S-1-5-21-1935655697-1993962763-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mds\OpenWithList] 448. "a"="Alcohol.exe" 449. 450. [HKEY_USERS\S-1-5-21-1935655697-1993962763-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mds\OpenWithProgids] 451. "AlcoholImageFile"="" 452. 453. [HKEY_USERS\S-1-5-21-1935655697-1993962763-1343024091-1003\Software\Nico Mak Computing\WinZip\filemenu] 454. "filemenu1"="E:\Utiltaires présents\Alcohol_120%_v1[1].4.6.711_by_ViperZX.zip" 455. 456. 457. 458. [HKEY_CLASSES_ROOT\CLSID\{553858A7-4922-4e7e-B1C1-97140C1C16EF}] 459. ""="IE Component Categories cache daemon" 460. 461. [HKEY_CLASSES_ROOT\CLSID\{DC651A43-0720-4a2b-9971-BD2EF1329A3D}] 462. ""="IE Component Categories conditional cache daemon" 463. 464. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cue\OpenWithList] 465. "c"="daemon.exe" 466. 467. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrg\OpenWithList] 468. "c"="daemon.exe" 469. 470. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{553858A7-4922-4e7e-B1C1-97140C1C16EF}] 471. ""="IE Component Categories cache daemon" 472. 473. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DC651A43-0720-4a2b-9971-BD2EF1329A3D}] 474. ""="IE Component Categories conditional cache daemon" 475. 476. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F2E87748F790676CF7EF6043163241E] 477. "27A3DED38A1678B4895AFEB08C30A80A"="C:\WINDOWS\daemon.dll" 478. 479. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5DF1C3B1C87EFD376582F3A8B81F52D4] 480. "27A3DED38A1678B4895AFEB08C30A80A"="C:\Program Files\D-Tools\daemon.exe" 481. 482. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B306448280FB668AF514A3D94842AFF3] 483. "27A3DED38A1678B4895AFEB08C30A80A"="02:\Software\Microsoft\Windows\CurrentVersion\Run\DAEMON Tools-1033" 484. 485. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ContentIndex] 486. "DaemonResponseTimeout"="" 487. 488. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PixVue] 489. "Description"="PixVue Daemon" 490. 491. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PixVue] 492. "ImagePath"=""C:\Program Files\PixVue\bin\Daemon.exe"" 493. 494. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\ContentIndex] 495. "DaemonResponseTimeout"="" 496. 497. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\freenet-darknet] 498. "Description"="The Free Network Project daemon" 499. 500. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\ContentIndex] 501. "DaemonResponseTimeout"="" 502. 503. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\freenet-darknet] 504. "Description"="The Free Network Project daemon" 505. 506. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ContentIndex] 507. "DaemonResponseTimeout"="" 508. 509. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\freenet-darknet] 510. "Description"="The Free Network Project daemon" 511. 512. [HKEY_USERS\S-1-5-21-1935655697-1993962763-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cue\OpenWithList] 513. "c"="daemon.exe" 514. 515. [HKEY_USERS\S-1-5-21-1935655697-1993962763-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrg\OpenWithList] 516. "c"="daemon.exe" 517. 518. 519. 520. [HKEY_CURRENT_USER\Software\PixVue.Com\PixVue\Shell] 521. "EnablePixVueMenu"="" 522. 523. [HKEY_LOCAL_MACHINE\SOFTWARE\ATI Technologies\CDS\Software\0] 524. "ProgramItem0283"="[PixVue] (0x00000000)" 525. 526. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] 527. "C:\Documents and Settings\Pascal Admin\Application Data\PixVue\"="1" 528. 529. [HKEY_LOCAL_MACHINE\SOFTWARE\PixVue.Com\PixVue] 530. "InstallPath"="C:\Program Files\PixVue" 531. 532. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ContentIndexCommon] 533. "DefaultColumnFile"="C:\Program Files\PixVue\lib\index\LOC\columns.txt" 534. 535. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Environment] 536. "Path"="%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\VDMSound;C:\Program Files\Fichiers communs\Ulead Systems\MPEG;C:\Program Files\PixVue\bin;C:\PROGRA~1\Thri\3D SexVilla;C:\PROGRA~1\thri2\3D SexVilla;C:\Program Files\Fichiers communs\Adobe\AGL" 537. 538. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PIXVUE\0000] 539. "DeviceDesc"="PixVue" 540. 541. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PIXVUE\0000] 542. "Service"="PixVue" 543. 544. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PixVue] 545. "Description"="PixVue Daemon" 546. 547. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PixVue] 548. "DisplayName"="PixVue" 549. 550. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PixVue] 551. "ImagePath"=""C:\Program Files\PixVue\bin\Daemon.exe"" 552. 553. [HKEY_USERS\S-1-5-21-1935655697-1993962763-1343024091-1003\Software\PixVue.Com\PixVue\Shell] 554. "EnablePixVueMenu"="" 555. 556. 557. 558. ========================= 559. 560. Fin à: 17:53:15 le 01/05/2010 ( E.O.F )

Suite du précédent . je ne sais pas si ça peut aider mais quand je repasse Defogger j'ai la log suivante : defogger_disable by jpshortstuff (23.02.10.1) Log created at 16:59 on 01/05/2010 (Pascal Admin) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=-

Je l'avais fait par le menu de suppression de windows. Concernant Pixvue, j'ai supprimé le répertoire dans program files. Il restait quelques fichiers. Par contre le répertoire de alcohol n'avait pas été supprimé . il restait tous les programmes dedans dont un fichier bizarre que j'ai analysé avec virustotal. Fichier vzx_ac120_146b711.exe reçu le 2010.05.01 14:05:16 (UTC) Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.50 2010.05.01 - AhnLab-V3 2010.05.02.00 2010.05.01 - AntiVir 8.2.1.224 2010.04.30 - Antiy-AVL 2.0.3.7 2010.04.30 - Authentium 5.2.0.5 2010.05.01 - Avast 4.8.1351.0 2010.05.01 - Avast5 5.0.332.0 2010.05.01 - AVG 9.0.0.787 2010.05.01 - BitDefender 7.2 2010.05.01 - CAT-QuickHeal 10.00 2010.05.01 - ClamAV 0.96.0.3-git 2010.05.01 - Comodo 4730 2010.05.01 Heur.Packed.Unknown DrWeb 5.0.2.03300 2010.05.01 - eSafe 7.0.17.0 2010.04.29 - eTrust-Vet 35.2.7462 2010.04.30 - F-Prot 4.5.1.85 2010.04.30 - F-Secure 9.0.15370.0 2010.05.01 - Fortinet 4.0.14.0 2010.05.01 - GData 21 2010.05.01 - Ikarus T3.1.1.80.0 2010.05.01 - Jiangmin 13.0.900 2010.05.01 - Kaspersky 7.0.0.125 2010.05.01 - McAfee 5.400.0.1158 2010.05.01 - McAfee-GW-Edition 6.8.5 2010.04.30 Heuristic.LooksLike.Win32.Suspicious.B!92 Microsoft 1.5703 2010.05.01 - NOD32 5076 2010.04.30 - Norman 6.04.12 2010.05.01 - nProtect 2010-05-01.01 2010.05.01 - Panda 10.0.2.7 2010.05.01 - PCTools 7.0.3.5 2010.05.01 - Prevx 3.0 2010.05.01 Medium Risk Malware Rising 22.45.04.03 2010.04.30 - Sunbelt 6246 2010.05.01 - Symantec 20091.2.0.41 2010.05.01 - TheHacker 6.5.2.0.274 2010.04.30 - TrendMicro 9.120.0.1004 2010.05.01 - TrendMicro-HouseCall 9.120.0.1004 2010.05.01 - VBA32 3.12.12.4 2010.04.30 - ViRobot 2010.5.1.2299 2010.05.01 - VirusBuster 5.0.27.0 2010.04.30 - Information additionnelle File size: 17962 bytes MD5...: a1bd284312db5e73304f1c0326106605 SHA1..: 89ecc064a654e9e46b92a54748e382a217c97672 SHA256: c9933560339693fedbff657a1b9ca5998428470840f33e0e12b7ef2dbc5e315b ssdeep: 384:OcLDTs8hsF6qtK8lzQ8+Sych3mYvCPHxpx8:BLXVhaTtDE8VfCPHxpq<br> PEiD..: - PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0xf000<br>timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>UPX0 0x1000 0xd000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>UPX1 0xe000 0x1000 0xc00 3.14 86558ac71c7a4bbb56760f3433a204f6<br>UPX2 0xf000 0x1000 0x1000 7.73 13042a1ed714eab641e13ad9a1d75e39<br>UPX3 0x10000 0x3000 0x249c 7.86 89f1da0eb7099a3c08c3aeeb456a6012<br><br>( 1 imports ) <br>> kernel32.dll: LoadLibraryA, GetProcAddress<br><br>( 0 exports ) <br> RDS...: NSRL Reference Data Set<br>- pdfid.: - trid..: UPX - NRV compressed Win32 Executable (61.5%)<br>UPX compressed Win32 Executable (15.2%)<br>Win32 EXE Yoda's Crypter (13.2%)<br>Win32 Executable Generic (4.2%)<br>Win32 Dynamic Link Library (generic) (3.7%) sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br> packers (Kaspersky): UPX Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_response/...-021223-0550-99 packers (F-Prot): UPX <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=CB00B5272AF84E23466600E3E557AA009A889D7C''>http://info.prevx.com/aboutprogramtext.asp?PX5=CB00B5272AF84E23466600E3E557AA009A889D7C' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=CB00B5272AF84E23466600E3E557AA009A889D7C</a>'>http://info.prevx.com/aboutprogramtext.asp?PX5=CB00B5272AF84E23466600E3E557AA009A889D7C</a> TheHacker 6.5.2.0.274 2010.04.30 - TrendMicro 9.120.0.1004 2010.05.01 - TrendMicro-HouseCall 9.120.0.1004 2010.05.01 - VBA32 3.12.12.4 2010.04.30 - ViRobot 2010.5.1.2299 2010.05.01 - VirusBuster 5.0.27.0 2010.04.30 - Information additionnelle File size: 17962 bytes MD5...: a1bd284312db5e73304f1c0326106605 SHA1..: 89ecc064a654e9e46b92a54748e382a217c97672 SHA256: c9933560339693fedbff657a1b9ca5998428470840f33e0e12b7ef2dbc5e315b ssdeep: 384:OcLDTs8hsF6qtK8lzQ8+Sych3mYvCPHxpx8:BLXVhaTtDE8VfCPHxpq<br> PEiD..: - PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0xf000<br>timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>UPX0 0x1000 0xd000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>UPX1 0xe000 0x1000 0xc00 3.14 86558ac71c7a4bbb56760f3433a204f6<br>UPX2 0xf000 0x1000 0x1000 7.73 13042a1ed714eab641e13ad9a1d75e39<br>UPX3 0x10000 0x3000 0x249c 7.86 89f1da0eb7099a3c08c3aeeb456a6012<br><br>( 1 imports ) <br>> kernel32.dll: LoadLibraryA, GetProcAddress<br><br>( 0 exports ) <br> RDS...: NSRL Reference Data Set<br>- pdfid.: - trid..: UPX - NRV compressed Win32 Executable (61.5%)<br>UPX compressed Win32 Executable (15.2%)<br>Win32 EXE Yoda's Crypter (13.2%)<br>Win32 Executable Generic (4.2%)<br>Win32 Dynamic Link Library (generic) (3.7%) sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br> packers (Kaspersky): UPX Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_response/...-021223-0550-99 packers (F-Prot): UPX <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=CB00B5272AF84E23466600E3E557AA009A889D7C' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=CB00B5272AF84E23466600E3E557AA009A889D7C</a> j'ai tout supprimé, passé un coup de ccleaner et repassé fixmbr... dans la console de récupération Voici le résultat de ZBDIAG : Rapport de ZHPDiag v1.25.1413 par Nicolas Coolman Run by Pascal Admin at 01/05/2010 16:40:46 Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html ---\\ Web Browser MSIE: Internet Explorer v8.0.6001.18702 MFIE: Mozilla Firefox (3.6.3) ---\\ System Information Platform : Microsoft Windows XP (5.1.2600) Service Pack 3 Processor: x86 Family 6 Model 6 Stepping 2, AuthenticAMD Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 511 MB (33% free) System drive C: has 14 GB (36%) free of 39 GB ---\\ Logged in mode Computer Name: PCPASCAL User Name: Pascal Admin Unselected Option: O1,O45,O61,O65 Logged in as Administrator ---\\ DOS/Devices A:\ Floppy drive, Flash card reader, USB Key (Not Inserted) C:\ Hard drive, Flash drive, Thumb drive (Free 14 Go of 39 Go) D:\ Hard drive, Flash drive, Thumb drive (Free 5 Go of 75 Go) E:\ Hard drive, Flash drive, Thumb drive (Free 12 Go of 190 Go) F:\ Hard drive, Flash drive, Thumb drive (Free 1 Go of 37 Go) G:\ CD-ROM drive (Not Inserted) H:\ CD-ROM drive (Not Inserted) J:\ CD-ROM drive (Not Inserted) M:\ CD-ROM drive (Not Inserted) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK ---\\ Processus lancés [MD5.3E4C03CEFAD8DE135263236B61A49C90] - (.Ahead Software Gmbh - NeroCheck.) -- C:\WINDOWS\system32\NeroCheck.exe [155648] [MD5.D552D5BC4E24373E0FFD9464E72493C6] - (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\PSDrvCheck.exe [396800] [MD5.56193BCE4DFD8879AEDEB26B71A0A583] - (.Elaborate Bytes AG - ElbyCheck.) -- C:\Program Files\SlySoft\CloneCD\ElbyCheck.exe [45056] [MD5.022DB38BECB5A44DA6F7E27923457624] - (.Logitech Inc. - Communications Manager.) -- C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe [488984] [MD5.AD7503D6857DBFFC7E5F2E96BC9CC283] - (.Logitech Inc. - LVCom Server.) -- C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe [252704] [MD5.64C4C17BF6A40FF1CD21205E6FD415B8] - (.ATI Technologies Inc. - CLI Application (Command Line Interface).) -- C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [45056] [MD5.29680A793F690EEF4AAA68479D2A6DF8] - (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [209153] [MD5.52DB6CDAC5BC7A1FC884E97C41C91213] - (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [248040] [MD5.F91F52F4EA5D88DAB6245682A16F3A72] - (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [36272] [MD5.DB1DB28467111A24664933AB8908CBCE] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [952768] [MD5.E13EA4860E8F2AA845B53BFD2B6FEC5B] - (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe [1695232] [MD5.59DC5BB82E4C8E0B3EADCFDBC44BA6E4] - (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe [15360] [MD5.177FF6608B48638D4066726F3A3F8444] - (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [102400] [MD5.9015BC03F62940527EC92D45EE89E46F] - (.Avira GmbH - Antivirus Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [108289] [MD5.B8720A787C1223492E6F319465E996CE] - (.Avira GmbH - Antivirus On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [185089] [MD5.A2EAEB497CA29ECAEAF0DF66AD85C57D] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\WINDOWS\system32\Ati2evxx.exe [413696] [MD5.312A17DFF710A0F4E6D4DD1D52EAD1A8] - (.Pas de propriétaire - ATI Smart.) -- C:\WINDOWS\system32\ati2sgag.exe [520192] [MD5.E4BDF223CD75478BF44567B4D5C2634D] - (.Microsoft Corporation - Generic Host Process for Win32 Services.) -- C:\WINDOWS\System32\svchost.exe [14336] [MD5.C3FB1D70CB88722267949694BA51759E] - (.Microsoft Corporation - Applications Services et Contrôleur.) -- C:\WINDOWS\system32\services.exe [111104] [MD5.74E30A41CDCF331C74BC4D97BE40CC5B] - (.Sun Microsystems, Inc. - Java Quick Starter Service.) -- C:\Program Files\Java\jre6\bin\jqs.exe [153376] [MD5.9EF600C64435CCFDEA01C991289E76EC] - (.Sunbelt Software - Sunbelt Kerio Firewall Service.) -- C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [1205784] [MD5.995D0B52870C7A5CAF3EA165FD674A35] - (.Logitech Inc. - Logitech LVPrcSrv Module..) -- c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe [109344] [MD5.A005CEE9BE199C5E375FAA559CA9A7A9] - (.Logitech Inc. - LogitechService Launcher.) -- C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe [105248] [MD5.91E6024D6D4DCDECDB36C43ECF9BBECB] - (.Microsoft Corporation - LSA Shell (Export Version).) -- C:\WINDOWS\system32\lsass.exe [13312] [MD5.2B2B6189DC47F44D7549519AA7519777] - (.tzuk - Sandboxie Service.) -- C:\Program Files\Sandboxie\SbieSvc.exe [52224] [MD5.460E4CE148BD07218DA0B6A3D31885A9] - (.Microsoft Corporation - Spooler SubSystem App.) -- C:\WINDOWS\system32\spoolsv.exe [57856] [MD5.581061776E1B7C4C7771E97AE5EAF377] - (.Microsoft Corporation - Service Executable.) -- C:\Program Files\Windows Defender\MsMpEng.exe [13592] [MD5.581176F60885AEF8F78C6E38DCC3CDF9] - (.Microsoft Corporation - WMDM PMSP Service.) -- C:\WINDOWS\System32\MsPMSPSv.exe [53520] ---\\ Pages de recherche d'Internet Explorer (R1) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ---\\ Internet Explorer URLSearchHook (R3) R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} . (.Pas de propriétaire - Pas de description.) (No version) -- (.not file.) R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.18904 (longhorn_ie8_gdr.100222-1700)) -- C:\WINDOWS\system32\ieframe.dll ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} . (.Pas de propriétaire - Pas de description.) -- (.not file.) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} . (.Xi - Net Transport IE Helper Module.) -- C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} . (.Sun Microsystems, Inc. - Java Quick Starter binary.) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll ---\\ Applications démarrées automatiquement par le registre (O4) O4 - HKLM\..\Run: [NeroFilterCheck] . (.Ahead Software Gmbh - NeroCheck.) -- C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PSDrvCheck] . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\PSDrvCheck.exe O4 - HKLM\..\Run: [CloneCDElbyCDFL] . (.Elaborate Bytes AG - ElbyCheck.) -- C:\Program Files\SlySoft\CloneCD\ElbyCheck.exe O4 - HKLM\..\Run: [LogitechCommunicationsManager] . (.Logitech Inc. - Communications Manager.) -- C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe O4 - HKLM\..\Run: [LVCOMSX] . (.Logitech Inc. - LVCom Server.) -- C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe O4 - HKLM\..\Run: [ATICCC] . (.ATI Technologies Inc. - CLI Application (Command Line Interface).) -- C:\Program Files\ATI Technologies\ATI.ACE\cli.exe O4 - HKLM\..\Run: [avgnt] . (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe O4 - HKCU\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe O4 - Global Startup: WinZip Quick Pick.lnk . (.WinZip Computing LP - WinZip Executable.) -- C:\Program Files\WinZip\WZQKPICK.EXE O4 - Global Startup: HotSync Manager.lnk . (.Palm, Inc. - HotSync® Manager Application.) -- C:\Palm\HOTSYNC.EXE ---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8) O8 - Extra context menu item: &Télécharger avec NetTransport . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Xi\NetTransport 2\NTAddLink.html O8 - Extra context menu item: Add to Google Photos Screensa&ver . (.Google Inc. - Google Photos Screensaver.) -- C:\WINDOWS\system32\GPhotos.scr O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\PROGRA~1\MICROS~2\Office12\EXCEL.exe O8 - Extra context menu item: Tout t&élécharger avec NetTransport . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Xi\NetTransport 2\NTAddList.html ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (.Pas de propriétaire - Pas de description.) -- C:\PROGRA~1\MICROS~2\Office12\REFBARH.ICO ---\\ Winsock hijacker (Layered Service Provider) (O10) O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll ---\\ Site dans la Zone de confiance d'Internet Explorer (O15) O15 - Trusted Zone: [HKCU\...\Domains\www] http.cltnet.de ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: DirectAnimation Java Classes (DirectAnimation Java Classes) - (.not file.) - O16 - DPF: Microsoft XML Parser for Java (Microsoft XML Parser for Java) - (.not file.) - O16 - DPF: teleir_cert (teleir_cert) - (.not file.) - https:\\static.ir.dgi.minefi.gouv.fr\secure\connexion\archives\ie4n4\teleir_cert.cab O16 - DPF: {0D9392CD-A784-4FCA-9342-0F75F7D7C8CB} (Corporate Language Training Interface) - http://www.cltnet.de/login/dplaunch.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shock...director/sw.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://ushousecall02.trendmicro.com/housec...ivex/hcImpl.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - (.Yahoo! Inc. - YInstHelper Module.) -- C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155398021206 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - (.not file.) - https:\\static.impots.gouv.fr\tdir\static\adpform\AdSignerADP-2.0.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{9548D205-C2A3-4969-BEF2-92CBB72FF227}: NameServer = 192.168.0.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{9548D205-C2A3-4969-BEF2-92CBB72FF227}: NameServer = 192.168.0.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{9548D205-C2A3-4969-BEF2-92CBB72FF227}: NameServer = 192.168.0.1 O17 - HKLM\System\CS4\Services\Tcpip\..\{9548D205-C2A3-4969-BEF2-92CBB72FF227}: NameServer = 192.168.0.1 ---\\ Protocole additionnel et piratage de protocole (O18) O18 - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} . (.Skype Technologies - Skype for COM API.) -- C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: !SASWinLogon . (.SUPERAntiSpyware.com - SUPERAntiSpyware WinLogon Processor.) -- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) -- C:\WINDOWS\System32\Ati2evxx.dll O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\System32\dimsntfy.dll O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Windows Genuine Advantage - Meddelande.) -- C:\WINDOWS\System32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier . (.Pas de propriétaire - Pas de description.) -- WRLogonNTF.dll ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSODL) (O21) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objet du service d'environnement Systray.) -- C:\WINDOWS\system32\stobject.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} . (.Microsoft Corporation - Windows Portable Device Shell Service Objec.) -- C:\WINDOWS\system32\WPDShServiceObj.dll ---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22) O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\System32\browseui.dll ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) . (.Pas de propriétaire - Pas de description.) - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) . (.Avira GmbH - Antivirus Scheduler.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) . (.Avira GmbH - Antivirus On-Access Service.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: (Ati HotKey Poller) . (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart (ATI Smart) . (.Pas de propriétaire - ATI Smart.) - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java Quick Starter Service.) - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) . (.Sunbelt Software - Sunbelt Kerio Firewall Service.) - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) . (.Logitech Inc. - Logitech LVPrcSrv Module..) - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher (LVSrvLauncher) . (.Logitech Inc. - LogitechService Launcher.) - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Sandboxie Service (SbieSvc) . (.tzuk - Sandboxie Service.) - C:\Program Files\Sandboxie\SbieSvc.exe ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\MP Scheduled Scan.job ---\\ Composants installés (ActiveSetup Installed Components) (O40) O40 - ASIC: Personnalisation du navigateur - >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS . (.Pas de propriétaire - Pas de description.) -- RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP O40 - ASIC: YInstStarterUpgrade Class - {0291E591-EA41-4c82-8106-3DC6CE7F7664} . (.Yahoo! Inc. - YInstHelper Module.) -- C:\PROGRA~1\Yahoo!\Common\yinsthelper.dll O40 - ASIC: Macromedia Shockwave Director 10.1 - {166B1BCA-3F9C-11CF-8075-444553540000} . (.Macromedia, Inc. - Shockwave ActiveX Control.) -- C:\WINDOWS\system32\Macromed\Director\SwDir.dll O40 - ASIC: YInstStarter Class - {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} . (.Yahoo! Inc. - YInstHelper Module.) -- C:\PROGRA~1\Yahoo!\Common\yinsthelper.dll O40 - ASIC: YSearchSetting2 Class - {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} . (.Yahoo! Inc. - YInstHelper Module.) -- C:\PROGRA~1\Yahoo!\Common\yinsthelper.dll O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\msnetmtg.inf O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\msmsgs.inf O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\wmp11.inf O40 - ASIC: Macromedia Shockwave Flash - {D27CDB6E-AE6D-11cf-96B8-444553540000} . (.Adobe Systems, Inc. - Adobe Flash Player 9.0 r124.) -- C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx ---\\ Pilotes lancés au démarrage (O41) O41 - Driver: avgio (avgio) . (.Avira GmbH - Avira AntiVir Support for Minifilter.) - C:\Program Files\Avira\AntiVir Desktop\avgio.sys O41 - Driver: avipbb (avipbb) . (.Avira GmbH - Avira Driver for RootKit Detection.) - C:\WINDOWS\system32\DRIVERS\avipbb.sys O41 - Driver: Firewall Driver (fwdrv) . (.Sunbelt Software - Sunbelt Kerio Firewall FWDRV.) - C:\WINDOWS\system32\drivers\fwdrv.sys O41 - Driver: Kerio HIPS Driver (khips) . (.Sunbelt Software - Sunbelt Kerio Host Intrusion Prevention Dri.) - C:\WINDOWS\system32\drivers\khips.sys O41 - Driver: SASDIFSV (SASDIFSV) . (.Pas de propriétaire - SASDIFSV.) - C:\Program Files\SUPERAntiSpyware\SASDIFSV.sys O41 - Driver: SASKUTIL (SASKUTIL) . (.Pas de propriétaire - SASKUTIL.SYS.) - C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys O41 - Driver: ssmdrv (ssmdrv) . (.Avira GmbH - AVIRA SnapShot Driver.) - C:\WINDOWS\system32\DRIVERS\ssmdrv.sys O41 - Driver: (VIAPFD) . (.VIA Technologies. Inc. - VIA PFD driver.) - C:\WINDOWS\system32\Drivers\VIAPFD.sys O41 - Driver: AVG Anti-Spyware Driver (AVG Anti-Spyware Driver) . (.Pas de propriétaire - Pas de description.) - C:\Program Files\AVG Anti-Spyware 7.5\guard.sys O41 - Driver: AVG Anti-Spyware Clean Driver (AvgAsCln) . (.Pas de propriétaire - Pas de description.) - C:\WINDOWS\system32\DRIVERS\AvgAsCln.sys O41 - Driver: (NaiAvTdi1) . (.Pas de propriétaire - Pas de description.) - C:\WINDOWS\system32\drivers\mvstdi5x.sys ---\\ Logiciels installés (O42) O42 - Logiciel: 2007 Microsoft Office Suite Service Pack 2 (SP2) - (.Microsoft.) [HKLM] O42 - Logiciel: ASAPI Update - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: ATI - Software Uninstall Utility - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: ATI Display Driver - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: AVI/MPEG/RM/WMV Joiner 4.81 - (.Boilsoft, Inc..) [HKLM] O42 - Logiciel: Adobe Common File Installer - (.Adobe System Incorporated.) [HKLM] O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] O42 - Logiciel: Adobe Flash Player ActiveX - (.Adobe Systems Incorporated.) [HKLM] O42 - Logiciel: Adobe Help Center 2.1 - (.Adobe Systems.) [HKLM] O42 - Logiciel: Adobe Photoshop CS2 - (.Adobe Systems, Inc..) [HKLM] O42 - Logiciel: Adobe Photoshop Elements 5.0 - (.Adobe Systems, Inc..) [HKLM] O42 - Logiciel: Adobe Stock Photos 1.0 - (.Adobe Systems.) [HKLM] O42 - Logiciel: Advanced IRC - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Archiveur WinRAR - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Audacity 1.2.4 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Avi2Dvd 0.4.5 beta - (.TrustFm.) [HKLM] O42 - Logiciel: AviSynth 2.5 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Avira AntiVir Personal - Free Antivirus - (.Avira GmbH.) [HKLM] O42 - Logiciel: BackupBuddy for Windows - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] O42 - Logiciel: CH Control Manager - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Clean 5 - (.Pinnacle Systems GmbH / Steinberg Media Technologies GmbH.) [HKLM] O42 - Logiciel: CloneCD - (.Elaborate Bytes.) [HKLM] O42 - Logiciel: Cobian Backup 9 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: ConvertHelper 2.1 - (.DownloadHelper.) [HKLM] O42 - Logiciel: ConvertXtoDVD 3.2.9.94c - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: DVD Shrink 3.2 - (.DVD Shrink.) [HKLM] O42 - Logiciel: DoublePics v2.3.2(.4) - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: EPSON Scan - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: EPSON Smart Panel - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: EVEREST Ultimate Edition v5.00 - (.Lavalys, Inc..) [HKLM] O42 - Logiciel: EarMaster Pro 5 - (.EarMaster ApS.) [HKLM] O42 - Logiciel: Exifer - (.Friedemann Schmidt.) [HKLM] O42 - Logiciel: File Uploader - (.Nikon.) [HKLM] O42 - Logiciel: Foxit Reader - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: GHCS Software GedStar for PalmOS - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: GNU Solfege 3.14.7 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: GedCom-Vision version 2.0e - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Greeting Card Creator - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Handy Recovery 1.0 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Harmony Assistant - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Helicon Filter 2.02 - (.Helicon Co..) [HKLM] O42 - Logiciel: Heredis 9 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Hotfix for Windows Media Format 11 SDK (KB929399) - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Hotfix for Windows XP (KB976002-v5) - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: IFOEdit 0.971 Fr - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: IsoBuster 1.9.1 - (.Smart Projects.) [HKLM] O42 - Logiciel: J'apprends le piano - (.Musicalis.) [HKLM] O42 - Logiciel: Java 6 Update 19 - (.Sun Microsystems, Inc..) [HKLM] O42 - Logiciel: K-Lite Mega Codec Pack 3.5.0 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Kaspersky Online Scanner - (.Kaspersky Lab.) [HKLM] O42 - Logiciel: Kommute - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Label Editor - (.Steinberg.) [HKLM] O42 - Logiciel: Lecteur Windows Media 11 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Lizardtech DjVu Control - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Logitech QuickCam - (.Logitech Inc..) [HKLM] O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] O42 - Logiciel: MSXML 4.0 SP2 (KB927978) - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: MSXML 4.0 SP2 Parser and SDK - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: MVision - (.Logitech Inc..) [HKLM] O42 - Logiciel: Macromedia Flash Player - (.Macromedia, Inc..) [HKLM] O42 - Logiciel: Macromedia Shockwave Player - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.) [HKLM] O42 - Logiciel: MaxSplitter v1.53 Free Edition - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Media Player Classic fr - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB953297) - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Baseline Security Analyzer 2.1 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Flight Simulator 2004 Un siècle d'aviation - (.Microsoft.) [HKLM] O42 - Logiciel: Microsoft Money - (.Microsoft.) [HKLM] O42 - Logiciel: Microsoft Office Access MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Excel MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office InfoPath MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Outlook MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office PowerPoint MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Professional Plus 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Proof (Arabic) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Proof (Dutch) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Proof (English) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Proof (French) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Proof (German) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Proof (Spanish) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Proofing (French) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Publisher MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Word MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft User-Mode Driver Framework Feature Pack 1.0 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Mozilla Firefox (3.6.3) - (.Mozilla.) [HKLM] O42 - Logiciel: Mp3DirectCut - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Neat Image v5 Demo (with plug-in) - (.Neat Image team, ABSoft.) [HKLM] O42 - Logiciel: Nero 6 Enterprise Edition - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Nero BurnRights (Ahead Software) - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Net Transport 1.94.282 - (.Xi.) [HKLM] O42 - Logiciel: NikonCapture - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Notification Live Search - (.Pas de propriétaire.) [HKCU] O42 - Logiciel: OMeR - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Outil de téléchargement Windows Live - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: P2400P Guide de référence - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: PDFtoMusic - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: PTLens - (.ePaperPress.) [HKLM] O42 - Logiciel: PeerGuardian 2.0 - (.Methlabs Productions.) [HKLM] O42 - Logiciel: PhotoFiltre - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Picasa 3 - (.Google, Inc..) [HKLM] O42 - Logiciel: Picture Control Utility - (.Nikon.) [HKLM] O42 - Logiciel: Planète Généalogie - (.BSD Concept.) [HKLM] O42 - Logiciel: Programme de gestion Camera de Logitech® - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: QuickPar 0.9 - (.Peter B. Clements.) [HKLM] O42 - Logiciel: QuickTime - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: RadCor 2.04 - (.TUVSW.) [HKLM] O42 - Logiciel: Radio Fr Solo 2.1 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: SanDisk SD Wi-Fi Card - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Sandboxie 3.34 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: SaverWiz - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: ScummVM 1.0.0rc1 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB969559) - (.Microsoft.) [HKLM] O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB978380) - (.Microsoft.) [HKLM] O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Security Update for Microsoft Office Excel 2007 (KB978382) - (.Microsoft.) [HKLM] O42 - Logiciel: Security Update for Microsoft Office Outlook 2007 (KB972363) - (.Microsoft.) [HKLM] O42 - Logiciel: Security Update for Microsoft Office PowerPoint 2007 (KB957789) - (.Microsoft.) [HKLM] O42 - Logiciel: Security Update for Microsoft Office Publisher 2007 (KB980470) - (.Microsoft.) [HKLM] O42 - Logiciel: Security Update for Microsoft Office Visio Viewer 2007 (KB973709) - (.Microsoft.) [HKLM] O42 - Logiciel: Security Update for Microsoft Office Word 2007 (KB969604) - (.Microsoft.) [HKLM] O42 - Logiciel: Security Update for Microsoft Office system 2007 (972581) - (.Microsoft.) [HKLM] O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB969613) - (.Microsoft.) [HKLM] O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB974234) - (.Microsoft.) [HKLM] O42 - Logiciel: Sibelius 5 Demo - (.Sibelius Software.) [HKLM] O42 - Logiciel: Sibelius Scorch (Firefox, Opera, Netscape only) - (.Sibelius Software.) [HKLM] O42 - Logiciel: Simple Sudoku 4.2 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Skype™ 4.0 - (.Skype Technologies S.A..) [HKLM] O42 - Logiciel: SmartList To Go - (.DataViz, Inc..) [HKLM] O42 - Logiciel: Sophos Anti-Rootkit 1.3 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: SpeedFan (remove only) - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Spybot - Search & Destroy 1.4 - (.Safer Networking Limited.) [HKLM] O42 - Logiciel: StationRipper 2.71 - (.Ratajik Software.) [HKLM] O42 - Logiciel: StealthNet 0.8.7.2 - (.The StealthNet Team.) [HKLM] O42 - Logiciel: Sudoku 3D Pro - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Sudoku V 3.0 - (.Olivier RAVET.) [HKLM] O42 - Logiciel: TeamViewer 4 - (.TeamViewer GmbH.) [HKLM] O42 - Logiciel: Tous les Noms de Famille de France V.6.5.1 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: UMVPLStandalone - (.Logitech Inc..) [HKLM] O42 - Logiciel: URL Snooper v2.26.01 - (.DonationCoder.com.) [HKLM] O42 - Logiciel: Universal Extractor 1.6 - (.Jared Breland.) [HKLM] O42 - Logiciel: Unlocker 1.8.6 - (.Cedrick Collomb.) [HKLM] O42 - Logiciel: Update for 2007 Microsoft Office System (KB967642) - (.Microsoft.) [HKLM] O42 - Logiciel: Update for 2007 Microsoft Office System (KB981715) - (.Microsoft.) [HKLM] O42 - Logiciel: Update for Microsoft Office InfoPath 2007 (KB976416) - (.Microsoft.) [HKLM] O42 - Logiciel: Update for Outlook 2007 Junk Email Filter (kb981433) - (.Microsoft.) [HKLM] O42 - Logiciel: VDMSound - (.Vlad Romascanu.) [HKLM] O42 - Logiciel: VobEdit 0.6 Fr - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: WaveLab Lite - (.Steinberg.) [HKLM] O42 - Logiciel: WinHTTrack Website Copier 3.30 - (.HTTrack.) [HKLM] O42 - Logiciel: WinPcap 4.1.1 - (.CACE Technologies.) [HKLM] O42 - Logiciel: WinWAP for Windows 3.2 - (.Winwap Technologies Oy.) [HKLM] O42 - Logiciel: WinZip - (.WinZip Computing LP.) [HKLM] O42 - Logiciel: Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Windows Genuine Advantage Notifications (KB905474) - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Windows Installer Clean Up - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Windows Internet Explorer 7 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Windows Internet Explorer 8 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Windows Media Format 11 runtime - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Windows Media Format 11 runtime - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Windows Media Player 11 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Windows Media Player Firefox Plugin - (.Microsoft Corp.) [HKLM] O42 - Logiciel: Windows XP Service Pack 3 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Wintree Version 3.0 d - (.Decrock.) [HKLM] O42 - Logiciel: ZebHelpProcess 2.34 - (.Nicolas Coolman.) [HKLM] O42 - Logiciel: dBpowerAMP Wavpack Codec - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: dBpoweramp FLAC Codec - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: dBpoweramp Monkeys Audio Codec - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: dBpoweramp Musepack Codec - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: dBpoweramp Ogg Vorbis Codec - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: dBpoweramp Windows Media Audio 10 Codec - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: dMC Power Pack - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: eMule - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: jv16 PowerTools 1.3 - (.Pas de propriétaire.) [HKLM] ---\\ HKCU & HKLM Software Keys [HKCU\Software\ABSoft] [HKCU\Software\AC3filter] [HKCU\Software\ASProtect] [HKCU\Software\ATI] [HKCU\Software\Ad-Remover] [HKCU\Software\Adobe] [HKCU\Software\Advanced IRC] [HKCU\Software\Ahead] [HKCU\Software\Alcohol Soft] [HKCU\Software\Angus Johnson] [HKCU\Software\Anuman Interactive] [HKCU\Software\Apple Computer, Inc.] [HKCU\Software\ApplianTechnologies] [HKCU\Software\ArcSoft] [HKCU\Software\Audacity] [HKCU\Software\Auralis] [HKCU\Software\Avira] [HKCU\Software\BITSoft] [HKCU\Software\BitTorrent] [HKCU\Software\Borland] [HKCU\Software\Bsd Concept] [HKCU\Software\CDIP] [HKCU\Software\CDRWIN 5] [HKCU\Software\Clients] [HKCU\Software\Cobian] [HKCU\Software\CoreVorbis] [HKCU\Software\Creative Tech] [HKCU\Software\Cyberlink] [HKCU\Software\DATA BECKER] [HKCU\Software\DDH Software] [HKCU\Software\DPSoftware] [HKCU\Software\DSP-worx] [HKCU\Software\DVD Shrink] [HKCU\Software\DataViz] [HKCU\Software\DefaultID] [HKCU\Software\Digital River] [HKCU\Software\DivXNetworks] [HKCU\Software\DxO Optics Pro] [HKCU\Software\DxO] [HKCU\Software\EMCO MSI Package Builder] [HKCU\Software\EMME] [HKCU\Software\EPSON] [HKCU\Software\EditHexa] [HKCU\Software\Elaborate Bytes] [HKCU\Software\Elcom] [HKCU\Software\Exifer] [HKCU\Software\Foxit Software Company] [HKCU\Software\Foxit Software] [HKCU\Software\FreeDownloadManager.ORG] [HKCU\Software\Freeware] [HKCU\Software\FreshDevices] [HKCU\Software\Fridgesoft] [HKCU\Software\GHCS] [HKCU\Software\GIANTCompany] [HKCU\Software\GNU] [HKCU\Software\Gabest] [HKCU\Software\Genie-Soft] [HKCU\Software\GlarySoft] [HKCU\Software\decrock] [HKCU\Software\digital publishing] [HKCU\Software\e-merge] [HKCU\Software\eMule] [HKCU\Software\ePaperPress] [HKCU\Software\ej-technologies] [HKLM\Software\ABSoft] [HKLM\Software\ACE Compression Software] [HKLM\Software\ATI Technologies] [HKLM\Software\ATI] [HKLM\Software\Adobe Systems] [HKLM\Software\Adobe] [HKLM\Software\Ahead] [HKLM\Software\America Online] [HKLM\Software\Apple Computer, Inc.] [HKLM\Software\Avira] [HKLM\Software\BigScott27] [HKLM\Software\Boonty] [HKLM\Software\Borland] [HKLM\Software\C07ft5Y] [HKLM\Software\CDDB] [HKLM\Software\CDRWIN5] [HKLM\Software\Canon] [HKLM\Software\Carpet] [HKLM\Software\Chilkat Software, Inc.] [HKLM\Software\Classes] [HKLM\Software\Clients] [HKLM\Software\Cobian] [HKLM\Software\Codec Tweak Tool] [HKLM\Software\Creative Tech] [HKLM\Software\Cyberlink] [HKLM\Software\D-Tools] [HKLM\Software\DDH Software] [HKLM\Software\DECROCK] [HKLM\Software\DIOC] [HKLM\Software\Debug] [HKLM\Software\DivXNetworks] [HKLM\Software\DownloadHelper] [HKLM\Software\EMCO MSI Package Builder] [HKLM\Software\EPSON Photo Print] [HKLM\Software\EPSON] [HKLM\Software\Elaborate Bytes] [HKLM\Software\Elcom] [HKLM\Software\Foxit Software] [HKLM\Software\FreshDevices] [HKLM\Software\GIANTCompany] [HKLM\Software\GNU] [HKLM\Software\Gabest] [HKLM\Software\Gemplus] [HKLM\Software\Google] [HKLM\Software\Gravity Soft] [HKLM\Software\HaaliMkx] [HKLM\Software\Hemera Products] [HKLM\Software\InstallShield] [HKLM\Software\InstalledOptions] [HKLM\Software\Intel] [HKLM\Software\InterVideo] [HKLM\Software\Internet Download Manager] [HKLM\Software\JavaSoft] [HKLM\Software\JreMetrics] [HKLM\Software\KLCodecPack] [HKLM\Software\Licenses] [HKLM\Software\LizardTech] [HKLM\Software\Logitech] [HKLM\Software\Macromedia] [HKLM\Software\Micro Application] [HKLM\Software\MicroQuill] [HKLM\Software\MidiTec] [HKLM\Software\MozillaPlugins] [HKLM\Software\Mozilla] [HKLM\Software\MyHeritage.com] [HKLM\Software\Myriad Software] [HKLM\Software\NCSoft] [HKLM\Software\Network Associates] [HKLM\Software\Nico Mak Computing] [HKLM\Software\Nikon] [HKLM\Software\ODBC] [HKLM\Software\Orium Software] [HKLM\Software\PACE Anti-Piracy] [HKLM\Software\PepiMK Software] [HKLM\Software\Pinnacle Systems] [HKLM\Software\PixVue.Com] [HKLM\Software\Policies] [HKLM\Software\Program Groups] [HKLM\Software\Protexis] [HKLM\Software\Python] [HKLM\Software\QuEnc] [HKLM\Software\Ratajik Software] [HKLM\Software\RealNetworks] [HKLM\Software\RegisteredApplications] [HKLM\Software\RjH Software] [HKLM\Software\S3R521] [HKLM\Software\SUPERAntiSpyware.com] [HKLM\Software\Safer Networking Limited] [HKLM\Software\Schlumberger] [HKLM\Software\Sibelius Software] [HKLM\Software\Skype] [HKLM\Software\Smart Panel] [HKLM\Software\Soeperman Enterprises Ltd.] [HKLM\Software\SoftLogica] [HKLM\Software\Sonic] [HKLM\Software\Sophos] [HKLM\Software\SplashData] [HKLM\Software\Sports] [HKLM\Software\Std] [HKLM\Software\Steinberg] [HKLM\Software\String Comparison] [HKLM\Software\Sunbelt Software] [HKLM\Software\Swearware] [HKLM\Software\TG Byte Software] [HKLM\Software\TeamViewer] [HKLM\Software\TorrentSearcher] [HKLM\Software\Totalidea Software] [HKLM\Software\Trad-FR] [HKLM\Software\TrendMicro] [HKLM\Software\Ulead Systems] [HKLM\Software\Uniblue] [HKLM\Software\VEGA] [HKLM\Software\VOB] [HKLM\Software\VSO] [HKLM\Software\Via4in1Driver] [HKLM\Software\Voice] [HKLM\Software\Wheel] [HKLM\Software\WinPcap] [HKLM\Software\Windows 3.1 Migration Status] [HKLM\Software\Winzip FR] [HKLM\Software\Wise Solutions] [HKLM\Software\X-AVCSD] [HKLM\Software\Xi] [HKLM\Software\Yahoo] [HKLM\Software\Zone Labs] [HKLM\Software\ePaperPress] [HKLM\Software\mozilla.org] ---\\ Contenu des dossiers Fichiers Communs (O43) O43 - CFD:Common File Directory ----D- C:\Program Files\3D Photo Browser O43 - CFD:Common File Directory ----D- C:\Program Files\3M O43 - CFD:Common File Directory ----D- C:\Program Files\3M Littmann O43 - CFD:Common File Directory ----D- C:\Program Files\Adobe O43 - CFD:Common File Directory ----D- C:\Program Files\Advanced IRC O43 - CFD:Common File Directory ----D- C:\Program Files\Ahead O43 - CFD:Common File Directory ----D- C:\Program Files\ANtsP2P O43 - CFD:Common File Directory ----D- C:\Program Files\Anuman Interactive O43 - CFD:Common File Directory ----D- C:\Program Files\Apple Software Update O43 - CFD:Common File Directory ----D- C:\Program Files\ATI Technologies O43 - CFD:Common File Directory ----D- C:\Program Files\Audacity O43 - CFD:Common File Directory ----D- C:\Program Files\AVG Anti-Spyware 7.5 O43 - CFD:Common File Directory ----D- C:\Program Files\AVI MPEG RM WMV Joiner O43 - CFD:Common File Directory ----D- C:\Program Files\Avi2Dvd O43 - CFD:Common File Directory ----D- C:\Program Files\Avira O43 - CFD:Common File Directory ----D- C:\Program Files\AviSynth 2.5 O43 - CFD:Common File Directory ----D- C:\Program Files\BackupBuddy O43 - CFD:Common File Directory ----D- C:\Program Files\Blues for Piano and Keyboard 10.0 O43 - CFD:Common File Directory ----D- C:\Program Files\BSD Concept O43 - CFD:Common File Directory ----D- C:\Program Files\CCleaner O43 - CFD:Common File Directory ----D- C:\Program Files\CDRWIN5 O43 - CFD:Common File Directory ----D- C:\Program Files\CH Products O43 - CFD:Common File Directory ----D- C:\Program Files\Cobian Backup 8 O43 - CFD:Common File Directory ----D- C:\Program Files\Cobian Backup 9 O43 - CFD:Common File Directory ----D- C:\Program Files\Common~1 O43 - CFD:Common File Directory ----D- C:\Program Files\ComPlus Applications O43 - CFD:Common File Directory ----D- C:\Program Files\ConvertHelper O43 - CFD:Common File Directory ----D- C:\Program Files\Creative O43 - CFD:Common File Directory ----D- C:\Program Files\dBpowerAMP O43 - CFD:Common File Directory ----D- C:\Program Files\DivX O43 - CFD:Common File Directory ----D- C:\Program Files\Documents To Go O43 - CFD:Common File Directory ----D- C:\Program Files\DoublePics O43 - CFD:Common File Directory ----D- C:\Program Files\DVD Shrink O43 - CFD:Common File Directory ----D- C:\Program Files\DxO Labs O43 - CFD:Common File Directory ----D- C:\Program Files\EarMaster Pro 5 O43 - CFD:Common File Directory ----D- C:\Program Files\EasyCleaner O43 - CFD:Common File Directory ----D- C:\Program Files\eMule O43 - CFD:Common File Directory ----D- C:\Program Files\ePaperPress O43 - CFD:Common File Directory ----D- C:\Program Files\EPSON O43 - CFD:Common File Directory ----D- C:\Program Files\Exifer O43 - CFD:Common File Directory ----D- C:\Program Files\FamilySearch O43 - CFD:Common File Directory R---D- C:\Program Files\Fichiers communs O43 - CFD:Common File Directory ----D- C:\Program Files\File Scanner Library (Spybot - Search & Destroy) O43 - CFD:Common File Directory ----D- C:\Program Files\Foxit Software O43 - CFD:Common File Directory ----D- C:\Program Files\GedCom-Vision O43 - CFD:Common File Directory ----D- C:\Program Files\GedStar O43 - CFD:Common File Directory ----D- C:\Program Files\GNU O43 - CFD:Common File Directory ----D- C:\Program Files\GNU Solfege O43 - CFD:Common File Directory ----D- C:\Program Files\Google O43 - CFD:Common File Directory ----D- C:\Program Files\GrabIt O43 - CFD:Common File Directory ----D- C:\Program Files\Greeting Card Creator O43 - CFD:Common File Directory ----D- C:\Program Files\GRISOFT O43 - CFD:Common File Directory ----D- C:\Program Files\Guitar Pro 4 O43 - CFD:Common File Directory ----D- C:\Program Files\HanDBase3 O43 - CFD:Common File Directory ----D- C:\Program Files\HardwareDetection O43 - CFD:Common File Directory ----D- C:\Program Files\Harmony Assistant O43 - CFD:Common File Directory ----D- C:\Program Files\Helicon Software O43 - CFD:Common File Directory ----D- C:\Program Files\Hijackthis O43 - CFD:Common File Directory ----D- C:\Program Files\i2p O43 - CFD:Common File Directory ----D- C:\Program Files\icesword O43 - CFD:Common File Directory ----D- C:\Program Files\IfoEdit O43 - CFD:Common File Directory ----D- C:\Program Files\IKEA HomePlanner O43 - CFD:Common File Directory ----D- C:\Program Files\Illustrate O43 - CFD:Common File Directory ----D- C:\Program Files\iMule-1.4.5 O43 - CFD:Common File Directory --H-D- C:\Program Files\InstallShield Installation Information O43 - CFD:Common File Directory ----D- C:\Program Files\Internet Explorer O43 - CFD:Common File Directory ----D- C:\Program Files\Java O43 - CFD:Common File Directory ----D- C:\Program Files\Java(2) O43 - CFD:Common File Directory ----D- C:\Program Files\jv16 PowerTools O43 - CFD:Common File Directory ----D- C:\Program Files\K-Lite Codec Pack O43 - CFD:Common File Directory ----D- C:\Program Files\Kommute O43 - CFD:Common File Directory ----D- C:\Program Files\Lavalys O43 - CFD:Common File Directory ----D- C:\Program Files\LizardTech O43 - CFD:Common File Directory ----D- C:\Program Files\Logitech O43 - CFD:Common File Directory ----D- C:\Program Files\ma-config.com O43 - CFD:Common File Directory ----D- C:\Program Files\MagicISO O43 - CFD:Common File Directory ----D- C:\Program Files\Malwarebytes' Anti-Malware O43 - CFD:Common File Directory ----D- C:\Program Files\Managed DirectX (0901) O43 - CFD:Common File Directory ----D- C:\Program Files\MaxSplitter O43 - CFD:Common File Directory ----D- C:\Program Files\Media Player Classic O43 - CFD:Common File Directory ----D- C:\Program Files\Messenger O43 - CFD:Common File Directory ----D- C:\Program Files\Messenger Backup O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft AntiSpyware O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Baseline Security Analyzer 2 O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft CAPICOM 2.1.0.2 O43 - CFD:Common File Directory ----D- C:\Program Files\microsoft frontpage O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Games O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Money 2005 O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Office O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft.NET O43 - CFD:Common File Directory ----D- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy) O43 - CFD:Common File Directory ----D- C:\Program Files\Movie Maker O43 - CFD:Common File Directory ----D- C:\Program Files\Mozilla Firefox O43 - CFD:Common File Directory ----D- C:\Program Files\Mp3DirectCut O43 - CFD:Common File Directory ----D- C:\Program Files\MSBuild O43 - CFD:Common File Directory ----D- C:\Program Files\MSECache O43 - CFD:Common File Directory ----D- C:\Program Files\MSN O43 - CFD:Common File Directory ----D- C:\Program Files\MSN Gaming Zone O43 - CFD:Common File Directory ----D- C:\Program Files\MSXML 4.0 O43 - CFD:Common File Directory ----D- C:\Program Files\Musicalis O43 - CFD:Common File Directory ----D- C:\Program Files\MUTE O43 - CFD:Common File Directory ----D- C:\Program Files\myFairTunes O43 - CFD:Common File Directory ----D- C:\Program Files\MyVideoSoft O43 - CFD:Common File Directory ----D- C:\Program Files\NapShare O43 - CFD:Common File Directory ----D- C:\Program Files\Neat Image O43 - CFD:Common File Directory ----D- C:\Program Files\NetMeeting O43 - CFD:Common File Directory ----D- C:\Program Files\Newave O43 - CFD:Common File Directory ----D- C:\Program Files\Nikon O43 - CFD:Common File Directory ----D- C:\Program Files\Omer O43 - CFD:Common File Directory ----D- C:\Program Files\Outlook Express O43 - CFD:Common File Directory ----D- C:\Program Files\Pando Networks O43 - CFD:Common File Directory ----D- C:\Program Files\PDFtoMusic O43 - CFD:Common File Directory ----D- C:\Program Files\PeerGuardian2 O43 - CFD:Common File Directory ----D- C:\Program Files\PhotoFiltre O43 - CFD:Common File Directory ----D- C:\Program Files\Pinnacle O43 - CFD:Common File Directory ----D- C:\Program Files\PlayPianoTODAY O43 - CFD:Common File Directory ----D- C:\Program Files\PrivacyEraser Computing O43 - CFD:Common File Directory ----D- C:\Program Files\process monitor main O43 - CFD:Common File Directory ----D- C:\Program Files\PW O43 - CFD:Common File Directory ----D- C:\Program Files\QuickPar O43 - CFD:Common File Directory ----D- C:\Program Files\QuickTime O43 - CFD:Common File Directory ----D- C:\Program Files\RadCor O43 - CFD:Common File Directory ----D- C:\Program Files\Radio Fr Solo O43 - CFD:Common File Directory ----D- C:\Program Files\Reagclean O43 - CFD:Common File Directory ----D- C:\Program Files\Real O43 - CFD:Common File Directory ----D- C:\Program Files\Reference Assemblies O43 - CFD:Common File Directory ----D- C:\Program Files\RegClean O43 - CFD:Common File Directory ----D- C:\Program Files\RipTiger O43 - CFD:Common File Directory ----D- C:\Program Files\Sandboxie O43 - CFD:Common File Directory ----D- C:\Program Files\SanDisk O43 - CFD:Common File Directory ----D- C:\Program Files\SaverWiz O43 - CFD:Common File Directory ----D- C:\Program Files\ScummVM O43 - CFD:Common File Directory ----D- C:\Program Files\SDHelper (Spybot - Search & Destroy) O43 - CFD:Common File Directory ----D- C:\Program Files\SEAF O43 - CFD:Common File Directory ----D- C:\Program Files\Sensory O43 - CFD:Common File Directory ----D- C:\Program Files\Services en ligne O43 - CFD:Common File Directory ----D- C:\Program Files\Sibelius Software O43 - CFD:Common File Directory ----D- C:\Program Files\Simple Sudoku O43 - CFD:Common File Directory R---D- C:\Program Files\Skype O43 - CFD:Common File Directory ----D- C:\Program Files\SlySoft O43 - CFD:Common File Directory ----D- C:\Program Files\Smart Panel O43 - CFD:Common File Directory ----D- C:\Program Files\Smart Projects O43 - CFD:Common File Directory ----D- C:\Program Files\SmartGenealogy_2.8c O43 - CFD:Common File Directory ----D- C:\Program Files\SmartList To Go O43 - CFD:Common File Directory ----D- C:\Program Files\SoftLogica O43 - CFD:Common File Directory ----D- C:\Program Files\Sophos O43 - CFD:Common File Directory ----D- C:\Program Files\SpeedFan O43 - CFD:Common File Directory ----D- C:\Program Files\SpeedItUpFree O43 - CFD:Common File Directory ----D- C:\Program Files\SplashData O43 - CFD:Common File Directory ----D- C:\Program Files\Spybot - Search & Destroy O43 - CFD:Common File Directory ----D- C:\Program Files\StationRipper O43 - CFD:Common File Directory ----D- C:\Program Files\StealthNet O43 - CFD:Common File Directory ----D- C:\Program Files\Steinberg O43 - CFD:Common File Directory ----D- C:\Program Files\Sudoku O43 - CFD:Common File Directory ----D- C:\Program Files\Sudoku 3D Pro O43 - CFD:Common File Directory ----D- C:\Program Files\Sunbelt Software O43 - CFD:Common File Directory ----D- C:\Program Files\SUPERAntiSpyware O43 - CFD:Common File Directory ----D- C:\Program Files\SWI O43 - CFD:Common File Directory ----D- C:\Program Files\Synaesthete O43 - CFD:Common File Directory ----D- C:\Program Files\TeamViewer O43 - CFD:Common File Directory ----D- C:\Program Files\TeaTimer (Spybot - Search & Destroy) O43 - CFD:Common File Directory ----D- C:\Program Files\thinkingBytes O43 - CFD:Common File Directory ----D- C:\Program Files\TimeAdjuster O43 - CFD:Common File Directory ----D- C:\Program Files\Tweak-XP Pro 4 O43 - CFD:Common File Directory ----D- C:\Program Files\Ujihara O43 - CFD:Common File Directory ----D- C:\Program Files\Ulead Systems O43 - CFD:Common File Directory --H-D- C:\Program Files\Uninstall Information O43 - CFD:Common File Directory ----D- C:\Program Files\Universal Extractor O43 - CFD:Common File Directory ----D- C:\Program Files\Unlocker O43 - CFD:Common File Directory ----D- C:\Program Files\URLSnooper2 O43 - CFD:Common File Directory ----D- C:\Program Files\USB-set O43 - CFD:Common File Directory ----D- C:\Program Files\uTorrent O43 - CFD:Common File Directory ----D- C:\Program Files\VDMSound O43 - CFD:Common File Directory ----D- C:\Program Files\Vg O43 - CFD:Common File Directory ----D- C:\Program Files\VideoLAN O43 - CFD:Common File Directory ----D- C:\Program Files\VirtualDubMOD O43 - CFD:Common File Directory ----D- C:\Program Files\VOB O43 - CFD:Common File Directory ----D- C:\Program Files\VSO O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Defender O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Installer Clean Up O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live SkyDrive O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Connect 2 O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Player O43 - CFD:Common File Directory ----D- C:\Program Files\Windows NT O43 - CFD:Common File Directory --HAD- C:\Program Files\WindowsUpdate O43 - CFD:Common File Directory ----D- C:\Program Files\WinHTTrack O43 - CFD:Common File Directory ----D- C:\Program Files\WinPcap O43 - CFD:Common File Directory ----D- C:\Program Files\WinRAR O43 - CFD:Common File Directory ----D- C:\Program Files\WINTREE O43 - CFD:Common File Directory ----D- C:\Program Files\Winwap Technologies O43 - CFD:Common File Directory ----D- C:\Program Files\WinZip O43 - CFD:Common File Directory ----D- C:\Program Files\xerox O43 - CFD:Common File Directory ----D- C:\Program Files\Xi O43 - CFD:Common File Directory ----D- C:\Program Files\Yahoo! O43 - CFD:Common File Directory ----D- C:\Program Files\ZebHelpProcess 2 O43 - CFD:Common File Directory --H-D- C:\Program Files\Zero G Registry O43 - CFD:Common File Directory ----D- C:\Program Files\ZHPDiag O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Adobe ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.00000000000000000000000000000000] - 01/05/2010 - 15:38:09 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\WindowsUpdate.log [1644767] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 01/05/2010 - 15:32:40 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\0.log [0] O44 - LFC:[MD5.00000000000000000000000000000000] - 01/05/2010 - 15:32:19 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\wiadebug.log [159] O44 - LFC:[MD5.00000000000000000000000000000000] - 01/05/2010 - 15:32:05 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\wiaservc.log [50] O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 01/05/2010 - 15:31:46 -S-A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\bootstat.dat [2048] O44 - LFC:[MD5.E9BCDC26A846A78192DAA45369669A81] - 01/05/2010 - 15:27:23 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000000-00000000-0000000B-00001102-00000004-00401102}.rfx [3888] O44 - LFC:[MD5.E9BCDC26A846A78192DAA45369669A81] - 01/05/2010 - 15:27:23 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\BMXCtrlState-{00000000-00000000-0000000B-00001102-00000004-00401102}.rfx [3888] O44 - LFC:[MD5.00000000000000000000000000000000] - 01/05/2010 - 15:27:03 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\SchedLgU.Txt [32484] O44 - LFC:[MD5.043DA7677BFBAE621EDFD4E4D138B0F0] - 30/04/2010 - 20:40:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\avenger.txt [1774] O44 - LFC:[MD5.6490C3F6B8336D05DE8FCAD8C94F50C8] - 30/04/2010 - 13:22:20 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\PDOXUSRS.NET [13030] O44 - LFC:[MD5.23A8C23D9C43F96CAABA5102B2E9D85C] - 28/04/2010 - 20:19:01 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\ComboFix.txt [27327] O44 - LFC:[MD5.87AFDE2B95CB0FDB8477AB22D02BFC94] - 28/04/2010 - 20:06:26 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system.ini [274] O44 - LFC:[MD5.7F4247C03A71E65171CEBC339B37AB20] - 27/04/2010 - 19:14:37 RSHA- . (.Pas de propriétaire - Pas de description.) -- C:\boot.ini [282] O44 - LFC:[MD5.3CECCD255392A3A640830F3CF97CE162] - 27/04/2010 - 19:14:36 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Boot.bak [212] O44 - LFC:[MD5.48C65662EC81FBCAA110509F50C51497] - 27/04/2010 - 19:14:27 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\cmldr [263488] O44 - LFC:[MD5.AE72E8619CB31D84DA25E2435E55003C] - 27/04/2010 - 19:12:56 ---A- . (.NirSoft - NirCmd.) -- C:\WINDOWS\NIRCMD.exe [31232] O44 - LFC:[MD5.C5EC72A20B4C98DB5314E6C46765B148] - 27/04/2010 - 19:12:56 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\MBR.exe [77312] O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 27/04/2010 - 19:12:56 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\grep.exe [80412] O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 27/04/2010 - 19:12:56 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\sed.exe [98816] O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 27/04/2010 - 19:12:56 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\zip.exe [68096] O44 - LFC:[MD5.01D95A1F8CF13D07CC564AABB36BCC0B] - 27/04/2010 - 19:12:56 ---A- . (.SteelWerX - Freeware implementation of REG.EXE.) -- C:\WINDOWS\SWREG.exe [161792] O44 - LFC:[MD5.B7517DB073B28F5696A1E5528ABEB5D0] - 27/04/2010 - 19:12:56 ---A- . (.SteelWerX - Freeware implementation of SC.EXE.) -- C:\WINDOWS\SWSC.exe [136704] O44 - LFC:[MD5.B1A9CF0B6F80611D31987C247EC630B4] - 27/04/2010 - 19:12:56 ---A- . (.SteelWerX - Freeware implementation of XCACLS.) -- C:\WINDOWS\SWXCACLS.exe [212480] O44 - LFC:[MD5.1A6D80AA9E021EC3B094887D47202188] - 27/04/2010 - 12:26:33 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Ad-Report-CLEAN[1].txt [4714] O44 - LFC:[MD5.265672A002D063A3ED2D26F939E04FC3] - 27/04/2010 - 12:13:33 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Ad-Report-SCAN[1].txt [4046] O44 - LFC:[MD5.EC1C7B6CCFB28B096C9D514ACCF05C74] - 27/04/2010 - 09:12:51 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\TB.txt [3152] O44 - LFC:[MD5.4BB0628A9105D8C11B602E6F53470015] - 27/04/2010 - 07:59:24 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\drivers\fwdrv.err [1735460] O44 - LFC:[MD5.F1FBA6185A6A2BC6456970914875078E] - 26/04/2010 - 14:58:12 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\PEV.exe [256512] O44 - LFC:[MD5.FBFAF1C2C34F301BBE4C9407D2AC60E1] - 26/04/2010 - 11:21:59 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\wpa.dbl [2206] O44 - LFC:[MD5.7112190518B5AEAA05B259BBE393C9ED] - 25/04/2010 - 17:18:48 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\NeroDigital.ini [116] O44 - LFC:[MD5.43B537FA5AAC2FDE07A7E320E4362363] - 21/04/2010 - 06:53:57 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\3) [2133] O44 - LFC:[MD5.A9C93CE2627B78646BE5BBCB95DEC8EA] - 11/04/2010 - 12:59:25 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\win.ini [940] O44 - LFC:[MD5.19BC3077C98654C4F685624D8383BC2E] - 07/04/2010 - 06:10:06 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\Radio_Fr.ini [1208] O44 - LFC:[MD5.91BA33C14DF133FA79AFB6A92F582CDD] - 04/04/2010 - 15:41:28 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\d3d9caps.dat [664] O44 - LFC:[MD5.3C94558CD1705DA468C9562110F34069] - 04/04/2010 - 10:37:11 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\DonationCoder_urlsnooper_InstallInfo.dat [46] O44 - LFC:[MD5.7311558A1B943CED90A75E0409F5C5D9] - 04/04/2010 - 10:36:32 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\-1 [57] O44 - LFC:[MD5.CF236C6C37519794C8CB663FA639297D] - 03/04/2010 - 11:06:51 ---A- . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\WINDOWS\System32\java.exe [145184] O44 - LFC:[MD5.8BB5783B22869D303B2E624947A9A52A] - 03/04/2010 - 11:06:51 ---A- . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\WINDOWS\System32\javaw.exe [145184] O44 - LFC:[MD5.AC600895C014D245B03749CA3B5CBED4] - 03/04/2010 - 11:06:51 ---A- . (.Sun Microsystems, Inc. - Java Web Start Launcher.) -- C:\WINDOWS\System32\javaws.exe [153376] O44 - LFC:[MD5.FC1F0157B07D3FA402FC629AE9B977AE] - 03/04/2010 - 11:06:29 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\jupdate-1.6.0_19-b04.log [4229] O44 - LFC:[MD5.C71E8FF0D92FF876EB1C591A34AFDD03] - 03/04/2010 - 11:05:56 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\PerfStringBackup.INI [1395924] O44 - LFC:[MD5.842A215C78E052C380DCB2515035588F] - 03/04/2010 - 11:05:56 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfc009.dat [102990] O44 - LFC:[MD5.E2E8D636EFC592EB4E0383DEEC8E42F3] - 03/04/2010 - 11:05:56 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfc00C.dat [123638] O44 - LFC:[MD5.87D027A624CA713E45C12986BE94972C] - 03/04/2010 - 11:05:56 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfh009.dat [535828] O44 - LFC:[MD5.36A359FF2187AD2C10957403688B50CA] - 03/04/2010 - 11:05:56 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfh00C.dat [615420] ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll O46 - SEH:ShellExecuteHooks - Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\PROGRA~1\WINDOW~4\MpShHook.dll ---\\ Export de clé d'application autorisée (ECAA) (O47) O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\dpnsvr.exe" [Disabled] .(.Microsoft Corporation - Microsoft DirectPlay8 Server.) -- C:\WINDOWS\system32\dpnsvr.exe O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\sessmgr.exe" [Disabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe O47 - AAKE:Key Export SP - "C:\Program Files\eMule\emule.exe" [Disabled] .(.http://www.emule-project.net - eMule.) -- C:\Program Files\eMule\emule.exe O47 - AAKE:Key Export SP - "C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe" [Enabled] .(.Sunbelt Software - Sunbelt Kerio Firewall GUI.) -- C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe O47 - AAKE:Key Export SP - "C:\Program Files\uTorrent\uTorrent.exe" [Enabled] .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe O47 - AAKE:Key Export SP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe O47 - AAKE:Key Export SP - "C:\Program Files\Skype\Phone\Skype.exe" [Enabled] .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" [Enabled] .(.Microsoft Corporation - Windows Live Call.) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [Enabled] .(.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe O47 - AAKE:Key Export DP - "C:\Program Files\MSN Messenger\msncall.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\MSN Messenger\msncall.exe O47 - AAKE:Key Export DP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) (.not file.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O47 - AAKE:Key Export DP - "C:\Program Files\MSN Messenger\livecall.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\MSN Messenger\livecall.exe O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" [Enabled] .(.Microsoft Corporation - Windows Live Call.) (.not file.) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [Enabled] .(.Microsoft Corporation - Windows Live Messenger.) (.not file.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe ---\\ Image File Execution Options (IFEO) (O50) O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d ---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52) O52 - TDSD: \Drivers32\"msacm.trspch"="tssoft32.acm" . (.DSP GROUP, INC. - Codec audio TrueSpeech DSP Group pour MSACM V3.50.) -- C:\WINDOWS\System32\tssoft32.acm O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\WINDOWS\System32\iccvid.dll O52 - TDSD: \Drivers32\"vidc.iv31"="ir32_32.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ir32_32.dll O52 - TDSD: \Drivers32\"vidc.iv32"="ir32_32.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ir32_32.dll O52 - TDSD: \Drivers32\"msacm.sl_anet"="sl_anet.acm" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm O52 - TDSD: \Drivers32\"vidc.iv50"="ir50_32.dll" . (.Intel Corporation - Intel Indeo® video 5.10.) -- C:\WINDOWS\System32\ir50_32.dll O52 - TDSD: \Drivers32\"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax O52 - TDSD: \Drivers32\"VIDC.DIVX"="divx.dll" . (.DivX, Inc. - DivX.) -- C:\WINDOWS\System32\divx.dll O52 - TDSD: \Drivers32\"VIDC.XVID"="xvidvfw.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\xvidvfw.dll O52 - TDSD: \Drivers32\"vidc.iv41"="Ir41_32.ax" . (.Intel Corporation - Intel Indeo® Video 4.5.) -- C:\WINDOWS\System32\Ir41_32.ax O52 - TDSD: \Drivers32\"VIDC.YV12"="yv12vfw.dll" . (.www.helixcommunity.org - Helix YV12 YUV Codec.) -- C:\WINDOWS\System32\yv12vfw.dll O52 - TDSD: \Drivers32\"msacm.vorbis"="vorbis.acm" . (.HMS http://hp.vector.co.jp/authors/VA012897 - Ogg Vorbis CODEC for MSACM.) -- C:\WINDOWS\System32\vorbis.acm O52 - TDSD: \Drivers32\"msacm.ac3acm"="ac3acm.acm" . (.fccHandler - AC-3 ACM Codec.) -- C:\WINDOWS\System32\ac3acm.acm O52 - TDSD: \Drivers32\"msacm.lameacm"="lameACM.acm" . (.http://www.mp3dev.org/ - Lame MP3 codec engine.) -- C:\WINDOWS\System32\lameACM.acm O52 - TDSD: \Drivers32\"msacm.divxa32"="divxa32.acm" . (.Kristal Studi - DivX WMA Audi.) -- C:\WINDOWS\System32\divxa32.acm O52 - TDSD: \Drivers32\"VIDC.FFDS"="ff_vfw.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ff_vfw.dll O52 - TDSD: \Drivers32\"vidc.tscc"="tsccvid.dll" . (.TechSmith Corporation - TechSmith Screen Capture Codec.) -- C:\WINDOWS\System32\tsccvid.dll O52 - TDSD: \drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm O52 - TDSD: \drivers.desc\"C:\WINDOWS\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\System32\l3codeca.acm O52 - TDSD: \drivers.desc\"tssoft32.acm"="tssoft32.acm" . (.DSP GROUP, INC. - Codec audio TrueSpeech DSP Group pour MSACM V3.50.) -- C:\WINDOWS\System32\tssoft32.acm O52 - TDSD: \drivers.desc\"iccvid.dll"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\WINDOWS\System32\iccvid.dll O52 - TDSD: \drivers.desc\"ir32_32.dll"="ir32_32.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ir32_32.dll O52 - TDSD: \drivers.desc\"Ir50_32.dll"="Indeo® video 5.10" . (.Pas de propriétaire - Pas de description.) -- (.not file.) O52 - TDSD: \drivers.desc\"iyvu9_32.dll"="Indeo® video Raw YVU9 by Intel" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\iyvu9_32.dll O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\Iac25_32.ax"="Indeo® audio software" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\Iac25_32.ax O52 - TDSD: \drivers.desc\"divx.dll"="DivX Pro 6.7.0" . (.Pas de propriétaire - Pas de description.) -- (.not file.) O52 - TDSD: \drivers.desc\"xvidvfw.dll"="Xvid MPEG-4 Video Codec v1.2.0-dev" . (.Pas de propriétaire - Pas de description.) -- (.not file.) O52 - TDSD: \drivers.desc\"lameACM.acm"="Lame ACM MP3 CODEC v3.97b2" . (.Pas de propriétaire - Pas de description.) -- (.not file.) O52 - TDSD: \drivers.desc\"vorbis.acm"="Ogg Vorbis Audio Codec" . (.HMS http://hp.vector.co.jp/authors/VA012897 - Ogg Vorbis CODEC for MSACM.) -- C:\WINDOWS\System32\vorbis.acm O52 - TDSD: \drivers.desc\"Ir41_32.ax"="Indeo® video interactive R4.3 by Intel" . (.Pas de propriétaire - Pas de description.) -- (.not file.) O52 - TDSD: \drivers.desc\"ac3acm.acm"="AC-3 ACM Codec" . (.fccHandler - AC-3 ACM Codec.) -- C:\WINDOWS\System32\ac3acm.acm O52 - TDSD: \drivers.desc\"divxa32.acm"="DivX Audio" . (.Kristal Studi - DivX WMA Audi.) -- C:\WINDOWS\System32\divxa32.acm O52 - TDSD: \drivers.desc\"ff_vfw.dll"="ffdshow video encoder" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ff_vfw.dll O52 - TDSD: \drivers.desc\"tsccvid.dll"="TechSmith Screen Capture Codec" . (.TechSmith Corporation - TechSmith Screen Capture Codec.) -- C:\WINDOWS\System32\tsccvid.dll ---\\ ShareTools MSconfig StartupReg (SMSR) (O53) O53 - SMSR:HKLM\...\startupreg\LogitechQuickCamRibbon [Key] . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ---\\ Microsoft Control Security Providers (MCSP) (O54) O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll ---\\ Microsoft Windows Policies System (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0 O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"= O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"= O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "DisableRegistryTools"=0 ---\\ Microsoft Windows Policies Explorer (MWPE) (O56) O56 - MWPE:[HKCU\...\Policies\Explorer] - "NoDriveTypeAutoRun"=323 O56 - MWPE:[HKCU\...\Policies\Explorer] - "NoDriveAutoRun"=67108863 O56 - MWPE:[HKCU\...\Policies\Explorer] - "NoDrives"=0 O56 - MWPE:[HKLM\...\Policies\Explorer] - "HonorAutoRunSetting"=1 O56 - MWPE:[HKLM\...\Policies\Explorer] - "NoDriveTypeAutoRun"=323 O56 - MWPE:[HKLM\...\Policies\Explorer] - "NoDriveAutoRun"=67108863 O56 - MWPE:[HKLM\...\Policies\Explorer] - "NoDrives"=0 ---\\ Liste des Drivers Système (SDL) (O58) O58 - SDL:[MD5.95B4FB835E28AA1336CEEB07FD5B9398] - 13/04/2008 - 19:36:39 ---A- . (.Advanced Micro Devices, Inc. - AMD Win2000 AGP Filter.) -- C:\WINDOWS\system32\drivers\amdagp.sys O58 - SDL:[MD5.116BFF96077A4A724E0AAB800525CEB5] - 28/08/2002 - 22:59:12 ---A- . (.ADMtek Incorporated. - ADMtek AN983/AN985/ADM951X NDIS5 Driver.) -- C:\WINDOWS\system32\drivers\an983.sys O58 - SDL:[MD5.875F9079CABEE679D34B49E466B61701] - 17/04/2002 - 19:27:02 ---A- . (.VOB Computersysteme GmbH - ASAPI.) -- C:\WINDOWS\system32\drivers\asapiW2k.sys O58 - SDL:[MD5.D649C57DA6FA762C64013747E5D7D2D6] - 03/08/2004 - 21:29:30 ---A- . (.ATI Technologies Inc. - ATI WDM BT829 MiniDriver (A).) -- C:\WINDOWS\system32\drivers\ati1btxx.sys O58 - SDL:[MD5.60B6AA2DC1521DA343F781B70EB7895A] - 03/08/2004 - 21:29:30 ---A- . (.ATI Technologies Inc. - ATI Specialized MVD VBI Codec.) -- C:\WINDOWS\system32\drivers\ati1mdxx.sys O58 - SDL:[MD5.6FDC61E8E8E17F6ECC2D9A10FA8DF347] - 03/08/2004 - 21:29:30 ---A- . (.ATI Technologies Inc. - ATI Specialized PCD VBI Codec.) -- C:\WINDOWS\system32\drivers\ati1pdxx.sys O58 - SDL:[MD5.9D318099BF3876A4AF4BC75966D27603] - 03/08/2004 - 21:29:32 ---A- . (.ATI Technologies Inc. - ATI Rage Theater Audio WDM Minidriver.) -- C:\WINDOWS\system32\drivers\ati1raxx.sys O58 - SDL:[MD5.BCAF267B10620F8C93F6E87AB726E145] - 03/08/2004 - 21:29:32 ---A- . (.ATI Technologies Inc. - ATI WDM Rage Theater MiniDriver.) -- C:\WINDOWS\system32\drivers\ati1rvxx.sys O58 - SDL:[MD5.DAC7D785CF62F5BD41441E9D6F5A6EFE] - 03/08/2004 - 21:29:32 ---A- . (.ATI Technologies Inc. - ATI WDM TV Sound MiniDriver.) -- C:\WINDOWS\system32\drivers\ati1snxx.sys O58 - SDL:[MD5.F7706DAE7D101F1B19CE552D772EBFCE] - 03/08/2004 - 21:29:32 ---A- . (.ATI Technologies Inc. - ATI WDM Teletext Decoder.) -- C:\WINDOWS\system32\drivers\ati1ttxx.sys O58 - SDL:[MD5.6F714B4720DD80FFA9F8D2731594EA4C] - 03/08/2004 - 21:29:32 ---A- . (.ATI Technologies Inc. - ATI WDM TVTuner MiniDriver.) -- C:\WINDOWS\system32\drivers\ati1tuxx.sys O58 - SDL:[MD5.67FFBC158DD4D27BA3FC92C6ACD87F73] - 03/08/2004 - 21:29:32 ---A- . (.ATI Technologies Inc. - ATI WDM CrossBar MiniDriver.) -- C:\WINDOWS\system32\drivers\ati1xbxx.sys O58 - SDL:[MD5.0D8CAB1F08F7D3C4DE228B49E12E596A] - 03/08/2004 - 21:29:32 ---A- . (.ATI Technologies Inc. - ATI WDM TVAUDIO_CrossBar MiniDriver.) -- C:\WINDOWS\system32\drivers\ati1xsxx.sys O58 - SDL:[MD5.A2F791E99FD6EECEBCCFB1953A1D6F24] - 19/08/2004 - 14:53:40 ---A- . (.ATI Technologies Inc. - Pilote de miniport ATI RAGE 128.) -- C:\WINDOWS\system32\drivers\ati2mtaa.sys O58 - SDL:[MD5.492BD2A5F65F218D4EDE5764A3BB67E9] - 03/05/2006 - 17:50:42 ---A- . (.ATI Technologies Inc. - ATI Radeon WindowsNT Miniport Driver.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys O58 - SDL:[MD5.993E7BD6438FE989E328C6B4BCA246A9] - 03/08/2004 - 21:29:28 ---A- . (.ATI Technologies Inc. - ATI WDM BT829 MiniDriver (A).) -- C:\WINDOWS\system32\drivers\atinbtxx.sys O58 - SDL:[MD5.ED4C2BF8403F4437987C0BA09CF48716] - 03/08/2004 - 21:29:30 ---A- . (.ATI Technologies Inc. - ATI Specialized MVD VBI Codec RT2.) -- C:\WINDOWS\system32\drivers\atinmdxx.sys O58 - SDL:[MD5.E90AC2B14E98F1A4372E5891B4278784] - 03/08/2004 - 21:29:30 ---A- . (.ATI Technologies Inc. - ATI Specialized PCD VBI Codec RT2.) -- C:\WINDOWS\system32\drivers\atinpdxx.sys O58 - SDL:[MD5.DA36687D701C833430605A298731410B] - 03/08/2004 - 21:29:30 ---A- . (.ATI Technologies Inc. - ATI Rage Theater Audio WDM Minidriver.) -- C:\WINDOWS\system32\drivers\atinraxx.sys O58 - SDL:[MD5.A7A01B907DB63898D40B0A14248FF9A2] - 03/08/2004 - 21:29:32 ---A- . (.ATI Technologies Inc. - ATI WDM Rage Theater MiniDriver RT2.) -- C:\WINDOWS\system32\drivers\atinrvxx.sys O58 - SDL:[MD5.CEDDEE2E0591894D19654D458FD3B9BE] - 03/08/2004 - 21:29:32 ---A- . (.ATI Technologies Inc. - ATI WDM TV Sound MiniDriver.) -- C:\WINDOWS\system32\drivers\atinsnxx.sys O58 - SDL:[MD5.D80A8F6C0A717446496C3A06D33B0D9C] - 03/08/2004 - 21:29:32 ---A- . (.ATI Technologies Inc. - ATI WDM Teletext Decoder.) -- C:\WINDOWS\system32\drivers\atinttxx.sys O58 - SDL:[MD5.EDD66332608D27F4FD5069BCD0BC5164] - 03/08/2004 - 21:29:32 ---A- . (.ATI Technologies Inc. - ATI WDM TVTuner MiniDriver.) -- C:\WINDOWS\system32\drivers\atintuxx.sys O58 - SDL:[MD5.3E7D485CBD0B0D9F6EA2AD9442411831] - 03/08/2004 - 21:29:32 ---A- . (.ATI Technologies Inc. - ATI WDM CrossBar MiniDriver.) -- C:\WINDOWS\system32\drivers\atinxbxx.sys O58 - SDL:[MD5.77B575D7AAB35D5908AE6CE681608D62] - 03/08/2004 - 21:29:32 ---A- . (.ATI Technologies Inc. - ATI WDM TVAUDIO_CrossBar MiniDriver RT2.) -- C:\WINDOWS\system32\drivers\atinxsxx.sys O58 - SDL:[MD5.5B44C214F9CD9F590BE9125347610380] - 13/02/2009 - 11:17:49 ---A- . (.Avira GmbH - Avira AntiVir File Filter Driver.) -- C:\WINDOWS\system32\drivers\avgntdd.sys O58 - SDL:[MD5.14FE36D8F2C6A2435275338D061A0B66] - 10/12/2009 - 19:28:27 ---A- . (.Avira GmbH - Avira Minifilter Driver.) -- C:\WINDOWS\system32\drivers\avgntflt.sys O58 - SDL:[MD5.2DAA8CC2670720DEDDCC74A20EDE2EE9] - 13/02/2009 - 11:28:39 ---A- . (.Avira GmbH - Avira AntiVir File Filter Driver Manager.) -- C:\WINDOWS\system32\drivers\avgntmgr.sys O58 - SDL:[MD5.AD9BD66A862116E79CB45BB6BE46055F] - 30/03/2009 - 09:32:47 ---A- . (.Avira GmbH - Avira Driver for RootKit Detection.) -- C:\WINDOWS\system32\drivers\avipbb.sys O58 - SDL:[MD5.35A301482478E97BE6E1C2748CE930E1] - 02/07/2003 - 17:41:42 ---A- . (.Pas de propriétaire - SCSI miniport.) -- C:\WINDOWS\system32\drivers\axwhisky.sys O58 - SDL:[MD5.F3B1CE696CCF6448C85E7CDC702098D8] - 02/07/2003 - 16:49:52 ---A- . (.Pas de propriétaire - Plug and Play BIOS Extension.) -- C:\WINDOWS\system32\drivers\axwskbus.sys O58 - SDL:[MD5.AABFFD787AB272FC903AFEEB336C6899] - 21/11/2006 - 00:36:58 ---A- . (.CH Products - CH Control Manager Driver 1.) -- C:\WINDOWS\system32\drivers\chdrvr01.sys O58 - SDL:[MD5.7536FB70BCBF5D10B810E67E72F68137] - 22/12/2005 - 22:41:52 ---A- . (.CH Products - CH Control Manager Driver 2.) -- C:\WINDOWS\system32\drivers\chdrvr02.sys O58 - SDL:[MD5.07E3319E5BAE758CEB83C80419681B6A] - 22/12/2005 - 22:41:44 ---A- . (.CH Products - CH Control Manager Driver 3.) -- C:\WINDOWS\system32\drivers\chdrvr03.sys O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 28/08/2001 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\drivers\cinemst2.sys O58 - SDL:[MD5.9624293E55AD405415862B504CA95B73] - 28/08/2001 - 13:00:00 ---A- . (.Compaq Computer Corporation - Compaq PA-1 Player Driver.) -- C:\WINDOWS\system32\drivers\cpqdap01.sys O58 - SDL:[MD5.D653F455B176529F0427B24361139619] - 11/09/2001 - 13:10:14 R--A- . (.Creative Technology Ltd. - Creative OS Services Driver (WDM).) -- C:\WINDOWS\system32\drivers\ctoss2k.sys O58 - SDL:[MD5.EF99D8DAB9FCE9B734B40D5E0DD6ABB4] - 02/10/2001 - 16:06:30 R--A- . (.Creative Technology Ltd - Creative EMU10Kx Device Driver (WDM).) -- C:\WINDOWS\system32\drivers\e10kx2k.sys O58 - SDL:[MD5.59C9E1336A4508F059827D638E924C62] - 28/11/2002 - 15:18:04 ---A- . (.Elaborate Bytes AG - ElbyCDIO Filter Driver.) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys O58 - SDL:[MD5.389823DB299B350F2EE830D47376EEAC] - 29/11/2002 - 12:38:16 ---A- . (.Elaborate Bytes AG - ElbyCD Windows NT/2000/XP I/O driver.) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys O58 - SDL:[MD5.C4143FC2F7D39A5A8B1CFE0BC4BD8A9E] - 28/11/2002 - 11:43:49 ---A- . (.Elaborate Bytes AG - VirtualCloneCD Driver.) -- C:\WINDOWS\system32\drivers\ElbyVCD.sys O58 - SDL:[MD5.1FF2EEF447A177DF2C544B80F8F7F879] - 18/07/2006 - 11:02:50 ---A- . (.Sunbelt Software - Sunbelt Kerio Firewall FWDRV.) -- C:\WINDOWS\system32\drivers\fwdrv.sys O58 - SDL:[MD5.970178E8E003EB1481293830069624B9] - 03/08/2004 - 21:41:48 ---A- . (.Conexant Systems, Inc. - HSF_HWB2 WDM driver.) -- C:\WINDOWS\system32\drivers\hsfbs2s2.sys O58 - SDL:[MD5.1225EBEA76AAC3C84DF6C54FE5E5D8BE] - 03/08/2004 - 21:41:50 ---A- . (.Conexant Systems, Inc. - HSF_CNXT driver.) -- C:\WINDOWS\system32\drivers\hsfcxts2.sys O58 - SDL:[MD5.EBB354438A4C5A3327FB97306260714A] - 03/08/2004 - 21:41:56 ---A- . (.Conexant Systems, Inc. - HSF_DP driver.) -- C:\WINDOWS\system32\drivers\hsfdpsp2.sys O58 - SDL:[MD5.0A7C49B48C772591A2D362DAA00246C8] - 03/03/2004 - 21:30:54 ---A- . (.Ahead Software AG - NERO IMAGEDRIVE SCSI miniport.) -- C:\WINDOWS\system32\drivers\imagedrv.sys O58 - SDL:[MD5.549BA4F539E7B8D8129500B96DD7B27A] - 03/03/2004 - 21:30:54 ---A- . (.Ahead Software AG - Nero Image Server.) -- C:\WINDOWS\system32\drivers\imagesrv.sys O58 - SDL:[MD5.AD81C7B17A815C872881BB56F42E56F4] - 26/03/2003 - 04:25:32 R--A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\WINDOWS\system32\drivers\iteraid.sys O58 - SDL:[MD5.304CE9FB3D64CAA07B940BEF4F8C2DCD] - 18/07/2006 - 11:02:52 ---A- . (.Sunbelt Software - Sunbelt Kerio Host Intrusion Prevention Driver.) -- C:\WINDOWS\system32\drivers\khips.sys O58 - SDL:[MD5.9A3D4FC6B86E7E36473079AB76AC703D] - 06/02/2007 - 16:42:40 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\drivers\Lvckap.sys O58 - SDL:[MD5.0ACBC11F19320AF6C19F2E20013D9095] - 06/02/2007 - 16:44:36 ---A- . (.Logitech Inc. - Logitech Machine Vision Engine Loader.) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys O58 - SDL:[MD5.E8ACF6DD83956FB63CEB058D5F51B18A] - 03/02/2007 - 09:30:58 ---A- . (.Logitech Inc. - Logitech AudioProcessing Filter Driver.) -- C:\WINDOWS\system32\drivers\lvpopflt.sys O58 - SDL:[MD5.12866641284EBB41E627BB53C04DA959] - 06/02/2007 - 16:45:04 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys O58 - SDL:[MD5.6E59BC28A41F8A2B702D345A5604652F] - 23/06/2006 - 23:29:43 R--A- . (.Logitech Inc. - Logitech Selective Suspend filter Driver.) -- C:\WINDOWS\system32\drivers\lvselsus.sys O58 - SDL:[MD5.64BC29C3A0388BFC580BB8B1346F7659] - 03/02/2007 - 09:32:36 ---A- . (.Logitech Inc. - USB Statistic Driver.) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys O58 - SDL:[MD5.922BE6770499220DC27B529CA236815A] - 03/02/2007 - 09:32:46 ---A- . (.Logitech Inc. - Logitech USB Video Class Driver.) -- C:\WINDOWS\system32\drivers\lvuvc.sys O58 - SDL:[MD5.5C329E2AB8DD62310213CBFAC0178539] - 03/02/2007 - 09:33:00 ---A- . (.Logitech Inc. - Logitech USB Video Class Filter Driver.) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys O58 - SDL:[MD5.F61B04F2BB5098A34817D776C59E5E7C] - 30/03/2010 - 23:45:52 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbam.sys O58 - SDL:[MD5.75B8EF2A089127E8A3B38F46CC366D79] - 30/03/2010 - 23:46:30 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys O58 - SDL:[MD5.195741AEE20369980796B557358CD774] - 03/08/2004 - 21:41:56 ---A- . (.Conexant - Diagnostic Interface DRIVER.) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys O58 - SDL:[MD5.4D2D882DAEE49B35B7B56FD9444564E9] - 11/12/2007 - 01:05:36 R--A- . (.DiBcom SA - DiBcom AVSTREAM BDA driver.) -- C:\WINDOWS\system32\drivers\mod7700.sys O58 - SDL:[MD5.370E88453EC0D7BEA6EB24BE8D865DBE] - 19/10/2007 - 14:32:58 R--A- . (.DiBcom S.A. - HID Infrared Remote Control minidriver.) -- C:\WINDOWS\system32\drivers\modrc.sys O58 - SDL:[MD5.C53775780148884AC87C455489A0C070] - 03/08/2004 - 21:41:40 ---A- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\drivers\mtlmnt5.sys O58 - SDL:[MD5.54886A652BF5685192141DF304E923FD] - 03/08/2004 - 21:41:38 ---A- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\drivers\mtlstrm.sys O58 - SDL:[MD5.6DDA78A0BE692B61B668FAB860F276CF] - 03/08/2004 - 21:29:38 ---A- . (.Matrox Graphics Inc. - Matrox Parhelia Miniport Driver.) -- C:\WINDOWS\system32\drivers\mtxparhm.sys O58 - SDL:[MD5.BE984D604D91C217355CDD3737AAD25D] - 28/08/2001 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - NikeDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\nikedrv.sys O58 - SDL:[MD5.B9730495E0CF674680121E34BD95A73B] - 20/10/2009 - 19:19:44 ---A- . (.CACE Technologies, Inc. - npf.sys (NT5/6 x86) Kernel Driver.) -- C:\WINDOWS\system32\drivers\npf.sys O58 - SDL:[MD5.576B34CEAE5B7E5D9FD2775E93B3DB53] - 03/08/2004 - 21:41:40 ---A- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\drivers\ntmtlfax.sys O58 - SDL:[MD5.2B298519EDBFCF451D43E0F1E8F1006D] - 03/08/2004 - 21:29:56 ---A- . (.NVIDIA Corporation - NVIDIA Compatible Windows 2000 Miniport Driver, Version 56.73.) -- C:\WINDOWS\system32\drivers\nv4_mini.sys O58 - SDL:[MD5.5B6C11DE7E839C05248CED8825470FEF] - 29/11/2008 - 13:53:06 ---A- . (.VSO Software - low level access layer for CD/DVD/BD devices.) -- C:\WINDOWS\system32\drivers\pcouffin.sys O58 - SDL:[MD5.EEDB845B7648D6FD632DDB8744892743] - 02/02/2007 - 16:30:34 ---A- . (.Pinnacle Systems GmbH - Virtual NDIS miniport driver.) -- C:\WINDOWS\system32\drivers\PctvVirtualNdis.sys O58 - SDL:[MD5.C3127BFDAB6200769B5A0184FAB48573] - 22/05/2002 - 00:00:00 ---A- . (.Engelmann GmbH - PrecSim SCSI miniport.) -- C:\WINDOWS\system32\drivers\precsim.sys O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 28/08/2001 - 13:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\drivers\ptilink.sys O58 - SDL:[MD5.49452BFCEC22F36A7A9B9C2181BC3042] - 20/11/2008 - 20:19:06 ---A- . (.Sonic Solutions - Px Engine Device Driver for Windows 2000/XP.) -- C:\WINDOWS\system32\drivers\pxhelp20.sys O58 - SDL:[MD5.E9AAA0092D74A9D371659C4C38882E12] - 03/08/2004 - 21:41:40 ---A- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\drivers\recagent.sys O58 - SDL:[MD5.A56FE08EC7473E8580A390BB1081CDD7] - 28/08/2001 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - Rio8Drv.sys Usb Driver.) -- C:\WINDOWS\system32\drivers\rio8drv.sys O58 - SDL:[MD5.0A854DF84C77A0BE205BFEAB2AE4F0EC] - 28/08/2001 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - RioDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\riodrv.sys O58 - SDL:[MD5.0DBCC071A268E0340A2BA6BDD98BACE4] - 03/08/2004 - 21:29:52 ---A- . (.S3 Graphics, Inc. - S3 ProSavage(DDR) & Twister Miniport Driver.) -- C:\WINDOWS\system32\drivers\s3gnbm.sys O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 13/11/2007 - 11:25:54 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\WINDOWS\system32\drivers\secdrv.sys O58 - SDL:[MD5.6B33D0EBD30DB32E27D1D78FE946A754] - 13/04/2008 - 19:36:39 ---A- . (.Silicon Integrated Systems Corporation - SiS NT AGP Filter.) -- C:\WINDOWS\system32\drivers\sisagp.sys O58 - SDL:[MD5.D9673011648A71ED1E1F77B831BC85E6] - 03/08/2004 - 21:41:42 ---A- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\drivers\slnt7554.sys O58 - SDL:[MD5.2C1779C0FEB1F4A6033600305EBA623A] - 03/08/2004 - 21:41:44 ---A- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\drivers\slntamr.sys O58 - SDL:[MD5.F9B8E30E82EE95CF3E1D3E495599B99C] - 03/08/2004 - 21:41:46 ---A- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\drivers\slnthal.sys O58 - SDL:[MD5.DB56BB2C55723815CF549D7FC50CFCEB] - 03/08/2004 - 21:41:46 ---A- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\drivers\slwdmsup.sys O58 - SDL:[MD5.3AD0362CF68DE3AC500E981700242CCA] - 03/10/2009 - 14:04:29 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\WINDOWS\system32\drivers\ssmdrv.sys O58 - SDL:[MD5.465DC203AD69D56F290480DAE756A9F9] - 27/09/2005 - 08:00:02 ---A- . (.PACE Anti-Piracy, Inc. - InterLok system file.) -- C:\WINDOWS\system32\drivers\TPkd.sys O58 - SDL:[MD5.D74A8EC75305F1D3CFDE7C7FC1BD62A9] - 28/08/2001 - 13:00:00 ---A- . (.Toshiba Corporation - WDM Toshiba Tecra Video Capture Driver.) -- C:\WINDOWS\system32\drivers\tsbvcap.sys O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 28/08/2001 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\drivers\vdmindvd.sys O58 - SDL:[MD5.D956827780A0B7EAE97930116E5649F7] - 04/05/2001 - 08:24:52 ---A- . (.VIA Technologies. Inc. - VIA PFD driver.) -- C:\WINDOWS\system32\drivers\VIAPFD.SYS O58 - SDL:[MD5.0308AEF61941E4AF478FA1A0F83812F5] - 03/08/2004 - 21:29:40 ---A- . (.Intel® Corporation - Digital Display Minidriver for Intel® Graphics Driver.) -- C:\WINDOWS\system32\drivers\wadv07nt.sys O58 - SDL:[MD5.714038A8AA5DE08E12062202CD7EAEB5] - 03/08/2004 - 21:29:40 ---A- . (.Intel® Corporation - Digital Display Minidriver for Intel® Graphics Driver.) -- C:\WINDOWS\system32\drivers\wadv08nt.sys O58 - SDL:[MD5.7BB3AA595E4507A788DE1CDC63F4C8C4] - 03/08/2004 - 21:29:42 ---A- . (.Intel® Corporation - Digital Display Minidriver for Intel® Graphics Driver.) -- C:\WINDOWS\system32\drivers\wadv09nt.sys O58 - SDL:[MD5.36E6C405B6143D09687F4056FD9A0D10] - 03/08/2004 - 21:29:42 ---A- . (.Intel® Corporation - Digital Display Minidriver for Intel® Graphics Driver.) -- C:\WINDOWS\system32\drivers\wadv11nt.sys O58 - SDL:[MD5.352FA0E98BC461CE1CE5D41F64DB558D] - 03/08/2004 - 21:29:46 ---A- . (.Intel® Corporation - Digital Display Minidriver for Intel® Graphics Driver.) -- C:\WINDOWS\system32\drivers\watv06nt.sys O58 - SDL:[MD5.791CC45DE6E50445BE72E8AD6401FF45] - 03/08/2004 - 21:29:46 ---A- . (.Intel® Corporation - Digital Display Minidriver for Intel® Graphics Driver.) -- C:\WINDOWS\system32\drivers\watv10nt.sys O58 - SDL:[MD5.BA898B29F0DBF9307F494475A8393F03] - 05/05/2005 - 16:01:34 RSH-- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\0AA48D50C7.sys O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 28/08/2001 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ansi.sys O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 28/08/2001 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\country.sys O58 - SDL:[MD5.77EBF3E9386DAA51551AF429052D88D0] - 03/04/1996 - 20:33:26 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\giveio.sys O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 28/08/2001 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\himem.sys O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 28/08/2001 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\key01.sys O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 28/08/2002 - 20:23:06 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\keyboard.sys O58 - SDL:[MD5.F171E6EC36928C226BB43D111C759F58] - 05/05/2005 - 16:15:39 -SHA- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\KGyGaAvL.sys O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 28/08/2001 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos.sys O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 28/08/2001 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos404.sys O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 28/08/2001 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos411.sys O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 28/08/2001 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos412.sys O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 28/08/2001 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos804.sys O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 03/08/2004 - 21:45:26 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio.sys O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 03/08/2004 - 21:45:16 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio404.sys O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 03/08/2004 - 21:45:12 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio411.sys O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 03/08/2004 - 21:45:16 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio412.sys O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 03/08/2004 - 21:45:14 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio804.sys O58 - SDL:[MD5.D703F972D23867DFD4EE9A9EF9CB767E] - 15/06/2005 - 15:55:53 ---A- . (.Windows ® 2000 DDK provider - SpeedFan Device Driver.) -- C:\WINDOWS\system32\speedfan.sys O58 - SDL:[MD5.F05028B163B92C302A74409D683AC9B0] - 27/04/2007 - 14:19:44 ---A- . (.AntiCracking - SVKP driver for NT.) -- C:\WINDOWS\system32\SVKP.sys ---\\ Alternate Data Stream File (ADS) (O62) O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\$winnt$.inf:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\0AA48D50C7.sys:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\12520437.cpx:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\12520850.cpx:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\aaaamon.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\acctres.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\acelpdec.ax:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\acledit.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\activeds(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\activeds.tlb:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\adptif.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\adsldpc(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\adsnds.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\advapi32(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\ansi.sys:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\apcups.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\append.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\apphelp(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\arp.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\asr_ldm.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\atkctrs.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\atl(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\atmpvcno.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\audiosrv(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\authz(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\autodisc.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\autoexec.nt:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\AUTOEXEC.NT.bak:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\avicap.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\avicap32.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\avifile.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\avmeter.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\avtapi.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\avwav.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\bios1.rom:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\bios4.rom:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\bootok.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\bootvid.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\bootvrfy.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\bopomofo.uce:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\browser(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\cabinet(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\calc.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\cards.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\ccfgnt.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\cdmodem.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\certcli(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\certmgr.msc:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\CF32569.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\charmap.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\Chaînes.scf:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\chcp.com:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\chkdsk.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\chkntfs.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\ciadmin.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\ciadv.msc:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\ciaResSvr20.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\ciaSubClsSvr.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\ciaXPFrame20.ocx:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\ciaXPRegSvr20.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\ciaXPStatusBar20.ocx:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\cidaemon.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\ckcnv.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\clb.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\clbcatq(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\cliconf.chm:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\cliconfg.rll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\clspack.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\clusapi(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\cmdlib.wsc:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\cmmgr32.hlp:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\cmos.ram:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\cmpbk32.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\cnetcfg.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\CNMLM3q.DLL:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\CNMVS3q.DLL:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\cnvfat.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\colbact(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\comcat.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\comctl32(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\comdlg32(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\comm.drv:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\command.com:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\commdlg.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\comp.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\compact.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\compmgmt.msc:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\compobj.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\comres(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\comsvcs(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\CONFIG.NT:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\console.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\control.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\convert.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\country.sys:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\CPUINFO2.DLL:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\credui(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\crtdll.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\crypt32(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\cryptdll(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\cryptsvc(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\cryptui(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\cscdll(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\csseqchk.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\CtMp3.Crl:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\ctype.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_037.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_10000.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_10006.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_10007.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_10010.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_10017.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_10029.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_10079.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_10081.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_10082.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_1026.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_1250.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_1251.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_1252.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_1253.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_1254.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_1255.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_1256.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_1257.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_1258.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_20127.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_20261.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_20866.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_20905.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_21866.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_28591.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_28592.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_28593.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\C_28594.NLS:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\C_28595.NLS:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\C_28597.NLS:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_28598.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_28599.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_28603.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_28605.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_437.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_500.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_737.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_775.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_850.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_852.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_855.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_857.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_860.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_861.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_863.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_865.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_866.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_869.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_874.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_875.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_932.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_936.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_949.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_950.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\d3dim.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\d3dpmesh.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\d3dramp.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\d3drm.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\d3dxof.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\davclnt(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dbgeng.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dbmsadsn.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dbmsvinn.dLL:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\ddeml.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\debug.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\deskadp.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\deskmon.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\deskperf.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\devmgmt.msc:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dfrg.msc:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dfrgres.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dgrpsetu.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dgsetup.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dhcpcsvc(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dhcpsapi.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\diactfrm.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dimap.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\diskcomp.com:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\diskcopy.com:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\diskmgmt.msc:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\diskperf.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\divxdec_0407.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\divxdec_040c.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\divxdec_0411.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dllhst3g.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dmconfig.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dmdskres.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dmintf.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dmocx.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dmserver(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dmview.ocx:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dnsapi(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dnsrslvr(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\Drivers\acpiec.sys:KAVICHS ---\\ Liste des outils de nettoyage (LATC) (O63) O63 - Logiciel: Ad-Remover By C_XX - (.C_XX.) O63 - Logiciel: HijackThis 2.0.2 - (.TrendMicro.) O63 - Logiciel: SEAF By C_XX - (.C_XX.) O63 - Logiciel: ZHPDiag 1.25 - (.Nicolas Coolman.) O63 - Logiciel: RSIT - (.random/random.) O63 - Logiciel: Toolbar SD - (.IDN Team.) ---\\ Liste des services Legacy (LALS) (O64) O64 - Services: CurCS - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe - Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) .(.Pas de propriétaire - Pas de description.) - LEGACY_ADOBEACTIVEFILEMONITOR5.0 O64 - Services: CurCS - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe - Adobe LM Service (Adobe LM Service) .(.Adobe Systems - System Level Service Utility.) - LEGACY_ADOBE_LM_SERVICE O64 - Services: CurCS - C:\Program Files\Avira\AntiVir Desktop\sched.exe - Avira AntiVir Planificateur (AntiVirSchedulerService) .(.Avira GmbH - Antivirus Scheduler.) - LEGACY_ANTIVIRSCHEDULERSERVICE O64 - Services: CurCS - C:\Program Files\Avira\AntiVir Desktop\avguard.exe - Avira AntiVir Guard (AntiVirService) .(.Avira GmbH - Antivirus On-Access Service.) - LEGACY_ANTIVIRSERVICE O64 - Services: CurCS - C:\WINDOWS\system32\Ati2evxx.exe - Ati HotKey Poller (Ati HotKey Poller) .(.ATI Technologies Inc. - ATI External Event Utility EXE Module.) - LEGACY_ATI_HOTKEY_POLLER O64 - Services: CurCS - C:\WINDOWS\system32\ati2sgag.exe - ATI Smart (ATI Smart) .(.Pas de propriétaire - ATI Smart.) - LEGACY_ATI_SMART O64 - Services: CurCS - (.not file.) - Avg Anti-Rootkit Clean Driver (AvgArCln) .(.Pas de propriétaire - Pas de description.) - LEGACY_AVGARCLN O64 - Services: CurCS - (.not file.) - AVG Anti-Spyware Clean Driver (AvgAsCln) .(.Pas de propriétaire - Pas de description.) - LEGACY_AVGASCLN O64 - Services: CurCS - C:\Program Files\Avira\AntiVir Desktop\avgio.sys - avgio (avgio) .(.Avira GmbH - Avira AntiVir Support for Minifilter.) - LEGACY_AVGIO O64 - Services: CurCS - C:\WINDOWS\system32\DRIVERS\avgntflt.sys - avgntflt (avgntflt) .(.Avira GmbH - Avira Minifilter Driver.) - LEGACY_AVGNTFLT O64 - Services: CurCS - (.not file.) - AVG Anti-Spyware Driver (AVG Anti-Spyware Driver) .(.Pas de propriétaire - Pas de description.) - LEGACY_AVG_ANTI-SPYWARE_DRIVER O64 - Services: CurCS - (.not file.) - AVG Clean Driver (AVG Clean Driver) .(.Pas de propriétaire - Pas de description.) - LEGACY_AVG_CLEAN_DRIVER O64 - Services: CurCS - C:\WINDOWS\system32\DRIVERS\avipbb.sys - avipbb (avipbb) .(.Avira GmbH - Avira Driver for RootKit Detection.) - LEGACY_AVIPBB O64 - Services: CurCS - (.not file.) - catchme (catchme) .(.Pas de propriétaire - Pas de description.) - LEGACY_CATCHME O64 - Services: CurCS - (.not file.) - Creative AC3 Software Decoder (ctac32k) .(.Pas de propriétaire - Pas de description.) - LEGACY_CTAC32K O64 - Services: CurCS - (.not file.) - Creative Proxy Driver (ctprxy2k) .(.Pas de propriétaire - Pas de description.) - LEGACY_CTPRXY2K O64 - Services: CurCS - (.not file.) - Creative SoundFont Management Device Driver (ctsfm2k) .(.Pas de propriétaire - Pas de description.) - LEGACY_CTSFM2K O64 - Services: CurCS - (.not file.) - Lanceur de processus serveur DCOM (DcomLaunch) .(.Pas de propriétaire - Pas de description.) - LEGACY_DCOMLAUNCH O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\ElbyCDIO.sys - ElbyCDIO Driver (ElbyCDIO) .(.Elaborate Bytes AG - ElbyCD Windows NT/2000/XP I/O driver.) - LEGACY_ELBYCDIO O64 - Services: CurCS - (.not file.) - E-mu Plug-in Architecture Driver (emupia) .(.Pas de propriétaire - Pas de description.) - LEGACY_EMUPIA O64 - Services: CurCS - (.not file.) - Freenet 0.7 darknet (freenet-darknet) .(.Pas de propriétaire - Pas de description.) - LEGACY_FREENET-DARKNET O64 - Services: CurCS - C:\WINDOWS\system32\drivers\fwdrv.sys - Firewall Driver (fwdrv) .(.Sunbelt Software - Sunbelt Kerio Firewall FWDRV.) - LEGACY_FWDRV O64 - Services: CurCS - (.not file.) - fxliapoc (fxliapoc) .(.Pas de propriétaire - Pas de description.) - LEGACY_FXLIAPOC O64 - Services: CurCS - C:\WINDOWS\system32\giveio.sys - giveio (giveio) .(.Pas de propriétaire - Pas de description.) - LEGACY_GIVEIO O64 - Services: CurCS - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe - Google Software Updater (gusvc) .(.Google - gusvc.) - LEGACY_GUSVC O64 - Services: CurCS - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe - InstallDriver Table Manager (IDriverT) .(.Macrovision Corporation - IDriverT Module.) - LEGACY_IDRIVERT O64 - Services: CurCS - (.not file.) - File Security Kernel Anti-Spyware Driver (ikhfile) .(.Pas de propriétaire - Pas de description.) - LEGACY_IKHFILE O64 - Services: CurCS - (.not file.) - Kernel Anti-Spyware Driver (ikhlayer) .(.Pas de propriétaire - Pas de description.) - LEGACY_IKHLAYER O64 - Services: CurCS - (.not file.) - IsDrv118 (IsDrv118) .(.Pas de propriétaire - Pas de description.) - LEGACY_ISDRV118 O64 - Services: CurCS - C:\Program Files\Java\jre6\bin\jqs.exe - Java Quick Starter (JavaQuickStarterService) .(.Sun Microsystems, Inc. - Java Quick Starter Service.) - LEGACY_JAVAQUICKSTARTERSERVICE O64 - Services: CurCS - C:\WINDOWS\system32\drivers\khips.sys - Kerio HIPS Driver (khips) .(.Sunbelt Software - Sunbelt Kerio Host Intrusion Prevention Dri.) - LEGACY_KHIPS O64 - Services: CurCS - (.not file.) - Klif (Klif) .(.Pas de propriétaire - Pas de description.) - LEGACY_KLIF O64 - Services: CurCS - (.not file.) - Klmc (Klmc) .(.Pas de propriétaire - Pas de description.) - LEGACY_KLMC O64 - Services: CurCS - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe - Sunbelt Kerio Personal Firewall 4 (KPF4) .(.Sunbelt Software - Sunbelt Kerio Firewall Service.) - LEGACY_KPF4 O64 - Services: CurCS - C:\WINDOWS\system32\drivers\LVPr2Mon.sys - Logitech LVPr2Mon Driver (LVPr2Mon) .(.Pas de propriétaire - Pas de description.) - LEGACY_LVPR2MON O64 - Services: CurCS - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe - Logitech Process Monitor (LVPrcSrv) .(.Logitech Inc. - Logitech LVPrcSrv Module..) - LEGACY_LVPRCSRV O64 - Services: CurCS - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe - LVSrvLauncher (LVSrvLauncher) .(.Logitech Inc. - LogitechService Launcher.) - LEGACY_LVSRVLAUNCHER O64 - Services: CurCS - (.not file.) - MBAMProtector (MBAMProtector) .(.Pas de propriétaire - Pas de description.) - LEGACY_MBAMPROTECTOR O64 - Services: CurCS - (.not file.) - MBAMService (MBAMService) .(.Pas de propriétaire - Pas de description.) - LEGACY_MBAMSERVICE O64 - Services: CurCS - (.not file.) - mbr (mbr) .(.Pas de propriétaire - Pas de description.) - LEGACY_MBR O64 - Services: CurCS - (.not file.) - mchInjDrv (mchInjDrv) .(.Pas de propriétaire - Pas de description.) - LEGACY_MCHINJDRV O64 - Services: CurCS - (.not file.) - Network Associates McShield (McShield) .(.Pas de propriétaire - Pas de description.) - LEGACY_MCSHIELD O64 - Services: CurCS - (.not file.) - Network Associates Task Manager (McTaskManager) .(.Pas de propriétaire - Pas de description.) - LEGACY_MCTASKMANAGER O64 - Services: CurCS - (.not file.) - mountmgr (mountmgr) .(.Pas de propriétaire - Pas de description.) - LEGACY_MOUNTMGR O64 - Services: CurCS - (.not file.) - Mup (Mup) .(.Pas de propriétaire - Pas de description.) - LEGACY_MUP O64 - Services: CurCS - (.not file.) - NaiAvFilter1 (NaiAvFilter1) .(.Pas de propriétaire - Pas de description.) - LEGACY_NAIAVFILTER1 O64 - Services: CurCS - (.not file.) - NAI Anti Virus (NaiAvFilter101) .(.Pas de propriétaire - Pas de description.) - LEGACY_NAIAVFILTER101 O64 - Services: CurCS - (.not file.) - NaiAvTdi1 (NaiAvTdi1) .(.Pas de propriétaire - Pas de description.) - LEGACY_NAIAVTDI1 O64 - Services: CurCS - (.not file.) - Pilote système NDIS (NDIS) .(.Pas de propriétaire - Pas de description.) - LEGACY_NDIS O64 - Services: CurCS - C:\WINDOWS\system32\drivers\npf.sys - NetGroup Packet Filter Driver (NPF) .(.CACE Technologies, Inc. - npf.sys (NT5/6 x86) Kernel Driver.) - LEGACY_NPF O64 - Services: CurCS - C:\WINDOWS\system32\drivers\ctoss2k.sys - Creative OS Services Driver (ossrv) .(.Creative Technology Ltd. - Creative OS Services Driver (WDM).) - LEGACY_OSSRV O64 - Services: CurCS - (.not file.) - PartMgr (PartMgr) .(.Pas de propriétaire - Pas de description.) - LEGACY_PARTMGR O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\PFMODNT.sys - PfModNT (PfModNT) .(.Creative Technology Ltd. - PCI/ISA Device Info. Service.) - LEGACY_PFMODNT O64 - Services: CurCS - (.not file.) - PROCEXP113 (PROCEXP113) .(.Pas de propriétaire - Pas de description.) - LEGACY_PROCEXP113 O64 - Services: CurCS - (.not file.) - RDPNP (RDPNP) .(.Pas de propriétaire - Pas de description.) - LEGACY_RDPNP O64 - Services: CurCS - (.not file.) - RKREVEAL150 (RKREVEAL150) .(.Pas de propriétaire - Pas de description.) - LEGACY_RKREVEAL150 O64 - Services: CurCS - (.not file.) - Appel de procédure distante (RPC) (RpcSs) .(.Pas de propriétaire - Pas de description.) - LEGACY_RPCSS O64 - Services: CurCS - C:\Program Files\SUPERAntiSpyware\SASDIFSV.sys - SASDIFSV (SASDIFSV) .(.Pas de propriétaire - SASDIFSV.) - LEGACY_SASDIFSV O64 - Services: CurCS - C:\Program Files\SUPERAntiSpyware\SASENUM.sys - SASENUM (SASENUM) .(.SuperAdBlocker, Inc. - SuperAntiSpyware.) - LEGACY_SASENUM O64 - Services: CurCS - C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys - SASKUTIL (SASKUTIL) .(.Pas de propriétaire - SASKUTIL.SYS.) - LEGACY_SASKUTIL O64 - Services: CurCS - (.not file.) - SAVOnAccess Control (SAVOnAccess Control) .(.Pas de propriétaire - Pas de description.) - LEGACY_SAVONACCESS_CONTROL O64 - Services: CurCS - (.not file.) - SAVOnAccess Filter (SAVOnAccess Filter) .(.Pas de propriétaire - Pas de description.) - LEGACY_SAVONACCESS_FILTER O64 - Services: CurCS - C:\Program Files\Sandboxie\SbieDrv.sys - SbieDrv (SbieDrv) .(.tzuk - Sandboxie Kernel Mode Driver.) - LEGACY_SBIEDRV O64 - Services: CurCS - C:\Program Files\Sandboxie\SbieSvc.exe - Sandboxie Service (SbieSvc) .(.tzuk - Sandboxie Service.) - LEGACY_SBIESVC O64 - Services: CurCS - C:\WINDOWS\system32\DRIVERS\secdrv.sys - Secdrv (Secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV O64 - Services: CurCS - C:\WINDOWS\system32\speedfan.sys - speedfan (speedfan) .(.Windows ® 2000 DDK provider - SpeedFan Device Driver.) - LEGACY_SPEEDFAN O64 - Services: CurCS - (.not file.) - sptd (sptd) .(.Pas de propriétaire - Pas de description.) - LEGACY_SPTD O64 - Services: CurCS - (.not file.) - srescan (srescan) .(.Pas de propriétaire - Pas de description.) - LEGACY_SRESCAN O64 - Services: CurCS - C:\WINDOWS\system32\DRIVERS\ssmdrv.sys - ssmdrv (ssmdrv) .(.Avira GmbH - AVIRA SnapShot Driver.) - LEGACY_SSMDRV O64 - Services: CurCS - C:\WINDOWS\system32\SVKP.sys - SVKP (SVKP) .(.AntiCracking - SVKP driver for NT.) - LEGACY_SVKP O64 - Services: CurCS - (.not file.) - Services Terminal Server (TermService) .(.Pas de propriétaire - Pas de description.) - LEGACY_TERMSERVICE O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\TPKD.sys - TPkd (TPkd) .(.PACE Anti-Piracy, Inc. - InterLok system file.) - LEGACY_TPKD O64 - Services: CurCS - (.not file.) - Gestionnaire de téléchargement (uploadmgr) .(.Pas de propriétaire - Pas de description.) - LEGACY_UPLOADMGR O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\VIAPFD.sys - VIAPFD (VIAPFD) .(.VIA Technologies. Inc. - VIA PFD driver.) - LEGACY_VIAPFD O64 - Services: CurCS - (.not file.) - vsdatant (vsdatant) .(.Pas de propriétaire - Pas de description.) - LEGACY_VSDATANT O64 - Services: CurCS - (.not file.) - VSOMRIXF (VSOMRIXF) .(.Pas de propriétaire - Pas de description.) - LEGACY_VSOMRIXF ---\\ Observateur d'évènement d'application (OEA) (O66) O66 - EventLog: ID=1 (JavaQuickStarterService) - (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf: No such file or directory\n"}; (.not file.) ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Pas de propriétaire - Pas de description.) -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.com> <ComFile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.html> <FirefoxHTML>[HKLM\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Pas de propriétaire - Pas de description.) -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.com> <ComFile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe ---\\ Start Menu Internet (SMI) (O68) O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe O68 - StartMenuInternet: <MSN Explorer> <>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - msn.) -- C:\Program Files\MSN\MSNCoreFiles\MSN6.exe ---\\ Search Browser Infection (SBI) (O69) ---\\ Recherche d'infection Master Boot Record (O80) Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net Run by Pascal Admin at 01/05/2010 16:42:47 device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x82FC6E48]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\atapi -> 0x82fc6e48 IoDeviceObjectType -> ParseProcedure -> 0xffb661b0 \Device\Harddisk0\DR0 -> ParseProcedure -> 0xffb661b0 Warning: possible MBR rootkit infection ! user & kernel MBR OK Use "Recovery Console" command "fixmbr" to clear infection ! Use "ZHPFix" command "MBRFix" to clear infection ! End of the scan (1419 lines in 02mn 01s)

C'est fait. Pas de changement du côté de ZPDIAG : Rapport de ZHPDiag v1.25.1413 par Nicolas Coolman Run by Pascal Admin at 01/05/2010 13:08:59 Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html ---\\ Web Browser MSIE: Internet Explorer v8.0.6001.18702 MFIE: Mozilla Firefox (3.6.3) ---\\ System Information Platform : Microsoft Windows XP (5.1.2600) Service Pack 3 Processor: x86 Family 6 Model 6 Stepping 2, AuthenticAMD Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 511 MB (19% free) System drive C: has 14 GB (35%) free of 39 GB ---\\ Logged in mode Computer Name: PCPASCAL User Name: Pascal Admin Unselected Option: O1,O45,O61,O65 Logged in as Administrator ---\\ DOS/Devices A:\ Floppy drive, Flash card reader, USB Key (Not Inserted) C:\ Hard drive, Flash drive, Thumb drive (Free 14 Go of 39 Go) D:\ Hard drive, Flash drive, Thumb drive (Free 5 Go of 75 Go) E:\ Hard drive, Flash drive, Thumb drive (Free 12 Go of 190 Go) F:\ Hard drive, Flash drive, Thumb drive (Free 1 Go of 37 Go) G:\ CD-ROM drive (Not Inserted) H:\ CD-ROM drive (Not Inserted) J:\ CD-ROM drive (Not Inserted) M:\ CD-ROM drive (Not Inserted) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK ---\\ Processus lancés [MD5.3E4C03CEFAD8DE135263236B61A49C90] - (.Ahead Software Gmbh - NeroCheck.) -- C:\WINDOWS\system32\NeroCheck.exe [155648] [MD5.D552D5BC4E24373E0FFD9464E72493C6] - (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\PSDrvCheck.exe [396800] [MD5.56193BCE4DFD8879AEDEB26B71A0A583] - (.Elaborate Bytes AG - ElbyCheck.) -- C:\Program Files\SlySoft\CloneCD\ElbyCheck.exe [45056] [MD5.022DB38BECB5A44DA6F7E27923457624] - (.Logitech Inc. - Communications Manager.) -- C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe [488984] [MD5.AD7503D6857DBFFC7E5F2E96BC9CC283] - (.Logitech Inc. - LVCom Server.) -- C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe [252704] [MD5.64C4C17BF6A40FF1CD21205E6FD415B8] - (.ATI Technologies Inc. - CLI Application (Command Line Interface).) -- C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [45056] [MD5.29680A793F690EEF4AAA68479D2A6DF8] - (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [209153] [MD5.52DB6CDAC5BC7A1FC884E97C41C91213] - (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [248040] [MD5.F91F52F4EA5D88DAB6245682A16F3A72] - (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [36272] [MD5.DB1DB28467111A24664933AB8908CBCE] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [952768] [MD5.E13EA4860E8F2AA845B53BFD2B6FEC5B] - (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe [1695232] [MD5.59DC5BB82E4C8E0B3EADCFDBC44BA6E4] - (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe [15360] [MD5.177FF6608B48638D4066726F3A3F8444] - (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [102400] [MD5.9015BC03F62940527EC92D45EE89E46F] - (.Avira GmbH - Antivirus Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [108289] [MD5.B8720A787C1223492E6F319465E996CE] - (.Avira GmbH - Antivirus On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [185089] [MD5.A2EAEB497CA29ECAEAF0DF66AD85C57D] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\WINDOWS\system32\Ati2evxx.exe [413696] [MD5.312A17DFF710A0F4E6D4DD1D52EAD1A8] - (.Pas de propriétaire - ATI Smart.) -- C:\WINDOWS\system32\ati2sgag.exe [520192] [MD5.E4BDF223CD75478BF44567B4D5C2634D] - (.Microsoft Corporation - Generic Host Process for Win32 Services.) -- C:\WINDOWS\System32\svchost.exe [14336] [MD5.C3FB1D70CB88722267949694BA51759E] - (.Microsoft Corporation - Applications Services et Contrôleur.) -- C:\WINDOWS\system32\services.exe [111104] [MD5.74E30A41CDCF331C74BC4D97BE40CC5B] - (.Sun Microsystems, Inc. - Java Quick Starter Service.) -- C:\Program Files\Java\jre6\bin\jqs.exe [153376] [MD5.9EF600C64435CCFDEA01C991289E76EC] - (.Sunbelt Software - Sunbelt Kerio Firewall Service.) -- C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [1205784] [MD5.995D0B52870C7A5CAF3EA165FD674A35] - (.Logitech Inc. - Logitech LVPrcSrv Module..) -- c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe [109344] [MD5.A005CEE9BE199C5E375FAA559CA9A7A9] - (.Logitech Inc. - LogitechService Launcher.) -- C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe [105248] [MD5.91E6024D6D4DCDECDB36C43ECF9BBECB] - (.Microsoft Corporation - LSA Shell (Export Version).) -- C:\WINDOWS\system32\lsass.exe [13312] [MD5.2B2B6189DC47F44D7549519AA7519777] - (.tzuk - Sandboxie Service.) -- C:\Program Files\Sandboxie\SbieSvc.exe [52224] [MD5.460E4CE148BD07218DA0B6A3D31885A9] - (.Microsoft Corporation - Spooler SubSystem App.) -- C:\WINDOWS\system32\spoolsv.exe [57856] [MD5.581061776E1B7C4C7771E97AE5EAF377] - (.Microsoft Corporation - Service Executable.) -- C:\Program Files\Windows Defender\MsMpEng.exe [13592] [MD5.581176F60885AEF8F78C6E38DCC3CDF9] - (.Microsoft Corporation - WMDM PMSP Service.) -- C:\WINDOWS\System32\MsPMSPSv.exe [53520] ---\\ Pages de recherche d'Internet Explorer (R1) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ---\\ Internet Explorer URLSearchHook (R3) R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} . (.Pas de propriétaire - Pas de description.) (No version) -- (.not file.) R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.18904 (longhorn_ie8_gdr.100222-1700)) -- C:\WINDOWS\system32\ieframe.dll ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} . (.Pas de propriétaire - Pas de description.) -- (.not file.) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} . (.Xi - Net Transport IE Helper Module.) -- C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} . (.Sun Microsystems, Inc. - Java Quick Starter binary.) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll ---\\ Applications démarrées automatiquement par le registre (O4) O4 - HKLM\..\Run: [NeroFilterCheck] . (.Ahead Software Gmbh - NeroCheck.) -- C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PSDrvCheck] . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\PSDrvCheck.exe O4 - HKLM\..\Run: [CloneCDElbyCDFL] . (.Elaborate Bytes AG - ElbyCheck.) -- C:\Program Files\SlySoft\CloneCD\ElbyCheck.exe O4 - HKLM\..\Run: [LogitechCommunicationsManager] . (.Logitech Inc. - Communications Manager.) -- C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe O4 - HKLM\..\Run: [LVCOMSX] . (.Logitech Inc. - LVCom Server.) -- C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe O4 - HKLM\..\Run: [ATICCC] . (.ATI Technologies Inc. - CLI Application (Command Line Interface).) -- C:\Program Files\ATI Technologies\ATI.ACE\cli.exe O4 - HKLM\..\Run: [avgnt] . (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe O4 - HKCU\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe O4 - Global Startup: WinZip Quick Pick.lnk . (.WinZip Computing LP - WinZip Executable.) -- C:\Program Files\WinZip\WZQKPICK.EXE O4 - Global Startup: HotSync Manager.lnk . (.Palm, Inc. - HotSync® Manager Application.) -- C:\Palm\HOTSYNC.EXE ---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8) O8 - Extra context menu item: &Télécharger avec NetTransport . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Xi\NetTransport 2\NTAddLink.html O8 - Extra context menu item: Add to Google Photos Screensa&ver . (.Google Inc. - Google Photos Screensaver.) -- C:\WINDOWS\system32\GPhotos.scr O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\PROGRA~1\MICROS~2\Office12\EXCEL.exe O8 - Extra context menu item: Tout t&élécharger avec NetTransport . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Xi\NetTransport 2\NTAddList.html ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (.Pas de propriétaire - Pas de description.) -- C:\PROGRA~1\MICROS~2\Office12\REFBARH.ICO ---\\ Winsock hijacker (Layered Service Provider) (O10) O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll ---\\ Site dans la Zone de confiance d'Internet Explorer (O15) O15 - Trusted Zone: [HKCU\...\Domains\www] http.cltnet.de ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: DirectAnimation Java Classes (DirectAnimation Java Classes) - (.not file.) - O16 - DPF: Microsoft XML Parser for Java (Microsoft XML Parser for Java) - (.not file.) - O16 - DPF: teleir_cert (teleir_cert) - (.not file.) - https:\\static.ir.dgi.minefi.gouv.fr\secure\connexion\archives\ie4n4\teleir_cert.cab O16 - DPF: {0D9392CD-A784-4FCA-9342-0F75F7D7C8CB} (Corporate Language Training Interface) - http://www.cltnet.de/login/dplaunch.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shock...director/sw.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://ushousecall02.trendmicro.com/housec...ivex/hcImpl.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - (.Yahoo! Inc. - YInstHelper Module.) -- C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155398021206 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - (.not file.) - https:\\static.impots.gouv.fr\tdir\static\adpform\AdSignerADP-2.0.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{9548D205-C2A3-4969-BEF2-92CBB72FF227}: NameServer = 192.168.0.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{9548D205-C2A3-4969-BEF2-92CBB72FF227}: NameServer = 192.168.0.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{9548D205-C2A3-4969-BEF2-92CBB72FF227}: NameServer = 192.168.0.1 O17 - HKLM\System\CS4\Services\Tcpip\..\{9548D205-C2A3-4969-BEF2-92CBB72FF227}: NameServer = 192.168.0.1 ---\\ Protocole additionnel et piratage de protocole (O18) O18 - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} . (.Skype Technologies - Skype for COM API.) -- C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: !SASWinLogon . (.SUPERAntiSpyware.com - SUPERAntiSpyware WinLogon Processor.) -- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) -- C:\WINDOWS\System32\Ati2evxx.dll O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\System32\dimsntfy.dll O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Windows Genuine Advantage - Meddelande.) -- C:\WINDOWS\System32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier . (.Pas de propriétaire - Pas de description.) -- WRLogonNTF.dll ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSODL) (O21) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objet du service d'environnement Systray.) -- C:\WINDOWS\system32\stobject.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} . (.Microsoft Corporation - Windows Portable Device Shell Service Objec.) -- C:\WINDOWS\system32\WPDShServiceObj.dll ---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22) O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\System32\browseui.dll ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) . (.Pas de propriétaire - Pas de description.) - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) . (.Avira GmbH - Antivirus Scheduler.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) . (.Avira GmbH - Antivirus On-Access Service.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: (Ati HotKey Poller) . (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart (ATI Smart) . (.Pas de propriétaire - ATI Smart.) - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java Quick Starter Service.) - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) . (.Sunbelt Software - Sunbelt Kerio Firewall Service.) - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) . (.Logitech Inc. - Logitech LVPrcSrv Module..) - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher (LVSrvLauncher) . (.Logitech Inc. - LogitechService Launcher.) - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Sandboxie Service (SbieSvc) . (.tzuk - Sandboxie Service.) - C:\Program Files\Sandboxie\SbieSvc.exe ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\MP Scheduled Scan.job ---\\ Composants installés (ActiveSetup Installed Components) (O40) O40 - ASIC: Personnalisation du navigateur - >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS . (.Pas de propriétaire - Pas de description.) -- RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP O40 - ASIC: YInstStarterUpgrade Class - {0291E591-EA41-4c82-8106-3DC6CE7F7664} . (.Yahoo! Inc. - YInstHelper Module.) -- C:\PROGRA~1\Yahoo!\Common\yinsthelper.dll O40 - ASIC: Macromedia Shockwave Director 10.1 - {166B1BCA-3F9C-11CF-8075-444553540000} . (.Macromedia, Inc. - Shockwave ActiveX Control.) -- C:\WINDOWS\system32\Macromed\Director\SwDir.dll O40 - ASIC: YInstStarter Class - {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} . (.Yahoo! Inc. - YInstHelper Module.) -- C:\PROGRA~1\Yahoo!\Common\yinsthelper.dll O40 - ASIC: YSearchSetting2 Class - {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} . (.Yahoo! Inc. - YInstHelper Module.) -- C:\PROGRA~1\Yahoo!\Common\yinsthelper.dll O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\msnetmtg.inf O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\msmsgs.inf O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\wmp11.inf O40 - ASIC: Macromedia Shockwave Flash - {D27CDB6E-AE6D-11cf-96B8-444553540000} . (.Adobe Systems, Inc. - Adobe Flash Player 9.0 r124.) -- C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx ---\\ Pilotes lancés au démarrage (O41) O41 - Driver: avgio (avgio) . (.Avira GmbH - Avira AntiVir Support for Minifilter.) - C:\Program Files\Avira\AntiVir Desktop\avgio.sys O41 - Driver: avipbb (avipbb) . (.Avira GmbH - Avira Driver for RootKit Detection.) - C:\WINDOWS\system32\DRIVERS\avipbb.sys O41 - Driver: Firewall Driver (fwdrv) . (.Sunbelt Software - Sunbelt Kerio Firewall FWDRV.) - C:\WINDOWS\system32\drivers\fwdrv.sys O41 - Driver: Kerio HIPS Driver (khips) . (.Sunbelt Software - Sunbelt Kerio Host Intrusion Prevention Dri.) - C:\WINDOWS\system32\drivers\khips.sys O41 - Driver: SASDIFSV (SASDIFSV) . (.Pas de propriétaire - SASDIFSV.) - C:\Program Files\SUPERAntiSpyware\SASDIFSV.sys O41 - Driver: SASKUTIL (SASKUTIL) . (.Pas de propriétaire - SASKUTIL.SYS.) - C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys O41 - Driver: ssmdrv (ssmdrv) . (.Avira GmbH - AVIRA SnapShot Driver.) - C:\WINDOWS\system32\DRIVERS\ssmdrv.sys O41 - Driver: (VIAPFD) . (.VIA Technologies. Inc. - VIA PFD driver.) - C:\WINDOWS\system32\Drivers\VIAPFD.sys O41 - Driver: AVG Anti-Spyware Driver (AVG Anti-Spyware Driver) . (.Pas de propriétaire - Pas de description.) - C:\Program Files\AVG Anti-Spyware 7.5\guard.sys O41 - Driver: AVG Anti-Spyware Clean Driver (AvgAsCln) . (.Pas de propriétaire - Pas de description.) - C:\WINDOWS\system32\DRIVERS\AvgAsCln.sys O41 - Driver: (NaiAvTdi1) . (.Pas de propriétaire - Pas de description.) - C:\WINDOWS\system32\drivers\mvstdi5x.sys ---\\ Logiciels installés (O42) O42 - Logiciel: 2007 Microsoft Office Suite Service Pack 2 (SP2) - (.Microsoft.) [HKLM] O42 - Logiciel: ASAPI Update - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: ATI - Software Uninstall Utility - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: ATI Display Driver - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: AVI/MPEG/RM/WMV Joiner 4.81 - (.Boilsoft, Inc..) [HKLM] O42 - Logiciel: Adobe Common File Installer - (.Adobe System Incorporated.) [HKLM] O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] O42 - Logiciel: Adobe Flash Player ActiveX - (.Adobe Systems Incorporated.) [HKLM] O42 - Logiciel: Adobe Help Center 2.1 - (.Adobe Systems.) [HKLM] O42 - Logiciel: Adobe Photoshop CS2 - (.Adobe Systems, Inc..) [HKLM] O42 - Logiciel: Adobe Photoshop Elements 5.0 - (.Adobe Systems, Inc..) [HKLM] O42 - Logiciel: Adobe Stock Photos 1.0 - (.Adobe Systems.) [HKLM] O42 - Logiciel: Advanced IRC - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Archiveur WinRAR - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Audacity 1.2.4 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Avi2Dvd 0.4.5 beta - (.TrustFm.) [HKLM] O42 - Logiciel: AviSynth 2.5 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Avira AntiVir Personal - Free Antivirus - (.Avira GmbH.) [HKLM] O42 - Logiciel: BackupBuddy for Windows - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] O42 - Logiciel: CH Control Manager - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Clean 5 - (.Pinnacle Systems GmbH / Steinberg Media Technologies GmbH.) [HKLM] O42 - Logiciel: CloneCD - (.Elaborate Bytes.) [HKLM] O42 - Logiciel: Cobian Backup 9 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: ConvertHelper 2.1 - (.DownloadHelper.) [HKLM] O42 - Logiciel: ConvertXtoDVD 3.2.9.94c - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: DVD Shrink 3.2 - (.DVD Shrink.) [HKLM] O42 - Logiciel: DoublePics v2.3.2(.4) - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: EPSON Scan - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: EPSON Smart Panel - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: EVEREST Ultimate Edition v5.00 - (.Lavalys, Inc..) [HKLM] O42 - Logiciel: EarMaster Pro 5 - (.EarMaster ApS.) [HKLM] O42 - Logiciel: Exifer - (.Friedemann Schmidt.) [HKLM] O42 - Logiciel: File Uploader - (.Nikon.) [HKLM] O42 - Logiciel: Foxit Reader - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: GHCS Software GedStar for PalmOS - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: GNU Solfege 3.14.7 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: GedCom-Vision version 2.0e - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Greeting Card Creator - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Handy Recovery 1.0 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Harmony Assistant - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Helicon Filter 2.02 - (.Helicon Co..) [HKLM] O42 - Logiciel: Heredis 9 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Hotfix for Windows Media Format 11 SDK (KB929399) - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Hotfix for Windows XP (KB976002-v5) - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: IFOEdit 0.971 Fr - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: IsoBuster 1.9.1 - (.Smart Projects.) [HKLM] O42 - Logiciel: J'apprends le piano - (.Musicalis.) [HKLM] O42 - Logiciel: Java 6 Update 19 - (.Sun Microsystems, Inc..) [HKLM] O42 - Logiciel: K-Lite Mega Codec Pack 3.5.0 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Kaspersky Online Scanner - (.Kaspersky Lab.) [HKLM] O42 - Logiciel: Kommute - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Label Editor - (.Steinberg.) [HKLM] O42 - Logiciel: Lecteur Windows Media 11 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Lizardtech DjVu Control - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Logitech QuickCam - (.Logitech Inc..) [HKLM] O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] O42 - Logiciel: MSXML 4.0 SP2 (KB927978) - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: MSXML 4.0 SP2 Parser and SDK - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: MVision - (.Logitech Inc..) [HKLM] O42 - Logiciel: Macromedia Flash Player - (.Macromedia, Inc..) [HKLM] O42 - Logiciel: Macromedia Shockwave Player - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.) [HKLM] O42 - Logiciel: MaxSplitter v1.53 Free Edition - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Media Player Classic fr - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB953297) - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Baseline Security Analyzer 2.1 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Flight Simulator 2004 Un siècle d'aviation - (.Microsoft.) [HKLM] O42 - Logiciel: Microsoft Money - (.Microsoft.) [HKLM] O42 - Logiciel: Microsoft Office Access MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Excel MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office InfoPath MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Outlook MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office PowerPoint MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Professional Plus 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Proof (Arabic) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Proof (Dutch) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Proof (English) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Proof (French) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Proof (German) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Proof (Spanish) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Proofing (French) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Publisher MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Word MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft User-Mode Driver Framework Feature Pack 1.0 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Mozilla Firefox (3.6.3) - (.Mozilla.) [HKLM] O42 - Logiciel: Mp3DirectCut - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Neat Image v5 Demo (with plug-in) - (.Neat Image team, ABSoft.) [HKLM] O42 - Logiciel: Nero 6 Enterprise Edition - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Nero BurnRights (Ahead Software) - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Net Transport 1.94.282 - (.Xi.) [HKLM] O42 - Logiciel: NikonCapture - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Notification Live Search - (.Pas de propriétaire.) [HKCU] O42 - Logiciel: OMeR - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Outil de téléchargement Windows Live - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: P2400P Guide de référence - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: PDFtoMusic - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: PTLens - (.ePaperPress.) [HKLM] O42 - Logiciel: PeerGuardian 2.0 - (.Methlabs Productions.) [HKLM] O42 - Logiciel: PhotoFiltre - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Picasa 3 - (.Google, Inc..) [HKLM] O42 - Logiciel: Picture Control Utility - (.Nikon.) [HKLM] O42 - Logiciel: Planète Généalogie - (.BSD Concept.) [HKLM] O42 - Logiciel: Programme de gestion Camera de Logitech® - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: QuickPar 0.9 - (.Peter B. Clements.) [HKLM] O42 - Logiciel: QuickTime - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: RadCor 2.04 - (.TUVSW.) [HKLM] O42 - Logiciel: Radio Fr Solo 2.1 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: SanDisk SD Wi-Fi Card - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Sandboxie 3.34 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: SaverWiz - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: ScummVM 1.0.0rc1 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB969559) - (.Microsoft.) [HKLM] O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB978380) - (.Microsoft.) [HKLM] O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Security Update for Microsoft Office Excel 2007 (KB978382) - (.Microsoft.) [HKLM] O42 - Logiciel: Security Update for Microsoft Office Outlook 2007 (KB972363) - (.Microsoft.) [HKLM] O42 - Logiciel: Security Update for Microsoft Office PowerPoint 2007 (KB957789) - (.Microsoft.) [HKLM] O42 - Logiciel: Security Update for Microsoft Office Publisher 2007 (KB980470) - (.Microsoft.) [HKLM] O42 - Logiciel: Security Update for Microsoft Office Visio Viewer 2007 (KB973709) - (.Microsoft.) [HKLM] O42 - Logiciel: Security Update for Microsoft Office Word 2007 (KB969604) - (.Microsoft.) [HKLM] O42 - Logiciel: Security Update for Microsoft Office system 2007 (972581) - (.Microsoft.) [HKLM] O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB969613) - (.Microsoft.) [HKLM] O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB974234) - (.Microsoft.) [HKLM] O42 - Logiciel: Sibelius 5 Demo - (.Sibelius Software.) [HKLM] O42 - Logiciel: Sibelius Scorch (Firefox, Opera, Netscape only) - (.Sibelius Software.) [HKLM] O42 - Logiciel: Simple Sudoku 4.2 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Skype™ 4.0 - (.Skype Technologies S.A..) [HKLM] O42 - Logiciel: SmartList To Go - (.DataViz, Inc..) [HKLM] O42 - Logiciel: Sophos Anti-Rootkit 1.3 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: SpeedFan (remove only) - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Spybot - Search & Destroy 1.4 - (.Safer Networking Limited.) [HKLM] O42 - Logiciel: StationRipper 2.71 - (.Ratajik Software.) [HKLM] O42 - Logiciel: StealthNet 0.8.7.2 - (.The StealthNet Team.) [HKLM] O42 - Logiciel: Sudoku 3D Pro - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Sudoku V 3.0 - (.Olivier RAVET.) [HKLM] O42 - Logiciel: TeamViewer 4 - (.TeamViewer GmbH.) [HKLM] O42 - Logiciel: Tous les Noms de Famille de France V.6.5.1 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: UMVPLStandalone - (.Logitech Inc..) [HKLM] O42 - Logiciel: URL Snooper v2.26.01 - (.DonationCoder.com.) [HKLM] O42 - Logiciel: Universal Extractor 1.6 - (.Jared Breland.) [HKLM] O42 - Logiciel: Unlocker 1.8.6 - (.Cedrick Collomb.) [HKLM] O42 - Logiciel: Update for 2007 Microsoft Office System (KB967642) - (.Microsoft.) [HKLM] O42 - Logiciel: Update for 2007 Microsoft Office System (KB981715) - (.Microsoft.) [HKLM] O42 - Logiciel: Update for Microsoft Office InfoPath 2007 (KB976416) - (.Microsoft.) [HKLM] O42 - Logiciel: Update for Outlook 2007 Junk Email Filter (kb981433) - (.Microsoft.) [HKLM] O42 - Logiciel: VDMSound - (.Vlad Romascanu.) [HKLM] O42 - Logiciel: VobEdit 0.6 Fr - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: WaveLab Lite - (.Steinberg.) [HKLM] O42 - Logiciel: WinHTTrack Website Copier 3.30 - (.HTTrack.) [HKLM] O42 - Logiciel: WinPcap 4.1.1 - (.CACE Technologies.) [HKLM] O42 - Logiciel: WinWAP for Windows 3.2 - (.Winwap Technologies Oy.) [HKLM] O42 - Logiciel: WinZip - (.WinZip Computing LP.) [HKLM] O42 - Logiciel: Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Windows Genuine Advantage Notifications (KB905474) - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Windows Installer Clean Up - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Windows Internet Explorer 7 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Windows Internet Explorer 8 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Windows Media Format 11 runtime - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Windows Media Format 11 runtime - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Windows Media Player 11 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Windows Media Player Firefox Plugin - (.Microsoft Corp.) [HKLM] O42 - Logiciel: Windows XP Service Pack 3 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Wintree Version 3.0 d - (.Decrock.) [HKLM] O42 - Logiciel: ZebHelpProcess 2.34 - (.Nicolas Coolman.) [HKLM] O42 - Logiciel: dBpowerAMP Wavpack Codec - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: dBpoweramp FLAC Codec - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: dBpoweramp Monkeys Audio Codec - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: dBpoweramp Musepack Codec - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: dBpoweramp Ogg Vorbis Codec - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: dBpoweramp Windows Media Audio 10 Codec - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: dMC Power Pack - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: eMule - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: jv16 PowerTools 1.3 - (.Pas de propriétaire.) [HKLM] ---\\ HKCU & HKLM Software Keys [HKCU\Software\ABSoft] [HKCU\Software\AC3filter] [HKCU\Software\ASProtect] [HKCU\Software\ATI] [HKCU\Software\Ad-Remover] [HKCU\Software\Adobe] [HKCU\Software\Advanced IRC] [HKCU\Software\Ahead] [HKCU\Software\Alcohol Soft] [HKCU\Software\Angus Johnson] [HKCU\Software\Anuman Interactive] [HKCU\Software\Apple Computer, Inc.] [HKCU\Software\ApplianTechnologies] [HKCU\Software\ArcSoft] [HKCU\Software\Audacity] [HKCU\Software\Auralis] [HKCU\Software\Avira] [HKCU\Software\BITSoft] [HKCU\Software\BitTorrent] [HKCU\Software\Borland] [HKCU\Software\Bsd Concept] [HKCU\Software\CDIP] [HKCU\Software\CDRWIN 5] [HKCU\Software\Clients] [HKCU\Software\Cobian] [HKCU\Software\CoreVorbis] [HKCU\Software\Creative Tech] [HKCU\Software\Cyberlink] [HKCU\Software\DATA BECKER] [HKCU\Software\DDH Software] [HKCU\Software\DPSoftware] [HKCU\Software\DSP-worx] [HKCU\Software\DVD Shrink] [HKCU\Software\DataViz] [HKCU\Software\DefaultID] [HKCU\Software\Digital River] [HKCU\Software\DivXNetworks] [HKCU\Software\DxO Optics Pro] [HKCU\Software\DxO] [HKCU\Software\EMCO MSI Package Builder] [HKCU\Software\EMME] [HKCU\Software\EPSON] [HKCU\Software\EditHexa] [HKCU\Software\Elaborate Bytes] [HKCU\Software\Elcom] [HKCU\Software\Exifer] [HKCU\Software\Foxit Software Company] [HKCU\Software\Foxit Software] [HKCU\Software\FreeDownloadManager.ORG] [HKCU\Software\Freeware] [HKCU\Software\FreshDevices] [HKCU\Software\Fridgesoft] [HKCU\Software\GHCS] [HKCU\Software\GIANTCompany] [HKCU\Software\GNU] [HKCU\Software\Gabest] [HKCU\Software\Genie-Soft] [HKCU\Software\GlarySoft] [HKCU\Software\decrock] [HKCU\Software\digital publishing] [HKCU\Software\e-merge] [HKCU\Software\eMule] [HKCU\Software\ePaperPress] [HKCU\Software\ej-technologies] [HKLM\Software\ABSoft] [HKLM\Software\ACE Compression Software] [HKLM\Software\ATI Technologies] [HKLM\Software\ATI] [HKLM\Software\Adobe Systems] [HKLM\Software\Adobe] [HKLM\Software\Ahead] [HKLM\Software\America Online] [HKLM\Software\Apple Computer, Inc.] [HKLM\Software\Avira] [HKLM\Software\BigScott27] [HKLM\Software\Boonty] [HKLM\Software\Borland] [HKLM\Software\C07ft5Y] [HKLM\Software\CDDB] [HKLM\Software\CDRWIN5] [HKLM\Software\Canon] [HKLM\Software\Carpet] [HKLM\Software\Chilkat Software, Inc.] [HKLM\Software\Classes] [HKLM\Software\Clients] [HKLM\Software\Cobian] [HKLM\Software\Codec Tweak Tool] [HKLM\Software\Creative Tech] [HKLM\Software\Cyberlink] [HKLM\Software\D-Tools] [HKLM\Software\DDH Software] [HKLM\Software\DECROCK] [HKLM\Software\DIOC] [HKLM\Software\Debug] [HKLM\Software\DivXNetworks] [HKLM\Software\DownloadHelper] [HKLM\Software\EMCO MSI Package Builder] [HKLM\Software\EPSON Photo Print] [HKLM\Software\EPSON] [HKLM\Software\Elaborate Bytes] [HKLM\Software\Elcom] [HKLM\Software\Foxit Software] [HKLM\Software\FreshDevices] [HKLM\Software\GIANTCompany] [HKLM\Software\GNU] [HKLM\Software\Gabest] [HKLM\Software\Gemplus] [HKLM\Software\Google] [HKLM\Software\Gravity Soft] [HKLM\Software\HaaliMkx] [HKLM\Software\Hemera Products] [HKLM\Software\InstallShield] [HKLM\Software\InstalledOptions] [HKLM\Software\Intel] [HKLM\Software\InterVideo] [HKLM\Software\Internet Download Manager] [HKLM\Software\JavaSoft] [HKLM\Software\JreMetrics] [HKLM\Software\KLCodecPack] [HKLM\Software\Licenses] [HKLM\Software\LizardTech] [HKLM\Software\Logitech] [HKLM\Software\Macromedia] [HKLM\Software\Micro Application] [HKLM\Software\MicroQuill] [HKLM\Software\MidiTec] [HKLM\Software\MozillaPlugins] [HKLM\Software\Mozilla] [HKLM\Software\MyHeritage.com] [HKLM\Software\Myriad Software] [HKLM\Software\NCSoft] [HKLM\Software\Network Associates] [HKLM\Software\Nico Mak Computing] [HKLM\Software\Nikon] [HKLM\Software\ODBC] [HKLM\Software\Orium Software] [HKLM\Software\PACE Anti-Piracy] [HKLM\Software\PepiMK Software] [HKLM\Software\Pinnacle Systems] [HKLM\Software\PixVue.Com] [HKLM\Software\Policies] [HKLM\Software\Program Groups] [HKLM\Software\Protexis] [HKLM\Software\Python] [HKLM\Software\QuEnc] [HKLM\Software\Ratajik Software] [HKLM\Software\RealNetworks] [HKLM\Software\RegisteredApplications] [HKLM\Software\RjH Software] [HKLM\Software\S3R521] [HKLM\Software\SUPERAntiSpyware.com] [HKLM\Software\Safer Networking Limited] [HKLM\Software\Schlumberger] [HKLM\Software\Sibelius Software] [HKLM\Software\Skype] [HKLM\Software\Smart Panel] [HKLM\Software\Soeperman Enterprises Ltd.] [HKLM\Software\SoftLogica] [HKLM\Software\Sonic] [HKLM\Software\Sophos] [HKLM\Software\SplashData] [HKLM\Software\Sports] [HKLM\Software\Std] [HKLM\Software\Steinberg] [HKLM\Software\String Comparison] [HKLM\Software\Sunbelt Software] [HKLM\Software\Swearware] [HKLM\Software\TG Byte Software] [HKLM\Software\TeamViewer] [HKLM\Software\TorrentSearcher] [HKLM\Software\Totalidea Software] [HKLM\Software\Trad-FR] [HKLM\Software\TrendMicro] [HKLM\Software\Ulead Systems] [HKLM\Software\Uniblue] [HKLM\Software\VEGA] [HKLM\Software\VOB] [HKLM\Software\VSO] [HKLM\Software\Via4in1Driver] [HKLM\Software\Voice] [HKLM\Software\Wheel] [HKLM\Software\WinPcap] [HKLM\Software\Windows 3.1 Migration Status] [HKLM\Software\Winzip FR] [HKLM\Software\Wise Solutions] [HKLM\Software\X-AVCSD] [HKLM\Software\Xi] [HKLM\Software\Yahoo] [HKLM\Software\Zone Labs] [HKLM\Software\ePaperPress] [HKLM\Software\mozilla.org] ---\\ Contenu des dossiers Fichiers Communs (O43) O43 - CFD:Common File Directory ----D- C:\Program Files\3D Photo Browser O43 - CFD:Common File Directory ----D- C:\Program Files\3M O43 - CFD:Common File Directory ----D- C:\Program Files\3M Littmann O43 - CFD:Common File Directory ----D- C:\Program Files\Adobe O43 - CFD:Common File Directory ----D- C:\Program Files\Advanced IRC O43 - CFD:Common File Directory ----D- C:\Program Files\Ahead O43 - CFD:Common File Directory ----D- C:\Program Files\Alcohol Soft O43 - CFD:Common File Directory ----D- C:\Program Files\ANtsP2P O43 - CFD:Common File Directory ----D- C:\Program Files\Anuman Interactive O43 - CFD:Common File Directory ----D- C:\Program Files\Apple Software Update O43 - CFD:Common File Directory ----D- C:\Program Files\ATI Technologies O43 - CFD:Common File Directory ----D- C:\Program Files\Audacity O43 - CFD:Common File Directory ----D- C:\Program Files\AVG Anti-Spyware 7.5 O43 - CFD:Common File Directory ----D- C:\Program Files\AVI MPEG RM WMV Joiner O43 - CFD:Common File Directory ----D- C:\Program Files\Avi2Dvd O43 - CFD:Common File Directory ----D- C:\Program Files\Avira O43 - CFD:Common File Directory ----D- C:\Program Files\AviSynth 2.5 O43 - CFD:Common File Directory ----D- C:\Program Files\BackupBuddy O43 - CFD:Common File Directory ----D- C:\Program Files\Blues for Piano and Keyboard 10.0 O43 - CFD:Common File Directory ----D- C:\Program Files\BSD Concept O43 - CFD:Common File Directory ----D- C:\Program Files\CCleaner O43 - CFD:Common File Directory ----D- C:\Program Files\CDRWIN5 O43 - CFD:Common File Directory ----D- C:\Program Files\CH Products O43 - CFD:Common File Directory ----D- C:\Program Files\Cobian Backup 8 O43 - CFD:Common File Directory ----D- C:\Program Files\Cobian Backup 9 O43 - CFD:Common File Directory ----D- C:\Program Files\Common~1 O43 - CFD:Common File Directory ----D- C:\Program Files\ComPlus Applications O43 - CFD:Common File Directory ----D- C:\Program Files\ConvertHelper O43 - CFD:Common File Directory ----D- C:\Program Files\Creative O43 - CFD:Common File Directory ----D- C:\Program Files\dBpowerAMP O43 - CFD:Common File Directory ----D- C:\Program Files\DivX O43 - CFD:Common File Directory ----D- C:\Program Files\Documents To Go O43 - CFD:Common File Directory ----D- C:\Program Files\DoublePics O43 - CFD:Common File Directory ----D- C:\Program Files\DVD Shrink O43 - CFD:Common File Directory ----D- C:\Program Files\DxO Labs O43 - CFD:Common File Directory ----D- C:\Program Files\EarMaster Pro 5 O43 - CFD:Common File Directory ----D- C:\Program Files\EasyCleaner O43 - CFD:Common File Directory ----D- C:\Program Files\eMule O43 - CFD:Common File Directory ----D- C:\Program Files\ePaperPress O43 - CFD:Common File Directory ----D- C:\Program Files\EPSON O43 - CFD:Common File Directory ----D- C:\Program Files\Exifer O43 - CFD:Common File Directory ----D- C:\Program Files\FamilySearch O43 - CFD:Common File Directory R---D- C:\Program Files\Fichiers communs O43 - CFD:Common File Directory ----D- C:\Program Files\File Scanner Library (Spybot - Search & Destroy) O43 - CFD:Common File Directory ----D- C:\Program Files\Foxit Software O43 - CFD:Common File Directory ----D- C:\Program Files\GedCom-Vision O43 - CFD:Common File Directory ----D- C:\Program Files\GedStar O43 - CFD:Common File Directory ----D- C:\Program Files\GNU O43 - CFD:Common File Directory ----D- C:\Program Files\GNU Solfege O43 - CFD:Common File Directory ----D- C:\Program Files\Google O43 - CFD:Common File Directory ----D- C:\Program Files\GrabIt O43 - CFD:Common File Directory ----D- C:\Program Files\Greeting Card Creator O43 - CFD:Common File Directory ----D- C:\Program Files\GRISOFT O43 - CFD:Common File Directory ----D- C:\Program Files\Guitar Pro 4 O43 - CFD:Common File Directory ----D- C:\Program Files\HanDBase3 O43 - CFD:Common File Directory ----D- C:\Program Files\HardwareDetection O43 - CFD:Common File Directory ----D- C:\Program Files\Harmony Assistant O43 - CFD:Common File Directory ----D- C:\Program Files\Helicon Software O43 - CFD:Common File Directory ----D- C:\Program Files\Hijackthis O43 - CFD:Common File Directory ----D- C:\Program Files\i2p O43 - CFD:Common File Directory ----D- C:\Program Files\icesword O43 - CFD:Common File Directory ----D- C:\Program Files\IfoEdit O43 - CFD:Common File Directory ----D- C:\Program Files\IKEA HomePlanner O43 - CFD:Common File Directory ----D- C:\Program Files\Illustrate O43 - CFD:Common File Directory ----D- C:\Program Files\iMule-1.4.5 O43 - CFD:Common File Directory --H-D- C:\Program Files\InstallShield Installation Information O43 - CFD:Common File Directory ----D- C:\Program Files\Internet Explorer O43 - CFD:Common File Directory ----D- C:\Program Files\Java O43 - CFD:Common File Directory ----D- C:\Program Files\Java(2) O43 - CFD:Common File Directory ----D- C:\Program Files\jv16 PowerTools O43 - CFD:Common File Directory ----D- C:\Program Files\K-Lite Codec Pack O43 - CFD:Common File Directory ----D- C:\Program Files\Kommute O43 - CFD:Common File Directory ----D- C:\Program Files\Lavalys O43 - CFD:Common File Directory ----D- C:\Program Files\LizardTech O43 - CFD:Common File Directory ----D- C:\Program Files\Logitech O43 - CFD:Common File Directory ----D- C:\Program Files\ma-config.com O43 - CFD:Common File Directory ----D- C:\Program Files\MagicISO O43 - CFD:Common File Directory ----D- C:\Program Files\Malwarebytes' Anti-Malware O43 - CFD:Common File Directory ----D- C:\Program Files\Managed DirectX (0901) O43 - CFD:Common File Directory ----D- C:\Program Files\MaxSplitter O43 - CFD:Common File Directory ----D- C:\Program Files\Media Player Classic O43 - CFD:Common File Directory ----D- C:\Program Files\Messenger O43 - CFD:Common File Directory ----D- C:\Program Files\Messenger Backup O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft AntiSpyware O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Baseline Security Analyzer 2 O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft CAPICOM 2.1.0.2 O43 - CFD:Common File Directory ----D- C:\Program Files\microsoft frontpage O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Games O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Money 2005 O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Office O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft.NET O43 - CFD:Common File Directory ----D- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy) O43 - CFD:Common File Directory ----D- C:\Program Files\Movie Maker O43 - CFD:Common File Directory ----D- C:\Program Files\Mozilla Firefox O43 - CFD:Common File Directory ----D- C:\Program Files\Mp3DirectCut O43 - CFD:Common File Directory ----D- C:\Program Files\MSBuild O43 - CFD:Common File Directory ----D- C:\Program Files\MSECache O43 - CFD:Common File Directory ----D- C:\Program Files\MSN O43 - CFD:Common File Directory ----D- C:\Program Files\MSN Gaming Zone O43 - CFD:Common File Directory ----D- C:\Program Files\MSXML 4.0 O43 - CFD:Common File Directory ----D- C:\Program Files\Musicalis O43 - CFD:Common File Directory ----D- C:\Program Files\MUTE O43 - CFD:Common File Directory ----D- C:\Program Files\myFairTunes O43 - CFD:Common File Directory ----D- C:\Program Files\MyVideoSoft O43 - CFD:Common File Directory ----D- C:\Program Files\NapShare O43 - CFD:Common File Directory ----D- C:\Program Files\Neat Image O43 - CFD:Common File Directory ----D- C:\Program Files\NetMeeting O43 - CFD:Common File Directory ----D- C:\Program Files\Newave O43 - CFD:Common File Directory ----D- C:\Program Files\Nikon O43 - CFD:Common File Directory ----D- C:\Program Files\Omer O43 - CFD:Common File Directory ----D- C:\Program Files\Outlook Express O43 - CFD:Common File Directory ----D- C:\Program Files\Pando Networks O43 - CFD:Common File Directory ----D- C:\Program Files\PDFtoMusic O43 - CFD:Common File Directory ----D- C:\Program Files\PeerGuardian2 O43 - CFD:Common File Directory ----D- C:\Program Files\PhotoFiltre O43 - CFD:Common File Directory ----D- C:\Program Files\Pinnacle O43 - CFD:Common File Directory ----D- C:\Program Files\PixVue O43 - CFD:Common File Directory ----D- C:\Program Files\PlayPianoTODAY O43 - CFD:Common File Directory ----D- C:\Program Files\PrivacyEraser Computing O43 - CFD:Common File Directory ----D- C:\Program Files\process monitor main O43 - CFD:Common File Directory ----D- C:\Program Files\PW O43 - CFD:Common File Directory ----D- C:\Program Files\QuickPar O43 - CFD:Common File Directory ----D- C:\Program Files\QuickTime O43 - CFD:Common File Directory ----D- C:\Program Files\RadCor O43 - CFD:Common File Directory ----D- C:\Program Files\Radio Fr Solo O43 - CFD:Common File Directory ----D- C:\Program Files\Reagclean O43 - CFD:Common File Directory ----D- C:\Program Files\Real O43 - CFD:Common File Directory ----D- C:\Program Files\Reference Assemblies O43 - CFD:Common File Directory ----D- C:\Program Files\RegClean O43 - CFD:Common File Directory ----D- C:\Program Files\RipTiger O43 - CFD:Common File Directory ----D- C:\Program Files\Sandboxie O43 - CFD:Common File Directory ----D- C:\Program Files\SanDisk O43 - CFD:Common File Directory ----D- C:\Program Files\SaverWiz O43 - CFD:Common File Directory ----D- C:\Program Files\ScummVM O43 - CFD:Common File Directory ----D- C:\Program Files\SDHelper (Spybot - Search & Destroy) O43 - CFD:Common File Directory ----D- C:\Program Files\SEAF O43 - CFD:Common File Directory ----D- C:\Program Files\Sensory O43 - CFD:Common File Directory ----D- C:\Program Files\Services en ligne O43 - CFD:Common File Directory ----D- C:\Program Files\Sibelius Software O43 - CFD:Common File Directory ----D- C:\Program Files\Simple Sudoku O43 - CFD:Common File Directory R---D- C:\Program Files\Skype O43 - CFD:Common File Directory ----D- C:\Program Files\SlySoft O43 - CFD:Common File Directory ----D- C:\Program Files\Smart Panel O43 - CFD:Common File Directory ----D- C:\Program Files\Smart Projects O43 - CFD:Common File Directory ----D- C:\Program Files\SmartGenealogy_2.8c O43 - CFD:Common File Directory ----D- C:\Program Files\SmartList To Go O43 - CFD:Common File Directory ----D- C:\Program Files\SoftLogica O43 - CFD:Common File Directory ----D- C:\Program Files\Sophos O43 - CFD:Common File Directory ----D- C:\Program Files\SpeedFan O43 - CFD:Common File Directory ----D- C:\Program Files\SpeedItUpFree O43 - CFD:Common File Directory ----D- C:\Program Files\SplashData O43 - CFD:Common File Directory ----D- C:\Program Files\Spybot - Search & Destroy O43 - CFD:Common File Directory ----D- C:\Program Files\StationRipper O43 - CFD:Common File Directory ----D- C:\Program Files\StealthNet O43 - CFD:Common File Directory ----D- C:\Program Files\Steinberg O43 - CFD:Common File Directory ----D- C:\Program Files\Sudoku O43 - CFD:Common File Directory ----D- C:\Program Files\Sudoku 3D Pro O43 - CFD:Common File Directory ----D- C:\Program Files\Sunbelt Software O43 - CFD:Common File Directory ----D- C:\Program Files\SUPERAntiSpyware O43 - CFD:Common File Directory ----D- C:\Program Files\SWI O43 - CFD:Common File Directory ----D- C:\Program Files\Synaesthete O43 - CFD:Common File Directory ----D- C:\Program Files\TeamViewer O43 - CFD:Common File Directory ----D- C:\Program Files\TeaTimer (Spybot - Search & Destroy) O43 - CFD:Common File Directory ----D- C:\Program Files\thinkingBytes O43 - CFD:Common File Directory ----D- C:\Program Files\TimeAdjuster O43 - CFD:Common File Directory ----D- C:\Program Files\Tweak-XP Pro 4 O43 - CFD:Common File Directory ----D- C:\Program Files\Ujihara O43 - CFD:Common File Directory ----D- C:\Program Files\Ulead Systems O43 - CFD:Common File Directory --H-D- C:\Program Files\Uninstall Information O43 - CFD:Common File Directory ----D- C:\Program Files\Universal Extractor O43 - CFD:Common File Directory ----D- C:\Program Files\Unlocker O43 - CFD:Common File Directory ----D- C:\Program Files\URLSnooper2 O43 - CFD:Common File Directory ----D- C:\Program Files\USB-set O43 - CFD:Common File Directory ----D- C:\Program Files\uTorrent O43 - CFD:Common File Directory ----D- C:\Program Files\VDMSound O43 - CFD:Common File Directory ----D- C:\Program Files\Vg O43 - CFD:Common File Directory ----D- C:\Program Files\VideoLAN O43 - CFD:Common File Directory ----D- C:\Program Files\VirtualDubMOD O43 - CFD:Common File Directory ----D- C:\Program Files\VOB O43 - CFD:Common File Directory ----D- C:\Program Files\VSO O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Defender O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Installer Clean Up O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live SkyDrive O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Connect 2 O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Player O43 - CFD:Common File Directory ----D- C:\Program Files\Windows NT O43 - CFD:Common File Directory --HAD- C:\Program Files\WindowsUpdate O43 - CFD:Common File Directory ----D- C:\Program Files\WinHTTrack O43 - CFD:Common File Directory ----D- C:\Program Files\WinPcap O43 - CFD:Common File Directory ----D- C:\Program Files\WinRAR O43 - CFD:Common File Directory ----D- C:\Program Files\WINTREE O43 - CFD:Common File Directory ----D- C:\Program Files\Winwap Technologies O43 - CFD:Common File Directory ----D- C:\Program Files\WinZip O43 - CFD:Common File Directory ----D- C:\Program Files\xerox O43 - CFD:Common File Directory ----D- C:\Program Files\Xi O43 - CFD:Common File Directory ----D- C:\Program Files\Yahoo! O43 - CFD:Common File Directory ----D- C:\Program Files\ZebHelpProcess 2 O43 - CFD:Common File Directory --H-D- C:\Program Files\Zero G Registry O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Adobe ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.00000000000000000000000000000000] - 01/05/2010 - 12:08:37 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\WindowsUpdate.log [1633929] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 01/05/2010 - 12:07:54 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\0.log [0] O44 - LFC:[MD5.00000000000000000000000000000000] - 01/05/2010 - 12:07:39 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\wiadebug.log [159] O44 - LFC:[MD5.00000000000000000000000000000000] - 01/05/2010 - 12:07:20 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\wiaservc.log [50] O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 01/05/2010 - 12:06:37 -S-A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\bootstat.dat [2048] O44 - LFC:[MD5.D4B9BBD1FDFAE33C7611C5D35CC7A40B] - 01/05/2010 - 12:01:46 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000000-00000000-0000000B-00001102-00000004-00401102}.rfx [3888] O44 - LFC:[MD5.D4B9BBD1FDFAE33C7611C5D35CC7A40B] - 01/05/2010 - 12:01:46 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\BMXCtrlState-{00000000-00000000-0000000B-00001102-00000004-00401102}.rfx [3888] O44 - LFC:[MD5.00000000000000000000000000000000] - 01/05/2010 - 12:01:30 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\SchedLgU.Txt [32484] O44 - LFC:[MD5.3216055D989BB876D507BDA624D57AB6] - 30/04/2010 - 20:40:22 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\MEMORY.DMP [536428544] O44 - LFC:[MD5.043DA7677BFBAE621EDFD4E4D138B0F0] - 30/04/2010 - 20:40:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\avenger.txt [1774] O44 - LFC:[MD5.6490C3F6B8336D05DE8FCAD8C94F50C8] - 30/04/2010 - 13:22:20 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\PDOXUSRS.NET [13030] O44 - LFC:[MD5.23A8C23D9C43F96CAABA5102B2E9D85C] - 28/04/2010 - 20:19:01 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\ComboFix.txt [27327] O44 - LFC:[MD5.87AFDE2B95CB0FDB8477AB22D02BFC94] - 28/04/2010 - 20:06:26 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system.ini [274] O44 - LFC:[MD5.7F4247C03A71E65171CEBC339B37AB20] - 27/04/2010 - 19:14:37 RSHA- . (.Pas de propriétaire - Pas de description.) -- C:\boot.ini [282] O44 - LFC:[MD5.3CECCD255392A3A640830F3CF97CE162] - 27/04/2010 - 19:14:36 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Boot.bak [212] O44 - LFC:[MD5.48C65662EC81FBCAA110509F50C51497] - 27/04/2010 - 19:14:27 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\cmldr [263488] O44 - LFC:[MD5.AE72E8619CB31D84DA25E2435E55003C] - 27/04/2010 - 19:12:56 ---A- . (.NirSoft - NirCmd.) -- C:\WINDOWS\NIRCMD.exe [31232] O44 - LFC:[MD5.C5EC72A20B4C98DB5314E6C46765B148] - 27/04/2010 - 19:12:56 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\MBR.exe [77312] O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 27/04/2010 - 19:12:56 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\grep.exe [80412] O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 27/04/2010 - 19:12:56 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\sed.exe [98816] O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 27/04/2010 - 19:12:56 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\zip.exe [68096] O44 - LFC:[MD5.01D95A1F8CF13D07CC564AABB36BCC0B] - 27/04/2010 - 19:12:56 ---A- . (.SteelWerX - Freeware implementation of REG.EXE.) -- C:\WINDOWS\SWREG.exe [161792] O44 - LFC:[MD5.B7517DB073B28F5696A1E5528ABEB5D0] - 27/04/2010 - 19:12:56 ---A- . (.SteelWerX - Freeware implementation of SC.EXE.) -- C:\WINDOWS\SWSC.exe [136704] O44 - LFC:[MD5.B1A9CF0B6F80611D31987C247EC630B4] - 27/04/2010 - 19:12:56 ---A- . (.SteelWerX - Freeware implementation of XCACLS.) -- C:\WINDOWS\SWXCACLS.exe [212480] O44 - LFC:[MD5.1A6D80AA9E021EC3B094887D47202188] - 27/04/2010 - 12:26:33 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Ad-Report-CLEAN[1].txt [4714] O44 - LFC:[MD5.265672A002D063A3ED2D26F939E04FC3] - 27/04/2010 - 12:13:33 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Ad-Report-SCAN[1].txt [4046] O44 - LFC:[MD5.EC1C7B6CCFB28B096C9D514ACCF05C74] - 27/04/2010 - 09:12:51 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\TB.txt [3152] O44 - LFC:[MD5.4BB0628A9105D8C11B602E6F53470015] - 27/04/2010 - 07:59:24 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\drivers\fwdrv.err [1735460] O44 - LFC:[MD5.F1FBA6185A6A2BC6456970914875078E] - 26/04/2010 - 14:58:12 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\PEV.exe [256512] O44 - LFC:[MD5.FBFAF1C2C34F301BBE4C9407D2AC60E1] - 26/04/2010 - 11:21:59 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\wpa.dbl [2206] O44 - LFC:[MD5.7112190518B5AEAA05B259BBE393C9ED] - 25/04/2010 - 17:18:48 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\NeroDigital.ini [116] O44 - LFC:[MD5.43B537FA5AAC2FDE07A7E320E4362363] - 21/04/2010 - 06:53:57 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\3) [2133] O44 - LFC:[MD5.A9C93CE2627B78646BE5BBCB95DEC8EA] - 11/04/2010 - 12:59:25 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\win.ini [940] O44 - LFC:[MD5.19BC3077C98654C4F685624D8383BC2E] - 07/04/2010 - 06:10:06 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\Radio_Fr.ini [1208] O44 - LFC:[MD5.91BA33C14DF133FA79AFB6A92F582CDD] - 04/04/2010 - 15:41:28 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\d3d9caps.dat [664] O44 - LFC:[MD5.3C94558CD1705DA468C9562110F34069] - 04/04/2010 - 10:37:11 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\DonationCoder_urlsnooper_InstallInfo.dat [46] O44 - LFC:[MD5.7311558A1B943CED90A75E0409F5C5D9] - 04/04/2010 - 10:36:32 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\-1 [57] O44 - LFC:[MD5.CF236C6C37519794C8CB663FA639297D] - 03/04/2010 - 11:06:51 ---A- . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\WINDOWS\System32\java.exe [145184] O44 - LFC:[MD5.8BB5783B22869D303B2E624947A9A52A] - 03/04/2010 - 11:06:51 ---A- . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\WINDOWS\System32\javaw.exe [145184] O44 - LFC:[MD5.AC600895C014D245B03749CA3B5CBED4] - 03/04/2010 - 11:06:51 ---A- . (.Sun Microsystems, Inc. - Java Web Start Launcher.) -- C:\WINDOWS\System32\javaws.exe [153376] O44 - LFC:[MD5.FC1F0157B07D3FA402FC629AE9B977AE] - 03/04/2010 - 11:06:29 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\jupdate-1.6.0_19-b04.log [4229] O44 - LFC:[MD5.C71E8FF0D92FF876EB1C591A34AFDD03] - 03/04/2010 - 11:05:56 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\PerfStringBackup.INI [1395924] O44 - LFC:[MD5.842A215C78E052C380DCB2515035588F] - 03/04/2010 - 11:05:56 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfc009.dat [102990] O44 - LFC:[MD5.E2E8D636EFC592EB4E0383DEEC8E42F3] - 03/04/2010 - 11:05:56 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfc00C.dat [123638] O44 - LFC:[MD5.87D027A624CA713E45C12986BE94972C] - 03/04/2010 - 11:05:56 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfh009.dat [535828] O44 - LFC:[MD5.36A359FF2187AD2C10957403688B50CA] - 03/04/2010 - 11:05:56 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfh00C.dat [615420] ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll O46 - SEH:ShellExecuteHooks - Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\PROGRA~1\WINDOW~4\MpShHook.dll ---\\ Export de clé d'application autorisée (ECAA) (O47) O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\dpnsvr.exe" [Disabled] .(.Microsoft Corporation - Microsoft DirectPlay8 Server.) -- C:\WINDOWS\system32\dpnsvr.exe O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\sessmgr.exe" [Disabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe O47 - AAKE:Key Export SP - "C:\Program Files\eMule\emule.exe" [Disabled] .(.http://www.emule-project.net - eMule.) -- C:\Program Files\eMule\emule.exe O47 - AAKE:Key Export SP - "C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe" [Enabled] .(.Sunbelt Software - Sunbelt Kerio Firewall GUI.) -- C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe O47 - AAKE:Key Export SP - "C:\Program Files\uTorrent\uTorrent.exe" [Enabled] .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe O47 - AAKE:Key Export SP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe O47 - AAKE:Key Export SP - "C:\Program Files\Skype\Phone\Skype.exe" [Enabled] .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" [Enabled] .(.Microsoft Corporation - Windows Live Call.) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [Enabled] .(.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe O47 - AAKE:Key Export DP - "C:\Program Files\MSN Messenger\msncall.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\MSN Messenger\msncall.exe O47 - AAKE:Key Export DP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) (.not file.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O47 - AAKE:Key Export DP - "C:\Program Files\MSN Messenger\livecall.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\MSN Messenger\livecall.exe O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" [Enabled] .(.Microsoft Corporation - Windows Live Call.) (.not file.) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [Enabled] .(.Microsoft Corporation - Windows Live Messenger.) (.not file.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe ---\\ Image File Execution Options (IFEO) (O50) O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d ---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52) O52 - TDSD: \Drivers32\"msacm.trspch"="tssoft32.acm" . (.DSP GROUP, INC. - Codec audio TrueSpeech DSP Group pour MSACM V3.50.) -- C:\WINDOWS\System32\tssoft32.acm O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\WINDOWS\System32\iccvid.dll O52 - TDSD: \Drivers32\"vidc.iv31"="ir32_32.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ir32_32.dll O52 - TDSD: \Drivers32\"vidc.iv32"="ir32_32.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ir32_32.dll O52 - TDSD: \Drivers32\"msacm.sl_anet"="sl_anet.acm" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm O52 - TDSD: \Drivers32\"vidc.iv50"="ir50_32.dll" . (.Intel Corporation - Intel Indeo® video 5.10.) -- C:\WINDOWS\System32\ir50_32.dll O52 - TDSD: \Drivers32\"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax O52 - TDSD: \Drivers32\"VIDC.DIVX"="divx.dll" . (.DivX, Inc. - DivX.) -- C:\WINDOWS\System32\divx.dll O52 - TDSD: \Drivers32\"VIDC.XVID"="xvidvfw.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\xvidvfw.dll O52 - TDSD: \Drivers32\"vidc.iv41"="Ir41_32.ax" . (.Intel Corporation - Intel Indeo® Video 4.5.) -- C:\WINDOWS\System32\Ir41_32.ax O52 - TDSD: \Drivers32\"VIDC.YV12"="yv12vfw.dll" . (.www.helixcommunity.org - Helix YV12 YUV Codec.) -- C:\WINDOWS\System32\yv12vfw.dll O52 - TDSD: \Drivers32\"msacm.vorbis"="vorbis.acm" . (.HMS http://hp.vector.co.jp/authors/VA012897 - Ogg Vorbis CODEC for MSACM.) -- C:\WINDOWS\System32\vorbis.acm O52 - TDSD: \Drivers32\"msacm.ac3acm"="ac3acm.acm" . (.fccHandler - AC-3 ACM Codec.) -- C:\WINDOWS\System32\ac3acm.acm O52 - TDSD: \Drivers32\"msacm.lameacm"="lameACM.acm" . (.http://www.mp3dev.org/ - Lame MP3 codec engine.) -- C:\WINDOWS\System32\lameACM.acm O52 - TDSD: \Drivers32\"msacm.divxa32"="divxa32.acm" . (.Kristal Studi - DivX WMA Audi.) -- C:\WINDOWS\System32\divxa32.acm O52 - TDSD: \Drivers32\"VIDC.FFDS"="ff_vfw.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ff_vfw.dll O52 - TDSD: \Drivers32\"vidc.tscc"="tsccvid.dll" . (.TechSmith Corporation - TechSmith Screen Capture Codec.) -- C:\WINDOWS\System32\tsccvid.dll O52 - TDSD: \drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm O52 - TDSD: \drivers.desc\"C:\WINDOWS\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\System32\l3codeca.acm O52 - TDSD: \drivers.desc\"tssoft32.acm"="tssoft32.acm" . (.DSP GROUP, INC. - Codec audio TrueSpeech DSP Group pour MSACM V3.50.) -- C:\WINDOWS\System32\tssoft32.acm O52 - TDSD: \drivers.desc\"iccvid.dll"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\WINDOWS\System32\iccvid.dll O52 - TDSD: \drivers.desc\"ir32_32.dll"="ir32_32.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ir32_32.dll O52 - TDSD: \drivers.desc\"Ir50_32.dll"="Indeo® video 5.10" . (.Pas de propriétaire - Pas de description.) -- (.not file.) O52 - TDSD: \drivers.desc\"iyvu9_32.dll"="Indeo® video Raw YVU9 by Intel" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\iyvu9_32.dll O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\Iac25_32.ax"="Indeo® audio software" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\Iac25_32.ax O52 - TDSD: \drivers.desc\"divx.dll"="DivX Pro 6.7.0" . (.Pas de propriétaire - Pas de description.) -- (.not file.) O52 - TDSD: \drivers.desc\"xvidvfw.dll"="Xvid MPEG-4 Video Codec v1.2.0-dev" . (.Pas de propriétaire - Pas de description.) -- (.not file.) O52 - TDSD: \drivers.desc\"lameACM.acm"="Lame ACM MP3 CODEC v3.97b2" . (.Pas de propriétaire - Pas de description.) -- (.not file.) O52 - TDSD: \drivers.desc\"vorbis.acm"="Ogg Vorbis Audio Codec" . (.HMS http://hp.vector.co.jp/authors/VA012897 - Ogg Vorbis CODEC for MSACM.) -- C:\WINDOWS\System32\vorbis.acm O52 - TDSD: \drivers.desc\"Ir41_32.ax"="Indeo® video interactive R4.3 by Intel" . (.Pas de propriétaire - Pas de description.) -- (.not file.) O52 - TDSD: \drivers.desc\"ac3acm.acm"="AC-3 ACM Codec" . (.fccHandler - AC-3 ACM Codec.) -- C:\WINDOWS\System32\ac3acm.acm O52 - TDSD: \drivers.desc\"divxa32.acm"="DivX Audio" . (.Kristal Studi - DivX WMA Audi.) -- C:\WINDOWS\System32\divxa32.acm O52 - TDSD: \drivers.desc\"ff_vfw.dll"="ffdshow video encoder" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ff_vfw.dll O52 - TDSD: \drivers.desc\"tsccvid.dll"="TechSmith Screen Capture Codec" . (.TechSmith Corporation - TechSmith Screen Capture Codec.) -- C:\WINDOWS\System32\tsccvid.dll ---\\ ShareTools MSconfig StartupReg (SMSR) (O53) O53 - SMSR:HKLM\...\startupreg\LogitechQuickCamRibbon [Key] . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ---\\ Microsoft Control Security Providers (MCSP) (O54) O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll ---\\ Microsoft Windows Policies System (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0 O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"= O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"= O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "DisableRegistryTools"=0 ---\\ Microsoft Windows Policies Explorer (MWPE) (O56) O56 - MWPE:[HKCU\...\Policies\Explorer] - "NoDriveTypeAutoRun"=323 O56 - MWPE:[HKCU\...\Policies\Explorer] - "NoDriveAutoRun"=67108863 O56 - MWPE:[HKCU\...\Policies\Explorer] - "NoDrives"=0 O56 - MWPE:[HKLM\...\Policies\Explorer] - "HonorAutoRunSetting"=1 O56 - MWPE:[HKLM\...\Policies\Explorer] - "NoDriveTypeAutoRun"=323 O56 - MWPE:[HKLM\...\Policies\Explorer] - "NoDriveAutoRun"=67108863 O56 - MWPE:[HKLM\...\Policies\Explorer] - "NoDrives"=0 ---\\ Liste des Drivers Système (SDL) (O58) O58 - SDL:[MD5.95B4FB835E28AA1336CEEB07FD5B9398] - 13/04/2008 - 19:36:39 ---A- . (.Advanced Micro Devices, Inc. - AMD Win2000 AGP Filter.) -- C:\WINDOWS\system32\drivers\amdagp.sys O58 - SDL:[MD5.116BFF96077A4A724E0AAB800525CEB5] - 28/08/2002 - 22:59:12 ---A- . (.ADMtek Incorporated. - ADMtek AN983/AN985/ADM951X NDIS5 Driver.) -- C:\WINDOWS\system32\drivers\an983.sys O58 - SDL:[MD5.875F9079CABEE679D34B49E466B61701] - 17/04/2002 - 19:27:02 ---A- . (.VOB Computersysteme GmbH - ASAPI.) -- C:\WINDOWS\system32\drivers\asapiW2k.sys O58 - SDL:[MD5.D649C57DA6FA762C64013747E5D7D2D6] - 03/08/2004 - 21:29:30 ---A- . (.ATI Technologies Inc. - ATI WDM BT829 MiniDriver (A).) -- C:\WINDOWS\system32\drivers\ati1btxx.sys O58 - SDL:[MD5.60B6AA2DC1521DA343F781B70EB7895A] - 03/08/2004 - 21:29:30 ---A- . (.ATI Technologies Inc. - ATI Specialized MVD VBI Codec.) -- C:\WINDOWS\system32\drivers\ati1mdxx.sys O58 - SDL:[MD5.6FDC61E8E8E17F6ECC2D9A10FA8DF347] - 03/08/2004 - 21:29:30 ---A- . (.ATI Technologies Inc. - ATI Specialized PCD VBI Codec.) -- C:\WINDOWS\system32\drivers\ati1pdxx.sys O58 - SDL:[MD5.9D318099BF3876A4AF4BC75966D27603] - 03/08/2004 - 21:29:32 ---A- . (.ATI Technologies Inc. - ATI Rage Theater Audio WDM Minidriver.) -- C:\WINDOWS\system32\drivers\ati1raxx.sys O58 - SDL:[MD5.BCAF267B10620F8C93F6E87AB726E145] - 03/08/2004 - 21:29:32 ---A- . (.ATI Technologies Inc. - ATI WDM Rage Theater MiniDriver.) -- C:\WINDOWS\system32\drivers\ati1rvxx.sys O58 - SDL:[MD5.DAC7D785CF62F5BD41441E9D6F5A6EFE] - 03/08/2004 - 21:29:32 ---A- . (.ATI Technologies Inc. - ATI WDM TV Sound MiniDriver.) -- C:\WINDOWS\system32\drivers\ati1snxx.sys O58 - SDL:[MD5.F7706DAE7D101F1B19CE552D772EBFCE] - 03/08/2004 - 21:29:32 ---A- . (.ATI Technologies Inc. - ATI WDM Teletext Decoder.) -- C:\WINDOWS\system32\drivers\ati1ttxx.sys O58 - SDL:[MD5.6F714B4720DD80FFA9F8D2731594EA4C] - 03/08/2004 - 21:29:32 ---A- . (.ATI Technologies Inc. - ATI WDM TVTuner MiniDriver.) -- C:\WINDOWS\system32\drivers\ati1tuxx.sys O58 - SDL:[MD5.67FFBC158DD4D27BA3FC92C6ACD87F73] - 03/08/2004 - 21:29:32 ---A- . (.ATI Technologies Inc. - ATI WDM CrossBar MiniDriver.) -- C:\WINDOWS\system32\drivers\ati1xbxx.sys O58 - SDL:[MD5.0D8CAB1F08F7D3C4DE228B49E12E596A] - 03/08/2004 - 21:29:32 ---A- . (.ATI Technologies Inc. - ATI WDM TVAUDIO_CrossBar MiniDriver.) -- C:\WINDOWS\system32\drivers\ati1xsxx.sys O58 - SDL:[MD5.A2F791E99FD6EECEBCCFB1953A1D6F24] - 19/08/2004 - 14:53:40 ---A- . (.ATI Technologies Inc. - Pilote de miniport ATI RAGE 128.) -- C:\WINDOWS\system32\drivers\ati2mtaa.sys O58 - SDL:[MD5.492BD2A5F65F218D4EDE5764A3BB67E9] - 03/05/2006 - 17:50:42 ---A- . (.ATI Technologies Inc. - ATI Radeon WindowsNT Miniport Driver.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys O58 - SDL:[MD5.993E7BD6438FE989E328C6B4BCA246A9] - 03/08/2004 - 21:29:28 ---A- . (.ATI Technologies Inc. - ATI WDM BT829 MiniDriver (A).) -- C:\WINDOWS\system32\drivers\atinbtxx.sys O58 - SDL:[MD5.ED4C2BF8403F4437987C0BA09CF48716] - 03/08/2004 - 21:29:30 ---A- . (.ATI Technologies Inc. - ATI Specialized MVD VBI Codec RT2.) -- C:\WINDOWS\system32\drivers\atinmdxx.sys O58 - SDL:[MD5.E90AC2B14E98F1A4372E5891B4278784] - 03/08/2004 - 21:29:30 ---A- . (.ATI Technologies Inc. - ATI Specialized PCD VBI Codec RT2.) -- C:\WINDOWS\system32\drivers\atinpdxx.sys O58 - SDL:[MD5.DA36687D701C833430605A298731410B] - 03/08/2004 - 21:29:30 ---A- . (.ATI Technologies Inc. - ATI Rage Theater Audio WDM Minidriver.) -- C:\WINDOWS\system32\drivers\atinraxx.sys O58 - SDL:[MD5.A7A01B907DB63898D40B0A14248FF9A2] - 03/08/2004 - 21:29:32 ---A- . (.ATI Technologies Inc. - ATI WDM Rage Theater MiniDriver RT2.) -- C:\WINDOWS\system32\drivers\atinrvxx.sys O58 - SDL:[MD5.CEDDEE2E0591894D19654D458FD3B9BE] - 03/08/2004 - 21:29:32 ---A- . (.ATI Technologies Inc. - ATI WDM TV Sound MiniDriver.) -- C:\WINDOWS\system32\drivers\atinsnxx.sys O58 - SDL:[MD5.D80A8F6C0A717446496C3A06D33B0D9C] - 03/08/2004 - 21:29:32 ---A- . (.ATI Technologies Inc. - ATI WDM Teletext Decoder.) -- C:\WINDOWS\system32\drivers\atinttxx.sys O58 - SDL:[MD5.EDD66332608D27F4FD5069BCD0BC5164] - 03/08/2004 - 21:29:32 ---A- . (.ATI Technologies Inc. - ATI WDM TVTuner MiniDriver.) -- C:\WINDOWS\system32\drivers\atintuxx.sys O58 - SDL:[MD5.3E7D485CBD0B0D9F6EA2AD9442411831] - 03/08/2004 - 21:29:32 ---A- . (.ATI Technologies Inc. - ATI WDM CrossBar MiniDriver.) -- C:\WINDOWS\system32\drivers\atinxbxx.sys O58 - SDL:[MD5.77B575D7AAB35D5908AE6CE681608D62] - 03/08/2004 - 21:29:32 ---A- . (.ATI Technologies Inc. - ATI WDM TVAUDIO_CrossBar MiniDriver RT2.) -- C:\WINDOWS\system32\drivers\atinxsxx.sys O58 - SDL:[MD5.5B44C214F9CD9F590BE9125347610380] - 13/02/2009 - 11:17:49 ---A- . (.Avira GmbH - Avira AntiVir File Filter Driver.) -- C:\WINDOWS\system32\drivers\avgntdd.sys O58 - SDL:[MD5.14FE36D8F2C6A2435275338D061A0B66] - 10/12/2009 - 19:28:27 ---A- . (.Avira GmbH - Avira Minifilter Driver.) -- C:\WINDOWS\system32\drivers\avgntflt.sys O58 - SDL:[MD5.2DAA8CC2670720DEDDCC74A20EDE2EE9] - 13/02/2009 - 11:28:39 ---A- . (.Avira GmbH - Avira AntiVir File Filter Driver Manager.) -- C:\WINDOWS\system32\drivers\avgntmgr.sys O58 - SDL:[MD5.AD9BD66A862116E79CB45BB6BE46055F] - 30/03/2009 - 09:32:47 ---A- . (.Avira GmbH - Avira Driver for RootKit Detection.) -- C:\WINDOWS\system32\drivers\avipbb.sys O58 - SDL:[MD5.35A301482478E97BE6E1C2748CE930E1] - 02/07/2003 - 17:41:42 ---A- . (.Pas de propriétaire - SCSI miniport.) -- C:\WINDOWS\system32\drivers\axwhisky.sys O58 - SDL:[MD5.F3B1CE696CCF6448C85E7CDC702098D8] - 02/07/2003 - 16:49:52 ---A- . (.Pas de propriétaire - Plug and Play BIOS Extension.) -- C:\WINDOWS\system32\drivers\axwskbus.sys O58 - SDL:[MD5.AABFFD787AB272FC903AFEEB336C6899] - 21/11/2006 - 00:36:58 ---A- . (.CH Products - CH Control Manager Driver 1.) -- C:\WINDOWS\system32\drivers\chdrvr01.sys O58 - SDL:[MD5.7536FB70BCBF5D10B810E67E72F68137] - 22/12/2005 - 22:41:52 ---A- . (.CH Products - CH Control Manager Driver 2.) -- C:\WINDOWS\system32\drivers\chdrvr02.sys O58 - SDL:[MD5.07E3319E5BAE758CEB83C80419681B6A] - 22/12/2005 - 22:41:44 ---A- . (.CH Products - CH Control Manager Driver 3.) -- C:\WINDOWS\system32\drivers\chdrvr03.sys O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 28/08/2001 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\drivers\cinemst2.sys O58 - SDL:[MD5.9624293E55AD405415862B504CA95B73] - 28/08/2001 - 13:00:00 ---A- . (.Compaq Computer Corporation - Compaq PA-1 Player Driver.) -- C:\WINDOWS\system32\drivers\cpqdap01.sys O58 - SDL:[MD5.D653F455B176529F0427B24361139619] - 11/09/2001 - 13:10:14 R--A- . (.Creative Technology Ltd. - Creative OS Services Driver (WDM).) -- C:\WINDOWS\system32\drivers\ctoss2k.sys O58 - SDL:[MD5.EF99D8DAB9FCE9B734B40D5E0DD6ABB4] - 02/10/2001 - 16:06:30 R--A- . (.Creative Technology Ltd - Creative EMU10Kx Device Driver (WDM).) -- C:\WINDOWS\system32\drivers\e10kx2k.sys O58 - SDL:[MD5.59C9E1336A4508F059827D638E924C62] - 28/11/2002 - 15:18:04 ---A- . (.Elaborate Bytes AG - ElbyCDIO Filter Driver.) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys O58 - SDL:[MD5.389823DB299B350F2EE830D47376EEAC] - 29/11/2002 - 12:38:16 ---A- . (.Elaborate Bytes AG - ElbyCD Windows NT/2000/XP I/O driver.) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys O58 - SDL:[MD5.C4143FC2F7D39A5A8B1CFE0BC4BD8A9E] - 28/11/2002 - 11:43:49 ---A- . (.Elaborate Bytes AG - VirtualCloneCD Driver.) -- C:\WINDOWS\system32\drivers\ElbyVCD.sys O58 - SDL:[MD5.1FF2EEF447A177DF2C544B80F8F7F879] - 18/07/2006 - 11:02:50 ---A- . (.Sunbelt Software - Sunbelt Kerio Firewall FWDRV.) -- C:\WINDOWS\system32\drivers\fwdrv.sys O58 - SDL:[MD5.970178E8E003EB1481293830069624B9] - 03/08/2004 - 21:41:48 ---A- . (.Conexant Systems, Inc. - HSF_HWB2 WDM driver.) -- C:\WINDOWS\system32\drivers\hsfbs2s2.sys O58 - SDL:[MD5.1225EBEA76AAC3C84DF6C54FE5E5D8BE] - 03/08/2004 - 21:41:50 ---A- . (.Conexant Systems, Inc. - HSF_CNXT driver.) -- C:\WINDOWS\system32\drivers\hsfcxts2.sys O58 - SDL:[MD5.EBB354438A4C5A3327FB97306260714A] - 03/08/2004 - 21:41:56 ---A- . (.Conexant Systems, Inc. - HSF_DP driver.) -- C:\WINDOWS\system32\drivers\hsfdpsp2.sys O58 - SDL:[MD5.0A7C49B48C772591A2D362DAA00246C8] - 03/03/2004 - 21:30:54 ---A- . (.Ahead Software AG - NERO IMAGEDRIVE SCSI miniport.) -- C:\WINDOWS\system32\drivers\imagedrv.sys O58 - SDL:[MD5.549BA4F539E7B8D8129500B96DD7B27A] - 03/03/2004 - 21:30:54 ---A- . (.Ahead Software AG - Nero Image Server.) -- C:\WINDOWS\system32\drivers\imagesrv.sys O58 - SDL:[MD5.AD81C7B17A815C872881BB56F42E56F4] - 26/03/2003 - 04:25:32 R--A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\WINDOWS\system32\drivers\iteraid.sys O58 - SDL:[MD5.304CE9FB3D64CAA07B940BEF4F8C2DCD] - 18/07/2006 - 11:02:52 ---A- . (.Sunbelt Software - Sunbelt Kerio Host Intrusion Prevention Driver.) -- C:\WINDOWS\system32\drivers\khips.sys O58 - SDL:[MD5.9A3D4FC6B86E7E36473079AB76AC703D] - 06/02/2007 - 16:42:40 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\drivers\Lvckap.sys O58 - SDL:[MD5.0ACBC11F19320AF6C19F2E20013D9095] - 06/02/2007 - 16:44:36 ---A- . (.Logitech Inc. - Logitech Machine Vision Engine Loader.) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys O58 - SDL:[MD5.E8ACF6DD83956FB63CEB058D5F51B18A] - 03/02/2007 - 09:30:58 ---A- . (.Logitech Inc. - Logitech AudioProcessing Filter Driver.) -- C:\WINDOWS\system32\drivers\lvpopflt.sys O58 - SDL:[MD5.12866641284EBB41E627BB53C04DA959] - 06/02/2007 - 16:45:04 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys O58 - SDL:[MD5.6E59BC28A41F8A2B702D345A5604652F] - 23/06/2006 - 23:29:43 R--A- . (.Logitech Inc. - Logitech Selective Suspend filter Driver.) -- C:\WINDOWS\system32\drivers\lvselsus.sys O58 - SDL:[MD5.64BC29C3A0388BFC580BB8B1346F7659] - 03/02/2007 - 09:32:36 ---A- . (.Logitech Inc. - USB Statistic Driver.) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys O58 - SDL:[MD5.922BE6770499220DC27B529CA236815A] - 03/02/2007 - 09:32:46 ---A- . (.Logitech Inc. - Logitech USB Video Class Driver.) -- C:\WINDOWS\system32\drivers\lvuvc.sys O58 - SDL:[MD5.5C329E2AB8DD62310213CBFAC0178539] - 03/02/2007 - 09:33:00 ---A- . (.Logitech Inc. - Logitech USB Video Class Filter Driver.) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys O58 - SDL:[MD5.F61B04F2BB5098A34817D776C59E5E7C] - 30/03/2010 - 23:45:52 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbam.sys O58 - SDL:[MD5.75B8EF2A089127E8A3B38F46CC366D79] - 30/03/2010 - 23:46:30 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys O58 - SDL:[MD5.195741AEE20369980796B557358CD774] - 03/08/2004 - 21:41:56 ---A- . (.Conexant - Diagnostic Interface DRIVER.) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys O58 - SDL:[MD5.4D2D882DAEE49B35B7B56FD9444564E9] - 11/12/2007 - 01:05:36 R--A- . (.DiBcom SA - DiBcom AVSTREAM BDA driver.) -- C:\WINDOWS\system32\drivers\mod7700.sys O58 - SDL:[MD5.370E88453EC0D7BEA6EB24BE8D865DBE] - 19/10/2007 - 14:32:58 R--A- . (.DiBcom S.A. - HID Infrared Remote Control minidriver.) -- C:\WINDOWS\system32\drivers\modrc.sys O58 - SDL:[MD5.C53775780148884AC87C455489A0C070] - 03/08/2004 - 21:41:40 ---A- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\drivers\mtlmnt5.sys O58 - SDL:[MD5.54886A652BF5685192141DF304E923FD] - 03/08/2004 - 21:41:38 ---A- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\drivers\mtlstrm.sys O58 - SDL:[MD5.6DDA78A0BE692B61B668FAB860F276CF] - 03/08/2004 - 21:29:38 ---A- . (.Matrox Graphics Inc. - Matrox Parhelia Miniport Driver.) -- C:\WINDOWS\system32\drivers\mtxparhm.sys O58 - SDL:[MD5.BE984D604D91C217355CDD3737AAD25D] - 28/08/2001 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - NikeDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\nikedrv.sys O58 - SDL:[MD5.B9730495E0CF674680121E34BD95A73B] - 20/10/2009 - 19:19:44 ---A- . (.CACE Technologies, Inc. - npf.sys (NT5/6 x86) Kernel Driver.) -- C:\WINDOWS\system32\drivers\npf.sys O58 - SDL:[MD5.576B34CEAE5B7E5D9FD2775E93B3DB53] - 03/08/2004 - 21:41:40 ---A- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\drivers\ntmtlfax.sys O58 - SDL:[MD5.2B298519EDBFCF451D43E0F1E8F1006D] - 03/08/2004 - 21:29:56 ---A- . (.NVIDIA Corporation - NVIDIA Compatible Windows 2000 Miniport Driver, Version 56.73.) -- C:\WINDOWS\system32\drivers\nv4_mini.sys O58 - SDL:[MD5.5B6C11DE7E839C05248CED8825470FEF] - 29/11/2008 - 13:53:06 ---A- . (.VSO Software - low level access layer for CD/DVD/BD devices.) -- C:\WINDOWS\system32\drivers\pcouffin.sys O58 - SDL:[MD5.EEDB845B7648D6FD632DDB8744892743] - 02/02/2007 - 16:30:34 ---A- . (.Pinnacle Systems GmbH - Virtual NDIS miniport driver.) -- C:\WINDOWS\system32\drivers\PctvVirtualNdis.sys O58 - SDL:[MD5.C3127BFDAB6200769B5A0184FAB48573] - 22/05/2002 - 00:00:00 ---A- . (.Engelmann GmbH - PrecSim SCSI miniport.) -- C:\WINDOWS\system32\drivers\precsim.sys O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 28/08/2001 - 13:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\drivers\ptilink.sys O58 - SDL:[MD5.49452BFCEC22F36A7A9B9C2181BC3042] - 20/11/2008 - 20:19:06 ---A- . (.Sonic Solutions - Px Engine Device Driver for Windows 2000/XP.) -- C:\WINDOWS\system32\drivers\pxhelp20.sys O58 - SDL:[MD5.E9AAA0092D74A9D371659C4C38882E12] - 03/08/2004 - 21:41:40 ---A- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\drivers\recagent.sys O58 - SDL:[MD5.A56FE08EC7473E8580A390BB1081CDD7] - 28/08/2001 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - Rio8Drv.sys Usb Driver.) -- C:\WINDOWS\system32\drivers\rio8drv.sys O58 - SDL:[MD5.0A854DF84C77A0BE205BFEAB2AE4F0EC] - 28/08/2001 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - RioDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\riodrv.sys O58 - SDL:[MD5.0DBCC071A268E0340A2BA6BDD98BACE4] - 03/08/2004 - 21:29:52 ---A- . (.S3 Graphics, Inc. - S3 ProSavage(DDR) & Twister Miniport Driver.) -- C:\WINDOWS\system32\drivers\s3gnbm.sys O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 13/11/2007 - 11:25:54 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\WINDOWS\system32\drivers\secdrv.sys O58 - SDL:[MD5.6B33D0EBD30DB32E27D1D78FE946A754] - 13/04/2008 - 19:36:39 ---A- . (.Silicon Integrated Systems Corporation - SiS NT AGP Filter.) -- C:\WINDOWS\system32\drivers\sisagp.sys O58 - SDL:[MD5.D9673011648A71ED1E1F77B831BC85E6] - 03/08/2004 - 21:41:42 ---A- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\drivers\slnt7554.sys O58 - SDL:[MD5.2C1779C0FEB1F4A6033600305EBA623A] - 03/08/2004 - 21:41:44 ---A- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\drivers\slntamr.sys O58 - SDL:[MD5.F9B8E30E82EE95CF3E1D3E495599B99C] - 03/08/2004 - 21:41:46 ---A- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\drivers\slnthal.sys O58 - SDL:[MD5.DB56BB2C55723815CF549D7FC50CFCEB] - 03/08/2004 - 21:41:46 ---A- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\drivers\slwdmsup.sys O58 - SDL:[MD5.3AD0362CF68DE3AC500E981700242CCA] - 03/10/2009 - 14:04:29 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\WINDOWS\system32\drivers\ssmdrv.sys O58 - SDL:[MD5.465DC203AD69D56F290480DAE756A9F9] - 27/09/2005 - 08:00:02 ---A- . (.PACE Anti-Piracy, Inc. - InterLok system file.) -- C:\WINDOWS\system32\drivers\TPkd.sys O58 - SDL:[MD5.D74A8EC75305F1D3CFDE7C7FC1BD62A9] - 28/08/2001 - 13:00:00 ---A- . (.Toshiba Corporation - WDM Toshiba Tecra Video Capture Driver.) -- C:\WINDOWS\system32\drivers\tsbvcap.sys O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 28/08/2001 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\drivers\vdmindvd.sys O58 - SDL:[MD5.D956827780A0B7EAE97930116E5649F7] - 04/05/2001 - 08:24:52 ---A- . (.VIA Technologies. Inc. - VIA PFD driver.) -- C:\WINDOWS\system32\drivers\VIAPFD.SYS O58 - SDL:[MD5.0308AEF61941E4AF478FA1A0F83812F5] - 03/08/2004 - 21:29:40 ---A- . (.Intel® Corporation - Digital Display Minidriver for Intel® Graphics Driver.) -- C:\WINDOWS\system32\drivers\wadv07nt.sys O58 - SDL:[MD5.714038A8AA5DE08E12062202CD7EAEB5] - 03/08/2004 - 21:29:40 ---A- . (.Intel® Corporation - Digital Display Minidriver for Intel® Graphics Driver.) -- C:\WINDOWS\system32\drivers\wadv08nt.sys O58 - SDL:[MD5.7BB3AA595E4507A788DE1CDC63F4C8C4] - 03/08/2004 - 21:29:42 ---A- . (.Intel® Corporation - Digital Display Minidriver for Intel® Graphics Driver.) -- C:\WINDOWS\system32\drivers\wadv09nt.sys O58 - SDL:[MD5.36E6C405B6143D09687F4056FD9A0D10] - 03/08/2004 - 21:29:42 ---A- . (.Intel® Corporation - Digital Display Minidriver for Intel® Graphics Driver.) -- C:\WINDOWS\system32\drivers\wadv11nt.sys O58 - SDL:[MD5.352FA0E98BC461CE1CE5D41F64DB558D] - 03/08/2004 - 21:29:46 ---A- . (.Intel® Corporation - Digital Display Minidriver for Intel® Graphics Driver.) -- C:\WINDOWS\system32\drivers\watv06nt.sys O58 - SDL:[MD5.791CC45DE6E50445BE72E8AD6401FF45] - 03/08/2004 - 21:29:46 ---A- . (.Intel® Corporation - Digital Display Minidriver for Intel® Graphics Driver.) -- C:\WINDOWS\system32\drivers\watv10nt.sys O58 - SDL:[MD5.BA898B29F0DBF9307F494475A8393F03] - 05/05/2005 - 16:01:34 RSH-- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\0AA48D50C7.sys O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 28/08/2001 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ansi.sys O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 28/08/2001 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\country.sys O58 - SDL:[MD5.77EBF3E9386DAA51551AF429052D88D0] - 03/04/1996 - 20:33:26 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\giveio.sys O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 28/08/2001 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\himem.sys O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 28/08/2001 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\key01.sys O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 28/08/2002 - 20:23:06 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\keyboard.sys O58 - SDL:[MD5.F171E6EC36928C226BB43D111C759F58] - 05/05/2005 - 16:15:39 -SHA- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\KGyGaAvL.sys O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 28/08/2001 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos.sys O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 28/08/2001 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos404.sys O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 28/08/2001 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos411.sys O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 28/08/2001 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos412.sys O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 28/08/2001 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos804.sys O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 03/08/2004 - 21:45:26 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio.sys O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 03/08/2004 - 21:45:16 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio404.sys O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 03/08/2004 - 21:45:12 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio411.sys O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 03/08/2004 - 21:45:16 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio412.sys O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 03/08/2004 - 21:45:14 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio804.sys O58 - SDL:[MD5.D703F972D23867DFD4EE9A9EF9CB767E] - 15/06/2005 - 15:55:53 ---A- . (.Windows ® 2000 DDK provider - SpeedFan Device Driver.) -- C:\WINDOWS\system32\speedfan.sys O58 - SDL:[MD5.F05028B163B92C302A74409D683AC9B0] - 27/04/2007 - 14:19:44 ---A- . (.AntiCracking - SVKP driver for NT.) -- C:\WINDOWS\system32\SVKP.sys ---\\ Alternate Data Stream File (ADS) (O62) O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\$winnt$.inf:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\0AA48D50C7.sys:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\12520437.cpx:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\12520850.cpx:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\aaaamon.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\acctres.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\acelpdec.ax:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\acledit.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\activeds(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\activeds.tlb:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\adptif.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\adsldpc(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\adsnds.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\advapi32(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\ansi.sys:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\apcups.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\append.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\apphelp(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\arp.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\asr_ldm.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\atkctrs.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\atl(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\atmpvcno.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\audiosrv(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\authz(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\autodisc.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\autoexec.nt:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\AUTOEXEC.NT.bak:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\avicap.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\avicap32.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\avifile.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\avmeter.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\avtapi.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\avwav.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\bios1.rom:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\bios4.rom:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\bootok.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\bootvid.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\bootvrfy.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\bopomofo.uce:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\browser(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\cabinet(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\calc.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\cards.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\ccfgnt.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\cdmodem.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\certcli(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\certmgr.msc:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\CF32569.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\charmap.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\Chaînes.scf:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\chcp.com:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\chkdsk.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\chkntfs.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\ciadmin.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\ciadv.msc:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\ciaResSvr20.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\ciaSubClsSvr.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\ciaXPFrame20.ocx:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\ciaXPRegSvr20.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\ciaXPStatusBar20.ocx:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\cidaemon.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\ckcnv.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\clb.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\clbcatq(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\cliconf.chm:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\cliconfg.rll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\clspack.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\clusapi(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\cmdlib.wsc:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\cmmgr32.hlp:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\cmos.ram:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\cmpbk32.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\cnetcfg.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\CNMLM3q.DLL:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\CNMVS3q.DLL:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\cnvfat.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\colbact(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\comcat.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\comctl32(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\comdlg32(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\comm.drv:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\command.com:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\commdlg.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\comp.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\compact.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\compmgmt.msc:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\compobj.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\comres(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\comsvcs(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\CONFIG.NT:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\console.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\control.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\convert.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\country.sys:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\CPUINFO2.DLL:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\credui(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\crtdll.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\crypt32(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\cryptdll(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\cryptsvc(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\cryptui(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\cscdll(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\csseqchk.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\CtMp3.Crl:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\ctype.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_037.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_10000.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_10006.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_10007.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_10010.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_10017.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_10029.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_10079.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_10081.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_10082.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_1026.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_1250.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_1251.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_1252.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_1253.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_1254.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_1255.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_1256.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_1257.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_1258.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_20127.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_20261.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_20866.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_20905.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_21866.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_28591.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_28592.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_28593.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\C_28594.NLS:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\C_28595.NLS:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\C_28597.NLS:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_28598.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_28599.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_28603.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_28605.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_437.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_500.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_737.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_775.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_850.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_852.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_855.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_857.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_860.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_861.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_863.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_865.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_866.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_869.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_874.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_875.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_932.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_936.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_949.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_950.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\d3dim.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\d3dpmesh.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\d3dramp.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\d3drm.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\d3dxof.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\davclnt(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dbgeng.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dbmsadsn.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dbmsvinn.dLL:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\ddeml.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\debug.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\deskadp.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\deskmon.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\deskperf.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\devmgmt.msc:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dfrg.msc:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dfrgres.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dgrpsetu.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dgsetup.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dhcpcsvc(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dhcpsapi.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\diactfrm.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dimap.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\diskcomp.com:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\diskcopy.com:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\diskmgmt.msc:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\diskperf.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\divxdec_0407.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\divxdec_040c.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\divxdec_0411.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dllhst3g.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dmconfig.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dmdskres.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dmintf.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dmocx.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dmserver(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dmview.ocx:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dnsapi(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dnsrslvr(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\Drivers\acpiec.sys:KAVICHS ---\\ Liste des outils de nettoyage (LATC) (O63) O63 - Logiciel: Ad-Remover By C_XX - (.C_XX.) O63 - Logiciel: HijackThis 2.0.2 - (.TrendMicro.) O63 - Logiciel: SEAF By C_XX - (.C_XX.) O63 - Logiciel: ZHPDiag 1.25 - (.Nicolas Coolman.) O63 - Logiciel: RSIT - (.random/random.) O63 - Logiciel: Toolbar SD - (.IDN Team.) ---\\ Liste des services Legacy (LALS) (O64) O64 - Services: CurCS - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe - Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) .(.Pas de propriétaire - Pas de description.) - LEGACY_ADOBEACTIVEFILEMONITOR5.0 O64 - Services: CurCS - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe - Adobe LM Service (Adobe LM Service) .(.Adobe Systems - System Level Service Utility.) - LEGACY_ADOBE_LM_SERVICE O64 - Services: CurCS - C:\Program Files\Avira\AntiVir Desktop\sched.exe - Avira AntiVir Planificateur (AntiVirSchedulerService) .(.Avira GmbH - Antivirus Scheduler.) - LEGACY_ANTIVIRSCHEDULERSERVICE O64 - Services: CurCS - C:\Program Files\Avira\AntiVir Desktop\avguard.exe - Avira AntiVir Guard (AntiVirService) .(.Avira GmbH - Antivirus On-Access Service.) - LEGACY_ANTIVIRSERVICE O64 - Services: CurCS - C:\WINDOWS\system32\Ati2evxx.exe - Ati HotKey Poller (Ati HotKey Poller) .(.ATI Technologies Inc. - ATI External Event Utility EXE Module.) - LEGACY_ATI_HOTKEY_POLLER O64 - Services: CurCS - C:\WINDOWS\system32\ati2sgag.exe - ATI Smart (ATI Smart) .(.Pas de propriétaire - ATI Smart.) - LEGACY_ATI_SMART O64 - Services: CurCS - (.not file.) - Avg Anti-Rootkit Clean Driver (AvgArCln) .(.Pas de propriétaire - Pas de description.) - LEGACY_AVGARCLN O64 - Services: CurCS - (.not file.) - AVG Anti-Spyware Clean Driver (AvgAsCln) .(.Pas de propriétaire - Pas de description.) - LEGACY_AVGASCLN O64 - Services: CurCS - C:\Program Files\Avira\AntiVir Desktop\avgio.sys - avgio (avgio) .(.Avira GmbH - Avira AntiVir Support for Minifilter.) - LEGACY_AVGIO O64 - Services: CurCS - C:\WINDOWS\system32\DRIVERS\avgntflt.sys - avgntflt (avgntflt) .(.Avira GmbH - Avira Minifilter Driver.) - LEGACY_AVGNTFLT O64 - Services: CurCS - (.not file.) - AVG Anti-Spyware Driver (AVG Anti-Spyware Driver) .(.Pas de propriétaire - Pas de description.) - LEGACY_AVG_ANTI-SPYWARE_DRIVER O64 - Services: CurCS - (.not file.) - AVG Clean Driver (AVG Clean Driver) .(.Pas de propriétaire - Pas de description.) - LEGACY_AVG_CLEAN_DRIVER O64 - Services: CurCS - C:\WINDOWS\system32\DRIVERS\avipbb.sys - avipbb (avipbb) .(.Avira GmbH - Avira Driver for RootKit Detection.) - LEGACY_AVIPBB O64 - Services: CurCS - (.not file.) - catchme (catchme) .(.Pas de propriétaire - Pas de description.) - LEGACY_CATCHME O64 - Services: CurCS - (.not file.) - Creative AC3 Software Decoder (ctac32k) .(.Pas de propriétaire - Pas de description.) - LEGACY_CTAC32K O64 - Services: CurCS - (.not file.) - Creative Proxy Driver (ctprxy2k) .(.Pas de propriétaire - Pas de description.) - LEGACY_CTPRXY2K O64 - Services: CurCS - (.not file.) - Creative SoundFont Management Device Driver (ctsfm2k) .(.Pas de propriétaire - Pas de description.) - LEGACY_CTSFM2K O64 - Services: CurCS - (.not file.) - Lanceur de processus serveur DCOM (DcomLaunch) .(.Pas de propriétaire - Pas de description.) - LEGACY_DCOMLAUNCH O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\ElbyCDIO.sys - ElbyCDIO Driver (ElbyCDIO) .(.Elaborate Bytes AG - ElbyCD Windows NT/2000/XP I/O driver.) - LEGACY_ELBYCDIO O64 - Services: CurCS - (.not file.) - E-mu Plug-in Architecture Driver (emupia) .(.Pas de propriétaire - Pas de description.) - LEGACY_EMUPIA O64 - Services: CurCS - (.not file.) - Freenet 0.7 darknet (freenet-darknet) .(.Pas de propriétaire - Pas de description.) - LEGACY_FREENET-DARKNET O64 - Services: CurCS - C:\WINDOWS\system32\drivers\fwdrv.sys - Firewall Driver (fwdrv) .(.Sunbelt Software - Sunbelt Kerio Firewall FWDRV.) - LEGACY_FWDRV O64 - Services: CurCS - (.not file.) - fxliapoc (fxliapoc) .(.Pas de propriétaire - Pas de description.) - LEGACY_FXLIAPOC O64 - Services: CurCS - C:\WINDOWS\system32\giveio.sys - giveio (giveio) .(.Pas de propriétaire - Pas de description.) - LEGACY_GIVEIO O64 - Services: CurCS - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe - Google Software Updater (gusvc) .(.Google - gusvc.) - LEGACY_GUSVC O64 - Services: CurCS - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe - InstallDriver Table Manager (IDriverT) .(.Macrovision Corporation - IDriverT Module.) - LEGACY_IDRIVERT O64 - Services: CurCS - (.not file.) - File Security Kernel Anti-Spyware Driver (ikhfile) .(.Pas de propriétaire - Pas de description.) - LEGACY_IKHFILE O64 - Services: CurCS - (.not file.) - Kernel Anti-Spyware Driver (ikhlayer) .(.Pas de propriétaire - Pas de description.) - LEGACY_IKHLAYER O64 - Services: CurCS - (.not file.) - IsDrv118 (IsDrv118) .(.Pas de propriétaire - Pas de description.) - LEGACY_ISDRV118 O64 - Services: CurCS - C:\Program Files\Java\jre6\bin\jqs.exe - Java Quick Starter (JavaQuickStarterService) .(.Sun Microsystems, Inc. - Java Quick Starter Service.) - LEGACY_JAVAQUICKSTARTERSERVICE O64 - Services: CurCS - C:\WINDOWS\system32\drivers\khips.sys - Kerio HIPS Driver (khips) .(.Sunbelt Software - Sunbelt Kerio Host Intrusion Prevention Dri.) - LEGACY_KHIPS O64 - Services: CurCS - (.not file.) - Klif (Klif) .(.Pas de propriétaire - Pas de description.) - LEGACY_KLIF O64 - Services: CurCS - (.not file.) - Klmc (Klmc) .(.Pas de propriétaire - Pas de description.) - LEGACY_KLMC O64 - Services: CurCS - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe - Sunbelt Kerio Personal Firewall 4 (KPF4) .(.Sunbelt Software - Sunbelt Kerio Firewall Service.) - LEGACY_KPF4 O64 - Services: CurCS - C:\WINDOWS\system32\drivers\LVPr2Mon.sys - Logitech LVPr2Mon Driver (LVPr2Mon) .(.Pas de propriétaire - Pas de description.) - LEGACY_LVPR2MON O64 - Services: CurCS - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe - Logitech Process Monitor (LVPrcSrv) .(.Logitech Inc. - Logitech LVPrcSrv Module..) - LEGACY_LVPRCSRV O64 - Services: CurCS - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe - LVSrvLauncher (LVSrvLauncher) .(.Logitech Inc. - LogitechService Launcher.) - LEGACY_LVSRVLAUNCHER O64 - Services: CurCS - (.not file.) - MBAMProtector (MBAMProtector) .(.Pas de propriétaire - Pas de description.) - LEGACY_MBAMPROTECTOR O64 - Services: CurCS - (.not file.) - MBAMService (MBAMService) .(.Pas de propriétaire - Pas de description.) - LEGACY_MBAMSERVICE O64 - Services: CurCS - (.not file.) - mbr (mbr) .(.Pas de propriétaire - Pas de description.) - LEGACY_MBR O64 - Services: CurCS - (.not file.) - mchInjDrv (mchInjDrv) .(.Pas de propriétaire - Pas de description.) - LEGACY_MCHINJDRV O64 - Services: CurCS - (.not file.) - Network Associates McShield (McShield) .(.Pas de propriétaire - Pas de description.) - LEGACY_MCSHIELD O64 - Services: CurCS - (.not file.) - Network Associates Task Manager (McTaskManager) .(.Pas de propriétaire - Pas de description.) - LEGACY_MCTASKMANAGER O64 - Services: CurCS - (.not file.) - mountmgr (mountmgr) .(.Pas de propriétaire - Pas de description.) - LEGACY_MOUNTMGR O64 - Services: CurCS - (.not file.) - Mup (Mup) .(.Pas de propriétaire - Pas de description.) - LEGACY_MUP O64 - Services: CurCS - (.not file.) - NaiAvFilter1 (NaiAvFilter1) .(.Pas de propriétaire - Pas de description.) - LEGACY_NAIAVFILTER1 O64 - Services: CurCS - (.not file.) - NAI Anti Virus (NaiAvFilter101) .(.Pas de propriétaire - Pas de description.) - LEGACY_NAIAVFILTER101 O64 - Services: CurCS - (.not file.) - NaiAvTdi1 (NaiAvTdi1) .(.Pas de propriétaire - Pas de description.) - LEGACY_NAIAVTDI1 O64 - Services: CurCS - (.not file.) - Pilote système NDIS (NDIS) .(.Pas de propriétaire - Pas de description.) - LEGACY_NDIS O64 - Services: CurCS - C:\WINDOWS\system32\drivers\npf.sys - NetGroup Packet Filter Driver (NPF) .(.CACE Technologies, Inc. - npf.sys (NT5/6 x86) Kernel Driver.) - LEGACY_NPF O64 - Services: CurCS - C:\WINDOWS\system32\drivers\ctoss2k.sys - Creative OS Services Driver (ossrv) .(.Creative Technology Ltd. - Creative OS Services Driver (WDM).) - LEGACY_OSSRV O64 - Services: CurCS - (.not file.) - PartMgr (PartMgr) .(.Pas de propriétaire - Pas de description.) - LEGACY_PARTMGR O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\PFMODNT.sys - PfModNT (PfModNT) .(.Creative Technology Ltd. - PCI/ISA Device Info. Service.) - LEGACY_PFMODNT O64 - Services: CurCS - (.not file.) - PROCEXP113 (PROCEXP113) .(.Pas de propriétaire - Pas de description.) - LEGACY_PROCEXP113 O64 - Services: CurCS - (.not file.) - RDPNP (RDPNP) .(.Pas de propriétaire - Pas de description.) - LEGACY_RDPNP O64 - Services: CurCS - (.not file.) - RKREVEAL150 (RKREVEAL150) .(.Pas de propriétaire - Pas de description.) - LEGACY_RKREVEAL150 O64 - Services: CurCS - (.not file.) - Appel de procédure distante (RPC) (RpcSs) .(.Pas de propriétaire - Pas de description.) - LEGACY_RPCSS O64 - Services: CurCS - C:\Program Files\SUPERAntiSpyware\SASDIFSV.sys - SASDIFSV (SASDIFSV) .(.Pas de propriétaire - SASDIFSV.) - LEGACY_SASDIFSV O64 - Services: CurCS - C:\Program Files\SUPERAntiSpyware\SASENUM.sys - SASENUM (SASENUM) .(.SuperAdBlocker, Inc. - SuperAntiSpyware.) - LEGACY_SASENUM O64 - Services: CurCS - C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys - SASKUTIL (SASKUTIL) .(.Pas de propriétaire - SASKUTIL.SYS.) - LEGACY_SASKUTIL O64 - Services: CurCS - (.not file.) - SAVOnAccess Control (SAVOnAccess Control) .(.Pas de propriétaire - Pas de description.) - LEGACY_SAVONACCESS_CONTROL O64 - Services: CurCS - (.not file.) - SAVOnAccess Filter (SAVOnAccess Filter) .(.Pas de propriétaire - Pas de description.) - LEGACY_SAVONACCESS_FILTER O64 - Services: CurCS - C:\Program Files\Sandboxie\SbieDrv.sys - SbieDrv (SbieDrv) .(.tzuk - Sandboxie Kernel Mode Driver.) - LEGACY_SBIEDRV O64 - Services: CurCS - C:\Program Files\Sandboxie\SbieSvc.exe - Sandboxie Service (SbieSvc) .(.tzuk - Sandboxie Service.) - LEGACY_SBIESVC O64 - Services: CurCS - C:\WINDOWS\system32\DRIVERS\secdrv.sys - Secdrv (Secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV O64 - Services: CurCS - C:\WINDOWS\system32\speedfan.sys - speedfan (speedfan) .(.Windows ® 2000 DDK provider - SpeedFan Device Driver.) - LEGACY_SPEEDFAN O64 - Services: CurCS - (.not file.) - sptd (sptd) .(.Pas de propriétaire - Pas de description.) - LEGACY_SPTD O64 - Services: CurCS - (.not file.) - srescan (srescan) .(.Pas de propriétaire - Pas de description.) - LEGACY_SRESCAN O64 - Services: CurCS - C:\WINDOWS\system32\DRIVERS\ssmdrv.sys - ssmdrv (ssmdrv) .(.Avira GmbH - AVIRA SnapShot Driver.) - LEGACY_SSMDRV O64 - Services: CurCS - C:\WINDOWS\system32\SVKP.sys - SVKP (SVKP) .(.AntiCracking - SVKP driver for NT.) - LEGACY_SVKP O64 - Services: CurCS - (.not file.) - Services Terminal Server (TermService) .(.Pas de propriétaire - Pas de description.) - LEGACY_TERMSERVICE O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\TPKD.sys - TPkd (TPkd) .(.PACE Anti-Piracy, Inc. - InterLok system file.) - LEGACY_TPKD O64 - Services: CurCS - (.not file.) - Gestionnaire de téléchargement (uploadmgr) .(.Pas de propriétaire - Pas de description.) - LEGACY_UPLOADMGR O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\VIAPFD.sys - VIAPFD (VIAPFD) .(.VIA Technologies. Inc. - VIA PFD driver.) - LEGACY_VIAPFD O64 - Services: CurCS - (.not file.) - vsdatant (vsdatant) .(.Pas de propriétaire - Pas de description.) - LEGACY_VSDATANT O64 - Services: CurCS - (.not file.) - VSOMRIXF (VSOMRIXF) .(.Pas de propriétaire - Pas de description.) - LEGACY_VSOMRIXF ---\\ Observateur d'évènement d'application (OEA) (O66) O66 - EventLog: ID=1 (JavaQuickStarterService) - (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf: No such file or directory\n"}; (.not file.) ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Pas de propriétaire - Pas de description.) -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.com> <ComFile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.html> <FirefoxHTML>[HKLM\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Pas de propriétaire - Pas de description.) -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.com> <ComFile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe ---\\ Start Menu Internet (SMI) (O68) O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe O68 - StartMenuInternet: <MSN Explorer> <>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - msn.) -- C:\Program Files\MSN\MSNCoreFiles\MSN6.exe ---\\ Search Browser Infection (SBI) (O69) ---\\ Recherche d'infection Master Boot Record (O80) Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net Run by Pascal Admin at 01/05/2010 13:12:56 device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x82F8F890]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\atapi -> 0x82f8f890 IoDeviceObjectType -> ParseProcedure -> 0xffb351b0 \Device\Harddisk0\DR0 -> ParseProcedure -> 0xffb351b0 Warning: possible MBR rootkit infection ! user & kernel MBR OK Use "Recovery Console" command "fixmbr" to clear infection ! Use "ZHPFix" command "MBRFix" to clear infection ! End of the scan (1421 lines in 03mn 57s)

Je l'ai désinstallé car il me sert plus vraiment. le processus daemon.exe a effectivement disparu. Mais l'analyse est toujours la même : Rapport de ZHPDiag v1.25.1413 par Nicolas Coolman Run by Pascal Admin at 01/05/2010 11:23:49 Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html ---\\ Web Browser MSIE: Internet Explorer v8.0.6001.18702 MFIE: Mozilla Firefox (3.6.3) ---\\ System Information Platform : Microsoft Windows XP (5.1.2600) Service Pack 3 Processor: x86 Family 6 Model 6 Stepping 2, AuthenticAMD Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 511 MB (13% free) System drive C: has 14 GB (35%) free of 39 GB ---\\ Logged in mode Computer Name: PCPASCAL User Name: Pascal Admin Unselected Option: O1,O45,O61,O65 Logged in as Administrator ---\\ DOS/Devices A:\ Floppy drive, Flash card reader, USB Key (Not Inserted) C:\ Hard drive, Flash drive, Thumb drive (Free 14 Go of 39 Go) D:\ Hard drive, Flash drive, Thumb drive (Free 5 Go of 75 Go) E:\ Hard drive, Flash drive, Thumb drive (Free 12 Go of 190 Go) F:\ Hard drive, Flash drive, Thumb drive (Free 1 Go of 37 Go) G:\ CD-ROM drive (Not Inserted) H:\ CD-ROM drive (Not Inserted) J:\ CD-ROM drive (Not Inserted) M:\ CD-ROM drive (Not Inserted) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK ---\\ Processus lancés [MD5.3E4C03CEFAD8DE135263236B61A49C90] - (.Ahead Software Gmbh - NeroCheck.) -- C:\WINDOWS\system32\NeroCheck.exe [155648] [MD5.D552D5BC4E24373E0FFD9464E72493C6] - (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\PSDrvCheck.exe [396800] [MD5.56193BCE4DFD8879AEDEB26B71A0A583] - (.Elaborate Bytes AG - ElbyCheck.) -- C:\Program Files\SlySoft\CloneCD\ElbyCheck.exe [45056] [MD5.022DB38BECB5A44DA6F7E27923457624] - (.Logitech Inc. - Communications Manager.) -- C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe [488984] [MD5.AD7503D6857DBFFC7E5F2E96BC9CC283] - (.Logitech Inc. - LVCom Server.) -- C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe [252704] [MD5.64C4C17BF6A40FF1CD21205E6FD415B8] - (.ATI Technologies Inc. - CLI Application (Command Line Interface).) -- C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [45056] [MD5.29680A793F690EEF4AAA68479D2A6DF8] - (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [209153] [MD5.52DB6CDAC5BC7A1FC884E97C41C91213] - (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [248040] [MD5.F91F52F4EA5D88DAB6245682A16F3A72] - (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [36272] [MD5.DB1DB28467111A24664933AB8908CBCE] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [952768] [MD5.E13EA4860E8F2AA845B53BFD2B6FEC5B] - (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe [1695232] [MD5.59DC5BB82E4C8E0B3EADCFDBC44BA6E4] - (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe [15360] [MD5.177FF6608B48638D4066726F3A3F8444] - (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [102400] [MD5.9015BC03F62940527EC92D45EE89E46F] - (.Avira GmbH - Antivirus Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [108289] [MD5.B8720A787C1223492E6F319465E996CE] - (.Avira GmbH - Antivirus On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [185089] [MD5.A2EAEB497CA29ECAEAF0DF66AD85C57D] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\WINDOWS\system32\Ati2evxx.exe [413696] [MD5.312A17DFF710A0F4E6D4DD1D52EAD1A8] - (.Pas de propriétaire - ATI Smart.) -- C:\WINDOWS\system32\ati2sgag.exe [520192] [MD5.E4BDF223CD75478BF44567B4D5C2634D] - (.Microsoft Corporation - Generic Host Process for Win32 Services.) -- C:\WINDOWS\System32\svchost.exe [14336] [MD5.C3FB1D70CB88722267949694BA51759E] - (.Microsoft Corporation - Applications Services et Contrôleur.) -- C:\WINDOWS\system32\services.exe [111104] [MD5.74E30A41CDCF331C74BC4D97BE40CC5B] - (.Sun Microsystems, Inc. - Java Quick Starter Service.) -- C:\Program Files\Java\jre6\bin\jqs.exe [153376] [MD5.9EF600C64435CCFDEA01C991289E76EC] - (.Sunbelt Software - Sunbelt Kerio Firewall Service.) -- C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [1205784] [MD5.995D0B52870C7A5CAF3EA165FD674A35] - (.Logitech Inc. - Logitech LVPrcSrv Module..) -- c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe [109344] [MD5.A005CEE9BE199C5E375FAA559CA9A7A9] - (.Logitech Inc. - LogitechService Launcher.) -- C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe [105248] [MD5.91E6024D6D4DCDECDB36C43ECF9BBECB] - (.Microsoft Corporation - LSA Shell (Export Version).) -- C:\WINDOWS\system32\lsass.exe [13312] [MD5.2B2B6189DC47F44D7549519AA7519777] - (.tzuk - Sandboxie Service.) -- C:\Program Files\Sandboxie\SbieSvc.exe [52224] [MD5.460E4CE148BD07218DA0B6A3D31885A9] - (.Microsoft Corporation - Spooler SubSystem App.) -- C:\WINDOWS\system32\spoolsv.exe [57856] [MD5.581061776E1B7C4C7771E97AE5EAF377] - (.Microsoft Corporation - Service Executable.) -- C:\Program Files\Windows Defender\MsMpEng.exe [13592] [MD5.581176F60885AEF8F78C6E38DCC3CDF9] - (.Microsoft Corporation - WMDM PMSP Service.) -- C:\WINDOWS\System32\MsPMSPSv.exe [53520] ---\\ Pages de recherche d'Internet Explorer (R1) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ---\\ Internet Explorer URLSearchHook (R3) R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} . (.Pas de propriétaire - Pas de description.) (No version) -- (.not file.) R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.18904 (longhorn_ie8_gdr.100222-1700)) -- C:\WINDOWS\system32\ieframe.dll ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} . (.Pas de propriétaire - Pas de description.) -- (.not file.) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} . (.Xi - Net Transport IE Helper Module.) -- C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} . (.Sun Microsystems, Inc. - Java Quick Starter binary.) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll ---\\ Applications démarrées automatiquement par le registre (O4) O4 - HKLM\..\Run: [NeroFilterCheck] . (.Ahead Software Gmbh - NeroCheck.) -- C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PSDrvCheck] . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\PSDrvCheck.exe O4 - HKLM\..\Run: [CloneCDElbyCDFL] . (.Elaborate Bytes AG - ElbyCheck.) -- C:\Program Files\SlySoft\CloneCD\ElbyCheck.exe O4 - HKLM\..\Run: [LogitechCommunicationsManager] . (.Logitech Inc. - Communications Manager.) -- C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe O4 - HKLM\..\Run: [LVCOMSX] . (.Logitech Inc. - LVCom Server.) -- C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe O4 - HKLM\..\Run: [ATICCC] . (.ATI Technologies Inc. - CLI Application (Command Line Interface).) -- C:\Program Files\ATI Technologies\ATI.ACE\cli.exe O4 - HKLM\..\Run: [avgnt] . (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe O4 - HKCU\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe O4 - Global Startup: WinZip Quick Pick.lnk . (.WinZip Computing LP - WinZip Executable.) -- C:\Program Files\WinZip\WZQKPICK.EXE O4 - Global Startup: HotSync Manager.lnk . (.Palm, Inc. - HotSync® Manager Application.) -- C:\Palm\HOTSYNC.EXE ---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8) O8 - Extra context menu item: &Télécharger avec NetTransport . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Xi\NetTransport 2\NTAddLink.html O8 - Extra context menu item: Add to Google Photos Screensa&ver . (.Google Inc. - Google Photos Screensaver.) -- C:\WINDOWS\system32\GPhotos.scr O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\PROGRA~1\MICROS~2\Office12\EXCEL.exe O8 - Extra context menu item: Tout t&élécharger avec NetTransport . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Xi\NetTransport 2\NTAddList.html ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (.Pas de propriétaire - Pas de description.) -- C:\PROGRA~1\MICROS~2\Office12\REFBARH.ICO ---\\ Winsock hijacker (Layered Service Provider) (O10) O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll ---\\ Site dans la Zone de confiance d'Internet Explorer (O15) O15 - Trusted Zone: [HKCU\...\Domains\www] http.cltnet.de ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: DirectAnimation Java Classes (DirectAnimation Java Classes) - (.not file.) - O16 - DPF: Microsoft XML Parser for Java (Microsoft XML Parser for Java) - (.not file.) - O16 - DPF: teleir_cert (teleir_cert) - (.not file.) - https:\\static.ir.dgi.minefi.gouv.fr\secure\connexion\archives\ie4n4\teleir_cert.cab O16 - DPF: {0D9392CD-A784-4FCA-9342-0F75F7D7C8CB} (Corporate Language Training Interface) - http://www.cltnet.de/login/dplaunch.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shock...director/sw.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://ushousecall02.trendmicro.com/housec...ivex/hcImpl.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - (.Yahoo! Inc. - YInstHelper Module.) -- C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155398021206 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - (.not file.) - https:\\static.impots.gouv.fr\tdir\static\adpform\AdSignerADP-2.0.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{9548D205-C2A3-4969-BEF2-92CBB72FF227}: NameServer = 192.168.0.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{9548D205-C2A3-4969-BEF2-92CBB72FF227}: NameServer = 192.168.0.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{9548D205-C2A3-4969-BEF2-92CBB72FF227}: NameServer = 192.168.0.1 O17 - HKLM\System\CS4\Services\Tcpip\..\{9548D205-C2A3-4969-BEF2-92CBB72FF227}: NameServer = 192.168.0.1 ---\\ Protocole additionnel et piratage de protocole (O18) O18 - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} . (.Skype Technologies - Skype for COM API.) -- C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: !SASWinLogon . (.SUPERAntiSpyware.com - SUPERAntiSpyware WinLogon Processor.) -- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) -- C:\WINDOWS\System32\Ati2evxx.dll O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\System32\dimsntfy.dll O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Windows Genuine Advantage - Meddelande.) -- C:\WINDOWS\System32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier . (.Pas de propriétaire - Pas de description.) -- WRLogonNTF.dll ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSODL) (O21) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objet du service d'environnement Systray.) -- C:\WINDOWS\system32\stobject.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} . (.Microsoft Corporation - Windows Portable Device Shell Service Objec.) -- C:\WINDOWS\system32\WPDShServiceObj.dll ---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22) O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\System32\browseui.dll ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) . (.Pas de propriétaire - Pas de description.) - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) . (.Avira GmbH - Antivirus Scheduler.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) . (.Avira GmbH - Antivirus On-Access Service.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: (Ati HotKey Poller) . (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart (ATI Smart) . (.Pas de propriétaire - ATI Smart.) - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java Quick Starter Service.) - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) . (.Sunbelt Software - Sunbelt Kerio Firewall Service.) - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) . (.Logitech Inc. - Logitech LVPrcSrv Module..) - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher (LVSrvLauncher) . (.Logitech Inc. - LogitechService Launcher.) - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Sandboxie Service (SbieSvc) . (.tzuk - Sandboxie Service.) - C:\Program Files\Sandboxie\SbieSvc.exe ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\MP Scheduled Scan.job ---\\ Composants installés (ActiveSetup Installed Components) (O40) O40 - ASIC: Personnalisation du navigateur - >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS . (.Pas de propriétaire - Pas de description.) -- RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP O40 - ASIC: YInstStarterUpgrade Class - {0291E591-EA41-4c82-8106-3DC6CE7F7664} . (.Yahoo! Inc. - YInstHelper Module.) -- C:\PROGRA~1\Yahoo!\Common\yinsthelper.dll O40 - ASIC: Macromedia Shockwave Director 10.1 - {166B1BCA-3F9C-11CF-8075-444553540000} . (.Macromedia, Inc. - Shockwave ActiveX Control.) -- C:\WINDOWS\system32\Macromed\Director\SwDir.dll O40 - ASIC: YInstStarter Class - {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} . (.Yahoo! Inc. - YInstHelper Module.) -- C:\PROGRA~1\Yahoo!\Common\yinsthelper.dll O40 - ASIC: YSearchSetting2 Class - {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} . (.Yahoo! Inc. - YInstHelper Module.) -- C:\PROGRA~1\Yahoo!\Common\yinsthelper.dll O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\msnetmtg.inf O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\msmsgs.inf O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\wmp11.inf O40 - ASIC: Macromedia Shockwave Flash - {D27CDB6E-AE6D-11cf-96B8-444553540000} . (.Adobe Systems, Inc. - Adobe Flash Player 9.0 r124.) -- C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx ---\\ Pilotes lancés au démarrage (O41) O41 - Driver: avgio (avgio) . (.Avira GmbH - Avira AntiVir Support for Minifilter.) - C:\Program Files\Avira\AntiVir Desktop\avgio.sys O41 - Driver: avipbb (avipbb) . (.Avira GmbH - Avira Driver for RootKit Detection.) - C:\WINDOWS\system32\DRIVERS\avipbb.sys O41 - Driver: Firewall Driver (fwdrv) . (.Sunbelt Software - Sunbelt Kerio Firewall FWDRV.) - C:\WINDOWS\system32\drivers\fwdrv.sys O41 - Driver: Kerio HIPS Driver (khips) . (.Sunbelt Software - Sunbelt Kerio Host Intrusion Prevention Dri.) - C:\WINDOWS\system32\drivers\khips.sys O41 - Driver: SASDIFSV (SASDIFSV) . (.Pas de propriétaire - SASDIFSV.) - C:\Program Files\SUPERAntiSpyware\SASDIFSV.sys O41 - Driver: SASKUTIL (SASKUTIL) . (.Pas de propriétaire - SASKUTIL.SYS.) - C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys O41 - Driver: ssmdrv (ssmdrv) . (.Avira GmbH - AVIRA SnapShot Driver.) - C:\WINDOWS\system32\DRIVERS\ssmdrv.sys O41 - Driver: (VIAPFD) . (.VIA Technologies. Inc. - VIA PFD driver.) - C:\WINDOWS\system32\Drivers\VIAPFD.sys O41 - Driver: AVG Anti-Spyware Driver (AVG Anti-Spyware Driver) . (.Pas de propriétaire - Pas de description.) - C:\Program Files\AVG Anti-Spyware 7.5\guard.sys O41 - Driver: AVG Anti-Spyware Clean Driver (AvgAsCln) . (.Pas de propriétaire - Pas de description.) - C:\WINDOWS\system32\DRIVERS\AvgAsCln.sys O41 - Driver: (NaiAvTdi1) . (.Pas de propriétaire - Pas de description.) - C:\WINDOWS\system32\drivers\mvstdi5x.sys ---\\ Logiciels installés (O42) O42 - Logiciel: 2007 Microsoft Office Suite Service Pack 2 (SP2) - (.Microsoft.) [HKLM] O42 - Logiciel: ASAPI Update - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: ATI - Software Uninstall Utility - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: ATI Display Driver - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: AVI/MPEG/RM/WMV Joiner 4.81 - (.Boilsoft, Inc..) [HKLM] O42 - Logiciel: Adobe Common File Installer - (.Adobe System Incorporated.) [HKLM] O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] O42 - Logiciel: Adobe Flash Player ActiveX - (.Adobe Systems Incorporated.) [HKLM] O42 - Logiciel: Adobe Help Center 2.1 - (.Adobe Systems.) [HKLM] O42 - Logiciel: Adobe Photoshop CS2 - (.Adobe Systems, Inc..) [HKLM] O42 - Logiciel: Adobe Photoshop Elements 5.0 - (.Adobe Systems, Inc..) [HKLM] O42 - Logiciel: Adobe Stock Photos 1.0 - (.Adobe Systems.) [HKLM] O42 - Logiciel: Advanced IRC - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Archiveur WinRAR - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Audacity 1.2.4 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Avi2Dvd 0.4.5 beta - (.TrustFm.) [HKLM] O42 - Logiciel: AviSynth 2.5 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Avira AntiVir Personal - Free Antivirus - (.Avira GmbH.) [HKLM] O42 - Logiciel: BackupBuddy for Windows - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] O42 - Logiciel: CH Control Manager - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Clean 5 - (.Pinnacle Systems GmbH / Steinberg Media Technologies GmbH.) [HKLM] O42 - Logiciel: CloneCD - (.Elaborate Bytes.) [HKLM] O42 - Logiciel: Cobian Backup 9 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: ConvertHelper 2.1 - (.DownloadHelper.) [HKLM] O42 - Logiciel: ConvertXtoDVD 3.2.9.94c - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: DVD Shrink 3.2 - (.DVD Shrink.) [HKLM] O42 - Logiciel: DoublePics v2.3.2(.4) - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: EPSON Scan - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: EPSON Smart Panel - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: EVEREST Ultimate Edition v5.00 - (.Lavalys, Inc..) [HKLM] O42 - Logiciel: EarMaster Pro 5 - (.EarMaster ApS.) [HKLM] O42 - Logiciel: Exifer - (.Friedemann Schmidt.) [HKLM] O42 - Logiciel: File Uploader - (.Nikon.) [HKLM] O42 - Logiciel: Foxit Reader - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: GHCS Software GedStar for PalmOS - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: GNU Solfege 3.14.7 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: GedCom-Vision version 2.0e - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Greeting Card Creator - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Handy Recovery 1.0 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Harmony Assistant - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Helicon Filter 2.02 - (.Helicon Co..) [HKLM] O42 - Logiciel: Heredis 9 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Hotfix for Windows Media Format 11 SDK (KB929399) - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Hotfix for Windows XP (KB976002-v5) - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: IFOEdit 0.971 Fr - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: IsoBuster 1.9.1 - (.Smart Projects.) [HKLM] O42 - Logiciel: J'apprends le piano - (.Musicalis.) [HKLM] O42 - Logiciel: Java 6 Update 19 - (.Sun Microsystems, Inc..) [HKLM] O42 - Logiciel: K-Lite Mega Codec Pack 3.5.0 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Kaspersky Online Scanner - (.Kaspersky Lab.) [HKLM] O42 - Logiciel: Kommute - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Label Editor - (.Steinberg.) [HKLM] O42 - Logiciel: Lecteur Windows Media 11 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Lizardtech DjVu Control - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Logitech QuickCam - (.Logitech Inc..) [HKLM] O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] O42 - Logiciel: MSXML 4.0 SP2 (KB927978) - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: MSXML 4.0 SP2 Parser and SDK - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: MVision - (.Logitech Inc..) [HKLM] O42 - Logiciel: Macromedia Flash Player - (.Macromedia, Inc..) [HKLM] O42 - Logiciel: Macromedia Shockwave Player - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.) [HKLM] O42 - Logiciel: MaxSplitter v1.53 Free Edition - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Media Player Classic fr - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB953297) - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Baseline Security Analyzer 2.1 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Flight Simulator 2004 Un siècle d'aviation - (.Microsoft.) [HKLM] O42 - Logiciel: Microsoft Money - (.Microsoft.) [HKLM] O42 - Logiciel: Microsoft Office Access MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Excel MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office InfoPath MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Outlook MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office PowerPoint MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Professional Plus 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Proof (Arabic) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Proof (Dutch) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Proof (English) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Proof (French) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Proof (German) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Proof (Spanish) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Proofing (French) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Publisher MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office Word MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft User-Mode Driver Framework Feature Pack 1.0 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Mozilla Firefox (3.6.3) - (.Mozilla.) [HKLM] O42 - Logiciel: Mp3DirectCut - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Neat Image v5 Demo (with plug-in) - (.Neat Image team, ABSoft.) [HKLM] O42 - Logiciel: Nero 6 Enterprise Edition - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Nero BurnRights (Ahead Software) - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Net Transport 1.94.282 - (.Xi.) [HKLM] O42 - Logiciel: NikonCapture - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Notification Live Search - (.Pas de propriétaire.) [HKCU] O42 - Logiciel: OMeR - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Outil de téléchargement Windows Live - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: P2400P Guide de référence - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: PDFtoMusic - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: PTLens - (.ePaperPress.) [HKLM] O42 - Logiciel: PeerGuardian 2.0 - (.Methlabs Productions.) [HKLM] O42 - Logiciel: PhotoFiltre - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Picasa 3 - (.Google, Inc..) [HKLM] O42 - Logiciel: Picture Control Utility - (.Nikon.) [HKLM] O42 - Logiciel: Planète Généalogie - (.BSD Concept.) [HKLM] O42 - Logiciel: Programme de gestion Camera de Logitech® - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: QuickPar 0.9 - (.Peter B. Clements.) [HKLM] O42 - Logiciel: QuickTime - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: RadCor 2.04 - (.TUVSW.) [HKLM] O42 - Logiciel: Radio Fr Solo 2.1 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: SanDisk SD Wi-Fi Card - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Sandboxie 3.34 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: SaverWiz - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: ScummVM 1.0.0rc1 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB969559) - (.Microsoft.) [HKLM] O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB978380) - (.Microsoft.) [HKLM] O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Security Update for Microsoft Office Excel 2007 (KB978382) - (.Microsoft.) [HKLM] O42 - Logiciel: Security Update for Microsoft Office Outlook 2007 (KB972363) - (.Microsoft.) [HKLM] O42 - Logiciel: Security Update for Microsoft Office PowerPoint 2007 (KB957789) - (.Microsoft.) [HKLM] O42 - Logiciel: Security Update for Microsoft Office Publisher 2007 (KB980470) - (.Microsoft.) [HKLM] O42 - Logiciel: Security Update for Microsoft Office Visio Viewer 2007 (KB973709) - (.Microsoft.) [HKLM] O42 - Logiciel: Security Update for Microsoft Office Word 2007 (KB969604) - (.Microsoft.) [HKLM] O42 - Logiciel: Security Update for Microsoft Office system 2007 (972581) - (.Microsoft.) [HKLM] O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB969613) - (.Microsoft.) [HKLM] O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB974234) - (.Microsoft.) [HKLM] O42 - Logiciel: Sibelius 5 Demo - (.Sibelius Software.) [HKLM] O42 - Logiciel: Sibelius Scorch (Firefox, Opera, Netscape only) - (.Sibelius Software.) [HKLM] O42 - Logiciel: Simple Sudoku 4.2 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Skype™ 4.0 - (.Skype Technologies S.A..) [HKLM] O42 - Logiciel: SmartList To Go - (.DataViz, Inc..) [HKLM] O42 - Logiciel: Sophos Anti-Rootkit 1.3 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: SpeedFan (remove only) - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Spybot - Search & Destroy 1.4 - (.Safer Networking Limited.) [HKLM] O42 - Logiciel: StationRipper 2.71 - (.Ratajik Software.) [HKLM] O42 - Logiciel: StealthNet 0.8.7.2 - (.The StealthNet Team.) [HKLM] O42 - Logiciel: Sudoku 3D Pro - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Sudoku V 3.0 - (.Olivier RAVET.) [HKLM] O42 - Logiciel: TeamViewer 4 - (.TeamViewer GmbH.) [HKLM] O42 - Logiciel: Tous les Noms de Famille de France V.6.5.1 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: UMVPLStandalone - (.Logitech Inc..) [HKLM] O42 - Logiciel: URL Snooper v2.26.01 - (.DonationCoder.com.) [HKLM] O42 - Logiciel: Universal Extractor 1.6 - (.Jared Breland.) [HKLM] O42 - Logiciel: Unlocker 1.8.6 - (.Cedrick Collomb.) [HKLM] O42 - Logiciel: Update for 2007 Microsoft Office System (KB967642) - (.Microsoft.) [HKLM] O42 - Logiciel: Update for 2007 Microsoft Office System (KB981715) - (.Microsoft.) [HKLM] O42 - Logiciel: Update for Microsoft Office InfoPath 2007 (KB976416) - (.Microsoft.) [HKLM] O42 - Logiciel: Update for Outlook 2007 Junk Email Filter (kb981433) - (.Microsoft.) [HKLM] O42 - Logiciel: VDMSound - (.Vlad Romascanu.) [HKLM] O42 - Logiciel: VobEdit 0.6 Fr - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: WaveLab Lite - (.Steinberg.) [HKLM] O42 - Logiciel: WinHTTrack Website Copier 3.30 - (.HTTrack.) [HKLM] O42 - Logiciel: WinPcap 4.1.1 - (.CACE Technologies.) [HKLM] O42 - Logiciel: WinWAP for Windows 3.2 - (.Winwap Technologies Oy.) [HKLM] O42 - Logiciel: WinZip - (.WinZip Computing LP.) [HKLM] O42 - Logiciel: Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Windows Genuine Advantage Notifications (KB905474) - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Windows Installer Clean Up - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Windows Internet Explorer 7 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Windows Internet Explorer 8 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Windows Media Format 11 runtime - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Windows Media Format 11 runtime - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Windows Media Player 11 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Windows Media Player Firefox Plugin - (.Microsoft Corp.) [HKLM] O42 - Logiciel: Windows XP Service Pack 3 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Wintree Version 3.0 d - (.Decrock.) [HKLM] O42 - Logiciel: ZebHelpProcess 2.34 - (.Nicolas Coolman.) [HKLM] O42 - Logiciel: dBpowerAMP Wavpack Codec - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: dBpoweramp FLAC Codec - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: dBpoweramp Monkeys Audio Codec - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: dBpoweramp Musepack Codec - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: dBpoweramp Ogg Vorbis Codec - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: dBpoweramp Windows Media Audio 10 Codec - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: dMC Power Pack - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: eMule - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: jv16 PowerTools 1.3 - (.Pas de propriétaire.) [HKLM] ---\\ HKCU & HKLM Software Keys [HKCU\Software\ABSoft] [HKCU\Software\AC3filter] [HKCU\Software\ASProtect] [HKCU\Software\ATI] [HKCU\Software\Ad-Remover] [HKCU\Software\Adobe] [HKCU\Software\Advanced IRC] [HKCU\Software\Ahead] [HKCU\Software\Alcohol Soft] [HKCU\Software\Angus Johnson] [HKCU\Software\Anuman Interactive] [HKCU\Software\Apple Computer, Inc.] [HKCU\Software\ApplianTechnologies] [HKCU\Software\ArcSoft] [HKCU\Software\Audacity] [HKCU\Software\Auralis] [HKCU\Software\Avira] [HKCU\Software\BITSoft] [HKCU\Software\BitTorrent] [HKCU\Software\Borland] [HKCU\Software\Bsd Concept] [HKCU\Software\CDIP] [HKCU\Software\CDRWIN 5] [HKCU\Software\Clients] [HKCU\Software\Cobian] [HKCU\Software\CoreVorbis] [HKCU\Software\Creative Tech] [HKCU\Software\Cyberlink] [HKCU\Software\DATA BECKER] [HKCU\Software\DDH Software] [HKCU\Software\DPSoftware] [HKCU\Software\DSP-worx] [HKCU\Software\DVD Shrink] [HKCU\Software\DataViz] [HKCU\Software\DefaultID] [HKCU\Software\Digital River] [HKCU\Software\DivXNetworks] [HKCU\Software\DxO Optics Pro] [HKCU\Software\DxO] [HKCU\Software\EMCO MSI Package Builder] [HKCU\Software\EMME] [HKCU\Software\EPSON] [HKCU\Software\EditHexa] [HKCU\Software\Elaborate Bytes] [HKCU\Software\Elcom] [HKCU\Software\Exifer] [HKCU\Software\Foxit Software Company] [HKCU\Software\Foxit Software] [HKCU\Software\FreeDownloadManager.ORG] [HKCU\Software\Freeware] [HKCU\Software\FreshDevices] [HKCU\Software\Fridgesoft] [HKCU\Software\GHCS] [HKCU\Software\GIANTCompany] [HKCU\Software\GNU] [HKCU\Software\Gabest] [HKCU\Software\Genie-Soft] [HKCU\Software\GlarySoft] [HKCU\Software\decrock] [HKCU\Software\digital publishing] [HKCU\Software\e-merge] [HKCU\Software\eMule] [HKCU\Software\ePaperPress] [HKCU\Software\ej-technologies] [HKLM\Software\ABSoft] [HKLM\Software\ACE Compression Software] [HKLM\Software\ATI Technologies] [HKLM\Software\ATI] [HKLM\Software\Adobe Systems] [HKLM\Software\Adobe] [HKLM\Software\Ahead] [HKLM\Software\America Online] [HKLM\Software\Apple Computer, Inc.] [HKLM\Software\Avira] [HKLM\Software\BigScott27] [HKLM\Software\Boonty] [HKLM\Software\Borland] [HKLM\Software\C07ft5Y] [HKLM\Software\CDDB] [HKLM\Software\CDRWIN5] [HKLM\Software\Canon] [HKLM\Software\Carpet] [HKLM\Software\Chilkat Software, Inc.] [HKLM\Software\Classes] [HKLM\Software\Clients] [HKLM\Software\Cobian] [HKLM\Software\Codec Tweak Tool] [HKLM\Software\Creative Tech] [HKLM\Software\Cyberlink] [HKLM\Software\D-Tools] [HKLM\Software\DDH Software] [HKLM\Software\DECROCK] [HKLM\Software\DIOC] [HKLM\Software\Debug] [HKLM\Software\DivXNetworks] [HKLM\Software\DownloadHelper] [HKLM\Software\EMCO MSI Package Builder] [HKLM\Software\EPSON Photo Print] [HKLM\Software\EPSON] [HKLM\Software\Elaborate Bytes] [HKLM\Software\Elcom] [HKLM\Software\Foxit Software] [HKLM\Software\FreshDevices] [HKLM\Software\GIANTCompany] [HKLM\Software\GNU] [HKLM\Software\Gabest] [HKLM\Software\Gemplus] [HKLM\Software\Google] [HKLM\Software\Gravity Soft] [HKLM\Software\HaaliMkx] [HKLM\Software\Hemera Products] [HKLM\Software\InstallShield] [HKLM\Software\InstalledOptions] [HKLM\Software\Intel] [HKLM\Software\InterVideo] [HKLM\Software\Internet Download Manager] [HKLM\Software\JavaSoft] [HKLM\Software\JreMetrics] [HKLM\Software\KLCodecPack] [HKLM\Software\Licenses] [HKLM\Software\LizardTech] [HKLM\Software\Logitech] [HKLM\Software\Macromedia] [HKLM\Software\Micro Application] [HKLM\Software\MicroQuill] [HKLM\Software\MidiTec] [HKLM\Software\MozillaPlugins] [HKLM\Software\Mozilla] [HKLM\Software\MyHeritage.com] [HKLM\Software\Myriad Software] [HKLM\Software\NCSoft] [HKLM\Software\Network Associates] [HKLM\Software\Nico Mak Computing] [HKLM\Software\Nikon] [HKLM\Software\ODBC] [HKLM\Software\Orium Software] [HKLM\Software\PACE Anti-Piracy] [HKLM\Software\PepiMK Software] [HKLM\Software\Pinnacle Systems] [HKLM\Software\PixVue.Com] [HKLM\Software\Policies] [HKLM\Software\Program Groups] [HKLM\Software\Protexis] [HKLM\Software\Python] [HKLM\Software\QuEnc] [HKLM\Software\Ratajik Software] [HKLM\Software\RealNetworks] [HKLM\Software\RegisteredApplications] [HKLM\Software\RjH Software] [HKLM\Software\S3R521] [HKLM\Software\SUPERAntiSpyware.com] [HKLM\Software\Safer Networking Limited] [HKLM\Software\Schlumberger] [HKLM\Software\Sibelius Software] [HKLM\Software\Skype] [HKLM\Software\Smart Panel] [HKLM\Software\Soeperman Enterprises Ltd.] [HKLM\Software\SoftLogica] [HKLM\Software\Sonic] [HKLM\Software\Sophos] [HKLM\Software\SplashData] [HKLM\Software\Sports] [HKLM\Software\Std] [HKLM\Software\Steinberg] [HKLM\Software\String Comparison] [HKLM\Software\Sunbelt Software] [HKLM\Software\Swearware] [HKLM\Software\TG Byte Software] [HKLM\Software\TeamViewer] [HKLM\Software\TorrentSearcher] [HKLM\Software\Totalidea Software] [HKLM\Software\Trad-FR] [HKLM\Software\TrendMicro] [HKLM\Software\Ulead Systems] [HKLM\Software\Uniblue] [HKLM\Software\VEGA] [HKLM\Software\VOB] [HKLM\Software\VSO] [HKLM\Software\Via4in1Driver] [HKLM\Software\Voice] [HKLM\Software\Wheel] [HKLM\Software\WinPcap] [HKLM\Software\Windows 3.1 Migration Status] [HKLM\Software\Winzip FR] [HKLM\Software\Wise Solutions] [HKLM\Software\X-AVCSD] [HKLM\Software\Xi] [HKLM\Software\Yahoo] [HKLM\Software\Zone Labs] [HKLM\Software\ePaperPress] [HKLM\Software\mozilla.org] ---\\ Contenu des dossiers Fichiers Communs (O43) O43 - CFD:Common File Directory ----D- C:\Program Files\3D Photo Browser O43 - CFD:Common File Directory ----D- C:\Program Files\3M O43 - CFD:Common File Directory ----D- C:\Program Files\3M Littmann O43 - CFD:Common File Directory ----D- C:\Program Files\Adobe O43 - CFD:Common File Directory ----D- C:\Program Files\Advanced IRC O43 - CFD:Common File Directory ----D- C:\Program Files\Ahead O43 - CFD:Common File Directory ----D- C:\Program Files\Alcohol Soft O43 - CFD:Common File Directory ----D- C:\Program Files\ANtsP2P O43 - CFD:Common File Directory ----D- C:\Program Files\Anuman Interactive O43 - CFD:Common File Directory ----D- C:\Program Files\Apple Software Update O43 - CFD:Common File Directory ----D- C:\Program Files\ATI Technologies O43 - CFD:Common File Directory ----D- C:\Program Files\Audacity O43 - CFD:Common File Directory ----D- C:\Program Files\AVG Anti-Spyware 7.5 O43 - CFD:Common File Directory ----D- C:\Program Files\AVI MPEG RM WMV Joiner O43 - CFD:Common File Directory ----D- C:\Program Files\Avi2Dvd O43 - CFD:Common File Directory ----D- C:\Program Files\Avira O43 - CFD:Common File Directory ----D- C:\Program Files\AviSynth 2.5 O43 - CFD:Common File Directory ----D- C:\Program Files\BackupBuddy O43 - CFD:Common File Directory ----D- C:\Program Files\Blues for Piano and Keyboard 10.0 O43 - CFD:Common File Directory ----D- C:\Program Files\BSD Concept O43 - CFD:Common File Directory ----D- C:\Program Files\CCleaner O43 - CFD:Common File Directory ----D- C:\Program Files\CDRWIN5 O43 - CFD:Common File Directory ----D- C:\Program Files\CH Products O43 - CFD:Common File Directory ----D- C:\Program Files\Cobian Backup 8 O43 - CFD:Common File Directory ----D- C:\Program Files\Cobian Backup 9 O43 - CFD:Common File Directory ----D- C:\Program Files\Common~1 O43 - CFD:Common File Directory ----D- C:\Program Files\ComPlus Applications O43 - CFD:Common File Directory ----D- C:\Program Files\ConvertHelper O43 - CFD:Common File Directory ----D- C:\Program Files\Creative O43 - CFD:Common File Directory ----D- C:\Program Files\dBpowerAMP O43 - CFD:Common File Directory ----D- C:\Program Files\DivX O43 - CFD:Common File Directory ----D- C:\Program Files\Documents To Go O43 - CFD:Common File Directory ----D- C:\Program Files\DoublePics O43 - CFD:Common File Directory ----D- C:\Program Files\DVD Shrink O43 - CFD:Common File Directory ----D- C:\Program Files\DxO Labs O43 - CFD:Common File Directory ----D- C:\Program Files\EarMaster Pro 5 O43 - CFD:Common File Directory ----D- C:\Program Files\EasyCleaner O43 - CFD:Common File Directory ----D- C:\Program Files\eMule O43 - CFD:Common File Directory ----D- C:\Program Files\ePaperPress O43 - CFD:Common File Directory ----D- C:\Program Files\EPSON O43 - CFD:Common File Directory ----D- C:\Program Files\Exifer O43 - CFD:Common File Directory ----D- C:\Program Files\FamilySearch O43 - CFD:Common File Directory R---D- C:\Program Files\Fichiers communs O43 - CFD:Common File Directory ----D- C:\Program Files\File Scanner Library (Spybot - Search & Destroy) O43 - CFD:Common File Directory ----D- C:\Program Files\Foxit Software O43 - CFD:Common File Directory ----D- C:\Program Files\GedCom-Vision O43 - CFD:Common File Directory ----D- C:\Program Files\GedStar O43 - CFD:Common File Directory ----D- C:\Program Files\GNU O43 - CFD:Common File Directory ----D- C:\Program Files\GNU Solfege O43 - CFD:Common File Directory ----D- C:\Program Files\Google O43 - CFD:Common File Directory ----D- C:\Program Files\GrabIt O43 - CFD:Common File Directory ----D- C:\Program Files\Greeting Card Creator O43 - CFD:Common File Directory ----D- C:\Program Files\GRISOFT O43 - CFD:Common File Directory ----D- C:\Program Files\Guitar Pro 4 O43 - CFD:Common File Directory ----D- C:\Program Files\HanDBase3 O43 - CFD:Common File Directory ----D- C:\Program Files\HardwareDetection O43 - CFD:Common File Directory ----D- C:\Program Files\Harmony Assistant O43 - CFD:Common File Directory ----D- C:\Program Files\Helicon Software O43 - CFD:Common File Directory ----D- C:\Program Files\Hijackthis O43 - CFD:Common File Directory ----D- C:\Program Files\i2p O43 - CFD:Common File Directory ----D- C:\Program Files\icesword O43 - CFD:Common File Directory ----D- C:\Program Files\IfoEdit O43 - CFD:Common File Directory ----D- C:\Program Files\IKEA HomePlanner O43 - CFD:Common File Directory ----D- C:\Program Files\Illustrate O43 - CFD:Common File Directory ----D- C:\Program Files\iMule-1.4.5 O43 - CFD:Common File Directory --H-D- C:\Program Files\InstallShield Installation Information O43 - CFD:Common File Directory ----D- C:\Program Files\Internet Explorer O43 - CFD:Common File Directory ----D- C:\Program Files\Java O43 - CFD:Common File Directory ----D- C:\Program Files\Java(2) O43 - CFD:Common File Directory ----D- C:\Program Files\jv16 PowerTools O43 - CFD:Common File Directory ----D- C:\Program Files\K-Lite Codec Pack O43 - CFD:Common File Directory ----D- C:\Program Files\Kommute O43 - CFD:Common File Directory ----D- C:\Program Files\Lavalys O43 - CFD:Common File Directory ----D- C:\Program Files\LizardTech O43 - CFD:Common File Directory ----D- C:\Program Files\Logitech O43 - CFD:Common File Directory ----D- C:\Program Files\ma-config.com O43 - CFD:Common File Directory ----D- C:\Program Files\MagicISO O43 - CFD:Common File Directory ----D- C:\Program Files\Malwarebytes' Anti-Malware O43 - CFD:Common File Directory ----D- C:\Program Files\Managed DirectX (0901) O43 - CFD:Common File Directory ----D- C:\Program Files\MaxSplitter O43 - CFD:Common File Directory ----D- C:\Program Files\Media Player Classic O43 - CFD:Common File Directory ----D- C:\Program Files\Messenger O43 - CFD:Common File Directory ----D- C:\Program Files\Messenger Backup O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft AntiSpyware O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Baseline Security Analyzer 2 O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft CAPICOM 2.1.0.2 O43 - CFD:Common File Directory ----D- C:\Program Files\microsoft frontpage O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Games O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Money 2005 O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Office O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft.NET O43 - CFD:Common File Directory ----D- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy) O43 - CFD:Common File Directory ----D- C:\Program Files\Movie Maker O43 - CFD:Common File Directory ----D- C:\Program Files\Mozilla Firefox O43 - CFD:Common File Directory ----D- C:\Program Files\Mp3DirectCut O43 - CFD:Common File Directory ----D- C:\Program Files\MSBuild O43 - CFD:Common File Directory ----D- C:\Program Files\MSECache O43 - CFD:Common File Directory ----D- C:\Program Files\MSN O43 - CFD:Common File Directory ----D- C:\Program Files\MSN Gaming Zone O43 - CFD:Common File Directory ----D- C:\Program Files\MSXML 4.0 O43 - CFD:Common File Directory ----D- C:\Program Files\Musicalis O43 - CFD:Common File Directory ----D- C:\Program Files\MUTE O43 - CFD:Common File Directory ----D- C:\Program Files\myFairTunes O43 - CFD:Common File Directory ----D- C:\Program Files\MyVideoSoft O43 - CFD:Common File Directory ----D- C:\Program Files\NapShare O43 - CFD:Common File Directory ----D- C:\Program Files\Neat Image O43 - CFD:Common File Directory ----D- C:\Program Files\NetMeeting O43 - CFD:Common File Directory ----D- C:\Program Files\Newave O43 - CFD:Common File Directory ----D- C:\Program Files\Nikon O43 - CFD:Common File Directory ----D- C:\Program Files\Omer O43 - CFD:Common File Directory ----D- C:\Program Files\Outlook Express O43 - CFD:Common File Directory ----D- C:\Program Files\Pando Networks O43 - CFD:Common File Directory ----D- C:\Program Files\PDFtoMusic O43 - CFD:Common File Directory ----D- C:\Program Files\PeerGuardian2 O43 - CFD:Common File Directory ----D- C:\Program Files\PhotoFiltre O43 - CFD:Common File Directory ----D- C:\Program Files\Pinnacle O43 - CFD:Common File Directory ----D- C:\Program Files\PixVue O43 - CFD:Common File Directory ----D- C:\Program Files\PlayPianoTODAY O43 - CFD:Common File Directory ----D- C:\Program Files\PrivacyEraser Computing O43 - CFD:Common File Directory ----D- C:\Program Files\process monitor main O43 - CFD:Common File Directory ----D- C:\Program Files\PW O43 - CFD:Common File Directory ----D- C:\Program Files\QuickPar O43 - CFD:Common File Directory ----D- C:\Program Files\QuickTime O43 - CFD:Common File Directory ----D- C:\Program Files\RadCor O43 - CFD:Common File Directory ----D- C:\Program Files\Radio Fr Solo O43 - CFD:Common File Directory ----D- C:\Program Files\Reagclean O43 - CFD:Common File Directory ----D- C:\Program Files\Real O43 - CFD:Common File Directory ----D- C:\Program Files\Reference Assemblies O43 - CFD:Common File Directory ----D- C:\Program Files\RegClean O43 - CFD:Common File Directory ----D- C:\Program Files\RipTiger O43 - CFD:Common File Directory ----D- C:\Program Files\Sandboxie O43 - CFD:Common File Directory ----D- C:\Program Files\SanDisk O43 - CFD:Common File Directory ----D- C:\Program Files\SaverWiz O43 - CFD:Common File Directory ----D- C:\Program Files\ScummVM O43 - CFD:Common File Directory ----D- C:\Program Files\SDHelper (Spybot - Search & Destroy) O43 - CFD:Common File Directory ----D- C:\Program Files\SEAF O43 - CFD:Common File Directory ----D- C:\Program Files\Sensory O43 - CFD:Common File Directory ----D- C:\Program Files\Services en ligne O43 - CFD:Common File Directory ----D- C:\Program Files\Sibelius Software O43 - CFD:Common File Directory ----D- C:\Program Files\Simple Sudoku O43 - CFD:Common File Directory R---D- C:\Program Files\Skype O43 - CFD:Common File Directory ----D- C:\Program Files\SlySoft O43 - CFD:Common File Directory ----D- C:\Program Files\Smart Panel O43 - CFD:Common File Directory ----D- C:\Program Files\Smart Projects O43 - CFD:Common File Directory ----D- C:\Program Files\SmartGenealogy_2.8c O43 - CFD:Common File Directory ----D- C:\Program Files\SmartList To Go O43 - CFD:Common File Directory ----D- C:\Program Files\SoftLogica O43 - CFD:Common File Directory ----D- C:\Program Files\Sophos O43 - CFD:Common File Directory ----D- C:\Program Files\SpeedFan O43 - CFD:Common File Directory ----D- C:\Program Files\SpeedItUpFree O43 - CFD:Common File Directory ----D- C:\Program Files\SplashData O43 - CFD:Common File Directory ----D- C:\Program Files\Spybot - Search & Destroy O43 - CFD:Common File Directory ----D- C:\Program Files\StationRipper O43 - CFD:Common File Directory ----D- C:\Program Files\StealthNet O43 - CFD:Common File Directory ----D- C:\Program Files\Steinberg O43 - CFD:Common File Directory ----D- C:\Program Files\Sudoku O43 - CFD:Common File Directory ----D- C:\Program Files\Sudoku 3D Pro O43 - CFD:Common File Directory ----D- C:\Program Files\Sunbelt Software O43 - CFD:Common File Directory ----D- C:\Program Files\SUPERAntiSpyware O43 - CFD:Common File Directory ----D- C:\Program Files\SWI O43 - CFD:Common File Directory ----D- C:\Program Files\Synaesthete O43 - CFD:Common File Directory ----D- C:\Program Files\TeamViewer O43 - CFD:Common File Directory ----D- C:\Program Files\TeaTimer (Spybot - Search & Destroy) O43 - CFD:Common File Directory ----D- C:\Program Files\thinkingBytes O43 - CFD:Common File Directory ----D- C:\Program Files\TimeAdjuster O43 - CFD:Common File Directory ----D- C:\Program Files\Tweak-XP Pro 4 O43 - CFD:Common File Directory ----D- C:\Program Files\Ujihara O43 - CFD:Common File Directory ----D- C:\Program Files\Ulead Systems O43 - CFD:Common File Directory --H-D- C:\Program Files\Uninstall Information O43 - CFD:Common File Directory ----D- C:\Program Files\Universal Extractor O43 - CFD:Common File Directory ----D- C:\Program Files\Unlocker O43 - CFD:Common File Directory ----D- C:\Program Files\URLSnooper2 O43 - CFD:Common File Directory ----D- C:\Program Files\USB-set O43 - CFD:Common File Directory ----D- C:\Program Files\uTorrent O43 - CFD:Common File Directory ----D- C:\Program Files\VDMSound O43 - CFD:Common File Directory ----D- C:\Program Files\Vg O43 - CFD:Common File Directory ----D- C:\Program Files\VideoLAN O43 - CFD:Common File Directory ----D- C:\Program Files\VirtualDubMOD O43 - CFD:Common File Directory ----D- C:\Program Files\VOB O43 - CFD:Common File Directory ----D- C:\Program Files\VSO O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Defender O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Installer Clean Up O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live SkyDrive O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Connect 2 O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Player O43 - CFD:Common File Directory ----D- C:\Program Files\Windows NT O43 - CFD:Common File Directory --HAD- C:\Program Files\WindowsUpdate O43 - CFD:Common File Directory ----D- C:\Program Files\WinHTTrack O43 - CFD:Common File Directory ----D- C:\Program Files\WinPcap O43 - CFD:Common File Directory ----D- C:\Program Files\WinRAR O43 - CFD:Common File Directory ----D- C:\Program Files\WINTREE O43 - CFD:Common File Directory ----D- C:\Program Files\Winwap Technologies O43 - CFD:Common File Directory ----D- C:\Program Files\WinZip O43 - CFD:Common File Directory ----D- C:\Program Files\xerox O43 - CFD:Common File Directory ----D- C:\Program Files\Xi O43 - CFD:Common File Directory ----D- C:\Program Files\Yahoo! O43 - CFD:Common File Directory ----D- C:\Program Files\ZebHelpProcess 2 O43 - CFD:Common File Directory --H-D- C:\Program Files\Zero G Registry O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Adobe ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.00000000000000000000000000000000] - 01/05/2010 - 10:22:51 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\WindowsUpdate.log [1629690] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 01/05/2010 - 10:20:23 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\0.log [0] O44 - LFC:[MD5.00000000000000000000000000000000] - 01/05/2010 - 10:20:13 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\wiadebug.log [159] O44 - LFC:[MD5.00000000000000000000000000000000] - 01/05/2010 - 10:19:59 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\wiaservc.log [50] O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 01/05/2010 - 10:19:34 -S-A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\bootstat.dat [2048] O44 - LFC:[MD5.AA2F63E9DB0B422EA42C4C841D827A1D] - 01/05/2010 - 10:18:11 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000000-00000000-0000000B-00001102-00000004-00401102}.rfx [3888] O44 - LFC:[MD5.AA2F63E9DB0B422EA42C4C841D827A1D] - 01/05/2010 - 10:18:11 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\BMXCtrlState-{00000000-00000000-0000000B-00001102-00000004-00401102}.rfx [3888] O44 - LFC:[MD5.00000000000000000000000000000000] - 01/05/2010 - 10:17:55 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\SchedLgU.Txt [32484] O44 - LFC:[MD5.3216055D989BB876D507BDA624D57AB6] - 30/04/2010 - 20:40:22 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\MEMORY.DMP [536428544] O44 - LFC:[MD5.043DA7677BFBAE621EDFD4E4D138B0F0] - 30/04/2010 - 20:40:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\avenger.txt [1774] O44 - LFC:[MD5.6490C3F6B8336D05DE8FCAD8C94F50C8] - 30/04/2010 - 13:22:20 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\PDOXUSRS.NET [13030] O44 - LFC:[MD5.23A8C23D9C43F96CAABA5102B2E9D85C] - 28/04/2010 - 20:19:01 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\ComboFix.txt [27327] O44 - LFC:[MD5.87AFDE2B95CB0FDB8477AB22D02BFC94] - 28/04/2010 - 20:06:26 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system.ini [274] O44 - LFC:[MD5.7F4247C03A71E65171CEBC339B37AB20] - 27/04/2010 - 19:14:37 RSHA- . (.Pas de propriétaire - Pas de description.) -- C:\boot.ini [282] O44 - LFC:[MD5.3CECCD255392A3A640830F3CF97CE162] - 27/04/2010 - 19:14:36 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Boot.bak [212] O44 - LFC:[MD5.48C65662EC81FBCAA110509F50C51497] - 27/04/2010 - 19:14:27 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\cmldr [263488] O44 - LFC:[MD5.AE72E8619CB31D84DA25E2435E55003C] - 27/04/2010 - 19:12:56 ---A- . (.NirSoft - NirCmd.) -- C:\WINDOWS\NIRCMD.exe [31232] O44 - LFC:[MD5.C5EC72A20B4C98DB5314E6C46765B148] - 27/04/2010 - 19:12:56 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\MBR.exe [77312] O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 27/04/2010 - 19:12:56 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\grep.exe [80412] O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 27/04/2010 - 19:12:56 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\sed.exe [98816] O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 27/04/2010 - 19:12:56 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\zip.exe [68096] O44 - LFC:[MD5.01D95A1F8CF13D07CC564AABB36BCC0B] - 27/04/2010 - 19:12:56 ---A- . (.SteelWerX - Freeware implementation of REG.EXE.) -- C:\WINDOWS\SWREG.exe [161792] O44 - LFC:[MD5.B7517DB073B28F5696A1E5528ABEB5D0] - 27/04/2010 - 19:12:56 ---A- . (.SteelWerX - Freeware implementation of SC.EXE.) -- C:\WINDOWS\SWSC.exe [136704] O44 - LFC:[MD5.B1A9CF0B6F80611D31987C247EC630B4] - 27/04/2010 - 19:12:56 ---A- . (.SteelWerX - Freeware implementation of XCACLS.) -- C:\WINDOWS\SWXCACLS.exe [212480] O44 - LFC:[MD5.1A6D80AA9E021EC3B094887D47202188] - 27/04/2010 - 12:26:33 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Ad-Report-CLEAN[1].txt [4714] O44 - LFC:[MD5.265672A002D063A3ED2D26F939E04FC3] - 27/04/2010 - 12:13:33 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Ad-Report-SCAN[1].txt [4046] O44 - LFC:[MD5.EC1C7B6CCFB28B096C9D514ACCF05C74] - 27/04/2010 - 09:12:51 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\TB.txt [3152] O44 - LFC:[MD5.4BB0628A9105D8C11B602E6F53470015] - 27/04/2010 - 07:59:24 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\drivers\fwdrv.err [1735460] O44 - LFC:[MD5.F1FBA6185A6A2BC6456970914875078E] - 26/04/2010 - 14:58:12 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\PEV.exe [256512] O44 - LFC:[MD5.FBFAF1C2C34F301BBE4C9407D2AC60E1] - 26/04/2010 - 11:21:59 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\wpa.dbl [2206] O44 - LFC:[MD5.7112190518B5AEAA05B259BBE393C9ED] - 25/04/2010 - 17:18:48 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\NeroDigital.ini [116] O44 - LFC:[MD5.43B537FA5AAC2FDE07A7E320E4362363] - 21/04/2010 - 06:53:57 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\3) [2133] O44 - LFC:[MD5.A9C93CE2627B78646BE5BBCB95DEC8EA] - 11/04/2010 - 12:59:25 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\win.ini [940] O44 - LFC:[MD5.19BC3077C98654C4F685624D8383BC2E] - 07/04/2010 - 06:10:06 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\Radio_Fr.ini [1208] O44 - LFC:[MD5.91BA33C14DF133FA79AFB6A92F582CDD] - 04/04/2010 - 15:41:28 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\d3d9caps.dat [664] O44 - LFC:[MD5.3C94558CD1705DA468C9562110F34069] - 04/04/2010 - 10:37:11 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\DonationCoder_urlsnooper_InstallInfo.dat [46] O44 - LFC:[MD5.7311558A1B943CED90A75E0409F5C5D9] - 04/04/2010 - 10:36:32 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\-1 [57] O44 - LFC:[MD5.CF236C6C37519794C8CB663FA639297D] - 03/04/2010 - 11:06:51 ---A- . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\WINDOWS\System32\java.exe [145184] O44 - LFC:[MD5.8BB5783B22869D303B2E624947A9A52A] - 03/04/2010 - 11:06:51 ---A- . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\WINDOWS\System32\javaw.exe [145184] O44 - LFC:[MD5.AC600895C014D245B03749CA3B5CBED4] - 03/04/2010 - 11:06:51 ---A- . (.Sun Microsystems, Inc. - Java Web Start Launcher.) -- C:\WINDOWS\System32\javaws.exe [153376] O44 - LFC:[MD5.FC1F0157B07D3FA402FC629AE9B977AE] - 03/04/2010 - 11:06:29 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\jupdate-1.6.0_19-b04.log [4229] O44 - LFC:[MD5.C71E8FF0D92FF876EB1C591A34AFDD03] - 03/04/2010 - 11:05:56 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\PerfStringBackup.INI [1395924] O44 - LFC:[MD5.842A215C78E052C380DCB2515035588F] - 03/04/2010 - 11:05:56 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfc009.dat [102990] O44 - LFC:[MD5.E2E8D636EFC592EB4E0383DEEC8E42F3] - 03/04/2010 - 11:05:56 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfc00C.dat [123638] O44 - LFC:[MD5.87D027A624CA713E45C12986BE94972C] - 03/04/2010 - 11:05:56 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfh009.dat [535828] O44 - LFC:[MD5.36A359FF2187AD2C10957403688B50CA] - 03/04/2010 - 11:05:56 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfh00C.dat [615420] ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll O46 - SEH:ShellExecuteHooks - Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\PROGRA~1\WINDOW~4\MpShHook.dll ---\\ Export de clé d'application autorisée (ECAA) (O47) O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\dpnsvr.exe" [Disabled] .(.Microsoft Corporation - Microsoft DirectPlay8 Server.) -- C:\WINDOWS\system32\dpnsvr.exe O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\sessmgr.exe" [Disabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe O47 - AAKE:Key Export SP - "C:\Program Files\eMule\emule.exe" [Disabled] .(.http://www.emule-project.net - eMule.) -- C:\Program Files\eMule\emule.exe O47 - AAKE:Key Export SP - "C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe" [Enabled] .(.Sunbelt Software - Sunbelt Kerio Firewall GUI.) -- C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe O47 - AAKE:Key Export SP - "C:\Program Files\uTorrent\uTorrent.exe" [Enabled] .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe O47 - AAKE:Key Export SP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe O47 - AAKE:Key Export SP - "C:\Program Files\Skype\Phone\Skype.exe" [Enabled] .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" [Enabled] .(.Microsoft Corporation - Windows Live Call.) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [Enabled] .(.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe O47 - AAKE:Key Export DP - "C:\Program Files\MSN Messenger\msncall.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\MSN Messenger\msncall.exe O47 - AAKE:Key Export DP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) (.not file.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O47 - AAKE:Key Export DP - "C:\Program Files\MSN Messenger\livecall.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\MSN Messenger\livecall.exe O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" [Enabled] .(.Microsoft Corporation - Windows Live Call.) (.not file.) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [Enabled] .(.Microsoft Corporation - Windows Live Messenger.) (.not file.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe ---\\ Image File Execution Options (IFEO) (O50) O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d ---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52) O52 - TDSD: \Drivers32\"msacm.trspch"="tssoft32.acm" . (.DSP GROUP, INC. - Codec audio TrueSpeech DSP Group pour MSACM V3.50.) -- C:\WINDOWS\System32\tssoft32.acm O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\WINDOWS\System32\iccvid.dll O52 - TDSD: \Drivers32\"vidc.iv31"="ir32_32.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ir32_32.dll O52 - TDSD: \Drivers32\"vidc.iv32"="ir32_32.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ir32_32.dll O52 - TDSD: \Drivers32\"msacm.sl_anet"="sl_anet.acm" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm O52 - TDSD: \Drivers32\"vidc.iv50"="ir50_32.dll" . (.Intel Corporation - Intel Indeo® video 5.10.) -- C:\WINDOWS\System32\ir50_32.dll O52 - TDSD: \Drivers32\"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax O52 - TDSD: \Drivers32\"VIDC.DIVX"="divx.dll" . (.DivX, Inc. - DivX.) -- C:\WINDOWS\System32\divx.dll O52 - TDSD: \Drivers32\"VIDC.XVID"="xvidvfw.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\xvidvfw.dll O52 - TDSD: \Drivers32\"vidc.iv41"="Ir41_32.ax" . (.Intel Corporation - Intel Indeo® Video 4.5.) -- C:\WINDOWS\System32\Ir41_32.ax O52 - TDSD: \Drivers32\"VIDC.YV12"="yv12vfw.dll" . (.www.helixcommunity.org - Helix YV12 YUV Codec.) -- C:\WINDOWS\System32\yv12vfw.dll O52 - TDSD: \Drivers32\"msacm.vorbis"="vorbis.acm" . (.HMS http://hp.vector.co.jp/authors/VA012897 - Ogg Vorbis CODEC for MSACM.) -- C:\WINDOWS\System32\vorbis.acm O52 - TDSD: \Drivers32\"msacm.ac3acm"="ac3acm.acm" . (.fccHandler - AC-3 ACM Codec.) -- C:\WINDOWS\System32\ac3acm.acm O52 - TDSD: \Drivers32\"msacm.lameacm"="lameACM.acm" . (.http://www.mp3dev.org/ - Lame MP3 codec engine.) -- C:\WINDOWS\System32\lameACM.acm O52 - TDSD: \Drivers32\"msacm.divxa32"="divxa32.acm" . (.Kristal Studi - DivX WMA Audi.) -- C:\WINDOWS\System32\divxa32.acm O52 - TDSD: \Drivers32\"VIDC.FFDS"="ff_vfw.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ff_vfw.dll O52 - TDSD: \Drivers32\"vidc.tscc"="tsccvid.dll" . (.TechSmith Corporation - TechSmith Screen Capture Codec.) -- C:\WINDOWS\System32\tsccvid.dll O52 - TDSD: \drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm O52 - TDSD: \drivers.desc\"C:\WINDOWS\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\System32\l3codeca.acm O52 - TDSD: \drivers.desc\"tssoft32.acm"="tssoft32.acm" . (.DSP GROUP, INC. - Codec audio TrueSpeech DSP Group pour MSACM V3.50.) -- C:\WINDOWS\System32\tssoft32.acm O52 - TDSD: \drivers.desc\"iccvid.dll"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\WINDOWS\System32\iccvid.dll O52 - TDSD: \drivers.desc\"ir32_32.dll"="ir32_32.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ir32_32.dll O52 - TDSD: \drivers.desc\"Ir50_32.dll"="Indeo® video 5.10" . (.Pas de propriétaire - Pas de description.) -- (.not file.) O52 - TDSD: \drivers.desc\"iyvu9_32.dll"="Indeo® video Raw YVU9 by Intel" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\iyvu9_32.dll O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\Iac25_32.ax"="Indeo® audio software" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\Iac25_32.ax O52 - TDSD: \drivers.desc\"divx.dll"="DivX Pro 6.7.0" . (.Pas de propriétaire - Pas de description.) -- (.not file.) O52 - TDSD: \drivers.desc\"xvidvfw.dll"="Xvid MPEG-4 Video Codec v1.2.0-dev" . (.Pas de propriétaire - Pas de description.) -- (.not file.) O52 - TDSD: \drivers.desc\"lameACM.acm"="Lame ACM MP3 CODEC v3.97b2" . (.Pas de propriétaire - Pas de description.) -- (.not file.) O52 - TDSD: \drivers.desc\"vorbis.acm"="Ogg Vorbis Audio Codec" . (.HMS http://hp.vector.co.jp/authors/VA012897 - Ogg Vorbis CODEC for MSACM.) -- C:\WINDOWS\System32\vorbis.acm O52 - TDSD: \drivers.desc\"Ir41_32.ax"="Indeo® video interactive R4.3 by Intel" . (.Pas de propriétaire - Pas de description.) -- (.not file.) O52 - TDSD: \drivers.desc\"ac3acm.acm"="AC-3 ACM Codec" . (.fccHandler - AC-3 ACM Codec.) -- C:\WINDOWS\System32\ac3acm.acm O52 - TDSD: \drivers.desc\"divxa32.acm"="DivX Audio" . (.Kristal Studi - DivX WMA Audi.) -- C:\WINDOWS\System32\divxa32.acm O52 - TDSD: \drivers.desc\"ff_vfw.dll"="ffdshow video encoder" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ff_vfw.dll O52 - TDSD: \drivers.desc\"tsccvid.dll"="TechSmith Screen Capture Codec" . (.TechSmith Corporation - TechSmith Screen Capture Codec.) -- C:\WINDOWS\System32\tsccvid.dll ---\\ ShareTools MSconfig StartupReg (SMSR) (O53) O53 - SMSR:HKLM\...\startupreg\LogitechQuickCamRibbon [Key] . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ---\\ Microsoft Control Security Providers (MCSP) (O54) O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll ---\\ Microsoft Windows Policies System (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0 O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"= O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"= O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "DisableRegistryTools"=0 ---\\ Microsoft Windows Policies Explorer (MWPE) (O56) O56 - MWPE:[HKCU\...\Policies\Explorer] - "NoDriveTypeAutoRun"=323 O56 - MWPE:[HKCU\...\Policies\Explorer] - "NoDriveAutoRun"=67108863 O56 - MWPE:[HKCU\...\Policies\Explorer] - "NoDrives"=0 O56 - MWPE:[HKLM\...\Policies\Explorer] - "HonorAutoRunSetting"=1 O56 - MWPE:[HKLM\...\Policies\Explorer] - "NoDriveTypeAutoRun"=323 O56 - MWPE:[HKLM\...\Policies\Explorer] - "NoDriveAutoRun"=67108863 O56 - MWPE:[HKLM\...\Policies\Explorer] - "NoDrives"=0 ---\\ Liste des Drivers Système (SDL) (O58) O58 - SDL:[MD5.95B4FB835E28AA1336CEEB07FD5B9398] - 13/04/2008 - 19:36:39 ---A- . (.Advanced Micro Devices, Inc. - AMD Win2000 AGP Filter.) -- C:\WINDOWS\system32\drivers\amdagp.sys O58 - SDL:[MD5.116BFF96077A4A724E0AAB800525CEB5] - 28/08/2002 - 22:59:12 ---A- . (.ADMtek Incorporated. - ADMtek AN983/AN985/ADM951X NDIS5 Driver.) -- C:\WINDOWS\system32\drivers\an983.sys O58 - SDL:[MD5.875F9079CABEE679D34B49E466B61701] - 17/04/2002 - 19:27:02 ---A- . (.VOB Computersysteme GmbH - ASAPI.) -- C:\WINDOWS\system32\drivers\asapiW2k.sys O58 - SDL:[MD5.D649C57DA6FA762C64013747E5D7D2D6] - 03/08/2004 - 21:29:30 ---A- . (.ATI Technologies Inc. - ATI WDM BT829 MiniDriver (A).) -- C:\WINDOWS\system32\drivers\ati1btxx.sys O58 - SDL:[MD5.60B6AA2DC1521DA343F781B70EB7895A] - 03/08/2004 - 21:29:30 ---A- . (.ATI Technologies Inc. - ATI Specialized MVD VBI Codec.) -- C:\WINDOWS\system32\drivers\ati1mdxx.sys O58 - SDL:[MD5.6FDC61E8E8E17F6ECC2D9A10FA8DF347] - 03/08/2004 - 21:29:30 ---A- . (.ATI Technologies Inc. - ATI Specialized PCD VBI Codec.) -- C:\WINDOWS\system32\drivers\ati1pdxx.sys O58 - SDL:[MD5.9D318099BF3876A4AF4BC75966D27603] - 03/08/2004 - 21:29:32 ---A- . (.ATI Technologies Inc. - ATI Rage Theater Audio WDM Minidriver.) -- C:\WINDOWS\system32\drivers\ati1raxx.sys O58 - SDL:[MD5.BCAF267B10620F8C93F6E87AB726E145] - 03/08/2004 - 21:29:32 ---A- . (.ATI Technologies Inc. - ATI WDM Rage Theater MiniDriver.) -- C:\WINDOWS\system32\drivers\ati1rvxx.sys O58 - SDL:[MD5.DAC7D785CF62F5BD41441E9D6F5A6EFE] - 03/08/2004 - 21:29:32 ---A- . (.ATI Technologies Inc. - ATI WDM TV Sound MiniDriver.) -- C:\WINDOWS\system32\drivers\ati1snxx.sys O58 - SDL:[MD5.F7706DAE7D101F1B19CE552D772EBFCE] - 03/08/2004 - 21:29:32 ---A- . (.ATI Technologies Inc. - ATI WDM Teletext Decoder.) -- C:\WINDOWS\system32\drivers\ati1ttxx.sys O58 - SDL:[MD5.6F714B4720DD80FFA9F8D2731594EA4C] - 03/08/2004 - 21:29:32 ---A- . (.ATI Technologies Inc. - ATI WDM TVTuner MiniDriver.) -- C:\WINDOWS\system32\drivers\ati1tuxx.sys O58 - SDL:[MD5.67FFBC158DD4D27BA3FC92C6ACD87F73] - 03/08/2004 - 21:29:32 ---A- . (.ATI Technologies Inc. - ATI WDM CrossBar MiniDriver.) -- C:\WINDOWS\system32\drivers\ati1xbxx.sys O58 - SDL:[MD5.0D8CAB1F08F7D3C4DE228B49E12E596A] - 03/08/2004 - 21:29:32 ---A- . (.ATI Technologies Inc. - ATI WDM TVAUDIO_CrossBar MiniDriver.) -- C:\WINDOWS\system32\drivers\ati1xsxx.sys O58 - SDL:[MD5.A2F791E99FD6EECEBCCFB1953A1D6F24] - 19/08/2004 - 14:53:40 ---A- . (.ATI Technologies Inc. - Pilote de miniport ATI RAGE 128.) -- C:\WINDOWS\system32\drivers\ati2mtaa.sys O58 - SDL:[MD5.492BD2A5F65F218D4EDE5764A3BB67E9] - 03/05/2006 - 17:50:42 ---A- . (.ATI Technologies Inc. - ATI Radeon WindowsNT Miniport Driver.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys O58 - SDL:[MD5.993E7BD6438FE989E328C6B4BCA246A9] - 03/08/2004 - 21:29:28 ---A- . (.ATI Technologies Inc. - ATI WDM BT829 MiniDriver (A).) -- C:\WINDOWS\system32\drivers\atinbtxx.sys O58 - SDL:[MD5.ED4C2BF8403F4437987C0BA09CF48716] - 03/08/2004 - 21:29:30 ---A- . (.ATI Technologies Inc. - ATI Specialized MVD VBI Codec RT2.) -- C:\WINDOWS\system32\drivers\atinmdxx.sys O58 - SDL:[MD5.E90AC2B14E98F1A4372E5891B4278784] - 03/08/2004 - 21:29:30 ---A- . (.ATI Technologies Inc. - ATI Specialized PCD VBI Codec RT2.) -- C:\WINDOWS\system32\drivers\atinpdxx.sys O58 - SDL:[MD5.DA36687D701C833430605A298731410B] - 03/08/2004 - 21:29:30 ---A- . (.ATI Technologies Inc. - ATI Rage Theater Audio WDM Minidriver.) -- C:\WINDOWS\system32\drivers\atinraxx.sys O58 - SDL:[MD5.A7A01B907DB63898D40B0A14248FF9A2] - 03/08/2004 - 21:29:32 ---A- . (.ATI Technologies Inc. - ATI WDM Rage Theater MiniDriver RT2.) -- C:\WINDOWS\system32\drivers\atinrvxx.sys O58 - SDL:[MD5.CEDDEE2E0591894D19654D458FD3B9BE] - 03/08/2004 - 21:29:32 ---A- . (.ATI Technologies Inc. - ATI WDM TV Sound MiniDriver.) -- C:\WINDOWS\system32\drivers\atinsnxx.sys O58 - SDL:[MD5.D80A8F6C0A717446496C3A06D33B0D9C] - 03/08/2004 - 21:29:32 ---A- . (.ATI Technologies Inc. - ATI WDM Teletext Decoder.) -- C:\WINDOWS\system32\drivers\atinttxx.sys O58 - SDL:[MD5.EDD66332608D27F4FD5069BCD0BC5164] - 03/08/2004 - 21:29:32 ---A- . (.ATI Technologies Inc. - ATI WDM TVTuner MiniDriver.) -- C:\WINDOWS\system32\drivers\atintuxx.sys O58 - SDL:[MD5.3E7D485CBD0B0D9F6EA2AD9442411831] - 03/08/2004 - 21:29:32 ---A- . (.ATI Technologies Inc. - ATI WDM CrossBar MiniDriver.) -- C:\WINDOWS\system32\drivers\atinxbxx.sys O58 - SDL:[MD5.77B575D7AAB35D5908AE6CE681608D62] - 03/08/2004 - 21:29:32 ---A- . (.ATI Technologies Inc. - ATI WDM TVAUDIO_CrossBar MiniDriver RT2.) -- C:\WINDOWS\system32\drivers\atinxsxx.sys O58 - SDL:[MD5.5B44C214F9CD9F590BE9125347610380] - 13/02/2009 - 11:17:49 ---A- . (.Avira GmbH - Avira AntiVir File Filter Driver.) -- C:\WINDOWS\system32\drivers\avgntdd.sys O58 - SDL:[MD5.14FE36D8F2C6A2435275338D061A0B66] - 10/12/2009 - 19:28:27 ---A- . (.Avira GmbH - Avira Minifilter Driver.) -- C:\WINDOWS\system32\drivers\avgntflt.sys O58 - SDL:[MD5.2DAA8CC2670720DEDDCC74A20EDE2EE9] - 13/02/2009 - 11:28:39 ---A- . (.Avira GmbH - Avira AntiVir File Filter Driver Manager.) -- C:\WINDOWS\system32\drivers\avgntmgr.sys O58 - SDL:[MD5.AD9BD66A862116E79CB45BB6BE46055F] - 30/03/2009 - 09:32:47 ---A- . (.Avira GmbH - Avira Driver for RootKit Detection.) -- C:\WINDOWS\system32\drivers\avipbb.sys O58 - SDL:[MD5.35A301482478E97BE6E1C2748CE930E1] - 02/07/2003 - 17:41:42 ---A- . (.Pas de propriétaire - SCSI miniport.) -- C:\WINDOWS\system32\drivers\axwhisky.sys O58 - SDL:[MD5.F3B1CE696CCF6448C85E7CDC702098D8] - 02/07/2003 - 16:49:52 ---A- . (.Pas de propriétaire - Plug and Play BIOS Extension.) -- C:\WINDOWS\system32\drivers\axwskbus.sys O58 - SDL:[MD5.AABFFD787AB272FC903AFEEB336C6899] - 21/11/2006 - 00:36:58 ---A- . (.CH Products - CH Control Manager Driver 1.) -- C:\WINDOWS\system32\drivers\chdrvr01.sys O58 - SDL:[MD5.7536FB70BCBF5D10B810E67E72F68137] - 22/12/2005 - 22:41:52 ---A- . (.CH Products - CH Control Manager Driver 2.) -- C:\WINDOWS\system32\drivers\chdrvr02.sys O58 - SDL:[MD5.07E3319E5BAE758CEB83C80419681B6A] - 22/12/2005 - 22:41:44 ---A- . (.CH Products - CH Control Manager Driver 3.) -- C:\WINDOWS\system32\drivers\chdrvr03.sys O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 28/08/2001 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\drivers\cinemst2.sys O58 - SDL:[MD5.9624293E55AD405415862B504CA95B73] - 28/08/2001 - 13:00:00 ---A- . (.Compaq Computer Corporation - Compaq PA-1 Player Driver.) -- C:\WINDOWS\system32\drivers\cpqdap01.sys O58 - SDL:[MD5.D653F455B176529F0427B24361139619] - 11/09/2001 - 13:10:14 R--A- . (.Creative Technology Ltd. - Creative OS Services Driver (WDM).) -- C:\WINDOWS\system32\drivers\ctoss2k.sys O58 - SDL:[MD5.EF99D8DAB9FCE9B734B40D5E0DD6ABB4] - 02/10/2001 - 16:06:30 R--A- . (.Creative Technology Ltd - Creative EMU10Kx Device Driver (WDM).) -- C:\WINDOWS\system32\drivers\e10kx2k.sys O58 - SDL:[MD5.59C9E1336A4508F059827D638E924C62] - 28/11/2002 - 15:18:04 ---A- . (.Elaborate Bytes AG - ElbyCDIO Filter Driver.) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys O58 - SDL:[MD5.389823DB299B350F2EE830D47376EEAC] - 29/11/2002 - 12:38:16 ---A- . (.Elaborate Bytes AG - ElbyCD Windows NT/2000/XP I/O driver.) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys O58 - SDL:[MD5.C4143FC2F7D39A5A8B1CFE0BC4BD8A9E] - 28/11/2002 - 11:43:49 ---A- . (.Elaborate Bytes AG - VirtualCloneCD Driver.) -- C:\WINDOWS\system32\drivers\ElbyVCD.sys O58 - SDL:[MD5.1FF2EEF447A177DF2C544B80F8F7F879] - 18/07/2006 - 11:02:50 ---A- . (.Sunbelt Software - Sunbelt Kerio Firewall FWDRV.) -- C:\WINDOWS\system32\drivers\fwdrv.sys O58 - SDL:[MD5.970178E8E003EB1481293830069624B9] - 03/08/2004 - 21:41:48 ---A- . (.Conexant Systems, Inc. - HSF_HWB2 WDM driver.) -- C:\WINDOWS\system32\drivers\hsfbs2s2.sys O58 - SDL:[MD5.1225EBEA76AAC3C84DF6C54FE5E5D8BE] - 03/08/2004 - 21:41:50 ---A- . (.Conexant Systems, Inc. - HSF_CNXT driver.) -- C:\WINDOWS\system32\drivers\hsfcxts2.sys O58 - SDL:[MD5.EBB354438A4C5A3327FB97306260714A] - 03/08/2004 - 21:41:56 ---A- . (.Conexant Systems, Inc. - HSF_DP driver.) -- C:\WINDOWS\system32\drivers\hsfdpsp2.sys O58 - SDL:[MD5.0A7C49B48C772591A2D362DAA00246C8] - 03/03/2004 - 21:30:54 ---A- . (.Ahead Software AG - NERO IMAGEDRIVE SCSI miniport.) -- C:\WINDOWS\system32\drivers\imagedrv.sys O58 - SDL:[MD5.549BA4F539E7B8D8129500B96DD7B27A] - 03/03/2004 - 21:30:54 ---A- . (.Ahead Software AG - Nero Image Server.) -- C:\WINDOWS\system32\drivers\imagesrv.sys O58 - SDL:[MD5.AD81C7B17A815C872881BB56F42E56F4] - 26/03/2003 - 04:25:32 R--A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\WINDOWS\system32\drivers\iteraid.sys O58 - SDL:[MD5.304CE9FB3D64CAA07B940BEF4F8C2DCD] - 18/07/2006 - 11:02:52 ---A- . (.Sunbelt Software - Sunbelt Kerio Host Intrusion Prevention Driver.) -- C:\WINDOWS\system32\drivers\khips.sys O58 - SDL:[MD5.9A3D4FC6B86E7E36473079AB76AC703D] - 06/02/2007 - 16:42:40 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\drivers\Lvckap.sys O58 - SDL:[MD5.0ACBC11F19320AF6C19F2E20013D9095] - 06/02/2007 - 16:44:36 ---A- . (.Logitech Inc. - Logitech Machine Vision Engine Loader.) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys O58 - SDL:[MD5.E8ACF6DD83956FB63CEB058D5F51B18A] - 03/02/2007 - 09:30:58 ---A- . (.Logitech Inc. - Logitech AudioProcessing Filter Driver.) -- C:\WINDOWS\system32\drivers\lvpopflt.sys O58 - SDL:[MD5.12866641284EBB41E627BB53C04DA959] - 06/02/2007 - 16:45:04 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys O58 - SDL:[MD5.6E59BC28A41F8A2B702D345A5604652F] - 23/06/2006 - 23:29:43 R--A- . (.Logitech Inc. - Logitech Selective Suspend filter Driver.) -- C:\WINDOWS\system32\drivers\lvselsus.sys O58 - SDL:[MD5.64BC29C3A0388BFC580BB8B1346F7659] - 03/02/2007 - 09:32:36 ---A- . (.Logitech Inc. - USB Statistic Driver.) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys O58 - SDL:[MD5.922BE6770499220DC27B529CA236815A] - 03/02/2007 - 09:32:46 ---A- . (.Logitech Inc. - Logitech USB Video Class Driver.) -- C:\WINDOWS\system32\drivers\lvuvc.sys O58 - SDL:[MD5.5C329E2AB8DD62310213CBFAC0178539] - 03/02/2007 - 09:33:00 ---A- . (.Logitech Inc. - Logitech USB Video Class Filter Driver.) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys O58 - SDL:[MD5.F61B04F2BB5098A34817D776C59E5E7C] - 30/03/2010 - 23:45:52 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbam.sys O58 - SDL:[MD5.75B8EF2A089127E8A3B38F46CC366D79] - 30/03/2010 - 23:46:30 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys O58 - SDL:[MD5.195741AEE20369980796B557358CD774] - 03/08/2004 - 21:41:56 ---A- . (.Conexant - Diagnostic Interface DRIVER.) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys O58 - SDL:[MD5.4D2D882DAEE49B35B7B56FD9444564E9] - 11/12/2007 - 01:05:36 R--A- . (.DiBcom SA - DiBcom AVSTREAM BDA driver.) -- C:\WINDOWS\system32\drivers\mod7700.sys O58 - SDL:[MD5.370E88453EC0D7BEA6EB24BE8D865DBE] - 19/10/2007 - 14:32:58 R--A- . (.DiBcom S.A. - HID Infrared Remote Control minidriver.) -- C:\WINDOWS\system32\drivers\modrc.sys O58 - SDL:[MD5.C53775780148884AC87C455489A0C070] - 03/08/2004 - 21:41:40 ---A- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\drivers\mtlmnt5.sys O58 - SDL:[MD5.54886A652BF5685192141DF304E923FD] - 03/08/2004 - 21:41:38 ---A- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\drivers\mtlstrm.sys O58 - SDL:[MD5.6DDA78A0BE692B61B668FAB860F276CF] - 03/08/2004 - 21:29:38 ---A- . (.Matrox Graphics Inc. - Matrox Parhelia Miniport Driver.) -- C:\WINDOWS\system32\drivers\mtxparhm.sys O58 - SDL:[MD5.BE984D604D91C217355CDD3737AAD25D] - 28/08/2001 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - NikeDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\nikedrv.sys O58 - SDL:[MD5.B9730495E0CF674680121E34BD95A73B] - 20/10/2009 - 19:19:44 ---A- . (.CACE Technologies, Inc. - npf.sys (NT5/6 x86) Kernel Driver.) -- C:\WINDOWS\system32\drivers\npf.sys O58 - SDL:[MD5.576B34CEAE5B7E5D9FD2775E93B3DB53] - 03/08/2004 - 21:41:40 ---A- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\drivers\ntmtlfax.sys O58 - SDL:[MD5.2B298519EDBFCF451D43E0F1E8F1006D] - 03/08/2004 - 21:29:56 ---A- . (.NVIDIA Corporation - NVIDIA Compatible Windows 2000 Miniport Driver, Version 56.73.) -- C:\WINDOWS\system32\drivers\nv4_mini.sys O58 - SDL:[MD5.5B6C11DE7E839C05248CED8825470FEF] - 29/11/2008 - 13:53:06 ---A- . (.VSO Software - low level access layer for CD/DVD/BD devices.) -- C:\WINDOWS\system32\drivers\pcouffin.sys O58 - SDL:[MD5.EEDB845B7648D6FD632DDB8744892743] - 02/02/2007 - 16:30:34 ---A- . (.Pinnacle Systems GmbH - Virtual NDIS miniport driver.) -- C:\WINDOWS\system32\drivers\PctvVirtualNdis.sys O58 - SDL:[MD5.C3127BFDAB6200769B5A0184FAB48573] - 22/05/2002 - 00:00:00 ---A- . (.Engelmann GmbH - PrecSim SCSI miniport.) -- C:\WINDOWS\system32\drivers\precsim.sys O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 28/08/2001 - 13:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\drivers\ptilink.sys O58 - SDL:[MD5.49452BFCEC22F36A7A9B9C2181BC3042] - 20/11/2008 - 20:19:06 ---A- . (.Sonic Solutions - Px Engine Device Driver for Windows 2000/XP.) -- C:\WINDOWS\system32\drivers\pxhelp20.sys O58 - SDL:[MD5.E9AAA0092D74A9D371659C4C38882E12] - 03/08/2004 - 21:41:40 ---A- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\drivers\recagent.sys O58 - SDL:[MD5.A56FE08EC7473E8580A390BB1081CDD7] - 28/08/2001 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - Rio8Drv.sys Usb Driver.) -- C:\WINDOWS\system32\drivers\rio8drv.sys O58 - SDL:[MD5.0A854DF84C77A0BE205BFEAB2AE4F0EC] - 28/08/2001 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - RioDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\riodrv.sys O58 - SDL:[MD5.0DBCC071A268E0340A2BA6BDD98BACE4] - 03/08/2004 - 21:29:52 ---A- . (.S3 Graphics, Inc. - S3 ProSavage(DDR) & Twister Miniport Driver.) -- C:\WINDOWS\system32\drivers\s3gnbm.sys O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 13/11/2007 - 11:25:54 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\WINDOWS\system32\drivers\secdrv.sys O58 - SDL:[MD5.6B33D0EBD30DB32E27D1D78FE946A754] - 13/04/2008 - 19:36:39 ---A- . (.Silicon Integrated Systems Corporation - SiS NT AGP Filter.) -- C:\WINDOWS\system32\drivers\sisagp.sys O58 - SDL:[MD5.D9673011648A71ED1E1F77B831BC85E6] - 03/08/2004 - 21:41:42 ---A- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\drivers\slnt7554.sys O58 - SDL:[MD5.2C1779C0FEB1F4A6033600305EBA623A] - 03/08/2004 - 21:41:44 ---A- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\drivers\slntamr.sys O58 - SDL:[MD5.F9B8E30E82EE95CF3E1D3E495599B99C] - 03/08/2004 - 21:41:46 ---A- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\drivers\slnthal.sys O58 - SDL:[MD5.DB56BB2C55723815CF549D7FC50CFCEB] - 03/08/2004 - 21:41:46 ---A- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\drivers\slwdmsup.sys O58 - SDL:[MD5.3AD0362CF68DE3AC500E981700242CCA] - 03/10/2009 - 14:04:29 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\WINDOWS\system32\drivers\ssmdrv.sys O58 - SDL:[MD5.465DC203AD69D56F290480DAE756A9F9] - 27/09/2005 - 08:00:02 ---A- . (.PACE Anti-Piracy, Inc. - InterLok system file.) -- C:\WINDOWS\system32\drivers\TPkd.sys O58 - SDL:[MD5.D74A8EC75305F1D3CFDE7C7FC1BD62A9] - 28/08/2001 - 13:00:00 ---A- . (.Toshiba Corporation - WDM Toshiba Tecra Video Capture Driver.) -- C:\WINDOWS\system32\drivers\tsbvcap.sys O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 28/08/2001 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\drivers\vdmindvd.sys O58 - SDL:[MD5.D956827780A0B7EAE97930116E5649F7] - 04/05/2001 - 08:24:52 ---A- . (.VIA Technologies. Inc. - VIA PFD driver.) -- C:\WINDOWS\system32\drivers\VIAPFD.SYS O58 - SDL:[MD5.0308AEF61941E4AF478FA1A0F83812F5] - 03/08/2004 - 21:29:40 ---A- . (.Intel® Corporation - Digital Display Minidriver for Intel® Graphics Driver.) -- C:\WINDOWS\system32\drivers\wadv07nt.sys O58 - SDL:[MD5.714038A8AA5DE08E12062202CD7EAEB5] - 03/08/2004 - 21:29:40 ---A- . (.Intel® Corporation - Digital Display Minidriver for Intel® Graphics Driver.) -- C:\WINDOWS\system32\drivers\wadv08nt.sys O58 - SDL:[MD5.7BB3AA595E4507A788DE1CDC63F4C8C4] - 03/08/2004 - 21:29:42 ---A- . (.Intel® Corporation - Digital Display Minidriver for Intel® Graphics Driver.) -- C:\WINDOWS\system32\drivers\wadv09nt.sys O58 - SDL:[MD5.36E6C405B6143D09687F4056FD9A0D10] - 03/08/2004 - 21:29:42 ---A- . (.Intel® Corporation - Digital Display Minidriver for Intel® Graphics Driver.) -- C:\WINDOWS\system32\drivers\wadv11nt.sys O58 - SDL:[MD5.352FA0E98BC461CE1CE5D41F64DB558D] - 03/08/2004 - 21:29:46 ---A- . (.Intel® Corporation - Digital Display Minidriver for Intel® Graphics Driver.) -- C:\WINDOWS\system32\drivers\watv06nt.sys O58 - SDL:[MD5.791CC45DE6E50445BE72E8AD6401FF45] - 03/08/2004 - 21:29:46 ---A- . (.Intel® Corporation - Digital Display Minidriver for Intel® Graphics Driver.) -- C:\WINDOWS\system32\drivers\watv10nt.sys O58 - SDL:[MD5.BA898B29F0DBF9307F494475A8393F03] - 05/05/2005 - 16:01:34 RSH-- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\0AA48D50C7.sys O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 28/08/2001 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ansi.sys O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 28/08/2001 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\country.sys O58 - SDL:[MD5.77EBF3E9386DAA51551AF429052D88D0] - 03/04/1996 - 20:33:26 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\giveio.sys O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 28/08/2001 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\himem.sys O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 28/08/2001 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\key01.sys O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 28/08/2002 - 20:23:06 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\keyboard.sys O58 - SDL:[MD5.F171E6EC36928C226BB43D111C759F58] - 05/05/2005 - 16:15:39 -SHA- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\KGyGaAvL.sys O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 28/08/2001 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos.sys O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 28/08/2001 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos404.sys O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 28/08/2001 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos411.sys O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 28/08/2001 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos412.sys O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 28/08/2001 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos804.sys O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 03/08/2004 - 21:45:26 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio.sys O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 03/08/2004 - 21:45:16 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio404.sys O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 03/08/2004 - 21:45:12 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio411.sys O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 03/08/2004 - 21:45:16 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio412.sys O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 03/08/2004 - 21:45:14 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio804.sys O58 - SDL:[MD5.D703F972D23867DFD4EE9A9EF9CB767E] - 15/06/2005 - 15:55:53 ---A- . (.Windows ® 2000 DDK provider - SpeedFan Device Driver.) -- C:\WINDOWS\system32\speedfan.sys O58 - SDL:[MD5.F05028B163B92C302A74409D683AC9B0] - 27/04/2007 - 14:19:44 ---A- . (.AntiCracking - SVKP driver for NT.) -- C:\WINDOWS\system32\SVKP.sys ---\\ Alternate Data Stream File (ADS) (O62) O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\$winnt$.inf:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\0AA48D50C7.sys:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\12520437.cpx:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\12520850.cpx:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\aaaamon.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\acctres.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\acelpdec.ax:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\acledit.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\activeds(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\activeds.tlb:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\adptif.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\adsldpc(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\adsnds.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\advapi32(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\ansi.sys:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\apcups.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\append.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\apphelp(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\arp.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\asr_ldm.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\atkctrs.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\atl(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\atmpvcno.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\audiosrv(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\authz(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\autodisc.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\autoexec.nt:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\AUTOEXEC.NT.bak:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\avicap.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\avicap32.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\avifile.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\avmeter.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\avtapi.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\avwav.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\bios1.rom:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\bios4.rom:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\bootok.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\bootvid.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\bootvrfy.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\bopomofo.uce:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\browser(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\cabinet(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\calc.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\cards.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\ccfgnt.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\cdmodem.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\certcli(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\certmgr.msc:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\CF32569.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\charmap.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\Chaînes.scf:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\chcp.com:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\chkdsk.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\chkntfs.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\ciadmin.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\ciadv.msc:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\ciaResSvr20.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\ciaSubClsSvr.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\ciaXPFrame20.ocx:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\ciaXPRegSvr20.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\ciaXPStatusBar20.ocx:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\cidaemon.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\ckcnv.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\clb.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\clbcatq(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\cliconf.chm:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\cliconfg.rll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\clspack.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\clusapi(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\cmdlib.wsc:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\cmmgr32.hlp:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\cmos.ram:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\cmpbk32.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\cnetcfg.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\CNMLM3q.DLL:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\CNMVS3q.DLL:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\cnvfat.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\colbact(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\comcat.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\comctl32(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\comdlg32(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\comm.drv:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\command.com:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\commdlg.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\comp.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\compact.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\compmgmt.msc:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\compobj.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\comres(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\comsvcs(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\CONFIG.NT:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\console.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\control.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\convert.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\country.sys:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\CPUINFO2.DLL:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\credui(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\crtdll.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\crypt32(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\cryptdll(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\cryptsvc(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\cryptui(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\cscdll(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\csseqchk.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\CtMp3.Crl:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\ctype.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_037.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_10000.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_10006.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_10007.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_10010.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_10017.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_10029.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_10079.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_10081.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_10082.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_1026.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_1250.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_1251.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_1252.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_1253.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_1254.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_1255.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_1256.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_1257.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_1258.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_20127.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_20261.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_20866.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_20905.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_21866.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_28591.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_28592.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_28593.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\C_28594.NLS:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\C_28595.NLS:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\C_28597.NLS:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_28598.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_28599.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_28603.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_28605.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_437.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_500.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_737.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_775.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_850.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_852.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_855.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_857.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_860.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_861.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_863.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_865.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_866.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_869.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_874.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_875.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_932.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_936.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_949.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\c_950.nls:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\d3dim.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\d3dpmesh.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\d3dramp.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\d3drm.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\d3dxof.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\davclnt(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dbgeng.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dbmsadsn.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dbmsvinn.dLL:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\ddeml.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\debug.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\deskadp.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\deskmon.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\deskperf.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\devmgmt.msc:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dfrg.msc:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dfrgres.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dgrpsetu.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dgsetup.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dhcpcsvc(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dhcpsapi.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\diactfrm.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dimap.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\diskcomp.com:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\diskcopy.com:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\diskmgmt.msc:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\diskperf.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\divxdec_0407.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\divxdec_040c.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\divxdec_0411.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dllhst3g.exe:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dmconfig.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dmdskres.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dmintf.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dmocx.dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dmserver(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dmview.ocx:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dnsapi(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\dnsrslvr(2).dll:KAVICHS O62 - ADS:Alternate Data Stream File - C:\WINDOWS\System32\Drivers\acpiec.sys:KAVICHS ---\\ Liste des outils de nettoyage (LATC) (O63) O63 - Logiciel: Ad-Remover By C_XX - (.C_XX.) O63 - Logiciel: HijackThis 2.0.2 - (.TrendMicro.) O63 - Logiciel: SEAF By C_XX - (.C_XX.) O63 - Logiciel: ZHPDiag 1.25 - (.Nicolas Coolman.) O63 - Logiciel: RSIT - (.random/random.) O63 - Logiciel: Toolbar SD - (.IDN Team.) ---\\ Liste des services Legacy (LALS) (O64) O64 - Services: CurCS - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe - Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) .(.Pas de propriétaire - Pas de description.) - LEGACY_ADOBEACTIVEFILEMONITOR5.0 O64 - Services: CurCS - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe - Adobe LM Service (Adobe LM Service) .(.Adobe Systems - System Level Service Utility.) - LEGACY_ADOBE_LM_SERVICE O64 - Services: CurCS - C:\Program Files\Avira\AntiVir Desktop\sched.exe - Avira AntiVir Planificateur (AntiVirSchedulerService) .(.Avira GmbH - Antivirus Scheduler.) - LEGACY_ANTIVIRSCHEDULERSERVICE O64 - Services: CurCS - C:\Program Files\Avira\AntiVir Desktop\avguard.exe - Avira AntiVir Guard (AntiVirService) .(.Avira GmbH - Antivirus On-Access Service.) - LEGACY_ANTIVIRSERVICE O64 - Services: CurCS - C:\WINDOWS\system32\Ati2evxx.exe - Ati HotKey Poller (Ati HotKey Poller) .(.ATI Technologies Inc. - ATI External Event Utility EXE Module.) - LEGACY_ATI_HOTKEY_POLLER O64 - Services: CurCS - C:\WINDOWS\system32\ati2sgag.exe - ATI Smart (ATI Smart) .(.Pas de propriétaire - ATI Smart.) - LEGACY_ATI_SMART O64 - Services: CurCS - (.not file.) - Avg Anti-Rootkit Clean Driver (AvgArCln) .(.Pas de propriétaire - Pas de description.) - LEGACY_AVGARCLN O64 - Services: CurCS - (.not file.) - AVG Anti-Spyware Clean Driver (AvgAsCln) .(.Pas de propriétaire - Pas de description.) - LEGACY_AVGASCLN O64 - Services: CurCS - C:\Program Files\Avira\AntiVir Desktop\avgio.sys - avgio (avgio) .(.Avira GmbH - Avira AntiVir Support for Minifilter.) - LEGACY_AVGIO O64 - Services: CurCS - C:\WINDOWS\system32\DRIVERS\avgntflt.sys - avgntflt (avgntflt) .(.Avira GmbH - Avira Minifilter Driver.) - LEGACY_AVGNTFLT O64 - Services: CurCS - (.not file.) - AVG Anti-Spyware Driver (AVG Anti-Spyware Driver) .(.Pas de propriétaire - Pas de description.) - LEGACY_AVG_ANTI-SPYWARE_DRIVER O64 - Services: CurCS - (.not file.) - AVG Clean Driver (AVG Clean Driver) .(.Pas de propriétaire - Pas de description.) - LEGACY_AVG_CLEAN_DRIVER O64 - Services: CurCS - C:\WINDOWS\system32\DRIVERS\avipbb.sys - avipbb (avipbb) .(.Avira GmbH - Avira Driver for RootKit Detection.) - LEGACY_AVIPBB O64 - Services: CurCS - (.not file.) - catchme (catchme) .(.Pas de propriétaire - Pas de description.) - LEGACY_CATCHME O64 - Services: CurCS - (.not file.) - Creative AC3 Software Decoder (ctac32k) .(.Pas de propriétaire - Pas de description.) - LEGACY_CTAC32K O64 - Services: CurCS - (.not file.) - Creative Proxy Driver (ctprxy2k) .(.Pas de propriétaire - Pas de description.) - LEGACY_CTPRXY2K O64 - Services: CurCS - (.not file.) - Creative SoundFont Management Device Driver (ctsfm2k) .(.Pas de propriétaire - Pas de description.) - LEGACY_CTSFM2K O64 - Services: CurCS - (.not file.) - Lanceur de processus serveur DCOM (DcomLaunch) .(.Pas de propriétaire - Pas de description.) - LEGACY_DCOMLAUNCH O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\ElbyCDIO.sys - ElbyCDIO Driver (ElbyCDIO) .(.Elaborate Bytes AG - ElbyCD Windows NT/2000/XP I/O driver.) - LEGACY_ELBYCDIO O64 - Services: CurCS - (.not file.) - E-mu Plug-in Architecture Driver (emupia) .(.Pas de propriétaire - Pas de description.) - LEGACY_EMUPIA O64 - Services: CurCS - (.not file.) - Freenet 0.7 darknet (freenet-darknet) .(.Pas de propriétaire - Pas de description.) - LEGACY_FREENET-DARKNET O64 - Services: CurCS - C:\WINDOWS\system32\drivers\fwdrv.sys - Firewall Driver (fwdrv) .(.Sunbelt Software - Sunbelt Kerio Firewall FWDRV.) - LEGACY_FWDRV O64 - Services: CurCS - (.not file.) - fxliapoc (fxliapoc) .(.Pas de propriétaire - Pas de description.) - LEGACY_FXLIAPOC O64 - Services: CurCS - C:\WINDOWS\system32\giveio.sys - giveio (giveio) .(.Pas de propriétaire - Pas de description.) - LEGACY_GIVEIO O64 - Services: CurCS - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe - Google Software Updater (gusvc) .(.Google - gusvc.) - LEGACY_GUSVC O64 - Services: CurCS - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe - InstallDriver Table Manager (IDriverT) .(.Macrovision Corporation - IDriverT Module.) - LEGACY_IDRIVERT O64 - Services: CurCS - (.not file.) - File Security Kernel Anti-Spyware Driver (ikhfile) .(.Pas de propriétaire - Pas de description.) - LEGACY_IKHFILE O64 - Services: CurCS - (.not file.) - Kernel Anti-Spyware Driver (ikhlayer) .(.Pas de propriétaire - Pas de description.) - LEGACY_IKHLAYER O64 - Services: CurCS - (.not file.) - IsDrv118 (IsDrv118) .(.Pas de propriétaire - Pas de description.) - LEGACY_ISDRV118 O64 - Services: CurCS - C:\Program Files\Java\jre6\bin\jqs.exe - Java Quick Starter (JavaQuickStarterService) .(.Sun Microsystems, Inc. - Java Quick Starter Service.) - LEGACY_JAVAQUICKSTARTERSERVICE O64 - Services: CurCS - C:\WINDOWS\system32\drivers\khips.sys - Kerio HIPS Driver (khips) .(.Sunbelt Software - Sunbelt Kerio Host Intrusion Prevention Dri.) - LEGACY_KHIPS O64 - Services: CurCS - (.not file.) - Klif (Klif) .(.Pas de propriétaire - Pas de description.) - LEGACY_KLIF O64 - Services: CurCS - (.not file.) - Klmc (Klmc) .(.Pas de propriétaire - Pas de description.) - LEGACY_KLMC O64 - Services: CurCS - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe - Sunbelt Kerio Personal Firewall 4 (KPF4) .(.Sunbelt Software - Sunbelt Kerio Firewall Service.) - LEGACY_KPF4 O64 - Services: CurCS - C:\WINDOWS\system32\drivers\LVPr2Mon.sys - Logitech LVPr2Mon Driver (LVPr2Mon) .(.Pas de propriétaire - Pas de description.) - LEGACY_LVPR2MON O64 - Services: CurCS - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe - Logitech Process Monitor (LVPrcSrv) .(.Logitech Inc. - Logitech LVPrcSrv Module..) - LEGACY_LVPRCSRV O64 - Services: CurCS - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe - LVSrvLauncher (LVSrvLauncher) .(.Logitech Inc. - LogitechService Launcher.) - LEGACY_LVSRVLAUNCHER O64 - Services: CurCS - (.not file.) - MBAMProtector (MBAMProtector) .(.Pas de propriétaire - Pas de description.) - LEGACY_MBAMPROTECTOR O64 - Services: CurCS - (.not file.) - MBAMService (MBAMService) .(.Pas de propriétaire - Pas de description.) - LEGACY_MBAMSERVICE O64 - Services: CurCS - (.not file.) - mbr (mbr) .(.Pas de propriétaire - Pas de description.) - LEGACY_MBR O64 - Services: CurCS - (.not file.) - mchInjDrv (mchInjDrv) .(.Pas de propriétaire - Pas de description.) - LEGACY_MCHINJDRV O64 - Services: CurCS - (.not file.) - Network Associates McShield (McShield) .(.Pas de propriétaire - Pas de description.) - LEGACY_MCSHIELD O64 - Services: CurCS - (.not file.) - Network Associates Task Manager (McTaskManager) .(.Pas de propriétaire - Pas de description.) - LEGACY_MCTASKMANAGER O64 - Services: CurCS - (.not file.) - mountmgr (mountmgr) .(.Pas de propriétaire - Pas de description.) - LEGACY_MOUNTMGR O64 - Services: CurCS - (.not file.) - Mup (Mup) .(.Pas de propriétaire - Pas de description.) - LEGACY_MUP O64 - Services: CurCS - (.not file.) - NaiAvFilter1 (NaiAvFilter1) .(.Pas de propriétaire - Pas de description.) - LEGACY_NAIAVFILTER1 O64 - Services: CurCS - (.not file.) - NAI Anti Virus (NaiAvFilter101) .(.Pas de propriétaire - Pas de description.) - LEGACY_NAIAVFILTER101 O64 - Services: CurCS - (.not file.) - NaiAvTdi1 (NaiAvTdi1) .(.Pas de propriétaire - Pas de description.) - LEGACY_NAIAVTDI1 O64 - Services: CurCS - (.not file.) - Pilote système NDIS (NDIS) .(.Pas de propriétaire - Pas de description.) - LEGACY_NDIS O64 - Services: CurCS - C:\WINDOWS\system32\drivers\npf.sys - NetGroup Packet Filter Driver (NPF) .(.CACE Technologies, Inc. - npf.sys (NT5/6 x86) Kernel Driver.) - LEGACY_NPF O64 - Services: CurCS - C:\WINDOWS\system32\drivers\ctoss2k.sys - Creative OS Services Driver (ossrv) .(.Creative Technology Ltd. - Creative OS Services Driver (WDM).) - LEGACY_OSSRV O64 - Services: CurCS - (.not file.) - PartMgr (PartMgr) .(.Pas de propriétaire - Pas de description.) - LEGACY_PARTMGR O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\PFMODNT.sys - PfModNT (PfModNT) .(.Creative Technology Ltd. - PCI/ISA Device Info. Service.) - LEGACY_PFMODNT O64 - Services: CurCS - (.not file.) - PROCEXP113 (PROCEXP113) .(.Pas de propriétaire - Pas de description.) - LEGACY_PROCEXP113 O64 - Services: CurCS - (.not file.) - RDPNP (RDPNP) .(.Pas de propriétaire - Pas de description.) - LEGACY_RDPNP O64 - Services: CurCS - (.not file.) - RKREVEAL150 (RKREVEAL150) .(.Pas de propriétaire - Pas de description.) - LEGACY_RKREVEAL150 O64 - Services: CurCS - (.not file.) - Appel de procédure distante (RPC) (RpcSs) .(.Pas de propriétaire - Pas de description.) - LEGACY_RPCSS O64 - Services: CurCS - C:\Program Files\SUPERAntiSpyware\SASDIFSV.sys - SASDIFSV (SASDIFSV) .(.Pas de propriétaire - SASDIFSV.) - LEGACY_SASDIFSV O64 - Services: CurCS - C:\Program Files\SUPERAntiSpyware\SASENUM.sys - SASENUM (SASENUM) .(.SuperAdBlocker, Inc. - SuperAntiSpyware.) - LEGACY_SASENUM O64 - Services: CurCS - C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys - SASKUTIL (SASKUTIL) .(.Pas de propriétaire - SASKUTIL.SYS.) - LEGACY_SASKUTIL O64 - Services: CurCS - (.not file.) - SAVOnAccess Control (SAVOnAccess Control) .(.Pas de propriétaire - Pas de description.) - LEGACY_SAVONACCESS_CONTROL O64 - Services: CurCS - (.not file.) - SAVOnAccess Filter (SAVOnAccess Filter) .(.Pas de propriétaire - Pas de description.) - LEGACY_SAVONACCESS_FILTER O64 - Services: CurCS - C:\Program Files\Sandboxie\SbieDrv.sys - SbieDrv (SbieDrv) .(.tzuk - Sandboxie Kernel Mode Driver.) - LEGACY_SBIEDRV O64 - Services: CurCS - C:\Program Files\Sandboxie\SbieSvc.exe - Sandboxie Service (SbieSvc) .(.tzuk - Sandboxie Service.) - LEGACY_SBIESVC O64 - Services: CurCS - C:\WINDOWS\system32\DRIVERS\secdrv.sys - Secdrv (Secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV O64 - Services: CurCS - C:\WINDOWS\system32\speedfan.sys - speedfan (speedfan) .(.Windows ® 2000 DDK provider - SpeedFan Device Driver.) - LEGACY_SPEEDFAN O64 - Services: CurCS - (.not file.) - sptd (sptd) .(.Pas de propriétaire - Pas de description.) - LEGACY_SPTD O64 - Services: CurCS - (.not file.) - srescan (srescan) .(.Pas de propriétaire - Pas de description.) - LEGACY_SRESCAN O64 - Services: CurCS - C:\WINDOWS\system32\DRIVERS\ssmdrv.sys - ssmdrv (ssmdrv) .(.Avira GmbH - AVIRA SnapShot Driver.) - LEGACY_SSMDRV O64 - Services: CurCS - C:\WINDOWS\system32\SVKP.sys - SVKP (SVKP) .(.AntiCracking - SVKP driver for NT.) - LEGACY_SVKP O64 - Services: CurCS - (.not file.) - Services Terminal Server (TermService) .(.Pas de propriétaire - Pas de description.) - LEGACY_TERMSERVICE O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\TPKD.sys - TPkd (TPkd) .(.PACE Anti-Piracy, Inc. - InterLok system file.) - LEGACY_TPKD O64 - Services: CurCS - (.not file.) - Gestionnaire de téléchargement (uploadmgr) .(.Pas de propriétaire - Pas de description.) - LEGACY_UPLOADMGR O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\VIAPFD.sys - VIAPFD (VIAPFD) .(.VIA Technologies. Inc. - VIA PFD driver.) - LEGACY_VIAPFD O64 - Services: CurCS - (.not file.) - vsdatant (vsdatant) .(.Pas de propriétaire - Pas de description.) - LEGACY_VSDATANT O64 - Services: CurCS - (.not file.) - VSOMRIXF (VSOMRIXF) .(.Pas de propriétaire - Pas de description.) - LEGACY_VSOMRIXF ---\\ Observateur d'évènement d'application (OEA) (O66) O66 - EventLog: ID=1 (JavaQuickStarterService) - (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf: No such file or directory\n"}; (.not file.) ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Pas de propriétaire - Pas de description.) -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.com> <ComFile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.html> <FirefoxHTML>[HKLM\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Pas de propriétaire - Pas de description.) -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.com> <ComFile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe ---\\ Start Menu Internet (SMI) (O68) O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe O68 - StartMenuInternet: <MSN Explorer> <>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - msn.) -- C:\Program Files\MSN\MSNCoreFiles\MSN6.exe ---\\ Search Browser Infection (SBI) (O69) ---\\ Recherche d'infection Master Boot Record (O80) Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net Run by Pascal Admin at 01/05/2010 11:28:56 device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x830148D8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\atapi -> 0x830148d8 IoDeviceObjectType -> ParseProcedure -> 0x830801b0 \Device\Harddisk0\DR0 -> ParseProcedure -> 0x830801b0 Warning: possible MBR rootkit infection ! user & kernel MBR OK Use "Recovery Console" command "fixmbr" to clear infection ! Use "ZHPFix" command "MBRFix" to clear infection ! End of the scan (1421 lines in 05mn 07s)