Aller au contenu

Aioros

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    34

  • Inscription

  • Dernière visite

Aioros's Achievements

Member

Member (4/12)

0

Réputation sur la communauté

  1. Aioros
    Merci pour votre précieuse aide, je pense que tout est rentré dans l'ordre
  2. Aioros
    Je ne trouve pas le fichier "qoobox" même en affichant les dossiers cachés. Est-ce normal?
  3. Aioros
    Excusez-moi j'ai posté le mauvais rapport Les voici : Malwarebytes' Anti-Malware 1.42 Version de la base de données: 3427 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 25/12/2009 12:42:05 mbam-log-2009-12-25 (12-42-05).txt Type de recherche: Examen rapide Eléments examinés: 127364 Temps écoulé: 5 minute(s), 18 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Friday, December 25, 2009 Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Friday, December 25, 2009 11:16:07 Records in database: 3410334 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ Scan statistics: Objects scanned: 88537 Threats found: 1 Infected objects found: 1 Suspicious objects found: 0 Scan duration: 02:34:42 File name / Threat / Threats count C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTiqqjcbqjhn.dll.vir Infected: Packed.Win32.TDSS.aa 1 Selected area has been scanned.
  4. Aioros
    Désolé de la réponse tardive, voici les 2 rapports demandés : ComboFix 09-12-24.02 - HP_Propriétaire 25/12/2009 3:23.4.2 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.304 [GMT 1:00] Lancé depuis: c:\documents and settings\HP_Propriétaire\Mes documents\Téléchargements\69356-CF.exe AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\LHT1F.tmp C:\LHT22.tmp C:\LHT23.tmp C:\LHT90.tmp C:\LHTB6.tmp c:\windows\system32\2492142984.dat c:\windows\system32\404Fix.exe c:\windows\system32\Agent.OMZ.Fix.exe c:\windows\system32\dumphive.exe c:\windows\system32\H8SRTiqqjcbqjhn.dll c:\windows\system32\H8SRTmttappehem.dat c:\windows\system32\IEDFix.C.exe c:\windows\system32\IEDFix.exe c:\windows\system32\krl32mainweq.dll c:\windows\system32\o4Patch.exe c:\windows\system32\Process.exe c:\windows\system32\ps2.bat c:\windows\system32\SrchSTS.exe c:\windows\system32\srcr.dat c:\windows\system32\tmp.reg c:\windows\system32\VACFix.exe c:\windows\system32\VCCLSID.exe c:\windows\system32\WS2Fix.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2009-11-25 au 2009-12-25 )))))))))))))))))))))))))))))))))))) . 2009-12-25 01:54 . 2009-12-25 02:08 -------- d-----w- C:\tdsskiller 2009-12-24 14:45 . 2009-12-24 14:45 -------- d-sh--w- c:\documents and settings\Administrateur\PrivacIE 2009-12-24 14:43 . 2009-12-24 14:43 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache 2009-12-24 13:49 . 2009-12-24 13:49 -------- d-----w- C:\sh4ldr 2009-12-24 13:48 . 2009-12-24 13:48 -------- d-----w- c:\program files\Enigma Software Group 2009-12-24 11:12 . 2009-12-24 11:12 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2009-12-24 11:12 . 2009-12-25 02:25 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-12-09 16:53 . 2009-12-11 21:18 -------- d-----w- c:\program files\Microsoft Silverlight 2009-12-09 16:53 . 2009-12-09 16:53 -------- d-----w- c:\program files\Microsoft Office Outlook Connector 2009-12-09 16:53 . 2009-08-05 21:48 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys 2009-12-09 16:52 . 2009-12-09 16:52 -------- d-----w- c:\program files\Microsoft Sync Framework 2009-12-09 16:51 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll 2009-12-09 16:51 . 2009-12-09 16:51 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2009-12-09 16:49 . 2009-12-09 16:53 -------- d-----w- c:\program files\Microsoft 2009-12-09 16:49 . 2009-12-09 16:49 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-12-09 16:43 . 2009-12-09 16:43 -------- d-----w- c:\program files\Fichiers communs\Windows Live . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-25 02:30 . 2009-12-24 11:12 -------- d-----w- c:\program files\Spyware Doctor 2009-12-25 02:29 . 2009-06-14 00:32 -------- d-----w- c:\program files\DNA 2009-12-24 15:34 . 2005-10-11 18:42 -------- d-----w- c:\program files\Google 2009-12-24 11:17 . 2009-12-24 11:12 -------- d-----w- c:\program files\Fichiers communs\PC Tools 2009-12-19 09:51 . 2008-10-21 13:58 -------- d-----w- c:\program files\World of Warcraft 2009-12-15 19:18 . 2004-11-23 21:26 86862 ----a-w- c:\windows\system32\perfc00C.dat 2009-12-15 19:18 . 2004-11-23 21:26 515380 ----a-w- c:\windows\system32\perfh00C.dat 2009-12-10 21:58 . 2008-10-21 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-12-09 16:53 . 2008-10-21 15:47 -------- d-----w- c:\program files\Windows Live 2009-12-07 19:24 . 2009-06-03 13:04 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-11-18 18:04 . 2008-10-23 19:29 -------- d-----w- c:\program files\WowCartographe 2009-11-10 09:28 . 2009-12-24 11:17 149456 ----a-w- c:\windows\SGDetectionTool.dll 2009-11-10 09:28 . 2009-12-24 11:17 1640400 ----a-w- c:\windows\PCTBDCore.dll 2009-11-10 09:28 . 2009-12-24 11:17 165840 ----a-w- c:\windows\PCTBDRes.dll 2009-11-10 09:26 . 2009-12-24 11:17 767952 ----a-w- c:\windows\BDTSupport.dll 2009-11-09 10:20 . 2009-12-24 11:13 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2009-10-30 10:11 . 2009-12-24 11:13 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2009-10-29 07:42 . 2004-08-05 18:00 916480 ----a-w- c:\windows\system32\wininet.dll 2009-10-28 00:36 . 2009-12-24 11:17 1152444 ----a-w- c:\windows\UDB.zip 2009-10-21 05:39 . 2004-08-05 18:00 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 05:39 . 2004-08-05 18:00 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-20 16:20 . 2004-08-05 18:00 265728 ----a-w- c:\windows\system32\drivers\http.sys 2009-10-13 10:33 . 2004-08-05 18:00 271360 ----a-w- c:\windows\system32\oakley.dll 2009-10-12 13:39 . 2004-08-05 18:00 79872 ----a-w- c:\windows\system32\raschap.dll 2009-10-12 13:39 . 2004-08-05 18:00 150528 ----a-w- c:\windows\system32\rastls.dll 2009-10-06 15:31 . 2009-12-24 11:13 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-06-02 24264488] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 61952] "SoundMan"="SOUNDMAN.EXE" [2005-05-04 90112] "AlcWzrd"="ALCWZRD.EXE" [2005-05-04 2805248] "RemoteControl"="c:\program files\ASUS\ASUS Remote\RemoteControlAppl.exe" [2005-06-10 61440] "HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440] "Home Theater SchSvr"="c:\program files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe" [2005-07-18 106496] "WINREMOTE"="c:\program files\InterVideo\Common\Bin\WinRemote.exe" [2005-07-18 262144] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472] "PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-11 253952] "HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272] "nwiz"="nwiz.exe" [2009-04-30 1657376] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-16 148888] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128] "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-11-18 1243088] "SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2009-12-09 866200] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"= "c:\\Program Files\\World of Warcraft\\WoW-2.4.3-to-3.0.2-frFR-Win-Final-downloader.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\World of Warcraft\\Launcher.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-frFR-downloader.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-frFR-downloader.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-frFR-downloader.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-frFR-downloader.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:UDP"= 3724:UDP:Blizzard downloader:3724 "6112:TCP"= 6112:TCP:Blibli downloader "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "27709:TCP"= 27709:TCP:tcp R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [3/06/2009 10:57 28544] R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [24/12/2009 12:13 207792] R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [24/12/2009 12:17 112592] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [9/12/2009 17:53 54752] R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [24/12/2009 12:13 359624] R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [11/10/2005 19:08 2786176] S2 a2AntiMalware;a-squared Anti-Malware Service;"c:\program files\a-squared Anti-Malware\a2service.exe" --> c:\program files\a-squared Anti-Malware\a2service.exe [?] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/07/2009 20:57 108289] S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [5/08/2009 22:48 704864] --- Autres Services/Pilotes en mémoire --- *NewlyCreated* - KLMD_BOOT *NewlyCreated* - KLMD_SYSTEM *Deregistered* - KLMD *Deregistered* - KLMD_Boot *Deregistered* - KLMD_System *Deregistered* - PCTSDInjDriver32 . ------- Examen supplémentaire ------- . uStart Page = uInternet Settings,ProxyOverride = *.local IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Pages liées - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Pages similaires - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Version de la page actuelle disponible dans le cache Google - c:\program files\Google\GoogleToolbar1.dll/cmcache.html DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab FF - ProfilePath - c:\documents and settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\wlot0w3y.default\ FF - prefs.js: browser.startup.homepage - www.jeuxvideo.com FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-Malware Defense - c:\program files\Malware Defense\mdefense.exe AddRemove-Smart Defrag_is1 - c:\program files\IObit\IObit SmartDefrag\unins000.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-25 03:30 Windows 5.1.2600 Service Pack 3 NTFS detected NTDLL code modification: ZwClose Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(620) c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll - - - - - - - > 'lsass.exe'(676) c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll . Heure de fin: 2009-12-25 03:33:26 ComboFix-quarantined-files.txt 2009-12-25 02:33 Avant-CF: 90.292.166.656 octets libres Après-CF: 90.348.179.456 octets libres - - End Of File - - E22D86CA7B92C83D8245A66C9B848239 -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Friday, December 25, 2009 Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Friday, December 25, 2009 11:16:07 Records in database: 3410334 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ Scan statistics: Objects scanned: 88537 Threats found: 1 Infected objects found: 1 Suspicious objects found: 0 Scan duration: 02:34:42 File name / Threat / Threats count C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTiqqjcbqjhn.dll.vir Infected: Packed.Win32.TDSS.aa 1 Selected area has been scanned. Je n'ai plus le logiciel "malware defense" ainsi que toutes les autres anomalies apparues hier matin mais mon pc reste d'une lenteur affreuse... Merci de vos réponses
  5. Aioros
    Voici les 2 rapports générés par les applications que vous m'avez link : 03:08:49:000 4036 TDSSKiller 2.1.1 Dec 20 2009 02:40:02 03:08:49:000 4036 ================================================================================ 03:08:49:000 4036 SystemInfo: 03:08:49:000 4036 OS Version: 5.1.2600 ServicePack: 3.0 03:08:49:000 4036 Product type: Workstation 03:08:49:000 4036 ComputerName: QUENTIN 03:08:49:000 4036 UserName: HP_Propriétaire 03:08:49:000 4036 Windows directory: C:\WINDOWS 03:08:49:000 4036 Processor architecture: Intel x86 03:08:49:000 4036 Number of processors: 2 03:08:49:000 4036 Page size: 0x1000 03:08:49:000 4036 Boot type: Normal boot 03:08:49:000 4036 ================================================================================ 03:08:49:156 4036 ForceUnloadDriver: NtUnloadDriver error 2 03:08:49:187 4036 main: Driver KLMD_Boot successfully unloaded 03:08:49:687 4036 ForceUnloadDriver: NtUnloadDriver error 2 03:08:49:718 4036 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\Drivers\KLMD.sys) returned status 0 03:08:49:718 4036 main: Driver KLMD successfully dropped 03:08:50:062 4036 main: Driver KLMD successfully loaded 03:08:50:062 4036 Scanning Registry ... 03:08:50:062 4036 ScanServices: Searching service UACd.sys 03:08:50:062 4036 ScanServices: Open/Create key error 2 03:08:50:062 4036 ScanServices: Searching service TDSSserv.sys 03:08:50:062 4036 ScanServices: Open/Create key error 2 03:08:50:062 4036 ScanServices: Searching service gaopdxserv.sys 03:08:50:062 4036 ScanServices: Open/Create key error 2 03:08:50:062 4036 ScanServices: Searching service gxvxcserv.sys 03:08:50:062 4036 ScanServices: Open/Create key error 2 03:08:50:062 4036 ScanServices: Searching service MSIVXserv.sys 03:08:50:062 4036 ScanServices: Open/Create key error 2 03:08:50:062 4036 UnhookRegistry: Kernel module file name: C:\windows\system32\ntkrnlpa.exe, base addr: 804D7000 03:08:50:531 4036 UnhookRegistry: Kernel local addr: D10000 03:08:50:531 4036 UnhookRegistry: KeServiceDescriptorTable addr: D95700 03:08:50:531 4036 UnhookRegistry: KiServiceTable addr: D3D460 03:08:50:531 4036 UnhookRegistry: NtEnumerateKey service number (local): 47 03:08:50:531 4036 UnhookRegistry: NtEnumerateKey local addr: E5CFF2 03:08:50:531 4036 KLMD_OpenDevice: Trying to open KLMD device 03:08:50:531 4036 KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey 03:08:50:531 4036 KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey 03:08:50:531 4036 KLMD_ReadMem: Trying to ReadMemory 0x805002C9[0x4] 03:08:50:531 4036 UnhookRegistry: NtEnumerateKey service number (kernel): 47 03:08:50:531 4036 KLMD_ReadMem: Trying to ReadMemory 0x8050457C[0x4] 03:08:50:531 4036 UnhookRegistry: NtEnumerateKey real addr: 80623FF2 03:08:50:531 4036 UnhookRegistry: NtEnumerateKey calc addr: 80623FF2 03:08:50:531 4036 UnhookRegistry: No SDT hooks found on NtEnumerateKey 03:08:50:531 4036 KLMD_ReadMem: Trying to ReadMemory 0x80623FF2[0xA] 03:08:50:531 4036 UnhookRegistry: No splicing found on NtEnumerateKey 03:08:50:531 4036 Scanning Kernel memory ... 03:08:50:531 4036 KLMD_OpenDevice: Trying to open KLMD device 03:08:50:531 4036 KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk 03:08:50:531 4036 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk 03:08:50:531 4036 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 87167900 03:08:50:531 4036 DetectCureTDL3: KLMD_GetDeviceObjectList returned 11 DevObjects 03:08:50:531 4036 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 86B55030 03:08:50:531 4036 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86B55030 03:08:50:531 4036 KLMD_ReadMem: Trying to ReadMemory 0x86B55030[0x38] 03:08:50:531 4036 DetectCureTDL3: DRIVER_OBJECT addr: 87167900 03:08:50:531 4036 KLMD_ReadMem: Trying to ReadMemory 0x87167900[0xA8] 03:08:50:531 4036 KLMD_ReadMem: Trying to ReadMemory 0xE19D83A8[0x208] 03:08:50:531 4036 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 03:08:50:531 4036 DetectCureTDL3: IrpHandler (0) addr: F76C2BB0 03:08:50:531 4036 DetectCureTDL3: IrpHandler (1) addr: 804F4562 03:08:50:531 4036 DetectCureTDL3: IrpHandler (2) addr: F76C2BB0 03:08:50:546 4036 DetectCureTDL3: IrpHandler (3) addr: F76BCD1F 03:08:50:546 4036 DetectCureTDL3: IrpHandler (4) addr: F76BCD1F 03:08:50:546 4036 DetectCureTDL3: IrpHandler (5) addr: 804F4562 03:08:50:546 4036 DetectCureTDL3: IrpHandler (6) addr: 804F4562 03:08:50:546 4036 DetectCureTDL3: IrpHandler (7) addr: 804F4562 03:08:50:546 4036 DetectCureTDL3: IrpHandler ( addr: 804F4562 03:08:50:546 4036 DetectCureTDL3: IrpHandler (9) addr: F76BD2E2 03:08:50:546 4036 DetectCureTDL3: IrpHandler (10) addr: 804F4562 03:08:50:546 4036 DetectCureTDL3: IrpHandler (11) addr: 804F4562 03:08:50:546 4036 DetectCureTDL3: IrpHandler (12) addr: 804F4562 03:08:50:546 4036 DetectCureTDL3: IrpHandler (13) addr: 804F4562 03:08:50:546 4036 DetectCureTDL3: IrpHandler (14) addr: F76BD3BB 03:08:50:546 4036 DetectCureTDL3: IrpHandler (15) addr: F76C0F28 03:08:50:546 4036 DetectCureTDL3: IrpHandler (16) addr: F76BD2E2 03:08:50:546 4036 DetectCureTDL3: IrpHandler (17) addr: 804F4562 03:08:50:546 4036 DetectCureTDL3: IrpHandler (18) addr: 804F4562 03:08:50:546 4036 DetectCureTDL3: IrpHandler (19) addr: 804F4562 03:08:50:546 4036 DetectCureTDL3: IrpHandler (20) addr: 804F4562 03:08:50:546 4036 DetectCureTDL3: IrpHandler (21) addr: 804F4562 03:08:50:546 4036 DetectCureTDL3: IrpHandler (22) addr: F76BEC82 03:08:50:546 4036 DetectCureTDL3: IrpHandler (23) addr: F76C399E 03:08:50:546 4036 DetectCureTDL3: IrpHandler (24) addr: 804F4562 03:08:50:546 4036 DetectCureTDL3: IrpHandler (25) addr: 804F4562 03:08:50:546 4036 DetectCureTDL3: IrpHandler (26) addr: 804F4562 03:08:50:546 4036 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400] 03:08:50:546 4036 KLMD_ReadMem: DeviceIoControl error 1 03:08:50:546 4036 TDL3_StartIoHookDetect: Unable to get StartIo handler code 03:08:50:546 4036 TDL3_FileDetect: Processing driver: Disk 03:08:50:546 4036 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk 03:08:50:546 4036 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys 03:08:50:546 4036 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys 03:08:50:562 4036 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 86E88610 03:08:50:562 4036 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86E88610 03:08:50:562 4036 KLMD_ReadMem: Trying to ReadMemory 0x86E88610[0x38] 03:08:50:562 4036 DetectCureTDL3: DRIVER_OBJECT addr: 87167900 03:08:50:562 4036 KLMD_ReadMem: Trying to ReadMemory 0x87167900[0xA8] 03:08:50:562 4036 KLMD_ReadMem: Trying to ReadMemory 0xE19D83A8[0x208] 03:08:50:562 4036 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 03:08:50:562 4036 DetectCureTDL3: IrpHandler (0) addr: F76C2BB0 03:08:50:562 4036 DetectCureTDL3: IrpHandler (1) addr: 804F4562 03:08:50:562 4036 DetectCureTDL3: IrpHandler (2) addr: F76C2BB0 03:08:50:562 4036 DetectCureTDL3: IrpHandler (3) addr: F76BCD1F 03:08:50:562 4036 DetectCureTDL3: IrpHandler (4) addr: F76BCD1F 03:08:50:562 4036 DetectCureTDL3: IrpHandler (5) addr: 804F4562 03:08:50:562 4036 DetectCureTDL3: IrpHandler (6) addr: 804F4562 03:08:50:562 4036 DetectCureTDL3: IrpHandler (7) addr: 804F4562 03:08:50:562 4036 DetectCureTDL3: IrpHandler ( addr: 804F4562 03:08:50:562 4036 DetectCureTDL3: IrpHandler (9) addr: F76BD2E2 03:08:50:562 4036 DetectCureTDL3: IrpHandler (10) addr: 804F4562 03:08:50:562 4036 DetectCureTDL3: IrpHandler (11) addr: 804F4562 03:08:50:562 4036 DetectCureTDL3: IrpHandler (12) addr: 804F4562 03:08:50:562 4036 DetectCureTDL3: IrpHandler (13) addr: 804F4562 03:08:50:562 4036 DetectCureTDL3: IrpHandler (14) addr: F76BD3BB 03:08:50:562 4036 DetectCureTDL3: IrpHandler (15) addr: F76C0F28 03:08:50:562 4036 DetectCureTDL3: IrpHandler (16) addr: F76BD2E2 03:08:50:562 4036 DetectCureTDL3: IrpHandler (17) addr: 804F4562 03:08:50:562 4036 DetectCureTDL3: IrpHandler (18) addr: 804F4562 03:08:50:562 4036 DetectCureTDL3: IrpHandler (19) addr: 804F4562 03:08:50:562 4036 DetectCureTDL3: IrpHandler (20) addr: 804F4562 03:08:50:562 4036 DetectCureTDL3: IrpHandler (21) addr: 804F4562 03:08:50:562 4036 DetectCureTDL3: IrpHandler (22) addr: F76BEC82 03:08:50:562 4036 DetectCureTDL3: IrpHandler (23) addr: F76C399E 03:08:50:562 4036 DetectCureTDL3: IrpHandler (24) addr: 804F4562 03:08:50:562 4036 DetectCureTDL3: IrpHandler (25) addr: 804F4562 03:08:50:562 4036 DetectCureTDL3: IrpHandler (26) addr: 804F4562 03:08:50:562 4036 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400] 03:08:50:562 4036 KLMD_ReadMem: DeviceIoControl error 1 03:08:50:562 4036 TDL3_StartIoHookDetect: Unable to get StartIo handler code 03:08:50:562 4036 TDL3_FileDetect: Processing driver: Disk 03:08:50:562 4036 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk 03:08:50:562 4036 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys 03:08:50:562 4036 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys 03:08:50:578 4036 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 86C718F0 03:08:50:578 4036 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86C718F0 03:08:50:578 4036 KLMD_ReadMem: Trying to ReadMemory 0x86C718F0[0x38] 03:08:50:578 4036 DetectCureTDL3: DRIVER_OBJECT addr: 87167900 03:08:50:578 4036 KLMD_ReadMem: Trying to ReadMemory 0x87167900[0xA8] 03:08:50:578 4036 KLMD_ReadMem: Trying to ReadMemory 0xE19D83A8[0x208] 03:08:50:578 4036 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 03:08:50:578 4036 DetectCureTDL3: IrpHandler (0) addr: F76C2BB0 03:08:50:578 4036 DetectCureTDL3: IrpHandler (1) addr: 804F4562 03:08:50:578 4036 DetectCureTDL3: IrpHandler (2) addr: F76C2BB0 03:08:50:578 4036 DetectCureTDL3: IrpHandler (3) addr: F76BCD1F 03:08:50:578 4036 DetectCureTDL3: IrpHandler (4) addr: F76BCD1F 03:08:50:578 4036 DetectCureTDL3: IrpHandler (5) addr: 804F4562 03:08:50:578 4036 DetectCureTDL3: IrpHandler (6) addr: 804F4562 03:08:50:578 4036 DetectCureTDL3: IrpHandler (7) addr: 804F4562 03:08:50:578 4036 DetectCureTDL3: IrpHandler ( addr: 804F4562 03:08:50:578 4036 DetectCureTDL3: IrpHandler (9) addr: F76BD2E2 03:08:50:578 4036 DetectCureTDL3: IrpHandler (10) addr: 804F4562 03:08:50:578 4036 DetectCureTDL3: IrpHandler (11) addr: 804F4562 03:08:50:578 4036 DetectCureTDL3: IrpHandler (12) addr: 804F4562 03:08:50:578 4036 DetectCureTDL3: IrpHandler (13) addr: 804F4562 03:08:50:578 4036 DetectCureTDL3: IrpHandler (14) addr: F76BD3BB 03:08:50:578 4036 DetectCureTDL3: IrpHandler (15) addr: F76C0F28 03:08:50:578 4036 DetectCureTDL3: IrpHandler (16) addr: F76BD2E2 03:08:50:578 4036 DetectCureTDL3: IrpHandler (17) addr: 804F4562 03:08:50:578 4036 DetectCureTDL3: IrpHandler (18) addr: 804F4562 03:08:50:578 4036 DetectCureTDL3: IrpHandler (19) addr: 804F4562 03:08:50:578 4036 DetectCureTDL3: IrpHandler (20) addr: 804F4562 03:08:50:578 4036 DetectCureTDL3: IrpHandler (21) addr: 804F4562 03:08:50:578 4036 DetectCureTDL3: IrpHandler (22) addr: F76BEC82 03:08:50:578 4036 DetectCureTDL3: IrpHandler (23) addr: F76C399E 03:08:50:578 4036 DetectCureTDL3: IrpHandler (24) addr: 804F4562 03:08:50:578 4036 DetectCureTDL3: IrpHandler (25) addr: 804F4562 03:08:50:578 4036 DetectCureTDL3: IrpHandler (26) addr: 804F4562 03:08:50:578 4036 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400] 03:08:50:578 4036 KLMD_ReadMem: DeviceIoControl error 1 03:08:50:578 4036 TDL3_StartIoHookDetect: Unable to get StartIo handler code 03:08:50:578 4036 TDL3_FileDetect: Processing driver: Disk 03:08:50:578 4036 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk 03:08:50:578 4036 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys 03:08:50:578 4036 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys 03:08:50:578 4036 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 86A9D298 03:08:50:578 4036 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86A9D298 03:08:50:578 4036 KLMD_ReadMem: Trying to ReadMemory 0x86A9D298[0x38] 03:08:50:578 4036 DetectCureTDL3: DRIVER_OBJECT addr: 87167900 03:08:50:578 4036 KLMD_ReadMem: Trying to ReadMemory 0x87167900[0xA8] 03:08:50:578 4036 KLMD_ReadMem: Trying to ReadMemory 0xE19D83A8[0x208] 03:08:50:578 4036 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 03:08:50:578 4036 DetectCureTDL3: IrpHandler (0) addr: F76C2BB0 03:08:50:578 4036 DetectCureTDL3: IrpHandler (1) addr: 804F4562 03:08:50:593 4036 DetectCureTDL3: IrpHandler (2) addr: F76C2BB0 03:08:50:593 4036 DetectCureTDL3: IrpHandler (3) addr: F76BCD1F 03:08:50:593 4036 DetectCureTDL3: IrpHandler (4) addr: F76BCD1F 03:08:50:593 4036 DetectCureTDL3: IrpHandler (5) addr: 804F4562 03:08:50:593 4036 DetectCureTDL3: IrpHandler (6) addr: 804F4562 03:08:50:593 4036 DetectCureTDL3: IrpHandler (7) addr: 804F4562 03:08:50:593 4036 DetectCureTDL3: IrpHandler ( addr: 804F4562 03:08:50:593 4036 DetectCureTDL3: IrpHandler (9) addr: F76BD2E2 03:08:50:593 4036 DetectCureTDL3: IrpHandler (10) addr: 804F4562 03:08:50:593 4036 DetectCureTDL3: IrpHandler (11) addr: 804F4562 03:08:50:593 4036 DetectCureTDL3: IrpHandler (12) addr: 804F4562 03:08:50:593 4036 DetectCureTDL3: IrpHandler (13) addr: 804F4562 03:08:50:593 4036 DetectCureTDL3: IrpHandler (14) addr: F76BD3BB 03:08:50:593 4036 DetectCureTDL3: IrpHandler (15) addr: F76C0F28 03:08:50:593 4036 DetectCureTDL3: IrpHandler (16) addr: F76BD2E2 03:08:50:593 4036 DetectCureTDL3: IrpHandler (17) addr: 804F4562 03:08:50:593 4036 DetectCureTDL3: IrpHandler (18) addr: 804F4562 03:08:50:593 4036 DetectCureTDL3: IrpHandler (19) addr: 804F4562 03:08:50:593 4036 DetectCureTDL3: IrpHandler (20) addr: 804F4562 03:08:50:593 4036 DetectCureTDL3: IrpHandler (21) addr: 804F4562 03:08:50:593 4036 DetectCureTDL3: IrpHandler (22) addr: F76BEC82 03:08:50:593 4036 DetectCureTDL3: IrpHandler (23) addr: F76C399E 03:08:50:593 4036 DetectCureTDL3: IrpHandler (24) addr: 804F4562 03:08:50:593 4036 DetectCureTDL3: IrpHandler (25) addr: 804F4562 03:08:50:593 4036 DetectCureTDL3: IrpHandler (26) addr: 804F4562 03:08:50:593 4036 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400] 03:08:50:593 4036 KLMD_ReadMem: DeviceIoControl error 1 03:08:50:593 4036 TDL3_StartIoHookDetect: Unable to get StartIo handler code 03:08:50:593 4036 TDL3_FileDetect: Processing driver: Disk 03:08:50:593 4036 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk 03:08:50:593 4036 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys 03:08:50:593 4036 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys 03:08:50:593 4036 DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 86B5CAB8 03:08:50:593 4036 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86B5CAB8 03:08:50:593 4036 DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 86F9DC80 03:08:50:593 4036 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86F9DC80 03:08:50:593 4036 DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 86C8CDE8 03:08:50:593 4036 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86C8CDE8 03:08:50:593 4036 KLMD_ReadMem: Trying to ReadMemory 0x86C8CDE8[0x38] 03:08:50:593 4036 DetectCureTDL3: DRIVER_OBJECT addr: 86C97AE8 03:08:50:593 4036 KLMD_ReadMem: Trying to ReadMemory 0x86C97AE8[0xA8] 03:08:50:593 4036 KLMD_ReadMem: Trying to ReadMemory 0xE227FBA8[0x208] 03:08:50:593 4036 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR 03:08:50:593 4036 DetectCureTDL3: IrpHandler (0) addr: F7A69218 03:08:50:593 4036 DetectCureTDL3: IrpHandler (1) addr: 804F4562 03:08:50:593 4036 DetectCureTDL3: IrpHandler (2) addr: F7A69218 03:08:50:609 4036 DetectCureTDL3: IrpHandler (3) addr: F7A6923C 03:08:50:609 4036 DetectCureTDL3: IrpHandler (4) addr: F7A6923C 03:08:50:609 4036 DetectCureTDL3: IrpHandler (5) addr: 804F4562 03:08:50:609 4036 DetectCureTDL3: IrpHandler (6) addr: 804F4562 03:08:50:609 4036 DetectCureTDL3: IrpHandler (7) addr: 804F4562 03:08:50:609 4036 DetectCureTDL3: IrpHandler ( addr: 804F4562 03:08:50:609 4036 DetectCureTDL3: IrpHandler (9) addr: 804F4562 03:08:50:609 4036 DetectCureTDL3: IrpHandler (10) addr: 804F4562 03:08:50:609 4036 DetectCureTDL3: IrpHandler (11) addr: 804F4562 03:08:50:609 4036 DetectCureTDL3: IrpHandler (12) addr: 804F4562 03:08:50:609 4036 DetectCureTDL3: IrpHandler (13) addr: 804F4562 03:08:50:609 4036 DetectCureTDL3: IrpHandler (14) addr: F7A69180 03:08:50:609 4036 DetectCureTDL3: IrpHandler (15) addr: F7A649E6 03:08:50:609 4036 DetectCureTDL3: IrpHandler (16) addr: 804F4562 03:08:50:609 4036 DetectCureTDL3: IrpHandler (17) addr: 804F4562 03:08:50:609 4036 DetectCureTDL3: IrpHandler (18) addr: 804F4562 03:08:50:609 4036 DetectCureTDL3: IrpHandler (19) addr: 804F4562 03:08:50:609 4036 DetectCureTDL3: IrpHandler (20) addr: 804F4562 03:08:50:609 4036 DetectCureTDL3: IrpHandler (21) addr: 804F4562 03:08:50:609 4036 DetectCureTDL3: IrpHandler (22) addr: F7A685F0 03:08:50:609 4036 DetectCureTDL3: IrpHandler (23) addr: F7A66A6E 03:08:50:609 4036 DetectCureTDL3: IrpHandler (24) addr: 804F4562 03:08:50:609 4036 DetectCureTDL3: IrpHandler (25) addr: 804F4562 03:08:50:609 4036 DetectCureTDL3: IrpHandler (26) addr: 804F4562 03:08:50:609 4036 KLMD_ReadMem: Trying to ReadMemory 0xF7A65F26[0x400] 03:08:50:609 4036 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 0, 0 03:08:50:609 4036 TDL3_FileDetect: Processing driver: USBSTOR 03:08:50:609 4036 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\usbstor.sys, C:\WINDOWS\system32\Drivers\usbstor.tsk, SYSTEM\CurrentControlSet\Services\USBSTOR, system32\Drivers\usbstor.tsk 03:08:50:609 4036 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\usbstor.sys 03:08:50:609 4036 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\usbstor.sys 03:08:50:625 4036 DetectCureTDL3: 5 Curr stack PDEVICE_OBJECT: 86AD9338 03:08:50:625 4036 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86AD9338 03:08:50:625 4036 DetectCureTDL3: 5 Curr stack PDEVICE_OBJECT: 86A2C108 03:08:50:625 4036 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86A2C108 03:08:50:625 4036 DetectCureTDL3: 5 Curr stack PDEVICE_OBJECT: 869D8AE0 03:08:50:625 4036 KLMD_GetLowerDeviceObject: Trying to get lower device object for 869D8AE0 03:08:50:625 4036 KLMD_ReadMem: Trying to ReadMemory 0x869D8AE0[0x38] 03:08:50:625 4036 DetectCureTDL3: DRIVER_OBJECT addr: 86C97AE8 03:08:50:625 4036 KLMD_ReadMem: Trying to ReadMemory 0x86C97AE8[0xA8] 03:08:50:625 4036 KLMD_ReadMem: Trying to ReadMemory 0xE227FBA8[0x208] 03:08:50:625 4036 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR 03:08:50:625 4036 DetectCureTDL3: IrpHandler (0) addr: F7A69218 03:08:50:625 4036 DetectCureTDL3: IrpHandler (1) addr: 804F4562 03:08:50:625 4036 DetectCureTDL3: IrpHandler (2) addr: F7A69218 03:08:50:625 4036 DetectCureTDL3: IrpHandler (3) addr: F7A6923C 03:08:50:625 4036 DetectCureTDL3: IrpHandler (4) addr: F7A6923C 03:08:50:625 4036 DetectCureTDL3: IrpHandler (5) addr: 804F4562 03:08:50:625 4036 DetectCureTDL3: IrpHandler (6) addr: 804F4562 03:08:50:625 4036 DetectCureTDL3: IrpHandler (7) addr: 804F4562 03:08:50:625 4036 DetectCureTDL3: IrpHandler ( addr: 804F4562 03:08:50:625 4036 DetectCureTDL3: IrpHandler (9) addr: 804F4562 03:08:50:625 4036 DetectCureTDL3: IrpHandler (10) addr: 804F4562 03:08:50:625 4036 DetectCureTDL3: IrpHandler (11) addr: 804F4562 03:08:50:625 4036 DetectCureTDL3: IrpHandler (12) addr: 804F4562 03:08:50:625 4036 DetectCureTDL3: IrpHandler (13) addr: 804F4562 03:08:50:625 4036 DetectCureTDL3: IrpHandler (14) addr: F7A69180 03:08:50:625 4036 DetectCureTDL3: IrpHandler (15) addr: F7A649E6 03:08:50:625 4036 DetectCureTDL3: IrpHandler (16) addr: 804F4562 03:08:50:625 4036 DetectCureTDL3: IrpHandler (17) addr: 804F4562 03:08:50:625 4036 DetectCureTDL3: IrpHandler (18) addr: 804F4562 03:08:50:625 4036 DetectCureTDL3: IrpHandler (19) addr: 804F4562 03:08:50:625 4036 DetectCureTDL3: IrpHandler (20) addr: 804F4562 03:08:50:625 4036 DetectCureTDL3: IrpHandler (21) addr: 804F4562 03:08:50:625 4036 DetectCureTDL3: IrpHandler (22) addr: F7A685F0 03:08:50:625 4036 DetectCureTDL3: IrpHandler (23) addr: F7A66A6E 03:08:50:625 4036 DetectCureTDL3: IrpHandler (24) addr: 804F4562 03:08:50:625 4036 DetectCureTDL3: IrpHandler (25) addr: 804F4562 03:08:50:625 4036 DetectCureTDL3: IrpHandler (26) addr: 804F4562 03:08:50:625 4036 KLMD_ReadMem: Trying to ReadMemory 0xF7A65F26[0x400] 03:08:50:625 4036 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 0, 0 03:08:50:625 4036 TDL3_FileDetect: Processing driver: USBSTOR 03:08:50:625 4036 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\usbstor.sys, C:\WINDOWS\system32\Drivers\usbstor.tsk, SYSTEM\CurrentControlSet\Services\USBSTOR, system32\Drivers\usbstor.tsk 03:08:50:625 4036 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\usbstor.sys 03:08:50:625 4036 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\usbstor.sys 03:08:50:625 4036 DetectCureTDL3: 6 Curr stack PDEVICE_OBJECT: 86A7C518 03:08:50:625 4036 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86A7C518 03:08:50:625 4036 DetectCureTDL3: 6 Curr stack PDEVICE_OBJECT: 86C96CE0 03:08:50:625 4036 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86C96CE0 03:08:50:625 4036 DetectCureTDL3: 6 Curr stack PDEVICE_OBJECT: 869DDCC0 03:08:50:625 4036 KLMD_GetLowerDeviceObject: Trying to get lower device object for 869DDCC0 03:08:50:625 4036 KLMD_ReadMem: Trying to ReadMemory 0x869DDCC0[0x38] 03:08:50:625 4036 DetectCureTDL3: DRIVER_OBJECT addr: 86C97AE8 03:08:50:625 4036 KLMD_ReadMem: Trying to ReadMemory 0x86C97AE8[0xA8] 03:08:50:625 4036 KLMD_ReadMem: Trying to ReadMemory 0xE227FBA8[0x208] 03:08:50:625 4036 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR 03:08:50:625 4036 DetectCureTDL3: IrpHandler (0) addr: F7A69218 03:08:50:625 4036 DetectCureTDL3: IrpHandler (1) addr: 804F4562 03:08:50:625 4036 DetectCureTDL3: IrpHandler (2) addr: F7A69218 03:08:50:625 4036 DetectCureTDL3: IrpHandler (3) addr: F7A6923C 03:08:50:625 4036 DetectCureTDL3: IrpHandler (4) addr: F7A6923C 03:08:50:625 4036 DetectCureTDL3: IrpHandler (5) addr: 804F4562 03:08:50:625 4036 DetectCureTDL3: IrpHandler (6) addr: 804F4562 03:08:50:625 4036 DetectCureTDL3: IrpHandler (7) addr: 804F4562 03:08:50:640 4036 DetectCureTDL3: IrpHandler ( addr: 804F4562 03:08:50:640 4036 DetectCureTDL3: IrpHandler (9) addr: 804F4562 03:08:50:640 4036 DetectCureTDL3: IrpHandler (10) addr: 804F4562 03:08:50:640 4036 DetectCureTDL3: IrpHandler (11) addr: 804F4562 03:08:50:640 4036 DetectCureTDL3: IrpHandler (12) addr: 804F4562 03:08:50:640 4036 DetectCureTDL3: IrpHandler (13) addr: 804F4562 03:08:50:640 4036 DetectCureTDL3: IrpHandler (14) addr: F7A69180 03:08:50:640 4036 DetectCureTDL3: IrpHandler (15) addr: F7A649E6 03:08:50:640 4036 DetectCureTDL3: IrpHandler (16) addr: 804F4562 03:08:50:640 4036 DetectCureTDL3: IrpHandler (17) addr: 804F4562 03:08:50:640 4036 DetectCureTDL3: IrpHandler (18) addr: 804F4562 03:08:50:640 4036 DetectCureTDL3: IrpHandler (19) addr: 804F4562 03:08:50:640 4036 DetectCureTDL3: IrpHandler (20) addr: 804F4562 03:08:50:640 4036 DetectCureTDL3: IrpHandler (21) addr: 804F4562 03:08:50:640 4036 DetectCureTDL3: IrpHandler (22) addr: F7A685F0 03:08:50:640 4036 DetectCureTDL3: IrpHandler (23) addr: F7A66A6E 03:08:50:640 4036 DetectCureTDL3: IrpHandler (24) addr: 804F4562 03:08:50:640 4036 DetectCureTDL3: IrpHandler (25) addr: 804F4562 03:08:50:640 4036 DetectCureTDL3: IrpHandler (26) addr: 804F4562 03:08:50:640 4036 KLMD_ReadMem: Trying to ReadMemory 0xF7A65F26[0x400] 03:08:50:640 4036 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 0, 0 03:08:50:640 4036 TDL3_FileDetect: Processing driver: USBSTOR 03:08:50:640 4036 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\usbstor.sys, C:\WINDOWS\system32\Drivers\usbstor.tsk, SYSTEM\CurrentControlSet\Services\USBSTOR, system32\Drivers\usbstor.tsk 03:08:50:640 4036 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\usbstor.sys 03:08:50:640 4036 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\usbstor.sys 03:08:50:640 4036 DetectCureTDL3: 7 Curr stack PDEVICE_OBJECT: 86FA3AB8 03:08:50:640 4036 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86FA3AB8 03:08:50:640 4036 DetectCureTDL3: 7 Curr stack PDEVICE_OBJECT: 86A36288 03:08:50:640 4036 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86A36288 03:08:50:640 4036 DetectCureTDL3: 7 Curr stack PDEVICE_OBJECT: 86A75D50 03:08:50:640 4036 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86A75D50 03:08:50:640 4036 KLMD_ReadMem: Trying to ReadMemory 0x86A75D50[0x38] 03:08:50:640 4036 DetectCureTDL3: DRIVER_OBJECT addr: 86C97AE8 03:08:50:640 4036 KLMD_ReadMem: Trying to ReadMemory 0x86C97AE8[0xA8] 03:08:50:640 4036 KLMD_ReadMem: Trying to ReadMemory 0xE227FBA8[0x208] 03:08:50:640 4036 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR 03:08:50:640 4036 DetectCureTDL3: IrpHandler (0) addr: F7A69218 03:08:50:640 4036 DetectCureTDL3: IrpHandler (1) addr: 804F4562 03:08:50:640 4036 DetectCureTDL3: IrpHandler (2) addr: F7A69218 03:08:50:640 4036 DetectCureTDL3: IrpHandler (3) addr: F7A6923C 03:08:50:640 4036 DetectCureTDL3: IrpHandler (4) addr: F7A6923C 03:08:50:640 4036 DetectCureTDL3: IrpHandler (5) addr: 804F4562 03:08:50:640 4036 DetectCureTDL3: IrpHandler (6) addr: 804F4562 03:08:50:640 4036 DetectCureTDL3: IrpHandler (7) addr: 804F4562 03:08:50:640 4036 DetectCureTDL3: IrpHandler ( addr: 804F4562 03:08:50:640 4036 DetectCureTDL3: IrpHandler (9) addr: 804F4562 03:08:50:640 4036 DetectCureTDL3: IrpHandler (10) addr: 804F4562 03:08:50:640 4036 DetectCureTDL3: IrpHandler (11) addr: 804F4562 03:08:50:640 4036 DetectCureTDL3: IrpHandler (12) addr: 804F4562 03:08:50:640 4036 DetectCureTDL3: IrpHandler (13) addr: 804F4562 03:08:50:640 4036 DetectCureTDL3: IrpHandler (14) addr: F7A69180 03:08:50:640 4036 DetectCureTDL3: IrpHandler (15) addr: F7A649E6 03:08:50:640 4036 DetectCureTDL3: IrpHandler (16) addr: 804F4562 03:08:50:640 4036 DetectCureTDL3: IrpHandler (17) addr: 804F4562 03:08:50:640 4036 DetectCureTDL3: IrpHandler (18) addr: 804F4562 03:08:50:640 4036 DetectCureTDL3: IrpHandler (19) addr: 804F4562 03:08:50:640 4036 DetectCureTDL3: IrpHandler (20) addr: 804F4562 03:08:50:640 4036 DetectCureTDL3: IrpHandler (21) addr: 804F4562 03:08:50:640 4036 DetectCureTDL3: IrpHandler (22) addr: F7A685F0 03:08:50:640 4036 DetectCureTDL3: IrpHandler (23) addr: F7A66A6E 03:08:50:640 4036 DetectCureTDL3: IrpHandler (24) addr: 804F4562 03:08:50:640 4036 DetectCureTDL3: IrpHandler (25) addr: 804F4562 03:08:50:640 4036 DetectCureTDL3: IrpHandler (26) addr: 804F4562 03:08:50:640 4036 KLMD_ReadMem: Trying to ReadMemory 0xF7A65F26[0x400] 03:08:50:640 4036 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 0, 0 03:08:50:640 4036 TDL3_FileDetect: Processing driver: USBSTOR 03:08:50:640 4036 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\usbstor.sys, C:\WINDOWS\system32\Drivers\usbstor.tsk, SYSTEM\CurrentControlSet\Services\USBSTOR, system32\Drivers\usbstor.tsk 03:08:50:640 4036 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\usbstor.sys 03:08:50:640 4036 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\usbstor.sys 03:08:50:656 4036 DetectCureTDL3: 8 Curr stack PDEVICE_OBJECT: 8713EC68 03:08:50:656 4036 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8713EC68 03:08:50:656 4036 KLMD_ReadMem: Trying to ReadMemory 0x8713EC68[0x38] 03:08:50:656 4036 DetectCureTDL3: DRIVER_OBJECT addr: 87167900 03:08:50:656 4036 KLMD_ReadMem: Trying to ReadMemory 0x87167900[0xA8] 03:08:50:656 4036 KLMD_ReadMem: Trying to ReadMemory 0xE19D83A8[0x208] 03:08:50:656 4036 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 03:08:50:656 4036 DetectCureTDL3: IrpHandler (0) addr: F76C2BB0 03:08:50:656 4036 DetectCureTDL3: IrpHandler (1) addr: 804F4562 03:08:50:656 4036 DetectCureTDL3: IrpHandler (2) addr: F76C2BB0 03:08:50:656 4036 DetectCureTDL3: IrpHandler (3) addr: F76BCD1F 03:08:50:656 4036 DetectCureTDL3: IrpHandler (4) addr: F76BCD1F 03:08:50:656 4036 DetectCureTDL3: IrpHandler (5) addr: 804F4562 03:08:50:656 4036 DetectCureTDL3: IrpHandler (6) addr: 804F4562 03:08:50:656 4036 DetectCureTDL3: IrpHandler (7) addr: 804F4562 03:08:50:656 4036 DetectCureTDL3: IrpHandler ( addr: 804F4562 03:08:50:656 4036 DetectCureTDL3: IrpHandler (9) addr: F76BD2E2 03:08:50:656 4036 DetectCureTDL3: IrpHandler (10) addr: 804F4562 03:08:50:656 4036 DetectCureTDL3: IrpHandler (11) addr: 804F4562 03:08:50:656 4036 DetectCureTDL3: IrpHandler (12) addr: 804F4562 03:08:50:656 4036 DetectCureTDL3: IrpHandler (13) addr: 804F4562 03:08:50:656 4036 DetectCureTDL3: IrpHandler (14) addr: F76BD3BB 03:08:50:656 4036 DetectCureTDL3: IrpHandler (15) addr: F76C0F28 03:08:50:656 4036 DetectCureTDL3: IrpHandler (16) addr: F76BD2E2 03:08:50:656 4036 DetectCureTDL3: IrpHandler (17) addr: 804F4562 03:08:50:656 4036 DetectCureTDL3: IrpHandler (18) addr: 804F4562 03:08:50:656 4036 DetectCureTDL3: IrpHandler (19) addr: 804F4562 03:08:50:656 4036 DetectCureTDL3: IrpHandler (20) addr: 804F4562 03:08:50:656 4036 DetectCureTDL3: IrpHandler (21) addr: 804F4562 03:08:50:656 4036 DetectCureTDL3: IrpHandler (22) addr: F76BEC82 03:08:50:656 4036 DetectCureTDL3: IrpHandler (23) addr: F76C399E 03:08:50:656 4036 DetectCureTDL3: IrpHandler (24) addr: 804F4562 03:08:50:656 4036 DetectCureTDL3: IrpHandler (25) addr: 804F4562 03:08:50:656 4036 DetectCureTDL3: IrpHandler (26) addr: 804F4562 03:08:50:656 4036 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400] 03:08:50:656 4036 KLMD_ReadMem: DeviceIoControl error 1 03:08:50:656 4036 TDL3_StartIoHookDetect: Unable to get StartIo handler code 03:08:50:656 4036 TDL3_FileDetect: Processing driver: Disk 03:08:50:656 4036 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk 03:08:50:656 4036 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys 03:08:50:656 4036 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys 03:08:50:656 4036 DetectCureTDL3: 9 Curr stack PDEVICE_OBJECT: 8713F9F0 03:08:50:656 4036 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8713F9F0 03:08:50:656 4036 KLMD_ReadMem: Trying to ReadMemory 0x8713F9F0[0x38] 03:08:50:656 4036 DetectCureTDL3: DRIVER_OBJECT addr: 87167900 03:08:50:656 4036 KLMD_ReadMem: Trying to ReadMemory 0x87167900[0xA8] 03:08:50:656 4036 KLMD_ReadMem: Trying to ReadMemory 0xE19D83A8[0x208] 03:08:50:656 4036 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 03:08:50:656 4036 DetectCureTDL3: IrpHandler (0) addr: F76C2BB0 03:08:50:656 4036 DetectCureTDL3: IrpHandler (1) addr: 804F4562 03:08:50:656 4036 DetectCureTDL3: IrpHandler (2) addr: F76C2BB0 03:08:50:656 4036 DetectCureTDL3: IrpHandler (3) addr: F76BCD1F 03:08:50:656 4036 DetectCureTDL3: IrpHandler (4) addr: F76BCD1F 03:08:50:656 4036 DetectCureTDL3: IrpHandler (5) addr: 804F4562 03:08:50:656 4036 DetectCureTDL3: IrpHandler (6) addr: 804F4562 03:08:50:656 4036 DetectCureTDL3: IrpHandler (7) addr: 804F4562 03:08:50:656 4036 DetectCureTDL3: IrpHandler ( addr: 804F4562 03:08:50:656 4036 DetectCureTDL3: IrpHandler (9) addr: F76BD2E2 03:08:50:656 4036 DetectCureTDL3: IrpHandler (10) addr: 804F4562 03:08:50:656 4036 DetectCureTDL3: IrpHandler (11) addr: 804F4562 03:08:50:656 4036 DetectCureTDL3: IrpHandler (12) addr: 804F4562 03:08:50:671 4036 DetectCureTDL3: IrpHandler (13) addr: 804F4562 03:08:50:671 4036 DetectCureTDL3: IrpHandler (14) addr: F76BD3BB 03:08:50:671 4036 DetectCureTDL3: IrpHandler (15) addr: F76C0F28 03:08:50:671 4036 DetectCureTDL3: IrpHandler (16) addr: F76BD2E2 03:08:50:671 4036 DetectCureTDL3: IrpHandler (17) addr: 804F4562 03:08:50:671 4036 DetectCureTDL3: IrpHandler (18) addr: 804F4562 03:08:50:671 4036 DetectCureTDL3: IrpHandler (19) addr: 804F4562 03:08:50:671 4036 DetectCureTDL3: IrpHandler (20) addr: 804F4562 03:08:50:671 4036 DetectCureTDL3: IrpHandler (21) addr: 804F4562 03:08:50:671 4036 DetectCureTDL3: IrpHandler (22) addr: F76BEC82 03:08:50:671 4036 DetectCureTDL3: IrpHandler (23) addr: F76C399E 03:08:50:671 4036 DetectCureTDL3: IrpHandler (24) addr: 804F4562 03:08:50:671 4036 DetectCureTDL3: IrpHandler (25) addr: 804F4562 03:08:50:671 4036 DetectCureTDL3: IrpHandler (26) addr: 804F4562 03:08:50:671 4036 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400] 03:08:50:671 4036 KLMD_ReadMem: DeviceIoControl error 1 03:08:50:671 4036 TDL3_StartIoHookDetect: Unable to get StartIo handler code 03:08:50:671 4036 TDL3_FileDetect: Processing driver: Disk 03:08:50:671 4036 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk 03:08:50:671 4036 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys 03:08:50:671 4036 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys 03:08:50:671 4036 DetectCureTDL3: 10 Curr stack PDEVICE_OBJECT: 87160AB8 03:08:50:671 4036 KLMD_GetLowerDeviceObject: Trying to get lower device object for 87160AB8 03:08:50:671 4036 DetectCureTDL3: 10 Curr stack PDEVICE_OBJECT: 87142958 03:08:50:671 4036 KLMD_GetLowerDeviceObject: Trying to get lower device object for 87142958 03:08:50:671 4036 DetectCureTDL3: 10 Curr stack PDEVICE_OBJECT: 87165B00 03:08:50:671 4036 KLMD_GetLowerDeviceObject: Trying to get lower device object for 87165B00 03:08:50:671 4036 KLMD_ReadMem: Trying to ReadMemory 0x87165B00[0x38] 03:08:50:671 4036 DetectCureTDL3: DRIVER_OBJECT addr: 87188510 03:08:50:671 4036 KLMD_ReadMem: Trying to ReadMemory 0x87188510[0xA8] 03:08:50:671 4036 KLMD_ReadMem: Trying to ReadMemory 0xE1012910[0x208] 03:08:50:671 4036 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi 03:08:50:671 4036 DetectCureTDL3: IrpHandler (0) addr: F74CE6F2 03:08:50:671 4036 DetectCureTDL3: IrpHandler (1) addr: 804F4562 03:08:50:671 4036 DetectCureTDL3: IrpHandler (2) addr: F74CE6F2 03:08:50:671 4036 DetectCureTDL3: IrpHandler (3) addr: 804F4562 03:08:50:671 4036 DetectCureTDL3: IrpHandler (4) addr: 804F4562 03:08:50:671 4036 DetectCureTDL3: IrpHandler (5) addr: 804F4562 03:08:50:671 4036 DetectCureTDL3: IrpHandler (6) addr: 804F4562 03:08:50:671 4036 DetectCureTDL3: IrpHandler (7) addr: 804F4562 03:08:50:671 4036 DetectCureTDL3: IrpHandler ( addr: 804F4562 03:08:50:671 4036 DetectCureTDL3: IrpHandler (9) addr: 804F4562 03:08:50:671 4036 DetectCureTDL3: IrpHandler (10) addr: 804F4562 03:08:50:671 4036 DetectCureTDL3: IrpHandler (11) addr: 804F4562 03:08:50:671 4036 DetectCureTDL3: IrpHandler (12) addr: 804F4562 03:08:50:671 4036 DetectCureTDL3: IrpHandler (13) addr: 804F4562 03:08:50:671 4036 DetectCureTDL3: IrpHandler (14) addr: F74CE712 03:08:50:671 4036 DetectCureTDL3: IrpHandler (15) addr: F74CA852 03:08:50:671 4036 DetectCureTDL3: IrpHandler (16) addr: 804F4562 03:08:50:671 4036 DetectCureTDL3: IrpHandler (17) addr: 804F4562 03:08:50:671 4036 DetectCureTDL3: IrpHandler (18) addr: 804F4562 03:08:50:671 4036 DetectCureTDL3: IrpHandler (19) addr: 804F4562 03:08:50:671 4036 DetectCureTDL3: IrpHandler (20) addr: 804F4562 03:08:50:671 4036 DetectCureTDL3: IrpHandler (21) addr: 804F4562 03:08:50:671 4036 DetectCureTDL3: IrpHandler (22) addr: F74CE73C 03:08:50:671 4036 DetectCureTDL3: IrpHandler (23) addr: F74D5336 03:08:50:671 4036 DetectCureTDL3: IrpHandler (24) addr: 804F4562 03:08:50:671 4036 DetectCureTDL3: IrpHandler (25) addr: 804F4562 03:08:50:671 4036 DetectCureTDL3: IrpHandler (26) addr: 804F4562 03:08:50:671 4036 KLMD_ReadMem: Trying to ReadMemory 0xF74CB864[0x400] 03:08:50:671 4036 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 316, 0 03:08:50:671 4036 TDL3_FileDetect: Processing driver: atapi 03:08:50:671 4036 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\atapi.sys, C:\WINDOWS\system32\Drivers\atapi.tsk, SYSTEM\CurrentControlSet\Services\atapi, system32\Drivers\atapi.tsk 03:08:50:671 4036 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\atapi.sys 03:08:50:671 4036 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\atapi.sys 03:08:50:703 4036 Completed Results: 03:08:50:703 4036 Infected objects in memory: 0 03:08:50:703 4036 Cured objects in memory: 0 03:08:50:703 4036 Infected objects on disk: 0 03:08:50:703 4036 Objects on disk cured on reboot: 0 03:08:50:703 4036 Objects on disk deleted on reboot: 0 03:08:50:703 4036 Registry nodes deleted on reboot: 0 03:08:50:703 4036 ComboFix 09-12-24.02 - HP_Propriétaire 25/12/2009 3:23.4.2 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.304 [GMT 1:00] Lancé depuis: c:\documents and settings\HP_Propriétaire\Mes documents\Téléchargements\69356-CF.exe AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\LHT1F.tmp C:\LHT22.tmp C:\LHT23.tmp C:\LHT90.tmp C:\LHTB6.tmp c:\windows\system32\2492142984.dat c:\windows\system32\404Fix.exe c:\windows\system32\Agent.OMZ.Fix.exe c:\windows\system32\dumphive.exe c:\windows\system32\H8SRTiqqjcbqjhn.dll c:\windows\system32\H8SRTmttappehem.dat c:\windows\system32\IEDFix.C.exe c:\windows\system32\IEDFix.exe c:\windows\system32\krl32mainweq.dll c:\windows\system32\o4Patch.exe c:\windows\system32\Process.exe c:\windows\system32\ps2.bat c:\windows\system32\SrchSTS.exe c:\windows\system32\srcr.dat c:\windows\system32\tmp.reg c:\windows\system32\VACFix.exe c:\windows\system32\VCCLSID.exe c:\windows\system32\WS2Fix.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2009-11-25 au 2009-12-25 )))))))))))))))))))))))))))))))))))) . 2009-12-25 01:54 . 2009-12-25 02:08 -------- d-----w- C:\tdsskiller 2009-12-24 14:45 . 2009-12-24 14:45 -------- d-sh--w- c:\documents and settings\Administrateur\PrivacIE 2009-12-24 14:43 . 2009-12-24 14:43 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache 2009-12-24 13:49 . 2009-12-24 13:49 -------- d-----w- C:\sh4ldr 2009-12-24 13:48 . 2009-12-24 13:48 -------- d-----w- c:\program files\Enigma Software Group 2009-12-24 11:12 . 2009-12-24 11:12 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2009-12-24 11:12 . 2009-12-25 02:25 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-12-09 16:53 . 2009-12-11 21:18 -------- d-----w- c:\program files\Microsoft Silverlight 2009-12-09 16:53 . 2009-12-09 16:53 -------- d-----w- c:\program files\Microsoft Office Outlook Connector 2009-12-09 16:53 . 2009-08-05 21:48 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys 2009-12-09 16:52 . 2009-12-09 16:52 -------- d-----w- c:\program files\Microsoft Sync Framework 2009-12-09 16:51 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll 2009-12-09 16:51 . 2009-12-09 16:51 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2009-12-09 16:49 . 2009-12-09 16:53 -------- d-----w- c:\program files\Microsoft 2009-12-09 16:49 . 2009-12-09 16:49 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-12-09 16:43 . 2009-12-09 16:43 -------- d-----w- c:\program files\Fichiers communs\Windows Live . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-25 02:30 . 2009-12-24 11:12 -------- d-----w- c:\program files\Spyware Doctor 2009-12-25 02:29 . 2009-06-14 00:32 -------- d-----w- c:\program files\DNA 2009-12-24 15:34 . 2005-10-11 18:42 -------- d-----w- c:\program files\Google 2009-12-24 11:17 . 2009-12-24 11:12 -------- d-----w- c:\program files\Fichiers communs\PC Tools 2009-12-19 09:51 . 2008-10-21 13:58 -------- d-----w- c:\program files\World of Warcraft 2009-12-15 19:18 . 2004-11-23 21:26 86862 ----a-w- c:\windows\system32\perfc00C.dat 2009-12-15 19:18 . 2004-11-23 21:26 515380 ----a-w- c:\windows\system32\perfh00C.dat 2009-12-10 21:58 . 2008-10-21 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-12-09 16:53 . 2008-10-21 15:47 -------- d-----w- c:\program files\Windows Live 2009-12-07 19:24 . 2009-06-03 13:04 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-11-18 18:04 . 2008-10-23 19:29 -------- d-----w- c:\program files\WowCartographe 2009-11-10 09:28 . 2009-12-24 11:17 149456 ----a-w- c:\windows\SGDetectionTool.dll 2009-11-10 09:28 . 2009-12-24 11:17 1640400 ----a-w- c:\windows\PCTBDCore.dll 2009-11-10 09:28 . 2009-12-24 11:17 165840 ----a-w- c:\windows\PCTBDRes.dll 2009-11-10 09:26 . 2009-12-24 11:17 767952 ----a-w- c:\windows\BDTSupport.dll 2009-11-09 10:20 . 2009-12-24 11:13 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2009-10-30 10:11 . 2009-12-24 11:13 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2009-10-29 07:42 . 2004-08-05 18:00 916480 ----a-w- c:\windows\system32\wininet.dll 2009-10-28 00:36 . 2009-12-24 11:17 1152444 ----a-w- c:\windows\UDB.zip 2009-10-21 05:39 . 2004-08-05 18:00 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 05:39 . 2004-08-05 18:00 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-20 16:20 . 2004-08-05 18:00 265728 ----a-w- c:\windows\system32\drivers\http.sys 2009-10-13 10:33 . 2004-08-05 18:00 271360 ----a-w- c:\windows\system32\oakley.dll 2009-10-12 13:39 . 2004-08-05 18:00 79872 ----a-w- c:\windows\system32\raschap.dll 2009-10-12 13:39 . 2004-08-05 18:00 150528 ----a-w- c:\windows\system32\rastls.dll 2009-10-06 15:31 . 2009-12-24 11:13 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-06-02 24264488] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 61952] "SoundMan"="SOUNDMAN.EXE" [2005-05-04 90112] "AlcWzrd"="ALCWZRD.EXE" [2005-05-04 2805248] "RemoteControl"="c:\program files\ASUS\ASUS Remote\RemoteControlAppl.exe" [2005-06-10 61440] "HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440] "Home Theater SchSvr"="c:\program files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe" [2005-07-18 106496] "WINREMOTE"="c:\program files\InterVideo\Common\Bin\WinRemote.exe" [2005-07-18 262144] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472] "PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-11 253952] "HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272] "nwiz"="nwiz.exe" [2009-04-30 1657376] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-16 148888] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128] "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-11-18 1243088] "SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2009-12-09 866200] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"= "c:\\Program Files\\World of Warcraft\\WoW-2.4.3-to-3.0.2-frFR-Win-Final-downloader.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\World of Warcraft\\Launcher.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-frFR-downloader.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-frFR-downloader.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-frFR-downloader.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-frFR-downloader.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:UDP"= 3724:UDP:Blizzard downloader:3724 "6112:TCP"= 6112:TCP:Blibli downloader "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "27709:TCP"= 27709:TCP:tcp R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [3/06/2009 10:57 28544] R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [24/12/2009 12:13 207792] R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [24/12/2009 12:17 112592] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [9/12/2009 17:53 54752] R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [24/12/2009 12:13 359624] R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [11/10/2005 19:08 2786176] S2 a2AntiMalware;a-squared Anti-Malware Service;"c:\program files\a-squared Anti-Malware\a2service.exe" --> c:\program files\a-squared Anti-Malware\a2service.exe [?] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/07/2009 20:57 108289] S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [5/08/2009 22:48 704864] --- Autres Services/Pilotes en mémoire --- *NewlyCreated* - KLMD_BOOT *NewlyCreated* - KLMD_SYSTEM *Deregistered* - KLMD *Deregistered* - KLMD_Boot *Deregistered* - KLMD_System *Deregistered* - PCTSDInjDriver32 . ------- Examen supplémentaire ------- . uStart Page = uInternet Settings,ProxyOverride = *.local IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Pages liées - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Pages similaires - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Version de la page actuelle disponible dans le cache Google - c:\program files\Google\GoogleToolbar1.dll/cmcache.html DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab FF - ProfilePath - c:\documents and settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\wlot0w3y.default\ FF - prefs.js: browser.startup.homepage - www.jeuxvideo.com FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-Malware Defense - c:\program files\Malware Defense\mdefense.exe AddRemove-Smart Defrag_is1 - c:\program files\IObit\IObit SmartDefrag\unins000.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-25 03:30 Windows 5.1.2600 Service Pack 3 NTFS detected NTDLL code modification: ZwClose Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(620) c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll - - - - - - - > 'lsass.exe'(676) c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll . Heure de fin: 2009-12-25 03:33:26 ComboFix-quarantined-files.txt 2009-12-25 02:33 Avant-CF: 90.292.166.656 octets libres Après-CF: 90.348.179.456 octets libres - - End Of File - - E22D86CA7B92C83D8245A66C9B848239
  6. Aioros
    Personne qui a une aide à me proposer ?
  7. Aioros
    Personne qui a une aide à me proposer? Désolé double poste, plantage PC
  8. Aioros
    Bonjour à tous, je viens vous solliciter pour un problème à mon avis non négligeable. Depuis ce matin, un logiciel appelé " Malware Defense" ne cesse d'ouvrir des fenêtres et me disant que j'ai tel ou tel virus sur mon pc et que je dois désinstaller toute une série de programme, entre autre mon antivirus. Je n'ai rien accepté de tout ça. Mon pc est également ralentit depuis. Un anti-spyware vient de faire un scan et m'a détecté 8 infections dont 2 dangereuses : "Trojan.FakeAlert" et "Rootkit.TDSS" Mon pc met plus de 5-10 minutes pour démarrer et je ne peux rien faire dessus, après 5 minutes il plante Pourriez vous m'aider svp ?
  9. Aioros
    Un grand merci à vous pour ces réponses rapides et votre aide précieuse ! Je terminerai le dernier point ainsi que la lecture des infos pour le P2P et le signalement des malwares demain. Encore merci !!!!
  10. Aioros
    Tout est en ordre j'ai suivi les diverses instructions données précédemment
  11. Aioros
    Tout est rentré dans l'ordre à première vue, j'ai même l'impression que le PC est plus rapide. Je ne vais pas m'en plaindre Merci pour ton aide !
  12. Aioros
    Voici le rapport de MBAM : Malwarebytes' Anti-Malware 1.37 Version de la base de données: 2287 Windows 5.1.2600 Service Pack 3 16/06/2009 18:09:37 mbam-log-2009-06-16 (18-09-37).txt Type de recherche: Examen complet (C:\|D:\|E:\|F:\|H:\|I:\|J:\|K:\|) Eléments examinés: 183160 Temps écoulé: 37 minute(s), 54 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 2 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 8 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\8085:tcp (Malware.Trace) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): c:\qoobox\quarantine\c\program files\podmena\podmena.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully. c:\Qoobox\quarantine\C\WINDOWS\ld09.exe.vir (Worm.Koobface) -> Quarantined and deleted successfully. c:\qoobox\quarantine\c\windows\system32\advapi32z.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully. c:\RECYCLER\s-1-5-21-4139748351-1332480062-762842261-1008\Dc6.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}\rp88\A0018612.dll (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}\RP88\A0018615.exe (Worm.Koobface) -> Quarantined and deleted successfully. c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}\rp88\A0018617.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\HP_Propriétaire\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
  13. Aioros
    Voici le rapport mais je constate que tout est rentré dans l'ordre : ComboFix 09-06-15.07 - HP_Propriétaire 16/06/2009 16:53.3 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.670 [GMT 2:00] Lancé depuis: c:\documents and settings\HP_Propriétaire\Bureau\Combo-Fix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\podmena c:\program files\websrvx c:\windows\system32\advapi32z.exe c:\documents and settings\HP_Propriétaire\HP_Propriétaire.exe c:\program files\podmena\podmena.dll c:\program files\podmena\podmena.sys c:\program files\websrvx\websrvx.exe c:\windows\ld09.exe D:\Desktop.ini . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_HKMSVCWSCSVC -------\Legacy_PODMENA -------\Legacy_PODMENADRV -------\Service_hkmsvcwscsvc -------\Service_podmena -------\Service_podmenadrv -------\Legacy_websrvx -------\Service_websrvx ((((((((((((((((((((((((((((( Fichiers créés du 2009-05-16 au 2009-06-16 )))))))))))))))))))))))))))))))))))) . 2009-06-16 14:28 . 2009-06-16 14:29 -------- d-----w- C:\rsit 2009-06-16 14:06 . 2009-06-16 14:06 2 ---h--w- c:\windows\zaponce52689.dat 2009-06-16 10:34 . 2009-06-16 10:34 2 ---h--w- c:\windows\zaponce54043.dat 2009-06-16 10:34 . 2009-06-16 10:34 2 ---h--w- c:\windows\zaponce53652.dat 2009-06-15 16:38 . 2009-06-15 16:38 2 ---h--w- c:\windows\zaponce53173.dat 2009-06-15 16:38 . 2009-06-15 16:38 2 ---h--w- c:\windows\zaponce53290.dat 2009-06-15 08:26 . 2009-06-15 08:26 -------- d-----w- c:\program files\LimeWire 2009-06-15 08:04 . 2009-05-01 21:03 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys 2009-06-15 08:04 . 2009-05-01 21:03 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys 2009-06-15 08:04 . 2009-05-01 21:03 129784 ------w- c:\windows\system32\pxafs.dll 2009-06-15 08:04 . 2009-06-15 08:04 -------- d-----w- c:\program files\Fichiers communs\DivX Shared 2009-06-15 08:04 . 2009-06-15 08:04 -------- d-----w- c:\program files\DivX 2009-06-14 00:32 . 2009-06-16 14:59 -------- d-----w- c:\program files\DNA 2009-06-14 00:32 . 2009-06-14 00:32 -------- d-----w- c:\program files\BitTorrent 2009-06-03 18:16 . 2009-06-03 18:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Age of Empires 3 2009-06-03 16:46 . 2009-06-03 16:46 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2009-06-03 16:43 . 2009-06-03 16:43 -------- d-----w- c:\program files\Fichiers communs\Skype 2009-06-03 16:43 . 2009-06-03 16:43 -------- d-----r- c:\program files\Skype 2009-06-03 16:40 . 2005-05-26 13:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll 2009-06-03 16:33 . 2009-06-03 16:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2009-06-03 16:29 . 2009-06-03 16:29 -------- d-----w- c:\program files\Microsoft Games 2009-06-03 13:08 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-06-03 13:08 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-06-03 13:08 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-06-03 13:08 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-06-03 13:08 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-06-03 13:08 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-06-03 13:08 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-06-03 13:08 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-06-03 13:08 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe 2009-06-03 13:04 . 2009-03-24 14:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-06-03 10:02 . 2009-06-03 10:33 -------- d-----w- c:\windows\BDOSCAN8 2009-06-03 09:57 . 2008-06-19 15:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys 2009-06-03 09:57 . 2009-06-03 09:57 -------- d-----w- c:\program files\Panda Security 2009-06-03 09:44 . 2009-06-03 15:12 32 --s-a-w- c:\windows\system32\2492142984.dat 2009-05-17 22:08 . 2009-05-17 22:08 -------- d-----w- c:\program files\pdfforge Toolbar 2009-05-17 22:08 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll 2009-05-17 22:08 . 1998-07-13 00:08 119568 ----a-w- c:\windows\system32\VB6FR.DLL 2009-05-17 22:08 . 1998-07-13 00:08 59904 ----a-w- c:\windows\system32\MSCC2FR.DLL 2009-05-17 22:08 . 1998-07-13 00:08 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL 2009-05-17 22:07 . 2009-05-17 22:08 -------- d-----w- c:\program files\PDFCreator 2009-05-17 22:07 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-16 14:29 . 2009-01-13 11:12 -------- d-----w- c:\program files\trend micro 2009-06-14 14:38 . 2008-10-21 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-06-05 21:36 . 2008-10-21 13:58 -------- d-----w- c:\program files\World of Warcraft 2009-06-04 14:40 . 2008-10-21 18:57 -------- d-----w- c:\program files\eMule 2009-06-03 18:24 . 2008-10-22 15:30 -------- d-----w- c:\program files\SystemRequirementsLab 2009-06-03 16:40 . 2005-10-11 18:09 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-05-07 15:33 . 2004-08-05 18:00 348672 ----a-w- c:\windows\system32\localspl.dll 2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll 2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll 2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll 2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll 2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll 2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll 2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll 2009-04-30 22:30 . 2009-04-30 22:30 1194528 ----a-w- c:\windows\system32\nvcplui.exe 2009-04-30 20:02 . 2009-04-30 20:02 663552 ----a-w- c:\windows\system32\nvcuvid.dll 2009-04-30 20:02 . 2009-04-30 20:02 1579630 ----a-w- c:\windows\system32\nvdata.bin 2009-04-30 20:02 . 2009-04-30 20:02 1314816 ----a-w- c:\windows\system32\nvcuvenc.dll 2009-04-30 20:02 . 2008-10-07 11:33 806912 ----a-w- c:\windows\system32\nvapi.dll 2009-04-30 20:02 . 2008-10-07 11:33 1720320 ----a-w- c:\windows\system32\nvcuda.dll 2009-04-30 20:02 . 2005-10-11 18:07 457248 ----a-w- c:\windows\system32\nvudisp.exe 2009-04-30 20:02 . 2005-10-11 18:07 9994240 ----a-w- c:\windows\system32\nvoglnt.dll 2009-04-30 20:02 . 2005-10-11 18:07 8055584 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2009-04-30 20:02 . 2005-10-11 18:07 5896320 ----a-w- c:\windows\system32\nv4_disp.dll 2009-04-30 20:02 . 2005-10-11 18:07 143360 ----a-w- c:\windows\system32\nvcodins.dll 2009-04-30 20:02 . 2005-10-11 18:07 143360 ----a-w- c:\windows\system32\nvcod.dll 2009-04-29 04:45 . 2004-08-05 18:00 827392 ----a-w- c:\windows\system32\wininet.dll 2009-04-29 04:45 . 2004-08-05 18:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-04-26 22:42 . 2008-10-22 15:39 457248 ----a-w- c:\windows\system32\NVUNINST.EXE 2009-04-20 15:44 . 2004-11-23 21:26 77254 ----a-w- c:\windows\system32\perfc00C.dat 2009-04-20 15:44 . 2004-11-23 21:26 472796 ----a-w- c:\windows\system32\perfh00C.dat 2009-04-19 19:50 . 2004-08-05 18:00 1847296 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 14:53 . 2004-08-05 18:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}] 2009-05-04 14:32 650752 ----a-w- c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-06-02 24264488] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-06-14 321344] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "RemoteControl"="c:\program files\ASUS\ASUS Remote\RemoteControlAppl.exe" [2005-06-10 61440] "HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440] "Home Theater SchSvr"="c:\program files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe" [2005-07-18 106496] "WINREMOTE"="c:\program files\InterVideo\Common\Bin\WinRemote.exe" [2005-07-18 262144] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472] "PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-11 253952] "HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2009-05-04 992256] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016] "Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952] "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-05-04 90112] "AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2005-05-04 2805248] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-04-30 1657376] c:\documents and settings\HP_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\ rncsys32.exe [2008-4-14 19968] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"= "c:\\Program Files\\World of Warcraft\\WoW-2.4.3-to-3.0.2-frFR-Win-Final-downloader.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\World of Warcraft\\Launcher.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:UDP"= 3724:UDP:Blizzard downloader:3724 "6112:TCP"= 6112:TCP:Blibli downloader "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "27709:TCP"= 27709:TCP:tcp "8085:TCP"= 8085:TCP:podmena "53:TCP"= 53:TCP:websrvx R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [3/06/2009 11:57 28544] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [3/06/2009 15:08 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/06/2009 15:08 20560] R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [11/10/2005 20:08 2786176] S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [30/10/2008 18:36 33752] --- Autres Services/Pilotes en mémoire --- *NewlyCreated* - AVAST!_MAIL_SCANNER *NewlyCreated* - AVAST!_WEB_SCANNER . Contenu du dossier 'Tâches planifiées' 2009-05-30 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . . ------- Examen supplémentaire ------- . uInternet Settings,ProxyOverride = *.local IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Pages liées - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Pages similaires - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Version de la page actuelle disponible dans le cache Google - c:\program files\Google\GoogleToolbar1.dll/cmcache.html DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab FF - ProfilePath - . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-16 16:59 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(2488) c:\windows\system32\nview.dll c:\windows\system32\NVWRSFR.DLL c:\windows\system32\nvwddi.dll c:\windows\system32\eappprxy.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\nvsvc32.exe c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows\system32\CF440.exe c:\windows\system32\rundll32.exe c:\windows\system32\rundll32.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Fichiers communs\LightScribe\LSSrvc.exe c:\program files\HP\Digital Imaging\bin\hpqste08.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\HPZipm12.exe c:\program files\Skype\Plugin Manager\skypePM.exe c:\windows\system32\wbem\wmiapsrv.exe c:\program files\Alwil Software\Avast4\Setup\avast.setup . ************************************************************************** . Heure de fin: 2009-06-16 17:02 - La machine a redémarré ComboFix-quarantined-files.txt 2009-06-16 15:02 Avant-CF: 109.902.163.968 octets libres Après-CF: 110.217.621.504 octets libres Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=,1,2,3,4,5 266 --- E O F --- 2009-06-14 14:38
  14. Aioros
    voila le fichier info : info.txt logfile of random's system information tool 1.06 2009-06-16 16:29:09 ======Uninstall list====== -->"C:\Program Files\InstallShield Installation Information\{1A91D1FA-B9B3-4556-9878-5C61059A19B2}\setup.exe" REMOVEALL -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER -->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu -->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205} -->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382} -->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629} -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{89AD2814-AFA2-46AF-AE53-C27196D9FBE6}\setup.exe" REMOVEALL -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAA4CCCE-78DB-47B0-A651-68270D838BD4}\setup.exe" REMOVEALL -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 7.0 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70000000000} Age of Empires III-->C:\Program Files\InstallShield Installation Information\{70F8B183-99EB-4304-BA35-080E2DFFD2A3}\install.exe -runfromtemp -l0x040c Apple Mobile Device Support-->MsiExec.exe /I{162B71B8-8464-4680-A086-601D555B331D} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2} avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B} Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN eMule-->"C:\Program Files\eMule\Uninstall.exe" Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll" High Definition Audio - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" HP Appareils photos Photosmart 5.0-->C:\Program Files\HP\Digital Imaging\{C83A12B9-B31B-461A-BBD4-CE9B988094F1}\setup\hpzscr01.exe -datfile hpiscr01.dat HP Deskjet Printer Preload-->MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0} HP Document Viewer 5.3-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat HP Image Zone 5.3-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat HP Imaging Device Functions 5.3-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat HP Multimedia Keyboard Software-->C:\HP\KBD\KBD.EXE uninstalled HP Photosmart 330,380,420,470,7800,8000,8200 Series-->C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat HP PSC & OfficeJet 5.3.B-->"C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat HP Software Update-->MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93} HP Solution Center & Imaging Support Tools 5.3-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat InterVideo Home Theater-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7514465-E5F3-48E9-A952-327DAEF33DE6}\setup.exe" REMOVEALL InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL iTunes-->MsiExec.exe /I{C26B06A9-27BB-45B0-9873-9C623EC2BA38} J2SE Runtime Environment 5.0-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000} Java 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall LimeWire 5.1.3-->"C:\Program Files\LimeWire\uninstall.exe" Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700} Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE} Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB} Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} muvee autoProducer 4.0-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C3D719A-92C7-4323-89CC-C937D0267B84}\setup.exe" -l0x40c My Cinema-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BE55AE41-8147-4FA7-9961-FD2918D4A3FE} Nero 7 Premium-->MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031} NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI OGA Notifier 1.7.0105.35.0-->MsiExec.exe /I{25E98ECB-5727-408E-B30A-2CAF86F5B310} OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74} Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe PDFCreator-->C:\Program Files\PDFCreator\unins000.exe pdfforge Toolbar v1.0-->MsiExec.exe /X{B8B0FC8B-E69B-4215-AF1A-4BDFF20D794B} PS2-->C:\WINDOWS\system32\ps2.exe uninstall Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log" Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F} Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85} Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7} Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08} Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73} Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780} Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D} Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85} Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F} Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C} Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050} Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D} Smart Defrag 1.03-->"C:\Program Files\IObit\IObit SmartDefrag\unins000.exe" Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29} Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382} Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629} Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205} Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E} System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe" Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462} Update for Outlook 2007 Junk Email Filter (kb970012)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {DC4A962B-9EC2-469C-BC9C-87312ADAEE81} VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B} Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390} Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" World of Warcraft-->C:\Program Files\Fichiers communs\Blizzard Entertainment\World of Warcraft\Uninstall.exe Wow Cartographe 1.09-->C:\Program Files\WowCartographe\uninst.exe ======System event log====== Computer Name: QUENTIN Event Code: 7036 Message: Le service Téléphonie est entré dans l'état : en cours d'exécution. Record Number: 13470 Source Name: Service Control Manager Time Written: 20090519094336.000000+120 Event Type: Informations User: Computer Name: QUENTIN Event Code: 7036 Message: Le service Compatibilité avec le Changement rapide d'utilisateur est entré dans l'état : en cours d'exécution. Record Number: 13469 Source Name: Service Control Manager Time Written: 20090519094336.000000+120 Event Type: Informations User: Computer Name: QUENTIN Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service Compatibilité avec le Changement rapide d'utilisateur. Record Number: 13468 Source Name: Service Control Manager Time Written: 20090519094336.000000+120 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: QUENTIN Event Code: 7036 Message: Le service Services Terminal Server est entré dans l'état : en cours d'exécution. Record Number: 13467 Source Name: Service Control Manager Time Written: 20090519094336.000000+120 Event Type: Informations User: Computer Name: QUENTIN Event Code: 7000 Message: Le service a-squared Anti-Malware Service n'a pas pu démarrer en raison de l'erreur : Le chemin d'accès spécifié est introuvable. Record Number: 13466 Source Name: Service Control Manager Time Written: 20090519094333.000000+120 Event Type: erreur User: =====Application event log===== Computer Name: QUENTIN Event Code: 0 Message: Record Number: 5 Source Name: iPod Service Time Written: 20090502011321.000000+120 Event Type: Informations User: Computer Name: QUENTIN Event Code: 1800 Message: Le service Centre de sécurité Windows a démarré. Record Number: 4 Source Name: SecurityCenter Time Written: 20090502011309.000000+120 Event Type: Informations User: Computer Name: QUENTIN Event Code: 4096 Message: Record Number: 3 Source Name: Avira AntiVir Time Written: 20090502011309.000000+120 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: QUENTIN Event Code: 1 Message: Record Number: 2 Source Name: Bonjour Service Time Written: 20090502011307.000000+120 Event Type: Informations User: Computer Name: QUENTIN Event Code: 4 Message: The LightScribe Service started successfully. Record Number: 1 Source Name: LightScribeService Time Written: 20090502011304.000000+120 Event Type: Informations User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;c:\Python22;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Fichiers communs\DivX Shared\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel "PROCESSOR_REVISION"=0403 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "SonicCentral"=c:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\ "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip -----------------EOF----------------- le fichier log : Logfile of random's system information tool 1.06 (written by random/random) Run by HP_Propriétaire at 2009-06-16 16:28:43 Microsoft Windows XP Édition familiale Service Pack 3 System drive C: has 105 GB (72%) free of 146 GB Total RAM: 1023 MB (66% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:29:02, on 16/06/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16850) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe C:\HP\KBD\KBD.EXE C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe C:\Program Files\InterVideo\Common\Bin\WinRemote.exe C:\Program Files\HP\HP Software Update\HPwuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\DNA\btdna.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\HP_Propriétaire\Bureau\RSIT.exe C:\Program Files\trend micro\HP_Propriétaire.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll O1 - Hosts: ÿþ# Copyright © 1993-1999 Microsoft Corp. O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe" O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe" O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [searchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sysldtray] C:\windows\ld09.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - Startup: rncsys32.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Unknown owner - C:\Program Files\a-squared Anti-Malware\a2service.exe (file missing) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Service Gestion des clés et des certificats d'intégrité hkmsvcwscsvc (hkmsvcwscsvc) - Unknown owner - C:\WINDOWS\system32\advapi32z.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: websrvx - Unknown owner - C:\Program Files\websrvx\websrvx.exe -- End of file - 10560 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2005-10-11 716800] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}] pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll [2009-05-04 650752] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}] C:\Program Files\pdfforge Toolbar\SearchSettings.dll [2009-05-04 1114112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2005-10-11 716800] {B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll [2009-05-04 650752] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736] "Raccourci vers la page des propriétés de High Definition Audio"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-08 61952] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-05-04 90112] "AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2005-05-04 2805248] "RemoteControl"=C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe [2005-06-10 61440] "HPHUPD08"=c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [2005-06-02 49152] "KBD"=C:\HP\KBD\KBD.EXE [2005-02-03 61440] "Home Theater SchSvr"=C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe [2005-07-18 106496] "WINREMOTE"=C:\Program Files\InterVideo\Common\Bin\WinRemote.exe [2005-07-18 262144] "Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2004-04-14 233472] "PS2"=C:\WINDOWS\system32\ps2.exe [2004-10-26 90112] "LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [2005-05-11 253952] "HP Software Update"=C:\Program Files\HP\HP Software Update\HPwuSchd2.exe [2005-05-12 49152] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-03-12 342312] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888] "SearchSettings"=C:\Program Files\pdfforge Toolbar\SearchSettings.exe [2009-05-04 992256] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000] "KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k [] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-05-01 13750272] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-05-01 86016] "sysldtray"=C:\windows\ld09.exe [2009-06-15 15872] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232] "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-06-02 24264488] "BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2009-06-14 321344] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\Démarrage rncsys32.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe" "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe" "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe" "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe" "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe" "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe" "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe" "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe" "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\Program Files\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:BackgroundDownloader" "C:\Program Files\World of Warcraft\WoW-2.4.3-to-3.0.2-frFR-Win-Final-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.4.3-to-3.0.2-frFR-Win-Final-downloader.exe:*:Enabled:Blizzard Downloader" "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare" "C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\Blizzard Launcher Temporary - 2177cf60\Launcher.exe"="C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\Blizzard Launcher Temporary - 2177cf60\Launcher.exe:*:Enabled:Blizzard Launcher" "C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\Blizzard Launcher Temporary - 15814f60\Launcher.exe"="C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\Blizzard Launcher Temporary - 15814f60\Launcher.exe:*:Enabled:Blizzard Launcher" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\World of Warcraft\Launcher.exe"="C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher" "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application" "C:\Program Files\Microsoft Games\Age of Empires III\age3.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires III" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA" "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" ======File associations====== .js - edit - .js - open - .txt - open - ======List of files/folders created in the last 3 months====== 2009-06-16 16:28:43 ----D---- C:\rsit 2009-06-16 12:34:48 ----D---- C:\Program Files\websrvx 2009-06-15 18:39:03 ----D---- C:\Program Files\podmena 2009-06-15 18:38:46 ----H---- C:\WINDOWS\ld09.exe 2009-06-15 10:26:58 ----D---- C:\Documents and Settings\HP_Propriétaire\Application Data\LimeWire 2009-06-15 10:26:36 ----D---- C:\Program Files\LimeWire 2009-06-15 10:06:35 ----D---- C:\Documents and Settings\HP_Propriétaire\Application Data\DivX 2009-06-15 10:04:39 ----N---- C:\WINDOWS\system32\pxafs.dll 2009-06-15 10:04:14 ----D---- C:\Program Files\Fichiers communs\DivX Shared 2009-06-15 10:04:13 ----D---- C:\Program Files\DivX 2009-06-14 02:32:21 ----D---- C:\Documents and Settings\HP_Propriétaire\Application Data\BitTorrent 2009-06-14 02:32:12 ----D---- C:\Program Files\DNA 2009-06-14 02:32:12 ----D---- C:\Program Files\BitTorrent 2009-06-14 02:32:12 ----D---- C:\Documents and Settings\HP_Propriétaire\Application Data\DNA 2009-06-11 00:08:53 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$ 2009-06-11 00:08:48 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$ 2009-06-11 00:06:43 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$ 2009-06-11 00:06:13 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$ 2009-06-03 20:16:08 ----D---- C:\Documents and Settings\All Users\Application Data\Age of Empires 3 2009-06-03 18:46:00 ----D---- C:\Documents and Settings\HP_Propriétaire\Application Data\skypePM 2009-06-03 18:44:12 ----D---- C:\Documents and Settings\HP_Propriétaire\Application Data\Skype 2009-06-03 18:43:29 ----D---- C:\Program Files\Fichiers communs\Skype 2009-06-03 18:43:25 ----RD---- C:\Program Files\Skype 2009-06-03 18:40:11 ----A---- C:\WINDOWS\system32\d3dx9_26.dll 2009-06-03 18:40:08 ----A---- C:\WINDOWS\system32\d3dx9_25.dll 2009-06-03 18:39:24 ----A---- C:\WINDOWS\system32\dxdllreg.exe 2009-06-03 18:33:00 ----D---- C:\Documents and Settings\All Users\Application Data\Skype 2009-06-03 18:29:20 ----D---- C:\Program Files\Microsoft Games 2009-06-03 15:08:38 ----A---- C:\WINDOWS\system32\aswBoot.exe 2009-06-03 12:02:53 ----D---- C:\WINDOWS\BDOSCAN8 2009-06-03 11:57:22 ----D---- C:\Program Files\Panda Security 2009-06-03 11:44:26 ----RSH---- C:\WINDOWS\system32\advapi32z.exe 2009-05-18 16:38:32 ----D---- C:\Documents and Settings\HP_Propriétaire\Application Data\Search Settings 2009-05-18 16:38:27 ----D---- C:\Documents and Settings\HP_Propriétaire\Application Data\pdfforge 2009-05-18 00:08:25 ----D---- C:\Program Files\pdfforge Toolbar 2009-05-18 00:08:02 ----A---- C:\WINDOWS\system32\pdfcmnnt.dll 2009-05-18 00:08:00 ----A---- C:\WINDOWS\system32\VB6FR.DLL 2009-05-18 00:08:00 ----A---- C:\WINDOWS\system32\MSCMCFR.DLL 2009-05-18 00:08:00 ----A---- C:\WINDOWS\system32\MSCC2FR.DLL 2009-05-18 00:07:59 ----D---- C:\Program Files\PDFCreator 2009-05-18 00:07:59 ----A---- C:\WINDOWS\system32\MSMPIDE.DLL 2009-05-01 23:02:28 ----A---- C:\WINDOWS\system32\dpl100.dll 2009-05-01 23:02:26 ----A---- C:\WINDOWS\system32\divx_xx16.dll 2009-05-01 23:02:26 ----A---- C:\WINDOWS\system32\divx_xx11.dll 2009-05-01 23:02:26 ----A---- C:\WINDOWS\system32\divx_xx0c.dll 2009-05-01 23:02:26 ----A---- C:\WINDOWS\system32\divx_xx0a.dll 2009-05-01 23:02:26 ----A---- C:\WINDOWS\system32\divx_xx07.dll 2009-05-01 23:02:26 ----A---- C:\WINDOWS\system32\DivX.dll 2009-05-01 00:31:18 ----A---- C:\WINDOWS\system32\nvwrszht.dll 2009-05-01 00:31:18 ----A---- C:\WINDOWS\system32\nvwrszhc.dll 2009-05-01 00:31:18 ----A---- C:\WINDOWS\system32\nvwrstr.dll 2009-05-01 00:31:18 ----A---- C:\WINDOWS\system32\nvwrsth.dll 2009-05-01 00:31:16 ----A---- C:\WINDOWS\system32\nvwrssv.dll 2009-05-01 00:31:16 ----A---- C:\WINDOWS\system32\nvwrssl.dll 2009-05-01 00:31:16 ----A---- C:\WINDOWS\system32\nvwrssk.dll 2009-05-01 00:31:16 ----A---- C:\WINDOWS\system32\nvwrsru.dll 2009-05-01 00:31:16 ----A---- C:\WINDOWS\system32\nvwrsptb.dll 2009-05-01 00:31:16 ----A---- C:\WINDOWS\system32\nvwrspt.dll 2009-05-01 00:31:16 ----A---- C:\WINDOWS\system32\nvwrspl.dll 2009-05-01 00:31:16 ----A---- C:\WINDOWS\system32\nvwrsno.dll 2009-05-01 00:31:16 ----A---- C:\WINDOWS\system32\nvwrsnl.dll 2009-05-01 00:31:14 ----A---- C:\WINDOWS\system32\nvwrsko.dll 2009-05-01 00:31:14 ----A---- C:\WINDOWS\system32\nvwrsja.dll 2009-05-01 00:31:14 ----A---- C:\WINDOWS\system32\nvwrsit.dll 2009-05-01 00:31:14 ----A---- C:\WINDOWS\system32\nvwrshu.dll 2009-05-01 00:31:14 ----A---- C:\WINDOWS\system32\nvwrshe.dll 2009-05-01 00:31:14 ----A---- C:\WINDOWS\system32\nvwrsfr.dll 2009-05-01 00:31:12 ----A---- C:\WINDOWS\system32\nvwrsfi.dll 2009-05-01 00:31:12 ----A---- C:\WINDOWS\system32\nvwrsesm.dll 2009-05-01 00:31:12 ----A---- C:\WINDOWS\system32\nvwrses.dll 2009-05-01 00:31:12 ----A---- C:\WINDOWS\system32\nvwrseng.dll 2009-05-01 00:31:12 ----A---- C:\WINDOWS\system32\nvwrsel.dll 2009-05-01 00:31:12 ----A---- C:\WINDOWS\system32\nvwrsde.dll 2009-05-01 00:31:12 ----A---- C:\WINDOWS\system32\nvwrsda.dll 2009-05-01 00:31:12 ----A---- C:\WINDOWS\system32\nvwrscs.dll 2009-05-01 00:31:10 ----A---- C:\WINDOWS\system32\nwiz.exe 2009-05-01 00:31:10 ----A---- C:\WINDOWS\system32\nvwrsar.dll 2009-05-01 00:31:08 ----A---- C:\WINDOWS\system32\nvappbar.exe 2009-05-01 00:31:08 ----A---- C:\WINDOWS\system32\keystone.exe 2009-05-01 00:31:06 ----A---- C:\WINDOWS\system32\nvwimg.dll 2009-05-01 00:31:06 ----A---- C:\WINDOWS\system32\nvwdmcpl.dll 2009-05-01 00:31:06 ----A---- C:\WINDOWS\system32\nvshell.dll 2009-05-01 00:31:06 ----A---- C:\WINDOWS\system32\nview.dll 2009-05-01 00:31:00 ----A---- C:\WINDOWS\system32\nvcpluir.dll 2009-05-01 00:30:58 ----A---- C:\WINDOWS\system32\nvcplui.exe 2009-05-01 00:30:50 ----A---- C:\WINDOWS\system32\nvrszht.dll 2009-05-01 00:30:50 ----A---- C:\WINDOWS\system32\nvrszhc.dll 2009-05-01 00:30:50 ----A---- C:\WINDOWS\system32\nvrstr.dll 2009-05-01 00:30:50 ----A---- C:\WINDOWS\system32\nvrsth.dll 2009-05-01 00:30:50 ----A---- C:\WINDOWS\system32\nvrssv.dll 2009-05-01 00:30:50 ----A---- C:\WINDOWS\system32\nvrssl.dll 2009-05-01 00:30:50 ----A---- C:\WINDOWS\system32\nvrssk.dll 2009-05-01 00:30:50 ----A---- C:\WINDOWS\system32\nvrsru.dll 2009-05-01 00:30:50 ----A---- C:\WINDOWS\system32\nvrsptb.dll 2009-05-01 00:30:50 ----A---- C:\WINDOWS\system32\nvrspt.dll 2009-05-01 00:30:50 ----A---- C:\WINDOWS\system32\nvrspl.dll 2009-05-01 00:30:50 ----A---- C:\WINDOWS\system32\nvrsno.dll 2009-05-01 00:30:50 ----A---- C:\WINDOWS\system32\nvrsnl.dll 2009-05-01 00:30:50 ----A---- C:\WINDOWS\system32\nvrsko.dll 2009-05-01 00:30:50 ----A---- C:\WINDOWS\system32\nvrsja.dll 2009-05-01 00:30:50 ----A---- C:\WINDOWS\system32\nvrsit.dll 2009-05-01 00:30:50 ----A---- C:\WINDOWS\system32\nvrshu.dll 2009-05-01 00:30:50 ----A---- C:\WINDOWS\system32\nvrshe.dll 2009-05-01 00:30:48 ----A---- C:\WINDOWS\system32\nvwddi.dll 2009-05-01 00:30:48 ----A---- C:\WINDOWS\system32\nvrsfr.dll 2009-05-01 00:30:48 ----A---- C:\WINDOWS\system32\nvrsfi.dll 2009-05-01 00:30:48 ----A---- C:\WINDOWS\system32\nvrsesm.dll 2009-05-01 00:30:48 ----A---- C:\WINDOWS\system32\nvrses.dll 2009-05-01 00:30:48 ----A---- C:\WINDOWS\system32\nvrseng.dll 2009-05-01 00:30:48 ----A---- C:\WINDOWS\system32\nvrsel.dll 2009-05-01 00:30:48 ----A---- C:\WINDOWS\system32\nvrsde.dll 2009-05-01 00:30:48 ----A---- C:\WINDOWS\system32\nvrsda.dll 2009-05-01 00:30:48 ----A---- C:\WINDOWS\system32\nvrscs.dll 2009-05-01 00:30:48 ----A---- C:\WINDOWS\system32\nvrsar.dll 2009-05-01 00:30:38 ----A---- C:\WINDOWS\system32\nvwssr.dll 2009-05-01 00:30:36 ----A---- C:\WINDOWS\system32\nvwss.dll 2009-05-01 00:30:34 ----A---- C:\WINDOWS\system32\nvvitvsr.dll 2009-05-01 00:30:30 ----A---- C:\WINDOWS\system32\nvvitvs.dll 2009-05-01 00:30:28 ----A---- C:\WINDOWS\system32\nvmoblsr.dll 2009-05-01 00:30:26 ----A---- C:\WINDOWS\system32\nvmobls.dll 2009-05-01 00:30:26 ----A---- C:\WINDOWS\system32\nvmccssr.dll 2009-05-01 00:30:26 ----A---- C:\WINDOWS\system32\nvmccss.dll 2009-05-01 00:30:26 ----A---- C:\WINDOWS\system32\nvgamesr.dll 2009-05-01 00:30:24 ----A---- C:\WINDOWS\system32\nvgames.dll 2009-05-01 00:30:22 ----A---- C:\WINDOWS\system32\nvdispsr.dll 2009-05-01 00:30:18 ----A---- C:\WINDOWS\system32\nvsvc32.exe 2009-05-01 00:30:18 ----A---- C:\WINDOWS\system32\nvdisps.dll 2009-05-01 00:30:18 ----A---- C:\WINDOWS\system32\nvcolor.exe 2009-05-01 00:30:16 ----A---- C:\WINDOWS\system32\nvmctray.dll 2009-05-01 00:30:16 ----A---- C:\WINDOWS\system32\nvcpl.dll 2009-05-01 00:30:14 ----A---- C:\WINDOWS\system32\nvmccs.dll 2009-04-30 22:02:00 ----A---- C:\WINDOWS\system32\nvcuvid.dll 2009-04-30 22:02:00 ----A---- C:\WINDOWS\system32\nvcuvenc.dll 2009-04-17 00:06:20 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$ 2009-04-17 00:06:15 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$ 2009-04-17 00:03:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$ 2009-04-17 00:03:45 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$ 2009-04-17 00:02:55 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$ 2009-04-17 00:02:43 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$ 2009-04-11 09:59:31 ----A---- C:\WINDOWS\system32\javaws.exe 2009-04-11 09:59:31 ----A---- C:\WINDOWS\system32\javaw.exe 2009-04-11 09:59:31 ----A---- C:\WINDOWS\system32\java.exe 2009-03-21 10:48:49 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage ======List of files/folders modified in the last 3 months====== 2009-06-16 16:29:02 ----D---- C:\Program Files\trend micro 2009-06-16 16:28:33 ----D---- C:\WINDOWS\Prefetch 2009-06-16 16:25:58 ----D---- C:\Program Files\Mozilla Firefox 2009-06-16 16:06:54 ----D---- C:\WINDOWS\Temp 2009-06-16 16:06:48 ----D---- C:\WINDOWS 2009-06-16 16:05:20 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-06-16 12:34:48 ----D---- C:\Program Files 2009-06-15 10:04:39 ----D---- C:\WINDOWS\system32\drivers 2009-06-15 10:04:39 ----D---- C:\WINDOWS\system32 2009-06-15 10:04:21 ----SHD---- C:\WINDOWS\Installer 2009-06-15 10:04:14 ----D---- C:\Program Files\Fichiers communs 2009-06-14 16:38:29 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2009-06-14 03:35:36 ----A---- C:\WINDOWS\NeroDigital.ini 2009-06-11 00:08:56 ----HD---- C:\WINDOWS\inf 2009-06-11 00:08:55 ----D---- C:\WINDOWS\system32\dllcache 2009-06-11 00:08:51 ----A---- C:\WINDOWS\imsins.BAK 2009-06-11 00:08:47 ----HD---- C:\WINDOWS\$hf_mig$ 2009-06-11 00:06:34 ----D---- C:\WINDOWS\system32\fr-fr 2009-06-11 00:06:34 ----D---- C:\Program Files\Internet Explorer 2009-06-11 00:06:26 ----D---- C:\WINDOWS\ie7updates 2009-06-10 10:23:40 ----D---- C:\WINDOWS\system32\CatRoot2 2009-06-05 23:36:00 ----D---- C:\Program Files\World of Warcraft 2009-06-05 14:10:09 ----D---- C:\WINDOWS\Help 2009-06-05 14:08:47 ----D---- C:\WINDOWS\system32\ReinstallBackups 2009-06-05 14:08:23 ----D---- C:\NVIDIA 2009-06-04 16:40:00 ----D---- C:\Program Files\eMule 2009-06-03 20:24:05 ----D---- C:\Program Files\SystemRequirementsLab 2009-06-03 20:24:04 ----D---- C:\Documents and Settings\HP_Propriétaire\Application Data\SystemRequirementsLab 2009-06-03 18:40:26 ----HD---- C:\Program Files\InstallShield Installation Information 2009-06-03 18:40:15 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft 2009-06-03 18:40:14 ----RSD---- C:\WINDOWS\assembly 2009-06-03 18:40:14 ----D---- C:\WINDOWS\system32\DirectX 2009-06-03 18:40:10 ----D---- C:\WINDOWS\Microsoft.NET 2009-06-03 18:40:00 ----D---- C:\WINDOWS\RegisteredPackages 2009-06-03 15:03:40 ----D---- C:\WINDOWS\WinSxS 2009-06-03 15:03:40 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared 2009-06-03 12:02:56 ----D---- C:\WINDOWS\Downloaded Program Files 2009-06-01 18:51:12 ----A---- C:\WINDOWS\system32\MRT.exe 2009-05-18 00:08:40 ----D---- C:\WINDOWS\system32\FxsTmp 2009-05-07 17:33:02 ----A---- C:\WINDOWS\system32\localspl.dll 2009-05-01 23:03:38 ----N---- C:\WINDOWS\system32\pxhpinst.exe 2009-04-30 22:02:00 ----A---- C:\WINDOWS\system32\nvudisp.exe 2009-04-30 22:02:00 ----A---- C:\WINDOWS\system32\nvoglnt.dll 2009-04-30 22:02:00 ----A---- C:\WINDOWS\system32\nvcuda.dll 2009-04-30 22:02:00 ----A---- C:\WINDOWS\system32\nvcodins.dll 2009-04-30 22:02:00 ----A---- C:\WINDOWS\system32\nvcod.dll 2009-04-30 22:02:00 ----A---- C:\WINDOWS\system32\nvapi.dll 2009-04-30 22:02:00 ----A---- C:\WINDOWS\system32\nv4_disp.dll 2009-04-29 06:45:44 ----A---- C:\WINDOWS\system32\wininet.dll 2009-04-29 06:45:43 ----A---- C:\WINDOWS\system32\webcheck.dll 2009-04-29 06:45:43 ----A---- C:\WINDOWS\system32\urlmon.dll 2009-04-29 06:45:43 ----A---- C:\WINDOWS\system32\url.dll 2009-04-29 06:45:42 ----N---- C:\WINDOWS\system32\occache.dll 2009-04-29 06:45:42 ----N---- C:\WINDOWS\system32\mstime.dll 2009-04-29 06:45:42 ----N---- C:\WINDOWS\system32\msrating.dll 2009-04-29 06:45:42 ----N---- C:\WINDOWS\system32\mshtmled.dll 2009-04-29 06:45:42 ----A---- C:\WINDOWS\system32\pngfilt.dll 2009-04-29 06:45:41 ----A---- C:\WINDOWS\system32\mshtml.dll 2009-04-29 06:45:40 ----A---- C:\WINDOWS\system32\msfeedsbs.dll 2009-04-29 06:45:40 ----A---- C:\WINDOWS\system32\msfeeds.dll 2009-04-29 06:45:39 ----N---- C:\WINDOWS\system32\jsproxy.dll 2009-04-29 06:45:38 ----N---- C:\WINDOWS\system32\iernonce.dll 2009-04-29 06:45:38 ----A---- C:\WINDOWS\system32\iertutil.dll 2009-04-29 06:45:38 ----A---- C:\WINDOWS\system32\ieframe.dll 2009-04-29 06:45:36 ----A---- C:\WINDOWS\system32\ieencode.dll 2009-04-29 06:45:35 ----N---- C:\WINDOWS\system32\iedkcs32.dll 2009-04-29 06:45:35 ----N---- C:\WINDOWS\system32\ieaksie.dll 2009-04-29 06:45:35 ----N---- C:\WINDOWS\system32\ieakeng.dll 2009-04-29 06:45:35 ----N---- C:\WINDOWS\system32\extmgr.dll 2009-04-29 06:45:35 ----A---- C:\WINDOWS\system32\ieapfltr.dll 2009-04-29 06:45:35 ----A---- C:\WINDOWS\system32\icardie.dll 2009-04-29 06:45:34 ----A---- C:\WINDOWS\system32\dxtrans.dll 2009-04-29 06:45:34 ----A---- C:\WINDOWS\system32\dxtmsft.dll 2009-04-29 06:45:34 ----A---- C:\WINDOWS\system32\advpack.dll 2009-04-28 11:06:24 ----N---- C:\WINDOWS\system32\ie4uinit.exe 2009-04-28 11:06:24 ----A---- C:\WINDOWS\system32\ieudinit.exe 2009-04-27 00:42:48 ----A---- C:\WINDOWS\system32\NVUNINST.EXE 2009-04-25 07:26:23 ----N---- C:\WINDOWS\system32\ieakui.dll 2009-04-20 17:44:37 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-04-17 22:53:32 ----D---- C:\WINDOWS\system32\wbem 2009-04-17 22:53:31 ----D---- C:\WINDOWS\AppPatch 2009-04-15 16:53:29 ----A---- C:\WINDOWS\system32\rpcrt4.dll 2009-04-11 09:59:29 ----D---- C:\Program Files\Java 2009-03-22 22:12:00 ----D---- C:\Documents and Settings\HP_Propriétaire\Application Data\teamspeak2 2009-03-21 16:07:58 ----A---- C:\WINDOWS\system32\kernel32.dll 2009-03-18 21:34:36 ----D---- C:\Documents and Settings\HP_Propriétaire\Application Data\Apple Computer ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944] R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768] R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576] R1 podmenadrv;podmenadrv; \??\C:\Program Files\podmena\podmena.sys [] R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560] R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032] R3 3xHybrid;3xHybrid service; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-07-20 2786176] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2009-01-15 23848] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120] R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496] R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-06-09 3160576] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-04-30 8055584] R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-07-04 26624] R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496] R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [] S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [] S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 HdAudAddService;Pilote de fonction Microsoft UAA pour Service High Definition Audio; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-08 145920] S3 ltmodem5;LT Modem Driver; C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys [2004-08-04 607452] S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-11-24 611664] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2005-07-25 53248] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-05-01 168004] R2 podmena;podmena; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-03-12 656168] S2 a2AntiMalware;a-squared Anti-Malware Service; C:\Program Files\a-squared Anti-Malware\a2service.exe [] S2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752] S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680] S2 hkmsvcwscsvc;Service Gestion des clés et des certificats d'intégrité hkmsvcwscsvc; C:\WINDOWS\system32\advapi32z.exe [2009-06-03 51712] S2 websrvx;websrvx; C:\Program Files\websrvx\websrvx.exe [2009-06-16 12800] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040] S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800] S3 getPlus® Helper;getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] -----------------EOF-----------------
  15. Aioros
    Je reviens vers vous pour un problème certainement de virus malgré le fait d'avoir installé antivir Mon problème est simple, j'effectue une recherche sur google et en cliquant sur le lien d'un site je suis redirigé sur d'autres sites...souvent des moteurs de recherches ou des sites de dictionnaires, ... Lors de la redirection l'adresse suivante s'affiche quelques instants dans ma barre "http://successfullytowork.net/?q=programme%20tv" en tapant comme recherche programme tv. J'ai également constaté que mon antivirus n'était plus actif. Je peux effectuer des scans mais il ne se trouve plus dans ma barre des programmes actifs en bas a droite de mon écran. Je suppose que tout cela est lié. Dans l'attente d'une réponse et d'une aide de votre part.
×
×
  • Créer...