ero-sennin

voila Lien CJoint.com AKErsOnjsjm

D autant plus que la personne a qui appartient le pc paye ce parefeu 20€ par moi je trouve cela enorme!merci pr tes infos

Ok je vais faire ca, il y a aussi le "firewall antivirus" pensez vous que celui ci puisse posé des problemes? Juste pour ma culture perso y a rien de particulier dans le rapport zhp diag? Le firewall antivirus d orange j ai oublie de preciser

A ok J'ai pas fais attention. Je me demmande si les produit orange ne foute pas le bordel, internet fonctionne 5 min puis apres les pages ne s'affiche plus ou sont longue

Non c’était juste pour le scan navilog je vais quand meme attendre confirmation du chef.

Voila j'ai trouvé le souci, un probleme d'association de fichier bat..... voila le log : http://cjoint.com/?AKCss5D6Nvx Merci

Merci de ta reponse, Alors entre temps j'ai reussi a démarrer en mode normal,j'ai désactivé Babilon toolBar au dem. j'ai aussi passé ad-remover voila les 2 rapports: Lien CJoint.com 3KBvMZhkE8x Lien CJoint.com 3KBvOedt3oU je n'arrive pas a lancer navilog il m'ouvre la page téléchargement de IE je n'ai pas Connexion secondaire dans les services, de plus je n'ai pas accès a certain sites genre zebulon....

Bonjour, Je dois réparer un Pc qui m'a l'air infecté, bien sur les dvd de restauration non pas été fait! Les symptômes sont: -plus de connexion internet enfin la wifi est connecté mais impossible d'aller sur internet. -Le pc est lent en mode normal -des PUP et autre logiciels louche... Voici le liens pour le rapport zhpDiag Lien CJoint.com 0KBpwt1oglL je l'ai fais en mode sans échec car celui ci se bloque en mode normal. voici les actions précédente: adwcleaner et MBAM dont voici les log: Lien CJoint.com 0KBpDDZyX7Y et Lien CJoint.com 0KBpEZu9ULP Merci de votre aide.

Tu pense que c'est bon que le pc est sains? Au passage cool le gestionnaire de mot de passe je suis convaincu. Encore merci pour le temp que tj a passer sur mon cas et de ton efficacité

c bon j'ai reussi a mettre a jour

J'ai essayer tes vérifications mais j'ai du mal à mettre java à jour, il me dit qu'un programme est ouvert et qu'il doit le fermer, je clic sur oui et il redémarre "explorer".

Écoute il va bien pas de souci particulier. pour avira il m'a trouvé ça lors d'un scan planifié je pense. c'est cet entrée qui me semblait bizarre je vais refaire un scan. j'ai lu sur ton site que tu déconseille antivir mois il ne m'a pas installé de toolbar.Que conseille tu a la place? Pour ton gestionnaire de mot de passe, ça m'a l'air intéressant mais comment fais tu si tu veut te connecté depuis un autre PC?

Bonjour, effectivement le scan fu long. par contre je n'ai pas vu le bonton export mais eset n'a rien trouvé voici le log que j'ai trouvé: ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6427 # api_version=3.0.2 # EOSSerial=836e8b78a340ff468293c54f51a6624b # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-06-27 04:15:32 # local_time=2011-06-27 06:15:32 (+0100, Paris, Madrid (heure d'été)) # country="France" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 526092 526092 0 0 # compatibility_mode=768 16777215 100 0 101449243 101449243 0 0 # compatibility_mode=1797 16775125 100 93 154455 43334774 5737 0 # compatibility_mode=8192 67108863 100 0 140 140 0 0 # scanned=185920 # found=0 # cleaned=0 # scan_time=16010 je ne sais pas si ca va?

Bonjour alors voila pour zhpfix Rapport de ZHPFix 1.12.3328 par Nicolas Coolman, Update du 26/06/2011 Fichier d'export Registre : Run by Administrateur at 27/06/2011 07:37:18 Windows XP Professional Service Pack 3 (Build 2600) Web site : ZHPFix Fix de rapport ========== Clé(s) du Registre ========== ERREUR Key**: Service: AMService SUPPRIME Key: Service Legacy: LEGACY_AMSERVICE ERREUR Key**: HKLM\SYSTEM\CurrentControlSet\Services\AMService ========== Valeur(s) du Registre ========== SUPPRIME RunValue: AMService SUPPRIME IFC: [FEATURE_BROWSER_EMULATION] svchost.exe ABSENT IFC: [FEATURE_BROWSER_EMULATION] svchost.exe ========== Dossier(s) ========== SUPPRIME Temporaires Windows: : 5 SUPPRIME Flash Cookies: 1 ========== Fichier(s) ========== ABSENT File: c:\windows\temp\wppkgx\setup.exe SUPPRIME Temporaires Windows: : 32 SUPPRIME Flash Cookies: 0 ========== Récapitulatif ========== 3 : Clé(s) du Registre 3 : Valeur(s) du Registre 2 : Dossier(s) 3 : Fichier(s) ========== Chemin du fichier rapport ========== C:\Program Files\ZHPDiag\ZHPFixReport.txt End of the scan je précise que je n'ai pas eu a redemmaré et que j'ai été obligé de relancé explorer.exe "à la main" a mon arrivé ce matin avira ma trouvé ca : Avira AntiVir Personal Date de création du fichier de rapport : samedi 25 juin 2011 12:00 La recherche porte sur 2825893 souches de virus. Le programme fonctionne en version intégrale illimitée. Les services en ligne sont disponibles. Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus Numéro de série : 0000149996-ADJIE-0000001 Plateforme : Windows XP Version de Windows : (Service Pack 3) [5.1.2600] Mode Boot : Démarré normalement Identifiant : SYSTEM Nom de l'ordinateur : BASCULE Informations de version : BUILD.DAT : 10.0.0.135 31823 Bytes 18/04/2011 14:35:00 AVSCAN.EXE : 10.0.4.2 442024 Bytes 28/04/2011 03:24:28 AVSCAN.DLL : 10.0.3.0 56168 Bytes 04/02/2011 11:09:07 LUKE.DLL : 10.0.3.2 104296 Bytes 04/02/2011 11:08:56 LUKERES.DLL : 10.0.0.0 13672 Bytes 04/02/2011 11:09:08 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 08:05:36 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 11:09:03 VBASE002.VDF : 7.11.3.0 1950720 Bytes 09/02/2011 19:24:04 VBASE003.VDF : 7.11.5.225 1980416 Bytes 07/04/2011 07:16:50 VBASE004.VDF : 7.11.8.178 2354176 Bytes 31/05/2011 00:54:21 VBASE005.VDF : 7.11.8.179 2048 Bytes 31/05/2011 00:54:21 VBASE006.VDF : 7.11.8.180 2048 Bytes 31/05/2011 00:54:21 VBASE007.VDF : 7.11.8.181 2048 Bytes 31/05/2011 00:54:22 VBASE008.VDF : 7.11.8.182 2048 Bytes 31/05/2011 00:54:22 VBASE009.VDF : 7.11.8.183 2048 Bytes 31/05/2011 00:54:22 VBASE010.VDF : 7.11.8.184 2048 Bytes 31/05/2011 00:54:22 VBASE011.VDF : 7.11.8.185 2048 Bytes 31/05/2011 00:54:22 VBASE012.VDF : 7.11.8.186 2048 Bytes 31/05/2011 00:54:22 VBASE013.VDF : 7.11.8.222 121856 Bytes 02/06/2011 00:54:30 VBASE014.VDF : 7.11.9.7 134656 Bytes 04/06/2011 00:54:16 VBASE015.VDF : 7.11.9.42 136192 Bytes 06/06/2011 00:54:28 VBASE016.VDF : 7.11.9.72 117248 Bytes 07/06/2011 00:54:27 VBASE017.VDF : 7.11.9.107 130560 Bytes 09/06/2011 00:54:20 VBASE018.VDF : 7.11.9.143 132096 Bytes 10/06/2011 00:54:32 VBASE019.VDF : 7.11.9.172 141824 Bytes 14/06/2011 00:54:24 VBASE020.VDF : 7.11.9.214 144896 Bytes 15/06/2011 00:54:27 VBASE021.VDF : 7.11.9.244 196608 Bytes 16/06/2011 22:19:19 VBASE022.VDF : 7.11.10.28 152576 Bytes 20/06/2011 08:12:37 VBASE023.VDF : 7.11.10.53 210432 Bytes 21/06/2011 08:12:37 VBASE024.VDF : 7.11.10.88 132096 Bytes 24/06/2011 08:12:37 VBASE025.VDF : 7.11.10.89 2048 Bytes 24/06/2011 08:12:37 VBASE026.VDF : 7.11.10.90 2048 Bytes 24/06/2011 08:12:38 VBASE027.VDF : 7.11.10.91 2048 Bytes 24/06/2011 08:12:38 VBASE028.VDF : 7.11.10.92 2048 Bytes 24/06/2011 08:12:38 VBASE029.VDF : 7.11.10.93 2048 Bytes 24/06/2011 08:12:38 VBASE030.VDF : 7.11.10.94 2048 Bytes 24/06/2011 08:12:38 VBASE031.VDF : 7.11.10.104 52224 Bytes 24/06/2011 08:12:38 Version du moteur : 8.2.5.24 AEVDF.DLL : 8.1.2.1 106868 Bytes 04/02/2011 11:08:46 AESCRIPT.DLL : 8.1.3.65 1606010 Bytes 27/05/2011 00:54:26 AESCN.DLL : 8.1.7.2 127349 Bytes 04/02/2011 11:08:45 AESBX.DLL : 8.2.1.34 323957 Bytes 02/06/2011 00:54:35 AERDL.DLL : 8.1.9.9 639347 Bytes 25/03/2011 19:35:32 AEPACK.DLL : 8.2.6.9 557429 Bytes 16/06/2011 00:54:32 AEOFFICE.DLL : 8.1.1.25 205178 Bytes 02/06/2011 00:54:35 AEHEUR.DLL : 8.1.2.132 3567992 Bytes 25/06/2011 08:12:41 AEHELP.DLL : 8.1.17.2 246135 Bytes 20/05/2011 00:54:23 AEGEN.DLL : 8.1.5.6 401780 Bytes 20/05/2011 00:54:23 AEEMU.DLL : 8.1.3.0 393589 Bytes 04/02/2011 11:08:38 AECORE.DLL : 8.1.21.1 196983 Bytes 25/05/2011 00:54:16 AEBB.DLL : 8.1.1.0 53618 Bytes 04/02/2011 11:08:37 AVWINLL.DLL : 10.0.0.0 19304 Bytes 04/02/2011 11:08:50 AVPREF.DLL : 10.0.0.0 44904 Bytes 04/02/2011 11:08:49 AVREP.DLL : 10.0.0.10 174120 Bytes 18/05/2011 00:54:31 AVREG.DLL : 10.0.3.2 53096 Bytes 04/02/2011 11:08:49 AVSCPLR.DLL : 10.0.4.2 84840 Bytes 28/04/2011 03:24:28 AVARKT.DLL : 10.0.22.6 231784 Bytes 04/02/2011 11:08:46 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 04/02/2011 11:08:48 SQLITE3.DLL : 3.6.19.0 355688 Bytes 17/06/2010 13:28:02 AVSMTP.DLL : 10.0.0.17 63848 Bytes 04/02/2011 11:08:49 NETNT.DLL : 10.0.0.0 11624 Bytes 17/06/2010 13:28:01 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 10/02/2010 23:23:03 RCTEXT.DLL : 10.0.58.0 99688 Bytes 04/02/2011 11:09:08 Configuration pour la recherche actuelle : Nom de la tâche...............................: Disques durs locaux Fichier de configuration......................: C:\Program Files\Avira\AntiVir Desktop\alldiscs.avp Documentation.................................: bas Action principale.............................: interactif Action secondaire.............................: ignorer Recherche sur les secteurs d'amorçage maître..: marche Recherche sur les secteurs d'amorçage.........: marche Secteurs d'amorçage...........................: C:, Recherche dans les programmes actifs..........: marche Recherche en cours sur l'enregistrement.......: marche Recherche de Rootkits.........................: arrêt Contrôle d'intégrité de fichiers système......: arrêt Fichier mode de recherche.....................: Sélection de fichiers intelligente Recherche sur les archives....................: marche Limiter la profondeur de récursivité..........: 20 Archive Smart Extensions......................: marche Heuristique de macrovirus.....................: marche Heuristique fichier...........................: moyen Début de la recherche : samedi 25 juin 2011 12:00 L’entrée de registre <HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr> a été supprimée. L’entrée de registre <HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools> a été supprimée. La recherche sur les processus démarrés commence : Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés Processus de recherche 'wuauclt.exe' - '1' module(s) sont contrôlés Processus de recherche 'avnotify.exe' - '1' module(s) sont contrôlés Processus de recherche 'sqlservr.exe' - '1' module(s) sont contrôlés Processus de recherche 'dllhost.exe' - '1' module(s) sont contrôlés Processus de recherche 'dllhost.exe' - '1' module(s) sont contrôlés Processus de recherche 'vssvc.exe' - '1' module(s) sont contrôlés Processus de recherche 'cli.exe' - '1' module(s) sont contrôlés Processus de recherche 'cli.exe' - '1' module(s) sont contrôlés Processus de recherche 'prowin32.exe' - '1' module(s) sont contrôlés Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés Processus de recherche 'iPodService.exe' - '1' module(s) sont contrôlés Processus de recherche 'SearchIndexer.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'sqlwriter.exe' - '1' module(s) sont contrôlés Processus de recherche 'sqlbrowser.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'daemonupd.exe' - '1' module(s) sont contrôlés Module infecté -> <C:\Documents and Settings\NetworkService\Local Settings\Application Data\NVIDIA Corporation\Update\daemonupd.exe> [RESULTAT] Contient le cheval de Troie TR/Spy.19456.228 [REMARQUE] Le processus 'daemonupd.exe' a été arrêté [REMARQUE] L’entrée de registre <HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\nvUpdService\ImagePath> a été supprimée. [REMARQUE] L’entrée de registre <HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nvUpdService\ImagePath> a été supprimée. [REMARQUE] L’entrée de registre <HKEY_LOCAL_MACHINE\System\ControlSet002\Services\nvUpdService\ImagePath> a été supprimée. [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a4ab1e1.qua' ! Processus de recherche 'NMSAccessU.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'mbamservice.exe' - '1' module(s) sont contrôlés Processus de recherche 'jqs.exe' - '1' module(s) sont contrôlés Processus de recherche 'GhostStartService.exe' - '1' module(s) sont contrôlés Processus de recherche 'avshadow.exe' - '1' module(s) sont contrôlés Processus de recherche 'mDNSResponder.exe' - '1' module(s) sont contrôlés Processus de recherche 'AppleMobileDeviceService.exe' - '1' module(s) sont contrôlés Processus de recherche 'java.exe' - '1' module(s) sont contrôlés Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés Processus de recherche 'AdmSrvc.exe' - '1' module(s) sont contrôlés Processus de recherche 'eEBSVC.exe' - '1' module(s) sont contrôlés Processus de recherche 'CNAB3RPK.EXE' - '1' module(s) sont contrôlés Processus de recherche 'WindowsSearch.exe' - '1' module(s) sont contrôlés Processus de recherche 'SuperCopier2.exe' - '1' module(s) sont contrôlés Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés Processus de recherche 'iTunesHelper.exe' - '1' module(s) sont contrôlés Processus de recherche 'jusched.exe' - '1' module(s) sont contrôlés Processus de recherche 'CLI.EXE' - '1' module(s) sont contrôlés Processus de recherche 'GhostStartTrayApp.exe' - '1' module(s) sont contrôlés Processus de recherche 'RTHDCPL.EXE' - '1' module(s) sont contrôlés Processus de recherche 'GoogleCrashHandler.exe' - '1' module(s) sont contrôlés Processus de recherche 'Explorer.EXE' - '1' module(s) sont contrôlés Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'Ati2evxx.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'Ati2evxx.exe' - '1' module(s) sont contrôlés Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés Processus de recherche 'services.exe' - '1' module(s) sont contrôlés Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés La recherche sur les secteurs d'amorçage maître commence : Secteur d'amorçage maître HD0 [iNFO] Aucun virus trouvé ! Secteur d'amorçage maître HD1 [iNFO] Aucun virus trouvé ! La recherche sur les secteurs d'amorçage commence : Secteur d'amorçage 'C:\' [iNFO] Aucun virus trouvé ! La recherche sur les renvois aux fichiers exécutables (registre) commence : Le registre a été contrôlé ( '1725' fichiers). La recherche sur les fichiers sélectionnés commence : Recherche débutant dans 'C:\' <System> Fin de la recherche : lundi 27 juin 2011 07:31 Temps nécessaire: 43:30:50 Heure(s) La recherche a été interrompue ! 34 Les répertoires ont été contrôlés 3028 Des fichiers ont été contrôlés 1 Des virus ou programmes indésirables ont été trouvés 0 Des fichiers ont été classés comme suspects 0 Des fichiers ont été supprimés 0 Des virus ou programmes indésirables ont été réparés 1 Les fichiers ont été déplacés dans la quarantaine 0 Les fichiers ont été renommés 0 Impossible de scanner des fichiers 3027 Fichiers non infectés 5 Les archives ont été contrôlées 0 Avertissements 1 Consignes merci

Rapport de ZHPDiag v1.27.2343 par Nicolas Coolman, Update du 22/06/2011 Run by Administrateur at 24/06/2011 13:12:02 Web site : ZHPDiag Outil de diagnostic ---\\ Web Browser MSIE: Internet Explorer v8.0.6001.18702 MFIE: Mozilla Firefox 5.0 v (Defaut) GCIE: Google Chrome v3.0.195.27 ---\\ System Information Windows XP Professional Service Pack 3 (Build 2600) Processor: x86 Family 15 Model 6 Stepping 4, GenuineIntel Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 894.1 MB (41% free) System Restore: Activé (Enable) System drive C: has 42 GB (55%) free of 75 GB ---\\ Logged in mode Computer Name: BASCULE User Name: Administrateur All Users Names: Utilisateur, SUPPORT_388945a0, HelpAssistant, ASPNET, Administrateur, Unselected Option: O45,O61,O62,O65,O66,O82 Logged in as Administrator ---\\ Environnement Variables %AppData%=C:\Documents and Settings\Administrateur\Application Data %LocalAppData%=C:\Documents and Settings\Administrateur\Local Settings\Application Data %StartMenu%=C:\Documents and Settings\Administrateur\Menu Démarrer ---\\ DOS/Devices A:\ Floppy drive, Flash card reader, USB Key (Not Inserted) C:\ Hard drive, Flash drive, Thumb drive (Free 42 Go of 75 Go) D:\ CD-ROM drive (Not Inserted) E:\ Floppy drive, Flash card reader, USB Key (Free 3 Go of 4 Go) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] DisableTaskMgr: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] DisableRegistryTools: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: OK ---\\ Recherche particulière de fichiers génériques [MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 03:34:03.) -- C:\WINDOWS\Explorer.exe [1037824] [MD5.42F5E14E33D79C236680468B1E4999F4] - (.Microsoft Corporation - Internet Extensions for Win32.) (.25/04/2011 17:06:11.) -- C:\WINDOWS\system32\wininet.dll [916480] [MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 03:34:28.) -- C:\WINDOWS\system32\Winlogon.exe [512000] [MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 19:40:30.) -- C:\WINDOWS\system32\drivers\atapi.sys [96512] [MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 20:15:53.) -- C:\WINDOWS\system32\drivers\ntfs.sys [574976] ---\\ Etat des fichiers cachés ~ Mes images (My Pictures) : 2/5 ~ Mes musiques (My Musics) : 1/6 ~ Mes Videos (My Videos) : 1/2 ~ Mes Favoris (My Favorites) : 2/23 ~ Mes Documents (My Documents) : 16/3638 ~ Mon Bureau (My Desktop) : 2/188 ~ Menu demarrer (Programs) : 6/54 ~ Dossier utilisateur (AppData) : 2/3915 ---\\ Processus lancés [MD5.C4AFF249D5CA2713CD9E83715DBAE6CE] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\WINDOWS\system32\Ati2evxx.exe [401408] [MD5.A5BCBAF0477C4869B67E0195AEA4A9CD] - (.Avira GmbH - Antivirus Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [136360] [MD5.A5F28C8E37B3D4F310F1B52F4DB4B47F] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe [140952] [MD5.33F7659872C1C2CE295FBD1754B63957] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.EXE [16248320] [MD5.43D3CAA08B2C5B491057D22915772661] - (.Symantec Corporation - Norton Ghost Start.) -- C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe [94208] [MD5.64C4C17BF6A40FF1CD21205E6FD415B8] - (.ATI Technologies Inc. - CLI Application (Command Line Interface).) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE [45056] [MD5.93DB1FF92B03D24738A71E6E4992DFD3] - (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [248552] [MD5.2DFCB2393528446AEB9FB861A8FC39AB] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [421160] [MD5.9D5E8B45BD348DF0882C69EED0E83111] - (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [281768] [MD5.F6987FF6C6D683F79FDCE707B071A997] - (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe [955392] [MD5.AD64BA3A75821E03C0049C7C20A90C99] - (.CANON INC. - Canon Advanced Printing Technology RPC Serv.) -- C:\WINDOWS\system32\CNAB3RPK.EXE [63112] [MD5.A0FB385B6281D694F8930C2EF85C453E] - (.SEIKO EPSON CORPORATION - eEBAPI Core Process module.) -- C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe [90112] [MD5.9E55BE76FD60425608D6CF433EEF7D5A] - (...) -- C:\Program Files\PROGRESS\bin\AdmSrvc.exe [20480] [MD5.62F7FD637CE42ADDA3748E1B6E8780D2] - (.Avira GmbH - Antivirus On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [269480] [MD5.5CD99ED69406C713F40EDEDB2E93B96F] - (...) -- C:\Program Files\PROGRESS\jre\bin\java.exe [20542] [MD5.018857EAD9A077A56AEDFC0E5EF7A24A] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe [37664] [MD5.F832F1505AD8B83474BD9A5B1B985E01] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [345376] [MD5.CDE000884FD7BAF0C1FDFE029B0891DE] - (.Avira GmbH - AntiVir shadow copy service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [76968] [MD5.BC9C77FAC763D84BFDF09B55D4B41AFA] - (.Symantec Corporation - Norton Ghost Start.) -- C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe [200704] [MD5.E4AE0CBC0B55A5FAA6996E38CE6C981B] - (.Oracle - Java Quick Starter Service.) -- C:\Program Files\Java\jre6\bin\jqs.exe [153376] [MD5.EC60491A5FF57700F10FE0403F7DCAD4] - (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [366640] [MD5.FD306FBCCE7ADB1077B709742E7148E9] - (...) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096] [MD5.83D4D1B5834E9EFC546461F728861018] - (...) -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\NVIDIA Corporation\Update\daemonupd.exe [19456] [MD5.D2F4F32B59440011174B4F8137AF4E0C] - (.Microsoft Corporation - SQL Server VSS Writer.) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [87904] [MD5.0CA8C2E721617AA2F923A8151C96FB33] - (.Apple Inc. - iPodService Module (32-bit).) -- C:\Program Files\iPod\bin\iPodService.exe [820008] [MD5.83359E96CB692787E555DA6A98B0832B] - (...) -- C:\Program Files\PROGRESS\bin\prowin32.exe [19592] [MD5.5A4DA252B2C0550AB83D129C02CF6C19] - (.Microsoft Corporation - Service de cliché instantané de volumes Mic.) -- C:\WINDOWS\System32\vssvc.exe [295424] [MD5.0DAD93BB0FECF5016AE3C06CBB0A873B] - (.Microsoft Corporation - COM Surrogate.) -- C:\WINDOWS\system32\dllhost.exe [5120] [MD5.3146161FDD10943C81E49ACF3E2ACBE9] - (.Microsoft Corporation - NTVDM.EXE.) -- C:\WINDOWS\system32\ntvdm.exe [421888] [MD5.AD09A367BF5EDAF9FEBC141668B3E1C1] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [660480] [MD5.16190230DB16E8E6155E21ABD1E6AEC9] - (.Mozilla Messaging - Thunderbird.) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe [12594352] ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\75rakxfh.default\prefs.js M3 - MFPP: Plugins - [Administrateur] -- C:\Program Files\Mozilla FireFox\searchplugins\amazon-france.xml M3 - MFPP: Plugins - [Administrateur] -- C:\Program Files\Mozilla FireFox\searchplugins\bing.xml M3 - MFPP: Plugins - [Administrateur] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml M3 - MFPP: Plugins - [Administrateur] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-france.xml M3 - MFPP: Plugins - [Administrateur] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml M3 - MFPP: Plugins - [Administrateur] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml M3 - MFPP: Plugins - [Administrateur] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-france.xml P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems, Inc. - Adobe Shockwave for Director Netscape plug-in, version 11.0.) -- C:\Program Files\Mozilla Firefox\Plugins\np32dsw.dll P2 - FPN:Firefox Plugin Navigator . (.Oracle - NPRuntime Script Plug-in Library for Java Deploy.) -- C:\Program Files\Mozilla Firefox\Plugins\npdeployJava1.dll P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape "9.4.5".) -- C:\Program Files\Mozilla Firefox\Plugins\nppdf32.dll P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin.dll P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin2.dll P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin3.dll P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin4.dll P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin5.dll P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin6.dll P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin7.dll P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll P2 - FPN: [HKLM] [@adobe.com/ShockwavePlayer] - (.Adobe Systems, Inc. - Adobe Shockwave for Director Netscape plug-in, version 11.0.) -- C:\WINDOWS\system32\Adobe\Director\np32dsw.dll P2 - FPN: [HKLM] [@Apple.com/iTunes,version=1.0] - (...) -- C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll P2 - FPN: [HKLM] [@Google.com/GoogleEarthPlugin] - (.Google - GEPlugin.) -- C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Oracle - Next Generation Java Plug-in 1.6.0_21 for Mozilla browsers.) -- C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.60531.0.) -- c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=14.0.8081.0709] - (.Microsoft Corporation - NPWLPG.) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll P2 - FPN: [HKLM] [Adobe Reader] - (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape "9.4.5".) -- C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll P2 - FPN: [HKCU] [@adobe.com/FlashPlayer] - (...) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=8] - (.Google Inc. - Google Update.) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll M0 - MFSP: prefs.js [Administrateur - 75rakxfh.default] Google Actualités M2 - MFEP: prefs.js [Administrateur - 75rakxfh.default\plugin@yontoo.com] [] Yontoo Layers v1.20.00 (.Yontoo LLC.) M2 - MFEP: prefs.js [Administrateur - 75rakxfh.default\{20a82645-c095-46ed-80e3-08825760534b}] [MicrosoftCG] Microsoft .NET Framework Assistant v1.2.1 (.Microsoft.) ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences G1 - GCS: Preference [user Data\Default] None G0 - GCSP: Preference [user Data\Default][HomePage] Google Actualités ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport R0 - HKUS\S-1-5-21-1002427806-3131019563-1079468491-500\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Microsoft Corporation R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Microsoft Corporation R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Microsoft Corporation R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Search Microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Microsoft Corporation R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.19072 (longhorn_ie8_gdr.110420-1700)) -- C:\WINDOWS\system32\ieframe.dll R3 - URLSearchHook: Audacity-tools Toolbar - {d0b1518e-3e45-4d16-a23b-4d90ef938e44} . (.Conduit Ltd. - Conduit Toolbar.) (6.3.2.0) -- C:\Program Files\Audacity-tools\prxtbAud0.dll R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 1 ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ---\\ ---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe, F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} Clé orpheline O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Audacity-tools - {d0b1518e-3e45-4d16-a23b-4d90ef938e44} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Audacity-tools\prxtbAud0.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Oracle - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} . (.Oracle - Java Quick Starter binary.) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: Audacity-tools Toolbar - {d0b1518e-3e45-4d16-a23b-4d90ef938e44} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Audacity-tools\prxtbAud0.dll ---\\ ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe O4 - HKLM\..\Run: [skyTel] . (.Realtek Semiconductor Corp. - Realtek Voice Manager.) -- C:\WINDOWS\SkyTel.exe O4 - HKLM\..\Run: [Alcmtr] . (.Realtek Semiconductor Corp. - Realtek Azalia Audio - Event Monitor.) -- C:\WINDOWS\ALCMTR.exe O4 - HKLM\..\Run: [ATICCC] . (...) -- C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe O4 - HKLM\..\Run: [GhostStartTrayApp] . (.Symantec Corporation - Norton Ghost Start.) -- C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe O4 - HKLM\..\Run: [iMJPMIG8.1] . (.Microsoft Corporation - Microsoft IME.) -- C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe O4 - HKLM\..\Run: [iMEKRMIG6.1] . (.Microsoft Corporation - Microsoft Korean IME 2002.) -- C:\WINDOWS\ime\imkr6_1\IMEKRMIG.exe O4 - HKLM\..\Run: [MSPY2002] . (...) -- C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe O4 - HKLM\..\Run: [PHIME2002ASync] . (.Microsoft Corporation - ???????? 2002a.) -- C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe O4 - HKLM\..\Run: [PHIME2002A] . (.Microsoft Corporation - ???????? 2002a.) -- C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe O4 - HKLM\..\Run: [KernelFaultCheck] Clé orpheline O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [avgnt] . (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [superCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] . (.Microsoft Corporation - Watson Subscriber for SENS Network Notifica.) -- C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe O4 - HKUS\S-1-5-18\..\Run: [AMService] C:\WINDOWS\TEMP\wppkgx\setup.exe (.not file.) O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] . (.Microsoft Corporation - Watson Subscriber for SENS Network Notifica.) -- C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe O4 - HKUS\S-1-5-18\..\Run: [AMService] C:\WINDOWS\TEMP\wppkgx\setup.exe (.not file.) O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-21-1002427806-3131019563-1079468491-500\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-1002427806-3131019563-1079468491-500\..\Run: [superCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Démarrage\EPSON Status Monitor 3 Environment Check 2.lnk . (.SEIKO EPSON CORPORATION.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe ---\\ ---\\ Autres liens utilisateurs (O4) O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Adobe Reader 9.lnk . (...) -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-A94000000001}\SC_Reader.ico O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Apple Software Update.lnk . (...) -- C:\WINDOWS\Installer\{C41300B9-185D-475E-BFEC-39EF732F19B1}\AppleSoftwareUpdateIco.exe O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Inkscape.lnk . (.inkscape.org.) -- C:\Program Files\Inkscape\inkscape.exe O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files\Mozilla Firefox\firefox.exe O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Safari.lnk . (...) -- C:\WINDOWS\Installer\{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}\SafariIco.exe O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Symantec pcAnywhere.LNK . (.Symantec Corporation.) -- C:\Program Files\Symantec\pcAnywhere\winaw32.exe O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Windows Movie Maker.lnk . (.Microsoft Corporation.) -- C:\Program Files\Movie Maker\moviemk.exe O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Windows Search.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe O4 - Global Startup: C:\Documents And Settings\Administrateur\Menu Démarrer\Programmes\Assistance à distance.lnk . (.Microsoft Corporation.) -- C:\WINDOWS\system32\rcimlby.exe O4 - Global Startup: C:\Documents And Settings\Administrateur\Menu Démarrer\Programmes\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - Global Startup: C:\Documents And Settings\Administrateur\Menu Démarrer\Programmes\Outlook Express.lnk . (.Microsoft Corporation.) -- C:\Program Files\Outlook Express\msimn.exe O4 - Global Startup: C:\Documents And Settings\Administrateur\Menu Démarrer\Programmes\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: PokerStars.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} -- C:\Program Files\PokerStars.FR\main.ico (.not file.) O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- C:\Program Files\PokerStars.FR\main.ico (.not file.) O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe ---\\ Winsock hijacker (Layered Service Provider) (O10) O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll O10 - WLSP:\000000000004\Winsock LSP File . (.Apple Inc. - Bonjour Namespace Provider.) -- C:\Program Files\Bonjour\mdnsNSP.dll ---\\ Piratage de l'Option 'Rétablir les paramètres Web' (O14) O14 - IERESET.INF: START_PAGE_URL=START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: Microsoft XML Parser for Java - (Microsoft XML Parser for Java) - (.not file.) - C:\WINDOWS\Java\classes\xmldso.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1207725063500 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1211262261125 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{8C696093-235E-4402-ADA6-32B632AF437F}: DhcpNameServer = 212.27.40.240 212.27.40.241 O17 - HKLM\System\CS1\Services\Tcpip\..\{8C696093-235E-4402-ADA6-32B632AF437F}: DhcpNameServer = 212.27.40.240 212.27.40.241 O17 - HKLM\System\CS2\Services\Tcpip\..\{8C696093-235E-4402-ADA6-32B632AF437F}: DhcpNameServer = 212.27.40.240 212.27.40.241 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241 ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) -- C:\Windows\System32\Ati2evxx.dll O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\Windows\System32\crypt32.dll O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\Windows\System32\cryptnet.dll O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\Windows\System32\cscdll.dll O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\System32\dimsntfy.dll O20 - Winlogon Notify: PCANotify . (.Symantec Corporation - Winlogon Notification package.) -- C:\Windows\System32\PCANotify.dll O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\Windows\System32\sclgntfy.dll O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\WlNotify.dll O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notifications Windows Genuine Advantage.) -- C:\Windows\System32\WgaLogon.dll O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objet du service d'environnement Systray.) -- C:\WINDOWS\system32\stobject.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} . (.Microsoft Corporation - Windows Portable Device Shell Service Objec.) -- C:\WINDOWS\system32\WPDShServiceObj.dll O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} . (.Microsoft Corporation - Moniteur et dossier UPNP Tray.) -- C:\WINDOWS\system32\upnpui.dll ---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22) O22 - SharedTaskScheduler: (no name) - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: AdminService for PROGRESS 9.1D (AdminService9.1D) . (...) - C:\Program Files\PROGRESS\bin\AdmSrvc.exe O23 - Service: AMService (AMService) . (...) - C:\WINDOWS\TEMP\wppkgx\setup.exe (.not file.) O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) . (.Avira GmbH - Antivirus Scheduler.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) . (.Avira GmbH - Antivirus On-Access Service.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device (Apple Mobile Device) . (.Apple Inc. - MobileDeviceService.) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: (Ati HotKey Poller) . (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Service Bonjour (Bonjour Service) . (.Apple Inc. - Bonjour Service.) - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: EpsonBidirectionalService (EpsonBidirectionalService) . (.SEIKO EPSON CORPORATION - eEBAPI Core Process module.) - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe O23 - Service: GhostStartService (GhostStartService) . (.Symantec Corporation - Norton Ghost Start.) - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe O23 - Service: Service Google Update (gupdate1c9a8607c225e66) (gupdate1c9a8607c225e66) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) . (.Oracle - Java Quick Starter Service.) - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: (MBAMService) . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NMSAccessU (NMSAccessU) . (...) - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Update Service (nvUpdService) . (...) - C:\Documents and Settings\NetworkService\Local Settings\Application Data\NVIDIA Corporation\Update\daemonupd.exe ---\\ Enumération Active Desktop & MHTML Editor (O24) O24 - Default MHTML Editor: Last - .(...) - (.not file.) ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\User_Feed_Synchronization-{E9AEF152-64B6-4746-A11D-B5CF6BC46F63}.job [MD5.626A24ED1228580B9518C01930936DF9] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe [MD5.626A24ED1228580B9518C01930936DF9] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe ---\\ Pilotes lancés au démarrage (O41) O41 - Driver: (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\WINDOWS\system32\drivers\afd.sys O41 - Driver: (avgio) . (.Avira GmbH - Avira AntiVir Support for Minifilter.) - C:\Program Files\Avira\AntiVir Desktop\avgio.sys O41 - Driver: (avipbb) . (.Avira GmbH - Avira Driver for Security Enhancement.) - C:\WINDOWS\System32\DRIVERS\avipbb.sys O41 - Driver: (awlegacy) . (.Symantec Corporation - pcAnywhere Legacy Driver.) - C:\WINDOWS\system32\Drivers\awlegacy.sys O41 - Driver: (AW_HOST) . (.Symantec Corporation - pcAnywhere Host Driver for Windows 2000.) - C:\WINDOWS\System32\drivers\aw_host5.sys O41 - Driver: (Cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\WINDOWS\System32\DRIVERS\cdrom.sys O41 - Driver: (GhPciScan) . (.Symantec Corporation - Symantec Ghost PCI Scanner Kernal Mode Driv.) - C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys O41 - Driver: (i8042prt) . (.Microsoft Corporation - Pilote de port i8042.) - C:\WINDOWS\System32\DRIVERS\i8042prt.sys O41 - Driver: (Imapi) . (.Microsoft Corporation - IMAPI Kernel Driver.) - C:\WINDOWS\System32\DRIVERS\imapi.sys O41 - Driver: (intelppm) . (.Microsoft Corporation - Pilote de périphérique processeur.) - C:\WINDOWS\System32\DRIVERS\intelppm.sys O41 - Driver: (IPSec) . (.Microsoft Corporation - IPSec Driver.) - C:\WINDOWS\System32\DRIVERS\ipsec.sys O41 - Driver: (Kbdclass) . (.Microsoft Corporation - Pilote de la classe Clavier.) - C:\WINDOWS\System32\DRIVERS\kbdclass.sys O41 - Driver: (kbdhid) . (.Microsoft Corporation - Pilote de filtre souris HID.) - C:\WINDOWS\System32\DRIVERS\kbdhid.sys O41 - Driver: (Mouclass) . (.Microsoft Corporation - Pilote de la classe Souris.) - C:\WINDOWS\System32\DRIVERS\mouclass.sys O41 - Driver: (MRxSmb) . (.Microsoft Corporation - Windows NT SMB Minirdr.) - C:\WINDOWS\System32\DRIVERS\mrxsmb.sys O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\WINDOWS\System32\DRIVERS\netbios.sys O41 - Driver: (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\WINDOWS\System32\DRIVERS\netbt.sys O41 - Driver: (oxpar) . (.OEM - OXPCI Parallel Port Driver.) - C:\WINDOWS\System32\DRIVERS\oxpar.sys O41 - Driver: (P3) . (.Microsoft Corporation - Pilote de périphérique processeur.) - C:\WINDOWS\System32\DRIVERS\p3.sys O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\WINDOWS\System32\DRIVERS\rasacd.sys O41 - Driver: (Rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\WINDOWS\System32\DRIVERS\rdbss.sys O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\WINDOWS\System32\DRIVERS\RDPCDD.sys O41 - Driver: (redbook) . (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) - C:\WINDOWS\System32\DRIVERS\redbook.sys O41 - Driver: (Serial) . (.Microsoft Corporation - Pilote de périphérique série.) - C:\WINDOWS\System32\DRIVERS\serial.sys O41 - Driver: (ssmdrv) . (.Avira GmbH - AVIRA SnapShot Driver.) - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys O41 - Driver: (Tcpip) . (.Microsoft Corporation - TCP/IP Protocol Driver.) - C:\WINDOWS\System32\DRIVERS\tcpip.sys O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\WINDOWS\System32\DRIVERS\termdd.sys O41 - Driver: Carte vidéo VGA. (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\WINDOWS\system32\drivers\vga.sys ---\\ Logiciels installés (O42) O42 - Logiciel: "GNU gdb 5.2.1" - (.MinGW.) [HKLM] -- SOURCE-NAVIGATOR_is1 O42 - Logiciel: 7-Zip 4.57 - (.Pas de propriétaire.) [HKLM] -- 7-Zip O42 - Logiciel: ATI Catalyst Control Center - (.Pas de propriétaire.) [HKLM] -- {6D95960A-1DA7-43D2-AE9B-17CAFE20C6A5} O42 - Logiciel: ATI Display Driver - (.Pas de propriétaire.) [HKLM] -- ATI Display Driver O42 - Logiciel: ActivePerl 5.8.9 Build 827 - (.ActiveState.) [HKLM] -- {7AC5676E-F31F-4D1F-817F-1D313AE67928} O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin O42 - Logiciel: Adobe Flash Player ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX O42 - Logiciel: Adobe Reader 9.4.5 - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-A94000000001} O42 - Logiciel: Adobe Shockwave Player - (.Adobe Systems, Inc..) [HKLM] -- Adobe Shockwave Player O42 - Logiciel: Advanced Port Scanner v1.3 - (.Pas de propriétaire.) [HKLM] -- Advanced Port Scanner v1.3 O42 - Logiciel: Analyseur MSXML 6.0 - (.Microsoft Corporation.) [HKLM] -- {5903C48B-E953-47B8-A651-B9222C483057} O42 - Logiciel: Apple Application Support - (.Apple Inc..) [HKLM] -- {EE6097DD-05F4-4178-9719-D3170BF098E8} O42 - Logiciel: Apple Mobile Device Support - (.Apple Inc..) [HKLM] -- {308B6AEA-DE50-4666-996D-0FA461719D6B} O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM] -- {C41300B9-185D-475E-BFEC-39EF732F19B1} O42 - Logiciel: Assistant de connexion Windows Live - (.Microsoft Corporation.) [HKLM] -- {D3116CC7-24DC-4CA3-9CE1-23FED836E9F2} O42 - Logiciel: Audacity-tools Toolbar - (.Pas de propriétaire.) [HKLM] -- Audacity-tools Toolbar O42 - Logiciel: Avira AntiVir Personal - Free Antivirus - (.Avira GmbH.) [HKLM] -- Avira AntiVir Desktop O42 - Logiciel: Bonjour - (.Apple Inc..) [HKLM] -- {2A981294-F14C-4F0F-9627-D793270922F8} O42 - Logiciel: CCleaner (remove only) - (.Piriform.) [HKLM] -- CCleaner O42 - Logiciel: CDBurnerXP - (.CDBurnerXP.) [HKLM] -- {7E265513-8CDA-4631-B696-F40D983F3B07}_is1 O42 - Logiciel: Canon LBP3000 - (.Pas de propriétaire.) [HKLM] -- Canon LBP3000 O42 - Logiciel: Chinese Traditional Fonts Support For Adobe Reader 9 - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-2448-0000-900000000003} O42 - Logiciel: CodeBlocks - (.The Code::Blocks Team.) [HKCU] -- CodeBlocks O42 - Logiciel: Debugging Tools for Windows (x86) - (.Microsoft Corporation.) [HKLM] -- {300A2961-B2B5-4889-9CB9-5C2A570D08AD} O42 - Logiciel: EPSON Logiciel imprimante - (.Pas de propriétaire.) [HKLM] -- EPSON Printer and Utilities O42 - Logiciel: Fichiers de prise en charge de l'installation de Microsoft SQL Server (Français) - (.Microsoft Corporation.) [HKLM] -- {3380F354-C5F7-4E71-8F51-EEE6C3F06C62} O42 - Logiciel: GDR 4053 for SQL Server Database Services 2005 ENU (KB970892) - (.Microsoft Corporation.) [HKLM] -- KB970892_SQL9 O42 - Logiciel: GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892) - (.Microsoft Corporation.) [HKLM] -- KB970892_SQLTools9 O42 - Logiciel: GIMP 2.6.10 - (.The GIMP Team.) [HKLM] -- WinGimp-2.0_is1 O42 - Logiciel: Galerie de photos Windows Live - (.Microsoft Corporation.) [HKLM] -- {B131E59D-202C-43C6-84C9-68F0C37541F1} O42 - Logiciel: Google Chrome - (.Google Inc..) [HKCU] -- Google Chrome O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} O42 - Logiciel: Google Earth - (.Google.) [HKLM] -- {B3FED300-806C-11E0-A0D0-B8AC6F97B88E} O42 - Logiciel: Guide d'utilisation LX300+II_LX1170II - (.Pas de propriétaire.) [HKLM] -- Guide d'utilisation LX300+II_LX1170II O42 - Logiciel: High Definition Audio - KB888111 - (.Microsoft Corporation.) [HKLM] -- KB888111WXPSP2 O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595 O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484 O42 - Logiciel: Hotfix for Windows Media Format 11 SDK (KB929399) - (.Microsoft Corporation.) [HKLM] -- KB929399 O42 - Logiciel: Hotfix for Windows Media Format SDK (KB902344) - (.Microsoft Corporation.) [HKLM] -- KB902344 O42 - Logiciel: Hotfix for Windows XP (KB915800-v4) - (.Microsoft Corporation.) [HKLM] -- KB915800-v4 O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM] -- KB954550-v5 O42 - Logiciel: Hotfix for Windows XP (KB976002-v5) - (.Microsoft Corporation.) [HKLM] -- KB976002-v5 O42 - Logiciel: INEDI Version 4.00 - (.Pas de propriétaire.) [HKLM] -- INEDI400 O42 - Logiciel: ImgBurn 2.3.2.0 Fr - (.Pas de propriétaire.) [HKLM] -- {75ADEFA2-D4FF-4B37-9E93-4306E6AC176B}_is1 O42 - Logiciel: Inkscape 0.47 - (.Pas de propriétaire.) [HKLM] -- Inkscape O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite_Wave3 O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- {46ABBC54-1872-4AA3-95E2-F2C063A63F31} O42 - Logiciel: Java 6 Update 18 - (.Sun Microsystems, Inc..) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216018F0} O42 - Logiciel: Java 6 Update 21 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216021FF} O42 - Logiciel: Lecteur Windows Media 11 - (.Pas de propriétaire.) [HKLM] -- Windows Media Player O42 - Logiciel: LibreOffice 3.3 - (.LibreOffice.) [HKLM] -- {CEE2613D-3B53-4447-BA2D-E88C08272581} O42 - Logiciel: LiveReg (Symantec Corporation) - (.Symantec Corporation.) [HKLM] -- LiveReg O42 - Logiciel: LiveUpdate 1.80 (Symantec Corporation) - (.Symantec Corporation.) [HKLM] -- LiveUpdate O42 - Logiciel: MSDN Library pour les éditions Microsoft Visual Studio 2008 Express - (.Microsoft Corporation.) [HKLM] -- MSDN Library for Microsoft Visual Studio 2008 Express Editions O42 - Logiciel: MSVC80_x86_v2 - (.Nokia.) [HKLM] -- {6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6} O42 - Logiciel: MSVC90_x86 - (.Nokia.) [HKLM] -- {AF111648-99A1-453E-81DD-80DBBF6DAD0D} O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {22B775E7-6C42-4FC5-8E10-9A5E3257BD94} O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71} O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC} O42 - Logiciel: Malwarebytes' Anti-Malware version 1.51.0.1200 - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1 O42 - Logiciel: Messenger Plus! Live - (.Patchou.) [HKLM] -- Messenger Plus! Live O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Microsoft.) [HKLM] -- {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Pas de propriétaire.) [HKLM] -- Microsoft .NET Framework 1.1 (1033) O42 - Logiciel: Microsoft .NET Framework 1.1 French Language Pack - (.Microsoft.) [HKLM] -- {9A394342-4A68-4EBA-85A6-55B559F4E700} O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB2416447) - (.Pas de propriétaire.) [HKLM] -- M2416447 O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB979906) - (.Pas de propriétaire.) [HKLM] -- M979906 O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA - (.Microsoft Corporation.) [HKLM] -- {72AD53CC-CCC0-3757-8480-9EE176866A7C} O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA - (.Microsoft Corporation.) [HKLM] -- {0BD83598-C2EF-3343-847B-7D2E84599128} O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack SP1 - fra - (.Microsoft Corporation.) [HKLM] -- {3E31821C-7917-367E-938E-E65FC413EA31} O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1 O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM] -- {F0E12BBA-AD66-4022-A453-A1C8A0C4D570} O42 - Logiciel: Microsoft Compression Client Pack 1.0 for Windows XP - (.Microsoft Corporation.) [HKLM] -- MSCompPackV1 O42 - Logiciel: Microsoft Document Explorer 2008 - (.Microsoft Corporation.) [HKLM] -- Microsoft Document Explorer 2008 O42 - Logiciel: Microsoft Document Explorer 2008 - (.Microsoft Corporation.) [HKLM] -- {6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D} O42 - Logiciel: Microsoft Internationalized Domain Names Mitigation APIs - (.Microsoft Corporation.) [HKLM] -- IDNMitigationAPIs O42 - Logiciel: Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 - (.Microsoft Corporation.) [HKLM] -- Wdf01007 O42 - Logiciel: Microsoft National Language Support Downlevel APIs - (.Microsoft Corporation.) [HKLM] -- NLSDownlevelMapping O42 - Logiciel: Microsoft SQL Server 2005 - (.Microsoft Corporation.) [HKLM] -- Microsoft SQL Server 2005 O42 - Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU] - (.Microsoft Corporation.) [HKLM] -- {F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} O42 - Logiciel: Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) - (.Microsoft Corporation.) [HKLM] -- {480DBB60-F0B6-45F2-B26F-1A2E11197791} O42 - Logiciel: Microsoft SQL Server 2005 Tools Express Edition - (.Microsoft Corporation.) [HKLM] -- {3F59A7E0-BC01-4435-9E93-C7D7015C21DA} O42 - Logiciel: Microsoft SQL Server Native Client - (.Microsoft Corporation.) [HKLM] -- {1E2DA2E2-ABCD-461E-AD01-3D85D61DE5F6} O42 - Logiciel: Microsoft SQL Server VSS Writer - (.Microsoft Corporation.) [HKLM] -- {A30179B7-997A-4D47-AA43-57AE59A9C78B} O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} O42 - Logiciel: Microsoft User-Mode Driver Framework Feature Pack 1.5 - (.Microsoft Corporation.) [HKLM] -- Wudf01005 O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM] -- {770657D0-A123-3C07-8E44-1C83EC895118} O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {710f4c1c-cc18-4c49-8cbf-51240c89a1a2} O42 - Logiciel: Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} O42 - Logiciel: Microsoft Visual C++ 2008 Express Edition - FRA - (.Microsoft Corporation.) [HKLM] -- {15473D70-D791-3B5E-B174-2FD19EC0D017} O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 - (.Microsoft Corporation.) [HKLM] -- {86CE85E6-DBAC-3FFD-B977-E4B79F83C909} O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 - (.Microsoft Corporation.) [HKLM] -- {FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4} O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] -- {9A25302D-30C0-39D9-BD6F-21E6EC160475} O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 - (.Microsoft Corporation.) [HKLM] -- {9BE518E6-ECC6-35A9-88E4-87755C07200F} O42 - Logiciel: Microsoft Visual C++ 2008 Express - Français - (.Microsoft Corporation.) [HKLM] -- Microsoft Visual C++ 2008 Express Edition - FRA O42 - Logiciel: Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework - (.Microsoft.) [HKLM] -- {AB47EEE8-507B-331F-AA28-B7C7257F014C} O42 - Logiciel: Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 - (.Microsoft Corporation.) [HKLM] -- {07FCBED5-94C3-4F94-B9D3-360FA27C7B06} O42 - Logiciel: Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries - (.Microsoft Corporation.) [HKLM] -- {842FAF7C-50EF-4463-9B8F-6222E1384D7D} O42 - Logiciel: Microsoft Windows SDK for Windows Server 2008 (6001.18000.367) - (.Microsoft Corporation.) [HKLM] -- SDKSetup_6.0.6001.18000 O42 - Logiciel: MinGW 3.4.2 - (.MinGW Binary Package Collection.) [HKLM] -- MinGW 3.4.2 O42 - Logiciel: Module de controle - (.Pas de propriétaire.) [HKLM] -- ST6UNST #1 O42 - Logiciel: Module linguistique Microsoft .NET Framework 3.5 SP1- fra - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 Language Pack SP1 - fra O42 - Logiciel: Mozilla Firefox 5.0 (x86 fr) - (.Mozilla.) [HKLM] -- Mozilla Firefox 5.0 (x86 fr) O42 - Logiciel: Mozilla Thunderbird (3.1.10) - (.Mozilla.) [HKLM] -- Mozilla Thunderbird (3.1.10) O42 - Logiciel: Multimedia Tools - Audacity - (.Pas de propriétaire.) [HKLM] -- Multimedia Tools - Audacity O42 - Logiciel: NetMos Multi-IO Controller - (.Pas de propriétaire.) [HKLM] -- NetMos Technology O42 - Logiciel: Nokia Connectivity Cable Driver - (.Nokia.) [HKLM] -- {B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0} O42 - Logiciel: Norton Ghost - (.Symantec.) [HKLM] -- {6975E810-C92F-45F0-0BFD-187B312F10E8} O42 - Logiciel: Notepad++ - (.Pas de propriétaire.) [HKLM] -- Notepad++ O42 - Logiciel: Outil de téléchargement Windows Live - (.Microsoft Corporation.) [HKLM] -- {205C6BDD-7B73-42DE-8505-9A093F35A238} O42 - Logiciel: PC Connectivity Solution - (.Nokia.) [HKLM] -- {7397EDED-F38A-4654-B669-BF61065803D0} O42 - Logiciel: PROGRESS 9.1D - (.Pas de propriétaire.) [HKLM] -- PROGRESS 9.1D O42 - Logiciel: Package de base Microsoft de service de chiffrement pour cartes à puce - (.Microsoft Corporation.) [HKLM] -- KB909520 O42 - Logiciel: Package de pilotes Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0) - (.Nokia.) [HKLM] -- 504244733D18C8F63FF584AEB290E3904E791693 O42 - Logiciel: PokerStars.fr - (.PokerStars.fr.) [HKLM] -- PokerStars.fr O42 - Logiciel: Qt SDK 2010.02.1 - (.Nokia Corporation and/or its subsidiary(-ies).) [HKLM] -- Qt SDK 2010.02.1 - C:_Qt_2010.02.1 O42 - Logiciel: QuickPar 0.9 - (.Peter B. Clements.) [HKLM] -- QuickPar O42 - Logiciel: QuickTime - (.Apple Inc..) [HKLM] -- {E7004147-2CCA-431C-AA05-2AB166B9785D} O42 - Logiciel: REALTEK GbE & FE Ethernet PCI NIC Driver - (.Realtek.) [HKLM] -- {ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730} O42 - Logiciel: Realtek High Definition Audio Driver - (.Pas de propriétaire.) [HKLM] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} O42 - Logiciel: Safari - (.Apple Inc..) [HKLM] -- {6B9B0C6F-E5FA-4633-A640-AB98A272ECCA} O42 - Logiciel: Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2416473 O42 - Logiciel: Security Update for Windows Search 4 - KB963093 - (.Microsoft Corporation.) [HKLM] -- KB963093 O42 - Logiciel: Segoe UI - (.Microsoft Corp.) [HKLM] -- {A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} O42 - Logiciel: Sentinel System Driver 5.41.1 (32-bit) - (.Rainbow Technologies.) [HKLM] -- {5081528F-5DD5-49BA-8213-9A6A13502497} O42 - Logiciel: SuperCopier2 - (.Pas de propriétaire.) [HKLM] -- SuperCopier2 O42 - Logiciel: Symantec pcAnywhere - (.Symantec Corporation.) [HKLM] -- {D05E8183-866A-11D3-97DF-0000F8D8F2E9} O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707 O42 - Logiciel: VLC media player 0.9.9 - (.VideoLAN Team.) [HKLM] -- VLC media player O42 - Logiciel: Visual C++ 2008 x86 Runtime - (v9.0.30729) - (.Microsoft Corporation.) [HKLM] -- {F333A33D-125C-32A2-8DCE-5C5D14231E27} O42 - Logiciel: Visual C++ 2008 x86 Runtime - v9.0.30729.01 - (.Microsoft Corporation.) [HKLM] -- {F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01 O42 - Logiciel: WBFS Manager 3.0 - (.AlexDP.) [HKLM] -- WBFS Manager 3.0 O42 - Logiciel: Winamp - (.Nullsoft, Inc.) [HKLM] -- Winamp O42 - Logiciel: Windows Driver Package - Nokia Modem (02/15/2007 3.1) - (.Nokia.) [HKLM] -- 0C5EDC3653FED5B121F464339EAC12534D253B25 O42 - Logiciel: Windows Genuine Advantage Notifications (KB905474) - (.Microsoft Corporation.) [HKLM] -- WgaNotify O42 - Logiciel: Windows Genuine Advantage Validation Tool (KB892130) - (.Microsoft Corporation.) [HKLM] -- KB892130 O42 - Logiciel: Windows Genuine Advantage Validation Tool (KB892130) - (.Microsoft Corporation.) [HKLM] -- WGA O42 - Logiciel: Windows Imaging Component - (.Microsoft Corporation.) [HKLM] -- WIC O42 - Logiciel: Windows Internet Explorer 7 - (.Microsoft Corporation.) [HKLM] -- ie7 O42 - Logiciel: Windows Internet Explorer 8 - (.Microsoft Corporation.) [HKLM] -- ie8 O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM] -- {82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41} O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {3B4E636E-9D65-4D67-BA61-189800823F52} O42 - Logiciel: Windows Live FolderShare - (.Microsoft Corporation.) [HKLM] -- {2075CB0A-D26F-4DAA-B424-5079296B43BA} O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {770F1BEC-2871-4E70-B837-FB8525FFA3B1} O42 - Logiciel: Windows Media Format 11 runtime - (.Microsoft Corporation.) [HKLM] -- WMFDist11 O42 - Logiciel: Windows Media Format 11 runtime - (.Pas de propriétaire.) [HKLM] -- Windows Media Format Runtime O42 - Logiciel: Windows Media Format SDK Hotfix - KB891122 - (.Microsoft Corporation.) [HKLM] -- KB891122 O42 - Logiciel: Windows Media Player 11 - (.Microsoft Corporation.) [HKLM] -- wmp11 O42 - Logiciel: Windows PowerShell 1.0 - (.Microsoft Corporation.) [HKLM] -- KB926140-v5 O42 - Logiciel: Windows Search 4.0 - (.Microsoft Corporation.) [HKLM] -- KB940157 O42 - Logiciel: Windows XP Service Pack 3 - (.Microsoft Corporation.) [HKLM] -- Windows XP Service O42 - Logiciel: XML Paper Specification Shared Components Language Pack 1.0 - (.Microsoft Corporation.) [HKLM] -- XPSEPSCLP O42 - Logiciel: XTNi Series CPS - (.Pas de propriétaire.) [HKLM] -- {74D93360-3CA9-461A-AC56-0FDB7F46E8DA} O42 - Logiciel: adsl TV - (.adsl TV / FM.) [HKLM] -- {3AFDD2C6-8663-46B5-B195-6CEB00D44768} O42 - Logiciel: iTunes - (.Apple Inc..) [HKLM] -- {FAE36873-1941-4076-A9A5-48812B5EA0B7} ---\\ HKCU & HKLM Software Keys [HKCU\Software\7-Zip] [HKCU\Software\ACARD] [HKCU\Software\ALWIL Software] [HKCU\Software\ATI Technologies Inc.] [HKCU\Software\ATI] [HKCU\Software\Ad-Remover] [HKCU\Software\Adobe] [HKCU\Software\Alex Feinman] [HKCU\Software\AppDataLow\Software\Adobe] [HKCU\Software\AppDataLow\Software\Macromedia] [HKCU\Software\AppDataLow\Software] [HKCU\Software\AppDataLow] [HKCU\Software\Apple Computer, Inc.] [HKCU\Software\Apple Inc.] [HKCU\Software\Audacity-tools] [HKCU\Software\Audacity] [HKCU\Software\Avira] [HKCU\Software\CDBurnerXP] [HKCU\Software\Canon] [HKCU\Software\Casino] [HKCU\Software\CequenzeTech] [HKCU\Software\Classes] [HKCU\Software\Clients] [HKCU\Software\ComodoGroup] [HKCU\Software\Cygnus Solutions] [HKCU\Software\DavsCompagny] [HKCU\Software\DroidExplorer] [HKCU\Software\EPSON] [HKCU\Software\Eltima] [HKCU\Software\Famatech] [HKCU\Software\Google] [HKCU\Software\HS] [HKCU\Software\Hewlett-Packard] [HKCU\Software\Hilgraeve Inc] [HKCU\Software\IM Providers] [HKCU\Software\ImgBurn] [HKCU\Software\IncrediMail] [HKCU\Software\Intel] [HKCU\Software\JavaSoft] [HKCU\Software\KetilO] [HKCU\Software\LibreOffice] [HKCU\Software\Local AppWizard-Generated Applications] [HKCU\Software\LowRegistry] [HKCU\Software\Macromedia] [HKCU\Software\Malwarebytes' Anti-Malware] [HKCU\Software\ManiacTools] [HKCU\Software\Monitored] [HKCU\Software\Motorola] [HKCU\Software\MozillaPlugins] [HKCU\Software\Mozilla] [HKCU\Software\Netscape] [HKCU\Software\Nokia By Rolis] [HKCU\Software\NokiaTool] [HKCU\Software\Nokia] [HKCU\Software\ODBC] [HKCU\Software\ORL] [HKCU\Software\OnlineTVPlayer] [HKCU\Software\PCSuite] [HKCU\Software\PEiD] [HKCU\Software\PSC] [HKCU\Software\Patchou] [HKCU\Software\Philips Lighting] [HKCU\Software\Philips] [HKCU\Software\Piriform] [HKCU\Software\Policies] [HKCU\Software\QuickPar] [HKCU\Software\Realtek] [HKCU\Software\SEIKO EPSON] [HKCU\Software\SF Soft] [HKCU\Software\SFX TEAM] [HKCU\Software\Start Clean] [HKCU\Software\Symantec] [HKCU\Software\Sysinternals] [HKCU\Software\Systems Internals] [HKCU\Software\Teleca] [HKCU\Software\Trend Micro] [HKCU\Software\Trolltech] [HKCU\Software\VB and VBA Program Settings] [HKCU\Software\WinRAR SFX] [HKCU\Software\Winamp] [HKCU\Software\YahooPartnerToolbar] [HKCU\Software\Yahoo] [HKCU\Software\ej-technologies] [HKCU\Software\kde.org] [HKCU\Software\keyhole.com] [HKCU\Software\settings] [HKLM\Software\ALWIL Software] [HKLM\Software\ATI Technologies] [HKLM\Software\ATI] [HKLM\Software\ActiveState] [HKLM\Software\Adobe] [HKLM\Software\Apple Computer, Inc.] [HKLM\Software\Apple Inc.] [HKLM\Software\Audacity-tools] [HKLM\Software\Avira] [HKLM\Software\C07ft5Y] [HKLM\Software\CDDB] [HKLM\Software\Canon] [HKLM\Software\Classes] [HKLM\Software\Clients] [HKLM\Software\Cygnus Solutions] [HKLM\Software\ELTIMA Software] [HKLM\Software\EPSON] [HKLM\Software\FullCircle] [HKLM\Software\GEAR Software] [HKLM\Software\Gemplus] [HKLM\Software\Google] [HKLM\Software\Hewlett-Packard] [HKLM\Software\ICE] [HKLM\Software\InstallShield] [HKLM\Software\JavaRa] [HKLM\Software\JavaSoft] [HKLM\Software\JreMetrics] [HKLM\Software\LibreOffice] [HKLM\Software\Licenses] [HKLM\Software\Macromedia] [HKLM\Software\Malwarebytes' Anti-Malware] [HKLM\Software\Matrox] [HKLM\Software\MimarSinan] [HKLM\Software\Motorola Inc.] [HKLM\Software\Motorola] [HKLM\Software\MozillaPlugins] [HKLM\Software\Mozilla] [HKLM\Software\Nokia Mobile Phones] [HKLM\Software\Nokia] [HKLM\Software\Nullsoft] [HKLM\Software\ODBC] [HKLM\Software\OMSI] [HKLM\Software\OldTimer Tools] [HKLM\Software\OnlineTVPlayer] [HKLM\Software\PC Connectivity Solution] [HKLM\Software\PCSuite] [HKLM\Software\PSC] [HKLM\Software\Paretologic] [HKLM\Software\Patchou] [HKLM\Software\Perl] [HKLM\Software\Policies] [HKLM\Software\Program Groups] [HKLM\Software\RTLSetup] [HKLM\Software\Rainbow Technologies] [HKLM\Software\Realtek] [HKLM\Software\RegisteredApplications] [HKLM\Software\SIEDI] [HKLM\Software\SOFTWARE] [HKLM\Software\Safer Networking Limited] [HKLM\Software\Schlumberger] [HKLM\Software\Secure] [HKLM\Software\Symantec] [HKLM\Software\Symbian Foundation] [HKLM\Software\Symbian] [HKLM\Software\Trad-FR] [HKLM\Software\TrendMicro] [HKLM\Software\Trolltech] [HKLM\Software\VideoLAN] [HKLM\Software\Windows 3.1 Migration Status] [HKLM\Software\Windows] [HKLM\Software\X-AVCSD] [HKLM\Software\Yahoo] [HKLM\Software\mozilla.org] ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 13/02/2008 - 11:15:10 - [2845370] ----D- C:\Program Files\7-Zip O43 - CFD: 23/06/2011 - 06:00:54 - [83371145] ----D- C:\Program Files\Ad-Remover O43 - CFD: 23/12/2009 - 12:38:16 - [313658612] ----D- C:\Program Files\Adobe O43 - CFD: 20/06/2011 - 15:20:14 - [2251773] ----D- C:\Program Files\adslTV O43 - CFD: 06/05/2011 - 02:57:36 - [846839] ----D- C:\Program Files\Advanced Port Scanner O43 - CFD: 09/04/2008 - 09:28:06 - [0] ----D- C:\Program Files\Alwil Software O43 - CFD: 01/04/2010 - 09:50:00 - [2306366] ----D- C:\Program Files\Apple Software Update O43 - CFD: 10/01/2007 - 11:28:06 - [129430440] ----D- C:\Program Files\ATI Technologies O43 - CFD: 08/03/2011 - 06:39:18 - [10711065] ----D- C:\Program Files\Audacity-tools O43 - CFD: 10/03/2011 - 21:21:20 - [120972133] ----D- C:\Program Files\Avira O43 - CFD: 21/05/2008 - 10:29:14 - [82221] ----D- C:\Program Files\Blender Foundation O43 - CFD: 02/12/2010 - 14:18:46 - [599833] ----D- C:\Program Files\Bonjour O43 - CFD: 02/04/2008 - 11:02:02 - [273408] ----D- C:\Program Files\BusinessObjects O43 - CFD: 02/04/2008 - 14:53:12 - [11940310] ----D- C:\Program Files\Canon O43 - CFD: 15/10/2009 - 09:01:06 - [2761904] ----D- C:\Program Files\CCleaner O43 - CFD: 22/07/2008 - 10:11:30 - [8925761] ----D- C:\Program Files\CDBurnerXP O43 - CFD: 02/06/2010 - 09:28:26 - [1058040] ----D- C:\Program Files\CequenzeTech O43 - CFD: 20/11/2009 - 10:30:30 - [140461947] ----D- C:\Program Files\CodeBlocks O43 - CFD: 22/07/2009 - 15:34:42 - [0] ----D- C:\Program Files\COMODO O43 - CFD: 26/10/2005 - 21:56:32 - [0] ----D- C:\Program Files\ComPlus Applications O43 - CFD: 08/10/2009 - 11:20:40 - [39996447] ----D- C:\Program Files\Debugging Tools for Windows (x86) O43 - CFD: 08/06/2010 - 09:04:54 - [2117056] ----D- C:\Program Files\DIFX O43 - CFD: 10/05/2011 - 09:59:22 - [29975748] ----D- C:\Program Files\Droid Explorer O43 - CFD: 12/08/2008 - 14:56:00 - [0] ----D- C:\Program Files\Eltima Software O43 - CFD: 03/12/2009 - 10:43:08 - [2266061] ----D- C:\Program Files\EPSON O43 - CFD: 24/07/2010 - 11:53:12 - [541172930] ----D- C:\Program Files\Fichiers communs O43 - CFD: 06/10/2009 - 03:03:06 - [0] ----D- C:\Program Files\FMOD SoundSystem O43 - CFD: 08/09/2010 - 08:15:20 - [113898099] ----D- C:\Program Files\GIMP-2.0 O43 - CFD: 03/06/2011 - 08:18:12 - [92006891] ----D- C:\Program Files\Google O43 - CFD: 21/11/2008 - 11:48:00 - [0] ----D- C:\Program Files\Hewlett-Packard O43 - CFD: 21/11/2008 - 11:05:20 - [21841] ----D- C:\Program Files\HP O43 - CFD: 17/11/2009 - 09:04:10 - [2268041] ----D- C:\Program Files\ImgBurn O43 - CFD: 11/05/2010 - 09:25:08 - [205186876] ----D- C:\Program Files\Inkscape O43 - CFD: 14/04/2010 - 08:12:56 - [7305261] ----D- C:\Program Files\InstallShield Installation Information O43 - CFD: 16/06/2011 - 03:12:54 - [6090384] ----D- C:\Program Files\Internet Explorer O43 - CFD: 02/12/2010 - 14:24:36 - [1856115] ----D- C:\Program Files\iPod O43 - CFD: 02/12/2010 - 14:25:48 - [128507080] ----D- C:\Program Files\iTunes O43 - CFD: 09/04/2010 - 09:20:00 - [181938677] ----D- C:\Program Files\Java O43 - CFD: 07/07/2009 - 09:52:02 - [0] ----D- C:\Program Files\Lavasoft O43 - CFD: 10/05/2011 - 10:42:44 - [452963608] ----D- C:\Program Files\LibreOffice 3 O43 - CFD: 07/06/2011 - 05:59:04 - [7601764] ----D- C:\Program Files\Malwarebytes' Anti-Malware O43 - CFD: 13/08/2008 - 03:02:16 - [2152579] ----D- C:\Program Files\Messenger O43 - CFD: 09/10/2008 - 07:01:24 - [16051042] ----D- C:\Program Files\Messenger Plus! Live O43 - CFD: 14/10/2009 - 13:14:12 - [226432] ----D- C:\Program Files\Microsoft O43 - CFD: 26/10/2005 - 21:56:38 - [0] ----D- C:\Program Files\microsoft frontpage O43 - CFD: 16/07/2009 - 13:54:44 - [579673672] ----D- C:\Program Files\Microsoft SDKs O43 - CFD: 16/06/2011 - 03:47:16 - [39437763] ----D- C:\Program Files\Microsoft Silverlight O43 - CFD: 30/11/2009 - 04:03:02 - [330609518] ----D- C:\Program Files\Microsoft SQL Server O43 - CFD: 15/04/2008 - 10:17:52 - [1829877] ----D- C:\Program Files\Microsoft SQL Server Compact Edition O43 - CFD: 24/11/2009 - 14:54:34 - [1057214247] ----D- C:\Program Files\Microsoft Visual Studio 9.0 O43 - CFD: 24/11/2009 - 15:17:22 - [9548674] ----D- C:\Program Files\Microsoft.NET O43 - CFD: 07/09/2010 - 11:20:36 - [0] ----D- C:\Program Files\Module de controle O43 - CFD: 21/03/2008 - 08:10:44 - [10547685] ----D- C:\Program Files\Module de controle AVCE O43 - CFD: 23/12/2009 - 12:52:16 - [10576050] ----D- C:\Program Files\Motorola O43 - CFD: 28/10/2010 - 03:03:16 - [16098828] ----D- C:\Program Files\Movie Maker O43 - CFD: 24/06/2011 - 06:11:24 - [36190737] ----D- C:\Program Files\Mozilla Firefox O43 - CFD: 21/06/2011 - 07:13:46 - [36000316] ----D- C:\Program Files\Mozilla Thunderbird O43 - CFD: 26/03/2009 - 07:56:54 - [25757] ----D- C:\Program Files\MSBuild O43 - CFD: 15/04/2008 - 10:04:58 - [19278399] ----D- C:\Program Files\MSN O43 - CFD: 26/10/2005 - 21:56:42 - [8745735] ----D- C:\Program Files\MSN Gaming Zone O43 - CFD: 24/12/2009 - 04:00:42 - [0] ----D- C:\Program Files\MSXML 4.0 O43 - CFD: 24/11/2009 - 15:15:18 - [17340] ----D- C:\Program Files\MSXML 6.0 O43 - CFD: 01/09/2010 - 10:57:58 - [36315093] ----D- C:\Program Files\MultimediaTools O43 - CFD: 11/09/2009 - 14:25:38 - [1996797] ----D- C:\Program Files\NASM O43 - CFD: 20/05/2008 - 08:15:42 - [3285523] ----D- C:\Program Files\NetMeeting O43 - CFD: 17/06/2011 - 00:32:18 - [145176467] ----D- C:\Program Files\Nokia O43 - CFD: 02/06/2009 - 08:16:36 - [6538306] ----D- C:\Program Files\Notepad++ O43 - CFD: 08/06/2010 - 09:28:04 - [757760] ----D- C:\Program Files\ODEON O43 - CFD: 26/10/2005 - 21:56:46 - [1804] ----D- C:\Program Files\Online Services O43 - CFD: 24/11/2008 - 07:58:08 - [815] ----D- C:\Program Files\Online TV Player 4 O43 - CFD: 21/01/2009 - 10:06:42 - [63012] ----D- C:\Program Files\OpenOffice.org 2.4 O43 - CFD: 10/05/2011 - 10:02:52 - [33725333] ----D- C:\Program Files\OpenOffice.org 3 O43 - CFD: 17/12/2010 - 04:01:44 - [4379321] ----D- C:\Program Files\Outlook Express O43 - CFD: 08/06/2010 - 09:04:30 - [13016215] ----D- C:\Program Files\PC Connectivity Solution O43 - CFD: 14/09/2010 - 13:44:12 - [3215] ----D- C:\Program Files\PokerStars O43 - CFD: 21/10/2010 - 14:34:34 - [55335639] ----D- C:\Program Files\PokerStars.FR O43 - CFD: 21/06/2011 - 05:41:56 - [222881440] ----D- C:\Program Files\PROGRESS O43 - CFD: 13/02/2008 - 11:15:02 - [1035316] ----D- C:\Program Files\QuickPar O43 - CFD: 02/12/2010 - 14:15:56 - [76337719] ----D- C:\Program Files\QuickTime O43 - CFD: 20/10/2008 - 10:49:58 - [662006] ----D- C:\Program Files\Rainbow Technologies O43 - CFD: 02/04/2008 - 10:10:40 - [0] ----D- C:\Program Files\Realtek O43 - CFD: 26/03/2009 - 07:56:44 - [60177686] ----D- C:\Program Files\Reference Assemblies O43 - CFD: 02/12/2010 - 14:16:52 - [42295319] ----D- C:\Program Files\Safari O43 - CFD: 26/10/2005 - 21:56:46 - [1025] ----D- C:\Program Files\Services en ligne O43 - CFD: 03/09/2009 - 07:00:16 - [3808600] ----D- C:\Program Files\Spybot - Search & Destroy O43 - CFD: 09/10/2009 - 10:09:56 - [1226139] ----D- C:\Program Files\SuperCopier2 O43 - CFD: 03/04/2008 - 13:01:46 - [29514681] ----D- C:\Program Files\Symantec O43 - CFD: 21/06/2011 - 11:40:36 - [1184773] ----D- C:\Program Files\trend micro O43 - CFD: 20/07/2010 - 11:51:02 - [388096] ----D- C:\Program Files\TrendMicro O43 - CFD: 02/04/2008 - 11:00:06 - [24] ----D- C:\Program Files\Uninstall Information O43 - CFD: 17/01/2008 - 15:48:00 - [65307105] ----D- C:\Program Files\VideoLAN O43 - CFD: 02/12/2009 - 10:44:14 - [3303027] ----D- C:\Program Files\WBFS O43 - CFD: 16/09/2010 - 06:42:48 - [40911850] ----D- C:\Program Files\Winamp O43 - CFD: 11/01/2010 - 10:24:44 - [5418300] ----D- C:\Program Files\Windows Desktop Search O43 - CFD: 14/10/2009 - 13:19:48 - [81422460] ----D- C:\Program Files\Windows Live O43 - CFD: 11/03/2009 - 07:46:10 - [245112] ----D- C:\Program Files\Windows Live SkyDrive O43 - CFD: 10/01/2007 - 12:13:18 - [3581070] ----D- C:\Program Files\Windows Media Connect 2 O43 - CFD: 20/05/2008 - 08:15:38 - [8321242] ----D- C:\Program Files\Windows Media Player O43 - CFD: 20/05/2008 - 08:15:38 - [3942655] ----D- C:\Program Files\Windows NT O43 - CFD: 26/10/2005 - 21:56:48 - [0] ----D- C:\Program Files\WindowsUpdate O43 - CFD: 19/12/2008 - 04:07:16 - [0] ----D- C:\Program Files\WinRAR O43 - CFD: 20/12/2009 - 01:00:00 - [303358862] ---AD- C:\Program Files\xampp O43 - CFD: 26/10/2005 - 21:56:48 - [0] ----D- C:\Program Files\xerox O43 - CFD: 10/03/2011 - 20:55:28 - [0] ----D- C:\Program Files\Yahoo! O43 - CFD: 24/06/2011 - 13:12:54 - [4047954] ----D- C:\Program Files\ZHPDiag O43 - CFD: 11/10/2010 - 15:18:40 - [6247934] ----D- C:\Program Files\Fichiers Communs\Adobe O43 - CFD: 02/12/2010 - 14:24:34 - [94762864] ----D- C:\Program Files\Fichiers Communs\Apple O43 - CFD: 03/12/2009 - 10:42:52 - [2614626] ----D- C:\Program Files\Fichiers Communs\EPSON O43 - CFD: 21/11/2008 - 11:03:14 - [155648] ----D- C:\Program Files\Fichiers Communs\Hewlett-Packard O43 - CFD: 02/04/2008 - 10:10:30 - [8204164] ----D- C:\Program Files\Fichiers Communs\InstallShield O43 - CFD: 24/07/2010 - 10:13:40 - [80603999] ----D- C:\Program Files\Fichiers Communs\Java O43 - CFD: 24/11/2009 - 14:28:26 - [1565696] ----D- C:\Program Files\Fichiers Communs\Merge Modules O43 - CFD: 11/01/2010 - 09:06:14 - [63906476] ----D- C:\Program Files\Fichiers Communs\Microsoft Shared O43 - CFD: 26/10/2005 - 21:56:34 - [284160] ----D- C:\Program Files\Fichiers Communs\MSSoap O43 - CFD: 17/06/2011 - 00:31:38 - [42858571] ----D- C:\Program Files\Fichiers Communs\Nokia O43 - CFD: 26/10/2005 - 21:56:34 - [0] ----D- C:\Program Files\Fichiers Communs\ODBC O43 - CFD: 02/04/2008 - 10:59:12 - [217088] ----D- C:\Program Files\Fichiers Communs\Progress Software O43 - CFD: 26/10/2005 - 21:56:34 - [8106] ----D- C:\Program Files\Fichiers Communs\Services O43 - CFD: 26/10/2005 - 21:56:34 - [3787229] ----D- C:\Program Files\Fichiers Communs\SpeechEngines O43 - CFD: 03/04/2008 - 13:01:56 - [4311415] ----D- C:\Program Files\Fichiers Communs\Symantec Shared O43 - CFD: 07/04/2010 - 18:18:04 - [8021689] ----D- C:\Program Files\Fichiers Communs\Symbian O43 - CFD: 20/05/2008 - 08:15:34 - [6811317] ----D- C:\Program Files\Fichiers Communs\System O43 - CFD: 17/06/2011 - 00:27:46 - [603136] ----D- C:\Program Files\Fichiers Communs\Teleca Shared O43 - CFD: 11/03/2009 - 07:40:54 - [176717231] ----D- C:\Program Files\Fichiers Communs\Windows Live O43 - CFD: 15/04/2008 - 10:16:24 - [20666877] -S--D- C:\Program Files\Fichiers Communs\WindowsLiveInstaller O43 - CFD: 07/07/2009 - 08:09:08 - [18824704] ----D- C:\Program Files\Fichiers Communs\Wise Installation Wizard O43 - CFD: 15/06/2009 - 11:50:04 - [8451949] ----D- C:\Documents and Settings\Administrateur\Application Data\Adobe O43 - CFD: 07/08/2007 - 10:40:00 - [0] ----D- C:\Documents and Settings\Administrateur\Application Data\AdobeUM O43 - CFD: 03/12/2010 - 10:57:04 - [196353794] ----D- C:\Documents and Settings\Administrateur\Application Data\Apple Computer O43 - CFD: 10/01/2007 - 11:32:56 - [0] ----D- C:\Documents and Settings\Administrateur\Application Data\ATI O43 - CFD: 25/03/2011 - 00:00:36 - [0] ----D- C:\Documents and Settings\Administrateur\Application Data\Avira O43 - CFD: 21/05/2008 - 10:29:18 - [5646620] ----D- C:\Documents and Settings\Administrateur\Application Data\Blender Foundation O43 - CFD: 22/07/2008 - 10:12:18 - [7020] ----D- C:\Documents and Settings\Administrateur\Application Data\Canneverbe_Limited O43 - CFD: 20/06/2011 - 06:18:44 - [37842] ----D- C:\Documents and Settings\Administrateur\Application Data\codeblocks O43 - CFD: 28/10/2010 - 10:51:04 - [107255] ----D- C:\Documents and Settings\Administrateur\Application Data\DroidExplorer O43 - CFD: 25/11/2009 - 16:03:28 - [199] ----D- C:\Documents and Settings\Administrateur\Application Data\dvdcss O43 - CFD: 28/03/2009 - 16:31:18 - [2135] ----D- C:\Documents and Settings\Administrateur\Application Data\Ethereal O43 - CFD: 14/10/2008 - 11:42:48 - [13689] ----D- C:\Documents and Settings\Administrateur\Application Data\FileZilla O43 - CFD: 19/03/2009 - 09:03:54 - [33375] ----D- C:\Documents and Settings\Administrateur\Application Data\Google O43 - CFD: 01/04/2010 - 13:34:16 - [2237386] ----D- C:\Documents and Settings\Administrateur\Application Data\GrabIt O43 - CFD: 07/08/2007 - 10:32:18 - [0] ----D- C:\Documents and Settings\Administrateur\Application Data\Help O43 - CFD: 21/11/2008 - 11:27:44 - [41230] ----D- C:\Documents and Settings\Administrateur\Application Data\HP O43 - CFD: 26/10/2005 - 21:56:12 - [0] ----D- C:\Documents and Settings\Administrateur\Application Data\Identities O43 - CFD: 17/11/2009 - 09:04:30 - [1212] ----D- C:\Documents and Settings\Administrateur\Application Data\ImgBurn O43 - CFD: 11/05/2010 - 09:26:40 - [26006] ----D- C:\Documents and Settings\Administrateur\Application Data\inkscape O43 - CFD: 10/05/2011 - 10:47:00 - [4755992] ----D- C:\Documents and Settings\Administrateur\Application Data\LibreOffice O43 - CFD: 26/05/2008 - 14:58:40 - [5191924] ----D- C:\Documents and Settings\Administrateur\Application Data\Macromedia O43 - CFD: 15/10/2009 - 09:00:18 - [57851] ----D- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes O43 - CFD: 20/07/2010 - 11:51:06 - [3106842] -S--D- C:\Documents and Settings\Administrateur\Application Data\Microsoft O43 - CFD: 24/06/2008 - 11:11:10 - [21122905] ----D- C:\Documents and Settings\Administrateur\Application Data\Mozilla O43 - CFD: 15/04/2008 - 10:04:56 - [327] ----D- C:\Documents and Settings\Administrateur\Application Data\MSNInstaller O43 - CFD: 08/06/2010 - 09:22:54 - [12805770] ----D- C:\Documents and Settings\Administrateur\Application Data\Nokia O43 - CFD: 01/07/2008 - 08:21:00 - [99954] ----D- C:\Documents and Settings\Administrateur\Application Data\Notepad++ O43 - CFD: 21/01/2009 - 10:20:46 - [5535506] ----D- C:\Documents and Settings\Administrateur\Application Data\OpenOffice.org O43 - CFD: 15/01/2009 - 07:26:26 - [4127692] ----D- C:\Documents and Settings\Administrateur\Application Data\OpenOffice.org2 O43 - CFD: 08/06/2010 - 09:27:24 - [20934187] ----D- C:\Documents and Settings\Administrateur\Application Data\PC Suite O43 - CFD: 07/04/2008 - 09:02:44 - [112372429] ----D- C:\Documents and Settings\Administrateur\Application Data\Sun O43 - CFD: 02/04/2008 - 15:11:42 - [27948] ----D- C:\Documents and Settings\Administrateur\Application Data\Symantec O43 - CFD: 07/04/2008 - 07:52:18 - [11380] ----D- C:\Documents and Settings\Administrateur\Application Data\Talkback O43 - CFD: 17/06/2011 - 00:27:52 - [19352652] ----D- C:\Documents and Settings\Administrateur\Application Data\Teleca O43 - CFD: 21/06/2011 - 09:03:56 - [477582] ----D- C:\Documents and Settings\Administrateur\Application Data\Thunderbird O43 - CFD: 14/10/2010 - 22:49:24 - [1072565] ----D- C:\Documents and Settings\Administrateur\Application Data\vlc O43 - CFD: 16/09/2010 - 08:59:42 - [245520] ----D- C:\Documents and Settings\Administrateur\Application Data\Winamp O43 - CFD: 11/01/2010 - 09:29:38 - [196] ----D- C:\Documents and Settings\Administrateur\Application Data\Windows Desktop Search O43 - CFD: 12/01/2010 - 11:02:18 - [0] ----D- C:\Documents and Settings\Administrateur\Application Data\Windows Search O43 - CFD: 04/06/2008 - 09:06:16 - [0] ----D- C:\Documents and Settings\Administrateur\Application Data\WinRAR O43 - CFD: 14/10/2010 - 21:41:32 - [0] ----D- C:\Documents and Settings\Administrateur\Application Data\Yahoo! O43 - CFD: 11/10/2010 - 15:18:14 - [559329] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Adobe O43 - CFD: 01/04/2010 - 09:50:14 - [0] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Apple O43 - CFD: 03/12/2010 - 10:57:04 - [60538101] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Apple Computer O43 - CFD: 28/10/2008 - 15:08:06 - [13778] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\ApplicationHistory O43 - CFD: 10/01/2007 - 11:32:56 - [9704] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\ATI O43 - CFD: 08/03/2011 - 06:39:14 - [5036644] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Audacity-tools O43 - CFD: 13/07/2010 - 08:07:16 - [307577355] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google O43 - CFD: 07/08/2007 - 10:32:18 - [0] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Help O43 - CFD: 14/04/2008 - 09:02:38 - [283868] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Identities O43 - CFD: 07/10/2008 - 08:49:16 - [6183236] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\IM O43 - CFD: 27/01/2011 - 21:36:32 - [239296876] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft O43 - CFD: 16/07/2009 - 13:56:02 - [0] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft Help O43 - CFD: 07/04/2008 - 07:52:00 - [75001414] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla O43 - CFD: 08/06/2010 - 09:27:32 - [1211694] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Nokia O43 - CFD: 14/06/2010 - 09:51:14 - [277] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\NokiaAccount O43 - CFD: 16/10/2009 - 06:21:04 - [0] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\PCHealth O43 - CFD: 01/04/2010 - 11:52:38 - [144725] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\QuickPar O43 - CFD: 12/05/2010 - 11:26:34 - [477] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\qwatch O43 - CFD: 30/04/2011 - 04:05:14 - [0] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Temp O43 - CFD: 21/06/2011 - 09:03:56 - [4919140] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Thunderbird O43 - CFD: 07/08/2008 - 09:57:18 - [5651493] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Trolltech O43 - CFD: 04/04/2008 - 10:49:58 - [1564729] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\V-Safe 100 O43 - CFD: 02/12/2009 - 11:33:58 - [2896] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\WBFSManager O43 - CFD: 26/10/2010 - 15:22:42 - [0] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\WMTools Downloaded Files ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.D8EE1300FEFFFFFF57494E444F577E31] - 24/06/2011 - 10:59:41 ---A- . (...) -- C:\WINDOWS\WindowsUpdate.log [1379067] O44 - LFC:[MD5.D1FBC79E41F718B7274AD888BAD967D3] - 24/06/2011 - 09:15:36 ---A- . (...) -- C:\WINDOWS\setupact.log [4507] O44 - LFC:[MD5.220B1E198AB18FBF7CB8C8274D8EB423] - 24/06/2011 - 09:15:36 ---A- . (...) -- C:\WINDOWS\setupapi.log [388781] O44 - LFC:[MD5.533ECC191332867BC9CA7B921672241D] - 24/06/2011 - 09:14:46 ---A- . (...) -- C:\WINDOWS\System32\wpa.dbl [1158] O44 - LFC:[MD5.D8EE1300FEFFFFFF000000000CF21300] - 24/06/2011 - 09:13:59 ---A- . (...) -- C:\WINDOWS\wiadebug.log [157] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 24/06/2011 - 09:13:57 ---A- . (...) -- C:\WINDOWS\0.log [0] O44 - LFC:[MD5.D8EE1300FEFFFFFF000000000CF21300] - 24/06/2011 - 09:13:57 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50] O44 - LFC:[MD5.D8EE1300FEFFFFFF000000000CF21300] - 24/06/2011 - 09:12:24 ---A- . (...) -- C:\WINDOWS\SchedLgU.Txt [32464] O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 24/06/2011 - 09:12:08 -S-A- . (...) -- C:\WINDOWS\bootstat.dat [2048] O44 - LFC:[MD5.9D53636B6B0C6490D8E351537E9DDE9D] - 24/06/2011 - 08:20:49 ---A- . (...) -- C:\WINDOWS\System32\protrace.1608 [206] O44 - LFC:[MD5.F09F3C4BD7CC5C9FFF1F11595EE717A8] - 23/06/2011 - 05:04:39 ---A- . (...) -- C:\Ad-Report-CLEAN[1].txt [5655] O44 - LFC:[MD5.4F5452B2AE13886775B6AC026A60822F] - 23/06/2011 - 05:01:55 ---A- . (...) -- C:\Ad-Report-SCAN[1].txt [5525] O44 - LFC:[MD5.1A75BE5D1D55FFBE27A638B31002FFFE] - 23/06/2011 - 04:57:09 ---A- . (...) -- C:\TDSSKiller.2.5.5.0_23.06.2011_05.54.27_log.txt [54508] O44 - LFC:[MD5.F5F5A89E7FE78A0E1222620BB2D4E16D] - 23/06/2011 - 04:48:00 ---A- . (...) -- C:\TDSSKiller.2.5.5.0_23.06.2011_05.46.37_log.txt [55258] O44 - LFC:[MD5.1B8E32C958CB90DF159CDAE8B6C1FABC] - 23/06/2011 - 04:46:38 ---A- . (...) -- C:\WINDOWS\ntbtlog.txt [1591204] O44 - LFC:[MD5.0935219A3CBD4D4B39B7474A1496F220] - 22/06/2011 - 10:49:27 ---A- . (...) -- C:\PhysicalDisk0_MBR.bin [512] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 22/06/2011 - 10:14:12 ---A- . (...) -- C:\WINDOWS\System32\protrace.2132 [0] O44 - LFC:[MD5.914C809619A3D901FF3D80E692D1DBDA] - 21/06/2011 - 10:04:18 ---A- . (...) -- C:\WINDOWS\System32\protrace.2172 [56] O44 - LFC:[MD5.B553EE031A11375365AF199E9415402B] - 21/06/2011 - 05:27:37 ---A- . (...) -- C:\WINDOWS\ProgressUninstall9.1D [16132] O44 - LFC:[MD5.9895B9EDC851E11A48378590E90DACB5] - 20/06/2011 - 13:13:15 ---A- . (...) -- C:\WINDOWS\system.ini [274] O44 - LFC:[MD5.D89586495918ED1062DED8D2490CAC47] - 20/06/2011 - 13:13:15 ---A- . (...) -- C:\WINDOWS\win.ini [608] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 20/06/2011 - 10:18:44 ---A- . (...) -- C:\WINDOWS\System32\protrace.2524 [0] O44 - LFC:[MD5.D10CD201F6E90FFFD9EB6F9D33C91E70] - 20/06/2011 - 06:46:10 ---A- . (...) -- C:\WINDOWS\srun.log [12] O44 - LFC:[MD5.B6B54B87A76013FA4BCEFB3C657DB472] - 16/06/2011 - 23:28:53 ---A- . (...) -- C:\WINDOWS\DPINST.LOG [51118] O44 - LFC:[MD5.0BB8EF138F5411C5AD04C81220398340] - 16/06/2011 - 23:16:24 ---A- . (...) -- C:\WINDOWS\System32\protrace.2936 [206] O44 - LFC:[MD5.1BA9AC94710CFE525A733DA806694F43] - 16/06/2011 - 02:16:09 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [711641] O44 - LFC:[MD5.3EBC5634B9351062E06CE0518CF4A319] - 16/06/2011 - 02:16:09 ---A- . (...) -- C:\WINDOWS\KB2476490.log [37579] O44 - LFC:[MD5.0C92373452815A558809F1345A6BDAA3] - 16/06/2011 - 02:16:09 ---A- . (...) -- C:\WINDOWS\MedCtrOC.log [49169] O44 - LFC:[MD5.ADD40BE7767399E9D7F4F4356023621C] - 16/06/2011 - 02:16:09 ---A- . (...) -- C:\WINDOWS\comsetup.log [235711] O44 - LFC:[MD5.772B0079049A3493D6D7202F2B586025] - 16/06/2011 - 02:16:09 ---A- . (...) -- C:\WINDOWS\iis6.log [760066] O44 - LFC:[MD5.CA739196023E113C1C75F00A0525DA87] - 16/06/2011 - 02:16:09 ---A- . (...) -- C:\WINDOWS\imsins.log [1374] O44 - LFC:[MD5.258FC51A2990DC7DC22AF494426E7311] - 16/06/2011 - 02:16:09 ---A- . (...) -- C:\WINDOWS\msgsocm.log [35614] O44 - LFC:[MD5.548A2C6CFDB1C242039771D7A3598A20] - 16/06/2011 - 02:16:09 ---A- . (...) -- C:\WINDOWS\netfxocm.log [125054] O44 - LFC:[MD5.6CD0230BFF7D3D0F611B2D989C937E8E] - 16/06/2011 - 02:16:09 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [142864] O44 - LFC:[MD5.0337B1306F98E2CA32A8CA109DAD3E66] - 16/06/2011 - 02:16:09 ---A- . (...) -- C:\WINDOWS\ocgen.log [342756] O44 - LFC:[MD5.EE34E7F6C207872201EB6E2ECEEA9D1D] - 16/06/2011 - 02:16:09 ---A- . (...) -- C:\WINDOWS\ocmsn.log [39749] O44 - LFC:[MD5.19322097654178008860349F9DA30152] - 16/06/2011 - 02:16:09 ---A- . (...) -- C:\WINDOWS\tabletoc.log [35765] O44 - LFC:[MD5.A682BB798D9D27CA14BF3CC8D2626A49] - 16/06/2011 - 02:16:09 ---A- . (...) -- C:\WINDOWS\tsoc.log [326191] O44 - LFC:[MD5.0A566779C78A1D87727AD3150B673707] - 16/06/2011 - 02:16:08 ---A- . (...) -- C:\WINDOWS\msmqinst.log [216572] O44 - LFC:[MD5.A79D4151DD1F60C0C665E426F91F34A5] - 16/06/2011 - 02:15:54 ---A- . (...) -- C:\WINDOWS\KB2503665.log [23570] O44 - LFC:[MD5.F3618FE815E4D3821DA3484FBBC2C2C6] - 16/06/2011 - 02:15:54 ---A- . (...) -- C:\WINDOWS\imsins.BAK [1374] O44 - LFC:[MD5.F1C365A31A8C0693DC258D09006E4E18] - 16/06/2011 - 02:14:40 ---A- . (...) -- C:\WINDOWS\KB2535512.log [23589] O44 - LFC:[MD5.3ADD81A1DC68030C6448498D1217712B] - 16/06/2011 - 02:13:21 ---A- . (...) -- C:\WINDOWS\KB2536276.log [23668] O44 - LFC:[MD5.4D2428CE53CAE6653E85350DEEA5CCBE] - 16/06/2011 - 02:13:06 ---A- . (...) -- C:\WINDOWS\KB2530548-IE8.log [27623] O44 - LFC:[MD5.0B97D60178CE297FF3B293FD88013100] - 16/06/2011 - 02:12:50 ---A- . (...) -- C:\WINDOWS\updspapi.log [51815] O44 - LFC:[MD5.997154D3CD5C6139CBB86C61C26BF4E3] - 16/06/2011 - 02:09:44 ---A- . (...) -- C:\WINDOWS\KB2544893.log [20162] O44 - LFC:[MD5.3F587D721843DCED203FB34D7941A2EE] - 16/06/2011 - 02:02:02 ---A- . (...) -- C:\WINDOWS\KB2544521-IE8.log [17517] O44 - LFC:[MD5.B309912717C29FC67E1BA4730A82B6DD] - 29/05/2011 - 08:11:30 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [39984] O44 - LFC:[MD5.3D2C13377763EEAC0CA6FB46F57217ED] - 29/05/2011 - 08:11:20 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\System32\drivers\mbam.sys [22712] ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll O46 - SEH:ShellExecuteHooks - URL Exec Hook - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll ---\\ Export de clé d'application autorisée (O47) O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe O47 - AAKE:Key Export SP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\CNAB3RPK.EXE" [Enabled] .(.CANON INC. - Canon Advanced Printing Technology RPC Server Process.) -- C:\WINDOWS\system32\CNAB3RPK.exe O47 - AAKE:Key Export SP - "C:\Program Files\Messenger\msmsgs.exe" [Enabled] .(.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe O47 - AAKE:Key Export SP - "C:\Casino\bwin Casino\casino.exe" [Enabled] .(...) -- C:\Casino\bwin Casino\casino.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Program Files\adslTV\adsltv.exe" [Enabled] .(...) -- C:\Program Files\adslTV\adsltv.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Program Files\adslTV\vlc.exe" [Enabled] .(...) -- C:\Program Files\adslTV\vlc.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Program Files\Mozilla Firefox\firefox.exe" [Enabled] .(.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\mmc.exe" [Enabled] .(.Microsoft Corporation - Microsoft Management Console.) -- C:\WINDOWS\system32\mmc.exe O47 - AAKE:Key Export SP - "D:\setup\HPZNET01.EXE" [Enabled] .(...) -- D:\setup\HPZNET01.exe (.not file.) O47 - AAKE:Key Export SP - "D:\setup\HPONICIFS01.EXE" [Enabled] .(...) -- D:\setup\HPONICIFS01.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" [Enabled] .(...) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" [Enabled] .(...) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" [Enabled] .(...) -- C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" [Enabled] .(...) -- C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" [Enabled] .(...) -- C:\Program Files\HP\Digital Imaging\bin\hposid01.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" [Enabled] .(...) -- C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" [Enabled] .(...) -- C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" [Enabled] .(...) -- C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" [Enabled] .(...) -- C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" [Enabled] .(...) -- C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" [Enabled] .(...) -- C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" [Enabled] .(.Microsoft Corporation - Windows Live Call.) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe O47 - AAKE:Key Export SP - "C:\Documents and Settings\Administrateur\Mes documents\prog\sdl\ddd\socket\bin\Debug\socket.exe" [Enabled] .(...) -- C:\Documents and Settings\Administrateur\Mes documents\prog\sdl\ddd\socket\bin\Debug\socket.exe O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [Enabled] .(.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" [Enabled] .(.Microsoft Corporation - Windows Live Sync.) -- C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe O47 - AAKE:Key Export SP - "C:\WINDOWS\explorer.exe" [Enabled] .(.Microsoft Corporation - Explorateur Windows.) -- C:\WINDOWS\explorer.exe O47 - AAKE:Key Export SP - "C:\Program Files\Symantec\pcAnywhere\winaw32.exe" [Enabled] .(.Symantec Corporation - pcAnywhere Main Program.) -- C:\Program Files\Symantec\pcAnywhere\winaw32.exe O47 - AAKE:Key Export SP - "C:\Program Files\Symantec\pcAnywhere\awhost32.exe" [Enabled] .(.Symantec Corporation - pcAnywhere Host.) -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe O47 - AAKE:Key Export SP - "C:\eclipse\eclipse\eclipse.exe" [Enabled] .(...) -- C:\eclipse\eclipse\eclipse.exe O47 - AAKE:Key Export SP - "C:\Program Files\Bonjour\mDNSResponder.exe" [Enabled] .(.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe O47 - AAKE:Key Export SP - "C:\Program Files\iTunes\iTunes.exe" [Enabled] .(.Apple Inc. - iTunes.) -- C:\Program Files\iTunes\iTunes.exe O47 - AAKE:Key Export SP - "C:\Program Files\xampp\mysql\bin\mysqld.exe" [Enabled] .(.MySQL AB - The MySQL Server.) -- C:\Program Files\xampp\mysql\bin\mysqld.exe O47 - AAKE:Key Export SP - "C:\Program Files\xampp\apache\bin\httpd.exe" [Enabled] .(.Apache Software Foundation - Apache HTTP Server.) -- C:\Program Files\xampp\apache\bin\httpd.exe O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\spoolsv.exe" [Disabled] .(.Microsoft Corporation - Spooler SubSystem App.) -- C:\WINDOWS\system32\spoolsv.exe O47 - AAKE:Key Export SP - "C:\Program Files\Google\Google Earth\client\googleearth.exe" [Enabled] .(.Google - Google Earth.) -- C:\Program Files\Google\Google Earth\client\googleearth.exe O47 - AAKE:Key Export SP - "C:\Documents and Settings\Administrateur\Mes documents\Téléchargements\tinyumbrella-4.21.11.exe" [Enabled] .(...) -- C:\Documents and Settings\Administrateur\Mes documents\Téléchargements\tinyumbrella-4.21.11.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Program Files\adslTV\VLC\vlc.exe" [Enabled] .(...) -- C:\Program Files\adslTV\VLC\vlc.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Documents and Settings\Administrateur\Mes documents\prog\sdl\ddd\socket2\bin\Debug\socket2.exe" [Enabled] .(...) -- C:\Documents and Settings\Administrateur\Mes documents\prog\sdl\ddd\socket2\bin\Debug\socket2.exe O47 - AAKE:Key Export SP - "C:\Documents and Settings\Administrateur\Mes documents\prog\sdl\ddd\socket2\bin\Release\socket2.exe" [Enabled] .(...) -- C:\Documents and Settings\Administrateur\Mes documents\prog\sdl\ddd\socket2\bin\Release\socket2.exe O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe O47 - AAKE:Key Export DP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" [Enabled] .(.Microsoft Corporation - Windows Live Call.) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [Enabled] .(.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" [Enabled] .(.Microsoft Corporation - Windows Live Sync.) -- C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe ---\\ Contrôle du Safe Boot (CSB) (O49) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmboot.sys . (.Microsoft Corp., Veritas Software - Pilote de démarrage du gestionnaire de disque NT.) -- C:\WINDOWS\System32\Drivers\dmboot.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmio.sys . (.Microsoft Corp., Veritas Software - Pilote E/S du Gestionnaire de disques NT.) -- C:\WINDOWS\System32\Drivers\dmio.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmload.sys . (.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) -- C:\WINDOWS\System32\Drivers\dmload.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\WINDOWS\System32\Drivers\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sr.sys . (.Microsoft Corporation - Pilote de filtre de système de fichiers pour la restauration du système.) -- C:\WINDOWS\System32\Drivers\sr.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\WINDOWS\System32\Drivers\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\WINDOWS\System32\Drivers\vgasave.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\Wdf01000.sys . (.Microsoft Corporation - WDF Dynamic.) -- C:\WINDOWS\System32\Drivers\Wdf01000.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmboot.sys . (.Microsoft Corp., Veritas Software - Pilote de démarrage du gestionnaire de disque NT.) -- C:\WINDOWS\System32\Drivers\dmboot.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmio.sys . (.Microsoft Corp., Veritas Software - Pilote E/S du Gestionnaire de disques NT.) -- C:\WINDOWS\System32\Drivers\dmio.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmload.sys . (.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) -- C:\WINDOWS\System32\Drivers\dmload.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ip6fw.sys . (.Microsoft Corporation - IPv6 Windows Firewall Driver.) -- C:\WINDOWS\System32\Drivers\ip6fw.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\WINDOWS\System32\Drivers\ipnat.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nm.sys . (...) -- C:\WINDOWS\System32\Drivers\nm.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpcdd.sys . (.Microsoft Corporation - RDP Miniport.) -- C:\WINDOWS\System32\Drivers\rdpcdd.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpdd.sys . (...) -- C:\WINDOWS\System32\Drivers\rdpdd.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpwd.sys . (.Microsoft Corporation - RDP Terminal Stack Driver (US/Canada Only, Not for Export).) -- C:\WINDOWS\System32\Drivers\rdpwd.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\WINDOWS\System32\Drivers\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sr.sys . (.Microsoft Corporation - Pilote de filtre de système de fichiers pour la restauration du système.) -- C:\WINDOWS\System32\Drivers\sr.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdpipe.sys . (.Microsoft Corporation - Named Pipe Transport Driver.) -- C:\WINDOWS\System32\Drivers\tdpipe.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdtcp.sys . (.Microsoft Corporation - TCP Transport Driver.) -- C:\WINDOWS\System32\Drivers\tdtcp.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\WINDOWS\System32\Drivers\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\WINDOWS\System32\Drivers\vgasave.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\Wdf01000.sys . (.Microsoft Corporation - WDF Dynamic.) -- C:\WINDOWS\System32\Drivers\Wdf01000.sys ---\\ Image File Execution Options (IFEO) (O50) O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d ---\\ Trojan Driver Search Data (HKLM) (O52) O52 - TDSD: \Drivers32\"msacm.trspch"="tssoft32.acm" . (.DSP GROUP, INC. - Codec audio TrueSpeech DSP Group pour MSACM V3.50.) -- C:\WINDOWS\System32\tssoft32.acm O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\WINDOWS\System32\iccvid.dll O52 - TDSD: \Drivers32\"vidc.iv31"="ir32_32.dll" . (...) -- C:\WINDOWS\System32\ir32_32.dll O52 - TDSD: \Drivers32\"vidc.iv32"="ir32_32.dll" . (...) -- C:\WINDOWS\System32\ir32_32.dll O52 - TDSD: \Drivers32\"vidc.iv41"="ir41_32.ax" . (.Intel Corporation - Intel Indeo® Video 4.5.) -- C:\WINDOWS\System32\ir41_32.ax O52 - TDSD: \Drivers32\"msacm.sl_anet"="sl_anet.acm" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm O52 - TDSD: \Drivers32\"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax O52 - TDSD: \Drivers32\"vidc.iv50"="ir50_32.dll" . (.Intel Corporation - Intel Indeo® video 5.10.) -- C:\WINDOWS\System32\ir50_32.dll O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm O52 - TDSD: \drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\iac25_32.ax"="Indeo® audio software" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax O52 - TDSD: \drivers.desc\"ir50_32.dll"="Indeo® video 5.10" . (...) -- (.not file.) O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm ---\\ ShareTools MSconfig StartupReg (O53) O53 - SMSR:HKLM\...\startupreg\Google Update [Key] . (.Google Inc. - Programme d'installation de Google.) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe ---\\ Microsoft Control Security Providers (O54) O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll ---\\ Microsoft Windows Policies System (O55) O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0 O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"= O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"= O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1 O55 - MWPS:[HKCU\...\Policies\System] - "DisableTaskMgr"=0 O55 - MWPS:[HKCU\...\Policies\System] - "DisableRegistryTools"=0 ---\\ Microsoft Windows Policies Explorer (O56) O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=255 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveAutoRun"= O56 - MWPE:[HKCU\...\policies\Explorer] - "HonorAutoRunSetting"=1 O56 - MWPE:[HKLM\...\policies\Explorer] - "HonorAutoRunSetting"=1 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveAutoRun"= O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveTypeAutoRun"=255 ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.E4E13CE4C85C7E45A643BA54B8C8B16B] - 17/02/2004 - 15:38:30 ---A- . (.Adaptec, Inc. - Adaptec Win2K/XP/Server2003 Ultra320 SCSI Driver.) -- C:\WINDOWS\system32\drivers\adpu320.sys [132608] O58 - SDL:[MD5.83D5419D0C68252244F9F48FB4394B38] - 08/07/2005 - 10:46:36 R--A- . (.ACARD Technology Corp. - Miniport driver for AEC6280.) -- C:\WINDOWS\system32\drivers\aec6280.sys [18816] O58 - SDL:[MD5.1140AB9938809700B46BB88E46D72A96] - 17/08/2001 - 20:51:56 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\WINDOWS\system32\drivers\aliide.sys [5248] O58 - SDL:[MD5.95B4FB835E28AA1336CEEB07FD5B9398] - 13/04/2008 - 19:36:39 ---A- . (.Advanced Micro Devices, Inc. - AMD Win2000 AGP Filter.) -- C:\WINDOWS\system32\drivers\amdagp.sys [43008] O58 - SDL:[MD5.62D318E9A0C8FC9B780008E724283707] - 17/08/2001 - 20:52:00 ---A- . (.Advanced System Products, Inc. - AdvanSys SCSI Controller Driver.) -- C:\WINDOWS\system32\drivers\asc.sys [26496] O58 - SDL:[MD5.5D8DE112AA0254B907861E9E9C31D597] - 17/08/2001 - 20:51:58 ---A- . (.Advanced System Products, Inc. - AdvanSys Ultra-Wide PCI SCSI Driver.) -- C:\WINDOWS\system32\drivers\asc3550.sys [14848] O58 - SDL:[MD5.ED8CEE58C1E4C5893F5B2FD686A272BF] - 14/08/2002 - 14:03:36 ---A- . (.Adaptec - ASPI for WIN32 Kernel Driver.) -- C:\WINDOWS\system32\drivers\ASPI32.SYS [17005] O58 - SDL:[MD5.CEA17AA4858BC39D4E60A7D8FF460FC0] - 05/08/2006 - 21:36:06 ---A- . (.ATI Technologies Inc. - ATI Radeon WindowsNT Miniport Driver.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys [1622016] O58 - SDL:[MD5.1842B56B3D3F195C36F62708D266B95E] - 07/09/2006 - 12:37:22 ---A- . (.ATI Technologies Inc. - ATI SATA(IDE Mode) Controller Driver.) -- C:\WINDOWS\system32\drivers\atiide.sys [3456] O58 - SDL:[MD5.5B44C214F9CD9F590BE9125347610380] - 17/06/2010 - 14:28:03 ---A- . (.Avira GmbH - Avira AntiVir File Filter Driver.) -- C:\WINDOWS\system32\drivers\avgntdd.sys [45416] O58 - SDL:[MD5.47B879406246FFDCED59E18D331A0E7D] - 04/02/2011 - 12:09:08 ---A- . (.Avira GmbH - Avira Minifilter Driver.) -- C:\WINDOWS\system32\drivers\avgntflt.sys [61960] O58 - SDL:[MD5.87451AA7CC6B6A590EBCEA05E755075A] - 17/06/2010 - 14:28:03 ---A- . (.Avira GmbH - Avira AntiVir File Filter Driver Manager.) -- C:\WINDOWS\system32\drivers\avgntmgr.sys [22360] O58 - SDL:[MD5.5FEDEF54757B34FB611B9EC8FB399364] - 01/04/2011 - 08:15:06 ---A- . (.Avira GmbH - Avira Driver for Security Enhancement.) -- C:\WINDOWS\system32\drivers\avipbb.sys [137656] O58 - SDL:[MD5.F7E75C620A04963C9A53C3B47DA80405] - 11/09/2000 - 09:51:00 ---A- . (.Symantec Corporation - pcAnywhere Legacy Driver.) -- C:\WINDOWS\system32\drivers\AWLEGACY.sys [10816] O58 - SDL:[MD5.7AB1047FCC742BD4ABF1016C031969CE] - 11/02/2002 - 09:51:00 ---A- . (.Symantec Corporation - pcAnywhere Host Driver for Windows 2000.) -- C:\WINDOWS\system32\drivers\AW_HOST5.sys [33496] O58 - SDL:[MD5.28E36E677849174C910FAAEAD3E60E9E] - 21/01/2010 - 13:53:16 ---A- . (.Nokia - Nokia USB Phone Bus Driver.) -- C:\WINDOWS\system32\drivers\ccdcmb.sys [18048] O58 - SDL:[MD5.3823DEB17F9F6775DE0187A98FA0536D] - 30/12/2009 - 10:30:48 ---A- . (.Nokia - Nokia USB Phone Bus Driver.) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys [22016] O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 05/08/2004 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\drivers\cinemst2.sys [262528] O58 - SDL:[MD5.E3726AD522D0BDAE090671048C991AB3] - 23/08/2001 - 16:04:44 ---A- . (.CMD Technology, Inc. - Pilote de bus PCI IDE CMD.) -- C:\WINDOWS\system32\drivers\cmdide.sys [6656] O58 - SDL:[MD5.9624293E55AD405415862B504CA95B73] - 05/08/2004 - 13:00:00 ---A- . (.Compaq Computer Corporation - Compaq PA-1 Player Driver.) -- C:\WINDOWS\system32\drivers\cpqdap01.sys [11776] O58 - SDL:[MD5.E550E7418984B65A78299D248F0A7F36] - 17/08/2001 - 20:52:16 ---A- . (.Mylex Corporation - Mylex Disk Array Controller Driver.) -- C:\WINDOWS\system32\drivers\dac2w2k.sys [179584] O58 - SDL:[MD5.1961F8B618E3C20DF54C146B294EFD2A] - 23/08/2001 - 18:12:50 ---A- . (.Intel Corporation - Pilote NDIS 5.) -- C:\WINDOWS\system32\drivers\e100b325.sys [117760] O58 - SDL:[MD5.8182FF89C65E4D38B2DE4BB0FB18564E] - 18/05/2009 - 12:17:00 ---A- . (.GEAR Software Inc. - CD DVD Filter.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys [26600] O58 - SDL:[MD5.BA294768509FA03FCFE766962DEE3CAD] - 09/10/2001 - 09:51:00 ---A- . (.Symantec Corporation - pcAnywhere AWUNREG Driver.) -- C:\WINDOWS\system32\drivers\GERNUWA.sys [14944] O58 - SDL:[MD5.573C7D0A32852B48F3058CFD8026F511] - 13/04/2008 - 17:36:05 ---A- . (.Windows ® Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\drivers\hdaudbus.sys [144384] O58 - SDL:[MD5.2A013E7530BEAB6E569FAA83F517E836] - 07/01/2005 - 16:07:16 ---A- . (.Windows ® Server 2003 DDK provider - High Definition Audio Function Driver v1.0a.) -- C:\WINDOWS\system32\drivers\Hdaudio.sys [145920] O58 - SDL:[MD5.294110966CEDD127629C5BE48367C8CF] - 11/05/2006 - 10:30:52 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver.) -- C:\WINDOWS\system32\drivers\iaStor.sys [247808] O58 - SDL:[MD5.3D2C13377763EEAC0CA6FB46F57217ED] - 29/05/2011 - 08:11:20 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbam.sys [22712] O58 - SDL:[MD5.B309912717C29FC67E1BA4730A82B6DD] - 29/05/2011 - 08:11:30 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys [39984] O58 - SDL:[MD5.3F4BB95E5A44F3BE34824E8E7CAF0737] - 17/08/2001 - 20:52:12 ---A- . (.American Megatrends Inc. - MegaRAID RAID Controller Driver for Windows Whistler 32.) -- C:\WINDOWS\system32\drivers\mraid35x.sys [17280] O58 - SDL:[MD5.BE984D604D91C217355CDD3737AAD25D] - 05/08/2004 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - NikeDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\nikedrv.sys [12032] O58 - SDL:[MD5.496F34FB30DD541350B29558842CD42A] - 30/12/2009 - 10:25:12 ---A- . (.Nokia - Nokia USB Phone Bus Driver.) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys [137344] O58 - SDL:[MD5.99FBB538789888E6A48B902417F68DD4] - 30/12/2009 - 10:25:12 ---A- . (.Nokia - Nokia USB Phone Generic Client.) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [8320] O58 - SDL:[MD5.DAB162A9890D6E127357BAFDDA60B2E0] - 27/07/2004 - 02:12:40 ---A- . (.OEM - OXPCI Parallel Port Driver.) -- C:\WINDOWS\system32\drivers\oxpar.sys [24832] O58 - SDL:[MD5.FB29BA96A0893516035E9100CDBEEFD8] - 16/05/2001 - 17:47:00 ---A- . (.OEM - OX16PCI954 Device Driver.) -- C:\WINDOWS\system32\drivers\parxport.sys [13608] O58 - SDL:[MD5.FD2041E9BA03DB7764B2248F02475079] - 26/08/2008 - 08:26:12 ---A- . (.Nokia - PCCS Mode Change Filter Driver.) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys [18816] O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 05/08/2004 - 13:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\drivers\ptilink.sys [17792] O58 - SDL:[MD5.0A63FB54039EB5662433CABA3B26DBA7] - 17/08/2001 - 20:52:20 ---A- . (.QLogic Corporation - Miniport Driver for QLogic ISP PCI Adapters.) -- C:\WINDOWS\system32\drivers\ql1080.sys [40320] O58 - SDL:[MD5.156ED0EF20C15114CA097A34A30D8A01] - 17/08/2001 - 20:52:20 ---A- . (.QLogic Corporation - Miniport Driver for QLogic ISP PCI Adapters.) -- C:\WINDOWS\system32\drivers\ql12160.sys [45312] O58 - SDL:[MD5.907F0AEEA6BC451011611E732BD31FCF] - 17/08/2001 - 20:52:18 ---A- . (.QLogic Corporation - Miniport Driver for QLogic ISP PCI Adapters.) -- C:\WINDOWS\system32\drivers\ql1280.sys [49024] O58 - SDL:[MD5.A56FE08EC7473E8580A390BB1081CDD7] - 05/08/2004 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - Rio8Drv.sys Usb Driver.) -- C:\WINDOWS\system32\drivers\rio8drv.sys [12032] O58 - SDL:[MD5.0A854DF84C77A0BE205BFEAB2AE4F0EC] - 05/08/2004 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - RioDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\riodrv.sys [12032] O58 - SDL:[MD5.909D03B3B7FB7C830B74F74F4D0EA7CE] - 28/06/2006 - 15:25:24 ---A- . (.Realtek Semiconductor Corp. - Realtek® High Definition Audio Function Driver.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys [4304384] O58 - SDL:[MD5.C8B370B2B520AC1B8BC66203FCEC73DB] - 31/08/2006 - 10:54:44 ---A- . (.Realtek Semiconductor Corporation - Realtek 10/100/1000 NDIS 5.1 Driver.) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys [81280] O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 13/11/2007 - 11:25:54 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\WINDOWS\system32\drivers\secdrv.sys [20480] O58 - SDL:[MD5.AEBBA7428A6C40CCE3C5ABDE45190B24] - 17/12/2002 - 04:41:10 ---A- . (.Rainbow Technologies, Inc. - Sentinel System Driver (NT Parallel driver).) -- C:\WINDOWS\system32\drivers\sentinel.sys [76288] O58 - SDL:[MD5.6B33D0EBD30DB32E27D1D78FE946A754] - 13/04/2008 - 19:36:39 ---A- . (.Silicon Integrated Systems Corporation - SiS NT AGP Filter.) -- C:\WINDOWS\system32\drivers\sisagp.sys [40960] O58 - SDL:[MD5.A1FF7D99B199CEA1F3DF371BA70D2780] - 17/12/2002 - 04:41:10 ---A- . (.Rainbow Technologies Inc. - Rainbow Technologies Sentinel Device Driver.) -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS [26120] O58 - SDL:[MD5.53C9845BA14BC6DD01F65DA4CA9CC898] - 02/04/2003 - 15:06:58 ---A- . (.Sunix - PCI Multi I/O Card Driver.) -- C:\WINDOWS\system32\drivers\snxpcard.sys [20864] O58 - SDL:[MD5.94E241365F6FC4B35D2740C4B90DE591] - 07/04/2003 - 09:37:58 ---A- . (.Sunix - PCI Multi I/O Parallel Port Driver.) -- C:\WINDOWS\system32\drivers\snxppalx.sys [75264] O58 - SDL:[MD5.83C0F71F86D3BDAF915685F3D568B20E] - 17/08/2001 - 21:07:44 ---A- . (.Adaptec, Inc. - Adaptec AIC-6x60 series SCSI miniport.) -- C:\WINDOWS\system32\drivers\sparrow.sys [19072] O58 - SDL:[MD5.A36EE93698802CD899F98BFD553D8185] - 17/06/2010 - 14:28:02 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\WINDOWS\system32\drivers\ssmdrv.sys [28520] O58 - SDL:[MD5.1FF3217614018630D0A6758630FC698C] - 17/08/2001 - 21:07:34 ---A- . (.Symbios Logic Inc. - Symbios Logic Inc. SCSI Miniport Driver.) -- C:\WINDOWS\system32\drivers\symc810.sys [16256] O58 - SDL:[MD5.070E001D95CF725186EF8B20335F933C] - 17/08/2001 - 21:07:36 ---A- . (.LSI Logic - Symbios 8XX SCSI Miniport Driver.) -- C:\WINDOWS\system32\drivers\symc8xx.sys [32640] O58 - SDL:[MD5.AFDCF8008D0FFE23F42071C1540F35E7] - 18/09/2001 - 19:25:48 ---A- . (.Symantec Corporation - Symantec Event Library.) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS [57968] O58 - SDL:[MD5.80AC1C4ABBE2DF3B738BF15517A51F2C] - 17/08/2001 - 21:07:40 ---A- . (.LSI Logic - Symbios Hi-Perf SCSI Miniport Driver.) -- C:\WINDOWS\system32\drivers\sym_hi.sys [28384] O58 - SDL:[MD5.BF4FAB949A382A8E105F46EBB4937058] - 17/08/2001 - 21:07:42 ---A- . (.LSI Logic - Symbios Ultra3 SCSI Miniport Driver.) -- C:\WINDOWS\system32\drivers\sym_u3.sys [30688] O58 - SDL:[MD5.D74A8EC75305F1D3CFDE7C7FC1BD62A9] - 05/08/2004 - 13:00:00 ---A- . (.Toshiba Corporation - WDM Toshiba Tecra Video Capture Driver.) -- C:\WINDOWS\system32\drivers\tsbvcap.sys [21376] O58 - SDL:[MD5.1B698A51CD528D8DA4FFAED66DFC51B9] - 17/08/2001 - 20:52:22 ---A- . (.Promise Technology, Inc. - Gestionnaire de miniport ULTRA66 de Promise.) -- C:\WINDOWS\system32\drivers\ultra.sys [36736] O58 - SDL:[MD5.5C2BDC152BBAB34F36473DEAF7713F22] - 28/09/2010 - 15:44:52 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\WINDOWS\system32\drivers\usbaapl.sys [41984] O58 - SDL:[MD5.B1B8BEE26227DAD9835019201552CB05] - 30/12/2009 - 10:30:48 ---A- . (.Nokia - Filter Driver for Nokia USB Phone Bus Driver.) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys [7936] O58 - SDL:[MD5.98E1FF1D732C6C7200B6C59D4FF8C1C3] - 30/12/2009 - 10:30:56 ---A- . (.Nokia - Filter Driver for Nokia USB Phone Bus Driver.) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys [7936] O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 05/08/2004 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\drivers\vdmindvd.sys [58112] O58 - SDL:[MD5.1C8A783E90C34D205596F1AB4A97E261] - 24/07/2008 - 23:29:16 ---A- . (...) -- C:\WINDOWS\system32\drivers\vsb.sys [15264] O58 - SDL:[MD5.3377DAA1CB8CAC46A538C236F5F3D58F] - 24/07/2008 - 23:29:16 ---A- . (...) -- C:\WINDOWS\system32\drivers\vserial.sys [47744] O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037] O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097] O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912] O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809] O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537] O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916] O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146] O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370] O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274] O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146] O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000] O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560] O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648] O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424] O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560] ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: Ad-Remover par C_XX - (.C_XX.) [HKLM] -- Ad-Remover O63 - Logiciel: ZHPDiag 1.27 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A} O63 - Logiciel: RSIT - (.random/random.) O63 - Logiciel: ToolsCleaner - (.A.Rothstein & dj QUIOU.) ---\\ Liste des services Legacy (O64) O64 - Services: CurCS - 07/05/2002 - C:\Program Files\PROGRESS\bin\AdmSrvc.exe - AdminService for PROGRESS 9.1D (AdminService9.1D) .(...) - LEGACY_ADMINSERVICE9.1D O64 - Services: CurCS - 08/07/2005 - C:\WINDOWS\System32\DRIVERS\aec6280.sys - aec6280(aec6280) .(.ACARD Technology Corp. - Miniport driver for AEC6280.) - LEGACY_AEC6280 O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\aliide.sys - No object(No service) .(.Acer Laboratories Inc. - ALi mini IDE Driver.) - LEGACY_ALIIDE O64 - Services: CurCS - 13/04/2008 - C:\WINDOWS\System32\DRIVERS\amdagp.sys - Pilote de filtre du bus AMD AGP(amdagp) .(.Advanced Micro Devices, Inc. - AMD Win2000 AGP Filter.) - LEGACY_AMDAGP O64 - Services: CurCS - ??/??/???? - C:\WINDOWS\TEMP\wppkgx\setup.exe (.not file.) - AMService (AMService) .(...) - LEGACY_AMSERVICE O64 - Services: CurCS - 28/04/2011 - C:\Program Files\Avira\AntiVir Desktop\sched.exe - Avira AntiVir Planificateur(AntiVirSchedulerService) .(.Avira GmbH - Antivirus Scheduler.) - LEGACY_ANTIVIRSCHEDULERSERVICE O64 - Services: CurCS - 01/04/2011 - C:\Program Files\Avira\AntiVir Desktop\avguard.exe - Avira AntiVir Guard(AntiVirService) .(.Avira GmbH - Antivirus On-Access Service.) - LEGACY_ANTIVIRSERVICE O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\asc.sys - No object(No service) .(.Advanced System Products, Inc. - AdvanSys SCSI Controller Driver.) - LEGACY_ASC O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\asc3550.sys - No object(No service) .(.Advanced System Products, Inc. - AdvanSys Ultra-Wide PCI SCSI Driver.) - LEGACY_ASC3550 O64 - Services: CurCS - 17/06/2010 - C:\Program Files\Avira\AntiVir Desktop\avgio.sys - avgio(avgio) .(.Avira GmbH - Avira AntiVir Support for Minifilter.) - LEGACY_AVGIO O64 - Services: CurCS - 04/02/2011 - C:\WINDOWS\System32\DRIVERS\avgntflt.sys - avgntflt(avgntflt) .(.Avira GmbH - Avira Minifilter Driver.) - LEGACY_AVGNTFLT O64 - Services: CurCS - 01/04/2011 - C:\WINDOWS\System32\DRIVERS\avipbb.sys - avipbb(avipbb) .(.Avira GmbH - Avira Driver for Security Enhancement.) - LEGACY_AVIPBB O64 - Services: CurCS - 11/09/2000 - C:\WINDOWS\system32\Drivers\awlegacy.sys - awlegacy(awlegacy) .(.Symantec Corporation - pcAnywhere Legacy Driver.) - LEGACY_AWLEGACY O64 - Services: CurCS - 23/08/2001 - C:\WINDOWS\system32\DRIVERS\cmdide.sys - No object(No service) .(.CMD Technology, Inc. - Pilote de bus PCI IDE CMD.) - LEGACY_CMDIDE O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\dac2w2k.sys - No object(No service) .(.Mylex Corporation - Mylex Disk Array Controller Driver.) - LEGACY_DAC2W2K O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\System32\dmadmin.exe - Service d'administration du Gestionnaire de disque logique(dmadmin) .(.Microsoft Corp., Veritas Software - Processus du service Gestionnaire de disque.) - LEGACY_DMADMIN O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\System32\drivers\dmboot.sys - dmboot(dmboot) .(.Microsoft Corp., Veritas Software - Pilote de démarrage du gestionnaire de disq.) - LEGACY_DMBOOT O64 - Services: CurCS - 05/08/2004 - C:\WINDOWS\System32\drivers\dmload.sys - dmload(dmload) .(.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) - LEGACY_DMLOAD O64 - Services: CurCS - 17/11/2004 - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe - EpsonBidirectionalService(EpsonBidirectionalService) .(.SEIKO EPSON CORPORATION - eEBAPI Core Process module.) - LEGACY_EPSONBIDIRECTIONALSERVICE O64 - Services: CurCS - 14/08/2002 - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe - GhostStartService(GhostStartService) .(.Symantec Corporation - Norton Ghost Start.) - LEGACY_GHOSTSTARTSERVICE O64 - Services: CurCS - 14/08/2002 - C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys - GhostPciScanner(GhPciScan) .(.Symantec Corporation - Symantec Ghost PCI Scanner Kernal Mode Driv.) - LEGACY_GHPCISCAN O64 - Services: CurCS - 19/03/2009 - C:\Program Files\Google\Update\GoogleUpdate.exe - Service Google Update (gupdate1c9a8607c225e66)(gupdate1c9a8607c225e66) .(.Google Inc. - Programme d'installation de Google.) - LEGACY_GUPDATE1C9A8607C225E66 O64 - Services: CurCS - 11/05/2006 - C:\WINDOWS\system32\DRIVERS\iaStor.sys - No object(No service) .(.Intel Corporation - Intel Matrix Storage Manager driver.) - LEGACY_IASTOR O64 - Services: CurCS - 24/07/2010 - C:\Program Files\Java\jre6\bin\jqs.exe - Java Quick Starter(JavaQuickStarterService) .(.Oracle - Java Quick Starter Service.) - LEGACY_JAVAQUICKSTARTERSERVICE O64 - Services: CurCS - 29/05/2011 - C:\WINDOWS\system32\drivers\mbam.sys - MBAMProtector(MBAMProtector) .(.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) - LEGACY_MBAMPROTECTOR O64 - Services: CurCS - 29/05/2011 - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe - MBAMService(MBAMService) .(.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) - LEGACY_MBAMSERVICE O64 - Services: CurCS - 29/05/2011 - C:\WINDOWS\system32\drivers\mbamswissarmy.sys - MBAMSwissArmy(MBAMSwissArmy) .(.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) - LEGACY_MBAMSWISSARMY O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\mraid35x.sys - No object(No service) .(.American Megatrends Inc. - MegaRAID RAID Controller Driver for Windows.) - LEGACY_MRAID35X O64 - Services: CurCS - 15/06/2008 - C:\Program Files\CDBurnerXP\NMSAccessU.exe - NMSAccessU (NMSAccessU) .(...) - LEGACY_NMSACCESSU O64 - Services: CurCS - 21/06/2011 - C:\Documents and Settings\NetworkService\Local Settings\Application Data\NVIDIA Corporation\Update\daemonupd.exe - NVIDIA Update Service (nvUpdService) .(...) - LEGACY_NVUPDSERVICE O64 - Services: CurCS - 16/05/2001 - C:\WINDOWS\System32\DRIVERS\parxport.sys - PCI Parallel Driver(PARXPORT) .(.OEM - OX16PCI954 Device Driver.) - LEGACY_PARXPORT O64 - Services: CurCS - ??/??/???? - C:\portmon\PORTMsys.sys (.not file.) - PORTMON (PORTMON) .(...) - LEGACY_PORTMON O64 - Services: CurCS - 07/05/2002 - C:\Program Files\PROGRESS\bin\ProSrvc.exe - ProService for 9.1D(ProService9.1D) .(.Progress Software - ProSrvc.) - LEGACY_PROSERVICE9.1D O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\ql1080.sys - No object(No service) .(.QLogic Corporation - Miniport Driver for QLogic ISP PCI Adapters.) - LEGACY_QL1080 O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\ql12160.sys - No object(No service) .(.QLogic Corporation - Miniport Driver for QLogic ISP PCI Adapters.) - LEGACY_QL12160 O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\ql1280.sys - No object(No service) .(.QLogic Corporation - Miniport Driver for QLogic ISP PCI Adapters.) - LEGACY_QL1280 O64 - Services: CurCS - 17/12/2002 - C:\WINDOWS\system32\Drivers\SENTINEL.sys - Sentinel(Sentinel) .(.Rainbow Technologies, Inc. - Sentinel System Driver (NT Parallel driver).) - LEGACY_SENTINEL O64 - Services: CurCS - 26/01/2010 - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe - ServiceLayer(ServiceLayer) .(.Nokia - ServiceLayer Module.) - LEGACY_SERVICELAYER O64 - Services: CurCS - 13/04/2008 - C:\WINDOWS\System32\DRIVERS\sisagp.sys - Filtre de bus AGP SIS(sisagp) .(.Silicon Integrated Systems Corporation - SiS NT AGP Filter.) - LEGACY_SISAGP O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\sparrow.sys - No object(No service) .(.Adaptec, Inc. - Adaptec AIC-6x60 series SCSI miniport.) - LEGACY_SPARROW O64 - Services: CurCS - 17/06/2010 - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys - ssmdrv(ssmdrv) .(.Avira GmbH - AVIRA SnapShot Driver.) - LEGACY_SSMDRV O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\symc810.sys - No object(No service) .(.Symbios Logic Inc. - Symbios Logic Inc. SCSI Miniport Driver.) - LEGACY_SYMC810 O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\symc8xx.sys - No object(No service) .(.LSI Logic - Symbios 8XX SCSI Miniport Driver.) - LEGACY_SYMC8XX O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\sym_hi.sys - No object(No service) .(.LSI Logic - Symbios Hi-Perf SCSI Miniport Driver.) - LEGACY_SYM_HI O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\sym_u3.sys - No object(No service) .(.LSI Logic - Symbios Ultra3 SCSI Miniport Driver.) - LEGACY_SYM_U3 O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\ultra.sys - No object(No service) .(.Promise Technology, Inc. - Gestionnaire de miniport ULTRA66 de Promise.) - LEGACY_ULTRA ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: <chrome.exe> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O68 - StartMenuInternet: <Safari.exe> <Safari>[HKLM\..\Shell\open\Command] (.Apple Inc. - Safari.) -- C:\Program Files\Safari\Safari.exe ---\\ Search Browser Infection (O69) O69 - SBI: SearchScopes [HKCU] ${searchCLSID} [DefaultScope] - (@ieframe.dll,-12512) - Bing O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - Bing O69 - SBI: SearchScopes [HKCU] {5DFDB09F-B822-4173-B2B8-4A1DD0142722} - (Google) - Google O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - Google O69 - SBI: SearchScopes [HKCU] {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} - (MyStart Rechercher) - http://mystart.incredimail.com ---\\ Internet Feature Controls (O81) O81 - IFC: Internet Feature Controls [HKUS\.DEFAULT] [FEATURE_BROWSER_EMULATION] -- svchost.exe O81 - IFC: Internet Feature Controls [HKUS\S-1-5-18] [FEATURE_BROWSER_EMULATION] -- svchost.exe ---\\ Scan Additionnel (O88) Database Version : 8434 - (22/06/2011) Clés trouvées (Keys found) : 4 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 0 [HKLM\Software\Classes\CLSID\{0101014E-D958-4d10-82A1-9195E2220B66}] =>Trojan.Rimecud [HKLM\Software\Classes\Interface\{33733BAF-6BFE-4F83-9A89-69B2C49CF843}] =>Trojan.Rimecud [HKLM\SYSTEM\CurrentControlSet\Services\AMService] =>Spyware.Passwords [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Toolbar] =>Toolbar.Conduit ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 07/05/2002 20480 | AdminService for PROGRESS 9.1D (AdminService9.1D) . (...) - C:\Program Files\PROGRESS\bin\AdmSrvc.exe SS - | Auto 07/05/2002 0 | (AMService) . (...) - C:\WINDOWS\TEMP\wppkgx\setup.exe SR - | Auto 28/04/2011 136360 | (AntiVirSchedulerService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe SR - | Auto 01/04/2011 269480 | (AntiVirService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe SR - | Auto 16/10/2010 37664 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 05/08/2006 401408 | (Ati HotKey Poller) . (.ATI Technologies Inc..) - C:\WINDOWS\system32\Ati2evxx.exe SS - | Demand 15/02/2002 114749 | (awhost32) . (.Symantec Corporation.) - C:\Program Files\Symantec\pcAnywhere\awhost32.exe SR - | Auto 07/10/2010 345376 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SS - | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\System32\dmadmin.exe SR - | Auto 17/11/2004 90112 | (EpsonBidirectionalService) . (.SEIKO EPSON CORPORATION.) - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe SR - | Auto 14/08/2002 200704 | (GhostStartService) . (.Symantec Corporation.) - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe SS - | Auto 19/03/2009 133104 | (gupdate1c9a8607c225e66) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 19/03/2009 133104 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SR - | Demand 17/11/2010 820008 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SR - | Auto 24/07/2010 153376 | (JavaQuickStarterService) . (.Oracle.) - C:\Program Files\Java\jre6\bin\jqs.exe SR - | Auto 29/05/2011 366640 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe SR - | Auto 15/06/2008 71096 | (NMSAccessU) . (...) - C:\Program Files\CDBurnerXP\NMSAccessU.exe SR - | Auto 21/06/2011 19456 | (nvUpdService) . (...) - C:\Documents and Settings\NetworkService\Local Settings\Application Data\NVIDIA Corporation\Update\daemonupd.exe SS - | Demand 07/05/2002 126976 | ProService for 9.1D (ProService9.1D) . (.Progress Software.) - C:\Program Files\PROGRESS\bin\ProSrvc.exe SS - | Demand 26/01/2010 652800 | (ServiceLayer) . (.Nokia.) - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe ---\\ Recherche Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover Run by Administrateur at 24/06/2011 13:15:51 device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys atiide.sys C:\WINDOWS\system32\drivers\atiide.sys ATI Technologies Inc. ATI SATA(IDE Mode) Controller Driver 1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x85583AB8] 3 CLASSPNP[0xF7522FD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\00000070[0x85593F18] 5 ACPI[0xF73A8620] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Ide\IdeDeviceP2T0L0-3[0x8558CD98] kernel: MBR read successfully user & kernel MBR OK ---\\ Recherche Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by Administrateur at 24/06/2011 13:15:53 ********* Dump file Name *********cc C:\PhysicalDisk0_MBR.bin End of the scan (1353 lines in 03mn 51s)(0) La machine se comporte nikel. Ya pas mal de lecture sympa sur ton site en tout cas j’étais un peu septique quand à l'utilisation du gestionnaire de mot de passe du fait que si quelqu'un y accède il a accès à tout (attaque par dictionnaire,brute Force ou autre) qu'en pense tu? En tous cas je te remercie de ton aide. Petite question que l'on a du déjà te posé comment fais ton pour rejoindre une équipe d'helper sachant que je suis en train de finir la formation sur "Helper Formation"? donc je connais les bases par contre la pratique me manque.

Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Version de la base de données: 6923 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 23/06/2011 13:11:30 mbam-log-2011-06-23 (13-11-30).txt Type d'examen: Examen complet (C:\|E:\|) Elément(s) analysé(s): 362520 Temps écoulé: 2 heure(s), 10 minute(s), 11 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): c:\documents and settings\administrateur\Bureau\rk_quarantine\setup.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.

je suis en train de faire le scan MBAM je te le poste avant midi si c'est fini sinon demain. Par contre petite question, as tu une idée ou j'ai attrapé ça? je fais relativement attention sur cet ordi(pas de téléchargement,pas de site "douteux"...) et qu'est ce qui ta mis sur la piste de TDSS? Encore une question est ce que je dois changer les mot de passr de mes comptes mails et autres? Merci

le scan: ======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 ======= Mis à jour par TeamXscript le 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com Site web: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 06:00:54 le 23/06/2011, Mode normal Microsoft Windows XP Professionnel Service Pack 3 (X86) Administrateur@BASCULE ( ) ============== RECHERCHE ============== Fichier trouvé: C:\WINDOWS\system32\ConduitEngine.tmp Dossier trouvé: C:\Documents and Settings\Administrateur\Local Settings\Application Data\Conduit Dossier trouvé: C:\Program Files\Conduit Dossier trouvé: C:\Documents and Settings\Administrateur\Local Settings\Application Data\ConduitEngine Dossier trouvé: C:\Program Files\ConduitEngine Clé trouvée: HKLM\Software\Classes\CLSID\{0D7C08E0-D594-40B1-BEF4-DB640B1C26C6} Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0D7C08E0-D594-40B1-BEF4-DB640B1C26C6} Clé trouvée: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D} Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D} Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D} Clé trouvée: HKLM\Software\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48} Clé trouvée: HKLM\Software\Classes\Conduit.Engine Clé trouvée: HKLM\Software\Classes\Toolbar.CT2643111 Clé trouvée: HKLM\Software\Conduit Clé trouvée: HKLM\Software\conduitEngine Clé trouvée: HKLM\Software\Live-Player Clé trouvée: HKCU\Software\Conduit Clé trouvée: HKCU\Software\conduitEngine Clé trouvée: HKCU\Software\Grand Virtual Clé trouvée: HKCU\Software\Live-Player Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{983A6E07-3E26-4675-8038-241453C26C70} ============== SCAN ADDITIONNEL ============== **** Mozilla Firefox Version [4.0.1 (fr)] **** Plugins\npdeployJava1.dll (Oracle) HKLM_MozillaPlugins\Adobe Reader (x) Searchplugins\bing.xml ( hxxp://www.bing.com/search) Components\browsercomps.dll (Mozilla Foundation) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\75rakxfh.default -- Extensions\plugin@yontoo.com (Yontoo Layers) Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\Administrateur\\Mes documents\\Téléchargements Prefs.js - browser.search.defaultenginename, MyStart Rechercher Prefs.js - browser.search.defaulturl, hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= Prefs.js - browser.startup.homepage, hxxp://news.google.fr/ Prefs.js - browser.startup.homepage_override.buildID, 20110413222027 Prefs.js - browser.startup.homepage_override.mstone, rv:2.0.1 Prefs.js - keyword.URL, hxxp://mystart.incredimail.com/?loc=ff_address_bar&search= ======================================== **** Google Chrome Version [3.0.195.27] **** -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default -- Preferences - default_search_provider: "Google" (Activé: ) (?) Preferences - urls_to_restore_on_startup: ======================================== **** Internet Explorer Version [8.0.6001.18702] **** HKCU_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU_Main|Start Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157 HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Start Page - hxxp://fr.msn.com/ HKCU_URLSearchHooks|{d0b1518e-3e45-4d16-a23b-4d90ef938e44} - "Audacity-tools Toolbar" (C:\Program Files\Audacity-tools\prxtbAud0.dll) HKCU_Toolbar\WebBrowser|{D0B1518E-3E45-4D16-A23B-4D90EF938E44} (C:\Program Files\Audacity-tools\prxtbAud0.dll) HKLM_Toolbar|{d0b1518e-3e45-4d16-a23b-4d90ef938e44} (C:\Program Files\Audacity-tools\prxtbAud0.dll) HKLM_ElevationPolicy\{3B5FED79-25A0-489A-A789-608C11C1373B} - C:\Program Files\Audacity-tools\Audacity-toolsToolbarHelper1.exe (?) HKLM_ElevationPolicy\{983A6E07-3E26-4675-8038-241453C26C70} - C:\Program Files\ConduitEngine\ConduitEngineHelper.exe (?) HKLM_ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} - C:\Program Files\Java\jre6\bin\ssvagent.exe (Oracle) HKLM_ElevationPolicy\{CD45A71A-0D21-4A90-AFD3-6B067EEE3F9B} - C:\Documents and Settings\Administrateur\Local Settings\Application Data\Conduit\CT2643111\Audacity-toolsAutoUpdaterHelper.exe (?) HKLM_Extensions\{90EAE591-7E7E-434a-8E28-ECFD00071806} - "PokerStars.fr" (C:\Program Files\PokerStars.FR\main.ico) HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?) BHO\{02478D38-C3F9-4efb-9B51-7695ECA05670} (?) BHO\{30F9B915-B755-4826-820B-08FBA6BD249D} - "Conduit Engine " (C:\Program Files\ConduitEngine\prxConduitEngine.dll) BHO\{d0b1518e-3e45-4d16-a23b-4d90ef938e44} - "Audacity-tools Toolbar" (C:\Program Files\Audacity-tools\prxtbAud0.dll) ======================================== C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s) C:\Program Files\Ad-Remover\Backup: 1 Fichier(s) C:\Ad-Report-SCAN[1].txt - 23/06/2011 06:00:59 (783 Octet(s)) Fin à: 06:01:55, 23/06/2011 ============== E.O.F ============== clean: ======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 ======= Mis à jour par TeamXscript le 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com Site web: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 06:03:19 le 23/06/2011, Mode normal Microsoft Windows XP Professionnel Service Pack 3 (X86) Administrateur@BASCULE ( ) ============== ACTION(S) ============== Fichier supprimé: C:\WINDOWS\system32\ConduitEngine.tmp Dossier supprimé: C:\Documents and Settings\Administrateur\Local Settings\Application Data\Conduit Dossier supprimé: C:\Program Files\Conduit Dossier supprimé: C:\Documents and Settings\Administrateur\Local Settings\Application Data\ConduitEngine Dossier supprimé: C:\Program Files\ConduitEngine (!) -- Fichiers temporaires supprimés. Clé supprimée: HKLM\Software\Classes\CLSID\{0D7C08E0-D594-40B1-BEF4-DB640B1C26C6} Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0D7C08E0-D594-40B1-BEF4-DB640B1C26C6} Clé supprimée: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D} Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D} Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D} Clé supprimée: HKLM\Software\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48} Clé supprimée: HKLM\Software\Classes\Conduit.Engine Clé supprimée: HKLM\Software\Classes\Toolbar.CT2643111 Clé supprimée: HKLM\Software\Conduit Clé supprimée: HKLM\Software\conduitEngine Clé supprimée: HKLM\Software\Live-Player Clé supprimée: HKCU\Software\Conduit Clé supprimée: HKCU\Software\conduitEngine Clé supprimée: HKCU\Software\Grand Virtual Clé supprimée: HKCU\Software\Live-Player Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{983A6E07-3E26-4675-8038-241453C26C70} ============== SCAN ADDITIONNEL ============== **** Mozilla Firefox Version [4.0.1 (fr)] **** Plugins\npdeployJava1.dll (Oracle) HKLM_MozillaPlugins\Adobe Reader (x) Searchplugins\bing.xml ( hxxp://www.bing.com/search) Components\browsercomps.dll (Mozilla Foundation) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\75rakxfh.default -- Extensions\plugin@yontoo.com (Yontoo Layers) Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\Administrateur\\Mes documents\\Téléchargements Prefs.js - browser.search.defaultenginename, MyStart Rechercher Prefs.js - browser.search.defaulturl, hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= Prefs.js - browser.startup.homepage, hxxp://news.google.fr/ Prefs.js - browser.startup.homepage_override.buildID, 20110413222027 Prefs.js - browser.startup.homepage_override.mstone, rv:2.0.1 Prefs.js - keyword.URL, hxxp://mystart.incredimail.com/?loc=ff_address_bar&search= ======================================== **** Google Chrome Version [3.0.195.27] **** -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default -- Preferences - default_search_provider: "Google" (Activé: ) (?) Preferences - urls_to_restore_on_startup: ======================================== **** Internet Explorer Version [8.0.6001.18702] **** HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896 HKCU_Main|Start Page - hxxp://fr.msn.com/ HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Start Page - hxxp://fr.msn.com/ HKCU_URLSearchHooks|{d0b1518e-3e45-4d16-a23b-4d90ef938e44} - "Audacity-tools Toolbar" (C:\Program Files\Audacity-tools\prxtbAud0.dll) HKCU_Toolbar\WebBrowser|{D0B1518E-3E45-4D16-A23B-4D90EF938E44} (C:\Program Files\Audacity-tools\prxtbAud0.dll) HKLM_Toolbar|{d0b1518e-3e45-4d16-a23b-4d90ef938e44} (C:\Program Files\Audacity-tools\prxtbAud0.dll) HKLM_ElevationPolicy\{3B5FED79-25A0-489A-A789-608C11C1373B} - C:\Program Files\Audacity-tools\Audacity-toolsToolbarHelper1.exe (?) HKLM_ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} - C:\Program Files\Java\jre6\bin\ssvagent.exe (Oracle) HKLM_ElevationPolicy\{CD45A71A-0D21-4A90-AFD3-6B067EEE3F9B} - C:\Documents and Settings\Administrateur\Local Settings\Application Data\Conduit\CT2643111\Audacity-toolsAutoUpdaterHelper.exe (x) HKLM_Extensions\{90EAE591-7E7E-434a-8E28-ECFD00071806} - "PokerStars.fr" (C:\Program Files\PokerStars.FR\main.ico) HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?) BHO\{02478D38-C3F9-4efb-9B51-7695ECA05670} (?) BHO\{d0b1518e-3e45-4d16-a23b-4d90ef938e44} - "Audacity-tools Toolbar" (C:\Program Files\Audacity-tools\prxtbAud0.dll) ======================================== C:\Program Files\Ad-Remover\Quarantine: 15 Fichier(s) C:\Program Files\Ad-Remover\Backup: 14 Fichier(s) C:\Ad-Report-CLEAN[1].txt - 23/06/2011 06:03:25 (838 Octet(s)) C:\Ad-Report-SCAN[1].txt - 23/06/2011 06:00:59 (5525 Octet(s)) Fin à: 06:04:36, 23/06/2011 ============== E.O.F ============== a noté que entre les 2 j'ai été obligé de re-téléchargé le log.

bonjour, voici deja le log TDSSkiller en mode sans échecs car impossible de redemarré le pc normalement: 2011/06/23 05:46:37.0750 1392 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15 2011/06/23 05:46:37.0921 1392 ================================================================================ 2011/06/23 05:46:37.0921 1392 SystemInfo: 2011/06/23 05:46:37.0921 1392 2011/06/23 05:46:37.0921 1392 OS Version: 5.1.2600 ServicePack: 3.0 2011/06/23 05:46:37.0921 1392 Product type: Workstation 2011/06/23 05:46:37.0921 1392 ComputerName: BASCULE 2011/06/23 05:46:37.0921 1392 UserName: Administrateur 2011/06/23 05:46:37.0921 1392 Windows directory: C:\WINDOWS 2011/06/23 05:46:37.0921 1392 System windows directory: C:\WINDOWS 2011/06/23 05:46:37.0921 1392 Processor architecture: Intel x86 2011/06/23 05:46:37.0921 1392 Number of processors: 1 2011/06/23 05:46:37.0921 1392 Page size: 0x1000 2011/06/23 05:46:37.0921 1392 Boot type: Safe boot with network 2011/06/23 05:46:37.0921 1392 ================================================================================ 2011/06/23 05:46:38.0921 1392 Initialize success 2011/06/23 05:46:43.0640 0668 ================================================================================ 2011/06/23 05:46:43.0640 0668 Scan started 2011/06/23 05:46:43.0640 0668 Mode: Manual; 2011/06/23 05:46:43.0640 0668 ================================================================================ 2011/06/23 05:46:44.0812 0668 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 2011/06/23 05:46:44.0921 0668 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/06/23 05:46:45.0000 0668 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/06/23 05:46:45.0093 0668 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 2011/06/23 05:46:45.0171 0668 adpu320 (e4e13ce4c85c7e45a643ba54b8c8b16b) C:\WINDOWS\system32\DRIVERS\adpu320.sys 2011/06/23 05:46:45.0234 0668 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/06/23 05:46:45.0343 0668 aec6280 (83d5419d0c68252244f9f48fb4394b38) C:\WINDOWS\system32\DRIVERS\aec6280.sys 2011/06/23 05:46:45.0437 0668 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys 2011/06/23 05:46:45.0531 0668 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 2011/06/23 05:46:45.0609 0668 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 2011/06/23 05:46:45.0671 0668 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 2011/06/23 05:46:45.0734 0668 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 2011/06/23 05:46:45.0765 0668 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 2011/06/23 05:46:45.0859 0668 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 2011/06/23 05:46:45.0953 0668 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 2011/06/23 05:46:46.0015 0668 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 2011/06/23 05:46:46.0109 0668 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 2011/06/23 05:46:46.0203 0668 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 2011/06/23 05:46:46.0250 0668 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 2011/06/23 05:46:46.0312 0668 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 2011/06/23 05:46:46.0437 0668 Aspi32 (ed8cee58c1e4c5893f5b2fd686a272bf) C:\WINDOWS\system32\drivers\Aspi32.sys 2011/06/23 05:46:46.0531 0668 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/06/23 05:46:46.0578 0668 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/06/23 05:46:46.0765 0668 ati2mtag (cea17aa4858bc39d4e60a7d8ff460fc0) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 2011/06/23 05:46:46.0875 0668 atiide (1842b56b3d3f195c36f62708d266b95e) C:\WINDOWS\system32\DRIVERS\atiide.sys 2011/06/23 05:46:46.0953 0668 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/06/23 05:46:47.0015 0668 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/06/23 05:46:47.0187 0668 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2011/06/23 05:46:47.0421 0668 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 2011/06/23 05:46:47.0593 0668 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys 2011/06/23 05:46:47.0687 0668 awlegacy (f7e75c620a04963c9a53c3b47da80405) C:\WINDOWS\System32\Drivers\awlegacy.sys 2011/06/23 05:46:47.0750 0668 AW_HOST (7ab1047fcc742bd4abf1016c031969ce) C:\WINDOWS\system32\drivers\aw_host5.sys 2011/06/23 05:46:47.0812 0668 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/06/23 05:46:47.0937 0668 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 2011/06/23 05:46:47.0968 0668 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/06/23 05:46:48.0015 0668 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 2011/06/23 05:46:48.0078 0668 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/06/23 05:46:48.0156 0668 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/06/23 05:46:48.0218 0668 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/06/23 05:46:48.0421 0668 CmdIde (e3726ad522d0bdae090671048c991ab3) C:\WINDOWS\system32\DRIVERS\cmdide.sys 2011/06/23 05:46:48.0484 0668 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 2011/06/23 05:46:48.0531 0668 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 2011/06/23 05:46:48.0562 0668 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 2011/06/23 05:46:48.0640 0668 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/06/23 05:46:48.0718 0668 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys 2011/06/23 05:46:48.0796 0668 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys 2011/06/23 05:46:48.0828 0668 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/06/23 05:46:48.0890 0668 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/06/23 05:46:49.0140 0668 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 2011/06/23 05:46:49.0265 0668 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/06/23 05:46:49.0328 0668 E100B (1961f8b618e3c20df54c146b294efd2a) C:\WINDOWS\system32\DRIVERS\e100b325.sys 2011/06/23 05:46:49.0421 0668 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/06/23 05:46:49.0484 0668 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/06/23 05:46:49.0562 0668 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys 2011/06/23 05:46:49.0593 0668 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/06/23 05:46:49.0656 0668 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/06/23 05:46:49.0718 0668 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/06/23 05:46:49.0734 0668 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/06/23 05:46:49.0812 0668 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2011/06/23 05:46:49.0875 0668 Gernuwa (ba294768509fa03fcfe766962dee3cad) C:\WINDOWS\system32\drivers\Gernuwa.sys 2011/06/23 05:46:50.0015 0668 GhPciScan (4d0e1ddfc571285a0bbabb0a534f4d3d) C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys 2011/06/23 05:46:50.0203 0668 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/06/23 05:46:50.0343 0668 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/06/23 05:46:50.0421 0668 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/06/23 05:46:50.0562 0668 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 2011/06/23 05:46:50.0671 0668 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/06/23 05:46:50.0750 0668 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 2011/06/23 05:46:50.0812 0668 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 2011/06/23 05:46:50.0859 0668 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/06/23 05:46:50.0937 0668 iaStor (294110966cedd127629c5be48367c8cf) C:\WINDOWS\system32\DRIVERS\iaStor.sys 2011/06/23 05:46:51.0078 0668 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/06/23 05:46:51.0140 0668 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 2011/06/23 05:46:51.0328 0668 IntcAzAudAddService (909d03b3b7fb7c830b74f74f4d0ea7ce) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2011/06/23 05:46:51.0515 0668 IntelIde (4b6da2f0a4095857a9e3f3697399d575) C:\WINDOWS\system32\DRIVERS\intelide.sys 2011/06/23 05:46:51.0578 0668 intelppm (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/06/23 05:46:51.0734 0668 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/06/23 05:46:51.0765 0668 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/06/23 05:46:51.0812 0668 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/06/23 05:46:51.0875 0668 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/06/23 05:46:51.0937 0668 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/06/23 05:46:51.0984 0668 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/06/23 05:46:52.0031 0668 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/06/23 05:46:52.0093 0668 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/06/23 05:46:52.0125 0668 kbdhid (94c59cb884ba010c063687c3a50dce8e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/06/23 05:46:52.0171 0668 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/06/23 05:46:52.0250 0668 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/06/23 05:46:52.0359 0668 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\WINDOWS\system32\drivers\mbam.sys 2011/06/23 05:46:52.0515 0668 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys 2011/06/23 05:46:52.0578 0668 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/06/23 05:46:52.0625 0668 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys 2011/06/23 05:46:52.0671 0668 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/06/23 05:46:52.0734 0668 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/06/23 05:46:52.0796 0668 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/06/23 05:46:52.0859 0668 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 2011/06/23 05:46:52.0890 0668 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/06/23 05:46:52.0968 0668 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/06/23 05:46:53.0031 0668 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/06/23 05:46:53.0078 0668 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/06/23 05:46:53.0140 0668 msloop (64e8b7c65eb4796939c0f64f8170821b) C:\WINDOWS\system32\DRIVERS\loop.sys 2011/06/23 05:46:53.0234 0668 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/06/23 05:46:53.0265 0668 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/06/23 05:46:53.0328 0668 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/06/23 05:46:53.0406 0668 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 2011/06/23 05:46:53.0531 0668 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/06/23 05:46:53.0593 0668 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/06/23 05:46:53.0671 0668 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/06/23 05:46:53.0718 0668 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/06/23 05:46:53.0765 0668 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/06/23 05:46:53.0843 0668 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/06/23 05:46:53.0875 0668 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/06/23 05:46:53.0968 0668 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys 2011/06/23 05:46:54.0031 0668 nmwcd (28e36e677849174c910faaead3e60e9e) C:\WINDOWS\system32\drivers\ccdcmb.sys 2011/06/23 05:46:54.0062 0668 nmwcdc (3823deb17f9f6775de0187a98fa0536d) C:\WINDOWS\system32\drivers\ccdcmbo.sys 2011/06/23 05:46:54.0109 0668 nmwcdnsu (496f34fb30dd541350b29558842cd42a) C:\WINDOWS\system32\drivers\nmwcdnsu.sys 2011/06/23 05:46:54.0156 0668 nmwcdnsuc (99fbb538789888e6a48b902417f68dd4) C:\WINDOWS\system32\drivers\nmwcdnsuc.sys 2011/06/23 05:46:54.0218 0668 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/06/23 05:46:54.0250 0668 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/06/23 05:46:54.0296 0668 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/06/23 05:46:54.0359 0668 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/06/23 05:46:54.0375 0668 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/06/23 05:46:54.0453 0668 oxpar (dab162a9890d6e127357bafdda60b2e0) C:\WINDOWS\system32\DRIVERS\oxpar.sys 2011/06/23 05:46:54.0484 0668 P3 (cecb679633523ac5eb7eb85f92dcd806) C:\WINDOWS\system32\DRIVERS\p3.sys 2011/06/23 05:46:54.0562 0668 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/06/23 05:46:54.0609 0668 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/06/23 05:46:54.0656 0668 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/06/23 05:46:54.0718 0668 PARXPORT (fb29ba96a0893516035e9100cdbeefd8) C:\WINDOWS\system32\DRIVERS\parxport.sys 2011/06/23 05:46:54.0781 0668 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys 2011/06/23 05:46:54.0828 0668 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/06/23 05:46:54.0875 0668 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/06/23 05:46:54.0937 0668 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/06/23 05:46:55.0109 0668 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 2011/06/23 05:46:55.0140 0668 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 2011/06/23 05:46:55.0296 0668 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/06/23 05:46:55.0343 0668 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/06/23 05:46:55.0359 0668 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/06/23 05:46:55.0437 0668 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/06/23 05:46:55.0500 0668 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 2011/06/23 05:46:55.0578 0668 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 2011/06/23 05:46:55.0625 0668 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 2011/06/23 05:46:55.0656 0668 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 2011/06/23 05:46:55.0687 0668 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 2011/06/23 05:46:55.0734 0668 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/06/23 05:46:55.0812 0668 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/06/23 05:46:55.0843 0668 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/06/23 05:46:55.0890 0668 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/06/23 05:46:55.0953 0668 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/06/23 05:46:55.0984 0668 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/06/23 05:46:56.0062 0668 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/06/23 05:46:56.0109 0668 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/06/23 05:46:56.0171 0668 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/06/23 05:46:56.0265 0668 RTL8023xp (c8b370b2b520ac1b8bc66203fcec73db) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 2011/06/23 05:46:56.0343 0668 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/06/23 05:46:56.0421 0668 Sentinel (aebba7428a6c40cce3c5abde45190b24) C:\WINDOWS\System32\Drivers\SENTINEL.SYS 2011/06/23 05:46:56.0515 0668 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/06/23 05:46:56.0593 0668 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/06/23 05:46:56.0656 0668 sermouse (18ea7d0a8c734e7eb0b925900eb688f3) C:\WINDOWS\system32\DRIVERS\sermouse.sys 2011/06/23 05:46:56.0750 0668 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/06/23 05:46:56.0859 0668 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 2011/06/23 05:46:56.0937 0668 SNTNLUSB (a1ff7d99b199cea1f3df371ba70d2780) C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS 2011/06/23 05:46:57.0000 0668 SNXPCARD (53c9845ba14bc6dd01f65da4ca9cc898) C:\WINDOWS\system32\DRIVERS\snxpcard.sys 2011/06/23 05:46:57.0031 0668 SNXPPALX (94e241365f6fc4b35d2740c4b90de591) C:\WINDOWS\system32\DRIVERS\snxppalx.sys 2011/06/23 05:46:57.0187 0668 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 2011/06/23 05:46:57.0265 0668 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/06/23 05:46:57.0343 0668 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/06/23 05:46:57.0406 0668 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/06/23 05:46:57.0578 0668 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 2011/06/23 05:46:57.0656 0668 StillCam (3f669c9fc6411bdbc0155544aa876e46) C:\WINDOWS\system32\DRIVERS\serscan.sys 2011/06/23 05:46:57.0718 0668 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/06/23 05:46:57.0781 0668 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/06/23 05:46:57.0859 0668 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 2011/06/23 05:46:57.0890 0668 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 2011/06/23 05:46:58.0000 0668 SymEvent (afdcf8008d0ffe23f42071c1540f35e7) C:\Program Files\Symantec\SYMEVENT.SYS 2011/06/23 05:46:58.0046 0668 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 2011/06/23 05:46:58.0078 0668 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 2011/06/23 05:46:58.0125 0668 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/06/23 05:46:58.0234 0668 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/06/23 05:46:58.0281 0668 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/06/23 05:46:58.0312 0668 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/06/23 05:46:58.0359 0668 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/06/23 05:46:58.0453 0668 TosIde (b411668322c3bf4e690888706b999679) C:\WINDOWS\system32\DRIVERS\toside.sys 2011/06/23 05:46:58.0515 0668 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys 2011/06/23 05:46:58.0609 0668 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/06/23 05:46:58.0796 0668 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 2011/06/23 05:46:58.0859 0668 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/06/23 05:46:58.0921 0668 upperdev (b1b8bee26227dad9835019201552cb05) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys 2011/06/23 05:46:59.0000 0668 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys 2011/06/23 05:46:59.0062 0668 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/06/23 05:46:59.0140 0668 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/06/23 05:46:59.0203 0668 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/06/23 05:46:59.0281 0668 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 2011/06/23 05:46:59.0312 0668 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/06/23 05:46:59.0375 0668 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/06/23 05:46:59.0421 0668 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys 2011/06/23 05:46:59.0468 0668 UsbserFilt (98e1ff1d732c6c7200b6c59d4ff8c1c3) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys 2011/06/23 05:46:59.0531 0668 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/06/23 05:46:59.0593 0668 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/06/23 05:46:59.0656 0668 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/06/23 05:46:59.0734 0668 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 2011/06/23 05:46:59.0781 0668 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2011/06/23 05:46:59.0812 0668 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/06/23 05:46:59.0875 0668 vsbus (1c8a783e90c34d205596f1ab4a97e261) C:\WINDOWS\system32\DRIVERS\vsb.sys 2011/06/23 05:46:59.0937 0668 vserial (3377daa1cb8cac46a538c236f5f3d58f) C:\WINDOWS\system32\DRIVERS\vserial.sys 2011/06/23 05:47:00.0015 0668 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/06/23 05:47:00.0109 0668 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys 2011/06/23 05:47:00.0203 0668 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/06/23 05:47:00.0515 0668 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 2011/06/23 05:47:00.0609 0668 WudfPf (50eb9e21963b4f06fd010d007d54351b) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/06/23 05:47:00.0687 0668 WudfRd (6e209664bdea8a15b5e8e480d6c607c2) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/06/23 05:47:01.0046 0668 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0 2011/06/23 05:47:01.0062 0668 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2011/06/23 05:47:01.0093 0668 MBR (0x1B8) (1fc5d4bacddb5998bf5cb385d54eaaf4) \Device\Harddisk1\DR2 2011/06/23 05:47:01.0312 0668 ================================================================================ 2011/06/23 05:47:01.0312 0668 Scan finished 2011/06/23 05:47:01.0312 0668 ================================================================================ 2011/06/23 05:47:01.0343 1624 Detected object count: 1 2011/06/23 05:47:01.0343 1624 Actual detected object count: 1 2011/06/23 05:47:12.0500 1624 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot 2011/06/23 05:47:12.0500 1624 \Device\Harddisk0\DR0 - ok 2011/06/23 05:47:12.0500 1624 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure 2011/06/23 05:48:00.0171 0824 Deinitialize success maintenant ca reboot je te fais l'autre scan.

je ne pourrais faire ça que demain matin a partir de 5h....

Voici le lien du log, il est zippé car l'infection m’empêche de poster le fichier txt et ce sur plusieurs serveur. Cijoint.fr - Service gratuit de dépôt de fichiers

ok désolé c'est corrigé. apres les corrections de rogueKiller j'ai eu beaucoup de mal a redémarrer le Pc reboot sans cesse. je fais le scan ZHPDiag.

j'ai aussi des onglets qui s'ouvrent de temps en temps dans mozilla qui me ramène ici fr.gomeo.fr

Bonjour, je viens de parcourir votre post et avant hier j'ai eu le même écran bleu erreur 00000007b puis reboot, c’était aussi du a une désinfection de MBAM j'ai réussi a redemander avec un chkdsk /f puis mode sans échec puis dem. normal. j’espère que ça vous aidera.

voici les logs: Remontees: [RogueKiller] Remontées (1/24) Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version Demarrage : Mode normal Utilisateur: Administrateur [Droits d'admin] Mode: Suppression -- Date : 22/06/2011 05:26:57 Processus malicieux: 2 [sUSP PATH] setup.exe -- c:\windows\temp\wppkgx\setup.exe -> KILLED [sUSP PATH] daemonupd.exe -- c:\documents and settings\networkservice\local settings\application data\nvidia corporation\update\daemonupd.exe -> KILLED Entrees de registre: 5 [sUSP PATH] HKUS\.DEFAULT[...]\Run : AMService (C:\WINDOWS\TEMP\wppkgx\setup.exe) -> DELETED [sUSP PATH] Sauvegarde_sur_usb.job : c:\documents and settings\administrateur\bureau\sauvegarde.bat -> DELETED [DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{8C696093-235E-4402-ADA6-32B632AF437F} : NameServer (212.27.54.252,212.27.53.252) -> NOT REMOVED, USE DNSFIX [DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{8C696093-235E-4402-ADA6-32B632AF437F} : NameServer (212.27.54.252,212.27.53.252) -> NOT REMOVED, USE DNSFIX [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) Fichier HOSTS: 127.0.0.1 localhost 192.168.0.5 HP0017A42CAEE6 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com [...] Termine : << RKreport[1].txt >> RKreport[1].txt RogueKiller V5.2.3 [16/06/2011] par Tigzy contact sur Forum Sciences / Forum Informatique - Sur la Toile (SLT) mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/24) Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version Demarrage : Mode normal Utilisateur: Administrateur [Droits d'admin] Mode: HOSTS RAZ -- Date : 22/06/2011 05:27:45 Processus malicieux: 0 Fichier HOSTS: 127.0.0.1 localhost 192.168.0.5 HP0017A42CAEE6 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com [...] Nouveau fichier HOSTS: 127.0.0.1 localhost Termine : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt RogueKiller V5.2.3 [16/06/2011] par Tigzy contact sur Forum Sciences / Forum Informatique - Sur la Toile (SLT) mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/24) Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version Demarrage : Mode normal Utilisateur: Administrateur [Droits d'admin] Mode: Proxy RAZ -- Date : 22/06/2011 05:28:05 Processus malicieux: 0 Entrees de registre: 0 Termine : << RKreport[3].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt RogueKiller V5.2.3 [16/06/2011] par Tigzy contact sur Forum Sciences / Forum Informatique - Sur la Toile (SLT) mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/24) Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version Demarrage : Mode normal Utilisateur: Administrateur [Droits d'admin] Mode: DNS RAZ -- Date : 22/06/2011 05:28:23 Processus malicieux: 0 Entrees de registre: 2 [DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{8C696093-235E-4402-ADA6-32B632AF437F} : NameServer (212.27.54.252,212.27.53.252) -> REPLACED : () [DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{8C696093-235E-4402-ADA6-32B632AF437F} : NameServer (212.27.54.252,212.27.53.252) -> REPLACED : () Termine : << RKreport[4].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt RogueKiller V5.2.3 [16/06/2011] par Tigzy contact sur Forum Sciences / Forum Informatique - Sur la Toile (SLT) mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/24) Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version Demarrage : Mode normal Utilisateur: Administrateur [Droits d'admin] Mode: Raccourcis RAZ -- Date : 22/06/2011 05:34:32 Processus malicieux: 0 Attributs de fichiers restaures: Bureau: Success 1 / Fail 0 Lancement rapide: Success 0 / Fail 0 Programmes: Success 12 / Fail 0 Menu demarrer: Success 0 / Fail 0 Dossier utilisateur: Success 133 / Fail 0 Mes documents: Success 1229 / Fail 0 Mes favoris: Success 0 / Fail 0 Mes images: Success 0 / Fail 0 Ma musique: Success 0 / Fail 0 Mes videos: Success 0 / Fail 0 Disques locaux: Success 1503 / Fail 0 Sauvegarde: [NOT FOUND] Lecteurs: [A:] \Device\Floppy0 -- 0x2 --> Skipped [C:] \Device\HarddiskVolume1 -- 0x3 --> Restored [D:] \Device\CdRom0 -- 0x5 --> Skipped [E:] \Device\Harddisk1\DP(1)0-0+3 -- 0x2 --> Restored Termine : << RKreport[5].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt