

LITEON52
Membres-
Compteur de contenus
11 -
Inscription
-
Dernière visite
LITEON52's Achievements

Junior Member (3/12)
0
Réputation sur la communauté
-
[RESOLU] Impossible de lancer Spybot et Malwarebytes
LITEON52 a répondu à un(e) sujet de LITEON52 dans Analyses et éradication malwares
Bonjour pear, Effectivement tout semble fonctionner correctement...pour l'instant. Je touche du bois. Merci encore pour votre aide efficace. Je ne vous dis pas à bientôt, en tout cas dans la rubrique malwares. A+ -
[RESOLU] Impossible de lancer Spybot et Malwarebytes
LITEON52 a répondu à un(e) sujet de LITEON52 dans Analyses et éradication malwares
Bonsoir, A priori, j'ai réussi à retrouver le N° pour Bitdefender. Pour l'instant ça a l'air de remarcher. A tout hasard, je joins le rapport Qoobox. Sinon, la désinfection est terminée docteur ou il y a encore des vérifs à faire ? RAPPORT QOOBOX : 2009-05-17 11:24:17 . 2009-05-17 11:24:17 126 ----a-w C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-Cmaudio.reg.dat 2009-05-17 11:24:14 . 2009-05-17 11:24:14 171 ----a-w C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}.reg.dat 2009-05-17 11:17:38 . 2009-05-17 11:17:38 2,050 ----a-w C:\Qoobox\Quarantine\Registry_backups\Service_NPF.reg.dat 2009-05-17 11:17:32 . 2009-05-17 11:17:32 9,515 ----a-w C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2009-05-17 11:12:00 . 2009-05-17 11:12:00 854 ----a-w C:\Qoobox\Quarantine\Registry_backups\Service_GXVXCSERV.SYS.reg.dat 2009-05-17 10:39:04 . 2009-05-17 11:11:40 204 ----a-w C:\Qoobox\Quarantine\catchme.log 2009-05-16 16:53:47 . 2009-05-17 08:09:39 4 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\system32\gxvxccounter.vir 2009-05-14 20:28:48 . 2009-05-15 06:03:37 2,982 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\system32\tmp.reg.vir 2009-05-14 14:46:40 . 2009-05-14 15:42:17 62,208 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\gxvxcftidvbqakyxuwqgvpixnsvdiyqxdablt.sys.vir 2009-05-14 12:36:34 . 2009-05-14 12:36:34 62,208 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\gxvxcosixngsiltlwabwemrdbqwgkoepmittk.sys.vir 2009-05-13 09:51:17 . 2009-05-13 09:51:17 26,625 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\system32\gxvxcprrjltpulrmycmuffjsiywpixbpkyuog.dll.vir 2009-05-13 09:51:17 . 2009-05-13 09:51:17 62,208 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\gxvxciydlthquewxrgrrfwappwsqbfnjdjoow.sys.vir 2008-01-11 08:39:12 . 2008-08-13 09:17:22 87,608 ----a-w C:\Qoobox\Quarantine\C\Documents and Settings\MARC\Application Data\inst.exe.vir 2006-08-17 13:02:48 . 2006-08-17 13:02:50 461 ----a-w C:\Qoobox\Quarantine\C\Program Files\INSTALL.LOG.vir 2004-10-29 13:29:08 . 2004-10-29 13:29:08 221,184 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\system32\wpcap.dll.vir 2004-10-29 13:14:04 . 2004-10-29 13:14:04 32,000 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\npf.sys.vir 2004-10-29 13:13:40 . 2004-10-29 13:13:40 81,920 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\system32\packet.dll.vir 2004-10-29 13:13:36 . 2004-10-29 13:13:36 61,440 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\system32\wanpacket.dll.vir 2004-01-15 04:01:26 . 2004-01-15 04:01:26 53,299 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\system32\pthreadVC.dll.vir -
[RESOLU] Impossible de lancer Spybot et Malwarebytes
LITEON52 a répondu à un(e) sujet de LITEON52 dans Analyses et éradication malwares
Comment se nomme le rapport Qoobox ? -
[RESOLU] Impossible de lancer Spybot et Malwarebytes
LITEON52 a répondu à un(e) sujet de LITEON52 dans Analyses et éradication malwares
Pour Bitdefender, qu'est-ce qui s'est passé alors ? Dans C:\Qoobox je ne sais pas comment utiliser la sauvegarde pour restaurer Bitdefender (sans restaurer des nuisibles) ! Le rapport OTMoveIt : ========== PROCESSES ========== Process explorer.exe killed successfully. ========== FILES ========== c:\windows\AL2DLL.dll unregistered successfully. c:\windows\AL2DLL.dll moved successfully. C:\WINDOWS\system32\flvDX.dll unregistered successfully. C:\WINDOWS\system32\flvDX.dll moved successfully. C:\WINDOWS\system32\msfDX.dll unregistered successfully. C:\WINDOWS\system32\msfDX.dll moved successfully. C:\WINDOWS\system32\nbDX.dll unregistered successfully. C:\WINDOWS\system32\nbDX.dll moved successfully. ========== COMMANDS ========== File delete failed. C:\DOCUME~1\MOI\LOCALS~1\Temp\WCESLog.log scheduled to be deleted on reboot. User's Temp folder emptied. User's Internet Explorer cache folder emptied. File delete failed. C:\Documents and Settings\MOI\Local Settings\Temporary Internet Files\Content.IE5\XC9557O9\AP_ADV_728x90[1].htm scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\MOI\Local Settings\Temporary Internet Files\Content.IE5\XC9557O9\CAOZEX2T.fr scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\MOI\Local Settings\Temporary Internet Files\Content.IE5\XC9557O9\rectangle_300x250[1].htm scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\MOI\Local Settings\Temporary Internet Files\Content.IE5\IG8RY86G\ban_728x90[1].htm scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\MOI\Local Settings\Temporary Internet Files\Content.IE5\BU48I4HX\hp[1].htm scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\MOI\Local Settings\Temporary Internet Files\Content.IE5\B0K4NPRH\AP_ADV_300x250[1].htm scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\MOI\Local Settings\Temporary Internet Files\Content.IE5\B0K4NPRH\iframe[1].htm scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\MOI\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. User's Temporary Internet Files folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. Network Service Temp folder emptied. Network Service Temporary Internet Files folder emptied. Windows Temp folder emptied. Java cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05172009_165402 Files moved on Reboot... C:\DOCUME~1\MOI\LOCALS~1\Temp\WCESLog.log moved successfully. C:\Documents and Settings\MOI\Local Settings\Temporary Internet Files\Content.IE5\XC9557O9\AP_ADV_728x90[1].htm moved successfully. C:\Documents and Settings\MOI\Local Settings\Temporary Internet Files\Content.IE5\XC9557O9\CAOZEX2T.fr moved successfully. C:\Documents and Settings\MOI\Local Settings\Temporary Internet Files\Content.IE5\XC9557O9\rectangle_300x250[1].htm moved successfully. C:\Documents and Settings\MOI\Local Settings\Temporary Internet Files\Content.IE5\IG8RY86G\ban_728x90[1].htm moved successfully. C:\Documents and Settings\MOI\Local Settings\Temporary Internet Files\Content.IE5\BU48I4HX\hp[1].htm moved successfully. C:\Documents and Settings\MOI\Local Settings\Temporary Internet Files\Content.IE5\B0K4NPRH\AP_ADV_300x250[1].htm moved successfully. C:\Documents and Settings\MOI\Local Settings\Temporary Internet Files\Content.IE5\B0K4NPRH\iframe[1].htm moved successfully. -
[RESOLU] Impossible de lancer Spybot et Malwarebytes
LITEON52 a répondu à un(e) sujet de LITEON52 dans Analyses et éradication malwares
Bjr, Je ne parlais pas de spybot mais de combofix. Spybot je l'ai juste lancé pour voir s'il démarrait. Au fait, ma clé d'enregt Bitdefender a sauté grace à combofix: moyen de la récupérer ? Impossible de remettre la main dessus. Il n'y a pas une sauvegarde qque part ? Résultats pour les dll : AL2DLL.dll : Résultat: 1/40 (2.5%) Antiy-AVL 2.0.3.1 2009.05.15 AdWare/BHO.AlSpy flvDX.dll : Résultat: 1/39 (2.57%) eSafe 7.0.17.0 2009.05.14 Suspicious File msfDX.dll : Résultat: 1/40 (2.5%) eSafe 7.0.17.0 2009.05.14 Suspicious File nbDX.dll : Résultat: 1/40 (2.5%) eSafe 7.0.17.0 2009.05.14 Suspicious File -
[RESOLU] Impossible de lancer Spybot et Malwarebytes
LITEON52 a répondu à un(e) sujet de LITEON52 dans Analyses et éradication malwares
Bonjour pear, Ci-après le rapport Combofix. Il semblerait que le ménage ait été fait. En tout cas, Spybot se lance normalement désormais. Pourvu qu'il n'ait pas dégagé qque cchose d'utile ! Est-il normal que des .dll, .exe, .reg aient été supprimés? LE RAPPORT COMBOFIX : ComboFix 09-05-16.05 - MOI 17/05/09 13:15.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.1693 [GMT 2:00] Lancé depuis: c:\documents and settings\MOI\Bureau\ComboFix.exe AV: Bitdefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB} FW: Bitdefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\MOI\Application Data\inst.exe c:\program files\INSTALL.LOG c:\windows\system32\drivers\gxvxcftidvbqakyxuwqgvpixnsvdiyqxdablt.sys c:\windows\system32\drivers\gxvxciydlthquewxrgrrfwappwsqbfnjdjoow.sys c:\windows\system32\drivers\gxvxcosixngsiltlwabwemrdbqwgkoepmittk.sys c:\windows\system32\drivers\npf.sys c:\windows\system32\gxvxccounter c:\windows\system32\gxvxcprrjltpulrmycmuffjsiywpixbpkyuog.dll c:\windows\system32\Packet.dll c:\windows\system32\pthreadVC.dll c:\windows\system32\tmp.reg c:\windows\system32\WanPacket.dll c:\windows\system32\wpcap.dll . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_GXVXCSERV.SYS -------\Service_NPF ((((((((((((((((((((((((((((( Fichiers créés du 2009-04-17 au 2009-05-17 )))))))))))))))))))))))))))))))))))) . 2009-05-17 07:36 . 2009-05-17 07:54 -------- d-----w c:\program files\CCleaner 2009-05-16 15:42 . 2009-05-16 17:14 -------- d-----w c:\program files\Spybot - Search & Destroy 2009-05-16 15:14 . 2009-05-16 15:14 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Google 2009-05-16 13:50 . 2009-05-16 13:50 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Google 2009-05-16 13:48 . 2009-05-16 13:49 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2009-05-16 13:48 . 2009-05-16 13:50 -------- d-----w c:\program files\Google 2009-05-16 06:42 . 2009-05-16 06:42 -------- d-----w c:\documents and settings\MOI\Application Data\Malwarebytes 2009-05-16 06:40 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-05-16 06:40 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-16 06:40 . 2009-05-16 06:40 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-05-16 06:40 . 2009-05-16 06:42 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-05-15 07:52 . 2009-05-15 07:52 -------- d-----w c:\documents and settings\LocalService\Bureau 2009-05-14 17:17 . 2009-05-14 20:50 15688 ----a-w c:\windows\system32\lsdelete.exe 2009-05-14 16:59 . 2009-05-14 20:50 64160 ----a-w c:\windows\system32\drivers\Lbd.sys 2009-05-14 16:58 . 2009-05-14 16:58 -------- d-----w c:\program files\Lavasoft 2009-05-14 16:36 . 2009-05-14 16:58 -------- dc-h--w c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-05-14 12:48 . 2009-05-14 12:48 -------- d-----w c:\documents and settings\NetworkService\Bureau 2009-05-03 07:31 . 2009-02-09 10:53 401408 -c----w c:\windows\system32\dllcache\rpcss.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-17 11:22 . 2006-08-17 13:08 81984 ----a-w c:\windows\system32\bdod.bin 2009-05-14 12:36 . 2006-08-19 13:20 -------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard 2009-05-13 10:05 . 2009-04-15 15:27 1719768 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-05-12 09:53 . 2008-11-17 10:47 -------- d-----w c:\program files\Universal Share Downloader 2009-05-09 16:54 . 2007-08-18 16:36 -------- d-----w c:\program files\Microsoft ActiveSync 2009-05-03 07:43 . 2001-08-24 12:00 84766 ----a-w c:\windows\system32\perfc00C.dat 2009-05-03 07:43 . 2001-08-24 12:00 510742 ----a-w c:\windows\system32\perfh00C.dat 2009-04-15 14:40 . 2009-04-15 14:40 -------- d-----w c:\program files\Fichiers communs\PACE Anti-Piracy 2009-04-15 14:39 . 2009-04-15 14:05 -------- d-----w c:\program files\DxO Labs 2009-03-22 10:02 . 2009-03-22 10:02 -------- d-----w c:\program files\ImageMagick-6.4.0-Q16 2009-03-08 08:14 . 2009-03-08 08:14 208896 ----a-w c:\windows\AL2DLL.dll 2009-03-06 14:20 . 2004-08-19 15:09 286720 ----a-w c:\windows\system32\pdh.dll 2009-03-03 15:04 . 2006-08-19 14:58 84056 ----a-w c:\documents and settings\VANESSA\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-02-23 20:02 . 2009-02-23 20:03 737280 ----a-w c:\windows\iun6002.exe 2009-02-20 08:10 . 2006-04-12 18:13 670208 ----a-w c:\windows\system32\wininet.dll 2009-02-20 08:10 . 2004-08-19 15:09 81920 ----a-w c:\windows\system32\ieencode.dll 2008-09-25 16:59 . 2008-09-25 16:59 5120 --sha-w c:\program files\Thumbs.db 2005-06-19 06:13 . 2006-10-15 15:15 489984 ----a-w c:\program files\TorrentSpy-0.2.4.26.exe 2006-05-03 09:06 . 2008-08-12 09:04 163328 --sh--r c:\windows\system32\flvDX.dll 2007-02-21 10:47 . 2008-08-12 09:04 31232 --sh--r c:\windows\system32\msfDX.dll 2008-03-16 12:30 . 2008-08-12 09:04 216064 --sh--r c:\windows\system32\nbDX.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-16 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-04-22 180269] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440] "BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2008-09-16 368640] "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-14 516440] "Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-03-17 61952] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-13 110592] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nlsf"="move" [X] "Config"="c:\windows\system32\run.cmd" [2006-02-14 248] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544] c:\documents and settings\MOI\Menu D‚marrer\Programmes\D‚marrage\ NDrive Update Agent.lnk - c:\documents and settings\MOI\Application Data\Microsoft\Installer\{CC158C25-5C36-4B42-95B2-4740884A4B25}\_5C0C625595A48CCC79D1E0.exe [2008-12-17 14846] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ EPSON Contr“le en arriŠre-plan.lnk - c:\program files\EPSON\ESM2\Stms.exe [1999-12-3 235008] Lancement rapide d'Adobe Acrobat.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe [2008-4-4 25214] SnagIt 8.lnk - c:\program files\TechSmith\SnagIt 8\SnagIt32.exe [2007-5-16 6395464] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) "NoStrCmpLogical"= 0 (0x0) "NoNetworkConnections"= 01000000 "NoRecentDocsNetHood"= 01000000 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "DisablePagingExecutive"=dword:00000001 "SecondLevelDataCache"=dword:00000200 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\Program Files\\JEUX\\BATTLEFIELD 2142\\BF2142.exe"= "c:\\Program Files\\JEUX\\FEAR\\FEAR.exe"= "c:\\Program Files\\JEUX\\FEAR\\FEARMP.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\JEUX\\STARSHIP TROOPERS\\Starship Troopers\\STGame.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [14/05/09 18:59 64160] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [19/10/07 14:17 86792] R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [30/11/08 12:13 1475712] S2 FILESpy;FILESpy; [x] S2 gupdate1c9d62d3cdbea4c;Service Google Update (gupdate1c9d62d3cdbea4c);c:\program files\Google\Update\GoogleUpdate.exe [16/05/09 15:50 133104] S3 CoachVid;CoachVid;c:\windows\system32\drivers\CoachVid.sys [18/10/08 10:20 45344] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/09 23:34 953168] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan . Contenu du dossier 'Tâches planifiées' 2009-05-17 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-16 13:48] 2009-05-17 c:\windows\Tasks\GoogleUpdateTaskMachine.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-16 13:50] . - - - - ORPHELINS SUPPRIMES - - - - WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file) HKLM-Run-Cmaudio - cmicnfg.cpl . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ mWindow Title = IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir en un fichier PDF existant - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Insérer dans projet DIALux - c:\program files\DIALux\DLXShellExtension.dll/#201 Handler: skyline - {3a4f9195-65a8-11d5-85c1-0001023952c1} - c:\program files\Skyline\TerraExplorer\TerraExplorerX.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-17 13:22 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr] "ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr] "ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\ . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-1957994488-926492609-725345543-1003\SOFTWARE\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*] "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(1068) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2104) c:\windows\system32\eappprxy.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\EPSON\ESM2\eEBSvc.exe c:\windows\system32\WdfMgr.exe c:\windows\system32\UTSCSI.EXE c:\program files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe c:\program files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe c:\program files\BitDefender\BitDefender 2008\vsserv.exe c:\windows\system32\rundll32.exe c:\windows\system32\rundll32.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\progra~1\MICROS~4\rapimgr.exe c:\program files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\program files\NDrive\NDrive Update Agent\NDriveAgent.exe c:\program files\TechSmith\SnagIt 8\TscHelp.exe c:\program files\TechSmith\SnagIt 8\SnagPriv.exe . ************************************************************************** . Heure de fin: 2009-05-17 13:25 - La machine a redémarré ComboFix-quarantined-files.txt 2009-05-17 11:25 Avant-CF: 158,044,905,472 octets libres Après-CF: 158,416,850,944 octets libres 231 -
[RESOLU] Impossible de lancer Spybot et Malwarebytes
LITEON52 a répondu à un(e) sujet de LITEON52 dans Analyses et éradication malwares
Rebonjour pear, Ne pouvant lancer Spybot, j'ai appliqué la même règle que pour MBAM : je l'ai renommé et ça a marché ! Cela m'a permis de désactiver Teatimer et ma page d'accueil IE est donc redevenue modifiable. Ca c'est réglé. Par contre, si je ne renomme plus Spybot, il ne se lance plus. Ca prouve qu'il y a encore qquechose de louche. Donc, je le lance (renommé) et le laisse faire son analyse jusqu'au bout. Et surprise : il trouve encore des choses que MBAM n'avait pas décelées !!! Voir rapport joint. Je décide donc de relancer MBAM en mode sans échec (qui se lance maintenant très bien même non renommé) : MBAM, lui, ne me trouve qu'une seule anomalie ( la première sur le rapport Spybot) alors que Spybot en est à 5 . Je ne sais pas si Spybot est dépassé mais il semble en découvrir plus que MBAM. Qu'en pensez-vous ? Que dois-je faire ? RAPPORT SPYBOT : Win32.TDSS.rtk: [sBI $E6418935] File (Fichier, nothing done) C:\WINDOWS\system32\gxvxccounter Properties.size=0 Properties.md5=7303F017FE369F9CE5AF630DA93BA867 Win32.TDSS.rtk: [sBI $3CBC6F59] File (Fichier, nothing done) C:\WINDOWS\system32\gxvxcprrjltpulrmycmuffjsiywpixbpkyuog.dll Properties.size=0 Properties.md5=9F868B9BD5B3A98CF5C7BEAEAF418B2F Win32.TDSS.rtk: [sBI $A3D0AF77] File (Fichier, nothing done) C:\WINDOWS\system32\drivers\gxvxcftidvbqakyxuwqgvpixnsvdiyqxdablt.sys Properties.size=0 Properties.md5=0F78716378ECCDD102D3FA23EAE8F04F Win32.TDSS.rtk: [sBI $A3D0AF77] File (Fichier, nothing done) C:\WINDOWS\system32\drivers\gxvxciydlthquewxrgrrfwappwsqbfnjdjoow.sys Properties.size=0 Properties.md5=0028AEADB76AA10900CCBB4526E640E2 Win32.TDSS.rtk: [sBI $A3D0AF77] File (Fichier, nothing done) C:\WINDOWS\system32\drivers\gxvxcosixngsiltlwabwemrdbqwgkoepmittk.sys Properties.size=0 Properties.md5=0A88116EA32953AA9D54439D4A73DE08 -
[RESOLU] Impossible de lancer Spybot et Malwarebytes
LITEON52 a répondu à un(e) sujet de LITEON52 dans Analyses et éradication malwares
Bonjour pear, Voilà, c'est fait ! Renommer mbam, je n'y avais pas pensé mais ça marche. Il a trouvé pas mal de choses et les a supprimées. Ma page d'accueil IE n'est toujours pas modifiable. Le rapport mbam : Malwarebytes' Anti-Malware 1.36 Version de la base de données: 2139 Windows 5.1.2600 Service Pack 3 16/05/09 9:27:12 mbam-log-2009-05-16 (09-27-12).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 389367 Temps écoulé: 34 minute(s), 34 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 2 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 8 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\{NSINAME} (Trojan.Agent) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Documents and Settings\MOI\Bureau\PATCH + CRACK BATTLEFIELD 2\GENERATEUR CLE\vtl-bf2k.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\RECYCLER\S-6-2-89-100013405-100029905-100012369-7255.com (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\youtubex.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tempo-380578.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tempo-644625.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tempo-975859.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tempo-4174625.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\WINDOWS\system32\gxvxccounter (Trojan.DNSchanger) -> Quarantined and deleted successfully. -
[RESOLU] Impossible de lancer Spybot et Malwarebytes
LITEON52 a répondu à un(e) sujet de LITEON52 dans Analyses et éradication malwares
Rebonjour, Impossible de lancer SpybotSD et Malwarebytes. C'est d'ailleurs le sujet de mon appel au secours. J'avais déjà désinstallé et réinstallé ces 2 softs comme indiqué dans mon post d'origine. -
[RESOLU] Impossible de lancer Spybot et Malwarebytes
LITEON52 a répondu à un(e) sujet de LITEON52 dans Analyses et éradication malwares
Bonjour pear, Merci pour l'aide. Donc, ci-joint le rapport de ZHPDiag Rapport de ZHPDiag v1.20.2 par Nicolas Coolman Enregistré le 15/05/09 13:24:59 Platform : Microsoft Windows XP (5.1.2600) Service Pack 3 MSIE: Internet Explorer v6.0.2900.5512 ---\\ Processus lancés C:\WINDOWS\system32\NeroCheck.exe HDAudPropShortcut.exe rundll32.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Ahead\Nero BackItUp\NBJ.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\ati2sgag.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\EPSON\ESM2\eEBSVC.exe C:\WINDOWS\system32\services.exe C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\UTSCSI.EXE C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe ---\\ Pages de démarrage d'Internet Explorer (R0) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ---\\ Pages de recherche d'Internet Explorer (R1) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: IEToolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll ---\\ Applications démarrées automatiquement par le registre (O4) O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [] O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKLM\..\policies\Explorer: [HonorAutoRunSetting] Data="1" O4 - Global Startup: EPSON Contrôle en arrière-plan.lnk - C:\Program Files\EPSON\ESM2\Stms.exe O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe O4 - Global Startup: SnagIt 8.lnk - C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe ---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8) O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Insérer dans projet DIALux - res://C:\Program Files\DIALux\DLXShellExtension.dll/#201 ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra 'Tools' menuitem: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFBARH.ICO O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll,211 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe,302 O9 - Extra 'Tools' menuitem: Windows Messenger - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Messenger\msmsgs.exe,302 O9 - Extra button: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFBARH.ICO O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe,302 ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} () - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} () - http://3dlifeplayer.dl.3dvia.com/player/in...l/installer.exe ---\\ Protocole additionnel et piratage de protocole (O18) O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: AtiStartupEvent - C:\WINDOWS\System32\Ati2evxx.dll O20 - Winlogon Notify: WlDimsStartup - C:\WINDOWS\System32\%SystemRoot%\System32\dimsntfy.dll O20 - Winlogon Notify: WLEventStartup - C:\WINDOWS\System32\WgaLogon.dll ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: (Ati HotKey Poller) - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart (ATI Smart) - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: EpsonBidirectionalService (EpsonBidirectionalService) - C:\Program Files\EPSON\ESM2\eEBSVC.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service O23 - Service: LVSrvLauncher (LVSrvLauncher) - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Spouleur d'impression (Spooler) - C:\WINDOWS\system32\spoolsv.exe O23 - Service: Infrastructure de pilote-mode utilisateur Windows (UMWdf) - C:\WINDOWS\system32\wdfmgr.exe O23 - Service: USBest Service Zero (UTSCSI) - C:\WINDOWS\system32\UTSCSI.EXE O23 - Service: BitDefender Virus Shield (VSSERV) - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service O23 - Service: BitDefender Communicator (XCOMM) - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service ---\\ Composants installés (ActiveSetup Installed Components) (O40) O40 - ASIC: Microsoft Windows Media Player - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP O40 - ASIC: Internet Explorer - {26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE O40 - ASIC: Personnalisation du navigateur - {60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP O40 - ASIC: Outlook Express - {881dd1c5-3dcf-431b-b061-f3f88e8be88a} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - (not file) O40 - ASIC: Rendu VML (Vector Graphics Rendering) - {10072CEC-8CC1-11D1-986E-00A0C955B42F} - (not file) O40 - ASIC: Microsoft NetShow Player - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - C:\WINDOWS\system32\wmpdxm.dll O40 - ASIC: Lecteur Windows Media Microsoft 6.4 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\system32\wmpdxm.dll O40 - ASIC: DirectAnimation - {283807B5-2C60-11D0-A31D-00AA00B92C03} - C:\WINDOWS\system32\danim.dll O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\WINDOWS\system32\regsvr32.exe /s /n /i:/UserInstall C:\WINDOWS\system32\themeui.dll O40 - ASIC: Liaison de données Dynamic HTML pour Java - {36f8ec70-c29a-11d1-b5c7-0000f8051515} - (not file) O40 - ASIC: Logiciel de navigation hors connexion - {3af36230-a269-11d1-b5bf-0000f8051515} - (not file) O40 - ASIC: Uniscribe - {3bf42070-b3b1-11d1-b5c5-0000f8051515} - (not file) O40 - ASIC: .NET Framework - {3F7924B9-D148-3141-87B1-68F36043A940} - (not file) O40 - ASIC: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) - {411EDCF7-755D-414E-A74B-3DCD6583F589} - (not file) O40 - ASIC: Création avancée - {4278c270-a269-11d1-b5bf-0000f8051515} - (not file) O40 - ASIC: Microsoft Outlook Express 6 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install O40 - ASIC: DirectShow - {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - (not file) O40 - ASIC: DirectDrawEx - {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - (not file) O40 - ASIC: Aide sur Internet Explorer - {45ea75a0-a269-11d1-b5bf-0000f8051515} - (not file) O40 - ASIC: Classes Java DirectAnimation - {4f216970-c90c-11d1-b5c7-0000f8051515} - (not file) O40 - ASIC: Microsoft Windows Script 5.6 - {4f645220-306d-11d2-995d-00c04f98bbc9} - (not file) O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser O40 - ASIC: (no name) - {5A8D6EE0-3E18-11D0-821E-444553540000} - (not file) O40 - ASIC: Outils d'installation Internet Explorer - {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - (not file) O40 - ASIC: Améliorations pour la navigation - {630b1da0-b465-11d1-9948-00c04f98bbc9} - (not file) O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub O40 - ASIC: Accès au site MSN - {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - (not file) O40 - ASIC: .NET Framework - {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - (not file) O40 - ASIC: .NET Framework - {72AD53CC-CCC0-3757-8480-9EE176866A7C} - (not file) O40 - ASIC: Dossiers Web - {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - (not file) O40 - ASIC: Carnet d'adresses 6 - {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install O40 - ASIC: Mise à jour du Bureau Windows - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll O40 - ASIC: Internet Explorer 6 - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install O40 - ASIC: Microsoft .NET Framework 1.1 Hotfix (KB928366) - {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - (not file) O40 - ASIC: Liaison de données Dynamic HTML - {9381D8F2-0288-11D0-9501-00AA00B911A5} - (not file) O40 - ASIC: .NET Framework - {9A394342-4A68-4EBA-85A6-55B559F4E700} - (not file) O40 - ASIC: .NET Framework - {B508B3F1-A24A-32C0-B310-85786919EF28} - (not file) O40 - ASIC: .NET Framework - {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - (not file) O40 - ASIC: Polices de base Internet Explorer - {C9E9A340-D1F1-11D0-821E-444553540600} - (not file) O40 - ASIC: .NET Framework - {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - (not file) O40 - ASIC: Planificateur de tâches - {CC2A9BA0-3BDD-11D0-821E-444553540000} - (not file) O40 - ASIC: (no name) - {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - (not file) O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11cf-96B8-444553540000} - C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx O40 - ASIC: Aide HTML - {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - (not file) O40 - ASIC: Active Directory Service Interface - {E92B03AB-B707-11d2-9CBD-0000F87A369E} - (not file) O40 - ASIC: Hotfix for Microsoft .NET Framework 3.0 (KB932471) - {ECD292A0-0347-4244-8C24-5DBCE990FB40} - (not file) O40 - ASIC: Outlook Express - {EDAA1957-0CCF-E25C-B0BF-4CCEEE59C0D9} - (not file) O40 - ASIC: RootsUpdate - {EF289A85-8E57-408d-BE47-73B55609861A} - (not file) O40 - ASIC: .NET Framework - {F196AC50-7C95-42E1-9947-BDAB18BF3C8C} - (not file) ---\\ Pilotes lancés au démarrage (O41) O41 - Driver: Suppresseur d'écho acoustique (Noyau Microsoft) (aec) - C:\WINDOWS\system32\drivers\aec.sys O41 - Driver: Protocole client ARP 1394 (Arp1394) - C:\WINDOWS\system32\DRIVERS\arp1394.sys O41 - Driver: ASInsHelp (ASInsHelp) - C:\WINDOWS\system32\drivers\AsInsHelp32.sys O41 - Driver: Pilote de média asynchrone RAS (AsyncMac) - C:\WINDOWS\system32\DRIVERS\asyncmac.sys O41 - Driver: (no object) (ati2mtag) - C:\WINDOWS\system32\DRIVERS\ati2mtag.sys O41 - Driver: ATI T200 Unified AVStream service (ATIAVAIW) - C:\WINDOWS\system32\DRIVERS\atinavt2.sys O41 - Driver: Protocole client ATM ARP (Atmarpc) - C:\WINDOWS\system32\DRIVERS\atmarpc.sys O41 - Driver: Pilote audio Stub (audstub) - C:\WINDOWS\system32\DRIVERS\audstub.sys O41 - Driver: BitDefender Firewall NDIS Filter Service (Bdfndisf) - C:\WINDOWS\system32\DRIVERS\bdfndisf.sys O41 - Driver: BDSelfPr (BDSelfPr) - C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys O41 - Driver: Service d'énumérateur Bluetooth (BthEnum) - C:\WINDOWS\system32\DRIVERS\BthEnum.sys O41 - Driver: Pilote de communication série Bluetooth (BTHMODEM) - C:\WINDOWS\system32\DRIVERS\bthmodem.sys O41 - Driver: Périphérique Bluetooth (réseau personnel) (BthPan) - C:\WINDOWS\system32\DRIVERS\bthpan.sys O41 - Driver: Pilote de port Bluetooth (BTHPORT) - C:\WINDOWS\System32\Drivers\BTHport.sys O41 - Driver: Pilote USB radio Bluetooth (BTHUSB) - C:\WINDOWS\System32\Drivers\BTHUSB.sys O41 - Driver: Décodeur sous-titre fermé (CCDECODE) - C:\WINDOWS\system32\DRIVERS\CCDECODE.sys O41 - Driver: C-Media High Definition Audio Interface (cmudax) - C:\WINDOWS\system32\drivers\cmudax.sys O41 - Driver: PC Digital Camera on USB (CoachUsb) - C:\WINDOWS\system32\DRIVERS\CoachUsb.sys O41 - Driver: CoachVid (CoachVid) - C:\WINDOWS\system32\DRIVERS\CoachVid.sys O41 - Driver: (no object) (dmboot) - C:\WINDOWS\System32\drivers\dmboot.sys O41 - Driver: Pilote de Gestionnaire de disque logique (dmio) - C:\WINDOWS\System32\drivers\dmio.sys O41 - Driver: (no object) (dmload) - C:\WINDOWS\System32\drivers\dmload.sys O41 - Driver: Synthétiseur DLS du noyau Microsoft (DMusic) - C:\WINDOWS\system32\drivers\DMusic.sys O41 - Driver: Filtre de décodeur DRM (Noyau Microsoft) (drmkaud) - C:\WINDOWS\system32\drivers\drmkaud.sys O41 - Driver: (no object) (dtscsi) - C:\WINDOWS\System32\Drivers\dtscsi.sys O41 - Driver: FltMgr (FltMgr) - C:\WINDOWS\system32\drivers\fltmgr.sys O41 - Driver: Pilote de filtre Microsoft SideWinder Value Add (GcKernel) - C:\WINDOWS\system32\DRIVERS\GcKernel.sys O41 - Driver: Classificateur de paquets générique (Gpc) - C:\WINDOWS\system32\DRIVERS\msgpc.sys O41 - Driver: Pilote de fonction Microsoft UAA pour Service High Definition Audio (HdAudAddService) - C:\WINDOWS\system32\drivers\HdAudio.sys O41 - Driver: Pilote de bus Microsoft UAA pour High Definition Audio (HDAudBus) - C:\WINDOWS\system32\DRIVERS\HDAudBus.sys O41 - Driver: Miniport HID Microsoft Bluetooth (HidBth) - C:\WINDOWS\system32\DRIVERS\hidbth.sys O41 - Driver: Minipilote de périphérique Microsoft SideWinder HID virtuel (HIDSwvd) - C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys O41 - Driver: Pilote de classe HID Microsoft (HidUsb) - C:\WINDOWS\system32\DRIVERS\hidusb.sys O41 - Driver: Pilote pour clavier i8042 et souris sur port PS/2 (i8042prt) - C:\WINDOWS\system32\DRIVERS\i8042prt.sys O41 - Driver: Pilote de processeur Intel (intelppm) - C:\WINDOWS\system32\DRIVERS\intelppm.sys O41 - Driver: Pilote du pare-feu Windows IPv6 (Ip6Fw) - C:\WINDOWS\system32\drivers\ip6fw.sys O41 - Driver: Pilote de filtre de trafic IP (IpFilterDriver) - C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys O41 - Driver: Pilote de tunnelage IP dans IP (IpInIp) - C:\WINDOWS\system32\DRIVERS\ipinip.sys O41 - Driver: Pilote IPSEC (IPSec) - C:\WINDOWS\system32\DRIVERS\ipsec.sys O41 - Driver: Service énumérateur IR (IRENUM) - C:\WINDOWS\system32\DRIVERS\irenum.sys O41 - Driver: Pilote HID de clavier (kbdhid) - C:\WINDOWS\system32\DRIVERS\kbdhid.sys O41 - Driver: Mélangeur audio Wave de noyau Microsoft (kmixer) - C:\WINDOWS\system32\drivers\kmixer.sys O41 - Driver: Lbd (Lbd) - C:\WINDOWS\system32\DRIVERS\Lbd.sys O41 - Driver: Logitech AEC Driver (LVcKap) - C:\WINDOWS\system32\DRIVERS\LVcKap.sys O41 - Driver: Logitech Machine Vision Engine Loader (LVMVDrv) - C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys O41 - Driver: MotoSwitch Service (MotoSwitchService) - C:\WINDOWS\system32\DRIVERS\motswch.sys O41 - Driver: Pilote HID de souris (mouhid) - C:\WINDOWS\system32\DRIVERS\mouhid.sys O41 - Driver: Filtre BDA MPE (MPE) - C:\WINDOWS\system32\DRIVERS\MPE.sys O41 - Driver: Redirecteur client WebDav (MRxDAV) - C:\WINDOWS\system32\DRIVERS\mrxdav.sys O41 - Driver: MRXSMB (MRxSmb) - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys O41 - Driver: Proxy de service de répartition Microsoft (MSKSSRV) - C:\WINDOWS\system32\drivers\MSKSSRV.sys O41 - Driver: Proxy d'horloge de répartition Microsoft (MSPCLOCK) - C:\WINDOWS\system32\drivers\MSPCLOCK.sys O41 - Driver: Proxy de gestion de qualité de répartition Microsoft (MSPQM) - C:\WINDOWS\system32\drivers\MSPQM.sys O41 - Driver: Pilote BIOS de gestion de systèmes Microsoft (mssmbios) - C:\WINDOWS\system32\DRIVERS\mssmbios.sys O41 - Driver: Convertisseur en T/site-à-site de répartition Microsoft (MSTEE) - C:\WINDOWS\system32\drivers\MSTEE.sys O41 - Driver: Codec NABTS/FEC VBI (NABTSFEC) - C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys O41 - Driver: Connection TV/vidéo Microsoft (NdisIP) - C:\WINDOWS\system32\DRIVERS\NdisIP.sys O41 - Driver: Pilote TAPI NDIS d'accès distant (NdisTapi) - C:\WINDOWS\system32\DRIVERS\ndistapi.sys O41 - Driver: NDIS mode utilisateur E/S Protocole (Ndisuio) - C:\WINDOWS\system32\DRIVERS\ndisuio.sys O41 - Driver: Pilote réseau étendu NDIS d'accès distant (NdisWan) - C:\WINDOWS\system32\DRIVERS\ndiswan.sys O41 - Driver: Interface NetBIOS (NetBIOS) - C:\WINDOWS\system32\DRIVERS\netbios.sys O41 - Driver: NetBIOS sur TCP/IP (NetBT) - C:\WINDOWS\system32\DRIVERS\netbt.sys O41 - Driver: Pilote réseau 1394 (NIC1394) - C:\WINDOWS\system32\DRIVERS\nic1394.sys O41 - Driver: Pilote du Moniteur réseau (nm) - C:\WINDOWS\system32\DRIVERS\NMnt.sys O41 - Driver: NetGroup Packet Filter Driver (NPF) - C:\WINDOWS\system32\drivers\npf.sys O41 - Driver: Pilote de filtre de trafic IPX (NwlnkFlt) - C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys O41 - Driver: Pilote de transfert de trafic IPX (NwlnkFwd) - C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys O41 - Driver: Contrôleur hôte Texas Instruments IEEE 1394 compatible OHCI (Open Host Controller Interface) (ohci1394) - C:\WINDOWS\system32\DRIVERS\ohci1394.sys O41 - Driver: osaio (osaio) - C:\WINDOWS\system32\drivers\osaio.sys O41 - Driver: Motorola USB Device (P2k) - C:\WINDOWS\system32\DRIVERS\P2k.sys O41 - Driver: VSO Software pcouffin (pcouffin) - C:\WINDOWS\System32\Drivers\pcouffin.sys O41 - Driver: Miniport réseau étendu (PPTP) (PptpMiniport) - C:\WINDOWS\system32\DRIVERS\raspptp.sys O41 - Driver: Profos (Profos) - C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys O41 - Driver: Planificateur de paquets QoS (PSched) - C:\WINDOWS\system32\DRIVERS\psched.sys O41 - Driver: Pilote de liaison parallèle directe (Ptilink) - C:\WINDOWS\system32\DRIVERS\ptilink.sys O41 - Driver: Logitech QuickCam Communicate (QCMerced) - C:\WINDOWS\system32\DRIVERS\LVCM.sys O41 - Driver: Pilote de connexion automatique d'accès distant (RasAcd) - C:\WINDOWS\system32\DRIVERS\rasacd.sys O41 - Driver: Miniport réseau étendu (L2TP) (Rasl2tp) - C:\WINDOWS\system32\DRIVERS\rasl2tp.sys O41 - Driver: Pilote PPPOE d'accès à distance (RasPppoe) - C:\WINDOWS\system32\DRIVERS\raspppoe.sys O41 - Driver: Parallèle direct (Raspti) - C:\WINDOWS\system32\DRIVERS\raspti.sys O41 - Driver: Rdbss (Rdbss) - C:\WINDOWS\system32\DRIVERS\rdbss.sys O41 - Driver: Pilote de redirecteur de périphérique Terminal Server (rdpdr) - C:\WINDOWS\system32\DRIVERS\rdpdr.sys O41 - Driver: Pilote de filtre de lecture digitale de CD audio (redbook) - C:\WINDOWS\system32\DRIVERS\redbook.sys O41 - Driver: Périphérique Bluetooth (TDI protocole RFCOMM) (RFCOMM) - C:\WINDOWS\system32\DRIVERS\rfcomm.sys O41 - Driver: Secdrv (Secdrv) - C:\WINDOWS\system32\DRIVERS\secdrv.sys O41 - Driver: Pilote de filtre Serenum (serenum) - C:\WINDOWS\system32\DRIVERS\serenum.sys O41 - Driver: Détrameur décalage BDA (SLIP) - C:\WINDOWS\system32\DRIVERS\SLIP.sys O41 - Driver: Intel ® System Management BIOS Service (SMBios) - C:\WINDOWS\system32\DRIVERS\SMBios.sys O41 - Driver: Splitter audio du noyau Microsoft (splitter) - C:\WINDOWS\system32\drivers\splitter.sys O41 - Driver: (no object) (sptd) - C:\WINDOWS\System32\Drivers\sptd.sys O41 - Driver: Pilote de filtre de restauration système (sr) - C:\WINDOWS\system32\DRIVERS\sr.sys O41 - Driver: Srv (Srv) - C:\WINDOWS\system32\DRIVERS\srv.sys O41 - Driver: BDA IPSink (streamip) - C:\WINDOWS\system32\DRIVERS\StreamIP.sys O41 - Driver: Pilote de bus logiciel (swenum) - C:\WINDOWS\system32\DRIVERS\swenum.sys O41 - Driver: Synthétiseur de table de sons GC noyau Microsoft (swmidi) - C:\WINDOWS\system32\drivers\swmidi.sys O41 - Driver: Périphérique audio système du noyau Microsoft (sysaudio) - C:\WINDOWS\system32\drivers\sysaudio.sys O41 - Driver: Pilote du protocole TCP/IP (Tcpip) - C:\WINDOWS\system32\DRIVERS\tcpip.sys O41 - Driver: Trufos (Trufos) - C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys O41 - Driver: Pilote de mise à jour microcode (Update) - C:\WINDOWS\system32\DRIVERS\update.sys O41 - Driver: Pilote USB audio (WDM) (usbaudio) - C:\WINDOWS\system32\drivers\usbaudio.sys O41 - Driver: Pilote parent générique USB Microsoft (usbccgp) - C:\WINDOWS\system32\DRIVERS\usbccgp.sys O41 - Driver: Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0 (usbehci) - C:\WINDOWS\system32\DRIVERS\usbehci.sys O41 - Driver: Concentrateur USB2 (usbhub) - C:\WINDOWS\system32\DRIVERS\usbhub.sys O41 - Driver: Classe d'imprimantes USB Microsoft (usbprint) - C:\WINDOWS\system32\DRIVERS\usbprint.sys O41 - Driver: Pilote de scanneur USB (usbscan) - C:\WINDOWS\system32\DRIVERS\usbscan.sys O41 - Driver: Motorola A1000 USB Modem Driver (usbser) - C:\WINDOWS\system32\DRIVERS\usbser.sys O41 - Driver: Motorola USB Modem Driver for MPT (usbsermpt) - C:\WINDOWS\system32\DRIVERS\usbsermpt.sys O41 - Driver: Pilote de stockage de masse USB (USBSTOR) - C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS O41 - Driver: Pilote miniport de contrôleur hôte universel USB Microsoft (usbuhci) - C:\WINDOWS\system32\DRIVERS\usbuhci.sys O41 - Driver: Pilote ARP IP d'accès distant (Wanarp) - C:\WINDOWS\system32\DRIVERS\wanarp.sys O41 - Driver: Windows CE USB Serial Host Driver (wceusbsh) - C:\WINDOWS\system32\DRIVERS\wceusbsh.sys O41 - Driver: Pilote WINMM de compatibilité audio WDM Microsoft (wdmaud) - C:\WINDOWS\system32\drivers\wdmaud.sys O41 - Driver: WpdUsb (WpdUsb) - C:\WINDOWS\System32\Drivers\wpdusb.sys O41 - Driver: Codec Teletext standard (WSTCODEC) - C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS O41 - Driver: NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller (yukonwxp) - C:\WINDOWS\system32\DRIVERS\yk51x86.sys ---\\ Logiciels installés (O42) O42 - Logiciel: 7-Zip 4.57 O42 - Logiciel: ATI - Software Uninstall Utility O42 - Logiciel: ATI Catalyst Control Center O42 - Logiciel: ATI Display Driver O42 - Logiciel: Ad-Aware O42 - Logiciel: Adobe Acrobat 7.1.0 Professional - English, Français, Deutsch O42 - Logiciel: Adobe Flash Player 10 ActiveX O42 - Logiciel: Adobe SVG Viewer 3.0 O42 - Logiciel: Agfa ScanWise 2.00 O42 - Logiciel: Analyseur et SDK MSXML 4.0 SP2 O42 - Logiciel: Apple Software Update O42 - Logiciel: Archiveur WinRAR O42 - Logiciel: Avanquest update O42 - Logiciel: BA 2.0 O42 - Logiciel: Battlefield 2142 O42 - Logiciel: BitDefender Internet Security 2008 O42 - Logiciel: BitTornado 0.3.18 O42 - Logiciel: C-Media High Definition Audio Driver O42 - Logiciel: CD Dalloz Expert - Code civil O42 - Logiciel: Caculette Premium 3.0 O42 - Logiciel: Calcul de Résistances 2.1 O42 - Logiciel: Camera Drivers V1.4 O42 - Logiciel: CartoExploreur 3D 1.05 O42 - Logiciel: Catalyst Control Center - Branding O42 - Logiciel: Client Windows Rights Management avec Service Pack 2 O42 - Logiciel: Code de la route O42 - Logiciel: Composant Hmk O42 - Logiciel: Condemned - Criminal Origins O42 - Logiciel: DVD Shrink 3.2 O42 - Logiciel: DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.7.6 O42 - Logiciel: Driver: Parallel Lines O42 - Logiciel: Désinstalleur O42 - Logiciel: EA SPORTS™ Rugby 08 O42 - Logiciel: EPSON Logiciel imprimante O42 - Logiciel: EPSON Status Monitor 2 O42 - Logiciel: ETAJV PC 24.86 O42 - Logiciel: ETAJV PLAYSTATION 2 9.57 O42 - Logiciel: Evolution GT O42 - Logiciel: FEAR O42 - Logiciel: FlatOut2 O42 - Logiciel: FpTest 3.0 O42 - Logiciel: Free Mp3 Wma Converter V 1.8.0 O42 - Logiciel: Google Earth O42 - Logiciel: GrabIt 1.6.2 Beta (build 940) O42 - Logiciel: Guide routier France O42 - Logiciel: HD Tach RW version 3 O42 - Logiciel: High Definition Audio Driver Package - KB835221 O42 - Logiciel: HijackThis 2.0.2 O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.0 (KB932471) O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) O42 - Logiciel: Hotfix for Windows Media Format SDK (KB902344) O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) O42 - Logiciel: IFOEdit 0.971 Fr O42 - Logiciel: IKEA HomePlanner Kitchen O42 - Logiciel: ImageMagick 6.4.0-10 Q16 (05/01/08) O42 - Logiciel: J2SE Runtime Environment 5.0 Update 10 O42 - Logiciel: J2SE Runtime Environment 5.0 Update 11 O42 - Logiciel: Java 6 Update 3 O42 - Logiciel: Java SE Runtime Environment 6 Update 1 O42 - Logiciel: La Marmite du Chef 6.3.0 O42 - Logiciel: Les Indispensables Éducation pour Microsoft Office O42 - Logiciel: Logitech Audio Echo Cancellation Component O42 - Logiciel: MFCDLL Shared Library - Retail Version O42 - Logiciel: MSXML 3.0 O42 - Logiciel: MSXML 4.0 SP2 (KB927978) O42 - Logiciel: MSXML 4.0 SP2 (KB936181) O42 - Logiciel: MSXML 4.0 SP2 (KB954430) O42 - Logiciel: MSXML 6.0 Parser (KB933579) O42 - Logiciel: MVision O42 - Logiciel: Malwarebytes' Anti-Malware O42 - Logiciel: Marvell Miniport Driver O42 - Logiciel: Microsoft ® C Runtime Library O42 - Logiciel: Microsoft ® C++ Runtime Library O42 - Logiciel: Microsoft .NET Framework 1.1 O42 - Logiciel: Microsoft .NET Framework 1.1 French Language Pack O42 - Logiciel: Microsoft .NET Framework 1.1 Hotfix (KB928366) O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack SP1 - fra O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 O42 - Logiciel: Microsoft ActiveSync O42 - Logiciel: Microsoft Encarta 2008 - Études O42 - Logiciel: Microsoft Encarta Maths O42 - Logiciel: Microsoft Flight Simulator 2004 Un siècle d'aviation O42 - Logiciel: Microsoft Flight Simulator X O42 - Logiciel: Microsoft Office Professional Edition 2003 O42 - Logiciel: Microsoft Silverlight O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 O42 - Logiciel: Module de compatibilité pour Microsoft Office System 2007 (Beta) O42 - Logiciel: Module linguistique Microsoft .NET Framework 3.5 SP1- fra O42 - Logiciel: Motorola Phone Tools O42 - Logiciel: Motorola Software Update O42 - Logiciel: Mp3tag v2.42 O42 - Logiciel: NDrive Update Agent O42 - Logiciel: NVIDIA PhysX v8.10.17 O42 - Logiciel: Need for Speed™ Carbon O42 - Logiciel: Nero 6 Ultra Edition O42 - Logiciel: OgcDrv 2.13 O42 - Logiciel: Pcsx2 0.9.4 Watermoose O42 - Logiciel: Permis de construire Expert CAD O42 - Logiciel: PhotoME O42 - Logiciel: Programme de gestion Camera de Logitech® O42 - Logiciel: QuickTime O42 - Logiciel: ROUTE 66 Safety Camera Update O42 - Logiciel: RealPlayer O42 - Logiciel: Remote Display Control O42 - Logiciel: Réseau France Bayo 0013-Q0 O42 - Logiciel: Réseau France BdAlti O42 - Logiciel: Réseau France BdNyme O42 - Logiciel: SCRABBLE® Interactif EDITION 2007 Désinstaller O42 - Logiciel: SDFormatter O42 - Logiciel: SP2 de compatibilité descendante du client Windows Rights Management O42 - Logiciel: SUPER © Version 2008.bld.32 (July 8, 2008) O42 - Logiciel: SeaTools for Windows O42 - Logiciel: SnagIt 8 O42 - Logiciel: Starship Troopers O42 - Logiciel: System Requirements Lab O42 - Logiciel: TCPMP O42 - Logiciel: TerraExplorer O42 - Logiciel: Top Spin 2 O42 - Logiciel: UltraISO Premium V9.2 O42 - Logiciel: Unity Web Player O42 - Logiciel: Universal Share Downloader O42 - Logiciel: VideoLAN VLC media player 0.8.6b O42 - Logiciel: Virtua Tennis 3 O42 - Logiciel: Virtual Earth 3D (Bêta) O42 - Logiciel: WBEncarta O42 - Logiciel: Weight Watchers FlexiPoints O42 - Logiciel: WinPcap 3.1 beta4 O42 - Logiciel: Windows Genuine Advantage Notifications (KB905474) O42 - Logiciel: Windows Genuine Advantage Validation Tool (KB892130) O42 - Logiciel: Windows Imaging Component O42 - Logiciel: Windows Live Messenger O42 - Logiciel: Windows Media Player 10 Hotfix - KB894476 O42 - Logiciel: Windows Presentation Foundation O42 - Logiciel: Windows XP Service Pack 3 O42 - Logiciel: XML Paper Specification Shared Components Language Pack 1.0 O42 - Logiciel: XML Paper Specification Shared Components Pack 1.0 O42 - Logiciel: YoutubeGet 4 O42 - Logiciel: ffdshow [rev 1604] [2007-11-13] O42 - Logiciel: oggcodecs 0.71.0946 ---\\ Contenu des dossiers Fichiers Communs (O43) O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Adobe O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Adobe Systems Shared O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Agfa O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Ahead O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Atlence O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Bayo O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\BitDefender O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\DESIGNER O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\EZB Systems O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\GIS O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\InstallShield O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Java O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\LogiShrd O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Logitech O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\mapserv O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Microsoft Shared O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Motorola Shared O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\MSSoap O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\ODBC O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\PACE Anti-Piracy O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Real O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Seagate O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Services O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Softwin O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\SpeechEngines O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\System O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Wise Installation Wizard O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\xing shared ---\\ Derniers fichiers modifiés ou crées sous System32 (O44) O44 - LFC:Last File Created - C:\WINDOWS\System32\bdod.bin -->15/05/09 - 11:41:24 O44 - LFC:Last File Created - C:\WINDOWS\System32\FNTCACHE.DAT -->02/04/09 - 7:50:00 O44 - LFC:Last File Created - C:\WINDOWS\System32\html.iec -->20/02/09 - 8:55:10 O44 - LFC:Last File Created - C:\WINDOWS\System32\ieencode.dll -->20/02/09 - 9:10:55 O44 - LFC:Last File Created - C:\WINDOWS\System32\kernel32.dll -->21/03/09 - 15:07:58 O44 - LFC:Last File Created - C:\WINDOWS\System32\LegitCheckControl.dll -->10/03/09 - 21:18:20 O44 - LFC:Last File Created - C:\WINDOWS\System32\lsdelete.exe -->14/05/09 - 21:50:36 O44 - LFC:Last File Created - C:\WINDOWS\System32\MRT.exe -->06/04/09 - 15:57:24 O44 - LFC:Last File Created - C:\WINDOWS\System32\mshtml.dll -->20/02/09 - 9:11:00 O44 - LFC:Last File Created - C:\WINDOWS\System32\pdh.dll -->06/03/09 - 15:20:52 O44 - LFC:Last File Created - C:\WINDOWS\System32\perfc009.dat -->03/05/09 - 8:43:50 O44 - LFC:Last File Created - C:\WINDOWS\System32\perfc00C.dat -->03/05/09 - 8:43:50 O44 - LFC:Last File Created - C:\WINDOWS\System32\perfh009.dat -->03/05/09 - 8:43:50 O44 - LFC:Last File Created - C:\WINDOWS\System32\perfh00C.dat -->03/05/09 - 8:43:50 O44 - LFC:Last File Created - C:\WINDOWS\System32\PerfStringBackup.INI -->03/05/09 - 8:43:50 O44 - LFC:Last File Created - C:\WINDOWS\System32\shdocvw.dll -->03/03/09 - 0:10:26 O44 - LFC:Last File Created - C:\WINDOWS\System32\tmp.reg -->15/05/09 - 7:03:37 O44 - LFC:Last File Created - C:\WINDOWS\System32\tmp.txt -->15/05/09 - 7:03:37 O44 - LFC:Last File Created - C:\WINDOWS\System32\urlmon.dll -->20/02/09 - 9:10:57 O44 - LFC:Last File Created - C:\WINDOWS\System32\WgaLogon.dll -->10/03/09 - 21:18:02 O44 - LFC:Last File Created - C:\WINDOWS\System32\wgalogon.dll.old -->10/03/09 - 21:18:00 O44 - LFC:Last File Created - C:\WINDOWS\System32\WgaTray.exe -->10/03/09 - 21:18:20 O44 - LFC:Last File Created - C:\WINDOWS\System32\wgatray.exe.old -->10/03/09 - 21:18:20 O44 - LFC:Last File Created - C:\WINDOWS\System32\wininet.dll -->20/02/09 - 9:10:57 O44 - LFC:Last File Created - C:\WINDOWS\System32\wpa.dbl -->03/05/09 - 8:29:15 O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\Lbd.sys -->14/05/09 - 21:50:19 O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\mbam.sys -->06/04/09 - 14:32:46 O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\mbamswissarmy.sys -->06/04/09 - 14:32:54 ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\404FIX.EXE-29F6B835.pf -->15/05/09 - 7:03:59 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AAWDRIVERTOOL.EXE-0E1ECFD9.pf -->14/05/09 - 21:50:56 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AAWSERVICE.EXE-3B93EBA3.pf -->15/05/09 - 8:50:58 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AAWTRAY.EXE-1858AE3F.pf -->15/05/09 - 8:51:17 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ABOUT.EXE-0099F754.pf -->14/05/09 - 22:33:10 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ACROBAT.EXE-3A2333BF.pf -->14/05/09 - 16:54:32 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ACROBATINFO.EXE-363A65B6.pf -->15/05/09 - 12:24:23 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ACROBAT_SL.EXE-16666BA4.pf -->14/05/09 - 23:07:45 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ACRODIST.EXE-301367A6.pf -->14/05/09 - 23:06:21 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ACROTRAY.EXE-0BEDF10B.pf -->15/05/09 - 12:22:01 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AD-AWARE.EXE-3122AD3A.pf -->15/05/09 - 8:51:06 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AD-AWAREADMIN.EXE-102E374C.pf -->15/05/09 - 8:55:41 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ADOBELMSVC.EXE-004A961E.pf -->14/05/09 - 15:37:56 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ADOBELM_CLEANUP.0001-03348805.pf -->14/05/09 - 15:38:02 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AGENT.OMZ.FIX.EXE-21A98E94.pf -->15/05/09 - 7:03:59 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ATI2EVXX.EXE-19D16EB9.pf -->14/05/09 - 23:07:42 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AUTOSTART MANAGER.EXE-0B5F08DE.pf -->14/05/09 - 22:45:37 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\BDAGENT.EXE-1FECD71E.pf -->15/05/09 - 12:22:01 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\BDWIZREG.EXE-0DB85EAB.pf -->15/05/09 - 8:49:33 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CCC.EXE-2F1AF7F1.pf -->14/05/09 - 20:41:56 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CHKNTFS.EXE-31921D64.pf -->15/05/09 - 7:03:22 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CLISTART.EXE-315E0C43.pf -->15/05/09 - 8:17:38 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf -->15/05/09 - 7:03:22 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CONTROL.EXE-013DBFB5.pf -->14/05/09 - 21:52:34 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CSCRIPT.EXE-1C26180C.pf -->15/05/09 - 7:03:22 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf -->14/05/09 - 19:44:31 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf -->14/05/09 - 19:44:31 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DRWTSN32.EXE-2B4B52AC.pf -->14/05/09 - 22:57:55 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DUMPHIVE.EXE-29FDB200.pf -->15/05/09 - 7:04:01 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf -->15/05/09 - 12:22:01 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\FIND.EXE-0EC32F1E.pf -->15/05/09 - 7:03:22 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\FINDSTR.EXE-0CA6274B.pf -->15/05/09 - 7:04:08 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\HDAUDPROPSHORTCUT.EXE-368919FF.pf -->15/05/09 - 12:22:01 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\HH.EXE-2D1A70B3.pf -->15/05/09 - 9:03:12 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-3058830B.pf -->15/05/09 - 7:05:32 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\HISTORY.EXE-10F75326.pf -->14/05/09 - 20:37:17 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IEDFIX.C.EXE-05E67C02.pf -->15/05/09 - 7:03:59 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IEDFIX.EXE-27B28F1B.pf -->15/05/09 - 7:03:39 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IESHOW.EXE-037CDE43.pf -->15/05/09 - 12:22:01 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf -->15/05/09 - 12:22:29 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\Layout.ini -->14/05/09 - 19:44:29 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LOGON.SCR-151EFAEA.pf -->14/05/09 - 19:38:58 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf -->15/05/09 - 9:06:42 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LVCOMSX.EXE-0AC1D558.pf -->15/05/09 - 12:22:01 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MALWAREBYTES-ANTI-MALWARE_MAL-12C1EA61.pf -->15/05/09 - 9:10:09 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MALWAREBYTES-ANTI-MALWARE_MAL-1760D222.pf -->15/05/09 - 9:10:09 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MBAM-RULES.EXE-2930D7D1.pf -->15/05/09 - 6:56:48 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MBAM-RULES.TMP-24BD0CB7.pf -->15/05/09 - 6:56:48 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MBAM-SETUP.EXE-065F3F72.pf -->15/05/09 - 9:01:24 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MBAM-SETUP.TMP-0F8BCB80.pf -->15/05/09 - 6:43:45 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MBAM-SETUP.TMP-250A5F7D.pf -->15/05/09 - 6:44:58 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MBAM-SETUP.TMP-2F782899.pf -->15/05/09 - 9:01:24 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MBAM.EXE-0BEE0439.pf -->15/05/09 - 9:10:09 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MBAMGUI.EXE-1286D63B.pf -->15/05/09 - 9:10:09 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MBAMSERVICE.EXE-02CB9980.pf -->15/05/09 - 9:03:11 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MOM.EXE-33A6BD58.pf -->14/05/09 - 23:07:44 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSCONFIG.EXE-35E4DAE9.pf -->15/05/09 - 8:18:33 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSIMN.EXE-38BA891D.pf -->15/05/09 - 12:22:01 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NBJ.EXE-157B039B.pf -->15/05/09 - 12:22:01 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NEROCHECK.EXE-092C6DFA.pf -->15/05/09 - 12:22:01 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NOTEPAD.EXE-189578DA.pf -->15/05/09 - 7:04:18 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf -->15/05/09 - 8:02:22 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf -->15/05/09 - 12:22:00 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\O4PATCH.EXE-38AD8549.pf -->15/05/09 - 7:03:38 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\POLICIES.EXE-03D4297D.pf -->15/05/09 - 7:03:22 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\PROCESSWATCH.EXE-19A05545.pf -->14/05/09 - 22:29:25 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\QTTASK.EXE-342507FB.pf -->15/05/09 - 8:17:38 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RAPIMGR.EXE-04A8BC13.pf -->14/05/09 - 23:07:45 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\REALPLAY.EXE-1BF219BD.pf -->14/05/09 - 20:46:37 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\REALSCHED.EXE-04BEC5CC.pf -->15/05/09 - 12:22:01 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\REGEDIT.EXE-1B606482.pf -->15/05/09 - 7:03:37 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf -->15/05/09 - 9:10:09 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-1218E1AC.pf -->15/05/09 - 12:22:01 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-12E6ED95.pf -->14/05/09 - 22:42:31 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-13DA0E71.pf -->14/05/09 - 21:52:11 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-147710F4.pf -->14/05/09 - 21:06:04 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-1831A4F3.pf -->14/05/09 - 21:52:34 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-18ACD379.pf -->15/05/09 - 8:17:43 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-1E5EA3BB.pf -->15/05/09 - 6:46:04 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-2138A4AF.pf -->14/05/09 - 22:54:44 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-22E35C38.pf -->14/05/09 - 22:55:42 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-2576181F.pf -->14/05/09 - 21:53:59 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-34A1FC07.pf -->15/05/09 - 7:23:47 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-4489B61B.pf -->14/05/09 - 22:57:11 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-470F11BD.pf -->14/05/09 - 21:53:59 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-47A7777F.pf -->14/05/09 - 22:54:58 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SBSD162UPD.EXE-09D0791E.pf -->14/05/09 - 22:04:21 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SBSD162UPD.TMP-36F38E2E.pf -->14/05/09 - 22:04:21 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SDFILES.EXE-2F004719.pf -->14/05/09 - 22:23:10 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SDSHRED.EXE-33F5A67C.pf -->14/05/09 - 22:21:46 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SDUPDATE.EXE-00420EF0.pf -->14/05/09 - 22:16:16 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SECCENTER.EXE-154C5B5D.pf -->15/05/09 - 8:49:30 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SETUP-SPYBOTSD162.EXE-1441CF39.pf -->14/05/09 - 22:14:09 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SETUP-SPYBOTSD162.TMP-038E513B.pf -->14/05/09 - 22:14:09 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SETUP-SPYBOTSD162.TMP-0FC2DC43.pf -->14/05/09 - 22:05:47 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SETUP-SPYBOTSD162.TMP-27BCBDD1.pf -->14/05/09 - 22:11:07 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SMITFRAUDFIX.EXE-2F6F3C59.pf -->15/05/09 - 7:03:22 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SMIUPDATE.EXE-2AAE4D68.pf -->15/05/09 - 7:03:22 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SNAGIT32.EXE-32FF2CF1.pf -->15/05/09 - 8:17:44 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SNAGPRIV.EXE-2225E292.pf -->14/05/09 - 23:03:56 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SNDVOL32.EXE-383480B7.pf -->14/05/09 - 23:06:32 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SPYBOTSD.EXE-1344276B.pf -->14/05/09 - 22:54:14 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SPYBOTSD_INCLUDES.EXE-09DDB9B5.pf -->14/05/09 - 22:06:52 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SPYBOTSD_INCLUDES.EXE-15B55B79.pf -->14/05/09 - 22:15:39 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SPYBOTSD_INCLUDES.EXE-19CC2AB9.pf -->14/05/09 - 22:11:49 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SRCHSTS.EXE-2D83793A.pf -->15/05/09 - 7:03:59 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\STMS.EXE-01FB2DD7.pf -->14/05/09 - 23:07:35 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf -->15/05/09 - 12:22:01 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SWREG.EXE-1103C23D.pf -->15/05/09 - 7:04:00 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SWREG.EXE-3688D00C.pf -->15/05/09 - 7:03:37 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf -->15/05/09 - 9:10:26 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\TEATIMER166.EXE-0D3E95F0.pf -->14/05/09 - 22:16:43 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\TEATIMER166.TMP-1A38CCDD.pf -->14/05/09 - 22:16:43 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\TEATIMER166.TMP-3925CBEA.pf -->14/05/09 - 22:04:12 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\TSCHELP.EXE-057ADB79.pf -->15/05/09 - 12:22:01 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\TWEAKUI.EXE-04B65C37.pf -->14/05/09 - 22:55:08 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UISCAN.EXE-374FAC9C.pf -->14/05/09 - 23:07:34 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UNINS000.EXE-15535578.pf -->15/05/09 - 9:06:28 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UNINS000.EXE-260D7493.pf -->14/05/09 - 22:57:30 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UNSECAPP.EXE-1A95A33B.pf -->15/05/09 - 8:51:07 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UPDATE.EXE-131667C7.pf -->14/05/09 - 22:16:43 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UPGREPL.EXE-24BD643C.pf -->15/05/09 - 8:49:39 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf -->15/05/09 - 12:22:01 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\VACFIX.EXE-2418C1AF.pf -->15/05/09 - 7:03:59 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf -->15/05/09 - 12:24:10 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WGATRAY.EXE-0ED38BED.pf -->15/05/09 - 12:22:00 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WINWORD.EXE-37F6AE09.pf -->15/05/09 - 9:03:25 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf -->15/05/09 - 11:16:41 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf -->15/05/09 - 11:16:41 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\_IU14D2N.TMP-02ADB3D6.pf -->15/05/09 - 9:06:31 ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll ---\\ Export de clé d'application autorisée (ECAA)(O47) O47 - AAKE:Key Export - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" O47 - AAKE:Key Export - "C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server" O47 - AAKE:Key Export - "C:\Program Files\JEUX\BATTLEFIELD 2142\BF2142.exe"="C:\Program Files\JEUX\BATTLEFIELD 2142\BF2142.exe:*:Enabled:Battlefield 2" O47 - AAKE:Key Export - "C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" O47 - AAKE:Key Export - "C:\Program Files\JEUX\FEAR\FEAR.exe"="C:\Program Files\JEUX\FEAR\FEAR.exe:*:Enabled:FEAR" O47 - AAKE:Key Export - "C:\Program Files\JEUX\FEAR\FEARMP.exe"="C:\Program Files\JEUX\FEAR\FEARMP.exe:*:Enabled:FEAR" O47 - AAKE:Key Export - "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" O47 - AAKE:Key Export - "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" O47 - AAKE:Key Export - "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" O47 - AAKE:Key Export - "C:\Program Files\JEUX\STARSHIP TROOPERS\Starship Troopers\STGame.exe"="C:\Program Files\JEUX\STARSHIP TROOPERS\Starship Troopers\STGame.exe:*:Disabled:Starship Troopers" O47 - AAKE:Key Export - "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" O47 - AAKE:Key Export - "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" O47 - AAKE:Key Export - "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" O47 - AAKE:Key Export - "C:\Program Files\Joost\xulrunner\tvprunner.exe"="C:\Program Files\Joost\xulrunner\tvprunner.exe:*:Enabled:tvprunner" O47 - AAKE:Key Export - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" O47 - AAKE:Key Export - "C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" O47 - AAKE:Key Export - "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" O47 - AAKE:Key Export - "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" O47 - AAKE:Key Export - "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" O47 - AAKE:Key Export - "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" O47 - AAKE:Key Export - "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" O47 - AAKE:Key Export - "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" ---\\ Déni du service (Local Security Authority) (LSA) (O48) O48 - LSA:Local Security Authority Authentication Packages - C:\WINDOWS\System32\msv1_0.dll O48 - LSA:Local Security Authority Notification Packages - C:\WINDOWS\System32\scecli.dll ---\\ Contrôle du Safe Boot (CSB) (O49) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmboot.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmio.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmload.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sr.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmboot.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmio.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmload.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ip6fw.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nm.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpcdd.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpdd.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpwd.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sr.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdpipe.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdtcp.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmboot.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmio.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmload.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sr.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vgasave.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmboot.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmio.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmload.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ip6fw.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ipnat.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\nm.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpcdd.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpdd.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpwd.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sr.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\tdpipe.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\tdtcp.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vgasave.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\dmboot.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\dmio.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\dmload.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\sr.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\vgasave.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\dmboot.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\dmio.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\dmload.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\ip6fw.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\ipnat.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\nm.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\rdpcdd.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\rdpdd.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\rdpwd.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\sr.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\tdpipe.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\tdtcp.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\vgasave.sys ---\\ Image File Execution Options (IFEO) (O50) O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d ---\\ MountPoints2 Shell Key (MPSK) (O51) O51 - MPSK:{d33e95ac-2dec-11db-9de7-ff045567ace4}\Shell\AutoRun\command - E:\autoverify.exe O51 - MPSK:{d33e95ad-2dec-11db-9de7-ff045567ace4}\Shell\AutoRun\command - F:\autoverify.exe O51 - MPSK:{fe653364-ec7e-11dd-9a39-00112f477bf1}\Shell\AutoRun\command - E:\autoverify.exe ---\\ Trojan Driver Search Data (TDSD) (O52) O52 - TDSD:HKLM\...\Drivers\"timer"="timer.drv" O52 - TDSD:HKLM\...\Drivers32\"midimapper"="midimap.dll" O52 - TDSD:HKLM\...\Drivers32\"msacm.imaadpcm"="imaadp32.acm" O52 - TDSD:HKLM\...\Drivers32\"msacm.msadpcm"="msadp32.acm" O52 - TDSD:HKLM\...\Drivers32\"msacm.msg711"="msg711.acm" O52 - TDSD:HKLM\...\Drivers32\"msacm.msgsm610"="msgsm32.acm" O52 - TDSD:HKLM\...\Drivers32\"msacm.trspch"="tssoft32.acm" O52 - TDSD:HKLM\...\Drivers32\"vidc.cvid"="iccvid.dll" O52 - TDSD:HKLM\...\Drivers32\"VIDC.I420"="msh263.drv" O52 - TDSD:HKLM\...\Drivers32\"vidc.iv31"="ir32_32.dll" O52 - TDSD:HKLM\...\Drivers32\"vidc.iv32"="ir32_32.dll" O52 - TDSD:HKLM\...\Drivers32\"vidc.iv41"="ir41_32.ax" O52 - TDSD:HKLM\...\Drivers32\"VIDC.IYUV"="iyuv_32.dll" O52 - TDSD:HKLM\...\Drivers32\"vidc.mrle"="msrle32.dll" O52 - TDSD:HKLM\...\Drivers32\"vidc.msvc"="msvidc32.dll" O52 - TDSD:HKLM\...\Drivers32\"VIDC.UYVY"="msyuv.dll" O52 - TDSD:HKLM\...\Drivers32\"VIDC.YUY2"="msyuv.dll" O52 - TDSD:HKLM\...\Drivers32\"VIDC.YVU9"="tsbyuv.dll" O52 - TDSD:HKLM\...\Drivers32\"VIDC.YVYU"="msyuv.dll" O52 - TDSD:HKLM\...\Drivers32\"wavemapper"="msacm32.drv" O52 - TDSD:HKLM\...\Drivers32\"msacm.msaudio1"="msaud32.acm" O52 - TDSD:HKLM\...\Drivers32\"msacm.sl_anet"="sl_anet.acm" O52 - TDSD:HKLM\...\Drivers32\"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax" O52 - TDSD:HKLM\...\Drivers32\"vidc.iv50"="ir50_32.dll" O52 - TDSD:HKLM\...\Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm" O52 - TDSD:HKLM\...\Drivers32\"MSVideo8"="VfWWDM32.dll" O52 - TDSD:HKLM\...\Drivers32\"vidc.tscc"="tsccvid.dll" O52 - TDSD:HKLM\...\Drivers32\"msacm.siren"="sirenacm.dll" O52 - TDSD:HKLM\...\Drivers32\"MSVideo"="vfwwdm32.dll" O52 - TDSD:HKLM\...\Drivers32\"wave1"="wdmaud.drv" O52 - TDSD:HKLM\...\Drivers32\"midi1"="wdmaud.drv" O52 - TDSD:HKLM\...\Drivers32\"mixer1"="wdmaud.drv" O52 - TDSD:HKLM\...\Drivers32\"aux"="wdmaud.drv" O52 - TDSD:HKLM\...\Drivers32\"wave2"="wdmaud.drv" O52 - TDSD:HKLM\...\Drivers32\"midi2"="wdmaud.drv" O52 - TDSD:HKLM\...\Drivers32\"mixer2"="wdmaud.drv" O52 - TDSD:HKLM\...\Drivers32\"aux1"="wdmaud.drv" O52 - TDSD:HKLM\...\Drivers32\"VIDC.FFDS"="ff_vfw.dll" O52 - TDSD:HKLM\...\Drivers32\"msacm.avis"="ff_acm.acm" O52 - TDSD:HKLM\...\Drivers32\"vidc.yv12"="yv12vfw.dll" O52 - TDSD:HKLM\...\Drivers32\"VIDC.JPEG"="JpegCode.dll" O52 - TDSD:HKLM\...\Drivers32\"VIDC.MJPG"="JpegCode.dll" O52 - TDSD:HKLM\...\Drivers32\"wave"="wdmaud.drv" O52 - TDSD:HKLM\...\Drivers32\"midi"="wdmaud.drv" O52 - TDSD:HKLM\...\Drivers32\"mixer"="wdmaud.drv" O52 - TDSD:HKLM\...\Drivers32\"wave3"="wdmaud.drv" O52 - TDSD:HKLM\...\Drivers32\"midi3"="wdmaud.drv" O52 - TDSD:HKLM\...\Drivers32\"mixer3"="wdmaud.drv" ---\\ Microsoft Control Security Providers (MCSP) (O54) O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll ---\\ Microsoft Windows Policies System (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0 O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"= O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"= O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1 ---\\ Microsoft Windows Policies Explorer (MWPE) (O56) O56 - MWPE:[HKCU\...\Policies\Explorer] - "NoDriveTypeAutoRun"=145 O56 - MWPE:[HKCU\...\Policies\Explorer] - "NoLowDiskSpaceChecks"=1 O56 - MWPE:[HKCU\...\Policies\Explorer] - "NoStartBanner"= O56 - MWPE:[HKCU\...\Policies\Explorer] - "MemCheckBoxInRunDlg"=1 O56 - MWPE:[HKCU\...\Policies\Explorer] - "NoSMBalloonTip"=1 O56 - MWPE:[HKCU\...\Policies\Explorer] - "NoDesktopCleanupWizard"=1 O56 - MWPE:[HKCU\...\Policies\Explorer] - "NoWelcomeScreen"=1 O56 - MWPE:[HKCU\...\Policies\Explorer] - "NoRecentDocsHistory"=1 O56 - MWPE:[HKCU\...\Policies\Explorer] - "ClearRecentDocsOnExit"=1 O56 - MWPE:[HKCU\...\Policies\Explorer] - "NoTrayItemsDisplay"=0 O56 - MWPE:[HKCU\...\Policies\Explorer] - "NoStrCmpLogical"=0 O56 - MWPE:[HKCU\...\Policies\Explorer] - "NoInstrumentation"=0 O56 - MWPE:[HKCU\...\Policies\Explorer] - "NoComputersNearMe"= O56 - MWPE:[HKCU\...\Policies\Explorer] - "NoNetworkConnections"= O56 - MWPE:[HKCU\...\Policies\Explorer] - "NoRecentDocsNetHood"= O56 - MWPE:[HKCU\...\Policies\Explorer] - "NoDriveAutoRun"= O56 - MWPE:[HKLM\...\Policies\Explorer] - "HonorAutoRunSetting"=1 End of the scan: -
[RESOLU] Impossible de lancer Spybot et Malwarebytes
LITEON52 a posté un sujet dans Analyses et éradication malwares
Bonjour à tous, Grosse galère !!! Initialement : - impossible de mettre à jour Ad-aware et Bitdefender. - impossible de lancer SpybotSD et Malwarebytes. Après passage de Smitfraudfix (qui a trouvé et résolu un détournement de DNS) en mode normal puis sans échec: - Ad-aware et Bitdefender refonctionnent normalement. - mais toujours impossible de lancer Spybot et Malwarebytes même après désinstallation réinstallation de ces 2 softs. - impossible de modifier la page d'accueil d'IE 6 (ligne grisée). Je pense que Spybot est encore en tâche de fond et m'en empêche mais comme je ne peux pas le lancer... - démarrage lent du pc et souvent obligation de s'y prendre à 2 fois. Bitdefender, Ad-aware, et Smitfraudfix ne me trouvent rien. Je joins le log Hijackthis. Merci d'avance. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:05:36, on 15/05/09 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\EPSON\ESM2\eEBSVC.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UTSCSI.EXE C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe C:\PROGRA~1\MICROS~4\rapimgr.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\MOI\Mes documents\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user') O4 - Startup: NDrive Update Agent.lnk = ? O4 - Startup: NetAnalyse.lnk = C:\Program Files\NetAnalyse\NetAnalyse.exe O4 - Global Startup: EPSON Contrôle en arrière-plan.lnk = C:\Program Files\EPSON\ESM2\Stms.exe O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ? O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Insérer dans projet DIALux - res://C:\Program Files\DIALux\DLXShellExtension.dll/#201 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player/in...l/installer.exe O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: USBest Service Zero (UTSCSI) - USBest - C:\WINDOWS\system32\UTSCSI.EXE O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe -- End of file - 10116 bytes