Aller au contenu

Katy35

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    8

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par Katy35

  1. Katy35
    Bonsoir, Merci pour cette nouvelle procédure. Malheureusement, bien que "appremover" ait enlevé avira, il est encore présent quand je veux installer la nouvelle version. J'en ai eu ras le bol (pour rester correct ) j'ai don téléchargé un autre antivirus : "Microsoft Security Essentials" J'espère ne pas avoir fait de bétises ? Bref, mon PC semble aller mieux. N'hésitez pas à me conseiller autre chose si nécessaire. En attendant, je vous crie un IMMENSE MERCI, c'est génial de trouver des pros comme vous, réactifs... Continuez tant que c'est possible. Bravo ! Katy
  2. Katy35
    Bonjour Pear, Je reviens vers vous après une absence prolongée. J'ai essayé de désinstaller Avast en suivant votre procédure (mode sans échec...) et je pensais que c'était ok jusqu'à ce qu'au moment de l'installation d'avira, un message me dit : "vous devriez désinstaller avira gmbh avant une nouvelle installation, souhaitez-vous accepter la configuration actuelle ?" Que je réponde OUI ou NON (j'ai tenté plusieurs fois) ça ne marche pas. Mon PC redémarre parfois mais rien ne se passe. Je n'ai pas l'icône "parapluie". Je n'ai donc toujours pas d'antivirus. Que faire ??? Help me please ) Katy lost ;-(
  3. Katy35
    Message pour Pear : Bonjour, J'étais en long déplacement, raison de mon silence. Je vous remercie beaucoup pour tous vos conseils. D'après votre dernier message que j'ai copié ci-dessous, je ne retrouve plus de y.lost, et je n'ai d'ailleurs plus la page qui s'ouvre. j'ai quand même "réinitialiser" comme vous me l'aviez indiqué. Mon PC va mieux, les applications s'ouvrent normalement, par contre, dès que j'ouvre internet via Mozilla, ça rame pendant une minute, et ensuite ça va mieux, mais je pense que j'ai encore des "saletés" non ? Dois-je encore faire une ou plusieurs actions ? Sinon, j'avais téléchargé gratuitement un antivirus (mais qui ne s'est pas avéré super fiable, la preuve ;-() Lequel me conseillez-vous ? Merci beaucoup à nouveau pour votre aide, Katy _______________________________________ Dernier message de Pear = lundi 04 janvier 2010 à 18h57 Message #10 Devil Member ! Icône de groupe Groupe : Equipe Sécurité Messages : 11632 Inscrit : 22/03/2005 Lieu : Clohars-Carnoet Membre no 153320 Mes langues: Anglais?? Je ne sais pas à quoi c'est dû. Je n'ai jamais vu cela. Vous allez devoir corriger à la main l'appel à lo.st Demarrer->Exécuter->Regedit Developpez: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main Start Page=hxxp://y.lo.st Clic droit modifier dans le fenêtre remplacer hxxp://y.lo.st par about:blank et supprimez First Home Page Dans la barre d'adresse Firefox taper about:config Valider l'avertissement Descendre à: Browser.startup.homepage, hxxp://y.lo.st Clic droit ->Modifier->Réinitialiser A part cela, comment va la machine? Encore ce rogue qui vous trouve des virus partout ?
  4. Katy35
    Quand je lance le nettoyage sous ad-remover, le PC redémarre, mais au redémarrage, problème car un message d'erreur apparait : impossible de trouver ad-remover (j'ai essayé 3 fois et toujours le même message). l'application ne se lance donc pas au redémarrage, mais voir ci-dessus, une application "clean" a été lancé automatiquement plus tôt. Qu'en pensez-vous ? Merci beaucoup.
  5. Katy35
    Chacun sait que sur terre vivent des individus ne pouvant pas être totalement humains. Cependant tout le monde s'accorde à considérer [que] les fantômes tentent de tricher face aux dirigeants de la planète. Les dirigeants, agaçés de contempler leur nombril, se demandent quel fantôme pourra
  6. Katy35
    Merci. Ci-dessous le rapport MBAM : Malwarebytes' Anti-Malware 1.43 Version de la base de données: 3491 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 04/01/2010 15:30:31 mbam-log-2010-01-04 (15-30-31).txt Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|) Eléments examinés: 186278 Temps écoulé: 41 minute(s), 45 second(s) Processus mémoire infecté(s): 2 Module(s) mémoire infecté(s): 1 Clé(s) du Registre infectée(s): 12 Valeur(s) du Registre infectée(s): 4 Elément(s) de données du Registre infecté(s): 2 Dossier(s) infecté(s): 3 Fichier(s) infecté(s): 12 Processus mémoire infecté(s): C:\Program Files\EoRezo\EoEngine.exe (Rogue.Eorezo) -> Unloaded process successfully. C:\Documents and Settings\Moi\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe (Rogue.Eorezo) -> Unloaded process successfully. Module(s) mémoire infecté(s): C:\Program Files\EoRezo\EoAdv\EoAdv.dll (Rogue.Eorezo) -> Delete on reboot. Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\TypeLib\{b6acb3f1-6a83-432c-b854-3e1056f87f4e} (Rogue.Eorezo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{819db72d-1c28-4387-9778-e2ff3dc86f74} (Rogue.Eorezo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{c7b76b90-3455-4ae6-a752-eac4d19689e5} (Rogue.Eorezo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c7b76b90-3455-4ae6-a752-eac4d19689e5} (Rogue.Eorezo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{c7b76b90-3455-4ae6-a752-eac4d19689e5} (Rogue.Eorezo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c7b76b90-3455-4ae6-a752-eac4d19689e5} (Rogue.Eorezo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\playmp3 (Adware.PLayMP3z) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Foxicle (Adware.Foxicle) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\RegistryDoktorFrNE (Rogue.RegistryDoctor) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hpfsched (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\eoengine (Rogue.Eorezo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\softwarehelper (Rogue.Eorezo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regdokfrt (Rogue.AntivirusDoktor) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Dossier(s) infecté(s): C:\Program Files\PlayMP3z (Adware.PLayMP3z) -> Quarantined and deleted successfully. C:\Documents and Settings\Moi\Menu Démarrer\Programmes\PlayMP3z (Adware.PLayMP3z) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\AVP 2009 (Malware.Trace) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\WINDOWS\hpfsched.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. C:\Program Files\EoRezo\EoEngine.exe (Rogue.Eorezo) -> Quarantined and deleted successfully. C:\Program Files\EoRezo\EoAdv\EoAdv.dll (Rogue.Eorezo) -> Quarantined and deleted successfully. C:\Documents and Settings\Moi\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe (Rogue.Eorezo) -> Quarantined and deleted successfully. C:\Documents and Settings\Moi\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdate.exe (Rogue.Eorezo) -> Quarantined and deleted successfully. C:\Program Files\RegistryDoktor 4.1\RegistryDoktor.exe (Rogue.AntivirusDoktor) -> Quarantined and deleted successfully. C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (Rogue.Eorezo) -> Quarantined and deleted successfully. C:\Program Files\PlayMP3z\uninstall.exe (Adware.PLayMP3z) -> Quarantined and deleted successfully. C:\Documents and Settings\Moi\Menu Démarrer\Programmes\PlayMP3z\Run PlayMP3z.lnk (Adware.PLayMP3z) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\AVP 2009\1.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Bureau\Registry Doktor 4.1.lnk (Rogue.RegistryDoctor) -> Quarantined and deleted successfully. C:\Documents and Settings\Moi\Application Data\Microsoft\Internet Explorer\Quick Launch\Registry Doktor 4.1.lnk (Rogue.RegistryDoctor) -> Quarantined and deleted successfully. ______________________________________________________ J'ai redémarré mon PC en appuyant sur F12 car sinon sous dos message : "replace disk and press any key" j'ai eu une frayeur car je pensais que mon PC était planté suite à quarantaine et suppression. ______________________________________________________ Et voici le rapport Ad-R.exe : . ======= RAPPORT D'AD-REMOVER 1.1.4.6_G | UNIQUEMENT XP/VISTA/7 ======= . Mit à jour par C_XX le 03.01.2010 à 17:35 Contact: AdRemover.contact@gmail.com Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html . Lancé à: 16:05:57, 04/01/2010 | Mode Normal | Option: SCAN Exécuté de: C:\Program Files\Ad-Remover\ Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600 Nom du PC: CATHY | Utilisateur actuel: Moi . ============== ÉLÉMENT(S) TROUVÉ(S) ============== . C:\DOCUME~1\ALLUSE~1\DOCUME~1\Foxicle C:\Program Files\Mozilla FireFox\regxpcom.exe C:\Program Files\EoRezo C:\DOCUME~1\Moi\APPLIC~1\EoRezo . HKCU\software\EoRezo HKCU\software\Popsicle HKLM\Software\Classes\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9} HKLM\software\classes\appid\EoRezoBHO.DLL HKLM\software\classes\EoRezoBHO.EoBHO HKLM\software\classes\EoRezoBHO.EoBHO.1 HKLM\software\microsoft\windows\currentversion\uninstall\{A8955948-E02C-4738-AF22-53CA0F24C90B}_is1 HKLM\software\microsoft\windows\currentversion\uninstall\eoEngine_is1 HKLM\software\microsoft\windows\currentversion\uninstall\SoftwareUpdate_is1 HKU\s-1-5-21-3327020243-559496821-1264925121-1005\software\EoRezo HKU\s-1-5-21-3327020243-559496821-1264925121-1005\software\Popsicle . ============== Scan additionnel ============== . . * Mozilla FireFox Version 3.5.6 [fr] * . Nom du profil: xvd2luef.default (Moi) . (Moi, Invalidprefs.js) Browser.download.lastDir, C:\Documents and Settings\Moi\Mes documents (Moi, Invalidprefs.js) Browser.search.defaultenginename, Google (Moi, Invalidprefs.js) Browser.search.defaulturl, hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= (Moi, Invalidprefs.js) Browser.search.selectedEngine, Google (Moi, Invalidprefs.js) Browser.startup.homepage, hxxp://y.lo.st (Moi, Invalidprefs.js) Extensions.enabledItems, fr@dictionaries.addons.mozilla.org:2.0,{3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W,{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02,{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,jqs@sun.com:1.0,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.12 . (Moi, Invalidprefs.js) TROUVE - Browser.startup.homepage, hxxp://y.lo.st . (Moi, prefs.js) Browser.download.lastDir, C:\Documents and Settings\Moi\Mes documents (Moi, prefs.js) Browser.search.defaultenginename, Google (Moi, prefs.js) Browser.search.defaulturl, hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= (Moi, prefs.js) Browser.search.selectedEngine, Google (Moi, prefs.js) Browser.startup.homepage, hxxp://y.lo.st (Moi, prefs.js) Extensions.enabledItems, fr@dictionaries.addons.mozilla.org:2.1,{3112ca9c-de6d-4884-a869-9855de68056c}:6.1.20091216W,{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02,{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,jqs@sun.com:1.0,{20a82645-c095-46ed-80e3-08825760534b}:1.1,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.6 . (Moi, prefs.js) TROUVE - Browser.startup.homepage, hxxp://y.lo.st . . * Internet Explorer Version 8.0.6001.18702 * . [HKEY_CURRENT_USER\..\Internet Explorer\Main] . Do404Search: 01000000 Local Page: C:\WINDOWS\system32\blank.htm Show_ToolBar: yes Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Start Page: hxxp://y.lo.st Default_Page_URL: hxxp://fr.yahoo.com Enable Browser Extensions: yes First Home Page: hxxp://y.lo.st . [HKEY_LOCAL_MACHINE\..\Internet Explorer\Main] . Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157 Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Delete_Temp_Files_On_Exit: yes Local Page: C:\WINDOWS\system32\blank.htm Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157 . [HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS] . Tabs: res://ieframe.dll/tabswelcome.htm . =================================== . 3850 Octet(s) - C:\Ad-Report-SCAN[1].log . 37 Fichier(s) - C:\DOCUME~1\Moi\LOCALS~1\Temp 155 Fichier(s) - C:\WINDOWS\Temp 85 Fichier(s) - C:\WINDOWS\Prefetch . 2 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP 0 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE . Fin à: 16:09:47 | 04/01/2010 - SCAN[1] . ============== E.O.F ============== . J’ai redémarré mon PC et AD-remover a relancé un scan automatique. En voici le rapport : . ======= RAPPORT D'AD-REMOVER 1.1.4.6_G | UNIQUEMENT XP/VISTA/7 ======= . Mit à jour par C_XX le 03.01.2010 à 17:35 Contact: AdRemover.contact@gmail.com Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html . Lancé à: 16:49:00, 04/01/2010 | Mode Normal | Option: CLEAN Exécuté de: C:\Program Files\Ad-Remover\ Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600 Nom du PC: CATHY | Utilisateur actuel: Moi . ============== ÉLÉMENT(S) NEUTRALISÉ(S) ============== . C:\DOCUME~1\ALLUSE~1\DOCUME~1\Foxicle C:\Program Files\Mozilla FireFox\regxpcom.exe C:\Program Files\EoRezo C:\DOCUME~1\Moi\APPLIC~1\EoRezo (!) -- Fichiers temporaires supprimés. . HKCU\software\EoRezo HKCU\software\Popsicle HKLM\Software\Classes\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9} HKLM\software\classes\appid\EoRezoBHO.DLL HKLM\software\classes\EoRezoBHO.EoBHO HKLM\software\classes\EoRezoBHO.EoBHO.1 HKLM\software\microsoft\windows\currentversion\uninstall\{A8955948-E02C-4738-AF22-53CA0F24C90B}_is1 HKLM\software\microsoft\windows\currentversion\uninstall\eoEngine_is1 HKLM\software\microsoft\windows\currentversion\uninstall\SoftwareUpdate_is1 . ============== Scan additionnel ============== . . * Mozilla FireFox Version 3.5.6 [fr] * . Nom du profil: xvd2luef.default (Moi) . (Moi, Invalidprefs.js) Browser.download.lastDir, C:\Documents and Settings\Moi\Mes documents (Moi, Invalidprefs.js) Browser.search.defaultenginename, Google (Moi, Invalidprefs.js) Browser.search.defaulturl, hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= (Moi, Invalidprefs.js) Browser.search.selectedEngine, Google (Moi, Invalidprefs.js) Browser.startup.homepage, hxxp://y.lo.st (Moi, Invalidprefs.js) Extensions.enabledItems, fr@dictionaries.addons.mozilla.org:2.0,{3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W,{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02,{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,jqs@sun.com:1.0,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.12 . (Moi, Invalidprefs.js) EFFACE - Browser.startup.homepage, hxxp://y.lo.st . (Moi, prefs.js) Browser.download.lastDir, C:\Documents and Settings\Moi\Mes documents (Moi, prefs.js) Browser.search.defaultenginename, Google (Moi, prefs.js) Browser.search.defaulturl, hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= (Moi, prefs.js) Browser.search.selectedEngine, Google (Moi, prefs.js) Browser.startup.homepage, hxxp://y.lo.st (Moi, prefs.js) Extensions.enabledItems, fr@dictionaries.addons.mozilla.org:2.1,{3112ca9c-de6d-4884-a869-9855de68056c}:6.1.20091216W,{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02,{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,jqs@sun.com:1.0,{20a82645-c095-46ed-80e3-08825760534b}:1.1,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.6 . (Moi, prefs.js) EFFACE - Browser.startup.homepage, hxxp://y.lo.st . . * Internet Explorer Version 8.0.6001.18702 * . [HKEY_CURRENT_USER\..\Internet Explorer\Main] . Do404Search: 01000000 Local Page: C:\WINDOWS\system32\blank.htm Show_ToolBar: yes Start Page: hxxp://fr.msn.com/ Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Enable Browser Extensions: yes Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896 . [HKEY_LOCAL_MACHINE\..\Internet Explorer\Main] . Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Delete_Temp_Files_On_Exit: yes Local Page: C:\WINDOWS\system32\blank.htm Start Page: hxxp://fr.msn.com/ Search bar: hxxp://search.msn.com/spbasic.htm . [HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS] . Tabs: res://ieframe.dll/tabswelcome.htm . =================================== . 3933 Octet(s) - C:\Ad-Report-CLEAN[1].log 4213 Octet(s) - C:\Ad-Report-SCAN[1].log . 0 Fichier(s) - C:\DOCUME~1\Moi\LOCALS~1\Temp 1 Fichier(s) - C:\WINDOWS\Temp 7 Fichier(s) - C:\WINDOWS\Prefetch . 19 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP 110 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE . Fin à: 16:53:08 | 04/01/2010 - CLEAN[1] . ============== E.O.F ============== . J’ai ensuite chercher à Lancer pour « nettoyer » dans AD-remover mais je ne trouve pas l’icône d’ouverture d’ad-remover dans C:\ProgramFiles\Ad-Remover (il y a une trentaine d’icones). Que dois-je faire ? Merci pour votre aide précieuse.
  7. Katy35
    OK, voir ci-dessous : 13:18:30:052 3932 TDSSKiller 2.1.1 Dec 20 2009 02:40:02 13:18:30:052 3932 ================================================================================ 13:18:30:052 3932 SystemInfo: 13:18:30:052 3932 OS Version: 5.1.2600 ServicePack: 3.0 13:18:30:052 3932 Product type: Workstation 13:18:30:052 3932 ComputerName: CATHY 13:18:30:052 3932 UserName: Moi 13:18:30:052 3932 Windows directory: C:\WINDOWS 13:18:30:052 3932 Processor architecture: Intel x86 13:18:30:052 3932 Number of processors: 1 13:18:30:052 3932 Page size: 0x1000 13:18:30:052 3932 Boot type: Normal boot 13:18:30:052 3932 ================================================================================ 13:18:30:068 3932 ForceUnloadDriver: NtUnloadDriver error 2 13:18:30:068 3932 ForceUnloadDriver: NtUnloadDriver error 2 13:18:30:068 3932 ForceUnloadDriver: NtUnloadDriver error 2 13:18:30:068 3932 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\Drivers\KLMD.sys) returned status 0 13:18:30:068 3932 main: Driver KLMD successfully dropped 13:18:30:130 3932 main: Driver KLMD successfully loaded 13:18:30:130 3932 Scanning Registry ... 13:18:30:130 3932 ScanServices: Searching service UACd.sys 13:18:30:130 3932 ScanServices: Open/Create key error 2 13:18:30:130 3932 ScanServices: Searching service TDSSserv.sys 13:18:30:130 3932 ScanServices: Open/Create key error 2 13:18:30:130 3932 ScanServices: Searching service gaopdxserv.sys 13:18:30:130 3932 ScanServices: Open/Create key error 2 13:18:30:130 3932 ScanServices: Searching service gxvxcserv.sys 13:18:30:130 3932 ScanServices: Open/Create key error 2 13:18:30:130 3932 ScanServices: Searching service MSIVXserv.sys 13:18:30:130 3932 ScanServices: Open/Create key error 2 13:18:30:130 3932 UnhookRegistry: Kernel module file name: C:\windows\system32\ntkrnlpa.exe, base addr: 804D7000 13:18:30:146 3932 UnhookRegistry: Kernel local addr: A40000 13:18:30:146 3932 UnhookRegistry: KeServiceDescriptorTable addr: AC5700 13:18:30:146 3932 UnhookRegistry: KiServiceTable addr: A6D460 13:18:30:146 3932 UnhookRegistry: NtEnumerateKey service number (local): 47 13:18:30:146 3932 UnhookRegistry: NtEnumerateKey local addr: B8CFF2 13:18:30:146 3932 KLMD_OpenDevice: Trying to open KLMD device 13:18:30:146 3932 KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey 13:18:30:146 3932 KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey 13:18:30:146 3932 KLMD_ReadMem: Trying to ReadMemory 0x805002C9[0x4] 13:18:30:146 3932 UnhookRegistry: NtEnumerateKey service number (kernel): 47 13:18:30:146 3932 KLMD_ReadMem: Trying to ReadMemory 0x8050457C[0x4] 13:18:30:146 3932 UnhookRegistry: NtEnumerateKey real addr: 80623FF2 13:18:30:146 3932 UnhookRegistry: NtEnumerateKey calc addr: 80623FF2 13:18:30:146 3932 UnhookRegistry: No SDT hooks found on NtEnumerateKey 13:18:30:146 3932 KLMD_ReadMem: Trying to ReadMemory 0x80623FF2[0xA] 13:18:30:146 3932 UnhookRegistry: No splicing found on NtEnumerateKey 13:18:30:146 3932 Scanning Kernel memory ... 13:18:30:161 3932 KLMD_OpenDevice: Trying to open KLMD device 13:18:30:161 3932 KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk 13:18:30:161 3932 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk 13:18:30:161 3932 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 84B48850 13:18:30:161 3932 DetectCureTDL3: KLMD_GetDeviceObjectList returned 12 DevObjects 13:18:30:161 3932 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 845774E8 13:18:30:161 3932 KLMD_GetLowerDeviceObject: Trying to get lower device object for 845774E8 13:18:30:161 3932 KLMD_ReadMem: Trying to ReadMemory 0x845774E8[0x38] 13:18:30:161 3932 DetectCureTDL3: DRIVER_OBJECT addr: 84B48850 13:18:30:161 3932 KLMD_ReadMem: Trying to ReadMemory 0x84B48850[0xA8] 13:18:30:161 3932 KLMD_ReadMem: Trying to ReadMemory 0xE1748DF0[0x208] 13:18:30:161 3932 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 13:18:30:161 3932 DetectCureTDL3: IrpHandler (0) addr: F74CDBB0 13:18:30:161 3932 DetectCureTDL3: IrpHandler (1) addr: 804F4562 13:18:30:161 3932 DetectCureTDL3: IrpHandler (2) addr: F74CDBB0 13:18:30:161 3932 DetectCureTDL3: IrpHandler (3) addr: F74C7D1F 13:18:30:161 3932 DetectCureTDL3: IrpHandler (4) addr: F74C7D1F 13:18:30:161 3932 DetectCureTDL3: IrpHandler (5) addr: 804F4562 13:18:30:161 3932 DetectCureTDL3: IrpHandler (6) addr: 804F4562 13:18:30:161 3932 DetectCureTDL3: IrpHandler (7) addr: 804F4562 13:18:30:161 3932 DetectCureTDL3: IrpHandler ( addr: 804F4562 13:18:30:161 3932 DetectCureTDL3: IrpHandler (9) addr: F74C82E2 13:18:30:161 3932 DetectCureTDL3: IrpHandler (10) addr: 804F4562 13:18:30:161 3932 DetectCureTDL3: IrpHandler (11) addr: 804F4562 13:18:30:161 3932 DetectCureTDL3: IrpHandler (12) addr: 804F4562 13:18:30:161 3932 DetectCureTDL3: IrpHandler (13) addr: 804F4562 13:18:30:161 3932 DetectCureTDL3: IrpHandler (14) addr: F74C83BB 13:18:30:161 3932 DetectCureTDL3: IrpHandler (15) addr: F74CBF28 13:18:30:161 3932 DetectCureTDL3: IrpHandler (16) addr: F74C82E2 13:18:30:161 3932 DetectCureTDL3: IrpHandler (17) addr: 804F4562 13:18:30:161 3932 DetectCureTDL3: IrpHandler (18) addr: 804F4562 13:18:30:161 3932 DetectCureTDL3: IrpHandler (19) addr: 804F4562 13:18:30:161 3932 DetectCureTDL3: IrpHandler (20) addr: 804F4562 13:18:30:161 3932 DetectCureTDL3: IrpHandler (21) addr: 804F4562 13:18:30:161 3932 DetectCureTDL3: IrpHandler (22) addr: F74C9C82 13:18:30:161 3932 DetectCureTDL3: IrpHandler (23) addr: F74CE99E 13:18:30:161 3932 DetectCureTDL3: IrpHandler (24) addr: 804F4562 13:18:30:161 3932 DetectCureTDL3: IrpHandler (25) addr: 804F4562 13:18:30:161 3932 DetectCureTDL3: IrpHandler (26) addr: 804F4562 13:18:30:161 3932 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400] 13:18:30:161 3932 KLMD_ReadMem: DeviceIoControl error 1 13:18:30:161 3932 TDL3_StartIoHookDetect: Unable to get StartIo handler code 13:18:30:161 3932 TDL3_FileDetect: Processing driver: Disk 13:18:30:161 3932 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk 13:18:30:161 3932 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys 13:18:30:161 3932 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys 13:18:30:193 3932 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 84577030 13:18:30:193 3932 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84577030 13:18:30:193 3932 KLMD_ReadMem: Trying to ReadMemory 0x84577030[0x38] 13:18:30:193 3932 DetectCureTDL3: DRIVER_OBJECT addr: 84B48850 13:18:30:193 3932 KLMD_ReadMem: Trying to ReadMemory 0x84B48850[0xA8] 13:18:30:193 3932 KLMD_ReadMem: Trying to ReadMemory 0xE1748DF0[0x208] 13:18:30:193 3932 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 13:18:30:193 3932 DetectCureTDL3: IrpHandler (0) addr: F74CDBB0 13:18:30:193 3932 DetectCureTDL3: IrpHandler (1) addr: 804F4562 13:18:30:193 3932 DetectCureTDL3: IrpHandler (2) addr: F74CDBB0 13:18:30:193 3932 DetectCureTDL3: IrpHandler (3) addr: F74C7D1F 13:18:30:193 3932 DetectCureTDL3: IrpHandler (4) addr: F74C7D1F 13:18:30:193 3932 DetectCureTDL3: IrpHandler (5) addr: 804F4562 13:18:30:193 3932 DetectCureTDL3: IrpHandler (6) addr: 804F4562 13:18:30:193 3932 DetectCureTDL3: IrpHandler (7) addr: 804F4562 13:18:30:193 3932 DetectCureTDL3: IrpHandler ( addr: 804F4562 13:18:30:193 3932 DetectCureTDL3: IrpHandler (9) addr: F74C82E2 13:18:30:193 3932 DetectCureTDL3: IrpHandler (10) addr: 804F4562 13:18:30:193 3932 DetectCureTDL3: IrpHandler (11) addr: 804F4562 13:18:30:193 3932 DetectCureTDL3: IrpHandler (12) addr: 804F4562 13:18:30:193 3932 DetectCureTDL3: IrpHandler (13) addr: 804F4562 13:18:30:193 3932 DetectCureTDL3: IrpHandler (14) addr: F74C83BB 13:18:30:193 3932 DetectCureTDL3: IrpHandler (15) addr: F74CBF28 13:18:30:193 3932 DetectCureTDL3: IrpHandler (16) addr: F74C82E2 13:18:30:193 3932 DetectCureTDL3: IrpHandler (17) addr: 804F4562 13:18:30:193 3932 DetectCureTDL3: IrpHandler (18) addr: 804F4562 13:18:30:193 3932 DetectCureTDL3: IrpHandler (19) addr: 804F4562 13:18:30:193 3932 DetectCureTDL3: IrpHandler (20) addr: 804F4562 13:18:30:193 3932 DetectCureTDL3: IrpHandler (21) addr: 804F4562 13:18:30:193 3932 DetectCureTDL3: IrpHandler (22) addr: F74C9C82 13:18:30:193 3932 DetectCureTDL3: IrpHandler (23) addr: F74CE99E 13:18:30:193 3932 DetectCureTDL3: IrpHandler (24) addr: 804F4562 13:18:30:193 3932 DetectCureTDL3: IrpHandler (25) addr: 804F4562 13:18:30:193 3932 DetectCureTDL3: IrpHandler (26) addr: 804F4562 13:18:30:193 3932 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400] 13:18:30:193 3932 KLMD_ReadMem: DeviceIoControl error 1 13:18:30:193 3932 TDL3_StartIoHookDetect: Unable to get StartIo handler code 13:18:30:193 3932 TDL3_FileDetect: Processing driver: Disk 13:18:30:193 3932 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk 13:18:30:193 3932 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys 13:18:30:193 3932 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys 13:18:30:208 3932 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 84578AA8 13:18:30:208 3932 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84578AA8 13:18:30:208 3932 KLMD_ReadMem: Trying to ReadMemory 0x84578AA8[0x38] 13:18:30:208 3932 DetectCureTDL3: DRIVER_OBJECT addr: 84B48850 13:18:30:208 3932 KLMD_ReadMem: Trying to ReadMemory 0x84B48850[0xA8] 13:18:30:208 3932 KLMD_ReadMem: Trying to ReadMemory 0xE1748DF0[0x208] 13:18:30:208 3932 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 13:18:30:208 3932 DetectCureTDL3: IrpHandler (0) addr: F74CDBB0 13:18:30:208 3932 DetectCureTDL3: IrpHandler (1) addr: 804F4562 13:18:30:208 3932 DetectCureTDL3: IrpHandler (2) addr: F74CDBB0 13:18:30:208 3932 DetectCureTDL3: IrpHandler (3) addr: F74C7D1F 13:18:30:208 3932 DetectCureTDL3: IrpHandler (4) addr: F74C7D1F 13:18:30:208 3932 DetectCureTDL3: IrpHandler (5) addr: 804F4562 13:18:30:208 3932 DetectCureTDL3: IrpHandler (6) addr: 804F4562 13:18:30:208 3932 DetectCureTDL3: IrpHandler (7) addr: 804F4562 13:18:30:208 3932 DetectCureTDL3: IrpHandler ( addr: 804F4562 13:18:30:208 3932 DetectCureTDL3: IrpHandler (9) addr: F74C82E2 13:18:30:208 3932 DetectCureTDL3: IrpHandler (10) addr: 804F4562 13:18:30:224 3932 DetectCureTDL3: IrpHandler (11) addr: 804F4562 13:18:30:224 3932 DetectCureTDL3: IrpHandler (12) addr: 804F4562 13:18:30:224 3932 DetectCureTDL3: IrpHandler (13) addr: 804F4562 13:18:30:224 3932 DetectCureTDL3: IrpHandler (14) addr: F74C83BB 13:18:30:224 3932 DetectCureTDL3: IrpHandler (15) addr: F74CBF28 13:18:30:224 3932 DetectCureTDL3: IrpHandler (16) addr: F74C82E2 13:18:30:224 3932 DetectCureTDL3: IrpHandler (17) addr: 804F4562 13:18:30:224 3932 DetectCureTDL3: IrpHandler (18) addr: 804F4562 13:18:30:224 3932 DetectCureTDL3: IrpHandler (19) addr: 804F4562 13:18:30:224 3932 DetectCureTDL3: IrpHandler (20) addr: 804F4562 13:18:30:224 3932 DetectCureTDL3: IrpHandler (21) addr: 804F4562 13:18:30:224 3932 DetectCureTDL3: IrpHandler (22) addr: F74C9C82 13:18:30:224 3932 DetectCureTDL3: IrpHandler (23) addr: F74CE99E 13:18:30:224 3932 DetectCureTDL3: IrpHandler (24) addr: 804F4562 13:18:30:224 3932 DetectCureTDL3: IrpHandler (25) addr: 804F4562 13:18:30:224 3932 DetectCureTDL3: IrpHandler (26) addr: 804F4562 13:18:30:224 3932 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400] 13:18:30:224 3932 KLMD_ReadMem: DeviceIoControl error 1 13:18:30:224 3932 TDL3_StartIoHookDetect: Unable to get StartIo handler code 13:18:30:224 3932 TDL3_FileDetect: Processing driver: Disk 13:18:30:224 3932 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk 13:18:30:224 3932 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys 13:18:30:224 3932 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys 13:18:30:224 3932 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 845D6C68 13:18:30:224 3932 KLMD_GetLowerDeviceObject: Trying to get lower device object for 845D6C68 13:18:30:224 3932 KLMD_ReadMem: Trying to ReadMemory 0x845D6C68[0x38] 13:18:30:224 3932 DetectCureTDL3: DRIVER_OBJECT addr: 84B48850 13:18:30:224 3932 KLMD_ReadMem: Trying to ReadMemory 0x84B48850[0xA8] 13:18:30:224 3932 KLMD_ReadMem: Trying to ReadMemory 0xE1748DF0[0x208] 13:18:30:224 3932 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 13:18:30:224 3932 DetectCureTDL3: IrpHandler (0) addr: F74CDBB0 13:18:30:224 3932 DetectCureTDL3: IrpHandler (1) addr: 804F4562 13:18:30:224 3932 DetectCureTDL3: IrpHandler (2) addr: F74CDBB0 13:18:30:224 3932 DetectCureTDL3: IrpHandler (3) addr: F74C7D1F 13:18:30:224 3932 DetectCureTDL3: IrpHandler (4) addr: F74C7D1F 13:18:30:224 3932 DetectCureTDL3: IrpHandler (5) addr: 804F4562 13:18:30:224 3932 DetectCureTDL3: IrpHandler (6) addr: 804F4562 13:18:30:224 3932 DetectCureTDL3: IrpHandler (7) addr: 804F4562 13:18:30:224 3932 DetectCureTDL3: IrpHandler ( addr: 804F4562 13:18:30:224 3932 DetectCureTDL3: IrpHandler (9) addr: F74C82E2 13:18:30:224 3932 DetectCureTDL3: IrpHandler (10) addr: 804F4562 13:18:30:224 3932 DetectCureTDL3: IrpHandler (11) addr: 804F4562 13:18:30:224 3932 DetectCureTDL3: IrpHandler (12) addr: 804F4562 13:18:30:224 3932 DetectCureTDL3: IrpHandler (13) addr: 804F4562 13:18:30:224 3932 DetectCureTDL3: IrpHandler (14) addr: F74C83BB 13:18:30:224 3932 DetectCureTDL3: IrpHandler (15) addr: F74CBF28 13:18:30:224 3932 DetectCureTDL3: IrpHandler (16) addr: F74C82E2 13:18:30:224 3932 DetectCureTDL3: IrpHandler (17) addr: 804F4562 13:18:30:224 3932 DetectCureTDL3: IrpHandler (18) addr: 804F4562 13:18:30:224 3932 DetectCureTDL3: IrpHandler (19) addr: 804F4562 13:18:30:224 3932 DetectCureTDL3: IrpHandler (20) addr: 804F4562 13:18:30:224 3932 DetectCureTDL3: IrpHandler (21) addr: 804F4562 13:18:30:224 3932 DetectCureTDL3: IrpHandler (22) addr: F74C9C82 13:18:30:224 3932 DetectCureTDL3: IrpHandler (23) addr: F74CE99E 13:18:30:224 3932 DetectCureTDL3: IrpHandler (24) addr: 804F4562 13:18:30:224 3932 DetectCureTDL3: IrpHandler (25) addr: 804F4562 13:18:30:224 3932 DetectCureTDL3: IrpHandler (26) addr: 804F4562 13:18:30:224 3932 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400] 13:18:30:224 3932 KLMD_ReadMem: DeviceIoControl error 1 13:18:30:224 3932 TDL3_StartIoHookDetect: Unable to get StartIo handler code 13:18:30:224 3932 TDL3_FileDetect: Processing driver: Disk 13:18:30:224 3932 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk 13:18:30:224 3932 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys 13:18:30:224 3932 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys 13:18:30:240 3932 DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 84603540 13:18:30:240 3932 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84603540 13:18:30:240 3932 DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 846BC6F0 13:18:30:240 3932 KLMD_GetLowerDeviceObject: Trying to get lower device object for 846BC6F0 13:18:30:240 3932 KLMD_ReadMem: Trying to ReadMemory 0x846BC6F0[0x38] 13:18:30:240 3932 DetectCureTDL3: DRIVER_OBJECT addr: 846BD360 13:18:30:240 3932 KLMD_ReadMem: Trying to ReadMemory 0x846BD360[0xA8] 13:18:30:240 3932 KLMD_ReadMem: Trying to ReadMemory 0xE1A378A0[0x208] 13:18:30:240 3932 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR 13:18:30:240 3932 DetectCureTDL3: IrpHandler (0) addr: F785C218 13:18:30:240 3932 DetectCureTDL3: IrpHandler (1) addr: 804F4562 13:18:30:240 3932 DetectCureTDL3: IrpHandler (2) addr: F785C218 13:18:30:240 3932 DetectCureTDL3: IrpHandler (3) addr: F785C23C 13:18:30:240 3932 DetectCureTDL3: IrpHandler (4) addr: F785C23C 13:18:30:240 3932 DetectCureTDL3: IrpHandler (5) addr: 804F4562 13:18:30:240 3932 DetectCureTDL3: IrpHandler (6) addr: 804F4562 13:18:30:240 3932 DetectCureTDL3: IrpHandler (7) addr: 804F4562 13:18:30:240 3932 DetectCureTDL3: IrpHandler ( addr: 804F4562 13:18:30:240 3932 DetectCureTDL3: IrpHandler (9) addr: 804F4562 13:18:30:240 3932 DetectCureTDL3: IrpHandler (10) addr: 804F4562 13:18:30:240 3932 DetectCureTDL3: IrpHandler (11) addr: 804F4562 13:18:30:240 3932 DetectCureTDL3: IrpHandler (12) addr: 804F4562 13:18:30:240 3932 DetectCureTDL3: IrpHandler (13) addr: 804F4562 13:18:30:240 3932 DetectCureTDL3: IrpHandler (14) addr: F785C180 13:18:30:240 3932 DetectCureTDL3: IrpHandler (15) addr: F78579E6 13:18:30:240 3932 DetectCureTDL3: IrpHandler (16) addr: 804F4562 13:18:30:240 3932 DetectCureTDL3: IrpHandler (17) addr: 804F4562 13:18:30:240 3932 DetectCureTDL3: IrpHandler (18) addr: 804F4562 13:18:30:240 3932 DetectCureTDL3: IrpHandler (19) addr: 804F4562 13:18:30:240 3932 DetectCureTDL3: IrpHandler (20) addr: 804F4562 13:18:30:240 3932 DetectCureTDL3: IrpHandler (21) addr: 804F4562 13:18:30:240 3932 DetectCureTDL3: IrpHandler (22) addr: F785B5F0 13:18:30:240 3932 DetectCureTDL3: IrpHandler (23) addr: F7859A6E 13:18:30:240 3932 DetectCureTDL3: IrpHandler (24) addr: 804F4562 13:18:30:240 3932 DetectCureTDL3: IrpHandler (25) addr: 804F4562 13:18:30:240 3932 DetectCureTDL3: IrpHandler (26) addr: 804F4562 13:18:30:240 3932 KLMD_ReadMem: Trying to ReadMemory 0xF7858F26[0x400] 13:18:30:240 3932 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 0, 0 13:18:30:240 3932 TDL3_FileDetect: Processing driver: USBSTOR 13:18:30:240 3932 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\usbstor.sys, C:\WINDOWS\system32\Drivers\usbstor.tsk, SYSTEM\CurrentControlSet\Services\USBSTOR, system32\Drivers\usbstor.tsk 13:18:30:240 3932 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\usbstor.sys 13:18:30:240 3932 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\usbstor.sys 13:18:30:240 3932 DetectCureTDL3: 5 Curr stack PDEVICE_OBJECT: 84603AB8 13:18:30:240 3932 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84603AB8 13:18:30:255 3932 DetectCureTDL3: 5 Curr stack PDEVICE_OBJECT: 846BC980 13:18:30:255 3932 KLMD_GetLowerDeviceObject: Trying to get lower device object for 846BC980 13:18:30:255 3932 KLMD_ReadMem: Trying to ReadMemory 0x846BC980[0x38] 13:18:30:255 3932 DetectCureTDL3: DRIVER_OBJECT addr: 846BD360 13:18:30:255 3932 KLMD_ReadMem: Trying to ReadMemory 0x846BD360[0xA8] 13:18:30:255 3932 KLMD_ReadMem: Trying to ReadMemory 0xE1A378A0[0x208] 13:18:30:255 3932 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR 13:18:30:255 3932 DetectCureTDL3: IrpHandler (0) addr: F785C218 13:18:30:255 3932 DetectCureTDL3: IrpHandler (1) addr: 804F4562 13:18:30:255 3932 DetectCureTDL3: IrpHandler (2) addr: F785C218 13:18:30:255 3932 DetectCureTDL3: IrpHandler (3) addr: F785C23C 13:18:30:255 3932 DetectCureTDL3: IrpHandler (4) addr: F785C23C 13:18:30:255 3932 DetectCureTDL3: IrpHandler (5) addr: 804F4562 13:18:30:255 3932 DetectCureTDL3: IrpHandler (6) addr: 804F4562 13:18:30:255 3932 DetectCureTDL3: IrpHandler (7) addr: 804F4562 13:18:30:255 3932 DetectCureTDL3: IrpHandler ( addr: 804F4562 13:18:30:255 3932 DetectCureTDL3: IrpHandler (9) addr: 804F4562 13:18:30:255 3932 DetectCureTDL3: IrpHandler (10) addr: 804F4562 13:18:30:255 3932 DetectCureTDL3: IrpHandler (11) addr: 804F4562 13:18:30:255 3932 DetectCureTDL3: IrpHandler (12) addr: 804F4562 13:18:30:255 3932 DetectCureTDL3: IrpHandler (13) addr: 804F4562 13:18:30:255 3932 DetectCureTDL3: IrpHandler (14) addr: F785C180 13:18:30:255 3932 DetectCureTDL3: IrpHandler (15) addr: F78579E6 13:18:30:255 3932 DetectCureTDL3: IrpHandler (16) addr: 804F4562 13:18:30:255 3932 DetectCureTDL3: IrpHandler (17) addr: 804F4562 13:18:30:255 3932 DetectCureTDL3: IrpHandler (18) addr: 804F4562 13:18:30:255 3932 DetectCureTDL3: IrpHandler (19) addr: 804F4562 13:18:30:255 3932 DetectCureTDL3: IrpHandler (20) addr: 804F4562 13:18:30:255 3932 DetectCureTDL3: IrpHandler (21) addr: 804F4562 13:18:30:255 3932 DetectCureTDL3: IrpHandler (22) addr: F785B5F0 13:18:30:255 3932 DetectCureTDL3: IrpHandler (23) addr: F7859A6E 13:18:30:255 3932 DetectCureTDL3: IrpHandler (24) addr: 804F4562 13:18:30:255 3932 DetectCureTDL3: IrpHandler (25) addr: 804F4562 13:18:30:255 3932 DetectCureTDL3: IrpHandler (26) addr: 804F4562 13:18:30:255 3932 KLMD_ReadMem: Trying to ReadMemory 0xF7858F26[0x400] 13:18:30:255 3932 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 0, 0 13:18:30:255 3932 TDL3_FileDetect: Processing driver: USBSTOR 13:18:30:255 3932 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\usbstor.sys, C:\WINDOWS\system32\Drivers\usbstor.tsk, SYSTEM\CurrentControlSet\Services\USBSTOR, system32\Drivers\usbstor.tsk 13:18:30:255 3932 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\usbstor.sys 13:18:30:255 3932 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\usbstor.sys 13:18:30:255 3932 DetectCureTDL3: 6 Curr stack PDEVICE_OBJECT: 845A8540 13:18:30:255 3932 KLMD_GetLowerDeviceObject: Trying to get lower device object for 845A8540 13:18:30:255 3932 DetectCureTDL3: 6 Curr stack PDEVICE_OBJECT: 846B86F0 13:18:30:255 3932 KLMD_GetLowerDeviceObject: Trying to get lower device object for 846B86F0 13:18:30:255 3932 KLMD_ReadMem: Trying to ReadMemory 0x846B86F0[0x38] 13:18:30:255 3932 DetectCureTDL3: DRIVER_OBJECT addr: 846BD360 13:18:30:255 3932 KLMD_ReadMem: Trying to ReadMemory 0x846BD360[0xA8] 13:18:30:255 3932 KLMD_ReadMem: Trying to ReadMemory 0xE1A378A0[0x208] 13:18:30:255 3932 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR 13:18:30:255 3932 DetectCureTDL3: IrpHandler (0) addr: F785C218 13:18:30:255 3932 DetectCureTDL3: IrpHandler (1) addr: 804F4562 13:18:30:255 3932 DetectCureTDL3: IrpHandler (2) addr: F785C218 13:18:30:255 3932 DetectCureTDL3: IrpHandler (3) addr: F785C23C 13:18:30:255 3932 DetectCureTDL3: IrpHandler (4) addr: F785C23C 13:18:30:255 3932 DetectCureTDL3: IrpHandler (5) addr: 804F4562 13:18:30:255 3932 DetectCureTDL3: IrpHandler (6) addr: 804F4562 13:18:30:255 3932 DetectCureTDL3: IrpHandler (7) addr: 804F4562 13:18:30:255 3932 DetectCureTDL3: IrpHandler ( addr: 804F4562 13:18:30:255 3932 DetectCureTDL3: IrpHandler (9) addr: 804F4562 13:18:30:255 3932 DetectCureTDL3: IrpHandler (10) addr: 804F4562 13:18:30:255 3932 DetectCureTDL3: IrpHandler (11) addr: 804F4562 13:18:30:255 3932 DetectCureTDL3: IrpHandler (12) addr: 804F4562 13:18:30:255 3932 DetectCureTDL3: IrpHandler (13) addr: 804F4562 13:18:30:255 3932 DetectCureTDL3: IrpHandler (14) addr: F785C180 13:18:30:255 3932 DetectCureTDL3: IrpHandler (15) addr: F78579E6 13:18:30:255 3932 DetectCureTDL3: IrpHandler (16) addr: 804F4562 13:18:30:255 3932 DetectCureTDL3: IrpHandler (17) addr: 804F4562 13:18:30:255 3932 DetectCureTDL3: IrpHandler (18) addr: 804F4562 13:18:30:255 3932 DetectCureTDL3: IrpHandler (19) addr: 804F4562 13:18:30:255 3932 DetectCureTDL3: IrpHandler (20) addr: 804F4562 13:18:30:255 3932 DetectCureTDL3: IrpHandler (21) addr: 804F4562 13:18:30:255 3932 DetectCureTDL3: IrpHandler (22) addr: F785B5F0 13:18:30:255 3932 DetectCureTDL3: IrpHandler (23) addr: F7859A6E 13:18:30:255 3932 DetectCureTDL3: IrpHandler (24) addr: 804F4562 13:18:30:255 3932 DetectCureTDL3: IrpHandler (25) addr: 804F4562 13:18:30:255 3932 DetectCureTDL3: IrpHandler (26) addr: 804F4562 13:18:30:255 3932 KLMD_ReadMem: Trying to ReadMemory 0xF7858F26[0x400] 13:18:30:255 3932 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 0, 0 13:18:30:255 3932 TDL3_FileDetect: Processing driver: USBSTOR 13:18:30:271 3932 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\usbstor.sys, C:\WINDOWS\system32\Drivers\usbstor.tsk, SYSTEM\CurrentControlSet\Services\USBSTOR, system32\Drivers\usbstor.tsk 13:18:30:271 3932 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\usbstor.sys 13:18:30:271 3932 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\usbstor.sys 13:18:30:271 3932 DetectCureTDL3: 7 Curr stack PDEVICE_OBJECT: 845A8AB8 13:18:30:271 3932 KLMD_GetLowerDeviceObject: Trying to get lower device object for 845A8AB8 13:18:30:271 3932 DetectCureTDL3: 7 Curr stack PDEVICE_OBJECT: 846B96F0 13:18:30:271 3932 KLMD_GetLowerDeviceObject: Trying to get lower device object for 846B96F0 13:18:30:271 3932 KLMD_ReadMem: Trying to ReadMemory 0x846B96F0[0x38] 13:18:30:271 3932 DetectCureTDL3: DRIVER_OBJECT addr: 846BD360 13:18:30:271 3932 KLMD_ReadMem: Trying to ReadMemory 0x846BD360[0xA8] 13:18:30:271 3932 KLMD_ReadMem: Trying to ReadMemory 0xE1A378A0[0x208] 13:18:30:271 3932 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR 13:18:30:271 3932 DetectCureTDL3: IrpHandler (0) addr: F785C218 13:18:30:271 3932 DetectCureTDL3: IrpHandler (1) addr: 804F4562 13:18:30:271 3932 DetectCureTDL3: IrpHandler (2) addr: F785C218 13:18:30:271 3932 DetectCureTDL3: IrpHandler (3) addr: F785C23C 13:18:30:271 3932 DetectCureTDL3: IrpHandler (4) addr: F785C23C 13:18:30:271 3932 DetectCureTDL3: IrpHandler (5) addr: 804F4562 13:18:30:271 3932 DetectCureTDL3: IrpHandler (6) addr: 804F4562 13:18:30:271 3932 DetectCureTDL3: IrpHandler (7) addr: 804F4562 13:18:30:271 3932 DetectCureTDL3: IrpHandler ( addr: 804F4562 13:18:30:271 3932 DetectCureTDL3: IrpHandler (9) addr: 804F4562 13:18:30:271 3932 DetectCureTDL3: IrpHandler (10) addr: 804F4562 13:18:30:271 3932 DetectCureTDL3: IrpHandler (11) addr: 804F4562 13:18:30:271 3932 DetectCureTDL3: IrpHandler (12) addr: 804F4562 13:18:30:271 3932 DetectCureTDL3: IrpHandler (13) addr: 804F4562 13:18:30:271 3932 DetectCureTDL3: IrpHandler (14) addr: F785C180 13:18:30:271 3932 DetectCureTDL3: IrpHandler (15) addr: F78579E6 13:18:30:271 3932 DetectCureTDL3: IrpHandler (16) addr: 804F4562 13:18:30:271 3932 DetectCureTDL3: IrpHandler (17) addr: 804F4562 13:18:30:271 3932 DetectCureTDL3: IrpHandler (18) addr: 804F4562 13:18:30:271 3932 DetectCureTDL3: IrpHandler (19) addr: 804F4562 13:18:30:271 3932 DetectCureTDL3: IrpHandler (20) addr: 804F4562 13:18:30:271 3932 DetectCureTDL3: IrpHandler (21) addr: 804F4562 13:18:30:271 3932 DetectCureTDL3: IrpHandler (22) addr: F785B5F0 13:18:30:271 3932 DetectCureTDL3: IrpHandler (23) addr: F7859A6E 13:18:30:271 3932 DetectCureTDL3: IrpHandler (24) addr: 804F4562 13:18:30:271 3932 DetectCureTDL3: IrpHandler (25) addr: 804F4562 13:18:30:271 3932 DetectCureTDL3: IrpHandler (26) addr: 804F4562 13:18:30:271 3932 KLMD_ReadMem: Trying to ReadMemory 0xF7858F26[0x400] 13:18:30:271 3932 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 0, 0 13:18:30:271 3932 TDL3_FileDetect: Processing driver: USBSTOR 13:18:30:271 3932 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\usbstor.sys, C:\WINDOWS\system32\Drivers\usbstor.tsk, SYSTEM\CurrentControlSet\Services\USBSTOR, system32\Drivers\usbstor.tsk 13:18:30:271 3932 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\usbstor.sys 13:18:30:271 3932 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\usbstor.sys 13:18:30:271 3932 DetectCureTDL3: 8 Curr stack PDEVICE_OBJECT: 84BA7030 13:18:30:271 3932 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84BA7030 13:18:30:271 3932 KLMD_ReadMem: Trying to ReadMemory 0x84BA7030[0x38] 13:18:30:271 3932 DetectCureTDL3: DRIVER_OBJECT addr: 84B48850 13:18:30:271 3932 KLMD_ReadMem: Trying to ReadMemory 0x84B48850[0xA8] 13:18:30:271 3932 KLMD_ReadMem: Trying to ReadMemory 0xE1748DF0[0x208] 13:18:30:271 3932 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 13:18:30:271 3932 DetectCureTDL3: IrpHandler (0) addr: F74CDBB0 13:18:30:271 3932 DetectCureTDL3: IrpHandler (1) addr: 804F4562 13:18:30:271 3932 DetectCureTDL3: IrpHandler (2) addr: F74CDBB0 13:18:30:271 3932 DetectCureTDL3: IrpHandler (3) addr: F74C7D1F 13:18:30:271 3932 DetectCureTDL3: IrpHandler (4) addr: F74C7D1F 13:18:30:271 3932 DetectCureTDL3: IrpHandler (5) addr: 804F4562 13:18:30:271 3932 DetectCureTDL3: IrpHandler (6) addr: 804F4562 13:18:30:271 3932 DetectCureTDL3: IrpHandler (7) addr: 804F4562 13:18:30:271 3932 DetectCureTDL3: IrpHandler ( addr: 804F4562 13:18:30:271 3932 DetectCureTDL3: IrpHandler (9) addr: F74C82E2 13:18:30:271 3932 DetectCureTDL3: IrpHandler (10) addr: 804F4562 13:18:30:271 3932 DetectCureTDL3: IrpHandler (11) addr: 804F4562 13:18:30:271 3932 DetectCureTDL3: IrpHandler (12) addr: 804F4562 13:18:30:271 3932 DetectCureTDL3: IrpHandler (13) addr: 804F4562 13:18:30:271 3932 DetectCureTDL3: IrpHandler (14) addr: F74C83BB 13:18:30:271 3932 DetectCureTDL3: IrpHandler (15) addr: F74CBF28 13:18:30:271 3932 DetectCureTDL3: IrpHandler (16) addr: F74C82E2 13:18:30:286 3932 DetectCureTDL3: IrpHandler (17) addr: 804F4562 13:18:30:286 3932 DetectCureTDL3: IrpHandler (18) addr: 804F4562 13:18:30:286 3932 DetectCureTDL3: IrpHandler (19) addr: 804F4562 13:18:30:286 3932 DetectCureTDL3: IrpHandler (20) addr: 804F4562 13:18:30:286 3932 DetectCureTDL3: IrpHandler (21) addr: 804F4562 13:18:30:286 3932 DetectCureTDL3: IrpHandler (22) addr: F74C9C82 13:18:30:286 3932 DetectCureTDL3: IrpHandler (23) addr: F74CE99E 13:18:30:286 3932 DetectCureTDL3: IrpHandler (24) addr: 804F4562 13:18:30:286 3932 DetectCureTDL3: IrpHandler (25) addr: 804F4562 13:18:30:286 3932 DetectCureTDL3: IrpHandler (26) addr: 804F4562 13:18:30:286 3932 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400] 13:18:30:286 3932 KLMD_ReadMem: DeviceIoControl error 1 13:18:30:286 3932 TDL3_StartIoHookDetect: Unable to get StartIo handler code 13:18:30:286 3932 TDL3_FileDetect: Processing driver: Disk 13:18:30:286 3932 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk 13:18:30:286 3932 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys 13:18:30:286 3932 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys 13:18:30:286 3932 DetectCureTDL3: 9 Curr stack PDEVICE_OBJECT: 84B468A0 13:18:30:286 3932 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84B468A0 13:18:30:286 3932 KLMD_ReadMem: Trying to ReadMemory 0x84B468A0[0x38] 13:18:30:286 3932 DetectCureTDL3: DRIVER_OBJECT addr: 84B48850 13:18:30:286 3932 KLMD_ReadMem: Trying to ReadMemory 0x84B48850[0xA8] 13:18:30:286 3932 KLMD_ReadMem: Trying to ReadMemory 0xE1748DF0[0x208] 13:18:30:286 3932 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 13:18:30:286 3932 DetectCureTDL3: IrpHandler (0) addr: F74CDBB0 13:18:30:286 3932 DetectCureTDL3: IrpHandler (1) addr: 804F4562 13:18:30:286 3932 DetectCureTDL3: IrpHandler (2) addr: F74CDBB0 13:18:30:286 3932 DetectCureTDL3: IrpHandler (3) addr: F74C7D1F 13:18:30:286 3932 DetectCureTDL3: IrpHandler (4) addr: F74C7D1F 13:18:30:286 3932 DetectCureTDL3: IrpHandler (5) addr: 804F4562 13:18:30:286 3932 DetectCureTDL3: IrpHandler (6) addr: 804F4562 13:18:30:286 3932 DetectCureTDL3: IrpHandler (7) addr: 804F4562 13:18:30:286 3932 DetectCureTDL3: IrpHandler ( addr: 804F4562 13:18:30:286 3932 DetectCureTDL3: IrpHandler (9) addr: F74C82E2 13:18:30:286 3932 DetectCureTDL3: IrpHandler (10) addr: 804F4562 13:18:30:286 3932 DetectCureTDL3: IrpHandler (11) addr: 804F4562 13:18:30:286 3932 DetectCureTDL3: IrpHandler (12) addr: 804F4562 13:18:30:286 3932 DetectCureTDL3: IrpHandler (13) addr: 804F4562 13:18:30:286 3932 DetectCureTDL3: IrpHandler (14) addr: F74C83BB 13:18:30:286 3932 DetectCureTDL3: IrpHandler (15) addr: F74CBF28 13:18:30:286 3932 DetectCureTDL3: IrpHandler (16) addr: F74C82E2 13:18:30:286 3932 DetectCureTDL3: IrpHandler (17) addr: 804F4562 13:18:30:286 3932 DetectCureTDL3: IrpHandler (18) addr: 804F4562 13:18:30:286 3932 DetectCureTDL3: IrpHandler (19) addr: 804F4562 13:18:30:286 3932 DetectCureTDL3: IrpHandler (20) addr: 804F4562 13:18:30:286 3932 DetectCureTDL3: IrpHandler (21) addr: 804F4562 13:18:30:286 3932 DetectCureTDL3: IrpHandler (22) addr: F74C9C82 13:18:30:286 3932 DetectCureTDL3: IrpHandler (23) addr: F74CE99E 13:18:30:286 3932 DetectCureTDL3: IrpHandler (24) addr: 804F4562 13:18:30:286 3932 DetectCureTDL3: IrpHandler (25) addr: 804F4562 13:18:30:286 3932 DetectCureTDL3: IrpHandler (26) addr: 804F4562 13:18:30:286 3932 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400] 13:18:30:286 3932 KLMD_ReadMem: DeviceIoControl error 1 13:18:30:286 3932 TDL3_StartIoHookDetect: Unable to get StartIo handler code 13:18:30:286 3932 TDL3_FileDetect: Processing driver: Disk 13:18:30:286 3932 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk 13:18:30:286 3932 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys 13:18:30:286 3932 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys 13:18:30:302 3932 DetectCureTDL3: 10 Curr stack PDEVICE_OBJECT: 84B46C68 13:18:30:302 3932 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84B46C68 13:18:30:302 3932 KLMD_ReadMem: Trying to ReadMemory 0x84B46C68[0x38] 13:18:30:302 3932 DetectCureTDL3: DRIVER_OBJECT addr: 84B48850 13:18:30:302 3932 KLMD_ReadMem: Trying to ReadMemory 0x84B48850[0xA8] 13:18:30:302 3932 KLMD_ReadMem: Trying to ReadMemory 0xE1748DF0[0x208] 13:18:30:302 3932 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 13:18:30:302 3932 DetectCureTDL3: IrpHandler (0) addr: F74CDBB0 13:18:30:302 3932 DetectCureTDL3: IrpHandler (1) addr: 804F4562 13:18:30:302 3932 DetectCureTDL3: IrpHandler (2) addr: F74CDBB0 13:18:30:302 3932 DetectCureTDL3: IrpHandler (3) addr: F74C7D1F 13:18:30:302 3932 DetectCureTDL3: IrpHandler (4) addr: F74C7D1F 13:18:30:302 3932 DetectCureTDL3: IrpHandler (5) addr: 804F4562 13:18:30:302 3932 DetectCureTDL3: IrpHandler (6) addr: 804F4562 13:18:30:302 3932 DetectCureTDL3: IrpHandler (7) addr: 804F4562 13:18:30:302 3932 DetectCureTDL3: IrpHandler ( addr: 804F4562 13:18:30:302 3932 DetectCureTDL3: IrpHandler (9) addr: F74C82E2 13:18:30:302 3932 DetectCureTDL3: IrpHandler (10) addr: 804F4562 13:18:30:302 3932 DetectCureTDL3: IrpHandler (11) addr: 804F4562 13:18:30:302 3932 DetectCureTDL3: IrpHandler (12) addr: 804F4562 13:18:30:302 3932 DetectCureTDL3: IrpHandler (13) addr: 804F4562 13:18:30:302 3932 DetectCureTDL3: IrpHandler (14) addr: F74C83BB 13:18:30:302 3932 DetectCureTDL3: IrpHandler (15) addr: F74CBF28 13:18:30:302 3932 DetectCureTDL3: IrpHandler (16) addr: F74C82E2 13:18:30:302 3932 DetectCureTDL3: IrpHandler (17) addr: 804F4562 13:18:30:302 3932 DetectCureTDL3: IrpHandler (18) addr: 804F4562 13:18:30:302 3932 DetectCureTDL3: IrpHandler (19) addr: 804F4562 13:18:30:302 3932 DetectCureTDL3: IrpHandler (20) addr: 804F4562 13:18:30:302 3932 DetectCureTDL3: IrpHandler (21) addr: 804F4562 13:18:30:302 3932 DetectCureTDL3: IrpHandler (22) addr: F74C9C82 13:18:30:302 3932 DetectCureTDL3: IrpHandler (23) addr: F74CE99E 13:18:30:302 3932 DetectCureTDL3: IrpHandler (24) addr: 804F4562 13:18:30:302 3932 DetectCureTDL3: IrpHandler (25) addr: 804F4562 13:18:30:302 3932 DetectCureTDL3: IrpHandler (26) addr: 804F4562 13:18:30:302 3932 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400] 13:18:30:302 3932 KLMD_ReadMem: DeviceIoControl error 1 13:18:30:302 3932 TDL3_StartIoHookDetect: Unable to get StartIo handler code 13:18:30:302 3932 TDL3_FileDetect: Processing driver: Disk 13:18:30:302 3932 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk 13:18:30:302 3932 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys 13:18:30:302 3932 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys 13:18:30:302 3932 DetectCureTDL3: 11 Curr stack PDEVICE_OBJECT: 84B47030 13:18:30:302 3932 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84B47030 13:18:30:302 3932 DetectCureTDL3: 11 Curr stack PDEVICE_OBJECT: 84BA22D0 13:18:30:302 3932 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84BA22D0 13:18:30:302 3932 DetectCureTDL3: 11 Curr stack PDEVICE_OBJECT: 84BA1030 13:18:30:302 3932 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84BA1030 13:18:30:302 3932 KLMD_ReadMem: Trying to ReadMemory 0x84BA1030[0x38] 13:18:30:302 3932 DetectCureTDL3: DRIVER_OBJECT addr: 84A61600 13:18:30:302 3932 KLMD_ReadMem: Trying to ReadMemory 0x84A61600[0xA8] 13:18:30:302 3932 KLMD_ReadMem: Trying to ReadMemory 0xE174E538[0x208] 13:18:30:302 3932 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi 13:18:30:302 3932 DetectCureTDL3: IrpHandler (0) addr: F72DD6F2 13:18:30:302 3932 DetectCureTDL3: IrpHandler (1) addr: 804F4562 13:18:30:302 3932 DetectCureTDL3: IrpHandler (2) addr: F72DD6F2 13:18:30:302 3932 DetectCureTDL3: IrpHandler (3) addr: 804F4562 13:18:30:302 3932 DetectCureTDL3: IrpHandler (4) addr: 804F4562 13:18:30:302 3932 DetectCureTDL3: IrpHandler (5) addr: 804F4562 13:18:30:302 3932 DetectCureTDL3: IrpHandler (6) addr: 804F4562 13:18:30:302 3932 DetectCureTDL3: IrpHandler (7) addr: 804F4562 13:18:30:302 3932 DetectCureTDL3: IrpHandler ( addr: 804F4562 13:18:30:302 3932 DetectCureTDL3: IrpHandler (9) addr: 804F4562 13:18:30:302 3932 DetectCureTDL3: IrpHandler (10) addr: 804F4562 13:18:30:302 3932 DetectCureTDL3: IrpHandler (11) addr: 804F4562 13:18:30:302 3932 DetectCureTDL3: IrpHandler (12) addr: 804F4562 13:18:30:302 3932 DetectCureTDL3: IrpHandler (13) addr: 804F4562 13:18:30:302 3932 DetectCureTDL3: IrpHandler (14) addr: F72DD712 13:18:30:302 3932 DetectCureTDL3: IrpHandler (15) addr: F72D9852 13:18:30:302 3932 DetectCureTDL3: IrpHandler (16) addr: 804F4562 13:18:30:302 3932 DetectCureTDL3: IrpHandler (17) addr: 804F4562 13:18:30:302 3932 DetectCureTDL3: IrpHandler (18) addr: 804F4562 13:18:30:302 3932 DetectCureTDL3: IrpHandler (19) addr: 804F4562 13:18:30:302 3932 DetectCureTDL3: IrpHandler (20) addr: 804F4562 13:18:30:302 3932 DetectCureTDL3: IrpHandler (21) addr: 804F4562 13:18:30:302 3932 DetectCureTDL3: IrpHandler (22) addr: F72DD73C 13:18:30:302 3932 DetectCureTDL3: IrpHandler (23) addr: F72E4336 13:18:30:302 3932 DetectCureTDL3: IrpHandler (24) addr: 804F4562 13:18:30:302 3932 DetectCureTDL3: IrpHandler (25) addr: 804F4562 13:18:30:302 3932 DetectCureTDL3: IrpHandler (26) addr: 804F4562 13:18:30:302 3932 KLMD_ReadMem: Trying to ReadMemory 0xF72DA864[0x400] 13:18:30:302 3932 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 316, 0 13:18:30:302 3932 TDL3_FileDetect: Processing driver: atapi 13:18:30:302 3932 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\atapi.sys, C:\WINDOWS\system32\Drivers\atapi.tsk, SYSTEM\CurrentControlSet\Services\atapi, system32\Drivers\atapi.tsk 13:18:30:302 3932 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\atapi.sys 13:18:30:318 3932 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\atapi.sys 13:18:30:333 3932 Completed Results: 13:18:30:349 3932 Infected objects in memory: 0 13:18:30:349 3932 Cured objects in memory: 0 13:18:30:349 3932 Infected objects on disk: 0 13:18:30:349 3932 Objects on disk cured on reboot: 0 13:18:30:349 3932 Objects on disk deleted on reboot: 0 13:18:30:349 3932 Registry nodes deleted on reboot: 0 13:18:30:349 3932 ____________________________________________________________ J'ai ensuite Redémarrer mon PC, et j'ai poursuivi mais quand j'ai téléchargé "rkill.comTélécharger Rkill de Grinler", il s'est lancé tout seul sous dos et puis m'a affiché un message d'erreur : fichier introuvable "C:\Documents and Settings\Moi\Delay" et puis rien d'autre. Alors je poursuis votre procédure initiale ou pas ? Au plaisir de votre réponse.
  8. Katy35
    Merci pour votre réponse. Ci-dessous le rapport ZHPDiag = Rapport de ZHPDiag v1.24.40 par Nicolas Coolman Run by Moi at 04/01/2010 09:45:02 Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html Platform : Microsoft Windows XP (5.1.2600) Service Pack 3 MSIE: Internet Explorer v8.0.6001.18702 MFIE: Mozilla Firefox (3.5.6) Boot mode: Normal (Normal boot) Total RAM: 447 MB (26% free) System drive C: has 69 GB (61%) free of 113 GB ---\\ Processus lancés [MD5.7E48B4958C131E9643DDCD2E7CA3FE9F] - C:\WINDOWS\ehome\ehtray.exe [MD5.27ECDC43B2E41A865092CC31263358F2] - c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe [MD5.E6BB63BBE1BED01769CA87F4DAC286C8] - C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [MD5.1B17E09C1223F6D17336D2DD7A1AF4F4] - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [MD5.B98FFA8288EFAABC436C30D198608345] - C:\Program Files\Java\jre6\bin\jusched.exe [MD5.93EE120AE332DBE31632A00D232096D8] - C:\WINDOWS\system32\SysMonitor.exe [MD5.72D78BD9AB1F457502F01832B07133CF] - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [MD5.C67E00C1DCA52FB369DC54E9EE653D47] - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe [MD5.3112FB3F65D8E0E8932934F0F9F3732F] - C:\WINDOWS\hpfsched.exe [MD5.CA416C33C8F4D6DE53C17AAB7CE2FBD8] - C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe [MD5.2B352C79E11E1DE028A977B956C0990E] - C:\Program Files\Logitech\Video\ISStart.exe [MD5.A2A570828AFDB7F96B11C9E0B6EDBAB4] - C:\Program Files\Logitech\Video\LogiTray.exe [MD5.831FB892A5A5F28BB69DE0AB77FA7281] - C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe [MD5.C41FE114D9D7710EDA1189D304D85088] - C:\Program Files\QuickTime\QTTask.exe [MD5.CE6892CF204645111347E008CC8C99DB] - C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [MD5.7629C07C6DF3E7F662DA4C6D55994F46] - C:\Program Files\EoRezo\EoEngine.exe [MD5.5ECD3C3B70B6B50F284DBAF6016B2DDF] - C:\Documents and Settings\Moi\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe [MD5.452FA961163EF4AEE4815796A13AB2CF] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [MD5.28E9092D50AE450662EEA4719E5AA304] - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [MD5.59DC5BB82E4C8E0B3EADCFDBC44BA6E4] - C:\WINDOWS\system32\ctfmon.exe [MD5.E616A6A6E91B0A86F2F6217CDE835FFE] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [MD5.18B4B12358EFCF68D76812058A26181F] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [MD5.504CFB4CB3187F7228D447C90DA8051F] - C:\Program Files\RegistryDoktor 4.1\RegistryDoktor.exe [MD5.3CBE2162C4411B0C4603442B3E446362] - C:\Program Files\Uniblue\RegistryBooster\launcher.exe [MD5.A7A071726A35955C05FCBF9ABDDBBD97] - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [MD5.D6C8942BEA3698A2E7559BD423BFA5D7] - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [MD5.335A142923FE7F97E8C8388ACD067568] - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [MD5.3DBB0D7890741B53369CB808B7F2E30C] - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [MD5.E4BDF223CD75478BF44567B4D5C2634D] - C:\WINDOWS\System32\svchost.exe [MD5.35751F0539366A08C966B2FC2D6A3A05] - C:\Program Files\Alwil Software\Avast4\ashServ.exe [MD5.5D1347AA5AE6E2F77D7F4F8372D95AC9] - C:\WINDOWS\eHome\ehRecvr.exe [MD5.980EEEA91776357518892C5544768E2B] - C:\WINDOWS\eHome\ehSched.exe [MD5.C3FB1D70CB88722267949694BA51759E] - C:\WINDOWS\system32\services.exe [MD5.305687EB8C8E0A12A0B2BAE387B6E466] - C:\WINDOWS\system32\fxssvc.exe [MD5.32192B4EBE8720ED8D49A455C962CB91] - C:\Program Files\Java\jre6\bin\jqs.exe [MD5.AB8134127F786C9603817B5318DCEEAA] - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [MD5.52404CC76E9D53843BDF97564BB16BED] - C:\WINDOWS\ehome\mcrdsvc.exe [MD5.11F714F85530A2BD134074DC30E99FCA] - C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [MD5.9F40402087B6D4A428571DD6CA83AC1E] - C:\WINDOWS\system32\nvsvc32.exe [MD5.91E6024D6D4DCDECDB36C43ECF9BBECB] - C:\WINDOWS\system32\lsass.exe [MD5.271077B91D7AD1B616F8AFDFE8E3F981] - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [MD5.460E4CE148BD07218DA0B6A3D31885A9] - C:\WINDOWS\system32\spoolsv.exe ---\\ Pages de recherche de Mozilla Firefox (M1) M1 - SPR:Search Page Redirection - C:\Program Files\Mozilla FireFox\extensions\support@pdfcreator-toolbar.org ---\\ Pages de démarrage d'Internet Explorer (R0) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://y.lo.st R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 ---\\ Pages de recherche d'Internet Explorer (R1) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local> ---\\ Internet Explorer URLSearchHook (R3) R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O2 - BHO: EoBHO - {C7B76B90-3455-4AE6-A752-EAC4D19689E5} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll ---\\ Applications démarrées automatiquement par le registre (O4) O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1 O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe O4 - HKLM\..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe O4 - HKLM\..\Run: [EoEngine] C:\Program Files\EoRezo\EoEngine.exe O4 - HKLM\..\Run: [softwareHelper] C:\Documents and Settings\Moi\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [RegDokFRT] C:\Program Files\RegistryDoktor 4.1\RegistryDoktor.exe O4 - HKCU\..\RunOnce: [uniblueRegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000 O4 - HKLM\..\policies\Explorer: [HonorAutoRunSetting] Data=1 O4 - HKCU\..\policies\Explorer: [NoDriveTypeAutoRun] Data=145 O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE O4 - Global Startup: Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk - C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe O4 - Global Startup: Activer l'ensemble clavier et souris sans fil Labtec.lnk - C:\Program Files\Ensemble clavier et souris sans fil Labtec\MagicKey.exe ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll,201 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFBARH.ICO O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe,302 ---\\ Winsock hijacker (Layered Service Provider) (O10) O10 - WLSP:\000000000001\Winsock LSP File - C:\WINDOWS\system32\mswsock.dll O10 - WLSP:\000000000002\Winsock LSP File - C:\WINDOWS\system32\winrnr.dll O10 - WLSP:\000000000003\Winsock LSP File - C:\WINDOWS\system32\mswsock.dll ---\\ Protocole additionnel et piratage de protocole (O18) O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll O18 - Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll O18 - Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\system32\inetcomm.dll O18 - Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL O18 - Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Handler: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\FICHIE~1\MICROS~1\WEBCOM~1\11\OWC11.DLL O18 - Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\Windows\system32\mshtml.dll O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll O18 - Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\Windows\system32\SHELL32.dll O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\System32\dimsntfy.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\System32\WgaLogon.dll ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSODL) (O21) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll ---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22) O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Memory Check Service (AcerMemUsageCheckService) - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus (avast! Antivirus) - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: Media Center Receiver Service (ehRecvr) - C:\WINDOWS\eHome\ehRecvr.exe O23 - Service: Service de planification Media Center (ehSched) - C:\WINDOWS\eHome\ehSched.exe O23 - Service: Fax (Fax) - C:\WINDOWS\system32\fxssvc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - C:\Program Files\Java\jre6\bin\jqs.exe -service -config C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: Media Center Extender Service (McrdSvc) - C:\WINDOWS\ehome\mcrdsvc.exe O23 - Service: Machine Debug Manager (MDM) - C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SeaPort (SeaPort) - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe O23 - Service: Spouleur d'impression (Spooler) - C:\WINDOWS\system32\spoolsv.exe ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\AppleSoftwareUpdate.job O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\User_Feed_Synchronization-{E7007547-F387-4C9A-89C5-8304209C0432}.job ---\\ Composants installés (ActiveSetup Installed Components) (O40) O40 - ASIC: Mise à jour de la version d’Internet Explorer - <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe O40 - ASIC: Microsoft Windows Media Player - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP O40 - ASIC: Internet Explorer - >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE O40 - ASIC: Browser Customizations - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP O40 - ASIC: Outlook Express - >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE O40 - ASIC: Personnalisation du navigateur - >{8E78C26E-2138-4383-9317-8B8616E2B98E} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP O40 - ASIC: KB910393 - KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - (not file) O40 - ASIC: Rendu VML (Vector Graphics Rendering) - {10072CEC-8CC1-11D1-986E-00A0C955B42F} - (not file) O40 - ASIC: Microsoft .NET Framework 1.0 Hotfix (KB887998) - {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - (not file) O40 - ASIC: Microsoft NetShow Player - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - C:\WINDOWS\system32\wmpdxm.dll O40 - ASIC: Microsoft Windows Media Player 6.4 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\system32\wmpdxm.dll O40 - ASIC: DirectAnimation - {283807B5-2C60-11D0-A31D-00AA00B92C03} - (not file) O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\WINDOWS\system32\regsvr32.exe /s /n /i:/UserInstall C:\WINDOWS\system32\themeui.dll O40 - ASIC: Liaison de données Dynamic HTML pour Java - {36f8ec70-c29a-11d1-b5c7-0000f8051515} - (not file) O40 - ASIC: Offline Browsing Pack - {3af36230-a269-11d1-b5bf-0000f8051515} - (not file) O40 - ASIC: Uniscribe - {3bf42070-b3b1-11d1-b5c5-0000f8051515} - (not file) O40 - ASIC: Media Center - {407408d4-94ed-4d86-ab69-a7f649d112ee} - C:\WINDOWS\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 C:\WINDOWS\inf\mcdftreg.inf O40 - ASIC: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) - {411EDCF7-755D-414E-A74B-3DCD6583F589} - (not file) O40 - ASIC: Création avancée - {4278c270-a269-11d1-b5bf-0000f8051515} - (not file) O40 - ASIC: Microsoft Outlook Express 6 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT O40 - ASIC: DirectShow - {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - (not file) O40 - ASIC: DirectDrawEx - {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - (not file) O40 - ASIC: Internet Explorer Help - {45ea75a0-a269-11d1-b5bf-0000f8051515} - (not file) O40 - ASIC: Classes Java DirectAnimation - {4f216970-c90c-11d1-b5c7-0000f8051515} - (not file) O40 - ASIC: Microsoft Windows Script 5.6 - {4f645220-306d-11d2-995d-00c04f98bbc9} - (not file) O40 - ASIC: Mise à jour de sécurité pour Windows XP (KB923789) - {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - (not file) O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser O40 - ASIC: Internet Explorer Setup Tools - {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - (not file) O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} - (not file) O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub O40 - ASIC: MSN Site Access - {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - (not file) O40 - ASIC: .NET Framework - {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - (not file) O40 - ASIC: Dossiers Web - {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - (not file) O40 - ASIC: Carnet d'adresses 6 - {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install O40 - ASIC: Mise à jour du Bureau Windows - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll O40 - ASIC: Internet Explorer - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install O40 - ASIC: Fax - {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser O40 - ASIC: Dynamic HTML Data Binding - {9381D8F2-0288-11D0-9501-00AA00B911A5} - (not file) O40 - ASIC: Fax Provider - {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - (not file) O40 - ASIC: .NET Framework - {9A394342-4A68-4EBA-85A6-55B559F4E700} - (not file) O40 - ASIC: Microsoft .NET Framework 1.0 Hotfix (KB930494) - {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - (not file) O40 - ASIC: .NET Framework - {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - (not file) O40 - ASIC: Internet Explorer Core Fonts - {C9E9A340-D1F1-11D0-821E-444553540600} - (not file) O40 - ASIC: .NET Framework - {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - (not file) O40 - ASIC: Planificateur de tâches - {CC2A9BA0-3BDD-11D0-821E-444553540000} - (not file) O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11cf-96B8-444553540000} - C:\WINDOWS\system32\Macromed\Flash\Flash10c.ocx O40 - ASIC: Microsoft .NET Framework 1.1 Security Update (KB953297) - {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - (not file) O40 - ASIC: HTML Help - {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - (not file) O40 - ASIC: Microsoft .NET Framework 1.0 Hotfix (KB953295) - {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - (not file) O40 - ASIC: Active Directory Service Interface - {E92B03AB-B707-11d2-9CBD-0000F87A369E} - (not file) O40 - ASIC: Microsoft .NET Framework 1.0 Service Pack 3 - {EA29D410-CE41-4953-A862-2DE706A1DAD7} - (not file) O40 - ASIC: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O40 - ASIC: .NET Framework - {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - (not file) ---\\ Pilotes lancés au démarrage (O41) O41 - Driver: AFD (AFD) - C:\WINDOWS\System32\drivers\afd.sys O41 - Driver: Pilote de processeur AMD (AmdK8) - C:\WINDOWS\system32\DRIVERS\AmdK8.sys O41 - Driver: avgio (avgio) - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys O41 - Driver: avipbb (avipbb) - C:\WINDOWS\system32\DRIVERS\avipbb.sys O41 - Driver: Pilote de CD-ROM (Cdrom) - C:\WINDOWS\system32\DRIVERS\cdrom.sys O41 - Driver: Pilote pour clavier i8042 et souris sur port PS/2 (i8042prt) - C:\WINDOWS\system32\DRIVERS\i8042prt.sys O41 - Driver: Pilote de filtre de gravure CD (Imapi) - C:\WINDOWS\system32\DRIVERS\imapi.sys O41 - Driver: Pilote IPSEC (IPSec) - C:\WINDOWS\system32\DRIVERS\ipsec.sys O41 - Driver: Pilote de la classe Clavier (Kbdclass) - C:\WINDOWS\system32\DRIVERS\kbdclass.sys O41 - Driver: Pilote de la classe Souris (Mouclass) - C:\WINDOWS\system32\DRIVERS\mouclass.sys O41 - Driver: MRXSMB (MRxSmb) - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys O41 - Driver: Interface NetBIOS (NetBIOS) - C:\WINDOWS\system32\DRIVERS\netbios.sys O41 - Driver: NetBIOS sur TCP/IP (NetBT) - C:\WINDOWS\system32\DRIVERS\netbt.sys O41 - Driver: Pilote processeur (Processor) - C:\WINDOWS\system32\DRIVERS\processr.sys O41 - Driver: Pilote de connexion automatique d'accès distant (RasAcd) - C:\WINDOWS\system32\DRIVERS\rasacd.sys O41 - Driver: Rdbss (Rdbss) - C:\WINDOWS\system32\DRIVERS\rdbss.sys O41 - Driver: (no object) (RDPCDD) - C:\WINDOWS\System32\DRIVERS\RDPCDD.sys O41 - Driver: Pilote de filtre de lecture digitale de CD audio (redbook) - C:\WINDOWS\system32\DRIVERS\redbook.sys O41 - Driver: Pilote de port série (Serial) - C:\WINDOWS\system32\DRIVERS\serial.sys O41 - Driver: ssmdrv (ssmdrv) - C:\WINDOWS\system32\DRIVERS\ssmdrv.sys O41 - Driver: Pilote du protocole TCP/IP (Tcpip) - C:\WINDOWS\system32\DRIVERS\tcpip.sys O41 - Driver: Pilote de périphérique terminal (TermDD) - C:\WINDOWS\system32\DRIVERS\termdd.sys O41 - Driver: Carte vidéo VGA. (VgaSave) - C:\WINDOWS\System32\drivers\vga.sys O41 - Driver: (no object) (VgaSave) - C:\WINDOWS\System32\drivers\vga.sys ---\\ Logiciels installés (O42) O42 - Logiciel: Acer Empowering Technology O42 - Logiciel: Acer WLAN 11g USB Dongle O42 - Logiciel: Acer eDataSecurity Management O42 - Logiciel: Acer eDataSecurity Management 2.0.3077 O42 - Logiciel: Acer ePerformance Management O42 - Logiciel: Adobe Flash Player 10 ActiveX O42 - Logiciel: Adobe Flash Player 10 Plugin O42 - Logiciel: Adobe Reader 9.1.2 - Français O42 - Logiciel: Adobe® Photoshop® Album Edition Découverte 3.2 O42 - Logiciel: Alice Auto-diagnostic O42 - Logiciel: Apple Software Update O42 - Logiciel: ArcSoft Panorama Maker 4 O42 - Logiciel: Assistant de connexion Windows Live O42 - Logiciel: Avira AntiVir Personal - Free Antivirus O42 - Logiciel: CréaBox 1.0 O42 - Logiciel: DivX Codec O42 - Logiciel: DivX Content Uploader O42 - Logiciel: DivX Converter O42 - Logiciel: DivX Player O42 - Logiciel: DivX Web Player O42 - Logiciel: Ensemble clavier et souris sans fil Labtec O42 - Logiciel: File Uploader O42 - Logiciel: Foxicle O42 - Logiciel: Galerie de photos Windows Live O42 - Logiciel: GemMaster Mystic O42 - Logiciel: Google Toolbar for Internet Explorer O42 - Logiciel: HP DeskJet Serie 710C (Supprimer uniquement) O42 - Logiciel: High Definition Audio Driver Package - KB888111 O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) O42 - Logiciel: Hotfix for Windows Media Format 11 SDK (KB929399) O42 - Logiciel: Hotfix for Windows Media Player 10 (KB903157) O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) O42 - Logiciel: IZArc 3.81 O42 - Logiciel: Installation Windows Live O42 - Logiciel: J2SE Runtime Environment 5.0 Update 10 O42 - Logiciel: J2SE Runtime Environment 5.0 Update 6 O42 - Logiciel: Java 6 Update 11 O42 - Logiciel: Java 6 Update 2 O42 - Logiciel: Junk Mail filter update O42 - Logiciel: Kit de Connexion Alice ADSL O42 - Logiciel: Lecteur Windows Media 11 O42 - Logiciel: LimeWire 4.18.8 O42 - Logiciel: Logitech Print Service O42 - Logiciel: Logitech QuickCam O42 - Logiciel: MSN O42 - Logiciel: MSVCRT O42 - Logiciel: MSXML 4.0 SP2 (KB927978) O42 - Logiciel: MSXML 4.0 SP2 (KB936181) O42 - Logiciel: MSXML 4.0 SP2 (KB954430) O42 - Logiciel: MSXML 4.0 SP2 (KB973688) O42 - Logiciel: MSXML 6 Service Pack 2 (KB954459) O42 - Logiciel: Microsoft .NET Framework 1.1 O42 - Logiciel: Microsoft .NET Framework 1.1 French Language Pack O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB953297) O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 O42 - Logiciel: Microsoft Choice Guard O42 - Logiciel: Microsoft Compression Client Pack 1.0 for Windows XP O42 - Logiciel: Microsoft Internationalized Domain Names Mitigation APIs O42 - Logiciel: Microsoft National Language Support Downlevel APIs O42 - Logiciel: Microsoft Office Live Add-in 1.3 O42 - Logiciel: Microsoft Office Outlook Connector O42 - Logiciel: Microsoft Office Standard Edition 2003 O42 - Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU] O42 - Logiciel: Microsoft Search Enhancement Pack O42 - Logiciel: Microsoft Sync Framework Runtime Native v1.0 (x86) O42 - Logiciel: Microsoft Sync Framework Services Native v1.0 (x86) O42 - Logiciel: Microsoft User-Mode Driver Framework Feature Pack 1.0 O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable O42 - Logiciel: Module de compatibilité pour Microsoft Office System 2007 O42 - Logiciel: Mozilla Firefox (3.5.6) O42 - Logiciel: NTI Backup NOW! 4 O42 - Logiciel: NTI CD & DVD-Maker O42 - Logiciel: NVIDIA Drivers O42 - Logiciel: Nikon Message Center O42 - Logiciel: Nikon Transfer O42 - Logiciel: OCA Client history tool install O42 - Logiciel: Otto O42 - Logiciel: Outil de téléchargement Windows Live O42 - Logiciel: PDFCreator O42 - Logiciel: PDFCreator Toolbar O42 - Logiciel: Package de pilotes Windows - AMD System (04/06/2006 1.0.1.0) O42 - Logiciel: Package de pilotes Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) O42 - Logiciel: Pampers Village Screen Saver O42 - Logiciel: PlayMP3z O42 - Logiciel: PowerDVD O42 - Logiciel: Programme de gestion Camera de Logitech® O42 - Logiciel: QuickTime O42 - Logiciel: Realtek High Definition Audio Driver O42 - Logiciel: RegistryDoktor 4.1 O42 - Logiciel: SAMSUNG CDMA Modem Driver Set O42 - Logiciel: SAMSUNG Mobile Composite Device Software O42 - Logiciel: SAMSUNG Mobile USB Modem 1.0 Software O42 - Logiciel: SAMSUNG Mobile USB Modem Software O42 - Logiciel: Samsung Mobile phone USB driver Software O42 - Logiciel: Samsung PC Studio 3 O42 - Logiciel: Samsung PC Studio 3 USB Driver Installer O42 - Logiciel: Samsung Samples Installer O42 - Logiciel: Security Update for CAPICOM (KB931906) O42 - Logiciel: Segoe UI O42 - Logiciel: SoftwareUpdate 1.0 O42 - Logiciel: Sonic Encoders O42 - Logiciel: Uniblue RegistryBooster 2010 O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) O42 - Logiciel: Windows Genuine Advantage Notifications (KB905474) O42 - Logiciel: Windows Imaging Component O42 - Logiciel: Windows Internet Explorer 7 O42 - Logiciel: Windows Internet Explorer 8 O42 - Logiciel: Windows Live Call O42 - Logiciel: Windows Live Communications Platform O42 - Logiciel: Windows Live Contrôle parental O42 - Logiciel: Windows Live Mail O42 - Logiciel: Windows Live Messenger O42 - Logiciel: Windows Live Sync O42 - Logiciel: Windows Live Toolbar O42 - Logiciel: Windows Live Writer O42 - Logiciel: Windows Media Format 11 runtime O42 - Logiciel: Windows Media Player 11 O42 - Logiciel: Windows Media Player Firefox Plugin O42 - Logiciel: Windows XP Media Center Edition 2005 KB908246 O42 - Logiciel: Windows XP Media Center Edition 2005 KB925766 O42 - Logiciel: Windows XP Media Center Edition 2005 KB973768 O42 - Logiciel: Windows XP Service Pack 3 O42 - Logiciel: Yahoo! Toolbar avec bloqueur de fenêtres pop-up O42 - Logiciel: avast! Antivirus O42 - Logiciel: commercial O42 - Logiciel: eMule O42 - Logiciel: eoEngine 9.1 O42 - Logiciel: neroxml ---\\ Contenu des dossiers Fichiers Communs (O43) O43 - CFD:Common File Directory ----D- C:\Program Files\AbiSuite2 O43 - CFD:Common File Directory ----D- C:\Program Files\Acer WLAN 11g USB Dongle O43 - CFD:Common File Directory ----D- C:\Program Files\Adobe O43 - CFD:Common File Directory ----D- C:\Program Files\Ahead O43 - CFD:Common File Directory ----D- C:\Program Files\Alice O43 - CFD:Common File Directory ----D- C:\Program Files\Alwil Software O43 - CFD:Common File Directory ----D- C:\Program Files\Apple Software Update O43 - CFD:Common File Directory ----D- C:\Program Files\ArcSoft O43 - CFD:Common File Directory ----D- C:\Program Files\Avira O43 - CFD:Common File Directory ----D- C:\Program Files\commercial O43 - CFD:Common File Directory ----D- C:\Program Files\ComPlus Applications O43 - CFD:Common File Directory ----D- C:\Program Files\CréaBox O43 - CFD:Common File Directory ----D- C:\Program Files\CyberLink O43 - CFD:Common File Directory ----D- C:\Program Files\DIFX O43 - CFD:Common File Directory ----D- C:\Program Files\directx O43 - CFD:Common File Directory ----D- C:\Program Files\DivX O43 - CFD:Common File Directory ----D- C:\Program Files\eMule O43 - CFD:Common File Directory ----D- C:\Program Files\Ensemble clavier et souris sans fil Labtec O43 - CFD:Common File Directory ----D- C:\Program Files\EoRezo O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers communs O43 - CFD:Common File Directory ----D- C:\Program Files\FrenchOtto O43 - CFD:Common File Directory ----D- C:\Program Files\GemMasterFrench O43 - CFD:Common File Directory ----D- C:\Program Files\Google O43 - CFD:Common File Directory ----D- C:\Program Files\HP DeskJet 710C Series O43 - CFD:Common File Directory --H-D- C:\Program Files\InstallShield Installation Information O43 - CFD:Common File Directory ----D- C:\Program Files\Internet Explorer O43 - CFD:Common File Directory ----D- C:\Program Files\IZArc O43 - CFD:Common File Directory ----D- C:\Program Files\Java O43 - CFD:Common File Directory ----D- C:\Program Files\LimeWire O43 - CFD:Common File Directory ----D- C:\Program Files\Logitech O43 - CFD:Common File Directory ----D- C:\Program Files\Messenger O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft CAPICOM 2.1.0.2 O43 - CFD:Common File Directory ----D- C:\Program Files\microsoft frontpage O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Office O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Office Outlook Connector O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft SQL Server Compact Edition O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Sync Framework O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Visual Studio O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Works O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft.NET O43 - CFD:Common File Directory ----D- C:\Program Files\Movie Maker O43 - CFD:Common File Directory ----D- C:\Program Files\Mozilla Firefox O43 - CFD:Common File Directory ----D- C:\Program Files\MSBuild O43 - CFD:Common File Directory ----D- C:\Program Files\MSECache O43 - CFD:Common File Directory ----D- C:\Program Files\MSN O43 - CFD:Common File Directory ----D- C:\Program Files\MSN Gaming Zone O43 - CFD:Common File Directory ----D- C:\Program Files\MSXML 4.0 O43 - CFD:Common File Directory ----D- C:\Program Files\MSXML 6.0 O43 - CFD:Common File Directory ----D- C:\Program Files\Navilog1 O43 - CFD:Common File Directory ----D- C:\Program Files\NetMeeting O43 - CFD:Common File Directory ----D- C:\Program Files\NewTech Infosystems O43 - CFD:Common File Directory ----D- C:\Program Files\Nikon O43 - CFD:Common File Directory ----D- C:\Program Files\NOS O43 - CFD:Common File Directory ----D- C:\Program Files\Oca History Tool O43 - CFD:Common File Directory ----D- C:\Program Files\Online Services O43 - CFD:Common File Directory ----D- C:\Program Files\Outlook Express O43 - CFD:Common File Directory ----D- C:\Program Files\PDFCreator O43 - CFD:Common File Directory ----D- C:\Program Files\PDFCreator Toolbar O43 - CFD:Common File Directory ----D- C:\Program Files\PlayMP3z O43 - CFD:Common File Directory ----D- C:\Program Files\QuickTime O43 - CFD:Common File Directory ----D- C:\Program Files\Realtek O43 - CFD:Common File Directory ----D- C:\Program Files\Reference Assemblies O43 - CFD:Common File Directory ----D- C:\Program Files\RegistryDoktor 4.1 O43 - CFD:Common File Directory ----D- C:\Program Files\Samsung O43 - CFD:Common File Directory ----D- C:\Program Files\Services en ligne O43 - CFD:Common File Directory ----D- C:\Program Files\TechCity Solutions O43 - CFD:Common File Directory ----D- C:\Program Files\Trend Micro O43 - CFD:Common File Directory ----D- C:\Program Files\Uniblue O43 - CFD:Common File Directory --H-D- C:\Program Files\Uninstall Information O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live SkyDrive O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Connect 2 O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Player O43 - CFD:Common File Directory ----D- C:\Program Files\Windows NT O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Plus O43 - CFD:Common File Directory --H-D- C:\Program Files\WindowsUpdate O43 - CFD:Common File Directory ----D- C:\Program Files\xerox O43 - CFD:Common File Directory ----D- C:\Program Files\Yahoo! O43 - CFD:Common File Directory ----D- C:\Program Files\ZHPDiag O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Adobe O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Ahead O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\DESIGNER O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\FotoWire O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\InstallShield O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Java O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\LightScribe O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Logitech O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Microsoft Shared O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\MSSoap O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\muvee Technologies O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\NewTech Infosystems O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Nikon O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\ODBC O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Services O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\SpeechEngines O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Symantec Shared O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\System O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Windows Live ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:Last File Created 04/01/2010 - 09:30:24 ---A- C:\WINDOWS\System32\MSVolumeRDFr.dll O44 - LFC:Last File Created 04/01/2010 - 08:41:21 ---A- C:\WINDOWS\WindowsUpdate.log O44 - LFC:Last File Created 04/01/2010 - 08:15:38 ---A- C:\WINDOWS\System32\wpa.dbl O44 - LFC:Last File Created 04/01/2010 - 08:14:34 ---A- C:\WINDOWS\0.log O44 - LFC:Last File Created 04/01/2010 - 08:14:25 ---A- C:\WINDOWS\wiadebug.log O44 - LFC:Last File Created 04/01/2010 - 08:14:25 ---A- C:\WINDOWS\wiaservc.log O44 - LFC:Last File Created 04/01/2010 - 08:13:41 ---A- C:\WINDOWS\System32\nvapps.xml O44 - LFC:Last File Created 04/01/2010 - 08:13:22 -S-A- C:\WINDOWS\bootstat.dat O44 - LFC:Last File Created 03/01/2010 - 20:49:51 ---A- C:\WINDOWS\SchedLgU.Txt O44 - LFC:Last File Created 03/01/2010 - 13:48:06 ---A- C:\WINDOWS\NeroDigital.ini O44 - LFC:Last File Created 22/12/2009 - 11:47:08 ---A- C:\WINDOWS\HPFCSS13.INI O44 - LFC:Last File Created 22/12/2009 - 11:47:08 ---A- C:\WINDOWS\HPFTBX13.INI O44 - LFC:Last File Created 17/12/2009 - 20:46:58 ---A- C:\WINDOWS\setupapi.log O44 - LFC:Last File Created 17/12/2009 - 20:33:52 ---A- C:\WINDOWS\setupact.log O44 - LFC:Last File Created 11/12/2009 - 17:31:29 ---A- C:\WINDOWS\wmsetup.log O44 - LFC:Last File Created 10/12/2009 - 20:59:08 ---A- C:\WINDOWS\KB970430.log O44 - LFC:Last File Created 10/12/2009 - 20:59:08 ---A- C:\WINDOWS\MedCtrOC.log O44 - LFC:Last File Created 10/12/2009 - 20:59:08 ---A- C:\WINDOWS\comsetup.log O44 - LFC:Last File Created 10/12/2009 - 20:59:08 ---A- C:\WINDOWS\ehOCGen.log O44 - LFC:Last File Created 10/12/2009 - 20:59:08 ---A- C:\WINDOWS\iis6.log O44 - LFC:Last File Created 10/12/2009 - 20:59:08 ---A- C:\WINDOWS\imsins.log O44 - LFC:Last File Created 10/12/2009 - 20:59:08 ---A- C:\WINDOWS\ntdtcsetup.log O44 - LFC:Last File Created 10/12/2009 - 20:59:08 ---A- C:\WINDOWS\ocmsn.log O44 - LFC:Last File Created 10/12/2009 - 20:59:08 ---A- C:\WINDOWS\tabletoc.log O44 - LFC:Last File Created 10/12/2009 - 20:59:08 ---A- C:\WINDOWS\tsoc.log O44 - LFC:Last File Created 10/12/2009 - 20:59:07 ---A- C:\WINDOWS\FaxSetup.log O44 - LFC:Last File Created 10/12/2009 - 20:59:07 ---A- C:\WINDOWS\msgsocm.log O44 - LFC:Last File Created 10/12/2009 - 20:59:07 ---A- C:\WINDOWS\netfxocm.log O44 - LFC:Last File Created 10/12/2009 - 20:59:07 ---A- C:\WINDOWS\ocgen.log O44 - LFC:Last File Created 10/12/2009 - 20:59:07 ---A- C:\WINDOWS\plusoc.log O44 - LFC:Last File Created 10/12/2009 - 20:59:06 ---A- C:\WINDOWS\msmqinst.log O44 - LFC:Last File Created 10/12/2009 - 20:59:03 ---A- C:\WINDOWS\updspapi.log O44 - LFC:Last File Created 10/12/2009 - 20:58:05 ---A- C:\WINDOWS\KB974318.log O44 - LFC:Last File Created 10/12/2009 - 20:58:05 ---A- C:\WINDOWS\imsins.BAK O44 - LFC:Last File Created 10/12/2009 - 20:56:46 ---A- C:\WINDOWS\KB976325-IE8.log O44 - LFC:Last File Created 10/12/2009 - 20:56:22 ---A- C:\WINDOWS\KB973904.log O44 - LFC:Last File Created 10/12/2009 - 20:56:14 ---A- C:\WINDOWS\KB974392.log O44 - LFC:Last File Created 10/12/2009 - 20:56:08 ---A- C:\WINDOWS\KB971737.log ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll ---\\ Export de clé d'application autorisée (ECAA)(O47) O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" O47 - AAKE:Key Export SP - "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" O47 - AAKE:Key Export SP - "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" O47 - AAKE:Key Export SP - "C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" O47 - AAKE:Key Export SP - "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" O47 - AAKE:Key Export SP - "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule" O47 - AAKE:Key Export SP - "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire" O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" O47 - AAKE:Key Export DP - "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" O47 - AAKE:Key Export DP - "C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" O47 - AAKE:Key Export DP - "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" ---\\ Déni du service (Local Security Authority) (LSA) (O48) O48 - LSA:Local Security Authority Authentication Packages - C:\WINDOWS\System32\msv1_0.dll O48 - LSA:Local Security Authority Notification Packages - C:\WINDOWS\System32\scecli.dll ---\\ Contrôle du Safe Boot (CSB) (O49) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmboot.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmio.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmload.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sr.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmboot.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmio.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmload.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ip6fw.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpcdd.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpdd.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpwd.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sr.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdpipe.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdtcp.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmboot.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmio.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmload.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sr.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vgasave.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmboot.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmio.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmload.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ip6fw.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ipnat.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpcdd.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpdd.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpwd.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sr.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\tdpipe.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\tdtcp.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vgasave.sys O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\dmboot.sys O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\dmio.sys O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\dmload.sys O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\sr.sys O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\vgasave.sys O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\dmboot.sys O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\dmio.sys O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\dmload.sys O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\ip6fw.sys O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\ipnat.sys O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\rdpcdd.sys O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\rdpdd.sys O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\rdpwd.sys O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\sr.sys O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\tdpipe.sys O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\tdtcp.sys O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\vgasave.sys ---\\ Image File Execution Options (IFEO) (O50) O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d ---\\ MountPoints2 Shell Key (MPSK) (O51) O51 - MPSK:{3ab0c0ca-5be1-11de-92ee-0019215c87d3}\Shell\AutoRun\command - J:\EmDesk.exe ---\\ Trojan Driver Search Data (TDSD) (O52) O52 - TDSD:HKLM\...\Drivers\"timer"="timer.drv" O52 - TDSD:HKLM\...\Drivers32\"midimapper"="midimap.dll" O52 - TDSD:HKLM\...\Drivers32\"msacm.imaadpcm"="imaadp32.acm" O52 - TDSD:HKLM\...\Drivers32\"msacm.msadpcm"="msadp32.acm" O52 - TDSD:HKLM\...\Drivers32\"msacm.msg711"="msg711.acm" O52 - TDSD:HKLM\...\Drivers32\"msacm.msgsm610"="msgsm32.acm" O52 - TDSD:HKLM\...\Drivers32\"msacm.trspch"="tssoft32.acm" O52 - TDSD:HKLM\...\Drivers32\"vidc.cvid"="iccvid.dll" O52 - TDSD:HKLM\...\Drivers32\"VIDC.I420"="msh263.drv" O52 - TDSD:HKLM\...\Drivers32\"vidc.iv31"="ir32_32.dll" O52 - TDSD:HKLM\...\Drivers32\"vidc.iv32"="ir32_32.dll" O52 - TDSD:HKLM\...\Drivers32\"vidc.iv41"="ir41_32.ax" O52 - TDSD:HKLM\...\Drivers32\"VIDC.IYUV"="iyuv_32.dll" O52 - TDSD:HKLM\...\Drivers32\"vidc.mrle"="msrle32.dll" O52 - TDSD:HKLM\...\Drivers32\"vidc.msvc"="msvidc32.dll" O52 - TDSD:HKLM\...\Drivers32\"VIDC.UYVY"="msyuv.dll" O52 - TDSD:HKLM\...\Drivers32\"VIDC.YUY2"="msyuv.dll" O52 - TDSD:HKLM\...\Drivers32\"VIDC.YVU9"="tsbyuv.dll" O52 - TDSD:HKLM\...\Drivers32\"VIDC.YVYU"="msyuv.dll" O52 - TDSD:HKLM\...\Drivers32\"wavemapper"="msacm32.drv" O52 - TDSD:HKLM\...\Drivers32\"msacm.msg723"="msg723.acm" O52 - TDSD:HKLM\...\Drivers32\"vidc.M263"="msh263.drv" O52 - TDSD:HKLM\...\Drivers32\"vidc.M261"="msh261.drv" O52 - TDSD:HKLM\...\Drivers32\"msacm.msaudio1"="msaud32.acm" O52 - TDSD:HKLM\...\Drivers32\"msacm.sl_anet"="sl_anet.acm" O52 - TDSD:HKLM\...\Drivers32\"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax" O52 - TDSD:HKLM\...\Drivers32\"vidc.iv50"="ir50_32.dll" O52 - TDSD:HKLM\...\Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm" O52 - TDSD:HKLM\...\Drivers32\"wave"="wdmaud.drv" O52 - TDSD:HKLM\...\Drivers32\"midi"="wdmaud.drv" O52 - TDSD:HKLM\...\Drivers32\"mixer"="wdmaud.drv" O52 - TDSD:HKLM\...\Drivers32\"aux"="wdmaud.drv" O52 - TDSD:HKLM\...\Drivers32\"MSVideo8"="VfWWDM32.dll" O52 - TDSD:HKLM\...\Drivers32\"msacm.enc"="ITIG726.acm" O52 - TDSD:HKLM\...\Drivers32\"MSVideo"="vfwwdm32.dll" O52 - TDSD:HKLM\...\Drivers32\"msacm.siren"="sirenacm.dll" O52 - TDSD:HKLM\...\Drivers32\"vidc.DIVX"="DivX.dll" O52 - TDSD:HKLM\...\Drivers32\"vidc.yv12"="DivX.dll" O52 - TDSD:HKLM\...\drivers.desc\"msaud32.acm"="Windows Media Audio" O52 - TDSD:HKLM\...\drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec" O52 - TDSD:HKLM\...\drivers.desc\"C:\WINDOWS\system32\iac25_32.ax"="Indeo® audio software" O52 - TDSD:HKLM\...\drivers.desc\"ir50_32.dll"="Indeo® video 5.10" O52 - TDSD:HKLM\...\drivers.desc\"C:\WINDOWS\system32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" O52 - TDSD:HKLM\...\drivers.desc\"wdmaud.drv"="Realtek High Definition Audio" O52 - TDSD:HKLM\...\drivers.desc\"vfwwdm32.dll"="Vidéo WDM pour le pilote de capture Windows (Win32)" O52 - TDSD:HKLM\...\drivers.desc\"ITIG726.acm"="ITI G.726 Audio Codec" O52 - TDSD:HKLM\...\drivers.desc\"ir32_32.dll"="Indeo® video R3.2 by Intel" O52 - TDSD:HKLM\...\drivers.desc\"ir41_32.ax"="Indeo® video interactive R4.3 by Intel" O52 - TDSD:HKLM\...\drivers.desc\"iyvu9_32.dll"="Indeo® video Raw YVU9 by Intel" O52 - TDSD:HKLM\...\drivers.desc\"sirenacm.dll"="Messenger Audio Codec" O52 - TDSD:HKLM\...\drivers.desc\"DivX.dll"="DivX 6.8.0 Codec" ---\\ Microsoft Control Security Providers (MCSP) (O54) O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll ---\\ Microsoft Windows Policies System (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0 O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"= O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"= O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles O55 - MWPS:[HKLM\...\Policies\System] - "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme ---\\ Microsoft Windows Policies Explorer (MWPE) (O56) O56 - MWPE:[HKCU\...\Policies\Explorer] - "NoDriveTypeAutoRun"=145 O56 - MWPE:[HKLM\...\Policies\Explorer] - "HonorAutoRunSetting"=1 ---\\ Liste des Drivers Système (SDL) (O58) O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\1394bus.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\aavmker4.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\acpi.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\acpiec.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\aec.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\afd.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\amdk6.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\amdk7.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\AmdK8.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\arp1394.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\aswFsBlk.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\aswmon.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\aswmon2.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\aswRdr.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\aswSP.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\aswTdi.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\asyncmac.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\atapi.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\atmarpc.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\atmepvc.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\atmlane.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\atmuni.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\audstub.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\avgntdd.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\avgntmgr.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\avipbb.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\beep.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\BRGSp50.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\BRGSp50a64.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\bridge.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\cbidf2k.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ccdecode.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\cdaudio.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\cdfs.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\cdrom.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\cinemst2.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\classpnp.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\cpqdap01.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\crusoe.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\disk.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\diskdump.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\dmboot.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\dmio.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\dmload.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\dmusic.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\drmk.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\drmkaud.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\dxapi.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\dxg.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\dxgthk.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\enum1394.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\fastfat.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\fdc.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\fips.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\flpydisk.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\fltmgr.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\fssfltr_tdi.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\fsvga.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\fs_rec.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ftdisk.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\hidclass.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\hidparse.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\hidusb.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\HPFecp13.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\http.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\i8042prt.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\imapi.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\intelppm.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ip6fw.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ipfltdrv.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ipinip.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ipnat.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ipsec.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\irenum.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\isapnp.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\kbdclass.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\kbfilter.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\kmixer.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ks.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ksecdd.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\LV532AV.SYS O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\LVUSBSta.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mcd.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mf.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mhndrv.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mnmdd.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\modem.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mouclass.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\moufiltr.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mouhid.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mountmgr.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mqac.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mrxdav.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mrxsmb.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\msfs.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\msgpc.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mskssrv.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mspclock.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mspqm.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mssmbios.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mstee.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mup.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\nabtsfec.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ndis.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ndisip.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ndistapi.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ndisuio.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ndiswan.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ndproxy.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\netbios.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\netbt.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\nic1394.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\nikedrv.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\nmnt.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\npfs.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ntfs.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\NTIDrvr.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\null.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\nv4_mini.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\nvatabus.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\nvraid.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\nwlnkflt.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\nwlnkfwd.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\nwlnkipx.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\nwlnknb.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\nwlnkspx.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\nwrdr.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ohci1394.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\oprghdlr.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\p3.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\parport.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\partmgr.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\parvdm.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\pci.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\pciide.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\pciidex.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\pcmcia.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\portcls.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\processr.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\psched.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\psdfilter.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\psdvdisk.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ptilink.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\rasacd.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\rasl2tp.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\raspppoe.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\raspptp.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\raspti.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\rawwan.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\rdbss.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\rdpcdd.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\rdpdr.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\rdpwd.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\redbook.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\rio8drv.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\riodrv.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\rmcast.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\rndismp.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\rootmdm.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\RtkHDAud.Sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\scsiport.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\sdbus.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\secdrv.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\serenum.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\serial.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\sffdisk.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\sffp_sd.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\sfloppy.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\slip.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\smclib.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\sonydcam.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\splitter.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\sr.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\srv.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ssmdrv.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ssm_bus.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ssm_cm.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ssm_cmnt.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ssm_mdfl.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ssm_mdm.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ssm_wh.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ssm_whnt.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\StarOpen.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\stream.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\streamip.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\swenum.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\swmidi.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\sysaudio.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\tape.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\tcpip.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\tcpip6.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\tdi.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\tdpipe.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\tdtcp.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\termdd.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\tosdvd.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\tsbvcap.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\tunmp.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\udfs.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\update.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\usb8023.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\usbcamd.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\usbcamd2.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\usbd.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\usbehci.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\usbhub.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\usbintel.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\usbohci.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\usbport.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\usbscan.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\usbstor.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\vdmindvd.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\vga.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\videoprt.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\volsnap.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\wanarp.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\wdmaud.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\WINIO.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\wmilib.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\wpdusb.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ws2ifsl.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\wstcodec.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\yk51x86.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ZD1211BU.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ZD1211U.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ZDPNDIS5.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ZDPSp50.sys O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ZDPSp50a64.sys ---\\ Liste des outils de nettoyage (LATC) (O63) O63 - Logiciel: HijackThis 2.0.2 O63 - Logiciel: Navilog1 3.3.6 O63 - Logiciel: ZHPDiag 1.24 ---\\ Liste des services Legacy (LALS) (O64) O64 - Services: CurCS - avast! Asynchronous Virus Monitor (Aavmker4) - LEGACY_AAVMKER4 O64 - Services: CurCS - Memory Check Service (AcerMemUsageCheckService) - LEGACY_ACERMEMUSAGECHECKSERVICE O64 - Services: CurCS - AFD (AFD) - LEGACY_AFD O64 - Services: CurCS - Service de la passerelle de la couche Application (ALG) - LEGACY_ALG O64 - Services: CurCS - AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - LEGACY_ANTIVIRSCHEDULER O64 - Services: CurCS - AntiVir PersonalEdition Classic Guard (AntiVirService) - LEGACY_ANTIVIRSERVICE O64 - Services: CurCS - Gestion d'applications (AppMgmt) - LEGACY_APPMGMT O64 - Services: CurCS - Protocole client ARP 1394 (Arp1394) - LEGACY_ARP1394 O64 - Services: CurCS - aswFsBlk (aswFsBlk) - LEGACY_ASWFSBLK O64 - Services: CurCS - avast! Standard Shield Support (aswMon2) - LEGACY_ASWMON2 O64 - Services: CurCS - aswRdr (aswRdr) - LEGACY_ASWRDR O64 - Services: CurCS - avast! Self Protection (aswSP) - LEGACY_ASWSP O64 - Services: CurCS - avast! Network Shield Support (aswTdi) - LEGACY_ASWTDI O64 - Services: CurCS - avast! iAVS4 Control Service (aswUpdSv) - LEGACY_ASWUPDSV O64 - Services: CurCS - Audio Windows (AudioSrv) - LEGACY_AUDIOSRV O64 - Services: CurCS - avast! Antivirus (avast! Antivirus) - LEGACY_AVAST!_ANTIVIRUS O64 - Services: CurCS - avast! Mail Scanner (avast! Mail Scanner) - LEGACY_AVAST!_MAIL_SCANNER O64 - Services: CurCS - avast! Web Scanner (avast! Web Scanner) - LEGACY_AVAST!_WEB_SCANNER O64 - Services: CurCS - avgio (avgio) - LEGACY_AVGIO O64 - Services: CurCS - avgntflt (avgntflt) - LEGACY_AVGNTFLT O64 - Services: CurCS - avipbb (avipbb) - LEGACY_AVIPBB O64 - Services: CurCS - Beep (Beep) - LEGACY_BEEP O64 - Services: CurCS - Service de transfert intelligent en arrière-plan (BITS) - LEGACY_BITS O64 - Services: CurCS - Explorateur d'ordinateur (Browser) - LEGACY_BROWSER O64 - Services: CurCS - cdfs (cdfs) - LEGACY_CDFS O64 - Services: CurCS - .NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - LEGACY_CLR_OPTIMIZATION_V2.0.50727_32 O64 - Services: CurCS - Application système COM+ (COMSysApp) - LEGACY_COMSYSAPP O64 - Services: CurCS - Services de cryptographie (CryptSvc) - LEGACY_CRYPTSVC O64 - Services: CurCS - Lanceur de processus serveur DCOM (DcomLaunch) - LEGACY_DCOMLAUNCH O64 - Services: CurCS - Client DHCP (Dhcp) - LEGACY_DHCP O64 - Services: CurCS - Service d'administration du Gestionnaire de disque logique (dmadmin) - LEGACY_DMADMIN O64 - Services: CurCS - dmboot (dmboot) - LEGACY_DMBOOT O64 - Services: CurCS - dmload (dmload) - LEGACY_DMLOAD O64 - Services: CurCS - Gestionnaire de disque logique (dmserver) - LEGACY_DMSERVER O64 - Services: CurCS - Client DNS (Dnscache) - LEGACY_DNSCACHE O64 - Services: CurCS - Media Center Receiver Service (ehRecvr) - LEGACY_EHRECVR O64 - Services: CurCS - Service de planification Media Center (ehSched) - LEGACY_EHSCHED O64 - Services: CurCS - EraserUtilDrv10633 (EraserUtilDrv10633) - LEGACY_ERASERUTILDRV10633 O64 - Services: CurCS - Service de rapport d'erreurs (ERSvc) - LEGACY_ERSVC O64 - Services: CurCS - Système d'événements de COM+ (EventSystem) - LEGACY_EVENTSYSTEM O64 - Services: CurCS - fastfat (fastfat) - LEGACY_FASTFAT O64 - Services: CurCS - Compatibilité avec le Changement rapide d'utilisateur (FastUserSwitchingCompatibility) - LEGACY_FASTUSERSWITCHINGCOMPATIBILITY O64 - Services: CurCS - Fax (Fax) - LEGACY_FAX O64 - Services: CurCS - Fips (Fips) - LEGACY_FIPS O64 - Services: CurCS - FltMgr (FltMgr) - LEGACY_FLTMGR O64 - Services: CurCS - Windows Presentation Foundation Font Cache 3.0.0.0 (FontCache3.0.0.0) - LEGACY_FONTCACHE3.0.0.0 O64 - Services: CurCS - FssFltr (fssfltr) - LEGACY_FSSFLTR O64 - Services: CurCS - Fs_Rec (Fs_Rec) - LEGACY_FS_REC O64 - Services: CurCS - Classificateur de paquets générique (Gpc) - LEGACY_GPC O64 - Services: CurCS - Google Software Updater (gusvc) - LEGACY_GUSVC O64 - Services: CurCS - Aide et support (helpsvc) - LEGACY_HELPSVC O64 - Services: CurCS - Parallel Device (HPFECP13) - LEGACY_HPFECP13 O64 - Services: CurCS - HTTP (HTTP) - LEGACY_HTTP O64 - Services: CurCS - HTTP SSL (HTTPFilter) - LEGACY_HTTPFILTER O64 - Services: CurCS - InstallDriver Table Manager (IDriverT) - LEGACY_IDRIVERT O64 - Services: CurCS - Service COM de gravage de CD IMAPI (ImapiService) - LEGACY_IMAPISERVICE O64 - Services: CurCS - int15.sys (int15.sys) - LEGACY_INT15.SYS O64 - Services: CurCS - Traducteur d'adresses réseau IP (IpNat) - LEGACY_IPNAT O64 - Services: CurCS - Pilote IPSEC (IPSec) - LEGACY_IPSEC O64 - Services: CurCS - Java Quick Starter (JavaQuickStarterService) - LEGACY_JAVAQUICKSTARTERSERVICE O64 - Services: CurCS - ksecdd (ksecdd) - LEGACY_KSECDD O64 - Services: CurCS - Serveur (lanmanserver) - LEGACY_LANMANSERVER O64 - Services: CurCS - Station de travail (LanmanWorkstation) - LEGACY_LANMANWORKSTATION O64 - Services: CurCS - LightScribeService Direct Disc Labeling Service (LightScribeService) - LEGACY_LIGHTSCRIBESERVICE O64 - Services: CurCS - Assistance TCP/IP NetBIOS (LmHosts) - LEGACY_LMHOSTS O64 - Services: CurCS - Media Center Extender Service (McrdSvc) - LEGACY_MCRDSVC O64 - Services: CurCS - Machine Debug Manager (MDM) - LEGACY_MDM O64 - Services: CurCS - mnmdd (mnmdd) - LEGACY_MNMDD O64 - Services: CurCS - mountmgr (mountmgr) - LEGACY_MOUNTMGR O64 - Services: CurCS - Redirecteur client WebDav (MRxDAV) - LEGACY_MRXDAV O64 - Services: CurCS - MRXSMB (MRxSmb) - LEGACY_MRXSMB O64 - Services: CurCS - Distributed Transaction Coordinator (MSDTC) - LEGACY_MSDTC O64 - Services: CurCS - Msfs (Msfs) - LEGACY_MSFS O64 - Services: CurCS - Windows Installer (MSIServer) - LEGACY_MSISERVER O64 - Services: CurCS - Mup (Mup) - LEGACY_MUP O64 - Services: CurCS - No object (No service) - LEGACY_NAVENG O64 - Services: CurCS - No object (No service) - LEGACY_NAVEX15 O64 - Services: CurCS - Pilote système NDIS (NDIS) - LEGACY_NDIS O64 - Services: CurCS - Pilote TAPI NDIS d'accès distant (NdisTapi) - LEGACY_NDISTAPI O64 - Services: CurCS - NDIS mode utilisateur E/S Protocole (Ndisuio) - LEGACY_NDISUIO O64 - Services: CurCS - NDProxy (NDProxy) - LEGACY_NDPROXY O64 - Services: CurCS - Interface NetBIOS (NetBIOS) - LEGACY_NETBIOS O64 - Services: CurCS - NetBIOS sur TCP/IP (NetBT) - LEGACY_NETBT O64 - Services: CurCS - Connexions réseau (Netman) - LEGACY_NETMAN O64 - Services: CurCS - NLA (Network Location Awareness) (Nla) - LEGACY_NLA O64 - Services: CurCS - NMIndexingService (NMIndexingService) - LEGACY_NMINDEXINGSERVICE O64 - Services: CurCS - Npfs (Npfs) - LEGACY_NPFS O64 - Services: CurCS - ntfs (ntfs) - LEGACY_NTFS O64 - Services: CurCS - Null (Null) - LEGACY_NULL O64 - Services: CurCS - nvatabus (nvatabus) - LEGACY_NVATABUS O64 - Services: CurCS - NVIDIA nForce RAID Class Driver (nvraid) - LEGACY_NVRAID O64 - Services: CurCS - NVIDIA Display Driver Service (NVSvc) - LEGACY_NVSVC O64 - Services: CurCS - Office Source Engine (ose) - LEGACY_OSE O64 - Services: CurCS - PartMgr (PartMgr) - LEGACY_PARTMGR O64 - Services: CurCS - ParVdm (ParVdm) - LEGACY_PARVDM O64 - Services: CurCS - Services IPSEC (PolicyAgent) - LEGACY_POLICYAGENT O64 - Services: CurCS - Emplacement protégé (ProtectedStorage) - LEGACY_PROTECTEDSTORAGE O64 - Services: CurCS - psdvdisk (psdvdisk) - LEGACY_PSDVDISK O64 - Services: CurCS - Pilote de connexion automatique d'accès distant (RasAcd) - LEGACY_RASACD O64 - Services: CurCS - Gestionnaire de connexions d'accès distant (RasMan) - LEGACY_RASMAN O64 - Services: CurCS - Rdbss (Rdbss) - LEGACY_RDBSS O64 - Services: CurCS - RDPCDD (RDPCDD) - LEGACY_RDPCDD O64 - Services: CurCS - RDPNP (RDPNP) - LEGACY_RDPNP O64 - Services: CurCS - Accès à distance au Registre (RemoteRegistry) - LEGACY_REMOTEREGISTRY O64 - Services: CurCS - Appel de procédure distante (RPC) (RpcSs) - LEGACY_RPCSS O64 - Services: CurCS - Gestionnaire de comptes de sécurité (SamSs) - LEGACY_SAMSS O64 - Services: CurCS - SAVRT (SAVRT) - LEGACY_SAVRT O64 - Services: CurCS - No object (No service) - LEGACY_SAVRTPEL O64 - Services: CurCS - Planificateur de tâches (Schedule) - LEGACY_SCHEDULE O64 - Services: CurCS - SeaPort (SeaPort) - LEGACY_SEAPORT O64 - Services: CurCS - Connexion secondaire (seclogon) - LEGACY_SECLOGON O64 - Services: CurCS - Notification d'événement système (SENS) - LEGACY_SENS O64 - Services: CurCS - Pare-feu Windows / Partage de connexion Internet (SharedAccess) - LEGACY_SHAREDACCESS O64 - Services: CurCS - Détection matériel noyau (ShellHWDetection) - LEGACY_SHELLHWDETECTION O64 - Services: CurCS - No object (No service) - LEGACY_SPBBCDRV O64 - Services: CurCS - Spouleur d'impression (Spooler) - LEGACY_SPOOLER O64 - Services: CurCS - Pilote de filtre de restauration système (sr) - LEGACY_SR O64 - Services: CurCS - Service de restauration système (srservice) - LEGACY_SRSERVICE O64 - Services: CurCS - Srv (Srv) - LEGACY_SRV O64 - Services: CurCS - Service de découvertes SSDP (SSDPSRV) - LEGACY_SSDPSRV O64 - Services: CurCS - ssmdrv (ssmdrv) - LEGACY_SSMDRV O64 - Services: CurCS - StarOpen (StarOpen) - LEGACY_STAROPEN O64 - Services: CurCS - Acquisition d'image Windows (WIA) (stisvc) - LEGACY_STISVC O64 - Services: CurCS - SYMDNS (SYMDNS) - LEGACY_SYMDNS O64 - Services: CurCS - SymEvent (SymEvent) - LEGACY_SYMEVENT O64 - Services: CurCS - SYMFW (SYMFW) - LEGACY_SYMFW O64 - Services: CurCS - SYMIDS (SYMIDS) - LEGACY_SYMIDS O64 - Services: CurCS - SYMIDSCO (SYMIDSCO) - LEGACY_SYMIDSCO O64 - Services: CurCS - No object (No service) - LEGACY_SYMLCBRD O64 - Services: CurCS - SYMNDIS (SYMNDIS) - LEGACY_SYMNDIS O64 - Services: CurCS - SYMREDRV (SYMREDRV) - LEGACY_SYMREDRV O64 - Services: CurCS - SYMTDI (SYMTDI) - LEGACY_SYMTDI O64 - Services: CurCS - Téléphonie (TapiSrv) - LEGACY_TAPISRV O64 - Services: CurCS - Pilote du protocole TCP/IP (Tcpip) - LEGACY_TCPIP O64 - Services: CurCS - Services Terminal Server (TermService) - LEGACY_TERMSERVICE O64 - Services: CurCS - Thèmes (Themes) - LEGACY_THEMES O64 - Services: CurCS - Client de suivi de lien distribué (TrkWks) - LEGACY_TRKWKS O64 - Services: CurCS - UBHelper (UBHelper) - LEGACY_UBHELPER O64 - Services: CurCS - Udfs (Udfs) - LEGACY_UDFS O64 - Services: CurCS - Hôte de périphérique universel Plug-and-Play (upnphost) - LEGACY_UPNPHOST O64 - Services: CurCS - vga (vga) - LEGACY_VGA O64 - Services: CurCS - VgaSave (VgaSave) - LEGACY_VGASAVE O64 - Services: CurCS - VolSnap (VolSnap) - LEGACY_VOLSNAP O64 - Services: CurCS - Horloge Windows (W32Time) - LEGACY_W32TIME O64 - Services: CurCS - Pilote ARP IP d'accès distant (Wanarp) - LEGACY_WANARP O64 - Services: CurCS - WebClient (WebClient) - LEGACY_WEBCLIENT O64 - Services: CurCS - Infrastructure de gestion Windows (winmgmt) - LEGACY_WINMGMT O64 - Services: CurCS - Carte de performance WMI (WmiApSrv) - LEGACY_WMIAPSRV O64 - Services: CurCS - Centre de sécurité (wscsvc) - LEGACY_WSCSVC O64 - Services: CurCS - Mises à jour automatiques (wuauserv) - LEGACY_WUAUSERV O64 - Services: CurCS - Windows Driver Foundation - User-mode Driver Framework Platform Driver (WudfPf) - LEGACY_WUDFPF O64 - Services: CurCS - Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - LEGACY_WUDFSVC O64 - Services: CurCS - Configuration automatique sans fil (WZCSVC) - LEGACY_WZCSVC O64 - Services: CurCS - ZDPSp50 NDIS Protocol Driver (ZDPSp50) - LEGACY_ZDPSP50 End of the scan: 1122 lines ________________________________________________________________________________ ______
  9. Katy35
    Bonjour, Ci-joint le lien afin que vous puissiez m'aider à réparer mon PC : http://www.cijoint.fr/cjlink.php?file=cj20...cij1x0euBK.tx­t Il est super lent, n'ouvre pas les applications souhaitées, bug sans arrêt, s'arrête tout seul... bref, c'est une vraie galère. J'ai donc téléchargé ZHPDiag. Un pro peut-il m'aider svp ? Merci beaucoup, Katy Configuration: Windows XP Firefox 3.5.6
×
×
  • Créer...