Aller au contenu

tonosama

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    20

  • Inscription

  • Dernière visite

Tout ce qui a été posté par tonosama

  1. tonosama
    merci thorgal, mais il n'y a pas eu d'installation sur mon ordi entre le dernier bon scan et maintenant. il n'y a pas eu de mauvais fonctionnement de mon ordi ni alerte de mauvais fonctionnement de périphérique. ni de mise à jours windows. Je peux toujours essayer mais je doute que le pilote y soit pour quelque chose. au début, j'ai pensé à un mauvais réglage, mais j'ai tout réinitialisé. ensuite à la mort de la lampe mais elle eclaire, et toujours d'un beau blanc.
  2. tonosama
    Bonjour à tous, voilà j'ai un problème avec mon scanner epson perfection 1670. depuis quelques jours tous ce que je scanne sort en bleu,genre bleu baveux (à l'ecran de prévisialisation et à l'enregistrement de l'image). je n'ai aucun souci de fonctionnement avec (hormi la couleur), pas de message d'erreur ou autre. j'ai reinitialiser tous les paramètres (notament de colorimétrie qui etait sur auto)mais rien ne change et ce quelque soit les réglages. je scan en mode pro, avec les bon réglage (mode opaque,type document, etc) la lumière du tube fluo est blanche, la vitre propre et le fond blanc aussi. là je ne vois plus quel pourait être la cause de ça. si quelqu'un peux m'eclairer ou me résoudre le problème se serait sympa !!!
  3. tonosama
    en fait je viens de voir que le service hote de peripheriqueuniversel plug and play etait déjà sur manuel mon problème venait peut etre de cela , que les deux services etaient l'un en automatique et l'autre en manuel ? en tout cas grand merci à toi pour avoir résolut mes 2 problemes !
  4. tonosama
    merci pour ta reponse je suis branché en reseau avec un routeur sinon je l'ai repassé en manuel
  5. tonosama
    ça a marché j'ai de nouveau toutes mes icones mais la desactivation du service ssdp implique quoi?
  6. tonosama
    dit moi ce service ssdp il gère pas les péripherie plugnplay?
  7. tonosama
    merci mais ça n'a pas marché pour la modification de la base de registre c'est ces 3 lignes + le blanc à ecrire dans le bloc note ou bien uniquement les 2 dernières lignes? car après avoir appliqué le script et redemarrer j'ai été voir dans la base de registre et dans HKCU la valeur de "enableautotray" est 0x00000000(0) normalement avec ton script elle devrait passer à 1 avec msconfig j'ai decoché 2 lancement (tomtom et un autre pas utile) j'essaye avec ta deuxieme partie ha au fait l'editeur de registre est la version 5.1 de windows SP3 !
  8. tonosama
    merci beaucoup pour ton aide !! merci aussi pour tes liens ha j'oubliai pour mon petit soucis d'affichage dans zone de notification de la barre de tâche (près de l'horloge)où au demarrage j'ai la disparition de plusieurs icones (ce n'est pas due à l'inactivité !)En fait lors du demarrage la barre windows est comme figé et inaccessible assez longtemps (mais pas le bureau) puis redevient accèssible et là j'ai les dernières icones qui se charge comme live messenger et qui sont visible. le probleme en gros que j'ai c'est l'impossibilité de les faires réapparaitre. lorsque j'avais encore adaware son icone réapparaissée lors de sa mise à jours! après quelques essais tres sommaire je pensai que cela venait du driver de la carte graphique (ati asus x1950pro, pilote 8.591.0.0)j'avais mis le dernier pilote fait par asus (essayé aussi par ati) mais à l'epoque j'avais des soucis d'ecran bleu lors du chargement de jeux. donc retour en arrière. si ce probleme te parle n'hesite pas sinon je vie avec depuis pas mal de temps et encore merci pour le temps que tu m'a consacré !
  9. tonosama
    et bien ça a l'air d'allez bien je n'ai plus le ralentissement pour tcpip il devrait changer comment? sinon je viens de me souvenir d'un autre truc, il y a quelques temps j'avais utilisé un patch pour augmenter le nombre de telechargement simultannée (pour pouvoir en faire 50) tu le trouveras ici : www.LvlLord.de - Tipps, Tricks & Utilities - Downloads tcpip ne change pas, peut etre à cause de ça? sinon les rapports sont ils sain ou pas?
  10. tonosama
    ou alors c'est moi qui procède mal? j'ai combofix sur mon bureau, je ferme tous mes programmes, mes dd virtuel, me deconnecte du reseau (et donc Internet) et enfin glisse ton fichier txt sur combofix j'oublier je desactive nod32 aussi j'ai tout bon?
  11. tonosama
    voici le rapport : ComboFix 10-08-06.01 - fifi 07/08/2010 19:11:03.6.2 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.3007.2366 [GMT 2:00] Lancé depuis: c:\documents and settings\fifi\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\fifi\Bureau\CFScript.txt AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} * Un antivirus résident est actif . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . --------------- FCopy --------------- c:\windows\system32\dllcache\TCPIP.SYS --> c:\windows\system32\drivers\TCIP.SYS . ((((((((((((((((((((((((((((( Fichiers créés du 2010-07-07 au 2010-08-07 )))))))))))))))))))))))))))))))))))) . 2010-08-07 16:07 . 2008-06-20 11:59 361600 ----a-w- c:\windows\system32\drivers\TCIP.SYS 2010-08-07 05:27 . 2010-08-07 05:27 503808 ----a-w- c:\documents and settings\fifi\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2265d5bc-n\msvcp71.dll 2010-08-07 05:27 . 2010-08-07 05:27 499712 ----a-w- c:\documents and settings\fifi\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2265d5bc-n\jmc.dll 2010-08-07 05:27 . 2010-08-07 05:27 348160 ----a-w- c:\documents and settings\fifi\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2265d5bc-n\msvcr71.dll 2010-08-07 05:27 . 2010-08-07 05:27 61440 ----a-w- c:\documents and settings\fifi\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5babead3-n\decora-sse.dll 2010-08-07 05:27 . 2010-08-07 05:27 12800 ----a-w- c:\documents and settings\fifi\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5babead3-n\decora-d3d.dll 2010-08-05 19:05 . 2010-08-05 20:43 -------- d-----w- c:\program files\Ad-Remover 2010-08-05 18:11 . 2010-08-05 18:11 -------- d-----w- c:\program files\SpywareBlaster 2010-08-05 14:26 . 2010-08-05 23:21 -------- d-----w- c:\program files\ZHPDiag 2010-08-05 00:08 . 2010-08-05 00:08 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe 2010-08-05 00:08 . 2010-08-05 00:08 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe 2010-08-05 00:07 . 2010-08-05 00:07 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe 2010-08-04 22:03 . 2010-08-07 14:04 -------- d-----w- c:\program files\UnHackMe 2010-08-04 16:50 . 2010-08-04 16:50 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET 2010-08-04 13:16 . 2010-08-04 13:18 -------- d-----w- C:\rsit 2010-08-04 00:56 . 2010-08-04 00:56 -------- d-----w- c:\documents and settings\fifi\Local Settings\Application Data\ESET 2010-08-02 14:33 . 2010-08-02 15:11 -------- d-----w- c:\program files\ESET 2010-08-02 14:33 . 2010-08-02 14:33 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET 2010-08-02 14:09 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-06 01:26 . 2002-08-30 12:00 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS 2010-08-06 01:26 . 2010-08-06 01:26 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL 2010-08-05 00:41 . 2010-06-17 20:28 -------- d--h--w- c:\documents and settings\fifi\Application Data\Windows Firewall 2010-08-05 00:09 . 2010-05-03 23:25 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll 2010-08-05 00:09 . 2010-05-03 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX 2010-08-05 00:08 . 2007-12-11 18:55 -------- d-----w- c:\program files\DivX 2010-08-05 00:04 . 2010-06-09 08:18 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe 2010-08-05 00:04 . 2010-05-03 23:25 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll 2010-08-05 00:04 . 2010-05-03 23:25 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe 2010-07-03 19:10 . 2002-08-30 12:00 84956 ----a-w- c:\windows\system32\perfc00C.dat 2010-07-03 19:10 . 2002-08-30 12:00 509872 ----a-w- c:\windows\system32\perfh00C.dat 2010-07-03 11:52 . 2010-06-22 08:32 -------- d-----w- c:\documents and settings\fifi\Application Data\vlc 2010-07-01 22:54 . 2008-01-28 22:29 -------- d-----w- c:\documents and settings\fifi\Application Data\dvdcss 2010-06-27 22:27 . 2006-12-15 02:17 -------- d-----w- c:\documents and settings\fifi\Application Data\XnView 2010-06-26 00:17 . 2010-01-29 00:14 -------- d-----w- c:\program files\CCleaner 2010-06-17 20:28 . 2010-06-17 20:28 24576 ----a-w- c:\documents and settings\fifi\Application Data\Windows Firewall\Avira_AntiVir_Control_Center.exe 2010-06-14 14:31 . 2006-12-14 23:24 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe 2010-06-10 07:19 . 2008-07-02 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-06-09 12:03 . 2010-06-09 10:24 -------- d-----w- c:\program files\ImageDupeless 2010-06-09 10:08 . 2010-06-09 10:08 -------- d-----w- c:\program files\VS Revo Group 2010-06-09 08:22 . 2009-06-01 15:07 -------- d-----w- c:\program files\Fichiers communs\DivX Shared 2010-06-09 08:22 . 2010-06-09 08:22 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe 2010-06-09 08:22 . 2010-06-09 08:22 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe 2010-06-09 08:22 . 2010-06-09 08:22 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe 2010-06-09 08:22 . 2010-06-09 08:22 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe 2010-06-09 08:21 . 2010-06-09 08:21 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe 2010-06-08 19:08 . 2010-06-08 19:07 -------- d-----w- c:\documents and settings\fifi\Application Data\CloneSpy 2010-06-08 18:00 . 2010-06-08 18:00 -------- d-----w- c:\program files\CloneSpy 2010-06-07 12:20 . 2010-06-07 12:19 1956656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe 2010-05-22 05:27 . 2010-05-22 05:27 503808 ----a-w- c:\documents and settings\fifi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-24984d25-n\msvcp71.dll 2010-05-22 05:27 . 2010-05-22 05:27 499712 ----a-w- c:\documents and settings\fifi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-24984d25-n\jmc.dll 2010-05-22 05:27 . 2010-05-22 05:27 348160 ----a-w- c:\documents and settings\fifi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-24984d25-n\msvcr71.dll 2010-05-22 05:27 . 2010-05-22 05:27 61440 ----a-w- c:\documents and settings\fifi\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5f6e405f-n\decora-sse.dll 2010-05-22 05:27 . 2010-05-22 05:27 12800 ----a-w- c:\documents and settings\fifi\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5f6e405f-n\decora-d3d.dll 2003-01-13 09:55 . 2006-12-16 18:44 282624 ------w- c:\program files\internet explorer\plugins\PanoViewer.dll 1999-04-30 15:00 . 2006-12-16 18:44 98304 ------w- c:\program files\internet explorer\plugins\UPjpeg.dll 2009-05-08 15:09 . 2008-01-28 22:24 5484 --sha-w- c:\windows\system32\KGyGaAvL.sys . ------- Sigcheck ------- [-] 2010-08-06 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\erdnt\cache\tcpip.sys [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS [-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtServicePackUninstall$\tcpip.sys [-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys [-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys [-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys [7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys . ((((((((((((((((((((((((((((( SnapShot@2010-08-06_17.26.43 ))))))))))))))))))))))))))))))))))))))))) . + 2010-08-07 17:08 . 2010-08-07 17:08 16384 c:\windows\temp\Perflib_Perfdata_350.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856] "EPSON Stylus D88 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE" [2005-01-27 98304] "TomTomHOME.exe"="d:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-05-07 247144] "IW_Drop_Icon"="c:\program files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe" [2005-06-29 1346560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WD Button Manager"="WDBtnMgr.exe" [2007-05-06 331776] "VirtualCloneDrive"="d:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160] "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352] "SetIcon"="\Program Files\WDC\SetIcon.exe" [2004-04-28 42496] "AsusStartupHelp"="c:\program files\ASUS\AASP\1.00.15\AsRunHelp.exe" [2006-11-14 363008] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400] "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-01-21 92168] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Acc‚l‚rateur de d‚marrage AutoCAD.lnk - c:\program files\Fichiers communs\Autodesk Shared\acstart16.exe [2005-3-5 10872] APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2008-10-11 221247] Microsoft Office.lnk - d:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "TomTomHOME.exe"="d:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" "Cobian Backup 9"="d:\program files\Cobian Backup 9\Cobian.exe" "WinampAgent"="c:\program files\Winamp\winampa.exe" "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "NBKeyScan"="d:\program files\nero\Nero BackItUp 4\NBKeyScan.exe" "Nero MediaHome 4"="d:\program files\nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN "Sony Ericsson PC Suite"="d:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "d:\\program files\\Pinnacle\\Studio 10\\programs\\studio.exe"= "c:\\Program Files\\Asus\\AsusUpdate\\Update.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\javaw.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "d:\\program files\\nero\\Nero MediaHome 4\\NMMediaServerService.exe"= "d:\\program files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"= "m:\\www\\xampp\\xampp-control.exe"= "m:\\www\\xampp\\FileZillaFTP\\FileZilla Server.exe"= R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [06/02/2009 14:23 106208] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [06/02/2009 14:24 93336] R2 Apache2.2;Apache2.2;m:\www\xampp\apache\bin\httpd.exe [02/04/2010 14:29 29416] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [06/02/2009 14:23 727720] R2 TomTomHOMEService;TomTomHOMEService;d:\program files\TomTom HOME 2\TomTomHOMEService.exe [07/05/2010 14:36 92008] R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [21/01/2009 17:45 30560] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S1 vobiw;vobiw;c:\windows\system32\drivers\vobIW.sys [01/09/2004 15:50 188416] S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/04/2010 14:37 136176] S3 cdrdrv;Cdrdrv;c:\windows\system32\drivers\Cdrdrv.sys [10/02/2005 12:55 62976] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24/06/2007 18:17 639224] . Contenu du dossier 'Tâches planifiées' 2010-08-07 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2009-05-25 13:55] 2010-08-07 c:\windows\Tasks\User_Feed_Synchronization-{980F208D-EA48-4B13-A082-77BE7466FAB6}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.orange.fr/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE: E&xporter vers Microsoft Excel - d:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000 TCP: {B50DCB03-DB7C-4D14-B7BA-C386DFFC99F8} = 192.168.0.1 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {3CBA13C3-58C7-47F1-9758-D4B255A50D52} - file:///I:/fr/ses_ocx/sessearch.ocx . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-08-07 19:15 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(1124) c:\windows\system32\Ati2evxx.dll . Heure de fin: 2010-08-07 19:17:34 ComboFix-quarantined-files.txt 2010-08-07 17:17 ComboFix2.txt 2010-08-07 16:13 ComboFix3.txt 2010-08-07 14:39 ComboFix4.txt 2010-08-06 17:28 Avant-CF: 11 234 324 480 octets libres Après-CF: 11 217 903 616 octets libres - - End Of File - - 653EAB065BEB2C6BAAD546A2688E536C il y a longtemps j'avais modifié le registre pour lui permettre de faire une dizaine de téléchargement en même temps peut être une piste?
  12. tonosama
    je relance l'analyse quel genre de problème?
  13. tonosama
    voici le rapport : ComboFix 10-08-06.01 - fifi 07/08/2010 18:07:33.5.2 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.3007.2384 [GMT 2:00] Lancé depuis: c:\documents and settings\fifi\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\fifi\Bureau\CFScript.txt AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} * Un antivirus résident est actif . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . --------------- FCopy --------------- c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys --> c:\windows\system32\dllcache\TCPIP.SYS c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys --> c:\windows\system32\drivers\TCIP.SYS . ((((((((((((((((((((((((((((( Fichiers créés du 2010-07-07 au 2010-08-07 )))))))))))))))))))))))))))))))))))) . 2010-08-07 16:07 . 2008-06-20 11:59 361600 ----a-w- c:\windows\system32\drivers\TCIP.SYS 2010-08-07 05:27 . 2010-08-07 05:27 503808 ----a-w- c:\documents and settings\fifi\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2265d5bc-n\msvcp71.dll 2010-08-07 05:27 . 2010-08-07 05:27 499712 ----a-w- c:\documents and settings\fifi\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2265d5bc-n\jmc.dll 2010-08-07 05:27 . 2010-08-07 05:27 348160 ----a-w- c:\documents and settings\fifi\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2265d5bc-n\msvcr71.dll 2010-08-07 05:27 . 2010-08-07 05:27 61440 ----a-w- c:\documents and settings\fifi\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5babead3-n\decora-sse.dll 2010-08-07 05:27 . 2010-08-07 05:27 12800 ----a-w- c:\documents and settings\fifi\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5babead3-n\decora-d3d.dll 2010-08-05 19:05 . 2010-08-05 20:43 -------- d-----w- c:\program files\Ad-Remover 2010-08-05 18:11 . 2010-08-05 18:11 -------- d-----w- c:\program files\SpywareBlaster 2010-08-05 14:26 . 2010-08-05 23:21 -------- d-----w- c:\program files\ZHPDiag 2010-08-05 00:08 . 2010-08-05 00:08 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe 2010-08-05 00:08 . 2010-08-05 00:08 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe 2010-08-05 00:07 . 2010-08-05 00:07 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe 2010-08-04 22:03 . 2010-08-07 14:04 -------- d-----w- c:\program files\UnHackMe 2010-08-04 16:50 . 2010-08-04 16:50 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET 2010-08-04 13:16 . 2010-08-04 13:18 -------- d-----w- C:\rsit 2010-08-04 00:56 . 2010-08-04 00:56 -------- d-----w- c:\documents and settings\fifi\Local Settings\Application Data\ESET 2010-08-02 14:33 . 2010-08-02 15:11 -------- d-----w- c:\program files\ESET 2010-08-02 14:33 . 2010-08-02 14:33 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET 2010-08-02 14:09 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-06 01:26 . 2002-08-30 12:00 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS 2010-08-06 01:26 . 2010-08-06 01:26 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL 2010-08-05 00:41 . 2010-06-17 20:28 -------- d--h--w- c:\documents and settings\fifi\Application Data\Windows Firewall 2010-08-05 00:09 . 2010-05-03 23:25 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll 2010-08-05 00:09 . 2010-05-03 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX 2010-08-05 00:08 . 2007-12-11 18:55 -------- d-----w- c:\program files\DivX 2010-08-05 00:04 . 2010-06-09 08:18 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe 2010-08-05 00:04 . 2010-05-03 23:25 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll 2010-08-05 00:04 . 2010-05-03 23:25 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe 2010-07-03 19:10 . 2002-08-30 12:00 84956 ----a-w- c:\windows\system32\perfc00C.dat 2010-07-03 19:10 . 2002-08-30 12:00 509872 ----a-w- c:\windows\system32\perfh00C.dat 2010-07-03 11:52 . 2010-06-22 08:32 -------- d-----w- c:\documents and settings\fifi\Application Data\vlc 2010-07-01 22:54 . 2008-01-28 22:29 -------- d-----w- c:\documents and settings\fifi\Application Data\dvdcss 2010-06-27 22:27 . 2006-12-15 02:17 -------- d-----w- c:\documents and settings\fifi\Application Data\XnView 2010-06-26 00:17 . 2010-01-29 00:14 -------- d-----w- c:\program files\CCleaner 2010-06-17 20:28 . 2010-06-17 20:28 24576 ----a-w- c:\documents and settings\fifi\Application Data\Windows Firewall\Avira_AntiVir_Control_Center.exe 2010-06-14 14:31 . 2006-12-14 23:24 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe 2010-06-10 07:19 . 2008-07-02 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-06-09 12:03 . 2010-06-09 10:24 -------- d-----w- c:\program files\ImageDupeless 2010-06-09 10:08 . 2010-06-09 10:08 -------- d-----w- c:\program files\VS Revo Group 2010-06-09 08:22 . 2009-06-01 15:07 -------- d-----w- c:\program files\Fichiers communs\DivX Shared 2010-06-09 08:22 . 2010-06-09 08:22 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe 2010-06-09 08:22 . 2010-06-09 08:22 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe 2010-06-09 08:22 . 2010-06-09 08:22 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe 2010-06-09 08:22 . 2010-06-09 08:22 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe 2010-06-09 08:21 . 2010-06-09 08:21 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe 2010-06-08 19:08 . 2010-06-08 19:07 -------- d-----w- c:\documents and settings\fifi\Application Data\CloneSpy 2010-06-08 18:00 . 2010-06-08 18:00 -------- d-----w- c:\program files\CloneSpy 2010-06-07 12:20 . 2010-06-07 12:19 1956656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe 2010-05-22 05:27 . 2010-05-22 05:27 503808 ----a-w- c:\documents and settings\fifi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-24984d25-n\msvcp71.dll 2010-05-22 05:27 . 2010-05-22 05:27 499712 ----a-w- c:\documents and settings\fifi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-24984d25-n\jmc.dll 2010-05-22 05:27 . 2010-05-22 05:27 348160 ----a-w- c:\documents and settings\fifi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-24984d25-n\msvcr71.dll 2010-05-22 05:27 . 2010-05-22 05:27 61440 ----a-w- c:\documents and settings\fifi\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5f6e405f-n\decora-sse.dll 2010-05-22 05:27 . 2010-05-22 05:27 12800 ----a-w- c:\documents and settings\fifi\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5f6e405f-n\decora-d3d.dll 2003-01-13 09:55 . 2006-12-16 18:44 282624 ------w- c:\program files\internet explorer\plugins\PanoViewer.dll 1999-04-30 15:00 . 2006-12-16 18:44 98304 ------w- c:\program files\internet explorer\plugins\UPjpeg.dll 2009-05-08 15:09 . 2008-01-28 22:24 5484 --sha-w- c:\windows\system32\KGyGaAvL.sys . ------- Sigcheck ------- [-] 2010-08-06 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\erdnt\cache\tcpip.sys [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS [-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtServicePackUninstall$\tcpip.sys [-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys [-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys [-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys [7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys . ((((((((((((((((((((((((((((( SnapShot@2010-08-06_17.26.43 ))))))))))))))))))))))))))))))))))))))))) . + 2010-08-07 16:01 . 2010-08-07 16:01 16384 c:\windows\temp\Perflib_Perfdata_33c.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856] "EPSON Stylus D88 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE" [2005-01-27 98304] "TomTomHOME.exe"="d:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-05-07 247144] "IW_Drop_Icon"="c:\program files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe" [2005-06-29 1346560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WD Button Manager"="WDBtnMgr.exe" [2007-05-06 331776] "VirtualCloneDrive"="d:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160] "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352] "SetIcon"="\Program Files\WDC\SetIcon.exe" [2004-04-28 42496] "AsusStartupHelp"="c:\program files\ASUS\AASP\1.00.15\AsRunHelp.exe" [2006-11-14 363008] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400] "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-01-21 92168] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Acc‚l‚rateur de d‚marrage AutoCAD.lnk - c:\program files\Fichiers communs\Autodesk Shared\acstart16.exe [2005-3-5 10872] APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2008-10-11 221247] Microsoft Office.lnk - d:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "TomTomHOME.exe"="d:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" "Cobian Backup 9"="d:\program files\Cobian Backup 9\Cobian.exe" "WinampAgent"="c:\program files\Winamp\winampa.exe" "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "NBKeyScan"="d:\program files\nero\Nero BackItUp 4\NBKeyScan.exe" "Nero MediaHome 4"="d:\program files\nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN "Sony Ericsson PC Suite"="d:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "d:\\program files\\Pinnacle\\Studio 10\\programs\\studio.exe"= "c:\\Program Files\\Asus\\AsusUpdate\\Update.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\javaw.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "d:\\program files\\nero\\Nero MediaHome 4\\NMMediaServerService.exe"= "d:\\program files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"= "m:\\www\\xampp\\xampp-control.exe"= "m:\\www\\xampp\\FileZillaFTP\\FileZilla Server.exe"= R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [06/02/2009 14:23 106208] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [06/02/2009 14:24 93336] R2 Apache2.2;Apache2.2;m:\www\xampp\apache\bin\httpd.exe [02/04/2010 14:29 29416] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [06/02/2009 14:23 727720] R2 TomTomHOMEService;TomTomHOMEService;d:\program files\TomTom HOME 2\TomTomHOMEService.exe [07/05/2010 14:36 92008] R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [21/01/2009 17:45 30560] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S1 vobiw;vobiw;c:\windows\system32\drivers\vobIW.sys [01/09/2004 15:50 188416] S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/04/2010 14:37 136176] S3 cdrdrv;Cdrdrv;c:\windows\system32\drivers\Cdrdrv.sys [10/02/2005 12:55 62976] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24/06/2007 18:17 639224] . Contenu du dossier 'Tâches planifiées' 2010-08-07 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2009-05-25 13:55] 2010-08-07 c:\windows\Tasks\User_Feed_Synchronization-{980F208D-EA48-4B13-A082-77BE7466FAB6}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.orange.fr/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE: E&xporter vers Microsoft Excel - d:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000 TCP: {B50DCB03-DB7C-4D14-B7BA-C386DFFC99F8} = 192.168.0.1 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {3CBA13C3-58C7-47F1-9758-D4B255A50D52} - file:///I:/fr/ses_ocx/sessearch.ocx . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-08-07 18:12 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(1124) c:\windows\system32\Ati2evxx.dll . Heure de fin: 2010-08-07 18:13:55 ComboFix-quarantined-files.txt 2010-08-07 16:13 ComboFix2.txt 2010-08-07 14:39 ComboFix3.txt 2010-08-06 17:28 Avant-CF: 11 240 824 832 octets libres Après-CF: 11 224 477 696 octets libres - - End Of File - - 48674E5EC877C2E93CC68F83DC236658 p'tit question => c:\windows\system32\KGyGaAvL.sys ça correspond à quoi?
  14. tonosama
    analyse en cour ! encore merci pour ton dévouement j'ai vu où était ton p'tit oublie sinon si tu as des suggestions en plus au vu de mes autres rapports
  15. tonosama
    salut pear ! voici le rapport après ta procedure : ComboFix 10-08-06.01 - fifi 07/08/2010 16:27:18.4.2 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.3007.2258 [GMT 2:00] Lancé depuis: c:\documents and settings\fifi\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\fifi\Bureau\CFScript.txt AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} * Un antivirus résident est actif FILE :: "c:\windows\S1E3544EF.tmp" "c:\windows\system32\F12653EECC.sys" "c:\windows\Tasks\AppleSoftwareUpdate.job" "c:\windows\Tasks\GoogleUpdateTaskMachineCore.job" "c:\windows\Tasks\GoogleUpdateTaskMachineUA.job" "c:\windows\winstart.bat" . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\S1E3544EF.tmp c:\windows\system32\F12653EECC.sys c:\windows\Tasks\AppleSoftwareUpdate.job c:\windows\Tasks\GoogleUpdateTaskMachineCore.job c:\windows\Tasks\GoogleUpdateTaskMachineUA.job c:\windows\winstart.bat . --------------- FCopy --------------- . ((((((((((((((((((((((((((((( Fichiers créés du 2010-07-07 au 2010-08-07 )))))))))))))))))))))))))))))))))))) . 2010-08-07 05:27 . 2010-08-07 05:27 503808 ----a-w- c:\documents and settings\fifi\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2265d5bc-n\msvcp71.dll 2010-08-07 05:27 . 2010-08-07 05:27 499712 ----a-w- c:\documents and settings\fifi\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2265d5bc-n\jmc.dll 2010-08-07 05:27 . 2010-08-07 05:27 348160 ----a-w- c:\documents and settings\fifi\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2265d5bc-n\msvcr71.dll 2010-08-07 05:27 . 2010-08-07 05:27 61440 ----a-w- c:\documents and settings\fifi\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5babead3-n\decora-sse.dll 2010-08-07 05:27 . 2010-08-07 05:27 12800 ----a-w- c:\documents and settings\fifi\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5babead3-n\decora-d3d.dll 2010-08-05 19:05 . 2010-08-05 20:43 -------- d-----w- c:\program files\Ad-Remover 2010-08-05 18:11 . 2010-08-05 18:11 -------- d-----w- c:\program files\SpywareBlaster 2010-08-05 14:26 . 2010-08-05 23:21 -------- d-----w- c:\program files\ZHPDiag 2010-08-05 00:08 . 2010-08-05 00:08 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe 2010-08-05 00:08 . 2010-08-05 00:08 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe 2010-08-05 00:07 . 2010-08-05 00:07 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe 2010-08-04 22:03 . 2010-08-07 14:04 -------- d-----w- c:\program files\UnHackMe 2010-08-04 16:50 . 2010-08-04 16:50 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET 2010-08-04 13:16 . 2010-08-04 13:18 -------- d-----w- C:\rsit 2010-08-04 00:56 . 2010-08-04 00:56 -------- d-----w- c:\documents and settings\fifi\Local Settings\Application Data\ESET 2010-08-02 14:33 . 2010-08-02 15:11 -------- d-----w- c:\program files\ESET 2010-08-02 14:33 . 2010-08-02 14:33 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET 2010-08-02 14:09 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-06 01:26 . 2002-08-30 12:00 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS 2010-08-06 01:26 . 2010-08-06 01:26 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL 2010-08-05 00:41 . 2010-06-17 20:28 -------- d--h--w- c:\documents and settings\fifi\Application Data\Windows Firewall 2010-08-05 00:09 . 2010-05-03 23:25 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll 2010-08-05 00:09 . 2010-05-03 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX 2010-08-05 00:08 . 2007-12-11 18:55 -------- d-----w- c:\program files\DivX 2010-08-05 00:04 . 2010-06-09 08:18 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe 2010-08-05 00:04 . 2010-05-03 23:25 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll 2010-08-05 00:04 . 2010-05-03 23:25 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe 2010-07-03 19:10 . 2002-08-30 12:00 84956 ----a-w- c:\windows\system32\perfc00C.dat 2010-07-03 19:10 . 2002-08-30 12:00 509872 ----a-w- c:\windows\system32\perfh00C.dat 2010-07-03 11:52 . 2010-06-22 08:32 -------- d-----w- c:\documents and settings\fifi\Application Data\vlc 2010-07-01 22:54 . 2008-01-28 22:29 -------- d-----w- c:\documents and settings\fifi\Application Data\dvdcss 2010-06-27 22:27 . 2006-12-15 02:17 -------- d-----w- c:\documents and settings\fifi\Application Data\XnView 2010-06-26 00:17 . 2010-01-29 00:14 -------- d-----w- c:\program files\CCleaner 2010-06-17 20:28 . 2010-06-17 20:28 24576 ----a-w- c:\documents and settings\fifi\Application Data\Windows Firewall\Avira_AntiVir_Control_Center.exe 2010-06-14 14:31 . 2006-12-14 23:24 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe 2010-06-10 07:19 . 2008-07-02 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-06-09 12:03 . 2010-06-09 10:24 -------- d-----w- c:\program files\ImageDupeless 2010-06-09 10:08 . 2010-06-09 10:08 -------- d-----w- c:\program files\VS Revo Group 2010-06-09 08:22 . 2009-06-01 15:07 -------- d-----w- c:\program files\Fichiers communs\DivX Shared 2010-06-09 08:22 . 2010-06-09 08:22 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe 2010-06-09 08:22 . 2010-06-09 08:22 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe 2010-06-09 08:22 . 2010-06-09 08:22 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe 2010-06-09 08:22 . 2010-06-09 08:22 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe 2010-06-09 08:21 . 2010-06-09 08:21 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe 2010-06-08 19:08 . 2010-06-08 19:07 -------- d-----w- c:\documents and settings\fifi\Application Data\CloneSpy 2010-06-08 18:00 . 2010-06-08 18:00 -------- d-----w- c:\program files\CloneSpy 2010-06-07 12:20 . 2010-06-07 12:19 1956656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe 2010-05-22 05:27 . 2010-05-22 05:27 503808 ----a-w- c:\documents and settings\fifi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-24984d25-n\msvcp71.dll 2010-05-22 05:27 . 2010-05-22 05:27 499712 ----a-w- c:\documents and settings\fifi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-24984d25-n\jmc.dll 2010-05-22 05:27 . 2010-05-22 05:27 348160 ----a-w- c:\documents and settings\fifi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-24984d25-n\msvcr71.dll 2010-05-22 05:27 . 2010-05-22 05:27 61440 ----a-w- c:\documents and settings\fifi\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5f6e405f-n\decora-sse.dll 2010-05-22 05:27 . 2010-05-22 05:27 12800 ----a-w- c:\documents and settings\fifi\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5f6e405f-n\decora-d3d.dll 2003-01-13 09:55 . 2006-12-16 18:44 282624 ------w- c:\program files\internet explorer\plugins\PanoViewer.dll 1999-04-30 15:00 . 2006-12-16 18:44 98304 ------w- c:\program files\internet explorer\plugins\UPjpeg.dll 2009-05-08 15:09 . 2008-01-28 22:24 5484 --sha-w- c:\windows\system32\KGyGaAvL.sys . ------- Sigcheck ------- [-] 2010-08-06 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\erdnt\cache\tcpip.sys [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS [-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtServicePackUninstall$\tcpip.sys [-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys [-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys [-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys [7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856] "EPSON Stylus D88 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE" [2005-01-27 98304] "TomTomHOME.exe"="d:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-05-07 247144] "IW_Drop_Icon"="c:\program files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe" [2005-06-29 1346560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WD Button Manager"="WDBtnMgr.exe" [2007-05-06 331776] "VirtualCloneDrive"="d:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160] "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352] "SetIcon"="\Program Files\WDC\SetIcon.exe" [2004-04-28 42496] "AsusStartupHelp"="c:\program files\ASUS\AASP\1.00.15\AsRunHelp.exe" [2006-11-14 363008] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400] "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-01-21 92168] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Acc‚l‚rateur de d‚marrage AutoCAD.lnk - c:\program files\Fichiers communs\Autodesk Shared\acstart16.exe [2005-3-5 10872] APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2008-10-11 221247] Microsoft Office.lnk - d:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "TomTomHOME.exe"="d:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" "Cobian Backup 9"="d:\program files\Cobian Backup 9\Cobian.exe" "WinampAgent"="c:\program files\Winamp\winampa.exe" "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "NBKeyScan"="d:\program files\nero\Nero BackItUp 4\NBKeyScan.exe" "Nero MediaHome 4"="d:\program files\nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN "Sony Ericsson PC Suite"="d:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "d:\\program files\\Pinnacle\\Studio 10\\programs\\studio.exe"= "c:\\Program Files\\Asus\\AsusUpdate\\Update.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\javaw.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "d:\\program files\\nero\\Nero MediaHome 4\\NMMediaServerService.exe"= "d:\\program files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"= "m:\\www\\xampp\\xampp-control.exe"= "m:\\www\\xampp\\FileZillaFTP\\FileZilla Server.exe"= R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [06/02/2009 14:23 106208] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [06/02/2009 14:24 93336] R2 Apache2.2;Apache2.2;m:\www\xampp\apache\bin\httpd.exe [02/04/2010 14:29 29416] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [06/02/2009 14:23 727720] R2 TomTomHOMEService;TomTomHOMEService;d:\program files\TomTom HOME 2\TomTomHOMEService.exe [07/05/2010 14:36 92008] R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [21/01/2009 17:45 30560] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S1 vobiw;vobiw;c:\windows\system32\drivers\vobIW.sys [01/09/2004 15:50 188416] S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/04/2010 14:37 136176] S3 cdrdrv;Cdrdrv;c:\windows\system32\drivers\Cdrdrv.sys [10/02/2005 12:55 62976] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24/06/2007 18:17 639224] . Contenu du dossier 'Tâches planifiées' 2010-08-07 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2009-05-25 13:55] 2010-08-07 c:\windows\Tasks\User_Feed_Synchronization-{980F208D-EA48-4B13-A082-77BE7466FAB6}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.orange.fr/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE: E&xporter vers Microsoft Excel - d:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000 TCP: {B50DCB03-DB7C-4D14-B7BA-C386DFFC99F8} = 192.168.0.1 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {3CBA13C3-58C7-47F1-9758-D4B255A50D52} - file:///I:/fr/ses_ocx/sessearch.ocx . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-08-07 16:35 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(1124) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2984) c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\eappprxy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe c:\windows\ATKKBService.exe m:\www\xampp\FileZillaFTP\FileZilla server.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe c:\program files\Microsoft LifeCam\MSCamS32.exe c:\program files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe d:\program files\nero\Nero BackItUp 4\IoctlSvc.exe c:\progra~1\Dantz\RETROS~1\wdsvc.exe c:\program files\Cyberlink\Shared files\RichVideo.exe c:\windows\system32\WDBtnMgr.exe c:\program files\WDC\SetIcon.exe c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe c:\program files\Windows Live\Contacts\wlcomm.exe . ************************************************************************** . Heure de fin: 2010-08-07 16:39:01 - La machine a redémarré ComboFix-quarantined-files.txt 2010-08-07 14:38 ComboFix2.txt 2010-08-06 17:28 Avant-CF: 11 245 731 840 octets libres Après-CF: 11 235 131 392 octets libres - - End Of File - - 65536A5D7592E72B49BD7582556A3898 petite précision entre les 2 rapport j'ai viré (pour combofix) unhackme et j'ai viré aussi des répertoires résiduels de spybot et adaware j'ai aussi une petite question sur mon rapport : a la fin dans la section autres processus actifs j'ai 2 fois la ligne : c:\windows\systeme32\ati2evxx.exe ce qui correspond au lancement du gestionnaire de ma carte graphique ATI mais pourquoi 2 fois la même ligne? je n'en ai pas parlé car cela n'a rien avoir (enfin je pense) depuis plus d'1 an j'ai un petit probleme d'affichage que je pense lié avec justement le gestionnaire de ma carte graphique qui fait qu'a la fin du chargement de tous les processus au demarrage de windows, plusieurs icones situées près de l'horloge (comme l'icone pour mon onduleur APC ou bien celle de nod32) n'apparaissent pas (ou surtout disparaissent. je pense que c'est celle qui se lance avant une application et peut être bien le gestionnaire graphique. le probleme avec lui c'est qu'il n'est plus developpé pas ATI et la dernière version me planté mon ordi. donc si ca te dis quelque chose ou si tu vois quoi faire se sera avec plaisir
  16. tonosama
    aie !! p'tit probleme, ça je l'ai déjà fait et c'est ce qui me pose problème : il n'y a rien dans ce bat (c:\windows\winstart.bat) est ce normale? petite précision, je fais tourner filzilla serveur pour un ftp et un serveur web apache. pense tu que le logiciel unhackme peut avoir courcircuité winstart?
  17. tonosama
    salut pear ! merci de tes efforts. je suppose que tu as déjà epluché mes rapports. aurais tu des choses à corriger dessus? sinon pour winstart, j'ai essayé de le lire avec le bloc note mais rien ne s'affiche. pourrais tu me dire comme lire sont contenu? est ce qu'il est lisible via msconfig (l'arborescance de demarrage)?
  18. tonosama
    salut pear ! voici le rapport combofix que tu m'a demandé : ComboFix 10-08-06.01 - fifi 06/08/2010 19:22:51.3.2 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.3007.2369 [GMT 2:00] Lancé depuis: m:\fifi_ftp\outil_diag\ComboFix.exe AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} * Un antivirus résident est actif . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\404Fix.exe c:\windows\system32\Agent.OMZ.Fix.exe c:\windows\system32\dumphive.exe c:\windows\system32\IEDFix.C.exe c:\windows\system32\IEDFix.exe c:\windows\system32\o4Patch.exe c:\windows\system32\Process.exe c:\windows\system32\SrchSTS.exe c:\windows\system32\tmp.reg c:\windows\system32\VACFix.exe c:\windows\system32\VCCLSID.exe c:\windows\system32\WS2Fix.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2010-07-06 au 2010-08-06 )))))))))))))))))))))))))))))))))))) . 2010-08-05 19:05 . 2010-08-05 20:43 -------- d-----w- c:\program files\Ad-Remover 2010-08-05 18:11 . 2010-08-05 18:11 -------- d-----w- c:\program files\SpywareBlaster 2010-08-05 14:26 . 2010-08-05 23:21 -------- d-----w- c:\program files\ZHPDiag 2010-08-05 00:08 . 2010-08-05 00:08 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe 2010-08-05 00:08 . 2010-08-05 00:08 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe 2010-08-05 00:07 . 2010-08-05 00:07 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe 2010-08-04 22:06 . 2010-08-04 22:06 2 --shatr- c:\windows\winstart.bat 2010-08-04 22:04 . 2010-08-04 22:04 37600 ----a-w- c:\windows\system32\Partizan.exe 2010-08-04 22:04 . 2010-08-04 22:04 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys 2010-08-04 22:04 . 2010-07-07 08:14 12808 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys 2010-08-04 22:03 . 2010-08-04 22:22 -------- d-----w- c:\program files\UnHackMe 2010-08-04 16:50 . 2010-08-04 16:50 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET 2010-08-04 13:16 . 2010-08-04 13:18 -------- d-----w- C:\rsit 2010-08-04 00:56 . 2010-08-04 00:56 -------- d-----w- c:\documents and settings\fifi\Local Settings\Application Data\ESET 2010-08-02 14:33 . 2010-08-02 15:11 -------- d-----w- c:\program files\ESET 2010-08-02 14:33 . 2010-08-02 14:33 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET 2010-08-02 14:09 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-06 01:26 . 2002-08-30 12:00 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS 2010-08-06 01:26 . 2010-08-06 01:26 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL 2010-08-05 13:46 . 2006-12-15 02:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-08-05 13:43 . 2009-01-21 03:08 -------- d-----w- c:\program files\Lavasoft 2010-08-05 13:42 . 2007-09-07 12:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-08-05 00:41 . 2010-06-17 20:28 -------- d--h--w- c:\documents and settings\fifi\Application Data\Windows Firewall 2010-08-05 00:09 . 2010-05-03 23:25 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll 2010-08-05 00:09 . 2010-05-03 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX 2010-08-05 00:08 . 2007-12-11 18:55 -------- d-----w- c:\program files\DivX 2010-08-05 00:04 . 2010-06-09 08:18 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe 2010-08-05 00:04 . 2010-05-03 23:25 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll 2010-08-05 00:04 . 2010-05-03 23:25 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe 2010-07-03 19:10 . 2002-08-30 12:00 84956 ----a-w- c:\windows\system32\perfc00C.dat 2010-07-03 19:10 . 2002-08-30 12:00 509872 ----a-w- c:\windows\system32\perfh00C.dat 2010-07-03 11:52 . 2010-06-22 08:32 -------- d-----w- c:\documents and settings\fifi\Application Data\vlc 2010-07-01 22:54 . 2008-01-28 22:29 -------- d-----w- c:\documents and settings\fifi\Application Data\dvdcss 2010-06-27 22:27 . 2006-12-15 02:17 -------- d-----w- c:\documents and settings\fifi\Application Data\XnView 2010-06-26 00:17 . 2010-01-29 00:14 -------- d-----w- c:\program files\CCleaner 2010-06-17 20:28 . 2010-06-17 20:28 24576 ----a-w- c:\documents and settings\fifi\Application Data\Windows Firewall\Avira_AntiVir_Control_Center.exe 2010-06-14 14:31 . 2006-12-14 23:24 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe 2010-06-10 11:28 . 2010-06-10 11:35 528173 ----a-w- C:\Coupe_du_monde_2010.exe 2010-06-10 07:19 . 2008-07-02 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-06-09 12:03 . 2010-06-09 10:24 -------- d-----w- c:\program files\ImageDupeless 2010-06-09 10:08 . 2010-06-09 10:08 -------- d-----w- c:\program files\VS Revo Group 2010-06-09 08:22 . 2009-06-01 15:07 -------- d-----w- c:\program files\Fichiers communs\DivX Shared 2010-06-09 08:22 . 2010-06-09 08:22 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe 2010-06-09 08:22 . 2010-06-09 08:22 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe 2010-06-09 08:22 . 2010-06-09 08:22 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe 2010-06-09 08:22 . 2010-06-09 08:22 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe 2010-06-09 08:21 . 2010-06-09 08:21 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe 2010-06-08 19:08 . 2010-06-08 19:07 -------- d-----w- c:\documents and settings\fifi\Application Data\CloneSpy 2010-06-08 18:00 . 2010-06-08 18:00 -------- d-----w- c:\program files\CloneSpy 2010-06-07 12:20 . 2010-06-07 12:19 1956656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe 2010-05-22 05:27 . 2010-05-22 05:27 503808 ----a-w- c:\documents and settings\fifi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-24984d25-n\msvcp71.dll 2010-05-22 05:27 . 2010-05-22 05:27 499712 ----a-w- c:\documents and settings\fifi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-24984d25-n\jmc.dll 2010-05-22 05:27 . 2010-05-22 05:27 348160 ----a-w- c:\documents and settings\fifi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-24984d25-n\msvcr71.dll 2010-05-22 05:27 . 2010-05-22 05:27 61440 ----a-w- c:\documents and settings\fifi\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5f6e405f-n\decora-sse.dll 2010-05-22 05:27 . 2010-05-22 05:27 12800 ----a-w- c:\documents and settings\fifi\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5f6e405f-n\decora-d3d.dll 2003-01-13 09:55 . 2006-12-16 18:44 282624 ------w- c:\program files\internet explorer\plugins\PanoViewer.dll 1999-04-30 15:00 . 2006-12-16 18:44 98304 ------w- c:\program files\internet explorer\plugins\UPjpeg.dll 2007-08-02 20:23 . 2007-08-01 20:55 48 --sh--w- c:\windows\S1E3544EF.tmp 2008-01-28 22:24 . 2008-01-28 22:23 56 --sh--r- c:\windows\system32\F12653EECC.sys 2009-05-08 15:09 . 2008-01-28 22:24 5484 --sha-w- c:\windows\system32\KGyGaAvL.sys . ------- Sigcheck ------- [-] 2010-08-06 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS [-] 2010-08-06 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\erdnt\cache\tcpip.sys [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS [-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtServicePackUninstall$\tcpip.sys [-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys [-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys [-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys [7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856] "EPSON Stylus D88 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE" [2005-01-27 98304] "UnHackMe Monitor"="c:\program files\UnHackMe\hackmon.exe" [2010-07-07 594200] "TomTomHOME.exe"="d:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-05-07 247144] "IW_Drop_Icon"="c:\program files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe" [2005-06-29 1346560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WD Button Manager"="WDBtnMgr.exe" [2007-05-06 331776] "VirtualCloneDrive"="d:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160] "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352] "SetIcon"="\Program Files\WDC\SetIcon.exe" [2004-04-28 42496] "AsusStartupHelp"="c:\program files\ASUS\AASP\1.00.15\AsRunHelp.exe" [2006-11-14 363008] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400] "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-01-21 92168] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Acc‚l‚rateur de d‚marrage AutoCAD.lnk - c:\program files\Fichiers communs\Autodesk Shared\acstart16.exe [2005-3-5 10872] APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2008-10-11 221247] Microsoft Office.lnk - d:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "TomTomHOME.exe"="d:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" "Cobian Backup 9"="d:\program files\Cobian Backup 9\Cobian.exe" "WinampAgent"="c:\program files\Winamp\winampa.exe" "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "NBKeyScan"="d:\program files\nero\Nero BackItUp 4\NBKeyScan.exe" "Nero MediaHome 4"="d:\program files\nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN "Sony Ericsson PC Suite"="d:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "d:\\program files\\Pinnacle\\Studio 10\\programs\\studio.exe"= "c:\\Program Files\\Asus\\AsusUpdate\\Update.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\javaw.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "d:\\program files\\nero\\Nero MediaHome 4\\NMMediaServerService.exe"= "d:\\program files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"= "m:\\www\\xampp\\xampp-control.exe"= "m:\\www\\xampp\\FileZillaFTP\\FileZilla Server.exe"= R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [06/02/2009 14:23 106208] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [06/02/2009 14:24 93336] R2 Apache2.2;Apache2.2;m:\www\xampp\apache\bin\httpd.exe [02/04/2010 14:29 29416] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [06/02/2009 14:23 727720] R2 TomTomHOMEService;TomTomHOMEService;d:\program files\TomTom HOME 2\TomTomHOMEService.exe [07/05/2010 14:36 92008] R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [21/01/2009 17:45 30560] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [05/08/2010 00:04 35816] S1 vobiw;vobiw;c:\windows\system32\drivers\vobIW.sys [01/09/2004 15:50 188416] S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/04/2010 14:37 136176] S3 cdrdrv;Cdrdrv;c:\windows\system32\drivers\Cdrdrv.sys [10/02/2005 12:55 62976] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24/06/2007 18:17 639224] --- Autres Services/Pilotes en mémoire --- *Deregistered* - UnHackMeDrv . Contenu du dossier 'Tâches planifiées' 2010-07-31 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2010-08-06 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2009-05-25 13:55] 2010-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 12:37] 2010-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 12:37] 2010-08-06 c:\windows\Tasks\User_Feed_Synchronization-{980F208D-EA48-4B13-A082-77BE7466FAB6}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.orange.fr/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE: E&xporter vers Microsoft Excel - d:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000 TCP: {B50DCB03-DB7C-4D14-B7BA-C386DFFC99F8} = 192.168.0.1 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {3CBA13C3-58C7-47F1-9758-D4B255A50D52} - file:///I:/fr/ses_ocx/sessearch.ocx . . ------- Associations de fichier ------- . .scr=AutoCADScriptFile . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-08-06 19:26 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(1148) c:\windows\system32\Ati2evxx.dll . Heure de fin: 2010-08-06 19:28:29 ComboFix-quarantined-files.txt 2010-08-06 17:28 Avant-CF: 11 233 959 936 octets libres Après-CF: 11 232 620 544 octets libres - - End Of File - - 2034A44D3398CA399D68A7318E82C804 oulà je viens de le regarder, quel bordel !!! j'ai viré spybot et adaware et il en reste encore des traces commeun scan fait avec avira !
  19. tonosama
    voici le log zhpdiag : Rapport de ZHPDiag v1.26.42 par Nicolas Coolman, Update du 04/08/2010 Run by fifi at 06/08/2010 00:16:25 Web site : ZHPDiag Outil de diagnostic Contact : nicolascoolman@yahoo.fr ---\\ Web Browser MSIE: Internet Explorer v8.0.6001.18702 ---\\ System Information Platform : Microsoft Windows XP (5.1.2600) Service Pack 3 Processor: x86 Family 6 Model 15 Stepping 6, GenuineIntel Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 3007 MB (76% free) System drive C: has 11 GB (36%) free of 29 GB ---\\ Logged in mode Computer Name: FIFI-HOME User Name: fifi All Users Names: SUPPORT_388945a0, NeroMediaHomeUser.4, HelpAssistant, fifi, ASPNET, Administrateur, Unselected Option: O45,O61 Logged in as Administrator ---\\ DOS/Devices A:\ Floppy drive, Flash card reader, USB Key (Not Inserted) C:\ Hard drive, Flash drive, Thumb drive (Free 11 Go of 29 Go) D:\ Hard drive, Flash drive, Thumb drive (Free 8 Go of 98 Go) E:\ Hard drive, Flash drive, Thumb drive (Free 40 Go of 107 Go) F:\ CD-ROM drive (Not Inserted) G:\ Floppy drive, Flash card reader, USB Key (Not Inserted) H:\ Floppy drive, Flash card reader, USB Key (Not Inserted) I:\ CD-ROM drive (Not Inserted) K:\ Hard drive, Flash drive, Thumb drive (Free 62 Go of 466 Go) M:\ Hard drive, Flash drive, Thumb drive (Free 260 Go of 932 Go) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK ---\\ Processus lancés [MD5.2A27A3A8634FB9E29F539D6D3ED3646A] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\WINDOWS\system32\Ati2evxx.exe [602112] [MD5.FB32F046A2578755FA0DA5052C6A9CD3] - (.Apache Software Foundation - Apache HTTP Server.) -- M:\www\xampp\apache\bin\httpd.exe [29416] [MD5.DC45AB27932447B598848B10650313C5] - (.American Power Conversion Corporation - Battery backup management service.) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe [176193] [MD5.C7CFB40FC9BD47C1F63928CF63C8A7B9] - (.ASUSTeK COMPUTER INC. - ASUS Keyboard Service.) -- C:\WINDOWS\ATKKBService.exe [241664] [MD5.D543E7E8BCAE3F5D256335EEE809ADF5] - (.ESET - ESET Service.) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [727720] [MD5.395462DE8C64E11DA2978EF28E0104A9] - (.FileZilla Project - FileZilla Server.) -- M:\www\xampp\FileZillaFTP\FileZilla server.exe [1029776] [MD5.1834C96FB1F9280BCF6DDFA6DE8338BF] - (.Sun Microsystems, Inc. - Java Quick Starter Service.) -- C:\Program Files\Java\jre6\bin\jqs.exe [153376] [MD5.11F714F85530A2BD134074DC30E99FCA] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [322120] [MD5.31E023681015C35EBFE1498B07813B87] - (.Microsoft Corporation - MsCamSvc.exe.) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe [139120] [MD5.27FE4B70C12A2C67A58D799B9A4E8D81] - (.Nero AG - Nero BackItUp.) -- C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe [935208] [MD5.875E4E0661F3A5994DF9E5E3A0A4F96B] - (.Prolific Technology Inc. - PLFlash DeviceIoControl Service.) -- D:\program files\nero\Nero BackItUp 4\IoctlSvc.exe [81920] [MD5.02A3C7C23BA47E8E7281CC07A0EF351E] - (.Dantz Development Corporation - Retrospect.) -- C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe [46592] [MD5.BD517C7FB119997EFFBE39D5E4B37B05] - (.Pas de propriétaire - RichVideo Module.) -- C:\Program Files\Cyberlink\Shared files\RichVideo.exe [167936] [MD5.E80CC0C9C45649A4CE23EA70A607F56E] - (.TomTom - Windows Service for TomTom HOME.) -- d:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [92008] [MD5.F76B442E5D0CA43B273F45C6E7441701] - (.Western Digital Technologies, Inc. - WD Button Manager.) -- C:\WINDOWS\system32\WDBtnMgr.exe [331776] [MD5.F40E80C04475731C6ED5D19C48E45E3C] - (.Elaborate Bytes AG - Virtual CloneDrive Daemon.) -- D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [85160] [MD5.52DB6CDAC5BC7A1FC884E97C41C91213] - (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [248040] [MD5.1983A11F702BDC5DB65B4B0F376FF6FD] - (.Analog Devices, Inc. - SMax4PNP.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe [868352] [MD5.1DEE2BF22ECA27B3BBF91BA107DB07D8] - (.Standard Microsystems Corp. - Custom Icons Application For USB Drives.) -- C:\Program Files\WDC\SetIcon.exe [42496] [MD5.BF91B68606862A32CAB13C24A24DD9A9] - (.PowerISO Computing, Inc. - PowerISO Virtual Drive Manager.) -- C:\Program Files\PowerISO\PWRISOVM.EXE [180224] [MD5.861C702C4612B68FD9C36CB60245087B] - (.ESET - ESET GUI.) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2021400] [MD5.2DB5D295CC797561F01AF10750AF219A] - (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE [98304] [MD5.F137534728409BA123FA8D6B6E332E0B] - (.Greatis Software - Detects Rootkits in background.) -- C:\Program Files\UnHackMe\hackmon.exe [594200] [MD5.661E0BB23A9ED33392CE0D9FD1D85BA0] - (.Greais Software - Web Update component.) -- C:\Program Files\UnHackMe\gwebupdate.exe [1186584] [MD5.A9A5CDFDA52257DB4488F457C3F4022A] - (.American Power Conversion Corporation - PowerChute system tray power icon.) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe [417855] [MD5.F26639AC752E2EFC016AA12788FD61CF] - (.Apache Friends - XAMPP: control center.) -- M:\www\xampp\xampp-control.exe [148112] [MD5.D1460F85E91FBF7838821CDC07FF6603] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [481792] ---\\ Plugins de navigateurs Opera/Firefox(P1/P2) P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll P2 - FPN: [HKLM] [@adobe.com/ShockwavePlayer] - (.Adobe Systems, Inc. - Adobe Shockwave for Director Netscape plug-in, version 11.5.) -- C:\WINDOWS\system32\Adobe\Director\np32dsw.dll P2 - FPN: [HKLM] [@divx.com/DivX Browser Plugin,version=1.0.0] - (.DivX,Inc. - DivX Web Player version 2.0.2.40.) -- C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll P2 - FPN: [HKLM] [@Google.com/GoogleEarthPlugin] - (.Google - GEPlugin.) -- C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.50524.0.) -- C:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=8] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll ---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe, F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ---\\ Pages de recherche d'Internet Explorer (R1) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ---\\ Internet Explorer URLSearchHook (R3) R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.18928 (longhorn_ie8_gdr.100503-1700)) -- C:\WINDOWS\system32\ieframe.dll ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} . (.Sun Microsystems, Inc. - Java Quick Starter binary.) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} . (.SEIKO EPSON CORPORATION - EPSON Web-To-Page.) -- d:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} . (.SEIKO EPSON CORPORATION - EPSON Web-To-Page.) -- d:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll ---\\ Applications démarrées par registre & par dossier(O4) O4 - HKLM\..\Run: [WD Button Manager] . (.Western Digital Technologies, Inc. - WD Button Manager.) -- C:\Windows\System32\WDBtnMgr.exe O4 - HKLM\..\Run: [VirtualCloneDrive] . (.Elaborate Bytes AG - Virtual CloneDrive Daemon.) -- d:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe O4 - HKLM\..\Run: [soundMAXPnP] . (.Analog Devices, Inc. - SMax4PNP.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [setIcon] . (.Standard Microsystems Corp. - Custom Icons Application For USB Drives.) -- \Program Files\WDC\SetIcon.exe O4 - HKLM\..\Run: [AsusStartupHelp] . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\ASUS\AASP\1.00.15\AsRunHelp.exe O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] . (.PowerISO Computing, Inc. - PowerISO Virtual Drive Manager.) -- C:\Program Files\PowerISO\PWRISOVM.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\qttask.exe O4 - HKLM\..\Run: [egui] . (.ESET - ESET GUI.) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe O4 - HKLM\..\Run: [MSConfig] . (.Microsoft Corporation - Utilitaire de configuration système.) -- C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe O4 - HKCU\..\Run: [MsnMsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\MsnMsgr.exe O4 - HKCU\..\Run: [EPSON Stylus D88 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.exe O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [unHackMe Monitor] . (.Greatis Software - Detects Rootkits in background.) -- C:\Program Files\UnHackMe\hackmon.exe O4 - HKLM\..\policies\Explorer: [NoDriveAutoRun] Data=67108863 O4 - HKLM\..\policies\Explorer: [NoDriveTypeAutoRun] Data=323 O4 - HKLM\..\policies\Explorer: [HonorAutoRunSetting] Data=1 O4 - HKLM\..\policies\Explorer: [NoDrives] Data=0 O4 - HKCU\..\policies\Explorer: [NoDriveTypeAutoRun] Data=323 O4 - HKCU\..\policies\Explorer: [NoDriveAutoRun] Data=67108863 O4 - HKCU\..\policies\Explorer: [NoDrives] Data=0 O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe O4 - HKUS\S-1-5-21-1801674531-1409082233-725345543-1004\..\Run: [MsnMsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\MsnMsgr.exe O4 - HKUS\S-1-5-21-1801674531-1409082233-725345543-1004\..\Run: [EPSON Stylus D88 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.exe O4 - HKUS\S-1-5-21-1801674531-1409082233-725345543-1004\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-1801674531-1409082233-725345543-1004\..\Run: [unHackMe Monitor] . (.Greatis Software - Detects Rootkits in background.) -- C:\Program Files\UnHackMe\hackmon.exe O4 - Global Startup: APC UPS Status.lnk . (.American Power Conversion Corporation - Startup notification module.) -- C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe ---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8) O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Excel.) -- D:\PROGRA~1\MICROS~1\Office10\EXCEL.exe ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} . (.not file.) - (.not file.) O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe ---\\ Winsock hijacker (Layered Service Provider) (O10) O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll ---\\ Internet Explorer Plugins (O12) O12 - Plugin for .UVR - C:\Program Files\Internet Explorer\Plugins\NPUPano.dll ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: DirectAnimation Java Classes (DirectAnimation Java Classes) - (.not file.) - file:\\C:\WINDOWS\Java\classes\dajava.cab O16 - DPF: Microsoft XML Parser for Java (Microsoft XML Parser for Java) - (.not file.) - file:\\C:\WINDOWS\Java\classes\xmldso.cab O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.celartem.com/en/download/data/djvu_autoinstall/DjVuControl_en_US.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {3CBA13C3-58C7-47F1-9758-D4B255A50D52} (SESSearchCtrl Class) - (.not file.) - I:\fr\ses_ocx\sessearch.ocx O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166140792604 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} () - http://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_2_0_4_11.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} () - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{B50DCB03-DB7C-4D14-B7BA-C386DFFC99F8}: NameServer = 192.168.0.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{B50DCB03-DB7C-4D14-B7BA-C386DFFC99F8}: NameServer = 192.168.0.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{B50DCB03-DB7C-4D14-B7BA-C386DFFC99F8}: NameServer = 192.168.0.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{B50DCB03-DB7C-4D14-B7BA-C386DFFC99F8}: NameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) -- C:\WINDOWS\System32\Ati2evxx.dll O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\System32\dimsntfy.dll O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notifications Windows Genuine Advantage.) -- C:\WINDOWS\System32\WgaLogon.dll ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSODL) (O21) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\shell32.dll O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objet du service d'environnement Systray.) -- C:\WINDOWS\system32\stobject.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} . (.Microsoft Corporation - Windows Portable Device Shell Service Objec.) -- C:\WINDOWS\system32\WPDShServiceObj.dll O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} . (.Microsoft Corporation - Moniteur et dossier UPNP Tray.) -- C:\WINDOWS\system32\upnpui.dll ---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22) O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\System32\browseui.dll ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Apache2.2 (Apache2.2) . (.Apache Software Foundation - Apache HTTP Server.) - M:\www\xampp\apache\bin\httpd.exe O23 - Service: APC UPS Service (APC UPS Service) . (.American Power Conversion Corporation - Battery backup management service.) - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe O23 - Service: (Ati HotKey Poller) . (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart (ATI Smart) . (.Pas de propriétaire - ATI Smart.) - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) . (.ASUSTeK COMPUTER INC. - ASUS Keyboard Service.) - C:\WINDOWS\ATKKBService.exe O23 - Service: ESET Service (ekrn) . (.ESET - ESET Service.) - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FileZilla Server (FileZilla Server) . (.FileZilla Project - FileZilla Server.) - M:\www\xampp\FileZillaFTP\FileZilla server.exe O23 - Service: Service Google Update (gupdate) (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java Quick Starter Service.) - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Nero BackItUp Scheduler 4.0 (Nero BackItUp Scheduler 4.0) . (.Nero AG - Nero BackItUp.) - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe O23 - Service: PLFlash DeviceIoControl Service (PLFlash DeviceIoControl Service) . (.Prolific Technology Inc. - PLFlash DeviceIoControl Service.) - D:\program files\nero\Nero BackItUp 4\IoctlSvc.exe O23 - Service: Retrospect WD Service (RetroWDSvc) . (.Dantz Development Corporation - Retrospect.) - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) . (.Pas de propriétaire - RichVideo Module.) - C:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: TomTomHOMEService (TomTomHOMEService) . (.TomTom - Windows Service for TomTom HOME.) - d:\Program Files\TomTom HOME 2\TomTomHOMEService.exe ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\AppleSoftwareUpdate.job O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GlaryInitialize.job O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\User_Feed_Synchronization-{980F208D-EA48-4B13-A082-77BE7466FAB6}.job ---\\ Composants installés (ActiveSetup Installed Components) (O40) O40 - ASIC: Personnalisation du navigateur - >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS . (.Pas de propriétaire - Pas de description.) -- RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP O40 - ASIC: LizardTech DjVu Activex Control - {0e8d0700-75df-11d3-8b4a-0008c7450c4a} . (.LizardTech - DjVuControl Module.) -- C:\Program Files\LizardTech\DjVuControl\DjVuCntl.dll O40 - ASIC: Adobe Shockwave Director 11.0.3 - {233C1507-6A77-46A4-9443-F871F945D258} . (.Adobe Systems, Inc. - Shockwave ActiveX Control.) -- C:\WINDOWS\system32\Adobe\Director\SwDir.dll O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\msnetmtg.inf O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\msmsgs.inf O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\wmp11.inf O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11cf-96B8-444553540000} . (.Adobe Systems, Inc. - Adobe Flash Player 10.1 r53.) -- C:\WINDOWS\system32\Macromed\Flash\Flash10h.ocx ---\\ Pilotes lancés au démarrage (O41) O41 - Driver: AsIO (AsIO) . (.Pas de propriétaire - Pas de description.) - C:\Windows\system32\drivers\AsIO.sys O41 - Driver: Enhanced Display Driver Helper Service (asuskbnt) . (.ASUSTeK COMPUTER INC. - ASUS Help driver For Keyboard Service..) - C:\Windows\system32\drivers\atkkbnt.sys O41 - Driver: ehdrv (ehdrv) . (.ESET - ESET Helper driver.) - C:\Windows\system32\DRIVERS\ehdrv.sys O41 - Driver: ElbyCDIO Driver (ElbyCDIO) . (.Elaborate Bytes AG - ElbyCD Windows NT/2000/XP I/O driver.) - C:\Windows\system32\Drivers\ElbyCDIO.sys O41 - Driver: epfwtdir (epfwtdir) . (.ESET - ESET Antivirus Network Redirector.) - C:\Windows\system32\DRIVERS\epfwtdir.sys O41 - Driver: PCLEPCI (PCLEPCI) . (.Pinnacle Systems GmbH - PCLEPCI.) - C:\WINDOWS\system32\drivers\pclepci.sys ---\\ Logiciels installés (O42) O42 - Logiciel: 4nec2 extension version 5.7.5 - (.4nec2@gmx.net (Use "4nec2 modeller" as the subject).) [HKLM] O42 - Logiciel: 4nec2 version 5.7.5 - (.4nec2@gmx.net (Use "4nec2 modeller" as the subject).) [HKLM] O42 - Logiciel: AGEIA PhysX v6.10.25 - (.AGEIA Technologies, Inc..) [HKLM] O42 - Logiciel: APC PowerChute Personal Edition - (.American Power Conversion Corporation.) [HKLM] O42 - Logiciel: ASUSUpdate - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: ATI - Software Uninstall Utility - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: ATI Catalyst Control Center - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: ATI Display Driver - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Acala DivX to iPod 2.9.1 - (.Acala Software Inc..) [HKLM] O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] O42 - Logiciel: Adobe Reader 9.3.3 - Français - (.Adobe Systems Incorporated.) [HKLM] O42 - Logiciel: Adobe Shockwave Player 11.5 - (.Adobe Systems, Inc..) [HKLM] O42 - Logiciel: Agatha Christie - Les Vacances d'Hercule Poirot - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Apple Application Support - (.Apple Inc..) [HKLM] O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM] O42 - Logiciel: Archiveur WinRAR - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Assistant de connexion Windows Live - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Auslogics Disk Defrag - (.Auslogics Software Pty Ltd.) [HKLM] O42 - Logiciel: AviSynth 2.5 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: BD/HD Advisor 1.0 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Banner Designer Pro v4.0 - (.Banner Designer Pro v4.0.) [HKLM] O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] O42 - Logiciel: Calcul de Résistances 2.1 - (.Thomas et Mathieu DUBAËLE (Atlence.com).) [HKLM] O42 - Logiciel: Catalyst Control Center - Branding - (.ATI.) [HKLM] O42 - Logiciel: CloneSpy 2.51 - (.CloneSpy.) [HKLM] O42 - Logiciel: Cobian Backup 9 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Combined Community Codec Pack 2007-07-22 - (.CCCP Project.) [HKLM] O42 - Logiciel: Configuration DivX - (.DivX, Inc. .) [HKLM] O42 - Logiciel: ConvertXtoDVD 4.0.10.324 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: CoreAVC Pro 1.5.0.0 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.2 - (.Fengtao Software Inc..) [HKLM] O42 - Logiciel: Defraggler - (.Piriform.) [HKLM] O42 - Logiciel: DivX Converter - (.DivX, Inc..) [HKLM] O42 - Logiciel: DivX Plus DirectShow Filters - (.DivX, Inc..) [HKLM] O42 - Logiciel: Dr. DivX Trial - (.DivXNetworks, Inc..) [HKLM] O42 - Logiciel: Détection de l'application Winamp - (.Nullsoft, Inc.) [HKCU] O42 - Logiciel: ESET Antivirus License Finder (MiNODLogin) - (.GuillerSoft.) [HKLM] O42 - Logiciel: FileZilla Client 3.3.2.1 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Glary Utilities 2.13.0.686 - (.Glarysoft Ltd.) [HKLM] O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] O42 - Logiciel: Google Earth - (.Google.) [HKLM] O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Hotfix for Windows XP (KB976002-v5) - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: ImageDupeless - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: IrfanView (remove only) - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: IsoBuster 2.7 - (.Smart Projects.) [HKLM] O42 - Logiciel: Japanese Fonts Support For Adobe Reader 9 - (.Adobe Systems Incorporated.) [HKLM] O42 - Logiciel: Java 6 Update 20 - (.Sun Microsystems, Inc..) [HKLM] O42 - Logiciel: Korean Fonts Support For Adobe Reader 9 - (.Adobe Systems Incorporated.) [HKLM] O42 - Logiciel: La nuit des sacrifies - (.Frogwares.) [HKLM] O42 - Logiciel: Live Media Plugin (Todae) - (.Todae.fr.) [HKLM] O42 - Logiciel: Lizardtech DjVu Control (autoinstall) - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Logitech Gaming Software 5.04 - (.Logitech.) [HKLM] O42 - Logiciel: Loyers - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: MMANA-GAL 1.2 - (.GAL-ANT.) [HKLM] O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.) [HKLM] O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Microsoft.) [HKLM] O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB979906) - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack SP1 - fra - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft AutoRoute 2007 avec récepteur GPS - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Corporation - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Corporation - (.Microsoft Visual C++ 2005 CRT Redistributable.) [HKLM] O42 - Logiciel: Microsoft Internationalized Domain Names Mitigation APIs - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft LifeCam - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft National Language Support Downlevel APIs - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Office XP Professional avec FrontPage - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Publisher 2002 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Microsoft Windows Media Video 9 VCM - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Module linguistique Microsoft .NET Framework 3.5 SP1- fra - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Nero 9 - (.Nero AG.) [HKLM] O42 - Logiciel: Nero BackItUp 4 - (.Nero AG.) [HKLM] O42 - Logiciel: Nero MediaHome 4 - (.Nero AG.) [HKLM] O42 - Logiciel: On2 VP7 Personal Edition - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Outil de téléchargement Windows Live - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: PC Inspector File Recovery - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: PC Probe II - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: PDFCreator - (.Frank Heindörfer, Philip Chinery.) [HKLM] O42 - Logiciel: PowerISO - (.PowerISO Computing, Inc..) [HKLM] O42 - Logiciel: QuickTime - (.Apple Inc..) [HKLM] O42 - Logiciel: R-Studio 4.2 - (.R-Tools Technology Inc..) [HKLM] O42 - Logiciel: Real Alternative 1.60 Lite - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: RealSpeak Solo pour la voix francaise Virginie - (.Nuance.) [HKLM] O42 - Logiciel: RegRun Reanimator - (.Greatis Software, LLC..) [HKLM] O42 - Logiciel: Revo Uninstaller 1.88 - (.VS Revo Group.) [HKLM] O42 - Logiciel: River Past DirectShow Detective - (.River Past.) [HKLM] O42 - Logiciel: SAMSUNG Mobile Composite Device Software - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: SAMSUNG Mobile Modem Driver Set - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: SAMSUNG Mobile USB Modem 1.0 Software - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: SAMSUNG Mobile USB Modem Software - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Samsung Mobile phone USB driver Software - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Samsung PC Studio 3 - (.Samsung Electronics Co., Ltd..) [HKLM] O42 - Logiciel: Samsung PC Studio 3 USB Driver Installer - (.Samsung Electronics Co., Ltd..) [HKLM] O42 - Logiciel: SeaTools for Windows - (.Seagate Technology.) [HKLM] O42 - Logiciel: Segoe UI - (.Microsoft Corp.) [HKLM] O42 - Logiciel: SimpliBourse 2 - (.Cornu Nicolas.) [HKLM] O42 - Logiciel: SpeedFan (remove only) - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Spelling Dictionaries Support For Adobe Reader 9 - (.Adobe Systems Incorporated.) [HKLM] O42 - Logiciel: SpywareBlaster 4.3 - (.Javacool Software LLC.) [HKLM] O42 - Logiciel: System Requirements Lab - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: TomTom HOME 2.7.4.1962 - (.TomTom.) [HKLM] O42 - Logiciel: TomTom HOME Visual Studio Merge Modules - (.TomTom International B.V..) [HKLM] O42 - Logiciel: UnHackMe 5.95 release - (.Greatis Software, LLC..) [HKLM] O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: VC80CRTRedist - 8.0.50727.4053 - (.DivX, Inc.) [HKLM] O42 - Logiciel: VLC media player 1.1.2 - (.VideoLAN.) [HKLM] O42 - Logiciel: VirtualCloneDrive - (.Elaborate Bytes.) [HKLM] O42 - Logiciel: VirtualDubMOD 1.5.10.3 Fr - (.Trad-Fr.) [HKLM] O42 - Logiciel: Visual C++ 2008 x86 Runtime - (v9.0.30729) - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Visual C++ 2008 x86 Runtime - v9.0.30729.01 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Winamp - (.Nullsoft, Inc.) [HKLM] O42 - Logiciel: Windows Internet Explorer 8 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Windows Media Format 11 runtime - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: Windows Presentation Foundation - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Windows XP Service Pack 3 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: XML Paper Specification Shared Components Language Pack 1.0 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: XML Paper Specification Shared Components Pack 1.0 - (.Microsoft Corporation.) [HKLM] O42 - Logiciel: Xilisoft DVD Ripper 4 - (.Xilisoft.) [HKLM] O42 - Logiciel: XnView 1.97 - (.Gougelet Pierre-e.) [HKLM] O42 - Logiciel: Yagi Calculator Version 2.3.3 - (.John Drew.) [HKLM] O42 - Logiciel: e-COMO - (.Pas de propriétaire.) [HKLM] O42 - Logiciel: neroxml - (.Nero AG.) [HKLM] ---\\ HKCU & HKLM Software Keys [HKCU\Software\3ivx] [HKCU\Software\?? ?? ???? ????? ??? ?? ????] [HKCU\Software\AMIJ] [HKCU\Software\ASProtect] [HKCU\Software\ASUS] [HKCU\Software\ATI] [HKCU\Software\Acala DivX to iPod] [HKCU\Software\Ad-Remover] [HKCU\Software\Adobe] [HKCU\Software\Ahead] [HKCU\Software\Analog Devices] [HKCU\Software\AppDataLow\Software\Adobe] [HKCU\Software\AppDataLow\Software\Macromedia] [HKCU\Software\AppDataLow\Software] [HKCU\Software\AppDataLow] [HKCU\Software\Apple Computer, Inc.] [HKCU\Software\Auslogics] [HKCU\Software\Autodesk, Inc.] [HKCU\Software\Autodesk] [HKCU\Software\BinTube] [HKCU\Software\Borland] [HKCU\Software\CDDB] [HKCU\Software\CDisplay] [HKCU\Software\CITY_INTERACTIVE] [HKCU\Software\Classes] [HKCU\Software\CoreCodec] [HKCU\Software\Cyberlink] [HKCU\Software\DScaler5] [HKCU\Software\DVD Decrypter] [HKCU\Software\DVDAuthor2] [HKCU\Software\DVDAuthorPro] [HKCU\Software\DVDFab] [HKCU\Software\Digital River] [HKCU\Software\DivXNetworks] [HKCU\Software\DivX] [HKCU\Software\DreamCatcher] [HKCU\Software\EGOSOFT] [HKCU\Software\EPSON] [HKCU\Software\Elaborate Bytes] [HKCU\Software\Elcom] [HKCU\Software\Eset] [HKCU\Software\Freeware] [HKCU\Software\Future Pinball] [HKCU\Software\GNU] [HKCU\Software\GSpot Appliance Corp] [HKCU\Software\Gabest] [HKCU\Software\GameHouse] [HKCU\Software\GlarySoft] [HKCU\Software\Google] [HKCU\Software\Greatis] [HKCU\Software\HTS-BELOTE] [HKCU\Software\HTS] [HKCU\Software\Haali] [HKCU\Software\IM Providers] [HKCU\Software\ImageDupeless] [HKCU\Software\Intel] [HKCU\Software\JavaSoft] [HKCU\Software\LC Technology] [HKCU\Software\Lake] [HKCU\Software\Lavasoft] [HKCU\Software\Libnet] [HKCU\Software\Licenses] [HKCU\Software\Ligos] [HKCU\Software\LizardTech] [HKCU\Software\Local AppWizard-Generated Applications] [HKCU\Software\Logitech] [HKCU\Software\Macromedia] [HKCU\Software\Mainconcept] [HKCU\Software\Malwarebytes' Anti-Malware] [HKCU\Software\Micro Application] [HKCU\Software\Mirabilis] [HKCU\Software\NOS] [HKCU\Software\Nero] [HKCU\Software\Netscape] [HKCU\Software\ODBC] [HKCU\Software\Opalium] [HKCU\Software\PC Wizard] [HKCU\Software\PDFCreator] [HKCU\Software\Pegasus Imaging] [HKCU\Software\Pegasys Inc.] [HKCU\Software\Pinnacle Systems] [HKCU\Software\Piriform] [HKCU\Software\Policies] [HKCU\Software\PowerISO] [HKCU\Software\Protexis] [HKCU\Software\R-TT] [HKCU\Software\RealNetworks] [HKCU\Software\Regrun] [HKCU\Software\River Past] [HKCU\Software\SEIKO EPSON] [HKCU\Software\Samsung PC Studio] [HKCU\Software\Samsung] [HKCU\Software\SkillEmpire] [HKCU\Software\SlySoft] [HKCU\Software\Smart Panel] [HKCU\Software\Smart Projects] [HKCU\Software\Softonic] [HKCU\Software\Softwrap] [HKCU\Software\Sony Ericsson] [HKCU\Software\SpeedFan] [HKCU\Software\Steinberg Media Technologies] [HKCU\Software\Streetwise Software] [HKCU\Software\Sysinternals] [HKCU\Software\Todae] [HKCU\Software\TomTom] [HKCU\Software\Trolltech] [HKCU\Software\Ubi Soft] [HKCU\Software\Ulead Systems] [HKCU\Software\Uniscan] [HKCU\Software\VB and VBA Program Settings] [HKCU\Software\VFPlugin] [HKCU\Software\VOB] [HKCU\Software\VSO] [HKCU\Software\VSRevoGroup] [HKCU\Software\WDC] [HKCU\Software\WinRAR SFX] [HKCU\Software\WinRAR] [HKCU\Software\Winamp] [HKCU\Software\Xilisoft] [HKCU\Software\XnView] [HKCU\Software\YahooPartnerToolbar] [HKCU\Software\eMule] [HKCU\Software\etoro] [HKCU\Software\keyhole.com] [HKCU\Software\srac] [HKLM\Software\ACE Compression Software] [HKLM\Software\AGEIA Technologies] [HKLM\Software\APC] [HKLM\Software\ASUSTeK COMPUTER INC.] [HKLM\Software\ASUS] [HKLM\Software\ATI Technologies Inc.] [HKLM\Software\ATI Technologies] [HKLM\Software\ATI] [HKLM\Software\Acorn] [HKLM\Software\Adobe] [HKLM\Software\America Online] [HKLM\Software\Analog Devices] [HKLM\Software\Andrea Electronics] [HKLM\Software\AppDataLow] [HKLM\Software\Apple Computer, Inc.] [HKLM\Software\Apple Inc.] [HKLM\Software\Apps TMD] [HKLM\Software\Audible] [HKLM\Software\Autodesk] [HKLM\Software\BrowserChoice] [HKLM\Software\C07ft5Y] [HKLM\Software\CDDB] [HKLM\Software\CDex] [HKLM\Software\CDisplay 1.8.1.0 Fr] [HKLM\Software\Classes] [HKLM\Software\Clients] [HKLM\Software\Cobian] [HKLM\Software\Combined-Community-Codec-Pack] [HKLM\Software\Convar Deutschland GmbH] [HKLM\Software\CyberLink] [HKLM\Software\DIOC] [HKLM\Software\DVC150] [HKLM\Software\DVD Decrypter 3.5.4.0 Fr] [HKLM\Software\DVDFab] [HKLM\Software\Dantz] [HKLM\Software\Digital River] [HKLM\Software\DivXNetworks] [HKLM\Software\DivX] [HKLM\Software\EPSON Photo Print] [HKLM\Software\EPSON] [HKLM\Software\ESET] [HKLM\Software\Elaborate Bytes] [HKLM\Software\Elcom] [HKLM\Software\Ericsson] [HKLM\Software\FAST Multimedia] [HKLM\Software\FileZilla 3] [HKLM\Software\Frogwares] [HKLM\Software\GNU] [HKLM\Software\Gabest] [HKLM\Software\Gemplus] [HKLM\Software\Google] [HKLM\Software\Greatis] [HKLM\Software\HaaliMkx] [HKLM\Software\ImageMagick] [HKLM\Software\InstallShield] [HKLM\Software\InstalledOptions] [HKLM\Software\Intel] [HKLM\Software\JMICRON Technologies, Inc.] [HKLM\Software\JavaSoft] [HKLM\Software\Jodix] [HKLM\Software\JreMetrics] [HKLM\Software\Kodak] [HKLM\Software\Lake] [HKLM\Software\Les Vacances d'Hercule Poirot] [HKLM\Software\Licenses] [HKLM\Software\Ligos] [HKLM\Software\LocalCooling] [HKLM\Software\Logitech] [HKLM\Software\MC2] [HKLM\Software\MCCI] [HKLM\Software\Macromedia] [HKLM\Software\Marvell] [HKLM\Software\Micro Application] [HKLM\Software\MimarSinan] [HKLM\Software\MovieBox USB] [HKLM\Software\MozillaPlugins] [HKLM\Software\Mozilla] [HKLM\Software\NOS] [HKLM\Software\Nero] [HKLM\Software\NewSoft] [HKLM\Software\Nullsoft] [HKLM\Software\ODBC] [HKLM\Software\On2 Technologies] [HKLM\Software\PDFCreator] [HKLM\Software\PandeGroup] [HKLM\Software\Pegasus Imaging] [HKLM\Software\PegasusImaging] [HKLM\Software\Pegasys Inc.] [HKLM\Software\PepiMK Software] [HKLM\Software\Persits Software] [HKLM\Software\Phonemonitor] [HKLM\Software\Pinnacle Systems] [HKLM\Software\Piriform] [HKLM\Software\Policies] [HKLM\Software\Program Groups] [HKLM\Software\Protexis] [HKLM\Software\Python] [HKLM\Software\R-TT] [HKLM\Software\RealAlternative] [HKLM\Software\RealNetworks] [HKLM\Software\Rebellion] [HKLM\Software\ReflexiveArcade] [HKLM\Software\RegisteredApplications] [HKLM\Software\River Past] [HKLM\Software\Runtime Software] [HKLM\Software\S3R521] [HKLM\Software\SEIKO EPSON CORP.] [HKLM\Software\Safer Networking Limited] [HKLM\Software\Samsung Electronics Co., Ltd.] [HKLM\Software\Samsung] [HKLM\Software\ScanSoft] [HKLM\Software\Schlumberger] [HKLM\Software\Secure] [HKLM\Software\SlySoft] [HKLM\Software\Smart Panel] [HKLM\Software\SmartSound Software] [HKLM\Software\SoftShape] [HKLM\Software\Sony Ericsson] [HKLM\Software\Srac] [HKLM\Software\Staccato] [HKLM\Software\Streetwise Software] [HKLM\Software\SymNRT] [HKLM\Software\TSS] [HKLM\Software\Tag?s] [HKLM\Software\Teleca] [HKLM\Software\Todae] [HKLM\Software\TomTom] [HKLM\Software\Trad-FR] [HKLM\Software\TrendMicro] [HKLM\Software\Ulead Systems] [HKLM\Software\VOB] [HKLM\Software\VSO] [HKLM\Software\VST] [HKLM\Software\VideoLAN] [HKLM\Software\Visioneer] [HKLM\Software\WexTech Systems] [HKLM\Software\Windows 3.1 Migration Status] [HKLM\Software\ahead] [HKLM\Software\mozilla.org] [HKLM\Software\swearware] ---\\ Contenu des dossiers Program Files (O43) O43 - CFD:Common File Directory ----D- C:\Program Files\Ad-Remover O43 - CFD:Common File Directory ----D- C:\Program Files\Adobe O43 - CFD:Common File Directory ----D- C:\Program Files\AGEIA Technologies O43 - CFD:Common File Directory ----D- C:\Program Files\Analog Devices O43 - CFD:Common File Directory ----D- C:\Program Files\AnswerWorks 4.0 O43 - CFD:Common File Directory ----D- C:\Program Files\APC O43 - CFD:Common File Directory ----D- C:\Program Files\Apple Software Update O43 - CFD:Common File Directory ----D- C:\Program Files\Asus O43 - CFD:Common File Directory ----D- C:\Program Files\ATI Technologies O43 - CFD:Common File Directory ----D- C:\Program Files\Atlence O43 - CFD:Common File Directory ----D- C:\Program Files\Auslogics O43 - CFD:Common File Directory ----D- C:\Program Files\Autodesk O43 - CFD:Common File Directory ----D- C:\Program Files\AviSynth 2.5 O43 - CFD:Common File Directory ----D- C:\Program Files\CCleaner O43 - CFD:Common File Directory ----D- C:\Program Files\CloneSpy O43 - CFD:Common File Directory ----D- C:\Program Files\Combined Community Codec Pack O43 - CFD:Common File Directory ----D- C:\Program Files\ComPlus Applications O43 - CFD:Common File Directory ----D- C:\Program Files\Cyberlink O43 - CFD:Common File Directory ----D- C:\Program Files\Dantz O43 - CFD:Common File Directory ----D- C:\Program Files\Digital Image Recovery O43 - CFD:Common File Directory ----D- C:\Program Files\DivX O43 - CFD:Common File Directory ----D- C:\Program Files\ElcomSoft O43 - CFD:Common File Directory ----D- C:\Program Files\EPSON O43 - CFD:Common File Directory ----D- C:\Program Files\ESET O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers communs O43 - CFD:Common File Directory ----D- C:\Program Files\FileZilla Server O43 - CFD:Common File Directory ----D- C:\Program Files\GameHouse O43 - CFD:Common File Directory ----D- C:\Program Files\Glary Utilities O43 - CFD:Common File Directory ----D- C:\Program Files\Google O43 - CFD:Common File Directory ----D- C:\Program Files\ImageDupeless O43 - CFD:Common File Directory --H-D- C:\Program Files\InstallShield Installation Information O43 - CFD:Common File Directory ----D- C:\Program Files\Intel O43 - CFD:Common File Directory ----D- C:\Program Files\Internet Explorer O43 - CFD:Common File Directory ----D- C:\Program Files\IrfanView O43 - CFD:Common File Directory ----D- C:\Program Files\Java O43 - CFD:Common File Directory ----D- C:\Program Files\Lavasoft O43 - CFD:Common File Directory ----D- C:\Program Files\Ligos O43 - CFD:Common File Directory ----D- C:\Program Files\LizardTech O43 - CFD:Common File Directory ----D- C:\Program Files\LocalCooling O43 - CFD:Common File Directory ----D- C:\Program Files\Logitech O43 - CFD:Common File Directory ----D- C:\Program Files\Loyers O43 - CFD:Common File Directory ----D- C:\Program Files\Malwarebytes' Anti-Malware O43 - CFD:Common File Directory ----D- C:\Program Files\Marvell O43 - CFD:Common File Directory ----D- C:\Program Files\Messenger O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft O43 - CFD:Common File Directory ----D- C:\Program Files\microsoft frontpage O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft LifeCam O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Office O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Silverlight O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Visual Studio O43 - CFD:Common File Directory ----D- C:\Program Files\MMANA-GAL O43 - CFD:Common File Directory ----D- C:\Program Files\Movie Maker O43 - CFD:Common File Directory ----D- C:\Program Files\MSBuild O43 - CFD:Common File Directory ----D- C:\Program Files\MSN O43 - CFD:Common File Directory ----D- C:\Program Files\MSN Gaming Zone O43 - CFD:Common File Directory ----D- C:\Program Files\MSXML 4.0 O43 - CFD:Common File Directory ----D- C:\Program Files\MSXML 6.0 O43 - CFD:Common File Directory ----D- C:\Program Files\My Company Name O43 - CFD:Common File Directory ----D- C:\Program Files\My-Tool O43 - CFD:Common File Directory ----D- C:\Program Files\Navilog1 O43 - CFD:Common File Directory ----D- C:\Program Files\NetMeeting O43 - CFD:Common File Directory ----D- C:\Program Files\On2 Technologies O43 - CFD:Common File Directory ----D- C:\Program Files\Outlook Express O43 - CFD:Common File Directory ----D- C:\Program Files\PC Inspector File Recovery O43 - CFD:Common File Directory ----D- C:\Program Files\PC Wizard 2006 O43 - CFD:Common File Directory ----D- C:\Program Files\PDFCreator O43 - CFD:Common File Directory ----D- C:\Program Files\Pinnacle O43 - CFD:Common File Directory ----D- C:\Program Files\PowerISO O43 - CFD:Common File Directory ----D- C:\Program Files\Pro Imaging Powertoys O43 - CFD:Common File Directory ----D- C:\Program Files\QuickTime O43 - CFD:Common File Directory ----D- C:\Program Files\Real Alternative O43 - CFD:Common File Directory ----D- C:\Program Files\Reference Assemblies O43 - CFD:Common File Directory ----D- C:\Program Files\RescuePRO™ O43 - CFD:Common File Directory ----D- C:\Program Files\Runtime Software O43 - CFD:Common File Directory ----D- C:\Program Files\Samsung O43 - CFD:Common File Directory ----D- C:\Program Files\Seagate O43 - CFD:Common File Directory ----D- C:\Program Files\Services en ligne O43 - CFD:Common File Directory ----D- C:\Program Files\Smart Panel O43 - CFD:Common File Directory ----D- C:\Program Files\SmartSound Software O43 - CFD:Common File Directory ----D- C:\Program Files\SMWLink3.0 O43 - CFD:Common File Directory ----D- C:\Program Files\SpeedFan O43 - CFD:Common File Directory ----D- C:\Program Files\SpywareBlaster O43 - CFD:Common File Directory ----D- C:\Program Files\Steinberg O43 - CFD:Common File Directory ----D- C:\Program Files\SystemRequirementsLab O43 - CFD:Common File Directory ----D- C:\Program Files\TomTom International B.V O43 - CFD:Common File Directory ----D- C:\Program Files\Ubi Soft O43 - CFD:Common File Directory ----D- C:\Program Files\Ubisoft O43 - CFD:Common File Directory ----D- C:\Program Files\UnHackMe O43 - CFD:Common File Directory --H-D- C:\Program Files\Uninstall Information O43 - CFD:Common File Directory ----D- C:\Program Files\uTorrent O43 - CFD:Common File Directory ----D- C:\Program Files\VS Revo Group O43 - CFD:Common File Directory ----D- C:\Program Files\VSO O43 - CFD:Common File Directory ----D- C:\Program Files\WDC O43 - CFD:Common File Directory ----D- C:\Program Files\Winamp O43 - CFD:Common File Directory ----D- C:\Program Files\Winamp Detect O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live SkyDrive O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Connect 2 O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Player O43 - CFD:Common File Directory ----D- C:\Program Files\Windows NT O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Sidebar O43 - CFD:Common File Directory --H-D- C:\Program Files\WindowsUpdate O43 - CFD:Common File Directory ----D- C:\Program Files\WMV9_VCM O43 - CFD:Common File Directory ----D- C:\Program Files\xerox O43 - CFD:Common File Directory ----D- C:\Program Files\Yagi Calculator O43 - CFD:Common File Directory ----D- C:\Program Files\ZHPDiag O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Adobe O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Apple O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\ATI Technologies O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Atlence O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Autodesk Shared O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Designer O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\DivX Shared O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\InstallShield O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Java O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Logitech O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Macromedia O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Microsoft Shared O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\MSSoap O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Nero O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\ODBC O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Python O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Real O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\River Past O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Services O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\SpeechEngines O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\System O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Teleca Shared O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Ulead Systems O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Windows Live O43 - CFD:Common File Directory -SH-D- C:\Program Files\Fichiers Communs\WindowsLiveInstaller O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Wise Installation Wizard ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.00000000000000000000000000000000] - 05/08/2010 - 22:39:02 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\WindowsUpdate.log [1648057] O44 - LFC:[MD5.C9DD76D0EF94637C77FF8CA5E0FB0684] - 05/08/2010 - 22:30:18 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system.ini [227] O44 - LFC:[MD5.ED0E13160E5A05A13DB61BB6CDF3E61F] - 05/08/2010 - 22:30:18 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\win.ini [595] O44 - LFC:[MD5.1FF9EBFC8AE9AA26DE33FA2118FCCCD1] - 05/08/2010 - 22:30:18 RSHA- . (.Pas de propriétaire - Pas de description.) -- C:\boot.ini [286] O44 - LFC:[MD5.A55C23F1B7B505A64D6823DF10253D0E] - 05/08/2010 - 22:07:53 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\wpa.dbl [13646] O44 - LFC:[MD5.0877AC09CAA217471589644C398FA572] - 05/08/2010 - 22:07:10 -S-A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\bootstat.dat [2048] O44 - LFC:[MD5.001306824620682AF6C70BD582CC3CC6] - 05/08/2010 - 22:07:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\PARTIZAN.TXT [4034] O44 - LFC:[MD5.7A2A74AA2768CCBA6AEB9DA10DFA19D4] - 05/08/2010 - 21:43:20 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Ad-Report-CLEAN[1].txt [2182] O44 - LFC:[MD5.F9CE310E1E491A63A747891DDA1BF386] - 05/08/2010 - 20:10:22 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Ad-Report-SCAN[1].txt [1873] O44 - LFC:[MD5.7C94333CED841061D3AD79CE7251A243] - 05/08/2010 - 20:02:55 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\lopR.txt [18771] O44 - LFC:[MD5.7471C7946FAA4128771535C777B62990] - 05/08/2010 - 18:33:48 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\ZHPExportRegistry-05-08-2010-19-33-48.txt [52056] O44 - LFC:[MD5.1A868DC368BAB9FCFCB0F62F97116F4B] - 05/08/2010 - 13:56:42 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\aaw7boot.log [33771] O44 - LFC:[MD5.F08DBD8C48A168818A3DFC28929EE6B5] - 04/08/2010 - 23:06:39 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\AUTOEXEC.NT [1896] O44 - LFC:[MD5.486E0B1BC94C346E5C352C295388C803] - 04/08/2010 - 23:06:39 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\CONFIG.NT [3072] O44 - LFC:[MD5.81051BCC2CF1BEDF378224B0A93E2877] - 04/08/2010 - 23:06:39 RSHA- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\winstart.bat [2] O44 - LFC:[MD5.E63D740A6D29F988D439A6B79D166E62] - 04/08/2010 - 23:04:20 ---A- . (.Greatis Software - Partizan - First Bootwatch Anti-Rootkit.) -- C:\WINDOWS\System32\Partizan.exe [37600] O44 - LFC:[MD5.6DDCF3F801EC15FE698F6A215CF30A1F] - 04/08/2010 - 23:04:20 ---A- . (.Greatis Software - Partizan - Rootkit detector.) -- C:\WINDOWS\System32\drivers\Partizan.sys [35816] O44 - LFC:[MD5.536D3D03DEA0872FB9F974F3ACCEE31A] - 04/08/2010 - 23:04:00 ---A- . (.Greatis Software, LLC. - UnHackMe Kernel Driver.) -- C:\WINDOWS\System32\drivers\UnHackMeDrv.sys [12808] O44 - LFC:[MD5.98BA10E286AE71E6816B43FA96592EA4] - 04/08/2010 - 16:49:53 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\ComboFix.txt [18009] O44 - LFC:[MD5.31F101E10A24A3061BB1C1FA271BEB28] - 04/08/2010 - 16:43:11 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Boot.bak [215] O44 - LFC:[MD5.48C65662EC81FBCAA110509F50C51497] - 04/08/2010 - 16:43:09 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\cmldr [263488] O44 - LFC:[MD5.C5EC72A20B4C98DB5314E6C46765B148] - 04/08/2010 - 16:40:55 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\MBR.exe [77312] O44 - LFC:[MD5.F1FBA6185A6A2BC6456970914875078E] - 04/08/2010 - 16:40:52 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\PEV.exe [256512] O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 04/08/2010 - 16:40:52 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\grep.exe [80412] O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 04/08/2010 - 16:40:52 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\sed.exe [98816] O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 04/08/2010 - 16:40:52 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\zip.exe [68096] O44 - LFC:[MD5.01D95A1F8CF13D07CC564AABB36BCC0B] - 04/08/2010 - 16:40:52 ---A- . (.SteelWerX - Freeware implementation of REG.EXE.) -- C:\WINDOWS\SWREG.exe [161792] O44 - LFC:[MD5.B7517DB073B28F5696A1E5528ABEB5D0] - 04/08/2010 - 16:40:52 ---A- . (.SteelWerX - Freeware implementation of SC.EXE.) -- C:\WINDOWS\SWSC.exe [136704] O44 - LFC:[MD5.B1A9CF0B6F80611D31987C247EC630B4] - 04/08/2010 - 16:40:52 ---A- . (.SteelWerX - Freeware implementation of XCACLS.) -- C:\WINDOWS\SWXCACLS.exe [212480] ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll ---\\ Export de clé d'application autorisée (ECAA) (O47) O47 - AAKE:Key Export SP - "D:\program files\Pinnacle\Studio 10\programs\studio.exe" [Enabled] .(.Pinnacle Systems - Studio program file.) -- D:\program files\Pinnacle\Studio 10\programs\studio.exe O47 - AAKE:Key Export SP - "C:\Program Files\Asus\AsusUpdate\Update.exe" [Enabled] .(.ASUSTek Computer Inc. - ASUS Windows Platform Flash Program.) -- C:\Program Files\Asus\AsusUpdate\Update.exe O47 - AAKE:Key Export SP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\javaw.exe" [Enabled] .(.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\WINDOWS\system32\javaw.exe O47 - AAKE:Key Export SP - "D:\program files\adslTV\adsltv.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- D:\program files\adslTV\adsltv.exe O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" [Enabled] .(.Microsoft Corporation - Windows Live Call.) (.not file.) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\sessmgr.exe" [Disabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) (.not file.) -- C:\WINDOWS\system32\sessmgr.exe O47 - AAKE:Key Export SP - "D:\program files\nero\Nero MediaHome 4\NMMediaServerService.exe" [Enabled] .(.Nero AG - Nero MediaHome.) (.not file.) -- D:\program files\nero\Nero MediaHome 4\NMMediaServerService.exe O47 - AAKE:Key Export SP - "D:\program files\VideoLAN\VLC\vlc.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- D:\program files\VideoLAN\VLC\vlc.exe O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [Enabled] .(.Microsoft Corporation - Windows Live Messenger.) (.not file.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe O47 - AAKE:Key Export SP - "C:\Program Files\Microsoft LifeCam\LifeCam.exe" [Enabled] .(.Microsoft Corporation - LifeCam.exe.) (.not file.) -- C:\Program Files\Microsoft LifeCam\LifeCam.exe O47 - AAKE:Key Export SP - "C:\Program Files\Microsoft LifeCam\LifeEnC2.exe" [Enabled] .(.Microsoft Corporation - LifeEnC2.exe.) (.not file.) -- C:\Program Files\Microsoft LifeCam\LifeEnC2.exe O47 - AAKE:Key Export SP - "C:\Program Files\Microsoft LifeCam\LifeExp.exe" [Enabled] .(.Microsoft Corporation - LifeExp.exe.) (.not file.) -- C:\Program Files\Microsoft LifeCam\LifeExp.exe O47 - AAKE:Key Export SP - "C:\Program Files\Microsoft LifeCam\LifeTray.exe" [Enabled] .(.Microsoft Corporation - LifeTray.exe.) (.not file.) -- C:\Program Files\Microsoft LifeCam\LifeTray.exe O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE" [Enabled] .(.SEIKO EPSON CORPORATION - SAgent4.) (.not file.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.exe O47 - AAKE:Key Export SP - "M:\www\xampp\xampp-control.exe" [Enabled] .(.Apache Friends - XAMPP: control center.) (.not file.) -- M:\www\xampp\xampp-control.exe O47 - AAKE:Key Export SP - "M:\www\xampp\FileZillaFTP\FileZilla Server.exe" [Enabled] .(.FileZilla Project - FileZilla Server.) (.not file.) -- M:\www\xampp\FileZillaFTP\FileZilla Server.exe O47 - AAKE:Key Export DP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" [Enabled] .(.Microsoft Corporation - Windows Live Call.) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [Enabled] .(.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe ---\\ Déni du service (Local Security Authority) (LSA) (O48) O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\System32\msv1_0.dll O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l'Éditeur de configuration de sécurité Windows.) -- C:\WINDOWS\System32\scecli.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\System32\msv1_0.dll ---\\ Image File Execution Options (IFEO) (O50) O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d ---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52) O52 - TDSD: \Drivers32\"msacm.trspch"="tssoft32.acm" . (.DSP GROUP, INC. - Codec audio TrueSpeech DSP Group pour MSACM V3.50.) -- C:\WINDOWS\System32\tssoft32.acm O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\WINDOWS\System32\iccvid.dll O52 - TDSD: \Drivers32\"vidc.iv31"="ir32_32.dll" . (.Ligos Corporation - Ligos Indeo® Video 3.2.) -- C:\WINDOWS\System32\ir32_32.dll O52 - TDSD: \Drivers32\"vidc.iv32"="ir32_32.dll" . (.Ligos Corporation - Ligos Indeo® Video 3.2.) -- C:\WINDOWS\System32\ir32_32.dll O52 - TDSD: \Drivers32\"msacm.sl_anet"="sl_anet.acm" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\WINDOWS\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\System32\l3codeca.acm O52 - TDSD: \Drivers32\"VIDC.MJPG"="Pvmjpg30.dll" . (.Pegasus Imaging Corporation - PICVideo M-JPEG 3 codec.) -- C:\WINDOWS\System32\Pvmjpg30.dll O52 - TDSD: \Drivers32\"vidc.iv50"="ir50_32.dll" . (.Ligos Corporation - Ligos Indeo XP (Indeo® Video 5.2).) -- C:\WINDOWS\System32\ir50_32.dll O52 - TDSD: \Drivers32\"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax" . (.Ligos Corporation - Indeo® Audio Software.) -- C:\WINDOWS\system32\iac25_32.ax O52 - TDSD: \Drivers32\"vidc.iv41"="ir41_32.ax" . (.Intel Corporation - Intel Indeo® Video 4.5.) -- C:\WINDOWS\System32\ir41_32.ax O52 - TDSD: \Drivers32\"vidc.VP70"="vp7vfw.dll" . (.On2.com - VP70 VIDEO FOR WINDOWS CODEC.) -- C:\WINDOWS\System32\vp7vfw.dll O52 - TDSD: \Drivers32\"vidc.DIVX"="DivX.dll" . (.DivX, Inc. - DivX.) -- C:\WINDOWS\System32\DivX.dll O52 - TDSD: \Drivers32\"vidc.yv12"="DivX.dll" . (.DivX, Inc. - DivX.) -- C:\WINDOWS\System32\DivX.dll O52 - TDSD: \drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm O52 - TDSD: \drivers.desc\"C:\WINDOWS\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\System32\l3codeca.acm O52 - TDSD: \drivers.desc\"pvmjpg30.dll"="PICVideo 3 M-JPEG VfW Codec" . (.Pegasus Imaging Corporation - PICVideo M-JPEG 3 codec.) -- C:\WINDOWS\System32\pvmjpg30.dll O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\iac25_32.ax"="Indeo® Audio Software" . (.Ligos Corporation - Indeo® Audio Software.) -- C:\WINDOWS\system32\iac25_32.ax O52 - TDSD: \drivers.desc\"iyvu9_32.dll"="Indeo® Video RAW YVU9" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\iyvu9_32.dll O52 - TDSD: \drivers.desc\"tssoft32.acm"="tssoft32.acm" . (.DSP GROUP, INC. - Codec audio TrueSpeech DSP Group pour MSACM V3.50.) -- C:\WINDOWS\System32\tssoft32.acm O52 - TDSD: \drivers.desc\"iccvid.dll"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\WINDOWS\System32\iccvid.dll O52 - TDSD: \drivers.desc\"vp7vfw.dll"="vp7vfw.dll" . (.On2.com - VP70 VIDEO FOR WINDOWS CODEC.) -- C:\WINDOWS\System32\vp7vfw.dll ---\\ ShareTools MSconfig StartupReg (SMSR) (O53) O53 - SMSR:HKLM\...\startupreg\Adobe Reader Speed Launcher [Key] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe O53 - SMSR:HKLM\...\startupreg\DivXUpdate [Key] . (.Pas de propriétaire - DivX Update.) -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe O53 - SMSR:HKLM\...\startupreg\IW_Drop_Icon [Key] . (.Pinnacle Systems GmbH. - InstantWrite Control Center.) -- C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe O53 - SMSR:HKLM\...\startupreg\QuickTime Task [Key] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\qttask.exe O53 - SMSR:HKLM\...\startupreg\Start WingMan Profiler [Key] . (.Logicool Co. Ltd. - Logicool WingMan Event Monitor.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe O53 - SMSR:HKLM\...\startupreg\TomTomHOME.exe [Key] . (.TomTom - System Tray application for TomTom HOME.) -- d:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe ---\\ Microsoft Control Security Providers (MCSP) (O54) O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll ---\\ Microsoft Windows Policies System (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0 O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"= O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"= O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "DisableRegistryTools"=0 ---\\ Microsoft Windows Policies Explorer (MWPE) (O56) O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=323 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveAutoRun"=67108863 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDrives"=0 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveAutoRun"=67108863 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveTypeAutoRun"=323 O56 - MWPE:[HKLM\...\policies\Explorer] - "HonorAutoRunSetting"=1 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDrives"=0 ---\\ Liste des Drivers Système (SDL) (O58) O58 - SDL:[MD5.EE97365199D656DDF3197FFDB091EADF] - 08/12/2006 - 16:06:00 R--A- . (.Analog Devices, Inc. - Analog Devices DTS Driver.) -- C:\WINDOWS\system32\drivers\adidts.sys O58 - SDL:[MD5.0158F4027C0808FF65ED3B3D683339C9] - 16/01/2007 - 08:09:06 R--A- . (.Analog Devices, Inc. - High Definition Audio Function Driver.) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys O58 - SDL:[MD5.358063AB6C1C4173B735525CDFA65F94] - 07/08/2006 - 05:57:30 R--A- . (.Andrea Electronics Corporation - Audio Noise Filtering Driver (32-bit).) -- C:\WINDOWS\system32\drivers\aeaudio.sys O58 - SDL:[MD5.D48659BB24C48345D926ECB45C1EBDF5] - 13/08/2004 - 03:56:20 R--A- . (.Pas de propriétaire - ATK0110 ACPI Utility.) -- C:\WINDOWS\system32\drivers\ASACPI.sys O58 - SDL:[MD5.4F9CBBF95E8F7A0D4C0EDCFE3B78102E] - 28/11/2003 - 18:34:40 ---A- . (.Pinnacle Systems GmbH - ASAPI.) -- C:\WINDOWS\system32\drivers\asapiW2k.sys O58 - SDL:[MD5.310C1844D7B7144288196DCF19FF578C] - 19/10/2006 - 03:11:12 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\drivers\AsInsHelp32.sys O58 - SDL:[MD5.51E2A3E5CE3F7D63845E06832E627F2D] - 19/10/2006 - 03:11:30 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\drivers\AsInsHelp64.sys O58 - SDL:[MD5.19A1DAC5BC607C212E8A94C05886ED52] - 22/12/2005 - 03:22:18 R--A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\drivers\AsIO.sys O58 - SDL:[MD5.54AB078660E536DA72B21A27F56B035B] - 21/11/2005 - 06:48:20 ---A- . (.Adaptec - ASPI for WIN32 Kernel Driver.) -- C:\WINDOWS\system32\drivers\ASPI32.SYS O58 - SDL:[MD5.DE91D0D73C3E61E6826D98FAC2FAC729] - 27/04/2004 - 08:26:48 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\drivers\ASUSHWIO.SYS O58 - SDL:[MD5.8763EDE3E0CD40F5C3450571AC57F205] - 26/02/2009 - 23:58:57 ---A- . (.ATI Technologies Inc. - ATI Radeon WindowsNT Miniport Driver.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys O58 - SDL:[MD5.F5C2CCDB273A546E9C3A15250F1D9165] - 18/10/2005 - 15:01:00 ---A- . (.ASUSTeK COMPUTER INC. - ASUS Help driver For Keyboard Service..) -- C:\WINDOWS\system32\drivers\atkkbnt.sys O58 - SDL:[MD5.6E996CF8459A2594E0E9609D0E34D41F] - 20/04/2009 - 16:30:03 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\drivers\atksgt.sys O58 - SDL:[MD5.CE49F1969FEAAA89A67E06ECAD286D44] - 30/06/2006 - 11:38:00 ---A- . (.ASMT - Kernel-Mode Dll.) -- C:\WINDOWS\system32\drivers\Bravo_a_crystal.sys O58 - SDL:[MD5.22AFC56DDA9325C8593E507F7D76D996] - 30/06/2006 - 11:35:00 ---A- . (.ASMT - Kernel-Mode Dll.) -- C:\WINDOWS\system32\drivers\Bravo_a_enriched.sys O58 - SDL:[MD5.F0784AABF7C59DA003BAAA63F407FA4A] - 30/06/2006 - 11:37:00 ---A- . (.ASMT - Kernel-Mode Dll.) -- C:\WINDOWS\system32\drivers\Bravo_a_theater.sys O58 - SDL:[MD5.9CD0409A86A8ECF32E0BC59D96B87010] - 30/06/2006 - 11:36:00 ---A- . (.ASMT - Kernel-Mode Dll.) -- C:\WINDOWS\system32\drivers\Bravo_a_vivid.sys O58 - SDL:[MD5.3EB2F1D3D8550E8A4A543C5E52F3AAA7] - 30/06/2006 - 11:34:00 ---A- . (.ASMT - Kernel-Mode Dll.) -- C:\WINDOWS\system32\drivers\Bravo_n_crystal.sys O58 - SDL:[MD5.F16B45867FCBF7BD402C09087CC60A3F] - 30/06/2006 - 11:31:00 ---A- . (.ASMT - Kernel-Mode Dll.) -- C:\WINDOWS\system32\drivers\Bravo_n_enriched.sys O58 - SDL:[MD5.B99E46350C2AE5AF11EE22C82AF1B06D] - 30/06/2006 - 11:32:00 ---A- . (.ASMT - Kernel-Mode Dll.) -- C:\WINDOWS\system32\drivers\Bravo_n_theater.sys O58 - SDL:[MD5.E2B7835429F02BBBA41E8CAE4E22BFBF] - 30/06/2006 - 11:28:00 ---A- . (.ASMT - Kernel-Mode Dll.) -- C:\WINDOWS\system32\drivers\Bravo_n_vivid.sys O58 - SDL:[MD5.837EEF65AF62D4E8A37C41D3879F7274] - 02/02/2007 - 03:00:00 ---A- . (.Sonic Solutions - CDR4 CD and DVD Place Holder Driver (see PxHelp).) -- C:\WINDOWS\system32\drivers\cdr4_xp.sys O58 - SDL:[MD5.579DA2F9F5401F55DAE2CF8779D61DFC] - 02/02/2007 - 03:00:00 ---A- . (.Sonic Solutions - CDRAL Place Holder Driver (see PxHelp).) -- C:\WINDOWS\system32\drivers\cdralw2k.sys O58 - SDL:[MD5.1407BC5C00EA37B1BEF106C1A225FF6D] - 10/02/2005 - 11:55:08 ---A- . (.Pinnacle Systems GmbH - InstantWrite Driver.) -- C:\WINDOWS\system32\drivers\Cdrdrv.sys O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 30/08/2002 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\drivers\cinemst2.sys O58 - SDL:[MD5.9624293E55AD405415862B504CA95B73] - 30/08/2002 - 13:00:00 ---A- . (.Compaq Computer Corporation - Compaq PA-1 Player Driver.) -- C:\WINDOWS\system32\drivers\cpqdap01.sys O58 - SDL:[MD5.59D9E5DBCFEF1E0E3DBAC1B55C718F2D] - 06/02/2009 - 13:19:52 ---A- . (.ESET - Amon monitor.) -- C:\WINDOWS\system32\drivers\eamon.sys O58 - SDL:[MD5.3BD67A869964BF57266CBBD1DCA38C6A] - 06/02/2009 - 13:23:18 ---A- . (.ESET - ESET Helper driver.) -- C:\WINDOWS\system32\drivers\ehdrv.sys O58 - SDL:[MD5.0DAF3544804650526751C478AECCCE63] - 14/06/2006 - 06:56:00 R--A- . (.ASUSTeK Computer Inc. - ASUS Kernel Mode Driver for NT.) -- C:\WINDOWS\system32\drivers\EIO.sys O58 - SDL:[MD5.075D91E4DE09A6F1EDE77C341803D454] - 26/12/2006 - 13:54:35 ---A- . (.SlySoft, Inc. - ElbyCDIO Filter Driver.) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys O58 - SDL:[MD5.44996A2ADDD2DB7454F2CA40B67D8941] - 18/12/2009 - 23:25:12 ---A- . (.Elaborate Bytes AG - ElbyCD Windows NT/2000/XP I/O driver.) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys O58 - SDL:[MD5.AA0AF2830FC14FFD7E80611614ECAC74] - 06/02/2009 - 13:24:24 ---A- . (.ESET - ESET Antivirus Network Redirector.) -- C:\WINDOWS\system32\drivers\epfwtdir.sys O58 - SDL:[MD5.52ADA45F60D6382C9B3C52826CDB9D26] - 06/05/2007 - 00:30:36 ---A- . (.Sony Ericsson Mobile Communications - Gordon's Gate USB Driver.) -- C:\WINDOWS\system32\drivers\ggsemc.sys O58 - SDL:[MD5.D64A40B94602158E40527AE95E7A9193] - 05/11/2004 - 10:08:06 ---A- . (.Aladdin Knowledge Systems Ltd. - Hardlock Device Driver for Windows NT.) -- C:\WINDOWS\system32\drivers\hardlock.sys O58 - SDL:[MD5.C995C0E8B4503FAC38793BB0236AD246] - 07/02/2006 - 12:52:58 R--A- . (.JMicron - SCSI Port upper filter driver.) -- C:\WINDOWS\system32\drivers\JGOGO.sys O58 - SDL:[MD5.F561C67E8E9C598051D4F83296FD1201] - 05/07/2006 - 13:55:58 R--A- . (.JMicron Technology Corp. - JMicron JR036X RAID Driver.) -- C:\WINDOWS\system32\drivers\jraid.sys O58 - SDL:[MD5.53D606019BB0F0C6B3E6EC9D2E0F7622] - 03/06/2005 - 12:46:32 R--A- . (.MCCI - Sony Ericsson 600i Driver.) -- C:\WINDOWS\system32\drivers\k600bus.sys O58 - SDL:[MD5.FF34C0A8B82D1978E10F3513659BFEAE] - 03/06/2005 - 12:46:32 R--A- . (.MCCI - Windows 98/98SE/ME support functions.) -- C:\WINDOWS\system32\drivers\k600cm95.sys O58 - SDL:[MD5.72315EFA8E1013FD70709FD16E995AF0] - 03/06/2005 - 12:46:34 R--A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\k600cmnt.sys O58 - SDL:[MD5.FF76FA33CF9BEA7CC7404AFDC2AEA1C8] - 03/06/2005 - 12:46:34 R--A- . (.MCCI - WDM class registry.) -- C:\WINDOWS\system32\drivers\k600cr.sys O58 - SDL:[MD5.C0D81F66557847BBB7F5B9980BC2EA2E] - 03/06/2005 - 12:46:36 R--A- . (.MCCI - Sony Ericsson 600i USB WMC Modem Filter Driver.) -- C:\WINDOWS\system32\drivers\k600mdfl.sys O58 - SDL:[MD5.646900B2921BAD4757B427D2D328EC96] - 03/06/2005 - 12:46:36 R--A- . (.MCCI - Sony Ericsson 600i USB WMC Modem WDM Driver.) -- C:\WINDOWS\system32\drivers\k600mdm.sys O58 - SDL:[MD5.3990320CFEF38B038C012029257E2300] - 03/06/2005 - 12:46:40 R--A- . (.MCCI - Sony Ericsson 600i USB WMC Device Management Driver.) -- C:\WINDOWS\system32\drivers\k600mgmt.sys O58 - SDL:[MD5.1578CB8176D08CC4D3DBE094C62FC236] - 03/06/2005 - 12:46:40 R--A- . (.MCCI - Sony Ericsson 600i USB WMC OBEX Interface Device Driver.) -- C:\WINDOWS\system32\drivers\k600obex.sys O58 - SDL:[MD5.7A6EAB94B7926F405E7B92B38017EFB7] - 03/06/2005 - 12:46:48 R--A- . (.MCCI - Windows 98/98SE/ME support functions.) -- C:\WINDOWS\system32\drivers\k600wh95.sys O58 - SDL:[MD5.CF2684B3684A2983F95A94F5F84DE6C3] - 03/06/2005 - 12:46:50 R--A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\k600whnt.sys O58 - SDL:[MD5.FE8300320281D658A7854D5CFC02A63F] - 03/06/2005 - 12:46:52 R--A- . (.MCCI - Sony Ericsson 750 Driver.) -- C:\WINDOWS\system32\drivers\k750bus.sys O58 - SDL:[MD5.594613F4B2E18F5EF24B2148BB699265] - 03/06/2005 - 12:46:54 R--A- . (.MCCI - Windows 98/98SE/ME support functions.) -- C:\WINDOWS\system32\drivers\k750cm95.sys O58 - SDL:[MD5.8C2B0E77E85902EB75BB84A8161474F6] - 03/06/2005 - 12:46:54 R--A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\k750cmnt.sys O58 - SDL:[MD5.DC2346C10039EE89CE689E63C173BC4F] - 03/06/2005 - 12:46:56 R--A- . (.MCCI - WDM class registry.) -- C:\WINDOWS\system32\drivers\k750cr.sys O58 - SDL:[MD5.F44521F63C0C00364FA3D59DB980DE6A] - 03/06/2005 - 12:46:58 R--A- . (.MCCI - Sony Ericsson 750 USB WMC Modem Filter Driver.) -- C:\WINDOWS\system32\drivers\k750mdfl.sys O58 - SDL:[MD5.E93323C3ED5E8923A177740A973C27B2] - 03/06/2005 - 12:47:00 R--A- . (.MCCI - Sony Ericsson 750 USB WMC Modem WDM Driver.) -- C:\WINDOWS\system32\drivers\k750mdm.sys O58 - SDL:[MD5.9D5F5A70CA0B7C428EFCD73DB50E6AC7] - 03/06/2005 - 12:47:04 R--A- . (.MCCI - Sony Ericsson 750 USB WMC Device Management Driver.) -- C:\WINDOWS\system32\drivers\k750mgmt.sys O58 - SDL:[MD5.81CA2D57B2C14F76F4BA80846784BB3D] - 03/06/2005 - 12:47:06 R--A- . (.MCCI - Sony Ericsson 750 USB WMC OBEX Interface Device Driver.) -- C:\WINDOWS\system32\drivers\k750obex.sys O58 - SDL:[MD5.4790F9D4BB512A03C3967FB4E576D0FB] - 03/06/2005 - 12:47:14 R--A- . (.MCCI - Windows 98/98SE/ME support functions.) -- C:\WINDOWS\system32\drivers\k750wh95.sys O58 - SDL:[MD5.A03516D5C5FB064835DFF8FD1C251E5D] - 03/06/2005 - 12:47:14 R--A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\k750whnt.sys O58 - SDL:[MD5.975B6CF65F44E95883F3855BAE8CECAF] - 20/04/2009 - 16:30:02 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\drivers\lirsgt.sys O58 - SDL:[MD5.269C14D512B74CC28D2812FF7D1EB066] - 02/06/2005 - 19:28:38 ---A- . (.Pinnacle Systems GmbH - Pinnacle Marvin Discrete Bus Enumerator.) -- C:\WINDOWS\system32\drivers\MarvinBus.sys O58 - SDL:[MD5.67B48A903430C6D4FB58CBACA1866601] - 29/04/2010 - 14:39:26 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbam.sys O58 - SDL:[MD5.C7DD7D9739785BD3A6B8499EEC1DEE7E] - 29/04/2010 - 14:39:38 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys O58 - SDL:[MD5.BE984D604D91C217355CDD3737AAD25D] - 30/08/2002 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - NikeDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\nikedrv.sys O58 - SDL:[MD5.6DDCF3F801EC15FE698F6A215CF30A1F] - 05/08/2010 - 23:04:20 ---A- . (.Greatis Software - Partizan - Rootkit detector.) -- C:\WINDOWS\system32\drivers\Partizan.sys O58 - SDL:[MD5.1BEBE7DE8508A02650CDCE45C664C2A2] - 09/02/2005 - 12:59:00 ---A- . (.Pinnacle Systems GmbH - PCLEPCI.) -- C:\WINDOWS\system32\drivers\Pclepci.sys O58 - SDL:[MD5.5B6C11DE7E839C05248CED8825470FEF] - 15/09/2007 - 13:14:23 ---A- . (.VSO Software - low level access layer for CD/DVD/BD devices.) -- C:\WINDOWS\system32\drivers\pcouffin.sys O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 30/08/2002 - 13:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\drivers\ptilink.sys O58 - SDL:[MD5.A56FE08EC7473E8580A390BB1081CDD7] - 30/08/2002 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - Rio8Drv.sys Usb Driver.) -- C:\WINDOWS\system32\drivers\rio8drv.sys O58 - SDL:[MD5.0A854DF84C77A0BE205BFEAB2AE4F0EC] - 30/08/2002 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - RioDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\riodrv.sys O58 - SDL:[MD5.4019149E4E296072831C8855605D9FDC] - 04/04/2010 - 21:12:02 ---A- . (.Sunbelt Software - Anti-Rootkit Engine.) -- C:\WINDOWS\system32\drivers\SBREDrv.sys O58 - SDL:[MD5.16B1ABE7F3E35F21DAC57592B6C5D464] - 09/11/2009 - 04:21:18 ---A- . (.PowerISO Computing, Inc. - PowerISO Virtual Drive.) -- C:\WINDOWS\system32\drivers\scdemu.sys O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 13/11/2007 - 11:25:54 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\WINDOWS\system32\drivers\secdrv.sys O58 - SDL:[MD5.4C0D673281178CB496011A2E28571FC8] - 10/08/2005 - 13:44:04 ---A- . (.Protection Technology - StarForce Protection Environment Driver.) -- C:\WINDOWS\system32\drivers\sfdrv01.sys O58 - SDL:[MD5.15BE2B5E4DC5B8623CF167720682ABC9] - 16/05/2005 - 14:20:39 ---A- . (.Protection Technology - StarForce Protection Helper Driver.) -- C:\WINDOWS\system32\drivers\sfhlp02.sys O58 - SDL:[MD5.EFEBBC1D13FDB77A6AF4EDDFC7232EDF] - 10/08/2005 - 15:06:28 ---A- . (.Protection Technology - StarForce Protection Synchronization Driver.) -- C:\WINDOWS\system32\drivers\sfsync02.sys O58 - SDL:[MD5.9245B33503E8CAB76E0BCB39F6C5CF3B] - 19/05/2003 - 09:16:00 ---A- . (.Standard Microsystems Corporation - Password Filter Driver.) -- C:\WINDOWS\system32\drivers\smscpswd.sys O58 - SDL:[MD5.00000000000000000000000000000000] - 24/06/2007 - 02:50:35 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\drivers\sptd.sys O58 - SDL:[MD5.14622AE81C72B08691EEDAABC1D4A129] - 02/05/2007 - 11:12:34 ---A- . (.MCCI Corporation - SAMSUNG Mobile USB Device II 1.0 Driver.) -- C:\WINDOWS\system32\drivers\ssm_bus.sys O58 - SDL:[MD5.79B3761947FFDA77F2EF2225C1A1DFB1] - 02/05/2007 - 11:12:34 ---A- . (.MCCI Corporation - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\ssm_cm.sys O58 - SDL:[MD5.79B3761947FFDA77F2EF2225C1A1DFB1] - 02/05/2007 - 11:12:34 ---A- . (.MCCI Corporation - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\ssm_cmnt.sys O58 - SDL:[MD5.43EE5E9FDA61A5E0EAC4C1DE699E6E4D] - 02/05/2007 - 11:12:36 ---A- . (.MCCI Corporation - SAMSUNG Mobile USB Modem II 1.0 Filter Driver.) -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys O58 - SDL:[MD5.918CFD32C7FEB174F356A0A6FAD11F4B] - 02/05/2007 - 11:12:36 ---A- . (.MCCI Corporation - SAMSUNG Mobile USB Modem II 1.0 Driver.) -- C:\WINDOWS\system32\drivers\ssm_mdm.sys O58 - SDL:[MD5.029711A9A56D300E1DC60EC65121403E] - 02/05/2007 - 11:12:36 ---A- . (.MCCI Corporation - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\ssm_wh.sys O58 - SDL:[MD5.029711A9A56D300E1DC60EC65121403E] - 02/05/2007 - 11:12:36 ---A- . (.MCCI Corporation - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\ssm_whnt.sys O58 - SDL:[MD5.306521935042FC0A6988D528643619B3] - 06/01/2009 - 18:52:17 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\drivers\StarOpen.sys O58 - SDL:[MD5.DD9596C18818288845423C68F3F39800] - 08/02/2010 - 16:07:53 ---A- . (.Trend Micro Inc. - TrendMicro Common Module.) -- C:\WINDOWS\system32\drivers\tmcomm.sys O58 - SDL:[MD5.D74A8EC75305F1D3CFDE7C7FC1BD62A9] - 30/08/2002 - 13:00:00 ---A- . (.Toshiba Corporation - WDM Toshiba Tecra Video Capture Driver.) -- C:\WINDOWS\system32\drivers\tsbvcap.sys O58 - SDL:[MD5.536D3D03DEA0872FB9F974F3ACCEE31A] - 07/07/2010 - 09:14:14 ---A- . (.Greatis Software, LLC. - UnHackMe Kernel Driver.) -- C:\WINDOWS\system32\drivers\UnHackMeDrv.sys O58 - SDL:[MD5.D7ADD0AF8424300B160DA131D15C6DE4] - 03/06/2005 - 12:47:18 R--A- . (.MCCI - Sony Ericsson V800-Vodafone 802SE Driver.) -- C:\WINDOWS\system32\drivers\v800bus.sys O58 - SDL:[MD5.B462F5329B20699F840388AAB69891CB] - 03/06/2005 - 12:47:18 R--A- . (.MCCI - Windows 98/98SE/ME support functions.) -- C:\WINDOWS\system32\drivers\v800cm95.sys O58 - SDL:[MD5.ABC077C88F1E9E9751914EF215F89FCA] - 03/06/2005 - 12:47:20 R--A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\v800cmnt.sys O58 - SDL:[MD5.A8674B23D186AE918FF5699CD292C969] - 03/06/2005 - 12:47:22 R--A- . (.MCCI - WDM class registry.) -- C:\WINDOWS\system32\drivers\v800cr.sys O58 - SDL:[MD5.7B314C7CE2065082D6E2D8BFAB7D93EC] - 03/06/2005 - 12:47:22 R--A- . (.MCCI - Sony Ericsson V800-Vodafone 802SE USB WMC Modem Filter Driver.) -- C:\WINDOWS\system32\drivers\v800mdfl.sys O58 - SDL:[MD5.B2F9621B65D24E4522ADD5EE380F0CC8] - 03/06/2005 - 12:47:24 R--A- . (.MCCI - Sony Ericsson V800-Vodafone 802SE USB WMC Modem WDM Driver.) -- C:\WINDOWS\system32\drivers\v800mdm.sys O58 - SDL:[MD5.83F8CCAD73507C1435FF2033A25FA036] - 03/06/2005 - 12:47:28 R--A- . (.MCCI - Sony Ericsson V800-Vodafone 802SE USB WMC Device Management Dri.) -- C:\WINDOWS\system32\drivers\v800mgmt.sys O58 - SDL:[MD5.7D66F658563CF251DA0A8A6EE1494B00] - 03/06/2005 - 12:47:30 R--A- . (.MCCI - Sony Ericsson V800-Vodafone 802SE USB WMC OBEX Interface Device.) -- C:\WINDOWS\system32\drivers\v800obex.sys O58 - SDL:[MD5.DE5CBBB25920E5108CAAB1273394EE7C] - 03/06/2005 - 12:47:38 R--A- . (.MCCI - Windows 98/98SE/ME support functions.) -- C:\WINDOWS\system32\drivers\v800wh95.sys O58 - SDL:[MD5.FCD037DD25ECFF6B6DB16B54F85D38B8] - 03/06/2005 - 12:47:40 R--A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\v800whnt.sys O58 - SDL:[MD5.94D73B62E458FB56C9CE60AA96D914F9] - 09/08/2009 - 22:25:56 ---A- . (.Elaborate Bytes AG - VirtualCloneCD Driver.) -- C:\WINDOWS\system32\drivers\VClone.sys O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 30/08/2002 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\drivers\vdmindvd.sys O58 - SDL:[MD5.705C36BC6E13FDB304486898D6D8512B] - 04/10/2001 - 11:53:16 ---A- . (.VOB Computersysteme GmbH - InstantWrite Driver.) -- C:\WINDOWS\system32\drivers\vobcom.sys O58 - SDL:[MD5.1DD1D1E3C3FAE2BF7CE5ED2F71A356A1] - 01/09/2004 - 14:50:02 ---A- . (.Pinnacle Systems GmbH - InstantWrite File System Driver.) -- C:\WINDOWS\system32\drivers\vobIW.sys O58 - SDL:[MD5.D9232C52E2C7B7CD26054A81310615FF] - 01/08/2005 - 12:46:40 R--A- . (.MCCI - Sony Ericsson W550 Driver.) -- C:\WINDOWS\system32\drivers\w550bus.sys O58 - SDL:[MD5.50E2FA8FED1B79770C3660E2F225F5BC] - 01/08/2005 - 12:46:40 R--A- . (.MCCI - Windows 98/98SE/ME support functions.) -- C:\WINDOWS\system32\drivers\w550cm95.sys O58 - SDL:[MD5.F17FFC0AACD871733C19777FD8450FB0] - 01/08/2005 - 12:46:42 R--A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\w550cmnt.sys O58 - SDL:[MD5.3C9EFBE26DF0A93A6583A1E0E03FF9E0] - 01/08/2005 - 12:46:42 R--A- . (.MCCI - WDM class registry.) -- C:\WINDOWS\system32\drivers\w550cr.sys O58 - SDL:[MD5.8CF6AE2C9D08C6950912B28FD3AC19E4] - 01/08/2005 - 12:46:42 R--A- . (.MCCI - Sony Ericsson W550 USB WMC Modem Filter Driver.) -- C:\WINDOWS\system32\drivers\w550mdfl.sys O58 - SDL:[MD5.73E2933110D3CF48EABC6265924D1B5F] - 01/08/2005 - 12:46:44 R--A- . (.MCCI - Sony Ericsson W550 USB WMC Modem WDM Driver.) -- C:\WINDOWS\system32\drivers\w550mdm.sys O58 - SDL:[MD5.57843DC7584BD243688761939BC28177] - 01/08/2005 - 12:46:28 R--A- . (.MCCI - Sony Ericsson W550 USB WMC Device Management Driver.) -- C:\WINDOWS\system32\drivers\w550mgmt.sys O58 - SDL:[MD5.46FE721A406EEBCB484FDF9C82A71CA2] - 01/08/2005 - 12:46:46 R--A- . (.MCCI - Sony Ericsson W550 USB WMC OBEX Interface Device Driver.) -- C:\WINDOWS\system32\drivers\w550obex.sys O58 - SDL:[MD5.0392565B674F3555D72228EC019C7DB2] - 01/08/2005 - 12:46:50 R--A- . (.MCCI - Windows 98/98SE/ME support functions.) -- C:\WINDOWS\system32\drivers\w550wh95.sys O58 - SDL:[MD5.6236738881BA5124EC88C227CDBBBC1B] - 01/08/2005 - 12:46:50 R--A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\w550whnt.sys O58 - SDL:[MD5.3286961F32BAA7D9F2D75B24EC3ED7E6] - 15/08/2005 - 14:04:54 R--A- . (.MCCI - Sony Ericsson W600 Driver.) -- C:\WINDOWS\system32\drivers\w600bus.sys O58 - SDL:[MD5.C6E28C564B3A9C3EA9DBA202D0F33014] - 15/08/2005 - 14:04:54 R--A- . (.MCCI - Windows 98/98SE/ME support functions.) -- C:\WINDOWS\system32\drivers\w600cm95.sys O58 - SDL:[MD5.86D4087CD97BBB75419CA4E4E5B0B5E2] - 15/08/2005 - 14:04:52 R--A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\w600cmnt.sys O58 - SDL:[MD5.A0B5E49DE530799B87102872C538764D] - 15/08/2005 - 14:04:50 R--A- . (.MCCI - WDM class registry.) -- C:\WINDOWS\system32\drivers\w600cr.sys O58 - SDL:[MD5.E403D8BD711561530D5A81D7F0773C54] - 15/08/2005 - 14:04:50 R--A- . (.MCCI - Sony Ericsson W600 USB WMC Modem Filter Driver.) -- C:\WINDOWS\system32\drivers\w600mdfl.sys O58 - SDL:[MD5.9E1AEA75BF144A8511B014757BA8A073] - 15/08/2005 - 14:04:48 R--A- . (.MCCI - Sony Ericsson W600 USB WMC Modem WDM Driver.) -- C:\WINDOWS\system32\drivers\w600mdm.sys O58 - SDL:[MD5.805455D662A4652AF5D22C7EFEA90107] - 15/08/2005 - 14:04:44 R--A- . (.MCCI - Sony Ericsson W600 USB WMC Device Management Driver.) -- C:\WINDOWS\system32\drivers\w600mgmt.sys O58 - SDL:[MD5.CF61F82C83FDF3F1EC9AB293E6523C5A] - 15/08/2005 - 14:04:42 R--A- . (.MCCI - Sony Ericsson W600 USB WMC OBEX Interface Device Driver.) -- C:\WINDOWS\system32\drivers\w600obex.sys O58 - SDL:[MD5.7C3266D9779BA856AE84A5CEE973DC3A] - 15/08/2005 - 14:04:34 R--A- . (.MCCI - Windows 98/98SE/ME support functions.) -- C:\WINDOWS\system32\drivers\w600wh95.sys O58 - SDL:[MD5.B55303C70D86FAD122997B72FCEB958A] - 15/08/2005 - 14:04:32 R--A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\w600whnt.sys O58 - SDL:[MD5.B8C182DF79AC8938311AC8E193D52762] - 07/09/2005 - 15:42:44 R--A- . (.MCCI - Sony Ericsson W800 Driver.) -- C:\WINDOWS\system32\drivers\w800bus.sys O58 - SDL:[MD5.18492F18DDBE44C0277843EF2F1F651E] - 07/09/2005 - 15:42:46 R--A- . (.MCCI - Windows 98/98SE/ME support functions.) -- C:\WINDOWS\system32\drivers\w800cm95.sys O58 - SDL:[MD5.774969D1AB0F281978B3743FEC1D0650] - 07/09/2005 - 15:42:46 R--A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\w800cmnt.sys O58 - SDL:[MD5.D1D75D46A2D12B18A1022923B30120D9] - 07/09/2005 - 15:42:46 R--A- . (.MCCI - WDM class registry.) -- C:\WINDOWS\system32\drivers\w800cr.sys O58 - SDL:[MD5.3AF69F28C17E1E03BB894F00D905ADD8] - 07/09/2005 - 15:42:46 R--A- . (.MCCI - Sony Ericsson W800 USB WMC Modem Filter Driver.) -- C:\WINDOWS\system32\drivers\w800mdfl.sys O58 - SDL:[MD5.0D12AFD1E1C95226B4268C1777625D05] - 07/09/2005 - 15:42:48 R--A- . (.MCCI - Sony Ericsson W800 USB WMC Modem WDM Driver.) -- C:\WINDOWS\system32\drivers\w800mdm.sys O58 - SDL:[MD5.36AD2EB4A6376D08555864EB4CFD2508] - 07/09/2005 - 15:42:50 R--A- . (.MCCI - Sony Ericsson W800 USB WMC Device Management Driver.) -- C:\WINDOWS\system32\drivers\w800mgmt.sys O58 - SDL:[MD5.7905915006FEBBF0F137AF36A3FD6429] - 07/09/2005 - 15:42:50 R--A- . (.MCCI - Sony Ericsson W800 USB WMC OBEX Interface Device Driver.) -- C:\WINDOWS\system32\drivers\w800obex.sys O58 - SDL:[MD5.9B59C3433498F8B9EB9ECBCAE434CB45] - 07/09/2005 - 15:42:56 R--A- . (.MCCI - Windows 98/98SE/ME support functions.) -- C:\WINDOWS\system32\drivers\w800wh95.sys O58 - SDL:[MD5.EF0E1D2BFF6DE8F2AF0103B6EC9955D0] - 07/09/2005 - 15:42:56 R--A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\w800whnt.sys O58 - SDL:[MD5.5E8B60606FC4173B69CDECD964F22D28] - 20/02/2006 - 16:59:28 R--A- . (.MCCI - Sony Ericsson W810 Driver Driver.) -- C:\WINDOWS\system32\drivers\w810bus.sys O58 - SDL:[MD5.81144FEC069AEBDEB006BCBC8D9F4074] - 06/05/2007 - 23:55:47 ---A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\w810cm.sys O58 - SDL:[MD5.85FBAB631D3624B0FAFE3BAE6D83FA99] - 20/02/2006 - 16:59:30 R--A- . (.MCCI - Windows 95/98/ME support functions.) -- C:\WINDOWS\system32\drivers\w810cm95.sys O58 - SDL:[MD5.81144FEC069AEBDEB006BCBC8D9F4074] - 20/02/2006 - 16:59:28 R--A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\w810cmnt.sys O58 - SDL:[MD5.BC8D6761011373A04963EB4C98681C06] - 20/02/2006 - 16:59:26 R--A- . (.MCCI - WDM class registry.) -- C:\WINDOWS\system32\drivers\w810cr.sys O58 - SDL:[MD5.C0CC4F5A3C58B4C07EC4A82A5AE24714] - 20/02/2006 - 16:59:32 R--A- . (.MCCI - Sony Ericsson W810 USB WMC Modem Filter Driver.) -- C:\WINDOWS\system32\drivers\w810mdfl.sys O58 - SDL:[MD5.2AAFEEDC3BFE14419CBCE7CEEA59DD05] - 20/02/2006 - 16:59:34 R--A- . (.MCCI - Sony Ericsson W810 USB WMC Modem WDM Driver.) -- C:\WINDOWS\system32\drivers\w810mdm.sys O58 - SDL:[MD5.B0037DB3F890D0FFCF7E35F356A435EC] - 20/02/2006 - 16:59:34 R--A- . (.MCCI - Sony Ericsson W810 USB WMC Device Management Driver.) -- C:\WINDOWS\system32\drivers\w810mgmt.sys O58 - SDL:[MD5.BF609636068F17246F94B490C5812483] - 20/02/2006 - 16:59:36 R--A- . (.MCCI - Sony Ericsson W810 USB WMC OBEX Interface Device Driver.) -- C:\WINDOWS\system32\drivers\w810obex.sys O58 - SDL:[MD5.77D236E2F152D8C3F137696CA4494466] - 06/05/2007 - 23:55:47 ---A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\w810wh.sys O58 - SDL:[MD5.41363C88F0823FE024AEEEB8465A8B52] - 20/02/2006 - 16:59:40 R--A- . (.MCCI - Windows 95/98/ME support functions.) -- C:\WINDOWS\system32\drivers\w810wh95.sys O58 - SDL:[MD5.77D236E2F152D8C3F137696CA4494466] - 20/02/2006 - 16:59:42 R--A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\w810whnt.sys O58 - SDL:[MD5.E3673EFE4201C86B1313E7EC7C1610F2] - 27/09/2005 - 09:34:10 R--A- . (.MCCI - Sony Ericsson 900i Driver.) -- C:\WINDOWS\system32\drivers\w900bus.sys O58 - SDL:[MD5.9820DE5D48A58E85B3D4FEB921C1BA00] - 27/09/2005 - 09:34:12 R--A- . (.MCCI - Windows 98/98SE/ME support functions.) -- C:\WINDOWS\system32\drivers\w900cm95.sys O58 - SDL:[MD5.0384B69C7D361AD97216C3BB646DECF8] - 27/09/2005 - 09:34:12 R--A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\w900cmnt.sys O58 - SDL:[MD5.BA8F7209579BB71539E71F198C153A16] - 27/09/2005 - 09:34:14 R--A- . (.MCCI - WDM class registry.) -- C:\WINDOWS\system32\drivers\w900cr.sys O58 - SDL:[MD5.5E12E1A14EC2B30D194AE5F0DCF51E99] - 27/09/2005 - 09:34:16 R--A- . (.MCCI - Sony Ericsson 900i USB WMC Modem Filter Driver.) -- C:\WINDOWS\system32\drivers\w900mdfl.sys O58 - SDL:[MD5.4B07902F1239B1AAC1922375143B7465] - 27/09/2005 - 09:34:18 R--A- . (.MCCI - Sony Ericsson 900i USB WMC Modem WDM Driver.) -- C:\WINDOWS\system32\drivers\w900mdm.sys O58 - SDL:[MD5.B1B176032248B743875D56EC5D727E21] - 27/09/2005 - 09:34:24 R--A- . (.MCCI - Sony Ericsson 900i USB WMC Device Management Driver.) -- C:\WINDOWS\system32\drivers\w900mgmt.sys O58 - SDL:[MD5.D938E852E96336AD9E872833E233098B] - 27/09/2005 - 09:34:26 R--A- . (.MCCI - Sony Ericsson 900i USB WMC OBEX Interface Device Driver.) -- C:\WINDOWS\system32\drivers\w900obex.sys O58 - SDL:[MD5.E5D6754921C1BB7EFEAB7C8FC0A84B98] - 27/09/2005 - 09:34:34 R--A- . (.MCCI - Windows 98/98SE/ME support functions.) -- C:\WINDOWS\system32\drivers\w900wh95.sys O58 - SDL:[MD5.0275505C4C33E5C247865B01D45C2B99] - 27/09/2005 - 09:34:36 R--A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\w900whnt.sys O58 - SDL:[MD5.59C90BC8317BD3F6E5559A4DEAF35090] - 13/01/2009 - 18:13:20 ---A- . (.Logicool Co. Ltd. - Logicool WingMan Virtual Bus Enumerator Driver.) -- C:\WINDOWS\system32\drivers\WmBEnum.sys O58 - SDL:[MD5.999A4539AD634A741AFD357E290BD461] - 13/01/2009 - 18:13:28 ---A- . (.Logicool Co. Ltd. - Logicool WingMan Hid Filter Driver.) -- C:\WINDOWS\system32\drivers\WmFilter.sys O58 - SDL:[MD5.0B8C64B13776F17537F0705FE62799C6] - 13/01/2009 - 18:13:44 ---A- . (.Logicool Co. Ltd. - Logicool WingMan Virtual Hid Device Driver.) -- C:\WINDOWS\system32\drivers\WmVirHid.sys O58 - SDL:[MD5.8D388AEB1A12C1192AA9B4EBCEABCBA6] - 13/01/2009 - 18:13:52 ---A- . (.Logicool Co. Ltd. - Logicool WingMan Translation Driver.) -- C:\WINDOWS\system32\drivers\WmXlCore.sys O58 - SDL:[MD5.4322C32CED8C4772E039616DCBF01D3F] - 06/12/2007 - 09:51:00 ---A- . (.Marvell - Miniport Driver for Marvell Yukon Ethernet Controller..) -- C:\WINDOWS\system32\drivers\yk51x86.sys O58 - SDL:[MD5.8DAB07DDA1526827BB38DA7B988CB15E] - 03/06/2005 - 12:47:42 R--A- . (.MCCI - Sony Ericsson Driver.) -- C:\WINDOWS\system32\drivers\z3f2bus.sys O58 - SDL:[MD5.39D911061E5F49C27404785D00650E9B] - 03/06/2005 - 12:47:42 R--A- . (.MCCI - Windows 95/98/ME support functions.) -- C:\WINDOWS\system32\drivers\z3f2cm95.sys O58 - SDL:[MD5.DC5CA7DC334E44865EF89A0BF7410D3C] - 03/06/2005 - 12:47:42 R--A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\z3f2cmnt.sys O58 - SDL:[MD5.B29B390CAFF8F4D3E4C8637F3CFCFE81] - 03/06/2005 - 12:47:44 R--A- . (.MCCI - WDM class registry.) -- C:\WINDOWS\system32\drivers\z3f2cr.sys O58 - SDL:[MD5.48EFFA7FB2E4EF1617BB8017CB745094] - 03/06/2005 - 12:47:46 R--A- . (.MCCI - Sony Ericsson USB WMC Modem Filter Driver.) -- C:\WINDOWS\system32\drivers\z3f2mdfl.sys O58 - SDL:[MD5.900A1E03EC880DE37A478BD3EF53F884] - 03/06/2005 - 12:47:46 R--A- . (.MCCI - Sony Ericsson USB WMC Modem WDM Driver.) -- C:\WINDOWS\system32\drivers\z3f2mdm.sys O58 - SDL:[MD5.2BED88B85BC1B19BA4AD5DEFF5DEACBA] - 03/06/2005 - 12:47:50 R--A- . (.MCCI - Sony Ericsson USB WMC Device Management Driver.) -- C:\WINDOWS\system32\drivers\z3f2mgmt.sys O58 - SDL:[MD5.2FF5F28714C16F677650337B91F3E7B5] - 03/06/2005 - 12:47:50 R--A- . (.MCCI - Sony Ericsson USB WMC OBEX Interface Device Driver.) -- C:\WINDOWS\system32\drivers\z3f2obex.sys O58 - SDL:[MD5.1EAA4649BA1C1CA39338F7FB882C2245] - 03/06/2005 - 12:48:00 R--A- . (.MCCI - Windows 95/98/ME support functions.) -- C:\WINDOWS\system32\drivers\z3f2wh95.sys O58 - SDL:[MD5.3804C903C79125BA637648D543DE647F] - 03/06/2005 - 12:48:00 R--A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\z3f2whnt.sys O58 - SDL:[MD5.F0F412800D61BB5614FC567D272B4071] - 07/09/2005 - 15:42:56 R--A- . (.MCCI - Sony Ericsson 520 Driver.) -- C:\WINDOWS\system32\drivers\z520bus.sys O58 - SDL:[MD5.C7F80E03146B4AE69CA3637CFA45C4F7] - 07/09/2005 - 15:42:58 R--A- . (.MCCI - Windows 98/98SE/ME support functions.) -- C:\WINDOWS\system32\drivers\z520cm95.sys O58 - SDL:[MD5.759F8C115A79BB27027B828D9F68FD1A] - 07/09/2005 - 15:42:58 R--A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\z520cmnt.sys O58 - SDL:[MD5.E55859D932CCAA7368AB114311A07DFD] - 07/09/2005 - 15:42:58 R--A- . (.MCCI - WDM class registry.) -- C:\WINDOWS\system32\drivers\z520cr.sys O58 - SDL:[MD5.C74E6F770617CD75A50BB655BAA37A87] - 07/09/2005 - 15:42:58 R--A- . (.MCCI - Sony Ericsson 520 USB WMC Modem Filter Driver.) -- C:\WINDOWS\system32\drivers\z520mdfl.sys O58 - SDL:[MD5.C5897913D4CE3D851573B52C33055CB2] - 07/09/2005 - 15:43:00 R--A- . (.MCCI - Sony Ericsson 520 USB WMC Modem WDM Driver.) -- C:\WINDOWS\system32\drivers\z520mdm.sys O58 - SDL:[MD5.0E9C6528BBE7B83CB179ADE881EAA38E] - 07/09/2005 - 15:43:02 R--A- . (.MCCI - Sony Ericsson 520 USB WMC Device Management Driver.) -- C:\WINDOWS\system32\drivers\z520mgmt.sys O58 - SDL:[MD5.F69D28F2B6D6F4493E564549A2D9816B] - 07/09/2005 - 15:43:02 R--A- . (.MCCI - Sony Ericsson 520 USB WMC OBEX Interface Device Driver.) -- C:\WINDOWS\system32\drivers\z520obex.sys O58 - SDL:[MD5.9D577AB16E1912C571D7006818BFF145] - 07/09/2005 - 15:43:08 R--A- . (.MCCI - Windows 98/98SE/ME support functions.) -- C:\WINDOWS\system32\drivers\z520wh95.sys O58 - SDL:[MD5.31126608D29943618F25597568960D07] - 07/09/2005 - 15:43:08 R--A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\z520whnt.sys O58 - SDL:[MD5.C4E75E2C549137ED07FCC075A9767141] - 18/11/2005 - 12:26:28 R--A- . (.MCCI - Sony Ericsson Z800 Driver.) -- C:\WINDOWS\system32\drivers\z800bus.sys O58 - SDL:[MD5.00C8F00E4754603570DD0C42A77B8D08] - 18/11/2005 - 12:26:28 R--A- . (.MCCI - Windows 98/98SE/ME support functions.) -- C:\WINDOWS\system32\drivers\z800cm95.sys O58 - SDL:[MD5.D7DA6A936B8DF79A20A8289A7DAC017A] - 18/11/2005 - 12:26:26 R--A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\z800cmnt.sys O58 - SDL:[MD5.92CDC06EF91FCC4EA5D23DA324E93754] - 18/11/2005 - 12:26:24 R--A- . (.MCCI - WDM class registry.) -- C:\WINDOWS\system32\drivers\z800cr.sys O58 - SDL:[MD5.DAA7CF523159946C635CEC73419EC408] - 18/11/2005 - 12:26:22 R--A- . (.MCCI - Sony Ericsson Z800 USB WMC Modem Filter Driver.) -- C:\WINDOWS\system32\drivers\z800mdfl.sys O58 - SDL:[MD5.368E4BF66728848F66602F4CB95DC788] - 18/11/2005 - 12:26:20 R--A- . (.MCCI - Sony Ericsson Z800 USB WMC Modem WDM Driver.) -- C:\WINDOWS\system32\drivers\z800mdm.sys O58 - SDL:[MD5.C902E1C9D12ECD6D5B73B0D10575341B] - 18/11/2005 - 12:26:12 R--A- . (.MCCI - Sony Ericsson Z800 USB WMC Device Management Driver.) -- C:\WINDOWS\system32\drivers\z800mgmt.sys O58 - SDL:[MD5.3562D8FB0A2E254F304AB4BCBCA44CAB] - 18/11/2005 - 12:26:08 R--A- . (.MCCI - Sony Ericsson Z800 USB WMC OBEX Interface Device Driver.) -- C:\WINDOWS\system32\drivers\z800obex.sys O58 - SDL:[MD5.1D306275FF0B1919BFF58B3AC9D6AA4C] - 18/11/2005 - 12:25:58 R--A- . (.MCCI - Windows 98/98SE/ME support functions.) -- C:\WINDOWS\system32\drivers\z800wh95.sys O58 - SDL:[MD5.320C74622013992EF027B4D84170B164] - 18/11/2005 - 12:25:58 R--A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\z800whnt.sys O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 30/08/2002 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ansi.sys O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 30/08/2002 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\country.sys O58 - SDL:[MD5.4D9BD3A599C6A9C2B5922376F9F4D221] - 29/01/2008 - 23:24:48 RSH-- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\F12653EECC.sys O58 - SDL:[MD5.77EBF3E9386DAA51551AF429052D88D0] - 03/04/1996 - 20:33:26 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\giveio.sys O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 30/08/2002 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\himem.sys O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 30/08/2002 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\key01.sys O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 30/08/2002 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\keyboard.sys O58 - SDL:[MD5.CACC7DB4CA4F58717280B67EC9BC2F64] - 08/05/2009 - 16:09:50 -SHA- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\KGyGaAvL.sys O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 30/08/2002 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos.sys O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 30/08/2002 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos404.sys O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 30/08/2002 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos411.sys O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 30/08/2002 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos412.sys O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 30/08/2002 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos804.sys O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 03/08/2004 - 22:45:26 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio.sys O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 03/08/2004 - 22:45:16 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio404.sys O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 03/08/2004 - 22:45:12 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio411.sys O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 03/08/2004 - 22:45:16 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio412.sys O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 03/08/2004 - 22:45:14 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio804.sys O58 - SDL:[MD5.5D6401DB90EC81B71F8E2C5C8F0FEF23] - 24/09/2006 - 14:28:46 ---A- . (.Windows ® 2000 DDK provider - SpeedFan Device Driver.) -- C:\WINDOWS\system32\speedfan.sys ---\\ Liste des outils de nettoyage (LATC) (O63) O63 - Logiciel: Ad-Remover By C_XX - (.C_XX.) O63 - Logiciel: HijackThis 2.0.2 - (.TrendMicro.) O63 - Logiciel: ZHPDiag 1.26 - (.Nicolas Coolman.) O63 - Logiciel: Lop SD - (.AngelDark & Eric71.) O63 - Logiciel: RSIT - (.random/random.) ---\\ Liste des services Legacy (LALS) (O64) O64 - Services: CurCS - M:\www\xampp\apache\bin\httpd.exe - Apache2.2 (Apache2.2) .(.Apache Software Foundation - Apache HTTP Server.) - LEGACY_APACHE2.2 O64 - Services: CurCS - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe - APC UPS Service (APC UPS Service) .(.American Power Conversion Corporation - Battery backup management service.) - LEGACY_APC_UPS_SERVICE O64 - Services: CurCS - C:\Windows\system32\drivers\AsIO.sys - AsIO (AsIO) .(.Pas de propriétaire - Pas de description.) - LEGACY_ASIO O64 - Services: CurCS - C:\Windows\system32\drivers\aspi32.sys - Aspi32 (Aspi32) .(.Adaptec - ASPI for WIN32 Kernel Driver.) - LEGACY_ASPI32 O64 - Services: CurCS - C:\WINDOWS\system32\Ati2evxx.exe - Ati HotKey Poller (Ati HotKey Poller) .(.ATI Technologies Inc. - ATI External Event Utility EXE Module.) - LEGACY_ATI_HOTKEY_POLLER O64 - Services: CurCS - C:\WINDOWS\system32\ati2sgag.exe - ATI Smart (ATI Smart) .(.Pas de propriétaire - ATI Smart.) - LEGACY_ATI_SMART O64 - Services: CurCS - C:\WINDOWS\ATKKBService.exe - ATK Keyboard Service (ATKKeyboardService) .(.ASUSTeK COMPUTER INC. - ASUS Keyboard Service.) - LEGACY_ATKKEYBOARDSERVICE O64 - Services: CurCS - C:\Windows\system32\DRIVERS\atksgt.sys - atksgt (atksgt) .(.Pas de propriétaire - Pas de description.) - LEGACY_ATKSGT O64 - Services: CurCS - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe - Autodesk Licensing Service (Autodesk Licensing Service) .(.Autodesk - System Level Service Utility.) - LEGACY_AUTODESK_LICENSING_SERVICE O64 - Services: CurCS - (.not file.) - Lanceur de processus serveur DCOM (DcomLaunch) .(.Pas de propriétaire - Pas de description.) - LEGACY_DCOMLAUNCH O64 - Services: CurCS - C:\Windows\system32\DRIVERS\eamon.sys - eamon (eamon) .(.ESET - Amon monitor.) - LEGACY_EAMON O64 - Services: CurCS - C:\Windows\system32\DRIVERS\ehdrv.sys - ehdrv (ehdrv) .(.ESET - ESET Helper driver.) - LEGACY_EHDRV O64 - Services: CurCS - C:\WINDOWS\system32\drivers\EIO.sys - EIO (EIO) .(.ASUSTeK Computer Inc. - ASUS Kernel Mode Driver for NT.) - LEGACY_EIO O64 - Services: CurCS - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe - ESET Service (ekrn) .(.ESET - ESET Service.) - LEGACY_EKRN O64 - Services: CurCS - C:\Windows\system32\Drivers\ElbyCDIO.sys - ElbyCDIO Driver (ElbyCDIO) .(.Elaborate Bytes AG - ElbyCD Windows NT/2000/XP I/O driver.) - LEGACY_ELBYCDIO O64 - Services: CurCS - C:\Windows\system32\DRIVERS\epfwtdir.sys - epfwtdir (epfwtdir) .(.ESET - ESET Antivirus Network Redirector.) - LEGACY_EPFWTDIR O64 - Services: CurCS - M:\www\xampp\FileZillaFTP\FileZilla server.exe - FileZilla Server (FileZilla Server) .(.FileZilla Project - FileZilla Server.) - LEGACY_FILEZILLA_SERVER O64 - Services: CurCS - C:\Windows\system32\giveio.sys - giveio (giveio) .(.Pas de propriétaire - Pas de description.) - LEGACY_GIVEIO O64 - Services: CurCS - C:\Program Files\Google\Update\GoogleUpdate.exe - Service Google Update (gupdate) (gupdate) .(.Google Inc. - Programme d'installation de Google.) - LEGACY_GUPDATE O64 - Services: CurCS - C:\WINDOWS\system32\drivers\hardlock.sys - Hardlock (Hardlock) .(.Aladdin Knowledge Systems Ltd. - Hardlock Device Driver for Windows NT.) - LEGACY_HARDLOCK O64 - Services: CurCS - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe - InstallDriver Table Manager (IDriverT) .(.Macrovision Corporation - IDriverT Module.) - LEGACY_IDRIVERT O64 - Services: CurCS - C:\Program Files\Java\jre6\bin\jqs.exe - Java Quick Starter (JavaQuickStarterService) .(.Sun Microsystems, Inc. - Java Quick Starter Service.) - LEGACY_JAVAQUICKSTARTERSERVICE O64 - Services: CurCS - C:\Windows\system32\DRIVERS\lirsgt.sys - lirsgt (lirsgt) .(.Pas de propriétaire - Pas de description.) - LEGACY_LIRSGT O64 - Services: CurCS - (.not file.) - Gestionnaire de point de montage (MountMgr) .(.Pas de propriétaire - Pas de description.) - LEGACY_MOUNTMGR O64 - Services: CurCS - (.not file.) - Mup (Mup) .(.Pas de propriétaire - Pas de description.) - LEGACY_MUP O64 - Services: CurCS - (.not file.) - Pilote système NDIS (NDIS) .(.Pas de propriétaire - Pas de description.) - LEGACY_NDIS O64 - Services: CurCS - D:\program files\nero\Nero MediaHome 4\NMMediaServerService.exe - Nero MediaHome 4 Service (NeroMediaHomeService.4) .(.Nero AG - Nero MediaHome.) - LEGACY_NEROMEDIAHOMESERVICE.4 O64 - Services: CurCS - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe - Nero BackItUp Scheduler 4.0 (Nero BackItUp Scheduler 4.0) .(.Nero AG - Nero BackItUp.) - LEGACY_NERO_BACKITUP_SCHEDULER_4.0 O64 - Services: CurCS - C:\Windows\system32\drivers\Partizan.sys - Partizan (Partizan) .(.Greatis Software - Partizan - Rootkit detector.) - LEGACY_PARTIZAN O64 - Services: CurCS - (.not file.) - Gestionnaire de partition (PartMgr) .(.Pas de propriétaire - Pas de description.) - LEGACY_PARTMGR O64 - Services: CurCS - C:\WINDOWS\system32\drivers\pclepci.sys - PCLEPCI (PCLEPCI) .(.Pinnacle Systems GmbH - PCLEPCI.) - LEGACY_PCLEPCI O64 - Services: CurCS - D:\program files\nero\Nero BackItUp 4\IoctlSvc.exe - PLFlash DeviceIoControl Service (PLFlash DeviceIoControl Service) .(.Prolific Technology Inc. - PLFlash DeviceIoControl Service.) - LEGACY_PLFLASH_DEVICEIOCONTROL_SERVICE O64 - Services: CurCS - (.not file.) - RDPNP (RDPNP) .(.Pas de propriétaire - Pas de description.) - LEGACY_RDPNP O64 - Services: CurCS - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe - Retrospect WD Service (RetroWDSvc) .(.Dantz Development Corporation - Retrospect.) - LEGACY_RETROWDSVC O64 - Services: CurCS - C:\Program Files\Cyberlink\Shared files\RichVideo.exe - Cyberlink RichVideo Service(CRVS) (RichVideo) .(.Pas de propriétaire - RichVideo Module.) - LEGACY_RICHVIDEO O64 - Services: CurCS - (.not file.) - Appel de procédure distante (RPC) (RpcSs) .(.Pas de propriétaire - Pas de description.) - LEGACY_RPCSS O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\SCDEMU.sys - SCDEmu (SCDEmu) .(.PowerISO Computing, Inc. - PowerISO Virtual Drive.) - LEGACY_SCDEMU O64 - Services: CurCS - C:\Windows\system32\DRIVERS\secdrv.sys - Secdrv (Secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV O64 - Services: CurCS - C:\Windows\system32\drivers\sfdrv01.sys - StarForce Protection Environment Driver (version 1.x) (sfdrv01) .(.Protection Technology - StarForce Protection Environment Driver.) - LEGACY_SFDRV01 O64 - Services: CurCS - C:\Windows\system32\drivers\sfhlp02.sys - StarForce Protection Helper Driver (version 2.x) (sfhlp02) .(.Protection Technology - StarForce Protection Helper Driver.) - LEGACY_SFHLP02 O64 - Services: CurCS - C:\Windows\system32\drivers\sfsync02.sys - StarForce Protection Synchronization Driver (version 2.x) (sfsync02) .(.Protection Technology - StarForce Protection Synchronization Driver.) - LEGACY_SFSYNC02 O64 - Services: CurCS - C:\Windows\system32\speedfan.sys - speedfan (speedfan) .(.Windows ® 2000 DDK provider - SpeedFan Device Driver.) - LEGACY_SPEEDFAN O64 - Services: CurCS - C:\Windows\system32\Drivers\sptd.sys - sptd (sptd) .(.Pas de propriétaire - Pas de description.) - LEGACY_SPTD O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\STAROPEN.sys - StarOpen (StarOpen) .(.Pas de propriétaire - Pas de description.) - LEGACY_STAROPEN O64 - Services: CurCS - (.not file.) - Services Terminal Server (TermService) .(.Pas de propriétaire - Pas de description.) - LEGACY_TERMSERVICE O64 - Services: CurCS - d:\Program Files\TomTom HOME 2\TomTomHOMEService.exe - TomTomHOMEService (TomTomHOMEService) .(.TomTom - Windows Service for TomTom HOME.) - LEGACY_TOMTOMHOMESERVICE O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\UNHACKMEDRV.sys - UnHackMeDrv (UnHackMeDrv) .(.Greatis Software, LLC. - UnHackMe Kernel Driver.) - LEGACY_UNHACKMEDRV ---\\ Liste des fichiers non signés (LUF) (O65) O65 - LUF:25/05/2004 (.Pas de propriétaire - AC3Filter.) (1.01a) - c:\windows\system32\ac3filter.ax O65 - LUF:10/01/2006 (.Pas de propriétaire - AsIO Dynamic Link Library.) (1, 0, 0, 1) - c:\windows\system32\AsIO.dll O65 - LUF:25/02/2009 (.Pas de propriétaire - ATI Smart.) (5.13.0027) - c:\windows\system32\ati2sgag.exe O65 - LUF:21/05/2007 (.Pas de propriétaire - csExWBDLMan Module.) (1, 0, 0, 1) - c:\windows\system32\csExWBDLMan.dll O65 - LUF:30/09/1997 (.Pas de propriétaire - Reference Implementation.) (V1.1.FC1) - c:\windows\system32\LFFPX7.DLL O65 - LUF:30/09/1997 (.Pas de propriétaire - Reference Implementation.) (V1.1.FC1) - c:\windows\system32\LFKODAK.DLL O65 - LUF:25/11/2003 (.Pas de propriétaire - MACD32 Dynamic Link Library.) (1, 0, 0, 1) - c:\windows\system32\macd32.dll O65 - LUF:25/11/2003 (.Pas de propriétaire - MAMC32 Dynamic Link Library.) (1, 0, 0, 1) - c:\windows\system32\mamc32.dll O65 - LUF:28/11/2005 (.Pas de propriétaire - PC Wizard.) (2006, 1, 0, 0) - c:\windows\system32\PCWizard.cpl O65 - LUF:11/03/2004 (.Pas de propriétaire - .) (1.0.0.63) - c:\windows\system32\PSDrvCheck.CHS O65 - LUF:11/03/2004 (.Pas de propriétaire - .) (1.0.0.63) - c:\windows\system32\PSDrvCheck.CHT O65 - LUF:10/11/2003 (.Pas de propriétaire - .) (1.0.0.63) - c:\windows\system32\PSDrvCheck.DE O65 - LUF:11/03/2004 (.Pas de propriétaire - .) (1.0.0.63) - c:\windows\system32\PSDrvCheck.DEU O65 - LUF:10/11/2003 (.Pas de propriétaire - .) (1.0.0.63) - c:\windows\system32\PSDrvCheck.ES O65 - LUF:11/03/2004 (.Pas de propriétaire - .) (1.0.0.63) - c:\windows\system32\PSDrvCheck.ESP O65 - LUF:11/03/2004 (.Pas de propriétaire - .) (1.0.0.63) - c:\windows\system32\PSDrvCheck.exe O65 - LUF:10/11/2003 (.Pas de propriétaire - .) (1.0.0.63) - c:\windows\system32\PSDrvCheck.FR O65 - LUF:11/03/2004 (.Pas de propriétaire - .) (1.0.0.63) - c:\windows\system32\PSDrvCheck.FRA O65 - LUF:10/11/2003 (.Pas de propriétaire - .) (1.0.0.63) - c:\windows\system32\PSDrvCheck.IT O65 - LUF:11/03/2004 (.Pas de propriétaire - .) (1.0.0.63) - c:\windows\system32\PSDrvCheck.ITA O65 - LUF:10/11/2003 (.Pas de propriétaire - .) (1.0.0.63) - c:\windows\system32\PSDrvCheck.JP O65 - LUF:11/03/2004 (.Pas de propriétaire - .) (1.0.0.63) - c:\windows\system32\PSDrvCheck.JPN O65 - LUF:11/03/2004 (.Pas de propriétaire - .) (1.0.0.63) - c:\windows\system32\PSDrvCheck.KOR O65 - LUF:10/11/2003 (.Pas de propriétaire - .) (1.0.0.63) - c:\windows\system32\PSDrvCheck.NL O65 - LUF:11/03/2004 (.Pas de propriétaire - .) (1.0.0.63) - c:\windows\system32\PSDrvCheck.NLD O65 - LUF:01/02/2005 (.Pas de propriétaire - skvctcpl.) (1, 0, 0, 1) - c:\windows\system32\skvctcp.cpl O65 - LUF:13/06/2006 (.Pas de propriétaire - ZLib.DLL.) (1.1.4.1) - c:\windows\system32\zlib.dll ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.com> <ComFile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.com> <ComFile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.html> <htmlfile>[HKCR\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe ---\\ Start Menu Internet (SMI) (O68) O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe O68 - StartMenuInternet: <MSN Explorer> <>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - msn.) -- C:\Program Files\MSN\MSNCoreFiles\MSN6.exe ---\\ Search Browser Infection (SBI) (O69) O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - Bing O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - () - Bing O69 - SBI: SearchScopes [HKCU] {3A4AA391-42F1-42EF-8C0D-C2B0AF53D621} [DefaultScope] - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKCU] {C9053C71-3EAD-4C4B-A4AF-BB4F48E21FC1} - (Yahoo! Search) - Yahoo! Search - Recherche Web O69 - SBI: SearchScopes [HKCU] {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} - (Winamp Search) - http://slirsredirect.search.aol.com ---\\ Search Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover Run by fifi at 06/08/2010 00:19:58 device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys sptd.sys >>UNKNOWN [0x8AD047AC]<< kernel: MBR read successfully user & kernel MBR OK ---\\ Crack & Keygen Files (CKF) (O82) ---\\ Recherche des services démarrés par Svchost (SSS) (O83) O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\appmgmts.dll [0] O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Windows Audio Service.) -- C:\WINDOWS\System32\audiosrv.dll [42496] O83 - Search Svchost Services: Browser (Browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\WINDOWS\System32\browser.dll [77824] O83 - Search Svchost Services: CryptSvc (CryptSvc) . (.Microsoft Corporation - Cryptographic Services.) -- C:\WINDOWS\System32\cryptsvc.dll [62464] O83 - Search Svchost Services: DMServer (DMServer) . (.Microsoft Corp. - DLL Service gestionnaire de disque logique.) -- C:\WINDOWS\System32\dmserver.dll [24576] O83 - Search Svchost Services: DHCP (DHCP) . (.Microsoft Corporation - Service client DHCP.) -- C:\WINDOWS\System32\dhcpcsvc.dll [127488] O83 - Search Svchost Services: ERSvc (ERSvc) . (.Microsoft Corporation - Windows Error Reporting Service.) -- C:\WINDOWS\System32\ersvc.dll [23040] O83 - Search Svchost Services: EventSystem (EventSystem) . (.Microsoft Corporation - Pas de description.) -- C:\WINDOWS\System32\es.dll [253952] O83 - Search Svchost Services: FastUserSwitchingCompatibility (FastUserSwitchingCompatibility) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\WINDOWS\System32\shsvcs.dll [135680] O83 - Search Svchost Services: HidServ (HidServ) . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\hidserv.dll [0] O83 - Search Svchost Services: LanmanServer (LanmanServer) . (.Microsoft Corporation - Server Service DLL.) -- C:\WINDOWS\System32\srvsvc.dll [96768] O83 - Search Svchost Services: LanmanWorkstation (LanmanWorkstation) . (.Microsoft Corporation - Workstation Service DLL.) -- C:\WINDOWS\System32\wkssvc.dll [132096] O83 - Search Svchost Services: Messenger (Messenger) . (.Microsoft Corporation - NT Messenger Service.) -- C:\WINDOWS\System32\msgsvc.dll [33792] O83 - Search Svchost Services: Netman (Netman) . (.Microsoft Corporation - Gestionnaire de connexions réseau.) -- C:\WINDOWS\System32\netman.dll [198144] O83 - Search Svchost Services: Nla (Nla) . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\System32\mswsock.dll [247808] O83 - Search Svchost Services: Ntmssvc (Ntmssvc) . (.Microsoft Corporation - Gestionnaire de stockage amovible.) -- C:\WINDOWS\system32\ntmssvc.dll [438272] O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\WINDOWS\System32\rasauto.dll [88576] O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\WINDOWS\System32\rasmans.dll [186368] O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\WINDOWS\System32\mprdim.dll [53248] O83 - Search Svchost Services: Schedule (Schedule) . (.Microsoft Corporation - Moteur du Planificateur de tâches.) -- C:\WINDOWS\system32\schedsvc.dll [194560] O83 - Search Svchost Services: Seclogon (Seclogon) . (.Microsoft Corporation - DLL de service d'ouverture de session secondaire.) -- C:\WINDOWS\System32\seclogon.dll [18944] O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\WINDOWS\system32\sens.dll [39424] O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Composants de l'application d'assistance à Microsoft NAT.) -- C:\WINDOWS\System32\ipnathlp.dll [332800] O83 - Search Svchost Services: SRService (SRService) . (.Microsoft Corporation - Service de restauration du système.) -- C:\WINDOWS\system32\srsvc.dll [171520] O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Serveur de téléphonie Microsoft® Windows.) -- C:\WINDOWS\System32\tapisrv.dll [249856] O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\WINDOWS\System32\shsvcs.dll [135680] O83 - Search Svchost Services: TrkWks (TrkWks) . (.Microsoft Corporation - Distributed Link Tracking Client.) -- C:\WINDOWS\system32\trkwks.dll [90112] O83 - Search Svchost Services: W32Time (W32Time) . (.Microsoft Corporation - Service de temps Windows.) -- C:\WINDOWS\system32\w32time.dll [178176] O83 - Search Svchost Services: WZCSVC (WZCSVC) . (.Microsoft Corporation - Service configuration automatique sans fil.) -- C:\WINDOWS\System32\wzcsvc.dll [483840] O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\WINDOWS\system32\wbem\WMIsvc.dll [145408] O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Service Terminal Server.) -- C:\WINDOWS\System32\termsrv.dll [297984] O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update AutoUpdate Service.) -- C:\WINDOWS\system32\wuauserv.dll [6656] O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Service de transfert intelligent en arrière-plan.) -- C:\WINDOWS\system32\qmgr.dll [409088] O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\WINDOWS\System32\shsvcs.dll [135680] O83 - Search Svchost Services: helpsvc (helpsvc) . (.Microsoft Corporation - Microsoft PCHealth Service Holder.) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400] O83 - Search Svchost Services: xmlprov (xmlprov) . (.Microsoft Corporation - Network Provisioning Service.) -- C:\WINDOWS\System32\xmlprov.dll [129024] O83 - Search Svchost Services: wscsvc (wscsvc) . (.Microsoft Corporation - Windows Security Center Service.) -- C:\WINDOWS\system32\wscsvc.dll [80896] O83 - Search Svchost Services: WmdmPmSN (WmdmPmSN) . (.Microsoft Corporation - Microsoft Media Device Service Provider.) -- C:\WINDOWS\system32\MsPMSNSv.dll [27136] O83 - Search Svchost Services: napagent (napagent) . (.Microsoft Corporation - Exécution du service Agent de quarantaine.) -- C:\WINDOWS\System32\qagentrt.dll [293376] O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Service Gestion des clés.) -- C:\WINDOWS\System32\kmsvc.dll [61440] End of the scan (1635 lines in 09mn 47s)(294)
  20. tonosama
    salut à tous ! depuis 2 jours j'ai internet explorer 8 qui est devenu hyper lent (et quand je dis lent s'est presque à l'arret). cela ne vient pas de mon fai car sur mes autres ordi la navigation est normale. je passe par un routeur netgear. j'ai fais tourner quelques softs pour voir quelques choses mais IE semble remarcher normalement sauf qu'au bout d'un petit moment c'est reparti. voici le log de hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:08:04, on 06/08/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE M:\www\xampp\apache\bin\httpd.exe C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe M:\www\xampp\FileZillaFTP\FileZilla server.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe M:\www\xampp\apache\bin\httpd.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe D:\program files\nero\Nero BackItUp 4\IoctlSvc.exe C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe C:\Program Files\Cyberlink\Shared files\RichVideo.exe C:\WINDOWS\System32\svchost.exe d:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\WINDOWS\system32\WDBtnMgr.exe D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\WDC\SetIcon.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\UnHackMe\hackmon.exe C:\Program Files\UnHackMe\gwebupdate.exe C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\WINDOWS\System32\svchost.exe M:\www\xampp\xampp-control.exe C:\Program Files\Google\Update\GoogleUpdate.exe D:\program files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Orange : téléphones, forfaits mobiles, Internet, actualité, sport, video R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - d:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - d:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [VirtualCloneDrive] "d:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [setIcon] \Program Files\WDC\SetIcon.exe O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.15\AsRunHelp.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [EPSON Stylus D88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P23 "EPSON Stylus D88 Series" /M "Stylus D88" /EF "HKCU" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [unHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: APC UPS Status.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.celartem.com/en/download/data/djvu_autoinstall/DjVuControl_en_US.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {3CBA13C3-58C7-47F1-9758-D4B255A50D52} (SESSearchCtrl Class) - file:///I:/fr/ses_ocx/sessearch.ocx O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166140792604 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_2_0_4_11.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B50DCB03-DB7C-4D14-B7BA-C386DFFC99F8}: NameServer = 192.168.0.1 O23 - Service: Apache2.2 - Apache Software Foundation - M:\www\xampp\apache\bin\httpd.exe O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FileZilla Server - FileZilla Project - M:\www\xampp\FileZillaFTP\FileZilla server.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe O23 - Service: Nero MediaHome 4 Service (NeroMediaHomeService.4) - Nero AG - D:\program files\nero\Nero MediaHome 4\NMMediaServerService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - D:\program files\nero\Nero BackItUp 4\IoctlSvc.exe O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: TomTomHOMEService - TomTom - d:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- End of file - 10300 bytes j'envoi aussi le log zhpdiag aussi
×
×
  • Créer...