Bluffeur

Membres

Afficher le profil Afficher son activité

Compteur de contenus
5
Inscription
le 27 mars 2011
Dernière visite
le 29 mars 2011

Bluffeur's Achievements

Junior Member (3/12)

Réputation sur la communauté

Infection html/drop.agent.ab

Bluffeur a répondu à un(e) sujet de Bluffeur dans Analyses et éradication malwares

Files moved on Reboot... Registry entries deleted on Reboot... Le fichier a été restaurer et antivir me signale une alerte et me propose de le supprimer je le supprime ?
- le 28 mars 2011
- 9 réponses
Infection html/drop.agent.ab

Bluffeur a répondu à un(e) sujet de Bluffeur dans Analyses et éradication malwares

Oui j'avais deja les fichier decachers, et non je ne sais pas ce que cela signifie et je fais de la place sur mon Dd la merci de votre aide !
- le 28 mars 2011
- 9 réponses
Infection html/drop.agent.ab

Bluffeur a répondu à un(e) sujet de Bluffeur dans Analyses et éradication malwares

Le dossier C:\Program Files\ektoukqs est bien la mais pas le fichier mnlbfkag.exe Rapport de ZHPFix 1.12.3265 par Nicolas Coolman, Update du 27/03/2011 Fichier d'export Registre : C:\ZHPExportRegistry-28-03-2011-17-40-48.txt Run by Bluffeur at 28/03/2011 17:40:48 Windows XP Professional Service Pack 3 (Build 2600) Web site : ZHPFix Fix de rapport ========== Clé(s) du Registre ========== O42 - Logiciel: Everest Poker (Remove Only) - (.Pas de propriétaire.) [HKLM] -- Everest Poker => Désinstallation logicielle annulée par l'utilisateur ou désinstallation partielle! O42 - Logiciel: PartyPoker.fr - (.PartyFrance.) [HKLM] -- PartyPokerFr => Désinstallation logicielle annulée par l'utilisateur ou désinstallation partielle! O42 - Logiciel: Spybot - Search & Destroy - (.Safer Networking Limited.) [HKLM] -- {B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 => Désinstallation logicielle annulée par l'utilisateur ou désinstallation partielle! HKCU\Software\PartyFrance => Clé supprimée avec succès HKCU\Software\Grand Virtual => Clé supprimée avec succès HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\everest poker => Clé supprimée avec succès R0 - HKUS\S-1-5-21-1715567821-1532298954-725345543-500-1715567821-1532298954-725345543-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://vshare.toolbarhome.com => Clé absente O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} () - http://messenger.zon...cab56986.cab => Clé absente O41 - Driver: (InCDPass) . (. - .) - C:\Windows\System32\drivers\InCDPass.sys (.not file.) => Clé supprimée avec succès O41 - Driver: (InCDRm) . (. - .) - C:\Windows\System32\drivers\InCDRm.sys (.not file.) => Clé supprimée avec succès O64 - Services: CurCS - C:\Program Files\Bonjour\mDNSResponder.exe - Service Bonjour (Bonjour Service) .(.Apple Inc. - Bonjour Service.) - LEGACY_BONJOUR_SERVICE => Clé absente O64 - Services: CurCS - C:\WINDOWS\system32\drivers\RKHit.sys (.not file.) - RkHit (RkHit) .(...) - LEGACY_RKHIT => Clé absente ========== Valeur(s) du Registre ========== R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} Clé orpheline => Valeur supprimée avec succès O4 - HKCU\..\Run: [Microsoft Firewall 2.9] C:\Documents and Settings\Administrateur\Application Data\WMPRWISE.exe (.not file.) => Valeur supprimée avec succès O4 - HKUS\S-1-5-21-1715567821-1532298954-725345543-500-1715567821-1532298954-725345543-1003\..\Run: [Microsoft Firewall 2.9] C:\Documents and Settings\Administrateur\Application Data\WMPRWISE.exe (.not file.) => Valeur absente O4 - HKLM\..\Run: [NWEReboot] Clé orpheline => Valeur supprimée avec succès O4 - HKCU\..\Run: [spybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe => Valeur absente O4 - HKUS\S-1-5-21-1715567821-1532298954-725345543-500-1715567821-1532298954-725345543-1003\..\Run: [spybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe => Valeur absente O47 - AAKE:Key Export SP - "C:\WINDOWS\System32\RUNDLL32.EXE" [Enabled] Clé orpheline => Valeur supprimée avec succès O47 - AAKE:Key Export SP - "C:\Program Files\Bonjour\mDNSResponder.exe" [Enabled] .(.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe => Valeur supprimée avec succès ========== Elément(s) de donnée du Registre ========== R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://vshare.toolbarhome.com => Donnée supprimée avec succès ========== Dossier(s) ========== c:\program files\everest poker => Supprimé et mis en quarantaine C:\Program Files\Spybot - Search & Destroy => Fichier supprimé au reboot C:\Program Files\PokerStars => Supprimé et mis en quarantaine C:\Program Files\PartyFrance => Supprimé et mis en quarantaine ========== Fichier(s) ========== c:\program files\everest poker => Fichier absent c:\documents and settings\administrateur\application data\wmprwise.exe => Supprimé et mis en quarantaine c:\program files\spybot - search & destroy\teatimer.exe => Supprimé et mis en quarantaine c:\program files\bonjour\mdnsresponder.exe => Supprimé et mis en quarantaine ========== Récapitulatif ========== 12 : Clé(s) du Registre 8 : Valeur(s) du Registre 1 : Elément(s) de donnée du Registre 4 : Dossier(s) 4 : Fichier(s) End of the scan
- le 28 mars 2011
- 9 réponses
Infection html/drop.agent.ab

Bluffeur a répondu à un(e) sujet de Bluffeur dans Analyses et éradication malwares

Rapport de ZHPDiag v1.27.1842 par Nicolas Coolman, Update du 26/03/2011 Run by Bluffeur at 28/03/2011 12:56:02 Web site : ZHPDiag Outil de diagnostic ---\\ Web Browser MSIE: Internet Explorer v8.0.6001.18702 MFIE: Mozilla Firefox v3.6.16 (fr) (Defaut) GCIE: Google Chrome v10.0.648.204 ---\\ System Information Windows XP Professional Service Pack 3 (Build 2600) Processor: x86 Family 6 Model 15 Stepping 6, GenuineIntel Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 3070 MB (69% free) System Restore: Activé (Enable) System drive C: has 3 GB (11%) free of 25 GB ---\\ Logged in mode Computer Name: JORDAN User Name: Bluffeur All Users Names: SUPPORT_388945a0, HelpAssistant, Bluffeur, Unselected Option: O45,O61,O62,O65,O66,O82 Logged in as Administrator ---\\ Environnement Variables %AppData%=C:\Documents and Settings\Bluffeur\Application Data %LocalAppData%=C:\Documents and Settings\Bluffeur\Local Settings\Application Data %StartMenu%=C:\Documents and Settings\Bluffeur\Menu Démarrer ---\\ DOS/Devices A:\ Floppy drive, Flash card reader, USB Key (Not Inserted) C:\ Hard drive, Flash drive, Thumb drive (Free 3 Go of 25 Go) D:\ Hard drive, Flash drive, Thumb drive (Free 9 Go of 165 Go) E:\ Hard drive, Flash drive, Thumb drive (Free 54 Go of 108 Go) F:\ CD-ROM drive (Free 0 Go of 6 Go) G:\ Hard drive, Flash drive, Thumb drive (Free 43 Go of 114 Go) H:\ Hard drive, Flash drive, Thumb drive (Free 4 Go of 116 Go) I:\ Floppy drive, Flash card reader, USB Key (Not Inserted) J:\ Floppy drive, Flash card reader, USB Key (Not Inserted) K:\ Floppy drive, Flash card reader, USB Key (Not Inserted) L:\ Floppy drive, Flash card reader, USB Key (Not Inserted) M:\ Floppy drive, Flash card reader, USB Key (Free 1 Go of 1 Go) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] DisableRegistryTools: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK ---\\ Recherche particulière de fichiers génériques [MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 03:34:04.) -- C:\Windows\Explorer.exe [1037824] [MD5.AF4EAA3B35A2D206E1902D7CA61B958A] - (.Microsoft Corporation - Internet Extensions for Win32.) (.21/12/2010 23:53:04.) -- C:\Windows\System32\wininet.dll [916480] [MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 03:34:28.) -- C:\Windows\System32\Winlogon.exe [512000] [MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 19:40:30.) -- C:\Windows\System32\drivers\atapi.sys [96512] [MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 20:15:54.) -- C:\Windows\System32\drivers\ntfs.sys [574976] ---\\ Processus lancés [MD5.17067069B9A7865028C1F2E6971D0CCC] - (.Lavasoft - Ad-Aware Service.) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [611664] [MD5.32C139FC0363681804EFF9394CD6B1B8] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.EXE [16126464] [MD5.F0431C490F124A8CC874163E6A38DD28] - (.Logitech Inc. - LVCom Server.) -- C:\WINDOWS\system32\LVCOMSX.EXE [221184] [MD5.FE6E15CC578C3278755CDDFF70C2787D] - (.Logitech Inc. - ImageStudio Tray Application.) -- C:\Program Files\Logitech\Video\LogiTray.exe [217088] [MD5.1E167A60C1E51B9C80216FB3F6364088] - (.GIGA-BYTE TECHNOLOGY CO., LTD. - Gigabyte Client Utility.) -- C:\Program Files\Gigabyte\Gigabyte Super Wireless LAN Card\Installer\Winxp\GNConfig.exe [380928] [MD5.93AD0B78C7357A05F50E594EC7C22300] - (...) -- C:\WINDOWS\system32\RUNDLL32.EXE [33792] [MD5.9D5E8B45BD348DF0882C69EED0E83111] - (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [281768] [MD5.93DB1FF92B03D24738A71E6E4992DFD3] - (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [248552] [MD5.CA097A65A4DD1AE4E2E577079398528D] - (.Nero AG - Nero Home.) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe [94208] [MD5.390679F7A217A5E73D756276C40AE887] - (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480] [MD5.F8B1DB1677D505FC167DAA86CEAC4C79] - (.Lavalys, Inc. - EVEREST Ultimate Edition.) -- C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe [2117216] [MD5.F02A533F517EB38333CB12A9E8963773] - (.Google Inc. - Programme d'installation de Google.) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [136176] [MD5.70B68620C41C40580886B808FD7265DA] - (.Logitech Inc. - QuickCam Framework Server.) -- C:\Program Files\Logitech\Video\FxSvr2.exe [192512] [MD5.A0D799D3336E89935D1DB64E5093B713] - (.Atheros - ACS.) -- C:\WINDOWS\system32\acs.exe [376917] [MD5.7207DB389CEAD101251883511A676F91] - (.Avira GmbH - Antivirus Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [135336] [MD5.AC5D343FCF038C851F9DDB893B60FA97] - (.Avira GmbH - Antivirus On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [267944] [MD5.7E94E567C1AA5ABE6174032B3DAB6C23] - (.Apple Inc. - Apple Mobile Device Service.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144712] [MD5.3F56903E124E820AEECE6D471583C6C1] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [238888] [MD5.CDE000884FD7BAF0C1FDFE029B0891DE] - (.Avira GmbH - AntiVir shadow copy service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [76968] [MD5.9AE07549A0D691A103FAF8946554BDB7] - (.Sun Microsystems, Inc. - Java Quick Starter Service.) -- C:\Program Files\Java\jre6\bin\jqs.exe [153376] [MD5.6F89A671BF0CE4A28635A2EEB7D8FD69] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [61440] [MD5.42321AC5448078131903B272E6C49024] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 178.2.) -- C:\WINDOWS\system32\nvsvc32.exe [163908] [MD5.9A2FDA2B8530E11693B9449072B6E2D7] - (.Sunbelt Software, Inc. - Sunbelt Personal Firewall SbPFLnch.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [95528] [MD5.7450901C2EBD4014B28F32A008B9880C] - (.Sunbelt Software, Inc. - Sunbelt Firewall Service.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [1361192] [MD5.089645D2961F6B58D6CDA09F36025EA3] - (.Sunbelt Software, Inc. - Sunbelt Firewall GUI.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe [1705256] [MD5.5E9A6658A2A69AE7EB195113B7A2E7A9] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [MD5.0DAD93BB0FECF5016AE3C06CBB0A873B] - (.Microsoft Corporation - COM Surrogate.) -- C:\WINDOWS\system32\dllhost.exe [5120] [MD5.8648D670AE0D95C95E7BBB5B80661796] - (.Microsoft Corporation - MS DTC console program.) -- C:\WINDOWS\system32\msdtc.exe [6144] [MD5.0F3FA9FDB976C567EC0491685CF4FDF7] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [912344] [MD5.3AFF6B10C34CB8EAA6D6D5AA55193571] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [16856] [MD5.72A47494EEB5936657BED3B036391209] - (...) -- C:\Program Files\WinRAR\WinRAR.exe [936960] [MD5.2120390C05B928261DB0C4387E801088] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [642048] ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) M3 - MFPP: Plugins - [bluffeur] -- C:\Program Files\Mozilla FireFox\searchplugins\amazon-france.xml M3 - MFPP: Plugins - [bluffeur] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml M3 - MFPP: Plugins - [bluffeur] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-france.xml M3 - MFPP: Plugins - [bluffeur] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml M3 - MFPP: Plugins - [bluffeur] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml M3 - MFPP: Plugins - [bluffeur] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-france.xml P2 - FPN:Firefox Plugin Navigator . (.DivX, Inc - npdivxplayerplugin.) -- C:\Program Files\Mozilla Firefox\Plugins\npDivxPlayerPlugin.dll P2 - FPN:Firefox Plugin Navigator . (.DivX,Inc. - DivX Web Player version 1.5.0.52.) -- C:\Program Files\Mozilla Firefox\Plugins\npdivx32.dll P2 - FPN:Firefox Plugin Navigator . (.The OpenSSL Project, OpenSSL: The Open Source toolkit for SSL/TLS - OpenSSL Shared Library.) -- C:\Program Files\Mozilla Firefox\Plugins\libdivx.dll P2 - FPN:Firefox Plugin Navigator . (.The OpenSSL Project, OpenSSL: The Open Source toolkit for SSL/TLS - OpenSSL Shared Library.) -- C:\Program Files\Mozilla Firefox\Plugins\ssldivx.dll P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin4.dll P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin.dll P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin2.dll P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin3.dll P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin5.dll P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin6.dll P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin7.dll P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin8.dll P2 - FPN:Firefox Plugin Navigator . (.RealNetworks, Inc. - RealPlayer LiveConnect-Enabled Plug-In.) -- C:\Program Files\Mozilla Firefox\Plugins\nppl3260.dll P2 - FPN:Firefox Plugin Navigator . (.RealNetworks, Inc. - 6.0.12.448.) -- C:\Program Files\Mozilla Firefox\Plugins\nprpjplug.dll P2 - FPN:Firefox Plugin Navigator . (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java Deploy.) -- C:\Program Files\Mozilla Firefox\Plugins\npdeployJava1.dll P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape "9.4.3".) -- C:\Program Files\Mozilla Firefox\Plugins\nppdf32.dll P2 - FPN:Firefox Plugin Navigator . (.mozilla.org - Default Plug-in.) -- C:\Program Files\Mozilla Firefox\Plugins\npnul32.dll P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll P2 - FPN: [HKLM] [@adobe.com/ShockwavePlayer] - (.Adobe Systems, Inc. - Adobe Shockwave for Director Netscape plug-in, version 11.5.) -- C:\WINDOWS\system32\Adobe\Director\np32dsw.dll P2 - FPN: [HKLM] [@divx.com/DivX Browser Plugin,version=1.0.0] - (.DivX,Inc. - DivX Web Player version 1.5.0.52.) -- C:\Program Files\DivX\DivX Web Player\npdivx32.dll P2 - FPN: [HKLM] [@divx.com/DivX Player Plugin,version=1.0.0] - (.DivX, Inc - npdivxplayerplugin.) -- C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_22 for Mozilla browsers.) -- C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll P2 - FPN: [HKLM] [@real.com/nppl3260;version=6.0.12.450] - (.RealNetworks, Inc. - RealPlayer LiveConnect-Enabled Plug-In.) -- C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll P2 - FPN: [HKLM] [@real.com/nprpjplug;version=6.0.12.448] - (.RealNetworks, Inc. - 6.0.12.448.) -- C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll P2 - FPN: [HKLM] [@videolan.org/vlc,version=1.1.4] - (.the VideoLAN Team - Version 1.1.4, copyright 1996-2010 The VideoLAN Team<br><a href="http:.) -- C:\Program Files\VideoLAN\VLC\npvlc.dll P2 - FPN: [HKLM] [yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1] - (.Yahoo! Inc. - Yahoo! activeX Plug-in Bridge.) -- C:\Program Files\Yahoo!\Common\npyaxmpb.dll P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=8] - (.Google Inc. - Google Update.) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://vshare.toolbarhome.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = uStart.org - YOU Start! R0 - HKUS\S-1-5-21-1715567821-1532298954-725345543-500-1715567821-1532298954-725345543-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://vshare.toolbarhome.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Google R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Search Microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Search Microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Search Microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Bing R1 - HKUS\S-1-5-21-1715567821-1532298954-725345543-500-1715567821-1532298954-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Page = Google R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.19019 (longhorn_ie8_gdr.101217-1700)) -- C:\WINDOWS\system32\ieframe.dll R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} Clé orpheline ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ---\\ ---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\Program Files\ektoukqs\mnlbfkag.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} Clé orpheline O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} . (.Safer Networking Limited - SBSD IE Protection.) -- C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} Clé orpheline O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} . (.Sun Microsystems, Inc. - Java Quick Starter binary.) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll ---\\ ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\Windows\RTHDCPL.exe O4 - HKLM\..\Run: [Alcmtr] . (.Realtek Semiconductor Corp. - Realtek Azalia Audio - Event Monitor.) -- C:\Windows\ALCMTR.exe O4 - HKLM\..\Run: [JMB36X IDE Setup] . (...) -- C:\WINDOWS\JM\JMInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] . (.Gigabyte Technology Corp. - Gigabyte RAID Configurer.) -- C:\WINDOWS\system32\JMRaidSetup.exe O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll O4 - HKLM\..\Run: [nwiz] . (...) -- C:\Windows\System32\nwiz.exe O4 - HKLM\..\Run: [NWEReboot] Clé orpheline O4 - HKLM\..\Run: [NeroFilterCheck] . (.Ahead Software Gmbh - NeroCheck.) -- C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LVCOMSX] . (.Logitech Inc. - LVCom Server.) -- C:\WINDOWS\system32\LVCOMSX.exe O4 - HKLM\..\Run: [LogitechVideoRepair] . (.Logitech Inc. - Logitech QuickCam Startup Application.) -- C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] . (.Logitech Inc. - ImageStudio Tray Application.) -- C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [GNConfig] . (.GIGA-BYTE TECHNOLOGY CO., LTD. - Gigabyte Client Utility.) -- C:\Program Files\Gigabyte\Gigabyte Super Wireless LAN Card\Installer\Winxp\GNConfig.exe O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\WINDOWS\system32\NvMcTray.dll O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\qttask.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe O4 - HKLM\..\Run: [avgnt] . (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] . (.Logitech Inc. - Logitech Software Update.) -- C:\Program Files\Logitech\Video\ManifestEngine.exe O4 - HKCU\..\Run: [EVEREST AutoStart] . (.Lavalys, Inc. - EVEREST Ultimate Edition.) -- C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe O4 - HKCU\..\Run: [Microsoft Firewall 2.9] C:\Documents and Settings\Administrateur\Application Data\WMPRWISE.exe (.not file.) O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-21-1715567821-1532298954-725345543-500-1715567821-1532298954-725345543-1003\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-1715567821-1532298954-725345543-500-1715567821-1532298954-725345543-1003\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe O4 - HKUS\S-1-5-21-1715567821-1532298954-725345543-500-1715567821-1532298954-725345543-1003\..\Run: [spybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-21-1715567821-1532298954-725345543-500-1715567821-1532298954-725345543-1003\..\Run: [LogitechSoftwareUpdate] . (.Logitech Inc. - Logitech Software Update.) -- C:\Program Files\Logitech\Video\ManifestEngine.exe O4 - HKUS\S-1-5-21-1715567821-1532298954-725345543-500-1715567821-1532298954-725345543-1003\..\Run: [EVEREST AutoStart] . (.Lavalys, Inc. - EVEREST Ultimate Edition.) -- C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe O4 - HKUS\S-1-5-21-1715567821-1532298954-725345543-500-1715567821-1532298954-725345543-1003\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\ O4 - HKUS\S-1-5-21-1715567821-1532298954-725345543-500-1715567821-1532298954-725345543-1003\..\Run: [Microsoft Firewall 2.9] C:\Documents and Settings\Administrateur\Application Data\WMPRWISE.exe (.not file.) ---\\ ---\\ Autres liens utilisateurs (O4) O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\MSN.lnk . (.Microsoft Corporation.) -- C:\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Windows Messenger.lnk . (.Microsoft Corporation.) -- C:\Program Files\Messenger\msmsgs.exe O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Windows Movie Maker.lnk . (.Microsoft Corporation.) -- C:\Program Files\Movie Maker\moviemk.exe O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Microsoft Reader.lnk . (.Microsoft Corporation.) -- C:\Program Files\Microsoft Reader\msreader.exe O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Adobe Reader 9.lnk . (...) -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-A94000000001}\SC_Reader.ico O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Flouxxbot.lnk . (...) -- C:\Program Files\Flouxxbot\Flouxxbot.exe O4 - Global Startup: C:\Documents And Settings\Bluffeur\Menu Démarrer\Programmes\Assistance à distance.lnk . (.Microsoft Corporation.) -- C:\WINDOWS\system32\rcimlby.exe O4 - Global Startup: C:\Documents And Settings\Bluffeur\Menu Démarrer\Programmes\Outlook Express.lnk . (.Microsoft Corporation.) -- C:\Program Files\Outlook Express\msimn.exe O4 - Global Startup: C:\Documents And Settings\Bluffeur\Menu Démarrer\Programmes\Lecteur Windows Media.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe ---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8) O8 - Extra context menu item: uStart Search - (.not file.) - C:\Documents and Settings\Administrateur\Local Settings\Application Data\addtoustart\addtoustart.dll ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: PartyPoker.fr - {725EC34E-943C-4df6-B0B2-FBDE7F242276} . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\PartyFrance\PartyPokerFr\Images\ppicon.ico O9 - Extra button: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\PartyFrance\PartyPokerFr\Images\ppicon.ico O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\PartyFrance\PartyPokerFr\Images\ppicon.ico O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe ---\\ Winsock hijacker (Layered Service Provider) (O10) O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll O10 - WLSP:\000000000004\Winsock LSP File . (.Apple Inc. - Bonjour Namespace Provider.) -- C:\Program Files\Bonjour\mdnsNSP.dll ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} () - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1221057521125 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{B44CA51F-51BC-47E7-AAE7-3F1F4569D503}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{B44CA51F-51BC-47E7-AAE7-3F1F4569D503}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{B44CA51F-51BC-47E7-AAE7-3F1F4569D503}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\Windows\System32\crypt32.dll O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\Windows\System32\cryptnet.dll O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\Windows\System32\cscdll.dll O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\System32\dimsntfy.dll O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\Windows\System32\sclgntfy.dll O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\WlNotify.dll O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notifications Windows Genuine Advantage.) -- C:\Windows\System32\WgaLogon.dll O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objet du service d'environnement Systray.) -- C:\WINDOWS\system32\stobject.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} . (.Microsoft Corporation - Windows Portable Device Shell Service Objec.) -- C:\WINDOWS\system32\WPDShServiceObj.dll ---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22) O22 - SharedTaskScheduler: (no name) - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: (aawservice) . (.Lavasoft - Ad-Aware Service.) - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: (ACS) . (.Atheros - ACS.) - C:\WINDOWS\system32\acs.exe O23 - Service: (AntiVirSchedulerService) . (.Avira GmbH - Antivirus Scheduler.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: (AntiVirService) . (.Avira GmbH - Antivirus On-Access Service.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: (Apple Mobile Device) . (.Apple Inc. - Apple Mobile Device Service.) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: (Bonjour Service) . (.Apple Inc. - Bonjour Service.) - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: (dmadmin) . (.Microsoft Corp., Veritas Software - Processus du service Gestionnaire de disque.) - C:\WINDOWS\System32\dmadmin.exe O23 - Service: (EverestDriver) . (...) - C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt O23 - Service: (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java Quick Starter Service.) - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: (LightScribeService) . (.Hewlett-Packard Company - Pas de description.) - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: (NVSvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 178.2.) - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SbPF.Launcher (SbPF.Launcher) . (.Sunbelt Software, Inc. - Sunbelt Personal Firewall SbPFLnch.) - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe O23 - Service: (SPF4) . (.Sunbelt Software, Inc. - Sunbelt Firewall Service.) - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe ---\\ Enumération Active Desktop & MHTML Editor (O24) O24 - Default MHTML Editor: Last - .(...) - (.not file.) ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\AppleSoftwareUpdate.job O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1532298954-725345543-500Core1cb6ba79138ae34.job [MD5.7B43567B4C32AD7ADED537CD3B1342B9] [APT] [AppleSoftwareUpdate] (.Apple Inc..) -- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [MD5.00000000000000000000000000000000] [APT] [GoogleUpdateTaskUserS-1-5-21-1715567821-1532298954-725345543-500Core1cb6ba79138ae34] (.Pas de propriétaire.) -- C:\Documents and Settings\Bluffeur\Local Settings\Application Data\Google\Update\GoogleUpdate.ex ---\\ Pilotes lancés au démarrage (O41) O41 - Driver: (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\WINDOWS\system32\drivers\afd.sys O41 - Driver: (avgio) . (.Avira GmbH - Avira AntiVir Support for Minifilter.) - C:\Program Files\Avira\AntiVir Desktop\avgio.sys O41 - Driver: (avipbb) . (.Avira GmbH - Avira Driver for Security Enhancement.) - C:\Windows\System32\DRIVERS\avipbb.sys O41 - Driver: (Cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys O41 - Driver: (i8042prt) . (.Microsoft Corporation - Pilote de port i8042.) - C:\Windows\System32\DRIVERS\i8042prt.sys O41 - Driver: (Imapi) . (.Microsoft Corporation - IMAPI Kernel Driver.) - C:\Windows\System32\DRIVERS\imapi.sys O41 - Driver: (InCDPass) . (. - .) - C:\Windows\System32\drivers\InCDPass.sys (.not file.) O41 - Driver: (InCDRm) . (. - .) - C:\Windows\System32\drivers\InCDRm.sys (.not file.) O41 - Driver: (intelppm) . (.Microsoft Corporation - Pilote de périphérique processeur.) - C:\Windows\System32\DRIVERS\intelppm.sys O41 - Driver: (IPSec) . (.Microsoft Corporation - IPSec Driver.) - C:\Windows\System32\DRIVERS\ipsec.sys O41 - Driver: (Kbdclass) . (.Microsoft Corporation - Pilote de la classe Clavier.) - C:\Windows\System32\DRIVERS\kbdclass.sys O41 - Driver: (kbdhid) . (.Microsoft Corporation - Pilote de filtre souris HID.) - C:\Windows\System32\DRIVERS\kbdhid.sys O41 - Driver: (Mouclass) . (.Microsoft Corporation - Pilote de la classe Souris.) - C:\Windows\System32\DRIVERS\mouclass.sys O41 - Driver: (MRxSmb) . (.Microsoft Corporation - Windows NT SMB Minirdr.) - C:\Windows\System32\DRIVERS\mrxsmb.sys O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys O41 - Driver: (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\Windows\System32\DRIVERS\rasacd.sys O41 - Driver: (Rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\Windows\System32\DRIVERS\rdbss.sys O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys O41 - Driver: (redbook) . (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) - C:\Windows\System32\DRIVERS\redbook.sys O41 - Driver: (SbFw) . (.Sunbelt Software, Inc. - Sunbelt Personal Firewall driver.) - C:\Windows\System32\drivers\SbFw.sys O41 - Driver: (sbhips) . (.Sunbelt Software, Inc. - Sunbelt Personal Firewall Host Intrusion Pr.) - C:\WINDOWS\system32\drivers\sbhips.sys O41 - Driver: (Serial) . (.Microsoft Corporation - Pilote de périphérique série.) - C:\Windows\System32\DRIVERS\serial.sys O41 - Driver: (ssmdrv) . (.Avira GmbH - AVIRA SnapShot Driver.) - C:\Windows\System32\DRIVERS\ssmdrv.sys O41 - Driver: (Tcpip) . (.Microsoft Corporation - TCP/IP Protocol Driver.) - C:\Windows\System32\DRIVERS\tcpip.sys O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\Windows\System32\DRIVERS\termdd.sys O41 - Driver: Carte vidéo VGA. (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\WINDOWS\system32\drivers\vga.sys ---\\ Logiciels installés (O42) O42 - Logiciel: AbiWord 2.6.4 - (.AbiSource Developers.) [HKLM] -- AbiWord2 O42 - Logiciel: Ad-Aware - (.Lavasoft.) [HKLM] -- {DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM] -- Adobe AIR O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM] -- {AFF7E080-1974-45BF-9310-10DE1A1F5ED0} O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin O42 - Logiciel: Adobe Reader 9.4.3 - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-A94000000001} O42 - Logiciel: Adobe Shockwave Player 11.5 - (.Adobe Systems, Inc..) [HKLM] -- Adobe Shockwave Player O42 - Logiciel: Apple Application Support - (.Apple Inc..) [HKLM] -- {553255F3-78FD-40F1-A6F8-6882140265FE} O42 - Logiciel: Apple Mobile Device Support - (.Apple Inc..) [HKLM] -- {AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE} O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM] -- {6956856F-B6B3-4BE0-BA0B-8F495BE32033} O42 - Logiciel: Archiveur WinRAR - (.Pas de propriétaire.) [HKLM] -- WinRAR archiver O42 - Logiciel: Assistant de connexion Windows Live - (.Microsoft Corporation.) [HKLM] -- {DCE8CD14-FBF5-4464-B9A4-E18E473546C7} O42 - Logiciel: Avira AntiVir Personal - Free Antivirus - (.Avira GmbH.) [HKLM] -- Avira AntiVir Desktop O42 - Logiciel: Bonjour - (.Apple Inc..) [HKLM] -- {07287123-B8AC-41CE-8346-3D777245C35B} O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner O42 - Logiciel: CDex extraction audio - (.Pas de propriétaire.) [HKLM] -- CDex O42 - Logiciel: CamStudio 2.0 Fr - (.Pas de propriétaire.) [HKLM] -- CamStudio 2.0 Fr_is1 O42 - Logiciel: DVD Shrink 3.2 - (.DVD Shrink.) [HKLM] -- DVD Shrink_is1 O42 - Logiciel: DivX Codec - (.DivX, Inc..) [HKLM] -- {7B63B2922B174135AFC0E1377DD81EC2} O42 - Logiciel: DivX Converter - (.DivX, Inc..) [HKLM] -- {B13A7C41581B411290FBC0395694E2A9} O42 - Logiciel: DivX Player - (.Pas de propriétaire.) [HKLM] -- {8ADFC4160D694100B5B8A22DE9DCABD9} O42 - Logiciel: DivX Web Player - (.DivX,Inc..) [HKLM] -- {B7050CBDB2504B34BC2A9CA0A692CC29} O42 - Logiciel: Dofus - (.UNKNOWN.) [HKLM] -- Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 O42 - Logiciel: Dofus - (.UNKNOWN.) [HKLM] -- {0C9486CA-42B0-B16B-8B2B-AE9DC0EF5B9B} O42 - Logiciel: EVEREST Ultimate Edition v4.60 - (.Lavalys, Inc..) [HKLM] -- EVEREST Ultimate Edition_is1 O42 - Logiciel: Everest Poker (Remove Only) - (.Pas de propriétaire.) [HKLM] -- Everest Poker O42 - Logiciel: FileZilla Client 3.1.2 - (.Pas de propriétaire.) [HKLM] -- FileZilla Client O42 - Logiciel: Flouxxbot - (.UNKNOWN.) [HKLM] -- Flouxxbot O42 - Logiciel: Flouxxbot - (.UNKNOWN.) [HKLM] -- {FB623DB6-FD8A-EAFA-696F-F97BDF501F9D} O42 - Logiciel: GOM Player - (.Gretech Corporation.) [HKLM] -- GOM Player O42 - Logiciel: Gigabyte Raid Configurer - (.Gigabyte Technology Corp..) [HKLM] -- {3A1B5D40-41E9-43FA-8C7B-A8667F5586EF} O42 - Logiciel: Gigabyte Wireless LAN Card - (.Gigabyte.) [HKLM] -- {FD19C390-7392-4A3E-9B2B-2CA58B792AF2} O42 - Logiciel: Google Chrome - (.Google Inc..) [HKCU] -- Google Chrome O42 - Logiciel: Google Earth - (.Google.) [HKLM] -- {1D14373E-7970-4F2F-A467-ACA4F0EA21E3} O42 - Logiciel: HLSW v1.2.1.2 - (.Timo Stripf.) [HKLM] -- HLSW_is1 O42 - Logiciel: High Definition Audio Driver Package - KB888111 - (.Microsoft Corporation.) [HKLM] -- KB888111WXPSP2 O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595 O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484 O42 - Logiciel: Hotfix for Windows Media Format 11 SDK (KB929399) - (.Microsoft Corporation.) [HKLM] -- KB929399 O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM] -- KB954550-v5 O42 - Logiciel: Hotfix for Windows XP (KB976002-v5) - (.Microsoft Corporation.) [HKLM] -- KB976002-v5 O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- {46ABBC54-1872-4AA3-95E2-F2C063A63F31} O42 - Logiciel: Java 6 Update 22 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216022FF} O42 - Logiciel: Java 6 Update 7 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0160070} O42 - Logiciel: K-Lite Codec Pack 4.1.4 (Full) - (.Pas de propriétaire.) [HKLM] -- KLiteCodecPack_is1 O42 - Logiciel: Lecteur Windows Media 11 - (.Pas de propriétaire.) [HKLM] -- Windows Media Player O42 - Logiciel: Logiciel QuickCam de Logitech - (.Logitech, Inc..) [HKLM] -- {C43048A9-742C-4DAD-90D2-E3B53C9DB825} O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {22B775E7-6C42-4FC5-8E10-9A5E3257BD94} O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1 O42 - Logiciel: Matroska Pack (remove only) - (.Pas de propriétaire.) [HKLM] -- Matroska Pack O42 - Logiciel: Messenger Plus! Live - (.Yuna Software.) [HKLM] -- Messenger Plus! Live O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA - (.Microsoft Corporation.) [HKLM] -- {3F7924B9-D148-3141-87B1-68F36043A940} O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA - (.Microsoft Corporation.) [HKLM] -- {511DF669-2930-30C0-8EB6-552887E29EC8} O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack - fra - (.Microsoft Corporation.) [HKLM] -- {5B76AEA2-D4E5-3B55-B965-ACC36AE0EAFC} O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1 O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM] -- {F0E12BBA-AD66-4022-A453-A1C8A0C4D570} O42 - Logiciel: Microsoft Compression Client Pack 1.0 for Windows XP - (.Microsoft Corporation.) [HKLM] -- MSCompPackV1 O42 - Logiciel: Microsoft Internationalized Domain Names Mitigation APIs - (.Microsoft Corporation.) [HKLM] -- IDNMitigationAPIs O42 - Logiciel: Microsoft National Language Support Downlevel APIs - (.Microsoft Corporation.) [HKLM] -- NLSDownlevelMapping O42 - Logiciel: Microsoft Reader - (.Pas de propriétaire.) [HKLM] -- {B6F7DBE7-2FE2-458F-A738-B10832746036} O42 - Logiciel: Microsoft Reader Text-to-Speech pour le français - (.Microsoft Corporation.) [HKLM] -- {6F1547AA-8DA7-4FAC-BA11-BE1659E7086E} O42 - Logiciel: Microsoft User-Mode Driver Framework Feature Pack 1.0 - (.Microsoft Corporation.) [HKLM] -- Wudf01000 O42 - Logiciel: Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] -- {9A25302D-30C0-39D9-BD6F-21E6EC160475} O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989} O42 - Logiciel: Module linguistique Microsoft .NET Framework 3.5 - fra - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 Language Pack - fra O42 - Logiciel: Mozilla Firefox (3.6.16) - (.Mozilla.) [HKLM] -- Mozilla Firefox (3.6.16) O42 - Logiciel: NVIDIA Drivers - (.Pas de propriétaire.) [HKLM] -- NVIDIA Drivers O42 - Logiciel: Nero 7 Premium - (.Nero AG.) [HKLM] -- {4781569D-5404-1F26-4B2B-6DF444441031} O42 - Logiciel: Notepad++ - (.Pas de propriétaire.) [HKLM] -- Notepad++ O42 - Logiciel: Outil de téléchargement Windows Live - (.Microsoft Corporation.) [HKLM] -- {205C6BDD-7B73-42DE-8505-9A093F35A238} O42 - Logiciel: PartyPoker.fr - (.PartyFrance.) [HKLM] -- PartyPokerFr O42 - Logiciel: Peer2Me - (.Peer2Me.) [HKLM] -- {C783600B-C726-4481-9BBE-06F560CF8968} O42 - Logiciel: PhotoFiltre - (.Pas de propriétaire.) [HKLM] -- PhotoFiltre O42 - Logiciel: Programme de gestion Camera de Logitech® - (.Pas de propriétaire.) [HKLM] -- QcDrv O42 - Logiciel: QuickTime - (.Apple Inc..) [HKLM] -- {28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD} O42 - Logiciel: REALTEK GbE & FE Ethernet PCI-E NIC Driver - (.Realtek.) [HKLM] -- {C9BED750-1211-4480-B1A5-718A3BE15525} O42 - Logiciel: Real Alternative 2.0.2 - (.Pas de propriétaire.) [HKLM] -- RealAlt_is1 O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} O42 - Logiciel: Reg (DOFUS Audio Subsystem) - (.UNKNOWN.) [HKLM] -- Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 O42 - Logiciel: Reg (DOFUS Audio Subsystem) - (.UNKNOWN.) [HKLM] -- {3F900346-A316-BA88-B83C-2513F1260AD7} O42 - Logiciel: SMPlayer 0.6.7 - (.RVM.) [HKLM] -- SMPlayer O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.) [HKLM] -- KB931906 O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.) [HKLM] -- {0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} O42 - Logiciel: Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2416473 O42 - Logiciel: Segoe UI - (.Microsoft Corp.) [HKLM] -- {A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} O42 - Logiciel: Spybot - Search & Destroy - (.Safer Networking Limited.) [HKLM] -- {B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 O42 - Logiciel: Sunbelt Personal Firewall - (.Sunbelt Software.) [HKLM] -- {F61A549E-9C8A-4859-8BFE-2A4A018BBA4A} O42 - Logiciel: System Requirements Lab - (.Pas de propriétaire.) [HKLM] -- SystemRequirementsLab O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707 O42 - Logiciel: VC80CRTRedist - 8.0.50727.762 - (.DivX, Inc.) [HKLM] -- {767CC44C-9BBC-438D-BAD3-FD4595DD148B} O42 - Logiciel: VLC media player 1.1.4 - (.VideoLAN.) [HKLM] -- VLC media player O42 - Logiciel: Windows Genuine Advantage Notifications (KB905474) - (.Microsoft Corporation.) [HKLM] -- WgaNotify O42 - Logiciel: Windows Genuine Advantage Validation Tool (KB892130) - (.Microsoft Corporation.) [HKLM] -- KB892130 O42 - Logiciel: Windows Internet Explorer 8 - (.Microsoft Corporation.) [HKLM] -- ie8 O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM] -- {82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41} O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {ED00D08A-3C5F-488D-93A0-A04F21F23956} O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {770F1BEC-2871-4E70-B837-FB8525FFA3B1} O42 - Logiciel: Windows Media Format 11 runtime - (.Microsoft Corporation.) [HKLM] -- WMFDist11 O42 - Logiciel: Windows Media Format 11 runtime - (.Pas de propriétaire.) [HKLM] -- Windows Media Format Runtime O42 - Logiciel: Windows Media Player 11 - (.Microsoft Corporation.) [HKLM] -- wmp11 O42 - Logiciel: Windows XP Service Pack 3 - (.Microsoft Corporation.) [HKLM] -- Windows XP Service O42 - Logiciel: XML Paper Specification Shared Components Language Pack 1.0 - (.Microsoft Corporation.) [HKLM] -- XPSEPSCLP O42 - Logiciel: XML Paper Specification Shared Components Pack 1.0 - (.Microsoft Corporation.) [HKLM] -- XpsEPSC O42 - Logiciel: Xilisoft Video Converter - (.Xilisoft.) [HKLM] -- Xilisoft Video Converter ---\\ HKCU & HKLM Software Keys [HKCU\Software\AC3filter] [HKCU\Software\ALWIL Software] [HKCU\Software\Adobe] [HKCU\Software\Ahead] [HKCU\Software\American Systems] [HKCU\Software\Apple Computer, Inc.] [HKCU\Software\Avira] [HKCU\Software\BitDefender] [HKCU\Software\Bugsplat] [HKCU\Software\Classes] [HKCU\Software\Clients] [HKCU\Software\CoreVorbis] [HKCU\Software\Cyberlink] [HKCU\Software\DVD Shrink] [HKCU\Software\DivXNetworks] [HKCU\Software\DownloadCenter] [HKCU\Software\Folder Manager] [HKCU\Software\GNU] [HKCU\Software\GRETECH] [HKCU\Software\GSpot Appliance Corp] [HKCU\Software\Gabest] [HKCU\Software\Gigabyte] [HKCU\Software\Google] [HKCU\Software\Grand Virtual] [HKCU\Software\HLSW] [HKCU\Software\Haali] [HKCU\Software\HookNetwork] [HKCU\Software\IM Providers] [HKCU\Software\Intel] [HKCU\Software\JavaSoft] [HKCU\Software\Lavalys] [HKCU\Software\Lavasoft] [HKCU\Software\Local AppWizard-Generated Applications] [HKCU\Software\Logitech] [HKCU\Software\Macromedia] [HKCU\Software\Malwarebytes' Anti-Malware] [HKCU\Software\MediaInfo] [HKCU\Software\MozillaPlugins] [HKCU\Software\Mozilla] [HKCU\Software\Mumble] [HKCU\Software\NVIDIA Corporation] [HKCU\Software\NVIDIA nvCpl Container] [HKCU\Software\Nero] [HKCU\Software\Netscape] [HKCU\Software\Northcode Inc] [HKCU\Software\OpenOffice.org] [HKCU\Software\PartyFrance] [HKCU\Software\Patchou] [HKCU\Software\Peer2Me] [HKCU\Software\Piriform] [HKCU\Software\Policies] [HKCU\Software\RALINK] [HKCU\Software\RayV] [HKCU\Software\RealNetworks] [HKCU\Software\Realtek] [HKCU\Software\Safer Networking Limited] [HKCU\Software\Softonic] [HKCU\Software\Sunbelt Software] [HKCU\Software\Theorica] [HKCU\Software\Trolltech] [HKCU\Software\VB and VBA Program Settings] [HKCU\Software\Valve] [HKCU\Software\Veoh] [HKCU\Software\VirtualDub.org] [HKCU\Software\WinRAR SFX] [HKCU\Software\WinRAR] [HKCU\Software\Xilisoft] [HKCU\Software\YahooPartnerToolbar] [HKCU\Software\Yahoo] [HKCU\Software\addtoustart] [HKCU\Software\eChanblard] [HKCU\Software\ej-technologies] [HKCU\Software\epsxe] [HKCU\Software\keyhole.com] [HKCU\Software\mIRC] [HKLM\Software\ALWIL Software] [HKLM\Software\AbiSuite] [HKLM\Software\Adobe] [HKLM\Software\Ankama] [HKLM\Software\AppDataLow] [HKLM\Software\Apple Computer, Inc.] [HKLM\Software\Apple Inc.] [HKLM\Software\Avira] [HKLM\Software\C07ft5Y] [HKLM\Software\Classes] [HKLM\Software\Clients] [HKLM\Software\Codec Tweak Tool] [HKLM\Software\Cyberlink] [HKLM\Software\DivXNetworks] [HKLM\Software\Dofus 2] [HKLM\Software\FileZilla 3] [HKLM\Software\FullCircle] [HKLM\Software\GEAR Software] [HKLM\Software\GNU] [HKLM\Software\GRETECH] [HKLM\Software\Gabest] [HKLM\Software\Gemplus] [HKLM\Software\Gigabyte Technology Corp.] [HKLM\Software\Gigabyte] [HKLM\Software\Google] [HKLM\Software\Intel] [HKLM\Software\InterVideo] [HKLM\Software\JavaSoft] [HKLM\Software\JreMetrics] [HKLM\Software\KLCodecPack] [HKLM\Software\L&H] [HKLM\Software\Lavasoft] [HKLM\Software\LightScribe] [HKLM\Software\Logitech] [HKLM\Software\MDC] [HKLM\Software\Macromedia] [HKLM\Software\Malwarebytes' Anti-Malware] [HKLM\Software\McAfee.com] [HKLM\Software\Mozilla Firefox 3.0.4] [HKLM\Software\MozillaPlugins] [HKLM\Software\Mozilla] [HKLM\Software\Mumble] [HKLM\Software\NVIDIA Corporation] [HKLM\Software\Nero] [HKLM\Software\Notepad] [HKLM\Software\ODBC] [HKLM\Software\Patchou] [HKLM\Software\Piriform] [HKLM\Software\Policies] [HKLM\Software\Program Groups] [HKLM\Software\RTLSetup] [HKLM\Software\RealAlternative] [HKLM\Software\RealDSF] [HKLM\Software\RealNetworks] [HKLM\Software\Realtek Semiconductor Corp.] [HKLM\Software\Realtek] [HKLM\Software\RegisteredApplications] [HKLM\Software\S3R521] [HKLM\Software\Safer Networking Limited] [HKLM\Software\Schlumberger] [HKLM\Software\Secure] [HKLM\Software\Sun Microsystems] [HKLM\Software\Sunbelt Software] [HKLM\Software\TrendMicro] [HKLM\Software\Valve] [HKLM\Software\VideoLAN] [HKLM\Software\Windows 3.1 Migration Status] [HKLM\Software\Windows] [HKLM\Software\X-AVCSD] [HKLM\Software\Yahoo] [HKLM\Software\ahead] [HKLM\Software\ej-technologies] [HKLM\Software\mozilla.org] ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 08/09/2008 - 11:41:46 - [364854474] ----D- C:\Program Files\Fichiers communs O43 - CFD: 08/09/2008 - 12:05:50 - [3942655] ----D- C:\Program Files\Windows NT O43 - CFD: 08/09/2008 - 12:05:52 - [19278399] ----D- C:\Program Files\MSN O43 - CFD: 08/09/2008 - 12:06:26 - [8745735] ----D- C:\Program Files\MSN Gaming Zone O43 - CFD: 08/09/2008 - 12:06:30 - [2152579] ----D- C:\Program Files\Messenger O43 - CFD: 08/09/2008 - 12:06:34 - [8621277] ----D- C:\Program Files\Windows Media Player O43 - CFD: 08/09/2008 - 12:06:34 - [1708] ----D- C:\Program Files\Online Services O43 - CFD: 08/09/2008 - 12:06:42 - [0] ----D- C:\Program Files\ComPlus Applications O43 - CFD: 08/09/2008 - 12:07:02 - [6169232] ----D- C:\Program Files\Internet Explorer O43 - CFD: 08/09/2008 - 12:07:10 - [4379321] ----D- C:\Program Files\Outlook Express O43 - CFD: 08/09/2008 - 12:07:12 - [3285523] ----D- C:\Program Files\NetMeeting O43 - CFD: 08/09/2008 - 12:07:24 - [10374874] ----D- C:\Program Files\Movie Maker O43 - CFD: 08/09/2008 - 12:08:20 - [929] ----D- C:\Program Files\Services en ligne O43 - CFD: 08/09/2008 - 12:08:22 - [0] --H-D- C:\Program Files\WindowsUpdate O43 - CFD: 08/09/2008 - 12:09:32 - [0] ----D- C:\Program Files\microsoft frontpage O43 - CFD: 08/09/2008 - 12:09:32 - [0] ----D- C:\Program Files\xerox O43 - CFD: 08/09/2008 - 12:29:24 - [0] --H-D- C:\Program Files\Uninstall Information O43 - CFD: 08/09/2008 - 12:31:18 - [64871] ----D- C:\Program Files\Intel O43 - CFD: 08/09/2008 - 12:33:42 - [18455320] --H-D- C:\Program Files\InstallShield Installation Information O43 - CFD: 08/09/2008 - 12:33:42 - [48953618] ----D- C:\Program Files\Realtek O43 - CFD: 08/09/2008 - 18:57:14 - [33765895] ----D- C:\Program Files\K-Lite Codec Pack O43 - CFD: 08/09/2008 - 19:11:20 - [36865542] ----D- C:\Program Files\Mozilla Firefox O43 - CFD: 08/09/2008 - 19:17:36 - [67310634] ----D- C:\Program Files\eChanblard O43 - CFD: 08/09/2008 - 19:30:58 - [312057089] ----D- C:\Program Files\Nero O43 - CFD: 08/09/2008 - 19:55:24 - [0] ----D- C:\Program Files\Alwil Software O43 - CFD: 09/09/2008 - 07:47:44 - [3451643] ----D- C:\Program Files\WinRAR O43 - CFD: 09/09/2008 - 20:43:34 - [0] ----D- C:\Program Files\DofusBeta O43 - CFD: 14/09/2008 - 18:43:38 - [23693192] ----D- C:\Program Files\Google O43 - CFD: 20/09/2008 - 22:24:52 - [21220191] ----D- C:\Program Files\Xilisoft O43 - CFD: 20/09/2008 - 22:24:54 - [80152452] ----D- C:\Program Files\QuickTime O43 - CFD: 26/09/2008 - 18:58:36 - [165876522] ----D- C:\Program Files\Java O43 - CFD: 29/09/2008 - 21:58:04 - [3677728] ----D- C:\Program Files\CCleaner O43 - CFD: 29/09/2008 - 21:58:12 - [383040] ----D- C:\Program Files\Yahoo! O43 - CFD: 02/10/2008 - 21:10:14 - [87114199] ----D- C:\Program Files\VideoLAN O43 - CFD: 02/10/2008 - 22:40:12 - [76571942] ----D- C:\Program Files\Spybot - Search & Destroy O43 - CFD: 03/10/2008 - 16:15:04 - [5085953] ----D- C:\Program Files\Malwarebytes' Anti-Malware O43 - CFD: 03/10/2008 - 16:48:12 - [41] ----D- C:\Program Files\Grisoft O43 - CFD: 03/10/2008 - 16:51:38 - [20629035] ----D- C:\Program Files\Lavasoft O43 - CFD: 03/10/2008 - 17:15:58 - [1481984] ----D- C:\Program Files\COMODO O43 - CFD: 03/10/2008 - 17:32:48 - [180151560] ----D- C:\Program Files\Sunbelt Software O43 - CFD: 03/10/2008 - 18:04:08 - [13575937] ----D- C:\Program Files\Lavalys O43 - CFD: 18/10/2008 - 19:46:26 - [24282503] ----D- C:\Program Files\AbiSuite2 O43 - CFD: 20/10/2008 - 18:39:42 - [2694269] ----D- C:\Program Files\Microsoft Reader O43 - CFD: 05/11/2008 - 01:08:54 - [979725] ----D- C:\Program Files\DVD Shrink O43 - CFD: 16/11/2008 - 10:47:00 - [0] ----D- C:\Program Files\mozilla.org O43 - CFD: 16/11/2008 - 21:14:16 - [79724499] ----D- C:\Program Files\Logitech O43 - CFD: 17/11/2008 - 03:00:18 - [800662] ----D- C:\Program Files\Microsoft CAPICOM 2.1.0.2 O43 - CFD: 26/11/2008 - 00:01:04 - [3798667] ----D- C:\Program Files\CDex_170b2 O43 - CFD: 26/11/2008 - 22:09:20 - [250] ----D- C:\Program Files\ma-config.com O43 - CFD: 26/12/2008 - 01:52:12 - [181407] ----D- C:\Program Files\bwin O43 - CFD: 26/12/2008 - 17:15:20 - [16191106] ----D- C:\Program Files\Gigabyte O43 - CFD: 31/12/2008 - 04:36:32 - [3484127] ----D- C:\Program Files\Gauntler O43 - CFD: 31/12/2008 - 15:52:42 - [1035594] ----D- C:\Program Files\SystemRequirementsLab O43 - CFD: 21/01/2009 - 16:26:50 - [37387521] ----D- C:\Program Files\Reference Assemblies O43 - CFD: 21/01/2009 - 16:26:56 - [25757] ----D- C:\Program Files\MSBuild O43 - CFD: 28/01/2009 - 01:05:28 - [55884038] ----D- C:\Program Files\DivX O43 - CFD: 30/03/2009 - 01:18:24 - [0] ----D- C:\Program Files\Haali O43 - CFD: 30/03/2009 - 01:21:48 - [1711967] ----D- C:\Program Files\Matroska Pack O43 - CFD: 08/04/2009 - 23:00:16 - [65844496] ----D- C:\Program Files\SMPlayer O43 - CFD: 27/04/2009 - 01:08:56 - [3581070] ----D- C:\Program Files\Windows Media Connect 2 O43 - CFD: 02/06/2009 - 19:44:56 - [23493993] ----D- C:\Program Files\Everest Poker O43 - CFD: 09/06/2009 - 18:23:40 - [2648] ----D- C:\Program Files\PokerStars O43 - CFD: 10/06/2009 - 21:28:20 - [2221118] ----D- C:\Program Files\Apple Software Update O43 - CFD: 10/06/2009 - 21:29:08 - [392881] ----D- C:\Program Files\Bonjour O43 - CFD: 07/10/2009 - 00:50:24 - [9277643] ----D- C:\Program Files\Notepad++ O43 - CFD: 01/01/2007 - 00:53:00 - [226432] ----D- C:\Program Files\Microsoft O43 - CFD: 03/12/2009 - 00:56:16 - [925133049] ----D- C:\Program Files\Dofus 2 O43 - CFD: 13/03/2010 - 15:23:30 - [20783971] ----D- C:\Program Files\GRETECH O43 - CFD: 13/03/2010 - 16:39:32 - [162915792] ----D- C:\Program Files\Adobe O43 - CFD: 14/03/2010 - 15:39:52 - [8387297] ----D- C:\Program Files\CamStudio O43 - CFD: 01/01/2007 - 02:03:52 - [0] ----D- C:\Program Files\MSECACHE O43 - CFD: 01/01/2007 - 02:05:52 - [42929303] ----D- C:\Program Files\Windows Live O43 - CFD: 01/01/2007 - 02:06:02 - [245112] ----D- C:\Program Files\Windows Live SkyDrive O43 - CFD: 12/05/2010 - 21:11:20 - [701859] ----D- C:\Program Files\Peer2Me O43 - CFD: 06/08/2010 - 03:42:28 - [178162] ----D- C:\Program Files\RayV O43 - CFD: 03/12/2010 - 17:20:00 - [112381433] ----D- C:\Program Files\Avira O43 - CFD: 24/12/2010 - 05:14:56 - [22762420] ----D- C:\Program Files\Real Alternative O43 - CFD: 01/02/2011 - 23:04:02 - [41622998] ----D- C:\Program Files\PartyFrance O43 - CFD: 22/03/2011 - 16:28:58 - [45738800] ----D- C:\Program Files\Flouxxbot O43 - CFD: 26/03/2011 - 18:25:58 - [0] ----D- C:\Program Files\ektoukqs O43 - CFD: 28/03/2011 - 12:55:10 - [3614283] ----D- C:\Program Files\ZHPDiag O43 - CFD: 08/09/2008 - 11:41:46 - [14674313] ----D- C:\Program Files\Fichiers Communs\Microsoft Shared O43 - CFD: 08/09/2008 - 11:41:48 - [3787229] ----D- C:\Program Files\Fichiers Communs\SpeechEngines O43 - CFD: 08/09/2008 - 11:41:50 - [0] ----D- C:\Program Files\Fichiers Communs\ODBC O43 - CFD: 08/09/2008 - 12:07:04 - [6811317] ----D- C:\Program Files\Fichiers Communs\System O43 - CFD: 08/09/2008 - 12:07:36 - [284160] ----D- C:\Program Files\Fichiers Communs\MSSoap O43 - CFD: 08/09/2008 - 12:07:40 - [8106] ----D- C:\Program Files\Fichiers Communs\Services O43 - CFD: 08/09/2008 - 12:33:38 - [8530156] ----D- C:\Program Files\Fichiers Communs\InstallShield O43 - CFD: 08/09/2008 - 19:30:58 - [50452534] ----D- C:\Program Files\Fichiers Communs\Ahead O43 - CFD: 08/09/2008 - 19:34:42 - [7001218] ----D- C:\Program Files\Fichiers Communs\LightScribe O43 - CFD: 09/09/2008 - 21:02:52 - [26598265] ----D- C:\Program Files\Fichiers Communs\Adobe O43 - CFD: 10/09/2008 - 16:35:36 - [18462610] -SH-D- C:\Program Files\Fichiers Communs\WindowsLiveInstaller O43 - CFD: 26/09/2008 - 18:57:04 - [32336616] ----D- C:\Program Files\Fichiers Communs\Java O43 - CFD: 03/10/2008 - 16:51:02 - [18824704] ----D- C:\Program Files\Fichiers Communs\Wise Installation Wizard O43 - CFD: 20/10/2008 - 18:42:08 - [2393173] ----D- C:\Program Files\Fichiers Communs\L&H O43 - CFD: 16/11/2008 - 21:15:22 - [27767228] ----D- C:\Program Files\Fichiers Communs\Logitech O43 - CFD: 10/06/2009 - 21:28:00 - [79977345] ----D- C:\Program Files\Fichiers Communs\Apple O43 - CFD: 30/06/2009 - 00:25:06 - [1585664] ----D- C:\Program Files\Fichiers Communs\DivX Shared O43 - CFD: 31/12/2006 - 23:29:52 - [34243666] ----D- C:\Program Files\Fichiers Communs\Windows Live O43 - CFD: 03/12/2009 - 00:56:12 - [31116170] ----D- C:\Program Files\Fichiers Communs\Adobe AIR O43 - CFD: 08/09/2008 - 11:39:06 - [14005] -S--D- C:\Documents and Settings\Bluffeur\Application Data\Microsoft O43 - CFD: 10/09/2008 - 17:06:36 - [0] ----D- C:\Documents and Settings\Bluffeur\Application Data\Identities O43 - CFD: 08/09/2008 - 12:09:04 - [1013730] ----D- C:\Documents and Settings\Bluffeur\Local Settings\Application Data\Microsoft O43 - CFD: 10/09/2008 - 17:06:40 - [36351] ----D- C:\Documents and Settings\Bluffeur\Local Settings\Application Data\Ahead ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.58EF1200F915817C00ECFD7F2CF01200] - 27/03/2011 - 22:39:16 ---A- . (...) -- C:\WINDOWS\WindowsUpdate.log [1933310] O44 - LFC:[MD5.A4CFA12FCDFF2F05CDC5940EE6B271A2] - 27/03/2011 - 20:58:28 ---A- . (...) -- C:\WINDOWS\System32\PerfStringBackup.INI [1094670] O44 - LFC:[MD5.023356E506D41F60D4E4A17E8D26D215] - 27/03/2011 - 20:58:28 ---A- . (...) -- C:\WINDOWS\System32\perfc009.dat [67312] O44 - LFC:[MD5.35645ADBC94657F569DD2C81F05B8583] - 27/03/2011 - 20:58:28 ---A- . (...) -- C:\WINDOWS\System32\perfc00C.dat [80508] O44 - LFC:[MD5.1CFBFBA978FE90E359E3FE934B36CF26] - 27/03/2011 - 20:58:28 ---A- . (...) -- C:\WINDOWS\System32\perfh009.dat [432356] O44 - LFC:[MD5.956A9C1241E0FFB50BA04B1CABA4E771] - 27/03/2011 - 20:58:28 ---A- . (...) -- C:\WINDOWS\System32\perfh00C.dat [500482] O44 - LFC:[MD5.DAA8FFA41ABE70479EC08BBA0D9A8D3B] - 27/03/2011 - 20:54:54 ---A- . (...) -- C:\WINDOWS\System32\wpa.dbl [13646] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 27/03/2011 - 20:54:48 ---A- . (...) -- C:\WINDOWS\0.log [0] O44 - LFC:[MD5.58EF1200F915817C00ECFD7F2CF01200] - 27/03/2011 - 20:54:24 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159] O44 - LFC:[MD5.616E76E59A4A09557F6247A993A40BD4] - 27/03/2011 - 20:53:50 ---A- . (...) -- C:\WINDOWS\System32\nvapps.xml [192016] O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 27/03/2011 - 20:53:26 -S-A- . (...) -- C:\WINDOWS\bootstat.dat [2048] O44 - LFC:[MD5.58EF1200F915817C00ECFD7F2CF01200] - 27/03/2011 - 20:51:50 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50] O44 - LFC:[MD5.58EF1200F915817C00ECFD7F2CF01200] - 27/03/2011 - 20:51:48 ---A- . (...) -- C:\WINDOWS\SchedLgU.Txt [32244] O44 - LFC:[MD5.DF614AEA27276759CDB22FFD845D444B] - 27/03/2011 - 20:32:10 -SH-- . (...) -- C:\boot.ini [246] O44 - LFC:[MD5.0F335D5BEDBB5AACE07770507A09FE0B] - 27/03/2011 - 20:30:54 ---A- . (...) -- C:\WINDOWS\tpcsd [22] O44 - LFC:[MD5.AA7CEBE371BD5DB3AE13263C65935FDE] - 27/03/2011 - 19:42:52 ---A- . (...) -- C:\WINDOWS\System32\FNTCACHE.DAT [1421328] O44 - LFC:[MD5.4FC74CE16493AA5F8F8C2A322C637583] - 25/03/2011 - 02:00:28 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [1038722] O44 - LFC:[MD5.4C3A855CCB4E976F6B7A2F96EDFA5E28] - 25/03/2011 - 02:00:28 ---A- . (...) -- C:\WINDOWS\KB2524375.log [7802] O44 - LFC:[MD5.4792CA9B54EFC183D9F85C33E369ABE7] - 25/03/2011 - 02:00:28 ---A- . (...) -- C:\WINDOWS\MedCtrOC.log [71400] O44 - LFC:[MD5.43964BBD2805E5833302925E9D86F261] - 25/03/2011 - 02:00:28 ---A- . (...) -- C:\WINDOWS\comsetup.log [341115] O44 - LFC:[MD5.E5894695DA37BDE1C862361045D891C7] - 25/03/2011 - 02:00:28 ---A- . (...) -- C:\WINDOWS\iis6.log [1105261] O44 - LFC:[MD5.C22D90F6C71A81B1781D5B3F22F11883] - 25/03/2011 - 02:00:28 ---A- . (...) -- C:\WINDOWS\imsins.log [1374] O44 - LFC:[MD5.2CC8B21DE9124E90470EE43C88AE4F88] - 25/03/2011 - 02:00:28 ---A- . (...) -- C:\WINDOWS\msgsocm.log [51912] O44 - LFC:[MD5.CEF1025EB9FA5AD2280210377958F0A1] - 25/03/2011 - 02:00:28 ---A- . (...) -- C:\WINDOWS\netfxocm.log [181944] O44 - LFC:[MD5.889036B900657B8D85CA59700388A572] - 25/03/2011 - 02:00:28 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [206524] O44 - LFC:[MD5.B7F98722C8449E5E77F0F7188E3812AA] - 25/03/2011 - 02:00:28 ---A- . (...) -- C:\WINDOWS\ocgen.log [496608] O44 - LFC:[MD5.90391C8C6F908A64E1116780752CEE16] - 25/03/2011 - 02:00:28 ---A- . (...) -- C:\WINDOWS\ocmsn.log [57456] O44 - LFC:[MD5.C63D196624A5EC890BFC75EBBD393E40] - 25/03/2011 - 02:00:28 ---A- . (...) -- C:\WINDOWS\tabletoc.log [52248] O44 - LFC:[MD5.B8E3FC218FAC8C814E34910E3CEDAF3F] - 25/03/2011 - 02:00:28 ---A- . (...) -- C:\WINDOWS\tsoc.log [473933] O44 - LFC:[MD5.F19FE8D2CD279702721AD0E6788B921C] - 25/03/2011 - 02:00:26 ---A- . (...) -- C:\WINDOWS\msmqinst.log [314924] O44 - LFC:[MD5.5866F5AC5FA90002CC1275789B715A60] - 22/03/2011 - 14:50:22 ---A- . (...) -- C:\WINDOWS\NeroDigital.ini [116] O44 - LFC:[MD5.9ECA2B510ADC03D630D5DE259DB1159F] - 17/03/2011 - 02:00:30 ---A- . (...) -- C:\WINDOWS\KB971029.log [17117] O44 - LFC:[MD5.3875DC6098FB8282ED266DB0FB275786] - 17/03/2011 - 02:00:30 ---A- . (...) -- C:\WINDOWS\imsins.BAK [1374] O44 - LFC:[MD5.1699BF71011DF4A7A23215A26DC55F66] - 17/03/2011 - 02:00:26 ---A- . (...) -- C:\WINDOWS\updspapi.log [100903] O44 - LFC:[MD5.451BF746B0AE0448A33E7BDD0EB5FA90] - 17/03/2011 - 01:32:06 ---A- . (...) -- C:\WINDOWS\win.ini [1473] O44 - LFC:[MD5.E2AC27EBE6127A154D11366B04D32612] - 17/03/2011 - 01:29:32 ---A- . (.Sun Microsystems, Inc. - Java Control Panel.) -- C:\WINDOWS\System32\javacpl.cpl [73728] O44 - LFC:[MD5.27CADAE7E69FEEE773EA55108A8F9F47] - 17/03/2011 - 01:29:32 ---A- . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\WINDOWS\System32\deployJava1.dll [472808] O44 - LFC:[MD5.51A850830CB841FBE5B90142BCC6B854] - 17/03/2011 - 01:29:32 ---A- . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\WINDOWS\System32\java.exe [145184] O44 - LFC:[MD5.87893167C98FCEF5D14077511F219B75] - 17/03/2011 - 01:29:32 ---A- . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\WINDOWS\System32\javaw.exe [145184] O44 - LFC:[MD5.42278A946AB729CB746AA47D48F5FCC0] - 17/03/2011 - 01:29:32 ---A- . (.Sun Microsystems, Inc. - Java Web Start Launcher.) -- C:\WINDOWS\System32\javaws.exe [153376] O44 - LFC:[MD5.C713CAA7D462B10BA39434D6E2EB93ED] - 09/03/2011 - 02:02:16 ---A- . (...) -- C:\WINDOWS\KB2479943.log [10892] O44 - LFC:[MD5.A70A023C66F70925029C554D81341C0B] - 09/03/2011 - 02:00:24 ---A- . (...) -- C:\WINDOWS\KB2481109.log [12345] ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll ---\\ Export de clé d'application autorisée (O47) O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe O47 - AAKE:Key Export SP - "C:\Program Files\eChanblard\emule.exe" [Enabled] .(.http://www.emule-project.net - eMule.) -- C:\Program Files\eChanblard\emule.exe O47 - AAKE:Key Export SP - "C:\Program Files\Steam\steamapps\bluffeur\counter-strike source\hl2.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) -- C:\Program Files\Steam\steamapps\bluffeur\counter-strike source\hl2.exe (.not file.) O47 - AAKE:Key Export SP - "C:\WINDOWS\System32\dpvsetup.exe" [Enabled] .(.Microsoft Corporation - Microsoft DirectPlay Voice Test.) -- C:\WINDOWS\System32\dpvsetup.exe O47 - AAKE:Key Export SP - "C:\WINDOWS\System32\RUNDLL32.EXE" [Enabled] Clé orpheline O47 - AAKE:Key Export SP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O47 - AAKE:Key Export SP - "C:\Program Files\Steam\Steam.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) -- C:\Program Files\Steam\Steam.exe (.not file.) O47 - AAKE:Key Export SP - "D:\HLSW\hlsw.exe" [Enabled] .(.Stripf Software - HLSW Application.) -- D:\HLSW\hlsw.exe O47 - AAKE:Key Export SP - "C:\Program Files\ma-config.com\maconfservice.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) -- C:\Program Files\ma-config.com\maconfservice.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) -- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Program Files\Bonjour\mDNSResponder.exe" [Enabled] .(.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [Enabled] .(.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe O47 - AAKE:Key Export SP - "C:\Program Files\RayV\RayV\RayV.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) -- C:\Program Files\RayV\RayV\RayV.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Program Files\RayV\RayV\RayV.dll" [Enabled] .(.Pas de propriétaire - Pas de description.) -- C:\Program Files\RayV\RayV\RayV.dll (.not file.) O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe O47 - AAKE:Key Export DP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe (.not file.) O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [Enabled] .(.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe ---\\ Image File Execution Options (IFEO) (O50) O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d ---\\ Trojan Driver Search Data (HKLM) (O52) O52 - TDSD: \Drivers32\"msacm.trspch"="tssoft32.acm" . (.DSP GROUP, INC. - Codec audio TrueSpeech DSP Group pour MSACM V3.50.) -- C:\WINDOWS\System32\tssoft32.acm O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\WINDOWS\System32\iccvid.dll O52 - TDSD: \Drivers32\"VIDC.I420"="lvcodec2.dll" . (.Logitech Inc. - Video Codec.) -- C:\WINDOWS\System32\lvcodec2.dll O52 - TDSD: \Drivers32\"vidc.iv31"="ir32_32.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ir32_32.dll O52 - TDSD: \Drivers32\"vidc.iv32"="ir32_32.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ir32_32.dll O52 - TDSD: \Drivers32\"vidc.iv41"="ir41_32.ax" . (.Intel Corporation - Intel Indeo® Video 4.5.) -- C:\WINDOWS\System32\ir41_32.ax O52 - TDSD: \Drivers32\"msacm.sl_anet"="sl_anet.acm" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm O52 - TDSD: \Drivers32\"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax O52 - TDSD: \Drivers32\"vidc.iv50"="ir50_32.dll" . (.Intel Corporation - Intel Indeo® video 5.10.) -- C:\WINDOWS\System32\ir50_32.dll O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm O52 - TDSD: \Drivers32\"VIDC.XVID"="xvidvfw.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\xvidvfw.dll O52 - TDSD: \Drivers32\"VIDC.YV12"="DivX.dll" . (.DivX, Inc. - DivX.) -- C:\WINDOWS\System32\DivX.dll O52 - TDSD: \Drivers32\"msacm.ac3acm"="ac3acm.acm" . (.fccHandler - AC-3 ACM Codec.) -- C:\WINDOWS\System32\ac3acm.acm O52 - TDSD: \Drivers32\"msacm.lameacm"="lameACM.acm" . (.http://www.mp3dev.org/ - Lame MP3 codec engine.) -- C:\WINDOWS\System32\lameACM.acm O52 - TDSD: \Drivers32\"VIDC.FFDS"="ff_vfw.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ff_vfw.dll O52 - TDSD: \Drivers32\"vidc.DIVX"="DivX.dll" . (.DivX, Inc. - DivX.) -- C:\WINDOWS\System32\DivX.dll O52 - TDSD: \drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\iac25_32.ax"="Indeo® audio software" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax O52 - TDSD: \drivers.desc\"ir50_32.dll"="Indeo® video 5.10" . (.Pas de propriétaire - Pas de description.) -- (.not file.) O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm O52 - TDSD: \drivers.desc\"xvidvfw.dll"="Xvid MPEG-4 Video Codec v1.2-dev" . (.Pas de propriétaire - Pas de description.) -- (.not file.) O52 - TDSD: \drivers.desc\"lameACM.acm"="Lame ACM MP3 CODEC v3.98" . (.Pas de propriétaire - Pas de description.) -- (.not file.) O52 - TDSD: \drivers.desc\"ac3acm.acm"="AC-3 ACM Codec" . (.fccHandler - AC-3 ACM Codec.) -- C:\WINDOWS\System32\ac3acm.acm O52 - TDSD: \drivers.desc\"ff_vfw.dll"="ffdshow video encoder" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ff_vfw.dll O52 - TDSD: \drivers.desc\"DivX.dll"="DivX 6.8.5 Codec" . (.Pas de propriétaire - Pas de description.) -- (.not file.) ---\\ Microsoft Control Security Providers (O54) O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll ---\\ Microsoft Windows Policies System (O55) O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0 O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"= O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"= O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1 O55 - MWPS:[HKCU\...\Policies\System] - "DisableRegistryTools"=0 ---\\ Microsoft Windows Policies Explorer (O56) O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=145 O56 - MWPE:[HKLM\...\policies\Explorer] - "HonorAutoRunSetting"=1 ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 02/03/2006 - 11:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\drivers\ptilink.sys [17792] O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 02/03/2006 - 11:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\drivers\cinemst2.sys [262528] O58 - SDL:[MD5.9624293E55AD405415862B504CA95B73] - 02/03/2006 - 11:00:00 ---A- . (.Compaq Computer Corporation - Compaq PA-1 Player Driver.) -- C:\WINDOWS\system32\drivers\cpqdap01.sys [11776] O58 - SDL:[MD5.BE984D604D91C217355CDD3737AAD25D] - 02/03/2006 - 11:00:00 ---A- . (.S3/Diamond Multimedia Systems - NikeDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\nikedrv.sys [12032] O58 - SDL:[MD5.A56FE08EC7473E8580A390BB1081CDD7] - 02/03/2006 - 11:00:00 ---A- . (.S3/Diamond Multimedia Systems - Rio8Drv.sys Usb Driver.) -- C:\WINDOWS\system32\drivers\rio8drv.sys [12032] O58 - SDL:[MD5.0A854DF84C77A0BE205BFEAB2AE4F0EC] - 02/03/2006 - 11:00:00 ---A- . (.S3/Diamond Multimedia Systems - RioDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\riodrv.sys [12032] O58 - SDL:[MD5.D74A8EC75305F1D3CFDE7C7FC1BD62A9] - 02/03/2006 - 11:00:00 ---A- . (.Toshiba Corporation - WDM Toshiba Tecra Video Capture Driver.) -- C:\WINDOWS\system32\drivers\tsbvcap.sys [21376] O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 02/03/2006 - 11:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\drivers\vdmindvd.sys [58112] O58 - SDL:[MD5.5B44C214F9CD9F590BE9125347610380] - 17/06/2010 - 14:28:04 ---A- . (.Avira GmbH - Avira AntiVir File Filter Driver.) -- C:\WINDOWS\system32\drivers\avgntdd.sys [45416] O58 - SDL:[MD5.9A155D31B8E52F41B258282092CC93A7] - 27/05/2005 - 08:32:52 ---A- . (...) -- C:\WINDOWS\system32\drivers\lvcm.sys [1317152] O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 13/04/2008 - 17:39:16 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\WINDOWS\system32\drivers\secdrv.sys [20480] O58 - SDL:[MD5.87451AA7CC6B6A590EBCEA05E755075A] - 17/06/2010 - 14:28:04 ---A- . (.Avira GmbH - Avira AntiVir File Filter Driver Manager.) -- C:\WINDOWS\system32\drivers\avgntmgr.sys [22360] O58 - SDL:[MD5.95E8E4A7FDD66935911FBB6A03576986] - 04/11/2005 - 04:35:06 ---A- . (.Atheros Communications, Inc. - Driver for Atheros AR5001 Wireless Network Adapter.) -- C:\WINDOWS\system32\drivers\ar5211.sys [487552] O58 - SDL:[MD5.836E0E09CA9869BE7EB39EF2CF3602C7] - 20/12/2010 - 17:08:40 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbam.sys [20952] O58 - SDL:[MD5.31CA701F26EA66468AD3C3C6498755CE] - 21/06/2008 - 03:54:54 R--A- . (.Sunbelt Software, Inc. - Sunbelt Personal Firewall Host Intrusion Prevention Driver.) -- C:\WINDOWS\system32\drivers\sbhips.sys [66600] O58 - SDL:[MD5.D68E165C3123ABA3B1282EDDB4213BD8] - 20/12/2010 - 17:09:00 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys [38224] O58 - SDL:[MD5.AC3E7DB45F04EBD40F4C1E0A0D774269] - 29/04/2008 - 10:20:00 ---A- . (.Lavasoft AB - Driver for Ad-Watch network monitoring.) -- C:\WINDOWS\system32\drivers\NSDriver.sys [15648] O58 - SDL:[MD5.973E80FEB99243D150FA3CA490698EB0] - 29/04/2008 - 10:19:54 ---A- . (.Lavasoft AB - Driver for Ad-Watch Real-Time Registry Protection.) -- C:\WINDOWS\system32\drivers\Awrtrd.sys [15648] O58 - SDL:[MD5.124E75B7C483E5D646F99EF5ACFD61B8] - 29/04/2008 - 10:19:50 ---A- . (.Lavasoft AB - Driver for Ad-Watch Real-Time Process protection.) -- C:\WINDOWS\system32\drivers\Awrtpd.sys [12960] O58 - SDL:[MD5.B9C52B09EDE3A4A78A9F3D66E7B7268E] - 16/07/2008 - 08:57:40 R--A- . (.Sunbelt Software, Inc. - Sunbelt Personal Firewall driver.) -- C:\WINDOWS\system32\drivers\SbFw.sys [269736] O58 - SDL:[MD5.F01B8409A11C319E3C5B9DD418676D2C] - 21/06/2008 - 03:54:54 ---A- . (.Sunbelt Software, Inc. - Sunbelt Personal Firewall NDIS Intermediate driver.) -- C:\WINDOWS\system32\drivers\SbFwIm.sys [65576] O58 - SDL:[MD5.DA39805E2BAD99D37FCE9477DD94E7F2] - 20/02/2011 - 23:52:48 ---A- . (.Avira GmbH - Avira Driver for Security Enhancement.) -- C:\WINDOWS\system32\drivers\avipbb.sys [135096] O58 - SDL:[MD5.A36EE93698802CD899F98BFD553D8185] - 17/06/2010 - 14:28:04 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\WINDOWS\system32\drivers\ssmdrv.sys [28520] O58 - SDL:[MD5.93418CD2C3B544847C3CDF7DB66F1921] - 27/05/2005 - 08:23:38 ---A- . (.Logitech Inc. - SmoothVision filter.) -- C:\WINDOWS\system32\drivers\lvsvf2.sys [2180096] O58 - SDL:[MD5.83780F3A86D2804912F22F6E37CD2254] - 07/10/2008 - 12:33:00 ---A- . (.NVIDIA Corporation - NVIDIA Compatible Windows 2000 Miniport Driver, Version 178.24.) -- C:\WINDOWS\system32\drivers\nv4_mini.sys [6133856] O58 - SDL:[MD5.C5EFBD05A5195402121711A6EBBB271F] - 27/05/2005 - 08:31:28 ---A- . (.Logitech Inc. - USB Statistic Driver.) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys [22016] O58 - SDL:[MD5.9C4F555A3FA3239047F6CCE65C9137BC] - 26/12/2008 - 16:15:36 ---A- . (.Meetinghouse Data Communications - IEEE 802.1X Protocol Driver.) -- C:\WINDOWS\system32\drivers\AegisP.sys [19915] O58 - SDL:[MD5.47B879406246FFDCED59E18D331A0E7D] - 13/12/2010 - 16:20:58 ---A- . (.Avira GmbH - Avira Minifilter Driver.) -- C:\WINDOWS\system32\drivers\avgntflt.sys [61960] O58 - SDL:[MD5.60A68A5EA173A97971EE9F1FF49EB2B3] - 05/06/2009 - 10:42:38 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\WINDOWS\system32\drivers\usbaapl.sys [39424] O58 - SDL:[MD5.F2F431D1573EE632975C524418655B84] - 19/03/2009 - 15:32:48 ---A- . (.GEAR Software Inc. - CD DVD Filter.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys [23400] O58 - SDL:[MD5.098DE621085D7F922871A99B0EC7DDD6] - 01/03/2007 - 09:05:38 R--A- . (.Realtek Semiconductor Corporation - Realtek 10/100/1000 NDIS 5.1 Driver.) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys [90496] O58 - SDL:[MD5.F90A4E8657319A652E04C5362926CFEA] - 16/02/2007 - 03:27:10 R--A- . (.JMicron Technology Corp. - JMicron JMB36X RAID Driver.) -- C:\WINDOWS\system32\drivers\jraid.sys [44928] O58 - SDL:[MD5.C995C0E8B4503FAC38793BB0236AD246] - 07/02/2006 - 12:52:58 R--A- . (.JMicron - SCSI Port upper filter driver.) -- C:\WINDOWS\system32\drivers\JGOGO.sys [6912] O58 - SDL:[MD5.83CC5FECFC2F91F91D9F7B019B8B9CE8] - 28/03/2007 - 08:45:38 R---- . (.Realtek Semiconductor Corp. - Realtek® High Definition Audio Function Driver.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys [4395008] O58 - SDL:[MD5.25EDD75E23C5EF6B33D0FBCCE125A601] - 15/08/2005 - 11:08:26 ---A- . (.Ahead Software AG - NERO IMAGEDRIVE SCSI miniport.) -- C:\WINDOWS\system32\drivers\imagedrv.sys [5888] O58 - SDL:[MD5.9C4BBACF4E9B9543C3CE23F1FE556941] - 15/08/2005 - 11:08:26 ---A- . (.Ahead Software AG - Nero Image Server.) -- C:\WINDOWS\system32\drivers\imagesrv.sys [127488] O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 02/03/2006 - 11:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037] O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 02/03/2006 - 11:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097] O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 02/03/2006 - 11:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912] O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 02/03/2006 - 11:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809] O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 02/03/2006 - 11:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916] O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 02/03/2006 - 11:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370] O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 02/03/2006 - 11:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274] O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 02/03/2006 - 11:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146] O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 02/03/2006 - 11:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146] O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 02/03/2006 - 11:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537] O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 02/03/2006 - 11:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000] O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 02/03/2006 - 11:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560] O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 02/03/2006 - 11:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648] O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 02/03/2006 - 11:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424] O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 02/03/2006 - 11:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560] ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: HijackThis 2.0.2 - (.TrendMicro.) [HKLM] -- HijackThis O63 - Logiciel: ZHPDiag 1.27 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ---\\ Liste des services Legacy (O64) O64 - Services: CurCS - (.not file.) - avast! Asynchronous Virus Monitor (Aavmker4) .(...) - LEGACY_AAVMKER4 O64 - Services: CurCS - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe - Lavasoft Ad-Aware Service (aawservice) .(.Lavasoft - Ad-Aware Service.) - LEGACY_AAWSERVICE O64 - Services: CurCS - C:\WINDOWS\system32\acs.exe - Atheros Configuration Service (ACS) .(.Atheros - ACS.) - LEGACY_ACS O64 - Services: CurCS - C:\Windows\System32\DRIVERS\AegisP.sys - AEGIS Protocol (IEEE 802.1x) v3.4.1.0 (AegisP) .(.Meetinghouse Data Communications - IEEE 802.1X Protocol Driver.) - LEGACY_AEGISP O64 - Services: CurCS - C:\WINDOWS\system32\drivers\afd.sys - AFD (AFD) .(.Microsoft Corporation - Ancillary Function Driver for WinSock.) - LEGACY_AFD O64 - Services: CurCS - C:\WINDOWS\System32\alg.exe - Service de la passerelle de la couche Application (ALG) .(.Microsoft Corporation - Application Layer Gateway Service.) - LEGACY_ALG O64 - Services: CurCS - C:\Program Files\Avira\AntiVir Desktop\sched.exe - Avira AntiVir Planificateur (AntiVirSchedulerService) .(.Avira GmbH - Antivirus Scheduler.) - LEGACY_ANTIVIRSCHEDULERSERVICE O64 - Services: CurCS - C:\Program Files\Avira\AntiVir Desktop\avguard.exe - Avira AntiVir Guard (AntiVirService) .(.Avira GmbH - Antivirus On-Access Service.) - LEGACY_ANTIVIRSERVICE O64 - Services: CurCS - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe - Apple Mobile Device (Apple Mobile Device) .(.Apple Inc. - Apple Mobile Device Service.) - LEGACY_APPLE_MOBILE_DEVICE O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Gestion d'applications (AppMgmt) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_APPMGMT O64 - Services: CurCS - C:\Windows\System32\DRIVERS\arp1394.sys - Protocole client ARP 1394 (Arp1394) .(.Microsoft Corporation - IP/1394 Arp Client.) - LEGACY_ARP1394 O64 - Services: CurCS - (.not file.) - aswFsBlk (aswFsBlk) .(...) - LEGACY_ASWFSBLK O64 - Services: CurCS - (.not file.) - avast! Standard Shield Support (aswMon2) .(...) - LEGACY_ASWMON2 O64 - Services: CurCS - (.not file.) - aswRdr (aswRdr) .(...) - LEGACY_ASWRDR O64 - Services: CurCS - (.not file.) - avast! Self Protection (aswSP) .(...) - LEGACY_ASWSP O64 - Services: CurCS - (.not file.) - avast! Network Shield Support (aswTdi) .(...) - LEGACY_ASWTDI O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Audio Windows (AudioSrv) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_AUDIOSRV O64 - Services: CurCS - (.not file.) - avast! Antivirus (avast! Antivirus) .(...) - LEGACY_AVAST!_ANTIVIRUS O64 - Services: CurCS - (.not file.) - AVG Anti-Spyware Clean Driver (AvgAsCln) .(...) - LEGACY_AVGASCLN O64 - Services: CurCS - C:\Program Files\Avira\AntiVir Desktop\avgio.sys - avgio (avgio) .(.Avira GmbH - Avira AntiVir Support for Minifilter.) - LEGACY_AVGIO O64 - Services: CurCS - C:\Windows\System32\DRIVERS\avgntflt.sys - avgntflt (avgntflt) .(.Avira GmbH - Avira Minifilter Driver.) - LEGACY_AVGNTFLT O64 - Services: CurCS - (.not file.) - AVG Anti-Spyware Driver (AVG Anti-Spyware Driver) .(...) - LEGACY_AVG_ANTI-SPYWARE_DRIVER O64 - Services: CurCS - C:\Windows\System32\DRIVERS\avipbb.sys - avipbb (avipbb) .(.Avira GmbH - Avira Driver for Security Enhancement.) - LEGACY_AVIPBB O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\BEEP.sys - Beep (Beep) .(...) - LEGACY_BEEP O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Service de transfert intelligent en arrière-plan (BITS) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_BITS O64 - Services: CurCS - C:\Program Files\Bonjour\mDNSResponder.exe - Service Bonjour (Bonjour Service) .(.Apple Inc. - Bonjour Service.) - LEGACY_BONJOUR_SERVICE O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Explorateur d'ordinateur (Browser) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_BROWSER O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\CDFS.sys - cdfs (cdfs) .(...) - LEGACY_CDFS O64 - Services: CurCS - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe - .NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) .(.Microsoft Corporation - .NET Runtime Optimization Service.) - LEGACY_CLR_OPTIMIZATI O64 - Services: CurCS - (.not file.) - (.not file.) - Application système COM+ (COMSysApp) .(...) - LEGACY_COMSYSAPP O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Services de cryptographie (CryptSvc) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_CRYPTSVC O64 - Services: CurCS - (.not file.) - (.not file.) - Lanceur de processus serveur DCOM (DcomLaunch) .(...) - LEGACY_DCOMLAUNCH O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Client DHCP (Dhcp) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_DHCP O64 - Services: CurCS - C:\Windows\System32\drivers\dmboot.sys - dmboot (dmboot) .(.Microsoft Corp., Veritas Software - Pilote de démarrage du gestionnaire de disq.) - LEGACY_DMBOOT O64 - Services: CurCS - C:\Windows\System32\drivers\dmload.sys - dmload (dmload) .(.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) - LEGACY_DMLOAD O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Gestionnaire de disque logique (dmserver) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_DMSERVER O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Client DNS (Dnscache) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_DNSCACHE O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Service de rapport d'erreurs (ERSvc) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_ERSVC O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Système d'événements de COM+ (EventSystem) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_EVENTSYSTEM O64 - Services: CurCS - C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt - Lavalys EVEREST Kernel Driver (EverestDriver) .(...) - LEGACY_EVERESTDRIVER O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\FASTFAT.sys - fastfat (fastfat) .(...) - LEGACY_FASTFAT O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Compatibilité avec le Changement rapide d'utilisateur (FastUserSwitchingCompatibility) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_FASTUSERSWITCHINGCOMPATIBILITY O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\FIPS.sys - Fips (Fips) .(...) - LEGACY_FIPS O64 - Services: CurCS - C:\Windows\System32\drivers\fltmgr.sys - FltMgr (FltMgr) .(.Microsoft Corporation - Microsoft Filesystem Filter Manager.) - LEGACY_FLTMGR O64 - Services: CurCS - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe - Windows Presentation Foundation Font Cache 3.0.0.0 (FontCache3.0.0.0) .(.Microsoft Corporation - PresentationFontCache.exe.) - LEGACY_FONTCACHE3.0.0.0 O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\FS_REC.sys - Fs_Rec (Fs_Rec) .(...) - LEGACY_FS_REC O64 - Services: CurCS - C:\WINDOWS\gdrv.sys - gdrv (gdrv) .(.Windows ® 2000 DDK provider - GIGABYTE Tools.) - LEGACY_GDRV O64 - Services: CurCS - C:\Windows\System32\DRIVERS\msgpc.sys - Classificateur de paquets générique (Gpc) .(.Microsoft Corporation - MS General Packet Classifier.) - LEGACY_GPC O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Aide et support (helpsvc) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_HELPSVC O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - HID Input Service (HidServ) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_HIDSERV O64 - Services: CurCS - C:\Windows\System32\Drivers\HTTP.sys - HTTP (HTTP) .(.Microsoft Corporation - HTTP Protocol Stack.) - LEGACY_HTTP O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - HTTP SSL (HTTPFilter) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_HTTPFILTER O64 - Services: CurCS - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe - Windows CardSpace (idsvc) .(.Microsoft Corporation - Windows CardSpace.) - LEGACY_IDSVC O64 - Services: CurCS - C:\WINDOWS\system32\imapi.exe - Service COM de gravage de CD IMAPI (ImapiService) .(.Microsoft Corporation - API Image Mastering.) - LEGACY_IMAPISERVICE O64 - Services: CurCS - C:\Windows\System32\DRIVERS\ipnat.sys - Traducteur d'adresses réseau IP (IpNat) .(.Microsoft Corporation - IP Network Address Translator.) - LEGACY_IPNAT O64 - Services: CurCS - C:\Windows\System32\DRIVERS\ipsec.sys - Pilote IPSEC (IPSec) .(.Microsoft Corporation - IPSec Driver.) - LEGACY_IPSEC O64 - Services: CurCS - C:\Program Files\Java\jre6\bin\jqs.exe - Java Quick Starter (JavaQuickStarterService) .(.Sun Microsystems, Inc. - Java Quick Starter Service.) - LEGACY_JAVAQUICKSTARTERSERVICE O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\KSECDD.sys - ksecdd (ksecdd) .(...) - LEGACY_KSECDD O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Serveur (lanmanserver) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_LANMANSERVER O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Station de travail (LanmanWorkstation) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_LANMANWORKSTATION O64 - Services: CurCS - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe - LightScribeService Direct Disc Labeling Service (LightScribeService) .(.Hewlett-Packard Company - Pas de description.) - LEGACY_LIGHTSCRIBESERVICE O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Assistance TCP/IP NetBIOS (LmHosts) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_LMHOSTS O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Affichage des messages (Messenger) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_MESSENGER O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\MNMDD.sys - mnmdd (mnmdd) .(...) - LEGACY_MNMDD O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\MOUNTMGR.sys - (.not file.) - mountmgr (mountmgr) .(...) - LEGACY_MOUNTMGR O64 - Services: CurCS - C:\Windows\System32\DRIVERS\mrxdav.sys - Redirecteur client WebDav (MRxDAV) .(.Microsoft Corporation - Windows NT WebDav Minirdr.) - LEGACY_MRXDAV O64 - Services: CurCS - C:\Windows\System32\DRIVERS\mrxsmb.sys - MRXSMB (MRxSmb) .(.Microsoft Corporation - Windows NT SMB Minirdr.) - LEGACY_MRXSMB O64 - Services: CurCS - C:\WINDOWS\system32\msdtc.exe - Distributed Transaction Coordinator (MSDTC) .(.Microsoft Corporation - MS DTC console program.) - LEGACY_MSDTC O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\MSFS.sys - Msfs (Msfs) .(...) - LEGACY_MSFS O64 - Services: CurCS - C:\WINDOWS\system32\msiexec.exe - Windows Installer (MSIServer) .(.Microsoft Corporation - Windows® installer.) - LEGACY_MSISERVER O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\MUP.sys - (.not file.) - Mup (Mup) .(...) - LEGACY_MUP O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\NDIS.sys - (.not file.) - Pilote système NDIS (NDIS) .(...) - LEGACY_NDIS O64 - Services: CurCS - C:\Windows\System32\DRIVERS\ndistapi.sys - Pilote TAPI NDIS d'accès distant (NdisTapi) .(.Microsoft Corporation - NDIS 3.0 connection wrapper driver.) - LEGACY_NDISTAPI O64 - Services: CurCS - C:\Windows\System32\DRIVERS\ndisuio.sys - NDIS mode utilisateur E/S Protocole (Ndisuio) .(.Microsoft Corporation - NDIS User mode I/O Driver.) - LEGACY_NDISUIO O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\NDPROXY.sys - NDProxy (NDProxy) .(...) - LEGACY_NDPROXY O64 - Services: CurCS - C:\Windows\System32\DRIVERS\netbios.sys - Interface NetBIOS (NetBIOS) .(.Microsoft Corporation - NetBIOS interface driver.) - LEGACY_NETBIOS O64 - Services: CurCS - C:\Windows\System32\DRIVERS\netbt.sys - NetBIOS sur TCP/IP (NetBT) .(.Microsoft Corporation - MBT Transport driver.) - LEGACY_NETBT O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Connexions réseau (Netman) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_NETMAN O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - NLA (Network Location Awareness) (Nla) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_NLA O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\NPFS.sys - Npfs (Npfs) .(...) - LEGACY_NPFS O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\NTFS.sys - ntfs (ntfs) .(...) - LEGACY_NTFS O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Stockage amovible (NtmsSvc) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_NTMSSVC O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\NULL.sys - Null (Null) .(...) - LEGACY_NULL O64 - Services: CurCS - C:\WINDOWS\system32\nvsvc32.exe - NVIDIA Display Driver Service (NVSvc) .(.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 178.2.) - LEGACY_NVSVC O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\PARTMGR.sys - (.not file.) - PartMgr (PartMgr) .(...) - LEGACY_PARTMGR O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\PARVDM.sys - ParVdm (ParVdm) .(...) - LEGACY_PARVDM O64 - Services: CurCS - C:\WINDOWS\system32\lsass.exe - Services IPSEC (PolicyAgent) .(.Microsoft Corporation - LSA Shell (Export Version).) - LEGACY_POLICYAGENT O64 - Services: CurCS - C:\WINDOWS\system32\lsass.exe - Emplacement protégé (ProtectedStorage) .(.Microsoft Corporation - LSA Shell (Export Version).) - LEGACY_PROTECTEDSTORAGE O64 - Services: CurCS - C:\Windows\System32\DRIVERS\rasacd.sys - Pilote de connexion automatique d'accès distant (RasAcd) .(.Microsoft Corporation - RAS Automatic Connection Driver.) - LEGACY_RASACD O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Gestionnaire de connexions d'accès distant (RasMan) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_RASMAN O64 - Services: CurCS - C:\Windows\System32\DRIVERS\rdbss.sys - Rdbss (Rdbss) .(.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - LEGACY_RDBSS O64 - Services: CurCS - C:\Windows\System32\DRIVERS\RDPCDD.sys - RDPCDD (RDPCDD) .(.Microsoft Corporation - RDP Miniport.) - LEGACY_RDPCDD O64 - Services: CurCS - (.not file.) - RDPNP (RDPNP) .(...) - LEGACY_RDPNP O64 - Services: CurCS - C:\WINDOWS\system32\sessmgr.exe - Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bu.) - LEGACY_RDSESSMGR O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Routage et accès distant (RemoteAccess) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_REMOTEACCESS O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Accès à distance au Registre (RemoteRegistry) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_REMOTEREGISTRY O64 - Services: CurCS - C:\WINDOWS\system32\drivers\RKHit.sys (.not file.) - RkHit (RkHit) .(...) - LEGACY_RKHIT O64 - Services: CurCS - C:\WINDOWS\system32\locator.exe - Localisateur d'appels de procédure distante (RPC) (RpcLocator) .(.Microsoft Corporation - Rpc Locator.) - LEGACY_RPCLOCATOR O64 - Services: CurCS - (.not file.) - (.not file.) - Appel de procédure distante (RPC) (RpcSs) .(...) - LEGACY_RPCSS O64 - Services: CurCS - C:\WINDOWS\system32\rsvp.exe - QoS RSVP (RSVP) .(.Microsoft Corporation - Microsoft RSVP.) - LEGACY_RSVP O64 - Services: CurCS - C:\WINDOWS\system32\lsass.exe - Gestionnaire de comptes de sécurité (SamSs) .(.Microsoft Corporation - LSA Shell (Export Version).) - LEGACY_SAMSS O64 - Services: CurCS - C:\Windows\System32\drivers\SbFw.sys - SbFw (SbFw) .(.Sunbelt Software, Inc. - Sunbelt Personal Firewall driver.) - LEGACY_SBFW O64 - Services: CurCS - C:\WINDOWS\system32\drivers\sbhips.sys - Sunbelt HIPS Driver (sbhips) .(.Sunbelt Software, Inc. - Sunbelt Personal Firewall Host Intrusion Pr.) - LEGACY_SBHIPS O64 - Services: CurCS - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe - SbPF.Launcher (SbPF.Launcher) .(.Sunbelt Software, Inc. - Sunbelt Personal Firewall SbPFLnch.) - LEGACY_SBPF.LAUNCHER O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Planificateur de tâches (Schedule) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SCHEDULE O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Connexion secondaire (seclogon) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SECLOGON O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Notification d'événement système (SENS) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SENS O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Pare-feu Windows / Partage de connexion Internet (SharedAccess) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SHAREDACCESS O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Détection matériel noyau (ShellHWDetection) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SHELLHWDETECTION O64 - Services: CurCS - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe - Sunbelt Personal Firewall 4 (SPF4) .(.Sunbelt Software, Inc. - Sunbelt Firewall Service.) - LEGACY_SPF4 O64 - Services: CurCS - C:\WINDOWS\system32\spoolsv.exe - Spouleur d'impression (Spooler) .(.Microsoft Corporation - Spooler SubSystem App.) - LEGACY_SPOOLER O64 - Services: CurCS - C:\Windows\System32\DRIVERS\sr.sys - Pilote de filtre de restauration système (sr) .(.Microsoft Corporation - Pilote de filtre de système de fichiers pou.) - LEGACY_SR O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Service de restauration système (srservice) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SRSERVICE O64 - Services: CurCS - C:\Windows\System32\DRIVERS\srv.sys - Srv (Srv) .(.Microsoft Corporation - Server driver.) - LEGACY_SRV O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Service de découvertes SSDP (SSDPSRV) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SSDPSRV O64 - Services: CurCS - C:\Windows\System32\DRIVERS\ssmdrv.sys - ssmdrv (ssmdrv) .(.Avira GmbH - AVIRA SnapShot Driver.) - LEGACY_SSMDRV O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Acquisition d'image Windows (WIA) (stisvc) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_STISVC O64 - Services: CurCS - (.not file.) - (.not file.) - MS Software Shadow Copy Provider (SwPrv) .(...) - LEGACY_SWPRV O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Téléphonie (TapiSrv) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_TAPISRV O64 - Services: CurCS - C:\Windows\System32\DRIVERS\tcpip.sys - Pilote du protocole TCP/IP (Tcpip) .(.Microsoft Corporation - TCP/IP Protocol Driver.) - LEGACY_TCPIP O64 - Services: CurCS - (.not file.) - (.not file.) - Services Terminal Server (TermService) .(...) - LEGACY_TERMSERVICE O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Thèmes (Themes) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_THEMES O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Client de suivi de lien distribué (TrkWks) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_TRKWKS O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\UDFS.sys - Udfs (Udfs) .(...) - LEGACY_UDFS O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Hôte de périphérique universel Plug-and-Play (upnphost) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_UPNPHOST O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\VGA.sys - vga (vga) .(...) - LEGACY_VGA O64 - Services: CurCS - C:\WINDOWS\system32\drivers\vga.sys - VgaSave (VgaSave) .(.Microsoft Corporation - VGA/Super VGA Video Driver.) - LEGACY_VGASAVE O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\VOLSNAP.sys - VolSnap (VolSnap) .(...) - LEGACY_VOLSNAP O64 - Services: CurCS - C:\WINDOWS\System32\vssvc.exe - Cliché instantané de volume (VSS) .(.Microsoft Corporation - Service de cliché instantané de volumes Mic.) - LEGACY_VSS O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Horloge Windows (W32Time) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_W32TIME O64 - Services: CurCS - C:\Windows\System32\DRIVERS\wanarp.sys - Pilote ARP IP d'accès distant (Wanarp) .(.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - LEGACY_WANARP O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - WebClient (WebClient) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WEBCLIENT O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Infrastructure de gestion Windows (winmgmt) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WINMGMT O64 - Services: CurCS - C:\WINDOWS\system32\wbem\wmiapsrv.exe - Carte de performance WMI (WmiApSrv) .(.Microsoft Corporation - Service de la carte de performance WMI.) - LEGACY_WMIAPSRV O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Centre de sécurité (wscsvc) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WSCSVC O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Mises à jour automatiques (wuauserv) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WUAUSERV O64 - Services: CurCS - C:\Windows\System32\DRIVERS\WudfPf.sys - Windows Driver Foundation - User-mode Driver Framework Platform Driver (WudfPf) .(.Microsoft Corporation - Windows Driver Foundation - User-mode Drive.) - LEGACY_WUDFPF O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Windows Driver Foundation - User-mode Driver Framework (WudfSvc) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WUDFSVC O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Configuration automatique sans fil (WZCSVC) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WZCSVC ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: <chrome.exe> <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O68 - StartMenuInternet: <SEAMON~1.EXE> <>[HKLM\..\Shell\open\Command] (.Pas de propriétaire - Pas de description.) -- C:\PROGRA~1\MOZILLA.ORG\SEAMON~1\SEAMON~1.exe (.not file.) ---\\ Search Browser Infection (O69) O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - Google O69 - SBI: SearchScopes [HKCU] {A540D69B-1CD5-44FA-9B2A-DFEA5EBD97F1} - (uStart) - http://www.ustart.orgNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A11 ---\\ Scan Additionnel (O88) Database Version : 2539 - (26/03/2011) [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\everest poker] =>Adware.Casino C:\Program Files\Everest Poker =>Adware.Casino ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 03/10/2008 611664 | (aawservice) . (.Lavasoft.) - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe SR - | Auto 18/10/2005 376917 | (ACS) . (.Atheros.) - C:\WINDOWS\system32\acs.exe SR - | Auto 17/08/2010 135336 | (AntiVirSchedulerService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe SR - | Auto 13/12/2010 267944 | (AntiVirService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe SR - | Auto 05/06/2009 144712 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe SR - | Auto 12/12/2008 238888 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SS - | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\System32\dmadmin.exe SR - | Demand 05/09/2008 23152 | (EverestDriver) . (...) - C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt SR - | Auto 17/03/2011 153376 | (JavaQuickStarterService) . (.Sun Microsystems, Inc..) - C:\Program Files\Java\jre6\bin\jqs.exe SR - | Auto 24/09/2006 61440 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe SR - | Auto 07/10/2008 163908 | (NVSvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvsvc32.exe SR - | Auto 30/07/2008 95528 | SbPF.Launcher (SbPF.Launcher) . (.Sunbelt Software, Inc..) - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe SR - | Auto 30/07/2008 1361192 | (SPF4) . (.Sunbelt Software, Inc..) - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe ---\\ Recherche Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.1 by Gmer, GMER - Rootkit Detector and Remover Run by Bluffeur at 28/03/2011 12:56:43 device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8ACCEAB8] 3 CLASSPNP[0xBA118FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000006e[0x8ACA6A98] 5 ACPI[0xB9F7E620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Ide\IdeDeviceP0T1L0-3[0x8AC4E700] kernel: MBR read successfully user & kernel MBR OK ---\\ Recherche Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by Bluffeur at 28/03/2011 12:56:45 Use the desktop link 'MBRCheck' to have full report Dump file Name : C:\PhysicalDisk0_MBR.bin End of the scan (1166 lines in 00mn 42s)(0)
- le 28 mars 2011
- 9 réponses
Infection html/drop.agent.ab

Bluffeur a posté un sujet dans Analyses et éradication malwares

Bonjour, je suis infecter par html/drop.agent.ab, mais mon antivirus Antivir le supprime mais le virus ce multiplie Le rapport Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:21:38, on 27/03/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Gigabyte\Gigabyte Super Wireless LAN Card\Installer\Winxp\GNConfig.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Administrateur\Mes documents\Temporaire\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Mozilla Firefox\plugin-container.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://vshare.toolbarhome.com/?hp=df R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = uStart.org - YOU Start! R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\Program Files\ektoukqs\mnlbfkag.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [GNConfig] "C:\Program Files\Gigabyte\Gigabyte Super Wireless LAN Card\Installer\Winxp\GNConfig.exe" -nogui O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [EVEREST AutoStart] C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Microsoft Firewall 2.9] C:\Documents and Settings\Administrateur\Application Data\WMPRWISE.EXE O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: uStart Search - res://C:\Documents and Settings\Administrateur\Local Settings\Application Data\addtoustart\addtoustart.dll/202 O9 - Extra button: PartyPoker.fr - {725EC34E-943C-4df6-B0B2-FBDE7F242276} - C:\Documents and Settings\Administrateur\Bureau\PartyPoker.fr.lnk O9 - Extra 'Tools' menuitem: PartyPoker.fr - {725EC34E-943C-4df6-B0B2-FBDE7F242276} - C:\Documents and Settings\Administrateur\Bureau\PartyPoker.fr.lnk O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1221057521125 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O20 - AppInit_DLLs: O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe -- End of file - 10029 bytes Dans l'espoir que vous puissiez m'aider merci
- le 27 mars 2011
- 9 réponses

Connexion

Bluffeur

Compteur de contenus

Inscription

Dernière visite

Bluffeur's Achievements

Junior Member (3/12)

Réputation sur la communauté

Infection html/drop.agent.ab

Infection html/drop.agent.ab

Infection html/drop.agent.ab

Infection html/drop.agent.ab

Infection html/drop.agent.ab

Zebulon

Outils en ligne

Naviguer